1 2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
3 * plugins/sudoers/Makefile.in:
4 check_addr needs to link with the network libraries on Solaris
7 * plugins/sudoers/match.c:
8 When matching a RunasAlias for a runas group, pass the alias in as
9 the group_list, not the user_list. From Daniel Kopecek.
12 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
13 We need to init the auth system regardless of whether we need a
14 password since we will be closing the PAM session in the monitor
15 process. Fixes a crash in the monitor on Solaris; bugzilla #518
18 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
21 Added tag SUDO_1_8_3 for changeset 82bec4d3a203
24 * Update Japanese sudoers translation from translationproject.org
25 [82bec4d3a203] [SUDO_1_8_3] <1.8>
27 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
29 * configure, configure.in:
30 Override and ignore the --disable-static option. Sudo already runs
31 libtool with -tag=disable-static where applicable and we need non-
32 PIC objects to build the executables.
35 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
41 * plugins/sudoers/po/sudoers.pot:
45 * Ignore set_logname (which is now the default) for sudoedit since we
46 want the LOGNAME, USER and USERNAME environment variables to refer
47 to the calling user since that is who the editor runs as. This
48 allows the editor to find the user's startup files. Fixes bugzilla
52 * Instead of trying to grow the buffer in make_grlist_item(), simply
53 increase the total length, free the old buffer and allocate a new
54 one. This is less error prone and saves us from having to adjust
55 all the pointers in the buffer. This code path is only taken when
56 there are groups longer than the length of the user field in struct
57 utmp or utmpx, which should be quite rare.
60 * Add Italian translation for sudo from translationproject.org
64 Japanese translation for sudo and sudoers from
65 translationproject.org
68 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
70 * sudoreplay depends on timestr.lo too; from Mike Frysinger
73 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
75 * plugins/sudoers/po/sudoers.pot:
76 Regen sudoers pot file.
80 Update with latest sudo 1.8.3 news
83 * ldap_start_tls_s() on Debian (at least) sets the effective and saved
84 uids to the same value as the real uid. This prevents sudo from
85 setting the uid or gid later on. As a workaround, we now set perms
86 to root during sudoers_policy_open().
89 * Better warning message on setuid() failure for the setreuid()
90 version of set_perms().
93 2011-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
96 Combine new translations in NEWS item
99 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
101 * Delref auth_pw at the end of check_user() instead of getting a ref
105 * Make sudo_auth_{init,cleanup} return TRUE on success and check for
106 sudo_auth_init() return value in check_user().
109 * Do not return without restoring permissions.
112 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
117 Update for latest release candidate
120 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
124 * Modify the authentication API such that the init and cleanup
125 functions are always called, regardless of whether or not we are
126 going to verify a password. This is needed for proper PAM session
130 * Add missing dependency for getspwgen other depends.
133 * Fix a PAM_USER mismatch in session open/close. We update PAM_USER
134 to the target user immediately before setting resource limits, which
135 is after the monitor process has forked (so it has the old value).
136 Also, if the user did not authenticate, there is no pamh in the
137 monitor so we need to init pam here too. This means we end up
138 calling pam_start() twice, which should be fixed, but at least the
139 session is always properly closed now.
142 * Add check for old being NULL in utmp_setid(); from Steven McDonald
145 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
147 * If the invoking user cannot be resolved by uid fake the struct
148 passwd and store it in the cache so we can delref it on exit.
151 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
153 * Don't error out if the group plugin cannot be loaded, just warn.
156 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
158 * Quiet a false positive found by several static analysis tools. These
159 tools don't know that log_error() does not return (it longjmps to
160 error_jmp which returns to the sudo front-end).
163 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
165 * Add Italian translation for sudo from translationproject.org Regen
170 Added tag SUDO_1_8_2 for changeset 3682e51af1d0
173 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
175 * Update to current reality and add bit about ssh auth
178 * Make "verbose" static; fixes a namespace clash with
179 pam_ssh_agent_auth (and it doesn't need to be extern these days).
182 * configure, configure.in:
183 FreeBSD has libutil.h not util.h
186 * configure, configure.in:
187 Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
190 * Update po files from translationproject.org
193 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
196 Mention DEREF support
199 * plugins/sudoers/po/sudoers.pot:
203 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
204 Add support for DEREF in ldap.conf.
208 install target should depend on ChangeLog too, not just install-doc
211 * NEWS, configure.in, doc/sudoers.cat, doc/sudoers.man.in:
212 Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
215 * configure.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
219 * configure, configure.in:
220 Fix some square brackets in case statements that needed to be
221 doubled up. While here, use $OSMAJOR when it makes sense.
224 * Fix a crash in make_grlist_item() on 64-bit machines with strict
228 * Remove list_options() function that is no longer used now that "sudo
232 * configure, configure.in:
233 Error message if user tries --with-CC
236 * configure, configure.in:
237 Check for -libmldap too when looking for ldap libs, which is the
238 Tivoli Directory Server client library.
241 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
242 regen pot files for 1.8.3
245 * NEWS, configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
246 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
247 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
248 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
250 Update for version 1.8.3
253 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
255 * Honor NOPASSWD tag for denied commands too.
258 * INSTALL, configure, configure.in:
259 Remove --with-CC option; it doesn't work correctly now that we use
260 libtool. Users can get the same effect by setting the CC
261 environment variable when running configure.
264 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
266 * configure, configure.in:
267 Assume all modern systems support fstat(2).
270 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
272 * configure, configure.in:
273 Add configure test for missing errno declaration and only declare it
274 ourselves if it is missing.
277 * Include errno.h before sudo.h to avoid conflicting with the system
281 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
283 * Only print individual check status when there is a failure.
286 * Add calls to setprogname() for test programs.
289 * configure, configure.in:
290 Add -Wall and -Werror after all tests so they don't cause failures.
293 * Actually run check_addr in the check target
296 * Split out address matching into its own file and add regression
300 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
302 * Fix matching a network number with netmask when the network number
303 is not the first address in the CIDR block.
306 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
308 * Don't assume all editors support the +linenumber command line
309 argument, use a whitelist of known good editors.
312 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
314 * Silence compiler warnings on Solaris with gcc 3.4.3
317 * Fix building on RHEL 3
320 * INSTALL, configure, configure.in:
321 Add --enable-werror configure option.
324 * setgroups() proto lives in grp.h on RHEL4, perhaps others.
327 * configure, configure.in:
328 Use PAM by default on AIX 6 and higher.
331 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
333 * Add new Esperanto translation from translationproject.org
336 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
338 * Quiet an innocuous valgrind warning.
341 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
343 * Fix expansion of strftime() escapes in log_dir and add a regress
344 test that exhibited the problem.
347 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
348 Fix "make check" return value.
351 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
353 * plugins/sudoers/po/sudoers.pot:
355 [3682e51af1d0] [SUDO_1_8_2] <1.8>
358 Fix logic inversion in pot file up to date check.
361 * doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat,
362 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
363 doc/visudo.cat, doc/visudo.man.in:
367 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
369 * configure, configure.in:
370 Add caching for gettext() checks.
373 * configure, configure.in:
374 Better handling of libintl header and library mismatch.
377 2011-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
383 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
385 * Also check sudoers gid if sudoers is group writable.
389 Update for 1.8.2 final
392 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
394 * configure, configure.in:
395 If dlopen is present but libtool doesn't find it, error out since it
396 probably means that libtool doesn't support the system.
399 * configure args on the command line should override builtin defaults.
400 Disable NLS for non-Linux/Solaris unless explicitly enabled.
403 * Fix loop that calls authenticate(). If there was an error message
404 from authenticate(), display it.
407 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
409 * configure, configure.in:
410 Update to autoconf 2.68 and libtool 2.4
413 * Fix typo; OPT should be OTP
416 * Rename libsudoers convenience library to libparsesudoers to avoid
420 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
422 * Add Danish sudoers translation from translationproject.org
425 * Add dedicated callback function for runas_default sudoers setting
426 that only sets runas_pw if no runas user or group was specified by
430 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
432 * Update Finish, Polish, Russian and Ukrainian translations from
433 translationproject.org.
437 Go back to using a callback for runas_default to keep runas_pw in
438 sync. This is needed to make per-entry runas_default settings work
439 with LDAP-based sudoers. Instead of declaring it a callback in
440 def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
441 bit naughty, but avoids requiring stub functions in visudo and the
445 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
447 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
452 Add check for out of date message catalogs when doing "make dist".
455 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
457 * configure, configure.in:
458 Make sure compiler supports static-libgcc before using it.
461 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
463 * Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
466 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
468 * Add new Russian sudo translation from translationproject.org and
469 rebuild the other translation files.
472 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
474 * Update Finish and Polish translations from translationproject.org
477 * Go back to escaping the command args for "sudo -i" and "sudo -s"
478 before calling the plugin. Otherwise, spaces in the command args
479 are not treated properly. The sudoers plugin will unescape non-
480 spaces to make matching easier.
483 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
485 * Fix some potential problems found by the clang static analyzer, none
489 * Updated Ukranian and Chinese (simplified) po files from
490 translationproject.org
493 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
495 * Updated Polish translation from translationproject.org
498 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
502 * Don't try to audit failure if the runas user does not exist. We
503 don't have the user's command at this point so there is nothing to
504 audit. Add a NULL check in audit_success() and audit_failure() just
505 to be on the safe side.
508 * Add -g to CFLAG for PIE builds.
511 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
513 * Remove fallback to per-group lookup when matching groups in sudoers.
514 The sudo front-end will now use getgrouplist() to get the user's
515 list of groups if getgroups() fails or returns zero groups so we
516 always have a list of the user's groups. For systems with
517 mbr_check_membership() which support more that NGROUPS_MAX groups
518 (Mac OS X), skip the call to getgroups() and use getgrouplist() so
519 we get all the groups.
522 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
524 * Fix setgroups() fallback code on EINVAL.
527 * Fix two PERM_INITIAL cases that were still using user_gids.
530 * Add Polish sudo message catalog
533 * user_group is no longer used, remove it
536 2011-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
538 * Add Polish translation from translationproject.org
541 * Add a wrapper for setgroups() that trims off extra groups and
542 retries if setgroups() fails. Also add some missing addrefs for
543 PERM_USER and PERM_FULL_USER.
546 * configure, configure.in:
547 Instead of keeping separate groups and gids arrays, create struct
548 group_info and use it to store both, along with a count for each.
549 Cache group info on a per-user basis using getgrouplist() to get the
550 groups. We no longer need special to special case the user or list
551 user for user_in_group() and thus no longer need to reset the groups
552 list when listing another user.
555 * Don't rely on NULL since we don't include a header for it.
561 * Do not shadow global sudo_mode with a local variable in set_cmnd()
564 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
566 * bash 2.x doesd not support the -l flag and exits with an error if it
567 is specified so use --login instead. This causes an error with bash
568 1.x (which uses -login instead) but this version is hopefully less
572 * Add Polish translation from translationproject.org
575 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
577 * Make error strings translatable.
580 * Only run configure with --with-pam-login for RHEL 5 and above.
583 * Fix typo in summary
586 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
588 * Add missing logwrap.c
591 * Split out log file word wrap code into its own file and add unit
592 tests. Fixes an off-by one in the word wrap when the log line
593 length matches loglinelen.
596 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
598 * For SuSE, only use /usr/lib64 as libexec if generating 64-bit
602 * Fix build error when --without-noexec configure option is used.
605 * configure, configure.in:
606 Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
610 2011-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
613 Document group lookup change and possible side effects.
616 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
618 * Resolve the list of gids passed in from the sudo frontend (the
619 result of getgroups()) to names and store both the group names and
620 ids in the sudo_user struct. When matching groups in the sudoers
621 file, match based on the names in the groups list first and only do
622 a gid-based match when we absolutely have to. By matching on the
623 group name (as it is listed in sudoers) instead of id (which we
624 would have to resolve) we save a lot of group lookups for sudoers
625 files with a lot of groups in them.
628 2011-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
634 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
636 * Workaround for "sudo -i command" and newer versions of bash which
637 don't go into login mode when -c is specified unless -l is too.
640 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
642 * Rewrite logfile word wrapping code to be more straight-forward and
643 actually wrap at the correct place.
646 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
653 Mention use_pty bug fix
656 * Set use_pty=true in command details when use_pty is set in sudoers.
660 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
662 * Sync Chinese (simplified) PO files from translationproject.org
665 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
667 * Add Danish translation from translationproject.org and add missing
671 * Makefile.in, configure, configure.in:
672 No longer need to specify LINGUAS in configure, "make install-nls"
673 now just installs all the .mo files it finds.
676 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
678 * Build CONTRIBUTORS from newly-added contributors.pod
681 * Rework the wording in the leading paragraph
684 2011-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
686 * Add a CONTRIBUTORS file with the names of folks who have contributed
687 code or patches to sudo since I started maintaining it (plus the
691 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
693 * Preserve SHELL variable for "sudo -s". Otherwise we can end up with
694 a situation where the SHELL variable and the actual shell being run
698 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
700 * configure, configure.in:
701 Only enable Solaris project support when setproject() is present in
705 * Explicitly set mode and owner of /etc/sudoers instead of relying on
706 "cp -p" to work in the postinstall script. On AIX 6.1 at least the
707 postinstall script runs before the final file permissions are set.
710 * Refer the user to the "Command Environment" section in description
717 * If there is no old dependency for an object file, use the MANIFEST
721 * Remove dependency for getgrouplist.lo as we don't ship that source
725 * Do not declare yyparse() static as the actual function generated by
730 Remove locale files in "make uninstall"
733 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
736 Add Basque translation and sync Finish and Ukranian translations.
740 Update PAM change to reflect latest checkin.
743 * configure, configure.in:
744 FreeBSD no longer needs the main sudo binary to link with -lpam now
745 that plug-ins are loaded with RTLD_GLOBAL.
748 * Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
749 problems with pam modules not having access to symbols provided by
750 libpam on some platforms. Affects FreeBSD and SLES 10 at least.
754 Move xgettext invocation out of update-po target into update-pot
757 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
759 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
760 Regenerate .pot files for 1.8.2rc2
764 Move nls targets to the top level Makefile so the paths in the pot
772 * Add compiled version of sudo Finish translation
775 * Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
779 * configure, configure.in:
780 Add Finish translation from translationproject.org
783 * The group named by exempt_group should not have a % prefix.
786 * Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
789 * Fix compressed io log corruption in background mode by using _exit()
790 instead of exit() to avoid flushing buffers twice.
792 Improved background mode support. When not allocating a pty, the
793 command is run in its own process group. This prevents write access
794 to the tty. When running in a pty, stdin is not hooked up and we
795 never read from /dev/tty, which results in similar behavior.
798 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
800 * Clean up regress files Generate proper dependencies for regress objs
804 * Add missing dependency for check_fill.o.
807 2011-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
809 * INSTALL, configure, configure.in:
810 Add support for --enable-nls[=location]
813 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
818 * Quiet gcc warnings.
821 * configure, configure.in:
822 Don't install .mo files if gettext was not found.
825 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
827 * Always allocate a pty when running a command in the background but
828 call setsid() after forking to make sure we don't end up with a
832 * Add missing space between command name and the first command line
836 * Quiet a compiler warning on some platforms.
839 * README file that directs people to translationproject.org
842 * Sync translations with TP
846 Add 'sync-po' target to top-level Makefile to rsync the po files
847 from translationproject.org.
850 * install nls files from install target
854 Include .mo files in sudo binary packags.
857 * configure, configure.in:
858 Add simplified chinese translation
861 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
863 * configure, configure.in:
864 Add ukranian translation
867 * refer to siglist.c, not ./siglist.c since not all makes will treat
868 foo and ./foo the same.
871 * Set def_preserve_groups before searching for the command when the -P
876 Add dependency for siglist.lo in compat. This is a generated file
877 so "make depend" needs to depend on it.
880 * More dependency fixes.
883 * Fix a few dependencies.
886 * Place compiled mo files in the src dir, not the build dir. When
887 installing compiled mo files, display a status message.
890 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
892 * Tivoli Directory Server requires that seconds be present in a
893 timestamp, even though RFC 4517 states that they are optional.
896 * Add missing bit of copyright
899 * Mention cycle detection warnings
902 * When checking aliases, also check the contents of the alias in case
903 there are problems with an alias that is referenced inside another.
904 Replace the self reference check with real alias cycle detection.
907 * Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
908 ENOENT in alias_find() and alias_remove() if the entry could not be
912 * Increment alias_seqno before calls to alias_remove_recursive() to
913 avoid false positives with the alias loop detection. Fixes spurious
914 warnings about unused aliases when they are nested.
920 * Add dependency on convenience libs to binaries
924 mkdep.pl only works when run from the src dir
928 Auto-generate Makefile dependencies with a perl script.
931 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
933 * If the user specifies a runas group via sudo's -g option that
934 matches the runas user's group in the passwd database and that group
935 is not denied in the Runas_Spec, allow it. Thus, if user root's gid
936 in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
937 no groups are present in the Runas_Spec.
940 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
943 Mention what is new in 1.8.2 (for now)
946 * Add dependencies on gettext.h
949 * Fix install-nls target with HP-UX sh when gettext is not present.
952 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
953 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
954 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
955 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
959 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
961 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
962 regenerate .pot files for lbuf changes
965 * configure, configure.in:
966 Add missing "checking" message for gettext when using the cache.
969 * Add primitive format string support to the lbuf code to make
970 translations simpler.
973 * configure, configure.in, plugins/sudoers/po/sudoers.pot,
975 Bump version to 1.8.2
978 * Add message catalog template files for sudo and the sudoers module.
982 Add gettext.h convenience header. This is similar to but distinct
983 from the one included with the gettext package.
986 * configure, configure.in:
987 Add checks for nroff -c and -Tascii flags
990 * configure, configure.in:
991 Add check for HP bundled C Compiler (which cannot create shared
995 * Fix C format warnings.
1001 * Translate help / usage strings.
1002 [16c5b7902d4c] <1.8>
1004 * Set --msgid-bugs-address to the bugzilla url
1005 [3e3cfa7b4ceb] <1.8>
1007 * INSTALL, Makefile.in, README, configure, configure.in:
1008 Add scaffolding to update .po files and install .mo files.
1009 [a51e60b35e47] <1.8>
1011 * Minor warning/error cleanup
1012 [593144ac87ff] <1.8>
1015 Emulate ngettext for the non-nls case
1016 [7cdf82de4dee] <1.8>
1018 * Do not mark untranslatable strings for translation
1019 [088271ed02d0] <1.8>
1021 * Use ROOT_UID not 0.
1022 [f901fa2fdaf2] <1.8>
1024 * Minor warning/error message cleanup
1025 [b99c7ef46236] <1.8>
1027 * cannot -> "unable to" in warning/error messages can't -> "unable to"
1028 in warning/error messages
1029 [5119140fabc7] <1.8>
1031 * configure, configure.in:
1032 FreeBSD needs the main sudo executable to link with -lpam when
1033 loading dynaic pam modules for some reason.
1034 [738b6778a505] <1.8>
1036 * We don't want to translate debugging messages.
1037 [357a575c2dfd] <1.8>
1039 * configure, configure.in:
1040 Add calls to bindtextdomain() and textdomain() Currently there are
1041 two domains, one for the sudo front-end and one for the sudoers
1042 plugin and its associated utilities.
1043 [907f39439d80] <1.8>
1045 * configure, configure.in:
1046 Fix caching of libc gettext check.
1047 [e229c21f412f] <1.8>
1049 * Mark defaults descriptions for translation
1050 [65e03d1f8203] <1.8>
1053 Update for sudo 1.8.1p2
1054 [89c31f2aa11e] <1.8>
1056 * Quiet compiler warning when SELinux is enabled.
1057 [51b1d7c8aa86] <1.8>
1059 * dd missing includes of libintl.h.
1060 [25662143d36d] <1.8>
1062 * Fix gettext marker.
1063 [7618856ba5de] <1.8>
1065 * Include libint.h where needed.
1066 [cc256b297b9d] <1.8>
1068 * Prepare sudoers module messages for translation.
1069 [1b7f0bbaa55f] <1.8>
1071 * Only check gid of sudoers file if it is group-readable.
1072 [f3cae943f35a] <1.8>
1074 * For AIX, keep calling authenticate() until reenter reaches 0.
1075 [e412676bac73] <1.8>
1077 * configure, configure.in:
1078 Cache the status of the initial gettext() check.
1079 [c32281768c0f] <1.8>
1081 * INSTALL, configure, configure.in:
1082 Add --disable-nls flag and improve checks for gettext.
1083 [b39674c1e538] <1.8>
1085 * configure, configure.in:
1086 When building with gcc on HP-UX, use -march=1.1 to produce portable
1087 binaries on a pa-risc2 host. Previously, the +Dportable option was
1088 used for the HP-UX C compiler but gcc always produced native
1090 [41351c23ad41] <1.8>
1092 * Prepare sudo front end messages for translation.
1093 [7807d6f74dac] <1.8>
1095 * configure, configure.in:
1096 Add initial scaffolding to support localization via gettext()
1097 [cdbbff7e6376] <1.8>
1099 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
1102 update copyright year
1103 [d681661f03cc] <1.8>
1106 No need to include version number at the top of these files.
1107 [7e11f673f773] <1.8>
1110 This is sudo 1.8.1 not 1.8.0
1111 [4d674f230d8a] <1.8>
1113 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
1115 * Don't let the fnmatch/glob macros expand the function prototype.
1116 [d449e9a8f447] <1.8>
1118 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
1120 * Resolve namespace collisions on HP-UX ia64 and possibly others by
1121 adding a rpl_ prefix to our fnmatch and glob replacements and
1122 #defining rpl_foo to foo in the header files.
1123 [d23889375b21] <1.8>
1125 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
1127 * Split ALL, ROLE and TYPE into their own actions. Since you can only
1128 have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
1129 the non-SELinux case. This is safe because the actions are in one
1130 big switch() statement.
1131 [0bd9b7e37ab1] <1.8>
1133 * Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
1134 [8dec97b359e0] <1.8>
1136 * askpass moved from sudoers to sudo.conf in sudo 1.8.0
1137 [1001d87d82ed] <1.8>
1139 * Remove obsolete warning about runas_default and ordering. Move
1140 syslog facility and priority lists into the section where the
1141 relevant options are described.
1142 [1286b9624021] <1.8>
1144 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
1146 * Fix SIA support; we no longer have access to the real argc and argv
1147 so allocate space for a fake one and use the argv passed to the
1148 plugin with "sudo" for argv[0].
1149 [7c11eeffb91c] <1.8>
1151 * Remove useless realloc when trying to get the buffer size right.
1152 [58128e7f4e28] <1.8>
1154 * Be explicit when setting euid to 0 before call to setreuid(0, 0)
1155 [95769a564ab8] <1.8>
1157 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
1160 sudo 1.8.1p1 updates
1161 [de3d688b5bb1] <1.8>
1163 * configure, configure.in:
1164 Need to do checks for krb5_verify_user, krb5_init_secure_context and
1165 krb5_get_init_creds_opt_alloc regardless of whether or
1166 notkrb5-config is present.
1167 [456c4a9cd5d6] <1.8>
1169 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
1171 * Work around weird AIX saved uid semantics on setuid() and
1172 setreuid(). On AIX, setuid() will only set the saved uid if the euid
1174 [5d0a69e9d181] <1.8>
1176 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
1178 * update copyright year
1179 [fa8da6d55783] <1.8>
1181 * Treat a missing includedir like an empty one and do not return an
1183 [5fd9fe004728] <1.8>
1185 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
1187 * Fix ARCH setting in cross-compile Solaris packages.
1188 [8ce40940f6c9] <1.8>
1190 * Fix aix version setting.
1191 [02a9e25d46ba] <1.8>
1193 * Remove extraneous parens in LDAP filter when sudoers_search_filter
1194 is enabled that causes a search error. From Matthew Thomas.
1195 [b67be9b51ec6] <1.8>
1197 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
1199 * Correct sizeof() to fix test failure.
1200 [a11b89fd13f9] <1.8>
1202 * "install" target should depend on "install-dirs". Fixes "make -j"
1203 problem and closes bz #487. From Chris Coleman.
1204 [06ab0558f848] <1.8>
1206 2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
1209 Added tag SUDO_1_8_1 for changeset 0ed6281995f0
1210 [543d41a163e9] <1.8>
1212 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
1213 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
1214 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
1215 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
1216 Regen man pages for 1.8.1
1217 [0ed6281995f0] [SUDO_1_8_1] <1.8>
1219 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
1221 * Add HAVE_RFC1938_SKEYCHALLENGE
1222 [c0d7eb39799d] <1.8>
1224 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
1226 * Mention plugin loading and libgcc changes
1227 [b74929cba37c] <1.8>
1229 * Load plugins after parsing arguments and potentially printing the
1230 version. That way, an error loading or initializing a plugin
1231 doesn't break "sudo -h" or "sudo -V".
1232 [c1ecb5979cf0] <1.8>
1235 When using a sub-shell to invoke the sub-make, exec make instead of
1236 running it inside the shell to avoid an extra process.
1237 [9439f016c993] <1.8>
1239 * Stop testing unspecified behavior in fnmatch Make glob test more
1241 [87a91d76fbff] <1.8>
1243 * No need to add current dir to include path and having it breaks the
1244 test programs that expect to get the system glob.h and fnmatch.h
1245 [3ae7f9e7b710] <1.8>
1247 * configure, configure.in:
1248 Fix and document --with-plugindir; partially from Diego Elio Petteno
1249 [0220a0c2606f] <1.8>
1251 * Fix fnmatch and glob tests to not use hard-coded flag values in the
1252 input file. Link test programs with libreplace so we get our
1253 replacement verions as needed.
1254 [66bab80241e0] <1.8>
1257 If make in a subdir fails, fail the target in the upper level
1258 Makefile too. Adapted from a patch from Diego Elio Petteno
1259 [bc35b7813507] <1.8>
1261 * configure, configure.in:
1262 Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
1263 has this. Adapted from a patch from Diego Elio Petteno
1264 [bb6228f484b9] <1.8>
1266 * Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
1268 [47e6d5fadc6d] <1.8>
1270 * configure, configure.in:
1271 Fix warnings when -without-skey, --without-opie, --without-kerb4,
1272 --without-kerb5 or --without-SecurID were specified.
1273 [1b75035dd129] <1.8>
1275 * Add plugins/sudoers/sudoers_version.h
1276 [1d470c6033ca] <1.8>
1278 * configure, configure.in:
1279 Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
1280 now include LDFLAGS in the sudoers Makefile.in. Add missing settng
1281 of @LDFLAGS@ in plugin Makefile.in files.
1282 [dd237f43aa12] <1.8>
1284 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
1286 * Mention %#gid support in User_List and Runas_List
1287 [37e259b9181b] <1.8>
1289 * Keep track of sudoers grammar version and report it in the -V
1291 [0e0b891dd8a4] <1.8>
1293 * Add multiple inclusion guard
1294 [ec6884f51ea8] <1.8>
1296 * configure, configure.in:
1297 The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
1298 LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
1299 set it to -Wc,-static-libgcc if not using GNU ld so we don't
1300 have a dependency on the shared libgcc in sudoers.so.
1301 [28d03f3eb0d2] <1.8>
1303 * Fix typo; from Petr Uzel
1304 [d19b9bd92bd3] <1.8>
1306 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
1308 * In dump-only mode, use "root" as the default username instead of
1309 "nobody" as the latter may not be available on all systems.
1310 [b304111616dd] <1.8>
1312 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
1314 * Remove NewArgv/NewArgc, they are no longer needed.
1315 [c0a36a42a68c] <1.8>
1317 * Fix setting of user_args
1318 [529e79ea95d1] <1.8>
1320 * Add '!' token to lex tracing
1321 [aef295d428e7] <1.8>
1323 * Use group bin in test, not wheel as most systems have the bin group
1324 but the same is no longer true of wheel.
1325 [350347f09c1a] <1.8>
1327 * Avoid using pre or post increment in a parameter to a ctype(3)
1328 function as it might be a macro that causes the increment to happen
1330 [8a94ebdd53b8] <1.8>
1332 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
1334 * Strip off the beta or release candidate version when building AIX
1336 [00ad950764e2] <1.8>
1338 * configure, configure.in:
1339 We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
1340 structure checks for glibc which only has __e_termination visible
1341 when _GNU_SOURCE is *not* defined.
1342 [1d58420a4a4a] <1.8>
1344 * getuserattr(user, ...) will fall back to the "default" entry
1345 automatically, there's no need to check "default" manually.
1346 [cefffa82967d] <1.8>
1348 * Document parser changes.
1349 [5038238f60eb] <1.8>
1351 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
1354 If there is an existing sudoers file, only install if it passes a
1356 [b1e4c9c56fe0] <1.8>
1358 * Add runasgroup support to testsudoers
1359 [30838590e9de] <1.8>
1361 * For "make check", keep going even if a test fails.
1362 [d3a72f67227e] <1.8>
1364 * More useful exit codes:
1365 * 0 - parsed OK and command matched.
1367 * 2 - command not matched
1368 * 3 - command denied
1369 [59301e0769cd] <1.8>
1371 * Document %#gid, and %:#nonunix_gid syntax.
1372 [39ee15af58e9] <1.8>
1374 * Add support to user_in_group() for treating group names that begin
1376 [0eb19980cf5f] <1.8>
1378 * configure, configure.in:
1379 Add explicit check for struct utmpx.ut_exit.e_termination and struct
1380 utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
1381 ut_exit if we detect one or the other.
1382 [ab5b665fc04b] <1.8>
1384 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
1386 * Add back missing #include of config.h
1387 [9c82bec81018] <1.8>
1389 * Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
1391 [1ae630470f8a] <1.8>
1393 * Quote first argument to AC_DEFUN(); from Elan Ruusamae
1394 [c467e9e3b399] <1.8>
1396 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
1398 * add new sudoers tests
1399 [05f2a0924acc] <1.8>
1401 * Add test for a newline in the middle of a string when no line
1402 continuation character is used.
1403 [24b79be5822b] <1.8>
1405 * Use bitwise AND instead of modulus to check for length being odd. A
1406 newline in the middle of a string is an error unless a line
1407 continuation character is used.
1408 [65c468599688] <1.8>
1410 * Move lexer globals initialization into init_lexer.
1411 [07a1171a1853] <1.8>
1413 * Fix a potential crash when a non-regular file is present in an
1414 includedir. Fixes bz #452
1415 [5057cb9516e4] <1.8>
1417 * On some Linux systems, "uname -p" contains detailed processor info
1418 so check "uname -m" first and then "uname -p" if needed. Recognize
1420 [56226c84a060] <1.8>
1422 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
1424 * Don't need all sudoers.h here.
1425 [43b6ae5999c5] <1.8>
1427 * Print sudo version early, in case policy plugin init fails.
1428 [620f2d0ec4b1] <1.8>
1430 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
1432 * Update to match change in input.
1433 [69540f84721d] <1.8>
1435 * Make an empty group or netgroup a syntax error.
1436 [4b85bddc494e] <1.8>
1438 * An empty group or netgroup should be a syntax error.
1439 [6ec796972eff] <1.8>
1441 * Check that uids work in per-user and per-runas Defaults Check that
1442 uids and gids work in a Command_Spec
1443 [68cf62353420] <1.8>
1445 * Test empty string in User_Alias and Command_Spec
1446 [017d487c31be] <1.8>
1448 * Allow a group ID in the User_Spec.
1449 [37e0bf69c8d8] <1.8>
1451 * Return an error for the empty string when a word is expected. Allow
1452 an ID for per-user or per-runas Defaults.
1453 [4c9020779582] <1.8>
1455 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
1457 * Fix printing "User_Alias FOO = ALL"
1458 [97c9fd7caeb7] <1.8>
1460 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
1462 * Better error message about invalid -C argument
1463 [2301e7a3835b] <1.8>
1466 [c5acde62a309] <1.8>
1468 * Fix placement of equal size ('=') in user specification summary.
1469 [4d0ffef77ae4] <1.8>
1471 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
1473 * update to match sudoers regress
1474 [0efb8dc9092a] <1.8>
1476 * Restore ability to define TRACELEXER and have trace output go to
1478 [441c8b372217] <1.8>
1480 * Restore old behavior of setting sawspace = TRUE for command line
1481 args when a line continuation character is hit to avoid causing
1482 problems for existing sudoers files.
1483 [963ded6ce070] <1.8>
1485 * Add test for line continuation and aliases
1486 [5703d11a3c46] <1.8>
1488 * Make test output line up nicely for parse vs. toke
1489 [15321ce2d7d9] <1.8>
1491 * plugins/sudoers/regress/testsudoers/test1.ok,
1492 plugins/sudoers/regress/testsudoers/test2.out,
1493 plugins/sudoers/regress/testsudoers/test2.sh,
1494 plugins/sudoers/regress/testsudoers/test3.ok,
1495 plugins/sudoers/regress/testsudoers/test3.sh,
1496 plugins/sudoers/regress/visudo/test1.ok,
1497 plugins/sudoers/regress/visudo/test1.sh:
1498 Move parser tests to sudoers directory and test the tokenizer output
1500 [111c1ccda334] <1.8>
1502 * If we match a rule anchored to the beginning of a line after parsing
1503 a line continuation character, return an ERROR token. It would be
1504 nicer to use REJECT instead but that substantially slows down the
1506 [67e54b14aa9d] <1.8>
1508 * Move LEXTRACE macro to toke.h so we can use it in yyerror().
1509 [e6e04037deed] <1.8>
1511 * Make lex tracing settable at run-time in testsudoers via the -t
1512 flag. Trace output goes to stderr. Will be used by regress tests
1514 [a973f43cc0c2] <1.8>
1516 * Allow whitespace after the modifier in a Defaults entry. E.g.
1517 "Defaults: username set_home"
1518 [bf876c9fc5bb] <1.8>
1520 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
1522 * Don't set CC when cross-compiling.
1523 [d3c33dcb02f2] <1.8>
1525 * Credit Matthew Thomas for the sudoers_search_filter changes.
1526 [2209b80664af] <1.8>
1528 * Add the .sym files to the MANIFEST
1529 [bb452b28a009] <1.8>
1531 * Update for sudo 1.8.1 beta
1532 [700d42d80e00] <1.8>
1534 * user_shell -> run_shell to avoid confusion with the user's SHELL
1536 [451b96d5f97e] <1.8>
1538 * Save the controlling tty process group before suspending in pty
1539 mode. Previously, we assumed that the child pgrp == child pid
1540 (which is usually, but not always, the case).
1541 [b0841d861191] <1.8>
1543 * Add support for sudoers_search_filter setting in ldap.conf. This
1544 can be used to restrict the set of records returned by the LDAP
1546 [70c5f496e2b3] <1.8>
1548 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
1550 * configure, configure.in:
1551 Remove the hack to disable -g in CFLAGS unless --with-devel
1552 [9459839f50ba] <1.8>
1554 * The '@' character does not normally need to be quoted.
1555 [e66c4c64e514] <1.8>
1557 * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
1558 if that whitespace is followed by a comma, we want to treat it as
1559 part of a list and not transition.
1560 [52ae2df9959d] <1.8>
1562 * Add check for whitespace when a User_List is used for a per-user
1564 [44a4db95be86] <1.8>
1566 * Expand quoted name checks to cover recent fixes.
1567 [bd494b5c2bed] <1.8>
1569 * Fix parsing of double-quoted names in Defaults and Aliases which was
1570 broken in 601d97ea8792.
1571 [dfdd58c3eb3b] <1.8>
1573 * toke_util.c lives in $(srcdir) not $(devdir)
1574 [94f8f024782e] <1.8>
1576 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
1578 * configure, configure.in:
1579 Update version to 1.8.1
1580 [531a7d520f18] <1.8>
1582 * Document major changes in 1.8.1 and add upgrade notes.
1583 [116821646140] <1.8>
1585 * Be careful not to deref user_stat if it is NULL. This cannot
1586 currently happen in sudo but might in other programs using the
1588 [d72a9c7151c4] <1.8>
1590 * configure will not add -O2 to CFLAGS if it is already defined to add
1591 -O2 to the CFLAGS we pass in when PIE is being used.
1592 [2c7fe82be93d] <1.8>
1594 * Warn about the dangers of log_input and mention iolog_file and
1595 iolog_dir in the log_input and log_output descriptions.
1596 [edc6aa59aa45] <1.8>
1598 * sync with git version
1599 [b121cf739c77] <1.8>
1601 * It seems that h comes after i
1602 [99ad15015f05] <1.8>
1604 * Move log_input and log_output to their proper, sorted, location.
1605 Document set_utmp and utmp_runas.
1606 [216ce8b0ae1a] <1.8>
1608 * Save the controlling tty process group before suspending so we can
1609 restore it when we resume. Fixes job control problems on Linux
1610 caused by the previous attemp to fix resuming a shell when I/O
1611 logging not enabled.
1612 [dfe038f733be] <1.8>
1614 * Fix printing of the remainder after a newline. Fixes "sudo -l"
1615 output corruption that could occur in some cases.
1616 [ab2f0a629e0d] <1.8>
1618 * Add support for ut_exit
1619 [7039ec6a73fa] <1.8>
1621 * Add support for controlling whether utmp is updated and which user
1622 is listed in the entry.
1623 [1b008ce71eab] <1.8>
1625 * Fix typo; tupple vs. tuple
1626 [67bb5c67ae3d] <1.8>
1628 * For legacy utmp, strip the /dev/ prefix before trying to determine
1629 slot since the ttys file does not include the /dev/ prefix.
1630 [8f597114381d] <1.8>
1632 * Add check for _PATH_UTMP
1633 [fe7e2456f017] <1.8>
1635 * Adapt check_iolog_path to sessid changes
1636 [3016201869b6] <1.8>
1638 * Redo utmp handling. If no getutent()/getutxent() is available,
1639 assume a ttyslot-based utmp. If getttyent() is available, use that
1640 directly instead of ttyslot() so we don't have to do the stdin dup2
1642 [817490c7c20e] <1.8>
1644 * Move utmp handling into utmp.c
1645 [e4729d9259e9] <1.8>
1647 * Update copyright years.
1648 [1065afc00233] <1.8>
1650 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
1652 * Add "user_shell" boolean as a way to indicate to the plugin that the
1654 [6e8bc49b7ea7] <1.8>
1656 * Move sessid out of sudo_user.
1657 [00d67d5ba894] <1.8>
1659 * Log the TSID even if it is not a simple session ID.
1660 [490cf0adae29] <1.8>
1662 * Document noexec in sample.sudo.conf and add back noexec_file section
1663 in sudoers with a note that it is deprecated.
1664 [c7a2d8d0c563] <1.8>
1666 * Fix running commands as non-root on systems where setreuid() changes
1667 the saved uid based on the effective uid we are changing to.
1668 [f3b27db56ba6] <1.8>
1670 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
1672 * Move noexec path into sudo.conf now that sudo itself handles noexec.
1673 Currently can be configured in sudoers too but is now undocumented
1674 and will be removed in a future release.
1675 [9c5f64709994] <1.8>
1677 * Document "Path noexec ..." in sudo.conf. No longer document
1678 noexec_file in sudoers, it will be removed in a future release.
1679 [959fa6b5217b] <1.8>
1681 * Move noexec handling to sudo front-end where it is documented as
1683 [ef6cd4a40c61] <1.8>
1685 * Add support for disabling exec via solaris privileges. Includes
1686 preparation for moving noexec support out of sudoers and into front
1688 [d9c05ba9a24f] <1.8>
1690 * Only export the symbols corresponding to the plugin structs.
1691 [cb07af1d9b39] <1.8>
1693 * Install plugins manually instead of using libtool. This works
1694 around a problem on AIX where libtool will install a .a file
1695 containing the .so file instead of the .so file itself.
1696 [1ccf5af58c05] <1.8>
1699 Move check into its own rule since some versions of make will run
1700 both targets as the default rule.
1701 [7159f37eb552] <1.8>
1703 * Update to libtool 2.2.10
1704 [9e49773b32b7] <1.8>
1706 * In handle_signals(), restart the read() on EINTR to make sure we
1707 keep up with the signal pipe. Don't return -1 on EAGAIN, it just
1708 means we have emptied the pipe.
1709 [dc2926097b2d] <1.8>
1711 * Reorder functions to quiet a compiler warning.
1712 [5201367e5db4] <1.8>
1714 * Use the Sun Studio C compiler on Solaris if possible
1715 [b8d43b423fb9] <1.8>
1717 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
1719 * Fix default setting of osversion variable.
1720 [e12905851be5] <1.8>
1722 * Make two login_class entris consistent.
1723 [0671d7b204be] <1.8>
1725 * Add support for adding a utmp entry when allocating a new pty.
1726 Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
1727 Currently only creates a new entry if the existing tty has a utmp
1729 [40ff30099e79] <1.8>
1731 * Avoid pulling in headers we don't need on Linux For getutx?id(),
1732 call setutx?ent() first and always call endutx?ent().
1733 [b86f7a13aae9] <1.8>
1735 * Add some more libs to SUDOERS_LIBS instead of relying on them to be
1736 pulled in by SUDO_LIBS.
1737 [bcbd16ec56c6] <1.8>
1739 * Fix return value of "sudo -l command" when command is not allowed,
1740 broken in [c7097ea22111]. The default return value is now TRUE and
1741 a bad: label is used when permission is denied. Also fixed missing
1742 permissions restoration on certain errors. On error()/errorx(), the
1743 password and group files are now closed before returning.
1744 [757c941a47b2] <1.8>
1746 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
1748 * Fix passing of login class back to sudo front end.
1749 [5e649de6b7f5] <1.8>
1751 * Add --osversion flag to specify OS instead of running "pp
1753 [8a03943ac5e8] <1.8>
1755 * Fix expr usage w/ GNU expr
1756 [bdecfa1f54fc] <1.8>
1758 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
1760 * Fix exit value for validate and list mode.
1761 [6f8b20199935] <1.8>
1763 * Fix non-interactive mode with sudoers plugin.
1764 [cf5aca4fcbcf] <1.8>
1766 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
1768 * sudoreplay can now find IDs other than %{seq} and display the
1770 [60396b417633] <1.8>
1772 * Add support for replaying sessions when iolog_file is set to
1773 something other than %{seq}.
1774 [1cd2baa74d56] <1.8>
1776 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
1778 * If we are killed by a signal, display the name of the signal that
1780 [1b38c4d42282] <1.8>
1782 * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
1784 [78e97a921104] <1.8>
1786 * Fix bug in skey/opie check that could cause a shell warning.
1787 [f20229a04f30] <1.8>
1789 * No longer need sudo_getepw() stubs.
1790 [795631ac7db0] <1.8>
1792 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
1794 * Fix exit value of "sudo -l command" in sudoers module.
1795 [4a05d6019b3d] <1.8>
1797 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
1799 * Use fgets() not fgetln() for portability.
1800 [1f2050745096] <1.8>
1802 * Don't use the beta or release candidate version as the rpm release.
1803 [a5b049477646] <1.8>
1805 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1808 Adjust ChangeLog rule now that 1.8 is branched
1809 [a994ac361e44] <1.8>
1812 Added tag SUDO_1_8_0 for changeset f6530d56f6ae
1813 [99a2b3801419] <1.8>
1815 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1817 * configure, configure.in:
1819 [f6530d56f6ae] [SUDO_1_8_0]
1822 update sudo 1.8 section
1825 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
1827 * plugins/sudoers/regress/testsudoers/test2.sh:
1828 fix test description
1831 * plugins/sudoers/regress/testsudoers/test2.out,
1832 plugins/sudoers/regress/testsudoers/test2.sh,
1833 plugins/sudoers/regress/visudo/test2.out,
1834 plugins/sudoers/regress/visudo/test2.sh:
1835 convert test2 to use testsudoers
1838 * include/sudo_plugin.h, src/sudo_plugin_int.h:
1839 Move struct generic_plugin to sudo_plugin_int.h
1842 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1843 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
1844 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
1845 plugins/sudoers/sudoers.h:
1846 Allow sudoers file name, mode, uid and gid to be specified in the
1847 settings list. The sudo front end does not currently set these but
1851 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
1853 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
1854 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
1855 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
1856 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
1861 * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
1862 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
1863 src/parse_args.c, src/sudo.h:
1864 add help text to sudo, visudo and sudoreplay for the -h option
1867 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
1869 * compat/snprintf.c:
1870 avoid using "howmany" for a parameter name since it is a select-
1875 mention group_plugin when describing nonunix_group
1878 * doc/sudo_plugin.pod:
1879 Add missing period at end of sentence
1882 * Makefile.in, doc/Makefile.in, include/Makefile.in,
1883 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
1884 plugins/sudoers/Makefile.in, src/Makefile.in:
1885 add localstatedir; closes bug 471
1888 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
1889 src/exec.c, src/exec_pty.c:
1890 The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
1895 add missing AH_TEMPLATE for ENV_RESET
1899 SVR5 systems return non-zero for success on socketpair(), check for
1900 -1 instead. Closes Bug 469
1903 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
1905 * configure, configure.in:
1909 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
1910 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
1911 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
1912 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
1917 Document that a sudo.conf file with no Pligin lines uses the default
1921 * src/load_plugins.c:
1922 If sudo.conf contains no Plugin lines, use the default sudoers
1923 policy and I/O plugins.
1926 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
1928 * plugins/sudoers/sudo_nss.c:
1929 Avoid printing empty "Runas and Command-specific defaults for user"
1934 Truncate the buffer at buf.len before printing in the non-wordwrap
1939 Remove extra newline when the tty width is very small or unavailable
1942 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
1944 * plugins/sudoers/alias.c:
1945 Remove unneeded variable.
1948 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
1950 * configure, configure.in:
1951 Prefer getutxid over getutid
1954 * plugins/sudoers/boottime.c:
1955 Include utmp.h / utmpx.h before missing.h as apparently including it
1956 afterwards causes a compilation problem on GNU Hurd.
1959 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
1961 * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
1962 #include "foo.h", not <foo.h> for local includes.
1969 * compat/mksiglist.c:
1973 * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
1974 plugins/sudoers/match.c:
1975 return foo not return(foo)
1978 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
1981 Remove duplicate FD_SET of signal_pipe[0]
1984 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
1986 * compat/mksiglist.c:
1987 Use "missing.h" not <missing.h> in generated code.
1990 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
1992 * aclocal.m4, configure:
1993 fix --with-iologdir=no
1996 * aclocal.m4, configure:
1997 fix typo that broke --with-iologdir
2000 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
2002 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
2003 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
2004 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
2005 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
2007 Bump version to 1.8.0b4
2014 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2015 Attempt to clarify how users and groups interact in Runas_Specs
2018 * plugins/sudoers/regress/visudo/test2.out,
2019 plugins/sudoers/regress/visudo/test2.sh:
2020 Add test for quoted group that contains escaped double quotes
2023 * src/exec.c, src/exec_pty.c:
2024 Pass SIGUSR1/SIGUSR2 through to the child.
2027 * src/exec_pty.c, src/sudo_exec.h:
2028 Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
2029 SIGUSR2 to indicate whether the child should be continued in the
2030 foreground or background.
2034 Use pid_t not int and check the return value of kill()
2037 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
2040 Remove obsolete comment
2044 In non-pty mode before continuing the child, make it the foreground
2045 pgrp if possible. Fixes resuming a shell.
2049 If we get a signal other than SIGCHLD in the monitor, pass it
2050 directly to the child.
2053 * src/exec.c, src/exec_pty.c, src/sudo.h:
2054 Save signal state before changing handlers and restore before we
2055 execute the command.
2058 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
2060 * plugins/sudoers/iolog.c:
2061 Use a char array to map a number to a base36 digit.
2064 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
2065 Be clear about what versions of sudo support new LDAP attributes.
2066 Fix up some formatting of attribute names. Minor other tweaks.
2069 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
2071 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2072 match quoted strings the same way whether in a Defaults line or as a
2073 user/group/netgroup name. Fixes escaped double quotes in quoted
2074 user/group/netgroup names.
2077 * plugins/sudoers/Makefile.in:
2078 'make check' depends on visudo and testsudoers
2081 * plugins/sudoers/sudoers2ldif:
2082 Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
2085 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
2088 Mention LDAP attribute compatibility status.
2091 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
2097 * INSTALL, NEWS, config.h.in, configure, configure.in,
2098 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
2099 Add --disable-env-reset configure option.
2102 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2103 Document that sudoers_locale also affects logging and email.
2106 * NEWS, config.h.in, configure, configure.in,
2107 plugins/sudoers/logging.c:
2108 Do logging and email sending in the locale specified by the
2109 "sudoers_locale" setting ("C" by default). Email send by sudo
2110 includes MIME headers when the sudoers locale is not "C".
2113 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
2115 * plugins/sudoers/check.c:
2119 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
2121 * NEWS, src/parse_args.c, src/sudo.c:
2122 Perform command escaping for "sudo -s" and "sudo -i" after
2123 validating sudoers so the sudoers entries don't need to have all the
2127 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
2129 * plugins/sudoers/logging.c:
2130 Prepend "list " to the command logged when "sudo -l command" is used
2131 to make it clear that the command was listed, not run.
2134 * plugins/sudoers/parse.c:
2138 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
2139 common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
2140 compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
2141 compat/nanosleep.c, compat/regress/glob/globtest.c,
2142 compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
2143 compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
2144 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
2145 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
2146 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
2147 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
2148 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
2149 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
2150 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
2151 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
2152 plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
2153 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
2154 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
2155 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2156 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
2157 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
2158 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
2159 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
2160 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
2161 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
2162 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
2163 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
2164 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
2165 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
2166 src/sudo_noexec.c, src/tgetpass.c:
2167 standardize on "return foo;" rather than "return(foo);" or "return
2171 * plugins/sudoers/sudoers.c:
2172 Do not reject sudoers file just because it is root-writable.
2175 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
2181 * plugins/sudoers/sudo_nss.c:
2182 For "sudo -U user -l" if user is not authorized on the host, say so.
2185 * plugins/sudoers/ldap.c:
2186 In sudo_ldap_lookup(), always do the initial sudoers check as the
2187 invoking user. If we are listing another user's privs we will do a
2188 separate lookup using list_pw later.
2191 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
2194 add parser fill tests
2197 * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
2198 Don't test features not supported by the bundled glob()
2201 * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
2202 compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
2203 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
2204 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
2205 doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
2206 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2207 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
2208 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2209 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
2210 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
2211 plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
2212 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
2213 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
2214 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
2215 plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
2216 Update copyright year to 2011
2219 * plugins/sudoers/sudo_nss.c:
2220 When listing, use separate lbufs for the defaults and the privileges
2221 and only print something if the number of privileges is non-zero.
2222 Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
2225 * plugins/sudoers/ldap.c:
2226 Stash pointer to user group vector in LDAP handle and only reuse the
2227 query if it has not changed. We always allocate a new buffer when
2228 we reset the group vector so a simple pointer check is sufficient.
2231 * plugins/sudoers/sudo_nss.c:
2232 Check initgroups() return value.
2235 * plugins/sudoers/Makefile.in,
2236 plugins/sudoers/regress/parser/check_fill.c:
2237 Add tests for the fill functions in toke_util.c
2240 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
2242 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
2250 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
2253 Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
2256 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
2259 Add Requires line for audit-libs >= 1.4 for RHEL5+
2263 sync with git version
2266 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
2268 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2272 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
2275 Update for sudo 1.7.4p5
2278 * doc/schema.OpenLDAP, doc/schema.iPlanet:
2279 Add sudoNotBefore and sudoNotAfter attributes as optional attributes
2280 to the sudoRole object class. From Andreas Mueller
2283 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
2286 Mention "sudo -g group" password check fix.
2289 * plugins/sudoers/sudoers.c:
2290 Fix "sudo -g" support in the sudoers module.
2293 * plugins/sudoers/check.c:
2294 If the user is running sudo as himself but as a different group we
2295 need to prompt for a password.
2298 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
2300 * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
2301 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
2302 plugins/sudoers/ldap.c:
2303 Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
2304 LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
2305 derived LDAP SDKs but we can pass the timeout parameter to
2306 ldap_search_ext_s() or ldap_search_st() when possible.
2309 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
2313 * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2314 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
2315 with OpenLDAP ldap.conf files.
2318 * plugins/sudoers/pwutil.c:
2319 If user has no supplementary groups, fall back on checking the group
2323 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
2325 * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
2329 * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
2330 plugins/sudoers/toke.l:
2331 Move fill macro to toke.h
2334 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
2335 plugins/sudoers/toke.h, plugins/sudoers/toke.l,
2336 plugins/sudoers/toke_util.c:
2337 Split tokenizer utility functions out into toke_util.c
2340 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2341 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2345 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
2351 * plugins/sudoers/Makefile.in:
2352 Add visudo tests to check target
2355 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
2356 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
2357 compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
2358 Add my regress tests for fnmatch() and glob() from OpenBSD.
2361 * plugins/sudoers/regress/testsudoers/test1.sh,
2362 plugins/sudoers/regress/visudo/test1.ok,
2363 plugins/sudoers/regress/visudo/test1.sh:
2364 Add regress test for command tags using visudo -c
2367 * plugins/sudoers/Makefile.in,
2368 plugins/sudoers/regress/testsudoers/test1.ok,
2369 plugins/sudoers/regress/testsudoers/test1.sh:
2370 Add support for regress tests using testsudoers
2373 * plugins/sudoers/testsudoers.c:
2374 Need to set user_name explicitly due to internal changes made when
2375 converting sudoers to a plugin.
2378 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
2380 * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
2381 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
2382 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2383 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2384 plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
2386 Add regression tests for iolog_path()
2389 * Makefile.in, common/Makefile.in, compat/Makefile.in,
2390 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
2391 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2392 src/Makefile.in, zlib/Makefile.in:
2393 Add support for "make Makefile" to regenerate Makefile from
2397 * plugins/sudoers/iolog_path.c:
2398 Quiest a bogus compiler warning.
2401 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
2403 * plugins/sudoers/iolog_path.c:
2404 Protect call to setlocale() with HAVE_SETLOCALE
2407 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
2410 mkstemps.c was renamed mktemp.c
2414 Update from 1.7 branch
2418 Use "mv -f" when regenerating ChangeLog
2421 * plugins/sudoers/match.c:
2422 Fix NULL dereference with "sudo -g group" when the sudoers rule has
2423 no runas user or group listed. Fixes RedHat bug Bug 667103.
2426 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
2428 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
2429 Correct the default sudo.conf example
2432 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
2434 * plugins/sudoers/iolog_path.c:
2435 Reset slashp if we allocate a new buffer for strftime()
2438 * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
2439 plugins/sudoers/sudoers.h:
2440 Add extra out parameter to expand_iolog_path() to allow the caller
2441 to split the path into dir and file components if needed.
2444 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
2446 * plugins/sudoers/iolog.c:
2447 mkdir_iopath() returns size_t now that it uses strlcpy() and not
2451 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
2452 Trim leading slashes from iolog_file and trailing slashes from
2456 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
2457 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
2458 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2459 Pass a single I/O log file name in command_details instead of
2460 separate dir + file parameters.
2463 * plugins/sudoers/sudoreplay.c:
2464 change an error() to errorx()
2467 * plugins/sudoers/iolog.c:
2468 Add missing cwd line to I/O log info file that got dropped when
2469 iolog_deserialize_info() was added
2472 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
2474 * plugins/sudoers/iolog.c:
2475 Avoid relying on globals filled in by the sudoers policy module for
2476 the sudoers I/O log module. The I/O log open function now pulls the
2477 bits it needs out of user_info and command_info.
2480 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
2481 plugins/sudoers/sudoers.h:
2482 If no iolog file is specified by the policy plugin, use io_nextid()
2483 to determine the next file in the sequence.
2486 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
2488 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
2489 Document iolog_compress in command_info
2492 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
2493 Add support for the iolog_compress variable in command_info.
2496 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
2497 Add sigsetjmp() calls to all plugin entry points just to be safe.
2500 * src/sudo.c, src/sudo.h:
2501 Don't need iolog variables in struct command_details, they are for
2502 the I/O log plugins to handle.
2505 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
2507 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2508 Document use of mkdtemp() for iolog path teplates
2511 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
2512 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
2513 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
2514 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
2518 * doc/sudo_plugin.pod, doc/sudoers.pod:
2519 Document iolog_file and supported escape sequences for sudoers.
2520 Clarify that iolog_file can contain directories.
2523 * compat/Makefile.in, configure, configure.in:
2524 Fix building of mkstemps/mkdtemp replacements.
2527 * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
2528 configure.in, include/missing.h:
2529 Provide mkdtemp() for systems without it.
2532 * plugins/sudoers/iolog_path.c:
2536 * plugins/sudoers/iolog.c:
2537 Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
2538 glibc mkdtemp() returns EINVAL.
2541 * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
2542 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
2543 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
2544 plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
2545 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2546 Allow sudoers to specify the iolog file in addition to the iolog
2547 dir. Add escape sequence support to iolog file and dir: sequence
2548 number, user, group, runas_user, runas_group, hostname and
2549 command in addition to any escape sequence recognized by
2553 * plugins/sudoers/iolog.c:
2554 Add missing sigsetjmp() call in I/O plugin open function. Fixes a
2555 crash when the I/O plugin calls error(), errorx() or log_error().
2558 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
2560 * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
2561 plugins/sudoers/sudoers.c:
2562 Give the policy module fine-grained control over what the I/O plugin
2567 Clear OPOST from c_oflag like we used to. Fixes screen-based
2572 Clarify umask option description. From Reuben Thomas.
2575 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
2577 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2578 Pick last match in LDAP sudoers too
2581 * doc/sudo_plugin.pod:
2582 Document iolog_file, iolog_dir and use_pty
2585 * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
2586 plugins/sudoers/sudoers.c:
2587 Adapt plugins to version I/O logging ABI 1.1
2590 * src/exec.c, src/sudo.h:
2591 Add use_pty command_info flag for policies to indicate that a pty
2592 should be allocated even if no I/O logging is performed.
2596 Add remaining plugin convenience functions
2599 * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
2600 src/sudo_plugin_int.h:
2601 Change I/O log API to pass in command info to the I/O log open
2602 function. Add iolog_file and iolog_dir parameters to command info.
2603 This allows the policy plugin to specify the I/O log pathname. Add
2604 convenience functions for calling plugin functions that handle ABI
2605 backwards compatibility.
2612 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
2614 * configure, configure.in:
2615 Bump version to 1.8.0b3
2618 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
2621 Remove extraneous newline
2624 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
2626 * doc/sudoers.pod, plugins/sudoers/def_data.c,
2627 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
2628 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
2629 Make I/O log dir configurable.
2632 * aclocal.m4, configure, configure.in, doc/sudoers.pod:
2633 Rename io_logdir to iolog_dir
2636 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
2639 Add missing '*' that prevented the generic ELF case from matching.
2643 If file(1) can't identify the ELF binary type, try readelf(1).
2646 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
2648 * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
2649 plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
2650 plugins/sudoers/sudoers.c, src/sudo.c:
2651 Use %u to print uid/gid, not %lu and adjust casts to match.
2654 * doc/sudoers.ldap.pod:
2655 Clarify ordering of entries and attributes.
2658 * doc/sudoers.ldap.pod:
2659 Fix typo and editing goof.
2662 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
2663 doc/sudoers.ldap.pod:
2664 Merge in ordered LDAP entry support from Andreas Mueller.
2667 * plugins/sudoers/ldap.c:
2668 Make sure we don't dereference a NULL handle.
2671 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
2674 Add support for RHEL 6 file modes that include a trailing dot on
2675 files with an SELinux security context
2678 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
2681 exec_setup() does not need to setuid(0), the Ubuntu issue was in the
2685 * plugins/sudoers/sudoers.c:
2686 create_admin_success_flag() should use restore_perms() rather than
2687 set_perms() to restore the uid.
2691 In exec_setup() call setuid(0) to make certain the subsequent uid
2692 and gid changes will succeed. Fixes a problem on Ubuntu.
2696 Error out if we cannot change to root's uid so we catch the failure
2700 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
2703 fix typo; from Michael T Hunter
2706 * plugins/sudoers/match.c:
2707 In sudoedit mode, assume command line arguments are paths and pass
2708 FNM_PATHNAME to fnmatch().
2711 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
2713 * configure, configure.in:
2714 Add workaround for an error in sys/types.h on HP-UX 11.23 when large
2715 file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
2716 broken bits of the header file.
2720 Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
2724 For Tru64, strip off beta version.
2727 * MANIFEST, plugins/sudoers/testsudoers.c,
2728 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
2729 Avoid conflicts with system definitions in grp.h and pwd.h
2733 Include stdio.h after zlib.h, not before. We need the large file
2734 defines to come first.
2737 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
2739 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
2744 Don't clean ChangeLog
2747 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
2748 Add prototype for cleanup()
2751 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
2753 * plugins/sudoers/group_plugin.c:
2754 Avoid deferencing group_plugin if it is NULL in
2755 group_plugin_query(). This should not happen.
2758 * plugins/sudoers/group_plugin.c:
2759 group plugin init function return TRUE when successful
2762 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
2764 * plugins/sudoers/ldap.c:
2765 Enlarge the array of entry wrappers int blocks of 100 entries to
2766 save on allocation time. From Andreas Mueller
2769 * plugins/sudoers/ldap.c:
2770 Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
2771 that was mistakenly dropped.
2774 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
2776 * doc/TROUBLESHOOTING:
2777 Mention that sudo needs "ar" to build.
2780 * configure, configure.in:
2781 Fail with a more useful error if "ar" is not found.
2784 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
2786 * plugins/sudoers/ldap.c:
2787 Merge in ordered LDAP entry support from Andreas Mueller and add
2788 local changes from the 1.7 branch.
2791 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
2793 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
2794 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2795 Add timed entry support from Andreas Mueller.
2798 * plugins/sudoers/group_plugin.c:
2799 Don't try to unload if group_plugin is NULL. Don't call dlclose() if
2800 group_handle is NULL
2803 * plugins/sudoers/sudoers.h:
2804 It is now plugin_cleanup(), not cleanup()
2807 * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
2808 Call plugin_cleanup(), not cleanup()
2811 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
2813 * plugins/sudoers/ldap.c:
2814 Use efree() not free() and remove malloc.h include since we never
2815 directly call malloc() or free().
2818 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
2821 set PSTAMP for Solaris and move the backend-specific bits to their
2822 own %if [xxx] %endif blocks in %set.
2829 * configure, configure.in:
2830 Only substitute file zlib files when using the builtin zlib
2833 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
2834 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2835 src/Makefile.in, zlib/Makefile.in:
2836 Give up on using VPATH to find sources as it is implemented
2837 inconsistenly in different versions of make.
2840 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
2841 plugins/sudoers/gram.c, plugins/sudoers/toke.c:
2842 Include config.h before any other includes to make sure we get the
2843 right value for _FILE_OFFSET_BITS.
2855 g/c unused $(GENERATED)
2858 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
2860 * plugins/sudoers/group_plugin.c:
2861 Zero out group_plugin on unload just to be safe.
2864 * plugins/sudoers/group_plugin.c:
2865 Unload group plugin if its init function fails.
2869 Only chdir to cwd if it is different from the current cwd or there
2870 is a new root (chroot).
2873 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
2874 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
2875 doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
2876 Bump version to 1.8.0b2
2879 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
2882 Better --enable-zlib description
2886 Use system zlib on Linux Let configure decide on Solaris For all
2887 others, use builtin zlib
2891 Add large file support.
2895 Add large file support.
2898 * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
2899 zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
2900 zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
2901 zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
2902 zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
2903 zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
2904 zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
2905 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
2906 Add local copy of zlib for systems that lack it.
2909 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
2912 If perform_io() fails, kill the child before exiting so it doesn't
2913 complain about connection reset. We can get an I/O error if, for
2914 example, and we get EIO reading from stdin.
2917 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
2919 * plugins/sudoers/sudoers.c, src/sudo.c:
2920 Fix complilation on systems with set_auth_parameters() Sprinkle
2921 volatile to quiet warnings from gcc 2.8.0
2924 * compat/dlfcn.h, compat/dlopen.c:
2925 Avoid potential namespace issues with dlopen() emulation.
2932 * plugins/sudoers/interfaces.c:
2933 Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
2938 Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
2941 * configure, configure.in:
2942 HP-UX 10.20 libc has an incompatible getline
2945 * plugins/sudoers/visudo.c:
2946 Quiet an HP-UX compiler warning.
2949 * configure, configure.in:
2950 Check for vi even with --with-editor specified; the sample plugin
2954 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
2957 Fix remaining syntax errors.
2961 sudo binary depends on the libtool-generated libs
2964 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
2965 Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
2966 include the local or system dlfcn.h
2970 Don't use run_as_superuser=false on HP-UX
2974 Use memset() instead of zero_bytes() since we don't include
2978 * plugins/sudoers/interfaces.c:
2979 Fix pasto; AF_INET not AF_INET6
2983 Actually call shl_load()
2987 Update from git repo. Debian: version numbers now compliant with
2988 policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
2992 * configure, configure.in:
2993 Fix dlopen() detection for systems where dlopen() is in a separate
2997 * plugins/sudoers/auth/pam.c:
2998 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
2999 useful message and return AUTH_FATAL so sudo does not keep trying to
3004 sudo_preload_table is an array
3008 Quiet a compiler warning and fix sudo_preload_table external
3013 Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
3016 * plugins/sudoers/group_plugin.c:
3017 Make this compile correctly when no dlopen is available.
3020 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
3022 * plugins/sudoers/check.c:
3023 Having a timestamp file defined is no longer indicative of tty
3024 tickets being enabled. Check def_tty_tickets directly.
3027 * src/exec_pty.c, src/sudo.h, src/ttysize.c:
3028 Fix TCGETWINSZ compat.
3031 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
3033 * src/exec_pty.c, src/ttysize.c:
3034 Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
3037 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
3039 * plugins/sudoers/sudoers.c, src/sudo.c:
3040 Move set_project() from sudoers module into sudo proper.
3043 * configure, configure.in:
3044 Fix typo and regenerate
3047 * plugins/sudoers/ldap.c:
3048 When iterating over returned LDAP entries, keep looking at remaining
3049 matches even if we have a positive match. This catches negative
3050 matches that may exist in other entries and more closely match the
3051 sudoers file behavior.
3055 Add support for multiple package instances on Solaris.
3059 Add missing signal_pipe[0] to fdsr for the non-pty case.
3063 Add --with-project for Solaris
3067 Need ar and ranlib too
3070 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
3072 * plugins/sudoers/env.c:
3073 Preserve ODMDIR environment variable by default on AIX.
3076 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
3078 * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
3079 config.h.in, configure, configure.in, plugins/sample/Makefile.in,
3080 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3081 plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
3082 plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
3084 Add dlopen() emulation for systems without it. For HP-UX 10, emulate
3085 using shl_load(). For others, link sudoers plugin statically and use
3086 a lookup table to emulate dlsym().
3089 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
3091 * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
3092 compat/nanosleep.c, compat/utimes.c:
3093 When including compat headers, use the compat dir as part of the
3094 path so we are sure to get the correct header.
3097 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
3099 * plugins/sudoers/linux_audit.c:
3100 Ignore ECONNREFUSED from audit_log_user_command() which will occur
3101 if auditd is not running.
3104 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
3107 Sync with git version
3110 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
3112 * common/fileops.c, plugins/sudoers/defaults.c:
3113 Cast isblank argument to unsigned char.
3116 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
3118 * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
3119 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
3120 Implement --with-umask-override configure flag.
3123 * plugins/sudoers/env.c:
3124 Take MODE_LOGIN_SHELL into account when initially setting reset_home
3125 instead of special-casing it later.
3128 * plugins/sudoers/sudoers.c:
3129 In login mode, make a copy of the runas user's pw_shell for
3130 NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
3134 * plugins/sudoers/env.c:
3135 Reset HOME for "sudo -i" even if HOME was listed in env_keep.
3139 Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
3143 Reset signal mask at sudo startup time; we need to be able to rely
3144 on normal signal delivery to control the child process.
3147 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
3150 Use sed instead of expr to split a flag from its argument. Fixes a
3151 problem with expr interpreting its arguments as a flag when they
3156 Do not need sys/time.h after all
3160 Include sys/time.h for utimes() and struct timeval. No longer need
3161 ioctl.h or termios.h
3164 * compat/snprintf.c:
3165 Quiet bogus compiler warnings.
3168 * include/missing.h:
3169 Declare innetgr() for HP-UX which is missing a declaration. Declare
3170 domainname() for HP-UX and Solaris which are missing a declaration.
3173 * plugins/sudoers/bsm_audit.c:
3174 Use __sun for consistency with the rest of the sources.
3177 * plugins/sudoers/group_plugin.c:
3178 Quiet a bogus compiler warning.
3181 * plugins/sudoers/pwutil.c:
3182 Don't try to delref a NULL group.
3185 * common/alloc.c, common/lbuf.c:
3186 Include memory.h on systems that need it.
3189 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
3192 Quiet gcc warnings on glibc systems that use warn_unused_result for
3196 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3197 sudo_plugin is in section 8; from Ted Percival
3200 * plugins/sudoers/Makefile.in:
3201 testsudoers depends on libsudoers.la, not sudoreplay
3204 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
3207 Read as many signals on the signal pipe as we can before returning.
3210 * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
3211 Instead of using a array to store received signals, open a pipe and
3212 have the signal handler write the signal number to one end and
3213 select() on the other end. This makes it possible to handle signals
3214 similar to I/O without race conditions.
3217 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
3219 * doc/visudo.pod, plugins/sudoers/visudo.c:
3220 Make "visudo -c -f -" check the standard input.
3224 set_home and always_set_home have an effect if HOME is present in
3228 * plugins/sudoers/env.c:
3229 Make -H flag work when HOME is listed in env_keep. Also makes
3230 "set_home" and "always_set_home" override override HOME in env_keep.
3233 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
3235 * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
3236 plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
3237 plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
3238 plugins/sudoers/visudo.c, src/net_ifs.c:
3239 Convert sudoers plugin to use interface list passed in settings.
3242 * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
3243 src/parse_args.c, src/sudo.h:
3244 Query local network interfaces in the main sudo driver and pass to
3245 the plugin as "network_addrs" in the settings list.
3248 * plugins/sudoers/bsm_audit.c:
3249 Solaris BSM audit return EINVAL when auditing is not enabled,
3250 whereas OpenBSM returns ENOSYS.
3253 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
3256 missing.h should come before most local includes
3259 * plugins/sudoers/sudoreplay.c:
3260 missing.h should come before most local includes
3263 * plugins/sudoers/sudoers.h:
3264 Make local includes consistent; use double quotes for local includes
3265 except for generated ones where we use angle brackets.
3268 * plugins/sudoers/sudoers.c:
3269 Always fill in NewArgv for audit code.
3272 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3273 Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
3276 * common/alloc.c, common/atobool.c, common/fileops.c,
3277 common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
3278 common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
3279 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
3280 compat/getprogname.c, compat/glob.c, compat/isblank.c,
3281 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
3282 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
3283 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
3284 compat/unsetenv.c, compat/utimes.c, include/compat.h,
3285 plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
3286 plugins/sample_group/plugin_test.c,
3287 plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
3288 plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
3289 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
3290 plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
3291 plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
3292 plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
3293 src/sudo_noexec.c, src/ttysize.c:
3294 Make local includes consistent; use double quotes for local includes
3295 except for generated ones where we use angle brackets. Also g/c
3299 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
3301 * plugins/sudoers/match.c:
3302 When matching the runas user and runas group (-u and -g command line
3303 options), keep track of runas group and runas user matches
3304 separately. Only return a positive match if we have a match for
3305 both runas user and runas group (if specified).
3308 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
3310 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
3311 Add support for multiple URI lines by joining the contents and
3312 passing the result to ldap_initialize.
3315 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
3316 Do not return -1 on error from the display functions; the caller
3317 expects a return value >= 0.
3320 * plugins/sudoers/sudoers.c:
3321 Do not set both MODE_EDIT and MODE_RUN
3324 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
3326 * include/missing.h:
3327 Move includes to the top of the file.
3330 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
3332 * plugins/sudoers/Makefile.in:
3333 Add missing definition of timedir
3336 * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
3337 compat/mksiglist.c, compat/strsignal.c,
3338 plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
3339 Add #include of sys/types.h for .c files that include missing.h to
3340 be sure that size_t and ssize_t are defined.
3343 * plugins/sudoers/Makefile.in:
3344 Install sudoers file from the build dir not hte src dir.
3347 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
3349 * plugins/sudoers/set_perms.c:
3350 If runas_pw changes, reset the stashed runas aux group vector.
3351 Otherwise, if runas_default is set in a per-command Defaults
3352 statement, the command runs with root's aux group vector (i.e. the
3353 one that was used when locating the command).
3356 * plugins/sudoers/Makefile.in:
3357 Add target to generate sudoers file Remove generated sudoers file as
3361 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
3364 When not logging I/O install a handler for SIGCONT and deliver it to
3365 the command upon resume. Fixes bugzilla #431
3368 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
3370 * plugins/sudoers/sudoers.h:
3371 g/c unused auth_pw extern definition
3374 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
3375 Move get_auth() into check.c where it is actually used.
3378 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
3381 Convert a remaining puts() and putchar() to use the output function.
3384 * plugins/sudoers/plugin_error.c:
3388 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
3390 * plugins/sudoers/env.c:
3391 Set dupcheck to TRUE when setting new HOME value if !env_reset but
3392 always_set_home is true. Prevents a duplicate HOME in the
3393 environment (old value plus the new one) introduced in f421f8827340.
3396 * configure, configure.in, plugins/sudoers/sudoers,
3397 plugins/sudoers/sudoers.in:
3398 Substitute sysconfdir in the installed sudoers file to get the
3399 correct path for sudoers.d.
3402 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
3405 Fix typo that prevented compilation on Irix; Friedrich Haubensak
3408 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
3410 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
3411 common/atobool.c, common/fileops.c, common/fmt_string.c,
3412 common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
3413 compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
3414 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
3415 compat/getprogname.c, compat/glob.c, compat/isblank.c,
3416 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
3417 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
3418 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
3419 compat/unsetenv.c, compat/utimes.c, include/compat.h,
3420 include/missing.h, plugins/sample/sample_plugin.c,
3421 plugins/sample_group/getgrent.c,
3422 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
3423 plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
3424 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
3425 plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
3426 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
3427 plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
3428 src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
3429 Merge compat.h and missing.h into missing.h
3432 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
3434 * plugins/sudoers/auth/pam.c:
3435 If the user hits ^C while a password is being read, error out before
3436 reading any further passwords in the pam conversation function.
3437 Otherwise, if multiple PAM auth methods are required, the user will
3438 have to hit ^C for each one.
3441 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
3443 * plugins/sudoers/check.c:
3447 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
3448 Document sudo_conv_t function and sudo_printf_t return values.
3451 * src/conversation.c:
3452 Make _sudo_printf return the number of characters printed on success
3456 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
3458 * plugins/sudoers/sudoers.c:
3459 sudoers.h includes sudo_plugin.h for us
3462 * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
3463 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
3465 Use gettimeofday() directly instead of via the gettime() wrapper.
3468 * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
3469 compat/strerror.c, config.h.in, configure, configure.in,
3470 include/compat.h, include/missing.h, plugins/sudoers/logging.c,
3471 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
3472 Remove some obsolete configure tests, ancient Unix systems are no
3476 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
3479 Set pp_kit_version and strip off patch level
3483 Better handling of versions with a patchlevel. For rpm and deb, use
3484 the patchlevel+1 as the release. For AIX, use the patchlevel as the
3485 4th version number. For the rest, just leave the patchlevel in the
3489 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
3491 * plugins/sudoers/auth/sudo_auth.c:
3492 For non-standalone auth methods, stop reading the password if the
3493 user enters ^C at the prompt.
3496 * configure, configure.in, plugins/sudoers/Makefile.in,
3497 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
3498 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
3499 plugins/sudoers/pwutil.c:
3500 No need to look up shadow password unless we are doing password-
3501 style authentication. This moves the shadow password lookup to the
3502 auth functions that need it.
3505 * plugins/sudoers/sudoers.c:
3506 Retain final passwd/group refs until the policy close() function.
3507 Note that this doesn't get called in all cases so putting this in a
3508 cleanup function is probably better.
3511 * plugins/sudoers/check.c:
3515 * plugins/sudoers/check.c:
3516 When removing/resetting the timestamp file ignore the tty ticket
3520 * plugins/sudoers/sudoers.c:
3521 delref sudo_user.pw, runas_pw and runas_gr immediately before we
3525 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
3527 * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
3528 plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
3529 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
3530 Reference count cached passwd and group structs. The cache holds
3531 one reference itself and another is added by sudo_getgr{gid,nam} and
3532 sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
3533 group structs are persistent for now.
3540 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
3542 * plugins/sudoers/check.c:
3543 Do not produce a warning for "sudo -k" if the ticket file does not
3547 * plugins/sudoers/pwutil.c:
3548 Instead of caching struct passwd and struct group in the red-black
3549 tree, store a struct cache_item which includes both the key and
3550 datum. This allows us to user the actual name that was looked up as
3551 the key instead of the contents of struct passwd or struct group.
3552 This matters because the name in the database may not match what we
3553 looked up, due either to case folding or truncation (historically at
3554 8 characters). Also mark the disabled calls to sudo_freepwcache()
3555 and sudo_freegrcache() as broken since we use cached data for things
3556 like set_perms() and the logging functions. Fixing this would
3557 require making a copy of the structs for user and runas or adding a
3558 reference count (better).
3561 * plugins/sudoers/Makefile.in:
3562 Fix path to mkinstalldirs
3565 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
3566 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
3567 src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
3568 Quiet gcc warnings on glibc systems that use warn_unused_result for
3569 write(2) and others.
3572 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
3574 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3578 * aclocal.m4, configure, configure.in:
3579 Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
3580 back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
3584 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
3586 * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
3587 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
3588 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
3591 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
3594 Update to latest version
3597 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
3600 Let pp determine pp_aix_version itself.
3603 * INSTALL, config.h.in, configure, configure.in, mkpkg,
3604 plugins/sudoers/sudoers.c:
3605 Add support for Ubuntu admin flag file and enable it when building
3609 * plugins/sudoers/sudoers, sudo.pp:
3610 Add commented out SuSE-like targetpw settings
3613 * configure, configure.in:
3614 Only try to use +DAportable for non-GCC on hppa
3617 * configure, configure.in:
3618 Prevent configure from adding the -g flag unless in devel mode
3621 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
3624 Go back to sudo-flavor to match existing packages and only use an
3625 underscore for those that need it.
3629 Use sudo_$flavor instead of sudo-$flavor since that causes the least
3630 amount of trouble for the various package managers.
3634 Fix handling of the ldap flavor Remove destdir unless --debug was
3635 specified Make distclean before running configure if there is a
3640 Add back include file.
3644 Pass extra args on to configure on HP-UX, if we don't have the HP C
3645 compiler, disable zlib to prevent gcc from finding it in
3650 Use the HP ANSI C compiler on HP-UX if possible
3653 * plugins/sudoers/sudoreplay.c:
3654 Some getline() implementations (FreeBSD 8.0) do not ignore the
3655 length pointer when the line pointer is NULL as they should.
3658 * plugins/sudoers/sudoreplay.c:
3659 Don't need to check for *cp being non-zero, isdigit() will do that.
3662 * plugins/sudoers/sudoreplay.c:
3663 Add setlocale() so the command line arguments that use floating
3664 point work in different locales. Since sudo now logs the timing
3665 data in the C locale we must Parse the seconds in the timing file
3666 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
3667 the number of seconds with the user's locale so if the decimal point
3668 is not '.' try using the locale-specific version.
3672 Do I/O logging in the C locale so the floating point numbers in the
3673 timing file are not locale-dependent.
3676 * plugins/sudoers/sudoreplay.c:
3677 Use errorx() not error() for thingsthat don't set errno.
3680 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
3683 Better support for 1.2.3 style versions in Tru64 kits
3687 Add Tru64 kit support
3691 Remove apparently unnecessary use of sudo
3694 * Makefile.in, plugins/sudoers/Makefile.in:
3695 Create timedir as part of install-dirs target.
3699 Handle ENXIO from read/write which can occur when reading/writing a
3700 pty that has gone away.
3703 * plugins/sudoers/pwutil.c:
3704 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
3708 platform is a pp flag not a variable
3711 * Makefile.in, mkpkg, sudo.pp:
3712 Add simple arg parsing for mkpkg so we can set debug, flavor or
3717 Make rpm backend work on AIX 5.x
3720 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
3722 * plugins/sudoers/sudoers:
3723 Add commented out Defaults entry for log_output
3726 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
3729 Remove sudo docdir completely
3732 * doc/sample.sudo.conf:
3733 Add sample sudo.conf
3736 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
3738 * plugins/sudoers/Makefile.in:
3739 Add PACKAGE_TARNAME for docdir
3742 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
3745 Pass install-sh -b~ here too.
3748 * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
3749 plugins/sudoers/Makefile.in, src/Makefile.in:
3750 Install binary files with -b~ to make a backup. Fixes "text file
3751 busy" error on HP-UX during install.
3755 "mv -f" on HP-UX doesn't unlink the destination first so add an
3756 explicit rm before moving the temporary into place.
3759 * configure, configure.in:
3760 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
3763 * doc/Makefile.in, plugins/sudoers/Makefile.in:
3764 Install sudoers2ldif in the doc dir
3767 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
3770 Add missing include of maillock.h for Solaris
3773 * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
3774 doc/sample.syslog.conf, doc/sudoers.cat:
3775 Change the default syslog facility from local2 to authpriv (or auth
3776 if the operating system doesn't support authpriv).
3779 * Makefile.in, sudo.pp:
3780 Install sudoers as /etc/sudoers on RPM and debian systems where the
3781 package manager will not replace a user-modified configuration file.
3782 This fixes upgrades from the vendor sudo packages.
3786 RPM: use %config(noreplace) instead of %config for volatile This
3787 results in the new file being installed with a .rpmnew suffix
3788 instead of the file being replaced and the old one renamed with a
3792 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
3794 * compat/mkstemps.c, plugins/sudoers/boottime.c:
3795 Include time.h for struct timeval
3799 The return value of strsignal() may be const and should be treated
3800 as const regardless.
3803 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3804 Mention that 127.0.0.1 will not match, nor will localhost unless
3805 that is the actual host name.
3808 * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
3809 Rename WHATSNEW -> NEWS
3813 Updated pp with latest patches
3820 * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3821 plugins/sudoers/sudoers:
3822 Add commented out line to add HOME to env_keep and add a warning to
3823 the note about the HOME change in UPGRADE.
3826 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
3828 * plugins/sudoers/sudoreplay.c:
3829 Add LINE_MAX define for those without it.
3832 * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
3833 doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3834 plugins/sudoers/defaults.c:
3835 The tty_tickets option is now on by default.
3839 Mention that AIX authdb support has been fixed.
3843 setauthdb() only sets the "old" registry if it was set by a previous
3844 call to setauthdb(). To restore the original value, passing NULL
3845 (or an empty string) to setauthdb() is sufficient.
3848 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
3850 * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
3851 doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3852 plugins/sudoers/env.c:
3853 Reset HOME when env_reset is enabled unless it is in env_keep
3856 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3857 The default for set_logname has been "true" for some time now.
3860 * plugins/sudoers/boottime.c:
3861 Add missing include of time.h
3864 * plugins/sudoers/logging.c:
3865 Fix check for dup2() return value.
3868 * plugins/sudoers/env.c:
3869 Add PYTHONUSERBASE to initial_badenv_table
3872 * plugins/sudoers/visudo.c:
3873 Treat an unknown defaults entry as a parse error.
3876 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
3877 Check return value of setdefs() but don't stop setting defaults if
3878 we hit an unknown one.
3881 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
3882 doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
3883 doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
3884 plugins/sudoers/env.c:
3885 If env_reset is enabled, set the MAIL environment variable based on
3886 the target user unless MAIL is explicitly preserved in sudoers.
3889 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
3892 decode debian code names
3899 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
3906 Restore RLIMIT_NPROC after the uid switch if it appears that
3907 runas_setup() did not do it for us. Fixes a bash script problem on
3908 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
3911 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
3913 * mkpkg, pp, sudo.pp:
3914 Restore the dot removal in the os version reported by polypkg. Adapt
3915 mkpkg and sudo.pp to the change.
3918 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
3921 document --with-pam-login
3924 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3925 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
3928 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
3931 Include flavor in solaris package name
3935 Older shells don't support IFS= so set explictly to space, tab,
3940 Use '=' not '==' in test
3944 Fix typo that prevented debian from matching
3948 Add missing prefix setting for debian
3952 Use tab indents to reduce the chance of problem with <<- Fix the
3953 debian %set section, pp does not set pp_deb_distro Uncomment %sudo
3954 line in sudoers for debian Uncomment some env_keep lines for RHEL,
3955 SLES and debian to more closely match the vendor sudoers files.
3956 Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
3957 debian for ldap flavor
3960 * plugins/sudoers/sudoers:
3961 Add commented out env_keep entries, sample Aliases and a %sudo line
3965 * configure, configure.in:
3966 Move zlib check later on in the script to avoid a strange shell
3971 Remove check for egrep; configure has its own
3974 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
3977 Enable zlib for linux distros
3981 Add ldap flavor to default build
3985 Simplify rpm linux distro settings
3988 * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
3989 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
3993 Fix ChangeLog creation from build dir
3996 * plugins/sudoers/sudoers.c:
3997 Handle getcwd() failure.
4000 * doc/Makefile.in, mkpkg, sudo.pp:
4001 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
4002 environment variable.
4006 Create sudo group on debian
4010 Add debian 4/5/6 and use the dot when doing version matches
4013 * aclocal.m4, configure:
4014 Use a loop when searching for mv, sendmail and sh
4017 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4018 Remove spurious "and"; from debian
4021 * aclocal.m4, configure, configure.in, doc/sudoers.cat,
4022 doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
4023 doc/visudo.man.in, doc/visudo.pod:
4024 Substitute the value of EDITOR into the sudoers and visudo manuals.
4027 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
4029 * mkpkg, pp, sudo.pp:
4030 Initial support for debian 4.0
4034 Some platforms need -fPIE instead of -fpie
4037 * plugins/sudoers/auth/pam.c:
4038 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
4039 On Linux it causes a DNS lookup via libaudit.
4043 Update MANIFEST to match packaging changes
4047 We now use pp to generate HP-UX packages
4050 * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
4051 Remove vestiges of old binary package bits.
4054 * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
4055 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4056 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4058 install-man -> install-doc
4061 * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
4062 plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
4063 Use http://rc.quest.com/topics/polypkg/ for packaging
4067 Just ignore the -c option, it is the default Add support for -d
4071 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
4073 * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
4074 Use _PATH_STDPATH instead of _PATH_DEFPATH
4077 * plugins/sudoers/Makefile.in, src/Makefile.in:
4078 Do not strip binaries.
4081 * INSTALL, configure, configure.in:
4082 Add --insults=disabled configure option to allow people to build in
4083 insult support but have the insults disabled unless explicitly
4087 * compat/mkstemps.c:
4088 Add prototype for gettime()
4091 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
4092 plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
4093 plugins/sudoers/sudoers.h:
4094 Add support for a sudo-i pam.d file to be used for "sudo -i".
4095 Adapted from a RedHat patch.
4098 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
4100 * include/missing.h:
4101 Fix mkstemps() prototype
4104 * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
4105 config.h.in, configure, configure.in, include/missing.h,
4107 Use mkstemps() instead of mkstemp() in sudoedit. This allows
4108 sudoedit to preserve the file extension (if any) which may be used
4109 by the editor (like emacs) to choose the editing mode.
4112 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
4114 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
4115 plugins/sudoers/ldap.c:
4116 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
4117 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
4118 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
4119 should avoid disabling TLS_CHECKPEER is possible.
4122 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
4124 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4125 Make sudo_plugin format a bit more like a man page
4128 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4129 Add suport for negated user/host/command lists in a Defaults entry.
4130 E.g. Defaults:!baduser noexec
4133 * Makefile.in, common/Makefile.in, compat/Makefile.in,
4134 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4135 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4137 Add uninstall target
4140 * common/Makefile.in, compat/Makefile.in:
4141 Remove unused AR, SED and RANLIB variables
4145 Do not install sample plugins
4148 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
4150 * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
4151 configure.in, plugins/sudoers/env.c:
4152 Now that sudoers is a dynamically loaded module we cannot override
4153 the libc environment functions because the symbols may already have
4154 been resolved via libc. Remove getenv/putenv/setenv/unsetenv
4155 replacements from sudoers and add replacements for setenv/unsetenv
4156 for systems that lack them.
4159 * configure, configure.in, plugins/sudoers/Makefile.in:
4160 Link testsudoers with -ldl when needed
4163 * plugins/sample_group/plugin_test.c:
4164 Remove unused time.h and add limits.h for PATH_MAX
4167 * doc/sudoers.ldap.pod:
4171 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
4173 * plugins/sample_group/plugin_test.c:
4174 Do not depend on strlcpy/strlcat
4177 * plugins/sample_group/plugin_test.c:
4178 Standalone test driver for sudoers group plugin.
4181 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
4183 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
4184 Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
4188 * plugins/sample_group/sample_group.c:
4189 Fix style nit in function declarations
4192 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4193 Document group_plugin syntax.
4196 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4197 Document the sudoers group plugin.
4200 * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
4201 configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
4202 plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
4203 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
4204 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
4205 plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
4206 plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
4207 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
4208 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
4209 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
4210 Replace built-in non-unix group support with a sudoers group plugin.
4211 Include a sample plugin that can read Unix-format group files.
4214 * configure, configure.in, src/load_plugins.c:
4215 Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
4218 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
4220 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
4221 doc/sudoers.man.in, doc/sudoers.pod:
4222 Move sudoers-specific bits out of sudo(8) and into sudoers(5)
4225 * aclocal.m4, configure, configure.in:
4226 Substitute @io_logdir@ for the sudoers I/O log directory.
4229 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
4231 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
4232 common/atobool.c, common/fileops.c, common/fmt_string.c,
4233 common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
4234 compat/getgrouplist.c, compat/getline.c, compat/glob.c,
4235 compat/snprintf.c, config.h.in, configure, configure.in,
4236 include/fileops.h, plugins/sample/sample_plugin.c,
4237 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
4238 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
4239 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
4240 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
4241 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
4242 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
4243 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
4244 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
4245 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
4246 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
4247 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
4248 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
4249 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
4250 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
4251 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
4252 plugins/sudoers/logging.c, plugins/sudoers/match.c,
4253 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
4254 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
4255 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4256 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4257 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
4258 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
4259 src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
4260 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
4261 src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
4262 Set usrinfo for AIX Set adminstrative domain for the process when
4263 looking up user's password or group info and when preparing for
4264 execve(). Include strings.h even if string.h exists since they may
4265 define different things. Fixes warnings on AIX and others.
4269 Add a separate all target for AIX make which was using the entire
4270 LHS (not just the first entry) of the first target as the implicit
4274 * plugins/sudoers/env.c:
4275 Do not rely on env.env_len when unsetting a variable, just use the
4279 * plugins/sudoers/env.c:
4280 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
4283 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
4285 * plugins/sudoers/vasgroups.c:
4286 Use warningx() instead of log_error() since the latter is not
4287 available to visudo or testsudoers. This does mean that they don't
4291 * plugins/sudoers/sudoers.c:
4292 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
4293 closed the sudoers sources. From Quest sudo.
4296 * plugins/sudoers/pwutil.c:
4297 Ignore case when matching user/group names in the cache. From Quest
4301 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
4303 * config.h.in, configure, configure.in, src/selinux.c:
4304 Add check for setkeycreatecon() when --with-selinux is specified.
4307 * configure, configure.in:
4308 Error out if libaudit.h is missing or ununable when --with-linux-
4312 * doc/HISTORY, doc/history.pod:
4313 Add =head3 entries, mostly for the html version
4316 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
4318 * doc/HISTORY, doc/history.pod:
4319 Mention when LDAP was incorporate.
4322 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
4324 * configure, configure.in:
4325 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
4326 not covered by _ALL_SOURCE.
4329 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
4331 * plugins/sudoers/iolog.c:
4332 Add a cast to quiet a compiler warning.
4335 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
4336 Quiet a compiler warning.
4339 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
4340 Call set_fqdn() after sudoers has parsed instead of inline as a
4344 * WHATSNEW, plugins/sudoers/sudoers.c:
4345 Do not call set_fqdn() until sudoers parses (where is gets run as a
4350 mention the change in tty ticket behavior when there is no tty
4353 * plugins/sudoers/check.c:
4354 Do not update tty ticket if there is no tty.
4357 * doc/LICENSE, doc/license.pod:
4358 Update copyright year
4362 Do not rely on BSD make's $>
4365 * configure, configure.in:
4366 Set timedir to /var/db/sudo for darwin to match Apple sudo's
4370 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
4372 * plugins/sudoers/sudoers.h:
4373 Add stub declarations for struct stat and struct timeval
4377 Remove compat/sigaction.c
4380 * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
4381 plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
4382 Check for zlib.h in addition to libz.
4385 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
4387 Move functions and symbols shared between exec.c and exec_pty.c into
4392 Comment out rules to build .man.in and .cat files unless --with-
4397 Comment out rules to build .man.in and .cat files unless --with-
4402 Quote any non-alphanumeric characters other than '_' or '-' when
4403 passing a command to be run via the shell for the -s and -i options.
4407 Add back .man suffix
4410 * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
4411 plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
4412 plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
4413 plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
4415 Add Linux audit support.
4418 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
4420 * plugins/sudoers/iolog.c:
4424 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
4425 plugins/sudoers/sudoreplay.c:
4426 Add -f (filter) option to sudoreplay to allow certain streams to be
4427 replayed and others ignored.
4430 * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
4432 Fix -A flag when askpass is specified in sudo.conf or if sudo
4433 doesn't need to read a password.
4436 * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
4437 src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
4441 * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4442 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
4443 Add support for multiple sudoers_base entries in ldap.conf. From
4447 * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
4449 remove setsid check, we require a POSIX system
4452 * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
4453 src/sudo.c, src/tgetpass.c:
4454 Check for dup2() failure.
4457 * config.h.in, configure, configure.in:
4458 Remove dup2() check, it is not optional.
4461 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
4464 sync with sudo 1.7.3
4468 SunOS does not ship with an ANSI compiler
4472 Update OS specific notes. Delete some really ancient ones and move
4473 older ones to the end of the list.
4477 Sudo can be downloaded from the web site too Mention "OS dependent
4478 notes" section in INSTALL
4481 * src/exec_pty.c, src/selinux.c:
4482 Call selinux_restore_tty() as part of cleanup() so it gets called
4483 from error()/errorx()
4486 * MANIFEST, doc/PORTING:
4487 Remove obsolete porting guide
4490 * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
4491 Move union sudo_in_addr_un into interfaces.h
4495 Remove useless circular dependencies
4498 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
4499 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
4500 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
4501 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
4502 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
4503 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
4504 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
4505 Convert to ANSI C function declarations
4508 * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
4509 common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
4510 compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
4511 compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
4512 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
4513 compat/strlcpy.c, compat/timespec.h, compat/utime.h,
4514 compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
4515 include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
4516 include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
4517 plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
4518 plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
4519 plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
4520 plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
4521 plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
4522 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
4523 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
4524 plugins/sudoers/logging.h, plugins/sudoers/match.c,
4525 plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
4526 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
4527 plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
4528 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
4529 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
4530 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
4531 src/conversation.c, src/error.c, src/load_plugins.c,
4532 src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
4533 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
4534 Update copyright year
4538 Fix commented DEVDOCS when not in devel mode.
4541 * plugins/sudoers/match.c:
4542 Quiet a compiler warning.
4545 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
4546 Quiet a compiler warning.
4549 * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
4550 Make all functions in ldap.c static
4553 * doc/schema.ActiveDirectory:
4554 Updates from Alain Roy to provide better examples for importing the
4555 schema and to fix problems caused by Windows validating attributes
4556 which have not yet been added before committing the changes.
4559 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
4561 * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
4562 doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4563 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4564 doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
4565 doc/visudo.cat, doc/visudo.man.in:
4566 Leave rules to build .man.in and .cat files uncommented but only
4567 make them part of the "all" rule in devel mode. Generate .cat files
4568 directly from .man.in instead of .man using default values in
4572 * configure, configure.in:
4573 Bump sudo version to 1.8.0b1
4576 * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
4577 Print configure args with verbose version information.
4580 * TODO, plugins/sudoers/visudo.c:
4581 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
4582 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
4583 Use tq_append to append sudoers entries to the tail queue.
4586 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
4589 Describe tty timestamp improvements
4592 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4593 A comment character may not be part of a command line argument
4594 unless it is quoted with a backslash. Fixes parsing of:
4595 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
4599 Make this read a little bit better when passwd_timeout is 0.
4602 * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
4603 Attempt to handle a default password prompt timeout of zero more
4607 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4608 Do not override value of keepopen global, instead restore it to the
4609 value we pushed onto the stack when popping.
4612 * plugins/sudoers/Makefile.in:
4613 Add dependency for utility programs on libreplace and libcommon
4616 * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
4617 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
4618 src/exec.c, src/exec_pty.c, src/tgetpass.c:
4619 Remove sigaction emulation Use SA_INTERRUPT in sa_flags
4622 * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
4623 We don't use getgrouplist() at the moment so there's no need to
4624 provide a compat version.
4631 * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
4632 src/conversation.c, src/sudo.h, src/tgetpass.c:
4633 Fix visiblepw sudoers option; the plugin API portion still needs
4638 Print sudo version as well.
4641 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
4642 Use sudo_printf for I/O log version Clarify policy plugin version
4646 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
4647 plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
4648 Silence some compiler warnings
4651 * src/load_plugins.c, src/tgetpass.c:
4652 Store askpass path in a global instead of uses setenv() which many
4656 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
4658 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
4659 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4660 plugins/sudoers/check.c, plugins/sudoers/def_data.c,
4661 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
4662 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
4663 plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
4665 Move askpass path specification from sudoers to sudo.conf.
4668 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
4669 Use a flag bit in struct command_details for selinux instead of a
4673 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
4674 Implement background mode. If I/O logging we use pipes instead of a
4678 * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
4679 src/exec.c, src/exec_pty.c, src/tgetpass.c:
4680 Move compat definition of NSIG to compat.h
4683 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
4684 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4685 Mention plugins in the sudo manual and add some missing path
4686 substitution in the sudo_plugin manual.
4690 Set _PATH_SUDO_CONF based on $(sysconfdir)
4693 * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
4694 src/exec.c, src/exec_pty.c, src/ttysize.c:
4695 Require POSIX termios to build sudo
4699 Ignore SIGPIPE for "sudo -S"
4703 Fix uninitialized variable in TGP_ECHO case and print a newline if
4704 the user interrupted password input.
4708 Make TGP_ECHO override TGP_MASK and don't try to restore the
4709 terminal if we didn't modify it.
4712 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4713 include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
4714 src/conversation.c, src/sudo.h, src/tgetpass.c:
4715 Add SUDO_CONV_PROMPT_MASK define which corresponds to the
4716 "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
4721 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
4724 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4726 * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
4727 Add selinux_enabled flag into struct command_details and set it in
4728 command_info_to_details(). Return an error from selinux_setup()
4729 instead of exiting. Call selinux_setup() from exec_setup().
4732 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
4735 Remove commented out copy of old sudo_execve() function.
4738 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4740 * plugins/sudoers/sudoers.c:
4741 Fix setting selinux type on command line.
4744 * plugins/sudoers/iolog.c:
4745 In sudoers_io_close(), skip NULL io_fds[] elements.
4749 No longer need NGROUPS_MAX define
4752 * compat/nanosleep.c, config.h.in, configure, configure.in,
4753 include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
4754 plugins/sudoers/visudo.c, src/sudo_edit.c:
4755 Replace timerfoo macros with timevalfoo since the timer macros are
4756 known to be busted on some systems.
4760 Remove duplicate call to selinux_setup().
4763 * plugins/sudoers/auth/pam.c:
4764 If pam_open_session() fails, pass its status to pam_end.
4767 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4768 If a file in a #includedir has improper permissions or owner just
4769 skip it. This prevents packages that incorrectly install a file
4770 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
4771 #includedir files still result in a parse error (for now).
4774 * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
4775 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
4776 plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
4777 Add use_pty sudoers option to force use of a pty even when not
4781 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
4782 Make env_init() void as it never fails.
4785 * plugins/sudoers/env.c:
4786 No longer use _NSGetEnviron so don't need crt_externs.h
4789 * plugins/sudoers/env.c:
4790 Remove unused VNULL define
4793 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
4795 * plugins/sudoers/iolog.c:
4796 Add #define for maximum session id
4799 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
4800 Split exec.c into exec.c and exec_pty.c
4804 Sync with source file moves.
4807 * src/Makefile.in, src/get_pty.c, src/pty.c:
4808 Rename pty.c -> get_pty.c
4811 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
4813 * plugins/sudoers/iolog.c:
4814 Only use I/O input log file if def_log_input is set and output file
4815 if def_log_output is set.
4818 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
4820 * compat/strsignal.c:
4821 Update copyright year
4828 * plugins/sudoers/sudoers.c:
4829 For sudoedit, make a local copy of editor string si become part of
4830 argv. If no editor environment variable, split def_editor on ':'
4831 since it may be a colon-delimited path.
4835 Remove unneeded endpwent()/endgrent()
4839 Use value of nroff from configure
4843 Add missing const to I/O log action function
4846 * plugins/sudoers/check.c:
4847 Update copyright year and fix whitespace
4850 * configure, configure.in:
4854 * plugins/sudoers/iolog.c:
4855 Remove redundant tty signal blocking in log function.
4858 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
4860 * plugins/sudoers/iolog.c:
4861 Place static keyword where it belongs
4864 * plugins/sudoers/logging.c:
4865 Always use a printf format string for send_mail()
4868 * common/atobool.c, plugins/sudoers/ldap.c:
4869 Extend atobool() so we can use it in the LDAP code.
4872 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
4873 Sudo now stashes tty ctime for tty_tickets on Solaris too.
4876 * plugins/sudoers/boottime.c:
4877 Fix dummy version of get_boottime()
4880 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
4882 * plugins/sudoers/check.c:
4883 Enable tty_is_devpts() support for Solaris with the "devices"
4888 Unbreak the non-io logging case.
4891 * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
4892 Fix symbol name conflict with sudo_printf.
4895 * plugins/sudoers/auth/pam.c:
4896 Fix OpenPAM detection for newer versions.
4899 * plugins/sudoers/vasgroups.c:
4900 Sync with Quest sudo git repo
4903 * aclocal.m4, configure, configure.in:
4904 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
4905 Add missing template for ENV_DEBUG Adapted from Quest sudo
4909 Fix typos; from Quest Sudo
4912 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
4914 * plugins/sudoers/Makefile.in:
4915 Add back -I$(top_srcdir); we need it for including compat/foo.h
4916 since we cannot rely on "foo.h" being found relative to the source
4917 file when the cwd is different.
4921 Fix a bug where we could treat EAGAIN as a permanent error. Also set
4922 cstat if perform_io() returns an error.
4925 * common/alloc.c, plugins/sudoers/boottime.c,
4926 plugins/sudoers/sudoers.c:
4927 Add casts to quiet compiler warnings.
4930 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4931 plugins/sudoers/visudo.c:
4932 Fix typo in ternary operator usage.
4935 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
4937 * INSTALL, configure, configure.in:
4938 Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
4941 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
4942 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
4943 Update docs to match sudoers I/O logging changes
4946 * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
4947 pathnames.h.in, plugins/sudoers/def_data.c,
4948 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
4949 plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
4950 plugins/sudoers/gram.h, plugins/sudoers/gram.y,
4951 plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
4952 plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
4953 plugins/sudoers/sudoreplay.c:
4954 Break sudoers transcript feature up into log_input and log_output.
4957 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4958 plugins/sudoers/visudo.c:
4959 Use setprogname() as needed.
4962 * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
4963 Adapt sudoreplay to iolog changes.
4966 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
4968 * plugins/sudoers/iolog.c:
4969 Log all input and output into separate files and store a number on
4970 each timing file line to indicate which file the data is in.
4973 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
4974 plugins/sudoers/sudoers.h:
4975 Make sudoers_io functions static to iolog.c
4978 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
4980 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
4981 src/sudo_usage.h.in:
4982 Completely remove the -L flag from the sudo front end.
4985 * plugins/sudoers/sudoreplay.c:
4986 Fix EAGAIN handling when writing to stdout.
4989 * plugins/sudoers/sudoers.c:
4990 Eliminate unused variables
4993 * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
4994 Re-enable cleanup functions in sudoers plugin and sudo driver for
4998 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
4999 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
5000 plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
5001 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
5002 Use sudo_printf to display verbose version information.
5005 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
5006 plugins/sudoers/Makefile.in, src/Makefile.in:
5007 Minor Makefile cleanup: fix a typo, change the removal order in the
5008 clean targets, and remove a superfluous include path for the sudoers
5012 * plugins/sudoers/env.c:
5013 Handle duplicate variables in the environment. For unsetenv(), keep
5014 looking even after remove the first instance. For sudo_putenv(),
5015 check for and remove dupes after we replace an existing value.
5018 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
5020 * plugins/sudoers/Makefile.in:
5021 Use explicit path to source file instead of $< for files that live
5022 in devdir and top_srcdir.
5025 * plugins/sudoers/Makefile.in:
5026 Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
5027 ending LIBSUDOERS_OBJS with a backslash
5030 * plugins/sudoers/Makefile.in, src/Makefile.in:
5031 Link libcommon before libreplace since libcommon may use functions
5032 only present in libreplace.
5035 * common/Makefile.in:
5036 Move code common to sudo and the sudoers plugin to a convenience
5037 library, libcommon. Removes the need to make links in the sudoers
5038 plugin dir and reduces re-compilation of duplicate object files.
5041 * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
5042 common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
5043 common/term.c, common/zero_bytes.c, configure, configure.in,
5044 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
5045 src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
5046 src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
5048 Move code common to sudo and the sudoers plugin to a convenience
5049 library, libcommon. Removes the need to make links in the sudoers
5050 plugin dir and reduces re-compilation of duplicate object files.
5053 * src/exec.c, src/sudo.c, src/sudo.h:
5054 Rename script_execve to sudo_execve and rename script_foo in exec.c
5057 * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
5058 rename script.c exec.c and fix up the MANIFEST file
5061 * src/script.c, src/sudo.c, src/sudo.h:
5062 Rename script_setup() to pty_setup() and call from script_execve()
5066 * configure, configure.in:
5067 bump version to 1.8.0a2
5070 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5071 Document init_session
5074 * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
5075 plugins/sudoers/auth/sudo_auth.h:
5076 Clean up the sudoers auth API a bit and update the docs.
5079 * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
5080 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
5081 plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
5082 Add init_session function to struct policy_plugin that gets called
5083 before the uid/gid/etc changes. A struct passwd pointer is passed
5084 in,which may be NULL if the user does not exist in the passwd
5085 database.The sudoers module uses init_session to open the pam
5089 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
5091 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
5092 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
5093 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5094 Add open/close session to sudo auth, only used by PAM. This allows
5095 us to open (and close) the PAM session from sudoers.
5098 * plugins/sudoers/Makefile.in:
5099 Add explicit rule to build getdate.o for HP-UX make.
5102 * plugins/sudoers/Makefile.in:
5103 Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
5104 rules as an alternate way to prevent HP-UX make (and others) from
5105 trying to rebuild the parser in non-dev mode.
5108 * plugins/sudoers/sudoers.c:
5109 Re-enable PATH_MAX check for command
5113 For distclean, clean the main directory last since the subdirs need
5114 to be able to run libtool to clean things.
5117 * compat/Makefile.in:
5118 Fix generation of mksiglist.h
5122 Now that we defer sending cstat until the end of script_child() we
5123 cannot reuse cstat when reading command status from parent.
5126 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
5128 * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
5129 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
5130 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
5131 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
5132 Use numeric registers to handle conditionals instead of trying to do
5133 it all with text processing.
5137 Document per-command SELinux settings
5140 * plugins/sudoers/sudoers.c:
5141 Repair "sudo -l -U username"
5144 * plugins/sudoers/sudoers.c:
5145 Set selinux role and type in command details.
5148 * src/script.c, src/selinux.c, src/sudo.h:
5149 Rework SELinux support.
5152 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
5154 * src/script.c, src/selinux.c, src/sudo.h:
5155 Make SELinux support compile again. Needs more work to be complete.
5158 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5159 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5160 src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
5162 Bring back closefrom settings.
5165 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
5166 plugins/sudoers/sudoers.h:
5167 If running a command or sudoedit in transcript mode, call
5168 io_nextid() before log_allowed() so the session id is logged.
5171 * configure, configure.in:
5172 Use mandoc(1) if nroff(1) is not present.
5176 Use the --file argument to config.status instead of setting
5177 CONFIG_FILES in the environment.
5180 * plugins/sudoers/Makefile.in:
5181 We cannot conditionally update gram.h or the dependency ordering
5182 gets messed up in devel mode.
5185 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
5187 * Makefile.in, compat/Makefile.in, configure, configure.in,
5188 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5189 plugins/sudoers/Makefile.in, src/Makefile.in:
5190 Substitute @SHELL@ into Makefiles
5197 * config.guess, config.sub, configure, configure.in:
5198 Update to autoconf 2.65
5202 Fix libtool target (space vs. tabs)
5205 * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
5206 Remove use of RETSIGTYPE; all modern systems have signal handlers
5210 * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
5211 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
5212 m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
5213 plugins/sudoers/Makefile.in, src/Makefile.in:
5214 Update to libtool-2.2.6b. I haven't made any local modifications
5215 this time, which should be OK since we install sudo_noexec.so by
5219 * compat/Makefile.in, plugins/sample/Makefile.in,
5220 plugins/sudoers/Makefile.in, src/Makefile.in:
5221 Use libtool to clean objects
5224 * include/Makefile.in:
5225 Install sudo_plugin.h as part of "make install" and make other
5226 install targets callable from the top-level Makefile
5229 * configure, configure.in:
5230 regen with autoupdate to eliminate AC_TRY_LINK
5233 * Makefile.in, compat/Makefile.in, configure, configure.in,
5234 doc/Makefile.in, plugins/sample/Makefile.in,
5235 plugins/sudoers/Makefile.in, src/Makefile.in:
5236 Install sudo_plugin.h as part of "make install" and make other
5237 install targets callable from the top-level Makefile
5240 * plugins/sample/sample_plugin.c:
5241 The sample plugin doesn't support being run with no args so return a
5242 usage error in this case.
5245 * plugins/sudoers/iolog.c:
5246 Set close on exec flag for descriptors used for I/O logging so they
5247 are not present in the command being run.
5250 * plugins/sudoers/tsgetgrpw.c:
5251 Set close on exec flag in private versions of setpwent() and
5256 Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
5257 Fixes extra fds being present in the command when it is part of a
5261 * plugins/sudoers/sudoers.c:
5262 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
5263 is used when logging). Note that user_ttypath will still be NULL if
5267 * src/script.c, src/sudo.h:
5268 Cosmetic changes: add comments, remove orphaned prototype and
5269 make a global static.
5272 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
5275 Move check for maxfd == -1 to flush_output where it belongs.
5279 Break out of select loop if all the fds we want to select on are -1.
5283 Avoid possible malloc(0) if plugin returns an empty groups list.
5287 Add debugging info when calling plugin close function
5291 Avoid closing stdin/stdout/stderr when we are piping output.
5295 When execve() of the command fails, it is possible to receive
5296 SIGCHLD before we've read the error status from the pipe. Re-order
5297 things such that we send the final status at the very end and prefer
5298 error status over wait status.
5301 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
5303 * plugins/sudoers/auth/sudo_auth.c:
5304 Fix compilation for non PAM/BSD auth/AIX auth
5307 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
5310 Additional checks to make sure we don't close /dev/tty by mistake.
5311 When flushing, sleep in select as long as we have buffers that need
5316 Now that we can use pipes for stdin/stdout/stderr there is no longer
5317 a need to error out when there is no tty. We just need to make sure
5318 we don't try to use the tty fd if it is -1.
5321 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
5323 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5324 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5325 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
5326 Add argc and argv to I/O logger open function.
5329 * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
5330 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
5331 src/parse_args.c, src/sudo.c, src/sudo_edit.c:
5332 Remove check_sudoedit function pointer in struct sudo_policy.
5333 Instead, sudo will set sudoedit=true in the settings array. The
5334 plugin should check for this and modify argv_out as appropriate in
5338 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
5340 * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
5342 If plugin sets "sudoedit=true" in the command info, enable sudoedit
5343 mode even if not invoked as sudoedit. This allows a plugin to
5344 enable sudoedit when the user runs an editor.
5347 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
5349 * plugins/sudoers/Makefile.in:
5350 gram.h must not depend on gram.y if we want to avoid unnecessary
5351 rebuilding of targets dependent on gram.h when gram.y changes.
5354 * plugins/sample/sample_plugin.c:
5355 Refactor common bits of check_policy and check_edit
5358 * plugins/sample/sample_plugin.c:
5359 Add sudoedit support
5362 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
5364 * plugins/sudoers/Makefile.in:
5365 Rely more on VPATH; fixes a dependency issue with the parser.
5369 Fix typo introduced in last commit
5373 Emulate seteuid using setreuid() or setresuid() as needed. There are
5374 still a few places that call seteuid() directly.
5377 * src/parse_args.c, src/sudo_edit.c:
5378 Attempt to fix building on systems that only have setuid.
5381 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5382 Clarify sudoedit a tad.
5385 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
5388 Fix compilation on HP-UX
5391 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5395 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
5396 Change how we handle the sudoedit argv. We now require that there
5397 be a "--" in argv to separate the editor and any command line
5398 arguments from the files to be edited.
5401 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5402 plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
5403 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
5404 src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
5405 src/sudo.h, src/sudo_edit.c:
5406 Work in progress support for sudoedit. The actual interface used by
5407 the plugin for sudoedit is likely to change.
5410 * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
5411 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
5412 Make find_path() a little more generic by not checking def_foo
5413 variables inside it. Instead, pass in ignore_dot as a function
5417 * plugins/sudoers/env.c:
5418 Add version of getenv(3) that uses our own environ pointer.
5421 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
5424 Avoid a potential race condition if SIGCHLD is received immediately
5425 before we call select().
5428 * plugins/sudoers/sudoers.c:
5429 Call env_init() before we open the sudoers sources as those may call
5430 our setenv() replacement.
5433 * plugins/sudoers/env.c:
5434 Initialize env_len in env_init()
5437 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
5439 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
5440 Document time stamp shortcomings under SECURITY NOTES Use "time
5441 stamp" instead of timestamp.
5445 Make sed substitution of mansectsu and mansectform global.
5448 * plugins/sudoers/check.c:
5449 If the tty lives on a devpts filesystem, stash the ctime in the tty
5450 ticket file, as it is not updated when the tty is written to. This
5451 helps us determine when a tty has been reused without the user
5452 authenticating again with sudo.
5456 Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
5457 is what our compat checks set.
5460 * configure, configure.in:
5461 Add check for whether sudo need to link with -ldl to get dlopen().
5462 This is a bit of a hack that will get reworked when libtool is
5466 * plugins/sudoers/check.c:
5467 Fix timestamp removal with -k/-K
5470 * plugins/sudoers/Makefile.in:
5471 audit.c is now private to the sudoers plugin
5474 * configure, configure.in:
5475 Link with -lpthread on HP-UX since a plugin may be linked with
5476 -lpthread and dlopen() will fail if the shared object has a
5477 dependency on -lpthread but the main program is not linked with it.
5480 * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
5481 Add separate test for getresuid() since HP-UX has setresuid() but no
5486 Remove errant backslash
5490 Fix SIGPIPE handling. Now that we use may use pipes for
5491 stdin/stdout we need to pass any SIGPIPE we receive to the running
5496 Also start the command in the background if stdin is not a tty.
5499 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
5501 * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
5502 No need to use pseudo-cbreak mode now that we use pipes when stdout
5503 is not a tty. Instead, check whether stdin is a tty and if not,
5504 delay setting the tty to raw mode until the command tries to access
5505 it itself (and receives SIGTTIN or SIGTTOU).
5509 Use an array for signals received instead of a single variable so we
5510 don't lose any when there are multiple different signals.
5514 Do signal setup after turning off echo, not before. If we are using
5515 a tty but are not the foreground pgrp this will generate SIGTTOU so
5516 we want the default action to be taken (suspend process).
5519 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
5522 Flush the iobufs on suspend or child exit using the same logic as
5523 the main event loop.
5527 Free memory after we are done with it.
5530 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
5533 Quest now sponsors Sudo development
5536 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
5539 Install sudo_plugin man page.
5543 Go back to reseting io_buffer offset and length (and now also the
5544 EOF handling) in the loop we do the FD_SET, not after we drain the
5545 buffer after write() since we don't know what order reads and writes
5550 audit files moved to sudoers plugin directory
5553 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5554 Document plugin_printf and new logging functions.
5558 Add support for logging stdin when it is not a tty. There is still a
5559 bug where "cat | sudo cat" has problems because both cat and sudo
5560 are trying to read from the tty.
5563 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5564 plugins/sudoers/sudoers.c, src/script.c:
5565 Add separate I/O logging functions for tty in/out and
5566 stdin/stdout/stderr. NOTE: stdin logging does not currently work and
5567 is disabled for now.
5570 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
5572 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5573 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
5574 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
5575 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5576 src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
5577 Add pointer to a printf like function to plugin open functon. This
5578 can be used instead of the conversation function to display info and
5583 Stop if make in a subdir fails
5587 Only set user's tty to blocking mode when doing the final flush.
5588 Flush pipes as well as pty master when the process is done.
5591 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
5593 * plugins/sudoers/ldap.c:
5594 Use print_error() when displaying ldap config info in debugging
5598 * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
5599 No longer need strdup() or strndup() replacements.
5602 * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
5603 plugins/sudoers/sudoers.h:
5604 Add print_error() function that uses the conversation function to
5605 print a variable number of error strings and use it in log_error().
5608 * src/script.c, src/sudo.h, src/term.c:
5609 Do not need the opost flag to term_copy() now that we use pipes for
5610 stdout/stderr when they are not a tty.
5614 Use pipes to the sudo process if stdout or stderr is not a tty.
5615 Still needs some polishing and a decision as to whether it is
5616 desirable to add additonal entry points for logging
5617 stdout/stderr/stdin when they are not ttys. That would allow a
5618 replay program to keep things separate and to know whether the
5619 terminal needs to be in raw mode at replay time.
5622 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
5624 * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
5625 plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
5626 src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
5627 Move audit sources into the sudoers plugin dir; the driver does not
5631 * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
5632 compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
5633 plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
5634 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
5635 plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
5636 src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
5637 src/term.c, src/ttysize.c:
5638 Use angle brackets when including headers that can only be found
5639 when an -I flag is specified. The files in the compat dir could get
5640 away with double quotes here but I've converted all the source files
5641 to use angle brackets for consistency.
5644 * plugins/sudoers/Makefile.in:
5645 Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
5646 dir can be found when building outside the source tree.
5649 * plugins/sudoers/Makefile.in:
5650 Clean up links in distclean
5653 * plugins/sudoers/Makefile.in:
5654 Hack around VPATH semantic differences by symlinking files we need
5655 from ../../src into the current directory and build those. A better
5656 fix would be to either make a .a or .la file with those files in it
5657 or simply use a single, flat, Makefile instead of per-subdirs
5661 * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
5662 fmt_string is used by the sudoers plugin too so do not include
5663 sudo.h (which is not really needed here anyway)
5666 * compat/Makefile.in, plugins/sample/Makefile.in,
5667 plugins/sudoers/Makefile.in, src/Makefile.in:
5668 Fix building with non-BSD versions of make such as GNU make.
5669 Requires VPATH support, which should be in any non-neolithic make.
5672 * configure, configure.in, plugins/sudoers/Makefile.in,
5673 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
5675 Re-enable bsm audit. Currently auditing is done within the sudoers
5676 plugin itself. If possible, this should really be done in the main
5677 driver but we don't presently have the needed data to do that. This
5678 will be re-evaluated when Linux audit support is added.
5681 * compat/Makefile.in, plugins/sample/Makefile.in,
5682 plugins/sudoers/Makefile.in, src/Makefile.in:
5683 Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
5684 of explicit rules in the dependency.
5687 * plugins/sudoers/visudo.c:
5688 Fix mismerge; alias_remove_recursive() now returns int
5691 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
5693 * plugins/sudoers/visudo.c:
5694 Fix a crash when checking a sudoers file that has aliases that
5695 reference themselves. Based on a diff from David Wood.
5699 Print signal info after restoring the tty mode, not before.
5703 Defer call to alarm() until after we fork the child. Pass correct
5704 pid to terminate_child() If the command exits due to signal, set
5705 alive to false like we do when it exits normally. Add missing
5706 check for errpipe[0] != -1 before using it in FD_ISSET
5709 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
5711 * plugins/sudoers/boottime.c:
5712 Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
5715 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
5718 Simplify dependencies by using .c.o and .c.lo rules.
5721 * configure, configure.in, plugins/sudoers/Makefile.in,
5723 Substitute in @PROGS@ into src/Makefile to add sesh
5726 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
5728 * plugins/sudoers/sudoers.c:
5729 Add back calls to log_denial() if sudoers does not allow the
5733 * plugins/sudoers/sudoers.c:
5734 Pass in correct pwflag for list and validate.
5737 * plugins/sudoers/env.c:
5738 Add missing check for NULL in validate_env_vars
5742 Add sudo_noexec.la to "all" target, otherwise it only gets built at
5746 * plugins/sudoers/sudoers.c:
5747 Only set sudo_user.env_vars if the env_add list is empty.
5750 * plugins/sudoers/sudoers.c:
5751 Set sudo_user.env_vars so that environment variables specified on
5752 the command line get logged correctly.
5755 * plugins/sudoers/env.c, plugins/sudoers/logging.c,
5756 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5757 Re-enable environment files and setting environment variables on the
5761 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
5763 * plugins/sudoers/check.c:
5764 Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
5765 a pointer to time_t as tv_sec in struct timeval may be long.
5768 * plugins/sudoers/check.c:
5769 Don't stash ctime in on-disk tty ticket info for now; on many
5770 (most?) systems the ctime is updated when the tty is written to.
5771 Once I have a better idea of what systems do not update ctime on
5772 ttys (and have a way to test for this) the ctime stash will be
5773 conditionally re-enabled.
5776 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
5778 * MANIFEST, Makefile.in:
5779 Add back "dist" target, this time using a MANIFEST file
5783 Remove Makefile in distclean target
5786 * Makefile.in, src/Makefile.in:
5787 Update clean and cleandir targets
5790 * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
5792 Move fileops.c defines and prototypes to filesops.h
5795 * plugins/sudoers/check.c:
5796 Lock the tty timestamp when writing. We shouldn't have to lock when
5797 reading since the file is updated via a single write system call.
5800 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
5802 * plugins/sudoers/alias.c, plugins/sudoers/check.c,
5803 plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
5804 plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
5805 plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
5806 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
5807 plugins/sudoers/logging.c, plugins/sudoers/match.c,
5808 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
5809 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
5810 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
5811 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
5812 plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
5813 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
5814 Convert to ANSI C function declarations
5817 * plugins/sudoers/sudoers.h:
5818 Remove extraneous bits and classify by source file.
5822 Add timercmp macro for systems without it
5825 * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
5826 plugins/sudoers/sudoers.h:
5827 get_boottime() now fills in a timeval struct
5830 * plugins/sudoers/check.c:
5831 Store info from stat(2)ing the tty in the tty ticket when tty
5832 tickets are in use. On most systems, this closes the loophole
5833 whereby a user can log out of a tty, log back in and still have the
5837 * config.h.in, configure.in:
5838 Add timespec2timeval and use it when getting ctime/mtime
5841 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
5843 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
5844 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5845 plugins/sudoers/testsudoers.c:
5846 Convert perm setting to push/pop model; still needs some work Use
5847 the stashed runas groups instead of using getgrouplist() Reset perms
5848 to the initial value on error
5851 * config.h.in, configure.in:
5852 fix ctim_get and mtim_get macros
5855 * config.h.in, configure, configure.in, include/compat.h,
5856 plugins/sudoers/check.c, plugins/sudoers/gettime.c,
5857 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
5858 Use timeval directly instead of converting to timespec when dealing
5859 with file times and time of day.
5862 * plugins/sudoers/Makefile.in:
5863 Don't like sudoreplay with libsudoers.la due to a yacc symbol
5867 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
5869 * configure, configure.in:
5870 Darwin >= 9.x has real setreuid(2)
5873 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
5875 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
5879 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
5880 plugins/sudoers/sudoers.h:
5881 Remove remaining references to the environ pointer.
5884 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
5886 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
5887 Don't change the environ directly in the sudoers plugin
5890 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
5892 * plugins/sudoers/sudoers.c:
5896 * plugins/sudoers/alias.c:
5897 Fix use after free in error message when a duplicate alias exists.
5900 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
5902 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5904 Add a "noninteractive" boolean to the settings passed in to the
5905 plugin's open function that is set when the user specifies the -n
5909 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
5910 Add workaround for the lack of the environ pointer on Mac OS X in
5911 dlopen()ed modules. Use of environ in the sudoers plugin should
5912 ultimately be removed but this will do for the moment.
5915 * plugins/sudoers/visudo.c:
5916 Set errorfile to the sudoers path if we set parse_error manually.
5917 This prevents a NULL dereference in printf() when checking a sudoers
5918 file in strict mode when alias errors are present.
5921 * plugins/sudoers/sudoers.c:
5922 Main sudo no longer print "unable to execute" on exec failure so do
5926 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
5929 Use a pipe to pass back errno to the parent if execve() fails. If we
5930 get an error in script_child(), kill the command and exit.
5933 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5934 src/parse_args.c, src/sudo.c:
5935 Handle plugin's open function returning -2 (usage error).
5939 If execve() fails, leave it to the plugin to print an error string.
5943 If execve fails in logging mode, pass the errno directly to the
5944 grandparent on the backchannel and exit. The immediate parent will
5945 get SIGCHLD and try to report that status but its parent will no
5946 longer be listening. It would probably be cleaner to pass this over
5947 a pipe in script_child().
5950 * plugins/sudoers/sudoers.c:
5951 Don't override rval with results of check_user() unless it failed.
5954 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
5956 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5961 NULL-terminate env_add
5964 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
5967 Call the I/O log open function before the I/O version function.
5970 * plugins/sudoers/iolog.c:
5971 Remove io_conv and just use sudo_conv
5974 * plugins/sudoers/set_perms.c:
5975 Fix set/restore perms for systems w/o setresuid
5978 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
5980 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
5981 plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
5982 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5983 Primitive set/restore permissions. Will be replaced by a push/pop
5988 Only need to take action on SIGCHLD in parent if no I/O logger. If
5989 there is an I/O logger we will receive ECONNRESET or EPIPE when we
5990 try to read from the socketpair.
5993 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
5995 * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
5996 doc/sudoers.pod, plugins/sudoers/find_path.c:
5997 Merge fb4d571495fa from the 1.7 branch to trunk.
6000 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
6003 Don't set SA_RESTART when registering SIGALRM handler. Do set
6004 SA_RESTART when registering SIGWINCH handler.
6008 Add dev targets for *.man.in and *.cat that don't specfify the
6013 If log_input or log_output returns false, terminate the command.
6017 Better signal handling. Instead of using a single variable to store
6018 the received signal, use an array so we can't lose a signal when
6019 multiple are sent. Fix process termination by SIGALRM in non-I/O
6020 logger mode. Fix relaying terminal signals to the child in non-I/O
6025 Fix a race between when we get the child pid in the parent and when
6026 the child process exits. The problem exhibited as a hang after a
6027 short-lived process, e.g. "sudo id" when no IO logger was enabled.
6030 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
6032 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6033 Add a note about the security implications of the fast_glob option.
6036 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
6038 * config.h.in, configure, configure.in:
6039 Fix up some AC_DEFINE descriptions and regen config.h.in
6042 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
6044 * include/missing.h:
6045 No longer check for strdup or strndup for LIBOBJ replacement.
6049 Avoid installing signal handlers that are io-logger specific. Fixes
6050 job control when no io logger is enabled.
6054 Only regen man pages from pod when configured with --with-devel
6057 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
6059 * Makefile, Makefile.in, configure, configure.in:
6060 Top-level Makefile.in. Nothing is currently substituted but this is
6061 needed for separate build dirs.
6064 * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
6065 plugins/sudoers/Makefile.in, src/Makefile.in:
6066 Fix out-of-tree builds
6073 We always install sudoreplay in 1.8
6076 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
6078 * compat/siglist.in:
6079 SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
6082 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
6084 * configure, configure.in:
6085 No need to provide strdup() or strndup(), sudo uses estrdup() and
6089 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
6091 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
6092 Free str after using it in the version method. Use sudo_conv, not
6093 io_conv since we don't have the IO conversation function pointer in
6094 the I/O version method anymore now that io_open is delayed.
6097 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
6099 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
6101 Add license to mksiglist.c and note that the bits from pdksh are
6105 * compat/Makefile.in:
6106 Fix LIBOBJDIR vs. srcdir wrt the siglist bits
6109 * plugins/sudoers/Makefile.in:
6110 Add sudoreplay testsudoers and visudo to clean target
6113 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
6114 compat/siglist.in, compat/strsignal.c, configure, configure.in,
6115 include/missing.h, src/script.c:
6116 Create our own sys_siglist for systems without it for use by
6120 * compat/Makefile.in:
6121 Remove duplicate $(LIBOBJDIR)
6124 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
6126 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
6127 Main sudo should not block signals; the plugin should do this in
6131 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
6134 Fix a sizeof(ptr) vs. sizeof(*ptr)
6138 Unlike most operating systems, HP-UX select() is not interrupted by
6139 SIGCHLD when the signal is registered with SA_RESTART. If we clear
6140 SA_RESTART when calling sigaction() for SIGCHLD we get the expected
6141 behavior and the code in the select() loops already handles EINTR
6145 * compat/getprogname.c:
6146 progname should be const
6149 * plugins/sudoers/Makefile.in:
6150 Move --tag=disable-static to when we link sudoers.la, not when we
6154 * src/load_plugins.c:
6155 Load the sudoers I/O plugin by default too now that it is hooked up.
6158 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
6161 It looks like AIX doesn't need to push STREAMS modules for ptys.
6164 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
6166 * src/parse_args.c, src/sudo.c:
6167 Delay calling the I/O plugin open function until the policy plugin
6171 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
6173 * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
6174 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
6175 plugins/sudoers/sudoers.h:
6176 Add back io logging (transcript) support. Currently, the open
6177 function runs too early and it is not possible to use the io module
6178 independently of the policy module.
6181 * plugins/sudoers/set_perms.c:
6182 Comment out dead code; will be removed when set_perms is rewritten.
6185 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
6187 * plugins/sudoers/sudoers.c:
6188 Fix off by one error when allocating user_groups.
6191 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
6193 * configure, configure.in, plugins/sudoers/Makefile.in:
6194 Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
6197 * plugins/sudoers/sudoers.c:
6198 Fix typo in preserve groups case
6201 * plugins/sudoers/sudoers.c:
6202 In command_info it is "runas_groups" not "groups".
6206 Fix iteration over runas_groups list.
6209 * configure, configure.in, plugins/sudoers/env.c,
6210 plugins/sudoers/match.c, src/script.c:
6211 Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
6214 * compat/getgrouplist.c:
6215 getgrouplist(3) for those without it
6218 * plugins/sudoers/sudoers.c:
6219 Set preserve_groups or groups list in command_info
6223 Fix setting of groups list
6226 * config.h.in, configure, configure.in, include/compat.h,
6228 Add checks for getgrset and getgrouplist and use replacement
6229 getgrouplist if the system doesn't support it.
6233 Pass in preserve_groups when the -P flag is specified as per the
6237 * plugins/sudoers/sudoers.c:
6238 Check preserve_groups and ignore_ticket args with atobool instead of
6239 assuming they are true if present.
6242 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
6244 * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
6245 plugins/sudoers/plugin_error.c:
6246 Rename plugin-specific error.c to plugin_error.c Wire up visudo,
6247 sudoreplay and testsudoers in the build
6250 * src/Makefile.in, src/term.c:
6251 term.c does not needto include sudo.h
6254 * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
6255 doc/sudo_plugin.pod:
6256 Document the -2 return in the check_policy section too
6259 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6260 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6261 src/parse_args.c, src/sudo.c, src/sudo.h:
6262 Fix the -s and -i flags and add support for the "implied_shell"
6263 option. If the user does not specify a command, sudo will now pass
6264 in the path to the user's shell and set impied_shell=true. The
6265 plugin can them either check the command normally or return -2 to
6266 cause sudo to print a usage message and exit.
6269 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
6271 * config.h.in, configure, configure.in, src/load_plugins.c:
6272 Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
6273 Darwin where libraries end in .dylib but modules end in .so
6276 * plugins/sudoers/parse.c:
6277 Better prefix determination now that we can't rely on len==0 to tell
6278 the beginning on an entry.
6281 * plugins/sudoers/ldap.c:
6282 display_bound_defaults() stub should return 0, not 1 since it is a
6283 count, not a boolean.
6286 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6287 Document progname in settings
6290 * compat/getprogname.c, include/compat.h,
6291 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
6292 src/parse_args.c, src/sudo.c:
6293 Rewrite compat/getprogname.c and add setprogname(). The progname is
6294 now passed to the plugin via the settings array.
6297 * configure, configure.in, plugins/sudoers/Makefile.in:
6301 * plugins/sudoers/sudo_nss.c:
6302 Add missing whitespace for Runas and Command-specific defaults
6305 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
6306 plugins/sudoers/sudo_nss.c:
6307 Use embedded newlines in lbuf instead of multiple calls to
6312 Add support for embedded newlines.
6315 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
6317 * compat/getprogname.c:
6318 If system doesn't support getprogname or __programe and we are
6319 building a shared object don't bother with Argc/Argv, just return
6323 * config.h.in, configure, configure.in, src/load_plugins.c:
6324 Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
6325 appears to always install a shared object with the .so suffix.
6328 * compat/Makefile.in, configure, configure.in,
6329 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
6331 Play more nicely with libtool and let it build libreplace (was
6335 * include/missing.h:
6336 Include stdarg.h for va_list rather than requiring all consumers of
6337 missing.h to include stdarg.h themselves.
6340 * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
6341 plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
6342 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
6344 Pass in output function to lbuf_init() instead of writing to stdout.
6345 A side effect is that the usage info can now go to stderr as it
6349 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
6351 * include/lbuf.h, plugins/sudoers/sudo_nss.c,
6352 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
6353 src/parse_args.c, src/sudo.c:
6354 Use number of tty columns that is passed in user_info instead of
6355 getting it directly in the lbuf code.
6358 * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
6359 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6360 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
6361 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6362 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
6363 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
6364 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
6365 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
6366 plugins/sudoers/logging.h, plugins/sudoers/match.c,
6367 plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
6368 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
6369 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
6370 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
6371 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6372 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6373 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
6374 plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
6375 plugins/sudoers/visudo.c:
6379 * config.h.in, configure, configure.in, src/load_plugins.c:
6380 Set the sudoers plugin name in configure so we get the extension
6384 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6385 Document lines/cols in user_info
6388 * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
6389 Add tty size to user info
6393 Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
6396 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
6398 * plugins/sudoers/sudoers.c:
6399 Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
6400 out if we fail to lookup the user's name that is passed in
6403 * plugins/sudoers/error.c:
6404 Pass the error value back via siglongjmp.
6407 * plugins/sudoers/check.c:
6408 Use conversation function for lecture.
6411 * plugins/sudoers/check.c:
6412 Don't update ticket file if verify_user returns FALSE.
6415 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
6417 * plugins/sudoers/sudoers.c, src/sudo.c:
6418 Wire up invalidate and validate methods for sudoers
6421 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
6422 plugins/sudoers/sudoers.h:
6423 Add support for -k flag with a command.
6427 Allow -k to be specified with a command.
6430 * plugins/sudoers/sudoers.c:
6434 * plugins/sudoers/error.c:
6435 Add newline at the end of message and space after the colon in
6439 * plugins/sudoers/auth/sudo_auth.c:
6440 Add missing newline after pass password warning
6443 * plugins/sudoers/sudoers.c:
6444 Set user_groups and user_ngroups based on user_info
6447 * plugins/sudoers/error.c:
6451 * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
6452 Make _warning in error.c use the conversation function and remove
6453 commented out warning/warningx in sudoers.c.
6456 * plugins/sudoers/logging.c:
6457 Use siglongjmp() in log_error for fatal errors
6460 * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
6461 Quiet a libtool warning
6465 Build sudoers plugin
6468 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
6469 Use warningx in yyerror() so the conversation function gets used
6470 when built as part of sudoers.
6473 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
6475 * plugins/sudoers/auth/pam.c:
6476 Rename sudo_conv to conversation to avoid a namespace conflict.
6479 * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
6480 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6481 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
6482 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6483 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6484 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6485 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
6486 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
6487 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6488 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6489 plugins/sudoers/env.c, plugins/sudoers/error.c,
6490 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
6491 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
6492 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
6493 plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
6494 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
6495 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
6496 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
6497 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
6498 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
6499 plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
6500 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
6501 Initial bits of sudoers plugin; still needs work.
6505 Add HAVE_STRDUP and HAVE_STRNDUP
6508 * compat/Makefile.in, configure, configure.in:
6509 Build libmissing in two flavors (one PIC one non-PIC) and link with
6510 the appropriate one.
6513 * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
6514 compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
6515 Build libmissing in two flavors (one PIC one non-PIC) and link with
6516 the appropriate one.
6519 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
6521 * include/missing.h:
6522 Add strdup and strndup and fix strsignal
6525 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
6527 * compat/strdup.c, compat/strndup.c, configure, configure.in,
6528 plugins/sample/Makefile.in, src/Makefile.in:
6529 Add strdup and strndup to compat
6532 * plugins/sample/sample_plugin.c:
6533 Need to include compat.h before missing.h
6536 * compat/strsignal.c:
6537 Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
6538 it doesn't exist configure will set it to 0.
6542 Fix botched ANSI C coversion of globexp2()
6545 * configure, configure.in:
6546 Remove redundant getgroups check
6549 * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
6550 Require either termios or termio, no more sgtty.
6553 * compat/strsignal.c, config.h.in, configure, configure.in:
6554 Change the sys_siglist check to use AC_CHECK_DECLS and also check
6555 for _sys_siglist and__sys_siglist
6558 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
6560 * configure, configure.in, src/Makefile.in:
6561 Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
6562 use SUDO_OBJS for the main driver as part of OBJS.
6565 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6566 Mention in the conversation function section that a newline is not
6571 Add definition of WCOREDUMP for systems without it. This is known
6572 to work on AIX and SunOS 4, but may be incorrect on other systems
6573 that lack WCOREDUMP.
6576 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
6578 * plugins/sample/sample_plugin.c, src/conversation.c:
6579 conversation function no longer puts a newline at the end of info or
6583 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
6586 Use parent process group id instead of parent process id when
6587 checking foreground status and suspending parent. Fixes an issue
6588 when running commands under /usr/bin/time and others.
6591 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
6594 transcript option is now --with not --enable
6597 * plugins/sample/sample_plugin.c:
6598 Add support to -u and -g flags Check fmt_string retval Add timeout
6599 for debugging purposes
6602 * src/script.c, src/sudo.c:
6603 Wire up SIGALRM handler Set close on exec flag for child side of the
6604 socketpair Fix signal handling when not doing I/O logging
6608 g/c unused SIGCHLD handler
6611 * src/fmt_string.c, src/parse_args.c, src/sudo.c:
6612 Don't use emalloc() in fmt_string(); we want to be able to use it
6617 tq_remove not list_remove
6620 * configure, configure.in:
6621 AUTH_OBJS should contain .lo files not .o files.
6624 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
6627 Simplify conversion of command line args to name=value pairs.
6630 * plugins/sample/sample_plugin.c:
6631 Handle NULL reply from conversation function
6635 Don't depend on emalloc/erealloc
6638 * plugins/sample/Makefile.in:
6639 Use $(OBJS) instead of sample_plugin.lo
6642 * plugins/sample/sample_plugin.c:
6643 runas_user is in settings not user_info
6647 Fix a mismatch between sudo_settings and settings_pairs that causes
6648 some settings to get the wrong values.
6651 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
6653 * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
6654 src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
6655 src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
6659 * src/load_plugins.c:
6660 Fix strlcpy() return value check.
6663 * INSTALL, configure, configure.in:
6664 No longer need to substitute in script.o and pty.o; I/O logging
6665 support is always built.
6668 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
6671 Add fallback to /bin/sh when execve() fails with ENOEXEC.
6674 * include/alloc.h, src/alloc.c:
6678 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
6680 * src/script.c, src/sudo.c:
6681 Refactor script_execve() a bit so that it can be used in non-script
6682 mode. Needs more cleanup.
6686 Ignore empty entries in command_info list
6689 * include/list.h, src/list.c:
6693 * src/conversation.c:
6694 Pass timeout to tgetpass()
6698 Add ChangeLog target
6702 Bump version and update things slightly for sudo 1.8.0
6705 * configure, configure.in:
6706 Sudo now requires an ANSI/ISO C compiler
6709 * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
6714 * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
6715 include/list.h, include/missing.h:
6719 * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
6720 compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
6721 compat/getprogname.c, compat/glob.c, compat/glob.h,
6722 compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
6723 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
6724 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
6725 compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
6730 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
6732 * src/sudo.c, src/tgetpass.c:
6733 Make user_details extern so tgetpass can get at the uid and gid. Set
6734 uid/gid to user before executing askpass program. Check environment
6735 for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
6736 set the askpass program itself
6740 No longer need sudo_usage.h in sudo.c
6743 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
6744 doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
6745 src/sudo_usage.h.in:
6746 Document -D level command line flag which maps to the debug_level
6750 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6751 Document debug_level in plugin doc. Still need to document the -D
6752 flag in sudo itself.
6755 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
6757 * plugins/sample/sample_plugin.c:
6758 include missing,h for vasprintf
6761 * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
6762 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6763 Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
6766 * plugins/sample/sample_plugin.c:
6767 Need to include limits.h
6774 * plugins/sample/Makefile.in, src/Makefile.in:
6775 Add missing compat bits
6778 * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
6779 compat files should not include sudo.h wire up compat in sample
6783 * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
6784 Fix up compat dependencies. Fix distclean target in doc/Makefile.in
6787 * configure, configure.in:
6791 * plugins/sample/sample_plugin.c:
6792 Log input and output to temp files for proof of concept.
6795 * Makefile, configure, configure.in, doc/Makefile.in:
6796 Add doc Makefile.in and wire it up
6800 Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
6801 suspending a shell with the "suspend" builtint.
6805 In child, handle parent side of the pipe going away.
6809 No longer need to check for explicit death of the child (process #2)
6810 since if it dies we will get EPIPE from the socketpair. Fix a
6811 sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
6816 Make sudo_debug do a single vfprintf() which will result in a single
6817 write call on most systems. Avoids problems with interleaved debug
6818 printf from different processes. Also remove an extraneous error
6819 case since recv() can't return a short read and add some more XXX.
6822 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
6825 Fix uninitialized variable.
6829 Fix sudo install target
6832 * src/parse_args.c, src/sudo.c, src/sudo.h:
6840 * configure, configure.in:
6841 Fix setting of plugin dir
6849 Add missing source for sudo front end
6852 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
6853 Sample plugin demonstrating the sudo plugin API
6856 * Makefile, configure, configure.in, install-sh, pathnames.h.in,
6857 plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
6858 src/fileops.c, src/fmt_string.c, src/load_plugins.c,
6859 src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
6860 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
6862 Modular sudo front-end which loads policy and I/O plugins that do
6863 most the actual work. Currently relies on dynamic loading using
6864 dlopen(). See doc/plugin.pod for the plugin API.
6867 * doc/plugin.pod, include/sudo_plugin.h:
6871 * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
6872 compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
6873 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
6874 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
6875 src/fileops.c, src/sudo_edit.c:
6876 Replace emul/include.h with compat/include.h to match new source
6881 Include missing.h for memrchr() proto
6884 * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
6885 TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
6886 alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
6887 auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
6888 auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
6889 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
6890 auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
6891 closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
6892 compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
6893 compat/getline.c, compat/getprogname.c, compat/glob.c,
6894 compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
6895 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
6896 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
6897 compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
6898 compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
6899 def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
6900 doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
6901 doc/license.pod, doc/sample.pam, doc/sample.sudoers,
6902 doc/sample.syslog.conf, doc/schema.ActiveDirectory,
6903 doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
6904 doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
6905 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
6906 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
6907 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
6908 doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
6909 emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
6910 error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
6911 getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
6912 gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
6913 include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
6914 include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
6915 ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
6916 interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
6917 list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
6918 mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
6919 nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
6920 plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
6921 plugins/sudoers/alias.c, plugins/sudoers/auth/API,
6922 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6923 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
6924 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6925 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6926 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6927 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
6928 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
6929 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6930 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
6931 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
6932 plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
6933 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
6934 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
6935 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
6936 plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
6937 plugins/sudoers/gram.c, plugins/sudoers/gram.h,
6938 plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
6939 plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
6940 plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
6941 plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
6942 plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
6943 plugins/sudoers/logging.c, plugins/sudoers/logging.h,
6944 plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
6945 plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
6946 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
6947 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
6948 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
6949 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6950 plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
6951 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6952 plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
6953 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
6954 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
6955 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
6956 plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
6957 sample.pam, sample.sudoers, sample.syslog.conf,
6958 schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
6959 selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
6960 src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
6961 src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
6962 src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
6963 src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
6964 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
6965 sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
6966 sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
6967 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
6968 sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
6969 sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
6970 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
6971 tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
6972 visudo.man.in, visudo.pod, zero_bytes.c:
6973 Rework source layout in preparation for modular sudo.
6976 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
6978 * Avoid a duplicate fclose() of the sudoers file.
6981 * Fix size arg when realloc()ing include stack. From Daniel Kopecek
6984 * Use setrlimit64(), if available, instead of setrlimit() when setting
6985 AIX resource limits since rlim_t is 32bits.
6988 * Fix use after free when sending error messages. From Timo Juhani
6992 * ChangeLog, Makefile.in:
6993 Generate the ChangeLog as part of "make dist" instead of having it
6997 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
6999 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
7000 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
7001 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
7002 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
7003 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
7004 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
7005 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
7006 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
7007 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
7008 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
7009 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
7010 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
7011 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
7012 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
7013 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
7014 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
7015 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
7016 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
7017 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
7018 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
7019 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
7020 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
7021 Remove CVS $Sudo$ tags.
7024 2010-01-18 convert-repo <convert-repo>
7030 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
7033 make this match sudoers SYNOPSIS
7037 Print a newline between Runas and Command-specific defaults in sudo
7042 Use SET and CLR macros in term_raw
7046 Set stdin to non-blocking mode early instead of in check_input. Use
7047 term_raw instead of term_cbreak since the data we get has already
7048 been expanded via OPOST.
7051 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
7054 Enable/disable all postprocessing instead of just nl->crnl
7055 processing since things like tab expansion matter too. However, if
7056 stdout is a tty leave postprocessing on in the pty since we run into
7057 problems doing it only on the real stdout with .e.g nvi.
7060 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
7063 If tty_tickets is enabled and there is no tty, prompt for a
7064 password. Do not lecture user for "sudo -k command" if user has a
7069 Document missing options: --with-efence and --with-bsm-audit
7072 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
7073 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
7074 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
7075 visudo.man.in, visudo.pod:
7076 username -> user name groupname -> group name hostname -> host name
7079 * INSTALL, README.LDAP, sudoers.pod:
7080 filename -> file name like the rest of the docs
7083 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
7086 Fix printing of entries with multiple host entries on a single line.
7089 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
7092 Mention that targetpw affects the timestamp file name.
7095 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
7097 Add compress_transcript option.
7100 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
7102 * configure, configure.in:
7106 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
7107 Better split of membership vs. traditional group check in
7108 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
7111 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
7114 Fix pasto and add default return value.
7117 * check.c, match.c, pwutil.c, sudo.h:
7118 refactor group member checking into user_in_group()
7121 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
7123 Add support for mbr_check_membership() as present in darwin.
7126 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
7129 Rename label to be accurate
7132 * Makefile.in, boottime.c, check.c, config.h.in, configure,
7133 configure.in, sudo.h:
7134 Treat timestamp files from before we booted as old. Idea from and
7138 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
7140 * sudo.c, sudo.pod, sudo_usage.h.in:
7141 Allow the -u flag to be used in conjunction with the -v flag as per
7142 older versions of sudo.
7146 fix typo in last commit
7149 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
7152 Convert fmt_first and fmt_confd into macros.
7156 timeouts can be floats now
7159 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
7160 defaults.h, mkdefaults:
7161 Add support for floating point timeout values (e.g. 2.5 minutes).
7164 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
7167 The -L flag will be removed in sudo 1.7.4
7170 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
7173 Fix a bug due to order of operators.
7176 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
7179 cmnd_matches() already deals with negation so _cmndlist_matches()
7180 does not need to do so itself. Fixes a bug with negated entries in
7184 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
7187 Don't exit() from open_sudoers, just return NULL for all errors.
7191 Can't rely on the shell sending us SIGCONT when transitioning from
7192 backgroup to foreground process.
7196 Add missing extern def for parse_error
7199 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
7202 Avoid a parse error when #includedir doesn't find any files. Closes
7207 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
7210 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
7213 Start command out in foreground mode if stdout is a tty. Works
7214 around issues with some curses-based programs that don't handle
7215 tcsetattr getting interrupted by a signal. Still allows us to avoid
7216 hogging the tty if the command is part of a pipeline.
7219 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
7220 Use a socketpair to pass signals from parent to child. Child will
7221 now pass command status change info back via the socketpair. This
7222 allows the parent to distinguish between signals it has been sent
7223 directly and signals the command has received. It also means the
7224 parent can once again print the signal notifications to the tty so
7225 all writes to the pty master occur in the parent. The command is
7226 now always started in background mode with tty signals handled by
7230 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
7232 * configure, configure.in:
7233 Fix a few typos in the descriptions; from Jeff Makey Only do the
7234 check for krb5_get_init_creds_opt_free() taking two arguments if we
7235 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
7236 positive when using our own krb5_get_init_creds_opt_free which takes
7237 only a single argument.
7240 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
7242 * configure, configure.in:
7243 Remove a spurious comma in the kerb5 bits.
7247 Call krb5_get_init_creds_opt_init() in our emulated
7248 krb5_get_init_creds_opt_alloc() for MIT kerberos.
7251 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
7258 Need to ignore SIGTT{IN,OU} in child when running the command in the
7259 background. Also some minor cleanup.
7262 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
7265 Instead of calling sigsuspend when waiting for SIGUSR[12] from
7266 parent, install the signal handlers w/o SA_RESTART and let them
7267 interrupt waitpid().
7271 Pass along SIGHUP and SIGTERM from parent to child.
7275 Close unused bits of script_fds in processes that don't need them.
7276 Restore default SIGCONT handler in child.
7280 Update foreground/background status in SIGCONT handler in parent
7284 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
7287 Defer setting terminal into raw mode until just before we fork() and
7288 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
7289 and sudo is already in the foreground be sure to set raw mode before
7290 continuing the child.
7293 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
7296 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
7297 give the command the controlling tty if the main sudo process is the
7302 Don't bother with sudo_waitpid() here for now.
7309 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
7312 Remove non-wroking code that crept into rev 1.55
7315 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
7317 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
7318 First pass at zlib support for transcript data files
7322 remove vestiges of ZLDFLAGS
7326 Add missing variable declaration for when TIOCSCTTY is not defined.
7327 Need to include sys/termio.h for TIOCSCTTY on some systems.
7331 when resuming command, send SIGCONT to its pgrp not just pid
7335 remove unused variable
7339 include selinux.h for is_selinux_enabled() proto
7343 Don't use log_error() in the child process.
7347 Do I/O in parent instead of child since the parent can have both
7348 /dev/tty as well as the pty fds open. The child just sets things up
7349 and waits for its grandchild and writes the signal description to
7350 the pty master if the command was killed by a signal.
7353 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
7355 * missing.h, sudo.h:
7356 Move two struct forward declarations from sudo.h to missing.h
7360 Make comment at the top of script_exec() match reality.
7364 if neither stdin nor stdout is a tty, check stderr
7368 Add back dependecy of gram.h on gram.y
7372 Make transcript mode work as long as we can figure out our tty, even
7373 if it is not stdin. We'd like to use /dev/tty but that won't be
7374 valid after the setsid().
7377 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
7379 * config.h.in, configure, configure.in, pty.c:
7380 Add support for IRIX-style dynamic ptys
7383 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
7384 Move alloc.c protos into alloc.h
7388 Move prototypes for missing libc functions to missing.h
7391 * Makefile.in, sudo.h, sudoreplay.c:
7392 Move prototypes for missing libc functions to missing.h
7395 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
7397 * config.h.in, configure, configure.in:
7398 Disable transcript support if no tcsetpgrp until we support older
7399 BSD-style job control.
7402 * configure, configure.in, pty.c, script.c:
7403 Break out pty code into pty.c
7406 * compat.h, config.h.in, configure, configure.in:
7407 add killpg macro if no killpg function
7410 * config.h.in, configure, configure.in, script.c:
7411 Push ptem and ldterm for STERAMS-based systems when allocating a
7415 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
7418 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
7422 Call tcgetpgrp() in the parent, not the child and have the child
7423 spin until it is granted. Fixes a race on darwin.
7427 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
7431 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
7434 In script mode, if the command is killed by a signal, print the
7435 signal description as well as a core dump notification like the
7439 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
7441 Add check for strsignal() and a simple implementation if it is not
7442 there but sys_siglist is
7446 Add missing WUNTRACED and store the signal that stopped the
7447 grandchild in suspended, not signo.
7455 Associate the grandchild's pgrp with the tty instead of the child's
7456 and just get suspend notifications via SIGCHLD instead of directly.
7457 This fixes a hang with programs that try to set terminal attributes
7458 and is more consistent with how the shell handles things.
7461 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
7464 Move setpgid() of child into the parent side of the fork() where it
7468 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
7475 Run command in its own pgrp (like the shell does) for easier
7476 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
7477 to grandchild. Don't want grandchild stopped events in the child
7478 (only termination). Flush output after suspending grandchild before
7483 Back out revision 1.34; the problem lies elsewhere.
7487 Don't set stdout to blocking mode when flushing remaining output.
7488 It can cause us to hang when trying to exit. Need to investigate
7493 Handle SIGTTOU and remove some debugging.
7497 Back out revision 1.10 as the signal that interrupts us may be
7498 SIGTTOU or SIGTTIN which the caller must handle.
7502 Apparently we need to send SIGSTOP to the command as well as ourself
7503 when we get SIGTSTP, the kernel doesn't automatically stop the
7508 Use an extra process to act as the glue bewteen the sessions
7509 associated with the user's controlling tty (what the shell uses) and
7510 the tty that sudo is using to do its logging. Basically, this means
7511 that if we get, e.g. SIGTSTP from the process sudo is running, we
7512 relay the signal to the parent so it's shell can do the job control.
7516 Handle getting/setting terminal attributes when the fd is in non-
7520 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
7522 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7523 Add support for pausing and changing the speed in interactive mode.
7527 Already define O_NOCTTY in compat.h, don't need it here
7530 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
7536 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
7539 Always update the stashed mtime of the temp file instead of using
7540 what we have for the original because the time resolution of the
7541 filesystem the temporary is on may not match that of the filesystem
7542 that holds the original. Should fix bz #371 found by Philippe Levan.
7546 Use cbreak mode instead of raw mode and add signal handlers to
7547 restore the tty on interrupt.
7550 * script.c, sudo.h, term.c:
7551 Retain NL to NLCR conversion on the real tty and skip it on the pty
7552 we allocate. That way, if stdout is not a pty there are no extra
7557 Fix log_output(); just pass in a string and a length.
7560 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
7563 do not use errno when complaining out lack of a tty
7566 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
7568 * Makefile.in, sudoreplay.c, term.c:
7569 Instead of messing with line endings, just set terminal to raw mode
7574 When copying the terminal attributes to the pty, be sure not to set
7575 ONLCR. This prevents extra carriage returns from ending up in the
7580 Convert a do {} while into a while
7584 Use if then instead of test && when installing binaries that may not
7589 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
7590 old tty before associatng with new one.
7593 * script.c, selinux.c, sudo.c, sudo.h:
7594 First cut at refactoring some of the selinux code so it can be used
7595 in conjunction with sudo's transcript support.
7598 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
7600 * aclocal.m4, configure, configure.in:
7601 Fix default case of transcript_enabled being unset.
7604 * script.c, sudoreplay.c:
7605 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
7608 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
7609 Hook up --disable-transcript and --enable-transcript=DIR
7612 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
7614 * aclocal.m4, configure, configure.in, pathnames.h.in:
7615 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
7616 transcript=DIR option to specify the directory
7619 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
7623 * configure, configure.in, sudoers.man.pl, sudoers.pod:
7624 Substitute in default value for secure_path
7628 Mention that the password must be followed by a newline with the -S
7632 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
7635 Go back to dropping out of the select() loop when the process dies;
7636 Linux ptys apparently don't behave the same as BSD in regards to
7637 select(). No need to flush remaining output to the transcript, only
7638 to stdout. Add back code to check the master pty for additional data
7639 when we exit the main select loop.
7642 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
7645 Add getline.o to COMMON_OBJS
7649 sudoreplay depends on libsudo.a
7653 More pwutil.o into COMMON_OBJS
7656 * pwutil.c, testsudoers.c, tsgetgrpw.c:
7657 Remove my_* redirection in pwutil.c for testsudoers and just use the
7658 normal libc get{pw,gr}* names.
7661 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7662 More time and date examples
7665 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
7666 Move nanosleep() emulation into its own file Check librt.a for
7667 nanosleep if we don't find it in libc
7670 * Makefile.in, configure, configure.in:
7671 Build libsudo with the common bits and link things against that.
7679 Keep reading from the pty master -> log file until read returns <=
7680 0. Do our best to write everything to stdout when flushing any
7685 Use unbuffered I/O when writing to stdout and make sure we write the
7689 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
7692 Only use max_wait if it is non-zero
7695 * getdate.c, getdate.y, getline.c:
7700 Fix nanosleep emulation
7704 Fix comment after #endif
7708 Add protos for missing libc bits
7711 * configure, configure.in:
7712 add missing line continuation char
7715 * config.h.in, configure, configure.in, getline.c:
7716 Implement getline() in terms of fgetln() if we have it.
7720 Print year when formatting log line
7724 Document cwd, attempt to document time/date formats.
7728 Fix getline return value check.
7731 * Makefile.in, config.h.in, configure, configure.in, getline.c,
7733 Use getline() if the system has it, else use provide our own for
7738 Refactor code to update output and timing files.
7741 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
7744 Make sudo_getln() behave more like glibc getline.
7748 When flushing remaining output, also update timing file.
7752 Use get_timestr() and make the -l output look like the regular sudo
7756 * logging.c, sudo.h, timestr.c:
7757 Make get_timestr() take a time_t so we can use it properly in
7762 Create session dir earlier now that we update the seq number early.
7765 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
7768 Use fromdate and todate as the keywords instead of from and to; the
7769 short forms will still be accepted.
7773 Fix reading long liensin sudo_getln()
7776 * script.c, sudoreplay.c:
7777 Log the cwd in the script log file. Add sudo_getln() to read
7778 arbitrarily long lines.
7781 * Makefile.in, logging.c, sudo.h, timestr.c:
7782 Move get_timestr() into its own source file so sudoreplay can use
7786 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
7789 Add to and from perdicates (date ranges); needs documentation
7792 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
7794 * Makefile.in, getdate.c, getdate.y:
7795 Fix warning and add generated getdate.c
7798 * Makefile.in, getdate.y:
7799 Add getdate.y to be used for sudoreplay date parsing.
7802 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
7805 Check more than just the first character of a predicate
7808 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7809 Add examples, sort predicates
7812 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
7814 Implement search expressions in sudoreplay similar in concept to
7815 what find or tcpdump uses. TODO: date ranges
7818 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
7821 Remove vhangup as it was hanging up the wrong tty. Should really
7822 vhangup in the child after it as set its tty.
7826 Fix cut at documenting transcript support.
7830 ID= -> TSID= for transcript ID
7833 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
7836 Move fast_glob description to where it belongs in sorted order
7839 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
7840 parse.c, parse.h, sudo.c:
7841 Rename script -> transcript
7844 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
7847 Add timeradd and timersub for those without them
7851 Sanity check sessid before using it.
7855 Only set the session id if we are running a command or editing a
7860 Actually. qsort is fine since most versions fal back to a cheaper
7861 sort when the number of elements to sort is small (like in our
7865 * config.h.in, configure, configure.in, script.c:
7866 Check for dup2 and use dup instead if we don't have it.
7869 * script.c, sudo.c, sudo.h:
7870 Move the code to dup2 the script fds to low numbered descriptors
7871 into script_duplow() and fix the fd sorting.
7874 * script.c, sudo.c, sudo.h:
7875 Move script_setup() back to immediately before we drop privs and
7876 call the new script_nextid() in its place, which will set
7877 sudo_user.sessid for the logging functions.
7880 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
7887 remove unused variable
7890 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
7892 * logging.c, script.c, sudo.c, sudo.h:
7893 Log the session ID, if there is one. Currently logs ID=XXXXXX,
7894 perhaps should be SESSIONID or SESSID.
7897 * Makefile.in, configure, configure.in, sudoreplay.cat,
7898 sudoreplay.man.in, sudoreplay.pod:
7903 add -V (version) flag
7910 * script.c, sudoreplay.c:
7911 Use base36 number for the ID and store script files with paths like
7912 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
7913 (2,176,782,336) unique IDs.
7916 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
7918 * config.h.in, configure.in:
7919 Add check for regcomp
7923 Add support for selecting by pattern and tty when listing.
7926 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
7929 The beginnings of a list mode.
7932 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
7938 * Makefile.in, config.h.in, configure.in:
7939 Add scaffolding for building sudoreplay
7943 include error.h first arg to nanotime is const
7947 Initial cut at sudoreplay; replay a sudo session.
7950 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
7953 Fix wait() usage and use correct wait status.
7956 * sudo.c, sudo.h, tgetpass.c:
7957 Add protos for term_* to sudo.h
7961 Fix detection of the child process exiting. Since the child is in
7962 its own session we should only ever get SIGCHLD for that process but
7963 better safe than sorry.
7967 Add UNIX98 pty support.
7970 * configure, configure.in, script.c:
7971 Add UNIX98 pty support.
7974 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
7977 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
7982 Set PAM_RUSER and PAM_RHOST early so they can be used during
7983 authentication. Based on a patch from Jamie Beverly.
7987 Close dir before returning if strlcpy() reports overflow. From
7991 * config.h.in, configure, configure.in, script.c:
7992 On Linux, the openpty proto libes in pty.h
7996 Call vhangup on exit if the system has it Use setpgrp() if no
8000 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
8002 * config.h.in, configure, configure.in:
8003 Add checks for revoke and vhangup if we don't have openpty
8007 Session logging guts that got forgotten in the previous commit.
8010 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
8011 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
8012 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
8014 First cut at session logging for sudo. Still need to write
8015 get_pty() for Unix 98 and old-style BSD ptys. Also needs
8016 documentation and general cleanup.
8019 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
8021 * sudo.c, sudo_edit.c:
8022 Fix a bug introduced with def_closefrom. The value of def_closefrom
8023 already includes the +1.
8026 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
8029 Generate sudo distributions with pax in ustar mode. No longer need
8030 to use a temp file or have the source dir name match the version.
8033 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
8036 Fix expansion of %h in #include names. Fixes bugzilla 363
8039 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
8042 If no arg assume def_data.in
8047 [f5ad45f69f05] [SUDO_1_7_2]
8053 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
8055 * sudoers.cat, sudoers.man.in, sudoers.pod:
8056 Add missing single quotes around a colon in Runas_Spec definition.
8060 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
8062 * sudo.man.in, sudoers.man.in:
8067 In rbrepair, re-color the root or the first non-block node we find
8068 to be black. Re-coloring the root is probably not needed but won't
8072 * sudo.cat, sudoers.cat:
8076 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
8079 When repairing the tree, don't touch the root node.
8082 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
8085 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
8086 Reported by Josef Schmid.
8089 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
8092 Document that we accept env_pam-style environment files
8096 Adapt to accept pam_env-style /etc/environment which allows shell-
8097 style lines such as: export EDITOR="/usr/bin/vi"
8101 Make it clear that env_delete only works when !env_reset. From Lo??c
8105 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
8107 * sudo.pod, sudoers.pod:
8108 Add non-unix group bits, adapted from Quest
8112 build the .cat page in the current working dir, not the src dir
8116 Return EINVAL in setenv() if var is NULL or the empty string to
8117 match glibc behavior.
8120 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
8122 * configure, configure.in:
8123 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
8126 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
8128 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
8129 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
8133 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
8136 Document --with-libvas and --with-libvas-rpath
8139 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
8141 * ldap.c, sudoers.ldap.pod:
8142 For netscape-derived LDAP SDKs the cert and key paths may be a
8143 directory or a file. However, version 5.0 of the SDK only seems to
8144 support using a directory. If ldapssl_clientauth_init fails and the
8145 cert or key paths look like they could be files, strip off the last
8146 path element and try again.
8150 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
8153 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
8155 * configure, configure.in, match.c, sudo.c, vasgroups.c:
8156 Update non-Unix group support from Quest, as reworked by me.
8164 Add support for escaped hex chars in names, e.g. \x20 for space.
8167 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
8169 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
8170 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
8171 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
8172 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
8173 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
8174 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
8175 tgetpass.c, toke.l, visudo.c:
8176 Update copyright years.
8179 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
8181 * interfaces.c, lbuf.c:
8182 Minor fixes for Minix-3
8185 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
8188 Handle getgroups() returning 0. Also add missing check for
8192 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
8194 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
8195 version.h, visudo.c:
8196 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
8199 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
8202 Remove group setting code in setusercontext case, we will do it
8203 ourselves later on in runas_setup. Set the gid after
8204 initgroups/setgroups is called, since on Mac OS X it seems to change
8208 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
8210 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
8212 Initial bits of non-unix group support using Quest Authentication
8217 Accept %:foo as a non-Unix group
8221 Allow user/group to be double quoted in the case of non-Unix groups
8222 which contain spaces.
8225 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
8228 Don't allow the user to specify the default runas user if their
8229 sudoers entry only allows them to run as a group.
8232 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
8235 Must call audit_success before we change uids.
8238 * logging.c, set_perms.c, sudo.h, testsudoers.c:
8239 Add option for set_perm to not exit on failure and use this in the
8244 In -l mode, if the user is only allowed to run as a group, display
8245 the user's name, not root's before the allowed group.
8249 Fix -g mode, broken by rev 1.503 which had the side effect of
8250 setting the runas user to root unilaterally.
8253 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
8256 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
8260 Only cache by the method we fetched for pwd and grp lookups.
8261 Previously we cached both by namd and id but this can cause problems
8262 for entries that share the same id. Also add more info in the error
8263 message in case the insert fails (which should now be impossible).
8266 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
8269 Add a clarification from Nick Sieger
8272 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
8275 Inline the setting of the environment string.
8278 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
8281 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
8282 in BSD doesn't return an error if the name has '=' in it, it just
8283 treats the '=' as end of string.
8286 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
8289 Not all systems have d_namlen
8292 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
8295 Fix up some pod2html issues.
8298 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
8301 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
8306 Ignore files ending in '~' in sudo.d (emacs backup files)
8310 Ignore files ending in '~' in sudo.d (emacs backup files)
8313 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
8315 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
8316 For #includedir, ignore any file containing a dot
8319 * Makefile.in, version.h:
8323 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
8324 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
8326 Implement #includedir directive. Files in an includedir are not
8327 edited by visudo unless they contain a syntax error.
8332 [8741ed61a78b] [SUDO_1_7_1]
8335 Forgot umask_override
8342 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
8345 Rewind stream if we fdopen sudoers since it may not be at the
8346 beginning. Set the keepopen flag on already-open files too so the
8347 lexer doesn't close them out from under us.
8351 Print the proper file name when there is a parse error in an include
8355 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
8361 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
8363 * configure, configure.in:
8364 Fix a warning when --without-ldap is specified.
8367 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
8369 * alias.c, parse.h, visudo.c:
8370 Store aliases that we remove during check_aliases in a freelist and
8371 free them at the end so we don't leak memory.
8374 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
8377 Check aliases in -c mode too.
8380 * alias.c, parse.h, visudo.c:
8381 Make alias_remove return the alias struct instead of freeing it
8382 directly. Fixes a use after free in alias_remove_recursive, the only
8386 * alias.c, match.c, parse.c, parse.h, visudo.c:
8387 Rename find_alias -> alias_find for consistency.
8390 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
8393 When checking for unused aliases, recurse if the alias points to
8397 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
8400 Back out rev 1.105 for now. Real ldapux_client.conf support will be
8401 done later after some refactoring.
8404 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
8407 Treat ldap_hostport the same as "host" for ldapux.
8410 * configure, configure.in:
8411 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
8412 Fixes compilation with ldapux.
8415 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
8421 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
8424 remove errant carriage returns
8431 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
8432 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
8436 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
8439 Add missing HAVE_BSM_AUDIT
8447 Mention --with-netsvc
8451 Document netsvc.conf support
8454 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
8456 Add support for AIX netsvc.conf (like nsswitch.conf).
8459 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
8461 * config.h.in, configure, configure.in, env.c:
8462 Add --enable-env-debug flag to enable environment sanity checks.
8465 * sudoers.ldap.pod, sudoers.pod:
8466 Work around some pod2html issue.
8469 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
8472 Only sync environ for putenv, setenv, and unsetenv. We need to make
8473 sure that sudo_putenv and sudo_setenv only modify env.envp, not
8477 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
8480 Really fix UNSETENV_VOID
8484 Fix unsetenv when UNSETENV_VOID
8487 * aclocal.m4, configure:
8488 Fix SUDO_FUNC_PUTENV_CONST
8492 tivoli-based ldap does not have ldapssl_err2string
8499 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
8501 * config.h.in, configure, configure.in, ldap.c:
8502 Add support for Tivoli-based LDAP start TLS as seen in AIX.
8507 Add sanity checks for setenv/unsetenv
8511 Include bsm_audit.h in the tarball
8514 * Makefile.in, version.h:
8515 bump version for sudo 1.7.1
8518 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
8519 env.c, ldap.c, sudo.h:
8520 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
8521 provide our own setenv/unsetenv/putenv that operates on own env
8522 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
8525 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
8528 Make "sudoedit -h" work as expected
8532 Make sure def_prompt is always defined. This is a workaround for
8533 pam configs that prompt for a password in the session but don't have
8534 an auth line. A better fix is to expand the sudo prompt earlier and
8535 set def_prompt to that when initializing.
8539 Mention that the helper for -A may be graphical.
8543 Document what happens if there is no tty.
8555 Fix "sudo -k" with no other args
8558 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
8560 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
8561 Allow the -k flag to be specified in conjunction with a command or
8562 another option that may require authentication.
8565 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
8567 * configure, configure.in:
8568 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
8572 Parallel make fix. From Diego E. 'Flameeyes'
8575 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
8577 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
8578 Implement umask_override
8585 * sudoers.pod, toke.l, visudo.c:
8586 Implement %h escape in sudoers include filenames.
8590 Need to include compat.h
8593 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
8594 Make audit_success and audit_failure generic functions in
8595 preparation for integrating linux audit support.
8599 remove duplicate include
8602 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
8609 May need to update the runas user after parsing command-based
8613 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
8616 Add missing pair of braces introduced with character class support.
8619 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
8621 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
8622 Rename pwstars to pwfeedback
8625 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
8627 * bsm_audit.c, bsm_audit.h:
8628 Add const to make MacOS happy.
8631 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
8632 configure.in, sudo.c:
8633 Add bsm audit support from Christian S.J. Peron
8637 This is new code, no DARPA notice.
8640 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
8642 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
8643 Rename simple_glob -> fast_glob
8650 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
8651 Add simple_glob option to use fnmatch() instead of glob(). This is
8652 useful when you need to specify patterns that reference network file
8664 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
8667 Delete any pwstars we wrote after the user hits return. That way
8668 there is no record on screen as to the user's password length.
8671 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
8674 Move terminal setting bits from tgetpass.c to term.c
8677 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
8679 Add pwstars sudoers option that causes sudo to print a star every
8680 time the user presses a key.
8683 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
8686 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
8689 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
8692 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
8693 indicate no limit. From Mark Janssen.
8696 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
8699 Comments that begin with #- should not be parsed as uids.
8702 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
8705 Do not try to set the close on exec flag if we didn't actually open
8709 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
8713 [e11f0e4c1bdd] [SUDO_1_7_0]
8715 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
8721 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
8724 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
8728 * configure, configure.in:
8729 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
8730 as it cannot generate shared objects.
8733 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
8734 K&R compilation fixes
8738 Use tq_foreach_fwd when checking pseudo-commands to make it clear
8739 that we are not short-circuiting on last match. When pwcheck is
8740 'all', initialize nopass to TRUE and override it with the first non-
8744 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
8747 Do not short circuit pseudo commands when we get a match since,
8748 depending on the settings, we may need to examine all commands for
8752 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
8754 * sudoers.cat, sudoers.man.in:
8759 hostnames may also contain wildcards
8763 remove stamp-* files and linux core files in clean target
8766 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
8768 * auth/sudo_auth.h, config.h.in, configure, configure.in:
8769 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
8772 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
8774 * configure, configure.in:
8775 correctly enable SIA on Digital UNIX
8786 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
8788 * check.c, sudo.h, tgetpass.c:
8789 Even if neither stdin nor stdout are ttys we may still have /dev/tty
8793 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
8795 * sudoers.cat, sudoers.man.in:
8800 fix typos; Markus Lude
8812 Fix matching of a line that only consists of a comment char
8815 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
8818 MacOS pam will retry conversation function if it fails so just treat
8819 ^C as an empty password.
8823 When checking for alias use, also check defaults bindings.
8831 Replace my rbdelete with Emin's version (which actually works ;-)
8834 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
8841 malloc options in devel mode for visudo too
8844 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
8847 fix compilation on non-C99; from Theo
8855 when destroying an alias, free the correct data pointer
8859 add proto for aixauth_cleanup; from Dale King
8862 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
8864 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8869 * sudo.pod, sudoers.pod, visudo.pod:
8870 standardize on the term 'option' for command line options (not flag)
8873 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
8876 Add note on configuring HP-UX pam
8879 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
8882 Move tty checks into check_user() so we only do them if we actually
8887 Don't error out if no tty or askpass unless we actually need to
8891 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
8897 * pathnames.h.in, sudo.c:
8898 s/overriden/overridden/; from Tobias Stoeckmann
8901 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
8903 * WHATSNEW, visudo.c:
8904 check sudoers owner and mode in strict mode
8911 * sudo.man.in, sudoers.man.in, visudo.man.in:
8912 Update copyright years.
8915 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
8916 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
8917 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
8918 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
8919 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
8920 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
8921 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
8922 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
8923 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
8924 visudo.pod, zero_bytes.c:
8925 Update copyright years.
8928 * emul/charclass.h, fnmatch.c, glob.c:
8932 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
8935 The loop in fill_cmnd() was going one byte too far past the end,
8936 resulting in a NUL being written immediately after the buffer end.
8939 * UPGRADE, WHATSNEW:
8940 add sections on tgetpass changes
8944 Treat EOF w/o newline as an error.
8947 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
8950 Fix "sudo -v" when NOPASSWD is set.
8953 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
8955 No longer treat an empty password at the prompt as special. To quit
8956 out of sudo you now need to hit ^C at the password prompt.
8959 * sudoers.cat, sudoers.man.in:
8963 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
8964 Sudo will now refuse to run if no tty is present unless the new
8965 visiblepw sudoers flag is set.
8968 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
8971 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
8976 fix fallback value for RLIM_SAVED_MAX
8979 * auth/aix_auth.c, auth/sudo_auth.h:
8980 Move clearing of AUTHSTATE into aixauth_cleanup.
8983 * auth/aix_auth.c, env.c:
8984 Unset AUTHSTATE after calling authenticate() as it may not be
8985 correct for the user we are running the command as.
8989 Add isblank() function for systems without it. Needed for POSIX
8990 character class matching in fnmatch.c and glob.c.
8993 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
8996 expound on sudo and cd
8999 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
9005 * sudoers.cat, sudoers.man.in:
9010 mention defauts parse order
9013 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
9015 * Makefile.in, aclocal.m4, compat.h, configure:
9016 Add isblank() function for systems without it. Needed for POSIX
9017 character class matching in fnmatch.c and glob.c.
9021 add emul/charclass.h to HDRS
9024 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
9030 * defaults.c, parse.c, testsudoers.c, visudo.c:
9031 Move update_defaults into defaults.c and call it properly from
9032 visudo and testsudoers.
9035 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
9037 use zero_bytes() instead of memset() for consistency
9040 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
9042 Zero out sigaction_t before use in case it has non-standard entries.
9050 Short circuit glob() checks if basename(pattern) !=
9051 basename(command). Refactor code that checks for a command in a
9052 directory and use it in the glob case if the resolved pattern ends
9056 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
9058 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
9059 Defer setting runas defaults until after runaspw/gr is setup.
9062 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
9064 * match.c, sudo.c, testsudoers.c:
9065 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
9066 systems do not include space for the NUL in the size. Also manually
9067 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
9071 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
9073 * sudo.c, sudoers.pod:
9074 When setting the umask, use the union of the user's umask and the
9075 default value set in sudoers so that we never lower the user's umask
9076 when running a command.
9080 Don't try to read from a zero-length sudoers file. Remove the bogus
9081 Solaris work-around for EAGAIN. Since we now use fgetc() it should
9085 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
9088 In update_defaults() check the return value of user*_matches against
9089 ALLOW so we don't inadvertantly match on UNSPEC.
9092 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
9094 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9095 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9096 regen man pages; no more hyphenation
9100 Don't error out on a zero-length sudoers file. With the advent of
9101 #include the user could create a situation where sudo is unusable.
9104 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
9106 * auth/kerb5.c, config.h.in, configure, configure.in:
9107 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
9108 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
9109 all. Add configure tests to handle all the cases.
9112 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
9119 document sudoers_locale
9122 * sudo.pod, sudo_edit.c:
9123 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
9128 In fill_cmnd(), collapse any escaped sudo-specific characters.
9129 Allows character classes to be used in pathnames.
9132 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
9135 fix typo in non-C89 function declaration
9139 Mention POSIX characters classes now that out fnmatch() and glob()
9143 * sample.sudoers, sudoers.pod:
9144 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
9149 use __signed char if we are going to assign a negative value since
9150 on Power, char is unsigned by default
9153 * config.h.in, configure, configure.in:
9154 Add tests for __signed char and signed char.
9158 Fix AIX limit setting. getuserattr() returns values in disk blocks
9159 rather than bytes. The default hard stack size in newer AIX is
9160 RLIM_SAVED_MAX. From Dale King.
9163 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
9165 * emul/charclass.h, fnmatch.c, glob.c:
9166 Add character class support to included glob(3) and fnmatch(3).
9169 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
9172 Remove UCB advertising clause and some compatibility defines.
9175 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
9178 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
9179 or sudo. This allows one to set EDITOR to sudoedit without getting
9180 into an infinite loop of sudoedit running itself until the path gets
9184 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
9185 Add sudoers_locale Defaults option to override the default sudoers
9189 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
9192 Set locale to system default except for during sudoers parse.
9195 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
9198 Redo change in 1.34 to use pointer arithmetic.
9201 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
9204 Fix a dereference (read) of a freed pointer. Reported by Patrick
9208 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
9211 Set locale to "C" to avoid interpretation issues with character
9212 ranges in sudoers. May want to make the locale a sudoers option in
9216 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
9219 we no longer use setproctitle
9226 * LICENSE, mkstemp.c:
9227 Use my replacement mkstemp() from the mktemp package.
9230 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
9233 regen with yacc skeleton bug fixed
9237 Remove duplicate "as root". From Martin Toft.
9240 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
9242 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
9243 Flesh out the fake passwd entry used for running commands as a uid
9244 not listed in the passwd database. Fixes an issue with some PAM
9248 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
9251 Error out in -i mode if the user has no shell. This can happen when
9252 running commands as a uid with no password entry.
9255 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
9258 Better fix for line continuation inside double quotes. Now accepts
9259 whitespace between the backslash and the newline like the main
9263 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
9266 Fix line continuation in strings. It was only being honored if
9267 preceded by whitespace.
9270 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
9272 * config.h.in, configure, configure.in, logging.c:
9273 Replace the double fork with a fork + daemonize.
9276 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
9279 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
9282 * logging.c, sudo.c, sudo_edit.c, visudo.c:
9283 Change how the mailer is waited for. Instead of having a SIGCHLD
9284 handler, use the double fork trick to orphan the child that opens
9285 the pipe to sendmail. Fixes a problem running su on some Linux
9289 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
9291 * configure, configure.in:
9292 Fix configure test for dirfd() on Linux where DIR is opaque.
9295 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
9298 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
9299 this problem we'll need to revisit this again.
9302 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
9305 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
9306 we only block the signal it may be delivered later when we unblock.
9307 Also, there is no need to block SIGCHLD since we no longer do the
9308 double fork. The normal SIGCHLD handler is sufficient.
9311 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
9313 * configure, configure.in:
9314 Add description for NO_PAM_SESSION, from a redhat patch.
9317 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
9319 * sudo.cat, sudo.man.in, sudo.pod:
9320 Fix typos in -i usage
9323 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
9325 * configure, configure.in:
9326 Redo the test for dgettext() in a way that hopefully will work
9327 around the libintl_dgettext() undefined problem.
9330 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
9332 * schema.ActiveDirectory:
9333 change filename in comment
9336 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
9338 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
9340 Reference schema.ActiveDirectory
9343 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
9345 * schema.OpenLDAP, schema.iPlanet:
9346 Mark sudoRunAs as deprecated.
9349 * schema.ActiveDirectory:
9350 add sudoRunAsUser and sudoRunAsGroup
9353 * schema.ActiveDirectory:
9354 Active Directory schema by Chantal Paradis and Eric Paquet
9357 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
9360 remove an XXX that was fixed
9368 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
9369 fixes a problem where the tag value printed was influenced by
9370 defaults set in the first pass through the parser.
9373 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
9375 * Makefile.in, sudo.psf:
9376 No point in packaging the TODO file
9383 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
9385 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
9386 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
9387 Add env_file Defaults option that is similar to /etc/environment on
9391 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
9393 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
9394 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
9395 version.h, visudo.cat, visudo.man.in:
9396 change version to 1.7.0
9400 initial valgrind pass done
9403 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
9406 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
9409 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
9412 define LDAPS_PORT if the system headers do not
9415 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
9418 Fix another memory leak in init_parser().
9421 * configure, configure.in:
9422 There was a missing space before the ldap libs in SUDO_LIBS for some
9426 * alias.c, gram.c, gram.y, toke.c, toke.l:
9427 Clean up some memory leaks pointed out by valgrind.
9430 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
9433 fix "sudo -s" broken by mode/flags breakout
9436 * configure, configure.in:
9437 remove duplicate check for dgettext
9440 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
9443 Fall back to default stanza if no user-specific limit is found.
9446 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
9449 include stdint.h if present
9453 Use LLONG_MAX, not the old QUAD_MAX
9456 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
9462 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
9468 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
9474 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
9485 Split MODE_* defines into primary and flags.
9488 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
9491 It turns out the logic for getting AIX limits is more convoluted
9492 than I realized and differs depending on whether the soft and/or
9493 hard limits are defined.
9496 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
9498 * Makefile.in, configure, configure.in:
9499 Back out AIX-specific change to set the sudo_noexec path to the .a
9500 file, we do really want to use the .so file. Since libtool doesn't
9501 do that correctly, just install the .so file ourselves in the
9506 If the file given to install is a path, only use the basename of the
9507 file when building the destination path.
9510 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
9513 parse_args() cleanup: Sort command line options in the getopt()
9514 switch The -U option requires a parameter Normalize a few ISSET
9515 calls Split mode into mode and flags and retire the now-obsolete
9519 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
9521 Add -n (non-interactive) flag.
9525 Move version printing, etc. into a separate function.
9529 Don't try to cleanup nsswitch if it has not been initialized.
9532 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
9535 Block SIGPIPE in send_mail() so sudo is not killed by a problem
9536 executing the mailer.
9539 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
9541 * configure, configure.in:
9542 AIX shared libs end in .a, not .so.
9545 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
9548 Preserve HOME by default too. Matches documentation and previous
9552 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
9555 Use getopt() to parse the command line. We need to be able to
9556 intersperse env variables and options yet still honor "--"" which
9557 complicates things slightly.
9560 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
9566 * acsite.m4, configure, ltmain.sh:
9567 update to libtool-1.5.26
9570 * config.guess, config.sub:
9571 update from libtool-1.5.26 distribution
9575 attempt to fix compilation errors on AIX
9579 fix typo in last commit
9583 Add WHATSNEW file to the distribution
9587 use warningx instead of fprintf(stderr, ...)
9591 add DEBUG to list2tq
9602 * Makefile.in, aix.c, config.h.in, configure, configure.in,
9603 set_perms.c, sudo.h:
9604 Add aix_setlimits() to set resource limits on AIX using a
9605 combination of getuserattr() and setrlimit(). Currently untested.
9608 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
9610 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
9611 sudoers.man.in, sudoers.pod:
9612 Add mailfrom Defaults option that sets the value of the From: field
9613 in the warning/error mail. If unset the login name of the invoking
9618 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
9622 When adding a default, only call list2tq() once to do the list to tq
9623 conversion. It is not legal to call list2tq multiple times on the
9624 same list since list2tq consumes and modifies the list argument.
9627 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9628 comment out XXXs for now
9635 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
9638 Error out if both -A and -S are specified Error out if -A is
9639 specified but no askpass is configured
9642 * configure, configure.in:
9643 we are not going to ship a sudo-specific askpass
9646 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
9649 fix definition of TGP_ASKPASS
9652 * def_data.c, def_data.in:
9653 make askpass boolean-capable
9657 document --with-askpass
9660 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9661 sudoers.man.in, visudo.cat:
9665 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
9667 * sudo.pod, sudo_usage.h.in, sudoers.pod:
9668 document -A and askpass
9671 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
9672 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
9673 sudo_usage.h.in, tgetpass.c:
9674 Add support for running a helper program to read the password when
9675 no tty is present (or when specified with the -A flag). TODO: docs.
9678 * def_data.c, def_data.in:
9679 add missing printf format to SELinux role and type strings
9682 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
9684 * INSTALL, configure, configure.in:
9685 Disable use of gss_krb5_ccache_name() by default and add
9686 --enable-gss-krb5-ccache-name configure option to enable it. It
9687 seems that gss_krb5_ccache_name() doesn't work properly with some
9688 combinations of Heimdal and OpenLDAP.
9691 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
9694 Ignore setexeccon() failing in permissive mode. Also add a call to
9695 setkeycreatecon() (though this is probably insufficient). From Dan
9700 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
9701 function may be called for non-password reading purposes so we must
9702 be careful not to use def_prompt in cases where it may not be set.
9705 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
9708 Don't free the new tty context, we need to keep it around when we
9709 restore the tty context after the command completes
9712 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
9718 * sudo.man.pl, sudo.pod:
9719 Only put login_cap(3) in SEE ALSO section if we have login.conf
9723 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
9725 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9726 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9731 Substitute in comment characters for lines partaining to login.conf,
9732 BSD auth and SELinux and only enable them if pertinent.
9736 Substitute in comment characters for lines partaining to login.conf,
9737 BSD auth and SELinux and only enable them if pertinent.
9741 Substitute in comment characters for lines partaining to login.conf,
9742 BSD auth and SELinux and only enable them if pertinent.
9746 Substitute in comment characters for lines partaining to login.conf,
9747 BSD auth and SELinux and only enable them if pertinent.
9750 * Makefile.in, configure, configure.in:
9751 Substitute in comment characters for lines partaining to login.conf,
9752 BSD auth and SELinux and only enable them if pertinent.
9755 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
9756 Remove the =cut on the first line (above the copyright notice) to
9757 quiet pod2man. Also remove the hackery in the FILES section and
9758 just deal with the fact that there will a newline between each
9762 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
9765 run sudo.man.pl when generating sudo.man.in
9768 * configure, configure.in, sudo.man.pl:
9769 comment out SELinux manual bits unless --with-selinux was specified
9773 document role and type defaults for SELinux
9776 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
9777 Document "sudo -ll" and make "sudo -l -l" be equivalent.
9780 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
9782 * configure, configure.in:
9783 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
9784 Debian GNU/kFreeBSD.
9787 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
9790 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
9794 * logging.c, logging.h, sudo.c:
9795 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
9796 log_auth() into log_allowed() and log_denial() Replace mail_auth()
9797 with should_mail() and a call to send_mail()
9800 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
9803 Add debugging so we can tell if the krb5 ccache is accessible
9807 mention --with-selinux
9810 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
9820 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
9821 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
9822 testsudoers.c, toke.c, toke.l:
9823 Add support for SELinux RBAC. Sudoers entries may specify a role
9824 and type. There are also role and type defaults that may be used.
9825 To make sure a transition occurs, when using RBAC commands are
9826 executed via the new sesh binary. Based on initial changes from Dan
9831 Add support for SELinux RBAC. Sudoers entries may specify a role
9832 and type. There are also role and type defaults that may be used.
9833 To make sure a transition occurs, when using RBAC commands are
9834 executed via the new sesh binary. Based on initial changes from Dan
9838 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
9839 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
9840 pathnames.h.in, selinux.c:
9841 Add support for SELinux RBAC. Sudoers entries may specify a role
9842 and type. There are also role and type defaults that may be used.
9843 To make sure a transition occurs, when using RBAC commands are
9844 executed via the new sesh binary. Based on initial changes from Dan
9848 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
9850 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
9851 Add long list (sudo -ll) support for printing verbose LDAP and
9852 sudoers file entries. Still need to update manual.
9855 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
9857 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
9858 Unify the -l output for file and ldap based sudoers and use lbufs
9859 for both. The ldap output does not currently include options that
9860 cannot be represented as tags. This will be remedied in a long list
9861 output mode to come.
9864 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
9867 Use a specific error message for errno == EAGAIN when setuid() et al
9868 fails. On Linux systems setuid() will fail with errno set to EAGAIN
9869 if changing to the new uid would result in a resource limit
9874 Unlimit nproc on Linux systems where calling the setuid() family of
9875 syscalls causes the nroc resource limit to be checked. The limits
9876 will be reset by pam_limits.so when PAM is used. In the non-PAM
9877 case the nproc limit will remain unlimited but there doesn't seem to
9878 be a way around that other than having sudo parse
9879 /etc/security/limits.conf directly.
9882 * env.c, sudo.c, sudo.pod:
9883 Only read /etc/environment on Linux and AIX
9886 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
9888 * configure, configure.in:
9889 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
9890 ldap.conf and ldap.secret paths from going into config.h. Avoid
9891 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
9892 since in some versions of bash they will end up literally in the
9896 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
9899 mention --with-nsswitch=no
9902 * configure, configure.in:
9903 ldap_ssl.h depends on ldap.h being included first
9906 * config.h.in, configure, configure.in, ldap.c:
9907 Include ldap_ssl.h if we can find it. Needed for the
9908 ldapssl_set_strength defines on HP-UX at least.
9919 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9920 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9925 Use 78n line length when formatting cat pages.
9929 Remove redundant info that is now in sudoers.ldap.pod
9932 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
9934 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9935 Reorganize the first section a bit. Substitute the proper path for
9939 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9940 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
9941 schema into EXAMPLES
9944 * configure, configure.in:
9945 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
9949 * configure, configure.in:
9950 substitute for sudoers.ldap.man
9954 Fix cut & pasto introduced when adding sudoers.ldap man page.
9957 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9958 Fill in some of the missing pieces. Still needs some reorganization
9962 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
9964 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
9966 Beginnings of a sudoers.ldap man page. Currently, much of the
9967 information is adapted from README.LDAP.
9970 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
9973 When copying gr_mem we must guarantee that the storage space for
9974 gr_mem is properly aligned. The simplest way to do this is to
9975 simply store gr_mem directly after struct group. This is not a
9976 problem for gr_passwd or gr_name as they are simple strings.
9980 Fix a typo/thinko in one of the calls to
9981 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
9984 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
9986 * config.h.in, configure, configure.in, ldap.c:
9987 include <mps/ldap_ssl.h> in ldap.c if available
9990 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
9993 Make sure we define SIZE_MAX for yacc's skeleton.c
9997 Use TCSAFLUSH when restoring terminal settings (and echo) to
9998 guarantee that any pending output is discarded
10001 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
10004 no longer need to specify SETENV when user has sudo ALL
10008 sync user_args size calculation with sudo.c Add -g group option,
10009 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
10014 Make set_runaspw static void
10017 * testsudoers.c, visudo.c:
10018 g/c set_runaspw stub
10021 * configure, configure.in:
10022 Don't add -llber twice.
10025 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
10031 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
10037 * configure, configure.in:
10038 Fix check that determines whether -llber is required.
10041 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
10042 For netscape-based LDAP, use ldapssl_set_strength() to implement the
10043 checkpeer ldap.conf option.
10047 Delay krb5_cc_initialize() until we actually need to use the cred
10048 cache, which is what krb5_verify_user() does. Better cleanup on
10052 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
10055 Rewrite verify_krb_v5_tgt() based on what heimdal's
10056 krb5_verify_user() does.
10059 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
10062 The U suffix on constants is an ANSI feature
10065 * configure, configure.in:
10066 Add check for ber_set_option() in -llber
10069 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
10072 default if no nsswitch.conf is files only
10075 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
10078 don't tell people to mail aaron about LDAP stuff
10082 timelimit and bind_timelimit
10090 Move ldap.secret reading into a separate function.
10094 user_runas -> runas_pw
10097 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
10103 * check.c, sudo.pod, sudoers.pod:
10104 Add and document the %p escape in the password prompt. Based on a
10105 patch from Patrick Schoenfeld.
10109 Check strlcpy() return values.
10113 refactor ldap binding code into sudo_ldap_bind_s()
10117 Make it clear that host and uri can take multiple parameters. URI is
10118 now supported for more than just openldap nsswitch.conf does't
10123 comment cleanup and update (c) year
10126 * parse.c, sudo_nss.c:
10127 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
10128 This should make it possible to build an LDAP-only sudo binary.
10131 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
10132 Improve chaining of multiple sudoers sources by passing in the
10133 previous return value to the next in the chain
10137 Free up parser data structures in sudo_file_close().
10141 Free up parser data structures in sudo_file_close().
10145 Parse uri ourself if no ldap_initialize() is present Use
10146 ldap_create() instead of deprecated ldap_init() Use
10147 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
10150 * config.h.in, configure, configure.in:
10151 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
10155 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
10157 * config.h.in, configure, configure.in:
10158 add check for ldap_create
10161 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
10163 * config.h.in, configure, configure.in, ldap.c:
10164 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
10165 dn using the mechanism appropriate for the LDAP SDK in use. Use
10166 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
10167 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
10174 * config.h.in, configure.in:
10175 fix typo in mtim_getnsec
10178 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
10180 * config.h.in, configure, configure.in:
10181 add check for st__tim in struct stat as used by SCO
10185 use ldap_search_ext_s instead of deprecated ldap_search_s
10188 * Makefile.in, TODO, sudo.cat, sudo.man.in:
10189 add sudo_nss.h to HDRS
10193 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
10197 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
10200 Use ldap_get_values_len()/ldap_value_free_len() instead of the
10201 deprecated ldap_get_values()/ldap_value_free().
10212 * gettime.c, sudo.c:
10213 Remove some already fixed XXXs
10217 Same return value as non-existent sudoers if LDAP was unable to
10222 mention /etc/environment
10225 * README.LDAP, UPGRADE, WHATSNEW:
10226 Update to reflect recent developments.
10230 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
10234 When building up a query don't list groups in the aux group vector
10235 that are the same as the passwd file group. On most systems the
10236 first gid in the group vector is the same as the passwd entry gid.
10240 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
10241 ldaprc and system defaults that could affect how LDAP works.
10244 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
10245 sudo_nss.c, sudo_nss.h:
10246 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
10247 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
10248 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
10249 file and --with-ldap-secret-file
10253 Honor def_ignore_local_sudoers
10256 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
10259 no longer need to check def_ignore_local_sudoers here
10263 Refactor group vector resetting into a function and also call it
10264 from display_cmnd. Stop after the first sucessful match in
10265 display_cmnd. Print a newline between each display_privs method.
10269 fix double free introduced in rev 1.218
10273 belt and suspenders; zero out result after freeing it
10276 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
10277 Refactor line reading into a separate function, sudo_parseln(),
10278 which removes comments, leading/trailing whitespace and newlines.
10279 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
10283 Make the inability to read the sudoers file a non-fatal error if
10284 there are other sudoers sources available. sudoers_file_lookup now
10285 returns "not OK" if sudoers was not present
10289 make it clear that the global options are from LDAP
10293 allocate proper amount of space for error string
10296 * sudo_nss.c, sudo_nss.h:
10297 actual sudo nss code
10300 * ldap.c, parse.c, sudo.c, sudo.h:
10301 nss-ify display_privs and display_cmnd.
10304 * defaults.c, parse.c, testsudoers.c, visudo.c:
10305 move update_defaults() to parse.c
10308 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
10309 Use nsswitch to hide some sudoers vs. ldap implementation details
10310 and reduce the number of #ifdef LDAP TODO: fix display routines and
10314 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
10316 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
10317 First cut at nsswitch.conf support. Further reorganizaton and
10318 related changes are forthcoming.
10321 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
10323 * env.c, pathnames.h.in, sudo.c, sudo.h:
10324 Add support for reading and /etc/environment file. Still needs to
10325 be documented and should probably only applies to OSes that have it
10326 (AIX and Linux, maybe others).
10333 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
10339 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
10346 Add an example sudoRole, clarify netscape vs. openldap a bit more
10350 Be clear on what is OpenLDAP vs. Netscape-derived
10353 * config.h.in, configure, configure.in, ldap.c:
10354 Use ldapssl_init() for ldaps support instead of trying to do it
10355 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
10356 and tls_key for cert7.db and key3.db respectively. Don't print
10357 debugging info for options that are not set. Add warning if
10358 start_tls specified when not supported.
10362 fix compilation on solaris
10366 add missing .h and .c files for missing lib objs
10369 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
10372 fix LDAP_OPT_NETWORK_TIMEOUT setting
10376 fix compilation on Solaris
10379 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
10381 * configure, configure.in:
10386 try to clear up which variables are for OpenLDAP and which are for
10387 netscape-derived SDKs
10390 * config.h.in, configure, configure.in, ldap.c:
10391 Add support for "ssl on" in both netscape and openldap flavors. Only
10392 the OpenLDAP flavor has been tested.
10395 * logging.c, sudo.c, sudo.h:
10396 Call cleanup() before exit in log_error() instead of calling
10397 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
10404 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
10406 * logging.c, sudo.c, sudo.h:
10407 Better ldap cleanup.
10411 Distinguish between LDAP conf settings that are connection-specific
10412 (which take an ld pointer) and those that are default settings
10416 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
10419 Improved warnings on error.
10423 Make ldap config table driven and set the config *after* we open the
10427 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
10430 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
10433 * configure, configure.in:
10434 some operating systems need to link with -lkrb5support when using
10438 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
10444 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
10448 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
10454 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
10455 add -g support for LDAP
10458 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
10460 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
10461 The -i and -s flags can now take an optional command.
10464 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
10466 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
10468 Add passprompt_override flag to sudoers that will cause the prompt
10469 to be overridden in all cases. This flag is also set when the user
10470 specifies the -p flag.
10474 Move setting of login class until after sudoers has been parsed. Set
10475 NewArgv[0] for -i after runas_pw has been set.
10478 * configure, configure.in:
10479 Move the dgettext check.
10482 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
10484 * auth/pam.c, config.h.in, configure, configure.in:
10485 Add basic support for looking up the string "Password: " in the PAM
10486 localized text db. This allows us to determine whether the PAM
10487 prompt is the default "Password: " one even if it has been
10490 TODO: concatenate non-std PAM prompts and user-specified sudo
10494 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
10496 * Makefile.in, config.h.in, configure, configure.in, parse.c,
10497 set_perms.c, sudo.c, sudo.h:
10498 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
10502 * acsite.m4, configure, interfaces.c, memrchr.c:
10503 Fix typos; Martynas Venckus
10506 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
10509 Don't assume runas_pw is set; it may not be in the -g case.
10512 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
10514 * logging.c, set_perms.c:
10515 Set aux group vector for PERM_RUNAS and restore group vector for
10516 PERM_ROOT if we previously changed it. Stash the runas group vector
10517 so we don't have to call initgroups more than once. Also add no-op
10518 check to check_perms.
10521 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
10523 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
10524 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
10525 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
10526 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
10527 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
10528 Add support for runas groups. This allows the user to run a command
10529 with a different effective group. If the -g option is specified
10530 without -u the command will be run as the current user (only the
10531 group will change). the -g and -u options may be used together.
10532 TODO: implement runas group for ldap improve runas group
10533 documentation add testsudoers support
10536 * configure, configure.in:
10537 fix setting of mandir
10540 * sudo.pod, sudoers.pod:
10541 document that ALL implies SETENV
10545 s/setenv_ok/setenv_implied/g
10549 hostname_matches() returns TRUE on match in sudo 1.7.
10553 use strcmp, not strcasecmp when comparing ALL
10557 Make sudo ALL imply setenv. Note that unlike with file-based
10558 sudoers this does affect all the commands in the sudoRole.
10561 * gram.c, gram.y, parse.c, parse.h:
10562 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
10563 it is not passed on to other commands in the list.
10567 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
10568 sudo_getpwuid() instead of getpwuid().
10571 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
10574 Expand on the dangers of not using visudo to edit sudoers.
10577 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
10580 Don't quote *?[]! on output since the lexer does not strip off the
10581 backslash when reading those in.
10584 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
10587 expand "u_foo" types to "unsigned foo" to avoid compatibility
10591 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
10594 Refactor log line generation in to new_logline().
10597 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
10603 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
10605 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
10607 Add configure check for struct in6_addr instead of relying on
10608 AF_INET6 since some systems define AF_INET6 but do not include IPv6
10612 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
10614 * configure, configure.in:
10615 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
10619 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
10621 * configure, configure.in:
10622 POSIX states that struct timespec be declared in time.h so check
10623 there regardless of the value of TIME_WITH_SYS_TIME.
10626 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
10629 Instead of defining a macro to call the appropriate method for
10630 turning on/off echo, just define tc[gs]etattr() and the related
10631 defines that use the correct terminal ioctls if needed. Also go back
10632 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
10635 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
10645 * INSTALL, auth/pam.c, config.h.in, configure.in:
10646 Add --disable-pam-session configure option to disable calling
10647 pam_{open,close}_session. May work around bugs in some PAM
10651 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
10658 Avoid printing the prompt if we are already backgrounded. E.g. if
10659 the user runs "sudo foo &" from the shell. In this case, the call
10660 to tcsetattr() will cause SIGTTOU to be delivered.
10663 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
10665 * def_data.c, def_data.h, def_data.in:
10666 Reorder things such that the definition of env_reset come right
10667 before the env variable lists.
10671 Shrink type and seqno in struct alias from int to u_short
10674 * alias.c, match.c, parse.c, parse.h:
10675 Add a sequence number in the aliases for loop detection. If we find
10676 an alias with the seqno already set to the current (global) value we
10677 know we've visited it before so ignore it.
10680 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
10682 * TODO, auth/pam.c, sudo.c, sudo.h:
10683 PAM wants the full tty path so add user_ttypath which holds the full
10684 path to the tty or is NULL if no tty was present.
10688 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
10692 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
10698 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
10699 parse.h, testsudoers.c, visudo.c:
10703 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
10706 remove some useless casts
10710 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
10711 predates the final C99 spec and the standard specifies that it shall
10712 include stdint.h anyway
10715 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
10717 * Makefile.in, alloca.c, configure.in:
10718 Since we ship with a pre-generated parser there is no need to ship a
10719 bogus alloca implementation.
10727 remove initial setting of CHECKSIA, we require that it be unset if
10740 only do SIA checks on Digital Unix
10743 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
10745 * sudoers.cat, sudoers.man.in:
10754 Remove call to krb5_cc_register() as it is not needed for modern
10762 * aclocal.m4, configure.in:
10763 New method for setting the default authentication type and avoiding
10764 conflicts in auth types.
10767 * match.c, parse.c, testsudoers.c:
10768 Each entry in a cmndlist now has an associated runaslist so no need
10769 to keep track of the most recent non-NULL one.
10772 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
10775 back out partial ldaps support mistakenly committed
10779 Add support for unix groups and netgroups in sudoRunas
10782 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
10785 Fix sudoedit of a non-existent file. From Tilo Stritzky.
10788 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
10795 update --passprompt escape info
10799 remove now-bogus comment and update copyright date
10803 Fix up use of with_passwd
10806 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
10807 Update to autoconf-2.61 andf libtool-1.5.24
10811 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
10814 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
10821 move tags and runaslist propagation to be earlier
10825 If -f flag given use the permissions of the original file as a
10830 prevent a double free() when re-initing the parser
10833 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
10839 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
10840 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
10841 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
10842 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
10843 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
10844 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
10845 Remove support for compilers that don't support void *
10852 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
10853 parse.c, parse.h, testsudoers.c, visudo.c:
10854 Move list manipulation macros to list.h and create C versions of the
10855 more complex ones in list.c. The names have been down-cased so they
10856 appear more like normal functions.
10860 Fix cmp command when regenerating parser. Make gram.o the first
10861 dependency for all programs so gram.h will be generated before
10862 anything that needs it.
10866 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
10869 * match.c, parse.c, testsudoers.c:
10870 Use LH_FOREACH_REV when checking permission and short-circuit on the
10871 first non-UNSPEC hit we get for the command. This means that
10872 instead of cycling through the all the parsed sudoers entries we
10873 start at the end and work backwards and quit after the first
10874 positive or negative match.
10881 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
10882 Change list head macros to take a pointer, not a struct.
10890 Propagate the runasspec from one command to the next in a cmndspec.
10893 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
10896 Replace has_meta() with a macro that calls strpbrk().
10902 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
10903 testsudoers.c, visudo.c:
10904 Use a list head struct when storing the semi-circular lists and
10905 convert to tail queues in the process. This will allow us to
10906 reverse foreach loops more easily and it makes it clearer which
10907 functions expect a list as opposed to a single member.
10909 Add macros for manipulating lists. Some of these should become
10912 When freeing up a list, just pop off the last item in the queue
10913 instead of going from head to tail. This is simpler since we don't
10914 have to stash a pointer to the next member, we always just use the
10915 last one in the queue until the queue is empty.
10917 Rename match functions that take a list to have list in the name.
10918 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
10922 Fix pasto, append "!" not negated (which is an int) for sudo -l
10927 Remove the dependency of gram .h on gram.y, the .c dependency is
10928 enough. Only move y.tab.h to gram.h if it is different; avoids
10929 needless rebuilding.
10932 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
10935 Defaults lines may be associated with lists of users, hosts,
10936 commands and runas users, not just single entries.
10939 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
10942 Revert the "cmp" portion of the last diff, it doesn't make sense.
10946 Remove *.lo for clean: When generating the parser, only move the
10947 generated files into place if they differ from the existing ones.
10950 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
10953 Replace IPV6 regexp with a much simpler (readable) one and add an
10954 extra check when it matches to make sure we have a valid address.
10958 Fix thinko introduced when merging IPV6 support.
10961 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
10963 * HISTORY, LICENSE:
10972 mention #uid vs. comment pitfall
10976 Merge in a patch from the libtool cvs that fixes a problem with the
10977 latest autoconf. From Stepan Kasal.
10981 Back out he XOR swap trick, it is slower than a temp variable on
10990 Convert the tail queue to a semi-circle queue and use the XOR swap
10991 trick to swap the prev pointers during append.
10994 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
10997 remove useless statement
11001 Refactor #include parsing into a separate function and return
11002 unparsed chars (such as newline or comment) back to the lexer.
11005 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
11008 mention better uid support
11012 Users may now consist of a uid.
11015 * gram.c, gram.h, toke.c:
11020 Use lbuf_append_quoted() for sudo -l output to quote characters that
11021 would require quoting in sudoers.
11025 Add lbuf_append_quoted() which takes a set of characters which
11026 should be quoted with a backslash when displayed.
11030 Require that the first character after a comment not be a digit or a
11031 dash. This allows us to remove the GOTRUNAS state and treat
11032 uid/gids similar to other words. It also means that we can now
11033 specify uids in User_Lists and a User_Spec may now contain a uid.
11037 Replace RUNAS token with '(' and ')' tokens to make the runas
11038 portion of the grammar more natural.
11042 The BUGS file is history
11045 * Makefile.in, README:
11046 The BUGS file is history
11049 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
11052 Allow comments after a RunasAlias as long as the character after the
11053 pound sign isn't a digit or a dash.
11057 Glob support was back-ported to 1.6.9
11060 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
11063 remove sudo_usage.h in distclean
11067 If a Defaults value contains a blank, double-quote the string.
11071 Properly deal with Defaults double-quoted strings that span multiple
11072 lines using the line continuation char. Previously, the entire
11073 thing, including the continuation char, newline, and spaces was
11078 Be consistent when using single quotes and backticks.
11081 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
11083 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
11084 sudo.c, sudo_usage.h.in:
11085 Add new linebuf code to do appends of dynamically allocated strings
11086 and word-wrapped output. Currently used for sudo's usage() and sudo
11087 -l output. Sudo usage strings are now in sudo_usage.h which is
11088 generated at configure time.
11091 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
11093 * parse.c, sudo.c, sudo.h:
11094 Fix line wrapping in usage() and use the actual tty width instead of
11098 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
11105 Mentioned Chris Jepeway's parser and also the new one that is in
11109 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
11111 * sudo.pod, visudo.pod:
11112 For the options list, add flag args where appropriate and increase
11113 the indent level so there is room for them.
11116 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
11119 Fix some spacing in "sudo -l" and add a comment about some bogosity
11120 in the line wrapping.
11123 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11128 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
11129 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
11130 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
11131 testsudoers.c, toke.c, toke.l:
11132 Remove monitor support until there is a versino of systrace that
11133 uses a lookaside buffer (or we have a better mechanism to use).
11136 * config.h.in, configure, configure.in, sudo.c:
11137 use getaddrinfo() instead of gethostbyname() if it is available
11140 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
11143 Deal with OSes where sizeof(gid_t) < sizeof(int).
11147 repair non-getifaddrs() code after ipv6 integration
11151 If we can open sudoers but fail to read the first byte, close the
11152 file stream before trying again.
11155 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
11161 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
11162 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
11165 * sudo.pod, sudoers.pod, visudo.pod:
11166 Add some missing markup Update copyright
11169 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
11171 * configure, configure.in:
11172 fix sudo_noexec extension which got broken in the libtool update
11175 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
11178 explicitly specify -Tascii to nroff
11181 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
11184 remove an ANSI-ism that crept in
11187 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
11190 Adjust list indents Prevent -- from being turned into an em dash Use
11191 a list for the environment instead of a literal paragraph
11195 Use a list for the environment instead of an indented literal
11200 Adjust list indentation
11207 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
11210 mention that when specifying a uid for the -u option the shell may
11211 require that the # be escaped
11214 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
11217 Fix off by one in group matching.
11220 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
11223 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
11226 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
11228 * configure, configure.in:
11229 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
11230 -lgssapi_krb5 case.
11233 * aclocal.m4, configure, configure.in:
11234 Fix link tests such that new gcc doesn't optimize away the test.
11237 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
11239 * sudo.pod, sudoers.pod, visudo.pod:
11240 add missing over/back
11243 * sudo.pod, sudoers.pod, visudo.pod:
11244 Change FILES section to use =item
11248 Add back allocation of the env struct in rebuild_env but save a copy
11249 of the old pointer and free it before returning.
11253 Don't init the private environment in rebuild_env() since it may
11254 have already been done implicitly sudo_setenv/sudo_unsetenv.
11256 Multiply length by sizeof(char *) in memcpy/memmove when copying the
11257 environment so we copy the full thing.
11259 Add missing set of parens so we deref the right pointer in
11260 sudo_unsetenv when searching for a matching variable.
11263 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
11265 * sudo.pod, sudoers.pod, visudo.pod:
11266 Use file markup for paths in the FILES section
11269 * sudo.pod, sudoers.pod, visudo.pod:
11270 Don't capitalize sudo/visudo
11274 Sort sudoers options; based on a diff from Igor Sobrado.
11277 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
11279 * sudo.pod, sudoers.pod, visudo.pod:
11280 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
11281 latter confuses pod2man. The Makefile rules for the .man.in file
11282 will add @mansectsu@ and @mansectform@ back in after pod2man is done
11286 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
11288 * LICENSE, Makefile.in, license.pod:
11289 Move license info to pod format
11292 * configure, configure.in, sudoers.pod:
11293 Substitute value of path_info into sudoers man page.
11297 remove features that were back-ported to 1.6.9
11300 * sudo.c, sudo.pod, visudo.c, visudo.pod:
11301 Sort SYNOPSIS and sync usage. From Igor Sobrado.
11305 Only need sudo_setenv/sudo_unsetenv if we are going to use
11306 ldap_sasl_interactive_bind_s() but don't have
11307 gss_krb5_ccache_name().
11311 rebuild without branch info
11315 Add ChangeLog target
11319 Run cleanup code if the user hits ^C at the password prompt.
11323 Some versions of pam_lastlog have a bug that will cause a crash if
11324 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
11328 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
11331 ChageLog not Changelog
11339 CHANGE -> Changelog
11346 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
11348 * config.h.in, configure, configure.in, ldap.c:
11349 Add configure hooks for gss_krb5_ccache_name() and the gssapi
11353 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
11356 rebuild_env() and insert_env_vars() no longer return environment
11357 pointer, they set environ directly.
11359 No longer need to pass around an envp pointer since we just operate
11362 Add dosync argument to insert_env() that indicates whether it should
11363 reset environ when realloc()ing env.envp.
11365 Use an initial size of 128 for the environment.
11369 Split sudo_setenv() into an external version and a version only for
11370 use by rebuild_env().
11373 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
11376 Add support for using gss_krb5_ccache_name() instead of setting
11377 KRB5CCNAME. Also use sudo_unsetenv() in the non-
11378 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
11379 original environment. TODO: configure setup for
11380 gss_krb5_ccache_name()
11387 * README.LDAP, ldap.c:
11388 Add support for sasl_secprops in ldap.conf
11392 Add sudo_unsetenv() and refactor private env syncing code into
11396 * README.LDAP, ldap.c:
11397 The ldap.conf variable is sasl_auth_id not sasl_authid.
11400 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
11402 * ldap.c, sudo.c, sudo.h:
11403 Add support for krb5_ccname in ldap.conf. If specified, it will
11404 override the default value of KRB5CCNAME in the environment for the
11405 duration of the call to ldap_sasl_interactive_bind_s().
11409 Remove format_env() Add sudo_setenv() to replace most format_env() +
11410 insert_env() combinations. insert_env() no longer takes a struct
11415 Fix use_sasl vs. rootuse_sasl logic.
11418 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
11419 Add support for SASL auth when connecting to an LDAP server. Adapted
11420 from a diff by Tom McLaughlin.
11423 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
11425 * configure, configure.in:
11426 Only enable AIX or BSD auth if no other exclusive auth method has
11427 been chosen. Allows people to e.g., use PAM on AIX without adding
11428 --without-aixauth. A better solution is needed to deal with default
11429 authentication since if a non-exclusive method is chosen we will
11430 still get an error.
11433 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
11435 * HISTORY, Makefile.in, history.pod:
11436 Generate HISTORY from history.pod (which is also used for web pages)
11439 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
11441 * sudo.man.in, sudoers.man.in:
11446 Better explanation of environment handling in the sudo man page.
11450 Defer setting user-specified env vars until after authentication.
11454 honor def_default_path for PATH set on the command line
11457 * env.c, sudo.c, sudo.pod, sudoers.pod:
11458 Allow user to set environment variables on the command line as long
11459 as they are allowed by env_keep and env_check. Ie: apply the same
11460 restrictions as normal environment variables. TODO: deal with
11464 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
11466 * sudo.c, sudo_edit.c:
11467 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
11468 Don't allow -E or env var setting in sudoedit mode. More accurate
11469 usage() when called as sudoedit.
11477 add -c option to sudoedit synopsis
11485 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
11486 value from {user,host,runas,cmnd}_matches(). Rename *matches
11487 variables -> *match. Purely cosmetic.
11491 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
11499 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
11502 Make pwcheck local to the pwflag block. Use pwcheck even if user
11503 didn't match since Defaults options may still apply.
11507 Do not update timestamp if user not validated by sudoers.
11511 for PERM_RUNAS, set the egid to the runas user's gid and restore to
11512 the user's original in PERM_ROOT
11515 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
11516 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
11521 don't check timestamp mtime if we are just going to remove it
11525 Move sudoers defaults parameters into their own section.
11529 Reduce a level of indent by a few placed continue statements.
11533 Make matching but negated commands/hosts/runas entries override a
11534 previous match as expected. Also reduce some levels of indent by a
11535 few placed continue statements.
11538 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
11541 Print default runas in "sudo -l" if sudoers don't specify one.
11545 Less hacky way of testing whether the domain was set.
11548 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
11551 Mention pam-devel and openldap-devel for Linux
11554 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
11560 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
11563 fix typo in Solaris project support
11571 Make -- on the command line match the manual page. The implied shell
11572 case has been simplified as a result.
11575 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
11578 add simplistic support for sudoRunas; note that if a sudoers entry
11579 contains multiple Runas users, all will apply to the sudoRole
11583 honor SETENV and NOSETENV tags
11586 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
11589 Redo setting of user_args. We now build up a private copy of argv
11590 first and then replace the NULs?with spaces.
11594 getcwd() returns NULL on failure, not 0 on success
11598 allow chunksiz to reach 1 before erroring out
11601 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11606 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
11608 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
11609 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
11611 Add support for setting environment variables on the command line.
11612 This is only allowed if the setenv sudoers options is enabled or if
11613 the command is prefixed with the SETENV tag.
11617 replace Aaron's email address with the sudo-workers list
11624 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
11626 * schema.OpenLDAP, schema.iPlanet:
11627 Break schema out into separate files.
11630 * Makefile.in, README.LDAP:
11631 Break schema out into separate files.
11634 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
11637 free message if set by authenticate()
11641 deal with NULL gr_mem
11644 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
11651 add template for HAVE_PROJECT_H
11658 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
11661 mention --with-project
11664 * config.h.in, configure.in, sudo.c:
11665 Add Solaris 10 "project" support. From Michael Brantley.
11677 Fix preservation of LDFLAGS in the LDAP case.
11681 Remove dependecy on NULL
11688 * aclocal.m4, configure.in:
11689 Can't use the regular autoconf fnmatch() check since we need
11690 FNM_CASEFOLD so go back to our custom one.
11694 Fix preserving of variables in env_keep.
11702 expand upon env resetting and mention that it began in 1.6.9 not
11707 Update descriptions of env_keep and env_check to match current
11711 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
11714 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
11715 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
11718 * env.c, logging.c:
11719 Treat USERNAME environemnt variable like LOGNAME/USER
11723 Don't need to populate keepenv table with the contents of the
11728 Don't force sudo into the C locale.
11732 Make env_check apply when env_reset it true. Environment variables
11733 are passed through unless they contain '/' or '%'. There is no need
11734 to have a variable in both env_check and env_keep.
11737 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
11740 Remove an duplicate lock_file() call and add a comment.
11744 Add sudo 1.6.9 upgrade note.
11747 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
11750 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
11751 small. From Klaus Wagner.
11754 * logging.c, sudo.h:
11755 Redo the long syslog line splitting based on a patch from Eygene
11756 Ryabinkin. Include memrchr() for systems without it.
11760 Redo the long syslog line splitting based on a patch from Eygene
11761 Ryabinkin. Include memrchr() for systems without it.
11764 * Makefile.in, config.h.in, configure, configure.in:
11765 Redo the long syslog line splitting based on a patch from Eygene
11766 Ryabinkin. Include memrchr() for systems without it.
11770 Since we need to be able to convert timespec to timeval for utimes()
11771 the last 3 digits in the tv_nsec are not significant. This makes the
11772 sudoedit file date comparison work again.
11775 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
11777 * aclocal.m4, configure, configure.in:
11778 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
11779 This deals with exclusive authentication methods in a simple way.
11782 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
11785 mkstemp.c is BSD code too.
11788 * sudo.pod, sudoers.pod, visudo.pod:
11789 No commercial support for now.
11792 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
11795 cleanenv() is no more.
11798 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
11801 Display branch info in Changelog
11805 Include config.h early so we have it for TIME_WITH_SYS_TIME
11809 Fix Changelog generation and update.
11812 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
11815 Use /proc/self/fd instead of /proc/$$/fd
11817 Move old-style fd closing into closefrom_fallback() and call that if
11818 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
11821 * auth/kerb5.c, config.h.in, configure.in:
11822 o use krb5_verify_user() if available instead of doing it by hand o
11823 use krb5_init_secure_context() if we have it o pass an encryption
11824 type of 0 to krb5_kt_read_service_key() instead of
11825 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
11829 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
11833 Fix closefrom() substitution in the Makefile
11837 Mention alternate sudo pronunciation.
11840 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
11843 Remove KRB5_KTNAME from environment. Allow COLORTERM.
11847 If we cannot get a valid service key using the default keytab it is
11848 a fatal error. Fixes a bug where sudo could be tricked into
11849 allowing access when it should not by a fake KDC. From Thor Lancelot
11853 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
11855 * aclocal.m4, configure, configure.in:
11856 Update long long checks to use AC_CHECK_TYPES and to cache values.
11859 * aclocal.m4, configure.in:
11860 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
11861 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
11865 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
11867 * configure, configure.in:
11868 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
11869 need it for visudo now too.
11872 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
11875 Attempt to clarify the bit talking about network numbers w/o
11880 Clarify timestamp dir ownership sentence.
11883 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
11886 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
11890 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
11893 -i is also one of the mutually exclusive options to list it in the
11894 warning message. Noted by Chris Pepper.
11897 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
11900 The sudoers variable is env_editor, not enveditor. From Jean-
11904 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
11907 I tracked down the original author so credit him and include his
11911 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
11913 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
11915 Fix typos; from Jason McIntyre.
11919 Restore signal mask before calling reapchild(). Fixes a possible
11920 race condition that could prevent sudo from properly waiting for the
11924 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
11927 Don't declare pw_free() if we are not going to use it.
11931 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
11932 LDR_PRELOAD64. The 64-bit version is not currently supported.
11933 Remove zero_env() prototype as it no longer exists.
11936 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
11939 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
11942 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
11945 If the user enters ^C at the password prompt, abort instead of
11946 trying to authenticate with an empty password (which causes an
11950 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
11952 * closefrom.c, config.h.in, configure, configure.in:
11953 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
11958 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
11961 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
11963 * config.guess, config.sub:
11964 Update to latest versions from cvs.savannah.gnu.org
11967 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
11969 * pwutil.c, sudo_edit.c:
11970 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
11971 we can close the passwd/group files early.
11974 * config.h.in, configure, configure.in, set_perms.c:
11975 Add seteuid() flavor of set_perms() for systems without setreuid()
11976 or setresuid() that have a working seteuid(). Tested on Darwin.
11979 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
11982 systrace_read() returns ssize_t
11985 * configure, configure.in:
11986 Fix typo, -lldap vs. -ldap; from Tim Knox.
11989 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
11992 Fix typo; Matt Ackeret
11995 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
11998 Print sudoers path in -V mode for root.
12001 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
12004 Do a sub tree search instead of a base search (one level in the tree
12005 only) for sudo right objects. This allows system administrators to
12006 categorize the rights in a tree to make them easier to manage.
12009 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
12015 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
12018 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
12019 bind_timelimit support; adapted from gentoo.
12022 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
12025 Support comments that start in the middle of a line
12028 * configure, configure.in:
12029 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
12032 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
12035 Silence gcc -Wsign-compare; djm@openbsd.org
12038 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
12039 cleanup() now takes an int as an arg so it can be used as a signal
12044 Make a copy of the shell field in the passwd struct for NewArgv to
12045 avoid a use after free situation after sudo_endpwent() is called.
12048 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
12050 * config.h.in, configure, configure.in:
12051 Add mkstemp() for those poor souls without it.
12055 Add mkstemp() for those poor souls without it.
12059 Add mkstemp() for those poor souls without it.
12062 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
12065 Add PERL5DB to list of environment variables to remove.
12068 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
12070 * mon_systrace.c, mon_systrace.h:
12071 Instead of calling the check function twice with a state cookie use
12072 separate check/log functions.
12074 Check more ioctl() calls for failure.
12076 systrace_{read,write} now return the number of bytes read/written or
12081 Add more environment variables to remove; from gentoo linux Add some
12082 comments about what bad env variables go to what (more to do)
12085 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
12087 * sudo.c, sudo_edit.c:
12088 Move sudo_end{gr,pw}ent() until just before the exec since they free
12089 up our cached copy of the passwd structs, including sudo_user and
12090 sudo_runas. Fixes a use-after-free bug.
12094 Close all fd's before executing editor.
12098 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
12102 Fix fd leak when lecture file option is enabled. From Jerry Brown
12105 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
12108 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
12109 environment variables to remove. From Charles Morris
12112 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
12115 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
12118 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
12121 add PS4 and SHELLOPTS to initial_badenv_table for bash
12124 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
12127 Fix typo; Toby Peterson
12130 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
12133 Make return buffers static so they don't get clobbered
12136 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
12139 Fix securid5 authentication, was not checking for ACM_OK. Also add
12140 default cases for the two switch()es. Problem noted by ccon at
12144 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
12147 Remove ncat() in favor of just counting bytes and pre-allocating
12151 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
12154 Fix up some comments Add missing fclose() for the rootbinddn case
12158 align struct ldap_config
12162 use LINE_MAX for max conf file line size
12166 add _PATH_LDAP_SECRET
12170 Mention rootbinddn Give example ou=SUDOers container
12173 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
12175 * INSTALL, configure, configure.in, ldap.c:
12176 Support rootbinddn in ldap.conf
12179 * env.c, sudo.pod, sudoers.pod:
12180 Preserve DISPLAY environment variable by default.
12183 * acsite.m4, configure:
12184 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
12187 * acsite.m4, configure:
12188 set need_version=no for all cases; this is safe for LD_PRELOAD
12195 * configure, configure.in:
12200 Fix call to pam_end() when pam_open_session() fails.
12208 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
12209 ltsugar.m4 ltversion.m4
12212 * config.guess, config.sub, ltmain.sh:
12213 merge in local changes: config.guess: o better openbsd support
12214 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
12215 libs must begin with "lib" o don't print a bunch of crap about
12216 library installs o don't run ldconfig
12219 * config.guess, config.sub, ltmain.sh:
12224 Update with autoupdate and make minor changes for libtool 1.9f
12227 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
12230 don't call sudo_ldap_display_cmnd if ldap not setup
12233 * sudo_edit.c, visudo.c:
12234 Move declatation of struct timespec to its own include files for
12235 systems without it since it needs time_t defined.
12239 Move declatation of struct timespec to its own include files for
12240 systems without it since it needs time_t defined.
12244 Move declatation of struct timespec to its own include files for
12245 systems without it since it needs time_t defined.
12249 Move declatation of struct timespec to its own include files for
12250 systems without it since it needs time_t defined.
12253 * check.c, compat.h:
12254 Move declatation of struct timespec to its own include files for
12255 systems without it since it needs time_t defined.
12259 Don't set safe_cmnd for the "sudo ALL" case.
12262 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
12265 Call pam_open_session() and pam_close_session() to give pam_limits a
12266 chance to run. Idea from Karel Zak.
12269 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
12272 Add explicit cast from mode_t -> u_int in printf to silence warnings
12277 include grp.h to silence a warning on Solaris
12280 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
12283 Fix printing of += and -= defaults.
12286 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
12289 Sanity check number of syscall args with argsize. Not really needed
12290 but a little paranoia never hurts.
12293 * mon_systrace.c, mon_systrace.h:
12294 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
12295 for systrace lengths (since it uses int)
12298 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
12301 Add some memsets for paranoia Fix namespace collsion w/ error Check
12302 rval of decode_args() and update_env() Remove improper setting of
12306 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
12308 * parse.c, sudo.c, sudo.h:
12309 In -l mode, only check local sudoers file if def_ignore_sudoers is
12310 not set and call LDAP versions from display_privs() and
12311 display_cmnd() instead of directly from main(). Because of this we
12312 need to defer closing the ldap connection until after -l processing
12313 has ocurred and we must pass in the ldap pointer to display_privs()
12314 and display_cmnd().
12318 Reorganize LDAP code to better match normal sudoers parsing.
12319 Instead of storing strings for later printing in -l mode we do
12320 another query since the authenticating user and the user being
12321 listed may not be the same (the new -U flag). Also add support for
12324 There is still a fair bit if duplicated code that can probably be
12328 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
12331 Replace pass variable with do_netgr for better readability.
12339 estrdup, not strdup
12342 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
12345 Add macro to test if the tag changed to improve readability.
12349 Avoid printing defaults header if there are no defaults to print...
12353 Fix a warning on systems without strlcpy().
12357 Use macros where possible for sudo_grdup() like sudo_pwdup().
12360 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
12363 It is possible for tv_usec to hold >= 1000000 usecs so add in
12367 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12370 The component in krb5_principal_get_comp_string() should be 1, not 0
12371 for Heimdal. From Alex Plotnick.
12374 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
12376 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
12377 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
12378 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
12379 Add efree() for consistency with emalloc() et al. Allows us to rely
12380 on C89 behavior (free(NULL) is valid) even on K&R.
12384 Move initgroups() for -U option into display_privs() so group
12385 matching in sudoers works correctly.
12388 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
12391 Removed duplicate call to ldap_unbind_s introduced along with
12396 Add missing space in Defaults printing
12399 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
12402 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
12406 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
12409 Zero old pw_passwd before replacing with version from shadow file.
12412 * configure, configure.in:
12413 Only attempt shadow password detection if PAM is not being used Add
12414 shadow_* variables to make shadow password detection more generic.
12418 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
12421 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
12424 use a non-breaking space to avoid a double space after e.g.
12428 commna, not colon after e.g.
12431 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12434 Add __ variants of the exec functions. GNU libc at least uses
12435 __execve() internally.
12439 Match reality a bit more.
12443 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
12447 Store shadow password after making a local copy of struct passwd in
12448 case normal and shadow routines use the same internal buffer in
12452 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
12454 * alloc.c, logging.c:
12455 Make varargs usage consistent with the rest of the code.
12458 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
12461 Wrap more of the exec family since on Linux the others do not appear
12462 to go through the normal execve() path.
12466 make print_unused static like proto says
12470 silence a warning on K&R systems
12473 * alias.c, error.c:
12474 make this build in K&R land
12478 make this build in K&R land
12481 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
12487 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
12490 return(foo) not return foo optimize _atobool() slightly
12498 Reformat to match the rest of sudo's code.
12502 I am the primary author
12505 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
12507 * Makefile.in, README, RUNSON:
12508 The RUNSON file is toast--it confused too many people and really
12509 isn't needed in a configure-oriented world.
12513 alternate -> alternative
12517 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
12522 Allow leading blanks before Defaults and Foo_Alias definitions
12526 fix rules to build toke.o and gram.o in devel mode
12529 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
12532 env_keep overrides set_logname
12536 Fix disabling set_logname and make env_keep override set_logname.
12539 * compat.h, config.h.in, configure, configure.in:
12540 No longer need memmove()
12544 Just clean the environment once. This assumes that any further
12545 setenv/putenv will be able to handle the fact that we replaced
12546 environ with our own malloc'd copy but all the implementations I've
12550 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
12553 In -i mode, base the value of insert_env()'s dupcheck flag on
12554 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
12557 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
12560 Move setting of user_path, user_shell, user_prompt and prev_user
12561 into init_vars() since user_shell at least is needed there.
12564 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
12571 Fix some printf format mismatches on error.
12575 Fix some printf format mismatches on error.
12578 * configure, gram.c, toke.c:
12582 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
12583 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
12584 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
12585 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
12586 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
12587 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
12588 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
12589 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
12590 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
12591 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
12592 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
12593 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
12594 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
12595 visudo.pod, zero_bytes.c:
12596 Update copyright years.
12599 * Makefile.binary.in:
12600 Update copyright years.
12604 Update copyright years.
12607 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
12612 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
12615 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
12617 * compat.h, logging.h, sudo.h:
12618 Add __printflike and use it with gcc to warn about printf-like
12622 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
12624 * CHANGES, ChangeLog:
12625 Replaced CHANGES file with ChangeLog generated from cvs logs
12629 Use warning/error instead of perror/fatal.
12633 Update OpenBSD section
12637 Add upgrading noted for 1.7
12640 * env.c, sudo.c, sudoers.pod:
12641 Instead of zeroing out the environment, just prune out entries based
12642 on the env_delete and env_check lists. Base building up the new
12643 environment on the current environment and the variables we removed
12647 * config.h.in, configure, configure.in, sudo.c:
12648 Set locale to "C" if locales are supported, just to be safe.
12652 Cast?argument to ctype functions to unsigned char.
12655 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
12658 correct value for DID_USER
12661 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
12662 #include <compat.h> not "compat.h"
12666 Reset the environment by default.
12670 Alloc an extra slot in NewArgv. Removes the need to malloc an new
12671 vector if execve() fails.
12674 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
12676 * INSTALL, config.h.in, configure, configure.in, sudo.c:
12677 Use execve(2) and wrap the command in sh if we get ENOEXEC.
12680 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
12683 Only include time.h on systems that lack struct timespec which gets
12684 defind in compat.h (using time_t).
12688 Include time.h for time_t in compat.h for systems w/o struct
12692 * compat.h, config.h.in, configure, configure.in:
12693 use bcopy on systems w/o memmove
12697 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
12702 Add explicit rule to build sudo_noexec.lo
12705 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
12707 * INSTALL.configure, Makefile.in:
12708 No longer depend on VPATH; pointed out a bunch of missed
12713 Help for PAM when account section is missing
12717 Give user a clue when there is a missing "account" section in the
12722 Better error handling.
12725 * config.h.in, configure, configure.in:
12726 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
12727 possible. Silences a warning about isblank() on linux.
12731 Fix typo (missing comma) that caused an incorrect number of args to
12732 be passed to log_error().
12735 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
12738 Don't try to destroy a tree we didn't create.
12741 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
12743 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
12744 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
12745 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
12746 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
12747 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
12748 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
12749 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
12750 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
12751 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
12752 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
12753 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
12754 Add __unused to rcsids
12757 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
12759 * configure, configure.in:
12760 Fix error message when mixing invalid auth types
12764 PAM, AIX auth, BSD auth and login_cap are now on by default if the
12768 * auth/sudo_auth.h, config.h.in:
12769 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
12773 Better checking for conflicting authentication methods Display the
12774 authentication methods used at the end of configure Rename --with-
12775 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
12776 --with-pam, --with-logincap by default on systems that support them
12777 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
12778 OSREV has full version number
12781 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
12783 * def_data.c, def_data.in, sudo.c, sudoers.pod:
12787 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
12790 Replace: test -n "$FOO" || FOO="bar"
12792 With: : ${FOO='bar'}
12795 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
12797 * pwutil.c, testsudoers.c, tsgetgrpw.c:
12798 Use function pointers to only call private passwd/group routines
12799 when using a nonstandard passwd/group file.
12802 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
12809 Can't use strtok() since it doesn't handle empty fields so add
12810 getpwent()/getgrent() functions and call those.
12813 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
12816 Fix dummied out toke.c and gram.c dependencies.
12820 Rename PARSESRCS -> GENERATED since it is only used in the clean
12821 target Add devdir variable and use it to specify the path to parser
12830 Add a devdir variables that defaults to $(srcdir) and is set to . if
12831 --devel was specified. Allows for proper dependecies building the
12836 Add support for custom passwd/group files.
12840 Build private copy of pwutil.o for testsudoers with MYPW defined so
12841 it uses our own passwd/group routines.
12845 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
12846 stubs instead. We can now just use the caching sudo_*{pw,gr}*
12847 functions in pwutil.c Add comment about wanting to call
12848 sudo_endpwent/sudo_endgrent in cleanup()
12852 Remove caching; we will just use what is in pwutil.c Use global
12853 buffers for passwd/group structs Rename functions from sudo_* to
12857 * logging.c, sudo.c:
12858 g/c pwcache_init/pwcache_destroy
12862 Undo last commit and add sudo_setspent and sudo_endspent instead.
12865 * getspwuid.c, pwutil.c:
12866 Move all but the shadow stuff from getspwuid.c to pwutil.c and
12867 pwcache_get and pwcache_put as they are no longer needed. Also add
12868 preprocessor magic to use private versions of the passwd and group
12869 routines if MYPW is defined (for use by testsudoers).
12873 zero out struct passwd/group before filling it in so if there are
12874 fields we don't handle they end up as 0.
12877 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
12882 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
12887 Passwd and group lookup routines for testsudoers that support
12888 alternate passwd and group files.
12891 * getspwuid.c, pwutil.c:
12892 Split off pw/gr cache and dup code into its own file. This allows
12893 visudo and testsudoers to use the pw/gr cache too.
12896 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
12899 Print Defaults info in "sudo -l" output and wrap lines based on the
12903 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
12905 * match.c, testsudoers.c, visudo.c:
12906 Only check group vector in usergr_matches() if we are matching the
12907 invoking or list user. Always check the group members, even if
12908 there was a group vector.
12911 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
12913 * LICENSE, Makefile.in, fnmatch.3:
12914 No longer bundle fnmatch.3
12921 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
12928 Sort command line options
12931 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
12932 sudo.pod, sudoers.pod:
12933 Add closefrom sudoers option to start closing at a point other than
12934 3. Add closefrom_override sudoers option and -C sudo flag to allow
12935 the user to specify a different closefrom starting point.
12939 Add _PATH_DEVNULL for those without it.
12943 no more UCB strcasecmp
12947 replace BSD licensed one with version derived from pdksh
12950 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
12957 Make sure stdin, stdout and stderr are open and dup them to
12961 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
12963 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
12964 add sudo_ldap_close
12967 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
12968 Use TIME_WITH_SYS_TIME
12971 * config.h.in, configure, configure.in:
12972 Add TIME_WITH_SYS_TIME_H
12975 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
12978 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
12979 unconditionally on darwin. From Toby Peterson.
12983 Check rbinsert() return value. In the case of faked up entries
12984 there is usually a negative response cached that we need to
12987 In pwfree() don't try to zero out a NULL pw_passwd pointer.
12991 Use the double fork trick to avoid the monitor process being waited
12992 for by the main program run through sudo.
12995 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
12998 Call initgroups() in -U mode so group matches work normally.
13001 * def_data.h, mkdefaults:
13002 Don't print a trailing comma for the last entry in enum def_tupple
13005 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
13007 * sudoers.cat, sudoers.man.in, sudoers.pod:
13008 Mention values when lecture, listpw and verifypw are used in boolean
13012 * def_data.c, def_data.in:
13013 verifypw when used in a boolean TRUE context should be "all", not
13017 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
13019 * def_data.in, defaults.c:
13020 Allow tuples that can be used as booleans to be used as boolean
13021 TRUE. In this case the 2nd possible value of the tuple is used for
13025 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
13027 * configure, configure.in:
13028 Correct the test for 2-parameter timespecsub
13032 Add strub struct definitions for passwd, timeval and timespec
13035 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
13036 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
13037 and fix a typo in the gettimeofday check.
13040 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
13042 * match.c, testsudoers.c:
13043 Deal with user_stat being NULL as it is for visudo and testsudoers.
13046 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
13047 Add -U option to use in conjunction with -l instead of -u. Add
13048 support for "sudo -l command" to test a specific command.
13051 * gram.c, gram.y, sudo.c:
13052 Set safe_cmnd after sudoers_lookup() if it has not been set.
13053 Previously it was set by sudo "ALL" in the parser but at that point
13054 the fully-qualified pathname has not yet been found.
13057 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
13059 * parse.c, testsudoers.c:
13060 Correctly handle multiple privileges per userspec and runas
13064 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
13067 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
13070 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
13073 make per-command defaults work with sudoedit
13076 * ldap.c, parse.c, sudo.c, sudo.h:
13077 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
13078 Instead, we just set the approriate defaults variable.
13081 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
13082 Document per-command Defaults.
13085 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
13086 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
13087 Add support for command-specific Defaults entries. E.g.
13088 Defaults!/usr/bin/vi noexec
13091 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
13092 Change an occurence of user_matches() -> runas_matches() missed
13093 previously runas_matches(), host_matches() and cmnd_matches() only
13094 really need to pass in a list of members. user_matches() still
13095 needs to pass in a passwd struct because of "sudo -l"
13099 Check def_authenticate, def_noexec and def_monitor when setting
13100 return flags. XXX May be better to just set the defaults directly
13101 and get rid of those flags.
13104 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
13105 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
13106 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
13107 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
13108 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
13109 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
13110 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
13111 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
13112 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
13113 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
13114 visudo.c, zero_bytes.c:
13115 Use: #include <config.h> Not: #include "config.h" That way we get
13116 the correct config.h when build dir != src dir
13120 Back out part of rev 1.263; fix -I order
13124 More robust parsing if #include; could be much better still.
13127 * sudo_edit.c, visudo.c:
13128 Make arg splitting in visudo and sudoedit consistent.
13131 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
13132 Split alias routines out into their own file.
13136 __attribute__ is already defined in compat.h
13140 quit() should not be __noreturn__ as it is non-void on some
13144 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
13145 Add local error/warning functions like err/warn but that call an
13146 additional cleanup routine in the error case. This means we no
13147 longer need to compile a special version of alloc.o for visudo.
13151 Clarify comments about the data structures
13154 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
13157 Add support for VISUAL and EDITOR containing command line args. If
13158 env_editor is not set any args in VISUAL and EDITOR are ignored.
13159 Arguments are also now supported in def_editor.
13162 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
13165 alias_matches() is no more
13173 When regenerating the parser, don't replace gram.h unless it has
13178 remove Makefile.binary for distclean
13182 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
13183 sure we can't overflow new_env.
13187 paranoia when stripping trailing slashes from tempdir.
13191 Set user_ngroups to 0 if getgroups() returns an error.
13194 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
13196 * config.h.in, configure, configure.in, sudo.c:
13197 Add configure check for getgroups()
13201 Use supplementary group vector in struct sudo_user.
13205 Only do string comparisons on the group members if there is no
13206 supplemental group list.
13214 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
13215 chop off any trailing slashes we see and add an explicit one.
13219 remove bogus XXX comment
13223 Get rid of alias_matches and correctly fall through to the non-alias
13224 cases when there is no alias with the specified name.
13228 Cache non-existent passwd/group entries too.
13239 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
13240 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
13241 Implement group caching and use the passwd and group caches
13245 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
13248 Properly negate the return value of alias_matches() when
13253 Make hostname_matches() return TRUE for a match, else FALSE like the
13258 Add missing dependencies on gram.h
13262 Use runas_matches in alias_matches() now that we have it.
13265 * parse.c, parse.h:
13266 Expand aliases in "sudo -l" mode
13270 Use ALIAS for the member type when storing an alias instead of
13271 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
13272 more generic type. Expand runas_matches instead of calling
13273 user_matches() inside of it since user_matches() looks up
13274 USERALIASes, not RUNASALIASes.
13277 * CHANGES, getspwuid.c:
13278 Paranoia; zero out pw_passwd before freeing passwd entry.
13281 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
13282 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
13283 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
13284 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
13285 Add local error/warning functions like err/warn but that call an
13286 additional cleanup routine in the error case. This means we no
13287 longer need to compile a special version of alloc.o for visudo.
13291 Use userpw_matches() to compare usernames, not strcmp(), since the
13292 latter checks for "#uid".
13295 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
13296 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
13297 the other by user name. The data returned from the cache should be
13298 considered read-only and is destroyed by sudo_endpwent().
13306 missing free in alias_destroy
13310 Can't use rbapply() for rbdestroy since the destructor is passed a
13311 data pointer, not a node pointer.
13314 * getspwuid.c, logging.c, sudo.c, sudo.h:
13315 Create and use private versions of setpwent() and endpwent() that
13316 set/end the shadow password file too.
13319 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
13320 Store aliases in a red-black tree.
13323 * Makefile.in, redblack.c, redblack.h:
13324 red-black tree implementation
13328 Edit all sudoers file if there were unused or undefined aliases and
13329 we are in strict mode.
13332 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
13334 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
13335 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
13336 Bring back the "secure_path" Defaults option now that Defaults take
13337 effect before the path is searched.
13340 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
13342 * logging.c, parse.c:
13343 A user can always list their own entries, even with -u. Better error
13344 message when failing to list another user's entries.
13347 * parse.c, sudo.c, sudo.h:
13348 The syntax to list another user's entries is now "-u otheruser -l".
13349 Only root or users with sudo "ALL" may list other user's entries.
13352 * sudo.cat, sudo.man.in, sudo.pod:
13353 Update env variable info in SECURITY NOTES
13361 strip exported bash functions from the environment.
13364 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
13367 Only reset sudo_user.pw based on SUDO_USER environment variables for
13368 real commands and sudoedit. This avoids a confusing message when a
13369 user tries "sudo -l" or "sudo -v" and is denied.
13372 * gram.c, gram.y, parse.h:
13373 Extend LIST_APPEND to deal with appending lists too
13376 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
13379 Convert some bitwise AND to ISSET
13382 * lex.yy.c, toke.c:
13383 toke.c replaces lex.yy.c
13391 new parser fixes most of the outstanding bugs
13399 Rework for the new parser. Now checks for unused aliases in sudoers.
13403 Rewrite for the new parser. Now supports a -d flag (dump) and adds
13404 a -h flag (host). It now defaults to the local hostname unless
13405 otherwise specified.
13409 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
13413 Update for new parse. We now call find_path() *after* we have
13414 updated the global defaults based on sudoers. Also adds support for
13415 listing other user's privs if you are root.
13419 Working LDAP support; also remove a now-unneeded rewind().
13422 * logging.c, logging.h:
13423 Add NO_STDERR flag.
13427 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
13428 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
13429 connecto to LDAP, apply the default options, find the command in the
13430 user's path, and then check whether the user is allowed to run it.
13431 The important thing here is that the default runas user may be
13432 specified as a default option and that needs to be set before we
13433 search for the command.
13437 Add casts to unsigned char for isspace() to quiet a gcc warning.
13441 Add prototype for update_defaults()
13445 Don't warn about line numbers now that we operate on a set of data
13446 structures (or LDAP) and not a file.
13450 No long use lsearch()
13454 Update for new and changed file names.
13458 no more BSD lsearch.c
13462 foo_matches() routines now live in match.c Added user_matches(),
13463 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
13464 that operate on the parsed sudoers file.
13467 * parse.lex, toke.l:
13468 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
13469 WORD no longer needs to exclude '@' kill yywrap()
13472 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
13474 Rewritten parser that converts sudoers into a set of data
13475 structures. This eliminates ordering issues and makes it possible to
13476 apply sudoers Defaults entries before searching for the command.
13479 * configure.in, emul/search.h, lsearch.c:
13480 We won't be using lsearch() any longer.
13484 sudo should not send mail if someone who runs 'sudo -l' has no
13488 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13494 Update warnings to match new visudo
13498 The new parser doesn't have the old ordering constraints.
13502 Document that -l now takes an optional username argument
13505 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
13512 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
13513 a compilation problem with Solaris 9's native LDAP.
13515 Set FLAG_MONITOR when needed.
13518 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
13521 Call sudo_goodpath() *after* changing the cwd to match the traced
13522 process. Fixes relative paths.
13525 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
13528 Kill set_perms() stub--it is no longer needed.
13531 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
13533 * sudoers.cat, sudoers.man.in, sudoers.pod:
13534 stay_setuid now requires set_reuid() or setresuid()
13537 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
13538 configure.in, set_perms.c, sudo.c, sudo.h:
13539 Kill use of POSIX saved uids; they aren't worth bothering with.
13542 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
13545 remove call to issetugid()
13548 * sudoers.cat, sudoers.man.in, sudoers.pod:
13549 Remove warning about wildcards. Now that we use glob() the bug is
13554 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
13555 each result that matches the basename of the user's command. This
13556 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
13557 /usr/bin/blah. Fixes bug #143.
13560 * config.h.in, configure, configure.in:
13561 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
13565 * config.h.in, configure, configure.in:
13566 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
13574 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
13579 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
13583 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
13586 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
13587 means we are out of space in the stack gap...
13595 Take a stab at ldap sudoers support here.
13598 * mon_systrace.c, mon_systrace.h:
13599 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
13600 doesn't cause reboot to inadvertanly kill itself.
13604 put "monitor" in the proctitle, not "systrace"
13608 When modifying the environment, don't replace envp when we can get
13609 away with just rewriting pointers in the traced process.
13612 * mon_systrace.c, mon_systrace.h:
13613 Add environment updating via STRIOCINJECT (if available).
13616 * sudoers.cat, sudoers.man.in:
13620 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
13627 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
13631 Include file is now mon_systrace.h
13634 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
13635 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
13636 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
13637 No longer call it tracing, it is now "monitoring" which should be
13638 more a obvious name to non-hackers.
13641 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
13643 * mon_systrace.c, mon_systrace.h:
13647 * mon_systrace.c, mon_systrace.h:
13648 No need to include syscall.h, use 1024 as the max # of entries (the
13649 max that systrace(4) allows).
13651 Only need to use SYSTR_POLICY_ASSIGN once
13653 Change check_syscall() -> find_handler() and have it return the
13654 handler instead of just running it. We need this since handler now
13655 have two parts: one part that generates and answer and another that
13656 gets called after the answer is accepted (to do logging).
13658 Add some missing check_exec for emul execv
13661 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
13666 Add missing HAVE_LINUX_SYSTRACE_H
13670 add trace_systrace.o dependency
13673 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
13675 * configure, configure.in:
13676 Also look for systrace.h in /usr/include/linux
13679 * mon_systrace.c, mon_systrace.h:
13680 Move all struct defs and prototypes into trace_systrace.h and mark
13681 all but systace_attach() static.
13684 * mon_systrace.c, mon_systrace.h:
13685 Add support for tracing emulations. At the moment, all emulations
13686 are compiled in. It might make sense to #ifdef them in the future,
13687 though this impeeds readability.
13690 * Makefile.in, configure, configure.in:
13691 rename systrace.c -> trace_systrace.c
13694 * parse.yacc, sudo.tab.c:
13695 Allow this to build with a K&R compiler again
13702 * compat.h, sudo.c, visudo.c:
13703 Use __attribute__((__noreturn__))
13707 Exit() takes a negative value to indicate it was not called via
13711 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13716 * Makefile.in, visudo.c:
13717 Define Err() and Errx() that are like err() and errx() but call
13718 Exit() instead of exit(). Build private copy of alloc.o for visudo
13719 that calls Err() and Errx().
13722 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
13724 * lex.yy.c, sudo.tab.c:
13733 Overhaul visudo for editing multiple files: o visudo has been
13734 broken out into functions (more work needed here) o each file is
13735 now edited before sudoers is re-parsed o if a #include line is
13736 added that file will be edited too
13738 TODO: o cleanup temp files when exiting via err() or errx() o
13739 continue breaking things out into separate functions
13742 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
13743 Add keepopen arg to open_sudoers that open_sudoers can use to
13744 indicate to the caller that the fd should not be closed when it is
13745 done with it. To be used by visudo to keep locked fds from being
13746 closed prematurely (and thus losing the lock).
13749 * parse.yacc, sudo.c:
13750 Add errorfile global that contains the name of the file that caused
13755 return COMMENT to yacc grammar for a #include line
13759 Remove us of unput() in favor of yyless() which is cheaper.
13763 Allow an empty sudoers file.
13766 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
13769 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
13772 * lex.yy.c, sudo.tab.c:
13777 Do signal setup before calling edit_sudoers(). Don't shadow the
13782 If a sudoers file includes other files, edit those too. Does not yes
13783 deal with creating the new includes files itself.
13787 init_parser now takes a path
13790 * parse.c, parse.h, parse.lex, parse.yacc:
13791 More scaffolding for dealing with multiple sudoers files: o
13792 init_parser() now takes a path used to populate the sudoers global
13793 o the sudoers global is used to print the correct file in yyerror()
13794 o when switching to a new sudoers file, perserve old file name and
13798 * Makefile.in, pathnames.h.in:
13799 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
13800 multiple sudoers files.
13804 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
13805 we start at the right file position when reading include files.
13817 Add max depth of 128 for the include stack to avoid loops.
13819 Since yyerror() doesn't stop parsing, pass return values back to
13820 yylex and call yyterminate() on error.
13823 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
13830 Mention PREVENTING SHELL ESCAPES section of sudoers man page
13833 * lex.yy.c, sudo.tab.c:
13838 Add support for #include in sudoers (visudo support TBD)
13842 make yyerror()'s argument const
13845 * testsudoers.c, visudo.c:
13846 Add open_sudoers() stubs.
13850 Rename check_sudoers() open_sudoers() and make it return a FILE *
13853 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
13855 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
13860 * Makefile.in, sudo.psf:
13861 Better HP-UX depot construction
13864 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
13867 o Made children global so check_exec() can lookup a child. o
13868 Replaced uid in struct childinfo with struct passwd * (for runas) o
13869 new_child() now takes a parent pid so the runas info can be
13870 inherited o Added find_child() to lookup a child by its pid o
13871 update_child() now fills in a struct passwd o Converted the big
13872 if/else mess in set_policy to a switch o Syscalls that change uid
13873 are now "ask" so we get SYSTR_MSG_UGID events
13877 Add flag to sudo_pwdup that indicates whether or not to lookup the
13878 shadow password. Will be used to a struct passwd that has the
13879 shadow password already filled in.
13883 add missing increment of addr in read_string()
13887 Remove bogus call to update_child() and some cosmetic fixes
13891 Don't leak /dev/systrace fd to tracee Make initialized global for
13892 simplicity If STRIOCATTACH returns EBUSY we are already being traced
13893 Check for user_args == NULL in setproctitle() call Add missing calls
13898 g/c sudo_pwdup proto
13901 * Makefile.in, sudo.psf:
13902 Add target for building a depot file
13909 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
13911 * lex.yy.c, sudo.tab.c, sudo.tab.h:
13916 document --with-systrace
13919 * config.h.in, configure, configure.in:
13920 Add check for setproctitle
13924 pass struct str_msg_ask in to syscall checker so it can set the
13929 systrace(4) support for sudo. On systems with the systrace(4)
13930 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
13931 intercept exec calls and check the exec args against the sudoers
13932 file. In other words, sudo can now control subcommands and shell
13937 Call systrace_attach() if FLAG_TRACE is set.
13940 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
13941 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
13945 Don't close sudoers_fp, keep it open and set close on exec flag
13949 * def_data.c, def_data.h, def_data.in:
13958 SunOS /bin/sh blows up with configure
13961 * configure, configure.in:
13962 Include sys/param.h before systrace.h
13974 line up options in --help
13977 * config.h.in, configure.in:
13978 Add --with-systrace
13981 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
13987 * aclocal.m4, configure.in:
13988 make this work with autoconf-2.59
13991 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
13994 Simplify logic around open & stat of files and do sanity on edited
13995 file even if we lack fstat (still racable but worth doing).
13998 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
14006 [b84ebfaf1552] [SUDO_1_6_8p1]
14009 more changes for 1.6.8p1
14016 * CHANGES, sudo_edit.c:
14017 Add sanity check so we don't try to edit something other than a
14021 2004-09-15 Aaron Spangler <aaron777@gmail.com>
14028 document --with-ldap-conf-file
14031 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
14033 * CHANGES, ins_csops.h:
14034 political correctness strikes again
14041 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
14043 * Makefile.binary.in, Makefile.in:
14044 Install sudoedit man link
14048 Update PAM note and mention where HP-UX users can download gcc
14053 libtool wants to install stuff from .libs so fake one up for binary
14057 * Makefile.binary.in:
14058 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
14062 Deal with "uname -m" having slashes in it rm -f old sudoedit link
14063 instead of using ln -f
14066 * Makefile.binary, Makefile.binary.in:
14067 Makefile.binary -> Makefile.binary.in for config.status substitution
14068 Add support for installing noexec bits
14072 Copy noexec bits into binary dists too No longer use my old arch
14073 script for making binary dists
14077 Install sudoedit link.
14080 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
14083 avoid __P so there is no need for compat.h to be included
14087 Don't use HAVE_UTIME_H before including config.h.
14090 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
14093 Fix Solatis futimes macro
14096 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
14099 Rename ots -> omtim for improved readability.
14102 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
14105 Redo changes in revision 1.7. Don't really need to keep the temp
14106 file open; re-opening it with the invoking user's euid is
14114 * sudo.cat, sudo.man.in:
14119 back out revision 1.70; it is no long applicable
14123 Let the loader initialize nep
14126 * config.h.in, configure, configure.in:
14127 Removed unneed check for fchown Add check for gettimeofday Move
14128 autoheader template stuff into separate AH_TEMPLATE lines
14131 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
14132 Use timespec throughout.
14140 function to return the current time in a struct timespec
14144 Not a darpa-sponsored file.
14147 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
14149 * compat.h, config.h.in, configure, configure.in:
14150 Add a check for struct timespec and provide it for those without.
14153 * config.h.in, configure, configure.in, sudo_edit.c:
14154 Add checks for st_mtim and st_mtimespec and add macros for pulling
14155 the mtime sec and nsec out of struct stat. These are used in
14156 sudo_edit() to better tell whether or not the file has changed.
14159 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
14160 Add an extra param to touch() for nsec
14164 Call mkstemp() as the in invoking user so we don't have to chown the
14165 file later. Only touch() the temp file if we can do it via the file
14166 descriptor. Don't check for modification of the temp file if we lack
14167 fstat(). Catch errors read()ing the temp file.
14171 If path is NULL and fd == -1 return -1.
14175 closefrom() is overkill, the only extra fds are the ones we opened
14176 so just close those in the child.
14179 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
14180 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
14182 Use utimes() and futimes() instead of utime() in touch(), emulating
14183 as needed. Not all systems are able to support setting the times of
14184 an fd so touch() takes both an fd and a file name as arguments.
14187 2004-09-07 Aaron Spangler <aaron777@gmail.com>
14193 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
14195 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14200 * sudo.pod, sudoers.pod, visudo.pod:
14201 Add SUPPORT section and re-order some of the sections to match the
14202 order we use in OpenBSD.
14205 2004-09-06 Aaron Spangler <aaron777@gmail.com>
14208 Openldap ~/.ldaprc fix
14211 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
14214 Talk about how the editor must write its changes to the original
14215 file and not just use rename(2).
14223 Keep the temp file open instead of re-opening after the editor has
14228 Update for current redhat/fedora core.
14231 2004-09-03 Aaron Spangler <aaron777@gmail.com>
14237 2004-09-02 Aaron Spangler <aaron777@gmail.com>
14240 config tls_* options
14243 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
14245 * configure, configure.in:
14246 No need for -lcrypt when using pam.
14249 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
14255 2004-08-27 Aaron Spangler <aaron777@gmail.com>
14257 * configure.in, ldap.c, pathnames.h.in:
14258 Allow --with-ldap-conf-file option to override LDAP_CONF
14262 cleanup debug message
14265 2004-08-26 Aaron Spangler <aaron777@gmail.com>
14271 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
14273 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
14274 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
14275 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
14276 longer use gross statics in command_matches(). Also rename some
14277 variables for improved clarity.
14280 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
14283 document HP's crippled compiler deficiency.
14287 Fix some thinkos in --with-editor and --with-env-editor
14288 descriptions. Noticed by Norihiko Murase.
14291 * configure, configure.in:
14292 --with-noexec takes an optional PATH argument.
14296 document --with-noexec
14299 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
14303 [f2503bd13373] [SUDO_1_6_8]
14306 Better warning message when sudoedit is unable to write to the
14310 * sudo.cat, sudo.man.in:
14315 Don't italicize the string "sudoedit"
14318 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
14324 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
14331 Reset used_runas to FALSE when re-intializing the parser.
14334 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
14337 Correct OpenBSD mips support
14344 2004-08-07 Aaron Spangler <aaron777@gmail.com>
14347 More behavior notes
14351 Updates on current behavior
14354 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
14357 =back does not take an indentlevel (makes no difference to formatted
14362 =back does not take an indentlevel (makes no difference to formatted
14371 Consistency. Use same error for bad -u #uid when targetpw is set as
14372 we do when a bad -u username is specified.
14376 Add checksum idea from Steve Mancini
14379 * sudoers.cat, sudoers.man.in:
14383 * sudo.cat, sudo.man.in:
14387 * sudo.pod, sudoers.pod:
14388 Document the restriction on uids specified via -u when targetpw is
14393 Error out when targetpw is enabled and sudo is run with -u #uid but
14394 #uid does not exist in the passwd database. We can't do target
14395 authentication when the target is not in passwd!
14398 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
14403 Some more todo for the next release.
14407 Make it clear that PAM should be used for DCE support when possible.
14411 o Document problems with wildcards and relative paths. o Make the
14412 order requirements more prominent. o Change a "set" to "reset" for
14416 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
14419 Mention --with-secure-path, not SECURE_PATH.
14422 2004-08-03 Aaron Spangler <aaron777@gmail.com>
14425 reflect changes to parse.c
14428 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
14434 * parse.c, parse.h, testsudoers.c, visudo.c:
14435 Don't pass user_cmnd and user_args to command_matches(), just use
14436 the globals there. Since we keep state with statics anyway it is
14437 misleading to pretend that passing in different cmnd and cmnd_args
14442 Don't pass user_cmnd and user_args to command_matches(), just use
14443 the globals there. Since we keep state with statics anyway it is
14444 misleading to pretend that passing in different cmnd and cmnd_args
14449 Fix a bug introduced in rev. 1.149. When checking for pseudo-
14450 commands check for a '/' anywhere in cmnd, not just the first
14454 2004-07-31 Aaron Spangler <aaron777@gmail.com>
14456 * sudo.man.in, sudo.pod:
14457 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
14460 * sudoers.man.in, sudoers.pod:
14461 Add ignore_local_sudoers
14465 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
14469 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
14475 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
14482 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
14483 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
14486 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
14492 2004-07-08 Aaron Spangler <aaron777@gmail.com>
14495 Better debugging of ALL command
14498 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
14501 When matching for "sudoedit" in sudoers check both the command the
14502 user typed *and* the command that is listed in the sudoers entry.
14505 2004-07-04 Aaron Spangler <aaron777@gmail.com>
14508 Added !command feature
14511 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
14514 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
14517 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
14520 License is ISC-style, not BSD-style
14527 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
14529 * sudo.cat, sudo.man.in:
14534 o Update some out of date bits to reality o Change the shell promt
14535 in examples to bourne-shell style o Clarify some details o Add a
14536 CAVEAT about "sudo cd /foo"
14540 Don't ask for a password if invoking user == target user.
14547 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
14549 * sudoers.cat, sudoers.man.in:
14554 Expand on NOEXEC a little.
14561 * visudo.cat, visudo.man.in:
14570 Add a check in visudo for runas_default being set after it has
14574 * CHANGES, parse.yacc, visudo.c:
14575 Add a check in visudo for runas_default being set after it has
14584 Add a MATCHED macro for testing whether foo_matches has been set to
14585 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
14586 Doesn't change the actual code generated.
14589 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
14600 Correct description of where Defaults specs should go.
14604 Correct description of where Defaults specs should go.
14607 * testsudoers.c, visudo.c:
14627 * auth/bsdauth.c, auth/kerb5.c:
14631 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
14637 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
14638 Remove trailing spaces, no actual code changes.
14642 Remove trailing spaces, no actual code changes.
14645 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
14646 Remove trailing spaces, no actual code changes.
14650 Remove trailing spaces, no actual code changes.
14654 Remove trailing spaces, no actual code changes.
14657 * compat.h, defaults.c, env.c:
14658 Remove trailing spaces, no actual code changes.
14662 Remove trailing spaces, no actual code changes.
14670 Fix a >=0 that should be <0 that was improperly converted when
14675 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
14676 NOMATCH when resetting it.
14680 Fix pastos introduced in SETNMATCH addition.
14683 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
14686 Update for configure changes
14694 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
14695 these in parse.yacc. Also in parse.yacc initialize the *_matches
14696 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
14697 when setting *_matches to a value that may be
14698 NOMATCH/UNSPEC/TRUE/FALSE.
14702 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
14703 these in parse.yacc. Also in parse.yacc initialize the *_matches
14704 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
14705 when setting *_matches to a value that may be
14706 NOMATCH/UNSPEC/TRUE/FALSE.
14710 Initialize runas to -2, not -1 since we need to be able to
14711 distinguish between the initialized value and the value of a non-
14712 match when passing along the runas value to multiple commands.
14714 The result of this is that an unmatched runas is now set to -1, not
14715 0. This is required now that parse.c treats a FALSE value for runas
14716 as being explicitly denied.
14719 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
14721 * sudo.c, visudo.c:
14722 Error out if argc < 1.
14726 Error out if argc < 1.
14729 * configure, configure.in:
14730 Add tests for what libs we need to link with for ldap and for
14731 whether or not lber.h needs to be explicitly included.
14734 2004-06-03 Aaron Spangler <aaron777@gmail.com>
14737 Solaris native LDAP build fix
14740 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
14743 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
14748 Add prototype for sudo_ldap_list_matches
14751 * configure, configure.in:
14752 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14753 version too. Added check for dd_fd in `DIR' if no dirfd is found;
14754 this is now used to confitionally define the dirfd macro in
14759 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14760 version too. Added check for dd_fd in `DIR' if no dirfd is found;
14761 this is now used to confitionally define the dirfd macro in
14766 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14767 version too. Added check for dd_fd in `DIR' if no dirfd is found;
14768 this is now used to confitionally define the dirfd macro in
14773 Only check /proc/$$/fd if we have the dirfd function/macro.
14776 * compat.h, config.h.in, configure, configure.in:
14777 Add a check for a dirfd() function (like Linux) and add a dirfd
14778 macro in compat.h if there is no dirfd() function or macro.
14781 * closefrom.c, getcwd.c:
14782 dirfd() is now defined in compat.h as needed.
14786 Clarify closefrom() note.
14790 When checking for a command in the directory, only copy the base dir
14795 If there is a /proc/$$/fd directory, behave like the Solaris
14796 closefrom() and only close the descriptors listed therein.
14800 compat.h guarantees INT_MAX is defined.
14804 Add definitions of OPEN_MAX and INT_MAX for those without it and
14805 remove definition of RLIM_INFINITY (now unused).
14808 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
14809 sudo.c, sudo.h, visudo.c:
14810 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
14813 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
14820 Add some entries that were mailed in a while ago
14824 o sysconf returns a long, not an int. o check for negative return
14825 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
14826 define OPEN_MAX to 256 for those without it (a fair guess...)
14829 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
14832 Mention change in parse order for RunAs entries.
14839 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
14841 * INSTALL, README.LDAP, config.h.in, configure.in:
14842 o --with-ldap now takes an optional dir as a parameter o added
14843 check for ldap_initialize() and start_tls_s()
14847 Fix some typos, word choice and formatting issues.
14850 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
14853 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
14854 read/write as it is simpler.
14857 * configure, configure.in:
14858 Remove hack overriding cross-compiler check. It should no longer be
14863 Remove select() compat bits since we no longer use select().
14866 * CHANGES, tgetpass.c:
14867 Use alarm() instead of select() for the timeout for systems that
14868 don't fully/properly implement select().
14871 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
14882 Deal with systems that have no way of setting the effective uid such
14886 * configure, configure.in:
14887 Define NO_SAVED_IDS if we don't find seteuid()
14890 * config.h.in, configure, configure.in:
14891 Add back check for setreuid() since NSK doesn't have it.
14894 * sudoers.cat, sudoers.man.in:
14907 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
14908 explicitly denied and the command matched. This fixes a long-
14909 standing bug and makes: foo machine = (ALL) /usr/bin/blah
14910 foo machine = (!bar) /usr/bin/blah
14912 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
14916 Clarify mail_noperm
14919 2004-05-20 Aaron Spangler <aaron777@gmail.com>
14922 Missing DESTDIR in make install for sudo_noexec.la
14925 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
14927 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14937 Remove fastboot/fasthalt (who still remembers these?) and add a
14938 minimal sudoedit example.
14942 Remove fastboot/fasthalt (who still remembers these?) and add a
14943 minimal sudoedit example.
14946 * UPGRADE, sudo.c, visudo.c:
14947 filesystem -> file system
14951 filesystem -> file system
14954 * CHANGES, INSTALL:
14955 filesystem -> file system
14958 * sudo.pod, sudoers.pod:
14959 Fix some minor typos and formatting goofs
14967 remove my email addr
14970 * sudo.pod, sudoers.pod, visudo.pod:
14971 Use @mansectform@ and @mansectsu@ everywhere Make man page
14972 references links with L<>
14976 Accept quoted globbing characters and pass them verbatim for
14981 Document that /tmp/.odus is gone.
14985 No longer use /tmp/.odus as a possible timestamp dir unless
14986 specifically configured to do so. Instead, if no /var/run exists,
14987 use /var/adm/sudo or /usr/adm/sudo.
14991 No longer use /tmp/.odus as a possible timestamp dir unless
14992 specifically configured to do so. Instead, if no /var/run exists,
14993 use /var/adm/sudo or /usr/adm/sudo.
14997 No longer use /tmp/.odus as a possible timestamp dir unless
14998 specifically configured to do so. Instead, if no /var/run exists,
14999 use /var/adm/sudo or /usr/adm/sudo.
15003 No longer use /tmp/.odus as a possible timestamp dir unless
15004 specifically configured to do so. Instead, if no /var/run exists,
15005 use /var/adm/sudo or /usr/adm/sudo.
15008 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
15009 Preliminary changes to support nsr-tandem-nsk. Based on patches
15014 Preliminary changes to support nsr-tandem-nsk. Based on patches
15018 * check.c, compat.h:
15019 Preliminary changes to support nsr-tandem-nsk. Based on patches
15023 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
15026 There was no 1.6.7p6.
15034 add missing files to DISTFILES
15037 * sudo.cat, sudoers.cat, visudo.cat:
15046 Fix some line wrap and update (c) year
15049 2004-04-28 Aaron Spangler <aaron777@gmail.com>
15055 2004-04-07 Aaron Spangler <aaron777@gmail.com>
15061 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
15068 In Exit() when used as a signal handler, emsg is a pointer so
15069 sizeof() is wrong so make it a #define instead. Also avoid using a
15070 negative exit value. Found by Aaron Campbell
15073 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
15076 Remove bogus sentence about uids in a User_List. Document usernames
15077 vs. uid parsing in a Runas_List.
15080 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
15081 If the user specified a uid with the -u flag and the uid exists in
15082 the passwd file, set runas_user to the name, not the uid.
15084 When comparing usernames in sudoers, if a name is really a uid
15085 (starts with '#') compare it numerically to pw_uid.
15088 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
15091 krb5_mcc_ops should be const; Johnny C. Lam
15094 2004-02-28 Aaron Spangler <aaron777@gmail.com>
15096 * CHANGES, config.h.in, ldap.c:
15097 Added start_tls support
15100 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
15103 Clean up libtool stuff for 'make distclean' and add def_data.c,
15104 def_data.h to PARSESRCS.
15107 2004-02-14 Aaron Spangler <aaron777@gmail.com>
15109 * strlcat.c, strlcpy.c:
15110 Un-Fix last license munge
15113 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
15119 * CHANGES, RUNSON, TODO:
15123 * lex.yy.c, sudo.tab.c:
15127 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15128 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
15129 emul/search.h, emul/utime.h:
15130 More to a less restrictive, ISC-style license.
15133 * auth/kerb5.c, auth/pam.c:
15134 More to a less restrictive, ISC-style license.
15137 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
15138 More to a less restrictive, ISC-style license.
15142 More to a less restrictive, ISC-style license.
15145 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
15146 More to a less restrictive, ISC-style license.
15149 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
15150 visudo.man.in, visudo.pod:
15151 More to a less restrictive, ISC-style license.
15155 More to a less restrictive, ISC-style license.
15158 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
15160 More to a less restrictive, ISC-style license.
15163 * sigaction.c, strerror.c:
15164 More to a less restrictive, ISC-style license.
15167 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
15169 More to a less restrictive, ISC-style license.
15172 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
15173 ins_goons.h, insults.h, interfaces.c, interfaces.h:
15174 More to a less restrictive, ISC-style license.
15177 * find_path.c, getprogname.c:
15178 More to a less restrictive, ISC-style license.
15182 More to a less restrictive, ISC-style license.
15186 More to a less restrictive, ISC-style license.
15190 More to a less restrictive, ISC-style license.
15193 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
15195 More to a less restrictive, ISC-style license.
15198 * utime.c, version.h:
15199 More to a less restrictive, ISC-style license.
15202 * parse.lex, parse.yacc:
15203 More to a less restrictive, ISC-style license.
15207 More to a less restrictive, ISC-style license.
15210 2004-02-13 Aaron Spangler <aaron777@gmail.com>
15213 Merged in LDAP Support
15216 * ldap.c, sudo.c, sudo.h:
15217 Merged in LDAP Support
15220 * def_data.c, def_data.h, def_data.in:
15221 Merged in LDAP Support
15224 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
15225 Merged in LDAP Support
15228 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
15230 * sudo.h, sudo_noexec.c:
15231 Only do "extern int errno" if errno is not a macro.
15234 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
15237 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
15238 euid first, then just call setuid(0) to set the real uid too.
15242 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
15243 instead of seteuid() which may not exist.
15246 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
15252 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
15253 Add --with-pc-insults configure option
15257 Prefer VISUAL over EDITOR like old vipw did.
15260 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
15262 * sudo.man.in, sudoers.man.in:
15267 Add a note that noexec is not a cure-all.
15271 Mention that disabling "root_sudo" is pretty pointless.
15274 * configure, configure.in:
15275 Substitute for root_sudo in sudoers.pod
15279 Add sudoedit to the NAME section
15283 Document that fact that setting ignore_dot in sudoers has no effect
15284 due to the fact that find_path() is called *before* sudoers is read.
15287 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
15290 Do not require _PATH_USRTMP to be set.
15293 * BUGS, CHANGES, TODO:
15302 Clarify that when sudo is run by root with the SUDO_USER variable
15303 set, the sudoers lookup happens for root and not the SUDO_USER user.
15306 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
15308 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
15309 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
15310 Use the SET, CLR and ISSET macros.
15314 Use the SET, CLR and ISSET macros.
15317 * defaults.c, env.c:
15318 Use the SET, CLR and ISSET macros.
15322 MAIN was replaced with _SUDO_MAIN some time ago.
15326 Don't look at prev_user until after we've parsed sudoers and done
15327 the password check. That way, if sudo/sudoedit is run from a root
15328 process that was invoked by sudo, we check sudoers for root, not the
15329 previous user. This makes sudoedit much more useful and means that
15330 for the sudo case, we get correct logging on who actually ran the
15334 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
15337 Add a comment describing why we need to be notified about our child
15341 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
15343 * def_data.c, def_data.in:
15344 Update the noexec variable descriptions
15347 * sudoers.man.in, sudoers.pod:
15348 noexec now replaces more than just execve()
15352 Alas, all the world does not go through execve(2). Many systems
15353 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
15354 and it is not uncommon for libc to have underscore ('_') versions of
15355 the functions to be used internally by the library. Instead of
15356 stubbing all these out by hand, define a macro and let it do the
15357 work. Extra exec functions pointed out by Reznic Valery.
15360 * sudo.c, sudo_edit.c:
15361 Fix suspending the editor in -e mode. Because we do a fork() first
15362 we need to be notified when the child has been stopped and then send
15363 that same signal to ourself so the shell can do its job control
15368 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
15369 there that want to run sudo that still don't support these we can
15370 try to deal with that later.
15377 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
15378 Document sudo -e / sudoedit
15381 * configure, configure.in:
15385 * config.h.in, configure.in:
15389 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
15392 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
15393 long usage() line to not wrap (assumes 80 char display)
15396 * Makefile.in, sudo.c:
15397 If sudo is invoked as "sudoedit" the -e flag is implied and no other
15398 flags are permitted.
15402 Add a new flag, -e, that makes it possible to give users the ability
15403 to edit files with the editor of their choice as the invoking user,
15404 not the runas user. Temporary files are used for the actual edit
15405 and the temp file is copied over the original after the editor is
15409 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
15410 Add a new flag, -e, that makes it possible to give users the ability
15411 to edit files with the editor of their choice as the invoking user,
15412 not the runas user. Temporary files are used for the actual edit
15413 and the temp file is copied over the original after the editor is
15418 If real uid == 0 and the SUDO_USER environment variables is set, use
15419 that to determine the invoking user's true identity. That way the
15420 proper info gets logged by someone who has done "sudo su" but still
15421 uses sudo to as root. We can't do this for non-root users since
15422 that would open up a security hole, though perhaps it would be
15423 acceptable to use getlogin(2) on OSes where this a system call (and
15424 doesn't just look in the utmp file).
15428 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
15431 * config.h.in, configure, configure.in:
15432 Add check for fchown(2)
15435 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
15438 Back out portions of the -i commit that set NewArgv[0] in
15439 set_runaspw. It is far to late to set NewArgv[0] there and will have
15440 no effect anyway as cmnd and safe_cmnd have already been set.
15443 * visudo.c, visudo.pod:
15444 Prefer VISUAL over EDITOR like old vipw did.
15447 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
15450 In -i mode always set new environment based on the runas user's
15454 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
15456 * sudo.man.in, sudo.pod:
15457 Document the new -i flag and sync SYNOPSIS section with usage() in
15458 sudo.c. Also sort the flags in the OPTIONS section.
15462 o Add -i that acts similar to "su -", based on patches from David J.
15463 MacKenzie o Sort the flags in the usage message
15466 * sudoers.man.in, sudoers.pod:
15467 Add a missing @runas_default@ substitution.
15470 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
15473 Change euid to runas user before calling find_path().
15474 Unfortunately, though runas_user can be modified in sudoers we
15475 haven't parsed sudoers yet.
15478 * sudoers.man.in, sudoers.pod:
15479 Add missing defintion of Parameter_List and use single pipes in the
15480 Defaults EBNF definition.
15484 Fix a bug when set_runaspw() is used as a callback. We don't want
15485 to reset the contents of runas_pw if the user specified a user via
15488 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
15489 already have the info in runas_pw.
15492 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
15495 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
15499 Update sudo_getepw() proto and add one for set_runaspw()
15503 If we can't stat the command as root, try as the runas user instead.
15506 * testsudoers.c, visudo.c:
15507 Add stub set_runaspw() function
15511 Add set_runaspw() function to fill in runas_pw. This will be used
15512 as a callback to update runas_pw when the runas user changes.
15516 PERM_RUNAS -> PERM_FULL_RUNAS
15519 * set_perms.c, sudo.h:
15520 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
15525 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
15526 one chunk for easy free()ing. Also change it from static to extern.
15529 * defaults.c, defaults.h:
15530 Add callback support
15534 Add a callback field and use it for runas_default
15537 * def_data.c, def_data.in:
15538 Add a callback field and use it for runas_default
15541 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
15544 Add support for chalnecho and display server responses used by fwtk
15548 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
15550 * sudoers.man.in, sudoers.pod:
15551 ld.so is ld.so.1 on solaris
15554 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
15555 Use closefrom() instead of doing the equivalent inline.
15559 closefrom(3) for systems w/o it
15562 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
15565 Update from .pod file.
15568 * configure, configure.in:
15569 Substitute noexec_file for the sudoers man page
15572 * sudo.man.in, sudo.pod:
15576 * sudoers.man.in, sudoers.pod:
15580 * auth/pam.c, config.h.in, configure.in:
15581 Move PAM_CONST macro definition from config.h to pam.c where it
15582 belongs. We can't have this in config.h since that gets included too
15586 * auth/pam.c, config.h.in, configure, configure.in:
15587 Some PAM implementations put their headers in /usr/include/pam
15588 instead of /usr/include/security.
15592 I missed changing the EXEC macro -> EXECV here when I changed this
15593 in config.h.in and sudo.c a while ago.
15597 OpenBSD vax/m88k/hppa don't do shared libs
15600 * configure, configure.in:
15601 o merge the hpux case entries into a single entry w/ its own sub-
15602 case statement. o HP-UX >= 11 support getspnam(), use it in
15603 preference to getprpwuid()
15606 * configure, configure.in:
15607 eval $shrext so that it expands nicely on MacOS X
15611 Don't lie about making a module, it does the wrong thing on mach
15615 Remove requirement that libs must begin with "lib". They don't when
15616 we point directly at the lib using LD_PRELOAD or its equivalent.
15620 Disable support for c++, f77 and java. We don't need it, it takes a
15621 lot of time, and it hosed our check for shared lib support.
15629 Call AC_ENABLE_SHARED and check the status of enable_shared to know
15630 when shared libs are available.
15634 Duh, OpenBSD suports shared libs too
15637 * config.h.in, configure.in:
15638 Only OpenPAM and Linux PAM use const qualifiers.
15641 * configure, configure.in:
15642 o No need to check for sed, libtool config does that for us o move
15643 check for --with-noexec until after libtool magic is run so we can
15644 use $can_build_shared and $shrext
15648 Don't print a bunch of crap about library installs since we are not
15649 really installing a library.
15653 Make format_env() varargs Add noexec support for Darwin, MacOS X,
15657 * acsite.m4, ltconfig, ltmain.sh:
15658 Update to libtool 1.5 with local changes: o no ldconfig in the
15659 finish step o assume no libprefix or version is needed
15663 Fix compilation under K&R
15666 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
15673 stub execve() that just returns EACCES; used for noexec
15678 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
15683 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
15687 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
15689 * def_data.c, def_data.h, def_data.in:
15690 Move the environment defaults to the end and shorten a few of the
15694 * configure, configure.in:
15695 no shared libs on ultris or convexos
15698 * Makefile.in, configure, configure.in:
15699 Build sudo_noexec shared object using libtool; could use some
15703 * acsite.m4, ltconfig, ltmain.sh:
15704 libtool scaffolding
15707 * parse.yacc, sudo.tab.c:
15708 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
15712 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
15713 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
15714 update copyright year
15717 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
15718 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
15719 option. The default value of noexec_file is set to this.
15722 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
15723 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
15725 Add support for preloading a shared object containing a dummy
15726 execve() function that just sets error and returns -1. This adds a
15727 "noexec_file" option to load the filename as well as a "noexec" flag
15728 to enable it unconditionally. There is also a NOEXEC tag that can
15729 be attached to specific commands and an EXEC tag to disable it.
15733 add missing newline to usage statement
15736 * config.h.in, sudo.c:
15737 Rename EXEC macro -> EXECV
15741 Don't truncate usernames to 8 characters in the log message.
15744 * check.c, sudoers.man.in, sudoers.pod:
15745 Update copyright year
15748 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
15750 Add a new option, lecture_file, that can be used to point to a
15751 custom sudo lecture.
15754 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
15756 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
15758 Add a zero_bytes() function to do the equivalent of bzero in such a
15759 way that will heopfully not be optimized away by sneaky compilers.
15763 Add a zero_bytes() function to do the equivalent of bzero in such a
15764 way that will heopfully not be optimized away by sneaky compilers.
15767 * Makefile.in, sudo.h:
15768 Add a zero_bytes() function to do the equivalent of bzero in such a
15769 way that will heopfully not be optimized away by sneaky compilers.
15773 Use #ifdef __STDC__, not #if __STDC__.
15776 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
15779 Always put at least one space between the def_* macro name and its
15783 * configure, configure.in:
15784 Adjust code for --without-lecture to match new values.
15788 regen after pasto fix
15791 * sudoers.man.in, sudoers.pod:
15792 Document that "lecture" has changed from a flag to a tuple.
15795 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
15796 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
15797 Add support for tuples in def_data.in; these are implemented as an
15798 enum type. Currently there is only a single tuple enum but in the
15799 future we may have one tuple enum per T_TUPLE entry in def_data.in.
15800 Currently listpw, verifypw and lecture are tuples. This avoids the
15801 need to have two entries (one ival, one str) for pwflags and syslog
15804 lecture is now a tuple with the following values: never, once,
15807 We no longer use both an int and string entry for syslog facilities
15808 and priorities. Instead, there are logfac2str() and logpri2str()
15809 functions that get used when we need to print the string values.
15812 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
15813 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
15814 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
15815 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
15816 sudo.tab.c, visudo.c:
15817 Create def_* macros for each defaults value so we no longer need the
15818 def_{flag,ival,str,list,mode} macros (which have been removed). This
15819 is a step toward more flexible data types in def_data.in.
15826 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
15829 If we are in -k/-K mode, just spew to stderr. It is not unusual for
15830 users to place "sudo -k" in a .logout file which can cause sudo to
15831 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
15832 Previously, this would result in useless mail and logging.
15835 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
15838 fix pasto in VISUAL description
15841 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
15852 Some OSes (like Solaris) allow export w/ nosuid too
15855 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
15858 We don't use FD_ZERO anymore so just define FD_SET (if not already
15862 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
15865 Fix a core dump on Solaris by preserving the pam_handle_t we used
15866 during authentication for pam_prep_user(). If we didn't
15867 authenticate (ie: ticket still valid), we call pam_init() from
15868 pam_prep_user(). This is something of a hack; it may be better to
15869 change the auth API and add an auth_final() function that acts like
15873 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
15876 Add explicit declaration of printerr variable in function header
15877 (was defaulting to int which is OK but oh so K&R :-). From Theo.
15880 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
15882 * config.h.in, configure.in:
15883 s/HAVE_STOW/USE_STOW/
15887 Also exit waitpid() loop when pid == 0. Fixes a problem where the
15888 sudo process would spin eating up CPU until sendmail finished when
15889 it has to send mail.
15892 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
15895 Remove advertising clause, UCB has disavowed it
15899 Remove advertising clause, UCB has disavowed it
15902 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
15905 Don't assume that getgrnam() calls don't modify contents of struct
15906 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
15907 Based on a patch from Kirk Webb.
15910 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
15917 darwin has a broken setreuid() in at least some versions
15921 Fix an off by one error when reallocating the environment; Kevin Pye
15924 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
15927 Fix User_Spec definition; SEKINE Tatsuo
15930 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
15933 More info on the early days from Coggs.
15936 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
15939 remove errant semicolon that prevented compilation under heimdal
15942 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
15944 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
15945 add DARPA credit on affected files
15949 add DARPA credit on affected files
15952 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
15954 add DARPA credit on affected files
15958 add DARPA credit on affected files
15962 add DARPA credit on affected files
15965 * logging.c, parse.c:
15966 add DARPA credit on affected files
15969 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15970 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
15971 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
15973 add DARPA credit on affected files
15976 * auth/kerb5.c, auth/pam.c:
15977 add DARPA credit on affected files
15980 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
15981 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
15983 add DARPA credit on affected files
15987 add DARPA credit on affected files
15990 * defaults.c, defaults.h:
15991 add DARPA credit on affected files
15995 add DARPA credit on affected files
15998 * Makefile.in, alloc.c, check.c:
15999 add DARPA credit on affected files
16003 slightly different wording for the darpa credit
16006 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
16012 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
16015 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
16016 Kerberos like we did before I messed things up ;-)
16018 Use krb5_principal_get_comp_string() to do the same thing w/
16019 Heimdal. I'm not sure if the component should be 0 or 1 in this
16022 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
16023 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
16024 should be a configure check for this I guess.
16027 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
16030 builtin -> built-in; Jason McIntyre
16033 * TROUBLESHOOTING, config.h.in, configure, configure.in:
16034 builtin -> built-in; Jason McIntyre
16038 built in -> built-in; Jason McIntyre
16041 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
16044 checkpoint for 1.6.7p3
16048 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
16049 Amazingly, sudo source from 1985 is available via groups.google.com
16053 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
16054 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
16055 RLIMIT_CORE restoration on some OSes.
16058 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
16061 Make this compile on Heimdal and MIT Kerberos 5
16064 * config.h.in, configure, configure.in:
16065 Check for heimdal even if we found krb5-config and define
16070 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
16071 no longer defined by MIT kerb5 (though it used to be and indeed
16072 remains so in Heimdal).
16075 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
16078 Remove newer stuff that passes multiple (possibly duplicate)
16079 directories to "mkdir -p" since that seems to break on Tru64 Unix at
16080 least. This basically brings back what shipped with sudo 1.6.6.
16083 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
16086 Correct number of args to krb5_principal_get_realm() and fix an
16087 unclosed comment that hid the bug.
16114 * CHANGES, version.h:
16123 use krb5-config to determine Kerberos V details if it exists
16126 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
16127 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
16128 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
16129 testsudoers.c, visudo.c:
16130 Use warn/err and getprogname() throughout. The main exception is
16131 openlog(). Since the admin may be filtering logs based on the
16132 program name in the log files, hard code this to "sudo".
16136 Add getprogname.c and err.c
16143 * config.h.in, configure.in:
16144 Add checks for getprognam(), __progname and err.h
16148 For systems withour err/warn functions.
16152 For systems withour err/warn functions.
16156 For systems neither getprogname() nor __progname; uses Argv[0].
16159 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
16162 checkpoint for 1.6.7p1
16165 * sudo.c, testsudoers.c:
16166 fix strlcpy() rval check (innocuous)
16170 oflow detection in expand_prompt() was faulty (false positives). The
16171 count was based on strlcat() return value which includes the length
16172 of the entire string.
16175 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
16178 checkpoint for the sudo 1.6.7 release
16179 [096bab4da29a] [SUDO_1_6_7]
16182 checkpoint for the sudo 1.6.7 release
16185 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
16188 g/c unused variable
16196 use man sections 8 and 5 for csops
16199 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
16206 Add -lskey or -lopie directly to SUDO_LIBS instead of having
16207 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
16215 Add --with-blibpath for AIX. An alternate libpath may be specified
16217 -blibpath support can be disabled. Also change conifgure such that
16218 -blibpath is not specified if no -L libpaths were added to
16223 Add --with-blibpath for AIX. An alternate libpath may be specified
16225 -blibpath support can be disabled. Also change conifgure such that
16226 -blibpath is not specified if no -L libpaths were added to
16231 Add --with-blibpath for AIX. An alternate libpath may be specified
16233 -blibpath support can be disabled. Also change conifgure such that
16234 -blibpath is not specified if no -L libpaths were added to
16239 add AIX blibpath support
16242 * INSTALL, configure.in:
16243 --with-skey and --with-opie now take an option directory argument
16244 This obsoletes a --with-csops hack (/tools/cs/skey)
16246 Also remove the remaining direct uses of "echo"
16249 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
16252 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
16253 for KTH Kerberos IV and V.
16257 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
16258 -R/path/to/dir if $with_rpath) to the specified variable.
16261 * INSTALL, configure.in:
16262 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
16263 option, --with-rpath to control this behavior.
16267 for kerb4 put libdes after libkrb on the link line
16275 fix kerberos lib check when a path is specified
16279 Fix boolean thinko in SIGCHLD reaper and call reapchild after
16280 sending mail instead of doing a conditional sudo_waitpid.
16283 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
16290 replace =DIR with [=DIR] where sensible
16294 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
16295 detection based on openssh's configure.in
16299 --with-kerb4 and --with-kerb5 now take an optional argument.
16302 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
16305 Kill remaining strcpy(), the programmer's guide says username is 32
16310 trat uid_t as unsigned long for printf and use snprintf, not sprintf
16317 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
16319 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
16320 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
16321 auth/rfc1938.c, auth/sudo_auth.c:
16322 update copyright year
16325 * sudo.man.in, sudoers.man.in, visudo.man.in:
16326 update copyright year
16329 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
16330 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
16331 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
16332 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
16333 update copyright year
16336 * check.c, env.c, sudo.c:
16337 Cast [ug]ids to unsigned long and printf with %lu
16345 correct error messages for --with-sudoers-{mode,uid,gid}
16349 make the malloc(0) error specific to each function to aid tracking
16354 deal with platforms where size_t is signed and there is no SIZE_MAX
16359 Make this compile w/ Heimdal and fix some gcc warnings.
16363 Use stat_sudoers macro so --with-stow can work
16366 * INSTALL, config.h.in, configure, configure.in:
16367 Add support for --with-stow based on patches from Robert Uhl
16383 use strlcpy, not strncpy
16387 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
16394 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
16396 * strlcat.c, strlcpy.c:
16397 Make gcc shutup about unused rcsid
16401 Move the n == 0 check for the non-getifaddrs cas
16405 skeychallenge() on NetBSD take a size parameter
16413 put -ldl after -lpam, not before; fixes static linking on Linux
16417 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
16421 * sudo.cat, sudoers.cat, visudo.cat:
16425 * sudo.man.in, sudoers.man.in, visudo.man.in:
16430 Preserve copyright notice from .pod file in .man.in file
16434 Add sudoers(5) to SEE ALSO
16437 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
16444 Don't assume libc can realloc() a NULL string. If malloc/realloc
16445 fails, make sure we just return; yyerror() is not terminal.
16453 simplify fill_args a little and use strlcpy for paranoia
16460 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
16462 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
16463 cases the strings were either pre-allocated to the correct size of
16464 length checks were done before the copy but a little paranoia can go
16469 Add strlc{at,py} protos
16472 * env.c, interfaces.c:
16481 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
16482 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
16486 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
16491 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
16494 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16497 Use snprintf() for paranoia
16501 Use emalloc2 and erealloc3
16505 strlc{at,py} for those w/o it
16508 * strlcat.c, strlcpy.c:
16509 stlc{at,py} for those w/o it.
16512 * config.h.in, configure, configure.in:
16513 Add stlc{at,py} for those w/o it.
16517 Add erealloc3(), a realloc() version of emalloc2().
16520 * interfaces.c, sudo.c:
16521 Use emalloc2() to allocate N things of a certain size.
16525 Add emalloc2() -- like calloc() but w/o the bzero and with
16526 error/oflow checking.
16530 Error out on malloc(0); suggested by theo
16533 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
16535 * configure, configure.in:
16536 fix a typo; David Krause
16539 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
16545 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
16548 Remove DYLD_ from the environment for MacOS X; from bbraun
16551 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
16553 * config.h.in, configure.in:
16554 not not; Anil Madhavapeddy
16557 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
16559 * sudo.pod, sudoers.pod, visudo.pod:
16560 typos; jmc@openbsd.org
16563 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
16566 Add some missing ';' rule terminators that bison warns about.
16570 fix typo I introduced in last merge
16574 regenerate with autoconf 2.57
16578 Add missing "$HOME"
16582 Add some more square backets to make autoconf 2.57 happy
16585 * config.sub, mkinstalldirs:
16586 Updates from autoconf-2.57
16590 Updates from autoconf-2.57
16593 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
16599 * lex.yy.c, sudo.tab.c:
16603 * parse.lex, parse.yacc, sudoers.pod:
16604 Add support for Defaults>RunasUser
16607 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
16610 fclose() yyin after each yyparse() is done and use fopen() instead
16611 of using freopen().
16615 Better fix for sudoers files w/o a newline before EOF. It looks
16616 like the issue is that yyrestart() does not reset the start
16617 condition to INITIAL which is an issue since we parse sudoers
16621 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
16624 Work around what appears to be a flex bug when dealing with files
16625 that lack a final newline before EOF. This adds a rule to match EOF
16626 in the non-initial states which resets the state to INITIAL and
16631 o The parser needs sudoers to end with a newline but some editors
16632 (emacs) may not add one. Check for a missing newline at EOF and
16633 add one if needed. o Set quiet flag during initial sudoers parse (to
16634 get options) o Move yyrestart() call and always use freopen() to
16635 open yyin after initial sudoers parse.
16638 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
16641 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
16642 effective gid, not real gid, when reading sudoers.
16646 don't compile set_perms_posix if we have setreuid or setresuid
16649 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
16651 * sudo.pod, sudoers.pod:
16652 document new prompt escapes
16656 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
16657 collapsed to "%" as was originally intended. This also gets rid of
16658 lastchar (does lookahead instead of lookback) which should simplify
16659 the logic slightly.
16662 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
16665 Write the prompt *after* turning off echo to avoid some password
16666 characters being echoed on heavily-loaded machines with fast
16671 Add support for mipseb; wiz@danbala.tuwien.ac.at
16675 Fix IRIX fallout from name changes in man dir/sect Makefile
16676 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
16680 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
16681 the global copy. Problem noted by Peter Pentchev.
16684 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
16691 Add missing yyerror() calls; YYERROR does not seem to call this for
16695 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
16698 fix typo in comment; Pedro Bastos
16701 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
16704 document --disable-setresuid
16707 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
16709 Sprinkle some volatile qualifiers to prevent over-enthusiastic
16710 optimizers from removing memset() calls.
16713 * logging.c, parse.yacc:
16714 minor sign fixes pointed out by gcc -Wsign-compare
16717 * set_perms.c, sudo.c, sudo.h:
16718 Revamp set_perms. We now use a version based on setresuid() or
16719 setreuid() when possible since that allows us to support the
16720 stay_setuid option and we always know exactly what the semantics
16721 will be (various Linux kernels have broken POSIX saved uid support).
16724 * config.h.in, configure:
16725 regen from configure.in
16729 Add checks for setresuid() and a way to disable using it
16733 No long need to emulate set*[ug]id() via setres[ug]id() or
16734 setre[ug]id(). The new set_perms stuff only uses things it knows are
16739 Before exec, restore state of signal handlers to be the same as when
16740 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
16741 a problem when using sudo with nohup. Based on a patch from Paul
16746 o timestamp_uid should be uid_t, not int o clarify error message
16747 when sudo is run by root and no_root_sudo is set
16750 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
16753 update ftp link for bison
16756 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
16759 Error out if setusercontext() fails and the runas user is not root.
16762 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
16769 Fix SecurID API test
16772 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
16779 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
16780 but I don't see a better way at the moment.
16783 * Makefile.in, auth/securid5.c:
16784 SecurID API version 5 support from Michael Stroucken
16788 Add check for SecurID 5.0 API
16791 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
16794 We actually do still need config.h to get the 'const' definition for
16798 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
16801 regen with autoconf 2.5.3
16805 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
16809 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
16810 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
16813 * env.c, sudo.c, sudo.h:
16814 No need for dump_badenv() now that dump_defaults() knows how to dump
16818 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
16824 document timestampowner
16828 Don't call set_perms() when doing timestamp stuff unless
16829 timestamp_uid != 0.
16832 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
16833 sudo.h, testsudoers.c:
16834 g/c second arg to set_perms--it is no longer used
16837 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
16839 * check.c, set_perms.c, sudo.c, sudo.h:
16840 Add support for non-root timestamp dirs. This allows the timestamp
16841 dir to be shared via NFS (though this is not recommended).
16844 * def_data.c, def_data.h, def_data.in:
16845 Add timestampowner, "Owner of the authentication timestamp dir"
16848 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
16851 Don't try to pre-compute the size of the new envp, just allocate
16852 space up front and realloc as needed. Changes to the new env
16853 pointer must all be made through insert_env() which now keeps track
16854 of spaced used and allocates as needed.
16857 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
16864 Fix two typo/pastos; from jrj@purdue.edu
16867 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
16869 * INSTALL.binary, README:
16871 [a1e33027278c] [SUDO_1_6_6]
16873 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
16874 visudo.cat, visudo.man.in:
16878 * CHANGES, RUNSON, TODO:
16883 The the loop used to expand %h and %u, the lastchar variable was not
16884 being initialized. This means that if the last char in the prompt
16885 is '%' and the first char is 'h' or 'u' a extra copy of the host or
16886 user name would be copied, for which space had not been allocated.
16889 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
16891 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
16892 crank version to 1.6.6
16896 #undef VOID to get rid of an AFS warning
16900 Use easprintf instead of emalloc + sprintf for some things.
16903 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
16905 * lex.yy.c, sudo.tab.c:
16909 * parse.c, parse.lex, parse.yacc, testsudoers.c:
16910 Remove Chris Jepeway's email address so people don't bug him ;-)
16913 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16916 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
16917 endgrent() at the same time.
16920 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
16923 Make it clear which configure options take arguments.
16926 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
16929 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
16930 RLIM_INFINITY, just pretend it is -1. This works because we only
16931 check for RLIM_INFINITY and do not set anything to that value.
16934 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
16937 Zero and free allocated memory when there is a conversation error.
16941 Use sigaction() not signal()
16945 Mention that some linux kernels have broken POSIX saved ID support
16949 checkpoint for 1.6.5p2
16957 Add --disable-setreuid flag
16961 Document new --disable-setreuid option and change description for
16962 --disable-saved-ids to match new error message.
16966 fatal() now takes an argument that determines whether or not to call
16971 Update for new error messages from set_perms()
16975 Update for new error messages from set_perms()
16978 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
16981 Make this compile w/o warnings
16985 Mention that we can't use pam_acct_mgmt()
16988 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
16989 The user's password was not zeroed after use when AIX
16990 authentication, BSD authentication, FWTK or PAM was in use.
16993 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
16996 Avoid giving PAM a NULL password response, use the empty string
16997 instead. This avoids a log warning when the user hits ^C at the
16998 password prompt when PAM is in use.
17002 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
17003 pam_setcred() returns the last saved return code, not the return
17004 code for the setcred module. Because we haven't called
17005 pam_authenticate(), this is not set and so pam_setcred() returns
17010 Don't need a '/' between $(DESTDIR) and a directory.
17014 Don't need a '/' between $(DESTDIR) and a directory.
17017 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
17024 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
17025 setreuid() o new NetBSD has a real setreuid() o add check for
17026 freeifaddrs() if getifaddrs() exists.
17029 * config.h.in, interfaces.c:
17030 Older BSDi releases lack freeifaddrs() so add a test for that and if
17031 it is not present just use free().
17034 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
17037 Checkpoint for 1.6.5p1
17041 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
17042 to normal passwords, not AUTH_FATAL (which just causes an exit).
17046 Don't use memory after it has been freed.
17050 skeyaccess() wants a struct passwd * not a char *; Patch from
17052 [65a1d3806fcd] [SUDO_1_6_5]
17058 * CHANGES, RUNSON, TODO:
17059 checkpoint for sudo 1.6.5
17062 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
17068 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
17072 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17078 o when invoking the mailer as root use a hard-coded environment that
17079 doesn't include any info from the user's environment. Basically
17082 o Add support for the NO_ROOT_MAILER compile-time option and run the
17083 mailer as the user and not root if NO_ROOT_MAILER is defined.
17086 * set_perms.c, sudo.h:
17087 Bring back PERM_FULL_USER
17098 * INSTALL, config.h.in, configure.in:
17099 Add --disable-root-mailer option to run the mailer as the user and
17104 checkpoint for 1.6.4p2
17108 Mention the "seteuid(0): Operation not permitted" problem here too
17109 just for good measure.
17112 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
17114 * env.c, getspwuid.c, sudo.c:
17115 The SHELL environment variable was preserved from the user's
17116 environment instead of being reset based on the passwd database when
17117 the "env_reset" option was used. Now it is reset as it should be.
17124 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
17126 Add a configure option to turn off use of POSIX saved IDs
17134 add --with-efence option
17138 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
17139 "sudo -l" would not work if always_set_home was set.
17147 Quoted commas were not being treated correctly in command line
17152 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
17153 Otherwise, the set_home option has no effect.
17155 o Fix use of freed memory when the "fqdn" flag is set. This was
17156 introduced by the fix for the "segv when gethostbynam() fails" bug.
17157 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
17158 there is no need to check the "fqdn" flag in set_fqdn() itself.
17162 Add 'continue' statements to optimize the switch statement. From
17166 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
17168 * sudoers.cat, sudoers.man.in:
17169 Regen from new sudoers.pod
17170 [6ecc07b3d0e1] [SUDO_1_6_4]
17173 Add caveat about stay_setuid flag
17177 If set_perms == set_perms_posix and the stay_setuid flag is not set,
17178 set all uids to 0 and use set_perms_fallback().
17181 * set_perms.c, sudo.h:
17182 Remove PERM_FULL_USER (which is no longer used) and add
17183 PERM_FULL_ROOT (used when exec'ing the mailer).
17187 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
17188 never want to run the mailer setuid.
17191 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
17193 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
17195 Use sudo.ws instead of courtesan.com in URLs
17198 * Makefile.binary, Makefile.in:
17199 Fix mansect substitution
17203 Substitute man sections in Makefile.binary
17207 Sync install targets with Makefile.in and substitute in man
17211 * INSTALL, INSTALL.binary:
17216 Repair bindist target
17223 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
17226 Fix case where neither whoami nor id are found
17229 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
17232 If neither whoami nor id exists, just assume we are root.
17236 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
17237 on AIX which for some reason isn't pulling in the malloc prototype.
17240 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
17242 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
17251 Defer assigning new environment until right before the exec.
17255 kill extra blank line
17258 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
17265 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
17266 compiler doesn't recognise -O2.
17270 Clarify origins of Root Group sudo a bit based on info from
17271 billp@rootgroup.com
17274 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
17281 checkpoint for 1.6.4rc1
17284 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
17287 now generated via autoheader
17295 Move in some stuff that was previously in config.h.
17298 * aclocal.m4, configure.in:
17299 Add info for autoheader.
17302 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
17305 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
17306 -g to facilitate non-root installs
17310 Add -M option (like -m but only for root) If we can't find "whoami",
17311 use "id" w/ some sed.
17319 allow user to always override mansectsu and mansectform
17322 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
17325 update from autoconf 2.52
17328 * config.guess, config.sub:
17329 Update from autoconf 2.52
17333 regen with autoconf 2.52
17337 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
17338 mode o Remove compiler-specific checks for HP-UX now that we use
17347 o Add pam_prep_user function to call pam_setcred() for the target
17348 user; on Linux this often sets resource limits. o When calling
17349 pam_end(), try to convert the auth->result to a PAM_FOO value.
17350 This is a hack--we really need to stash the last PAM_FOO value
17351 received and use that instead.
17354 * set_perms.c, sudo.h:
17355 o Add pam_prep_user function to call pam_setcred() for the target
17356 user; on Linux this often sets resource limits.
17360 Fix off by one error in number of bytes allocated via malloc (does
17361 not affected any released version of sudo).
17364 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
17371 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
17372 requiring that they be quoted.
17375 * sudoers.cat, sudoers.man.in, sudoers.pod:
17376 Mention that no double quotes are needed when
17377 adding/deleting/assigning a single value to a list.
17381 Don't rely on mkdefaults being executable, call perl explicitly.
17389 Remove some XXX that are no longer relevant.
17393 o Roll our own loop instead of using strpbrk() for better
17394 grokability o When adding to a list we must malloc() and use
17395 memcpy(), not strdup() since we must only copy len bytes from str.
17398 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
17408 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
17419 avoid the -g flag unless --with-devel was specified
17423 mkdefaults, def_data.in and sigaction.c were missing from the
17428 def_data.c was missing
17431 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
17434 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
17435 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
17443 Add comment for Default section so folks know where it should go.
17446 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
17449 Use TCSETAF, not TCSETA to set terminal in termio case
17452 * sudoers.cat, sudoers.man.in:
17453 regen from sudoers.pod
17457 o Typo, Runas_User_List should be Runas_List o a User_List can not
17458 contain a uid o mention that the Defaults section should come after
17459 Alias definitions but before the user specifications
17462 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
17464 * sudoers.cat, sudoers.man.in:
17469 Fix listpw and verifypw sections, they were not being formatted
17473 * sudoers.cat, sudoers.man.in:
17485 * config.h.in, configure.in:
17486 use AC_SYS_POSIX_TERMIOS instead of rolling our own
17490 Reference sudo.ws not courtesan.com
17494 Add notes on shadow passwords
17498 In list mode (sudo -l), characters escaped with a backslash are
17499 shown verbatim with the backslash.
17503 Add simple examples from OpenBSD (Marc Espie)
17507 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
17511 minor prettyification
17519 Fix CIDR handling here too.
17523 Apparently a NULL response is OK
17527 Checkpoint for upcoming beta release
17531 Many people believe that adding a runas spec should obviate the need
17532 for the -u flag. It does not.
17536 checkpoint update for upcoming 1.6.4 beta
17540 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
17541 if HAVE_STRING_H is defined -- this is safe now
17545 Add signals section
17553 Fix check for sigaction_t
17557 XXX - should call find_path() as runas user, not root. Can't do
17558 that until the parser changes though.
17562 If find_path() fails as root, try again as the invoking user (useful
17563 for NFS). Idea from Chip Capelik.
17566 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
17567 Regenerate after pod file changes
17570 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
17571 sudo.pod, sudoers.pod:
17572 Add new sudoers option "preserve_groups". Previously sudo would not
17573 call initgroups() if the target user was root. Now it always calls
17574 initgroups() unless the -P command line option or the
17575 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
17578 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
17580 * compat.h, config.h.in:
17581 Use new HAVE_SIGACTION_T define
17585 Fix compilation on K&C
17593 Add check for sigaction_t -- IRIX already defines this so don't
17602 need stdlib.h here too
17610 Remove redundant checks for string.h, strings.h and unistd.h
17613 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17615 Regen from pod files
17622 * configure, lex.yy.c, sudo.tab.c:
17627 Return EINVAL if errnum > sys_nerr
17630 * auth/sudo_auth.h:
17631 o Update copyright year
17634 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
17635 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
17637 o Update copyright year
17641 o Don't define STDC_HEADERS unconditionally for IRIX o Update
17649 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
17650 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
17651 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
17652 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
17653 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
17655 o Reorder some headers and use STDC_HEADERS define properly o Update
17660 o Reorder some headers and use STDC_HEADERS define properly o Update
17664 * getspwuid.c, goodpath.c, interfaces.c:
17665 o Reorder some headers and use STDC_HEADERS define properly o Update
17670 o Reorder some headers and use STDC_HEADERS define properly o Update
17674 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
17676 o Reorder some headers and use STDC_HEADERS define properly o Update
17685 flags set in signal handlers should be volatile sig_atomic_t
17688 * config.h.in, configure.in:
17689 Add checks for volatile and sig_atomic_t
17692 * configure, lex.yy.c:
17696 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
17697 sudo.c, sudoers.pod:
17698 Remove "secure_path" Defaults option since it cannot work with the
17702 * find_path.c, sudo.c:
17703 Unset "secure_path" if user_is_exempt()
17706 * env.c, pathnames.h.in:
17707 o Remove assumption that PATH and TERM are not listed in env_keep o
17708 If no PATH is in the environment use a default value o If TERM is
17709 not set in the non-reset case also give it a default value.
17712 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
17713 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
17714 systems that define in paths.h
17717 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
17718 Add support for skeyaccess(3) if it is present in libskey.
17721 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
17724 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
17728 '\\' is a perfectly legal character to have in a command line
17733 o Defer call to set_fqdn() until it is safe to use log_error() o
17734 Don't print errno string value if gethostbyname fails, it is not
17739 Fix CIDR -> in_addr_t conversion.
17742 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
17745 Remove an extra "User_List" in the User_Spec definition From
17746 ybertrand AT snoopymail.com
17750 Make 'listpw=never' work for users who are not explicitly mentioned
17755 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
17759 Document new list Defaults type and convert env_keep and env_delete
17760 to lists. Document new env_check option.
17763 * lex.yy.c, sudo.tab.c, sudo.tab.h:
17768 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
17777 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
17780 * config.h.in, configure.in:
17781 Add check for skeyaccess(3)
17785 Document new -c, -f, and -q options
17789 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
17796 * aclocal.m4, config.h.in, configure.in:
17797 Add check for isblank and a replacement macro if it doesn't exist.
17800 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
17803 In check-only mode, don't create sudoers if it does not already
17808 o Add a new token, DEFVAR, to indicate a Defaults variable name o
17809 Add support for "+=" and "-=" list operators o replace some 1 and 0
17810 with TRUE and FALSE for greater legibility.
17814 o Use exclusive start conditions to remove some ambiguity in the
17815 lexer. Also reorder some things for clarity. o Add support for
17816 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
17817 a Defaults variable name.
17821 Prototype init_envtables()
17825 o Convert environment handling to use lists instead of strings.
17826 This greatly simplifies routines that need to do "foreach" type
17827 operations. o Add new init_envtables() function to set env_check
17828 and env_delete defaults based on initial_badenv_table and
17829 initial_checkenv_table (formerly sudo_badenv_table).
17832 * defaults.c, defaults.h:
17833 o Add a new LIST type and functions to manipulate it. o This is for
17834 use with environment handling variables. o Call new
17835 init_envtables() routine inside init_defaults() to initialize the
17839 * def_data.c, def_data.h, def_data.in:
17840 Convert environment options to use the new LIST type and add a new
17841 one, env_check that only deletes if the sanity check fails.
17845 Add dummy version of init_envtables()
17853 Add check-only mode
17857 Fix generation of entries with NULL descriptions.
17860 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
17863 Use sigaction_t and quiet a gcc warning.
17867 Must reset signal handlers before we exec
17870 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
17872 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
17873 version needs testing. Set SIGTSTP to SIG_DFL during password entry
17874 so user can suspend us.
17878 Add support for interrupting/suspending tgetpass via keyboard input.
17879 If you suspend sudo from the password prompt and resume it will re-
17884 Don't block keyboard interrupt signals, just set them to SIG_IGN.
17887 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
17890 add back HAVE_SIGACTION
17897 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
17898 Kill POSIX_SIGNALS define and old signal support now that we emulate
17899 POSIX ones Also be sure to correctly initialize struct sigaction.
17903 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
17907 Add scaffolding for POSIX signal emulation
17911 o Add missing ';' so this compiles o Can't use NULL since we don't
17916 Emulate sigaction() using sigvec()
17919 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
17922 Document new behavior of negative values of timestamp_timeout Fix a
17927 Add security note about command not being logged after 'sudo su' and
17932 Mention that -V prints default values when run as root, including
17933 the list of environment variables to clear.
17937 Run pod2man with --quotes=none to avoid stupid quoting of C<>
17941 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
17943 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
17944 Add mail_badpass option Also modify mail_always behavior to also
17945 send mail when the password is wrong
17948 * env.c, sudo.c, sudo.h:
17949 Dump default bad env table when 'sudo -V' is run by root.
17953 document env_delete
17957 Add support for '*' in env_keep when not resetting the environment
17958 (ie: the normal case).
17962 Add env_delete variable that lets the user replace/add to the
17963 bad_env_table. Allow '*' wildcard in env_keep entries.
17966 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
17969 Force umask to 022 to guarantee sane directory permissions.
17972 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
17975 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
17979 fix breakage in last commit
17983 acsite.m4 -> aclocal.m4
17987 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
17991 regenerated from def_data.in
17994 * check.c, defaults.c, defaults.h:
17995 Add new T_UINT type that most things use instead of T_INT If
17996 timestamp_timeout is < 0 then treat the ticket as never expiring (to
17997 be expired manually by the user).
18001 change most T_INT -> T_UINT
18005 fix warning when no args
18009 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
18010 we are a signal handler. We no longer print the signal number but
18011 the user can just check the exit value for that.
18014 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
18017 when setting up pipes in child process check for case where stdin ==
18021 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
18024 Ignore editor exit value since XPG4 says vi's exit value is the
18025 count of editing errors made (failed searches, etc).
18028 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
18035 sco now is identified by config.guess as *-sco-*
18039 Check for getspnam() in -lgen if not in -lc for UnixWare.
18042 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
18044 * sudoers.pod, visudo.pod:
18045 "upper case" -> "uppercase"
18049 fix typos and grammar; pjanzen@foatdi.harvard.edu
18052 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
18055 Missing word (specify); krapht@secureops.com
18058 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
18061 If we fail to lookup a login class, apply the default one.
18065 In log_error() free message, not logline unconditionally, then free
18066 logline if it is not the same as message. No function change but
18067 this mirrors how they are allocated.
18070 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
18077 remove some backslash quotes that are unneeded
18081 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
18082 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
18083 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
18084 to AC_DEFINE things manually.
18087 * config.guess, config.sub:
18088 Updated from autoconf-2.50
18091 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
18094 Update mailing list section. We use mailman now, not majordomo.
18097 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
18099 * getspwuid.c, logging.c, sudo.c:
18100 Use setpwent()/endpwent() + all the shadow variants to make sure we
18101 don't inadvertantly leak an fd to the child. Apparently Linux's
18102 shadow routines leave the fd open even if you don't call setspent().
18103 Reported by mike@gistnet.com; different patch used.
18106 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
18113 select() may return EAGAIN. If so, continue like we do for EINTR.
18117 Fix a non-exploitable buffer overflow in the word splitting code.
18118 This should really be rewritten.
18126 Tell people to look in sample.syslog.conf for examples, not FAQ
18130 Update list of env vars that are cleared
18134 remove struct env_table decl since that stuff has all moved to env.c
18137 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
18140 Fix a pasto in flock-style unlocking and include <sys/file.h> for
18141 flock on older systems; twetzel@gwdg.de
18145 regen to get NeXT lockf/flock fix
18149 force NeXT to use flock since lockf is broken
18152 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
18155 Use stashed user_gid when checking against exempt gid since sudo
18156 sets its gid to a a value that makes sudoers readable. Previously
18157 if you used gid 0 as the exempt group everyone would be exempt. From
18158 Paul Kranenburg <pk@cs.few.eur.nl>
18161 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
18168 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
18169 some types (such as ssize_t) therein.
18172 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
18175 Fix negation of paths in a boolean context. Problem found by
18179 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
18185 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
18188 SA_RESETHAND means the opposite of what I was thinking--oops To
18189 block all signals in old-style signals use ~0, not 0xffffffff
18192 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
18195 coerce difference of pointers to int when used in a string length
18196 printf format; deraadt@openbsd.org
18199 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
18202 Block all signals in Exit() to avoid a signal race. There is still
18203 a tiny window but I'm not going to worry about it.
18206 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
18209 glibc uses the LANGUAGE env var so clear that too; Solar Designer
18213 Regenerate with a fix to flex.skl that preserves errno from
18214 clobbering by isatty().
18217 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
18219 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
18220 auth/sia.c, auth/sudo_auth.c:
18221 Some defaults I_ defines got renamed.
18224 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
18225 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
18226 set_perms.c, sudo.c, sudo.tab.c:
18227 Move defaults info into its own files from which we generate .h and
18228 .c files. This makes adding or rearranging variables much simpler.
18231 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
18233 * configure, configure.in:
18234 fix typo in last commit
18237 * compat.h, config.h.in, configure, configure.in:
18238 Add check + emulation for setegid (like seteuid).
18242 Make env_keep override badenv_table as documented Fix traversal of
18243 badenv_table (broken in last commit)
18246 * set_perms.c, sudo.c, sudo.h:
18247 Don't try and build saved uid version of set_perms on systems w/o
18248 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
18249 set_perms_setreuid simply be set_perms_fallback() and simply include
18250 the appropriate function at compile time (setreuid() vs. setuid()).
18253 * sudoers.cat, sudoers.man.in, sudoers.pod:
18254 PATH is also preserved when env_reset is in effect
18257 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
18258 configure.in, defaults.c, defaults.h, env.c, find_path.c,
18259 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
18260 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
18261 visudo.c, visudo.cat, visudo.man.in:
18262 New Defaults options: o stay_setuid - sudo will remain setuid if
18263 system has saved uids or setreuid(2) o env_reset - reset the
18264 environment to a sane default o env_keep - preserve environment
18265 variables that would otherwise be cleared
18267 No longer use getenv/putenv/setenv functions--do environment munging
18268 by hand. Potentially dangerous environment variables can be cleared
18269 only if they contain '/' pr '%' characters to protect buggy
18270 programs. Moved environment routines into env.c (new file)
18274 Clear up --without-passwd description
18277 * putenv.c, sudo_setenv.c:
18278 We now build up a new environment from scratch and assign it to
18282 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
18284 * sudo.pod, visudo.pod:
18285 Grammatical fixes from Paul Janzen
18288 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
18291 If there was a syntax error and the user just wants to quit, unlink
18292 sudoers if it is zero length.
18296 'Q' means ignore parse error, not 'q'
18300 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
18304 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
18307 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
18310 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
18312 * config.guess, config.sub:
18313 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
18316 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
18318 * sudo.c, visudo.c:
18319 Use exit(127), not exit(-1)
18322 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
18323 Move set_perms() to its own file and use POSIX saved uid or
18324 setreuid() if available.
18326 Added stay_setuid option for systems that have libraries that
18327 perform extra paranoia checks in system libraries for setuid
18328 programs (ie: anything with issetugid(2)).
18332 strip more bits from the environment and add a facility for
18333 stripping things only if they contain '/' or '%' to address printf
18334 format string vulnerabilities in other programs.
18337 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
18344 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
18353 Check for strcasecmp(3) in -lc89 for NCR Unix
18356 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
18359 Define HAVE_INNETGR #ifdef HAVE__INNETGR
18366 * compat.h, config.h.in, configure.in:
18367 Add check for _innetgr(3) since NCR systems have that instead of
18371 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
18374 check return value of creadcfg() call sd_close() after sd_auth()
18375 store username in sd->username so we don't rely on the USER env
18379 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
18382 document --with-bsdauth
18390 --with-bsdauth assumes --with-logincap
18393 * auth/bsdauth.c, auth/fwtk.c:
18394 When prompting for a response to a challenge, if the user just hits
18395 return then reprompt with echo turned on.
18398 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
18401 Remove debugging code that should not have been committed, oops.
18405 Use lower-level routines and get the password ourselves. Checks for
18406 a challenge and if there is one echo is not turned off.
18409 * auth/pam.c, auth/sudo_auth.h:
18410 minor housekeeping, no real code changes
18413 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
18416 Fix a coredump in the logging functions if gethostname(2) fails by
18417 deferring the call to log_error() until things are better setup.
18419 Fix return value of set_loginclass() in non-BSD-auth case.
18421 Hard-code 'sudo' in the usage message so we can fit more options on
18426 Fix errant ';' (typo) that broken MSG_ONLY
18429 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
18431 * sudo.cat, sudo.man.in:
18439 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
18440 configure, configure.in, getspwuid.c, sudo.c:
18441 Add support for BSD authentication.
18444 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
18447 Fix typo; from sato@complex.eng.hokudai.ac.jp
18450 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
18453 Mention negating umask
18457 Allow user to specify umask of 0777 (same as !umask)
18460 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
18462 * sudo.pod, visudo.pod:
18463 Fix a typo and give a URL for the sudo history.
18466 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
18468 * defaults.c, sudo.pod:
18469 fix typos; pepper@reppep.com
18472 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
18474 * sudo.c, sudo.h, sudo_setenv.c:
18475 sudo_setenv() now exits on memory alloc failure instead of returning
18479 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
18482 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
18483 and possibly others.
18487 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
18488 that "%m" won't be expanded but we don't use that anyway since the
18489 logging routines may splat to stderr as well.
18492 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
18494 Add always_set_home variable
18497 * configure, configure.in:
18498 Have to hard code default values in help since the defaults are set
18499 _after_ the help stuff.
18502 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
18504 * lex.yy.c, parse.lex:
18505 Allow special characters (including '#') to be embedded in pathnames
18506 if quoted by a '\\'. The quoted chars will be dealt with by
18507 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
18510 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
18513 Better path searching for programs we need.
18517 Add section on "C compiler cannot create executables" errors.
18520 * Makefile.binary, Makefile.in, version.h:
18524 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
18525 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
18526 visudo.man.in, visudo.pod:
18527 Substitute values from configure into man pages.
18530 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
18533 The listpw and verifypw sudoers options would not take effect
18534 because the value of the default was checked *before* sudoers was
18535 parsed. Instead of passing in the value of PWCHECK_* to
18536 sudoers_lookup(), pass in the arg for def_ival() so the check can be
18537 deferred until after sudoers is parsed.
18540 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
18543 When writing prompt, no need to write the NUL as well;
18547 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18550 When looking for chown, check in /sbin too
18553 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
18556 Remove extraneous call to init_defaults() and set runas_user to NULL
18557 betweem parses so init_defaults will reset it each time, thus
18558 avoiding a reference to free()d data.
18561 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
18563 * config.h.in, interfaces.c, interfaces.h, sudo.c:
18564 Add support for using getifaddrs() to get the list of ip addr /
18565 netmask pairs. Currently IPv4-only.
18569 Add a missing check for UserEditor == NULL Add missing '+' before
18570 line number when invoking editor to fix a syntax error
18573 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
18576 Call clean_env very early in main() for paranoia's sake. Idea from
18580 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
18583 Update proto for evasprintf and easprintf
18587 Make easprintf() and evasprintf() return an int.
18591 If the targetpw flag is set, use target username as part of the
18592 timestamp path. If tty tickets are in effect cat the tty and the
18593 target username with a ':' as the separator.
18596 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
18599 Backout part of last change; setting PAM_USER to the invoking user
18600 breaks things like targetpw.
18604 set tty and username via pam_set_item
18607 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
18608 Fix root, runas, and target authentication for non-passwd file auth
18612 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
18614 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
18615 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
18616 Use B<-Z> not C<-Z> for command line flags in all places. This is
18617 more consistent and works around a bug in Pod::Man.
18620 * sudoers.cat, sudoers.man.in, sudoers.pod:
18621 Fix an occurence of 'semicolon' that should be 'colon'
18624 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
18626 * configure, configure.in:
18627 Fix --with-badpri help line
18630 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
18632 * defaults.c, logging.c, sudo.c:
18633 Bracket calls to syslog with an openlog() and closelog() since some
18634 authentication methods (like PAM) may do their own logging via
18635 syslog. Since we don't use syslog much (usually just once per
18636 session) this doesn't really incur a performance penalty. It also
18637 Fixes a SEGV with pam_kafs.
18640 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
18643 Fix -H flag. runas_homedir is only valid after
18644 set_perms(PERM_RUNAS, mode)
18647 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
18650 Clarify the fact that insults are not enabled just by including them
18654 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
18656 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18658 Regenerated with perl 5.6.0 pod2man
18662 Give date string to pod2man since its default is ugly and it ain't
18667 Do section substitution on the output of pod2man and remove hack
18668 needed for old pod2man.
18671 * sudo.pod, sudoers.pod, visudo.pod:
18672 Put back real man sections, we will do the substitution later.
18675 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
18677 * configure, configure.in:
18678 Don't bother checking for the path to vi if user specified --with-
18682 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
18684 * CHANGES, visudo.c:
18685 Visudo now does its own fork/exec instead of calling system(3).
18688 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
18689 sudoers.pod, visudo.c:
18690 Visudo now checks for the existence of an editor and gives a
18691 sensible error if it does not exist.
18693 The path to the editor for visudo is now a colon-separated list of
18694 allowable editors. If the user has $EDITOR set and it matches one
18695 of the allowed editors that editor will be used. If not, the first
18696 editor in the list that actually exists is used.
18699 * sudo.cat, sudo.man.in, sudo.pod:
18700 Clear up confusion wrt sudo's return value.
18703 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
18706 Strip sudo and visudo for bindist target
18709 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
18710 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
18711 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
18712 [5eb9e60a726f] [SUDO_1_6_3]
18714 * visudo.cat, visudo.man.in, visudo.pod:
18715 Typo: @sysconf@ -> @sysconfdir@
18719 'make dist' should not cause any files to be modified so remove its
18724 Whoops, forgot to add release marker
18727 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
18730 Final change for 1.6.3 (or so I hope)
18733 * sudo.cat, sudoers.cat, visudo.cat:
18734 Use SYSV man sections since BSD systems will have nroff...
18737 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
18739 * parse.yacc, sudo.tab.c:
18740 When checking to see if the host/user matches in a defaults spec,
18741 check against TRUE, not just non-zero since it might be -1.
18744 * configure, configure.in:
18745 OSF/1 puts file formats in section 4, not 5.
18748 * CHANGES, INSTALL, sudo.c:
18749 Make login class support work on BSD/OS
18756 * configure, configure.in:
18757 If there is no inet_addr but there *is* an __inet_addr that's ok
18758 since inet_addr is probably just a macro then. The better thing to
18759 do would be to look for the macro, but this is fine for now.
18762 * configure, configure.in:
18763 Don't use shlicc for BSD/OS 4.x
18766 * Makefile.in, configure, configure.in:
18767 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
18768 configure variable so we can deal with this. Also, only remove *.man
18769 for 'distclean' not 'clean'.
18773 set_loginclass() should be static like the proto says
18776 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
18779 Add #ifdef __STDC__ around the rangematch function header to avoid
18780 promotion of test to int, thus violating the prototype. Gcc handles
18781 this gracefully but more std ANSI compilers will complain.
18785 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
18788 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
18789 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
18790 FNM_CASEFOLD in configure
18797 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
18798 Fully qualified hosts w/ wildcards were not matching the FQHOST
18799 token type. There's really no need for a separate token for fully-
18800 qualified vs. unqualified anymore so FQHOST is now history and
18801 hostname_matches now decides which hostname (short or long) to check
18802 based on whether or not the pattern contains a '.'.
18806 Fully qualified hosts w/ wildcards were not matching the FQHOST
18807 token type. There's really no need for a separate token for fully-
18808 qualified vs. unqualified anymore so FQHOST is now history and
18809 hostname_matches now decides which hostname (short or long) to check
18810 based on whether or not the pattern contains a '.'.
18813 * lex.yy.c, parse.c, parse.lex, parse.yacc:
18814 Fully qualified hosts w/ wildcards were not matching the FQHOST
18815 token type. There's really no need for a separate token for fully-
18816 qualified vs. unqualified anymore so FQHOST is now history and
18817 hostname_matches now decides which hostname (short or long) to check
18818 based on whether or not the pattern contains a '.'.
18821 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
18822 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
18823 Add support for wildcards in the hostname.
18827 Add targets for *.man.in, using config.status to generate *.man from
18831 * sudoers.cat, sudoers.man.in, sudoers.pod:
18832 Document set_logname option and enbolden refs to sudo and visudo.
18835 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
18836 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
18837 visudo.cat, visudo.man.in, visudo.pod:
18838 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
18839 from Michael D. Marchionna. configure now does substitution on the
18840 man pages, allowing us to fix up the paths and set the section
18841 correctly. Based on an idea from Michael D. Marchionna.
18845 Better fix for handling HP-UX aging info.
18849 Add support for set_logname run-time default
18852 * sudo.man.in, sudoers.man.in, visudo.man.in:
18853 configure does substitution on these to produce *.man
18856 * sudo.man, sudoers.man, visudo.man:
18857 These files now get generated from *.man.in at configure time.
18860 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
18862 * defaults.c, defaults.h:
18863 Add set_logname option so users can turn off setting of LOGNAME/USER
18864 environment variables.
18867 * lsearch.c, parse.c, testsudoers.c:
18871 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
18874 HP-UX adds extra info at the end for password aging so when
18875 comparing the result of crypt to pw_passwd we only compare the first
18876 len(epass) bytes *unless* the user entered an empty string for a
18881 Get rid of grandchild hack, it was causing problems and there is
18882 really no need for it. This fixes a bug where we spin eating up CPU
18883 when the user runs a long-running process like a shell.
18886 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
18889 User can always specify a login class if he/she is already root.
18892 * config.h.in, configure, configure.in, defaults.c, defaults.h,
18894 FreeBSD login class (login.conf) support.
18897 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
18899 * auth/sudo_auth.c:
18900 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
18903 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
18906 Truncate unencrypted password to 8 chars if encrypted password is
18907 exactly 13 characters (indicateing standard a DES password). Many
18908 versions of crypt() do this for you, but not all (like HP-UX's).
18911 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
18914 Mention that gcc on dynix may have problems
18917 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
18920 Link visudo with NET_LIBS since we now call syslog via defaults.c
18924 Use Argv[0] as the first arg to openlog() since visudo uses this
18928 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
18931 Stash coredumpsize resource limit and retsore it before the exec()
18932 Otherwise the child ends up with a coredumpsize of 0.
18935 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
18937 * sudo.cat, sudo.man, sudo.pod:
18945 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
18946 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
18947 Added -S flag (read passwd from stdin) and tgetpass_flags global
18948 that holds flags to be passed in to tgetpass(). Change echo_off
18949 param to tgetpass() into a flags field. There are currently 2
18950 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
18951 tgetpass(), abstract the echo set/clear via macros and if (flags &
18952 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
18956 Fixed a bug that caused an infinite loop when the password timeout
18960 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
18962 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
18963 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
18964 Add rootpw, runaspw, and targetpw options.
18967 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
18969 enveditor -> env_editor
18972 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
18974 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
18975 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
18977 crank versino to 1.6.3
18980 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
18981 sudoers.pod, visudo.c:
18982 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
18983 them. This means that visudo will now parse the sudoers file
18984 *before* it is edited so a bogus sudoers file will cause a warning
18985 to go to stderr. Also, visudo checks the variables once--it does not
18986 check them after each editor run since that could be confusing.
18989 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
18995 * check.c, sudo.c, sudo.h:
18996 Move user_is_exempt prototype into sudo.h
18999 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
19001 * configure, configure.in:
19002 Fix thinko, some && should have been || in the last commit
19005 * configure, configure.in:
19006 Don't initialized Makefile variables to be NULL since the user may
19007 want to import variables from their environment.
19010 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
19012 * configure, configure.in:
19016 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
19019 fix a yacc (skeleton.c) warning
19022 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
19024 * INSTALL, RUNSON, configure, configure.in:
19025 Make pam work on HP-UX 11.0;jaearick@colby.edu
19029 recent changes; prepare for 1.6.2p1
19033 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
19036 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
19039 Regen with yacc that has a memory leak plugged.
19042 * sudoers.cat, sudoers.man, sudoers.pod:
19043 Expanded docs on sudoers 'defaults' options based on INSTALL file
19048 Fix some while lies
19051 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
19054 When making a bindist, link FAQ to TROUBLESHOOTING instead of
19058 * sudoers.cat, sudoers.man, sudoers.pod:
19059 Add netgroup caveat
19060 [28d119f466e3] [SUDO_1_6_2]
19063 Last minute updates
19079 Better detection of PAM errors and fix custom prompts with PAM.
19080 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
19083 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
19086 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
19090 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
19092 * CHANGES, config.h.in, configure, configure.in, visudo.c:
19093 Fix sudoers locking in visudo. We now lock the sudoers file itself,
19094 not the temp file (since locking the temp file can foul up editors).
19095 The previous locking scheme didn't work because the fd was closed
19099 * config.h.in, configure, configure.in:
19100 Don't need test for ftruncate() any more.
19103 * configure, configure.in:
19104 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
19105 the unbundled HP-UX cc.
19108 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
19110 * sudoers.cat, sudoers.man, sudoers.pod:
19111 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
19114 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19116 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
19117 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
19118 version.h, visudo.c:
19119 update copyright year on changed files
19131 Crank version to 1.6.2
19135 Crank version to 1.6.2
19139 When using rlimit check for RLIM_INFINITY When computing the value
19140 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
19147 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
19148 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
19149 Crank version to 1.6.2
19152 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
19153 Add 'shell_noargs' runtime option back in. We have to defer
19154 checking until after the sudoers file has been parsed but since
19155 there are now other options that operate that way this one can too.
19156 Based on a patch from bguillory@email.com.
19159 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
19160 Add "listpw" and "verifypw" options.
19163 * sudoers.cat, sudoers.man, sudoers.pod:
19164 o Fix some typos/omissions o Add section on verifypw and listpw o
19165 Define how NOPASSWD interacts with the -v and -l flags
19168 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
19170 * configure, configure.in:
19171 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
19172 -D_HPUX_SOURCE to CPPFLAGS.
19175 * defaults.c, defaults.h:
19176 In struct sudo_defs_types, move the union to the end and don't
19177 initialize the union member since that only works with an ANSI
19178 compiler. We set the value of the union by hand in init_defaults()
19179 anyway. This allows sudo to compile on a K&R compiler again.
19182 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
19184 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
19185 netgr_matches needs to check shost as well as host since they may be
19190 End on \r as well as \n
19193 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
19196 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
19197 from 0400 to whatever SUDOERS_MODE is (converting from the old
19198 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
19199 0400 which should always be the case.
19202 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
19203 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
19204 w/o a passwd if there is *any* entry for the user on the host with a
19205 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
19206 the user on the host w/ the specified runas user have the NOPASSWD
19214 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
19217 Treat EOF at whatnow prompt like 'x' instead of looping.
19220 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
19224 [5836a9452568] [SUDO_1_6_1]
19226 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
19228 * config.h.in, configure, configure.in, sudo.c:
19229 Add check for initgroups() since old SYSV lacks this.
19232 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
19233 parse.c, testsudoers.c:
19234 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
19238 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
19240 * auth/sudo_auth.c:
19241 Don't allow insults to be enabled if the insults[] array is empty.
19242 Otherwise there would be division by zero.
19246 Don't allow insults to be enabled if the insults[] array is empty.
19247 Otherwise there would be division by zero.
19251 Don't allow insults to be enabled if the insults[] array is empty.
19252 Otherwise there would be division by zero.
19256 Don't care about USE_INSULTS #define since the insult stuff may be
19257 overridden at runtime.
19260 * auth/sudo_auth.c:
19261 Honor insults flag.
19264 * CHANGES, parse.c:
19265 Don't ask the user for a password if the user is not allowed to run
19266 the command and the authenticate flag (in sudoers) is false.
19269 * CHANGES, RUNSON, lex.yy.c, parse.lex:
19270 o Whenever we get a bare newline we change to the INITIAL state. o
19271 Enter GOTRUNAS when we see Runas_Alias
19273 This allows #uid to work in a RunasAlias.
19276 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
19278 * CHANGES, parse.yacc, sudo.tab.c:
19279 fix parsing of runas lists: o oprunasuser and runaslist now return a
19280 value o in a runasspec, if a runaslist does not return TRUE, set
19281 runas_matches to FALSE. Normally, a runaslist only returns FALSE
19282 for explicitly denied users. o since runaslist does not modify the
19283 stack there is no need for a push/pop in runasalias.
19287 Don't kill the user's tickets until after sudoers has been parsed
19288 since tty_tickets and ticket_dir could be set in sudoers.
19291 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
19292 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
19293 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
19294 crank version to 1.6
19298 add set_fqdn() stub
19301 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
19303 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
19304 sudoers.man, sudoers.pod, visudo.c:
19305 o Kill shell_noargs option, it cannot work since the command needs
19306 to be set before sudoers is parsed. o Fix the "set_home" sudoers
19307 option (only worked at compile time). o Fix "fqdn" sudoers option.
19308 We now set host/shost via set_fqdn which gets called when the
19309 "fqdn" option is set in sudoers. o Move the openlog() to
19310 store_syslogfac() so this gets overridden correctly from the
19315 SecurID support should compile now.
19318 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
19320 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
19321 visudo.man, visudo.pod:
19322 fix some syntactic goofs
19325 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
19327 * Makefile.in, sudo.html, sudoers.html, visudo.html:
19328 No longer need the .html files as they are generated automatically
19332 * CHANGES, LICENSE:
19333 kill characters that made wml unhappy
19340 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
19343 majordomo@cs.colorado.edu -> majordomo@courtesan.com
19346 * Makefile.in, configure:
19347 Wrap script execution w/ /bin/sh for the benefit of ctm
19350 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
19353 Make the -s flag be exclusive too. Also reorder the flags in the
19354 exclusive usage message so they are alphabetical.
19357 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
19360 make pam errors other than PAM_PERM_DENIED fatal
19368 make it clear that /etc/pam.d/sudo is required on linux
19372 fix a warning on redhat and spew an error if pam_authenticate()
19373 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
19376 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19377 Be very clear that the password required is the user's not root's
19380 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
19383 add sample.syslog.conf to DISTFILES and BINFILES
19386 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
19389 updates from Brian Jackson + some formatting
19392 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
19394 * INSTALL.binary, Makefile.binary, README, RUNSON:
19395 o One RUNSon update o Changes for automating real binary releases
19402 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
19405 talk about run-time options in addition to compile-time options
19406 [1eb813ff0a9a] [SUDO_1_6_0]
19413 need sys/time.h if HAVE_SETRLIMIT
19416 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
19417 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
19418 get rid of references to sudo-bugs. Now mention the web site or the
19423 repair pod2html damage
19427 Update for 1.6 release
19430 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19431 Add warning about using ALL in a command context.
19434 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
19437 Call yyrestart() on a parse error to reset the lexer state.
19440 * lex.yy.c, parse.lex:
19441 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
19442 since it might not get called in yywrap if we get a parse error
19443 (and we only reread the file on error anyway).
19446 * lex.yy.c, parse.lex:
19447 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
19448 might still exist. Call yyrestart() instead of using the deprecated
19452 * lex.yy.c, parse.lex:
19453 flex doesn't need %N table size declarations
19456 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19457 Mention what characters need to be escaped in names.
19460 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
19467 clarify Mac OS X entry
19475 o Use AC_MSG_ERROR throughout o Check syslog configure options for
19479 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
19482 Fix printing of type T_MODE in dump_defaults()
19486 missing sys/types.h
19490 Break out options that may be overridden at run time into their own
19491 section. Add a not about Max OS X and correct some lies.
19494 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
19496 * CHANGES, config.h.in, configure, configure.in, sudo.c:
19497 o Now use getrlimit to find the highest fd when closing all non-std
19498 fd's o Turn off core dumps via setrlimit for the sake of paranoia
19505 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
19512 When read()'ing, do a single character at a time to be sure we don't
19513 go oast the newline.
19517 For the sudo_root option, check against user_uid, not getuid() since
19518 at this point, ruid == euid == 0.
19526 Fix compilation problem when --with-logging=file was specified.
19527 This means that syslog is now required to build sudo but that should
19528 not be a problem. If it is it can be fixed trivially with a
19529 configure check for syslog() or syslog.h.
19533 Make this work again for things like "sudo echo hi | more" where the
19534 tty gets put into character at a time mode. We read until we read
19535 end of line or we run out of space (similar to fgets(3)).
19538 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
19540 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19541 change ital to bold
19548 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
19551 Error out if syslog parameters are given without a value. For
19552 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
19553 no facilities in the 4.2BSD syslog.
19556 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
19559 Ignore the syslog facility for systems w/ old syslog like Ultrix.
19563 people with "." early in their path can have problems running sudo
19564 from the build dir ;-)
19567 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
19569 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19570 Remove -r realm option
19573 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
19574 configure.in, sudo.c:
19575 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
19582 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
19585 include <auth.h> to get function prototypes.
19588 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19592 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
19595 in set_perms(), always call setuid(0) before changing the ruid/euid
19596 so we always know it will succeed.
19600 #undef T_FOO to avoid conflicts with system defines (like on
19604 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
19606 Docuement "Defaults" lines in /etc/sudoers. Still needs some
19607 fleshing out but this is a start.
19610 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
19612 * use strtol, not strtoul since not everyone has not strtoul
19616 use strtol, not strtoul since not everyone has not strtoul
19619 * lex.yy.c, parse.lex:
19620 last {WORD} rule should only apply in the INITIAL state
19623 * lex.yy.c, parse.lex:
19624 o Add support for escaped characters in the WORD macro o Modify
19625 fill() to squash escape chars
19628 * defaults.c, defaults.h:
19629 o Add T_PATH flag to allow simple sanity checks for default values
19630 that are supposed to be pathnames. o Fix a duplicate free when
19631 visudo finds an error.
19634 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
19636 * defaults.c, defaults.h, logging.c:
19637 mail_if_foo -> mail_foo
19640 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
19642 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
19643 o Add requiretty option o Move O_NOCTTY to compat.h
19647 The exit() in log_error() was mistakenly removed in a previous
19648 version. Put it back...
19651 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
19653 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
19654 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
19655 configure, configure.in, defaults.c, defaults.h, find_path.c,
19656 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
19657 o Change defaults stuff to put the value right in the struct. o
19658 Implement mailer_flags o Store syslog stuff both in int and string
19659 form. Setting the string form magically updates the int version.
19660 o Add boolean attribute to strings where it makes sense to say !foo
19664 add O_NOCTTY when opening /dev/tty just in case
19667 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
19670 cleanup function no longer takes a status arg
19677 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
19679 * TODO, config.h.in, configure, configure.in, logging.c:
19680 Use strftime() instead of ctime() if it is available.
19683 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
19690 update ReliantUNIX entry
19693 * defaults.c, defaults.h, logging.c:
19694 add log_year option
19697 * configure, configure.in:
19698 add --without-sendmail to help output
19701 * configure, configure.in:
19702 enforce an otctal arg for --with-suoders-mode
19705 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
19707 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
19708 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
19709 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
19710 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
19711 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
19712 testsudoers.c, version.c, visudo.c:
19713 Add support for "Defaults" line in sudoers to make configuration
19714 variables changable at runtime (and on a global, per-host and per-
19715 user basis). Both the names and the internal representation are
19716 still subject to change. It was necessary to make sudo_user.runas
19717 but a char ** instead of a char * since this value can be changed by
19718 a Defaults line. There is a similar (but more complicated) issue
19719 with sudo_user.prompt but it is handled differently at the moment.
19721 Add a "-L" flag to list the name of options with their descriptions.
19722 This may only be temporary.
19724 Move some prototypes to parse.h
19726 Be much less restrictive on what is allowed for a username.
19729 * sample.syslog.conf:
19733 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
19735 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
19737 UCB has dropped the advertising clause from their license.
19740 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
19742 * auth/sudo_auth.h:
19743 move dce_verofy proto to correct section
19750 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
19753 Add fnmatch() prototype
19756 * fnmatch.c, parse.c, testsudoers.c:
19757 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
19761 add strcasecmp proto
19764 * auth/sudo_auth.c:
19765 add check for case where there are no auth methods
19768 * configure, configure.in:
19769 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
19773 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
19774 include strings.h everywhere we include string.h
19778 nicer output when showing auth methods
19782 Add support for SEND_MAIL_WHEN_NO_HOST
19785 * config.h.in, configure, configure.in:
19786 Add _GNU_SOURCE for Linux
19789 * lex.yy.c, parse.lex:
19790 fix definition of OCTECT
19793 * configure, configure.in:
19794 aix_auth.o not authenticate.o
19797 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
19800 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
19801 keyboard). Since we run with ruid/euid == 0 the user can't really
19802 signal us in nasty ways.
19806 Don't need to worry about catching too many signals since we do
19807 locking on the tmp file. If a lockfile is really stale, it will be
19808 detected and overwritten.
19811 * INSTALL, Makefile.in:
19812 include auth/API in tarball
19815 * auth/sudo_auth.c:
19816 move memset() of plaintext pw outside of verify loop and only do the
19817 memset if we are *not* in standalone mode.
19820 * auth/sudo_auth.c, auth/sudo_auth.h:
19821 DCE is not a standalone method
19825 fix --enable-noargs-shell
19829 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
19832 * auth/fwtk.c, auth/sia.c:
19833 _cleanup() function returns an int.
19837 there were still some return(0)'s hanging around, make them
19846 add missing semicolon
19849 * auth/sudo_auth.h:
19853 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
19855 * CHANGES, config.h.in, configure, configure.in:
19856 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
19860 add parse.h to HDRS
19863 * Makefile.in, configure, configure.in:
19864 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
19865 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
19866 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
19867 testsudoers to build on Solaris and is a bit cleaner in general.
19871 mention ptmp -> sudoers.tmp
19874 * config.h.in, configure, configure.in:
19875 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
19883 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
19884 return a value more like a system function
19896 update based on what is in the man page
19899 * parse.yacc, sudo.tab.c:
19900 minor change to first line printed in -l mode
19903 * sudo.cat, sudo.html, sudo.man, sudo.pod:
19904 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
19905 standard and add "EXAMPLES" section
19908 * visudo.cat, visudo.html, visudo.man, visudo.pod:
19909 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
19913 * logging.c, parse.c, sudo.h:
19917 * lex.yy.c, parse.lex:
19918 make an OCTET really be limited to 0-255
19922 mention timestamp changes
19929 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19930 new sudoers(8) man page
19933 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
19936 Update comments about syslog name tables
19939 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
19940 strcasecmp.c, sudo.tab.c:
19941 include strcasecmp() for those without it
19945 Use the : operator some more and fix a typo
19949 update the history of sudo
19952 * parse.c, parse.lex, testsudoers.c:
19953 CIDR-style netmask support
19960 * sudo.tab.c, sudo.tab.h:
19961 these should be generated with byacc, not bison
19968 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
19969 In "sudo -l" mode, the type of the stored (expanded) alias was not
19970 stored with the contents. This could lead to incorrect output if
19971 the sudoers file had different alias types with the same name.
19972 Normal parsing (ie: not in '-l' mode) is unaffected.
19975 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
19977 * configure, configure.in:
19978 define _XOPEN_SOURCE to get at crypt() proto on some systems
19981 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
19988 don't need limits.h
19992 kill bogus reference to vfprintf
19995 * sample.sudoers, sudoers:
20000 Add some const in the K&R defs. This is safe since we define const
20001 away if the compiler doesn't grok it.
20004 * aclocal.m4, configure:
20005 Better test for working long long support. Ultrix compiler supports
20006 basic long long but not all operations on them.
20009 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
20010 snprintf.c, sudo.c:
20011 Add check for LONG_IS_QUAD #undef MAXINT before including
20012 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
20013 in snprintf.c and use LONG_IS_QUAD
20016 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
20018 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
20020 UCB-derived snprintf + asprintf support. Supports quads if the
20021 compiler does. No floating point yet, perhaps later...
20024 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
20026 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
20027 goodpath.c, logging.c, parse.c, sudo.c:
20028 Run most of the code as root, not the invoking user. It doesn't
20029 really gain us anything to run as the user since an attacker can
20030 just have an setuid(0) in their egg. Running as root solves
20031 potential problems wrt signalling.
20038 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
20040 * logging.c, sudo.c:
20041 Don't wait for child to finish in log_error(), let the signal
20042 handler get it if we are still running, else let init reap it for
20043 us. The extra time it takes to wait lets the user know that mail is
20046 Install SIGCHLD handler in main() and for POSIX signals, block
20051 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
20052 parse.yacc, sudo.c, sudo.h:
20053 sudoers_lookup() now returns a bitmap instead of an int. This makes
20054 it possible to express things like "failed to validate because user
20055 not listed for this host". Some thigns that were previously
20056 VALIDATE_FOO are now FLAG_FOO. This may change later on.
20058 Reorganized code in log_auth() and sudo.c to deal with above
20061 Safer versions of push/pushcp with in the do { ... } while (0) style
20063 parse.yacc now saves info on the stack to allow parse.c to determine
20064 if a user was listed, but not for the host he/she tried to run on.
20066 Added --with-mail-if-no-host option
20069 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
20071 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
20072 visudo.man, visudo.pod:
20073 o NewArgv and NewArgc don't need to be externally visible. o If
20074 pedantic > 1, it is a parse error. o Add -s (strict) option to
20075 visudo which sets pedantic to 2.
20078 * HISTORY, INSTALL:
20079 Just have sudo-bugs contact info in one place
20082 * sudo.cat, sudo.html, sudo.man, sudo.pod:
20086 * Makefile.in, configure, configure.in:
20087 Add testsudoers to default build target if --with-devel Don't clean
20088 generated parser files unless "distclean".
20091 * parse.yacc, sudo.tab.c:
20092 In pedantic mode we need to save *all* the aliases, not just those
20093 that match, or we get spurious warnings.
20097 reference samples.sylog.conf
20100 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
20102 * sample.syslog.conf:
20103 Sample entries for syslog.conf
20110 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
20111 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
20112 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
20113 auth/sudo_auth.c, auth/sudo_auth.h:
20114 In struct sudo_auth, turn need_root and configured into flags and
20115 add a flag to specify an auth method is running alone (the only
20116 one). Pass auth methods their sudo_auth pointer, not the data
20117 pointer. This allows us to get at the flags and tell if we are the
20118 only auth method. That, in turn, allows the method to be able to
20119 decide what should/should not be a fatal error. Currently only
20120 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
20121 define and te hackery that went with it. With access to the
20122 sudo_auth struct, methods can also get at a string holding their
20123 cannonical name (useful in error messages).
20126 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
20127 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
20129 o --with-otp deprecated, use --without-passwd instead o real
20130 dependencies in the Makefile o --with-devel option to enable yacc,
20131 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
20132 back to being a token, not a string but don't leak memory o rename
20133 hsotspec -> host in parse.yacc
20136 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
20142 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
20144 o Digital UNIX needs to check for *snprintf() before -ldb is added
20145 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
20146 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
20147 functions in snprintf.c to fix -Wall o Add missing includes to fix
20151 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
20152 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
20154 o Add a "pedentic" flag to the parser. This makes sudo warn in
20155 cases where an alias may be used before it is defined. Only turned
20156 on for visudo and testsudoers. o Add --disable-authentication option
20157 that makes sudo not require authentication by default. The PASSWD
20158 tag can be used to require authentication for an entry. We no
20159 longer overload --without-passwd.
20162 * lex.yy.c, parse.lex:
20163 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
20164 username can contain just about anything so be very permissive. Also
20165 drop the unused \. punctuation.
20168 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
20170 * parse.yacc, sudo.tab.c:
20171 o add a 'val' element to aliasinfo struct and move -> parse.h o
20172 find_alias() now returns an aliasinfo * instead of boolean o
20173 add_alias() now takes a value parameter to store in the
20174 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
20175 return: 1) positive match 0) negative match (due to '!')
20176 -1) no match This means setting $$ explicitly in all cases, which I
20177 should have done in the first place. It also means that we always
20178 store a value that is != -1 and when we see a '!' we can set
20179 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
20180 now works the way it should in lists and some of the rules are more
20181 uniform and sensible.
20185 add parse.h dependency
20189 kill unused *_matched macros
20193 Allow a list of users as the first thing in a user spec, not just a
20194 single entry. This makes things more uniform, though it does allow
20195 you to write user specs that are hard to read.
20207 fix check for crypt() in libufc
20210 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
20213 sudo-users list now exists
20216 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
20220 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
20221 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
20222 version.c, visudo.c:
20223 o Move lock_file() and touch() into fileops.c so visudo can use them
20224 o Visudo now locks the sudoers temp file instead of bailing when the
20225 temp file already exists. This fixes the problem of stale temp
20226 files but it does *require* that you not try to put the temp file in
20227 a world-writable directory. This shoud not be an issue as the temp
20228 file should live in the same dir as sudoers. o Visudo now only
20229 installs the temp file as sudoers if it changed.
20232 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
20238 * config.h.in, configure, configure.in, logging.c:
20242 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
20243 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
20244 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
20245 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
20246 -> _PATH_SUDOERS_TMP
20249 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
20251 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
20252 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
20253 root sudo -V config reporting
20256 * configure, configure.in:
20257 aix_auth.o not authenticate.o
20261 Add --with-goodpri and --with-badpri configure options to specify
20262 the syslog priority to use.
20265 * INSTALL, configure, configure.in, logging.h:
20266 Add --with-goodpri and --with-badpri configure options to specify
20267 the syslog priority to use.
20271 kill crufty AIX stuff
20275 Sigh, some versions of make (like Solaris's) don't deal with $< like
20276 I would expect. Both GNU and BSD makes get this right but... So, we
20277 just expand $< inline at the cost of some ugliness.
20281 If the invoking user is root, sudo will now print configure info in
20282 -V mode. Currently just prints logging info, to be expanded later.
20285 * logging.c, logging.h, sudo.c, sudo.h:
20286 o new defines for syslog facility and priority o use new
20287 print_version() functino for -V mode
20291 Don't need version.c
20294 * aclocal.m4, config.h.in, configure, configure.in:
20295 Add check for syslog facilities and priorities tables in syslog.h
20299 o authenticate -> aix_auth o add version.c
20302 * auth/sudo_auth.c:
20303 Missed a prompt -> user_prompt conversion
20306 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
20309 sudo should lock its logfile
20312 * parse.yacc, sudo.tab.c:
20313 o Add '!' correctly when expanding Aliases. o Add shortcut macros
20314 for append() to make things more readable. o The separator in
20315 append() is now a string instead of a char. o In append(), only
20316 prepend the separator if the last char is not a '!'. This is a
20317 hack but it greatly simplifies '!' handling. o In -l mode, Runas
20318 lists and NOPASSWD/PASSWD tags are now inherited across entries in
20319 a list (matches current behavior). o Fix formatting in -l mode such
20320 that items in a list are separated by a space. Greatlt improves
20321 readability. o Space for name field in struct aliasinfo is now
20322 allocated dyanically instead of using a (big) buffer. o In
20323 add_alias(), only search the list once (lsearch instead of lfind +
20327 * lex.yy.c, sudo.tab.c, sudo.tab.h:
20331 * configure, configure.in:
20332 Solais pam doesn't require anye xtra setup
20336 o Simpler '!' support now that the lexer deals with multiple !'s for
20337 us. o In the case of opFOO, have FOO give a boolean return value and
20338 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
20339 it gets fill()'d in parse.lex--fixes a small memory leak. In the
20340 long run it may be better to just fix parse.lex and make ALL back
20341 into a token. However, having it be a string is useful since it
20342 can be easily passed back to the parent rule if we so desire.
20346 o Remove some unnecessary backslashes o collapse multiple !'s by
20347 using !+ and checking if yyleng is even or odd. this allows us to
20348 simplify ! handling in parse.yacc
20352 -u flag was being ignored
20355 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
20362 work around pod2man stupididy
20366 correct dependencies for .cat
20369 * sudo.cat, sudo.man, visudo.cat, visudo.man:
20373 * sudo.pod, visudo.pod:
20374 Add copyright Update to reality
20377 * parse.c, sudo.c, sudo.h:
20378 rename validate() to the more descriptive sudoers_lookup()
20385 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
20391 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
20392 configure, configure.in, sudo.c:
20397 add 4th term to license similar to term 5 in the apache license
20400 * emul/search.h, emul/utime.h:
20401 add 4th term to license similar to term 5 in the apache license
20404 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
20405 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
20406 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
20407 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
20408 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
20409 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
20410 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
20412 add 4th term to license similar to term 5 in the apache license
20415 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
20416 add 4th term to license similar to term 5 in the apache license
20419 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
20420 getspwuid.c, goodpath.c:
20421 add 4th term to license similar to term 5 in the apache license
20424 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
20425 insults.h, logging.c, sudo.c, sudo.h:
20426 there was a 1995 release too
20429 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
20436 Use dirs instead of files for timestamp. This allows tty and non-
20437 tty schemes to coexist reasonably. Note, however, that when you
20438 update a tty ticket, the mtime on the user dir gets updated as well.
20441 * configure, configure.in:
20442 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
20443 when linking test program, not just -lprot. Also add check for
20444 getspnam(). The SCO docs indicate that /etc/shadow can be used but
20448 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
20451 first cut at auth API description
20454 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
20456 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
20457 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
20459 auth API change. There is now an init method that gets run before
20460 the main loop. This allows auth routines to differentiate between
20461 initialization that happens once vs. setup that needs to run each
20462 time through the loop.
20465 * auth/kerb5.c, logging.c:
20466 use easprintf() and evasprintf()
20470 add easprintf() and evasprintf(), error checking versions of
20471 asprintf() and vasprintf()
20475 remove 2 items. One done, one won't do.
20478 * lex.yy.c, sudo.tab.c:
20482 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
20483 visudo.html, visudo.man:
20492 o Document -K flag and update meaning of -k flag. o BSD-style
20493 copyright o Document clearing of BIND resolver environment variables
20494 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
20495 if your OS gives away files
20503 BSD-style copyright
20507 o BSD copyright o no need to block signals, we now do that in main()
20511 * testsudoers.c, visudo.c:
20512 o BSD-style copyright o Use "struct sudo_user" instead of old
20513 globals. o some cometic cleanup
20517 BSD-style copyright
20521 o BSD copyright o logging and parser bits moved to their own .h
20522 files o new "struct sudo_user" to encapsulate many of the old
20527 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
20528 logging routines o simplified flow of control o BIND resolver
20529 additions to badenv_table
20533 BSD-style copyright
20537 Now compiles on more K&R compilers
20541 BSD-style copyright, cosmetic changes
20545 BSD-style copyright
20548 * parse.c, parse.h, parse.lex, parse.yacc:
20549 BSD-style copyright. Move parser-specific defines and structs into
20550 parse.h + other cosmetic changes
20554 defines for logging routines
20557 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
20558 BSD-style copyright, cosmetic changes
20561 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
20563 BSD-style copyright
20567 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
20568 kill --disable-tgetpass o add --without-passwd o changes to fill in
20569 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
20570 v?asprintf() o replace --with-AuthSRV with --with-fwtk
20574 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
20575 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
20576 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
20580 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
20584 BSD-style copyright
20588 no more --with-getpass
20592 Take out things I've done...
20600 --with-getpass no longer exists
20604 BSD-style copyright. Update to reflect reality wrt new files and
20609 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
20614 Update history a bit
20617 * COPYING, LICENSE:
20618 Now distributed under a BSD-style license
20621 * auth/sudo_auth.c:
20622 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
20623 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
20627 * auth/pam.c, auth/sia.c:
20628 BSD-style copyright and use new log functions
20632 o BSD-style copyright o Use new log functiongs o Use asprintf() and
20633 snprintf() where sensible.
20637 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
20638 done more reasonably--better sanity checks and tty-based stamps are
20639 now done as files in a directory with the same name as the invoking
20640 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
20641 to mix tty and non-tty based ticket schemes but this may change in
20642 the future (it requires sudo to use a directory instead of a file in
20643 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
20644 the epoch and ``sudo -K'' really deletes the file. That way you
20645 don't get the lecture again just because you killed your ticket in
20646 .logout. BSD-style copyright now.
20650 o rewritten logging routines. log_error() now takes printf-style
20651 varargs and log_auth() for the return value of validate(). o BSD-
20655 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
20656 superceded by new auth API
20660 BSD-style copyright
20664 Use snprintf() where it makes sense and add a BSD-style copyright
20667 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
20668 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
20669 BSD-style copyright
20672 * emul/utime.h, utime.c:
20673 BSD-style copyright
20677 this has been rewritten so use my BSD-style copyright
20680 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
20683 include malloc.h if no stdlib.h
20687 KTH snprintf()/asprintf() for systems w/o them
20691 strerror() for systems w/o it
20694 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
20700 * parse.c, parse.lex, parse.yacc:
20701 Add contribution info in the main comment
20704 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
20707 remove missed ref to PAM_nullpw
20710 * auth/sudo_auth.h:
20715 more or less complete now--still untested
20718 * auth/afs.c, auth/pam.c:
20719 don't use user_name macro, it will go away
20722 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
20723 combine skey/opie code into rfc1938.c
20726 * auth/dce.c, auth/sudo_auth.h:
20727 DCE authentication method; basically unchanged from dce_pwent.c
20730 * auth/aix_auth.c, auth/sudo_auth.h:
20731 AIX authenticate() support. Could probably be much better
20735 Fix an uninitialized variable and some cleanup. Now works (tested)
20738 * auth/sia.c, auth/sudo_auth.h:
20739 SIA support for digital unix
20743 don't use prompt global, it will go away
20746 * auth/secureware.c:
20747 correct copyright years
20750 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
20751 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
20752 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
20753 New authentication API and methods
20756 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
20763 only save an entry if user_matches && host_matches, even if the
20764 stack is empty (fix for previous commit)
20772 1) Always save an entry on the stack if it is empty. This fixes the
20773 -l and -v flags that were broken by earlier parser changes.
20775 2) In a Runas list, don't negate FALSE -> TRUE since that would make
20776 !foo match any time the user specified a runas user (via -u) other
20781 interfaces and num_interfaces are now auto, not extern
20784 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
20787 use a static global to keep stae about empty passwords
20791 make PASSWORD_NOT_CORRECT logging consistent with other modules
20794 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
20797 PAM prompt code was wrong, looks like we have to kludge it after
20802 In the PAM code, when a user hits return at the first password
20803 prompt, exit without a warning just like the normal auth code
20806 * configure, configure.in:
20807 kludge around cross-compiler false positives
20810 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
20811 New (correct) PAM code Tgetpass now takes an echo flag for use with
20812 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
20813 useless umask setting Change error from BAD_ALLOCATION ->
20814 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
20819 Some -Wall and kill some trailing spaces
20823 define -D__EXTENSIONS__ for solaris so we get crypt() proto
20826 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
20832 * INSTALL, config.h.in, configure, configure.in:
20833 for kerberos V < version, fall back on old kerb4 auth code
20837 clarify some things
20840 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
20844 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
20847 mention why DONT_LEAK_PATH_INFO is not the default
20850 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
20853 Fix open(2) return value checking, was NULL for fopen, should be -1
20862 better wording for solaris pam notice
20866 document recent changes
20870 Update shadow password section
20874 move authentication code from check.c to auth.c
20877 * Makefile.in, check.c, sudo.h:
20878 move authentication code to auth.c
20881 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
20883 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
20884 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
20885 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
20886 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
20888 Move interface-related defines to interfaces.h so we don't have to
20889 include <netinet/in.h> everywhere.
20892 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
20894 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
20895 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
20896 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
20897 turns out the old DES crypt does the right thing with passwords
20898 longert than 8 characters. o Fix common typo (necesary ->
20899 necessary) o Update TODO list
20902 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
20905 set $LOGNAME when we set $USER
20908 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
20911 add comment about digital unix and interfaces.c warning with gcc
20914 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
20917 use modern paths and give examples for some of the new parser
20921 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
20927 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
20928 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
20929 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
20930 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
20931 Function names should be flush with the start of the line so they
20932 can be found trivially in an editor and with grep
20935 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
20936 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
20937 free(3) is already void, no need to cast it
20940 * logging.c, sudo.c, sudo.h:
20941 catch case where cmnd_safe is not set (this should not be possible)
20944 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
20945 testsudoers.c, visudo.c:
20946 Stash the "safe" path (ie: the one listed in sudoers) to the command
20947 instead of stashing the struct stat. Should be safer.
20950 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
20952 * INSTALL, Makefile.in, UPGRADE:
20953 notes on updating from an earlier release
20960 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
20962 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
20963 sudoers.man, sudoers.pod:
20964 You can now specifiy a host list instead of just a host or alias.
20965 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
20972 * parse.yacc, sudo.tab.c:
20973 Move the push from the beginning of cmndspec to the end. This means
20974 we no longer have to do a push at the end of privilege, just reset
20978 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
20979 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
20980 use "!" most everywhere
20983 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
20986 modernize paths and update su example based on sample.sudoers one
20990 New runas semantics
20993 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
20995 In estrdup(), do the malloc ourselves so we don't need to rely on
20996 the system strdup(3) which may or may not exist. There is now no
20997 need to provide strdup() for those w/o it. Also, the prototype for
20998 estrdup() was wrong, it returns char * and its param is const.
21006 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
21009 * CHANGES, TODO, parse.yacc, sudo.tab.c:
21010 It is now possible to use the '!' operator in a runas list as well
21011 as in a Cmnd_Alias, Host_Alias and User_Alias.
21014 * logging.c, sudo.h:
21015 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
21019 Definitions of *_matched were wrong--user top, not top-2 as
21023 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
21024 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
21025 command but the NOPASSWD flag was set. Make runasspec, runaslist,
21026 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
21027 in the runas list Fix double printing of '%' and '+' for groups and
21028 netgroups respectively Add *_matched macros (no need for local stack
21029 variable). Should only be used directly after a pop (since top must
21033 * aclocal.m4, configure.in:
21034 Add copyright, somewhat silly
21037 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
21039 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
21040 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
21041 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
21042 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
21043 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
21044 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
21045 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
21046 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
21048 Crank version to 1.6 and combine copyright statements
21052 Use ! not ^ to do negation
21055 * lex.yy.c, sudo.tab.c:
21059 * parse.lex, parse.yacc:
21060 Make runas and NOPASSWD tags persistent across entris in a command
21061 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
21062 runas or *PASSWD tag the value given becomes the new default for the
21063 rest of the command list.
21066 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
21070 [a1ae9d4a7d54] [SUDO_1_5_9]
21073 Shift return value of system(3) by 8 to get real exit value and if
21074 it is not 1 or 0 print the retval along with the error message.
21077 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
21080 testsudoers needs LIBOBJS too
21083 * parse.c, parse.yacc, sudo.tab.c:
21084 Fix another parser bug. For a sudoers entry like this: millert
21085 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
21093 * parse.yacc, sudo.tab.c:
21094 Save entries that match a ! command on the matching stack too
21098 Make sudo's usage info better when mutually exclusive args are given
21099 and don't rely on argument order to detect this; nick@zeta.org.au
21102 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
21104 * CHANGES, Makefile.in, RUNSON:
21112 * parse.yacc, sudo.tab.c:
21113 Fix off by one error introduced in *alloc changes
21116 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
21117 check_sia.c, compat.h, config.h.in, configure, configure.in,
21118 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
21119 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
21120 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
21121 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
21122 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
21123 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
21124 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
21128 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
21129 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
21130 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
21131 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
21132 Use emalloc/erealloc/estrdup
21136 error checking memory allocation routines
21139 * parse.yacc, sudo.tab.c:
21140 Still not right, this fixes it for real
21143 * parse.yacc, sudo.tab.c:
21144 Fix for previous commit
21147 * CHANGES, INSTALL, parse.yacc:
21148 Fix a parser bug that was exposed when mixing different runas specs
21149 and ! commands. For example: millert ALL=(daemon)
21150 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
21151 as well as daemon when it should just allow daemon. The problem was
21152 that comma-separated commands in a list shared the same entry on the
21153 matching stack. Now they get their own entry iff there is a full
21154 match. It may be better to just make the runas spec persistent
21155 across all commands in a list like the user and host entries of the
21156 matching stack. However, since that is a fairly major change it
21157 should gets its own minor rev increase.
21160 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
21162 * check.c, config.h.in:
21163 Simplify PAM code and fix a PAM-related warning on Linux
21166 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
21180 * check.c, configure.in:
21181 new pam code that works on solaris, should work on linux too;
21185 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
21192 only include strings.h if there is no string.h
21195 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
21198 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
21201 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
21204 shost must be set before log functions are called #ifdef HOST_IN_LOG
21207 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
21209 * CHANGES, lex.yy.c, parse.lex:
21210 Fix a bug wrt quoting characters in command args. Stop processing
21211 an arg when you hit a backslash so the quoted-character detection
21215 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
21218 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
21221 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
21223 * configure, configure.in:
21224 add missing case statement so --without-sendmail works
21227 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
21233 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
21235 * configure, configure.in:
21236 only search for -lsun in irix <= 4.x
21239 * configure, configure.in:
21240 back out last configure.in change now that I've hacked autoconf to
21241 fix the real problem and add a missing newline
21249 add def of dirfd() for those without it
21252 * configure, configure.in:
21253 When falling back to checking for socket() when linking with
21254 "-lsocket -lnsl" check for main() instead since autoconf has already
21255 cached the results of checking for socket() in -lsocket. This is
21256 really an autoconf bug as it should use the extra libs as part of
21257 the cache variable name.
21264 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
21267 fix occurrence of $with_timeout that should be
21268 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
21272 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
21274 * sudo.cat, sudo.html, sudo.man, sudo.pod:
21275 fix grammar; espie@openbsd.org
21276 [7031d9dfbc3e] [SUDO_1_5_8]
21278 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
21280 * parse.yacc, sudo.c, testsudoers.c:
21281 add cast for strdup in places it does not have it
21284 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
21286 * configure, configure.in:
21287 define for_BSD_TYPES irix
21290 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
21292 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
21293 Make it clear that it is the user's password, not root's, that we
21298 If the user enters an empty password and really has no password,
21299 accept the empty password they entered. Perviously, they could
21301 *but* an empty password. Also, add GETPASS macro that calls either
21302 tgetpass() or getpass() depending on how sudo was configured.
21303 Problem noted by jdg@maths.qmw.ac.uk
21306 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
21308 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
21309 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
21310 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
21311 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
21312 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
21313 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
21315 add explicate copyright
21319 mention -lsocket, -lnsl configure changes
21322 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
21325 Don't clobber errno after calling check_sudoers().
21328 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
21330 * configure, configure.in:
21331 When linking with both -lsocket and -lnsl be sure to do so in that
21332 order. Also, when we can't find socket() or inet_addr() and have to
21333 try linking with both libs, issue a warning.
21336 * sudo.cat, sudo.man, sudo.pod:
21337 clarify bad timestamp and fmt
21340 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
21343 be clear that pam is linux-only and add a RUNSON entry
21346 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
21348 * CHANGES, INSTALL, configure, configure.in:
21349 fix and correctly document --with-umask; problem noted by
21353 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
21355 * configure, configure.in:
21356 only use /usr/{man,catman}/local to store man pages if suer didn't
21357 override prefix or mandir
21360 * INSTALL, configure, configure.in:
21361 fix typo, make --with-SecurID take an arg
21364 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
21370 * CHANGES, INSTALL, check.c, configure, configure.in:
21371 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
21374 * configure, configure.in:
21375 better fix for the problem of unresolved symbols in -lnsl or
21379 * configure, configure.in:
21380 when checking for functions in -lnsl and -lsocket link with both of
21381 them to avoid unresolved symbols on some weirdo systems
21384 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
21386 * BUGS, CHANGES, RUNSON, TODO:
21387 old changes that didn't make it into RCS before the RCS->CVS switch
21390 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
21392 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
21393 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
21394 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
21395 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
21396 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
21397 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
21398 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
21411 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
21412 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
21413 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
21414 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
21415 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
21416 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
21417 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
21418 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
21419 crank version and regen files
21423 kill rcs goop in update_version and fix now that version is a const
21426 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
21427 sudo.c, sudo.h, sudo.pod:
21428 kerb5 support from fcusack@iconnet.net
21431 * realpath.c, sudo_realpath.c:
21432 we no longer use realpath
21436 replaced by find_path.c
21440 all options are now configure flags
21448 superceded by getcwd.c
21452 superceded by tgetpass.c
21456 superceded by RUNSON
21460 No longer used now that we have configure options for everything.
21464 regen based on configure.in
21467 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
21468 sudoers.man, visudo.cat, visudo.html, visudo.man:
21469 regen based on sudo.pod, sudoers.pod, and visudo.pod
21472 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
21475 fix tty tickets in remove_timestamp (didn't use ':')
21478 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
21481 close sock when we are done with it
21484 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
21487 never say "error on line -1"
21490 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
21493 check for -lnsl before -lsocket
21497 quote '[', ']' used in ranges correctly
21500 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
21503 add missing NO_ROOT_SUDO noted by drno@tsd.edu
21506 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
21513 more info for 1.5.7
21521 make increases of cm_list_size and ga_list_size be similar to
21522 increases of stacksize (ie: >= not > in initial compare).
21526 when we get a syntax error, report it for the previous line since
21527 that's generally where the error occurred.
21530 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
21532 * config.h.in, configure.in, interfaces.c:
21533 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
21535 [d197f31fd1e4] [SUDO_1_5_7]
21538 define BSD_COMP for svr4
21541 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
21542 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
21543 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
21544 testsudoers.c, tgetpass.c, utime.c, visudo.c:
21549 kill check for sockio,h
21553 no more HAVE_SYS_SOCKIO_H
21556 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
21557 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
21558 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
21559 testsudoers.c, tgetpass.c, utime.c, visudo.c:
21563 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
21566 add missing inform_user()
21569 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
21572 return NOT_FOUND if given fully qualified path and it does not exist
21573 previously it would perror(ENOENT) which bypasses the option to not
21578 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
21582 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
21585 tty tickets are user:tty now
21589 when using tty tickets make it user:tty not user.tty as a username
21590 could have a '.' in it
21593 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
21596 add "ignoring foo found in ." for auth successful case
21599 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
21602 add missing printf param
21605 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
21607 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
21608 go back to printing "command not found" unless --disable-path-info
21609 specified. Also, tell user when we ignore '.' in their path and it
21610 would have been used but for --with-ignore-dot.
21614 Only one space after a colon, not two, in printf's
21617 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
21620 document setting $USER
21624 fix bugs with prompt expansion
21628 set $USER for root too
21631 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
21638 HP-UX's iscomsec is in -lsec, not libc
21642 remove some entries in the OS case statement that did nothing
21646 add "cd" section and flush out syslog section
21650 no more sudo-lex.yy.c
21654 add custom prompt support
21658 kill perror("malloc") since we already have a good error messages
21659 pw_ent -> pw for brevity
21663 kill perror("malloc") since we already have a good error messages
21664 pw_ent -> pw for brevity set $USER if -u specified
21668 kill perror("malloc") since we already have a good error messages
21672 kill perror("malloc") since we already have a good error messages
21673 pw_ent -> pw for brevity when checking if %group matches, look up
21674 user in password file so that %groups works in a RunAs spec.
21678 kill perror("malloc") since we already have a good error messages
21681 * check.c, getspwuid.c, interfaces.c:
21682 kill perror("malloc") since we already have a good error messages
21683 pw_ent -> pw for brevity
21686 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
21689 the prompt is expanded before tgetpass is called
21693 tgetpass now has the same args as getpass again
21697 add iscomsec, issecure support
21701 we now expand any %h or %u in the prompt before passing to tgetpass
21705 add check for syslog(3) in -lsocket, -lnsl, -linet
21709 add HAVE_ISCOMSEC and HAVE_ISSECURE
21713 add check for iscomsec in HP-UX
21717 check for issecure if we have getpwanam on SunOS some options are
21718 incompatible with DUNIX SIA check for dispcrypt on DUNIX
21721 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
21728 add back support for non-dispcrypt based checking for older DUNIX
21736 SIA becomes the default on Digital UNIX now havbe --disable-sia to
21741 move local includes after system ones
21744 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
21746 * check.c, check_sia.c, sudo.h:
21747 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
21752 fix while loop in sia_attempt_auth() that checks the password. Only
21753 the first iteration was working.
21756 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
21759 don't trust UID_MAX or MAXUID
21770 * getspwuid.c, secureware.c:
21771 init crypt_type to INT_MAX since it is legal to be negative in DUNX
21776 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
21777 -ldb since DUNX < 4.0 lacks it
21780 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
21782 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
21783 secureware.c, sudo.c, tgetpass.c:
21784 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
21785 minutes if the shadow files don't exist).
21788 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
21791 updated --with-editor blurb
21795 tell how to put sudoers in a different dir
21799 add missing quotes around $with_editor
21803 typo in --with-editor bits
21807 I don't expect it to work on Solaris
21811 add back security/pam_misc.h
21814 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
21817 remove dunix note since configure checks for this now
21821 add check for broken dunix prot.h (4.0 < 4.0D is bad)
21824 * getspwuid.c, secureware.c, tgetpass.c:
21825 new dunix shadow code, use dispcrypt(3)
21833 call initprivs() if we have it for getprpwuid later on
21837 clean pathnames.h too
21841 quote "Sorry, try again." with [] since it has a comma in it set
21842 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
21843 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
21848 update Digital UNIX note about acl.h
21853 --without-root-sudo -> --disable-root-sudo some reordering
21860 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
21868 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
21871 when checking for -lsocket, -lnsl, and -linet, check for the
21872 specific functions we need from them.
21875 * config.h.in, sudo.h:
21876 move Syslog_* defs into sudo.h
21879 * Makefile.in, sudo.h:
21880 added check_secureware
21884 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
21888 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
21889 defined. configure now does that for us
21893 move some --with options around change a bunch of echo's to
21894 AC_MSG_CHECKING, AC_MSG_RESULT pairs
21898 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
21899 syntax error add some echo verbage
21902 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
21905 moved SecureWare stuff into secureware.c
21913 update url to solaris gcc bins
21917 change option formatter and flesh out someentries
21920 * TROUBLESHOOTING, sudo.pod, visudo.pod:
21921 environmental variable -> environment variable
21925 everything is now done via configure
21933 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
21937 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
21941 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
21942 sudoers_mode from configure
21946 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
21947 the Makefile, not config.h
21951 document all --with/--enable options
21954 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
21957 options.h is no more
21961 assimilated options.h
21965 moved options from options.h to configure
21968 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
21969 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
21970 sudo_setenv.c, visudo.c:
21974 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
21975 remove references to options.h
21978 * dce_pwent.c, interfaces.c, sudo.c:
21983 if select return < -1 still prompt for pw
21987 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
21992 FAST_MATCH is no longer an optino
21996 remove_timestamp() if timestamp is preposterous
22000 convert more options to --with/--enable
22003 * INSTALL, aclocal.m4:
22008 convert more options into --with and --enable
22012 catch EINTR in select and restart
22019 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
22022 UMASK -> SUDO_UMASK.
22025 * check.c, logging.c:
22026 time.h, not sys/time.h
22029 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
22032 MAILER -> _PATH_SENDMAIL
22035 * INSTALL, configure.in:
22036 no more --with-C2, now it is --disable-shadow
22039 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
22040 getspwuid.c, sudo.c, tgetpass.c:
22041 new shadow password scheme. Always include shadow support if the
22042 platform supports it and the user did not disable it via configure
22045 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
22048 --with-getpass -> --{enable,disable}-tgetpass
22052 pathnames.h -> pathnames.h.in
22060 move pam_conv to be static to auth function remove pam_misc.h
22061 (solaris doesn't have one)
22065 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
22069 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
22073 convert to pathnames.h.in
22076 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
22079 fix typo in sysv4 matching case /.
22082 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
22085 pam stuff needs to run as root, not user, for shadow passwords
22088 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
22090 * BUGS, INSTALL, README, configure.in:
22094 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22095 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
22096 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
22097 logging.c, options.h, parse.c, parse.lex, parse.yacc,
22098 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22099 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22104 user version.h for long message
22108 this is version 1.5.6
22111 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
22114 remove errant backslash
22117 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
22119 * options.h, parse.yacc, pathnames.h.in:
22121 [fdee73255d64] [SUDO_1_5_6]
22123 * BUGS, CHANGES, TODO:
22131 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
22134 kill unused localhost_mask var copy if name to ifr_tmp after we zero
22138 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
22141 Better description of new vs. old sudoers modes fix some typos
22142 better description of /usr/ucb/cc gotchas on slowaris
22150 set NewArgv[0] to user_shell, not basename(user_shell)
22153 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
22156 mention TROUBLESHOOTING more fix some typos
22160 move --enable/--disable to be after --with
22164 document --enable/--disable
22168 document --with-pam
22171 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
22174 Add message for pam users
22185 * check.c, config.h.in, configure.in:
22186 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
22189 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
22192 add HOST_IN_LOG and WRAP_LOG
22196 add WRAP_LOG and HOST_IN_LOG
22200 add --enable-log-host and --enable-log-wrap
22204 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
22207 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
22214 include sys/param.h to get howmany macro
22217 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
22219 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
22223 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
22226 bring in stdio.h for NULL
22230 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
22234 use HAVE_SET_AUTH_PARAMETERS
22238 add HAVE_SET_AUTH_PARAMETERS
22242 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
22246 add support for HI-UX/MPP SR220001 02-03 0 SR2201
22250 initialize previfname
22254 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
22255 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
22264 don't need special build line for sudo.tab.o
22268 don't clean sudo.tab.[ch]
22272 Sudo should prompt for a password before telling the user that a
22273 command could not be found.
22281 no longer require yacc
22289 y.tab -> sudo.tab include pre-yacc'd parse.yacc
22293 include sudo.tab.h, not y.tab.h don't break out of command args if
22301 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
22310 getcwd(3) from OpenBSD for those without it.
22314 HAVE_GETWD -> HAVE_GETCWD
22318 pretend sunos doesn't have getcwd(3) since it opens a pipe to
22327 remove duplicate include of string.h
22331 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
22335 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
22339 add dev_t and ino_t
22342 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
22345 fix OTP_ONLY for opie
22348 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
22350 * testsudoers.c, tgetpass.c:
22351 include stdlib.h for malloc proto
22354 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
22357 make update_version saner
22361 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
22365 check for waitpid and wait3 or no waitpid
22369 used waitpid or wait3 if we have 'em
22372 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
22375 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
22378 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
22381 don't need to explicately mention -lsocket -lnsl for sequent
22384 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
22387 dynix should not link with -linet
22390 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
22393 mention that HP-UX doesn't ship with yacc
22396 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
22399 ignore kerberos if we can't get the local realm
22402 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
22404 * BUGS, INSTALL, README, configure.in:
22412 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
22413 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
22414 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
22415 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
22424 don't use popen/pclose. Do it inline.
22435 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
22436 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
22441 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
22446 getwd.c -> getcwd.c
22458 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
22462 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
22464 * OPTIONS, options.h:
22465 add STUB_LOAD_INTERFACES
22468 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22469 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22470 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22471 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22472 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22473 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22478 support *-ccur-sysv4 and fix two typos
22481 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
22484 don't echo about with_logfile and with_timedir
22488 document --with-logfile and --with-timedir
22492 support --with-logfile and --with-timedir
22496 Add --with-logfile and --with-timedir
22500 change size computation of NewArgv for UNICOS
22503 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
22506 treate -*-sysv4* like *-*-svr4
22509 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
22512 fix spacing for --with-authenticate help
22515 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22516 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22517 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22518 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22519 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22520 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22525 fix off by one error in push macro
22528 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
22531 removed bogus alloca hack
22535 added AIX 4.x authenticate() support
22539 include alloca.h if using bison and not gcc and it exists. fixes an
22540 alloca problem on hpux 10.x
22544 mention --with-authenticate
22548 added AIX authenticate() support
22552 add HAVE_AUTHENTICATE
22556 dynamically size ifconf buffer
22563 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22564 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22565 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22566 logging.c, options.h, parse.c, parse.lex, parse.yacc,
22567 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22568 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22576 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
22579 add busy stmp file explanation
22582 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
22585 the name of the cached var that signals whether or not you are cross
22586 compiling changed. It is now ac_cv_prog_cc_cross
22589 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
22592 mention glibc 2.07 is fixed wrt lsearch()\.
22595 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
22597 * sample.sudoers, sudoers.pod:
22598 better example of su but not root su
22601 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
22603 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22604 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22605 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22606 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22607 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22608 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22613 correct regexp for updating version
22617 remove bogus flush of stderr spew prompt before turning off echo.
22618 Seems to fix a weird problem where if sudo complained about a bogus
22619 stamp file the user would sometimes not have a chance to enter a
22624 fix bogus flush of stderr
22628 close fd's <=2 not <=3 and move that chunk of code up
22632 support hpux1[0-9] not just hpux10
22635 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
22638 set sudoers_fp to nil after closing
22641 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
22643 * config.guess, config.sub:
22644 updated from autoconf 2.12
22651 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
22654 fix select usage for high fd's (dynamically allocate readfds)
22658 kill extra whitespace
22662 do an initgroups() before running a command, unless the target user
22666 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
22669 tell people to use tabs, not spaces, in syslog.conf
22672 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
22674 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
22675 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
22679 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
22680 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
22684 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22685 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
22690 more tweaks to update_version
22694 fixed up update_version rule
22702 removed supe of check.c
22713 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
22714 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
22715 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22716 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
22717 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
22718 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
22728 add rules to update version stuff in files so I don't need to do it
22733 sudoers_fp is now extern
22737 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
22738 don't have to open it again in the parse. This may help with weird
22739 solaris problems where EAGAIN sometime occurrs.
22743 sudoers file open is now done only in check_sudoers() so we just do
22744 a rewind() instead of an open. May help people on solaris who were
22748 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22751 mention that newer glibc is fixed
22754 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
22757 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
22758 _RLD* instead of _RLD_*
22766 fix that bug for real
22770 document Linux's libc6 brokenness.
22779 [4949a1bbd0a9] [SUDO_1_5_4]
22782 remind people to HUP syslogd
22798 remove author's email addr. people should mail sudo-bugs
22805 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
22806 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
22807 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
22808 logging.c, options.h, parse.c, parse.lex, parse.yacc,
22809 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22810 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
22818 * INSTALL, Makefile.in:
22827 exit(1) if user enters no passwd
22835 commands can start with ./* not just /* -- fixes a serious security
22839 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
22842 Don't set the tty variable to NULL when we lack a tty, leave it as
22846 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22849 fix usage of (username) in conjunction with , and !
22853 catch the case where the user is not in the passwd file
22857 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
22862 define tty global to an initial value to avoid dumping core in
22863 logging functions when passwd file is unavailable.
22867 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
22872 talk about problem of ALL
22875 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
22882 fdesc bug is fixed in Open/Net BSD
22886 updates from Nieusma
22889 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
22892 move compat.h after the system includes
22895 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
22898 save errno from being clobbered by wait(). From Theo
22901 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
22904 fix an occurence of setresuid -> setreuid (typo)
22907 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
22910 check for path to strip
22913 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22916 deal with maxfilelen < 0 case
22923 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
22926 correct error message if mode/owner wrong and not statable by owner
22927 but is statable by root.
22930 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22932 * config.guess, config.sub:
22936 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
22938 * CHANGES, RUNSON, TODO:
22942 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
22944 * parse.yacc, sudo.h:
22945 command_alias -> generic_alias
22946 [c404ca8c510d] [SUDO_1_5_3]
22949 added Runas_Alias example and fixed syntax errors
22952 * OPTIONS, options.h:
22953 updated MAILSUBJECT
22960 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
22961 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
22962 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22963 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
22964 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
22965 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
22970 * BUGS, emul/utime.h:
22975 document Runas_Alias
22983 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
22988 add size params to sprintf
22992 allow trailing space after '\\' but before '\n'
22996 off by one error in path size check
23003 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
23010 now warns if killed by signal ./
23013 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
23016 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
23021 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
23025 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
23029 Add Runas_Alias and simplify a rule.
23033 always store User_Alias's since they can be used inside of a runas
23034 list. Sigh. Really need a Runas_Alias instead.
23037 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
23040 deal with case where there is no sudoers file
23043 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
23049 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
23051 * HISTORY, testsudoers.c:
23052 developement -> development
23067 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
23070 removed seteuid() notes
23071 [1010a60f281d] [SUDO_1_5_2]
23073 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
23076 better seteuid() emulatino
23080 added check for seteuid
23087 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
23090 first stab at sequent support
23094 added HAVE_SYS_SELECT_H
23098 sequent -> _SEQUENT_
23102 added seteuid() macro for DYNIX
23106 _AIX -> HAVE_SYS_SELECT_H
23109 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
23111 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
23112 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
23113 testsudoers.c, tgetpass.c, utime.c, visudo.c:
23117 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
23118 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
23119 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
23120 pathnames.h.in, version.h:
23125 added -H and SUDO_PS1
23129 use SUDO_FUNC_FNMATCH
23133 added SUDO_FUNC_FNMATCH
23141 added MODE_RESET_HOME /
23144 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
23158 * compat.h, config.h.in:
23163 added HAVE_OPIE and changed to *_OTP_*
23170 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
23173 moved fclose() in skey stuff.
23176 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
23179 index -> strchr remove unnecesary stuff
23183 now call skeychallenge() to get challenge instead of making one up
23184 ourselves. this way, we get extra goodies in the prompt.
23187 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
23191 [3f5149357e2a] [SUDO_1_5_1]
23194 allow logins to start with a number (YUCK!)
23197 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
23200 added soalris 2.5 vs 2.4 note
23204 DUNIX doesn't need -lnsl
23208 *** empty log message ***
23211 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
23212 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
23213 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
23214 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
23215 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
23216 utime.c, version.h, visudo.c:
23220 * PORTING, README, RUNSON:
23224 * INSTALL, Makefile.in, TROUBLESHOOTING:
23229 *** empty log message ***
23232 * sudo.pod, visudo.pod:
23236 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
23242 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
23245 added $SUDO_PROMPT support
23248 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
23251 print long skey challemged to stderr, not stdout
23254 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
23264 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
23270 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
23273 use shost, not host for tgetpass
23277 documented %u and %h
23281 documented %u and %h
23288 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
23289 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23290 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23291 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
23292 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
23293 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
23301 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
23303 * Makefile.in, configure.in, version.h:
23308 new tgetpass() params
23312 pass use and host to tgetpass
23316 added %u and %h escapes
23319 * OPTIONS, check.c, options.h:
23324 added cray (unicos) support
23327 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
23329 * OPTIONS, options.h, sudo.c:
23330 added SHELL_SETS_HOME
23333 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
23336 added note about "make install"
23340 changed length/size params from int to size_t
23344 now get CSOPS insults as well by default
23348 use csops insults too by default
23351 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
23356 added runas_homedir
23372 added "upgrading" notes
23375 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
23378 now do chmod and chown after edit of temp file and before rename
23379 [de174e34faa7] [SUDO_1_5_0]
23381 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
23384 ++version added INSTALL.configure
23387 * configure.in, version.h:
23392 *** empty log message ***
23400 sets $HOME to pw_dir of runas user
23404 document $HOME change
23407 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
23410 fixed up some wording
23413 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23414 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
23415 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
23420 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
23421 insults.h, options.h, pathnames.h.in, sudo.h:
23430 name nad type changes
23434 now works with new sudo
23442 some variable name changes + comment headers for functions.
23446 added extra paren's to make compilers happy
23450 *** empty log message ***
23454 now uses init_parser() if not in sudoers and tries "list" or
23455 "validate" scold but don't be nasty.
23459 now can use upper case login names
23463 now uses init_parser()
23471 added info about PASSWORD_TIMEOUT
23474 * INSTALL.configure:
23483 now dynamically allocates memory for the stacks -- no more
23488 -l now explands command aliases
23492 hacks to expand command aliases for `sudo -l'
23496 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
23500 added struct command_alias
23508 in compar() key should be first arg
23511 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
23518 can now deal with upcase HOST and USER names
23522 don't yell too loudly at non-sudoers if they do "sudo -l"
23533 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
23535 * parse.c, parse.yacc:
23536 added support for new `sudo -l' stuff
23540 now uses list_matches()
23544 added struct sudo_match
23548 now more -lgnumalloc
23551 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
23554 added more paths for chown and whoami
23557 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
23563 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
23566 fixed DUNIX check for shadow pw
23570 now only turn off echo if it is already on. this fixes a race when
23571 you use sudo in a pipelin
23579 changed "test -z $foo && do_this" to if; then construct
23582 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
23585 added missing defines of SHADOW_TYPE
23588 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
23591 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
23596 added AUTH_CRYPT_C1CRYPT support
23600 no longer return VALIDATE_NOT_OK if there was a runas that didn't
23601 match. Now we can have runas stuff on more than one line.
23604 * getspwuid.c, sudo.c, tgetpass.c:
23605 use SHADOW_TYPE instead of HAVE_C2_SECURITY
23609 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
23614 removed HAVE_C2_SECURITY added SPW_BSD
23618 use SHADOW_TYPE instead of HAVE_C2_SECURITY
23622 SHADOW_TYPE is always defined so just against its value
23626 added SUDO_CHECK_SHADOW_DUNIX
23629 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
23632 * -> ?* in one example added another instance of (runas) and one of
23636 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
23639 added back check for config.cache from other host type
23643 removed an instance of \"
23651 updated wrt new wildcard matching
23655 new check for shadow passwords if we don't know anything
23659 new SUDO_CHECK_SHADOW_GENERIC
23663 added back check for -lsocket (oops)
23667 better (working) check for shadow passwd type if we know to use C2.
23671 now uses AC_CANONICAL_HOST to figure out os type
23675 added config.{guess,sub}
23679 removed unused stuff to figure out os type
23695 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
23696 pathname. need to check against sudoers_args even if user_args is
23701 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
23702 pathname need to check against sudoers_args even if user_args is nil
23705 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
23708 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
23712 now takes command line args and uses cmnd_args
23716 fill_args was adding an extra leading space
23719 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
23722 fixed dummy command_matches()
23734 now uses flat args string
23737 * parse.c, parse.lex:
23738 now uses flat arg string
23742 added cmnd_args def
23746 now sets cmnd_args global
23750 cmnd_args is now exported from sudo.[ch]
23753 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
23756 can't rely on cmnd_matches as much as I thought -- added some $$
23757 stuff back in to prevent namespace pollution problems.
23761 Simplified parse rules wrt runas and NOPASSWD (more consistent).
23764 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
23767 NOPASSWD may now have blanks before the ':' '(' only starts a
23768 'runas' if in the initial state to avoid collision with command args
23772 added checks for specific shadow passwd schemes
23776 added routines to check for specific shadow passwd types
23779 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
23782 added support for ncr boxen
23786 added support for detecting ncr boxen
23789 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
23792 added sinix support
23795 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
23798 added info about "config.cache from other other" error.
23802 now makes sure you don't have a config.cache file from another OS
23806 now sets $LIBS when needed to configure links with libs when doing
23807 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
23808 bigcrypt(3) if SPW_SECUREWARE
23816 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
23824 no more SPW_HPUX10 added HAVE_BIGCRYPT
23828 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
23832 SPW_SECUREWARE now uses bigcrypt
23835 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
23838 fixed 2 syntax errors
23842 root may now run ALL as ALL
23845 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
23848 fixed a typo/thinko that broke BSD's with sa_len
23851 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
23853 * check.c, configure.in:
23854 updated AFS support
23858 added entry about /usr/ucb/cc
23862 prep no longer holds gcc binaries
23874 AFS allows long passwords
23878 fixed -u user support
23882 sudo -v now groks VALIDATE_OK_NOPASS
23886 fixed no_passwd vs. runas_matched
23890 took out stuff about NFS-mounting since it is no longer an issue
23894 added --with-libraries > --with-libpath --with-incpath
23898 was setting runas_matches to -1 in wrong place
23902 removed usersec.h which is not present in new AFS versions
23906 now deals with timeout <= 0
23914 BSD/OS >= 2.0 now uses shlicc instead of just gcc
23918 fixed backwards compatibility with sudo 1.4 sudoers mode for root
23919 readable/writable filesystems
23923 now gives INSTALL -c flag
23927 slightly simpler initialization of no_passwd and runas_matches
23931 added -u username support
23935 improved --with-libraries support
23938 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
23941 added --with-incpath, --with-libpath, --with-libraries
23945 now initializes some fields that weren't getting set to -1 pretty
23946 gross -- need a rewrite.
23949 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
23956 no longer add -lPW to *_LIBS since we include alloca.c
23960 added HAVE_ALLOCA_H
23975 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
23978 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
23979 not always set to a valid uid.
23983 fixed entry for SUDO_MODE
23987 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
23988 being set to -2. Now beat NFS to the punch and set uid to "nobody"
23989 ourselves, preserving group 0 to read sudoers.
23993 moved set_perms(PERM_ROOT) to be before yyparse()
24001 no longer need AC_PROG_INSTALL
24005 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
24009 make clean -> make distclean
24012 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
24015 removed some unnecsary if's
24018 * Makefile.in, version.h:
24022 * parse.c, testsudoers.c:
24023 now includes netgroup.h
24027 removed cats of ioctl to int since they didn't shut up -Wall
24031 explicately cast ioctl() to int since it it not always declared
24035 added declarations for yyparse() and yylex()
24039 fixed an occurence of '==' -> '='
24042 * config.h.in, configure.in:
24043 added check for netgroup.h
24047 fixed 2 compiler warnings
24051 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
24055 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
24061 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
24064 fixed a formatting thingie
24067 * parse.c, parse.yacc:
24068 fixed -u support with multiple user lists on a line
24072 unixware needs -lgen
24076 updated ftp location
24080 add net_addr/netmask support
24084 added net_addr/mask example
24087 * parse.c, parse.lex:
24088 added support for net_addr/netmask
24091 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
24097 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
24107 * BUGS, TODO, TROUBLESHOOTING:
24112 updated with examples of new stuff
24120 updated wrt -u and NOPASSWD
24124 updated wrt -u and CAVEATS
24127 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
24134 now use :foo: character classes (makes no diff for generated lexer)
24137 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
24140 fixed LONG_SKEY_PROMPT stuff
24143 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
24150 make more like NetBSD one -- now compiles w/o warnings
24154 fixed decls of lsearch()
24157 * config.h.in, configure.in, getspwuid.c:
24162 hpux 10 uses bigcrypt() if C2
24165 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
24168 now always uses fnmatch to match args
24172 back to using stdio instead of raw i/o since that caused some
24176 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
24179 now give usage warning if use -l,-v,-k with args
24182 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
24185 NewArgc is now set to 1 for -l, -v, -k
24189 now sets sudoers to correct group if mode is 0400
24193 updated to version used by inn and bind
24197 now uses -lgnumalloc if it exists
24201 "make install" now sets uid/gid and mode on sudoers if it exists
24205 rmeoved debugging statements
24209 added a missing free()
24213 now uses user_gid instead of getegid (which was wrong anyway) to set
24214 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
24215 (logging.c depends on args being in the environment)
24219 now uses SUDO_COMMAND envariable to get command args rather than
24220 building it up again.
24228 fixed off by one error in allocation NewArgv
24232 in sudoers, 'command ""' now means command with no args
24236 added check for fnmatch(3) and fnmatch.h
24244 replaced wildcat.* with fnmatch.*
24251 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
24254 now uses fnmatch() instead of wildmat a trailing star (*) by itself
24255 now matches multiple args added support for wildcards in the
24256 pathname in sudoers
24259 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
24262 now includes compat.h and config.h
24266 added HAVE_FNMATCH_H
24270 now checks for alloca() (if needed by bison or dce) and links with
24271 -lPW if it contains alloca() and libv and compiler do not.
24274 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
24278 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
24281 now fixes mode on sudoers if set to 0400 to aid in upgrade
24284 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
24287 fixed pod2man usage
24290 * Makefile.in, configure.in, version.h:
24294 * testsudoers.c, visudo.c:
24295 runas_user is now initialized to "root"
24299 removed PERM_FULL_ROOT
24303 runas_user defaults to "root" so no more need to PERM_RUNAS
24307 will now only running commands as root if there was no runas list
24308 (or if root is in the runas list)
24316 runas_matches is now set to false if we get a negative match
24320 make #uid work + some minor cleanup
24324 added support for NOPASSWD and "runas" from garp@opustel.com /
24328 added support for "runas" from garp@opustel.com replaced
24329 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
24334 added support for "runas" from garp@opustel.com
24338 added support for NO_PASSWD and runas from garp@opustel.com replaced
24339 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
24344 added support for NO_PASSWD and runas from garp@opustel.com replaced
24345 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
24350 added support for NO_PASSWD and runas from garp@opustel.com
24353 * parse.c, parse.lex:
24354 added support for NO_PASSWD and runas from garp@opustel.com
24358 added support for SUDOERS_WRONG_MODE and "runas"
24362 added --with-CC only link with -lshadow on linux (with shadow pw) if
24363 libc lacks getspnam()
24366 * OPTIONS, options.h:
24367 removed NO_PASSWD since it is not possible to do this in the sudoers
24368 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
24369 SUDOERS_GID. Added SUDOERS_MODE.
24373 now uses SUDOERS_UID and SUDOERS_GID
24376 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
24382 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
24385 added double quote support
24389 documented double quoting
24392 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
24399 fixed some indentation
24407 added install-dirs .
24410 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
24413 new version from "Jeff A. Earickson" <jaearick@colby.edu>
24416 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
24419 $CSOPS -> $with_csops (whoops, missed one)
24427 FQHOST now has same constraints as non-FQHOST
24431 added note about OS's w/ shadow passwords turned on by default
24434 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
24441 added support for --without-THING sanitized shadow pw situtation by
24447 fixed a typo wrt placement of an end paren
24451 was closing an fd that may not have been opened
24454 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
24456 * OPTIONS, options.h, sudo.c:
24460 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
24463 now always use shadow pw on some arches
24466 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
24469 added pyramid support
24473 no longer check for C2 if alternate passwd method is used no longer
24474 check for some libs twice
24478 moved fqdn stuff into parse.lex (FQHOST)
24486 now define TCSASOFT in necesary
24490 now uses read/write instead of stdio string goop to avoid problems
24494 * OPTIONS, find_path.c, options.h:
24495 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
24498 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
24501 added note about no shadow auto-detect if using alternate auth
24506 don't check for C2 if AFS or DCE (unless they said --with-C2)
24513 * OPTIONS, find_path.c, options.h:
24517 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
24520 checkdot now works correctly
24523 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
24526 can't have DCE and C2 passwords both...
24529 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
24531 * parse.yacc, sudo.c, sudo.h, visudo.c:
24532 now uses shost even if not FQDN
24536 now looks for skey in /usr/lib and doesn't require libskey to be in
24537 /usr/local/lib just because skey.h is (for my netbsd box :-)
24540 * aclocal.m4, config.h.in, pathnames.h.in:
24541 _SUDO_PATH_ -> _CONFIG_PATH_
24544 * aclocal.m4, sudo.pod:
24545 /var/run/.odus -> /var/run/sudo
24549 now uses _SUDO_PATH_TIMEDIR
24556 * aclocal.m4, configure.in:
24561 added _SUDO_PATH_TIMEDIR
24565 updated wrt /var/run/sudo
24569 added support for shost if FQDN
24572 * parse.yacc, visudo.c:
24573 now uses shost if FQDN
24577 Now use skeylookup() instead off skeychallenge()
24580 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
24583 mail_argv should not contain ALERTMAIL as it includes "-t"
24586 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
24588 * INSTALL, Makefile.in, README, configure.in, version.h:
24593 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
24597 now includes limits.h moved _PASSWD_LEN -> compat.h
24600 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
24618 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
24625 done for 1.4.1 (I hope)
24629 added info on wildcards
24633 added wildcard example
24637 now uses *.pod to build *.man and *.cat & *.html
24641 addedSUDO_PROG_BSHELL !ll
24645 fixed up some formatting
24649 redid section describing sample sudoers stuff
24653 fixed some formatting
24657 now treats "" as bourne shell
24661 TESTOBJS nwo includes wildmat.o
24665 now works with NewArg[cv]
24669 removed an XXX (fixed it in getspwuid.c)
24673 added check for bourne shell
24681 added _SUDO_PATH_BSHELL
24684 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
24687 unixware vi returns 256 instead of 0
24695 fixed up some XXX's. file log format now looks a little more like
24696 real syslog(3) format.
24699 * README, TROUBLESHOOTING:
24700 updated wrt lex/flex
24704 commented out rule to build lex.yy.c from parse.lex since we ship
24705 with a pre-flex'd parser
24708 * parse.c, parse.yacc, visudo.c:
24709 path_matches -> command_matches
24713 eliminated some strcat()'s
24717 no longer checks for lex/flex (now assumes flex)
24721 now checks for $kerb_dir_candidate/krb.h instead of just
24725 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
24728 now use a 'hook' expression instead of an iffy one :-)
24731 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
24734 now works with new sudo arg stuff
24738 fixed dereferencing deadbeef
24742 changed an occurrence of Argv to NewArgv
24746 took out support for quoted commands since there is no need...
24750 fixed a typo in a for() loop
24754 protected against dereferencing rogue pointers
24758 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
24759 also allows us to eliminate some kludges in parse_args() and
24760 eliminate superfluous code.
24764 no longer uses cmnd_args, now uses NewArgv instead.
24768 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
24773 added wildmat.c to SRCS & SUDOBJS
24777 COMMAND is now a struct containing the path and args
24781 replaced append() with fill_cmnd() and fill_args. command args from
24782 a sudoers entry are now stored in an arrary for easy matching.
24786 command line args from sudoers file are now in an array like ones
24787 passed in from the command line
24790 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
24793 wildwat stuff now works
24796 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
24803 ++version added wildmat.*
24806 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
24809 added support for quoted commands (w/ or w/o args)
24812 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
24814 * sudo.pod, visudo.pod:
24815 cleaned up formatting
24818 * sudo.pod, visudo.pod:
24822 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
24825 looks reasonable, could be mroe readable
24832 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
24839 updated NO_ROOT_SUDO entry
24842 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
24845 *** empty log message ***
24846 [5b63de579ff7] [SUDO_1_4_0]
24857 AIX aixcrypt.exp now uses $(srcdir)
24861 added entry for anal ansi compilers
24864 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
24867 added info on libcrypt_i for SCO
24871 *** empty log message ***
24886 * INSTALL, OPTIONS, README, config.h.in, configure.in:
24891 ++version and fixed ISC
24894 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
24895 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
24896 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
24897 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
24903 added STUB_LOAD_INTERFACES ++version
24906 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
24912 added info about fd_set in tgetpass added info on interfaces.c
24915 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
24926 tgetpass.o is now only linked in with sudo (not visudo)
24929 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
24931 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
24937 added copyright notice
24940 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
24941 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
24942 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
24943 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
24944 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
24949 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
24953 ISC now gets -lcrypt now check for sys/bsdtypes.h
24957 added check for sys/bsdtypes.h
24960 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
24963 removed debugging stuff (setting freed ptr to NULL)
24975 added section on syslog
24979 added AC_ISC_POSIX for better ISC support
24987 added define for _POSIX_SOURCE
24990 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
24993 fixed check for lsearch()
24996 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
24999 fixed for AIX now deal if num_interfaces == 0 (should not happen)
25002 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
25005 now only define HAVE_LSEARCH if there is a corresponding search.h
25012 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
25015 now define HAVE_LSEARCH if we find lsearch() in libcompat
25019 char * -> const char *
25023 now looks in -lcompat for lsearch()
25027 remove sudo.core visudo.core for clan target
25031 added UID_MAX support in check for MAX_UID_T_LEN
25035 fixed another occurence of sudo_getpwuid.*
25038 * Makefile.in, getspwuid.c:
25039 sudo_getpwuid.c -> getspwuid.c
25046 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
25047 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
25048 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
25049 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
25050 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
25051 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
25052 version.h, visudo.c:
25057 added group support
25065 documented group support
25068 * parse.c, parse.lex, parse.yacc, visudo.c:
25069 added group support
25072 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
25075 tkfile was too short and overflowed the kerberos realm
25078 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
25081 now copy command args directly from Argv
25085 replaced code to copy cmnd_args so that is does not use realloc
25086 since most realloc()'s really stink
25089 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
25092 syslog() fixed in hpux 10.01
25095 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
25098 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
25102 better error if cannot find skey incs or libs
25106 now use a temp file for determining max len of uid_t in string form.
25107 the old hacky way broke on netbsd
25111 added set of parens and a space
25114 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
25117 fixes from Jeff Earickson <jaearick@colby.edu> ,
25125 fixed up testsudoers target
25129 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
25130 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
25134 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
25138 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
25141 fix for C2 on hpux 10 now uses -linet if it exists
25145 LONG_SKEY_PROMPT is less of a klusge /
25149 fixed typos w/ dce stuff
25156 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
25159 amended section on combining authentication mechanisms
25163 minor updates for 1.3.6
25167 added 2 more entries
25179 rewrote for sudo 1.3.6
25186 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
25188 * find_path.c, getspwuid.c, sudo.c:
25189 added explict casts for strdup since many includes don't prototype
25194 removed prototype for sudo_getpwuid() since convex C compiler choked
25199 added prototype for sudo_getpwuid()
25203 now compiles on strict ANSI compilers
25207 added LONG_SKEY_PROMPT support
25211 added extra $'s for make to eat up, yum.
25214 * OPTIONS, options.h:
25215 added LONG_SKEY_PROMPT
25218 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
25221 s/key support now works with normal s/key as well as logdaemon
25224 * OPTIONS, options.h:
25229 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
25233 added DCE note added more AIX notes
25237 now include pthread.h for DCE support
25241 dce_pwent() is ok after all .,
25245 now uses SYSLOG() macro that equates to either syslog() or
25250 minor formatting changes. renamed check() to somthing less generic
25253 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
25255 now uses user_pw_ent and simple macros to get at the contents
25258 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
25261 simpler dec unix C2 support
25265 now sets crypt_type for DEC unix C2
25268 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
25271 added csops paths for skey
25275 now includes string.h for strdup() prototype
25283 now includes skey.h
25291 moved a lot of the shadow passwd crap to sudo_getpwuid()
25295 now uses sudo_pw_ent
25299 now uses sudo_pw_ent
25303 now sets sudo_pw_ent
25311 moved dce stuff into compat.h
25314 * logging.c, sudo.h:
25315 now uses sudo_pw_ent
25319 added sudo_getpwuid.c
25327 now uses sudo_pw_ent
25330 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
25333 fixed exempt_group stuff for OS's that don't put base gid in group
25338 S/Key support now works with sunos4 shadow passwords
25345 * config.h.in, configure.in:
25354 first stab at dce support
25358 now smells like sudo
25366 skey'd sudo now works w/ normal password as well
25369 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
25371 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
25372 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
25373 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
25374 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
25375 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
25376 version.h, visudo.c:
25377 updated version number
25381 updated to reflect version change
25385 --with options now line up ++version
25389 removed unecesary S/Key stuff
25393 fixed S/Key support
25397 -I stuff now goes in CPPFLAGS
25409 fixed description of EXEMPTGROUP
25413 more people use _RLD_ than just alphas...
25417 replaced $man_prefix with $mandir
25425 now use more GNU'ish dir names
25429 now set *dir correctly (can override from command line)
25433 now deal with situations where we getwd() fails
25436 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
25439 added etc_dir, bin_dir, sbin_dir
25447 now ship a flex-generated lex.yy.c
25451 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
25455 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
25459 no more error for redefining SUDOERS_OWNER
25463 expanded SUDOERS_OWNER section
25466 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
25469 now warn if chown(2) failed
25473 better default warning for NO_SUDOERS_FILE
25477 added missing set_perms() no more cryptic message if the sudoers
25478 file is zero length, now just give a parse error
25482 better diagnostics if NO_SUDOERS_FILE
25486 check_sudoers() now catches sudoers files that are not readable (but
25490 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
25493 now add -D__STDC__ for convex cc (not gcc)
25497 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
25501 now uses exec_prefix & prefix from configure
25504 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
25505 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
25507 options.h is now <> instead of "" so shadow build trees can have a
25508 custom copy of options.h
25512 user_is_exempt() is no longer a hack, it now uses getgrnam()
25516 EXEMPTGROUP is now "sudo"
25520 MAN_POSTINSTALL now contains a leading space
25524 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
25525 testsudoers in clean:
25529 includes pwd.h to get _PASSWD_LEN definition
25532 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
25535 unset the KRB_CONF envariable if using kerberos so we don't get
25536 spoofed into using a bogus server
25539 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
25542 now explicately initialize match[] tp be FALSE
25545 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
25548 removed unused variable now passes -Wall
25552 yyerror and dumpaliases are now void's now passes -Wall
25556 added prototype for yyerror
25559 * check.c, logging.c, parse.c:
25564 rmeoved unused cruft now passes -Wall
25568 fixed headers that moved to emul dir
25572 fixed deref of nil pointer if no args
25575 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
25578 added a caveat to FQDN section
25581 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
25584 more $srcdir support for install targets
25587 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
25588 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
25589 don't include malloc.h if we include stdlib.h
25593 local search.h now lives in emul
25596 * check.c, utime.c:
25597 local utime.h now lives in emul dir
25601 local search.h now lives in emul
25605 added support for building in other than the sourcedir
25608 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
25611 annotated CSOPS_INSULTS option
25615 updated shadow passwords blurb
25619 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
25620 passes along foo as the arguments
25623 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
25626 collapsed pathname and dir sections into one -- its now less
25631 fixed spacing quoting [,:\\=] now works correctly append() and
25632 fill() now take args to make the above work
25636 fixed a typo that caused commands with no tty on fd 0 but a tty on
25637 fd 1 to erroneously have "none" as their tty
25640 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
25643 timestampfile is now a global static removed decl of timestampfile
25644 in remove_timestamp since we can just use the global one
25648 created touch() to update timestamps added USE_TTY_TICKETS support
25653 added _S_IFDIR and S_ISDIR
25656 * OPTIONS, options.h:
25657 added USE_TTY_TICKETS
25661 removed const from casts for lsearch() & lfind() to placate irix 4.x
25665 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
25668 now only strip '/dev/' off of a tty if it starts with '/dev/'
25676 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
25681 fixed incorrect #ifdef termio uses "unsigned short" not int for
25685 * parse.lex, parse.yacc:
25686 fixed a spelling error
25693 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
25700 added dotcat() to cat 2 strings w/ a dot effeciently now that we
25701 dynamically allocate strings they need to be free()'d
25705 dynamically allocates space for strings
25709 no more MAXCOMMANDLENGTH
25716 * logging.c, sudo.c:
25717 moved tty stuff into sudo.c
25720 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
25723 fixed a logic bug. Was denying a command if user gave command line
25724 args but there were none in the sudoers file which is wrong.
25728 MAXCOMMMANDLEN dropped down to 1K
25732 return foo; -> return(foo);
25736 fixed netgr_matches() prototype
25740 added support for escaping "termination" characters
25744 buf is now of size MAXPATHLEN+1 since it never holds command args
25752 fixed negation problem (doh!)
25756 fixed 2nd parameter to lfind()
25760 now do bounds checking in fill() and append()
25764 include netdb.h as we should added a missing void cast added
25765 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
25766 realloc actually moved the string instead of shrinking it
25770 updated with examples of new features
25774 now set errno to EACCES if not a regular file or not executable
25778 if given a fully-qualified or relative path we now check it with
25779 sudo_goodpath() and error out with the appropriate error message if
25780 the file does not exist or is not executable
25783 * emul/search.h, lsearch.c:
25784 now use correct args for lfind
25792 added in CSOps insults
25804 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
25808 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
25812 fixed -k load_interfaces() now gets called if FQDN is set
25813 -p now works with -s
25817 don't try to stat() "pseudo commands" like "validate"
25821 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
25825 added SecurID support added other insults to --with-csops
25833 added clobber target added ins_csops.h now gets CFLAGS from
25838 relaxed SUDO_FULL_VOID
25842 function comment blocks are now in same style as rest of code
25846 added support for command line args in /etc/sudoers
25850 updated to have command args in the sudoers file
25854 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
25857 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
25860 PATH renamed to COMMAND
25864 it is now a parse error for directories to have args attached to
25869 now say command args if telling user to buzz off
25873 -s no longer indicates end of args sped up loading on cmnd_args in
25878 removed an unreachable statement
25882 made more efficient by pulling out the terminators when in GOTCMND
25883 state and making them their own rule
25886 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
25889 removed MAXLOGLEN since it is no longer used
25893 now allows command args
25897 now groks command arguments
25901 now sets tty correctly when piped input
25905 fixed loading of cmnd_args (was including command name too)
25909 fixed a core dump due to incorrect if construct
25912 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
25915 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
25919 fixed check for ISC
25923 now sets cmnd_args used by log_error() and that will be used by the
25924 parse to check against command args
25932 now dynamically allocate logline since we can guess at its size
25935 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
25938 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
25939 "register" since the compiler knows more than I do now do a
25940 "basename" of the tty
25943 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
25950 added shell extern changed MODE_* to be bit masks to allow for
25951 several options together
25955 added -s (shell) option made MODE_* masks so we can do bitwise & and
25956 | to see if multiple flags are set.
25960 added securid support
25963 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
25966 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
25969 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
25971 * Makefile.in, version.h:
25975 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
25978 fixed free() of an uninitialized pointer (yuck)
25982 added netgr_matches
25986 cleaned up netgr_matches
25989 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
25995 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
25998 now installs sudoers.man -- really should clean this up though.
26002 added sudoers.cat and sudoers.man
26006 pulled out stuff on the sudoers file format into a separate man page
26014 fixed up my email address
26018 added checks for innetgr and getdomainname
26022 added dummy netgr_matches function
26026 added netgr_matches
26029 * parse.lex, parse.yacc:
26030 added NETGROUP support
26034 added HAVE_INNETGR & HAVE_GETDOMAINNAME
26037 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
26040 rewrote clean_env() that has rm_env() builtin
26043 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
26046 now cast uid to long in sprintf
26050 added _INSULTS suffix to HAL & GOONS end
26054 added _INSULTS suffix to HAL & GOONS
26057 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
26058 converted to new scheme of insult "unions" end
26062 now uses MAX_UID_T_LEN
26066 added SUDO_UID_T_LEN !l
26070 added MAX_UID_T_LEN
26074 now use MAX_UID_T_LEN
26078 added check for max len of uid_t fixed sco vs. isc check
26081 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
26092 hack to check for sco
26096 removed #include <net/route.h> since it was hosing some OS's
26099 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
26102 fixed prreadlink() prototype
26106 added parens in #if's
26114 moved SPW_* to config.h.in
26118 added a set of parens
26126 added SPW_* reordered error codes
26130 moved SPW_* to sudo.h
26133 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
26136 SPW_AUTH -> SPW_SECUREWARE
26140 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
26148 SPW_AUTH -> SPW_SECUREWARE
26152 now uses SHADOW_TYPE to make shadow pw support more readable and
26153 modular. It's a start...
26157 added autodetection of shadow passwords
26161 now uses SHADOW_TYPE define
26165 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
26169 added SUDO_CHECK_SHADOW
26172 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
26175 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
26176 memmove() since we dno longer use it...
26184 added BROKEN_SYSLOG support
26188 added BROKEN_SYSLOG
26192 now only bitch it timestamp > time_now + 2 * timeout to allow for a
26193 machine udpating its time from a server
26197 added 2 security notes updated Nieusma's email addr
26201 changed a memmove() to memcpy() since we don't have to worry about
26202 overlapping segments.
26205 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
26208 cleanup up the loop when interfaces are groped in so that it is
26212 * Makefile.in, version.h:
26216 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
26222 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
26225 fixed permissions check on /tmp/.odus
26228 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
26231 fixed some comments
26235 now checks owner & mode of timedir also checks for bogus dates on
26240 updated TIMEOUT info
26243 * logging.c, sudo.h:
26244 added BAD_STAMPDIR and BAD_STAMPFILE
26248 added definition of S_IRWXU
26255 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
26258 added #ifdef to make it compile on strange arches
26261 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
26264 fixed check for fulkl void impl.
26268 added mssing "static"
26272 replaced #elif with #else #if constructs for ancient C compilers
26276 updated irix c2 & kerb5 info
26280 added shadow pw support for irix
26283 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
26290 last changes for sudo 1.3.3
26294 now calls SUDO_SOCK_SA_LEN
26302 added SUDO_SOCK_SA_LEN
26306 now works with ip implementations that use sa_len in sockaddr
26310 added note about buggy AIX compiler
26314 now include sys/time.h for AIX
26317 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
26324 now works for ISC and others. yay.
26327 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
26329 * Makefile.in, version.h:
26333 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
26336 fixed test for full void impl
26340 now check to see that st_dev is non-zero before assuming that we are
26344 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
26346 * aclocal.m4, configure.in:
26347 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
26350 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
26353 fixed include file order for SUDO_FUNC_UTIME_POSIX
26357 added cast for ttyname()
26365 now deal correctly with all known variation of utime() -- yippe
26369 added SUDO_FUNC_UTIME_POSIX
26373 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
26377 added HAVE_UTIME_POSIX
26385 no longer assume !HAVE_UTIME_NULL means old BSD utime()
26389 fixed fascist C compiler warning
26393 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
26394 to 0 (just to be anal)
26397 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
26400 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
26408 reworked the ISC code
26411 * Makefile.in, version.h:
26416 now expect old-style utime(3) if utime() can't take NULL as an arg
26420 added check for utime.h
26428 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
26432 now search for kerb libs and includes
26436 added support for utime(2)'s that can't take a NULL parameter
26440 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
26444 added utime(s) stuff
26452 added HAVE_UTIME and HAVE_UTIME_NULL
26455 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
26458 now use HAVE_UTIME_NULL
26461 * emul/utime.h, utime.c:
26466 need to setuid(0) to make kerb4 stuff work.
26470 no more special case for kerberos
26474 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
26479 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
26484 now use private ticket file for kerberos support to avoid trouncing
26488 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
26491 added SPOOF_ATTEMPT & cmnd_st
26495 added anti-spoofing support
26499 now use global cmnd_st
26503 added SPOOF_ATTEMPT suypport
26506 * testsudoers.c, visudo.c:
26507 added void casts where appropriate
26511 fixed up spacing and added void casts where appropriate
26515 fixed problem with "-p prompt" but no args
26518 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
26521 added BUGS and annotated -l description
26525 validate() now takes a flag
26529 validate() now takes a flag added -l
26533 added support for -l
26537 validate() now takes a flag that says whether or not to check the
26541 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
26544 now deals with Argv == 1
26552 added prompt support reworked parse_args()
26564 now use BUFSIZ as length of kerb password added kpass so pass is
26565 always a char * now use prompt global when asking for a password
26569 now use BUFSIZ as _PASSWD_LEN if using kerberos
26576 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
26579 only look for -lufc or -lcrypt if crypt() not in libc
26583 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
26584 (unknown user) silently fail
26592 HAVE_KERBEROS -> HAVE_KERB4
26596 removed debugging printf
26600 KERBEROS -> KERB4 added checks for setreuid & setresuid
26604 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
26608 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
26609 with setresuid if applic
26613 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
26614 no setreuid() or a broken one
26617 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
26620 added kerberos support
26624 added HAVE_KERBEROS
26628 added KERBEROS support (long passwords)
26632 added kerberos support
26635 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
26638 added MODE_BACKGROUND
26642 escaped dashes added -b option
26650 added crypt() for osf/1 3.x enhanced secuiry
26654 now check for -lcrypt
26658 added ENXIO like EADDRNOTAVAIL
26661 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
26664 now emulate getwd(), not getcwd()
26668 getcwd() -> getwd()
26675 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
26677 * ins_2001.h, ins_classic.h, ins_goons.h:
26682 broke out insults into separate include files
26685 * OPTIONS, options.h:
26690 added ins_2001.h ins_classic.h ins_goons.h
26693 * Makefile.in, version.h:
26698 moved signal handler setup to setup_signals()
26702 added load_interfaces()
26706 moved load_interfaces to interfaces.c
26713 * OPTIONS, options.h:
26718 now uses clearaliases variable
26726 added interfaces.[co]
26730 now uses ip addrs and netmasks via load_interfaces()
26734 now remove IFS instead of setting to "sane" value
26737 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
26743 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
26746 sudo_goodpath.c-> goodpath.c
26750 added Andy's new ISC changes
26753 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
26756 added a sentence to SECURE_PATH info
26771 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
26777 * Makefile.in, version.h:
26782 sendmail is now looked for in
\17/usr/ucblib
26798 added unixware case
26802 user_is_exempt is no longer hidden
26810 isc and riscos changes
26814 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
26818 fixed a typo and added testsudoers stuff
26825 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
26828 applied fixed patch from Chris
26831 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
26838 added a set of braces for bison
26842 merged in Chris' changes to dekludge the parser.
26846 send_mail() was calling find_path() which is wrong since find_path()
26847 stores cmnd in a static var. Anyhow, it doesn't make much sense
26848 since MAILER should always be fully qualified
26851 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
26854 added User_Alias stuff
26858 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
26862 added DEC UNIX 3.0 w/ gcc
26866 Exit was being used in places where exit should be used
26870 added "User alias specification"
26874 fixed probs caused by making nslots and naliases a size_t
26878 added KSR, upped rev to 1.3.1b2
26881 * logging.c, parse.yacc:
26886 void * -> VOID * naliases and nslots are now size_t to appease
26887 lsearch on 64-bit machines
26890 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
26893 did a bunch of things and added a bunch :-)
26901 closer to BSD manpage style
26905 closer to standard BSD man format
26908 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
26909 pathnames.h.in, sudo.h, version.h:
26914 removed crufty #defines that are no longer used
26922 updated based on sudo changes
26926 now allow ALL keyword in User_Aliases now allow ALL keyword as well
26935 now sets SUDO_COMMAND and SUDO_GID envariables.
26939 fixed bug with full void impl check
26943 fixed User_Alias supoprt
26947 added stubs for User_Alias support
26951 now sets removes # bogus interfaces from num_interfaces
26955 added User_Alias support
26958 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
26961 removed extraneous TODO
26964 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
26967 ntwk_matches -> addr_matches
26971 ntwk_matches -> addr_matches
26975 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
26976 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
26981 took out debugging info
26985 OS was being set to unknown before non-uname based host checks.
26986 This caused no checks to happen since $OS was not zero-length.
26990 fixed loading of interfaces struct still has debugging info in
26998 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
27009 removed extraneous extern decl of "top
27017 removed parser_cleanup (no need for it now)
27021 now calls reset_aliases() directly
27024 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
27027 added a sentence to SECURE_PATH description
27031 fixed my stupid bug where I used NAMLEN on something I wanted to
27032 just get the name from. argh.
27035 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
27038 fixed argument order of memmove() that i hosed when converting from
27043 finally fixed DISTFILES line
27051 added missing files to DISTFILES
27055 SUPPORTED -> RUNSON
27058 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
27065 updated for pl5b1 release
27073 fixed bug where if you hit return at first sudo prompt it would
27074 still log as a failure
27082 better test for bogus void * implementation
27086 added PASSWORDS_NOT_CORRECT
27090 added PASSWORDS_NOT_CORRECT stuff]
27094 added PASSWORDS_NOT_CORRECT
27102 removed some unused vars and fixed up uid2str
27109 * getcwd.c, getwd.c:
27113 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
27116 fixed a typo I introduced in the last checkin :-(
27120 can't have #ifdef's where N is defined so just do this the broken
27125 better hack from Chris (but still a hack)
27129 stupid hack for broken aix lex
27133 now includes compat.h
\ 6
27137 now includes fcntl.h
27141 added FD_SET and FD_ZERO for 4.2BSD
27145 dirty hack to fix parser bug. i don't really like this but it works
27150 uid2str is now static like the prototype says
27153 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
27155 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
27164 check_sudoers now returns an error code and sudo calls inform_user
27165 and log_error based on the return value.
27168 * logging.c, sudo.h:
27169 added entries for new errors
27173 now set uid to that of SUDOERS_OWNER while parsing sudoers file
27177 took out testsudoers
\ 6
27181 now explicately checks that it is setuid root
27185 If a user has no passwd entry sudo would segv (writing to a garbage
27186 pointer). Now allocate space before writing :-)
27190 reordered AC_CHECK_FUNCS
27197 * tgetpass.c, visudo.c:
27202 bzero -> memset when a parse error is logged the line number of the
27203 error is now logged too
27207 added Sunos to blurb about c2 security
27211 added a SUN4 define for C2 security
27215 bcopy -> memmove bzero -> memset
27219 bcopy -> memmove char * -> VOID *
27223 added support for sunos with C2 security
27226 * OPTIONS, options.h:
27231 _PATH_SUDO_LOGFILE now set based on configure
27235 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
27239 added _SUDO_PATH_LOGFILE
27243 added SUDO_LOGFILE to find where to put sudo.log added
27244 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
27245 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
27248 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
27255 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
27256 to work around a problem is trusted hpux shadow passwords. yuck.
27260 backed out a change in malloc/realloc
27264 now include stdlib.h
27268 now do an freopen() of the stmp file so that yyin will always point
27269 to the same thing. This is important for flex since we are doing a
27274 replaced yywrap() with parser_cleanup() since yywrap() needs to be
27275 in parse.lex to be able to use YY_NEW_FILE. sigh.
27279 now have a rule that matches anything that doesn't match an
27280 explicite rule. well, you know what i mean (. matches anything not
27281 yet matched). However, this means that there is input still queued
27282 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
27283 into parse.lex and it calls parser_cleanup() which is most of the
27291 * getcwd.c, getwd.c:
27292 moved compat.h to be the last include file
27296 fixed type of aliascmp() args
27304 added casts to lfind and lsearch args for irix
27308 bsdinstall -> install-sh
27312 added info about make realclean
27316 updated VERSION added dependencies for visudo.cat
27328 now there is a real visudo.man and visudo.cat
27332 took out visudo stuff
27339 * parse.c, parse.lex, parse.yacc:
27348 updated Nieusma & Hieb email addresses
27352 updated to include options.h and OPTIONS
27360 eliminated bug #1 (yay)
27364 sunos no longer gets linked statically
27367 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
27370 prototype now uses __P()
27374 make fill() non-ansi
27378 made -v (validate) work
27386 don't check for execute/statable if fq or relative path given
27394 now include ctype.h for islower and tolower macros
27398 moved _S_IFMT & _S_ISREG to compat.h
27402 moved a set of parens
27406 now include compat.h
27414 now cast malloc & realloc return vals added search for HAVE_LSEARCH
27415 now use strcmp if no strcasecmp available
27423 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
27424 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
27428 added _S_IFMT, _S_IFREG, and S_ISREG
27432 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
27433 to most SUDO_* macros
27441 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
27442 AC_INSTALL_PROG instead of custom one added check for fully woorking
27443 void implementation
27447 added lsearch & search.h visudo links into $(LIBOBJS)
27451 partial 1.x to 2.x changes added SUDO_FULL_VOID
27455 whatnow_help was prototyped to be static be was not declared as
27460 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
27461 for dirent/dir/ndir.h
27465 now use groovy gnu autoconf macro AC_HEADER_DIRENT
27468 * getcwd.c, getwd.c:
27469 MAXPATHLEN -> MAXPATHLEN+1
27472 * emul/search.h, lsearch.c:
27476 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
27479 eliminated bison warnings
27487 now iincludes signal.h
27491 only clear data structures on a parse error
27495 whatnow() now gives help on invalid input
27499 added a whatnow() function (sort of like mh)
27503 kill_aliases -> reset_aliases yywrap() now cleans up by calling
27504 reset_aliases() and clearing top took reset stuff out of yyerror()
27505 since it doesn't beling there (and doesn't work anyway). errorlineno
27506 is now initially set to -1 so we can set it to the first error that
27507 occurrs (it was getting set to the last)
27515 rewrote from scratch based on 4.3BSD vipw.c
27518 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
27525 no more sudo_realpath() and find_path() changed params
27529 find_path() changed since no more realpath()
27533 on error, errorlineno is set to the line where the error occurred
27534 added kill_aliases() to free the aliases struct now clean up in
27535 yyerror() so we can reparse cleanly
27538 * options.h, parse.c:
27539 no more USE_REALPATH
27543 changed to use new find_path()
27547 removed all the realpath() stuff
27551 sudo_realpath.c -> sudo_goodpath.c
27555 now works correctly with utk parser
27563 eliminated a compiler warning
27567 elinated compiler warning
27571 added sudo_goodpath()
27575 added prototype for sudo_goodpath
27579 added support for /sys/dir.h
27583 USE_REALPATH turned off
27587 added calls to sudo_goodpath()
27591 added check for dirent.h
27595 added HAVE_DIRENT_H
27599 added in linux shadow pass stuff
\ 6
27602 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
27605 added back host, user, cmnd, parse_error
27609 added in utk changes plus some minor cosmetic changes
27612 * sudo.c, sudo_realpath.c:
27613 added void casts for printf's
27617 added a define of USE_REALPATH
27621 there is no more visudoers/Makefile
27625 added in utk changes (visudo is now built from the toplevel)
27629 added (void) casts to printf's
27632 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
27633 merged in utk changes
27636 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
27639 now check to see that what we are trying to run is a file (or a link
27640 to a file, we do a stat(2) so there is no diff)
27643 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
27650 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
27654 added myself as maintainer
27657 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
27660 changed setegid -> setgid
27663 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
27666 fixed the test for irix 5.x to skip bad libs
27670 now initialize OS and OSREV
27673 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
27680 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
27684 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
27687 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
27688 thing wrt yyrestart (grrrr)
27691 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
27694 added visudoers/compat.h to DISTFILES
27702 added ocmnd declaration adjusted for find_path()'s new parameters
27706 added ocmnd extern adjusted find_path() prototype
27710 cmndcmp() now takes 3 arguments and checks against the qualified as
27711 well as the unqualified pathname. more code that should use
27712 cmndcmp() but did not, now does
27720 changed to use new find_path() parameter passing
27724 find_path() now takes 2 copyout parameters (one for the qualified
27725 pathname and one for the unqualified pathname). The third parameter
27730 no longer munge pathnames.h
27734 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
27735 as a result, pathnames.h does not need to be run through configure
27736 and the user can override the configured values easily.
27740 added _SUDO_PATH_* entries
27744 _PATH* -> _SUDO_PATH_*
27748 updated DISTFILES and HDRS .o's now depend on config.h
27751 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
27754 removed extraneous #endif
27762 added SUDO_PROG_MV added riscos and isc os types took out
27763 -DSHORT_MESSAGE from --with-csops since it is now the default
27767 move the include of id.h to compat.h now includes options.h
27771 moved compatibility #defines to compat.h
27779 move __P to compat.h
27782 * getcwd.c, getwd.c, putenv.c:
27783 now includes compat.h
27790 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
27793 pull user-configurable stuff out and put in options.h
27796 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
27798 * parse.lex, parse.yacc, visudo.c:
27799 now includes options.h
27802 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
27804 now includes options.h
27808 added visudoers/options.h
27811 * OPTIONS, options.h:
27816 added OPTIONS and options.h
27820 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
27824 changed PASSWORD_TIMEOUT to minutes
27827 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
27830 now only do Editor +line_num if line_num != 0
27833 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
27836 now use mv if rename(2) fails
27847 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
27850 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
27853 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
27856 added mips & isc support
27860 added support for non-root owned sudoers file
27864 added exempt group support
27868 added set_perms() support added SUDOERS_OWNER so can have non-root
27869 own sudoers file added exempt group support added isc support
27873 now copy sudoers to temp file via read/write (not stdio) now chown
27874 new sudoers file to SUDOERS_OWNER
27877 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
27888 fixed typo added set_perms support added skey support added
27889 seteuid()/setegid() emulation for AIX
27893 be_* -> setperms() now check to make sure sudoers file is owned by
27894 root nread/write by only root
27897 * logging.c, parse.c:
27902 be_* -> set_perms() added skey support
27905 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
27915 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
27925 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
27931 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
27946 now bail if ARgv[1] > MAXPATHLEN
27950 added function check for tcgetattr(3)
27954 only define HAVE_TERMIOS_H if you have tcgetattr(3)
27958 added check for tcgetattr
27961 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
27967 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
27970 now only include unistd.h for linux
27973 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
27976 added visudo.8 generation
27980 added -Wl,-bI:./aixcrypt.exp to aix flags
27983 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
27994 added mailing list info
27998 now use sudolineno instead of yylineno fixed bison warnings
28002 now use -no_library_replacement for osf don't make a static binary
28007 added string.h/strings.h inclusion
28015 added inclusion of string.h/strings.h
28019 fixed uname | sed (needed to quote the '[')
28023 replaced yylineno with sudolineno fixed bison syntax errors
28027 changed yylineno to sudolineno since yylineno cannot be counted
28036 added code to support command listings
28040 added code for -l flag
28044 fixed typo added info for -l flag
28048 AC_SSIZE_T -> SUDO_SSIZE_T
28063 * find_path.c, sudo_realpath.c:
28064 readlink() is now declared as returning ssize~_t
28068 added -laud for OSF c2
28071 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
28073 * Makefile.in, visudo.c:
28074 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
28077 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
28078 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
28081 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
28082 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
28083 sudo_setenv.c, tgetpass.c, version.h:
28084 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
28087 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
28098 added host to alertmail messages
28106 fixed logging problem where mail would not say which user it was
28110 added -laud for gcc if osf & c2
28114 moved set_auth_parameters to sudo.c
28118 added set_auth_parameters for osf
28122 cleaned up -static stuff
28134 changed setenv() to sudo_setenv()
28150 added osf auth support & removed some extra spaces
28153 * INSTALL, SUPPORTED:
28157 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
28160 added 2 suggestions
28164 removed README.v1.3.1 and added VERSION stuff
28171 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
28182 mention HISTPRY file
28186 use sizeof instead of a constant in 1 place
28205 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
28209 [7dfbb4a810bb] [SUDO_1_3_1]
28216 added unistd.h include
28219 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
28222 added sys/time.h for AIX
28225 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
28228 added check for -lsocket and sys/sockio.h
28232 took out libshadow check and added in sys/sockio.h check
28236 now include sockio.h instead of ioctl.h if it exists "sudo -" now
28237 gets a better error message
28241 now has a dir and subnet entry
28244 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
28255 added network and ip addresses to man page
28259 no error if can't get interfaces or netmask since networking may not
28264 nwo check for interfaces == NULL
28268 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
28269 the last entry in the spec failed (ie: it was only looking at the
28270 last entry). CLeaned things up by adding the cmndcmp() function--all
28278 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
28281 now do two passes to skip bogus interfaces (lo0, etc)
28284 * parse.lex, parse.yacc, visudo.c:
28285 added include of netinet/in.h
28288 * logging.c, sudo_realpath.c, sudo_setenv.c:
28289 added ninclude of netinet/in.h
28292 * check.c, find_path.c, getcwd.c, getwd.c:
28293 added include of netinet/in.h
28301 added interfaces global
28305 now uses new interfaces global
28309 now ip addresses are gleaned fw/o dns
28312 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
28315 added load_ip_addrs() to load the ip_addrs global var
28319 added hostcmp() to compare hostnames, ip addrs, and network addrs
28323 added ip_addrs def added load_ip_addrs prototype
28326 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
28333 removed multiple entries in DISTFILES
28337 ansified the !STDC_HEADERS decls
28340 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
28341 don't do malloc decl if gnuc
28345 can't use getopt(3) since it munges args to the command to be run as
28346 root don't do malloc decl if gnuc
28349 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
28350 sudo_realpath.c, sudo_setenv.c:
28351 ansi-fied !STDC_HEADER function prottypes
28354 * getcwd.c, getwd.c:
28355 added missing paren
28359 added putenv.c to DISTFILES
28363 added params to func decls when STDC_HEADERS is not defined now can
28364 count on putenv() being there
28368 took out errno decl since sudo.h does it for us fixed up a next cc
28369 warning added params to func decls when STDC_HEADERS is not defined
28373 took out environ extern added local declaratio of putenv() if local
28377 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
28378 added params to func decls when STDC_HEADERS is not defined
28382 added memcpy check check to see that ansi vs bsd macros are ntot
28383 already defiend before defining (ie: avoid redefinition)
28387 removed fluff setenv check plus check w/ replace for putenv if also
28395 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
28402 rm'd s realp[ath added sudo_realpath and sudo_setenv
28406 now use sudo_setenvc
28410 added puteenv and setenv, removed realpath
28414 added putenv & setenv
28425 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
28428 added MAN_POSTINSTALL and /usr/share/catman for irix
28432 added MAN_POSTINSTALL
28440 added SUDO_* plus new options
28448 took out shadow lib
28456 now use yyrestart() if flex now reset yylineno to 0
28460 support for installing a cat page instead of a man page if no nroff
28464 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
28465 to determine whether or not to install a cat or man page
28473 not set ret to MODE_RUN initially
28477 made command (and therefor cmnd dynamically allocated)
28489 changed bufs from MAXPATHLEN to MAXPATHLEN+1
28493 added MODE_ removed validate_only and added remove_timestamp()
28497 usage() now takes an int (exit value) added parse_args() to parse
28498 command line arguments moved call to find_path() from load_globals
28499 to new function load_cmnd() removed validate_only global -- now use
28500 the concept of "modes" added -h and -k options
28504 no longer use global validate_only now checks for command called
28505 "validate" removed check for non-fully qualified commands since that
28506 is done by find_path
28510 changed MAXPATHLEN r to MAXPATHLEN+1
28514 fixed off by one error with MAXPATHLEN and fixed a comment
28518 check_timestamp no longer runs reminder(), it is implied in the
28519 return val added remove_timestamp()
28526 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
28540 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
28543 moved send_mail to after syslog
28547 now set SUDO_ envariables
28550 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
28557 now print error if chdir fails
28564 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
28571 no more static binaries for aix
28574 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
28581 took out stuff not needed for sudo now does be_root/be_user itself
28582 now uses cwd global
28589 * logging.c, sudo.c:
28590 be_root/be_user is now down in sudo_realpath()
28593 * logging.c, sudo.h:
28594 now works with 4.2BSD syslog (blech)
28598 now use sudo_realpath()
28602 took out realpth() stuff since we now use sudo_realpath()
28606 ultrix enhanced sec
28610 added ultrix enhanced sec.
28618 ultrix enhanced security suport
28622 added sudo_realpath.c
28630 increased passwd len to 24 for c2 security
28637 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
28640 now use user global var
28647 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
28654 user is now a char * added epasswd
28658 added tzset() to load_globals added epasswd (encrypted password)
28659 global made user dynamically allocated
28671 cleaned up encrypted passwd grab somewhat
28687 can now log to both syslog & a file
28711 removed AFS stuff :-)
28715 include sys/select for AIX
28726 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
28728 * CHANGES, SUPPORTED:
28733 can now have MAILER undefined
28737 new sub-note about MAILER
28741 added blurb about password timeout
28749 took out duplicate define of _CONVEX_SOURCE
28761 added a goto if fgets fails
28765 use __hpux not hpux convex c2 stuff
28769 use __hpux not hpux
28777 define ansi-ish cpp os defines if non-ansi are defined for hpux &
28782 updated to say we support sonvex C2
28786 added convex c2 support
28789 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
28792 no more ioctl never returns NULL uses fgets() and select() to
28796 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
28799 things were testing -n "$GCC" instead of -z "$GCC"
28803 now works + uses fgets()
28806 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
28809 select doesn't seem to recognize a single '\n' as input waiting so
28810 we can;t use it, sigh.
28813 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
28816 updated tgetpass() blurb
28820 added --with-getpass
28824 added tgetpass stuff
28835 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
28842 added USE_GETPASS && HAVE_C2_SECURITY
28846 fixed a test aded --with-C2 and --with-tgetpass
28854 took out tgetpass.*
28861 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
28864 no termio(s) for ultrix since it is broken
28868 added a space (yeah, anal)
28871 * realpath.c, sudo_realpath.c:
28872 fixed it (duh, rtfm)
28875 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
28878 took out bsd signal stuff for irix
28886 don't define BSD signals for irix
28897 * realpath.c, sudo_realpath.c:
28898 took out unneeded code by changing where a strings was terminated
28901 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
28903 * realpath.c, sudo_realpath.c:
28904 fix bug where /dirname would return NULL
28908 move __P to config.h
28911 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
28912 added errno definition
28927 * realpath.c, sudo_realpath.c:
28928 now works if no fchdir
28932 define SA_RESETHAND to null if not defined
28936 added check & replace
28940 took out -static for nextstep -- it doesn't work
28943 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
28946 moved #endif to where it belongs
28954 now checks for strdup realpath getcwd bzero
28962 added posic signals
28970 added posix signals
28974 removed BROKEN_GETPASS added new srcs toreplace missing functions
28978 added posix signal stuff
28990 now uses posix signals
28994 updated sto reflect major changes
29002 uses sysconf() if available
29006 added PASSWORD_TIMEOUT + prototypes for new functions
29009 * realpath.c, sudo_realpath.c:
29010 for those w/o this in libc
29013 * getcwd.c, getwd.c:
29018 rewrote to use realpath(3) - nis now all my code
29022 added HAVE_REALPATH
29030 added LIBOBJS use tgetpass.c
29033 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
29047 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
29058 added check for getwd
29062 replace strdup & realpath & getcwd if missing
29070 added SUDO_PROG_PWD
29077 * realpath.c, sudo_realpath.c:
29081 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
29084 quoted quare brackets
29087 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
29090 no need to strdup() a constant
29105 * parse.c, sudo.c, sudo.h:
29106 added validate_only stuff
29109 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
29116 $OSREV is now an int
29119 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
29122 added mtxinu to caser
29130 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
29134 changed mail_argv[] def now use EXEC() macro
29138 took out crypt() definition
29146 always look for -lnsl
29154 SHORT_MESSAGE is now the default
29162 added missing AC_DEFINE(SVR4) for solaris
29166 documented the -v flag
29178 added LIBSHADOW undef
29182 nwo set OS to be lowercase
29185 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
29188 now use SUDO_OSTYPE to set $OS
29192 now use uname to determine os
29196 added prototypes & moved sig handler around
29203 * check.c, logging.c, sudo.c:
29212 nwo use _BSD_SIGNALS not _BSD_COMPAT
29223 * parse.lex, parse.yacc:
29224 moved config.h to top of includes
29227 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
29230 now don't bitch if get EACCESS (treat like EPERM)
29234 added -v flag and usage()
29242 cast Argv to a const for exec added -v flag
29246 mail_argv is now a const
29250 only set RETSIGTYPE if it is not set already
29254 now defines & STDC_HEADERS for Irix
29261 * insults.h, sudo.h:
29262 prevent multiple inclusion
29269 * parse.lex, parse.yacc:
29270 now includes config.h
29274 now talks about sunos 4.x
29278 calls to Exit now pass an arg
29281 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
29284 signal handler now takes an int argument
29292 ok, the getcwd() is now *really* done as the user
29296 changed AIX STATIC_FLAGS
29300 solaris now defines SVR4
29304 added cwd and fixed stupid core dump that makes no sense. sigh.
29308 moved getcwd stuff into load_globals
29312 took out externs that are in suod.h
29316 moved cwd into load_globals
29324 fixed make distclean & realclean
29332 added solaris changes
29336 added solaris changes, need to rework
29340 cleaned up for solaris
29344 reinstall reapchild signal handler for non-bsd signals
29348 took out getdtablesize() emulation for HP-UX (no longer needed)
29352 support for HAVE_SYSCONF
29356 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
29364 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
29367 now tells you what os you are running /.
29374 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
29389 uid seinitialized to -2
29392 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
29395 now removes LIBPATH for AIX
29398 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
29401 now uses ufc if it finds it
29404 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
29407 no longer define yyval & yylval since yacc does it
29411 now defines yylval as extenr
29415 BROKEN_GETPASS is now an OPTION
29419 took out BROKEN_GETPASS
29423 took out big comment
29431 took out README.beta
29439 now reference SUPPORTED .,
29443 now check for convex OR __convex__
29447 now check for convex or __convex__
29459 now use _S_* stat stuff to be ansi-like
29463 updated for configure directions
29467 distclean now removes config.h and pathnames.h
29486 * config.h.in, pathnames.h.in:
29487 added copyright header
29490 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
29491 parse.yacc, sudo.c, sudo.h:
29496 udpated to use configure + pathnames.h
29503 * Makefile.in, config.h.in, configure.in:
29508 now works with configure
29511 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
29512 updated to work with configure + pathnames.h
29519 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
29522 updated gnu general licence to versio 2
29525 * config.h.in, pathnames.h.in:
29530 changed to work with configure
29533 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
29535 * Makefile.in, aclocal.m4, configure.in:
29540 now uses defines used by configure
29543 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
29546 sudo won't bitch about EPERM now, for real
29549 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
29552 renamed exec_argv to eliminate a libc name clash with ksros
29559 * logging.c, sudo.c, sudo.h:
29576 added UMASK and mode_t declaration
29584 now opens log file with mode 077
29588 saved current umask ans restores it
29592 added MAXLOGFILELEN
29596 split long log lines. FOr syslog, split into multiple entries, for
29597 a log file, indent the extra for readability
29600 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
29607 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
29610 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
29613 added input from Brett M Hogden <hogden@rge.com>
29616 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
29619 added rmenv() to remove stuff from environ. can now uses execvp()
29620 OR execve() becuase of this.
29624 now uses execvp() OR execve()
29640 moved some func decls out of sudo.h and into sudo.c as statics /.
29651 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
29657 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
29672 added sample.sudoers note
29679 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
29686 took out SAVED_UID garbage
29687 [b7c2d3469661] [SUDO_1_3_0]
29706 more verbose error if mailer not found
29710 now do getpwent as root for soem shadow password systems (bsdi)
29713 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
29716 took out SAVED_UID garbade
29720 took out SAVED_UID garbage since it don't work
29723 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
29730 added a missing space :-)
29734 took out multimax cruft
29746 fixed a typo + indentation
29749 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
29752 took outumoved some defines to the config file ,. ,.
29764 added HAS_SAVED_UID
29771 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
29777 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
29783 * check.c, logging.c, parse.c, sudo.c, sudo.h:
29784 now is only root when abs necesary
29791 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
29806 now removed _RLD_* for alphas
29810 updated for new config scheme
29814 more verbose eror messages
29817 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
29824 define __svr4__ for SOLARIS
29828 added svr4 junk for shadow pws for solaris 2.x
29832 took out setuid(0) and setreuid(udi) garbage. Its not needed since
29833 we start out setuid with the correct perms.
29836 * check.c, sudo.c, sudo.h:
29840 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
29843 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
29848 now uses ENV_EDITOR if you want to use the EDITOR envar
29852 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
29855 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
29858 rewrote most of this
29862 minor update + spell fix
29866 added all options that are in the Makefile
29870 now use USE_TERMIO #define for sgi & hpux
29877 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
29879 * check.c, find_path.c:
29880 always include strings.h
29888 sgi has vi in /usr/bin too
29895 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
29898 sue /usr/bin/vi on some systems
29902 fixed warning (include strings.h)
29906 added John_Rouillard@dl5000.bc.edu's changes (new features)
29910 changes from John_Rouillard@dl5000.bc.edu
29917 * check.c, find_path.c, parse.c, sudo.c:
29918 added patches from John_Rouillard directory spec
29922 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
29925 added flush for hpux
29928 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
29931 no longer assume malloc returns a char *
29935 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
29936 gets removed correctly
29940 added STD_HEADERS macro
29944 now uses STD_HEADERS macor for ansi
29948 now uses STD_HEADERS macro
29952 niceties for C compiler bitches -- no real change
29955 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
29958 now doesn't fclose a file never opened.
29961 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
29968 added error stuff added me in there...
29976 added blurb about reading stuff
29984 corrected somments and removed newlines
29996 added dec syslog note
30000 added real stuff in there
30011 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
30018 updated with changes
30029 * CHANGES, COPYING, INSTALL, README, TODO:
30034 updated version number and took out jeff's old addr since it is no
30038 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
30040 updated version number and took out jeff's email (since it is
30044 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
30050 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
30053 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
30056 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
30063 now sudo.h gets included first
30066 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
30077 hpux 9 fix, removes SHLIB_PATH linux patch
30084 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
30087 stat now ignores EINVAL
30090 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
30092 * find_path.c, sudo.c:
30093 now declare strdup as extern
30096 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
30099 reformatted with indent + by hand
30102 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
30103 used indent to "fix" coding style
30107 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
30108 move the code that does this into the loop body. makes it messier
30112 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
30115 redid the fix for non-executable files in an easier to read way plus
30116 some minor aethetic changes
30120 fixed bug with non-executable tings of same name in path introduced
30121 by checkig errno after stat(2).
30124 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
30127 fixed off by one error
30131 now handles decending below '/' correctly
30135 now actually builds Envp instead of munging envp
30138 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
30141 now includes sys/param.h
30145 now includes sys/param.h
30149 fixed ifndef -> ifdef
30153 make more like find_path.c
30157 rewritten by millert
30161 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
30162 about new defines in the comment
30170 added delc for clean_envp() and Envp
30174 now rips LD_* env vars out of envp and passed sanitized Envp to exec
30182 ENOTDIR is ok now too (in case part of the path is bogus)
30186 now works correctly (ttaltotal rewrite)
30190 now includes sys/param.h didn't match trailing / -- fix from
30194 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
30197 moved around the #ifndef _AIX
30200 * check.c, logging.c, parse.c:
30204 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
30210 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
30213 now works if you do sudo bin/test
30220 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
30230 * parse.lex, parse.yacc:
30234 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
30241 now spews error if exec fails and exits with -1
30249 now only execs files with (an) executable bit set.
30256 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>