1 2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
8 Build PIE executable on Mac OS X 10.5 and above.
11 2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
14 Update for sudo 1.8.4p5
17 * plugins/sudoers/match_addr.c:
18 Add missing break between AF_INET and AF_INET6 in
19 addr_matches_if_netmask()
22 * plugins/sudoers/mon_systrace.c:
23 Move systrace monitor code to the attic
26 2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
29 The pointer to the siginfo_t struct in a signal handler may be NULL.
32 2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
34 * plugins/sudoers/pwutil.c:
35 Fix an alignment problem on NetBSD systems with a 64-bit time_t and
36 strict alignment. Based on a patch from Martin Husemann.
40 Add offsetof macro for those without it.
44 add system_group plugin
47 2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
50 Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
53 2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
56 Mention system_group plugin
59 * Makefile.in, plugins/sudoers/Makefile.in,
60 plugins/system_group/Makefile.in:
64 * plugins/system_group/system_group.c:
65 Only call gr_delref() when use sudo's password caching functions.
68 * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
69 Add missing dependency on libreplace.la
73 Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
77 * Makefile.in, configure, configure.in,
78 plugins/system_group/Makefile.in,
79 plugins/system_group/system_group.c,
80 plugins/system_group/system_group.sym:
81 Add group plugin that does lookups by name using the system group
85 * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
87 sync with translationproject.org
90 2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
92 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
93 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
94 plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
95 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
96 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
97 src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
98 src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
99 src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
100 src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
101 src/po/zh_CN.mo, src/po/zh_CN.po:
102 sync with translationproject.org
105 2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
108 Add mode for docdir and use '-' (default) for localedir mode. Fixes
109 a problem on Linux when building in a directory with the setgid bit
113 2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
119 2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
122 Update with recent changes
126 Fix version check on AIX
129 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
133 * plugins/sudoers/ldap.c:
134 Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
138 * plugins/sudoers/ldap.c:
139 Fix printing of invalid uri
142 * plugins/sudoers/auth/pam.c:
143 Pass PAM_SILENT when deleting creds to remove an annoying warning
147 2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
150 Fix the setutxent and endutxent compatibility defines (this time
151 correctly) when only setutent and endutent are available.
154 * plugins/sudoers/ldap.c:
155 sudo_ldap_set_options_global() should not take an LDAP handle as an
156 argument since the options affect the global settings.
160 Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
163 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
164 plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
166 Call the policy's init_session() function before we fork the child.
167 That way, the session is created and destroyed in the same process,
168 which is needed by some modules, such as pam_mount.
171 * doc/TROUBLESHOOTING:
172 Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
176 * plugins/sudoers/auth/pam.c:
177 Delete creds after closing the PAM session.
180 * plugins/sudoers/ldap.c:
181 Provide a more useful error message if using a Mozilla-style LDAP
182 SDK and you forgot to specify TLS_CERT in ldap.conf.
186 Add missing initialization of a sigaction structure when I/O
187 logging. Fixes a potential problem when suspending the command.
190 * plugins/sudoers/ldap.c:
191 Split global and per-connection LDAP options into separate arrays.
192 Set global LDAP options before calling ldap_initialize() or
193 ldap_init(). After we have an LDAP handle, set the per-connection
194 options. Fixes a problem with OpenLDAP using the nss crypto backend;
198 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
199 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
200 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
201 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
202 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
203 src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
204 src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
205 sync with translationproject.org
208 2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
210 * src/sudo.c, src/sudo.h:
211 Move struct passwd pointer into struct command details.
214 2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
217 Sync with upstream for Mac OS X (and other) fixes.
221 Only built Mac intel universal binary on an intel machine.
225 Do not pass libtool the -static-libtool-libs option when building
226 sudo and sesh. Otherwise, libtool may prefer a static version of an
227 installed library over a dynamic one when linking.
230 2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
232 * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
233 plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
234 Add German translation for sudo Add Croatian translation for sudoers
237 * plugins/sudoers/iolog.c:
241 2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
244 Update with recent changes
247 * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
248 Sort xgettext output by file name.
251 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
252 Clarify what "sudoreplay -l" displays and mention that it is sorted.
255 * config.h.in, configure, configure.in, src/ttyname.c:
256 Use AC_HEADER_MAJOR to determine where major/minor are defined.
259 * config.h.in, configure, configure.in, src/ttyname.c:
260 Include sys/mkdev.h if present instead of sys/sysmacros.h for
261 minor(). This is needed on Solaris (at least) where the makedev
262 macros in sysmacros.h are obsolete and library functions should be
267 When building on Mac OS X, only set SDK_FLAGS if specified osversion
271 2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
274 Add back buf and tty variables for _ttyname() case that were
275 inadvertantly removed.
278 2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
280 * plugins/sudoers/po/sudoers.pot:
284 * configure, configure.in:
285 Remove b8 from version number.
293 When looking for a device match, do a breadth-first search instead
294 of depth-first. We already special case /dev/pts/ so chances are
295 good that if it is not a pseudo-tty it is in the base of /dev/. Also
296 avoid a stat(2) when possible if struct dirent has d_type.
299 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
300 src/sudo.c, src/sudo.h:
301 Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
304 * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
305 src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
307 sync with translationproject.org
310 * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
311 src/po/hr.mo, src/po/hr.po:
312 New Croatian and Galician translations from translationproject.org
316 Add depth-first traversal of /dev/ for the /proc case when not
320 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
321 If struct dirent has d_type, use it to avoid an extra stat().
324 * plugins/sudoers/sudoreplay.c:
325 Sort output of "sudoreplay -l"
328 2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
330 * plugins/sudoers/sudoreplay.c:
331 Fix duplicate free introduced in last rev
334 2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
336 * plugins/sudoers/auth/pam.c:
337 Instead of treating ^C from tgetpass() specially, always return
338 AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
339 like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
342 * config.h.in, configure, configure.in, src/ttyname.c:
343 Rototill code to determine the tty. For Linux, we now look up the
344 tty device in /proc/pid/stat instead of trying to open
345 /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
346 device number to a string. On BSD, we can use devname(). On
347 Solaris, _ttyname_dev() does what we want. TODO: write /dev/
348 traversal code for the generic sudo_ttyname_dev().
351 2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
354 Define PRNODEV for those w/o it.
357 * config.h.in, configure, configure.in, src/ttyname.c:
358 Check for SVR4-style struct psinfo.pr_ttydev and use that to
359 determine the tty if std{in,out,err} are not ttys.
363 Better support for SVR4-style /proc entries where we can't use
364 ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
365 attempt to map the device number back to the correct pseudo-tty
370 When trying to determine the tty name, check parent's stderr in
371 addition to its stdin and stdout.
375 Treat a tty read failure like EOF as it usually means the pty has
376 gone away. Handle write() on the tty returning EIO.
379 * src/exec.c, src/exec_pty.c:
380 Linux select() may return ENOMEM if there is a kernel resource
381 shortage. Older Solaris select() may return EIO instead of EBADF
382 when the tty goes away. If we get an unhandled select() failure,
383 kill the child and exit cleanly.
387 Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
391 2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
393 * plugins/sudoers/set_perms.c:
394 Fix restoration of AIX permissions.
398 Allow the -k flag to be used along with the -i and -s flags.
401 * plugins/sudoers/sudoreplay.c:
402 Plug memory leak in parse_logfile() in the error path.
405 * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
406 src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
407 src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
408 src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
409 src/po/zh_CN.mo, src/po/zh_CN.po:
410 sync with translationproject.org
413 2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
415 * compat/regress/glob/globtest.c, config.h.in, configure,
416 configure.in, plugins/sudoers/match.c:
417 Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
418 glob() and fnmatch() results to be consistent.
421 2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
423 * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
425 Move ttysize.c to common so sudoreplay can use it.
428 * plugins/sudoers/sudoreplay.c:
429 If I/O log file includes rows + cols, warn if the user's tty is not
433 * plugins/sudoers/sudoreplay.c:
434 Fix printing of TSID in "sudoreplay -l"
437 * common/sudo_debug.c, include/sudo_debug.h,
438 plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
440 Log the process id in the debug file output. Since we don't want to
441 keep calling getpid(), stash the value at init time and when we
446 Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
447 is better to receive EIO from read()/write() than to be suspended
448 when we don't expect it. Fixes a problem when our terminal is
449 revoked which can happen when, e.g. our sshd is killed
450 unceremoniously. Also, only change the value of "alive" from true to
451 false, never from false to true. It is possible for us to receive
452 notification of the child having stopped after it is already dead.
453 This does not mean it has risen from the grave.
457 Distinguish between signals we received from the parent vs. those
458 delivered explicitly to the monitor process in debugging info.
461 2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
463 * plugins/sudoers/check.c:
464 In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
465 Update tty_is_devpts() to match so we can determine when the tty has
469 * common/sudo_debug.c, include/error.h, include/sudo_debug.h:
470 Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
471 and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
472 This allows consumers of sudo_debug_printf() to log that data
473 without having to specify it manually.
477 Make this compile after last change.
481 Don't try to restore the terminal if we are not the foreground
482 process. Otherwise, we may be stopped by SIGTTOU when we try to
483 update the terminal settings when cleaning up.
487 If select() return EBADF in the main event loop, one of the ttys
488 must have gone away so perform any I/O we can and close the bad fds.
491 * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
492 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
493 plugins/sudoers/toke.l:
494 Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
495 function, file and line number in the debug log for warning() and
499 2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
501 * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
503 Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
504 Use this flag when wrapping error() and warning() so the debug
505 output includes the error string.
508 2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
511 Update for sudo 1.8.5
514 * plugins/sudoers/po/sudoers.pot:
522 * plugins/sudoers/pwutil.c:
527 Don't need zero_bytes() after ecalloc()
530 * config.h.in, configure, configure.in, src/sudo_noexec.c:
531 Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
536 Fix compat setutxent and endutxent macros for systems with
537 setutent() but not setutxent(). From Gustavo Zacarias
540 2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
543 Add ignore_result definition to AH_BOTTOM
546 * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
547 plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
548 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
549 src/exec.c, src/exec_pty.c, src/tgetpass.c:
550 Fix compiler warnings on some platforms and provide a better method
551 of defeating gcc's warn_unused_result attribute.
554 * configure, configure.in:
555 Fix building the builtin zlib from a build dir. When a zlib dir was
556 specified, prepend its include path instead of appending so we get
557 the right zlib headers.
560 * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
561 zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
562 zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
563 zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
564 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
565 Update zlib to version 1.2.6
568 2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
571 g/c __unused which is no longer used
575 Fix compilation if RTLD_NEXT is not defined.
578 * src/po/sr.mo, src/po/sr.po:
579 sync with translationproject.org
582 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
587 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
592 Ignore Project-Id-Version when comparing pot files.
595 * plugins/sudoers/bsm_audit.c:
596 Use error() instead of log_fatal()
599 * plugins/sudoers/env.c:
600 Fix signedness of didvar in env_update_didvar()
603 * plugins/sudoers/iolog.c:
604 Quiet a compiler warning on some platforms.
608 cast ctype(3) function/macro arguments from char to unsigned char to
609 avoid potential negative subscripting.
612 * common/setgroups.c:
613 Quiet a warning on systems where the gids array in setgroups() is
614 not prototyped as being const, even though it really is.
618 Quiet a compiler warning on systems where the argument to putenv(3)
622 * plugins/sudoers/sudoreplay.c:
623 Undo an incorrect int -> bool conversion.
626 * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
627 src/po/sv.mo, src/po/sv.po:
628 Add Swedish sudo and sudoers translations from
629 translationproject.org
632 * plugins/sudoers/env.c:
633 No need to preserve ODMDIR on AIX now that we always read
637 2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
639 * doc/sudoers.pod, plugins/sudoers/env.c:
640 When initializing the environment for env_reset, start out with the
641 contents of /etc/environment on AIX and login.conf on BSD.
644 * doc/TROUBLESHOOTING, src/sudo.c:
645 If we are not running with an effective uid of 0, try to give the
646 user enough information to debug the problem.
649 * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
650 Quiet a clang-analyzer false positive.
654 If there is nothing to read from the askpass program, set errno to
655 EINTR. This makes the cancel button behave like the user entered ^C
656 at the password prompt when PAM is used.
659 * src/sudo.h, src/tgetpass.c:
660 Fetch the value of "askpass" from the sudo conf struct.
663 * common/sudo_conf.c:
664 Fix matching of "Path askpass" and "Path noexec"
667 2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
669 * plugins/sudoers/visudo.c:
670 Quiet a clang-analyzer dead store warning.
673 * plugins/sudoers/sudoers.c:
674 If the "timestampowner" user cannot be resolved, use ROOT_UID
675 instead of exiting with a fatal error.
678 * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
679 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
680 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
681 plugins/sudoers/check.c, plugins/sudoers/env.c,
682 plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
683 plugins/sudoers/logging.h, plugins/sudoers/parse.c,
684 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
685 Remove the NO_EXIT flag to log_error() and add a log_fatal()
686 function that exits and is marked no_return. Fixes false positives
687 from static analyzers and is easier for humans to read too.
690 2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
692 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
694 sync with translationproject.org
697 2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
699 * src/po/da.mo, src/po/da.po:
700 sync with translationproject.org
703 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
704 sync with translationproject.org
707 2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
709 * src/po/it.mo, src/po/it.po:
710 sync with translationproject.org
713 * common/sudo_conf.c, plugins/sudoers/alias.c,
714 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
715 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
716 plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
717 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
718 plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
720 Use ecalloc() when allocating structs.
723 * common/alloc.c, include/alloc.h:
724 Add ecalloc() and commented out recalloc(). Use inline strnlen()
725 instead of strlen() in estrndup().
728 2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
730 * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
731 plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
732 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
733 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
734 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
735 src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
736 src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
737 src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
738 src/po/zh_CN.mo, src/po/zh_CN.po:
739 sync with translationproject.org
742 2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
744 * plugins/sudoers/set_perms.c:
748 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
749 Document what changed in each plugin API revision
752 * plugins/sudoers/set_perms.c:
753 Remove bogus optimization that could lead to a double free of the
757 2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
759 * doc/TROUBLESHOOTING:
760 Expand AIX /etc/security/privcmds entry.
764 Update for sudo 1.8.5
767 * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
768 doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
769 doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
770 doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
771 include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
772 src/sudo_plugin_int.h:
773 Rename plugin "args" to "options"
777 Add Lithuanian and Vietnamese translators
781 Ignore comments when comparing new and old pot files.
788 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
792 * doc/sudo_plugin.pod, include/sudo_plugin.h,
793 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
794 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
795 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
796 src/sudo.c, src/sudo.h:
797 Pass a pointer to user_env in to the init_session policy plugin
798 function so session setup can modify the user environment as needed.
799 For PAM authentication, merge the PAM environment with the user
800 environment at init_session time. We no longer need to swap in the
801 user_env for environ during session init, nor do we need to disable
802 the env hooks at init_session time.
805 * plugins/sample/sample_plugin.c:
806 Add explicit NULL entries for init_session, register_hooks and
807 deregister_hooks with appropriate comments.
811 Quiet a gcc "used uninitialized in this function" false positive.
814 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
815 We should always call warning() with a format string or a string
816 literal. In this case, the argument (path) is not user-controlled.
819 2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
822 Include sudo_exec.h for the sudo_execve() prototype.
825 * config.h.in, configure, configure.in:
826 Add check for pam_getenvlist()
829 * common/sudo_conf.c:
830 Set args to NULL in default plugin info struct when there is no
831 Plugin line in sudo.conf.
834 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
838 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
839 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
840 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
841 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
845 * configure, configure.in:
846 Bump version to 1.8.5
849 * doc/sudo_plugin.pod:
853 2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
856 Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
859 * include/sudo_plugin.h:
860 Use sudo_hook_fn_t in struct sudo_hook.
863 * doc/TROUBLESHOOTING:
864 If cross compiling, --host must include the OS in the tuple. E.g.
865 --host powerpc-unknown-linux
868 2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
870 * plugins/sudoers/parse.c:
871 Fix bogus int -> bool conversion; tags can have a value of -1.
874 * plugins/sudoers/env.c:
875 Add env_should_keep() and env_should_delete() wrapper functions to
876 simplify things a bit and hide the fact that matches_env_check() is
881 Fix application of debian-specific sudoers mods when building
882 packages as non-root.
885 * plugins/sudoers/env.c:
886 matches_env_check() returns int, not boolean
890 Fix compilation when seteuid() is not available.
894 Simply move the free of ki_proc outside the realloc() loop.
898 Bring back the erealloc() for the ENOMEM loop and just zero the
899 pointer after we free it.
903 Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
906 2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
908 * plugins/sudoers/set_perms.c:
909 Use normal error path if unable to set sudoers gid.
912 * plugins/sudoers/set_perms.c:
913 Make this work again on systems w/o seteuid().
916 2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
918 * plugins/sudoers/set_perms.c:
919 Fix compilation if no seteuid/setreuid/setresuid available.
922 * plugins/sudoers/set_perms.c:
923 Better error messages, and added debugging throughout. Fixed
924 seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
925 AIX version of restore_perms(). Added checks to avoid changing
926 uid/gid when we don't have to. Never set gid/uid state to -1, use
927 the old value instead.
930 * src/exec_pty.c, src/ttyname.c:
931 Fix format string warning on Solaris with gcc 3.4.3.
935 Always declare environ now that we swap it around unilaterally.
939 Honor LDFLAGS when linking sesh; from Vita Cizek
943 Include alloc.h for estrdup() prototype; from Vita Cizek
946 2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
948 * plugins/sudoers/sudoers.c:
949 Don't read /etc/environment on Linux when using PAM, PAM should set
950 the environment variables as needed via pam_env.
957 * src/hooks.c, src/sudo.c, src/sudo.h:
958 Disable environment hooks after we get user_env back to make sure a
959 plugin can't to modify user_env after we "own" it. This is kind of
960 a hack but we don't want the init_session plugin function to modify
964 * src/hooks.c, src/sudo.c:
965 Add support for deregistering hooks. If an I/O log plugin fails to
966 initialize, deregister its hooks (if any).
969 2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
971 * plugins/sudoers/sudoers.c, src/sudo.c:
972 Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
976 * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
977 compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
978 configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
979 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
980 plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
981 plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
982 src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
983 src/sudo_plugin_int.h:
984 Initial cut at a hooks implementation. The plugin can register
985 hooks for getenv, putenv, setenv and unsetenv. This makes it
986 possible for the plugin to trap changes to the environment made by
987 authentication methods such as PAM or BSD auth so that such changes
988 are reflected in the environment passed back to sudo for execve().
991 2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
993 * MANIFEST, src/po/vi.mo, src/po/vi.po:
994 Add Vietnamese sudo translation from translationproject.org
997 2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
999 * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
1001 List sudo_noexec.so not noexec.so in the sample sudo.conf
1004 * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
1005 doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
1006 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
1007 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
1008 plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
1009 src/sudo_plugin_int.h:
1010 Add support for plugin args at the end of a Plugin line in
1011 sudo.conf. Bump the minor number accordingly and update the
1012 documentation. A plugin must check the sudo front end's version
1013 before using the plugin_args parameter since it is only supported
1014 for API version 1.2 and higher.
1017 2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
1019 * plugins/sudoers/Makefile.in:
1024 secure_path.c is in common, not compat
1027 * configure, configure.in:
1028 Add check for variadic macro support in cpp.
1031 2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
1033 * common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
1034 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1035 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
1036 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
1037 Add type param to sudo_secure_path() and add sudo_secure_file() and
1038 sudo_secure_dir() wrappers which get by #includedir in sudoers.
1041 2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
1043 * doc/visudo.pod, plugins/sudoers/visudo.c:
1044 Check the owner and mode in -c (check) mode unless the -f option is
1045 specified. Previously, the owner and mode were checked on the main
1046 sudoers file when the -s (strict) option was given, but this was not
1050 * config.h.in, configure, configure.in, src/ttyname.c:
1051 Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some
1052 versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
1055 2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
1058 Add Eric Lakin for patch in bug #538
1062 Fix typo in safe_close() made while converting to debug framework
1063 that prevented it from actually closing anything.
1067 Add some more debugging.
1070 * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
1071 include/Makefile.in:
1072 We need sysconfdir in compat/Makfile to get the proper sudo.conf
1073 path. Add standard prefix and foodir expansion in all Makefiles to
1074 avoid this problem in the future.
1077 2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1079 * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
1080 New Lithuanian sudoers translation from translationproject.org
1083 * plugins/sudoers/po/ja.po:
1084 Update from translationproject.org
1087 2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
1089 * plugins/sudoers/ldap.c:
1090 When adding gids to the LDAP filter, only add the primary gid once.
1091 This is consistent with the space computation/allocation. From Eric
1095 * doc/TROUBLESHOOTING:
1096 Add entry for AIX enhanced RBAC config.
1100 Target Mac OS X 10.5 when building packages.
1103 2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
1105 * MANIFEST, common/Makefile.in, common/secure_path.c,
1106 common/sudo_conf.c, include/secure_path.h,
1107 plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
1108 Relax the user/group/mode checks on sudoers files. As long as the
1109 file is owned by the right user, not world-writable and not writable
1110 by a group other than the one specified at configure time (gid 0 by
1111 default), the file is considered OK. Note that visudo will still
1112 set the mode to the value specified at configure time.
1115 2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
1117 * plugins/sudoers/set_perms.c:
1118 Add AIX-specific version of permission setting code to make sure
1119 that the saved uid gets restored properly.
1122 * config.h.in, configure, configure.in, src/exec_common.c:
1123 Check for LD_PRELOAD variants in configure instead of checkign cpp
1124 symbols. In disable_execute(), compute the length of the new envp
1125 and allocate it once instead of reallocating on demand. Also append
1126 old value of LD_PRELOAD (if any) to the new value.
1129 * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
1130 Fix the description of noexec.
1133 * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
1134 The "op" parameter to set_default() must be int, not bool since it
1135 is set to '+' or '-' for list add and subtract.
1139 Make sure sudoers is writable before calling ed script.
1142 2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
1144 * doc/CONTRIBUTORS, doc/contributors.pod:
1145 Update contributors. Now includes translators and authors of compat
1149 2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
1156 Build flat packages, not package bundles, on Mac OS X.
1159 2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
1162 Move macos section to be with the other OS-specific sections.
1165 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
1166 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
1167 Sync with translationproject.org
1170 * configure, configure.in:
1171 Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
1175 Add Mac OS X support, printing the latest chunk of the NEWS file and
1176 the license text in the installer.
1180 Add explicit file modes that match those used by "make install"
1184 Sync with upstream for Mac OS X fixes.
1187 * plugins/sudoers/Makefile.in, src/Makefile.in:
1188 Got back to using "install-sh -M" for files installed as non-
1189 readable by owner. This fixes "make install" as non-root for
1193 2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
1195 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
1196 plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
1197 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
1198 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
1199 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
1200 Sync with translationproject.org
1203 * Makefile.in, doc/Makefile.in, include/Makefile.in,
1204 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
1205 plugins/sudoers/Makefile.in, src/Makefile.in:
1206 Use -m not -M for install-sh for everything except setuid. Install
1207 locale .mo files mode 0444, not 0644. If timedir parent doesn't
1208 exist, use default dir mode, not 0700.
1211 2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
1214 Re-sync with upstream; no longer need a local patch.
1218 Add support for building Mac OS X packages.
1226 No longer need to define _PATH_SUDO_CONF here.
1229 * src/exec_common.c:
1230 Fix noexec for Mac OS X.
1233 2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
1235 * common/Makefile.in:
1236 Move _PATH_SUDO_CONF override to common to match sudo_debug.c
1239 * plugins/sudoers/set_perms.c:
1240 More complete fix for LDR_PRELOAD on AIX. The addition of
1241 set_perm(PERM_ROOT) before calling the nss open functions (needed to
1242 avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
1243 and then real uid to 0 for PERM_ROOT works around the issue.
1246 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1251 Set real uid to root before calling sudo_edit() or run_command() so
1252 that the monitor process is owned by root and not by the user.
1253 Otherwise, on AIX at least, the monitor process shows up in ps as
1254 belonging to the user (and can be killed by the user).
1257 * plugins/sudoers/set_perms.c:
1258 For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
1259 the call to setuid(0) if the current euid is non-zero. This
1260 effectively restores the state of things prior to rev 7bfeb629fccb.
1261 Fixes a problem on AIX where LDR_PRELOAD was not being honored for
1262 the command being executed.
1265 * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
1266 include/missing.h, src/sudo.c:
1267 Make a copy of the struct passwd in exec_setup() to make sure
1268 nothing in the policy init modifies it.
1271 2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
1277 * common/sudo_debug.c, include/sudo_debug.h:
1278 g/c now-unused debug subsystems
1281 * doc/sudo.pod, doc/sudoers.pod:
1282 Enumerate the debug subsystems used by sudo and sudoers.
1285 2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
1287 * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
1288 include/sudo_conf.h, src/sudo.c:
1289 Normally, sudo disables core dumps while it is running. This
1290 behavior can now be modified at run time with a line in sudo.conf
1291 like "Set disable_coredumps false"
1295 Mention Spanish translation
1298 * common/sudo_debug.c:
1299 Make sure we don't try to fall back to using the conversation
1300 function for debugging in the main sudo process if we are unable to
1301 open the debug file.
1304 * MANIFEST, src/po/es.mo, src/po/es.po:
1305 Add sudo Spanish translation from translationproject.org
1308 2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
1310 * plugins/sudoers/iolog.c:
1311 Better debug subsystem usage
1315 Remove duplicate function prototypes
1318 2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
1320 * configure, configure.in:
1321 Error out if user specified --with-pam but we can't find the headers
1322 or library. Also throw an error if the headers are present but the
1323 library is not and vice versa.
1326 2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
1328 * plugins/sudoers/sudoers.c:
1329 Fix the sudoers permission check when the expected sudoers mode is
1333 2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
1335 * configure, configure.in:
1336 Verify that we can link executables built with -D_FORTIFY_SOURCE
1340 * src/exec_common.c:
1341 Fix potential off-by-one when making a copy of the environment for
1342 LD_PRELOAD insertion. Fixes bug #534
1345 * configure, configure.in:
1346 Add rudimentary check for _FORTIFY_SOURCE support by checking for
1347 __sprintf_chk, one of the functions used by gcc to support it.
1350 * compat/stdbool.h, config.h.in, configure, configure.in:
1351 Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
1354 2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
1356 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1360 2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
1362 * src/exec.c, src/sudo.c:
1363 The change in 818e82ecbbfc that caused to exit when the monitor dies
1364 created a race condition between the monitor exiting and the status
1365 being read. All we really want to do is make sure that select()
1366 notifies us that there is a status change when the monitor dies
1367 unexpectedly so shutdown the socketpair connected to the monitor for
1368 writing when it dies. That way we can still read the status that is
1369 pending on the socket and select() on Linux will tell us that the fd
1373 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
1374 src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
1376 Refactor disable_execute() and my_execve() into exec_common.c for
1377 use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
1378 disabling exec in exec_setup(), disable it immediately before
1379 executing the command. Adapted from a diff by Arno Schuring.
1382 2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
1384 * aclocal.m4, configure, configure.in:
1385 Add custom version of AC_CHECK_LIB that uses the extra libs in the
1386 cache value name. With this we no longer need to rely on a modified
1387 version of autoconf.
1390 2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
1392 * configure, configure.in:
1393 Better handling of network functions that need -lsocket -lnsl
1397 When setting up the execution environment, set groups before
1398 gid/egid like sudo 1.7 did.
1401 * configure, configure.in:
1402 Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
1405 * plugins/sudoers/sudoers.c:
1406 For "sudo -g" prepend the specified group ID to the beginning of the
1407 groups list. This matches BSD convention where the effective gid is
1408 the first entry in the group list. This is required on newer
1409 FreeBSD where the effective gid is not tracked separately and thus
1410 setgroups() changes the egid if this convention is not followed.
1414 2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
1416 * configure, configure.in:
1417 Fix sh warning; use "test" instead of "["
1421 When not logging I/O, use a signal handler that only forwards
1422 SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
1423 Fixes a race in the non-I/O logging path where the command may
1424 receive two keyboard-generated signals; one from the kernel and one
1425 from the sudo process.
1429 Back out change that put the command in its own pgrp when not
1430 logging I/O. It causes problems with pipelines.
1433 2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
1435 * compat/Makefile.in, configure, configure.in:
1436 Only run compat regress tests on compat objects we actually build.
1437 Fixes "make check" in the compat dir for systems that don't
1438 implement character classes in fnmatch() or glob(). Bug #531
1441 2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
1443 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
1444 Update po files from translationproject.org
1447 2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
1450 Include parent directories in case they don't already exist. This
1451 fixes a directory permissions problem with the AIX package when the
1452 /usr/local directories don't already exist.
1456 sync with git version
1459 * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
1463 * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
1464 Move tty name lookup code to its own file.
1467 2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
1470 Update with latest sudo 1.8.4 changes.
1473 * config.h.in, configure, configure.in:
1474 Remove obsolete template for HAVE_TIMESPEC
1478 Add a check for devname() returning a fully-qualified pathname. None
1479 of the devname() implementations do this today but you never know
1480 when this might change.
1483 2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
1485 * plugins/sudoers/visudo.c:
1486 For "visudo -c" also list include files that were checked when
1491 The device name returned by devname() does not include the /dev/
1492 prefix so we need to add it ourselves.
1496 Add debug warning if KERN_PROC sysctl fails or devname() can't
1497 resolve the tty device to a name.
1500 * common/sudo_debug.c:
1501 The result of writev() is never checked so just cast to NULL.
1504 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
1505 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
1506 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
1507 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
1508 Update Esperanto, Finnish, Polish and Ukrainian translations from
1509 translationproject.org.
1512 2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
1514 * config.h.in, configure, configure.in, src/sudo.c:
1515 Add support for determining tty via sysctl on other BSD variants.
1518 * configure, configure.in:
1519 Only check for struct kinfo_proc.ki_tdev on systems that support
1524 For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
1525 ttyname() of std{in,out,err}.
1528 2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
1530 * config.h.in, configure, configure.in, src/sudo.c:
1531 On newer FreeBSD we can get the parent's tty name via sysctl().
1534 * plugins/sudoers/testsudoers.c:
1539 Silence a gcc warning.
1542 * plugins/sudoers/bsm_audit.c:
1543 Need to include gettext.h and sudo_debug.h; from John Hein
1546 * plugins/sudoers/iolog.c:
1547 Initialize the debug framework from the I/O plugin too.
1550 2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
1552 * plugins/sudoers/testsudoers.c:
1553 Enable debugging via sudo.conf.
1556 2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
1558 * plugins/sudoers/visudo.c:
1559 Use SUDO_DEBUG_ALIAS for alias checking functions.
1562 * configure, configure.in:
1563 More complete test for getaddrinfo() that doesn't rely on the
1564 network libraries already being added to LIBS.
1567 2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
1573 * configure, configure.in:
1574 Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
1577 * compat/getaddrinfo.c:
1578 Include errno.h and missing.h
1585 * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
1586 plugins/sudoers/gram.y, plugins/sudoers/match.c,
1587 plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
1588 src/parse_args.c, src/sudo.c, src/sudo.h:
1589 Update copyright year.
1593 Update for sudo 1.8.4
1596 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1600 * plugins/sudoers/sudoreplay.c:
1601 Enable debugging via sudo.conf.
1604 * plugins/sudoers/visudo.c:
1605 Enable debugging via sudo.conf.
1608 * plugins/sudoers/visudo.c:
1609 Allow "visudo -c" to work when we only have read-only access to the
1610 sudoers include files.
1613 * doc/sudo.pod, doc/visudo.pod:
1614 Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
1615 HISTORY section in sudo that points to HISTORY file.
1618 * doc/sudo.pod, doc/sudo_plugin.pod:
1619 Document Debug setting in sudo.conf and debug_flags in plugin.
1622 2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
1624 * plugins/sudoers/match.c:
1625 Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
1626 bug where a pattern like "/usr/*" include /usr/bin/ in the results,
1627 which would be incorrectly be interpreted as if the sudoers file had
1628 specified a directory. From Vitezslav Cizek.
1631 * INSTALL, config.h.in, configure, configure.in,
1632 plugins/sudoers/auth/kerb5.c:
1633 Add --enable-kerb5-instance configure option to allow people using
1634 Kerberos V authentication to use a custom instance. Adapted from a
1635 diff by Michael E Burr.
1638 * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
1639 Remove -D debug_level option.
1643 Update copyright year.
1646 2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
1648 * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
1649 plugins/sudoers/visudo.c:
1650 parse_error is now bool, not int
1653 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1654 plugins/sudoers/parse.c:
1655 Print a more sensible error if yyparse() returns non-zero but
1656 yyerror() was not called.
1659 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
1660 plugins/sudoers/gram.c:
1661 Replace y.tab.c with the correct filename in #line directives.
1664 2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
1667 When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
1668 if the main process's fds 0-2 are not hooked up to a tty. Adapted
1669 from a diff by Zdenek Behan.
1673 When not logging I/O, put command in its own pgrp and make that the
1674 controlling pgrp if the command is in the foreground. Fixes a race
1675 in the non-I/O logging path where the command may receive two
1676 keyboard-generated signals; one from the kernel and one from the
1680 2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
1683 Quiet a bogus gcc warning.
1686 * src/parse_args.c, src/sudo.h:
1687 Fix warnings related to sudo.conf accessors.
1690 * common/sudo_conf.c, include/sudo_conf.h:
1691 Separate sudo.conf parsing from plugin loading and move the parse
1692 functions into the common lib so that visudo, etc. can use them.
1695 * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
1696 src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
1697 Separate sudo.conf parsing from plugin loading and move the parse
1698 functions into the common lib so that visudo, etc. can use them.
1701 * doc/sudoers.pod, plugins/sudoers/def_data.c,
1702 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
1703 plugins/sudoers/sudoers.c, src/sudo.c:
1704 Remove support for noexec_file in sudoers and the plugin API
1707 * plugins/sudoers/sudoers.c:
1708 Don't dump interfaces if there are none.
1711 * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
1712 Add missing %s printf escape to the group_plugin, iolog_dir and
1713 iolog_file descriptions.
1716 2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
1718 * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
1719 Fix typo in visiblepw description; from Joel Pickett
1722 2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
1724 * MANIFEST, configure, configure.in, mkdep.pl,
1725 plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
1726 plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
1727 plugins/sudoers/sudoers.h, src/sudo.c:
1728 When running a login shell with a login_class specified, use
1729 LOGIN_SETENV instead of rolling our own login.conf setenv support
1730 since FreeBSD's login.conf has more than just setenv capabilities.
1731 This requires us to swap the plugin-provided envp for the global
1732 environ before calling setusercontext() and then stash the resulting
1733 environ pointer back into the command details, which is kind of a
1737 * plugins/sudoers/Makefile.in:
1738 If srcdir is "." just use the basename of the yacc/lex file when
1739 generating the C version. This matches the generated files
1740 currently in the repo.
1743 * doc/Makefile.in, plugins/sudoers/Makefile.in:
1744 Clean up the DEVEL noise
1748 Handle different Unix domain socket (actually socketpair) semantics
1749 in BSD vs. Linux. In BSD if one end of the socketpair goes away
1750 select() returns the fd as readable and the read will fail with
1751 ECONNRESET. This doesn't appear to happen on Linux so if we notice
1752 that the monitor process has died when I/O logging is enabled,
1753 behave like the command has exited. This means we log the wait
1754 status of the monitor, not the command, but there is nothing else we
1755 can do at that point. This should only be an issue if SIGKILL is
1756 sent to the monitor process.
1760 Catch common signals in the monitor process so they get passed to
1761 the command. Fixes a problem when the entire login session is
1762 killed when ssh is disconnected or the terminal window is closed.
1763 Previously, the monitor would exit and plugin's close method would
1767 * INSTALL, configure, configure.in:
1768 Mention how to configure pam_hpsec on HP-UX to play nicely with
1772 2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
1774 * plugins/sudoers/ldap.c:
1775 Escape values in the search expression as per RFC 4515.
1778 * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
1779 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
1781 No need for install target to depend explicitly on install-dirs, the
1782 install-foo targets all depend on it.
1785 2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
1791 * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
1792 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
1793 plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
1794 plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
1795 plugins/sudoers/sudoers.h, src/Makefile.in:
1796 Add support for setenv entries in login.conf. We can't use
1797 LOGIN_SETENV since the plugin sets up the envp the command is
1798 executed with. Also regen the Makefile.in files while here. Fixes
1802 2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
1804 * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
1805 config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
1807 Add getaddrinfo() for those without it, written by Russ Allbery
1811 Restore PACKAGE_TARNAME, it is used in docdir
1814 * MANIFEST, compat/stdbool.h:
1815 SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
1819 * common/atobool.c, common/term.c, src/exec.c:
1820 Remove duplicate return statements.
1823 * plugins/sudoers/auth/bsdauth.c:
1824 Remove inaccurate comment
1827 * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
1828 Fetch the login class for the user we authenticate specifically when
1829 using BSD authentication. That user may have a different login
1830 class than what we will use to run the command. When setting the
1831 login class for the command, use the target user's struct passwd,
1832 not the invoking user's. Fixes bug 526
1835 * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
1836 plugins/sudoers/Makefile.in:
1837 Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
1840 * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
1841 plugins/sudoers/regress/logging/check_wrap.c,
1842 plugins/sudoers/regress/parser/check_addr.c,
1843 plugins/sudoers/regress/parser/check_fill.c:
1844 Fix "make check" fallout from the sudo_conv changes in sudo_debug.
1847 * common/fileops.c, common/sudo_debug.c, configure, configure.in,
1848 include/fileops.h, plugins/sample/Makefile.in,
1849 plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
1850 plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
1851 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
1852 plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
1853 plugins/sudoers/env.c, plugins/sudoers/find_path.c,
1854 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
1855 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
1856 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
1857 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
1858 plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
1859 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
1860 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
1861 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
1862 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
1863 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
1864 plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
1865 src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
1866 src/sudo_plugin_int.h, src/utmp.c:
1867 Use stdbool.h instead of rolling our own TRUE/FALSE macros.
1870 2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
1872 * compat/stdbool.h, config.h.in, configure, configure.in:
1873 Add stdbool.h for systems without it.
1876 * aclocal.m4, config.h.in, configure, configure.in:
1877 No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
1878 includes have unistd.h in them. Add check for socklen_t for
1879 upcoming getaddrinfo compat.
1882 * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
1883 configure.in, plugins/sudoers/interfaces.c,
1884 plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
1885 plugins/sudoers/sudoreplay.c, src/net_ifs.c:
1886 Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
1887 HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
1890 * src/sudo_noexec.c:
1891 No longer need to include time.h here as missing.h does not use
1895 2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
1897 * plugins/sudoers/visudo.c:
1898 Fix mode on sudoers as needed when the -f option is not specified.
1901 * MANIFEST, src/po/sr.mo, src/po/sr.po:
1902 Add Serbian translation for sudo from translationproject.org
1905 * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
1907 No longer pass debug_file to plugin, plugins must now use
1912 Build PIE executables for newer Debian and Ubuntu
1915 * common/sudo_debug.c:
1916 Include time.h for ctime() prototype.
1919 2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
1921 * common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
1923 Do not close error pipe or debug fd via closefrom() as we need them
1924 to report an exec error should one occur.
1927 * doc/sudoers.ldap.pod:
1928 Document that a sudoUser may now be a group ID.
1931 * plugins/sudoers/ldap.c:
1932 Add support for permitting access by group ID in addition to group
1936 * plugins/sudoers/ldap.c:
1937 Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
1940 * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
1941 Replace UCB fnmatch.c with a non-recursive version written by
1945 * plugins/sudoers/auth/pam.c:
1946 Fix typo, return_debug vs. debug_return
1949 2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
1951 * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
1952 Update Japanese sudoers translation from translationproject.org
1956 Make the env_reset descriptions consistent.
1959 2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
1961 * configure, configure.in:
1962 Do multiple expansion when expanding paths to the noexec file, sesh
1963 and the plugin directory. Adapted from a diff by Mike Frysinger
1966 * common/Makefile.in:
1970 2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
1973 Add ignore file; from Mike Frysinger
1977 no longer save old Makefile.in to .old
1980 * plugins/sudoers/Makefile.in, src/Makefile.in:
1984 * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
1985 m4/ltoptions.m4, m4/ltversion.m4:
1986 Update to libtool 2.4.2
1989 2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
1991 * plugins/sudoers/sudoers_version.h:
1992 Bump grammar version for #include and #includedir relative path
1996 2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
1998 * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
1999 Add support for relative paths in #include and #includedir
2002 * plugins/sudoers/Makefile.in:
2003 Fix install-plugin when shared objects are unsupported or disabled.
2006 * plugins/sudoers/goodpath.c:
2007 Don't write to sbp if it is NULL
2010 2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
2013 Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
2014 only install matching .mo files
2017 2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
2019 * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
2020 plugins/sudoers/sudoers.c, src/conversation.c:
2021 Fix non-dynamic (no dlopen) sudo build.
2024 * configure, configure.in:
2025 Don't error out if the user specified --disable-shared
2028 * common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
2029 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
2031 Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
2035 * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
2036 plugins/sudoers/sudoers.h:
2037 Make sudo_goodpath() return value bolean
2040 * INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
2041 plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
2042 Remove obsolete securid auth method.
2045 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
2046 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
2047 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
2048 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
2049 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
2050 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
2051 plugins/sudoers/auth/sudo_auth.h:
2052 Prefix authentication functions with a "sudo_" prefix to avoid
2056 * INSTALL, MANIFEST, config.h.in, configure, configure.in,
2057 doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
2058 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
2059 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
2060 Remove the old Kerberos IV support
2063 2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
2065 * plugins/sudoers/check.c:
2066 Don't print garbage at the end of the custom lecture.
2069 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2070 Add lexer tracing as debug@parser
2073 * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
2074 plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
2075 plugins/sudoers/match.c, plugins/sudoers/parse.c,
2076 plugins/sudoers/regress/parser/check_fill.c,
2077 plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
2078 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
2079 plugins/sudoers/visudo.c:
2080 Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
2081 <def_data.h> and not "def_data.h" when generating the parser in a
2085 2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
2087 * mkdep.pl, plugins/sudoers/Makefile.in:
2088 Better devdir support in mkdep.pl
2091 * plugins/sudoers/Makefile.in:
2092 Add devdir before srcdir in include path and fix up dependecies
2096 * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
2097 plugins/sudoers/defaults.h, plugins/sudoers/match.c,
2098 plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
2099 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
2100 plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
2101 #include "gram.h" not <gram.h> and "def_data.h" and not
2106 Mark libexec files as optional. If we build without shared object
2107 support, libexec is not used.
2110 * src/load_plugins.c:
2111 Change Debug sudo.conf setting to take a program name as the first
2112 argument. In the future, this will allow visudo and sudoreplay to
2113 use their own Debug entries.
2117 fix sudo_debug_printf priority
2120 * plugins/sudoers/sudoers.c:
2121 add missing debug_return_int
2124 2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
2126 * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
2127 plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
2128 Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
2132 Add missing word in HOME security note.
2135 * plugins/sudoers/testsudoers.c:
2136 Prevent "testsudoers -d username" from trying to malloc(0).
2139 2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
2141 * plugins/sudoers/regress/sudoers/test10.in,
2142 plugins/sudoers/regress/sudoers/test10.out.ok,
2143 plugins/sudoers/regress/sudoers/test10.toke.ok,
2144 plugins/sudoers/regress/sudoers/test10.toke.out.ok,
2145 plugins/sudoers/regress/sudoers/test11.in,
2146 plugins/sudoers/regress/sudoers/test11.out.ok,
2147 plugins/sudoers/regress/sudoers/test11.toke.ok,
2148 plugins/sudoers/regress/sudoers/test11.toke.out.ok,
2149 plugins/sudoers/regress/sudoers/test12.in,
2150 plugins/sudoers/regress/sudoers/test12.out.ok,
2151 plugins/sudoers/regress/sudoers/test12.toke.ok,
2152 plugins/sudoers/regress/sudoers/test13.in,
2153 plugins/sudoers/regress/sudoers/test13.out.ok,
2154 plugins/sudoers/regress/sudoers/test13.toke.ok,
2155 plugins/sudoers/regress/sudoers/test9.in,
2156 plugins/sudoers/regress/sudoers/test9.out.ok,
2157 plugins/sudoers/regress/sudoers/test9.toke.ok,
2158 plugins/sudoers/regress/sudoers/test9.toke.out.ok:
2159 Tests for empty sudoers (should parse OK) and syntax errors within a
2160 line (should report correct line number) both with and without the
2164 * plugins/sudoers/regress/sudoers/test4.out.ok,
2165 plugins/sudoers/regress/sudoers/test5.out.ok,
2166 plugins/sudoers/regress/sudoers/test7.out.ok,
2167 plugins/sudoers/regress/sudoers/test8.out.ok,
2168 plugins/sudoers/testsudoers.c:
2169 Print line number when there is a parser error.
2172 2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
2174 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2175 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2176 Keep track of the last token returned. On error, if the last token
2177 was COMMENT, decrement sudolineno since the error most likely
2178 occurred on the preceding line. Previously we always uses
2179 sudolineno-1 which will give the wrong line number for errors within
2183 2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
2186 update with sudo 1.8.3p1 info
2189 * plugins/sudoers/sudoers.c:
2190 Fix crash when "sudo -g group -i" is run. Fixes bug 521
2193 2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
2195 * plugins/sudoers/visudo.c:
2196 Make alias_remove_recursive() return TRUE/FALSE as its callers
2197 expect and remove two unused arguments. Fixes bug 519.
2200 * plugins/sudoers/regress/visudo/test1.out.ok,
2201 plugins/sudoers/regress/visudo/test1.sh:
2202 Add regress test for bugzilla 519
2205 * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2206 plugins/sudoers/regress/logging/check_wrap.c,
2207 plugins/sudoers/regress/parser/check_addr.c,
2208 plugins/sudoers/regress/parser/check_fill.c:
2209 Disable warning/error wrapping in regress tests.
2212 2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
2215 Do compile-po as part of sync-po so that the .mo files get rebuild
2216 automatically when we sync with translationproject.org
2219 * plugins/sudoers/Makefile.in:
2220 check_addr needs to link with the network libraries on Solaris
2223 * plugins/sudoers/match.c:
2224 When matching a RunasAlias for a runas group, pass the alias in as
2225 the group_list, not the user_list. From Daniel Kopecek.
2228 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
2229 We need to init the auth system regardless of whether we need a
2230 password since we will be closing the PAM session in the monitor
2231 process. Fixes a crash in the monitor on Solaris; bugzilla #518
2234 2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
2237 Get rid of done: label. If the child exits we still need to close
2238 the pty, update utmp and restore the SELinux tty context.
2241 2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
2243 * common/Makefile.in, common/atobool.c, common/fileops.c,
2244 common/fmt_string.c, common/lbuf.c, common/list.c,
2245 common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
2246 plugins/sudoers/alias.c, plugins/sudoers/audit.c,
2247 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
2248 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
2249 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
2250 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
2251 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
2252 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
2253 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
2254 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
2255 plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
2256 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
2257 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
2258 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
2259 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
2260 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
2261 plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
2262 plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
2263 plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
2264 plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
2265 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
2266 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
2267 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
2268 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
2269 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
2270 src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
2271 src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
2272 src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
2273 src/tgetpass.c, src/ttysize.c, src/utmp.c:
2274 Add debug_decl/debug_return (almost) everywhere. Remove old
2275 sudo_debug() and convert users to sudo_debug_printf().
2278 * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
2279 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
2280 plugins/sudoers/visudo.c, src/error.c:
2281 Wrap error/errorx and warning/warningx functions with debug
2282 statements. Disable wrapping for standalone sudoers programs as well
2283 as memory allocation functions (to avoid infinite recursion).
2286 * README, config.h.in, configure, configure.in:
2287 Add checks for __func__ and __FUNCTION__ and mention that we now
2288 require a cpp that supports variadic macros.
2291 * MANIFEST, common/Makefile.in, common/sudo_debug.c,
2292 include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
2293 src/load_plugins.c, src/parse_args.c, src/sudo.c,
2294 src/sudo_plugin_int.h:
2295 New debug framework for sudo and plugins using /etc/sudo.conf that
2296 also supports function call tracing.
2299 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
2301 * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
2302 Update Japanese sudoers translation from translationproject.org
2305 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
2307 * configure, configure.in:
2308 Override and ignore the --disable-static option. Sudo already runs
2309 libtool with -tag=disable-static where applicable and we need non-
2310 PIC objects to build the executables.
2313 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
2319 * plugins/sudoers/po/sudoers.pot:
2323 * plugins/sudoers/env.c:
2324 Ignore set_logname (which is now the default) for sudoedit since we
2325 want the LOGNAME, USER and USERNAME environment variables to refer
2326 to the calling user since that is who the editor runs as. This
2327 allows the editor to find the user's startup files. Fixes bugzilla
2331 * plugins/sudoers/pwutil.c:
2332 Instead of trying to grow the buffer in make_grlist_item(), simply
2333 increase the total length, free the old buffer and allocate a new
2334 one. This is less error prone and saves us from having to adjust
2335 all the pointers in the buffer. This code path is only taken when
2336 there are groups longer than the length of the user field in struct
2337 utmp or utmpx, which should be quite rare.
2341 Add Italian translation for sudo from translationproject.org
2344 * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
2345 src/po/ja.mo, src/po/ja.po:
2346 Japanese translation for sudo and sudoers from
2347 translationproject.org
2350 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
2352 * plugins/sudoers/Makefile.in:
2353 sudoreplay depends on timestr.lo too; from Mike Frysinger
2356 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
2358 * plugins/sudoers/po/sudoers.pot:
2359 Regen sudoers pot file.
2363 Update with latest sudo 1.8.3 news
2366 * plugins/sudoers/sudoers.c:
2367 It appears that LDAP or NSS may modify the euid so we need to be
2368 root for the open(). We restore the old perms at the end of
2369 sudoers_policy_open().
2372 * plugins/sudoers/set_perms.c:
2373 Better warning message on setuid() failure for the setreuid()
2374 version of set_perms().
2377 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
2379 * plugins/sudoers/check.c:
2380 Delref auth_pw at the end of check_user() instead of getting a ref
2384 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
2385 Make sudo_auth_{init,cleanup} return TRUE on success and check for
2386 sudo_auth_init() return value in check_user().
2389 * plugins/sudoers/auth/sudo_auth.c:
2390 Do not return without restoring permissions.
2393 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2397 * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
2398 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
2399 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
2400 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
2401 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
2402 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
2403 plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
2404 plugins/sudoers/sudoers.h:
2405 Modify the authentication API such that the init and cleanup
2406 functions are always called, regardless of whether or not we are
2407 going to verify a password. This is needed for proper PAM session
2411 * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
2412 Add missing dependency for getspwuid.lo and regen other depends.
2415 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
2416 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
2417 Fix a PAM_USER mismatch in session open/close. We update PAM_USER
2418 to the target user immediately before setting resource limits, which
2419 is after the monitor process has forked (so it has the old value).
2420 Also, if the user did not authenticate, there is no pamh in the
2421 monitor so we need to init pam here too. This means we end up
2422 calling pam_start() twice, which should be fixed, but at least the
2423 session is always properly closed now.
2427 Add check for old being NULL in utmp_setid(); from Steven McDonald
2430 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
2432 * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
2433 plugins/sudoers/sudoers.h:
2434 If the invoking user cannot be resolved by uid fake the struct
2435 passwd and store it in the cache so we can delref it on exit.
2438 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
2440 * plugins/sudoers/sudoers.c:
2441 Don't error out if the group plugin cannot be loaded, just warn.
2444 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
2446 * plugins/sudoers/sudoers.c:
2447 Quiet a false positive found by several static analysis tools. These
2448 tools don't know that log_error() does not return (it longjmps to
2449 error_jmp which returns to the sudo front-end).
2452 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
2454 * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
2455 plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
2456 plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
2457 Add Italian translation for sudo from translationproject.org Regen
2461 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
2463 * doc/TROUBLESHOOTING:
2464 Update to current reality and add bit about ssh auth
2467 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
2468 Make "verbose" static; fixes a namespace clash with
2469 pam_ssh_agent_auth (and it doesn't need to be extern these days).
2472 * config.h.in, configure, configure.in, src/get_pty.c:
2473 FreeBSD has libutil.h not util.h
2476 * configure, configure.in:
2477 Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
2480 2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
2482 * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
2483 plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
2484 plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
2485 Update po files from translationproject.org
2488 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
2490 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2491 Add support for DEREF in ldap.conf.
2495 install target should depend on ChangeLog too, not just install-doc
2499 Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
2503 Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
2507 Document group lookup change and possible side effects.
2510 * configure, configure.in:
2511 Fix some square brackets in case statements that needed to be
2512 doubled up. While here, use $OSMAJOR when it makes sense.
2515 * plugins/sudoers/pwutil.c:
2516 Fix a crash in make_grlist_item() on 64-bit machines with strict
2520 * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
2521 Remove list_options() function that is no longer used now that "sudo
2525 * configure, configure.in:
2526 Error message if user tries --with-CC
2529 * configure, configure.in:
2530 Check for -libmldap too when looking for ldap libs, which is the
2531 Tivoli Directory Server client library.
2534 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
2536 * plugins/sudoers/parse.c:
2537 Honor NOPASSWD tag for denied commands too.
2540 2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
2542 * INSTALL, configure, configure.in:
2543 Remove --with-CC option; it doesn't work correctly now that we use
2544 libtool. Users can get the same effect by setting the CC
2545 environment variable when running configure.
2548 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
2550 * config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
2552 Assume all modern systems support fstat(2).
2555 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
2557 * compat/regress/glob/globtest.c, config.h.in, configure,
2558 configure.in, include/missing.h, plugins/sudoers/sudoers.h,
2559 src/sudo.h, src/sudo_noexec.c:
2560 Add configure test for missing errno declaration and only declare it
2561 ourselves if it is missing.
2564 * plugins/sudoers/alias.c:
2565 Include errno.h before sudo.h to avoid conflicting with the system
2566 definition of errno.
2569 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
2571 * plugins/sudoers/regress/parser/check_addr.c:
2572 Only print individual check status when there is a failure.
2575 * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2576 plugins/sudoers/regress/logging/check_wrap.c,
2577 plugins/sudoers/regress/parser/check_addr.c:
2578 Add calls to setprogname() for test programs.
2581 * configure, configure.in:
2582 Add -Wall and -Werror after all tests so they don't cause failures.
2585 * plugins/sudoers/Makefile.in:
2586 Actually run check_addr in the check target
2589 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
2590 plugins/sudoers/match_addr.c,
2591 plugins/sudoers/regress/parser/check_addr.c,
2592 plugins/sudoers/regress/parser/check_addr.in:
2593 Split out address matching into its own file and add regression
2597 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
2599 * plugins/sudoers/match.c:
2600 When matching an address with a netmask in sudoers, AND the mask and
2601 addr before checking against the local addresses.
2604 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
2606 * plugins/sudoers/match.c:
2607 Fix netmask matching.
2610 * plugins/sudoers/visudo.c:
2611 Don't assume all editors support the +linenumber command line
2612 argument, use a whitelist of known good editors.
2615 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
2617 * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
2618 src/exec_pty.c, src/sudo.c:
2619 Silence compiler warnings on Solaris with gcc 3.4.3
2623 Fix building on RHEL 3
2626 * INSTALL, configure, configure.in:
2627 Add --enable-werror configure option.
2630 * common/setgroups.c:
2631 setgroups() proto lives in grp.h on RHEL4, perhaps others.
2634 * configure, configure.in:
2635 Use PAM by default on AIX 6 and higher.
2638 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
2640 * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
2641 src/po/eo.mo, src/po/eo.po:
2642 Add new Esperanto translation from translationproject.org
2645 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
2647 * plugins/sudoers/iolog_path.c:
2648 Quiet an innocuous valgrind warning.
2651 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
2653 * plugins/sudoers/iolog_path.c,
2654 plugins/sudoers/regress/iolog_path/data:
2655 Fix expansion of strftime() escapes in log_dir and add a regress
2656 test that exhibited the problem.
2659 * plugins/sudoers/Makefile.in:
2660 Fix "make check" return value.
2663 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
2665 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2670 Fix logic inversion in pot file up to date check.
2673 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
2675 * configure, configure.in:
2676 Add caching for gettext() checks.
2679 * configure, configure.in:
2680 Better handling of libintl header and library mismatch.
2683 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
2685 * plugins/sudoers/sudoers.c:
2686 Also check sudoers gid if sudoers is group writable.
2689 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
2691 * configure, configure.in:
2692 If dlopen is present but libtool doesn't find it, error out since it
2693 probably means that libtool doesn't support the system.
2697 configure args on the command line should override builtin defaults.
2698 Disable NLS for non-Linux/Solaris unless explicitly enabled.
2701 * plugins/sudoers/auth/aix_auth.c:
2702 Fix loop that calls authenticate(). If there was an error message
2703 from authenticate(), display it.
2706 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
2708 * m4/libtool.m4, m4/ltversion.m4:
2709 Update to autoconf 2.68 and libtool 2.4
2712 * config.guess, config.sub, configure, configure.in, ltmain.sh:
2713 Update to autoconf 2.68 and libtool 2.4
2717 Fix typo; OPT should be OTP
2720 * plugins/sudoers/Makefile.in:
2721 Rename libsudoers convenience library to libparsesudoers to avoid
2725 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
2727 * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
2728 Add Danish sudoers translation from translationproject.org
2731 * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
2732 Add dedicated callback function for runas_default sudoers setting
2733 that only sets runas_pw if no runas user or group was specified by
2737 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
2739 * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
2740 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2741 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
2743 Update Finish, Polish, Russian and Ukrainian translations from
2744 translationproject.org.
2747 * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
2748 plugins/sudoers/testsudoers.c:
2749 Go back to using a callback for runas_default to keep runas_pw in
2750 sync. This is needed to make per-entry runas_default settings work
2751 with LDAP-based sudoers. Instead of declaring it a callback in
2752 def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
2753 bit naughty, but avoids requiring stub functions in visudo and the
2757 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
2760 Add check for out of date message catalogs when doing "make dist".
2763 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
2770 Make sure compiler supports static-libgcc before using it.
2773 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
2776 Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
2779 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
2781 * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
2782 plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
2783 plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
2785 Add new Russian sudo translation from translationproject.org and
2786 rebuild the other translation files.
2789 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
2791 * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
2792 Update Finish and Polish translations from translationproject.org
2795 * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
2796 Go back to escaping the command args for "sudo -i" and "sudo -s"
2797 before calling the plugin. Otherwise, spaces in the command args
2798 are not treated properly. The sudoers plugin will unescape non-
2799 spaces to make matching easier.
2802 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
2804 * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
2805 plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
2806 plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
2807 plugins/sudoers/toke.l:
2808 Fix some potential problems found by the clang static analyzer, none
2812 * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
2814 Updated Ukranian and Chinese (simplified) po files from
2815 translationproject.org
2818 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
2820 * plugins/sudoers/po/pl.po:
2821 Updated Polish translation from translationproject.org
2824 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2828 * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
2829 Don't try to audit failure if the runas user does not exist. We
2830 don't have the user's command at this point so there is nothing to
2831 audit. Add a NULL check in audit_success() and audit_failure() just
2832 to be on the safe side.
2836 Add -g to CFLAG for PIE builds.
2839 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
2841 * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
2842 plugins/sudoers/sudoers.h, src/sudo.c:
2843 Remove fallback to per-group lookup when matching groups in sudoers.
2844 The sudo front-end will now use getgrouplist() to get the user's
2845 list of groups if getgroups() fails or returns zero groups so we
2846 always have a list of the user's groups. For systems with
2847 mbr_check_membership() which support more that NGROUPS_MAX groups
2848 (Mac OS X), skip the call to getgroups() and use getgrouplist() so
2849 we get all the groups.
2852 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
2854 * common/setgroups.c:
2855 Fix setgroups() fallback code on EINVAL.
2858 * plugins/sudoers/set_perms.c:
2859 Fix two PERM_INITIAL cases that were still using user_gids.
2863 Add Polish sudo message catalog
2866 * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2867 user_group is no longer used, remove it
2870 2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
2872 * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
2873 Add Polish translation from translationproject.org
2876 * MANIFEST, common/Makefile.in, common/setgroups.c,
2877 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
2878 src/sudo.h, src/sudo_edit.c:
2879 Add a wrapper for setgroups() that trims off extra groups and
2880 retries if setgroups() fails. Also add some missing addrefs for
2881 PERM_USER and PERM_FULL_USER.
2884 * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
2885 configure, configure.in, include/missing.h, mkdep.pl,
2886 plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
2887 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
2888 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
2889 Instead of keeping separate groups and gids arrays, create struct
2890 group_info and use it to store both, along with a count for each.
2891 Cache group info on a per-user basis using getgrouplist() to get the
2892 groups. We no longer need special to special case the user or list
2893 user for user_in_group() and thus no longer need to reset the groups
2894 list when listing another user.
2898 Don't rely on NULL since we don't include a header for it.
2901 2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
2907 2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
2909 * plugins/sudoers/sudoers.c:
2910 Do not shadow global sudo_mode with a local variable in set_cmnd()
2913 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
2915 * plugins/sudoers/sudoers.c:
2916 bash 2.x doesd not support the -l flag and exits with an error if it
2917 is specified so use --login instead. This causes an error with bash
2918 1.x (which uses -login instead) but this version is hopefully less
2922 * src/po/pl.mo, src/po/pl.po:
2923 Add Polish translation from translationproject.org
2926 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
2928 * plugins/sudoers/set_perms.c:
2929 Make error strings translatable.
2933 Only run configure with --with-pam-login for RHEL 5 and above.
2940 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
2942 * plugins/sudoers/logwrap.c:
2943 Add missing logwrap.c
2946 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
2947 plugins/sudoers/logging.h,
2948 plugins/sudoers/regress/logging/check_wrap.c,
2949 plugins/sudoers/regress/logging/check_wrap.in,
2950 plugins/sudoers/regress/logging/check_wrap.out.ok:
2951 Split out log file word wrap code into its own file and add unit
2952 tests. Fixes an off-by one in the word wrap when the log line
2953 length matches loglinelen.
2956 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
2959 For SuSE, only use /usr/lib64 as libexec if generating 64-bit
2963 * src/load_plugins.c, src/sudo.c:
2964 Fix build error when --without-noexec configure option is used.
2967 * configure, configure.in:
2968 Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
2972 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
2974 * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
2975 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
2976 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2977 Resolve the list of gids passed in from the sudo frontend (the
2978 result of getgroups()) to names and store both the group names and
2979 ids in the sudo_user struct. When matching groups in the sudoers
2980 file, match based on the names in the groups list first and only do
2981 a gid-based match when we absolutely have to. By matching on the
2982 group name (as it is listed in sudoers) instead of id (which we
2983 would have to resolve) we save a lot of group lookups for sudoers
2984 files with a lot of groups in them.
2987 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
2989 * plugins/sudoers/sudoers.c:
2990 Workaround for "sudo -i command" and newer versions of bash which
2991 don't go into login mode when -c is specified unless -l is too.
2994 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
2996 * plugins/sudoers/logging.c:
2997 Rewrite logfile word wrapping code to be more straight-forward and
2998 actually wrap at the correct place.
3001 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
3003 * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
3004 Set use_pty=true in command details when use_pty is set in sudoers.
3008 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
3010 * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
3011 src/po/zh_CN.mo, src/po/zh_CN.po:
3012 Sync Chinese (simplified) PO files from translationproject.org
3015 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
3017 * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
3018 plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
3019 Add Danish translation from translationproject.org and add missing
3023 * Makefile.in, configure, configure.in:
3024 No longer need to specify LINGUAS in configure, "make install-nls"
3025 now just installs all the .mo files it finds.
3028 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
3030 * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
3031 Build CONTRIBUTORS from newly-added contributors.pod
3035 Rework the wording in the leading paragraph
3038 2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
3040 * MANIFEST, doc/CONTRIBUTORS:
3041 Add a CONTRIBUTORS file with the names of folks who have contributed
3042 code or patches to sudo since I started maintaining it (plus the
3046 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
3048 * plugins/sudoers/env.c:
3049 Preserve SHELL variable for "sudo -s". Otherwise we can end up with
3050 a situation where the SHELL variable and the actual shell being run
3054 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
3056 * configure, configure.in:
3057 Only enable Solaris project support when setproject() is present in
3062 Explicitly set mode and owner of /etc/sudoers instead of relying on
3063 "cp -p" to work in the postinstall script. On AIX 6.1 at least the
3064 postinstall script runs before the final file permissions are set.
3067 2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
3069 * doc/sudo.pod, doc/sudoers.pod:
3070 Refer the user to the "Command Environment" section in description
3071 of sudo's -i option.
3078 2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
3081 If there is no old dependency for an object file, use the MANIFEST
3085 * compat/Makefile.in:
3086 Remove dependency for getgrouplist.lo as we don't ship that source
3090 2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
3092 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
3093 Do not declare yyparse() static as the actual function generated by
3097 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
3100 Remove locale files in "make uninstall"
3103 * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
3104 plugins/sudoers/po/uk.po, src/po/eu.po:
3105 Add Basque translation and sync Finish and Ukranian translations.
3108 * configure, configure.in:
3109 FreeBSD no longer needs the main sudo binary to link with -lpam now
3110 that plug-ins are loaded with RTLD_GLOBAL.
3113 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
3114 Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
3115 problems with pam modules not having access to symbols provided by
3116 libpam on some platforms. Affects FreeBSD and SLES 10 at least.
3120 Move xgettext invocation out of update-po target into update-pot
3123 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
3125 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
3126 Regenerate .pot files for 1.8.2rc2
3129 * Makefile.in, common/Makefile.in, compat/Makefile.in,
3130 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
3131 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3132 src/Makefile.in, zlib/Makefile.in:
3133 Move nls targets to the top level Makefile so the paths in the pot
3138 Add compiled version of sudo Finish translation
3141 * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
3142 Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
3146 * configure, configure.in, plugins/sudoers/po/fi.po:
3147 Add Finish translation from translationproject.org
3150 2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
3153 The group named by exempt_group should not have a % prefix.
3156 2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
3159 Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
3162 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
3164 * src/exec.c, src/exec_pty.c:
3165 Fix compressed io log corruption in background mode by using _exit()
3166 instead of exit() to avoid flushing buffers twice.
3168 Improved background mode support. When not allocating a pty, the
3169 command is run in its own process group. This prevents write access
3170 to the tty. When running in a pty, stdin is not hooked up and we
3171 never read from /dev/tty, which results in similar behavior.
3174 * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
3175 Clean up regress files Generate proper dependencies for regress objs
3179 * plugins/sudoers/Makefile.in:
3180 Add missing dependency for check_fill.o.
3183 2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
3185 * INSTALL, configure, configure.in:
3186 Add support for --enable-nls[=location]
3189 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
3191 * plugins/sudoers/linux_audit.c:
3195 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
3199 * configure, configure.in:
3200 Don't install .mo files if gettext was not found.
3203 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
3206 Always allocate a pty when running a command in the background but
3207 call setsid() after forking to make sure we don't end up with a
3211 * plugins/sudoers/iolog.c:
3212 Add missing space between command name and the first command line
3216 * plugins/sudoers/sudoreplay.c:
3217 Quiet a compiler warning on some platforms.
3220 * plugins/sudoers/po/README, src/po/README:
3221 README file that directs people to translationproject.org
3224 * plugins/sudoers/po/uk.po, src/po/fi.po:
3225 Sync translations with TP
3229 Add 'sync-po' target to top-level Makefile to rsync the po files
3230 from translationproject.org.
3233 * plugins/sudoers/Makefile.in:
3234 install nls files from install target
3237 * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
3238 Include .mo files in sudo binary packags.
3241 * configure, configure.in, plugins/sudoers/po/zh_CN.mo,
3242 plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
3243 Add simplified chinese translation
3246 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
3248 * configure, configure.in, plugins/sudoers/po/uk.mo,
3249 plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
3250 Add ukranian translation
3253 * compat/Makefile.in:
3254 refer to siglist.c, not ./siglist.c since not all makes will treat
3255 foo and ./foo the same.
3258 * plugins/sudoers/sudoers.c:
3259 Set def_preserve_groups before searching for the command when the -P
3263 * Makefile.in, compat/Makefile.in, mkdep.pl,
3264 plugins/sudoers/Makefile.in:
3265 Add dependency for siglist.lo in compat. This is a generated file
3266 so "make depend" needs to depend on it.
3269 * compat/Makefile.in:
3270 More dependency fixes.
3273 * compat/Makefile.in:
3274 Fix a few dependencies.
3277 * plugins/sudoers/Makefile.in, src/Makefile.in:
3278 Place compiled mo files in the src dir, not the build dir. When
3279 installing compiled mo files, display a status message.
3282 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
3284 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
3285 Tivoli Directory Server requires that seconds be present in a
3286 timestamp, even though RFC 4517 states that they are optional.
3289 * plugins/sudoers/sudo_nss.h:
3290 Add missing bit of copyright
3294 Mention cycle detection warnings
3297 * plugins/sudoers/visudo.c:
3298 When checking aliases, also check the contents of the alias in case
3299 there are problems with an alias that is referenced inside another.
3300 Replace the self reference check with real alias cycle detection.
3303 * plugins/sudoers/alias.c:
3304 Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
3305 ENOENT in alias_find() and alias_remove() if the entry could not be
3309 * plugins/sudoers/visudo.c:
3310 Increment alias_seqno before calls to alias_remove_recursive() to
3311 avoid false positives with the alias loop detection. Fixes spurious
3312 warnings about unused aliases when they are nested.
3319 * plugins/sudoers/Makefile.in:
3320 Add dependency on convenience libs to binaries
3324 mkdep.pl only works when run from the src dir
3327 * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
3328 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
3329 plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
3330 Auto-generate Makefile dependencies with a perl script.
3333 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
3335 * plugins/sudoers/match.c:
3336 If the user specifies a runas group via sudo's -g option that
3337 matches the runas user's group in the passwd database and that group
3338 is not denied in the Runas_Spec, allow it. Thus, if user root's gid
3339 in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
3340 no groups are present in the Runas_Spec.
3343 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
3345 * plugins/sudoers/Makefile.in, src/Makefile.in:
3346 Add dependencies on gettext.h
3349 * plugins/sudoers/Makefile.in, src/Makefile.in:
3350 Fix install-nls target with HP-UX sh when gettext is not present.
3353 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
3355 * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
3356 src/Makefile.in, src/po/sudo.pot:
3357 regenerate .pot files for lbuf changes
3360 * configure, configure.in:
3361 Add missing "checking" message for gettext when using the cache.
3364 * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
3365 plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
3367 Add primitive format string support to the lbuf code to make
3368 translations simpler.
3371 * MANIFEST, plugins/sudoers/Makefile.in,
3372 plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
3373 Add message catalog template files for sudo and the sudoers module.
3376 * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
3377 config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
3378 plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
3379 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
3380 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
3381 src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
3382 Add gettext.h convenience header. This is similar to but distinct
3383 from the one included with the gettext package.
3386 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
3388 * configure, configure.in:
3389 Add checks for nroff -c and -Tascii flags
3392 * configure, configure.in:
3393 Add check for HP bundled C Compiler (which cannot create shared
3397 * plugins/sudoers/sudoreplay.c:
3398 Fix C format warnings.
3405 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
3406 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
3407 plugins/sudoers/visudo.c, src/parse_args.c:
3408 Translate help / usage strings.
3411 * plugins/sudoers/Makefile.in, src/Makefile.in:
3412 Set --msgid-bugs-address to the bugzilla url
3415 * Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
3416 configure.in, doc/Makefile.in, include/Makefile.in,
3417 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
3418 plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
3419 Add scaffolding to update .po files and install .mo files.
3423 update copyright year
3427 No need to include version number at the top of these files.
3430 2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
3432 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
3433 plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
3434 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
3435 plugins/sudoers/visudo.c:
3436 Minor warning/error cleanup
3439 * config.h.in, configure.in:
3440 Emulate ngettext for the non-nls case
3443 * plugins/sudoers/ldap.c:
3444 Do not mark untranslatable strings for translation
3447 * plugins/sudoers/check.c:
3451 * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
3452 plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
3453 src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
3454 Minor warning/error message cleanup
3457 * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
3458 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
3459 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
3460 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
3461 src/exec_pty.c, src/net_ifs.c, src/selinux.c:
3462 cannot -> "unable to" in warning/error messages
3465 * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
3466 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
3467 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
3468 src/sudo.c, src/utmp.c:
3469 can't -> "unable to" in warning/error messages
3472 * configure, configure.in:
3473 FreeBSD needs the main sudo executable to link with -lpam when
3474 loading dynaic pam modules for some reason.
3477 2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
3479 * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
3480 We don't want to translate debugging messages.
3483 * configure, configure.in, plugins/sudoers/Makefile.in,
3484 plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
3485 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
3486 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
3487 src/Makefile.in, src/sesh.c, src/sudo.c:
3488 Add calls to bindtextdomain() and textdomain() Currently there are
3489 two domains, one for the sudo front-end and one for the sudoers
3490 plugin and its associated utilities.
3493 * configure, configure.in:
3494 Fix caching of libc gettext check.
3497 * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
3498 plugins/sudoers/mkdefaults:
3499 Mark defaults descriptions for translation
3503 Update for sudo 1.8.1p2
3506 2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
3508 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3509 Quiet compiler warning when SELinux is enabled.
3512 * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
3513 src/error.c, src/net_ifs.c, src/sesh.c:
3514 Add missing includes of libintl.h.
3517 * plugins/sudoers/auth/pam.c:
3521 * common/aix.c, common/alloc.c, compat/strsignal.c,
3522 plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
3523 Include libint.h where needed.
3526 * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
3527 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
3528 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
3529 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
3530 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
3531 plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
3532 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
3533 plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
3534 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
3535 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
3536 plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
3537 plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
3538 plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
3539 plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
3540 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
3541 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
3542 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
3543 plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
3544 Prepare sudoers module messages for translation.
3547 * plugins/sudoers/sudoers.c:
3548 Only check gid of sudoers file if it is group-readable.
3551 * plugins/sudoers/auth/aix_auth.c:
3552 For AIX, keep calling authenticate() until reenter reaches 0.
3555 2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
3557 * configure, configure.in:
3558 Cache the status of the initial gettext() check.
3561 * INSTALL, configure, configure.in:
3562 Add --disable-nls flag and improve checks for gettext.
3565 * configure, configure.in:
3566 When building with gcc on HP-UX, use -march=1.1 to produce portable
3567 binaries on a pa-risc2 host. Previously, the +Dportable option was
3568 used for the HP-UX C compiler but gcc always produced native
3572 2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
3574 * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
3575 src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
3576 src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
3577 src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
3578 Prepare sudo front end messages for translation.
3581 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
3583 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
3584 Add initial scaffolding to support localization via gettext()
3587 * compat/fnmatch.h, compat/glob.h:
3588 Don't let the fnmatch/glob macros expand the function prototype.
3591 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
3593 * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
3594 Resolve namespace collisions on HP-UX ia64 and possibly others by
3595 adding a rpl_ prefix to our fnmatch and glob replacements and
3596 #defining rpl_foo to foo in the header files.
3599 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
3601 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3602 Split ALL, ROLE and TYPE into their own actions. Since you can only
3603 have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
3604 the non-SELinux case. This is safe because the actions are in one
3605 big switch() statement.
3608 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3609 Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
3612 2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
3614 * doc/UPGRADE, doc/sudoers.pod:
3615 askpass moved from sudoers to sudo.conf in sudo 1.8.0
3619 Remove obsolete warning about runas_default and ordering. Move
3620 syslog facility and priority lists into the section where the
3621 relevant options are described.
3624 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
3626 * plugins/sudoers/auth/sia.c:
3627 Fix SIA support; we no longer have access to the real argc and argv
3628 so allocate space for a fake one and use the argv passed to the
3629 plugin with "sudo" for argv[0].
3632 2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
3635 Remove useless realloc when trying to get the buffer size right.
3638 * plugins/sudoers/set_perms.c:
3639 Be explicit when setting euid to 0 before call to setreuid(0, 0)
3642 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
3644 * configure, configure.in:
3645 Need to do checks for krb5_verify_user, krb5_init_secure_context and
3646 krb5_get_init_creds_opt_alloc regardless of whether or not
3647 krb5-config is present.
3650 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
3652 * plugins/sudoers/set_perms.c:
3653 Work around weird AIX saved uid semantics on setuid() and
3654 setreuid(). On AIX, setuid() will only set the saved uid if the euid
3658 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
3661 update copyright year
3664 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3665 Treat a missing includedir like an empty one and do not return an
3669 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
3672 Fix ARCH setting in cross-compile Solaris packages.
3676 Fix aix version setting.
3679 * plugins/sudoers/ldap.c:
3680 Remove extraneous parens in LDAP filter when sudoers_search_filter
3681 is enabled that causes a search error. From Matthew Thomas.
3684 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
3686 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
3687 Correct sizeof() to fix test failure.
3690 * plugins/sudoers/Makefile.in:
3691 "install" target should depend on "install-dirs". Fixes "make -j"
3692 problem and closes bz #487. From Chris Coleman.
3695 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
3698 Add HAVE_RFC1938_SKEYCHALLENGE
3701 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
3704 Mention plugin loading and libgcc changes
3707 * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
3708 Load plugins after parsing arguments and potentially printing the
3709 version. That way, an error loading or initializing a plugin
3710 doesn't break "sudo -h" or "sudo -V".
3714 When using a sub-shell to invoke the sub-make, exec make instead of
3715 running it inside the shell to avoid an extra process.
3718 * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
3719 Stop testing unspecified behavior in fnmatch Make glob test more
3723 * compat/Makefile.in:
3724 No need to add current dir to include path and having it breaks the
3725 test programs that expect to get the system glob.h and fnmatch.h
3728 * INSTALL, configure, configure.in:
3729 Fix and document --with-plugindir; partially from Diego Elio Petteno
3732 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
3733 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
3734 compat/regress/glob/globtest.in:
3735 Fix fnmatch and glob tests to not use hard-coded flag values in the
3736 input file. Link test programs with libreplace so we get our
3737 replacement verions as needed.
3741 If make in a subdir fails, fail the target in the upper level
3742 Makefile too. Adapted from a patch from Diego Elio Petteno
3745 * configure, configure.in, plugins/sudoers/auth/rfc1938.c:
3746 Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
3747 has this. Adapted from a patch from Diego Elio Petteno
3750 * plugins/sudoers/Makefile.in:
3751 Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
3755 * configure, configure.in:
3756 Fix warnings when -without-skey, --without-opie, --without-kerb4,
3757 --without-kerb5 or --without-SecurID were specified.
3761 Add plugins/sudoers/sudoers_version.h
3764 * configure, configure.in, plugins/sample/Makefile.in,
3765 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
3766 Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
3767 now include LDFLAGS in the sudoers Makefile.in. Add missing settng
3768 of @LDFLAGS@ in plugin Makefile.in files.
3771 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
3774 Mention %#gid support in User_List and Runas_List
3777 * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
3778 plugins/sudoers/visudo.c:
3779 Keep track of sudoers grammar version and report it in the -V
3783 * plugins/sudoers/sudo_nss.h:
3784 Add multiple inclusion guard
3787 * configure, configure.in, plugins/sample/Makefile.in,
3788 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
3789 The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
3790 LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
3791 set it to -Wc,-static-libgcc if not using GNU ld so we don't
3792 have a dependency on the shared libgcc in sudoers.so.
3796 Fix typo; from Petr Uzel
3799 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
3801 * plugins/sudoers/testsudoers.c:
3802 In dump-only mode, use "root" as the default username instead of
3803 "nobody" as the latter may not be available on all systems.
3806 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
3808 * plugins/sudoers/testsudoers.c:
3809 Remove NewArgv/NewArgc, they are no longer needed.
3812 * plugins/sudoers/testsudoers.c:
3813 Fix setting of user_args
3816 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3817 Add '!' token to lex tracing
3820 * plugins/sudoers/regress/testsudoers/test1.sh:
3821 Use group bin in test, not wheel as most systems have the bin group
3822 but the same is no longer true of wheel.
3825 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3826 Avoid using pre or post increment in a parameter to a ctype(3)
3827 function as it might be a macro that causes the increment to happen
3831 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
3834 Strip off the beta or release candidate version when building AIX
3838 * configure, configure.in:
3839 We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
3840 structure checks for glibc which only has __e_termination visible
3841 when _GNU_SOURCE is *not* defined.
3845 getuserattr(user, ...) will fall back to the "default" entry
3846 automatically, there's no need to check "default" manually.
3849 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
3852 Document parser changes.
3855 * Makefile.in, common/Makefile.in, compat/Makefile.in,
3856 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
3857 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3858 src/Makefile.in, zlib/Makefile.in:
3859 If there is an existing sudoers file, only install if it passes a
3863 * plugins/sudoers/regress/sudoers/test6.out.ok,
3864 plugins/sudoers/testsudoers.c:
3865 Add runasgroup support to testsudoers
3868 * plugins/sudoers/Makefile.in:
3869 For "make check", keep going even if a test fails.
3872 * plugins/sudoers/testsudoers.c:
3873 More useful exit codes:
3874 * 0 - parsed OK and command matched.
3876 * 2 - command not matched
3877 * 3 - command denied
3881 Document %#gid, and %:#nonunix_gid syntax.
3884 * plugins/sudoers/pwutil.c:
3885 Add support to user_in_group() for treating group names that begin
3889 * config.h.in, configure, configure.in, src/utmp.c:
3890 Add explicit check for struct utmpx.ut_exit.e_termination and struct
3891 utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
3892 ut_exit if we detect one or the other.
3895 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
3897 * plugins/sudoers/toke.c:
3898 Add back missing #include of config.h
3901 * plugins/sudoers/iolog_path.c,
3902 plugins/sudoers/regress/iolog_path/data:
3903 Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
3908 Quote first argument to AC_DEFUN(); from Elan Ruusamae
3911 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
3914 add new sudoers tests
3917 * plugins/sudoers/regress/sudoers/test8.in,
3918 plugins/sudoers/regress/sudoers/test8.out.ok,
3919 plugins/sudoers/regress/sudoers/test8.toke.ok:
3920 Add test for a newline in the middle of a string when no line
3921 continuation character is used.
3924 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3925 Use bitwise AND instead of modulus to check for length being odd. A
3926 newline in the middle of a string is an error unless a line
3927 continuation character is used.
3930 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
3931 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3932 Move lexer globals initialization into init_lexer.
3935 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3936 Fix a potential crash when a non-regular file is present in an
3937 includedir. Fixes bz #452
3941 On some Linux systems, "uname -p" contains detailed processor info
3942 so check "uname -m" first and then "uname -p" if needed. Recognize
3946 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
3948 * plugins/sudoers/redblack.c:
3949 Don't need all sudoers.h here.
3953 Print sudo version early, in case policy plugin init fails.
3956 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
3958 * plugins/sudoers/regress/sudoers/test4.toke.ok:
3959 Update to match change in input.
3962 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3963 Make an empty group or netgroup a syntax error.
3966 * plugins/sudoers/regress/sudoers/test7.in,
3967 plugins/sudoers/regress/sudoers/test7.out.ok,
3968 plugins/sudoers/regress/sudoers/test7.toke.ok:
3969 An empty group or netgroup should be a syntax error.
3972 * plugins/sudoers/regress/sudoers/test6.in,
3973 plugins/sudoers/regress/sudoers/test6.out.ok,
3974 plugins/sudoers/regress/sudoers/test6.toke.ok:
3975 Check that uids work in per-user and per-runas Defaults Check that
3976 uids and gids work in a Command_Spec
3979 * plugins/sudoers/regress/sudoers/test5.in,
3980 plugins/sudoers/regress/sudoers/test5.out.ok,
3981 plugins/sudoers/regress/sudoers/test5.toke.ok:
3982 Test empty string in User_Alias and Command_Spec
3985 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3986 Allow a group ID in the User_Spec.
3989 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
3991 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3992 Return an error for the empty string when a word is expected. Allow
3993 an ID for per-user or per-runas Defaults.
3996 * plugins/sudoers/testsudoers.c:
3997 Fix printing "User_Alias FOO = ALL"
4000 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
4003 Better error message about invalid -C argument
4011 Fix placement of equal size ('=') in user specification summary.
4014 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
4017 update to match sudoers regress
4020 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4021 Restore ability to define TRACELEXER and have trace output go to
4025 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4026 Restore old behavior of setting sawspace = TRUE for command line
4027 args when a line continuation character is hit to avoid causing
4028 problems for existing sudoers files.
4031 * plugins/sudoers/regress/sudoers/test4.in,
4032 plugins/sudoers/regress/sudoers/test4.out.ok,
4033 plugins/sudoers/regress/sudoers/test4.toke.ok:
4034 Add test for line continuation and aliases
4037 * plugins/sudoers/Makefile.in:
4038 Make test output line up nicely for parse vs. toke
4041 * plugins/sudoers/Makefile.in,
4042 plugins/sudoers/regress/sudoers/test1.in,
4043 plugins/sudoers/regress/sudoers/test1.out.ok,
4044 plugins/sudoers/regress/sudoers/test1.toke.ok,
4045 plugins/sudoers/regress/sudoers/test2.in,
4046 plugins/sudoers/regress/sudoers/test2.out.ok,
4047 plugins/sudoers/regress/sudoers/test2.toke.ok,
4048 plugins/sudoers/regress/sudoers/test3.in,
4049 plugins/sudoers/regress/sudoers/test3.out.ok,
4050 plugins/sudoers/regress/sudoers/test3.toke.ok,
4051 plugins/sudoers/regress/testsudoers/test1.ok,
4052 plugins/sudoers/regress/testsudoers/test1.out.ok,
4053 plugins/sudoers/regress/testsudoers/test1.sh,
4054 plugins/sudoers/regress/testsudoers/test2.out,
4055 plugins/sudoers/regress/testsudoers/test2.sh,
4056 plugins/sudoers/regress/testsudoers/test3.ok,
4057 plugins/sudoers/regress/testsudoers/test3.sh,
4058 plugins/sudoers/regress/visudo/test1.ok,
4059 plugins/sudoers/regress/visudo/test1.sh:
4060 Move parser tests to sudoers directory and test the tokenizer output
4064 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4065 If we match a rule anchored to the beginning of a line after parsing
4066 a line continuation character, return an ERROR token. It would be
4067 nicer to use REJECT instead but that substantially slows down the
4071 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4072 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
4073 plugins/sudoers/toke.l:
4074 Move LEXTRACE macro to toke.h so we can use it in yyerror().
4077 2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
4079 * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
4080 plugins/sudoers/toke.l:
4081 Make lex tracing settable at run-time in testsudoers via the -t
4082 flag. Trace output goes to stderr. Will be used by regress tests
4086 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4087 Allow whitespace after the modifier in a Defaults entry. E.g.
4088 "Defaults: username set_home"
4091 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
4094 Don't set CC when cross-compiling.
4098 Credit Matthew Thomas for the sudoers_search_filter changes.
4102 Add the .sym files to the MANIFEST
4106 Update for sudo 1.8.1 beta
4109 * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
4110 user_shell -> run_shell to avoid confusion with the user's SHELL
4115 Save the controlling tty process group before suspending in pty
4116 mode. Previously, we assumed that the child pgrp == child pid
4117 (which is usually, but not always, the case).
4120 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
4121 Add support for sudoers_search_filter setting in ldap.conf. This
4122 can be used to restrict the set of records returned by the LDAP
4126 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
4128 * configure, configure.in:
4129 Remove the hack to disable -g in CFLAGS unless --with-devel
4133 The '@' character does not normally need to be quoted.
4136 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4137 We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
4138 if that whitespace is followed by a comma, we want to treat it as
4139 part of a list and not transition.
4142 * plugins/sudoers/regress/testsudoers/test3.ok,
4143 plugins/sudoers/regress/testsudoers/test3.sh:
4144 Add check for whitespace when a User_List is used for a per-user
4148 * plugins/sudoers/regress/testsudoers/test2.out,
4149 plugins/sudoers/regress/testsudoers/test2.sh:
4150 Expand quoted name checks to cover recent fixes.
4153 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4154 Fix parsing of double-quoted names in Defaultd and Aliases which was
4155 broken in 601d97ea8792.
4158 * plugins/sudoers/Makefile.in:
4159 toke_util.c lives in $(srcdir) not $(devdir)
4162 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
4164 * configure, configure.in:
4165 Change trunk version to 1.8.x to distinguish from real 1.8.0.
4168 * NEWS, doc/UPGRADE:
4169 Document major changes in 1.8.1 and add upgrade notes.
4172 * plugins/sudoers/match.c:
4173 Be careful not to deref user_stat if it is NULL. This cannot
4174 currently happen in sudo but might in other programs using the
4179 configure will not add -O2 to CFLAGS if it is already defined to add
4180 -O2 to the CFLAGS we pass in when PIE is being used.
4184 Warn about the dangers of log_input and mention iolog_file and
4185 iolog_dir in the log_input and log_output descriptions.
4189 sync with git version
4193 It seems that h comes after i
4197 Move log_input and log_output to their proper, sorted, location.
4198 Document set_utmp and utmp_runas.
4202 Save the controlling tty process group before suspending so we can
4203 restore it when we resume. Fixes job control problems on Linux
4204 caused by the previous attemp to fix resuming a shell when I/O
4205 logging not enabled.
4209 Fix printing of the remainder after a newline. Fixes "sudo -l"
4210 output corruption that could occur in some cases.
4213 2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
4215 * config.h.in, configure, configure.in, src/exec_pty.c,
4216 src/sudo_exec.h, src/utmp.c:
4217 Add support for ut_exit
4220 * doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
4221 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
4222 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
4223 src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
4224 Add support for controlling whether utmp is updated and which user
4225 is listed in the entry.
4228 * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
4229 plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
4230 plugins/sudoers/parse.c:
4231 Fix typo; tupple vs. tuple
4235 For legacy utmp, strip the /dev/ prefix before trying to determine
4236 slot since the ttys file does not include the /dev/ prefix.
4239 * aclocal.m4, configure, configure.in, pathnames.h.in:
4240 Add check for _PATH_UTMP
4243 2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
4245 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
4246 Adapt check_iolog_path to sessid changes
4249 * config.h.in, configure, configure.in, src/Makefile.in,
4250 src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
4251 Redo utmp handling. If no getutent()/getutxent() is available,
4252 assume a ttyslot-based utmp. If getttyent() is available, use that
4253 directly instead of ttyslot() so we don't have to do the stdin dup2
4257 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
4259 * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
4261 Move utmp handling into utmp.c
4264 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
4265 common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
4266 compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
4267 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
4268 compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
4269 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
4270 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
4271 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
4272 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
4273 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
4274 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
4275 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
4276 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
4277 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
4278 plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
4279 plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
4280 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
4281 plugins/sudoers/logging.c, plugins/sudoers/parse.c,
4282 plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
4283 plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
4284 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
4285 src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
4286 src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
4287 src/sudo_plugin_int.h, src/tgetpass.c:
4288 Update copyright years.
4291 * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
4292 plugins/sudoers/sudoers.h, src/parse_args.c:
4293 Add "user_shell" boolean as a way to indicate to the plugin that the
4297 * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
4298 plugins/sudoers/sudoers.h:
4299 Move sessid out of sudo_user.
4302 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
4303 plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
4304 plugins/sudoers/sudoers.h:
4305 Log the TSID even if it is not a simple session ID.
4308 * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
4309 Document noexec in sample.sudo.conf and add back noexec_file section
4310 in sudoers with a note that it is deprecated.
4313 * plugins/sudoers/set_perms.c:
4314 Fix running commands as non-root on systems where setreuid() changes
4315 the saved uid based on the effective uid we are changing to.
4318 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
4320 * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
4322 Move noexec path into sudo.conf now that sudo itself handles noexec.
4323 Currently can be configured in sudoers too but is now undocumented
4324 and will be removed in a future release.
4327 * doc/sudo.pod, doc/sudoers.pod:
4328 Document "Path noexec ..." in sudo.conf. No longer document
4329 noexec_file in sudoers, it will be removed in a future release.
4332 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
4333 plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
4334 Move noexec handling to sudo front-end where it is documented as
4338 * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
4339 src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
4341 Add support for disabling exec via solaris privileges. Includes
4342 preparation for moving noexec support out of sudoers and into front
4346 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
4347 plugins/sample_group/Makefile.in,
4348 plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
4349 plugins/sudoers/sudoers.sym:
4350 Only export the symbols corresponding to the plugin structs.
4353 * configure, configure.in, plugins/sample/Makefile.in,
4354 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
4355 Install plugins manually instead of using libtool. This works
4356 around a problem on AIX where libtool will install a .a file
4357 containing the .so file instead of the .so file itself.
4361 Move check into its own rule since some versions of make will run
4362 both targets as the default rule.
4365 * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
4366 m4/ltversion.m4, m4/lt~obsolete.m4:
4367 Update to libtool 2.2.10
4370 2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
4373 In handle_signals(), restart the read() on EINTR to make sure we
4374 keep up with the signal pipe. Don't return -1 on EAGAIN, it just
4375 means we have emptied the pipe.
4379 Reorder functions to quiet a compiler warning.
4383 Use the Sun Studio C compiler on Solaris if possible
4386 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
4389 Fix default setting of osversion variable.
4392 * doc/sudo_plugin.pod:
4393 Make two login_class entris consistent.
4396 * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
4398 Add support for adding a utmp entry when allocating a new pty.
4399 Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
4400 Currently only creates a new entry if the existing tty has a utmp
4404 * plugins/sudoers/boottime.c:
4405 Avoid pulling in headers we don't need on Linux For getutx?id(),
4406 call setutx?ent() first and always call endutx?ent().
4409 * configure, configure.in:
4410 Add some more libs to SUDOERS_LIBS instead of relying on them to be
4411 pulled in by SUDO_LIBS.
4414 * plugins/sudoers/sudoers.c:
4415 Fix return value of "sudo -l command" when command is not allowed,
4416 broken in [c7097ea22111]. The default return value is now TRUE and
4417 a bad: label is used when permission is denied. Also fixed missing
4418 permissions restoration on certain errors. On error()/errorx(), the
4419 password and group files are now closed before returning.
4422 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
4424 * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
4425 Fix passing of login class back to sudo front end.
4429 Add --osversion flag to specify OS instead of running "pp
4434 Fix expr usage w/ GNU expr
4437 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
4439 * plugins/sudoers/sudoers.c:
4440 Fix exit value for validate and list mode.
4443 * plugins/sudoers/sudoers.c:
4444 Fix non-interactive mode with sudoers plugin.
4447 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
4449 * doc/sudoreplay.pod:
4450 sudoreplay can now find IDs other than %{seq} and display the
4454 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
4456 * plugins/sudoers/sudoreplay.c:
4457 Add support for replaying sessions when iolog_file is set to
4458 something other than %{seq}.
4461 * plugins/sudoers/visudo.c:
4462 If we are killed by a signal, display the name of the signal that
4466 * configure, configure.in:
4467 Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
4472 Fix bug in skey/opie check that could cause a shell warning.
4475 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
4476 No longer need sudo_getepw() stubs.
4479 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
4481 * plugins/sudoers/sudo_nss.c:
4482 Fix exit value of "sudo -l command" in sudoers module.
4485 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
4487 * compat/regress/glob/globtest.c:
4488 Use fgets() not fgetln() for portability.
4492 Don't use the beta or release candidate version as the rpm release.
4495 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
4497 * configure, configure.in:
4499 [f6530d56f6ae] [SUDO_1_8_0]
4502 update sudo 1.8 section
4505 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
4507 * plugins/sudoers/regress/testsudoers/test2.sh:
4508 fix test description
4511 * plugins/sudoers/regress/testsudoers/test2.out,
4512 plugins/sudoers/regress/testsudoers/test2.sh,
4513 plugins/sudoers/regress/visudo/test2.out,
4514 plugins/sudoers/regress/visudo/test2.sh:
4515 convert test2 to use testsudoers
4518 * include/sudo_plugin.h, src/sudo_plugin_int.h:
4519 Move struct generic_plugin to sudo_plugin_int.h
4522 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4523 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
4524 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
4525 plugins/sudoers/sudoers.h:
4526 Allow sudoers file name, mode, uid and gid to be specified in the
4527 settings list. The sudo front end does not currently set these but
4531 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
4533 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
4534 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
4535 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
4536 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
4541 * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
4542 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
4543 src/parse_args.c, src/sudo.h:
4544 add help text to sudo, visudo and sudoreplay for the -h option
4547 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
4549 * compat/snprintf.c:
4550 avoid using "howmany" for a parameter name since it is a select-
4555 mention group_plugin when describing nonunix_group
4558 * doc/sudo_plugin.pod:
4559 Add missing period at end of sentence
4562 * Makefile.in, doc/Makefile.in, include/Makefile.in,
4563 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
4564 plugins/sudoers/Makefile.in, src/Makefile.in:
4565 add localstatedir; closes bug 471
4568 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
4569 src/exec.c, src/exec_pty.c:
4570 The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
4575 add missing AH_TEMPLATE for ENV_RESET
4579 SVR5 systems return non-zero for success on socketpair(), check for
4580 -1 instead. Closes Bug 469
4583 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
4585 * configure, configure.in:
4589 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
4590 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
4591 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
4592 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
4597 Document that a sudo.conf file with no Pligin lines uses the default
4601 * src/load_plugins.c:
4602 If sudo.conf contains no Plugin lines, use the default sudoers
4603 policy and I/O plugins.
4606 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
4608 * plugins/sudoers/sudo_nss.c:
4609 Avoid printing empty "Runas and Command-specific defaults for user"
4614 Truncate the buffer at buf.len before printing in the non-wordwrap
4619 Remove extra newline when the tty width is very small or unavailable
4622 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
4624 * plugins/sudoers/alias.c:
4625 Remove unneeded variable.
4628 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
4630 * configure, configure.in:
4631 Prefer getutxid over getutid
4634 * plugins/sudoers/boottime.c:
4635 Include utmp.h / utmpx.h before missing.h as apparently including it
4636 afterwards causes a compilation problem on GNU Hurd.
4639 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
4641 * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
4642 #include "foo.h", not <foo.h> for local includes.
4649 * compat/mksiglist.c:
4653 * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
4654 plugins/sudoers/match.c:
4655 return foo not return(foo)
4658 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
4661 Remove duplicate FD_SET of signal_pipe[0]
4664 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
4666 * compat/mksiglist.c:
4667 Use "missing.h" not <missing.h> in generated code.
4670 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
4672 * aclocal.m4, configure:
4673 fix --with-iologdir=no
4676 * aclocal.m4, configure:
4677 fix typo that broke --with-iologdir
4680 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
4682 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
4683 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
4684 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
4685 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
4687 Bump version to 1.8.0b4
4694 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4695 Attempt to clarify how users and groups interact in Runas_Specs
4698 * plugins/sudoers/regress/visudo/test2.out,
4699 plugins/sudoers/regress/visudo/test2.sh:
4700 Add test for quoted group that contains escaped double quotes
4703 * src/exec.c, src/exec_pty.c:
4704 Pass SIGUSR1/SIGUSR2 through to the child.
4707 * src/exec_pty.c, src/sudo_exec.h:
4708 Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
4709 SIGUSR2 to indicate whether the child should be continued in the
4710 foreground or background.
4714 Use pid_t not int and check the return value of kill()
4717 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
4720 Remove obsolete comment
4724 In non-pty mode before continuing the child, make it the foreground
4725 pgrp if possible. Fixes resuming a shell.
4729 If we get a signal other than SIGCHLD in the monitor, pass it
4730 directly to the child.
4733 * src/exec.c, src/exec_pty.c, src/sudo.h:
4734 Save signal state before changing handlers and restore before we
4735 execute the command.
4738 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
4740 * plugins/sudoers/iolog.c:
4741 Use a char array to map a number to a base36 digit.
4744 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
4745 Be clear about what versions of sudo support new LDAP attributes.
4746 Fix up some formatting of attribute names. Minor other tweaks.
4749 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
4751 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4752 match quoted strings the same way whether in a Defaults line or as a
4753 user/group/netgroup name. Fixes escaped double quotes in quoted
4754 user/group/netgroup names.
4757 * plugins/sudoers/Makefile.in:
4758 'make check' depends on visudo and testsudoers
4761 * plugins/sudoers/sudoers2ldif:
4762 Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
4765 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
4768 Mention LDAP attribute compatibility status.
4771 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
4777 * INSTALL, NEWS, config.h.in, configure, configure.in,
4778 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
4779 Add --disable-env-reset configure option.
4782 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4783 Document that sudoers_locale also affects logging and email.
4786 * NEWS, config.h.in, configure, configure.in,
4787 plugins/sudoers/logging.c:
4788 Do logging and email sending in the locale specified by the
4789 "sudoers_locale" setting ("C" by default). Email send by sudo
4790 includes MIME headers when the sudoers locale is not "C".
4793 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
4795 * plugins/sudoers/check.c:
4799 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
4801 * NEWS, src/parse_args.c, src/sudo.c:
4802 Perform command escaping for "sudo -s" and "sudo -i" after
4803 validating sudoers so the sudoers entries don't need to have all the
4807 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
4809 * plugins/sudoers/logging.c:
4810 Prepend "list " to the command logged when "sudo -l command" is used
4811 to make it clear that the command was listed, not run.
4814 * plugins/sudoers/parse.c:
4818 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
4819 common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
4820 compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
4821 compat/nanosleep.c, compat/regress/glob/globtest.c,
4822 compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
4823 compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
4824 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
4825 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
4826 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
4827 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
4828 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
4829 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
4830 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
4831 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
4832 plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
4833 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
4834 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
4835 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4836 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
4837 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
4838 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
4839 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
4840 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
4841 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4842 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
4843 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
4844 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
4845 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
4846 src/sudo_noexec.c, src/tgetpass.c:
4847 standardize on "return foo;" rather than "return(foo);" or "return
4851 * plugins/sudoers/sudoers.c:
4852 Do not reject sudoers file just because it is root-writable.
4855 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
4861 * plugins/sudoers/sudo_nss.c:
4862 For "sudo -U user -l" if user is not authorized on the host, say so.
4865 * plugins/sudoers/ldap.c:
4866 In sudo_ldap_lookup(), always do the initial sudoers check as the
4867 invoking user. If we are listing another user's privs we will do a
4868 separate lookup using list_pw later.
4871 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
4874 add parser fill tests
4877 * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
4878 Don't test features not supported by the bundled glob()
4881 * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
4882 compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
4883 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4884 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
4885 doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
4886 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4887 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
4888 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4889 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
4890 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
4891 plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
4892 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4893 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4894 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
4895 plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
4896 Update copyright year to 2011
4899 * plugins/sudoers/sudo_nss.c:
4900 When listing, use separate lbufs for the defaults and the privileges
4901 and only print something if the number of privileges is non-zero.
4902 Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
4905 * plugins/sudoers/ldap.c:
4906 Stash pointer to user group vector in LDAP handle and only reuse the
4907 query if it has not changed. We always allocate a new buffer when
4908 we reset the group vector so a simple pointer check is sufficient.
4911 * plugins/sudoers/sudo_nss.c:
4912 Check initgroups() return value.
4915 * plugins/sudoers/Makefile.in,
4916 plugins/sudoers/regress/parser/check_fill.c:
4917 Add tests for the fill functions in toke_util.c
4920 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
4922 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
4930 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
4933 Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
4936 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
4939 Add Requires line for audit-libs >= 1.4 for RHEL5+
4943 sync with git version
4946 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
4948 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4952 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
4955 Update for sudo 1.7.4p5
4958 * doc/schema.OpenLDAP, doc/schema.iPlanet:
4959 Add sudoNotBefore and sudoNotAfter attributes as optional attributes
4960 to the sudoRole object class. From Andreas Mueller
4963 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
4966 Mention "sudo -g group" password check fix.
4969 * plugins/sudoers/sudoers.c:
4970 Fix "sudo -g" support in the sudoers module.
4973 * plugins/sudoers/check.c:
4974 If the user is running sudo as himself but as a different group we
4975 need to prompt for a password.
4978 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
4980 * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
4981 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
4982 plugins/sudoers/ldap.c:
4983 Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
4984 LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
4985 derived LDAP SDKs but we can pass the timeout parameter to
4986 ldap_search_ext_s() or ldap_search_st() when possible.
4989 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
4993 * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
4994 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
4995 with OpenLDAP ldap.conf files.
4998 * plugins/sudoers/pwutil.c:
4999 If user has no supplementary groups, fall back on checking the group
5003 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
5005 * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
5009 * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
5010 plugins/sudoers/toke.l:
5011 Move fill macro to toke.h
5014 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
5015 plugins/sudoers/toke.h, plugins/sudoers/toke.l,
5016 plugins/sudoers/toke_util.c:
5017 Split tokenizer utility functions out into toke_util.c
5020 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5021 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5025 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
5031 * plugins/sudoers/Makefile.in:
5032 Add visudo tests to check target
5035 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
5036 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
5037 compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
5038 Add my regress tests for fnmatch() and glob() from OpenBSD.
5041 * plugins/sudoers/regress/testsudoers/test1.sh,
5042 plugins/sudoers/regress/visudo/test1.ok,
5043 plugins/sudoers/regress/visudo/test1.sh:
5044 Add regress test for command tags using visudo -c
5047 * plugins/sudoers/Makefile.in,
5048 plugins/sudoers/regress/testsudoers/test1.ok,
5049 plugins/sudoers/regress/testsudoers/test1.sh:
5050 Add support for regress tests using testsudoers
5053 * plugins/sudoers/testsudoers.c:
5054 Need to set user_name explicitly due to internal changes made when
5055 converting sudoers to a plugin.
5058 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
5060 * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
5061 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5062 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5063 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
5064 plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
5066 Add regression tests for iolog_path()
5069 * Makefile.in, common/Makefile.in, compat/Makefile.in,
5070 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5071 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5072 src/Makefile.in, zlib/Makefile.in:
5073 Add support for "make Makefile" to regenerate Makefile from
5077 * plugins/sudoers/iolog_path.c:
5078 Quiest a bogus compiler warning.
5081 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
5083 * plugins/sudoers/iolog_path.c:
5084 Protect call to setlocale() with HAVE_SETLOCALE
5087 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
5090 mkstemps.c was renamed mktemp.c
5094 Update from 1.7 branch
5098 Use "mv -f" when regenerating ChangeLog
5101 * plugins/sudoers/match.c:
5102 Fix NULL dereference with "sudo -g group" when the sudoers rule has
5103 no runas user or group listed. Fixes RedHat bug Bug 667103.
5106 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
5108 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5109 Correct the default sudo.conf example
5112 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
5114 * plugins/sudoers/iolog_path.c:
5115 Reset slashp if we allocate a new buffer for strftime()
5118 * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
5119 plugins/sudoers/sudoers.h:
5120 Add extra out parameter to expand_iolog_path() to allow the caller
5121 to split the path into dir and file components if needed.
5124 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
5126 * plugins/sudoers/iolog.c:
5127 mkdir_iopath() returns size_t now that it uses strlcpy() and not
5131 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
5132 Trim leading slashes from iolog_file and trailing slashes from
5136 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5137 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
5138 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5139 Pass a single I/O log file name in command_details instead of
5140 separate dir + file parameters.
5143 * plugins/sudoers/sudoreplay.c:
5144 change an error() to errorx()
5147 * plugins/sudoers/iolog.c:
5148 Add missing cwd line to I/O log info file that got dropped when
5149 iolog_deserialize_info() was added
5152 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
5154 * plugins/sudoers/iolog.c:
5155 Avoid relying on globals filled in by the sudoers policy module for
5156 the sudoers I/O log module. The I/O log open function now pulls the
5157 bits it needs out of user_info and command_info.
5160 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
5161 plugins/sudoers/sudoers.h:
5162 If no iolog file is specified by the policy plugin, use io_nextid()
5163 to determine the next file in the sequence.
5166 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
5168 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5169 Document iolog_compress in command_info
5172 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
5173 Add support for the iolog_compress variable in command_info.
5176 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
5177 Add sigsetjmp() calls to all plugin entry points just to be safe.
5180 * src/sudo.c, src/sudo.h:
5181 Don't need iolog variables in struct command_details, they are for
5182 the I/O log plugins to handle.
5185 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
5187 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5188 Document use of mkdtemp() for iolog path teplates
5191 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
5192 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
5193 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
5194 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
5198 * doc/sudo_plugin.pod, doc/sudoers.pod:
5199 Document iolog_file and supported escape sequences for sudoers.
5200 Clarify that iolog_file can contain directories.
5203 * compat/Makefile.in, configure, configure.in:
5204 Fix building of mkstemps/mkdtemp replacements.
5207 * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
5208 configure.in, include/missing.h:
5209 Provide mkdtemp() for systems without it.
5212 * plugins/sudoers/iolog_path.c:
5216 * plugins/sudoers/iolog.c:
5217 Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
5218 glibc mkdtemp() returns EINVAL.
5221 * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
5222 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
5223 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
5224 plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
5225 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5226 Allow sudoers to specify the iolog file in addition to the iolog
5227 dir. Add escape sequence support to iolog file and dir: sequence
5228 number, user, group, runas_user, runas_group, hostname and
5229 command in addition to any escape sequence recognized by
5233 * plugins/sudoers/iolog.c:
5234 Add missing sigsetjmp() call in I/O plugin open function. Fixes a
5235 crash when the I/O plugin calls error(), errorx() or log_error().
5238 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
5240 * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
5241 plugins/sudoers/sudoers.c:
5242 Give the policy module fine-grained control over what the I/O plugin
5247 Clear OPOST from c_oflag like we used to. Fixes screen-based
5252 Clarify umask option description. From Reuben Thomas.
5255 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
5257 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
5258 Pick last match in LDAP sudoers too
5261 * doc/sudo_plugin.pod:
5262 Document iolog_file, iolog_dir and use_pty
5265 * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
5266 plugins/sudoers/sudoers.c:
5267 Adapt plugins to version I/O logging ABI 1.1
5270 * src/exec.c, src/sudo.h:
5271 Add use_pty command_info flag for policies to indicate that a pty
5272 should be allocated even if no I/O logging is performed.
5276 Add remaining plugin convenience functions
5279 * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
5280 src/sudo_plugin_int.h:
5281 Change I/O log API to pass in command info to the I/O log open
5282 function. Add iolog_file and iolog_dir parameters to command info.
5283 This allows the policy plugin to specify the I/O log pathname. Add
5284 convenience functions for calling plugin functions that handle ABI
5285 backwards compatibility.
5292 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
5294 * configure, configure.in:
5295 Bump version to 1.8.0b3
5298 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
5301 Remove extraneous newline
5304 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
5306 * doc/sudoers.pod, plugins/sudoers/def_data.c,
5307 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
5308 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
5309 Make I/O log dir configurable.
5312 * aclocal.m4, configure, configure.in, doc/sudoers.pod:
5313 Rename io_logdir to iolog_dir
5316 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
5319 Add missing '*' that prevented the generic ELF case from matching.
5323 If file(1) can't identify the ELF binary type, try readelf(1).
5326 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
5328 * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
5329 plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
5330 plugins/sudoers/sudoers.c, src/sudo.c:
5331 Use %u to print uid/gid, not %lu and adjust casts to match.
5334 * doc/sudoers.ldap.pod:
5335 Clarify ordering of entries and attributes.
5338 * doc/sudoers.ldap.pod:
5339 Fix typo and editing goof.
5342 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
5343 doc/sudoers.ldap.pod:
5344 Merge in ordered LDAP entry support from Andreas Mueller.
5347 * plugins/sudoers/ldap.c:
5348 Make sure we don't dereference a NULL handle.
5351 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
5354 Add support for RHEL 6 file modes that include a trailing dot on
5355 files with an SELinux security context
5358 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
5361 exec_setup() does not need to setuid(0), the Ubuntu issue was in the
5365 * plugins/sudoers/sudoers.c:
5366 create_admin_success_flag() should use restore_perms() rather than
5367 set_perms() to restore the uid.
5371 In exec_setup() call setuid(0) to make certain the subsequent uid
5372 and gid changes will succeed. Fixes a problem on Ubuntu.
5376 Error out if we cannot change to root's uid so we catch the failure
5380 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
5383 fix typo; from Michael T Hunter
5386 * plugins/sudoers/match.c:
5387 In sudoedit mode, assume command line arguments are paths and pass
5388 FNM_PATHNAME to fnmatch().
5391 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
5393 * configure, configure.in:
5394 Add workaround for an error in sys/types.h on HP-UX 11.23 when large
5395 file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
5396 broken bits of the header file.
5400 Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
5404 For Tru64, strip off beta version.
5407 * MANIFEST, plugins/sudoers/testsudoers.c,
5408 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
5409 Avoid conflicts with system definitions in grp.h and pwd.h
5413 Include stdio.h after zlib.h, not before. We need the large file
5414 defines to come first.
5417 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
5419 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
5424 Don't clean ChangeLog
5427 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
5428 Add prototype for cleanup()
5431 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
5433 * plugins/sudoers/group_plugin.c:
5434 Avoid deferencing group_plugin if it is NULL in
5435 group_plugin_query(). This should not happen.
5438 * plugins/sudoers/group_plugin.c:
5439 group plugin init function return TRUE when successful
5442 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
5444 * plugins/sudoers/ldap.c:
5445 Enlarge the array of entry wrappers int blocks of 100 entries to
5446 save on allocation time. From Andreas Mueller
5449 * plugins/sudoers/ldap.c:
5450 Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
5451 that was mistakenly dropped.
5454 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
5456 * doc/TROUBLESHOOTING:
5457 Mention that sudo needs "ar" to build.
5460 * configure, configure.in:
5461 Fail with a more useful error if "ar" is not found.
5464 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
5466 * plugins/sudoers/ldap.c:
5467 Merge in ordered LDAP entry support from Andreas Mueller and add
5468 local changes from the 1.7 branch.
5471 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
5473 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
5474 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
5475 Add timed entry support from Andreas Mueller.
5478 * plugins/sudoers/group_plugin.c:
5479 Don't try to unload if group_plugin is NULL. Don't call dlclose() if
5480 group_handle is NULL
5483 * plugins/sudoers/sudoers.h:
5484 It is now plugin_cleanup(), not cleanup()
5487 * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
5488 Call plugin_cleanup(), not cleanup()
5491 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
5493 * plugins/sudoers/ldap.c:
5494 Use efree() not free() and remove malloc.h include since we never
5495 directly call malloc() or free().
5498 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
5501 set PSTAMP for Solaris and move the backend-specific bits to their
5502 own %if [xxx] %endif blocks in %set.
5509 * configure, configure.in:
5510 Only substitute file zlib files when using the builtin zlib
5513 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
5514 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5515 src/Makefile.in, zlib/Makefile.in:
5516 Give up on using VPATH to find sources as it is implemented
5517 inconsistenly in different versions of make.
5520 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
5521 plugins/sudoers/gram.c, plugins/sudoers/toke.c:
5522 Include config.h before any other includes to make sure we get the
5523 right value for _FILE_OFFSET_BITS.
5535 g/c unused $(GENERATED)
5538 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
5540 * plugins/sudoers/group_plugin.c:
5541 Zero out group_plugin on unload just to be safe.
5544 * plugins/sudoers/group_plugin.c:
5545 Unload group plugin if its init function fails.
5549 Only chdir to cwd if it is different from the current cwd or there
5550 is a new root (chroot).
5553 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
5554 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
5555 doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
5556 Bump version to 1.8.0b2
5559 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
5562 Better --enable-zlib description
5566 Use system zlib on Linux Let configure decide on Solaris For all
5567 others, use builtin zlib
5571 Add large file support.
5575 Add large file support.
5578 * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
5579 zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
5580 zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
5581 zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
5582 zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
5583 zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
5584 zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
5585 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
5586 Add local copy of zlib for systems that lack it.
5589 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
5592 If perform_io() fails, kill the child before exiting so it doesn't
5593 complain about connection reset. We can get an I/O error if, for
5594 example, and we get EIO reading from stdin.
5597 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
5599 * plugins/sudoers/sudoers.c, src/sudo.c:
5600 Fix complilation on systems with set_auth_parameters() Sprinkle
5601 volatile to quiet warnings from gcc 2.8.0
5604 * compat/dlfcn.h, compat/dlopen.c:
5605 Avoid potential namespace issues with dlopen() emulation.
5612 * plugins/sudoers/interfaces.c:
5613 Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
5618 Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
5621 * configure, configure.in:
5622 HP-UX 10.20 libc has an incompatible getline
5625 * plugins/sudoers/visudo.c:
5626 Quiet an HP-UX compiler warning.
5629 * configure, configure.in:
5630 Check for vi even with --with-editor specified; the sample plugin
5634 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
5637 Fix remaining syntax errors.
5641 sudo binary depends on the libtool-generated libs
5644 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
5645 Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
5646 include the local or system dlfcn.h
5650 Don't use run_as_superuser=false on HP-UX
5654 Use memset() instead of zero_bytes() since we don't include
5658 * plugins/sudoers/interfaces.c:
5659 Fix pasto; AF_INET not AF_INET6
5663 Actually call shl_load()
5667 Update from git repo. Debian: version numbers now compliant with
5668 policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
5672 * configure, configure.in:
5673 Fix dlopen() detection for systems where dlopen() is in a separate
5677 * plugins/sudoers/auth/pam.c:
5678 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
5679 useful message and return AUTH_FATAL so sudo does not keep trying to
5684 sudo_preload_table is an array
5688 Quiet a compiler warning and fix sudo_preload_table external
5693 Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
5696 * plugins/sudoers/group_plugin.c:
5697 Make this compile correctly when no dlopen is available.
5700 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
5702 * plugins/sudoers/check.c:
5703 Having a timestamp file defined is no longer indicative of tty
5704 tickets being enabled. Check def_tty_tickets directly.
5707 * src/exec_pty.c, src/sudo.h, src/ttysize.c:
5708 Fix TCGETWINSZ compat.
5711 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
5713 * src/exec_pty.c, src/ttysize.c:
5714 Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
5717 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
5719 * plugins/sudoers/sudoers.c, src/sudo.c:
5720 Move set_project() from sudoers module into sudo proper.
5723 * configure, configure.in:
5724 Fix typo and regenerate
5727 * plugins/sudoers/ldap.c:
5728 When iterating over returned LDAP entries, keep looking at remaining
5729 matches even if we have a positive match. This catches negative
5730 matches that may exist in other entries and more closely match the
5731 sudoers file behavior.
5735 Add support for multiple package instances on Solaris.
5739 Add missing signal_pipe[0] to fdsr for the non-pty case.
5743 Add --with-project for Solaris
5747 Need ar and ranlib too
5750 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
5752 * plugins/sudoers/env.c:
5753 Preserve ODMDIR environment variable by default on AIX.
5756 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
5758 * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
5759 config.h.in, configure, configure.in, plugins/sample/Makefile.in,
5760 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5761 plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
5762 plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
5764 Add dlopen() emulation for systems without it. For HP-UX 10, emulate
5765 using shl_load(). For others, link sudoers plugin statically and use
5766 a lookup table to emulate dlsym().
5769 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
5771 * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
5772 compat/nanosleep.c, compat/utimes.c:
5773 When including compat headers, use the compat dir as part of the
5774 path so we are sure to get the correct header.
5777 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
5779 * plugins/sudoers/linux_audit.c:
5780 Ignore ECONNREFUSED from audit_log_user_command() which will occur
5781 if auditd is not running.
5784 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
5787 Sync with git version
5790 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
5792 * common/fileops.c, plugins/sudoers/defaults.c:
5793 Cast isblank argument to unsigned char.
5796 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
5798 * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
5799 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
5800 Implement --with-umask-override configure flag.
5803 * plugins/sudoers/env.c:
5804 Take MODE_LOGIN_SHELL into account when initially setting reset_home
5805 instead of special-casing it later.
5808 * plugins/sudoers/sudoers.c:
5809 In login mode, make a copy of the runas user's pw_shell for
5810 NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
5814 * plugins/sudoers/env.c:
5815 Reset HOME for "sudo -i" even if HOME was listed in env_keep.
5819 Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
5823 Reset signal mask at sudo startup time; we need to be able to rely
5824 on normal signal delivery to control the child process.
5827 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
5830 Use sed instead of expr to split a flag from its argument. Fixes a
5831 problem with expr interpreting its arguments as a flag when they
5836 Do not need sys/time.h after all
5840 Include sys/time.h for utimes() and struct timeval. No longer need
5841 ioctl.h or termios.h
5844 * compat/snprintf.c:
5845 Quiet bogus compiler warnings.
5848 * include/missing.h:
5849 Declare innetgr() for HP-UX which is missing a declaration. Declare
5850 domainname() for HP-UX and Solaris which are missing a declaration.
5853 * plugins/sudoers/bsm_audit.c:
5854 Use __sun for consistency with the rest of the sources.
5857 * plugins/sudoers/group_plugin.c:
5858 Quiet a bogus compiler warning.
5861 * plugins/sudoers/pwutil.c:
5862 Don't try to delref a NULL group.
5865 * common/alloc.c, common/lbuf.c:
5866 Include memory.h on systems that need it.
5869 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
5872 Quiet gcc warnings on glibc systems that use warn_unused_result for
5876 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5877 sudo_plugin is in section 8; from Ted Percival
5880 * plugins/sudoers/Makefile.in:
5881 testsudoers depends on libsudoers.la, not sudoreplay
5884 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
5887 Read as many signals on the signal pipe as we can before returning.
5890 * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
5891 Instead of using a array to store received signals, open a pipe and
5892 have the signal handler write the signal number to one end and
5893 select() on the other end. This makes it possible to handle signals
5894 similar to I/O without race conditions.
5897 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
5899 * doc/visudo.pod, plugins/sudoers/visudo.c:
5900 Make "visudo -c -f -" check the standard input.
5904 set_home and always_set_home have an effect if HOME is present in
5908 * plugins/sudoers/env.c:
5909 Make -H flag work when HOME is listed in env_keep. Also makes
5910 "set_home" and "always_set_home" override override HOME in env_keep.
5913 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
5915 * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
5916 plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
5917 plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
5918 plugins/sudoers/visudo.c, src/net_ifs.c:
5919 Convert sudoers plugin to use interface list passed in settings.
5922 * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
5923 src/parse_args.c, src/sudo.h:
5924 Query local network interfaces in the main sudo driver and pass to
5925 the plugin as "network_addrs" in the settings list.
5928 * plugins/sudoers/bsm_audit.c:
5929 Solaris BSM audit return EINVAL when auditing is not enabled,
5930 whereas OpenBSM returns ENOSYS.
5933 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
5936 missing.h should come before most local includes
5939 * plugins/sudoers/sudoreplay.c:
5940 missing.h should come before most local includes
5943 * plugins/sudoers/sudoers.h:
5944 Make local includes consistent; use double quotes for local includes
5945 except for generated ones where we use angle brackets.
5948 * plugins/sudoers/sudoers.c:
5949 Always fill in NewArgv for audit code.
5952 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5953 Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
5956 * common/alloc.c, common/atobool.c, common/fileops.c,
5957 common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
5958 common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
5959 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
5960 compat/getprogname.c, compat/glob.c, compat/isblank.c,
5961 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
5962 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
5963 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
5964 compat/unsetenv.c, compat/utimes.c, include/compat.h,
5965 plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
5966 plugins/sample_group/plugin_test.c,
5967 plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
5968 plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
5969 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
5970 plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
5971 plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
5972 plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
5973 src/sudo_noexec.c, src/ttysize.c:
5974 Make local includes consistent; use double quotes for local includes
5975 except for generated ones where we use angle brackets. Also g/c
5979 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
5981 * plugins/sudoers/match.c:
5982 When matching the runas user and runas group (-u and -g command line
5983 options), keep track of runas group and runas user matches
5984 separately. Only return a positive match if we have a match for
5985 both runas user and runas group (if specified).
5988 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
5990 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
5991 Add support for multiple URI lines by joining the contents and
5992 passing the result to ldap_initialize.
5995 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
5996 Do not return -1 on error from the display functions; the caller
5997 expects a return value >= 0.
6000 * plugins/sudoers/sudoers.c:
6001 Do not set both MODE_EDIT and MODE_RUN
6004 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
6006 * include/missing.h:
6007 Move includes to the top of the file.
6010 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
6012 * plugins/sudoers/Makefile.in:
6013 Add missing definition of timedir
6016 * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
6017 compat/mksiglist.c, compat/strsignal.c,
6018 plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
6019 Add #include of sys/types.h for .c files that include missing.h to
6020 be sure that size_t and ssize_t are defined.
6023 * plugins/sudoers/Makefile.in:
6024 Install sudoers file from the build dir not hte src dir.
6027 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
6029 * plugins/sudoers/set_perms.c:
6030 If runas_pw changes, reset the stashed runas aux group vector.
6031 Otherwise, if runas_default is set in a per-command Defaults
6032 statement, the command runs with root's aux group vector (i.e. the
6033 one that was used when locating the command).
6036 * plugins/sudoers/Makefile.in:
6037 Add target to generate sudoers file Remove generated sudoers file as
6041 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
6044 When not logging I/O install a handler for SIGCONT and deliver it to
6045 the command upon resume. Fixes bugzilla #431
6048 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
6050 * plugins/sudoers/sudoers.h:
6051 g/c unused auth_pw extern definition
6054 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
6055 Move get_auth() into check.c where it is actually used.
6058 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
6061 Convert a remaining puts() and putchar() to use the output function.
6064 * plugins/sudoers/plugin_error.c:
6068 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
6070 * plugins/sudoers/env.c:
6071 Set dupcheck to TRUE when setting new HOME value if !env_reset but
6072 always_set_home is true. Prevents a duplicate HOME in the
6073 environment (old value plus the new one) introduced in f421f8827340.
6076 * configure, configure.in, plugins/sudoers/sudoers,
6077 plugins/sudoers/sudoers.in:
6078 Substitute sysconfdir in the installed sudoers file to get the
6079 correct path for sudoers.d.
6082 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
6085 Fix typo that prevented compilation on Irix; Friedrich Haubensak
6088 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
6090 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
6091 common/atobool.c, common/fileops.c, common/fmt_string.c,
6092 common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
6093 compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
6094 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
6095 compat/getprogname.c, compat/glob.c, compat/isblank.c,
6096 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
6097 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
6098 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
6099 compat/unsetenv.c, compat/utimes.c, include/compat.h,
6100 include/missing.h, plugins/sample/sample_plugin.c,
6101 plugins/sample_group/getgrent.c,
6102 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
6103 plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
6104 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
6105 plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
6106 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
6107 plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
6108 src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
6109 Merge compat.h and missing.h into missing.h
6112 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
6114 * plugins/sudoers/auth/pam.c:
6115 If the user hits ^C while a password is being read, error out before
6116 reading any further passwords in the pam conversation function.
6117 Otherwise, if multiple PAM auth methods are required, the user will
6118 have to hit ^C for each one.
6121 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
6123 * plugins/sudoers/check.c:
6127 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6128 Document sudo_conv_t function and sudo_printf_t return values.
6131 * src/conversation.c:
6132 Make _sudo_printf return the number of characters printed on success
6136 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
6138 * plugins/sudoers/sudoers.c:
6139 sudoers.h includes sudo_plugin.h for us
6142 * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
6143 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
6145 Use gettimeofday() directly instead of via the gettime() wrapper.
6148 * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
6149 compat/strerror.c, config.h.in, configure, configure.in,
6150 include/compat.h, include/missing.h, plugins/sudoers/logging.c,
6151 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
6152 Remove some obsolete configure tests, ancient Unix systems are no
6156 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
6159 Set pp_kit_version and strip off patch level
6163 Better handling of versions with a patchlevel. For rpm and deb, use
6164 the patchlevel+1 as the release. For AIX, use the patchlevel as the
6165 4th version number. For the rest, just leave the patchlevel in the
6169 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
6171 * plugins/sudoers/auth/sudo_auth.c:
6172 For non-standalone auth methods, stop reading the password if the
6173 user enters ^C at the prompt.
6176 * configure, configure.in, plugins/sudoers/Makefile.in,
6177 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
6178 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6179 plugins/sudoers/pwutil.c:
6180 No need to look up shadow password unless we are doing password-
6181 style authentication. This moves the shadow password lookup to the
6182 auth functions that need it.
6185 * plugins/sudoers/sudoers.c:
6186 Retain final passwd/group refs until the policy close() function.
6187 Note that this doesn't get called in all cases so putting this in a
6188 cleanup function is probably better.
6191 * plugins/sudoers/check.c:
6195 * plugins/sudoers/check.c:
6196 When removing/resetting the timestamp file ignore the tty ticket
6200 * plugins/sudoers/sudoers.c:
6201 delref sudo_user.pw, runas_pw and runas_gr immediately before we
6205 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
6207 * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
6208 plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
6209 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6210 Reference count cached passwd and group structs. The cache holds
6211 one reference itself and another is added by sudo_getgr{gid,nam} and
6212 sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
6213 group structs are persistent for now.
6220 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
6222 * plugins/sudoers/check.c:
6223 Do not produce a warning for "sudo -k" if the ticket file does not
6227 * plugins/sudoers/pwutil.c:
6228 Instead of caching struct passwd and struct group in the red-black
6229 tree, store a struct cache_item which includes both the key and
6230 datum. This allows us to user the actual name that was looked up as
6231 the key instead of the contents of struct passwd or struct group.
6232 This matters because the name in the database may not match what we
6233 looked up, due either to case folding or truncation (historically at
6234 8 characters). Also mark the disabled calls to sudo_freepwcache()
6235 and sudo_freegrcache() as broken since we use cached data for things
6236 like set_perms() and the logging functions. Fixing this would
6237 require making a copy of the structs for user and runas or adding a
6238 reference count (better).
6241 * plugins/sudoers/Makefile.in:
6242 Fix path to mkinstalldirs
6245 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
6246 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
6247 src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
6248 Quiet gcc warnings on glibc systems that use warn_unused_result for
6249 write(2) and others.
6252 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
6254 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6258 * aclocal.m4, configure, configure.in:
6259 Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
6260 back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
6264 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
6266 * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
6267 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
6268 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
6271 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
6274 Update to latest version
6277 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
6280 Let pp determine pp_aix_version itself.
6283 * INSTALL, config.h.in, configure, configure.in, mkpkg,
6284 plugins/sudoers/sudoers.c:
6285 Add support for Ubuntu admin flag file and enable it when building
6289 * plugins/sudoers/sudoers, sudo.pp:
6290 Add commented out SuSE-like targetpw settings
6293 * configure, configure.in:
6294 Only try to use +DAportable for non-GCC on hppa
6297 * configure, configure.in:
6298 Prevent configure from adding the -g flag unless in devel mode
6301 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
6304 Go back to sudo-flavor to match existing packages and only use an
6305 underscore for those that need it.
6309 Use sudo_$flavor instead of sudo-$flavor since that causes the least
6310 amount of trouble for the various package managers.
6314 Fix handling of the ldap flavor Remove destdir unless --debug was
6315 specified Make distclean before running configure if there is a
6320 Add back include file.
6324 Pass extra args on to configure on HP-UX, if we don't have the HP C
6325 compiler, disable zlib to prevent gcc from finding it in
6330 Use the HP ANSI C compiler on HP-UX if possible
6333 * plugins/sudoers/sudoreplay.c:
6334 Some getline() implementations (FreeBSD 8.0) do not ignore the
6335 length pointer when the line pointer is NULL as they should.
6338 * plugins/sudoers/sudoreplay.c:
6339 Don't need to check for *cp being non-zero, isdigit() will do that.
6342 * plugins/sudoers/sudoreplay.c:
6343 Add setlocale() so the command line arguments that use floating
6344 point work in different locales. Since sudo now logs the timing
6345 data in the C locale we must Parse the seconds in the timing file
6346 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
6347 the number of seconds with the user's locale so if the decimal point
6348 is not '.' try using the locale-specific version.
6352 Do I/O logging in the C locale so the floating point numbers in the
6353 timing file are not locale-dependent.
6356 * plugins/sudoers/sudoreplay.c:
6357 Use errorx() not error() for thingsthat don't set errno.
6360 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
6363 Better support for 1.2.3 style versions in Tru64 kits
6367 Add Tru64 kit support
6371 Remove apparently unnecessary use of sudo
6374 * Makefile.in, plugins/sudoers/Makefile.in:
6375 Create timedir as part of install-dirs target.
6379 Handle ENXIO from read/write which can occur when reading/writing a
6380 pty that has gone away.
6383 * plugins/sudoers/pwutil.c:
6384 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
6388 platform is a pp flag not a variable
6391 * Makefile.in, mkpkg, sudo.pp:
6392 Add simple arg parsing for mkpkg so we can set debug, flavor or
6397 Make rpm backend work on AIX 5.x
6400 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
6402 * plugins/sudoers/sudoers:
6403 Add commented out Defaults entry for log_output
6406 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
6409 Remove sudo docdir completely
6412 * doc/sample.sudo.conf:
6413 Add sample sudo.conf
6416 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
6418 * plugins/sudoers/Makefile.in:
6419 Add PACKAGE_TARNAME for docdir
6422 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
6425 Pass install-sh -b~ here too.
6428 * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
6429 plugins/sudoers/Makefile.in, src/Makefile.in:
6430 Install binary files with -b~ to make a backup. Fixes "text file
6431 busy" error on HP-UX during install.
6435 "mv -f" on HP-UX doesn't unlink the destination first so add an
6436 explicit rm before moving the temporary into place.
6439 * configure, configure.in:
6440 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
6443 * doc/Makefile.in, plugins/sudoers/Makefile.in:
6444 Install sudoers2ldif in the doc dir
6447 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
6450 Add missing include of maillock.h for Solaris
6453 * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
6454 doc/sample.syslog.conf, doc/sudoers.cat:
6455 Change the default syslog facility from local2 to authpriv (or auth
6456 if the operating system doesn't support authpriv).
6459 * Makefile.in, sudo.pp:
6460 Install sudoers as /etc/sudoers on RPM and debian systems where the
6461 package manager will not replace a user-modified configuration file.
6462 This fixes upgrades from the vendor sudo packages.
6466 RPM: use %config(noreplace) instead of %config for volatile This
6467 results in the new file being installed with a .rpmnew suffix
6468 instead of the file being replaced and the old one renamed with a
6472 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
6474 * compat/mkstemps.c, plugins/sudoers/boottime.c:
6475 Include time.h for struct timeval
6479 The return value of strsignal() may be const and should be treated
6480 as const regardless.
6483 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6484 Mention that 127.0.0.1 will not match, nor will localhost unless
6485 that is the actual host name.
6488 * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
6489 Rename WHATSNEW -> NEWS
6493 Updated pp with latest patches
6500 * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
6501 plugins/sudoers/sudoers:
6502 Add commented out line to add HOME to env_keep and add a warning to
6503 the note about the HOME change in UPGRADE.
6506 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
6508 * plugins/sudoers/sudoreplay.c:
6509 Add LINE_MAX define for those without it.
6512 * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
6513 doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
6514 plugins/sudoers/defaults.c:
6515 The tty_tickets option is now on by default.
6519 Mention that AIX authdb support has been fixed.
6523 setauthdb() only sets the "old" registry if it was set by a previous
6524 call to setauthdb(). To restore the original value, passing NULL
6525 (or an empty string) to setauthdb() is sufficient.
6528 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
6530 * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
6531 doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
6532 plugins/sudoers/env.c:
6533 Reset HOME when env_reset is enabled unless it is in env_keep
6536 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6537 The default for set_logname has been "true" for some time now.
6540 * plugins/sudoers/boottime.c:
6541 Add missing include of time.h
6544 * plugins/sudoers/logging.c:
6545 Fix check for dup2() return value.
6548 * plugins/sudoers/env.c:
6549 Add PYTHONUSERBASE to initial_badenv_table
6552 * plugins/sudoers/visudo.c:
6553 Treat an unknown defaults entry as a parse error.
6556 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
6557 Check return value of setdefs() but don't stop setting defaults if
6558 we hit an unknown one.
6561 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
6562 doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
6563 doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
6564 plugins/sudoers/env.c:
6565 If env_reset is enabled, set the MAIL environment variable based on
6566 the target user unless MAIL is explicitly preserved in sudoers.
6569 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
6572 decode debian code names
6579 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
6586 Restore RLIMIT_NPROC after the uid switch if it appears that
6587 runas_setup() did not do it for us. Fixes a bash script problem on
6588 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
6591 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
6593 * mkpkg, pp, sudo.pp:
6594 Restore the dot removal in the os version reported by polypkg. Adapt
6595 mkpkg and sudo.pp to the change.
6598 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
6601 document --with-pam-login
6604 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6605 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
6608 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
6611 Include flavor in solaris package name
6615 Older shells don't support IFS= so set explictly to space, tab,
6620 Use '=' not '==' in test
6624 Fix typo that prevented debian from matching
6628 Add missing prefix setting for debian
6632 Use tab indents to reduce the chance of problem with <<- Fix the
6633 debian %set section, pp does not set pp_deb_distro Uncomment %sudo
6634 line in sudoers for debian Uncomment some env_keep lines for RHEL,
6635 SLES and debian to more closely match the vendor sudoers files.
6636 Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
6637 debian for ldap flavor
6640 * plugins/sudoers/sudoers:
6641 Add commented out env_keep entries, sample Aliases and a %sudo line
6645 * configure, configure.in:
6646 Move zlib check later on in the script to avoid a strange shell
6651 Remove check for egrep; configure has its own
6654 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
6657 Enable zlib for linux distros
6661 Add ldap flavor to default build
6665 Simplify rpm linux distro settings
6668 * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
6669 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
6673 Fix ChangeLog creation from build dir
6676 * plugins/sudoers/sudoers.c:
6677 Handle getcwd() failure.
6680 * doc/Makefile.in, mkpkg, sudo.pp:
6681 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
6682 environment variable.
6686 Create sudo group on debian
6690 Add debian 4/5/6 and use the dot when doing version matches
6693 * aclocal.m4, configure:
6694 Use a loop when searching for mv, sendmail and sh
6697 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6698 Remove spurious "and"; from debian
6701 * aclocal.m4, configure, configure.in, doc/sudoers.cat,
6702 doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
6703 doc/visudo.man.in, doc/visudo.pod:
6704 Substitute the value of EDITOR into the sudoers and visudo manuals.
6707 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
6709 * mkpkg, pp, sudo.pp:
6710 Initial support for debian 4.0
6714 Some platforms need -fPIE instead of -fpie
6717 * plugins/sudoers/auth/pam.c:
6718 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
6719 On Linux it causes a DNS lookup via libaudit.
6723 Update MANIFEST to match packaging changes
6727 We now use pp to generate HP-UX packages
6730 * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
6731 Remove vestiges of old binary package bits.
6734 * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
6735 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6736 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6738 install-man -> install-doc
6741 * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
6742 plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
6743 Use http://rc.quest.com/topics/polypkg/ for packaging
6747 Just ignore the -c option, it is the default Add support for -d
6751 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
6753 * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
6754 Use _PATH_STDPATH instead of _PATH_DEFPATH
6757 * plugins/sudoers/Makefile.in, src/Makefile.in:
6758 Do not strip binaries.
6761 * INSTALL, configure, configure.in:
6762 Add --insults=disabled configure option to allow people to build in
6763 insult support but have the insults disabled unless explicitly
6767 * compat/mkstemps.c:
6768 Add prototype for gettime()
6771 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
6772 plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
6773 plugins/sudoers/sudoers.h:
6774 Add support for a sudo-i pam.d file to be used for "sudo -i".
6775 Adapted from a RedHat patch.
6778 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
6780 * include/missing.h:
6781 Fix mkstemps() prototype
6784 * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
6785 config.h.in, configure, configure.in, include/missing.h,
6787 Use mkstemps() instead of mkstemp() in sudoedit. This allows
6788 sudoedit to preserve the file extension (if any) which may be used
6789 by the editor (like emacs) to choose the editing mode.
6792 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
6794 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
6795 plugins/sudoers/ldap.c:
6796 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
6797 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
6798 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
6799 should avoid disabling TLS_CHECKPEER is possible.
6802 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
6804 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6805 Make sudo_plugin format a bit more like a man page
6808 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6809 Add suport for negated user/host/command lists in a Defaults entry.
6810 E.g. Defaults:!baduser noexec
6813 * Makefile.in, common/Makefile.in, compat/Makefile.in,
6814 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6815 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6817 Add uninstall target
6820 * common/Makefile.in, compat/Makefile.in:
6821 Remove unused AR, SED and RANLIB variables
6825 Do not install sample plugins
6828 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
6830 * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
6831 configure.in, plugins/sudoers/env.c:
6832 Now that sudoers is a dynamically loaded module we cannot override
6833 the libc environment functions because the symbols may already have
6834 been resolved via libc. Remove getenv/putenv/setenv/unsetenv
6835 replacements from sudoers and add replacements for setenv/unsetenv
6836 for systems that lack them.
6839 * configure, configure.in, plugins/sudoers/Makefile.in:
6840 Link testsudoers with -ldl when needed
6843 * plugins/sample_group/plugin_test.c:
6844 Remove unused time.h and add limits.h for PATH_MAX
6847 * doc/sudoers.ldap.pod:
6851 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
6853 * plugins/sample_group/plugin_test.c:
6854 Do not depend on strlcpy/strlcat
6857 * plugins/sample_group/plugin_test.c:
6858 Standalone test driver for sudoers group plugin.
6861 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
6863 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
6864 Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
6868 * plugins/sample_group/sample_group.c:
6869 Fix style nit in function declarations
6872 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6873 Document group_plugin syntax.
6876 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6877 Document the sudoers group plugin.
6880 * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
6881 configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
6882 plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
6883 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
6884 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
6885 plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
6886 plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
6887 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
6888 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
6889 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
6890 Replace built-in non-unix group support with a sudoers group plugin.
6891 Include a sample plugin that can read Unix-format group files.
6894 * configure, configure.in, src/load_plugins.c:
6895 Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
6898 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
6900 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
6901 doc/sudoers.man.in, doc/sudoers.pod:
6902 Move sudoers-specific bits out of sudo(8) and into sudoers(5)
6905 * aclocal.m4, configure, configure.in:
6906 Substitute @io_logdir@ for the sudoers I/O log directory.
6909 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
6911 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
6912 common/atobool.c, common/fileops.c, common/fmt_string.c,
6913 common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
6914 compat/getgrouplist.c, compat/getline.c, compat/glob.c,
6915 compat/snprintf.c, config.h.in, configure, configure.in,
6916 include/fileops.h, plugins/sample/sample_plugin.c,
6917 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
6918 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
6919 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
6920 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
6921 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
6922 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
6923 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
6924 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
6925 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
6926 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
6927 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
6928 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
6929 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
6930 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
6931 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
6932 plugins/sudoers/logging.c, plugins/sudoers/match.c,
6933 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
6934 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6935 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6936 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6937 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
6938 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
6939 src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
6940 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
6941 src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
6942 Set usrinfo for AIX Set adminstrative domain for the process when
6943 looking up user's password or group info and when preparing for
6944 execve(). Include strings.h even if string.h exists since they may
6945 define different things. Fixes warnings on AIX and others.
6949 Add a separate all target for AIX make which was using the entire
6950 LHS (not just the first entry) of the first target as the implicit
6954 * plugins/sudoers/env.c:
6955 Do not rely on env.env_len when unsetting a variable, just use the
6959 * plugins/sudoers/env.c:
6960 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
6963 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
6965 * plugins/sudoers/vasgroups.c:
6966 Use warningx() instead of log_error() since the latter is not
6967 available to visudo or testsudoers. This does mean that they don't
6971 * plugins/sudoers/sudoers.c:
6972 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
6973 closed the sudoers sources. From Quest sudo.
6976 * plugins/sudoers/pwutil.c:
6977 Ignore case when matching user/group names in the cache. From Quest
6981 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
6983 * config.h.in, configure, configure.in, src/selinux.c:
6984 Add check for setkeycreatecon() when --with-selinux is specified.
6987 * configure, configure.in:
6988 Error out if libaudit.h is missing or ununable when --with-linux-
6992 * doc/HISTORY, doc/history.pod:
6993 Add =head3 entries, mostly for the html version
6996 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
6998 * doc/HISTORY, doc/history.pod:
6999 Mention when LDAP was incorporate.
7002 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
7004 * configure, configure.in:
7005 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
7006 not covered by _ALL_SOURCE.
7009 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
7011 * plugins/sudoers/iolog.c:
7012 Add a cast to quiet a compiler warning.
7015 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
7016 Quiet a compiler warning.
7019 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
7020 Call set_fqdn() after sudoers has parsed instead of inline as a
7024 * WHATSNEW, plugins/sudoers/sudoers.c:
7025 Do not call set_fqdn() until sudoers parses (where is gets run as a
7030 mention the change in tty ticket behavior when there is no tty
7033 * plugins/sudoers/check.c:
7034 Do not update tty ticket if there is no tty.
7037 * doc/LICENSE, doc/license.pod:
7038 Update copyright year
7042 Do not rely on BSD make's $>
7045 * configure, configure.in:
7046 Set timedir to /var/db/sudo for darwin to match Apple sudo's
7050 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
7052 * plugins/sudoers/sudoers.h:
7053 Add stub declarations for struct stat and struct timeval
7057 Remove compat/sigaction.c
7060 * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
7061 plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
7062 Check for zlib.h in addition to libz.
7065 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
7067 Move functions and symbols shared between exec.c and exec_pty.c into
7072 Comment out rules to build .man.in and .cat files unless --with-
7077 Comment out rules to build .man.in and .cat files unless --with-
7082 Quote any non-alphanumeric characters other than '_' or '-' when
7083 passing a command to be run via the shell for the -s and -i options.
7087 Add back .man suffix
7090 * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
7091 plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
7092 plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
7093 plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
7095 Add Linux audit support.
7098 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
7100 * plugins/sudoers/iolog.c:
7104 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
7105 plugins/sudoers/sudoreplay.c:
7106 Add -f (filter) option to sudoreplay to allow certain streams to be
7107 replayed and others ignored.
7110 * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
7112 Fix -A flag when askpass is specified in sudo.conf or if sudo
7113 doesn't need to read a password.
7116 * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
7117 src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
7121 * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
7122 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
7123 Add support for multiple sudoers_base entries in ldap.conf. From
7127 * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
7129 remove setsid check, we require a POSIX system
7132 * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
7133 src/sudo.c, src/tgetpass.c:
7134 Check for dup2() failure.
7137 * config.h.in, configure, configure.in:
7138 Remove dup2() check, it is not optional.
7141 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
7144 sync with sudo 1.7.3
7148 SunOS does not ship with an ANSI compiler
7152 Update OS specific notes. Delete some really ancient ones and move
7153 older ones to the end of the list.
7157 Sudo can be downloaded from the web site too Mention "OS dependent
7158 notes" section in INSTALL
7161 * src/exec_pty.c, src/selinux.c:
7162 Call selinux_restore_tty() as part of cleanup() so it gets called
7163 from error()/errorx()
7166 * MANIFEST, doc/PORTING:
7167 Remove obsolete porting guide
7170 * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
7171 Move union sudo_in_addr_un into interfaces.h
7175 Remove useless circular dependencies
7178 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
7179 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
7180 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
7181 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
7182 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
7183 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
7184 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
7185 Convert to ANSI C function declarations
7188 * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
7189 common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
7190 compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
7191 compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
7192 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
7193 compat/strlcpy.c, compat/timespec.h, compat/utime.h,
7194 compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
7195 include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
7196 include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
7197 plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
7198 plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
7199 plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
7200 plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
7201 plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
7202 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
7203 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
7204 plugins/sudoers/logging.h, plugins/sudoers/match.c,
7205 plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
7206 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
7207 plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
7208 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
7209 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
7210 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
7211 src/conversation.c, src/error.c, src/load_plugins.c,
7212 src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
7213 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
7214 Update copyright year
7218 Fix commented DEVDOCS when not in devel mode.
7221 * plugins/sudoers/match.c:
7222 Quiet a compiler warning.
7225 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
7226 Quiet a compiler warning.
7229 * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
7230 Make all functions in ldap.c static
7233 * doc/schema.ActiveDirectory:
7234 Updates from Alain Roy to provide better examples for importing the
7235 schema and to fix problems caused by Windows validating attributes
7236 which have not yet been added before committing the changes.
7239 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
7241 * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
7242 doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
7243 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
7244 doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
7245 doc/visudo.cat, doc/visudo.man.in:
7246 Leave rules to build .man.in and .cat files uncommented but only
7247 make them part of the "all" rule in devel mode. Generate .cat files
7248 directly from .man.in instead of .man using default values in
7252 * configure, configure.in:
7253 Bump sudo version to 1.8.0b1
7256 * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
7257 Print configure args with verbose version information.
7260 * TODO, plugins/sudoers/visudo.c:
7261 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
7262 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
7263 Use tq_append to append sudoers entries to the tail queue.
7266 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
7269 Describe tty timestamp improvements
7272 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7273 A comment character may not be part of a command line argument
7274 unless it is quoted with a backslash. Fixes parsing of:
7275 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
7279 Make this read a little bit better when passwd_timeout is 0.
7282 * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
7283 Attempt to handle a default password prompt timeout of zero more
7287 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7288 Do not override value of keepopen global, instead restore it to the
7289 value we pushed onto the stack when popping.
7292 * plugins/sudoers/Makefile.in:
7293 Add dependency for utility programs on libreplace and libcommon
7296 * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
7297 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
7298 src/exec.c, src/exec_pty.c, src/tgetpass.c:
7299 Remove sigaction emulation Use SA_INTERRUPT in sa_flags
7302 * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
7303 We don't use getgrouplist() at the moment so there's no need to
7304 provide a compat version.
7311 * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
7312 src/conversation.c, src/sudo.h, src/tgetpass.c:
7313 Fix visiblepw sudoers option; the plugin API portion still needs
7318 Print sudo version as well.
7321 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
7322 Use sudo_printf for I/O log version Clarify policy plugin version
7326 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
7327 plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
7328 Silence some compiler warnings
7331 * src/load_plugins.c, src/tgetpass.c:
7332 Store askpass path in a global instead of uses setenv() which many
7336 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
7338 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
7339 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
7340 plugins/sudoers/check.c, plugins/sudoers/def_data.c,
7341 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
7342 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
7343 plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
7345 Move askpass path specification from sudoers to sudo.conf.
7348 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
7349 Use a flag bit in struct command_details for selinux instead of a
7353 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
7354 Implement background mode. If I/O logging we use pipes instead of a
7358 * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
7359 src/exec.c, src/exec_pty.c, src/tgetpass.c:
7360 Move compat definition of NSIG to compat.h
7363 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
7364 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7365 Mention plugins in the sudo manual and add some missing path
7366 substitution in the sudo_plugin manual.
7370 Set _PATH_SUDO_CONF based on $(sysconfdir)
7373 * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
7374 src/exec.c, src/exec_pty.c, src/ttysize.c:
7375 Require POSIX termios to build sudo
7379 Ignore SIGPIPE for "sudo -S"
7383 Fix uninitialized variable in TGP_ECHO case and print a newline if
7384 the user interrupted password input.
7388 Make TGP_ECHO override TGP_MASK and don't try to restore the
7389 terminal if we didn't modify it.
7392 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
7393 include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
7394 src/conversation.c, src/sudo.h, src/tgetpass.c:
7395 Add SUDO_CONV_PROMPT_MASK define which corresponds to the
7396 "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
7401 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
7404 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
7406 * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
7407 Add selinux_enabled flag into struct command_details and set it in
7408 command_info_to_details(). Return an error from selinux_setup()
7409 instead of exiting. Call selinux_setup() from exec_setup().
7412 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
7415 Remove commented out copy of old sudo_execve() function.
7418 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
7420 * plugins/sudoers/sudoers.c:
7421 Fix setting selinux type on command line.
7424 * plugins/sudoers/iolog.c:
7425 In sudoers_io_close(), skip NULL io_fds[] elements.
7429 No longer need NGROUPS_MAX define
7432 * compat/nanosleep.c, config.h.in, configure, configure.in,
7433 include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
7434 plugins/sudoers/visudo.c, src/sudo_edit.c:
7435 Replace timerfoo macros with timevalfoo since the timer macros are
7436 known to be busted on some systems.
7440 Remove duplicate call to selinux_setup().
7443 * plugins/sudoers/auth/pam.c:
7444 If pam_open_session() fails, pass its status to pam_end.
7447 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7448 If a file in a #includedir has improper permissions or owner just
7449 skip it. This prevents packages that incorrectly install a file
7450 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
7451 #includedir files still result in a parse error (for now).
7454 * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
7455 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
7456 plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
7457 Add use_pty sudoers option to force use of a pty even when not
7461 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
7462 Make env_init() void as it never fails.
7465 * plugins/sudoers/env.c:
7466 No longer use _NSGetEnviron so don't need crt_externs.h
7469 * plugins/sudoers/env.c:
7470 Remove unused VNULL define
7473 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
7475 * plugins/sudoers/iolog.c:
7476 Add #define for maximum session id
7479 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
7480 Split exec.c into exec.c and exec_pty.c
7484 Sync with source file moves.
7487 * src/Makefile.in, src/get_pty.c, src/pty.c:
7488 Rename pty.c -> get_pty.c
7491 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
7493 * plugins/sudoers/iolog.c:
7494 Only use I/O input log file if def_log_input is set and output file
7495 if def_log_output is set.
7498 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
7500 * compat/strsignal.c:
7501 Update copyright year
7508 * plugins/sudoers/sudoers.c:
7509 For sudoedit, make a local copy of editor string si become part of
7510 argv. If no editor environment variable, split def_editor on ':'
7511 since it may be a colon-delimited path.
7515 Remove unneeded endpwent()/endgrent()
7519 Use value of nroff from configure
7523 Add missing const to I/O log action function
7526 * plugins/sudoers/check.c:
7527 Update copyright year and fix whitespace
7530 * configure, configure.in:
7534 * plugins/sudoers/iolog.c:
7535 Remove redundant tty signal blocking in log function.
7538 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
7540 * plugins/sudoers/iolog.c:
7541 Place static keyword where it belongs
7544 * plugins/sudoers/logging.c:
7545 Always use a printf format string for send_mail()
7548 * common/atobool.c, plugins/sudoers/ldap.c:
7549 Extend atobool() so we can use it in the LDAP code.
7552 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
7553 Sudo now stashes tty ctime for tty_tickets on Solaris too.
7556 * plugins/sudoers/boottime.c:
7557 Fix dummy version of get_boottime()
7560 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
7562 * plugins/sudoers/check.c:
7563 Enable tty_is_devpts() support for Solaris with the "devices"
7568 Unbreak the non-io logging case.
7571 * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
7572 Fix symbol name conflict with sudo_printf.
7575 * plugins/sudoers/auth/pam.c:
7576 Fix OpenPAM detection for newer versions.
7579 * plugins/sudoers/vasgroups.c:
7580 Sync with Quest sudo git repo
7583 * aclocal.m4, configure, configure.in:
7584 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
7585 Add missing template for ENV_DEBUG Adapted from Quest sudo
7589 Fix typos; from Quest Sudo
7592 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
7594 * plugins/sudoers/Makefile.in:
7595 Add back -I$(top_srcdir); we need it for including compat/foo.h
7596 since we cannot rely on "foo.h" being found relative to the source
7597 file when the cwd is different.
7601 Fix a bug where we could treat EAGAIN as a permanent error. Also set
7602 cstat if perform_io() returns an error.
7605 * common/alloc.c, plugins/sudoers/boottime.c,
7606 plugins/sudoers/sudoers.c:
7607 Add casts to quiet compiler warnings.
7610 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
7611 plugins/sudoers/visudo.c:
7612 Fix typo in ternary operator usage.
7615 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
7617 * INSTALL, configure, configure.in:
7618 Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
7621 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
7622 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
7623 Update docs to match sudoers I/O logging changes
7626 * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
7627 pathnames.h.in, plugins/sudoers/def_data.c,
7628 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
7629 plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
7630 plugins/sudoers/gram.h, plugins/sudoers/gram.y,
7631 plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
7632 plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
7633 plugins/sudoers/sudoreplay.c:
7634 Break sudoers transcript feature up into log_input and log_output.
7637 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
7638 plugins/sudoers/visudo.c:
7639 Use setprogname() as needed.
7642 * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
7643 Adapt sudoreplay to iolog changes.
7646 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
7648 * plugins/sudoers/iolog.c:
7649 Log all input and output into separate files and store a number on
7650 each timing file line to indicate which file the data is in.
7653 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
7654 plugins/sudoers/sudoers.h:
7655 Make sudoers_io functions static to iolog.c
7658 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
7660 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
7661 src/sudo_usage.h.in:
7662 Completely remove the -L flag from the sudo front end.
7665 * plugins/sudoers/sudoreplay.c:
7666 Fix EAGAIN handling when writing to stdout.
7669 * plugins/sudoers/sudoers.c:
7670 Eliminate unused variables
7673 * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
7674 Re-enable cleanup functions in sudoers plugin and sudo driver for
7678 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
7679 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
7680 plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
7681 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
7682 Use sudo_printf to display verbose version information.
7685 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
7686 plugins/sudoers/Makefile.in, src/Makefile.in:
7687 Minor Makefile cleanup: fix a typo, change the removal order in the
7688 clean targets, and remove a superfluous include path for the sudoers
7692 * plugins/sudoers/env.c:
7693 Handle duplicate variables in the environment. For unsetenv(), keep
7694 looking even after remove the first instance. For sudo_putenv(),
7695 check for and remove dupes after we replace an existing value.
7698 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
7700 * plugins/sudoers/Makefile.in:
7701 Use explicit path to source file instead of $< for files that live
7702 in devdir and top_srcdir.
7705 * plugins/sudoers/Makefile.in:
7706 Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
7707 ending LIBSUDOERS_OBJS with a backslash
7710 * plugins/sudoers/Makefile.in, src/Makefile.in:
7711 Link libcommon before libreplace since libcommon may use functions
7712 only present in libreplace.
7715 * common/Makefile.in:
7716 Move code common to sudo and the sudoers plugin to a convenience
7717 library, libcommon. Removes the need to make links in the sudoers
7718 plugin dir and reduces re-compilation of duplicate object files.
7721 * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
7722 common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
7723 common/term.c, common/zero_bytes.c, configure, configure.in,
7724 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
7725 src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
7726 src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
7728 Move code common to sudo and the sudoers plugin to a convenience
7729 library, libcommon. Removes the need to make links in the sudoers
7730 plugin dir and reduces re-compilation of duplicate object files.
7733 * src/exec.c, src/sudo.c, src/sudo.h:
7734 Rename script_execve to sudo_execve and rename script_foo in exec.c
7737 * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
7738 rename script.c exec.c and fix up the MANIFEST file
7741 * src/script.c, src/sudo.c, src/sudo.h:
7742 Rename script_setup() to pty_setup() and call from script_execve()
7746 * configure, configure.in:
7747 bump version to 1.8.0a2
7750 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7751 Document init_session
7754 * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
7755 plugins/sudoers/auth/sudo_auth.h:
7756 Clean up the sudoers auth API a bit and update the docs.
7759 * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
7760 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
7761 plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
7762 Add init_session function to struct policy_plugin that gets called
7763 before the uid/gid/etc changes. A struct passwd pointer is passed
7764 in,which may be NULL if the user does not exist in the passwd
7765 database.The sudoers module uses init_session to open the pam
7769 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
7771 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
7772 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
7773 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
7774 Add open/close session to sudo auth, only used by PAM. This allows
7775 us to open (and close) the PAM session from sudoers.
7778 * plugins/sudoers/Makefile.in:
7779 Add explicit rule to build getdate.o for HP-UX make.
7782 * plugins/sudoers/Makefile.in:
7783 Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
7784 rules as an alternate way to prevent HP-UX make (and others) from
7785 trying to rebuild the parser in non-dev mode.
7788 * plugins/sudoers/sudoers.c:
7789 Re-enable PATH_MAX check for command
7793 For distclean, clean the main directory last since the subdirs need
7794 to be able to run libtool to clean things.
7797 * compat/Makefile.in:
7798 Fix generation of mksiglist.h
7802 Now that we defer sending cstat until the end of script_child() we
7803 cannot reuse cstat when reading command status from parent.
7806 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
7808 * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
7809 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
7810 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
7811 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
7812 Use numeric registers to handle conditionals instead of trying to do
7813 it all with text processing.
7817 Document per-command SELinux settings
7820 * plugins/sudoers/sudoers.c:
7821 Repair "sudo -l -U username"
7824 * plugins/sudoers/sudoers.c:
7825 Set selinux role and type in command details.
7828 * src/script.c, src/selinux.c, src/sudo.h:
7829 Rework SELinux support.
7832 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
7834 * src/script.c, src/selinux.c, src/sudo.h:
7835 Make SELinux support compile again. Needs more work to be complete.
7838 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
7839 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
7840 src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
7842 Bring back closefrom settings.
7845 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
7846 plugins/sudoers/sudoers.h:
7847 If running a command or sudoedit in transcript mode, call
7848 io_nextid() before log_allowed() so the session id is logged.
7851 * configure, configure.in:
7852 Use mandoc(1) if nroff(1) is not present.
7856 Use the --file argument to config.status instead of setting
7857 CONFIG_FILES in the environment.
7860 * plugins/sudoers/Makefile.in:
7861 We cannot conditionally update gram.h or the dependency ordering
7862 gets messed up in devel mode.
7865 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
7867 * Makefile.in, compat/Makefile.in, configure, configure.in,
7868 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
7869 plugins/sudoers/Makefile.in, src/Makefile.in:
7870 Substitute @SHELL@ into Makefiles
7877 * config.guess, config.sub, configure, configure.in:
7878 Update to autoconf 2.65
7882 Fix libtool target (space vs. tabs)
7885 * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
7886 Remove use of RETSIGTYPE; all modern systems have signal handlers
7890 * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
7891 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
7892 m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
7893 plugins/sudoers/Makefile.in, src/Makefile.in:
7894 Update to libtool-2.2.6b. I haven't made any local modifications
7895 this time, which should be OK since we install sudo_noexec.so by
7899 * compat/Makefile.in, plugins/sample/Makefile.in,
7900 plugins/sudoers/Makefile.in, src/Makefile.in:
7901 Use libtool to clean objects
7904 * include/Makefile.in:
7905 Install sudo_plugin.h as part of "make install" and make other
7906 install targets callable from the top-level Makefile
7909 * configure, configure.in:
7910 regen with autoupdate to eliminate AC_TRY_LINK
7913 * Makefile.in, compat/Makefile.in, configure, configure.in,
7914 doc/Makefile.in, plugins/sample/Makefile.in,
7915 plugins/sudoers/Makefile.in, src/Makefile.in:
7916 Install sudo_plugin.h as part of "make install" and make other
7917 install targets callable from the top-level Makefile
7920 * plugins/sample/sample_plugin.c:
7921 The sample plugin doesn't support being run with no args so return a
7922 usage error in this case.
7925 * plugins/sudoers/iolog.c:
7926 Set close on exec flag for descriptors used for I/O logging so they
7927 are not present in the command being run.
7930 * plugins/sudoers/tsgetgrpw.c:
7931 Set close on exec flag in private versions of setpwent() and
7936 Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
7937 Fixes extra fds being present in the command when it is part of a
7941 * plugins/sudoers/sudoers.c:
7942 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
7943 is used when logging). Note that user_ttypath will still be NULL if
7947 * src/script.c, src/sudo.h:
7948 Cosmetic changes: add comments, remove orphaned prototype and
7949 make a global static.
7952 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
7955 Move check for maxfd == -1 to flush_output where it belongs.
7959 Break out of select loop if all the fds we want to select on are -1.
7963 Avoid possible malloc(0) if plugin returns an empty groups list.
7967 Add debugging info when calling plugin close function
7971 Avoid closing stdin/stdout/stderr when we are piping output.
7975 When execve() of the command fails, it is possible to receive
7976 SIGCHLD before we've read the error status from the pipe. Re-order
7977 things such that we send the final status at the very end and prefer
7978 error status over wait status.
7981 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
7983 * plugins/sudoers/auth/sudo_auth.c:
7984 Fix compilation for non PAM/BSD auth/AIX auth
7987 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
7990 Additional checks to make sure we don't close /dev/tty by mistake.
7991 When flushing, sleep in select as long as we have buffers that need
7996 Now that we can use pipes for stdin/stdout/stderr there is no longer
7997 a need to error out when there is no tty. We just need to make sure
7998 we don't try to use the tty fd if it is -1.
8001 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
8003 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8004 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8005 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
8006 Add argc and argv to I/O logger open function.
8009 * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
8010 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
8011 src/parse_args.c, src/sudo.c, src/sudo_edit.c:
8012 Remove check_sudoedit function pointer in struct sudo_policy.
8013 Instead, sudo will set sudoedit=true in the settings array. The
8014 plugin should check for this and modify argv_out as appropriate in
8018 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
8020 * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
8022 If plugin sets "sudoedit=true" in the command info, enable sudoedit
8023 mode even if not invoked as sudoedit. This allows a plugin to
8024 enable sudoedit when the user runs an editor.
8027 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
8029 * plugins/sudoers/Makefile.in:
8030 gram.h must not depend on gram.y if we want to avoid unnecessary
8031 rebuilding of targets dependent on gram.h when gram.y changes.
8034 * plugins/sample/sample_plugin.c:
8035 Refactor common bits of check_policy and check_edit
8038 * plugins/sample/sample_plugin.c:
8039 Add sudoedit support
8042 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
8044 * plugins/sudoers/Makefile.in:
8045 Rely more on VPATH; fixes a dependency issue with the parser.
8049 Fix typo introduced in last commit
8053 Emulate seteuid using setreuid() or setresuid() as needed. There are
8054 still a few places that call seteuid() directly.
8057 * src/parse_args.c, src/sudo_edit.c:
8058 Attempt to fix building on systems that only have setuid.
8061 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8062 Clarify sudoedit a tad.
8065 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
8068 Fix compilation on HP-UX
8071 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8075 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
8076 Change how we handle the sudoedit argv. We now require that there
8077 be a "--" in argv to separate the editor and any command line
8078 arguments from the files to be edited.
8081 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8082 plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
8083 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
8084 src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
8085 src/sudo.h, src/sudo_edit.c:
8086 Work in progress support for sudoedit. The actual interface used by
8087 the plugin for sudoedit is likely to change.
8090 * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
8091 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
8092 Make find_path() a little more generic by not checking def_foo
8093 variables inside it. Instead, pass in ignore_dot as a function
8097 * plugins/sudoers/env.c:
8098 Add version of getenv(3) that uses our own environ pointer.
8101 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
8104 Avoid a potential race condition if SIGCHLD is received immediately
8105 before we call select().
8108 * plugins/sudoers/sudoers.c:
8109 Call env_init() before we open the sudoers sources as those may call
8110 our setenv() replacement.
8113 * plugins/sudoers/env.c:
8114 Initialize env_len in env_init()
8117 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
8119 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
8120 Document time stamp shortcomings under SECURITY NOTES Use "time
8121 stamp" instead of timestamp.
8125 Make sed substitution of mansectsu and mansectform global.
8128 * plugins/sudoers/check.c:
8129 If the tty lives on a devpts filesystem, stash the ctime in the tty
8130 ticket file, as it is not updated when the tty is written to. This
8131 helps us determine when a tty has been reused without the user
8132 authenticating again with sudo.
8136 Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
8137 is what our compat checks set.
8140 * configure, configure.in:
8141 Add check for whether sudo need to link with -ldl to get dlopen().
8142 This is a bit of a hack that will get reworked when libtool is
8146 * plugins/sudoers/check.c:
8147 Fix timestamp removal with -k/-K
8150 * plugins/sudoers/Makefile.in:
8151 audit.c is now private to the sudoers plugin
8154 * configure, configure.in:
8155 Link with -lpthread on HP-UX since a plugin may be linked with
8156 -lpthread and dlopen() will fail if the shared object has a
8157 dependency on -lpthread but the main program is not linked with it.
8160 * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
8161 Add separate test for getresuid() since HP-UX has setresuid() but no
8166 Remove errant backslash
8170 Fix SIGPIPE handling. Now that we use may use pipes for
8171 stdin/stdout we need to pass any SIGPIPE we receive to the running
8176 Also start the command in the background if stdin is not a tty.
8179 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
8181 * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
8182 No need to use pseudo-cbreak mode now that we use pipes when stdout
8183 is not a tty. Instead, check whether stdin is a tty and if not,
8184 delay setting the tty to raw mode until the command tries to access
8185 it itself (and receives SIGTTIN or SIGTTOU).
8189 Use an array for signals received instead of a single variable so we
8190 don't lose any when there are multiple different signals.
8194 Do signal setup after turning off echo, not before. If we are using
8195 a tty but are not the foreground pgrp this will generate SIGTTOU so
8196 we want the default action to be taken (suspend process).
8199 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
8202 Flush the iobufs on suspend or child exit using the same logic as
8203 the main event loop.
8207 Free memory after we are done with it.
8210 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
8213 Quest now sponsors Sudo development
8216 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
8219 Install sudo_plugin man page.
8223 Go back to reseting io_buffer offset and length (and now also the
8224 EOF handling) in the loop we do the FD_SET, not after we drain the
8225 buffer after write() since we don't know what order reads and writes
8230 audit files moved to sudoers plugin directory
8233 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8234 Document plugin_printf and new logging functions.
8238 Add support for logging stdin when it is not a tty. There is still a
8239 bug where "cat | sudo cat" has problems because both cat and sudo
8240 are trying to read from the tty.
8243 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8244 plugins/sudoers/sudoers.c, src/script.c:
8245 Add separate I/O logging functions for tty in/out and
8246 stdin/stdout/stderr. NOTE: stdin logging does not currently work and
8247 is disabled for now.
8250 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
8252 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8253 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
8254 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
8255 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8256 src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
8257 Add pointer to a printf like function to plugin open functon. This
8258 can be used instead of the conversation function to display info and
8263 Stop if make in a subdir fails
8267 Only set user's tty to blocking mode when doing the final flush.
8268 Flush pipes as well as pty master when the process is done.
8271 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
8273 * plugins/sudoers/ldap.c:
8274 Use print_error() when displaying ldap config info in debugging
8278 * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
8279 No longer need strdup() or strndup() replacements.
8282 * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
8283 plugins/sudoers/sudoers.h:
8284 Add print_error() function that uses the conversation function to
8285 print a variable number of error strings and use it in log_error().
8288 * src/script.c, src/sudo.h, src/term.c:
8289 Do not need the opost flag to term_copy() now that we use pipes for
8290 stdout/stderr when they are not a tty.
8294 Use pipes to the sudo process if stdout or stderr is not a tty.
8295 Still needs some polishing and a decision as to whether it is
8296 desirable to add additonal entry points for logging
8297 stdout/stderr/stdin when they are not ttys. That would allow a
8298 replay program to keep things separate and to know whether the
8299 terminal needs to be in raw mode at replay time.
8302 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
8304 * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
8305 plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
8306 src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
8307 Move audit sources into the sudoers plugin dir; the driver does not
8311 * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
8312 compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
8313 plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
8314 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
8315 plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
8316 src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
8317 src/term.c, src/ttysize.c:
8318 Use angle brackets when including headers that can only be found
8319 when an -I flag is specified. The files in the compat dir could get
8320 away with double quotes here but I've converted all the source files
8321 to use angle brackets for consistency.
8324 * plugins/sudoers/Makefile.in:
8325 Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
8326 dir can be found when building outside the source tree.
8329 * plugins/sudoers/Makefile.in:
8330 Clean up links in distclean
8333 * plugins/sudoers/Makefile.in:
8334 Hack around VPATH semantic differences by symlinking files we need
8335 from ../../src into the current directory and build those. A better
8336 fix would be to either make a .a or .la file with those files in it
8337 or simply use a single, flat, Makefile instead of per-subdirs
8341 * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
8342 fmt_string is used by the sudoers plugin too so do not include
8343 sudo.h (which is not really needed here anyway)
8346 * compat/Makefile.in, plugins/sample/Makefile.in,
8347 plugins/sudoers/Makefile.in, src/Makefile.in:
8348 Fix building with non-BSD versions of make such as GNU make.
8349 Requires VPATH support, which should be in any non-neolithic make.
8352 * configure, configure.in, plugins/sudoers/Makefile.in,
8353 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
8355 Re-enable bsm audit. Currently auditing is done within the sudoers
8356 plugin itself. If possible, this should really be done in the main
8357 driver but we don't presently have the needed data to do that. This
8358 will be re-evaluated when Linux audit support is added.
8361 * compat/Makefile.in, plugins/sample/Makefile.in,
8362 plugins/sudoers/Makefile.in, src/Makefile.in:
8363 Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
8364 of explicit rules in the dependency.
8367 * plugins/sudoers/visudo.c:
8368 Fix mismerge; alias_remove_recursive() now returns int
8371 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
8373 * plugins/sudoers/visudo.c:
8374 Fix a crash when checking a sudoers file that has aliases that
8375 reference themselves. Based on a diff from David Wood.
8379 Print signal info after restoring the tty mode, not before.
8383 Defer call to alarm() until after we fork the child. Pass correct
8384 pid to terminate_child() If the command exits due to signal, set
8385 alive to false like we do when it exits normally. Add missing
8386 check for errpipe[0] != -1 before using it in FD_ISSET
8389 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
8391 * plugins/sudoers/boottime.c:
8392 Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
8395 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
8398 Simplify dependencies by using .c.o and .c.lo rules.
8401 * configure, configure.in, plugins/sudoers/Makefile.in,
8403 Substitute in @PROGS@ into src/Makefile to add sesh
8406 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
8408 * plugins/sudoers/sudoers.c:
8409 Add back calls to log_denial() if sudoers does not allow the
8413 * plugins/sudoers/sudoers.c:
8414 Pass in correct pwflag for list and validate.
8417 * plugins/sudoers/env.c:
8418 Add missing check for NULL in validate_env_vars
8422 Add sudo_noexec.la to "all" target, otherwise it only gets built at
8426 * plugins/sudoers/sudoers.c:
8427 Only set sudo_user.env_vars if the env_add list is empty.
8430 * plugins/sudoers/sudoers.c:
8431 Set sudo_user.env_vars so that environment variables specified on
8432 the command line get logged correctly.
8435 * plugins/sudoers/env.c, plugins/sudoers/logging.c,
8436 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
8437 Re-enable environment files and setting environment variables on the
8441 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
8443 * plugins/sudoers/check.c:
8444 Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
8445 a pointer to time_t as tv_sec in struct timeval may be long.
8448 * plugins/sudoers/check.c:
8449 Don't stash ctime in on-disk tty ticket info for now; on many
8450 (most?) systems the ctime is updated when the tty is written to.
8451 Once I have a better idea of what systems do not update ctime on
8452 ttys (and have a way to test for this) the ctime stash will be
8453 conditionally re-enabled.
8456 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
8458 * MANIFEST, Makefile.in:
8459 Add back "dist" target, this time using a MANIFEST file
8463 Remove Makefile in distclean target
8466 * Makefile.in, src/Makefile.in:
8467 Update clean and cleandir targets
8470 * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
8472 Move fileops.c defines and prototypes to filesops.h
8475 * plugins/sudoers/check.c:
8476 Lock the tty timestamp when writing. We shouldn't have to lock when
8477 reading since the file is updated via a single write system call.
8480 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
8482 * plugins/sudoers/alias.c, plugins/sudoers/check.c,
8483 plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
8484 plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
8485 plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
8486 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
8487 plugins/sudoers/logging.c, plugins/sudoers/match.c,
8488 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
8489 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
8490 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
8491 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
8492 plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
8493 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
8494 Convert to ANSI C function declarations
8497 * plugins/sudoers/sudoers.h:
8498 Remove extraneous bits and classify by source file.
8502 Add timercmp macro for systems without it
8505 * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
8506 plugins/sudoers/sudoers.h:
8507 get_boottime() now fills in a timeval struct
8510 * plugins/sudoers/check.c:
8511 Store info from stat(2)ing the tty in the tty ticket when tty
8512 tickets are in use. On most systems, this closes the loophole
8513 whereby a user can log out of a tty, log back in and still have the
8517 * config.h.in, configure.in:
8518 Add timespec2timeval and use it when getting ctime/mtime
8521 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
8523 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
8524 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8525 plugins/sudoers/testsudoers.c:
8526 Convert perm setting to push/pop model; still needs some work Use
8527 the stashed runas groups instead of using getgrouplist() Reset perms
8528 to the initial value on error
8531 * config.h.in, configure.in:
8532 fix ctim_get and mtim_get macros
8535 * config.h.in, configure, configure.in, include/compat.h,
8536 plugins/sudoers/check.c, plugins/sudoers/gettime.c,
8537 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
8538 Use timeval directly instead of converting to timespec when dealing
8539 with file times and time of day.
8542 * plugins/sudoers/Makefile.in:
8543 Don't like sudoreplay with libsudoers.la due to a yacc symbol
8547 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
8549 * configure, configure.in:
8550 Darwin >= 9.x has real setreuid(2)
8553 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
8555 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
8559 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
8560 plugins/sudoers/sudoers.h:
8561 Remove remaining references to the environ pointer.
8564 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
8566 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
8567 Don't change the environ directly in the sudoers plugin
8570 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
8572 * plugins/sudoers/sudoers.c:
8576 * plugins/sudoers/alias.c:
8577 Fix use after free in error message when a duplicate alias exists.
8580 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
8582 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8584 Add a "noninteractive" boolean to the settings passed in to the
8585 plugin's open function that is set when the user specifies the -n
8589 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
8590 Add workaround for the lack of the environ pointer on Mac OS X in
8591 dlopen()ed modules. Use of environ in the sudoers plugin should
8592 ultimately be removed but this will do for the moment.
8595 * plugins/sudoers/visudo.c:
8596 Set errorfile to the sudoers path if we set parse_error manually.
8597 This prevents a NULL dereference in printf() when checking a sudoers
8598 file in strict mode when alias errors are present.
8601 * plugins/sudoers/sudoers.c:
8602 Main sudo no longer print "unable to execute" on exec failure so do
8606 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
8609 Use a pipe to pass back errno to the parent if execve() fails. If we
8610 get an error in script_child(), kill the command and exit.
8613 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8614 src/parse_args.c, src/sudo.c:
8615 Handle plugin's open function returning -2 (usage error).
8619 If execve() fails, leave it to the plugin to print an error string.
8623 If execve fails in logging mode, pass the errno directly to the
8624 grandparent on the backchannel and exit. The immediate parent will
8625 get SIGCHLD and try to report that status but its parent will no
8626 longer be listening. It would probably be cleaner to pass this over
8627 a pipe in script_child().
8630 * plugins/sudoers/sudoers.c:
8631 Don't override rval with results of check_user() unless it failed.
8634 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
8636 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8641 NULL-terminate env_add
8644 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
8647 Call the I/O log open function before the I/O version function.
8650 * plugins/sudoers/iolog.c:
8651 Remove io_conv and just use sudo_conv
8654 * plugins/sudoers/set_perms.c:
8655 Fix set/restore perms for systems w/o setresuid
8658 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
8660 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
8661 plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
8662 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
8663 Primitive set/restore permissions. Will be replaced by a push/pop
8668 Only need to take action on SIGCHLD in parent if no I/O logger. If
8669 there is an I/O logger we will receive ECONNRESET or EPIPE when we
8670 try to read from the socketpair.
8673 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
8675 * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
8676 doc/sudoers.pod, plugins/sudoers/find_path.c:
8677 Merge fb4d571495fa from the 1.7 branch to trunk.
8680 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
8683 Don't set SA_RESTART when registering SIGALRM handler. Do set
8684 SA_RESTART when registering SIGWINCH handler.
8688 Add dev targets for *.man.in and *.cat that don't specfify the
8693 If log_input or log_output returns false, terminate the command.
8697 Better signal handling. Instead of using a single variable to store
8698 the received signal, use an array so we can't lose a signal when
8699 multiple are sent. Fix process termination by SIGALRM in non-I/O
8700 logger mode. Fix relaying terminal signals to the child in non-I/O
8705 Fix a race between when we get the child pid in the parent and when
8706 the child process exits. The problem exhibited as a hang after a
8707 short-lived process, e.g. "sudo id" when no IO logger was enabled.
8710 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
8712 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8713 Add a note about the security implications of the fast_glob option.
8716 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
8718 * config.h.in, configure, configure.in:
8719 Fix up some AC_DEFINE descriptions and regen config.h.in
8722 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
8724 * include/missing.h:
8725 No longer check for strdup or strndup for LIBOBJ replacement.
8729 Avoid installing signal handlers that are io-logger specific. Fixes
8730 job control when no io logger is enabled.
8734 Only regen man pages from pod when configured with --with-devel
8737 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
8739 * Makefile, Makefile.in, configure, configure.in:
8740 Top-level Makefile.in. Nothing is currently substituted but this is
8741 needed for separate build dirs.
8744 * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
8745 plugins/sudoers/Makefile.in, src/Makefile.in:
8746 Fix out-of-tree builds
8753 We always install sudoreplay in 1.8
8756 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
8758 * compat/siglist.in:
8759 SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
8762 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
8764 * configure, configure.in:
8765 No need to provide strdup() or strndup(), sudo uses estrdup() and
8769 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
8771 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
8772 Free str after using it in the version method. Use sudo_conv, not
8773 io_conv since we don't have the IO conversation function pointer in
8774 the I/O version method anymore now that io_open is delayed.
8777 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
8779 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
8781 Add license to mksiglist.c and note that the bits from pdksh are
8785 * compat/Makefile.in:
8786 Fix LIBOBJDIR vs. srcdir wrt the siglist bits
8789 * plugins/sudoers/Makefile.in:
8790 Add sudoreplay testsudoers and visudo to clean target
8793 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
8794 compat/siglist.in, compat/strsignal.c, configure, configure.in,
8795 include/missing.h, src/script.c:
8796 Create our own sys_siglist for systems without it for use by
8800 * compat/Makefile.in:
8801 Remove duplicate $(LIBOBJDIR)
8804 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
8806 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
8807 Main sudo should not block signals; the plugin should do this in
8811 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
8814 Fix a sizeof(ptr) vs. sizeof(*ptr)
8818 Unlike most operating systems, HP-UX select() is not interrupted by
8819 SIGCHLD when the signal is registered with SA_RESTART. If we clear
8820 SA_RESTART when calling sigaction() for SIGCHLD we get the expected
8821 behavior and the code in the select() loops already handles EINTR
8825 * compat/getprogname.c:
8826 progname should be const
8829 * plugins/sudoers/Makefile.in:
8830 Move --tag=disable-static to when we link sudoers.la, not when we
8834 * src/load_plugins.c:
8835 Load the sudoers I/O plugin by default too now that it is hooked up.
8838 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
8841 It looks like AIX doesn't need to push STREAMS modules for ptys.
8844 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
8846 * src/parse_args.c, src/sudo.c:
8847 Delay calling the I/O plugin open function until the policy plugin
8851 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
8853 * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
8854 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
8855 plugins/sudoers/sudoers.h:
8856 Add back io logging (transcript) support. Currently, the open
8857 function runs too early and it is not possible to use the io module
8858 independently of the policy module.
8861 * plugins/sudoers/set_perms.c:
8862 Comment out dead code; will be removed when set_perms is rewritten.
8865 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
8867 * plugins/sudoers/sudoers.c:
8868 Fix off by one error when allocating user_groups.
8871 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
8873 * configure, configure.in, plugins/sudoers/Makefile.in:
8874 Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
8877 * plugins/sudoers/sudoers.c:
8878 Fix typo in preserve groups case
8881 * plugins/sudoers/sudoers.c:
8882 In command_info it is "runas_groups" not "groups".
8886 Fix iteration over runas_groups list.
8889 * configure, configure.in, plugins/sudoers/env.c,
8890 plugins/sudoers/match.c, src/script.c:
8891 Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
8894 * compat/getgrouplist.c:
8895 getgrouplist(3) for those without it
8898 * plugins/sudoers/sudoers.c:
8899 Set preserve_groups or groups list in command_info
8903 Fix setting of groups list
8906 * config.h.in, configure, configure.in, include/compat.h,
8908 Add checks for getgrset and getgrouplist and use replacement
8909 getgrouplist if the system doesn't support it.
8913 Pass in preserve_groups when the -P flag is specified as per the
8917 * plugins/sudoers/sudoers.c:
8918 Check preserve_groups and ignore_ticket args with atobool instead of
8919 assuming they are true if present.
8922 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
8924 * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
8925 plugins/sudoers/plugin_error.c:
8926 Rename plugin-specific error.c to plugin_error.c Wire up visudo,
8927 sudoreplay and testsudoers in the build
8930 * src/Makefile.in, src/term.c:
8931 term.c does not needto include sudo.h
8934 * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
8935 doc/sudo_plugin.pod:
8936 Document the -2 return in the check_policy section too
8939 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8940 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8941 src/parse_args.c, src/sudo.c, src/sudo.h:
8942 Fix the -s and -i flags and add support for the "implied_shell"
8943 option. If the user does not specify a command, sudo will now pass
8944 in the path to the user's shell and set impied_shell=true. The
8945 plugin can them either check the command normally or return -2 to
8946 cause sudo to print a usage message and exit.
8949 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
8951 * config.h.in, configure, configure.in, src/load_plugins.c:
8952 Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
8953 Darwin where libraries end in .dylib but modules end in .so
8956 * plugins/sudoers/parse.c:
8957 Better prefix determination now that we can't rely on len==0 to tell
8958 the beginning on an entry.
8961 * plugins/sudoers/ldap.c:
8962 display_bound_defaults() stub should return 0, not 1 since it is a
8963 count, not a boolean.
8966 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8967 Document progname in settings
8970 * compat/getprogname.c, include/compat.h,
8971 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
8972 src/parse_args.c, src/sudo.c:
8973 Rewrite compat/getprogname.c and add setprogname(). The progname is
8974 now passed to the plugin via the settings array.
8977 * configure, configure.in, plugins/sudoers/Makefile.in:
8981 * plugins/sudoers/sudo_nss.c:
8982 Add missing whitespace for Runas and Command-specific defaults
8985 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
8986 plugins/sudoers/sudo_nss.c:
8987 Use embedded newlines in lbuf instead of multiple calls to
8992 Add support for embedded newlines.
8995 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
8997 * compat/getprogname.c:
8998 If system doesn't support getprogname or __programe and we are
8999 building a shared object don't bother with Argc/Argv, just return
9003 * config.h.in, configure, configure.in, src/load_plugins.c:
9004 Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
9005 appears to always install a shared object with the .so suffix.
9008 * compat/Makefile.in, configure, configure.in,
9009 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
9011 Play more nicely with libtool and let it build libreplace (was
9015 * include/missing.h:
9016 Include stdarg.h for va_list rather than requiring all consumers of
9017 missing.h to include stdarg.h themselves.
9020 * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
9021 plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
9022 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
9024 Pass in output function to lbuf_init() instead of writing to stdout.
9025 A side effect is that the usage info can now go to stderr as it
9029 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
9031 * include/lbuf.h, plugins/sudoers/sudo_nss.c,
9032 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
9033 src/parse_args.c, src/sudo.c:
9034 Use number of tty columns that is passed in user_info instead of
9035 getting it directly in the lbuf code.
9038 * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
9039 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
9040 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
9041 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
9042 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
9043 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
9044 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
9045 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
9046 plugins/sudoers/logging.h, plugins/sudoers/match.c,
9047 plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
9048 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
9049 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
9050 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
9051 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9052 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
9053 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
9054 plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
9055 plugins/sudoers/visudo.c:
9059 * config.h.in, configure, configure.in, src/load_plugins.c:
9060 Set the sudoers plugin name in configure so we get the extension
9064 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9065 Document lines/cols in user_info
9068 * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
9069 Add tty size to user info
9073 Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
9076 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
9078 * plugins/sudoers/sudoers.c:
9079 Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
9080 out if we fail to lookup the user's name that is passed in
9083 * plugins/sudoers/error.c:
9084 Pass the error value back via siglongjmp.
9087 * plugins/sudoers/check.c:
9088 Use conversation function for lecture.
9091 * plugins/sudoers/check.c:
9092 Don't update ticket file if verify_user returns FALSE.
9095 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
9097 * plugins/sudoers/sudoers.c, src/sudo.c:
9098 Wire up invalidate and validate methods for sudoers
9101 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
9102 plugins/sudoers/sudoers.h:
9103 Add support for -k flag with a command.
9107 Allow -k to be specified with a command.
9110 * plugins/sudoers/sudoers.c:
9114 * plugins/sudoers/error.c:
9115 Add newline at the end of message and space after the colon in
9119 * plugins/sudoers/auth/sudo_auth.c:
9120 Add missing newline after pass password warning
9123 * plugins/sudoers/sudoers.c:
9124 Set user_groups and user_ngroups based on user_info
9127 * plugins/sudoers/error.c:
9131 * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
9132 Make _warning in error.c use the conversation function and remove
9133 commented out warning/warningx in sudoers.c.
9136 * plugins/sudoers/logging.c:
9137 Use siglongjmp() in log_error for fatal errors
9140 * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
9141 Quiet a libtool warning
9145 Build sudoers plugin
9148 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
9149 Use warningx in yyerror() so the conversation function gets used
9150 when built as part of sudoers.
9153 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
9155 * plugins/sudoers/auth/pam.c:
9156 Rename sudo_conv to conversation to avoid a namespace conflict.
9159 * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
9160 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
9161 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
9162 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
9163 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
9164 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
9165 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
9166 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
9167 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
9168 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
9169 plugins/sudoers/env.c, plugins/sudoers/error.c,
9170 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
9171 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
9172 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
9173 plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
9174 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
9175 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
9176 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
9177 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
9178 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
9179 plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
9180 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
9181 Initial bits of sudoers plugin; still needs work.
9185 Add HAVE_STRDUP and HAVE_STRNDUP
9188 * compat/Makefile.in, configure, configure.in:
9189 Build libmissing in two flavors (one PIC one non-PIC) and link with
9190 the appropriate one.
9193 * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
9194 compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
9195 Build libmissing in two flavors (one PIC one non-PIC) and link with
9196 the appropriate one.
9199 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
9201 * include/missing.h:
9202 Add strdup and strndup and fix strsignal
9205 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
9207 * compat/strdup.c, compat/strndup.c, configure, configure.in,
9208 plugins/sample/Makefile.in, src/Makefile.in:
9209 Add strdup and strndup to compat
9212 * plugins/sample/sample_plugin.c:
9213 Need to include compat.h before missing.h
9216 * compat/strsignal.c:
9217 Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
9218 it doesn't exist configure will set it to 0.
9222 Fix botched ANSI C coversion of globexp2()
9225 * configure, configure.in:
9226 Remove redundant getgroups check
9229 * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
9230 Require either termios or termio, no more sgtty.
9233 * compat/strsignal.c, config.h.in, configure, configure.in:
9234 Change the sys_siglist check to use AC_CHECK_DECLS and also check
9235 for _sys_siglist and__sys_siglist
9238 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
9240 * configure, configure.in, src/Makefile.in:
9241 Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
9242 use SUDO_OBJS for the main driver as part of OBJS.
9245 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9246 Mention in the conversation function section that a newline is not
9251 Add definition of WCOREDUMP for systems without it. This is known
9252 to work on AIX and SunOS 4, but may be incorrect on other systems
9253 that lack WCOREDUMP.
9256 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
9258 * plugins/sample/sample_plugin.c, src/conversation.c:
9259 conversation function no longer puts a newline at the end of info or
9263 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
9266 Use parent process group id instead of parent process id when
9267 checking foreground status and suspending parent. Fixes an issue
9268 when running commands under /usr/bin/time and others.
9271 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
9274 transcript option is now --with not --enable
9277 * plugins/sample/sample_plugin.c:
9278 Add support to -u and -g flags Check fmt_string retval Add timeout
9279 for debugging purposes
9282 * src/script.c, src/sudo.c:
9283 Wire up SIGALRM handler Set close on exec flag for child side of the
9284 socketpair Fix signal handling when not doing I/O logging
9288 g/c unused SIGCHLD handler
9291 * src/fmt_string.c, src/parse_args.c, src/sudo.c:
9292 Don't use emalloc() in fmt_string(); we want to be able to use it
9297 tq_remove not list_remove
9300 * configure, configure.in:
9301 AUTH_OBJS should contain .lo files not .o files.
9304 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
9307 Simplify conversion of command line args to name=value pairs.
9310 * plugins/sample/sample_plugin.c:
9311 Handle NULL reply from conversation function
9315 Don't depend on emalloc/erealloc
9318 * plugins/sample/Makefile.in:
9319 Use $(OBJS) instead of sample_plugin.lo
9322 * plugins/sample/sample_plugin.c:
9323 runas_user is in settings not user_info
9327 Fix a mismatch between sudo_settings and settings_pairs that causes
9328 some settings to get the wrong values.
9331 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
9333 * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
9334 src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
9335 src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
9339 * src/load_plugins.c:
9340 Fix strlcpy() return value check.
9343 * INSTALL, configure, configure.in:
9344 No longer need to substitute in script.o and pty.o; I/O logging
9345 support is always built.
9348 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
9351 Add fallback to /bin/sh when execve() fails with ENOEXEC.
9354 * include/alloc.h, src/alloc.c:
9358 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
9360 * src/script.c, src/sudo.c:
9361 Refactor script_execve() a bit so that it can be used in non-script
9362 mode. Needs more cleanup.
9366 Ignore empty entries in command_info list
9369 * include/list.h, src/list.c:
9373 * src/conversation.c:
9374 Pass timeout to tgetpass()
9378 Add ChangeLog target
9382 Bump version and update things slightly for sudo 1.8.0
9385 * configure, configure.in:
9386 Sudo now requires an ANSI/ISO C compiler
9389 * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
9394 * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
9395 include/list.h, include/missing.h:
9399 * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
9400 compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
9401 compat/getprogname.c, compat/glob.c, compat/glob.h,
9402 compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
9403 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
9404 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
9405 compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
9410 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
9412 * src/sudo.c, src/tgetpass.c:
9413 Make user_details extern so tgetpass can get at the uid and gid. Set
9414 uid/gid to user before executing askpass program. Check environment
9415 for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
9416 set the askpass program itself
9420 No longer need sudo_usage.h in sudo.c
9423 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
9424 doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
9425 src/sudo_usage.h.in:
9426 Document -D level command line flag which maps to the debug_level
9430 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9431 Document debug_level in plugin doc. Still need to document the -D
9432 flag in sudo itself.
9435 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
9437 * plugins/sample/sample_plugin.c:
9438 include missing,h for vasprintf
9441 * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
9442 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9443 Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
9446 * plugins/sample/sample_plugin.c:
9447 Need to include limits.h
9454 * plugins/sample/Makefile.in, src/Makefile.in:
9455 Add missing compat bits
9458 * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
9459 compat files should not include sudo.h wire up compat in sample
9463 * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
9464 Fix up compat dependencies. Fix distclean target in doc/Makefile.in
9467 * configure, configure.in:
9471 * plugins/sample/sample_plugin.c:
9472 Log input and output to temp files for proof of concept.
9475 * Makefile, configure, configure.in, doc/Makefile.in:
9476 Add doc Makefile.in and wire it up
9480 Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
9481 suspending a shell with the "suspend" builtint.
9485 In child, handle parent side of the pipe going away.
9489 No longer need to check for explicit death of the child (process #2)
9490 since if it dies we will get EPIPE from the socketpair. Fix a
9491 sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
9496 Make sudo_debug do a single vfprintf() which will result in a single
9497 write call on most systems. Avoids problems with interleaved debug
9498 printf from different processes. Also remove an extraneous error
9499 case since recv() can't return a short read and add some more XXX.
9502 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
9505 Fix uninitialized variable.
9509 Fix sudo install target
9512 * src/parse_args.c, src/sudo.c, src/sudo.h:
9520 * configure, configure.in:
9521 Fix setting of plugin dir
9529 Add missing source for sudo front end
9532 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
9533 Sample plugin demonstrating the sudo plugin API
9536 * Makefile, configure, configure.in, install-sh, pathnames.h.in,
9537 plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
9538 src/fileops.c, src/fmt_string.c, src/load_plugins.c,
9539 src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
9540 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
9542 Modular sudo front-end which loads policy and I/O plugins that do
9543 most the actual work. Currently relies on dynamic loading using
9544 dlopen(). See doc/plugin.pod for the plugin API.
9547 * doc/plugin.pod, include/sudo_plugin.h:
9551 * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
9552 compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
9553 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
9554 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
9555 src/fileops.c, src/sudo_edit.c:
9556 Replace emul/include.h with compat/include.h to match new source
9561 Include missing.h for memrchr() proto
9564 * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
9565 TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
9566 alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
9567 auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
9568 auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
9569 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
9570 auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
9571 closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
9572 compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
9573 compat/getline.c, compat/getprogname.c, compat/glob.c,
9574 compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
9575 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
9576 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
9577 compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
9578 compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
9579 def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
9580 doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
9581 doc/license.pod, doc/sample.pam, doc/sample.sudoers,
9582 doc/sample.syslog.conf, doc/schema.ActiveDirectory,
9583 doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
9584 doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
9585 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
9586 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
9587 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
9588 doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
9589 emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
9590 error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
9591 getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
9592 gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
9593 include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
9594 include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
9595 ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
9596 interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
9597 list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
9598 mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
9599 nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
9600 plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
9601 plugins/sudoers/alias.c, plugins/sudoers/auth/API,
9602 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
9603 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
9604 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
9605 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
9606 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
9607 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
9608 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
9609 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
9610 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
9611 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
9612 plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
9613 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
9614 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
9615 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
9616 plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
9617 plugins/sudoers/gram.c, plugins/sudoers/gram.h,
9618 plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
9619 plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
9620 plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
9621 plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
9622 plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
9623 plugins/sudoers/logging.c, plugins/sudoers/logging.h,
9624 plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
9625 plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
9626 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
9627 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
9628 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
9629 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
9630 plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
9631 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9632 plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
9633 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
9634 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
9635 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
9636 plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
9637 sample.pam, sample.sudoers, sample.syslog.conf,
9638 schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
9639 selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
9640 src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
9641 src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
9642 src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
9643 src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
9644 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
9645 sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
9646 sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
9647 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
9648 sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
9649 sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
9650 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
9651 tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
9652 visudo.man.in, visudo.pod, zero_bytes.c:
9653 Rework source layout in preparation for modular sudo.
9656 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
9658 * Avoid a duplicate fclose() of the sudoers file.
9661 * Fix size arg when realloc()ing include stack. From Daniel Kopecek
9664 * Use setrlimit64(), if available, instead of setrlimit() when setting
9665 AIX resource limits since rlim_t is 32bits.
9668 * Fix use after free when sending error messages. From Timo Juhani
9672 * ChangeLog, Makefile.in:
9673 Generate the ChangeLog as part of "make dist" instead of having it
9677 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
9679 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
9680 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
9681 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
9682 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
9683 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
9684 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
9685 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
9686 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
9687 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
9688 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
9689 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
9690 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
9691 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
9692 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
9693 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
9694 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
9695 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
9696 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
9697 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
9698 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
9699 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
9700 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
9701 Remove CVS $Sudo$ tags.
9704 2010-01-18 convert-repo <convert-repo>
9710 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
9713 make this match sudoers SYNOPSIS
9717 Print a newline between Runas and Command-specific defaults in sudo
9722 Use SET and CLR macros in term_raw
9726 Set stdin to non-blocking mode early instead of in check_input. Use
9727 term_raw instead of term_cbreak since the data we get has already
9728 been expanded via OPOST.
9731 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
9734 Enable/disable all postprocessing instead of just nl->crnl
9735 processing since things like tab expansion matter too. However, if
9736 stdout is a tty leave postprocessing on in the pty since we run into
9737 problems doing it only on the real stdout with .e.g nvi.
9740 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
9743 If tty_tickets is enabled and there is no tty, prompt for a
9744 password. Do not lecture user for "sudo -k command" if user has a
9749 Document missing options: --with-efence and --with-bsm-audit
9752 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
9753 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
9754 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
9755 visudo.man.in, visudo.pod:
9756 username -> user name groupname -> group name hostname -> host name
9759 * INSTALL, README.LDAP, sudoers.pod:
9760 filename -> file name like the rest of the docs
9763 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
9766 Fix printing of entries with multiple host entries on a single line.
9769 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
9772 Mention that targetpw affects the timestamp file name.
9775 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
9777 Add compress_transcript option.
9780 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
9782 * configure, configure.in:
9786 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
9787 Better split of membership vs. traditional group check in
9788 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
9791 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
9794 Fix pasto and add default return value.
9797 * check.c, match.c, pwutil.c, sudo.h:
9798 refactor group member checking into user_in_group()
9801 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
9803 Add support for mbr_check_membership() as present in darwin.
9806 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
9809 Rename label to be accurate
9812 * Makefile.in, boottime.c, check.c, config.h.in, configure,
9813 configure.in, sudo.h:
9814 Treat timestamp files from before we booted as old. Idea from and
9818 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
9820 * sudo.c, sudo.pod, sudo_usage.h.in:
9821 Allow the -u flag to be used in conjunction with the -v flag as per
9822 older versions of sudo.
9826 fix typo in last commit
9829 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
9832 Convert fmt_first and fmt_confd into macros.
9836 timeouts can be floats now
9839 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
9840 defaults.h, mkdefaults:
9841 Add support for floating point timeout values (e.g. 2.5 minutes).
9844 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
9847 The -L flag will be removed in sudo 1.7.4
9850 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
9853 Fix a bug due to order of operators.
9856 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
9859 cmnd_matches() already deals with negation so _cmndlist_matches()
9860 does not need to do so itself. Fixes a bug with negated entries in
9864 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
9867 Don't exit() from open_sudoers, just return NULL for all errors.
9871 Can't rely on the shell sending us SIGCONT when transitioning from
9872 backgroup to foreground process.
9876 Add missing extern def for parse_error
9879 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
9882 Avoid a parse error when #includedir doesn't find any files. Closes
9887 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
9890 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
9893 Start command out in foreground mode if stdout is a tty. Works
9894 around issues with some curses-based programs that don't handle
9895 tcsetattr getting interrupted by a signal. Still allows us to avoid
9896 hogging the tty if the command is part of a pipeline.
9899 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
9900 Use a socketpair to pass signals from parent to child. Child will
9901 now pass command status change info back via the socketpair. This
9902 allows the parent to distinguish between signals it has been sent
9903 directly and signals the command has received. It also means the
9904 parent can once again print the signal notifications to the tty so
9905 all writes to the pty master occur in the parent. The command is
9906 now always started in background mode with tty signals handled by
9910 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
9912 * configure, configure.in:
9913 Fix a few typos in the descriptions; from Jeff Makey Only do the
9914 check for krb5_get_init_creds_opt_free() taking two arguments if we
9915 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
9916 positive when using our own krb5_get_init_creds_opt_free which takes
9917 only a single argument.
9920 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
9922 * configure, configure.in:
9923 Remove a spurious comma in the kerb5 bits.
9927 Call krb5_get_init_creds_opt_init() in our emulated
9928 krb5_get_init_creds_opt_alloc() for MIT kerberos.
9931 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
9938 Need to ignore SIGTT{IN,OU} in child when running the command in the
9939 background. Also some minor cleanup.
9942 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
9945 Instead of calling sigsuspend when waiting for SIGUSR[12] from
9946 parent, install the signal handlers w/o SA_RESTART and let them
9947 interrupt waitpid().
9951 Pass along SIGHUP and SIGTERM from parent to child.
9955 Close unused bits of script_fds in processes that don't need them.
9956 Restore default SIGCONT handler in child.
9960 Update foreground/background status in SIGCONT handler in parent
9964 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
9967 Defer setting terminal into raw mode until just before we fork() and
9968 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
9969 and sudo is already in the foreground be sure to set raw mode before
9970 continuing the child.
9973 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
9976 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
9977 give the command the controlling tty if the main sudo process is the
9982 Don't bother with sudo_waitpid() here for now.
9989 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
9992 Remove non-wroking code that crept into rev 1.55
9995 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
9997 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
9998 First pass at zlib support for transcript data files
10002 remove vestiges of ZLDFLAGS
10006 Add missing variable declaration for when TIOCSCTTY is not defined.
10007 Need to include sys/termio.h for TIOCSCTTY on some systems.
10011 when resuming command, send SIGCONT to its pgrp not just pid
10015 remove unused variable
10019 include selinux.h for is_selinux_enabled() proto
10023 Don't use log_error() in the child process.
10027 Do I/O in parent instead of child since the parent can have both
10028 /dev/tty as well as the pty fds open. The child just sets things up
10029 and waits for its grandchild and writes the signal description to
10030 the pty master if the command was killed by a signal.
10033 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
10035 * missing.h, sudo.h:
10036 Move two struct forward declarations from sudo.h to missing.h
10040 Make comment at the top of script_exec() match reality.
10044 if neither stdin nor stdout is a tty, check stderr
10048 Add back dependecy of gram.h on gram.y
10052 Make transcript mode work as long as we can figure out our tty, even
10053 if it is not stdin. We'd like to use /dev/tty but that won't be
10054 valid after the setsid().
10057 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
10059 * config.h.in, configure, configure.in, pty.c:
10060 Add support for IRIX-style dynamic ptys
10063 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
10064 Move alloc.c protos into alloc.h
10068 Move prototypes for missing libc functions to missing.h
10071 * Makefile.in, sudo.h, sudoreplay.c:
10072 Move prototypes for missing libc functions to missing.h
10075 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
10077 * config.h.in, configure, configure.in:
10078 Disable transcript support if no tcsetpgrp until we support older
10079 BSD-style job control.
10082 * configure, configure.in, pty.c, script.c:
10083 Break out pty code into pty.c
10086 * compat.h, config.h.in, configure, configure.in:
10087 add killpg macro if no killpg function
10090 * config.h.in, configure, configure.in, script.c:
10091 Push ptem and ldterm for STERAMS-based systems when allocating a
10095 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
10098 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
10102 Call tcgetpgrp() in the parent, not the child and have the child
10103 spin until it is granted. Fixes a race on darwin.
10107 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
10111 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
10114 In script mode, if the command is killed by a signal, print the
10115 signal description as well as a core dump notification like the
10119 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
10121 Add check for strsignal() and a simple implementation if it is not
10122 there but sys_siglist is
10126 Add missing WUNTRACED and store the signal that stopped the
10127 grandchild in suspended, not signo.
10135 Associate the grandchild's pgrp with the tty instead of the child's
10136 and just get suspend notifications via SIGCHLD instead of directly.
10137 This fixes a hang with programs that try to set terminal attributes
10138 and is more consistent with how the shell handles things.
10141 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
10144 Move setpgid() of child into the parent side of the fork() where it
10148 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
10155 Run command in its own pgrp (like the shell does) for easier
10156 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
10157 to grandchild. Don't want grandchild stopped events in the child
10158 (only termination). Flush output after suspending grandchild before
10163 Back out revision 1.34; the problem lies elsewhere.
10167 Don't set stdout to blocking mode when flushing remaining output.
10168 It can cause us to hang when trying to exit. Need to investigate
10173 Handle SIGTTOU and remove some debugging.
10177 Back out revision 1.10 as the signal that interrupts us may be
10178 SIGTTOU or SIGTTIN which the caller must handle.
10182 Apparently we need to send SIGSTOP to the command as well as ourself
10183 when we get SIGTSTP, the kernel doesn't automatically stop the
10188 Use an extra process to act as the glue bewteen the sessions
10189 associated with the user's controlling tty (what the shell uses) and
10190 the tty that sudo is using to do its logging. Basically, this means
10191 that if we get, e.g. SIGTSTP from the process sudo is running, we
10192 relay the signal to the parent so it's shell can do the job control.
10196 Handle getting/setting terminal attributes when the fd is in non-
10200 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
10202 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
10203 Add support for pausing and changing the speed in interactive mode.
10207 Already define O_NOCTTY in compat.h, don't need it here
10210 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
10216 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
10219 Always update the stashed mtime of the temp file instead of using
10220 what we have for the original because the time resolution of the
10221 filesystem the temporary is on may not match that of the filesystem
10222 that holds the original. Should fix bz #371 found by Philippe Levan.
10226 Use cbreak mode instead of raw mode and add signal handlers to
10227 restore the tty on interrupt.
10230 * script.c, sudo.h, term.c:
10231 Retain NL to NLCR conversion on the real tty and skip it on the pty
10232 we allocate. That way, if stdout is not a pty there are no extra
10237 Fix log_output(); just pass in a string and a length.
10240 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
10243 do not use errno when complaining out lack of a tty
10246 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
10248 * Makefile.in, sudoreplay.c, term.c:
10249 Instead of messing with line endings, just set terminal to raw mode
10254 When copying the terminal attributes to the pty, be sure not to set
10255 ONLCR. This prevents extra carriage returns from ending up in the
10256 script output file.
10260 Convert a do {} while into a while
10264 Use if then instead of test && when installing binaries that may not
10269 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
10270 old tty before associatng with new one.
10273 * script.c, selinux.c, sudo.c, sudo.h:
10274 First cut at refactoring some of the selinux code so it can be used
10275 in conjunction with sudo's transcript support.
10278 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
10280 * aclocal.m4, configure, configure.in:
10281 Fix default case of transcript_enabled being unset.
10284 * script.c, sudoreplay.c:
10285 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
10288 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
10289 Hook up --disable-transcript and --enable-transcript=DIR
10292 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
10294 * aclocal.m4, configure, configure.in, pathnames.h.in:
10295 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
10296 transcript=DIR option to specify the directory
10299 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
10303 * configure, configure.in, sudoers.man.pl, sudoers.pod:
10304 Substitute in default value for secure_path
10308 Mention that the password must be followed by a newline with the -S
10312 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
10315 Go back to dropping out of the select() loop when the process dies;
10316 Linux ptys apparently don't behave the same as BSD in regards to
10317 select(). No need to flush remaining output to the transcript, only
10318 to stdout. Add back code to check the master pty for additional data
10319 when we exit the main select loop.
10322 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
10325 Add getline.o to COMMON_OBJS
10329 sudoreplay depends on libsudo.a
10333 More pwutil.o into COMMON_OBJS
10336 * pwutil.c, testsudoers.c, tsgetgrpw.c:
10337 Remove my_* redirection in pwutil.c for testsudoers and just use the
10338 normal libc get{pw,gr}* names.
10341 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
10342 More time and date examples
10345 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
10346 Move nanosleep() emulation into its own file Check librt.a for
10347 nanosleep if we don't find it in libc
10350 * Makefile.in, configure, configure.in:
10351 Build libsudo with the common bits and link things against that.
10359 Keep reading from the pty master -> log file until read returns <=
10360 0. Do our best to write everything to stdout when flushing any
10365 Use unbuffered I/O when writing to stdout and make sure we write the
10369 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
10372 Only use max_wait if it is non-zero
10375 * getdate.c, getdate.y, getline.c:
10380 Fix nanosleep emulation
10384 Fix comment after #endif
10388 Add protos for missing libc bits
10391 * configure, configure.in:
10392 add missing line continuation char
10395 * config.h.in, configure, configure.in, getline.c:
10396 Implement getline() in terms of fgetln() if we have it.
10400 Print year when formatting log line
10404 Document cwd, attempt to document time/date formats.
10408 Fix getline return value check.
10411 * Makefile.in, config.h.in, configure, configure.in, getline.c,
10413 Use getline() if the system has it, else use provide our own for
10418 Refactor code to update output and timing files.
10421 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
10424 Make sudo_getln() behave more like glibc getline.
10428 When flushing remaining output, also update timing file.
10432 Use get_timestr() and make the -l output look like the regular sudo
10436 * logging.c, sudo.h, timestr.c:
10437 Make get_timestr() take a time_t so we can use it properly in
10442 Create session dir earlier now that we update the seq number early.
10445 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
10448 Use fromdate and todate as the keywords instead of from and to; the
10449 short forms will still be accepted.
10453 Fix reading long liensin sudo_getln()
10456 * script.c, sudoreplay.c:
10457 Log the cwd in the script log file. Add sudo_getln() to read
10458 arbitrarily long lines.
10461 * Makefile.in, logging.c, sudo.h, timestr.c:
10462 Move get_timestr() into its own source file so sudoreplay can use
10466 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
10469 Add to and from perdicates (date ranges); needs documentation
10472 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
10474 * Makefile.in, getdate.c, getdate.y:
10475 Fix warning and add generated getdate.c
10478 * Makefile.in, getdate.y:
10479 Add getdate.y to be used for sudoreplay date parsing.
10482 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
10485 Check more than just the first character of a predicate
10488 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
10489 Add examples, sort predicates
10492 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
10494 Implement search expressions in sudoreplay similar in concept to
10495 what find or tcpdump uses. TODO: date ranges
10498 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
10501 Remove vhangup as it was hanging up the wrong tty. Should really
10502 vhangup in the child after it as set its tty.
10506 Fix cut at documenting transcript support.
10510 ID= -> TSID= for transcript ID
10513 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
10516 Move fast_glob description to where it belongs in sorted order
10519 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
10520 parse.c, parse.h, sudo.c:
10521 Rename script -> transcript
10524 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
10527 Add timeradd and timersub for those without them
10531 Sanity check sessid before using it.
10535 Only set the session id if we are running a command or editing a
10540 Actually. qsort is fine since most versions fal back to a cheaper
10541 sort when the number of elements to sort is small (like in our
10545 * config.h.in, configure, configure.in, script.c:
10546 Check for dup2 and use dup instead if we don't have it.
10549 * script.c, sudo.c, sudo.h:
10550 Move the code to dup2 the script fds to low numbered descriptors
10551 into script_duplow() and fix the fd sorting.
10554 * script.c, sudo.c, sudo.h:
10555 Move script_setup() back to immediately before we drop privs and
10556 call the new script_nextid() in its place, which will set
10557 sudo_user.sessid for the logging functions.
10560 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
10567 remove unused variable
10570 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
10572 * logging.c, script.c, sudo.c, sudo.h:
10573 Log the session ID, if there is one. Currently logs ID=XXXXXX,
10574 perhaps should be SESSIONID or SESSID.
10577 * Makefile.in, configure, configure.in, sudoreplay.cat,
10578 sudoreplay.man.in, sudoreplay.pod:
10579 Add sudoreplay docs
10583 add -V (version) flag
10590 * script.c, sudoreplay.c:
10591 Use base36 number for the ID and store script files with paths like
10592 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
10593 (2,176,782,336) unique IDs.
10596 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
10598 * config.h.in, configure.in:
10599 Add check for regcomp
10603 Add support for selecting by pattern and tty when listing.
10606 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
10609 The beginnings of a list mode.
10612 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
10618 * Makefile.in, config.h.in, configure.in:
10619 Add scaffolding for building sudoreplay
10623 include error.h first arg to nanotime is const
10627 Initial cut at sudoreplay; replay a sudo session.
10630 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
10633 Fix wait() usage and use correct wait status.
10636 * sudo.c, sudo.h, tgetpass.c:
10637 Add protos for term_* to sudo.h
10641 Fix detection of the child process exiting. Since the child is in
10642 its own session we should only ever get SIGCHLD for that process but
10643 better safe than sorry.
10647 Add UNIX98 pty support.
10650 * configure, configure.in, script.c:
10651 Add UNIX98 pty support.
10654 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
10657 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
10662 Set PAM_RUSER and PAM_RHOST early so they can be used during
10663 authentication. Based on a patch from Jamie Beverly.
10667 Close dir before returning if strlcpy() reports overflow. From
10671 * config.h.in, configure, configure.in, script.c:
10672 On Linux, the openpty proto libes in pty.h
10676 Call vhangup on exit if the system has it Use setpgrp() if no
10680 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
10682 * config.h.in, configure, configure.in:
10683 Add checks for revoke and vhangup if we don't have openpty
10687 Session logging guts that got forgotten in the previous commit.
10690 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
10691 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
10692 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
10694 First cut at session logging for sudo. Still need to write
10695 get_pty() for Unix 98 and old-style BSD ptys. Also needs
10696 documentation and general cleanup.
10699 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
10701 * sudo.c, sudo_edit.c:
10702 Fix a bug introduced with def_closefrom. The value of def_closefrom
10703 already includes the +1.
10706 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
10709 Generate sudo distributions with pax in ustar mode. No longer need
10710 to use a temp file or have the source dir name match the version.
10713 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
10716 Fix expansion of %h in #include names. Fixes bugzilla 363
10719 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
10722 If no arg assume def_data.in
10725 * README, WHATSNEW:
10727 [f5ad45f69f05] [SUDO_1_7_2]
10733 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
10735 * sudoers.cat, sudoers.man.in, sudoers.pod:
10736 Add missing single quotes around a colon in Runas_Spec definition.
10740 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
10742 * sudo.man.in, sudoers.man.in:
10747 In rbrepair, re-color the root or the first non-block node we find
10748 to be black. Re-coloring the root is probably not needed but won't
10752 * sudo.cat, sudoers.cat:
10756 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
10759 When repairing the tree, don't touch the root node.
10762 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
10765 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
10766 Reported by Josef Schmid.
10769 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
10772 Document that we accept env_pam-style environment files
10776 Adapt to accept pam_env-style /etc/environment which allows shell-
10777 style lines such as: export EDITOR="/usr/bin/vi"
10781 Make it clear that env_delete only works when !env_reset. From Lo??c
10785 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
10787 * sudo.pod, sudoers.pod:
10788 Add non-unix group bits, adapted from Quest
10792 build the .cat page in the current working dir, not the src dir
10796 Return EINVAL in setenv() if var is NULL or the empty string to
10797 match glibc behavior.
10800 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
10802 * configure, configure.in:
10803 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
10806 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
10808 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
10809 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
10813 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
10816 Document --with-libvas and --with-libvas-rpath
10819 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
10821 * ldap.c, sudoers.ldap.pod:
10822 For netscape-derived LDAP SDKs the cert and key paths may be a
10823 directory or a file. However, version 5.0 of the SDK only seems to
10824 support using a directory. If ldapssl_clientauth_init fails and the
10825 cert or key paths look like they could be files, strip off the last
10826 path element and try again.
10830 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
10833 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
10835 * configure, configure.in, match.c, sudo.c, vasgroups.c:
10836 Update non-Unix group support from Quest, as reworked by me.
10844 Add support for escaped hex chars in names, e.g. \x20 for space.
10847 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
10849 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
10850 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
10851 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
10852 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
10853 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
10854 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
10855 tgetpass.c, toke.l, visudo.c:
10856 Update copyright years.
10859 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
10861 * interfaces.c, lbuf.c:
10862 Minor fixes for Minix-3
10865 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
10868 Handle getgroups() returning 0. Also add missing check for
10872 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
10874 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
10875 version.h, visudo.c:
10876 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
10879 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
10882 Remove group setting code in setusercontext case, we will do it
10883 ourselves later on in runas_setup. Set the gid after
10884 initgroups/setgroups is called, since on Mac OS X it seems to change
10888 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
10890 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
10892 Initial bits of non-unix group support using Quest Authentication
10897 Accept %:foo as a non-Unix group
10901 Allow user/group to be double quoted in the case of non-Unix groups
10902 which contain spaces.
10905 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
10908 Don't allow the user to specify the default runas user if their
10909 sudoers entry only allows them to run as a group.
10912 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
10915 Must call audit_success before we change uids.
10918 * logging.c, set_perms.c, sudo.h, testsudoers.c:
10919 Add option for set_perm to not exit on failure and use this in the
10924 In -l mode, if the user is only allowed to run as a group, display
10925 the user's name, not root's before the allowed group.
10929 Fix -g mode, broken by rev 1.503 which had the side effect of
10930 setting the runas user to root unilaterally.
10933 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
10936 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
10940 Only cache by the method we fetched for pwd and grp lookups.
10941 Previously we cached both by namd and id but this can cause problems
10942 for entries that share the same id. Also add more info in the error
10943 message in case the insert fails (which should now be impossible).
10946 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
10949 Add a clarification from Nick Sieger
10952 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
10955 Inline the setting of the environment string.
10958 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
10961 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
10962 in BSD doesn't return an error if the name has '=' in it, it just
10963 treats the '=' as end of string.
10966 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
10969 Not all systems have d_namlen
10972 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
10975 Fix up some pod2html issues.
10978 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
10981 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
10986 Ignore files ending in '~' in sudo.d (emacs backup files)
10990 Ignore files ending in '~' in sudo.d (emacs backup files)
10993 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
10995 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
10996 For #includedir, ignore any file containing a dot
10999 * Makefile.in, version.h:
11003 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
11004 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
11006 Implement #includedir directive. Files in an includedir are not
11007 edited by visudo unless they contain a syntax error.
11012 [8741ed61a78b] [SUDO_1_7_1]
11015 Forgot umask_override
11022 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
11025 Rewind stream if we fdopen sudoers since it may not be at the
11026 beginning. Set the keepopen flag on already-open files too so the
11027 lexer doesn't close them out from under us.
11031 Print the proper file name when there is a parse error in an include
11035 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
11041 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
11043 * configure, configure.in:
11044 Fix a warning when --without-ldap is specified.
11047 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
11049 * alias.c, parse.h, visudo.c:
11050 Store aliases that we remove during check_aliases in a freelist and
11051 free them at the end so we don't leak memory.
11054 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
11057 Check aliases in -c mode too.
11060 * alias.c, parse.h, visudo.c:
11061 Make alias_remove return the alias struct instead of freeing it
11062 directly. Fixes a use after free in alias_remove_recursive, the only
11066 * alias.c, match.c, parse.c, parse.h, visudo.c:
11067 Rename find_alias -> alias_find for consistency.
11070 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
11073 When checking for unused aliases, recurse if the alias points to
11077 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
11080 Back out rev 1.105 for now. Real ldapux_client.conf support will be
11081 done later after some refactoring.
11084 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
11087 Treat ldap_hostport the same as "host" for ldapux.
11090 * configure, configure.in:
11091 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
11092 Fixes compilation with ldapux.
11095 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
11101 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
11104 remove errant carriage returns
11108 fix K&R compilation
11111 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
11112 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
11116 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
11119 Add missing HAVE_BSM_AUDIT
11127 Mention --with-netsvc
11130 * sudoers.ldap.pod:
11131 Document netsvc.conf support
11134 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
11136 Add support for AIX netsvc.conf (like nsswitch.conf).
11139 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
11141 * config.h.in, configure, configure.in, env.c:
11142 Add --enable-env-debug flag to enable environment sanity checks.
11145 * sudoers.ldap.pod, sudoers.pod:
11146 Work around some pod2html issue.
11149 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
11152 Only sync environ for putenv, setenv, and unsetenv. We need to make
11153 sure that sudo_putenv and sudo_setenv only modify env.envp, not
11157 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
11160 Really fix UNSETENV_VOID
11164 Fix unsetenv when UNSETENV_VOID
11167 * aclocal.m4, configure:
11168 Fix SUDO_FUNC_PUTENV_CONST
11172 tivoli-based ldap does not have ldapssl_err2string
11179 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
11181 * config.h.in, configure, configure.in, ldap.c:
11182 Add support for Tivoli-based LDAP start TLS as seen in AIX.
11187 Add sanity checks for setenv/unsetenv
11191 Include bsm_audit.h in the tarball
11194 * Makefile.in, version.h:
11195 bump version for sudo 1.7.1
11198 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
11199 env.c, ldap.c, sudo.h:
11200 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
11201 provide our own setenv/unsetenv/putenv that operates on own env
11202 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
11205 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
11208 Make "sudoedit -h" work as expected
11212 Make sure def_prompt is always defined. This is a workaround for
11213 pam configs that prompt for a password in the session but don't have
11214 an auth line. A better fix is to expand the sudo prompt earlier and
11215 set def_prompt to that when initializing.
11219 Mention that the helper for -A may be graphical.
11223 Document what happens if there is no tty.
11235 Fix "sudo -k" with no other args
11238 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
11240 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
11241 Allow the -k flag to be specified in conjunction with a command or
11242 another option that may require authentication.
11245 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
11247 * configure, configure.in:
11248 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
11252 Parallel make fix. From Diego E. 'Flameeyes'
11255 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
11257 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
11258 Implement umask_override
11265 * sudoers.pod, toke.l, visudo.c:
11266 Implement %h escape in sudoers include filenames.
11270 Need to include compat.h
11273 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
11274 Make audit_success and audit_failure generic functions in
11275 preparation for integrating linux audit support.
11279 remove duplicate include
11282 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
11285 Add missing include
11289 May need to update the runas user after parsing command-based
11293 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
11296 Add missing pair of braces introduced with character class support.
11299 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
11301 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
11302 Rename pwstars to pwfeedback
11305 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
11307 * bsm_audit.c, bsm_audit.h:
11308 Add const to make MacOS happy.
11311 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
11312 configure.in, sudo.c:
11313 Add bsm audit support from Christian S.J. Peron
11317 This is new code, no DARPA notice.
11320 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
11322 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
11323 Rename simple_glob -> fast_glob
11330 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
11331 Add simple_glob option to use fnmatch() instead of glob(). This is
11332 useful when you need to specify patterns that reference network file
11344 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
11347 Delete any pwstars we wrote after the user hits return. That way
11348 there is no record on screen as to the user's password length.
11351 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
11354 Move terminal setting bits from tgetpass.c to term.c
11357 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
11359 Add pwstars sudoers option that causes sudo to print a star every
11360 time the user presses a key.
11363 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
11366 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
11369 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
11372 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
11373 indicate no limit. From Mark Janssen.
11376 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
11379 Comments that begin with #- should not be parsed as uids.
11382 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
11385 Do not try to set the close on exec flag if we didn't actually open
11389 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
11393 [e11f0e4c1bdd] [SUDO_1_7_0]
11395 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
11401 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
11404 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
11408 * configure, configure.in:
11409 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
11410 as it cannot generate shared objects.
11413 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
11414 K&R compilation fixes
11418 Use tq_foreach_fwd when checking pseudo-commands to make it clear
11419 that we are not short-circuiting on last match. When pwcheck is
11420 'all', initialize nopass to TRUE and override it with the first non-
11424 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
11427 Do not short circuit pseudo commands when we get a match since,
11428 depending on the settings, we may need to examine all commands for
11432 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
11434 * sudoers.cat, sudoers.man.in:
11439 hostnames may also contain wildcards
11443 remove stamp-* files and linux core files in clean target
11446 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
11448 * auth/sudo_auth.h, config.h.in, configure, configure.in:
11449 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
11452 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
11454 * configure, configure.in:
11455 correctly enable SIA on Digital UNIX
11466 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
11468 * check.c, sudo.h, tgetpass.c:
11469 Even if neither stdin nor stdout are ttys we may still have /dev/tty
11473 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
11475 * sudoers.cat, sudoers.man.in:
11480 fix typos; Markus Lude
11492 Fix matching of a line that only consists of a comment char
11495 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
11498 MacOS pam will retry conversation function if it fails so just treat
11499 ^C as an empty password.
11503 When checking for alias use, also check defaults bindings.
11511 Replace my rbdelete with Emin's version (which actually works ;-)
11514 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
11521 malloc options in devel mode for visudo too
11524 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
11527 fix compilation on non-C99; from Theo
11535 when destroying an alias, free the correct data pointer
11538 * auth/sudo_auth.h:
11539 add proto for aixauth_cleanup; from Dale King
11542 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
11544 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11549 * sudo.pod, sudoers.pod, visudo.pod:
11550 standardize on the term 'option' for command line options (not flag)
11553 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
11556 Add note on configuring HP-UX pam
11559 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
11562 Move tty checks into check_user() so we only do them if we actually
11567 Don't error out if no tty or askpass unless we actually need to
11571 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
11577 * pathnames.h.in, sudo.c:
11578 s/overriden/overridden/; from Tobias Stoeckmann
11581 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
11583 * WHATSNEW, visudo.c:
11584 check sudoers owner and mode in strict mode
11591 * sudo.man.in, sudoers.man.in, visudo.man.in:
11592 Update copyright years.
11595 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
11596 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
11597 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
11598 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
11599 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
11600 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
11601 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
11602 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
11603 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
11604 visudo.pod, zero_bytes.c:
11605 Update copyright years.
11608 * emul/charclass.h, fnmatch.c, glob.c:
11612 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
11615 The loop in fill_cmnd() was going one byte too far past the end,
11616 resulting in a NUL being written immediately after the buffer end.
11619 * UPGRADE, WHATSNEW:
11620 add sections on tgetpass changes
11624 Treat EOF w/o newline as an error.
11627 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
11630 Fix "sudo -v" when NOPASSWD is set.
11633 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
11635 No longer treat an empty password at the prompt as special. To quit
11636 out of sudo you now need to hit ^C at the password prompt.
11639 * sudoers.cat, sudoers.man.in:
11643 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
11644 Sudo will now refuse to run if no tty is present unless the new
11645 visiblepw sudoers flag is set.
11648 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
11651 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
11656 fix fallback value for RLIM_SAVED_MAX
11659 * auth/aix_auth.c, auth/sudo_auth.h:
11660 Move clearing of AUTHSTATE into aixauth_cleanup.
11663 * auth/aix_auth.c, env.c:
11664 Unset AUTHSTATE after calling authenticate() as it may not be
11665 correct for the user we are running the command as.
11669 Add isblank() function for systems without it. Needed for POSIX
11670 character class matching in fnmatch.c and glob.c.
11673 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
11676 expound on sudo and cd
11679 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
11685 * sudoers.cat, sudoers.man.in:
11690 mention defauts parse order
11693 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
11695 * Makefile.in, aclocal.m4, compat.h, configure:
11696 Add isblank() function for systems without it. Needed for POSIX
11697 character class matching in fnmatch.c and glob.c.
11701 add emul/charclass.h to HDRS
11704 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
11710 * defaults.c, parse.c, testsudoers.c, visudo.c:
11711 Move update_defaults into defaults.c and call it properly from
11712 visudo and testsudoers.
11715 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
11717 use zero_bytes() instead of memset() for consistency
11720 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
11722 Zero out sigaction_t before use in case it has non-standard entries.
11730 Short circuit glob() checks if basename(pattern) !=
11731 basename(command). Refactor code that checks for a command in a
11732 directory and use it in the glob case if the resolved pattern ends
11736 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
11738 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
11739 Defer setting runas defaults until after runaspw/gr is setup.
11742 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
11744 * match.c, sudo.c, testsudoers.c:
11745 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
11746 systems do not include space for the NUL in the size. Also manually
11747 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
11751 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
11753 * sudo.c, sudoers.pod:
11754 When setting the umask, use the union of the user's umask and the
11755 default value set in sudoers so that we never lower the user's umask
11756 when running a command.
11760 Don't try to read from a zero-length sudoers file. Remove the bogus
11761 Solaris work-around for EAGAIN. Since we now use fgetc() it should
11765 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
11768 In update_defaults() check the return value of user*_matches against
11769 ALLOW so we don't inadvertantly match on UNSPEC.
11772 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
11774 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
11775 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
11776 regen man pages; no more hyphenation
11780 Don't error out on a zero-length sudoers file. With the advent of
11781 #include the user could create a situation where sudo is unusable.
11784 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
11786 * auth/kerb5.c, config.h.in, configure, configure.in:
11787 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
11788 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
11789 all. Add configure tests to handle all the cases.
11792 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
11799 document sudoers_locale
11802 * sudo.pod, sudo_edit.c:
11803 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
11808 In fill_cmnd(), collapse any escaped sudo-specific characters.
11809 Allows character classes to be used in pathnames.
11812 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
11815 fix typo in non-C89 function declaration
11819 Mention POSIX characters classes now that out fnmatch() and glob()
11823 * sample.sudoers, sudoers.pod:
11824 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
11829 use __signed char if we are going to assign a negative value since
11830 on Power, char is unsigned by default
11833 * config.h.in, configure, configure.in:
11834 Add tests for __signed char and signed char.
11838 Fix AIX limit setting. getuserattr() returns values in disk blocks
11839 rather than bytes. The default hard stack size in newer AIX is
11840 RLIM_SAVED_MAX. From Dale King.
11843 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
11845 * emul/charclass.h, fnmatch.c, glob.c:
11846 Add character class support to included glob(3) and fnmatch(3).
11849 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
11852 Remove UCB advertising clause and some compatibility defines.
11855 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
11858 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
11859 or sudo. This allows one to set EDITOR to sudoedit without getting
11860 into an infinite loop of sudoedit running itself until the path gets
11864 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
11865 Add sudoers_locale Defaults option to override the default sudoers
11869 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
11872 Set locale to system default except for during sudoers parse.
11875 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
11878 Redo change in 1.34 to use pointer arithmetic.
11881 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
11884 Fix a dereference (read) of a freed pointer. Reported by Patrick
11888 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
11891 Set locale to "C" to avoid interpretation issues with character
11892 ranges in sudoers. May want to make the locale a sudoers option in
11896 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
11899 we no longer use setproctitle
11906 * LICENSE, mkstemp.c:
11907 Use my replacement mkstemp() from the mktemp package.
11910 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
11913 regen with yacc skeleton bug fixed
11917 Remove duplicate "as root". From Martin Toft.
11920 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
11922 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
11923 Flesh out the fake passwd entry used for running commands as a uid
11924 not listed in the passwd database. Fixes an issue with some PAM
11928 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
11931 Error out in -i mode if the user has no shell. This can happen when
11932 running commands as a uid with no password entry.
11935 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
11938 Better fix for line continuation inside double quotes. Now accepts
11939 whitespace between the backslash and the newline like the main
11943 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
11946 Fix line continuation in strings. It was only being honored if
11947 preceded by whitespace.
11950 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
11952 * config.h.in, configure, configure.in, logging.c:
11953 Replace the double fork with a fork + daemonize.
11956 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
11959 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
11962 * logging.c, sudo.c, sudo_edit.c, visudo.c:
11963 Change how the mailer is waited for. Instead of having a SIGCHLD
11964 handler, use the double fork trick to orphan the child that opens
11965 the pipe to sendmail. Fixes a problem running su on some Linux
11969 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
11971 * configure, configure.in:
11972 Fix configure test for dirfd() on Linux where DIR is opaque.
11975 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
11978 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
11979 this problem we'll need to revisit this again.
11982 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
11985 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
11986 we only block the signal it may be delivered later when we unblock.
11987 Also, there is no need to block SIGCHLD since we no longer do the
11988 double fork. The normal SIGCHLD handler is sufficient.
11991 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
11993 * configure, configure.in:
11994 Add description for NO_PAM_SESSION, from a redhat patch.
11997 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
11999 * sudo.cat, sudo.man.in, sudo.pod:
12000 Fix typos in -i usage
12003 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
12005 * configure, configure.in:
12006 Redo the test for dgettext() in a way that hopefully will work
12007 around the libintl_dgettext() undefined problem.
12010 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
12012 * schema.ActiveDirectory:
12013 change filename in comment
12016 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
12018 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
12020 Reference schema.ActiveDirectory
12023 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
12025 * schema.OpenLDAP, schema.iPlanet:
12026 Mark sudoRunAs as deprecated.
12029 * schema.ActiveDirectory:
12030 add sudoRunAsUser and sudoRunAsGroup
12033 * schema.ActiveDirectory:
12034 Active Directory schema by Chantal Paradis and Eric Paquet
12037 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
12040 remove an XXX that was fixed
12048 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
12049 fixes a problem where the tag value printed was influenced by
12050 defaults set in the first pass through the parser.
12053 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
12055 * Makefile.in, sudo.psf:
12056 No point in packaging the TODO file
12063 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
12065 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
12066 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
12067 Add env_file Defaults option that is similar to /etc/environment on
12071 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
12073 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
12074 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
12075 version.h, visudo.cat, visudo.man.in:
12076 change version to 1.7.0
12080 initial valgrind pass done
12083 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
12086 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
12089 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
12092 define LDAPS_PORT if the system headers do not
12095 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
12098 Fix another memory leak in init_parser().
12101 * configure, configure.in:
12102 There was a missing space before the ldap libs in SUDO_LIBS for some
12106 * alias.c, gram.c, gram.y, toke.c, toke.l:
12107 Clean up some memory leaks pointed out by valgrind.
12110 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
12113 fix "sudo -s" broken by mode/flags breakout
12116 * configure, configure.in:
12117 remove duplicate check for dgettext
12120 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
12123 Fall back to default stanza if no user-specific limit is found.
12126 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
12129 include stdint.h if present
12133 Use LLONG_MAX, not the old QUAD_MAX
12136 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
12138 * sudoers.ldap.pod:
12142 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
12148 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12151 remove useless cast
12154 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
12165 Split MODE_* defines into primary and flags.
12168 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
12171 It turns out the logic for getting AIX limits is more convoluted
12172 than I realized and differs depending on whether the soft and/or
12173 hard limits are defined.
12176 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
12178 * Makefile.in, configure, configure.in:
12179 Back out AIX-specific change to set the sudo_noexec path to the .a
12180 file, we do really want to use the .so file. Since libtool doesn't
12181 do that correctly, just install the .so file ourselves in the
12186 If the file given to install is a path, only use the basename of the
12187 file when building the destination path.
12190 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
12193 parse_args() cleanup: Sort command line options in the getopt()
12194 switch The -U option requires a parameter Normalize a few ISSET
12195 calls Split mode into mode and flags and retire the now-obsolete
12199 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
12201 Add -n (non-interactive) flag.
12205 Move version printing, etc. into a separate function.
12209 Don't try to cleanup nsswitch if it has not been initialized.
12212 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
12215 Block SIGPIPE in send_mail() so sudo is not killed by a problem
12216 executing the mailer.
12219 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
12221 * configure, configure.in:
12222 AIX shared libs end in .a, not .so.
12225 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
12228 Preserve HOME by default too. Matches documentation and previous
12232 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12235 Use getopt() to parse the command line. We need to be able to
12236 intersperse env variables and options yet still honor "--"" which
12237 complicates things slightly.
12240 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
12246 * acsite.m4, configure, ltmain.sh:
12247 update to libtool-1.5.26
12250 * config.guess, config.sub:
12251 update from libtool-1.5.26 distribution
12255 attempt to fix compilation errors on AIX
12259 fix typo in last commit
12263 Add WHATSNEW file to the distribution
12267 use warningx instead of fprintf(stderr, ...)
12271 add DEBUG to list2tq
12282 * Makefile.in, aix.c, config.h.in, configure, configure.in,
12283 set_perms.c, sudo.h:
12284 Add aix_setlimits() to set resource limits on AIX using a
12285 combination of getuserattr() and setrlimit(). Currently untested.
12288 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
12290 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
12291 sudoers.man.in, sudoers.pod:
12292 Add mailfrom Defaults option that sets the value of the From: field
12293 in the warning/error mail. If unset the login name of the invoking
12298 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
12302 When adding a default, only call list2tq() once to do the list to tq
12303 conversion. It is not legal to call list2tq multiple times on the
12304 same list since list2tq consumes and modifies the list argument.
12307 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
12308 comment out XXXs for now
12315 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
12318 Error out if both -A and -S are specified Error out if -A is
12319 specified but no askpass is configured
12322 * configure, configure.in:
12323 we are not going to ship a sudo-specific askpass
12326 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
12329 fix definition of TGP_ASKPASS
12332 * def_data.c, def_data.in:
12333 make askpass boolean-capable
12337 document --with-askpass
12340 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
12341 sudoers.man.in, visudo.cat:
12345 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
12347 * sudo.pod, sudo_usage.h.in, sudoers.pod:
12348 document -A and askpass
12351 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
12352 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
12353 sudo_usage.h.in, tgetpass.c:
12354 Add support for running a helper program to read the password when
12355 no tty is present (or when specified with the -A flag). TODO: docs.
12358 * def_data.c, def_data.in:
12359 add missing printf format to SELinux role and type strings
12362 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
12364 * INSTALL, configure, configure.in:
12365 Disable use of gss_krb5_ccache_name() by default and add
12366 --enable-gss-krb5-ccache-name configure option to enable it. It
12367 seems that gss_krb5_ccache_name() doesn't work properly with some
12368 combinations of Heimdal and OpenLDAP.
12371 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
12374 Ignore setexeccon() failing in permissive mode. Also add a call to
12375 setkeycreatecon() (though this is probably insufficient). From Dan
12380 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
12381 function may be called for non-password reading purposes so we must
12382 be careful not to use def_prompt in cases where it may not be set.
12385 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
12388 Don't free the new tty context, we need to keep it around when we
12389 restore the tty context after the command completes
12392 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
12398 * sudo.man.pl, sudo.pod:
12399 Only put login_cap(3) in SEE ALSO section if we have login.conf
12403 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
12405 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
12406 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
12411 Substitute in comment characters for lines partaining to login.conf,
12412 BSD auth and SELinux and only enable them if pertinent.
12416 Substitute in comment characters for lines partaining to login.conf,
12417 BSD auth and SELinux and only enable them if pertinent.
12421 Substitute in comment characters for lines partaining to login.conf,
12422 BSD auth and SELinux and only enable them if pertinent.
12426 Substitute in comment characters for lines partaining to login.conf,
12427 BSD auth and SELinux and only enable them if pertinent.
12430 * Makefile.in, configure, configure.in:
12431 Substitute in comment characters for lines partaining to login.conf,
12432 BSD auth and SELinux and only enable them if pertinent.
12435 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
12436 Remove the =cut on the first line (above the copyright notice) to
12437 quiet pod2man. Also remove the hackery in the FILES section and
12438 just deal with the fact that there will a newline between each
12442 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
12445 run sudo.man.pl when generating sudo.man.in
12448 * configure, configure.in, sudo.man.pl:
12449 comment out SELinux manual bits unless --with-selinux was specified
12453 document role and type defaults for SELinux
12456 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
12457 Document "sudo -ll" and make "sudo -l -l" be equivalent.
12460 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
12462 * configure, configure.in:
12463 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
12464 Debian GNU/kFreeBSD.
12467 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
12470 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
12471 verify_krb_v5_tgt()
12474 * logging.c, logging.h, sudo.c:
12475 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
12476 log_auth() into log_allowed() and log_denial() Replace mail_auth()
12477 with should_mail() and a call to send_mail()
12480 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
12483 Add debugging so we can tell if the krb5 ccache is accessible
12487 mention --with-selinux
12490 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
12500 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
12501 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
12502 testsudoers.c, toke.c, toke.l:
12503 Add support for SELinux RBAC. Sudoers entries may specify a role
12504 and type. There are also role and type defaults that may be used.
12505 To make sure a transition occurs, when using RBAC commands are
12506 executed via the new sesh binary. Based on initial changes from Dan
12511 Add support for SELinux RBAC. Sudoers entries may specify a role
12512 and type. There are also role and type defaults that may be used.
12513 To make sure a transition occurs, when using RBAC commands are
12514 executed via the new sesh binary. Based on initial changes from Dan
12518 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
12519 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
12520 pathnames.h.in, selinux.c:
12521 Add support for SELinux RBAC. Sudoers entries may specify a role
12522 and type. There are also role and type defaults that may be used.
12523 To make sure a transition occurs, when using RBAC commands are
12524 executed via the new sesh binary. Based on initial changes from Dan
12528 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
12530 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
12531 Add long list (sudo -ll) support for printing verbose LDAP and
12532 sudoers file entries. Still need to update manual.
12535 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
12537 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
12538 Unify the -l output for file and ldap based sudoers and use lbufs
12539 for both. The ldap output does not currently include options that
12540 cannot be represented as tags. This will be remedied in a long list
12541 output mode to come.
12544 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
12547 Use a specific error message for errno == EAGAIN when setuid() et al
12548 fails. On Linux systems setuid() will fail with errno set to EAGAIN
12549 if changing to the new uid would result in a resource limit
12554 Unlimit nproc on Linux systems where calling the setuid() family of
12555 syscalls causes the nroc resource limit to be checked. The limits
12556 will be reset by pam_limits.so when PAM is used. In the non-PAM
12557 case the nproc limit will remain unlimited but there doesn't seem to
12558 be a way around that other than having sudo parse
12559 /etc/security/limits.conf directly.
12562 * env.c, sudo.c, sudo.pod:
12563 Only read /etc/environment on Linux and AIX
12566 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
12568 * configure, configure.in:
12569 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
12570 ldap.conf and ldap.secret paths from going into config.h. Avoid
12571 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
12572 since in some versions of bash they will end up literally in the
12576 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
12579 mention --with-nsswitch=no
12582 * configure, configure.in:
12583 ldap_ssl.h depends on ldap.h being included first
12586 * config.h.in, configure, configure.in, ldap.c:
12587 Include ldap_ssl.h if we can find it. Needed for the
12588 ldapssl_set_strength defines on HP-UX at least.
12591 * sudoers.ldap.pod:
12599 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
12600 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
12605 Use 78n line length when formatting cat pages.
12609 Remove redundant info that is now in sudoers.ldap.pod
12612 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
12614 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
12615 Reorganize the first section a bit. Substitute the proper path for
12619 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
12620 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
12621 schema into EXAMPLES
12624 * configure, configure.in:
12625 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
12629 * configure, configure.in:
12630 substitute for sudoers.ldap.man
12634 Fix cut & pasto introduced when adding sudoers.ldap man page.
12637 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
12638 Fill in some of the missing pieces. Still needs some reorganization
12642 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
12644 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
12646 Beginnings of a sudoers.ldap man page. Currently, much of the
12647 information is adapted from README.LDAP.
12650 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
12653 When copying gr_mem we must guarantee that the storage space for
12654 gr_mem is properly aligned. The simplest way to do this is to
12655 simply store gr_mem directly after struct group. This is not a
12656 problem for gr_passwd or gr_name as they are simple strings.
12660 Fix a typo/thinko in one of the calls to
12661 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
12664 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
12666 * config.h.in, configure, configure.in, ldap.c:
12667 include <mps/ldap_ssl.h> in ldap.c if available
12670 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
12673 Make sure we define SIZE_MAX for yacc's skeleton.c
12677 Use TCSAFLUSH when restoring terminal settings (and echo) to
12678 guarantee that any pending output is discarded
12681 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
12684 no longer need to specify SETENV when user has sudo ALL
12688 sync user_args size calculation with sudo.c Add -g group option,
12689 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
12694 Make set_runaspw static void
12697 * testsudoers.c, visudo.c:
12698 g/c set_runaspw stub
12701 * configure, configure.in:
12702 Don't add -llber twice.
12705 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
12711 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
12717 * configure, configure.in:
12718 Fix check that determines whether -llber is required.
12721 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
12722 For netscape-based LDAP, use ldapssl_set_strength() to implement the
12723 checkpeer ldap.conf option.
12727 Delay krb5_cc_initialize() until we actually need to use the cred
12728 cache, which is what krb5_verify_user() does. Better cleanup on
12732 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
12735 Rewrite verify_krb_v5_tgt() based on what heimdal's
12736 krb5_verify_user() does.
12739 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
12742 The U suffix on constants is an ANSI feature
12745 * configure, configure.in:
12746 Add check for ber_set_option() in -llber
12749 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
12752 default if no nsswitch.conf is files only
12755 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
12758 don't tell people to mail aaron about LDAP stuff
12762 timelimit and bind_timelimit
12770 Move ldap.secret reading into a separate function.
12774 user_runas -> runas_pw
12777 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
12783 * check.c, sudo.pod, sudoers.pod:
12784 Add and document the %p escape in the password prompt. Based on a
12785 patch from Patrick Schoenfeld.
12789 Check strlcpy() return values.
12793 refactor ldap binding code into sudo_ldap_bind_s()
12797 Make it clear that host and uri can take multiple parameters. URI is
12798 now supported for more than just openldap nsswitch.conf does't
12803 comment cleanup and update (c) year
12806 * parse.c, sudo_nss.c:
12807 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
12808 This should make it possible to build an LDAP-only sudo binary.
12811 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
12812 Improve chaining of multiple sudoers sources by passing in the
12813 previous return value to the next in the chain
12817 Free up parser data structures in sudo_file_close().
12821 Free up parser data structures in sudo_file_close().
12825 Parse uri ourself if no ldap_initialize() is present Use
12826 ldap_create() instead of deprecated ldap_init() Use
12827 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
12830 * config.h.in, configure, configure.in:
12831 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
12835 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
12837 * config.h.in, configure, configure.in:
12838 add check for ldap_create
12841 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
12843 * config.h.in, configure, configure.in, ldap.c:
12844 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
12845 dn using the mechanism appropriate for the LDAP SDK in use. Use
12846 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
12847 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
12854 * config.h.in, configure.in:
12855 fix typo in mtim_getnsec
12858 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
12860 * config.h.in, configure, configure.in:
12861 add check for st__tim in struct stat as used by SCO
12865 use ldap_search_ext_s instead of deprecated ldap_search_s
12868 * Makefile.in, TODO, sudo.cat, sudo.man.in:
12869 add sudo_nss.h to HDRS
12873 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
12877 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
12880 Use ldap_get_values_len()/ldap_value_free_len() instead of the
12881 deprecated ldap_get_values()/ldap_value_free().
12892 * gettime.c, sudo.c:
12893 Remove some already fixed XXXs
12897 Same return value as non-existent sudoers if LDAP was unable to
12902 mention /etc/environment
12905 * README.LDAP, UPGRADE, WHATSNEW:
12906 Update to reflect recent developments.
12910 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
12914 When building up a query don't list groups in the aux group vector
12915 that are the same as the passwd file group. On most systems the
12916 first gid in the group vector is the same as the passwd entry gid.
12920 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
12921 ldaprc and system defaults that could affect how LDAP works.
12924 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
12925 sudo_nss.c, sudo_nss.h:
12926 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
12927 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
12928 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
12929 file and --with-ldap-secret-file
12933 Honor def_ignore_local_sudoers
12936 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
12939 no longer need to check def_ignore_local_sudoers here
12943 Refactor group vector resetting into a function and also call it
12944 from display_cmnd. Stop after the first sucessful match in
12945 display_cmnd. Print a newline between each display_privs method.
12949 fix double free introduced in rev 1.218
12953 belt and suspenders; zero out result after freeing it
12956 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
12957 Refactor line reading into a separate function, sudo_parseln(),
12958 which removes comments, leading/trailing whitespace and newlines.
12959 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
12963 Make the inability to read the sudoers file a non-fatal error if
12964 there are other sudoers sources available. sudoers_file_lookup now
12965 returns "not OK" if sudoers was not present
12969 make it clear that the global options are from LDAP
12973 allocate proper amount of space for error string
12976 * sudo_nss.c, sudo_nss.h:
12977 actual sudo nss code
12980 * ldap.c, parse.c, sudo.c, sudo.h:
12981 nss-ify display_privs and display_cmnd.
12984 * defaults.c, parse.c, testsudoers.c, visudo.c:
12985 move update_defaults() to parse.c
12988 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
12989 Use nsswitch to hide some sudoers vs. ldap implementation details
12990 and reduce the number of #ifdef LDAP TODO: fix display routines and
12994 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
12996 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
12997 First cut at nsswitch.conf support. Further reorganizaton and
12998 related changes are forthcoming.
13001 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
13003 * env.c, pathnames.h.in, sudo.c, sudo.h:
13004 Add support for reading and /etc/environment file. Still needs to
13005 be documented and should probably only applies to OSes that have it
13006 (AIX and Linux, maybe others).
13013 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
13019 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
13026 Add an example sudoRole, clarify netscape vs. openldap a bit more
13030 Be clear on what is OpenLDAP vs. Netscape-derived
13033 * config.h.in, configure, configure.in, ldap.c:
13034 Use ldapssl_init() for ldaps support instead of trying to do it
13035 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
13036 and tls_key for cert7.db and key3.db respectively. Don't print
13037 debugging info for options that are not set. Add warning if
13038 start_tls specified when not supported.
13042 fix compilation on solaris
13046 add missing .h and .c files for missing lib objs
13049 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
13052 fix LDAP_OPT_NETWORK_TIMEOUT setting
13056 fix compilation on Solaris
13059 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
13061 * configure, configure.in:
13066 try to clear up which variables are for OpenLDAP and which are for
13067 netscape-derived SDKs
13070 * config.h.in, configure, configure.in, ldap.c:
13071 Add support for "ssl on" in both netscape and openldap flavors. Only
13072 the OpenLDAP flavor has been tested.
13075 * logging.c, sudo.c, sudo.h:
13076 Call cleanup() before exit in log_error() instead of calling
13077 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
13084 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
13086 * logging.c, sudo.c, sudo.h:
13087 Better ldap cleanup.
13091 Distinguish between LDAP conf settings that are connection-specific
13092 (which take an ld pointer) and those that are default settings
13096 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
13099 Improved warnings on error.
13103 Make ldap config table driven and set the config *after* we open the
13107 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
13110 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
13113 * configure, configure.in:
13114 some operating systems need to link with -lkrb5support when using
13118 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
13124 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
13128 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
13134 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
13135 add -g support for LDAP
13138 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
13140 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
13141 The -i and -s flags can now take an optional command.
13144 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
13146 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
13148 Add passprompt_override flag to sudoers that will cause the prompt
13149 to be overridden in all cases. This flag is also set when the user
13150 specifies the -p flag.
13154 Move setting of login class until after sudoers has been parsed. Set
13155 NewArgv[0] for -i after runas_pw has been set.
13158 * configure, configure.in:
13159 Move the dgettext check.
13162 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
13164 * auth/pam.c, config.h.in, configure, configure.in:
13165 Add basic support for looking up the string "Password: " in the PAM
13166 localized text db. This allows us to determine whether the PAM
13167 prompt is the default "Password: " one even if it has been
13170 TODO: concatenate non-std PAM prompts and user-specified sudo
13174 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
13176 * Makefile.in, config.h.in, configure, configure.in, parse.c,
13177 set_perms.c, sudo.c, sudo.h:
13178 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
13182 * acsite.m4, configure, interfaces.c, memrchr.c:
13183 Fix typos; Martynas Venckus
13186 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
13189 Don't assume runas_pw is set; it may not be in the -g case.
13192 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
13194 * logging.c, set_perms.c:
13195 Set aux group vector for PERM_RUNAS and restore group vector for
13196 PERM_ROOT if we previously changed it. Stash the runas group vector
13197 so we don't have to call initgroups more than once. Also add no-op
13198 check to check_perms.
13201 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
13203 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
13204 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
13205 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
13206 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
13207 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
13208 Add support for runas groups. This allows the user to run a command
13209 with a different effective group. If the -g option is specified
13210 without -u the command will be run as the current user (only the
13211 group will change). the -g and -u options may be used together.
13212 TODO: implement runas group for ldap improve runas group
13213 documentation add testsudoers support
13216 * configure, configure.in:
13217 fix setting of mandir
13220 * sudo.pod, sudoers.pod:
13221 document that ALL implies SETENV
13225 s/setenv_ok/setenv_implied/g
13229 hostname_matches() returns TRUE on match in sudo 1.7.
13233 use strcmp, not strcasecmp when comparing ALL
13237 Make sudo ALL imply setenv. Note that unlike with file-based
13238 sudoers this does affect all the commands in the sudoRole.
13241 * gram.c, gram.y, parse.c, parse.h:
13242 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
13243 it is not passed on to other commands in the list.
13247 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
13248 sudo_getpwuid() instead of getpwuid().
13251 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
13254 Expand on the dangers of not using visudo to edit sudoers.
13257 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
13260 Don't quote *?[]! on output since the lexer does not strip off the
13261 backslash when reading those in.
13264 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
13267 expand "u_foo" types to "unsigned foo" to avoid compatibility
13271 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
13274 Refactor log line generation in to new_logline().
13277 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
13283 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
13285 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
13287 Add configure check for struct in6_addr instead of relying on
13288 AF_INET6 since some systems define AF_INET6 but do not include IPv6
13292 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
13294 * configure, configure.in:
13295 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
13299 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
13301 * configure, configure.in:
13302 POSIX states that struct timespec be declared in time.h so check
13303 there regardless of the value of TIME_WITH_SYS_TIME.
13306 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
13309 Instead of defining a macro to call the appropriate method for
13310 turning on/off echo, just define tc[gs]etattr() and the related
13311 defines that use the correct terminal ioctls if needed. Also go back
13312 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
13315 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
13325 * INSTALL, auth/pam.c, config.h.in, configure.in:
13326 Add --disable-pam-session configure option to disable calling
13327 pam_{open,close}_session. May work around bugs in some PAM
13331 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
13338 Avoid printing the prompt if we are already backgrounded. E.g. if
13339 the user runs "sudo foo &" from the shell. In this case, the call
13340 to tcsetattr() will cause SIGTTOU to be delivered.
13343 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
13345 * def_data.c, def_data.h, def_data.in:
13346 Reorder things such that the definition of env_reset come right
13347 before the env variable lists.
13351 Shrink type and seqno in struct alias from int to u_short
13354 * alias.c, match.c, parse.c, parse.h:
13355 Add a sequence number in the aliases for loop detection. If we find
13356 an alias with the seqno already set to the current (global) value we
13357 know we've visited it before so ignore it.
13360 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
13362 * TODO, auth/pam.c, sudo.c, sudo.h:
13363 PAM wants the full tty path so add user_ttypath which holds the full
13364 path to the tty or is NULL if no tty was present.
13368 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
13372 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
13378 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
13379 parse.h, testsudoers.c, visudo.c:
13383 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
13386 remove some useless casts
13390 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
13391 predates the final C99 spec and the standard specifies that it shall
13392 include stdint.h anyway
13395 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
13397 * Makefile.in, alloca.c, configure.in:
13398 Since we ship with a pre-generated parser there is no need to ship a
13399 bogus alloca implementation.
13407 remove initial setting of CHECKSIA, we require that it be unset if
13420 only do SIA checks on Digital Unix
13423 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
13425 * sudoers.cat, sudoers.man.in:
13434 Remove call to krb5_cc_register() as it is not needed for modern
13442 * aclocal.m4, configure.in:
13443 New method for setting the default authentication type and avoiding
13444 conflicts in auth types.
13447 * match.c, parse.c, testsudoers.c:
13448 Each entry in a cmndlist now has an associated runaslist so no need
13449 to keep track of the most recent non-NULL one.
13452 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
13455 back out partial ldaps support mistakenly committed
13459 Add support for unix groups and netgroups in sudoRunas
13462 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
13465 Fix sudoedit of a non-existent file. From Tilo Stritzky.
13468 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
13475 update --passprompt escape info
13479 remove now-bogus comment and update copyright date
13483 Fix up use of with_passwd
13486 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
13487 Update to autoconf-2.61 andf libtool-1.5.24
13491 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
13494 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
13501 move tags and runaslist propagation to be earlier
13505 If -f flag given use the permissions of the original file as a
13510 prevent a double free() when re-initing the parser
13513 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
13519 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
13520 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
13521 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
13522 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
13523 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
13524 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
13525 Remove support for compilers that don't support void *
13532 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
13533 parse.c, parse.h, testsudoers.c, visudo.c:
13534 Move list manipulation macros to list.h and create C versions of the
13535 more complex ones in list.c. The names have been down-cased so they
13536 appear more like normal functions.
13540 Fix cmp command when regenerating parser. Make gram.o the first
13541 dependency for all programs so gram.h will be generated before
13542 anything that needs it.
13546 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
13549 * match.c, parse.c, testsudoers.c:
13550 Use LH_FOREACH_REV when checking permission and short-circuit on the
13551 first non-UNSPEC hit we get for the command. This means that
13552 instead of cycling through the all the parsed sudoers entries we
13553 start at the end and work backwards and quit after the first
13554 positive or negative match.
13561 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
13562 Change list head macros to take a pointer, not a struct.
13570 Propagate the runasspec from one command to the next in a cmndspec.
13573 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
13576 Replace has_meta() with a macro that calls strpbrk().
13582 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
13583 testsudoers.c, visudo.c:
13584 Use a list head struct when storing the semi-circular lists and
13585 convert to tail queues in the process. This will allow us to
13586 reverse foreach loops more easily and it makes it clearer which
13587 functions expect a list as opposed to a single member.
13589 Add macros for manipulating lists. Some of these should become
13592 When freeing up a list, just pop off the last item in the queue
13593 instead of going from head to tail. This is simpler since we don't
13594 have to stash a pointer to the next member, we always just use the
13595 last one in the queue until the queue is empty.
13597 Rename match functions that take a list to have list in the name.
13598 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
13602 Fix pasto, append "!" not negated (which is an int) for sudo -l
13607 Remove the dependency of gram .h on gram.y, the .c dependency is
13608 enough. Only move y.tab.h to gram.h if it is different; avoids
13609 needless rebuilding.
13612 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
13615 Defaults lines may be associated with lists of users, hosts,
13616 commands and runas users, not just single entries.
13619 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
13622 Revert the "cmp" portion of the last diff, it doesn't make sense.
13626 Remove *.lo for clean: When generating the parser, only move the
13627 generated files into place if they differ from the existing ones.
13630 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
13633 Replace IPV6 regexp with a much simpler (readable) one and add an
13634 extra check when it matches to make sure we have a valid address.
13638 Fix thinko introduced when merging IPV6 support.
13641 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
13643 * HISTORY, LICENSE:
13652 mention #uid vs. comment pitfall
13656 Merge in a patch from the libtool cvs that fixes a problem with the
13657 latest autoconf. From Stepan Kasal.
13661 Back out he XOR swap trick, it is slower than a temp variable on
13670 Convert the tail queue to a semi-circle queue and use the XOR swap
13671 trick to swap the prev pointers during append.
13674 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
13677 remove useless statement
13681 Refactor #include parsing into a separate function and return
13682 unparsed chars (such as newline or comment) back to the lexer.
13685 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
13688 mention better uid support
13692 Users may now consist of a uid.
13695 * gram.c, gram.h, toke.c:
13700 Use lbuf_append_quoted() for sudo -l output to quote characters that
13701 would require quoting in sudoers.
13705 Add lbuf_append_quoted() which takes a set of characters which
13706 should be quoted with a backslash when displayed.
13710 Require that the first character after a comment not be a digit or a
13711 dash. This allows us to remove the GOTRUNAS state and treat
13712 uid/gids similar to other words. It also means that we can now
13713 specify uids in User_Lists and a User_Spec may now contain a uid.
13717 Replace RUNAS token with '(' and ')' tokens to make the runas
13718 portion of the grammar more natural.
13722 The BUGS file is history
13725 * Makefile.in, README:
13726 The BUGS file is history
13729 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
13732 Allow comments after a RunasAlias as long as the character after the
13733 pound sign isn't a digit or a dash.
13737 Glob support was back-ported to 1.6.9
13740 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
13743 remove sudo_usage.h in distclean
13747 If a Defaults value contains a blank, double-quote the string.
13751 Properly deal with Defaults double-quoted strings that span multiple
13752 lines using the line continuation char. Previously, the entire
13753 thing, including the continuation char, newline, and spaces was
13758 Be consistent when using single quotes and backticks.
13761 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
13763 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
13764 sudo.c, sudo_usage.h.in:
13765 Add new linebuf code to do appends of dynamically allocated strings
13766 and word-wrapped output. Currently used for sudo's usage() and sudo
13767 -l output. Sudo usage strings are now in sudo_usage.h which is
13768 generated at configure time.
13771 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
13773 * parse.c, sudo.c, sudo.h:
13774 Fix line wrapping in usage() and use the actual tty width instead of
13778 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
13785 Mentioned Chris Jepeway's parser and also the new one that is in
13789 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
13791 * sudo.pod, visudo.pod:
13792 For the options list, add flag args where appropriate and increase
13793 the indent level so there is room for them.
13796 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
13799 Fix some spacing in "sudo -l" and add a comment about some bogosity
13800 in the line wrapping.
13803 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13808 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
13809 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
13810 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
13811 testsudoers.c, toke.c, toke.l:
13812 Remove monitor support until there is a versino of systrace that
13813 uses a lookaside buffer (or we have a better mechanism to use).
13816 * config.h.in, configure, configure.in, sudo.c:
13817 use getaddrinfo() instead of gethostbyname() if it is available
13820 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
13823 Deal with OSes where sizeof(gid_t) < sizeof(int).
13827 repair non-getifaddrs() code after ipv6 integration
13831 If we can open sudoers but fail to read the first byte, close the
13832 file stream before trying again.
13835 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
13841 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
13842 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
13845 * sudo.pod, sudoers.pod, visudo.pod:
13846 Add some missing markup Update copyright
13849 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
13851 * configure, configure.in:
13852 fix sudo_noexec extension which got broken in the libtool update
13855 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
13858 explicitly specify -Tascii to nroff
13861 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
13864 remove an ANSI-ism that crept in
13867 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
13870 Adjust list indents Prevent -- from being turned into an em dash Use
13871 a list for the environment instead of a literal paragraph
13875 Use a list for the environment instead of an indented literal
13880 Adjust list indentation
13887 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
13890 mention that when specifying a uid for the -u option the shell may
13891 require that the # be escaped
13894 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
13897 Fix off by one in group matching.
13900 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
13903 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
13906 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
13908 * configure, configure.in:
13909 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
13910 -lgssapi_krb5 case.
13913 * aclocal.m4, configure, configure.in:
13914 Fix link tests such that new gcc doesn't optimize away the test.
13917 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
13919 * sudo.pod, sudoers.pod, visudo.pod:
13920 add missing over/back
13923 * sudo.pod, sudoers.pod, visudo.pod:
13924 Change FILES section to use =item
13928 Add back allocation of the env struct in rebuild_env but save a copy
13929 of the old pointer and free it before returning.
13933 Don't init the private environment in rebuild_env() since it may
13934 have already been done implicitly sudo_setenv/sudo_unsetenv.
13936 Multiply length by sizeof(char *) in memcpy/memmove when copying the
13937 environment so we copy the full thing.
13939 Add missing set of parens so we deref the right pointer in
13940 sudo_unsetenv when searching for a matching variable.
13943 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
13945 * sudo.pod, sudoers.pod, visudo.pod:
13946 Use file markup for paths in the FILES section
13949 * sudo.pod, sudoers.pod, visudo.pod:
13950 Don't capitalize sudo/visudo
13954 Sort sudoers options; based on a diff from Igor Sobrado.
13957 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
13959 * sudo.pod, sudoers.pod, visudo.pod:
13960 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
13961 latter confuses pod2man. The Makefile rules for the .man.in file
13962 will add @mansectsu@ and @mansectform@ back in after pod2man is done
13966 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
13968 * LICENSE, Makefile.in, license.pod:
13969 Move license info to pod format
13972 * configure, configure.in, sudoers.pod:
13973 Substitute value of path_info into sudoers man page.
13977 remove features that were back-ported to 1.6.9
13980 * sudo.c, sudo.pod, visudo.c, visudo.pod:
13981 Sort SYNOPSIS and sync usage. From Igor Sobrado.
13985 Only need sudo_setenv/sudo_unsetenv if we are going to use
13986 ldap_sasl_interactive_bind_s() but don't have
13987 gss_krb5_ccache_name().
13991 rebuild without branch info
13995 Add ChangeLog target
13999 Run cleanup code if the user hits ^C at the password prompt.
14003 Some versions of pam_lastlog have a bug that will cause a crash if
14004 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
14008 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
14011 ChageLog not Changelog
14019 CHANGE -> Changelog
14026 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
14028 * config.h.in, configure, configure.in, ldap.c:
14029 Add configure hooks for gss_krb5_ccache_name() and the gssapi
14033 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
14036 rebuild_env() and insert_env_vars() no longer return environment
14037 pointer, they set environ directly.
14039 No longer need to pass around an envp pointer since we just operate
14042 Add dosync argument to insert_env() that indicates whether it should
14043 reset environ when realloc()ing env.envp.
14045 Use an initial size of 128 for the environment.
14049 Split sudo_setenv() into an external version and a version only for
14050 use by rebuild_env().
14053 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
14056 Add support for using gss_krb5_ccache_name() instead of setting
14057 KRB5CCNAME. Also use sudo_unsetenv() in the non-
14058 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
14059 original environment. TODO: configure setup for
14060 gss_krb5_ccache_name()
14067 * README.LDAP, ldap.c:
14068 Add support for sasl_secprops in ldap.conf
14072 Add sudo_unsetenv() and refactor private env syncing code into
14076 * README.LDAP, ldap.c:
14077 The ldap.conf variable is sasl_auth_id not sasl_authid.
14080 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
14082 * ldap.c, sudo.c, sudo.h:
14083 Add support for krb5_ccname in ldap.conf. If specified, it will
14084 override the default value of KRB5CCNAME in the environment for the
14085 duration of the call to ldap_sasl_interactive_bind_s().
14089 Remove format_env() Add sudo_setenv() to replace most format_env() +
14090 insert_env() combinations. insert_env() no longer takes a struct
14095 Fix use_sasl vs. rootuse_sasl logic.
14098 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
14099 Add support for SASL auth when connecting to an LDAP server. Adapted
14100 from a diff by Tom McLaughlin.
14103 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
14105 * configure, configure.in:
14106 Only enable AIX or BSD auth if no other exclusive auth method has
14107 been chosen. Allows people to e.g., use PAM on AIX without adding
14108 --without-aixauth. A better solution is needed to deal with default
14109 authentication since if a non-exclusive method is chosen we will
14110 still get an error.
14113 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
14115 * HISTORY, Makefile.in, history.pod:
14116 Generate HISTORY from history.pod (which is also used for web pages)
14119 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
14121 * sudo.man.in, sudoers.man.in:
14126 Better explanation of environment handling in the sudo man page.
14130 Defer setting user-specified env vars until after authentication.
14134 honor def_default_path for PATH set on the command line
14137 * env.c, sudo.c, sudo.pod, sudoers.pod:
14138 Allow user to set environment variables on the command line as long
14139 as they are allowed by env_keep and env_check. Ie: apply the same
14140 restrictions as normal environment variables. TODO: deal with
14144 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
14146 * sudo.c, sudo_edit.c:
14147 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
14148 Don't allow -E or env var setting in sudoedit mode. More accurate
14149 usage() when called as sudoedit.
14157 add -c option to sudoedit synopsis
14165 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
14166 value from {user,host,runas,cmnd}_matches(). Rename *matches
14167 variables -> *match. Purely cosmetic.
14171 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
14179 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
14182 Make pwcheck local to the pwflag block. Use pwcheck even if user
14183 didn't match since Defaults options may still apply.
14187 Do not update timestamp if user not validated by sudoers.
14191 for PERM_RUNAS, set the egid to the runas user's gid and restore to
14192 the user's original in PERM_ROOT
14195 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
14196 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
14201 don't check timestamp mtime if we are just going to remove it
14205 Move sudoers defaults parameters into their own section.
14209 Reduce a level of indent by a few placed continue statements.
14213 Make matching but negated commands/hosts/runas entries override a
14214 previous match as expected. Also reduce some levels of indent by a
14215 few placed continue statements.
14218 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
14221 Print default runas in "sudo -l" if sudoers don't specify one.
14225 Less hacky way of testing whether the domain was set.
14228 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
14231 Mention pam-devel and openldap-devel for Linux
14234 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
14240 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
14243 fix typo in Solaris project support
14251 Make -- on the command line match the manual page. The implied shell
14252 case has been simplified as a result.
14255 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
14258 add simplistic support for sudoRunas; note that if a sudoers entry
14259 contains multiple Runas users, all will apply to the sudoRole
14263 honor SETENV and NOSETENV tags
14266 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
14269 Redo setting of user_args. We now build up a private copy of argv
14270 first and then replace the NULs?with spaces.
14274 getcwd() returns NULL on failure, not 0 on success
14278 allow chunksiz to reach 1 before erroring out
14281 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14286 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
14288 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
14289 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
14291 Add support for setting environment variables on the command line.
14292 This is only allowed if the setenv sudoers options is enabled or if
14293 the command is prefixed with the SETENV tag.
14297 replace Aaron's email address with the sudo-workers list
14304 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
14306 * schema.OpenLDAP, schema.iPlanet:
14307 Break schema out into separate files.
14310 * Makefile.in, README.LDAP:
14311 Break schema out into separate files.
14314 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
14317 free message if set by authenticate()
14321 deal with NULL gr_mem
14324 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
14331 add template for HAVE_PROJECT_H
14338 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
14341 mention --with-project
14344 * config.h.in, configure.in, sudo.c:
14345 Add Solaris 10 "project" support. From Michael Brantley.
14357 Fix preservation of LDFLAGS in the LDAP case.
14361 Remove dependecy on NULL
14368 * aclocal.m4, configure.in:
14369 Can't use the regular autoconf fnmatch() check since we need
14370 FNM_CASEFOLD so go back to our custom one.
14374 Fix preserving of variables in env_keep.
14382 expand upon env resetting and mention that it began in 1.6.9 not
14387 Update descriptions of env_keep and env_check to match current
14391 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
14394 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
14395 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
14398 * env.c, logging.c:
14399 Treat USERNAME environemnt variable like LOGNAME/USER
14403 Don't need to populate keepenv table with the contents of the
14408 Don't force sudo into the C locale.
14412 Make env_check apply when env_reset it true. Environment variables
14413 are passed through unless they contain '/' or '%'. There is no need
14414 to have a variable in both env_check and env_keep.
14417 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
14420 Remove an duplicate lock_file() call and add a comment.
14424 Add sudo 1.6.9 upgrade note.
14427 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
14430 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
14431 small. From Klaus Wagner.
14434 * logging.c, sudo.h:
14435 Redo the long syslog line splitting based on a patch from Eygene
14436 Ryabinkin. Include memrchr() for systems without it.
14440 Redo the long syslog line splitting based on a patch from Eygene
14441 Ryabinkin. Include memrchr() for systems without it.
14444 * Makefile.in, config.h.in, configure, configure.in:
14445 Redo the long syslog line splitting based on a patch from Eygene
14446 Ryabinkin. Include memrchr() for systems without it.
14450 Since we need to be able to convert timespec to timeval for utimes()
14451 the last 3 digits in the tv_nsec are not significant. This makes the
14452 sudoedit file date comparison work again.
14455 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
14457 * aclocal.m4, configure, configure.in:
14458 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
14459 This deals with exclusive authentication methods in a simple way.
14462 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
14465 mkstemp.c is BSD code too.
14468 * sudo.pod, sudoers.pod, visudo.pod:
14469 No commercial support for now.
14472 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
14475 cleanenv() is no more.
14478 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
14481 Display branch info in Changelog
14485 Include config.h early so we have it for TIME_WITH_SYS_TIME
14489 Fix Changelog generation and update.
14492 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
14495 Use /proc/self/fd instead of /proc/$$/fd
14497 Move old-style fd closing into closefrom_fallback() and call that if
14498 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
14501 * auth/kerb5.c, config.h.in, configure.in:
14502 o use krb5_verify_user() if available instead of doing it by hand o
14503 use krb5_init_secure_context() if we have it o pass an encryption
14504 type of 0 to krb5_kt_read_service_key() instead of
14505 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
14509 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
14513 Fix closefrom() substitution in the Makefile
14517 Mention alternate sudo pronunciation.
14520 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
14523 Remove KRB5_KTNAME from environment. Allow COLORTERM.
14527 If we cannot get a valid service key using the default keytab it is
14528 a fatal error. Fixes a bug where sudo could be tricked into
14529 allowing access when it should not by a fake KDC. From Thor Lancelot
14533 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
14535 * aclocal.m4, configure, configure.in:
14536 Update long long checks to use AC_CHECK_TYPES and to cache values.
14539 * aclocal.m4, configure.in:
14540 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
14541 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
14545 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
14547 * configure, configure.in:
14548 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
14549 need it for visudo now too.
14552 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
14555 Attempt to clarify the bit talking about network numbers w/o
14560 Clarify timestamp dir ownership sentence.
14563 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
14566 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
14570 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
14573 -i is also one of the mutually exclusive options to list it in the
14574 warning message. Noted by Chris Pepper.
14577 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
14580 The sudoers variable is env_editor, not enveditor. From Jean-
14584 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
14587 I tracked down the original author so credit him and include his
14591 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
14593 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
14595 Fix typos; from Jason McIntyre.
14599 Restore signal mask before calling reapchild(). Fixes a possible
14600 race condition that could prevent sudo from properly waiting for the
14604 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
14607 Don't declare pw_free() if we are not going to use it.
14611 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
14612 LDR_PRELOAD64. The 64-bit version is not currently supported.
14613 Remove zero_env() prototype as it no longer exists.
14616 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
14619 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
14622 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
14625 If the user enters ^C at the password prompt, abort instead of
14626 trying to authenticate with an empty password (which causes an
14630 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
14632 * closefrom.c, config.h.in, configure, configure.in:
14633 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
14638 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
14641 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
14643 * config.guess, config.sub:
14644 Update to latest versions from cvs.savannah.gnu.org
14647 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
14649 * pwutil.c, sudo_edit.c:
14650 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
14651 we can close the passwd/group files early.
14654 * config.h.in, configure, configure.in, set_perms.c:
14655 Add seteuid() flavor of set_perms() for systems without setreuid()
14656 or setresuid() that have a working seteuid(). Tested on Darwin.
14659 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
14662 systrace_read() returns ssize_t
14665 * configure, configure.in:
14666 Fix typo, -lldap vs. -ldap; from Tim Knox.
14669 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
14672 Fix typo; Matt Ackeret
14675 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
14678 Print sudoers path in -V mode for root.
14681 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
14684 Do a sub tree search instead of a base search (one level in the tree
14685 only) for sudo right objects. This allows system administrators to
14686 categorize the rights in a tree to make them easier to manage.
14689 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
14695 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
14698 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
14699 bind_timelimit support; adapted from gentoo.
14702 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
14705 Support comments that start in the middle of a line
14708 * configure, configure.in:
14709 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
14712 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
14715 Silence gcc -Wsign-compare; djm@openbsd.org
14718 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
14719 cleanup() now takes an int as an arg so it can be used as a signal
14724 Make a copy of the shell field in the passwd struct for NewArgv to
14725 avoid a use after free situation after sudo_endpwent() is called.
14728 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
14730 * config.h.in, configure, configure.in:
14731 Add mkstemp() for those poor souls without it.
14735 Add mkstemp() for those poor souls without it.
14739 Add mkstemp() for those poor souls without it.
14742 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
14745 Add PERL5DB to list of environment variables to remove.
14748 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
14750 * mon_systrace.c, mon_systrace.h:
14751 Instead of calling the check function twice with a state cookie use
14752 separate check/log functions.
14754 Check more ioctl() calls for failure.
14756 systrace_{read,write} now return the number of bytes read/written or
14761 Add more environment variables to remove; from gentoo linux Add some
14762 comments about what bad env variables go to what (more to do)
14765 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
14767 * sudo.c, sudo_edit.c:
14768 Move sudo_end{gr,pw}ent() until just before the exec since they free
14769 up our cached copy of the passwd structs, including sudo_user and
14770 sudo_runas. Fixes a use-after-free bug.
14774 Close all fd's before executing editor.
14778 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
14782 Fix fd leak when lecture file option is enabled. From Jerry Brown
14785 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
14788 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
14789 environment variables to remove. From Charles Morris
14792 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
14795 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
14798 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
14801 add PS4 and SHELLOPTS to initial_badenv_table for bash
14804 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
14807 Fix typo; Toby Peterson
14810 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
14813 Make return buffers static so they don't get clobbered
14816 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
14819 Fix securid5 authentication, was not checking for ACM_OK. Also add
14820 default cases for the two switch()es. Problem noted by ccon at
14824 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
14827 Remove ncat() in favor of just counting bytes and pre-allocating
14831 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
14834 Fix up some comments Add missing fclose() for the rootbinddn case
14838 align struct ldap_config
14842 use LINE_MAX for max conf file line size
14846 add _PATH_LDAP_SECRET
14850 Mention rootbinddn Give example ou=SUDOers container
14853 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
14855 * INSTALL, configure, configure.in, ldap.c:
14856 Support rootbinddn in ldap.conf
14859 * env.c, sudo.pod, sudoers.pod:
14860 Preserve DISPLAY environment variable by default.
14863 * acsite.m4, configure:
14864 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
14867 * acsite.m4, configure:
14868 set need_version=no for all cases; this is safe for LD_PRELOAD
14875 * configure, configure.in:
14880 Fix call to pam_end() when pam_open_session() fails.
14888 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
14889 ltsugar.m4 ltversion.m4
14892 * config.guess, config.sub, ltmain.sh:
14893 merge in local changes: config.guess: o better openbsd support
14894 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
14895 libs must begin with "lib" o don't print a bunch of crap about
14896 library installs o don't run ldconfig
14899 * config.guess, config.sub, ltmain.sh:
14904 Update with autoupdate and make minor changes for libtool 1.9f
14907 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
14910 don't call sudo_ldap_display_cmnd if ldap not setup
14913 * sudo_edit.c, visudo.c:
14914 Move declatation of struct timespec to its own include files for
14915 systems without it since it needs time_t defined.
14919 Move declatation of struct timespec to its own include files for
14920 systems without it since it needs time_t defined.
14924 Move declatation of struct timespec to its own include files for
14925 systems without it since it needs time_t defined.
14929 Move declatation of struct timespec to its own include files for
14930 systems without it since it needs time_t defined.
14933 * check.c, compat.h:
14934 Move declatation of struct timespec to its own include files for
14935 systems without it since it needs time_t defined.
14939 Don't set safe_cmnd for the "sudo ALL" case.
14942 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
14945 Call pam_open_session() and pam_close_session() to give pam_limits a
14946 chance to run. Idea from Karel Zak.
14949 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
14952 Add explicit cast from mode_t -> u_int in printf to silence warnings
14957 include grp.h to silence a warning on Solaris
14960 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
14963 Fix printing of += and -= defaults.
14966 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
14969 Sanity check number of syscall args with argsize. Not really needed
14970 but a little paranoia never hurts.
14973 * mon_systrace.c, mon_systrace.h:
14974 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
14975 for systrace lengths (since it uses int)
14978 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
14981 Add some memsets for paranoia Fix namespace collsion w/ error Check
14982 rval of decode_args() and update_env() Remove improper setting of
14986 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
14988 * parse.c, sudo.c, sudo.h:
14989 In -l mode, only check local sudoers file if def_ignore_sudoers is
14990 not set and call LDAP versions from display_privs() and
14991 display_cmnd() instead of directly from main(). Because of this we
14992 need to defer closing the ldap connection until after -l processing
14993 has ocurred and we must pass in the ldap pointer to display_privs()
14994 and display_cmnd().
14998 Reorganize LDAP code to better match normal sudoers parsing.
14999 Instead of storing strings for later printing in -l mode we do
15000 another query since the authenticating user and the user being
15001 listed may not be the same (the new -U flag). Also add support for
15004 There is still a fair bit if duplicated code that can probably be
15008 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
15011 Replace pass variable with do_netgr for better readability.
15019 estrdup, not strdup
15022 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
15025 Add macro to test if the tag changed to improve readability.
15029 Avoid printing defaults header if there are no defaults to print...
15033 Fix a warning on systems without strlcpy().
15037 Use macros where possible for sudo_grdup() like sudo_pwdup().
15040 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
15043 It is possible for tv_usec to hold >= 1000000 usecs so add in
15047 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
15050 The component in krb5_principal_get_comp_string() should be 1, not 0
15051 for Heimdal. From Alex Plotnick.
15054 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
15056 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
15057 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
15058 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
15059 Add efree() for consistency with emalloc() et al. Allows us to rely
15060 on C89 behavior (free(NULL) is valid) even on K&R.
15064 Move initgroups() for -U option into display_privs() so group
15065 matching in sudoers works correctly.
15068 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
15071 Removed duplicate call to ldap_unbind_s introduced along with
15076 Add missing space in Defaults printing
15079 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
15082 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
15086 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
15089 Zero old pw_passwd before replacing with version from shadow file.
15092 * configure, configure.in:
15093 Only attempt shadow password detection if PAM is not being used Add
15094 shadow_* variables to make shadow password detection more generic.
15098 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
15101 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
15104 use a non-breaking space to avoid a double space after e.g.
15108 commna, not colon after e.g.
15111 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
15114 Add __ variants of the exec functions. GNU libc at least uses
15115 __execve() internally.
15119 Match reality a bit more.
15123 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
15127 Store shadow password after making a local copy of struct passwd in
15128 case normal and shadow routines use the same internal buffer in
15132 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
15134 * alloc.c, logging.c:
15135 Make varargs usage consistent with the rest of the code.
15138 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
15141 Wrap more of the exec family since on Linux the others do not appear
15142 to go through the normal execve() path.
15146 make print_unused static like proto says
15150 silence a warning on K&R systems
15153 * alias.c, error.c:
15154 make this build in K&R land
15158 make this build in K&R land
15161 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
15167 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
15170 return(foo) not return foo optimize _atobool() slightly
15178 Reformat to match the rest of sudo's code.
15182 I am the primary author
15185 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
15187 * Makefile.in, README, RUNSON:
15188 The RUNSON file is toast--it confused too many people and really
15189 isn't needed in a configure-oriented world.
15193 alternate -> alternative
15197 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
15202 Allow leading blanks before Defaults and Foo_Alias definitions
15206 fix rules to build toke.o and gram.o in devel mode
15209 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
15212 env_keep overrides set_logname
15216 Fix disabling set_logname and make env_keep override set_logname.
15219 * compat.h, config.h.in, configure, configure.in:
15220 No longer need memmove()
15224 Just clean the environment once. This assumes that any further
15225 setenv/putenv will be able to handle the fact that we replaced
15226 environ with our own malloc'd copy but all the implementations I've
15230 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
15233 In -i mode, base the value of insert_env()'s dupcheck flag on
15234 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
15237 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
15240 Move setting of user_path, user_shell, user_prompt and prev_user
15241 into init_vars() since user_shell at least is needed there.
15244 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
15251 Fix some printf format mismatches on error.
15255 Fix some printf format mismatches on error.
15258 * configure, gram.c, toke.c:
15262 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
15263 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
15264 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
15265 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
15266 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
15267 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
15268 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
15269 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
15270 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
15271 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
15272 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
15273 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
15274 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
15275 visudo.pod, zero_bytes.c:
15276 Update copyright years.
15279 * Makefile.binary.in:
15280 Update copyright years.
15284 Update copyright years.
15287 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
15292 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
15295 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
15297 * compat.h, logging.h, sudo.h:
15298 Add __printflike and use it with gcc to warn about printf-like
15302 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
15304 * CHANGES, ChangeLog:
15305 Replaced CHANGES file with ChangeLog generated from cvs logs
15309 Use warning/error instead of perror/fatal.
15313 Update OpenBSD section
15317 Add upgrading noted for 1.7
15320 * env.c, sudo.c, sudoers.pod:
15321 Instead of zeroing out the environment, just prune out entries based
15322 on the env_delete and env_check lists. Base building up the new
15323 environment on the current environment and the variables we removed
15327 * config.h.in, configure, configure.in, sudo.c:
15328 Set locale to "C" if locales are supported, just to be safe.
15332 Cast?argument to ctype functions to unsigned char.
15335 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
15338 correct value for DID_USER
15341 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
15342 #include <compat.h> not "compat.h"
15346 Reset the environment by default.
15350 Alloc an extra slot in NewArgv. Removes the need to malloc an new
15351 vector if execve() fails.
15354 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
15356 * INSTALL, config.h.in, configure, configure.in, sudo.c:
15357 Use execve(2) and wrap the command in sh if we get ENOEXEC.
15360 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
15363 Only include time.h on systems that lack struct timespec which gets
15364 defind in compat.h (using time_t).
15368 Include time.h for time_t in compat.h for systems w/o struct
15372 * compat.h, config.h.in, configure, configure.in:
15373 use bcopy on systems w/o memmove
15377 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
15382 Add explicit rule to build sudo_noexec.lo
15385 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
15387 * INSTALL.configure, Makefile.in:
15388 No longer depend on VPATH; pointed out a bunch of missed
15393 Help for PAM when account section is missing
15397 Give user a clue when there is a missing "account" section in the
15402 Better error handling.
15405 * config.h.in, configure, configure.in:
15406 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
15407 possible. Silences a warning about isblank() on linux.
15411 Fix typo (missing comma) that caused an incorrect number of args to
15412 be passed to log_error().
15415 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
15418 Don't try to destroy a tree we didn't create.
15421 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
15423 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
15424 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
15425 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15426 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
15427 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
15428 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
15429 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
15430 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
15431 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
15432 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
15433 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
15434 Add __unused to rcsids
15437 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
15439 * configure, configure.in:
15440 Fix error message when mixing invalid auth types
15444 PAM, AIX auth, BSD auth and login_cap are now on by default if the
15448 * auth/sudo_auth.h, config.h.in:
15449 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
15453 Better checking for conflicting authentication methods Display the
15454 authentication methods used at the end of configure Rename --with-
15455 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
15456 --with-pam, --with-logincap by default on systems that support them
15457 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
15458 OSREV has full version number
15461 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
15463 * def_data.c, def_data.in, sudo.c, sudoers.pod:
15467 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
15470 Replace: test -n "$FOO" || FOO="bar"
15472 With: : ${FOO='bar'}
15475 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
15477 * pwutil.c, testsudoers.c, tsgetgrpw.c:
15478 Use function pointers to only call private passwd/group routines
15479 when using a nonstandard passwd/group file.
15482 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
15489 Can't use strtok() since it doesn't handle empty fields so add
15490 getpwent()/getgrent() functions and call those.
15493 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
15496 Fix dummied out toke.c and gram.c dependencies.
15500 Rename PARSESRCS -> GENERATED since it is only used in the clean
15501 target Add devdir variable and use it to specify the path to parser
15510 Add a devdir variables that defaults to $(srcdir) and is set to . if
15511 --devel was specified. Allows for proper dependecies building the
15516 Add support for custom passwd/group files.
15520 Build private copy of pwutil.o for testsudoers with MYPW defined so
15521 it uses our own passwd/group routines.
15525 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
15526 stubs instead. We can now just use the caching sudo_*{pw,gr}*
15527 functions in pwutil.c Add comment about wanting to call
15528 sudo_endpwent/sudo_endgrent in cleanup()
15532 Remove caching; we will just use what is in pwutil.c Use global
15533 buffers for passwd/group structs Rename functions from sudo_* to
15537 * logging.c, sudo.c:
15538 g/c pwcache_init/pwcache_destroy
15542 Undo last commit and add sudo_setspent and sudo_endspent instead.
15545 * getspwuid.c, pwutil.c:
15546 Move all but the shadow stuff from getspwuid.c to pwutil.c and
15547 pwcache_get and pwcache_put as they are no longer needed. Also add
15548 preprocessor magic to use private versions of the passwd and group
15549 routines if MYPW is defined (for use by testsudoers).
15553 zero out struct passwd/group before filling it in so if there are
15554 fields we don't handle they end up as 0.
15557 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
15562 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
15567 Passwd and group lookup routines for testsudoers that support
15568 alternate passwd and group files.
15571 * getspwuid.c, pwutil.c:
15572 Split off pw/gr cache and dup code into its own file. This allows
15573 visudo and testsudoers to use the pw/gr cache too.
15576 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
15579 Print Defaults info in "sudo -l" output and wrap lines based on the
15583 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
15585 * match.c, testsudoers.c, visudo.c:
15586 Only check group vector in usergr_matches() if we are matching the
15587 invoking or list user. Always check the group members, even if
15588 there was a group vector.
15591 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
15593 * LICENSE, Makefile.in, fnmatch.3:
15594 No longer bundle fnmatch.3
15601 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
15608 Sort command line options
15611 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
15612 sudo.pod, sudoers.pod:
15613 Add closefrom sudoers option to start closing at a point other than
15614 3. Add closefrom_override sudoers option and -C sudo flag to allow
15615 the user to specify a different closefrom starting point.
15619 Add _PATH_DEVNULL for those without it.
15623 no more UCB strcasecmp
15627 replace BSD licensed one with version derived from pdksh
15630 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
15637 Make sure stdin, stdout and stderr are open and dup them to
15641 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
15643 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
15644 add sudo_ldap_close
15647 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
15648 Use TIME_WITH_SYS_TIME
15651 * config.h.in, configure, configure.in:
15652 Add TIME_WITH_SYS_TIME_H
15655 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
15658 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
15659 unconditionally on darwin. From Toby Peterson.
15663 Check rbinsert() return value. In the case of faked up entries
15664 there is usually a negative response cached that we need to
15667 In pwfree() don't try to zero out a NULL pw_passwd pointer.
15671 Use the double fork trick to avoid the monitor process being waited
15672 for by the main program run through sudo.
15675 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
15678 Call initgroups() in -U mode so group matches work normally.
15681 * def_data.h, mkdefaults:
15682 Don't print a trailing comma for the last entry in enum def_tupple
15685 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
15687 * sudoers.cat, sudoers.man.in, sudoers.pod:
15688 Mention values when lecture, listpw and verifypw are used in boolean
15692 * def_data.c, def_data.in:
15693 verifypw when used in a boolean TRUE context should be "all", not
15697 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
15699 * def_data.in, defaults.c:
15700 Allow tuples that can be used as booleans to be used as boolean
15701 TRUE. In this case the 2nd possible value of the tuple is used for
15705 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
15707 * configure, configure.in:
15708 Correct the test for 2-parameter timespecsub
15712 Add strub struct definitions for passwd, timeval and timespec
15715 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
15716 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
15717 and fix a typo in the gettimeofday check.
15720 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
15722 * match.c, testsudoers.c:
15723 Deal with user_stat being NULL as it is for visudo and testsudoers.
15726 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
15727 Add -U option to use in conjunction with -l instead of -u. Add
15728 support for "sudo -l command" to test a specific command.
15731 * gram.c, gram.y, sudo.c:
15732 Set safe_cmnd after sudoers_lookup() if it has not been set.
15733 Previously it was set by sudo "ALL" in the parser but at that point
15734 the fully-qualified pathname has not yet been found.
15737 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
15739 * parse.c, testsudoers.c:
15740 Correctly handle multiple privileges per userspec and runas
15744 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
15747 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
15750 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
15753 make per-command defaults work with sudoedit
15756 * ldap.c, parse.c, sudo.c, sudo.h:
15757 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
15758 Instead, we just set the approriate defaults variable.
15761 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
15762 Document per-command Defaults.
15765 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
15766 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
15767 Add support for command-specific Defaults entries. E.g.
15768 Defaults!/usr/bin/vi noexec
15771 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
15772 Change an occurence of user_matches() -> runas_matches() missed
15773 previously runas_matches(), host_matches() and cmnd_matches() only
15774 really need to pass in a list of members. user_matches() still
15775 needs to pass in a passwd struct because of "sudo -l"
15779 Check def_authenticate, def_noexec and def_monitor when setting
15780 return flags. XXX May be better to just set the defaults directly
15781 and get rid of those flags.
15784 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
15785 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
15786 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15787 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
15788 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
15789 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
15790 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
15791 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
15792 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
15793 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
15794 visudo.c, zero_bytes.c:
15795 Use: #include <config.h> Not: #include "config.h" That way we get
15796 the correct config.h when build dir != src dir
15800 Back out part of rev 1.263; fix -I order
15804 More robust parsing if #include; could be much better still.
15807 * sudo_edit.c, visudo.c:
15808 Make arg splitting in visudo and sudoedit consistent.
15811 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
15812 Split alias routines out into their own file.
15816 __attribute__ is already defined in compat.h
15820 quit() should not be __noreturn__ as it is non-void on some
15824 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
15825 Add local error/warning functions like err/warn but that call an
15826 additional cleanup routine in the error case. This means we no
15827 longer need to compile a special version of alloc.o for visudo.
15831 Clarify comments about the data structures
15834 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
15837 Add support for VISUAL and EDITOR containing command line args. If
15838 env_editor is not set any args in VISUAL and EDITOR are ignored.
15839 Arguments are also now supported in def_editor.
15842 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
15845 alias_matches() is no more
15853 When regenerating the parser, don't replace gram.h unless it has
15858 remove Makefile.binary for distclean
15862 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
15863 sure we can't overflow new_env.
15867 paranoia when stripping trailing slashes from tempdir.
15871 Set user_ngroups to 0 if getgroups() returns an error.
15874 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
15876 * config.h.in, configure, configure.in, sudo.c:
15877 Add configure check for getgroups()
15881 Use supplementary group vector in struct sudo_user.
15885 Only do string comparisons on the group members if there is no
15886 supplemental group list.
15894 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
15895 chop off any trailing slashes we see and add an explicit one.
15899 remove bogus XXX comment
15903 Get rid of alias_matches and correctly fall through to the non-alias
15904 cases when there is no alias with the specified name.
15908 Cache non-existent passwd/group entries too.
15919 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
15920 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
15921 Implement group caching and use the passwd and group caches
15925 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
15928 Properly negate the return value of alias_matches() when
15933 Make hostname_matches() return TRUE for a match, else FALSE like the
15938 Add missing dependencies on gram.h
15942 Use runas_matches in alias_matches() now that we have it.
15945 * parse.c, parse.h:
15946 Expand aliases in "sudo -l" mode
15950 Use ALIAS for the member type when storing an alias instead of
15951 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
15952 more generic type. Expand runas_matches instead of calling
15953 user_matches() inside of it since user_matches() looks up
15954 USERALIASes, not RUNASALIASes.
15957 * CHANGES, getspwuid.c:
15958 Paranoia; zero out pw_passwd before freeing passwd entry.
15961 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
15962 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
15963 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
15964 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
15965 Add local error/warning functions like err/warn but that call an
15966 additional cleanup routine in the error case. This means we no
15967 longer need to compile a special version of alloc.o for visudo.
15971 Use userpw_matches() to compare usernames, not strcmp(), since the
15972 latter checks for "#uid".
15975 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
15976 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
15977 the other by user name. The data returned from the cache should be
15978 considered read-only and is destroyed by sudo_endpwent().
15986 missing free in alias_destroy
15990 Can't use rbapply() for rbdestroy since the destructor is passed a
15991 data pointer, not a node pointer.
15994 * getspwuid.c, logging.c, sudo.c, sudo.h:
15995 Create and use private versions of setpwent() and endpwent() that
15996 set/end the shadow password file too.
15999 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
16000 Store aliases in a red-black tree.
16003 * Makefile.in, redblack.c, redblack.h:
16004 red-black tree implementation
16008 Edit all sudoers file if there were unused or undefined aliases and
16009 we are in strict mode.
16012 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
16014 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
16015 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
16016 Bring back the "secure_path" Defaults option now that Defaults take
16017 effect before the path is searched.
16020 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
16022 * logging.c, parse.c:
16023 A user can always list their own entries, even with -u. Better error
16024 message when failing to list another user's entries.
16027 * parse.c, sudo.c, sudo.h:
16028 The syntax to list another user's entries is now "-u otheruser -l".
16029 Only root or users with sudo "ALL" may list other user's entries.
16032 * sudo.cat, sudo.man.in, sudo.pod:
16033 Update env variable info in SECURITY NOTES
16041 strip exported bash functions from the environment.
16044 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
16047 Only reset sudo_user.pw based on SUDO_USER environment variables for
16048 real commands and sudoedit. This avoids a confusing message when a
16049 user tries "sudo -l" or "sudo -v" and is denied.
16052 * gram.c, gram.y, parse.h:
16053 Extend LIST_APPEND to deal with appending lists too
16056 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
16059 Convert some bitwise AND to ISSET
16062 * lex.yy.c, toke.c:
16063 toke.c replaces lex.yy.c
16071 new parser fixes most of the outstanding bugs
16079 Rework for the new parser. Now checks for unused aliases in sudoers.
16083 Rewrite for the new parser. Now supports a -d flag (dump) and adds
16084 a -h flag (host). It now defaults to the local hostname unless
16085 otherwise specified.
16089 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
16093 Update for new parse. We now call find_path() *after* we have
16094 updated the global defaults based on sudoers. Also adds support for
16095 listing other user's privs if you are root.
16099 Working LDAP support; also remove a now-unneeded rewind().
16102 * logging.c, logging.h:
16103 Add NO_STDERR flag.
16107 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
16108 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
16109 connecto to LDAP, apply the default options, find the command in the
16110 user's path, and then check whether the user is allowed to run it.
16111 The important thing here is that the default runas user may be
16112 specified as a default option and that needs to be set before we
16113 search for the command.
16117 Add casts to unsigned char for isspace() to quiet a gcc warning.
16121 Add prototype for update_defaults()
16125 Don't warn about line numbers now that we operate on a set of data
16126 structures (or LDAP) and not a file.
16130 No long use lsearch()
16134 Update for new and changed file names.
16138 no more BSD lsearch.c
16142 foo_matches() routines now live in match.c Added user_matches(),
16143 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
16144 that operate on the parsed sudoers file.
16147 * parse.lex, toke.l:
16148 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
16149 WORD no longer needs to exclude '@' kill yywrap()
16152 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
16154 Rewritten parser that converts sudoers into a set of data
16155 structures. This eliminates ordering issues and makes it possible to
16156 apply sudoers Defaults entries before searching for the command.
16159 * configure.in, emul/search.h, lsearch.c:
16160 We won't be using lsearch() any longer.
16164 sudo should not send mail if someone who runs 'sudo -l' has no
16168 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
16174 Update warnings to match new visudo
16178 The new parser doesn't have the old ordering constraints.
16182 Document that -l now takes an optional username argument
16185 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
16192 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
16193 a compilation problem with Solaris 9's native LDAP.
16195 Set FLAG_MONITOR when needed.
16198 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
16201 Call sudo_goodpath() *after* changing the cwd to match the traced
16202 process. Fixes relative paths.
16205 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
16208 Kill set_perms() stub--it is no longer needed.
16211 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
16213 * sudoers.cat, sudoers.man.in, sudoers.pod:
16214 stay_setuid now requires set_reuid() or setresuid()
16217 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
16218 configure.in, set_perms.c, sudo.c, sudo.h:
16219 Kill use of POSIX saved uids; they aren't worth bothering with.
16222 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
16225 remove call to issetugid()
16228 * sudoers.cat, sudoers.man.in, sudoers.pod:
16229 Remove warning about wildcards. Now that we use glob() the bug is
16234 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
16235 each result that matches the basename of the user's command. This
16236 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
16237 /usr/bin/blah. Fixes bug #143.
16240 * config.h.in, configure, configure.in:
16241 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
16245 * config.h.in, configure, configure.in:
16246 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
16254 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
16259 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
16263 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
16266 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
16267 means we are out of space in the stack gap...
16275 Take a stab at ldap sudoers support here.
16278 * mon_systrace.c, mon_systrace.h:
16279 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
16280 doesn't cause reboot to inadvertanly kill itself.
16284 put "monitor" in the proctitle, not "systrace"
16288 When modifying the environment, don't replace envp when we can get
16289 away with just rewriting pointers in the traced process.
16292 * mon_systrace.c, mon_systrace.h:
16293 Add environment updating via STRIOCINJECT (if available).
16296 * sudoers.cat, sudoers.man.in:
16300 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
16307 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
16311 Include file is now mon_systrace.h
16314 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
16315 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
16316 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
16317 No longer call it tracing, it is now "monitoring" which should be
16318 more a obvious name to non-hackers.
16321 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
16323 * mon_systrace.c, mon_systrace.h:
16327 * mon_systrace.c, mon_systrace.h:
16328 No need to include syscall.h, use 1024 as the max # of entries (the
16329 max that systrace(4) allows).
16331 Only need to use SYSTR_POLICY_ASSIGN once
16333 Change check_syscall() -> find_handler() and have it return the
16334 handler instead of just running it. We need this since handler now
16335 have two parts: one part that generates and answer and another that
16336 gets called after the answer is accepted (to do logging).
16338 Add some missing check_exec for emul execv
16341 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
16346 Add missing HAVE_LINUX_SYSTRACE_H
16350 add trace_systrace.o dependency
16353 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
16355 * configure, configure.in:
16356 Also look for systrace.h in /usr/include/linux
16359 * mon_systrace.c, mon_systrace.h:
16360 Move all struct defs and prototypes into trace_systrace.h and mark
16361 all but systace_attach() static.
16364 * mon_systrace.c, mon_systrace.h:
16365 Add support for tracing emulations. At the moment, all emulations
16366 are compiled in. It might make sense to #ifdef them in the future,
16367 though this impeeds readability.
16370 * Makefile.in, configure, configure.in:
16371 rename systrace.c -> trace_systrace.c
16374 * parse.yacc, sudo.tab.c:
16375 Allow this to build with a K&R compiler again
16382 * compat.h, sudo.c, visudo.c:
16383 Use __attribute__((__noreturn__))
16387 Exit() takes a negative value to indicate it was not called via
16391 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
16396 * Makefile.in, visudo.c:
16397 Define Err() and Errx() that are like err() and errx() but call
16398 Exit() instead of exit(). Build private copy of alloc.o for visudo
16399 that calls Err() and Errx().
16402 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
16404 * lex.yy.c, sudo.tab.c:
16413 Overhaul visudo for editing multiple files: o visudo has been
16414 broken out into functions (more work needed here) o each file is
16415 now edited before sudoers is re-parsed o if a #include line is
16416 added that file will be edited too
16418 TODO: o cleanup temp files when exiting via err() or errx() o
16419 continue breaking things out into separate functions
16422 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
16423 Add keepopen arg to open_sudoers that open_sudoers can use to
16424 indicate to the caller that the fd should not be closed when it is
16425 done with it. To be used by visudo to keep locked fds from being
16426 closed prematurely (and thus losing the lock).
16429 * parse.yacc, sudo.c:
16430 Add errorfile global that contains the name of the file that caused
16435 return COMMENT to yacc grammar for a #include line
16439 Remove us of unput() in favor of yyless() which is cheaper.
16443 Allow an empty sudoers file.
16446 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
16449 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
16452 * lex.yy.c, sudo.tab.c:
16457 Do signal setup before calling edit_sudoers(). Don't shadow the
16462 If a sudoers file includes other files, edit those too. Does not yes
16463 deal with creating the new includes files itself.
16467 init_parser now takes a path
16470 * parse.c, parse.h, parse.lex, parse.yacc:
16471 More scaffolding for dealing with multiple sudoers files: o
16472 init_parser() now takes a path used to populate the sudoers global
16473 o the sudoers global is used to print the correct file in yyerror()
16474 o when switching to a new sudoers file, perserve old file name and
16478 * Makefile.in, pathnames.h.in:
16479 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
16480 multiple sudoers files.
16484 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
16485 we start at the right file position when reading include files.
16497 Add max depth of 128 for the include stack to avoid loops.
16499 Since yyerror() doesn't stop parsing, pass return values back to
16500 yylex and call yyterminate() on error.
16503 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
16510 Mention PREVENTING SHELL ESCAPES section of sudoers man page
16513 * lex.yy.c, sudo.tab.c:
16518 Add support for #include in sudoers (visudo support TBD)
16522 make yyerror()'s argument const
16525 * testsudoers.c, visudo.c:
16526 Add open_sudoers() stubs.
16530 Rename check_sudoers() open_sudoers() and make it return a FILE *
16533 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
16535 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
16540 * Makefile.in, sudo.psf:
16541 Better HP-UX depot construction
16544 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
16547 o Made children global so check_exec() can lookup a child. o
16548 Replaced uid in struct childinfo with struct passwd * (for runas) o
16549 new_child() now takes a parent pid so the runas info can be
16550 inherited o Added find_child() to lookup a child by its pid o
16551 update_child() now fills in a struct passwd o Converted the big
16552 if/else mess in set_policy to a switch o Syscalls that change uid
16553 are now "ask" so we get SYSTR_MSG_UGID events
16557 Add flag to sudo_pwdup that indicates whether or not to lookup the
16558 shadow password. Will be used to a struct passwd that has the
16559 shadow password already filled in.
16563 add missing increment of addr in read_string()
16567 Remove bogus call to update_child() and some cosmetic fixes
16571 Don't leak /dev/systrace fd to tracee Make initialized global for
16572 simplicity If STRIOCATTACH returns EBUSY we are already being traced
16573 Check for user_args == NULL in setproctitle() call Add missing calls
16578 g/c sudo_pwdup proto
16581 * Makefile.in, sudo.psf:
16582 Add target for building a depot file
16589 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
16591 * lex.yy.c, sudo.tab.c, sudo.tab.h:
16596 document --with-systrace
16599 * config.h.in, configure, configure.in:
16600 Add check for setproctitle
16604 pass struct str_msg_ask in to syscall checker so it can set the
16609 systrace(4) support for sudo. On systems with the systrace(4)
16610 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
16611 intercept exec calls and check the exec args against the sudoers
16612 file. In other words, sudo can now control subcommands and shell
16617 Call systrace_attach() if FLAG_TRACE is set.
16620 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
16621 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
16625 Don't close sudoers_fp, keep it open and set close on exec flag
16629 * def_data.c, def_data.h, def_data.in:
16638 SunOS /bin/sh blows up with configure
16641 * configure, configure.in:
16642 Include sys/param.h before systrace.h
16654 line up options in --help
16657 * config.h.in, configure.in:
16658 Add --with-systrace
16661 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
16667 * aclocal.m4, configure.in:
16668 make this work with autoconf-2.59
16671 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
16674 Simplify logic around open & stat of files and do sanity on edited
16675 file even if we lack fstat (still racable but worth doing).
16678 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
16686 [b84ebfaf1552] [SUDO_1_6_8p1]
16689 more changes for 1.6.8p1
16696 * CHANGES, sudo_edit.c:
16697 Add sanity check so we don't try to edit something other than a
16701 2004-09-15 Aaron Spangler <aaron777@gmail.com>
16708 document --with-ldap-conf-file
16711 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
16713 * CHANGES, ins_csops.h:
16714 political correctness strikes again
16721 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
16723 * Makefile.binary.in, Makefile.in:
16724 Install sudoedit man link
16728 Update PAM note and mention where HP-UX users can download gcc
16733 libtool wants to install stuff from .libs so fake one up for binary
16737 * Makefile.binary.in:
16738 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
16742 Deal with "uname -m" having slashes in it rm -f old sudoedit link
16743 instead of using ln -f
16746 * Makefile.binary, Makefile.binary.in:
16747 Makefile.binary -> Makefile.binary.in for config.status substitution
16748 Add support for installing noexec bits
16752 Copy noexec bits into binary dists too No longer use my old arch
16753 script for making binary dists
16757 Install sudoedit link.
16760 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
16763 avoid __P so there is no need for compat.h to be included
16767 Don't use HAVE_UTIME_H before including config.h.
16770 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
16773 Fix Solatis futimes macro
16776 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
16779 Rename ots -> omtim for improved readability.
16782 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
16785 Redo changes in revision 1.7. Don't really need to keep the temp
16786 file open; re-opening it with the invoking user's euid is
16794 * sudo.cat, sudo.man.in:
16799 back out revision 1.70; it is no long applicable
16803 Let the loader initialize nep
16806 * config.h.in, configure, configure.in:
16807 Removed unneed check for fchown Add check for gettimeofday Move
16808 autoheader template stuff into separate AH_TEMPLATE lines
16811 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
16812 Use timespec throughout.
16820 function to return the current time in a struct timespec
16824 Not a darpa-sponsored file.
16827 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
16829 * compat.h, config.h.in, configure, configure.in:
16830 Add a check for struct timespec and provide it for those without.
16833 * config.h.in, configure, configure.in, sudo_edit.c:
16834 Add checks for st_mtim and st_mtimespec and add macros for pulling
16835 the mtime sec and nsec out of struct stat. These are used in
16836 sudo_edit() to better tell whether or not the file has changed.
16839 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
16840 Add an extra param to touch() for nsec
16844 Call mkstemp() as the in invoking user so we don't have to chown the
16845 file later. Only touch() the temp file if we can do it via the file
16846 descriptor. Don't check for modification of the temp file if we lack
16847 fstat(). Catch errors read()ing the temp file.
16851 If path is NULL and fd == -1 return -1.
16855 closefrom() is overkill, the only extra fds are the ones we opened
16856 so just close those in the child.
16859 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
16860 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
16862 Use utimes() and futimes() instead of utime() in touch(), emulating
16863 as needed. Not all systems are able to support setting the times of
16864 an fd so touch() takes both an fd and a file name as arguments.
16867 2004-09-07 Aaron Spangler <aaron777@gmail.com>
16873 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
16875 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
16880 * sudo.pod, sudoers.pod, visudo.pod:
16881 Add SUPPORT section and re-order some of the sections to match the
16882 order we use in OpenBSD.
16885 2004-09-06 Aaron Spangler <aaron777@gmail.com>
16888 Openldap ~/.ldaprc fix
16891 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
16894 Talk about how the editor must write its changes to the original
16895 file and not just use rename(2).
16903 Keep the temp file open instead of re-opening after the editor has
16908 Update for current redhat/fedora core.
16911 2004-09-03 Aaron Spangler <aaron777@gmail.com>
16917 2004-09-02 Aaron Spangler <aaron777@gmail.com>
16920 config tls_* options
16923 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
16925 * configure, configure.in:
16926 No need for -lcrypt when using pam.
16929 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
16935 2004-08-27 Aaron Spangler <aaron777@gmail.com>
16937 * configure.in, ldap.c, pathnames.h.in:
16938 Allow --with-ldap-conf-file option to override LDAP_CONF
16942 cleanup debug message
16945 2004-08-26 Aaron Spangler <aaron777@gmail.com>
16951 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
16953 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
16954 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
16955 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
16956 longer use gross statics in command_matches(). Also rename some
16957 variables for improved clarity.
16960 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
16963 document HP's crippled compiler deficiency.
16967 Fix some thinkos in --with-editor and --with-env-editor
16968 descriptions. Noticed by Norihiko Murase.
16971 * configure, configure.in:
16972 --with-noexec takes an optional PATH argument.
16976 document --with-noexec
16979 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
16983 [f2503bd13373] [SUDO_1_6_8]
16986 Better warning message when sudoedit is unable to write to the
16990 * sudo.cat, sudo.man.in:
16995 Don't italicize the string "sudoedit"
16998 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
17004 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
17011 Reset used_runas to FALSE when re-intializing the parser.
17014 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
17017 Correct OpenBSD mips support
17024 2004-08-07 Aaron Spangler <aaron777@gmail.com>
17027 More behavior notes
17031 Updates on current behavior
17034 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
17037 =back does not take an indentlevel (makes no difference to formatted
17042 =back does not take an indentlevel (makes no difference to formatted
17051 Consistency. Use same error for bad -u #uid when targetpw is set as
17052 we do when a bad -u username is specified.
17056 Add checksum idea from Steve Mancini
17059 * sudoers.cat, sudoers.man.in:
17063 * sudo.cat, sudo.man.in:
17067 * sudo.pod, sudoers.pod:
17068 Document the restriction on uids specified via -u when targetpw is
17073 Error out when targetpw is enabled and sudo is run with -u #uid but
17074 #uid does not exist in the passwd database. We can't do target
17075 authentication when the target is not in passwd!
17078 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
17083 Some more todo for the next release.
17087 Make it clear that PAM should be used for DCE support when possible.
17091 o Document problems with wildcards and relative paths. o Make the
17092 order requirements more prominent. o Change a "set" to "reset" for
17096 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
17099 Mention --with-secure-path, not SECURE_PATH.
17102 2004-08-03 Aaron Spangler <aaron777@gmail.com>
17105 reflect changes to parse.c
17108 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
17114 * parse.c, parse.h, testsudoers.c, visudo.c:
17115 Don't pass user_cmnd and user_args to command_matches(), just use
17116 the globals there. Since we keep state with statics anyway it is
17117 misleading to pretend that passing in different cmnd and cmnd_args
17122 Don't pass user_cmnd and user_args to command_matches(), just use
17123 the globals there. Since we keep state with statics anyway it is
17124 misleading to pretend that passing in different cmnd and cmnd_args
17129 Fix a bug introduced in rev. 1.149. When checking for pseudo-
17130 commands check for a '/' anywhere in cmnd, not just the first
17134 2004-07-31 Aaron Spangler <aaron777@gmail.com>
17136 * sudo.man.in, sudo.pod:
17137 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
17140 * sudoers.man.in, sudoers.pod:
17141 Add ignore_local_sudoers
17145 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
17149 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
17155 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
17162 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
17163 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
17166 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
17172 2004-07-08 Aaron Spangler <aaron777@gmail.com>
17175 Better debugging of ALL command
17178 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
17181 When matching for "sudoedit" in sudoers check both the command the
17182 user typed *and* the command that is listed in the sudoers entry.
17185 2004-07-04 Aaron Spangler <aaron777@gmail.com>
17188 Added !command feature
17191 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
17194 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
17197 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
17200 License is ISC-style, not BSD-style
17207 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
17209 * sudo.cat, sudo.man.in:
17214 o Update some out of date bits to reality o Change the shell promt
17215 in examples to bourne-shell style o Clarify some details o Add a
17216 CAVEAT about "sudo cd /foo"
17220 Don't ask for a password if invoking user == target user.
17227 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
17229 * sudoers.cat, sudoers.man.in:
17234 Expand on NOEXEC a little.
17241 * visudo.cat, visudo.man.in:
17250 Add a check in visudo for runas_default being set after it has
17254 * CHANGES, parse.yacc, visudo.c:
17255 Add a check in visudo for runas_default being set after it has
17264 Add a MATCHED macro for testing whether foo_matches has been set to
17265 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
17266 Doesn't change the actual code generated.
17269 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
17280 Correct description of where Defaults specs should go.
17284 Correct description of where Defaults specs should go.
17287 * testsudoers.c, visudo.c:
17307 * auth/bsdauth.c, auth/kerb5.c:
17311 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
17317 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
17318 Remove trailing spaces, no actual code changes.
17322 Remove trailing spaces, no actual code changes.
17325 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
17326 Remove trailing spaces, no actual code changes.
17330 Remove trailing spaces, no actual code changes.
17334 Remove trailing spaces, no actual code changes.
17337 * compat.h, defaults.c, env.c:
17338 Remove trailing spaces, no actual code changes.
17342 Remove trailing spaces, no actual code changes.
17350 Fix a >=0 that should be <0 that was improperly converted when
17355 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
17356 NOMATCH when resetting it.
17360 Fix pastos introduced in SETNMATCH addition.
17363 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
17366 Update for configure changes
17374 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
17375 these in parse.yacc. Also in parse.yacc initialize the *_matches
17376 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
17377 when setting *_matches to a value that may be
17378 NOMATCH/UNSPEC/TRUE/FALSE.
17382 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
17383 these in parse.yacc. Also in parse.yacc initialize the *_matches
17384 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
17385 when setting *_matches to a value that may be
17386 NOMATCH/UNSPEC/TRUE/FALSE.
17390 Initialize runas to -2, not -1 since we need to be able to
17391 distinguish between the initialized value and the value of a non-
17392 match when passing along the runas value to multiple commands.
17394 The result of this is that an unmatched runas is now set to -1, not
17395 0. This is required now that parse.c treats a FALSE value for runas
17396 as being explicitly denied.
17399 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
17401 * sudo.c, visudo.c:
17402 Error out if argc < 1.
17406 Error out if argc < 1.
17409 * configure, configure.in:
17410 Add tests for what libs we need to link with for ldap and for
17411 whether or not lber.h needs to be explicitly included.
17414 2004-06-03 Aaron Spangler <aaron777@gmail.com>
17417 Solaris native LDAP build fix
17420 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
17423 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
17428 Add prototype for sudo_ldap_list_matches
17431 * configure, configure.in:
17432 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
17433 version too. Added check for dd_fd in `DIR' if no dirfd is found;
17434 this is now used to confitionally define the dirfd macro in
17439 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
17440 version too. Added check for dd_fd in `DIR' if no dirfd is found;
17441 this is now used to confitionally define the dirfd macro in
17446 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
17447 version too. Added check for dd_fd in `DIR' if no dirfd is found;
17448 this is now used to confitionally define the dirfd macro in
17453 Only check /proc/$$/fd if we have the dirfd function/macro.
17456 * compat.h, config.h.in, configure, configure.in:
17457 Add a check for a dirfd() function (like Linux) and add a dirfd
17458 macro in compat.h if there is no dirfd() function or macro.
17461 * closefrom.c, getcwd.c:
17462 dirfd() is now defined in compat.h as needed.
17466 Clarify closefrom() note.
17470 When checking for a command in the directory, only copy the base dir
17475 If there is a /proc/$$/fd directory, behave like the Solaris
17476 closefrom() and only close the descriptors listed therein.
17480 compat.h guarantees INT_MAX is defined.
17484 Add definitions of OPEN_MAX and INT_MAX for those without it and
17485 remove definition of RLIM_INFINITY (now unused).
17488 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
17489 sudo.c, sudo.h, visudo.c:
17490 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
17493 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
17500 Add some entries that were mailed in a while ago
17504 o sysconf returns a long, not an int. o check for negative return
17505 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
17506 define OPEN_MAX to 256 for those without it (a fair guess...)
17509 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
17512 Mention change in parse order for RunAs entries.
17519 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
17521 * INSTALL, README.LDAP, config.h.in, configure.in:
17522 o --with-ldap now takes an optional dir as a parameter o added
17523 check for ldap_initialize() and start_tls_s()
17527 Fix some typos, word choice and formatting issues.
17530 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
17533 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
17534 read/write as it is simpler.
17537 * configure, configure.in:
17538 Remove hack overriding cross-compiler check. It should no longer be
17543 Remove select() compat bits since we no longer use select().
17546 * CHANGES, tgetpass.c:
17547 Use alarm() instead of select() for the timeout for systems that
17548 don't fully/properly implement select().
17551 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
17562 Deal with systems that have no way of setting the effective uid such
17566 * configure, configure.in:
17567 Define NO_SAVED_IDS if we don't find seteuid()
17570 * config.h.in, configure, configure.in:
17571 Add back check for setreuid() since NSK doesn't have it.
17574 * sudoers.cat, sudoers.man.in:
17587 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
17588 explicitly denied and the command matched. This fixes a long-
17589 standing bug and makes: foo machine = (ALL) /usr/bin/blah
17590 foo machine = (!bar) /usr/bin/blah
17592 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
17596 Clarify mail_noperm
17599 2004-05-20 Aaron Spangler <aaron777@gmail.com>
17602 Missing DESTDIR in make install for sudo_noexec.la
17605 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
17607 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17617 Remove fastboot/fasthalt (who still remembers these?) and add a
17618 minimal sudoedit example.
17622 Remove fastboot/fasthalt (who still remembers these?) and add a
17623 minimal sudoedit example.
17626 * UPGRADE, sudo.c, visudo.c:
17627 filesystem -> file system
17631 filesystem -> file system
17634 * CHANGES, INSTALL:
17635 filesystem -> file system
17638 * sudo.pod, sudoers.pod:
17639 Fix some minor typos and formatting goofs
17647 remove my email addr
17650 * sudo.pod, sudoers.pod, visudo.pod:
17651 Use @mansectform@ and @mansectsu@ everywhere Make man page
17652 references links with L<>
17656 Accept quoted globbing characters and pass them verbatim for
17661 Document that /tmp/.odus is gone.
17665 No longer use /tmp/.odus as a possible timestamp dir unless
17666 specifically configured to do so. Instead, if no /var/run exists,
17667 use /var/adm/sudo or /usr/adm/sudo.
17671 No longer use /tmp/.odus as a possible timestamp dir unless
17672 specifically configured to do so. Instead, if no /var/run exists,
17673 use /var/adm/sudo or /usr/adm/sudo.
17677 No longer use /tmp/.odus as a possible timestamp dir unless
17678 specifically configured to do so. Instead, if no /var/run exists,
17679 use /var/adm/sudo or /usr/adm/sudo.
17683 No longer use /tmp/.odus as a possible timestamp dir unless
17684 specifically configured to do so. Instead, if no /var/run exists,
17685 use /var/adm/sudo or /usr/adm/sudo.
17688 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
17689 Preliminary changes to support nsr-tandem-nsk. Based on patches
17694 Preliminary changes to support nsr-tandem-nsk. Based on patches
17698 * check.c, compat.h:
17699 Preliminary changes to support nsr-tandem-nsk. Based on patches
17703 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
17706 There was no 1.6.7p6.
17714 add missing files to DISTFILES
17717 * sudo.cat, sudoers.cat, visudo.cat:
17726 Fix some line wrap and update (c) year
17729 2004-04-28 Aaron Spangler <aaron777@gmail.com>
17735 2004-04-07 Aaron Spangler <aaron777@gmail.com>
17741 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
17748 In Exit() when used as a signal handler, emsg is a pointer so
17749 sizeof() is wrong so make it a #define instead. Also avoid using a
17750 negative exit value. Found by Aaron Campbell
17753 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
17756 Remove bogus sentence about uids in a User_List. Document usernames
17757 vs. uid parsing in a Runas_List.
17760 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
17761 If the user specified a uid with the -u flag and the uid exists in
17762 the passwd file, set runas_user to the name, not the uid.
17764 When comparing usernames in sudoers, if a name is really a uid
17765 (starts with '#') compare it numerically to pw_uid.
17768 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
17771 krb5_mcc_ops should be const; Johnny C. Lam
17774 2004-02-28 Aaron Spangler <aaron777@gmail.com>
17776 * CHANGES, config.h.in, ldap.c:
17777 Added start_tls support
17780 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
17783 Clean up libtool stuff for 'make distclean' and add def_data.c,
17784 def_data.h to PARSESRCS.
17787 2004-02-14 Aaron Spangler <aaron777@gmail.com>
17789 * strlcat.c, strlcpy.c:
17790 Un-Fix last license munge
17793 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
17799 * CHANGES, RUNSON, TODO:
17803 * lex.yy.c, sudo.tab.c:
17807 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
17808 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
17809 emul/search.h, emul/utime.h:
17810 More to a less restrictive, ISC-style license.
17813 * auth/kerb5.c, auth/pam.c:
17814 More to a less restrictive, ISC-style license.
17817 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
17818 More to a less restrictive, ISC-style license.
17822 More to a less restrictive, ISC-style license.
17825 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
17826 More to a less restrictive, ISC-style license.
17829 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
17830 visudo.man.in, visudo.pod:
17831 More to a less restrictive, ISC-style license.
17835 More to a less restrictive, ISC-style license.
17838 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
17840 More to a less restrictive, ISC-style license.
17843 * sigaction.c, strerror.c:
17844 More to a less restrictive, ISC-style license.
17847 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
17849 More to a less restrictive, ISC-style license.
17852 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
17853 ins_goons.h, insults.h, interfaces.c, interfaces.h:
17854 More to a less restrictive, ISC-style license.
17857 * find_path.c, getprogname.c:
17858 More to a less restrictive, ISC-style license.
17862 More to a less restrictive, ISC-style license.
17866 More to a less restrictive, ISC-style license.
17870 More to a less restrictive, ISC-style license.
17873 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
17875 More to a less restrictive, ISC-style license.
17878 * utime.c, version.h:
17879 More to a less restrictive, ISC-style license.
17882 * parse.lex, parse.yacc:
17883 More to a less restrictive, ISC-style license.
17887 More to a less restrictive, ISC-style license.
17890 2004-02-13 Aaron Spangler <aaron777@gmail.com>
17893 Merged in LDAP Support
17896 * ldap.c, sudo.c, sudo.h:
17897 Merged in LDAP Support
17900 * def_data.c, def_data.h, def_data.in:
17901 Merged in LDAP Support
17904 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
17905 Merged in LDAP Support
17908 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
17910 * sudo.h, sudo_noexec.c:
17911 Only do "extern int errno" if errno is not a macro.
17914 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
17917 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
17918 euid first, then just call setuid(0) to set the real uid too.
17922 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
17923 instead of seteuid() which may not exist.
17926 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
17932 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
17933 Add --with-pc-insults configure option
17937 Prefer VISUAL over EDITOR like old vipw did.
17940 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
17942 * sudo.man.in, sudoers.man.in:
17947 Add a note that noexec is not a cure-all.
17951 Mention that disabling "root_sudo" is pretty pointless.
17954 * configure, configure.in:
17955 Substitute for root_sudo in sudoers.pod
17959 Add sudoedit to the NAME section
17963 Document that fact that setting ignore_dot in sudoers has no effect
17964 due to the fact that find_path() is called *before* sudoers is read.
17967 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
17970 Do not require _PATH_USRTMP to be set.
17973 * BUGS, CHANGES, TODO:
17982 Clarify that when sudo is run by root with the SUDO_USER variable
17983 set, the sudoers lookup happens for root and not the SUDO_USER user.
17986 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
17988 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
17989 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
17990 Use the SET, CLR and ISSET macros.
17994 Use the SET, CLR and ISSET macros.
17997 * defaults.c, env.c:
17998 Use the SET, CLR and ISSET macros.
18002 MAIN was replaced with _SUDO_MAIN some time ago.
18006 Don't look at prev_user until after we've parsed sudoers and done
18007 the password check. That way, if sudo/sudoedit is run from a root
18008 process that was invoked by sudo, we check sudoers for root, not the
18009 previous user. This makes sudoedit much more useful and means that
18010 for the sudo case, we get correct logging on who actually ran the
18014 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
18017 Add a comment describing why we need to be notified about our child
18021 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
18023 * def_data.c, def_data.in:
18024 Update the noexec variable descriptions
18027 * sudoers.man.in, sudoers.pod:
18028 noexec now replaces more than just execve()
18032 Alas, all the world does not go through execve(2). Many systems
18033 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
18034 and it is not uncommon for libc to have underscore ('_') versions of
18035 the functions to be used internally by the library. Instead of
18036 stubbing all these out by hand, define a macro and let it do the
18037 work. Extra exec functions pointed out by Reznic Valery.
18040 * sudo.c, sudo_edit.c:
18041 Fix suspending the editor in -e mode. Because we do a fork() first
18042 we need to be notified when the child has been stopped and then send
18043 that same signal to ourself so the shell can do its job control
18048 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
18049 there that want to run sudo that still don't support these we can
18050 try to deal with that later.
18057 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
18058 Document sudo -e / sudoedit
18061 * configure, configure.in:
18065 * config.h.in, configure.in:
18069 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
18072 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
18073 long usage() line to not wrap (assumes 80 char display)
18076 * Makefile.in, sudo.c:
18077 If sudo is invoked as "sudoedit" the -e flag is implied and no other
18078 flags are permitted.
18082 Add a new flag, -e, that makes it possible to give users the ability
18083 to edit files with the editor of their choice as the invoking user,
18084 not the runas user. Temporary files are used for the actual edit
18085 and the temp file is copied over the original after the editor is
18089 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
18090 Add a new flag, -e, that makes it possible to give users the ability
18091 to edit files with the editor of their choice as the invoking user,
18092 not the runas user. Temporary files are used for the actual edit
18093 and the temp file is copied over the original after the editor is
18098 If real uid == 0 and the SUDO_USER environment variables is set, use
18099 that to determine the invoking user's true identity. That way the
18100 proper info gets logged by someone who has done "sudo su" but still
18101 uses sudo to as root. We can't do this for non-root users since
18102 that would open up a security hole, though perhaps it would be
18103 acceptable to use getlogin(2) on OSes where this a system call (and
18104 doesn't just look in the utmp file).
18108 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
18111 * config.h.in, configure, configure.in:
18112 Add check for fchown(2)
18115 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
18118 Back out portions of the -i commit that set NewArgv[0] in
18119 set_runaspw. It is far to late to set NewArgv[0] there and will have
18120 no effect anyway as cmnd and safe_cmnd have already been set.
18123 * visudo.c, visudo.pod:
18124 Prefer VISUAL over EDITOR like old vipw did.
18127 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
18130 In -i mode always set new environment based on the runas user's
18134 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
18136 * sudo.man.in, sudo.pod:
18137 Document the new -i flag and sync SYNOPSIS section with usage() in
18138 sudo.c. Also sort the flags in the OPTIONS section.
18142 o Add -i that acts similar to "su -", based on patches from David J.
18143 MacKenzie o Sort the flags in the usage message
18146 * sudoers.man.in, sudoers.pod:
18147 Add a missing @runas_default@ substitution.
18150 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
18153 Change euid to runas user before calling find_path().
18154 Unfortunately, though runas_user can be modified in sudoers we
18155 haven't parsed sudoers yet.
18158 * sudoers.man.in, sudoers.pod:
18159 Add missing defintion of Parameter_List and use single pipes in the
18160 Defaults EBNF definition.
18164 Fix a bug when set_runaspw() is used as a callback. We don't want
18165 to reset the contents of runas_pw if the user specified a user via
18168 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
18169 already have the info in runas_pw.
18172 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
18175 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
18179 Update sudo_getepw() proto and add one for set_runaspw()
18183 If we can't stat the command as root, try as the runas user instead.
18186 * testsudoers.c, visudo.c:
18187 Add stub set_runaspw() function
18191 Add set_runaspw() function to fill in runas_pw. This will be used
18192 as a callback to update runas_pw when the runas user changes.
18196 PERM_RUNAS -> PERM_FULL_RUNAS
18199 * set_perms.c, sudo.h:
18200 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
18205 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
18206 one chunk for easy free()ing. Also change it from static to extern.
18209 * defaults.c, defaults.h:
18210 Add callback support
18214 Add a callback field and use it for runas_default
18217 * def_data.c, def_data.in:
18218 Add a callback field and use it for runas_default
18221 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
18224 Add support for chalnecho and display server responses used by fwtk
18228 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
18230 * sudoers.man.in, sudoers.pod:
18231 ld.so is ld.so.1 on solaris
18234 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
18235 Use closefrom() instead of doing the equivalent inline.
18239 closefrom(3) for systems w/o it
18242 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
18245 Update from .pod file.
18248 * configure, configure.in:
18249 Substitute noexec_file for the sudoers man page
18252 * sudo.man.in, sudo.pod:
18256 * sudoers.man.in, sudoers.pod:
18260 * auth/pam.c, config.h.in, configure.in:
18261 Move PAM_CONST macro definition from config.h to pam.c where it
18262 belongs. We can't have this in config.h since that gets included too
18266 * auth/pam.c, config.h.in, configure, configure.in:
18267 Some PAM implementations put their headers in /usr/include/pam
18268 instead of /usr/include/security.
18272 I missed changing the EXEC macro -> EXECV here when I changed this
18273 in config.h.in and sudo.c a while ago.
18277 OpenBSD vax/m88k/hppa don't do shared libs
18280 * configure, configure.in:
18281 o merge the hpux case entries into a single entry w/ its own sub-
18282 case statement. o HP-UX >= 11 support getspnam(), use it in
18283 preference to getprpwuid()
18286 * configure, configure.in:
18287 eval $shrext so that it expands nicely on MacOS X
18291 Don't lie about making a module, it does the wrong thing on mach
18295 Remove requirement that libs must begin with "lib". They don't when
18296 we point directly at the lib using LD_PRELOAD or its equivalent.
18300 Disable support for c++, f77 and java. We don't need it, it takes a
18301 lot of time, and it hosed our check for shared lib support.
18309 Call AC_ENABLE_SHARED and check the status of enable_shared to know
18310 when shared libs are available.
18314 Duh, OpenBSD suports shared libs too
18317 * config.h.in, configure.in:
18318 Only OpenPAM and Linux PAM use const qualifiers.
18321 * configure, configure.in:
18322 o No need to check for sed, libtool config does that for us o move
18323 check for --with-noexec until after libtool magic is run so we can
18324 use $can_build_shared and $shrext
18328 Don't print a bunch of crap about library installs since we are not
18329 really installing a library.
18333 Make format_env() varargs Add noexec support for Darwin, MacOS X,
18337 * acsite.m4, ltconfig, ltmain.sh:
18338 Update to libtool 1.5 with local changes: o no ldconfig in the
18339 finish step o assume no libprefix or version is needed
18343 Fix compilation under K&R
18346 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
18353 stub execve() that just returns EACCES; used for noexec
18358 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
18363 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
18367 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
18369 * def_data.c, def_data.h, def_data.in:
18370 Move the environment defaults to the end and shorten a few of the
18374 * configure, configure.in:
18375 no shared libs on ultris or convexos
18378 * Makefile.in, configure, configure.in:
18379 Build sudo_noexec shared object using libtool; could use some
18383 * acsite.m4, ltconfig, ltmain.sh:
18384 libtool scaffolding
18387 * parse.yacc, sudo.tab.c:
18388 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
18392 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
18393 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
18394 update copyright year
18397 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
18398 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
18399 option. The default value of noexec_file is set to this.
18402 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
18403 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
18405 Add support for preloading a shared object containing a dummy
18406 execve() function that just sets error and returns -1. This adds a
18407 "noexec_file" option to load the filename as well as a "noexec" flag
18408 to enable it unconditionally. There is also a NOEXEC tag that can
18409 be attached to specific commands and an EXEC tag to disable it.
18413 add missing newline to usage statement
18416 * config.h.in, sudo.c:
18417 Rename EXEC macro -> EXECV
18421 Don't truncate usernames to 8 characters in the log message.
18424 * check.c, sudoers.man.in, sudoers.pod:
18425 Update copyright year
18428 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
18430 Add a new option, lecture_file, that can be used to point to a
18431 custom sudo lecture.
18434 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
18436 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
18438 Add a zero_bytes() function to do the equivalent of bzero in such a
18439 way that will heopfully not be optimized away by sneaky compilers.
18443 Add a zero_bytes() function to do the equivalent of bzero in such a
18444 way that will heopfully not be optimized away by sneaky compilers.
18447 * Makefile.in, sudo.h:
18448 Add a zero_bytes() function to do the equivalent of bzero in such a
18449 way that will heopfully not be optimized away by sneaky compilers.
18453 Use #ifdef __STDC__, not #if __STDC__.
18456 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
18459 Always put at least one space between the def_* macro name and its
18463 * configure, configure.in:
18464 Adjust code for --without-lecture to match new values.
18468 regen after pasto fix
18471 * sudoers.man.in, sudoers.pod:
18472 Document that "lecture" has changed from a flag to a tuple.
18475 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
18476 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
18477 Add support for tuples in def_data.in; these are implemented as an
18478 enum type. Currently there is only a single tuple enum but in the
18479 future we may have one tuple enum per T_TUPLE entry in def_data.in.
18480 Currently listpw, verifypw and lecture are tuples. This avoids the
18481 need to have two entries (one ival, one str) for pwflags and syslog
18484 lecture is now a tuple with the following values: never, once,
18487 We no longer use both an int and string entry for syslog facilities
18488 and priorities. Instead, there are logfac2str() and logpri2str()
18489 functions that get used when we need to print the string values.
18492 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
18493 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
18494 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
18495 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
18496 sudo.tab.c, visudo.c:
18497 Create def_* macros for each defaults value so we no longer need the
18498 def_{flag,ival,str,list,mode} macros (which have been removed). This
18499 is a step toward more flexible data types in def_data.in.
18506 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
18509 If we are in -k/-K mode, just spew to stderr. It is not unusual for
18510 users to place "sudo -k" in a .logout file which can cause sudo to
18511 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
18512 Previously, this would result in useless mail and logging.
18515 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
18518 fix pasto in VISUAL description
18521 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
18532 Some OSes (like Solaris) allow export w/ nosuid too
18535 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
18538 We don't use FD_ZERO anymore so just define FD_SET (if not already
18542 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
18545 Fix a core dump on Solaris by preserving the pam_handle_t we used
18546 during authentication for pam_prep_user(). If we didn't
18547 authenticate (ie: ticket still valid), we call pam_init() from
18548 pam_prep_user(). This is something of a hack; it may be better to
18549 change the auth API and add an auth_final() function that acts like
18553 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
18556 Add explicit declaration of printerr variable in function header
18557 (was defaulting to int which is OK but oh so K&R :-). From Theo.
18560 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18562 * config.h.in, configure.in:
18563 s/HAVE_STOW/USE_STOW/
18567 Also exit waitpid() loop when pid == 0. Fixes a problem where the
18568 sudo process would spin eating up CPU until sendmail finished when
18569 it has to send mail.
18572 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
18575 Remove advertising clause, UCB has disavowed it
18579 Remove advertising clause, UCB has disavowed it
18582 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
18585 Don't assume that getgrnam() calls don't modify contents of struct
18586 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
18587 Based on a patch from Kirk Webb.
18590 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
18597 darwin has a broken setreuid() in at least some versions
18601 Fix an off by one error when reallocating the environment; Kevin Pye
18604 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
18607 Fix User_Spec definition; SEKINE Tatsuo
18610 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
18613 More info on the early days from Coggs.
18616 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
18619 remove errant semicolon that prevented compilation under heimdal
18622 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
18624 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
18625 add DARPA credit on affected files
18629 add DARPA credit on affected files
18632 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
18634 add DARPA credit on affected files
18638 add DARPA credit on affected files
18642 add DARPA credit on affected files
18645 * logging.c, parse.c:
18646 add DARPA credit on affected files
18649 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
18650 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
18651 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
18653 add DARPA credit on affected files
18656 * auth/kerb5.c, auth/pam.c:
18657 add DARPA credit on affected files
18660 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
18661 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
18663 add DARPA credit on affected files
18667 add DARPA credit on affected files
18670 * defaults.c, defaults.h:
18671 add DARPA credit on affected files
18675 add DARPA credit on affected files
18678 * Makefile.in, alloc.c, check.c:
18679 add DARPA credit on affected files
18683 slightly different wording for the darpa credit
18686 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
18692 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
18695 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
18696 Kerberos like we did before I messed things up ;-)
18698 Use krb5_principal_get_comp_string() to do the same thing w/
18699 Heimdal. I'm not sure if the component should be 0 or 1 in this
18702 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
18703 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
18704 should be a configure check for this I guess.
18707 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
18710 builtin -> built-in; Jason McIntyre
18713 * TROUBLESHOOTING, config.h.in, configure, configure.in:
18714 builtin -> built-in; Jason McIntyre
18718 built in -> built-in; Jason McIntyre
18721 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
18724 checkpoint for 1.6.7p3
18728 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
18729 Amazingly, sudo source from 1985 is available via groups.google.com
18733 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
18734 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
18735 RLIMIT_CORE restoration on some OSes.
18738 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
18741 Make this compile on Heimdal and MIT Kerberos 5
18744 * config.h.in, configure, configure.in:
18745 Check for heimdal even if we found krb5-config and define
18750 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
18751 no longer defined by MIT kerb5 (though it used to be and indeed
18752 remains so in Heimdal).
18755 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
18758 Remove newer stuff that passes multiple (possibly duplicate)
18759 directories to "mkdir -p" since that seems to break on Tru64 Unix at
18760 least. This basically brings back what shipped with sudo 1.6.6.
18763 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
18766 Correct number of args to krb5_principal_get_realm() and fix an
18767 unclosed comment that hid the bug.
18794 * CHANGES, version.h:
18803 use krb5-config to determine Kerberos V details if it exists
18806 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
18807 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
18808 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
18809 testsudoers.c, visudo.c:
18810 Use warn/err and getprogname() throughout. The main exception is
18811 openlog(). Since the admin may be filtering logs based on the
18812 program name in the log files, hard code this to "sudo".
18816 Add getprogname.c and err.c
18823 * config.h.in, configure.in:
18824 Add checks for getprognam(), __progname and err.h
18828 For systems withour err/warn functions.
18832 For systems withour err/warn functions.
18836 For systems neither getprogname() nor __progname; uses Argv[0].
18839 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
18842 checkpoint for 1.6.7p1
18845 * sudo.c, testsudoers.c:
18846 fix strlcpy() rval check (innocuous)
18850 oflow detection in expand_prompt() was faulty (false positives). The
18851 count was based on strlcat() return value which includes the length
18852 of the entire string.
18855 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
18858 checkpoint for the sudo 1.6.7 release
18859 [096bab4da29a] [SUDO_1_6_7]
18862 checkpoint for the sudo 1.6.7 release
18865 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
18868 g/c unused variable
18876 use man sections 8 and 5 for csops
18879 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
18886 Add -lskey or -lopie directly to SUDO_LIBS instead of having
18887 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
18895 Add --with-blibpath for AIX. An alternate libpath may be specified
18897 -blibpath support can be disabled. Also change conifgure such that
18898 -blibpath is not specified if no -L libpaths were added to
18903 Add --with-blibpath for AIX. An alternate libpath may be specified
18905 -blibpath support can be disabled. Also change conifgure such that
18906 -blibpath is not specified if no -L libpaths were added to
18911 Add --with-blibpath for AIX. An alternate libpath may be specified
18913 -blibpath support can be disabled. Also change conifgure such that
18914 -blibpath is not specified if no -L libpaths were added to
18919 add AIX blibpath support
18922 * INSTALL, configure.in:
18923 --with-skey and --with-opie now take an option directory argument
18924 This obsoletes a --with-csops hack (/tools/cs/skey)
18926 Also remove the remaining direct uses of "echo"
18929 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
18932 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
18933 for KTH Kerberos IV and V.
18937 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
18938 -R/path/to/dir if $with_rpath) to the specified variable.
18941 * INSTALL, configure.in:
18942 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
18943 option, --with-rpath to control this behavior.
18947 for kerb4 put libdes after libkrb on the link line
18955 fix kerberos lib check when a path is specified
18959 Fix boolean thinko in SIGCHLD reaper and call reapchild after
18960 sending mail instead of doing a conditional sudo_waitpid.
18963 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
18970 replace =DIR with [=DIR] where sensible
18974 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
18975 detection based on openssh's configure.in
18979 --with-kerb4 and --with-kerb5 now take an optional argument.
18982 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
18985 Kill remaining strcpy(), the programmer's guide says username is 32
18990 trat uid_t as unsigned long for printf and use snprintf, not sprintf
18997 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
18999 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
19000 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
19001 auth/rfc1938.c, auth/sudo_auth.c:
19002 update copyright year
19005 * sudo.man.in, sudoers.man.in, visudo.man.in:
19006 update copyright year
19009 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
19010 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
19011 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
19012 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
19013 update copyright year
19016 * check.c, env.c, sudo.c:
19017 Cast [ug]ids to unsigned long and printf with %lu
19025 correct error messages for --with-sudoers-{mode,uid,gid}
19029 make the malloc(0) error specific to each function to aid tracking
19034 deal with platforms where size_t is signed and there is no SIZE_MAX
19039 Make this compile w/ Heimdal and fix some gcc warnings.
19043 Use stat_sudoers macro so --with-stow can work
19046 * INSTALL, config.h.in, configure, configure.in:
19047 Add support for --with-stow based on patches from Robert Uhl
19063 use strlcpy, not strncpy
19067 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
19074 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
19076 * strlcat.c, strlcpy.c:
19077 Make gcc shutup about unused rcsid
19081 Move the n == 0 check for the non-getifaddrs cas
19085 skeychallenge() on NetBSD take a size parameter
19093 put -ldl after -lpam, not before; fixes static linking on Linux
19097 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
19101 * sudo.cat, sudoers.cat, visudo.cat:
19105 * sudo.man.in, sudoers.man.in, visudo.man.in:
19110 Preserve copyright notice from .pod file in .man.in file
19114 Add sudoers(5) to SEE ALSO
19117 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
19124 Don't assume libc can realloc() a NULL string. If malloc/realloc
19125 fails, make sure we just return; yyerror() is not terminal.
19133 simplify fill_args a little and use strlcpy for paranoia
19140 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
19142 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
19143 cases the strings were either pre-allocated to the correct size of
19144 length checks were done before the copy but a little paranoia can go
19149 Add strlc{at,py} protos
19152 * env.c, interfaces.c:
19161 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
19162 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
19166 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
19171 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
19174 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
19177 Use snprintf() for paranoia
19181 Use emalloc2 and erealloc3
19185 strlc{at,py} for those w/o it
19188 * strlcat.c, strlcpy.c:
19189 stlc{at,py} for those w/o it.
19192 * config.h.in, configure, configure.in:
19193 Add stlc{at,py} for those w/o it.
19197 Add erealloc3(), a realloc() version of emalloc2().
19200 * interfaces.c, sudo.c:
19201 Use emalloc2() to allocate N things of a certain size.
19205 Add emalloc2() -- like calloc() but w/o the bzero and with
19206 error/oflow checking.
19210 Error out on malloc(0); suggested by theo
19213 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
19215 * configure, configure.in:
19216 fix a typo; David Krause
19219 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
19225 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
19228 Remove DYLD_ from the environment for MacOS X; from bbraun
19231 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
19233 * config.h.in, configure.in:
19234 not not; Anil Madhavapeddy
19237 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
19239 * sudo.pod, sudoers.pod, visudo.pod:
19240 typos; jmc@openbsd.org
19243 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
19246 Add some missing ';' rule terminators that bison warns about.
19250 fix typo I introduced in last merge
19254 regenerate with autoconf 2.57
19258 Add missing "$HOME"
19262 Add some more square backets to make autoconf 2.57 happy
19265 * config.sub, mkinstalldirs:
19266 Updates from autoconf-2.57
19270 Updates from autoconf-2.57
19273 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19279 * lex.yy.c, sudo.tab.c:
19283 * parse.lex, parse.yacc, sudoers.pod:
19284 Add support for Defaults>RunasUser
19287 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
19290 fclose() yyin after each yyparse() is done and use fopen() instead
19291 of using freopen().
19295 Better fix for sudoers files w/o a newline before EOF. It looks
19296 like the issue is that yyrestart() does not reset the start
19297 condition to INITIAL which is an issue since we parse sudoers
19301 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
19304 Work around what appears to be a flex bug when dealing with files
19305 that lack a final newline before EOF. This adds a rule to match EOF
19306 in the non-initial states which resets the state to INITIAL and
19311 o The parser needs sudoers to end with a newline but some editors
19312 (emacs) may not add one. Check for a missing newline at EOF and
19313 add one if needed. o Set quiet flag during initial sudoers parse (to
19314 get options) o Move yyrestart() call and always use freopen() to
19315 open yyin after initial sudoers parse.
19318 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
19321 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
19322 effective gid, not real gid, when reading sudoers.
19326 don't compile set_perms_posix if we have setreuid or setresuid
19329 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
19331 * sudo.pod, sudoers.pod:
19332 document new prompt escapes
19336 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
19337 collapsed to "%" as was originally intended. This also gets rid of
19338 lastchar (does lookahead instead of lookback) which should simplify
19339 the logic slightly.
19342 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
19345 Write the prompt *after* turning off echo to avoid some password
19346 characters being echoed on heavily-loaded machines with fast
19351 Add support for mipseb; wiz@danbala.tuwien.ac.at
19355 Fix IRIX fallout from name changes in man dir/sect Makefile
19356 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
19360 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
19361 the global copy. Problem noted by Peter Pentchev.
19364 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
19371 Add missing yyerror() calls; YYERROR does not seem to call this for
19375 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
19378 fix typo in comment; Pedro Bastos
19381 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
19384 document --disable-setresuid
19387 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
19389 Sprinkle some volatile qualifiers to prevent over-enthusiastic
19390 optimizers from removing memset() calls.
19393 * logging.c, parse.yacc:
19394 minor sign fixes pointed out by gcc -Wsign-compare
19397 * set_perms.c, sudo.c, sudo.h:
19398 Revamp set_perms. We now use a version based on setresuid() or
19399 setreuid() when possible since that allows us to support the
19400 stay_setuid option and we always know exactly what the semantics
19401 will be (various Linux kernels have broken POSIX saved uid support).
19404 * config.h.in, configure:
19405 regen from configure.in
19409 Add checks for setresuid() and a way to disable using it
19413 No long need to emulate set*[ug]id() via setres[ug]id() or
19414 setre[ug]id(). The new set_perms stuff only uses things it knows are
19419 Before exec, restore state of signal handlers to be the same as when
19420 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
19421 a problem when using sudo with nohup. Based on a patch from Paul
19426 o timestamp_uid should be uid_t, not int o clarify error message
19427 when sudo is run by root and no_root_sudo is set
19430 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
19433 update ftp link for bison
19436 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
19439 Error out if setusercontext() fails and the runas user is not root.
19442 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
19449 Fix SecurID API test
19452 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
19459 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
19460 but I don't see a better way at the moment.
19463 * Makefile.in, auth/securid5.c:
19464 SecurID API version 5 support from Michael Stroucken
19468 Add check for SecurID 5.0 API
19471 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
19474 We actually do still need config.h to get the 'const' definition for
19478 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
19481 regen with autoconf 2.5.3
19485 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
19489 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
19490 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
19493 * env.c, sudo.c, sudo.h:
19494 No need for dump_badenv() now that dump_defaults() knows how to dump
19498 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
19504 document timestampowner
19508 Don't call set_perms() when doing timestamp stuff unless
19509 timestamp_uid != 0.
19512 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
19513 sudo.h, testsudoers.c:
19514 g/c second arg to set_perms--it is no longer used
19517 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
19519 * check.c, set_perms.c, sudo.c, sudo.h:
19520 Add support for non-root timestamp dirs. This allows the timestamp
19521 dir to be shared via NFS (though this is not recommended).
19524 * def_data.c, def_data.h, def_data.in:
19525 Add timestampowner, "Owner of the authentication timestamp dir"
19528 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
19531 Don't try to pre-compute the size of the new envp, just allocate
19532 space up front and realloc as needed. Changes to the new env
19533 pointer must all be made through insert_env() which now keeps track
19534 of spaced used and allocates as needed.
19537 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
19544 Fix two typo/pastos; from jrj@purdue.edu
19547 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
19549 * INSTALL.binary, README:
19551 [a1e33027278c] [SUDO_1_6_6]
19553 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
19554 visudo.cat, visudo.man.in:
19558 * CHANGES, RUNSON, TODO:
19563 The the loop used to expand %h and %u, the lastchar variable was not
19564 being initialized. This means that if the last char in the prompt
19565 is '%' and the first char is 'h' or 'u' a extra copy of the host or
19566 user name would be copied, for which space had not been allocated.
19569 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
19571 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
19572 crank version to 1.6.6
19576 #undef VOID to get rid of an AFS warning
19580 Use easprintf instead of emalloc + sprintf for some things.
19583 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
19585 * lex.yy.c, sudo.tab.c:
19589 * parse.c, parse.lex, parse.yacc, testsudoers.c:
19590 Remove Chris Jepeway's email address so people don't bug him ;-)
19593 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
19596 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
19597 endgrent() at the same time.
19600 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
19603 Make it clear which configure options take arguments.
19606 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
19609 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
19610 RLIM_INFINITY, just pretend it is -1. This works because we only
19611 check for RLIM_INFINITY and do not set anything to that value.
19614 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
19617 Zero and free allocated memory when there is a conversation error.
19621 Use sigaction() not signal()
19625 Mention that some linux kernels have broken POSIX saved ID support
19629 checkpoint for 1.6.5p2
19637 Add --disable-setreuid flag
19641 Document new --disable-setreuid option and change description for
19642 --disable-saved-ids to match new error message.
19646 fatal() now takes an argument that determines whether or not to call
19651 Update for new error messages from set_perms()
19655 Update for new error messages from set_perms()
19658 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
19661 Make this compile w/o warnings
19665 Mention that we can't use pam_acct_mgmt()
19668 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
19669 The user's password was not zeroed after use when AIX
19670 authentication, BSD authentication, FWTK or PAM was in use.
19673 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
19676 Avoid giving PAM a NULL password response, use the empty string
19677 instead. This avoids a log warning when the user hits ^C at the
19678 password prompt when PAM is in use.
19682 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
19683 pam_setcred() returns the last saved return code, not the return
19684 code for the setcred module. Because we haven't called
19685 pam_authenticate(), this is not set and so pam_setcred() returns
19690 Don't need a '/' between $(DESTDIR) and a directory.
19694 Don't need a '/' between $(DESTDIR) and a directory.
19697 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
19704 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
19705 setreuid() o new NetBSD has a real setreuid() o add check for
19706 freeifaddrs() if getifaddrs() exists.
19709 * config.h.in, interfaces.c:
19710 Older BSDi releases lack freeifaddrs() so add a test for that and if
19711 it is not present just use free().
19714 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19717 Checkpoint for 1.6.5p1
19721 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
19722 to normal passwords, not AUTH_FATAL (which just causes an exit).
19726 Don't use memory after it has been freed.
19730 skeyaccess() wants a struct passwd * not a char *; Patch from
19732 [65a1d3806fcd] [SUDO_1_6_5]
19738 * CHANGES, RUNSON, TODO:
19739 checkpoint for sudo 1.6.5
19742 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
19748 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
19752 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
19758 o when invoking the mailer as root use a hard-coded environment that
19759 doesn't include any info from the user's environment. Basically
19762 o Add support for the NO_ROOT_MAILER compile-time option and run the
19763 mailer as the user and not root if NO_ROOT_MAILER is defined.
19766 * set_perms.c, sudo.h:
19767 Bring back PERM_FULL_USER
19778 * INSTALL, config.h.in, configure.in:
19779 Add --disable-root-mailer option to run the mailer as the user and
19784 checkpoint for 1.6.4p2
19788 Mention the "seteuid(0): Operation not permitted" problem here too
19789 just for good measure.
19792 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
19794 * env.c, getspwuid.c, sudo.c:
19795 The SHELL environment variable was preserved from the user's
19796 environment instead of being reset based on the passwd database when
19797 the "env_reset" option was used. Now it is reset as it should be.
19804 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
19806 Add a configure option to turn off use of POSIX saved IDs
19814 add --with-efence option
19818 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
19819 "sudo -l" would not work if always_set_home was set.
19827 Quoted commas were not being treated correctly in command line
19832 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
19833 Otherwise, the set_home option has no effect.
19835 o Fix use of freed memory when the "fqdn" flag is set. This was
19836 introduced by the fix for the "segv when gethostbynam() fails" bug.
19837 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
19838 there is no need to check the "fqdn" flag in set_fqdn() itself.
19842 Add 'continue' statements to optimize the switch statement. From
19846 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
19848 * sudoers.cat, sudoers.man.in:
19849 Regen from new sudoers.pod
19850 [6ecc07b3d0e1] [SUDO_1_6_4]
19853 Add caveat about stay_setuid flag
19857 If set_perms == set_perms_posix and the stay_setuid flag is not set,
19858 set all uids to 0 and use set_perms_fallback().
19861 * set_perms.c, sudo.h:
19862 Remove PERM_FULL_USER (which is no longer used) and add
19863 PERM_FULL_ROOT (used when exec'ing the mailer).
19867 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
19868 never want to run the mailer setuid.
19871 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
19873 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
19875 Use sudo.ws instead of courtesan.com in URLs
19878 * Makefile.binary, Makefile.in:
19879 Fix mansect substitution
19883 Substitute man sections in Makefile.binary
19887 Sync install targets with Makefile.in and substitute in man
19891 * INSTALL, INSTALL.binary:
19896 Repair bindist target
19903 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
19906 Fix case where neither whoami nor id are found
19909 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
19912 If neither whoami nor id exists, just assume we are root.
19916 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
19917 on AIX which for some reason isn't pulling in the malloc prototype.
19920 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
19922 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
19931 Defer assigning new environment until right before the exec.
19935 kill extra blank line
19938 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
19945 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
19946 compiler doesn't recognise -O2.
19950 Clarify origins of Root Group sudo a bit based on info from
19951 billp@rootgroup.com
19954 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
19961 checkpoint for 1.6.4rc1
19964 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
19967 now generated via autoheader
19975 Move in some stuff that was previously in config.h.
19978 * aclocal.m4, configure.in:
19979 Add info for autoheader.
19982 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
19985 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
19986 -g to facilitate non-root installs
19990 Add -M option (like -m but only for root) If we can't find "whoami",
19991 use "id" w/ some sed.
19999 allow user to always override mansectsu and mansectform
20002 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
20005 update from autoconf 2.52
20008 * config.guess, config.sub:
20009 Update from autoconf 2.52
20013 regen with autoconf 2.52
20017 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
20018 mode o Remove compiler-specific checks for HP-UX now that we use
20027 o Add pam_prep_user function to call pam_setcred() for the target
20028 user; on Linux this often sets resource limits. o When calling
20029 pam_end(), try to convert the auth->result to a PAM_FOO value.
20030 This is a hack--we really need to stash the last PAM_FOO value
20031 received and use that instead.
20034 * set_perms.c, sudo.h:
20035 o Add pam_prep_user function to call pam_setcred() for the target
20036 user; on Linux this often sets resource limits.
20040 Fix off by one error in number of bytes allocated via malloc (does
20041 not affected any released version of sudo).
20044 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
20051 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
20052 requiring that they be quoted.
20055 * sudoers.cat, sudoers.man.in, sudoers.pod:
20056 Mention that no double quotes are needed when
20057 adding/deleting/assigning a single value to a list.
20061 Don't rely on mkdefaults being executable, call perl explicitly.
20069 Remove some XXX that are no longer relevant.
20073 o Roll our own loop instead of using strpbrk() for better
20074 grokability o When adding to a list we must malloc() and use
20075 memcpy(), not strdup() since we must only copy len bytes from str.
20078 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
20088 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
20099 avoid the -g flag unless --with-devel was specified
20103 mkdefaults, def_data.in and sigaction.c were missing from the
20108 def_data.c was missing
20111 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
20114 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
20115 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
20123 Add comment for Default section so folks know where it should go.
20126 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
20129 Use TCSETAF, not TCSETA to set terminal in termio case
20132 * sudoers.cat, sudoers.man.in:
20133 regen from sudoers.pod
20137 o Typo, Runas_User_List should be Runas_List o a User_List can not
20138 contain a uid o mention that the Defaults section should come after
20139 Alias definitions but before the user specifications
20142 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
20144 * sudoers.cat, sudoers.man.in:
20149 Fix listpw and verifypw sections, they were not being formatted
20153 * sudoers.cat, sudoers.man.in:
20165 * config.h.in, configure.in:
20166 use AC_SYS_POSIX_TERMIOS instead of rolling our own
20170 Reference sudo.ws not courtesan.com
20174 Add notes on shadow passwords
20178 In list mode (sudo -l), characters escaped with a backslash are
20179 shown verbatim with the backslash.
20183 Add simple examples from OpenBSD (Marc Espie)
20187 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
20191 minor prettyification
20199 Fix CIDR handling here too.
20203 Apparently a NULL response is OK
20207 Checkpoint for upcoming beta release
20211 Many people believe that adding a runas spec should obviate the need
20212 for the -u flag. It does not.
20216 checkpoint update for upcoming 1.6.4 beta
20220 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
20221 if HAVE_STRING_H is defined -- this is safe now
20225 Add signals section
20233 Fix check for sigaction_t
20237 XXX - should call find_path() as runas user, not root. Can't do
20238 that until the parser changes though.
20242 If find_path() fails as root, try again as the invoking user (useful
20243 for NFS). Idea from Chip Capelik.
20246 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
20247 Regenerate after pod file changes
20250 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
20251 sudo.pod, sudoers.pod:
20252 Add new sudoers option "preserve_groups". Previously sudo would not
20253 call initgroups() if the target user was root. Now it always calls
20254 initgroups() unless the -P command line option or the
20255 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
20258 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
20260 * compat.h, config.h.in:
20261 Use new HAVE_SIGACTION_T define
20265 Fix compilation on K&C
20273 Add check for sigaction_t -- IRIX already defines this so don't
20282 need stdlib.h here too
20290 Remove redundant checks for string.h, strings.h and unistd.h
20293 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
20295 Regen from pod files
20302 * configure, lex.yy.c, sudo.tab.c:
20307 Return EINVAL if errnum > sys_nerr
20310 * auth/sudo_auth.h:
20311 o Update copyright year
20314 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
20315 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
20317 o Update copyright year
20321 o Don't define STDC_HEADERS unconditionally for IRIX o Update
20329 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
20330 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
20331 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
20332 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
20333 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
20335 o Reorder some headers and use STDC_HEADERS define properly o Update
20340 o Reorder some headers and use STDC_HEADERS define properly o Update
20344 * getspwuid.c, goodpath.c, interfaces.c:
20345 o Reorder some headers and use STDC_HEADERS define properly o Update
20350 o Reorder some headers and use STDC_HEADERS define properly o Update
20354 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
20356 o Reorder some headers and use STDC_HEADERS define properly o Update
20365 flags set in signal handlers should be volatile sig_atomic_t
20368 * config.h.in, configure.in:
20369 Add checks for volatile and sig_atomic_t
20372 * configure, lex.yy.c:
20376 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
20377 sudo.c, sudoers.pod:
20378 Remove "secure_path" Defaults option since it cannot work with the
20382 * find_path.c, sudo.c:
20383 Unset "secure_path" if user_is_exempt()
20386 * env.c, pathnames.h.in:
20387 o Remove assumption that PATH and TERM are not listed in env_keep o
20388 If no PATH is in the environment use a default value o If TERM is
20389 not set in the non-reset case also give it a default value.
20392 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
20393 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
20394 systems that define in paths.h
20397 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
20398 Add support for skeyaccess(3) if it is present in libskey.
20401 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
20404 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
20408 '\\' is a perfectly legal character to have in a command line
20413 o Defer call to set_fqdn() until it is safe to use log_error() o
20414 Don't print errno string value if gethostbyname fails, it is not
20419 Fix CIDR -> in_addr_t conversion.
20422 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
20425 Remove an extra "User_List" in the User_Spec definition From
20426 ybertrand AT snoopymail.com
20430 Make 'listpw=never' work for users who are not explicitly mentioned
20435 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
20439 Document new list Defaults type and convert env_keep and env_delete
20440 to lists. Document new env_check option.
20443 * lex.yy.c, sudo.tab.c, sudo.tab.h:
20448 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
20457 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
20460 * config.h.in, configure.in:
20461 Add check for skeyaccess(3)
20465 Document new -c, -f, and -q options
20469 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
20476 * aclocal.m4, config.h.in, configure.in:
20477 Add check for isblank and a replacement macro if it doesn't exist.
20480 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
20483 In check-only mode, don't create sudoers if it does not already
20488 o Add a new token, DEFVAR, to indicate a Defaults variable name o
20489 Add support for "+=" and "-=" list operators o replace some 1 and 0
20490 with TRUE and FALSE for greater legibility.
20494 o Use exclusive start conditions to remove some ambiguity in the
20495 lexer. Also reorder some things for clarity. o Add support for
20496 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
20497 a Defaults variable name.
20501 Prototype init_envtables()
20505 o Convert environment handling to use lists instead of strings.
20506 This greatly simplifies routines that need to do "foreach" type
20507 operations. o Add new init_envtables() function to set env_check
20508 and env_delete defaults based on initial_badenv_table and
20509 initial_checkenv_table (formerly sudo_badenv_table).
20512 * defaults.c, defaults.h:
20513 o Add a new LIST type and functions to manipulate it. o This is for
20514 use with environment handling variables. o Call new
20515 init_envtables() routine inside init_defaults() to initialize the
20519 * def_data.c, def_data.h, def_data.in:
20520 Convert environment options to use the new LIST type and add a new
20521 one, env_check that only deletes if the sanity check fails.
20525 Add dummy version of init_envtables()
20533 Add check-only mode
20537 Fix generation of entries with NULL descriptions.
20540 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
20543 Use sigaction_t and quiet a gcc warning.
20547 Must reset signal handlers before we exec
20550 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
20552 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
20553 version needs testing. Set SIGTSTP to SIG_DFL during password entry
20554 so user can suspend us.
20558 Add support for interrupting/suspending tgetpass via keyboard input.
20559 If you suspend sudo from the password prompt and resume it will re-
20564 Don't block keyboard interrupt signals, just set them to SIG_IGN.
20567 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
20570 add back HAVE_SIGACTION
20577 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
20578 Kill POSIX_SIGNALS define and old signal support now that we emulate
20579 POSIX ones Also be sure to correctly initialize struct sigaction.
20583 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
20587 Add scaffolding for POSIX signal emulation
20591 o Add missing ';' so this compiles o Can't use NULL since we don't
20596 Emulate sigaction() using sigvec()
20599 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
20602 Document new behavior of negative values of timestamp_timeout Fix a
20607 Add security note about command not being logged after 'sudo su' and
20612 Mention that -V prints default values when run as root, including
20613 the list of environment variables to clear.
20617 Run pod2man with --quotes=none to avoid stupid quoting of C<>
20621 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
20623 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
20624 Add mail_badpass option Also modify mail_always behavior to also
20625 send mail when the password is wrong
20628 * env.c, sudo.c, sudo.h:
20629 Dump default bad env table when 'sudo -V' is run by root.
20633 document env_delete
20637 Add support for '*' in env_keep when not resetting the environment
20638 (ie: the normal case).
20642 Add env_delete variable that lets the user replace/add to the
20643 bad_env_table. Allow '*' wildcard in env_keep entries.
20646 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
20649 Force umask to 022 to guarantee sane directory permissions.
20652 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
20655 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
20659 fix breakage in last commit
20663 acsite.m4 -> aclocal.m4
20667 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
20671 regenerated from def_data.in
20674 * check.c, defaults.c, defaults.h:
20675 Add new T_UINT type that most things use instead of T_INT If
20676 timestamp_timeout is < 0 then treat the ticket as never expiring (to
20677 be expired manually by the user).
20681 change most T_INT -> T_UINT
20685 fix warning when no args
20689 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
20690 we are a signal handler. We no longer print the signal number but
20691 the user can just check the exit value for that.
20694 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
20697 when setting up pipes in child process check for case where stdin ==
20701 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
20704 Ignore editor exit value since XPG4 says vi's exit value is the
20705 count of editing errors made (failed searches, etc).
20708 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
20715 sco now is identified by config.guess as *-sco-*
20719 Check for getspnam() in -lgen if not in -lc for UnixWare.
20722 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
20724 * sudoers.pod, visudo.pod:
20725 "upper case" -> "uppercase"
20729 fix typos and grammar; pjanzen@foatdi.harvard.edu
20732 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
20735 Missing word (specify); krapht@secureops.com
20738 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
20741 If we fail to lookup a login class, apply the default one.
20745 In log_error() free message, not logline unconditionally, then free
20746 logline if it is not the same as message. No function change but
20747 this mirrors how they are allocated.
20750 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
20757 remove some backslash quotes that are unneeded
20761 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
20762 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
20763 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
20764 to AC_DEFINE things manually.
20767 * config.guess, config.sub:
20768 Updated from autoconf-2.50
20771 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
20774 Update mailing list section. We use mailman now, not majordomo.
20777 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
20779 * getspwuid.c, logging.c, sudo.c:
20780 Use setpwent()/endpwent() + all the shadow variants to make sure we
20781 don't inadvertantly leak an fd to the child. Apparently Linux's
20782 shadow routines leave the fd open even if you don't call setspent().
20783 Reported by mike@gistnet.com; different patch used.
20786 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
20793 select() may return EAGAIN. If so, continue like we do for EINTR.
20797 Fix a non-exploitable buffer overflow in the word splitting code.
20798 This should really be rewritten.
20806 Tell people to look in sample.syslog.conf for examples, not FAQ
20810 Update list of env vars that are cleared
20814 remove struct env_table decl since that stuff has all moved to env.c
20817 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
20820 Fix a pasto in flock-style unlocking and include <sys/file.h> for
20821 flock on older systems; twetzel@gwdg.de
20825 regen to get NeXT lockf/flock fix
20829 force NeXT to use flock since lockf is broken
20832 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
20835 Use stashed user_gid when checking against exempt gid since sudo
20836 sets its gid to a a value that makes sudoers readable. Previously
20837 if you used gid 0 as the exempt group everyone would be exempt. From
20838 Paul Kranenburg <pk@cs.few.eur.nl>
20841 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
20848 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
20849 some types (such as ssize_t) therein.
20852 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
20855 Fix negation of paths in a boolean context. Problem found by
20859 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
20865 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
20868 SA_RESETHAND means the opposite of what I was thinking--oops To
20869 block all signals in old-style signals use ~0, not 0xffffffff
20872 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
20875 coerce difference of pointers to int when used in a string length
20876 printf format; deraadt@openbsd.org
20879 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
20882 Block all signals in Exit() to avoid a signal race. There is still
20883 a tiny window but I'm not going to worry about it.
20886 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
20889 glibc uses the LANGUAGE env var so clear that too; Solar Designer
20893 Regenerate with a fix to flex.skl that preserves errno from
20894 clobbering by isatty().
20897 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
20899 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
20900 auth/sia.c, auth/sudo_auth.c:
20901 Some defaults I_ defines got renamed.
20904 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
20905 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
20906 set_perms.c, sudo.c, sudo.tab.c:
20907 Move defaults info into its own files from which we generate .h and
20908 .c files. This makes adding or rearranging variables much simpler.
20911 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
20913 * configure, configure.in:
20914 fix typo in last commit
20917 * compat.h, config.h.in, configure, configure.in:
20918 Add check + emulation for setegid (like seteuid).
20922 Make env_keep override badenv_table as documented Fix traversal of
20923 badenv_table (broken in last commit)
20926 * set_perms.c, sudo.c, sudo.h:
20927 Don't try and build saved uid version of set_perms on systems w/o
20928 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
20929 set_perms_setreuid simply be set_perms_fallback() and simply include
20930 the appropriate function at compile time (setreuid() vs. setuid()).
20933 * sudoers.cat, sudoers.man.in, sudoers.pod:
20934 PATH is also preserved when env_reset is in effect
20937 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
20938 configure.in, defaults.c, defaults.h, env.c, find_path.c,
20939 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
20940 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
20941 visudo.c, visudo.cat, visudo.man.in:
20942 New Defaults options: o stay_setuid - sudo will remain setuid if
20943 system has saved uids or setreuid(2) o env_reset - reset the
20944 environment to a sane default o env_keep - preserve environment
20945 variables that would otherwise be cleared
20947 No longer use getenv/putenv/setenv functions--do environment munging
20948 by hand. Potentially dangerous environment variables can be cleared
20949 only if they contain '/' pr '%' characters to protect buggy
20950 programs. Moved environment routines into env.c (new file)
20954 Clear up --without-passwd description
20957 * putenv.c, sudo_setenv.c:
20958 We now build up a new environment from scratch and assign it to
20962 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
20964 * sudo.pod, visudo.pod:
20965 Grammatical fixes from Paul Janzen
20968 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
20971 If there was a syntax error and the user just wants to quit, unlink
20972 sudoers if it is zero length.
20976 'Q' means ignore parse error, not 'q'
20980 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
20984 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
20987 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
20990 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
20992 * config.guess, config.sub:
20993 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
20996 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
20998 * sudo.c, visudo.c:
20999 Use exit(127), not exit(-1)
21002 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
21003 Move set_perms() to its own file and use POSIX saved uid or
21004 setreuid() if available.
21006 Added stay_setuid option for systems that have libraries that
21007 perform extra paranoia checks in system libraries for setuid
21008 programs (ie: anything with issetugid(2)).
21012 strip more bits from the environment and add a facility for
21013 stripping things only if they contain '/' or '%' to address printf
21014 format string vulnerabilities in other programs.
21017 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
21024 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
21033 Check for strcasecmp(3) in -lc89 for NCR Unix
21036 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
21039 Define HAVE_INNETGR #ifdef HAVE__INNETGR
21046 * compat.h, config.h.in, configure.in:
21047 Add check for _innetgr(3) since NCR systems have that instead of
21051 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
21054 check return value of creadcfg() call sd_close() after sd_auth()
21055 store username in sd->username so we don't rely on the USER env
21059 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
21062 document --with-bsdauth
21070 --with-bsdauth assumes --with-logincap
21073 * auth/bsdauth.c, auth/fwtk.c:
21074 When prompting for a response to a challenge, if the user just hits
21075 return then reprompt with echo turned on.
21078 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
21081 Remove debugging code that should not have been committed, oops.
21085 Use lower-level routines and get the password ourselves. Checks for
21086 a challenge and if there is one echo is not turned off.
21089 * auth/pam.c, auth/sudo_auth.h:
21090 minor housekeeping, no real code changes
21093 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
21096 Fix a coredump in the logging functions if gethostname(2) fails by
21097 deferring the call to log_error() until things are better setup.
21099 Fix return value of set_loginclass() in non-BSD-auth case.
21101 Hard-code 'sudo' in the usage message so we can fit more options on
21106 Fix errant ';' (typo) that broken MSG_ONLY
21109 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
21111 * sudo.cat, sudo.man.in:
21119 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
21120 configure, configure.in, getspwuid.c, sudo.c:
21121 Add support for BSD authentication.
21124 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
21127 Fix typo; from sato@complex.eng.hokudai.ac.jp
21130 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
21133 Mention negating umask
21137 Allow user to specify umask of 0777 (same as !umask)
21140 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
21142 * sudo.pod, visudo.pod:
21143 Fix a typo and give a URL for the sudo history.
21146 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
21148 * defaults.c, sudo.pod:
21149 fix typos; pepper@reppep.com
21152 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
21154 * sudo.c, sudo.h, sudo_setenv.c:
21155 sudo_setenv() now exits on memory alloc failure instead of returning
21159 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
21162 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
21163 and possibly others.
21167 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
21168 that "%m" won't be expanded but we don't use that anyway since the
21169 logging routines may splat to stderr as well.
21172 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
21174 Add always_set_home variable
21177 * configure, configure.in:
21178 Have to hard code default values in help since the defaults are set
21179 _after_ the help stuff.
21182 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
21184 * lex.yy.c, parse.lex:
21185 Allow special characters (including '#') to be embedded in pathnames
21186 if quoted by a '\\'. The quoted chars will be dealt with by
21187 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
21190 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
21193 Better path searching for programs we need.
21197 Add section on "C compiler cannot create executables" errors.
21200 * Makefile.binary, Makefile.in, version.h:
21204 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
21205 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
21206 visudo.man.in, visudo.pod:
21207 Substitute values from configure into man pages.
21210 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
21213 The listpw and verifypw sudoers options would not take effect
21214 because the value of the default was checked *before* sudoers was
21215 parsed. Instead of passing in the value of PWCHECK_* to
21216 sudoers_lookup(), pass in the arg for def_ival() so the check can be
21217 deferred until after sudoers is parsed.
21220 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
21223 When writing prompt, no need to write the NUL as well;
21227 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
21230 When looking for chown, check in /sbin too
21233 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
21236 Remove extraneous call to init_defaults() and set runas_user to NULL
21237 betweem parses so init_defaults will reset it each time, thus
21238 avoiding a reference to free()d data.
21241 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
21243 * config.h.in, interfaces.c, interfaces.h, sudo.c:
21244 Add support for using getifaddrs() to get the list of ip addr /
21245 netmask pairs. Currently IPv4-only.
21249 Add a missing check for UserEditor == NULL Add missing '+' before
21250 line number when invoking editor to fix a syntax error
21253 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
21256 Call clean_env very early in main() for paranoia's sake. Idea from
21260 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
21263 Update proto for evasprintf and easprintf
21267 Make easprintf() and evasprintf() return an int.
21271 If the targetpw flag is set, use target username as part of the
21272 timestamp path. If tty tickets are in effect cat the tty and the
21273 target username with a ':' as the separator.
21276 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
21279 Backout part of last change; setting PAM_USER to the invoking user
21280 breaks things like targetpw.
21284 set tty and username via pam_set_item
21287 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
21288 Fix root, runas, and target authentication for non-passwd file auth
21292 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
21294 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
21295 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
21296 Use B<-Z> not C<-Z> for command line flags in all places. This is
21297 more consistent and works around a bug in Pod::Man.
21300 * sudoers.cat, sudoers.man.in, sudoers.pod:
21301 Fix an occurence of 'semicolon' that should be 'colon'
21304 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
21306 * configure, configure.in:
21307 Fix --with-badpri help line
21310 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
21312 * defaults.c, logging.c, sudo.c:
21313 Bracket calls to syslog with an openlog() and closelog() since some
21314 authentication methods (like PAM) may do their own logging via
21315 syslog. Since we don't use syslog much (usually just once per
21316 session) this doesn't really incur a performance penalty. It also
21317 Fixes a SEGV with pam_kafs.
21320 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
21323 Fix -H flag. runas_homedir is only valid after
21324 set_perms(PERM_RUNAS, mode)
21327 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
21330 Clarify the fact that insults are not enabled just by including them
21334 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
21336 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
21338 Regenerated with perl 5.6.0 pod2man
21342 Give date string to pod2man since its default is ugly and it ain't
21347 Do section substitution on the output of pod2man and remove hack
21348 needed for old pod2man.
21351 * sudo.pod, sudoers.pod, visudo.pod:
21352 Put back real man sections, we will do the substitution later.
21355 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
21357 * configure, configure.in:
21358 Don't bother checking for the path to vi if user specified --with-
21362 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
21364 * CHANGES, visudo.c:
21365 Visudo now does its own fork/exec instead of calling system(3).
21368 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
21369 sudoers.pod, visudo.c:
21370 Visudo now checks for the existence of an editor and gives a
21371 sensible error if it does not exist.
21373 The path to the editor for visudo is now a colon-separated list of
21374 allowable editors. If the user has $EDITOR set and it matches one
21375 of the allowed editors that editor will be used. If not, the first
21376 editor in the list that actually exists is used.
21379 * sudo.cat, sudo.man.in, sudo.pod:
21380 Clear up confusion wrt sudo's return value.
21383 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
21386 Strip sudo and visudo for bindist target
21389 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
21390 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
21391 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
21392 [5eb9e60a726f] [SUDO_1_6_3]
21394 * visudo.cat, visudo.man.in, visudo.pod:
21395 Typo: @sysconf@ -> @sysconfdir@
21399 'make dist' should not cause any files to be modified so remove its
21404 Whoops, forgot to add release marker
21407 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
21410 Final change for 1.6.3 (or so I hope)
21413 * sudo.cat, sudoers.cat, visudo.cat:
21414 Use SYSV man sections since BSD systems will have nroff...
21417 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
21419 * parse.yacc, sudo.tab.c:
21420 When checking to see if the host/user matches in a defaults spec,
21421 check against TRUE, not just non-zero since it might be -1.
21424 * configure, configure.in:
21425 OSF/1 puts file formats in section 4, not 5.
21428 * CHANGES, INSTALL, sudo.c:
21429 Make login class support work on BSD/OS
21436 * configure, configure.in:
21437 If there is no inet_addr but there *is* an __inet_addr that's ok
21438 since inet_addr is probably just a macro then. The better thing to
21439 do would be to look for the macro, but this is fine for now.
21442 * configure, configure.in:
21443 Don't use shlicc for BSD/OS 4.x
21446 * Makefile.in, configure, configure.in:
21447 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
21448 configure variable so we can deal with this. Also, only remove *.man
21449 for 'distclean' not 'clean'.
21453 set_loginclass() should be static like the proto says
21456 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
21459 Add #ifdef __STDC__ around the rangematch function header to avoid
21460 promotion of test to int, thus violating the prototype. Gcc handles
21461 this gracefully but more std ANSI compilers will complain.
21465 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
21468 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
21469 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
21470 FNM_CASEFOLD in configure
21477 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
21478 Fully qualified hosts w/ wildcards were not matching the FQHOST
21479 token type. There's really no need for a separate token for fully-
21480 qualified vs. unqualified anymore so FQHOST is now history and
21481 hostname_matches now decides which hostname (short or long) to check
21482 based on whether or not the pattern contains a '.'.
21486 Fully qualified hosts w/ wildcards were not matching the FQHOST
21487 token type. There's really no need for a separate token for fully-
21488 qualified vs. unqualified anymore so FQHOST is now history and
21489 hostname_matches now decides which hostname (short or long) to check
21490 based on whether or not the pattern contains a '.'.
21493 * lex.yy.c, parse.c, parse.lex, parse.yacc:
21494 Fully qualified hosts w/ wildcards were not matching the FQHOST
21495 token type. There's really no need for a separate token for fully-
21496 qualified vs. unqualified anymore so FQHOST is now history and
21497 hostname_matches now decides which hostname (short or long) to check
21498 based on whether or not the pattern contains a '.'.
21501 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
21502 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
21503 Add support for wildcards in the hostname.
21507 Add targets for *.man.in, using config.status to generate *.man from
21511 * sudoers.cat, sudoers.man.in, sudoers.pod:
21512 Document set_logname option and enbolden refs to sudo and visudo.
21515 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
21516 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
21517 visudo.cat, visudo.man.in, visudo.pod:
21518 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
21519 from Michael D. Marchionna. configure now does substitution on the
21520 man pages, allowing us to fix up the paths and set the section
21521 correctly. Based on an idea from Michael D. Marchionna.
21525 Better fix for handling HP-UX aging info.
21529 Add support for set_logname run-time default
21532 * sudo.man.in, sudoers.man.in, visudo.man.in:
21533 configure does substitution on these to produce *.man
21536 * sudo.man, sudoers.man, visudo.man:
21537 These files now get generated from *.man.in at configure time.
21540 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
21542 * defaults.c, defaults.h:
21543 Add set_logname option so users can turn off setting of LOGNAME/USER
21544 environment variables.
21547 * lsearch.c, parse.c, testsudoers.c:
21551 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
21554 HP-UX adds extra info at the end for password aging so when
21555 comparing the result of crypt to pw_passwd we only compare the first
21556 len(epass) bytes *unless* the user entered an empty string for a
21561 Get rid of grandchild hack, it was causing problems and there is
21562 really no need for it. This fixes a bug where we spin eating up CPU
21563 when the user runs a long-running process like a shell.
21566 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
21569 User can always specify a login class if he/she is already root.
21572 * config.h.in, configure, configure.in, defaults.c, defaults.h,
21574 FreeBSD login class (login.conf) support.
21577 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
21579 * auth/sudo_auth.c:
21580 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
21583 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
21586 Truncate unencrypted password to 8 chars if encrypted password is
21587 exactly 13 characters (indicateing standard a DES password). Many
21588 versions of crypt() do this for you, but not all (like HP-UX's).
21591 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
21594 Mention that gcc on dynix may have problems
21597 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
21600 Link visudo with NET_LIBS since we now call syslog via defaults.c
21604 Use Argv[0] as the first arg to openlog() since visudo uses this
21608 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
21611 Stash coredumpsize resource limit and retsore it before the exec()
21612 Otherwise the child ends up with a coredumpsize of 0.
21615 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
21617 * sudo.cat, sudo.man, sudo.pod:
21625 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
21626 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
21627 Added -S flag (read passwd from stdin) and tgetpass_flags global
21628 that holds flags to be passed in to tgetpass(). Change echo_off
21629 param to tgetpass() into a flags field. There are currently 2
21630 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
21631 tgetpass(), abstract the echo set/clear via macros and if (flags &
21632 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
21636 Fixed a bug that caused an infinite loop when the password timeout
21640 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
21642 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
21643 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
21644 Add rootpw, runaspw, and targetpw options.
21647 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
21649 enveditor -> env_editor
21652 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
21654 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
21655 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
21657 crank versino to 1.6.3
21660 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
21661 sudoers.pod, visudo.c:
21662 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
21663 them. This means that visudo will now parse the sudoers file
21664 *before* it is edited so a bogus sudoers file will cause a warning
21665 to go to stderr. Also, visudo checks the variables once--it does not
21666 check them after each editor run since that could be confusing.
21669 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
21675 * check.c, sudo.c, sudo.h:
21676 Move user_is_exempt prototype into sudo.h
21679 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
21681 * configure, configure.in:
21682 Fix thinko, some && should have been || in the last commit
21685 * configure, configure.in:
21686 Don't initialized Makefile variables to be NULL since the user may
21687 want to import variables from their environment.
21690 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
21692 * configure, configure.in:
21696 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
21699 fix a yacc (skeleton.c) warning
21702 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
21704 * INSTALL, RUNSON, configure, configure.in:
21705 Make pam work on HP-UX 11.0;jaearick@colby.edu
21709 recent changes; prepare for 1.6.2p1
21713 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
21716 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
21719 Regen with yacc that has a memory leak plugged.
21722 * sudoers.cat, sudoers.man, sudoers.pod:
21723 Expanded docs on sudoers 'defaults' options based on INSTALL file
21728 Fix some while lies
21731 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
21734 When making a bindist, link FAQ to TROUBLESHOOTING instead of
21738 * sudoers.cat, sudoers.man, sudoers.pod:
21739 Add netgroup caveat
21740 [28d119f466e3] [SUDO_1_6_2]
21743 Last minute updates
21759 Better detection of PAM errors and fix custom prompts with PAM.
21760 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
21763 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
21766 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
21770 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
21772 * CHANGES, config.h.in, configure, configure.in, visudo.c:
21773 Fix sudoers locking in visudo. We now lock the sudoers file itself,
21774 not the temp file (since locking the temp file can foul up editors).
21775 The previous locking scheme didn't work because the fd was closed
21779 * config.h.in, configure, configure.in:
21780 Don't need test for ftruncate() any more.
21783 * configure, configure.in:
21784 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
21785 the unbundled HP-UX cc.
21788 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
21790 * sudoers.cat, sudoers.man, sudoers.pod:
21791 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
21794 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
21796 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
21797 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
21798 version.h, visudo.c:
21799 update copyright year on changed files
21811 Crank version to 1.6.2
21815 Crank version to 1.6.2
21819 When using rlimit check for RLIM_INFINITY When computing the value
21820 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
21827 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
21828 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
21829 Crank version to 1.6.2
21832 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
21833 Add 'shell_noargs' runtime option back in. We have to defer
21834 checking until after the sudoers file has been parsed but since
21835 there are now other options that operate that way this one can too.
21836 Based on a patch from bguillory@email.com.
21839 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
21840 Add "listpw" and "verifypw" options.
21843 * sudoers.cat, sudoers.man, sudoers.pod:
21844 o Fix some typos/omissions o Add section on verifypw and listpw o
21845 Define how NOPASSWD interacts with the -v and -l flags
21848 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
21850 * configure, configure.in:
21851 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
21852 -D_HPUX_SOURCE to CPPFLAGS.
21855 * defaults.c, defaults.h:
21856 In struct sudo_defs_types, move the union to the end and don't
21857 initialize the union member since that only works with an ANSI
21858 compiler. We set the value of the union by hand in init_defaults()
21859 anyway. This allows sudo to compile on a K&R compiler again.
21862 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
21864 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
21865 netgr_matches needs to check shost as well as host since they may be
21870 End on \r as well as \n
21873 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
21876 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
21877 from 0400 to whatever SUDOERS_MODE is (converting from the old
21878 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
21879 0400 which should always be the case.
21882 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
21883 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
21884 w/o a passwd if there is *any* entry for the user on the host with a
21885 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
21886 the user on the host w/ the specified runas user have the NOPASSWD
21894 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
21897 Treat EOF at whatnow prompt like 'x' instead of looping.
21900 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
21904 [5836a9452568] [SUDO_1_6_1]
21906 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
21908 * config.h.in, configure, configure.in, sudo.c:
21909 Add check for initgroups() since old SYSV lacks this.
21912 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
21913 parse.c, testsudoers.c:
21914 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
21918 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
21920 * auth/sudo_auth.c:
21921 Don't allow insults to be enabled if the insults[] array is empty.
21922 Otherwise there would be division by zero.
21926 Don't allow insults to be enabled if the insults[] array is empty.
21927 Otherwise there would be division by zero.
21931 Don't allow insults to be enabled if the insults[] array is empty.
21932 Otherwise there would be division by zero.
21936 Don't care about USE_INSULTS #define since the insult stuff may be
21937 overridden at runtime.
21940 * auth/sudo_auth.c:
21941 Honor insults flag.
21944 * CHANGES, parse.c:
21945 Don't ask the user for a password if the user is not allowed to run
21946 the command and the authenticate flag (in sudoers) is false.
21949 * CHANGES, RUNSON, lex.yy.c, parse.lex:
21950 o Whenever we get a bare newline we change to the INITIAL state. o
21951 Enter GOTRUNAS when we see Runas_Alias
21953 This allows #uid to work in a RunasAlias.
21956 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
21958 * CHANGES, parse.yacc, sudo.tab.c:
21959 fix parsing of runas lists: o oprunasuser and runaslist now return a
21960 value o in a runasspec, if a runaslist does not return TRUE, set
21961 runas_matches to FALSE. Normally, a runaslist only returns FALSE
21962 for explicitly denied users. o since runaslist does not modify the
21963 stack there is no need for a push/pop in runasalias.
21967 Don't kill the user's tickets until after sudoers has been parsed
21968 since tty_tickets and ticket_dir could be set in sudoers.
21971 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
21972 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
21973 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
21974 crank version to 1.6
21978 add set_fqdn() stub
21981 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
21983 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
21984 sudoers.man, sudoers.pod, visudo.c:
21985 o Kill shell_noargs option, it cannot work since the command needs
21986 to be set before sudoers is parsed. o Fix the "set_home" sudoers
21987 option (only worked at compile time). o Fix "fqdn" sudoers option.
21988 We now set host/shost via set_fqdn which gets called when the
21989 "fqdn" option is set in sudoers. o Move the openlog() to
21990 store_syslogfac() so this gets overridden correctly from the
21995 SecurID support should compile now.
21998 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
22000 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
22001 visudo.man, visudo.pod:
22002 fix some syntactic goofs
22005 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
22007 * Makefile.in, sudo.html, sudoers.html, visudo.html:
22008 No longer need the .html files as they are generated automatically
22012 * CHANGES, LICENSE:
22013 kill characters that made wml unhappy
22020 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
22023 majordomo@cs.colorado.edu -> majordomo@courtesan.com
22026 * Makefile.in, configure:
22027 Wrap script execution w/ /bin/sh for the benefit of ctm
22030 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
22033 Make the -s flag be exclusive too. Also reorder the flags in the
22034 exclusive usage message so they are alphabetical.
22037 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22040 make pam errors other than PAM_PERM_DENIED fatal
22048 make it clear that /etc/pam.d/sudo is required on linux
22052 fix a warning on redhat and spew an error if pam_authenticate()
22053 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
22056 * sudo.cat, sudo.html, sudo.man, sudo.pod:
22057 Be very clear that the password required is the user's not root's
22060 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
22063 add sample.syslog.conf to DISTFILES and BINFILES
22066 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
22069 updates from Brian Jackson + some formatting
22072 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
22074 * INSTALL.binary, Makefile.binary, README, RUNSON:
22075 o One RUNSon update o Changes for automating real binary releases
22082 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
22085 talk about run-time options in addition to compile-time options
22086 [1eb813ff0a9a] [SUDO_1_6_0]
22093 need sys/time.h if HAVE_SETRLIMIT
22096 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
22097 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
22098 get rid of references to sudo-bugs. Now mention the web site or the
22103 repair pod2html damage
22107 Update for 1.6 release
22110 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
22111 Add warning about using ALL in a command context.
22114 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
22117 Call yyrestart() on a parse error to reset the lexer state.
22120 * lex.yy.c, parse.lex:
22121 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
22122 since it might not get called in yywrap if we get a parse error
22123 (and we only reread the file on error anyway).
22126 * lex.yy.c, parse.lex:
22127 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
22128 might still exist. Call yyrestart() instead of using the deprecated
22132 * lex.yy.c, parse.lex:
22133 flex doesn't need %N table size declarations
22136 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
22137 Mention what characters need to be escaped in names.
22140 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
22147 clarify Mac OS X entry
22155 o Use AC_MSG_ERROR throughout o Check syslog configure options for
22159 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
22162 Fix printing of type T_MODE in dump_defaults()
22166 missing sys/types.h
22170 Break out options that may be overridden at run time into their own
22171 section. Add a not about Max OS X and correct some lies.
22174 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
22176 * CHANGES, config.h.in, configure, configure.in, sudo.c:
22177 o Now use getrlimit to find the highest fd when closing all non-std
22178 fd's o Turn off core dumps via setrlimit for the sake of paranoia
22185 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
22192 When read()'ing, do a single character at a time to be sure we don't
22193 go oast the newline.
22197 For the sudo_root option, check against user_uid, not getuid() since
22198 at this point, ruid == euid == 0.
22206 Fix compilation problem when --with-logging=file was specified.
22207 This means that syslog is now required to build sudo but that should
22208 not be a problem. If it is it can be fixed trivially with a
22209 configure check for syslog() or syslog.h.
22213 Make this work again for things like "sudo echo hi | more" where the
22214 tty gets put into character at a time mode. We read until we read
22215 end of line or we run out of space (similar to fgets(3)).
22218 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
22220 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
22221 change ital to bold
22228 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
22231 Error out if syslog parameters are given without a value. For
22232 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
22233 no facilities in the 4.2BSD syslog.
22236 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
22239 Ignore the syslog facility for systems w/ old syslog like Ultrix.
22243 people with "." early in their path can have problems running sudo
22244 from the build dir ;-)
22247 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
22249 * sudo.cat, sudo.html, sudo.man, sudo.pod:
22250 Remove -r realm option
22253 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
22254 configure.in, sudo.c:
22255 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
22262 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
22265 include <auth.h> to get function prototypes.
22268 * sudo.cat, sudo.html, sudo.man, sudo.pod:
22272 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
22275 in set_perms(), always call setuid(0) before changing the ruid/euid
22276 so we always know it will succeed.
22280 #undef T_FOO to avoid conflicts with system defines (like on
22284 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
22286 Docuement "Defaults" lines in /etc/sudoers. Still needs some
22287 fleshing out but this is a start.
22290 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
22292 * use strtol, not strtoul since not everyone has not strtoul
22296 use strtol, not strtoul since not everyone has not strtoul
22299 * lex.yy.c, parse.lex:
22300 last {WORD} rule should only apply in the INITIAL state
22303 * lex.yy.c, parse.lex:
22304 o Add support for escaped characters in the WORD macro o Modify
22305 fill() to squash escape chars
22308 * defaults.c, defaults.h:
22309 o Add T_PATH flag to allow simple sanity checks for default values
22310 that are supposed to be pathnames. o Fix a duplicate free when
22311 visudo finds an error.
22314 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
22316 * defaults.c, defaults.h, logging.c:
22317 mail_if_foo -> mail_foo
22320 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
22322 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
22323 o Add requiretty option o Move O_NOCTTY to compat.h
22327 The exit() in log_error() was mistakenly removed in a previous
22328 version. Put it back...
22331 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
22333 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
22334 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
22335 configure, configure.in, defaults.c, defaults.h, find_path.c,
22336 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
22337 o Change defaults stuff to put the value right in the struct. o
22338 Implement mailer_flags o Store syslog stuff both in int and string
22339 form. Setting the string form magically updates the int version.
22340 o Add boolean attribute to strings where it makes sense to say !foo
22344 add O_NOCTTY when opening /dev/tty just in case
22347 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
22350 cleanup function no longer takes a status arg
22357 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
22359 * TODO, config.h.in, configure, configure.in, logging.c:
22360 Use strftime() instead of ctime() if it is available.
22363 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
22370 update ReliantUNIX entry
22373 * defaults.c, defaults.h, logging.c:
22374 add log_year option
22377 * configure, configure.in:
22378 add --without-sendmail to help output
22381 * configure, configure.in:
22382 enforce an otctal arg for --with-suoders-mode
22385 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
22387 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
22388 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
22389 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
22390 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
22391 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
22392 testsudoers.c, version.c, visudo.c:
22393 Add support for "Defaults" line in sudoers to make configuration
22394 variables changable at runtime (and on a global, per-host and per-
22395 user basis). Both the names and the internal representation are
22396 still subject to change. It was necessary to make sudo_user.runas
22397 but a char ** instead of a char * since this value can be changed by
22398 a Defaults line. There is a similar (but more complicated) issue
22399 with sudo_user.prompt but it is handled differently at the moment.
22401 Add a "-L" flag to list the name of options with their descriptions.
22402 This may only be temporary.
22404 Move some prototypes to parse.h
22406 Be much less restrictive on what is allowed for a username.
22409 * sample.syslog.conf:
22413 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
22415 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
22417 UCB has dropped the advertising clause from their license.
22420 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
22422 * auth/sudo_auth.h:
22423 move dce_verofy proto to correct section
22430 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
22433 Add fnmatch() prototype
22436 * fnmatch.c, parse.c, testsudoers.c:
22437 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
22441 add strcasecmp proto
22444 * auth/sudo_auth.c:
22445 add check for case where there are no auth methods
22448 * configure, configure.in:
22449 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
22453 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
22454 include strings.h everywhere we include string.h
22458 nicer output when showing auth methods
22462 Add support for SEND_MAIL_WHEN_NO_HOST
22465 * config.h.in, configure, configure.in:
22466 Add _GNU_SOURCE for Linux
22469 * lex.yy.c, parse.lex:
22470 fix definition of OCTECT
22473 * configure, configure.in:
22474 aix_auth.o not authenticate.o
22477 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
22480 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
22481 keyboard). Since we run with ruid/euid == 0 the user can't really
22482 signal us in nasty ways.
22486 Don't need to worry about catching too many signals since we do
22487 locking on the tmp file. If a lockfile is really stale, it will be
22488 detected and overwritten.
22491 * INSTALL, Makefile.in:
22492 include auth/API in tarball
22495 * auth/sudo_auth.c:
22496 move memset() of plaintext pw outside of verify loop and only do the
22497 memset if we are *not* in standalone mode.
22500 * auth/sudo_auth.c, auth/sudo_auth.h:
22501 DCE is not a standalone method
22505 fix --enable-noargs-shell
22509 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
22512 * auth/fwtk.c, auth/sia.c:
22513 _cleanup() function returns an int.
22517 there were still some return(0)'s hanging around, make them
22526 add missing semicolon
22529 * auth/sudo_auth.h:
22533 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
22535 * CHANGES, config.h.in, configure, configure.in:
22536 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
22540 add parse.h to HDRS
22543 * Makefile.in, configure, configure.in:
22544 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
22545 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
22546 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
22547 testsudoers to build on Solaris and is a bit cleaner in general.
22551 mention ptmp -> sudoers.tmp
22554 * config.h.in, configure, configure.in:
22555 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
22563 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
22564 return a value more like a system function
22576 update based on what is in the man page
22579 * parse.yacc, sudo.tab.c:
22580 minor change to first line printed in -l mode
22583 * sudo.cat, sudo.html, sudo.man, sudo.pod:
22584 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
22585 standard and add "EXAMPLES" section
22588 * visudo.cat, visudo.html, visudo.man, visudo.pod:
22589 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
22593 * logging.c, parse.c, sudo.h:
22597 * lex.yy.c, parse.lex:
22598 make an OCTET really be limited to 0-255
22602 mention timestamp changes
22609 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
22610 new sudoers(8) man page
22613 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
22616 Update comments about syslog name tables
22619 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
22620 strcasecmp.c, sudo.tab.c:
22621 include strcasecmp() for those without it
22625 Use the : operator some more and fix a typo
22629 update the history of sudo
22632 * parse.c, parse.lex, testsudoers.c:
22633 CIDR-style netmask support
22640 * sudo.tab.c, sudo.tab.h:
22641 these should be generated with byacc, not bison
22648 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
22649 In "sudo -l" mode, the type of the stored (expanded) alias was not
22650 stored with the contents. This could lead to incorrect output if
22651 the sudoers file had different alias types with the same name.
22652 Normal parsing (ie: not in '-l' mode) is unaffected.
22655 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
22657 * configure, configure.in:
22658 define _XOPEN_SOURCE to get at crypt() proto on some systems
22661 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
22668 don't need limits.h
22672 kill bogus reference to vfprintf
22675 * sample.sudoers, sudoers:
22680 Add some const in the K&R defs. This is safe since we define const
22681 away if the compiler doesn't grok it.
22684 * aclocal.m4, configure:
22685 Better test for working long long support. Ultrix compiler supports
22686 basic long long but not all operations on them.
22689 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
22690 snprintf.c, sudo.c:
22691 Add check for LONG_IS_QUAD #undef MAXINT before including
22692 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
22693 in snprintf.c and use LONG_IS_QUAD
22696 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
22698 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
22700 UCB-derived snprintf + asprintf support. Supports quads if the
22701 compiler does. No floating point yet, perhaps later...
22704 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
22706 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
22707 goodpath.c, logging.c, parse.c, sudo.c:
22708 Run most of the code as root, not the invoking user. It doesn't
22709 really gain us anything to run as the user since an attacker can
22710 just have an setuid(0) in their egg. Running as root solves
22711 potential problems wrt signalling.
22718 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
22720 * logging.c, sudo.c:
22721 Don't wait for child to finish in log_error(), let the signal
22722 handler get it if we are still running, else let init reap it for
22723 us. The extra time it takes to wait lets the user know that mail is
22726 Install SIGCHLD handler in main() and for POSIX signals, block
22731 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
22732 parse.yacc, sudo.c, sudo.h:
22733 sudoers_lookup() now returns a bitmap instead of an int. This makes
22734 it possible to express things like "failed to validate because user
22735 not listed for this host". Some thigns that were previously
22736 VALIDATE_FOO are now FLAG_FOO. This may change later on.
22738 Reorganized code in log_auth() and sudo.c to deal with above
22741 Safer versions of push/pushcp with in the do { ... } while (0) style
22743 parse.yacc now saves info on the stack to allow parse.c to determine
22744 if a user was listed, but not for the host he/she tried to run on.
22746 Added --with-mail-if-no-host option
22749 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
22751 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
22752 visudo.man, visudo.pod:
22753 o NewArgv and NewArgc don't need to be externally visible. o If
22754 pedantic > 1, it is a parse error. o Add -s (strict) option to
22755 visudo which sets pedantic to 2.
22758 * HISTORY, INSTALL:
22759 Just have sudo-bugs contact info in one place
22762 * sudo.cat, sudo.html, sudo.man, sudo.pod:
22766 * Makefile.in, configure, configure.in:
22767 Add testsudoers to default build target if --with-devel Don't clean
22768 generated parser files unless "distclean".
22771 * parse.yacc, sudo.tab.c:
22772 In pedantic mode we need to save *all* the aliases, not just those
22773 that match, or we get spurious warnings.
22777 reference samples.sylog.conf
22780 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
22782 * sample.syslog.conf:
22783 Sample entries for syslog.conf
22790 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
22791 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
22792 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
22793 auth/sudo_auth.c, auth/sudo_auth.h:
22794 In struct sudo_auth, turn need_root and configured into flags and
22795 add a flag to specify an auth method is running alone (the only
22796 one). Pass auth methods their sudo_auth pointer, not the data
22797 pointer. This allows us to get at the flags and tell if we are the
22798 only auth method. That, in turn, allows the method to be able to
22799 decide what should/should not be a fatal error. Currently only
22800 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
22801 define and te hackery that went with it. With access to the
22802 sudo_auth struct, methods can also get at a string holding their
22803 cannonical name (useful in error messages).
22806 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
22807 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
22809 o --with-otp deprecated, use --without-passwd instead o real
22810 dependencies in the Makefile o --with-devel option to enable yacc,
22811 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
22812 back to being a token, not a string but don't leak memory o rename
22813 hsotspec -> host in parse.yacc
22816 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
22822 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
22824 o Digital UNIX needs to check for *snprintf() before -ldb is added
22825 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
22826 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
22827 functions in snprintf.c to fix -Wall o Add missing includes to fix
22831 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
22832 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
22834 o Add a "pedentic" flag to the parser. This makes sudo warn in
22835 cases where an alias may be used before it is defined. Only turned
22836 on for visudo and testsudoers. o Add --disable-authentication option
22837 that makes sudo not require authentication by default. The PASSWD
22838 tag can be used to require authentication for an entry. We no
22839 longer overload --without-passwd.
22842 * lex.yy.c, parse.lex:
22843 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
22844 username can contain just about anything so be very permissive. Also
22845 drop the unused \. punctuation.
22848 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
22850 * parse.yacc, sudo.tab.c:
22851 o add a 'val' element to aliasinfo struct and move -> parse.h o
22852 find_alias() now returns an aliasinfo * instead of boolean o
22853 add_alias() now takes a value parameter to store in the
22854 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
22855 return: 1) positive match 0) negative match (due to '!')
22856 -1) no match This means setting $$ explicitly in all cases, which I
22857 should have done in the first place. It also means that we always
22858 store a value that is != -1 and when we see a '!' we can set
22859 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
22860 now works the way it should in lists and some of the rules are more
22861 uniform and sensible.
22865 add parse.h dependency
22869 kill unused *_matched macros
22873 Allow a list of users as the first thing in a user spec, not just a
22874 single entry. This makes things more uniform, though it does allow
22875 you to write user specs that are hard to read.
22887 fix check for crypt() in libufc
22890 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
22893 sudo-users list now exists
22896 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
22900 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
22901 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
22902 version.c, visudo.c:
22903 o Move lock_file() and touch() into fileops.c so visudo can use them
22904 o Visudo now locks the sudoers temp file instead of bailing when the
22905 temp file already exists. This fixes the problem of stale temp
22906 files but it does *require* that you not try to put the temp file in
22907 a world-writable directory. This shoud not be an issue as the temp
22908 file should live in the same dir as sudoers. o Visudo now only
22909 installs the temp file as sudoers if it changed.
22912 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
22918 * config.h.in, configure, configure.in, logging.c:
22922 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
22923 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
22924 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
22925 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
22926 -> _PATH_SUDOERS_TMP
22929 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
22931 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
22932 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
22933 root sudo -V config reporting
22936 * configure, configure.in:
22937 aix_auth.o not authenticate.o
22941 Add --with-goodpri and --with-badpri configure options to specify
22942 the syslog priority to use.
22945 * INSTALL, configure, configure.in, logging.h:
22946 Add --with-goodpri and --with-badpri configure options to specify
22947 the syslog priority to use.
22951 kill crufty AIX stuff
22955 Sigh, some versions of make (like Solaris's) don't deal with $< like
22956 I would expect. Both GNU and BSD makes get this right but... So, we
22957 just expand $< inline at the cost of some ugliness.
22961 If the invoking user is root, sudo will now print configure info in
22962 -V mode. Currently just prints logging info, to be expanded later.
22965 * logging.c, logging.h, sudo.c, sudo.h:
22966 o new defines for syslog facility and priority o use new
22967 print_version() functino for -V mode
22971 Don't need version.c
22974 * aclocal.m4, config.h.in, configure, configure.in:
22975 Add check for syslog facilities and priorities tables in syslog.h
22979 o authenticate -> aix_auth o add version.c
22982 * auth/sudo_auth.c:
22983 Missed a prompt -> user_prompt conversion
22986 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
22989 sudo should lock its logfile
22992 * parse.yacc, sudo.tab.c:
22993 o Add '!' correctly when expanding Aliases. o Add shortcut macros
22994 for append() to make things more readable. o The separator in
22995 append() is now a string instead of a char. o In append(), only
22996 prepend the separator if the last char is not a '!'. This is a
22997 hack but it greatly simplifies '!' handling. o In -l mode, Runas
22998 lists and NOPASSWD/PASSWD tags are now inherited across entries in
22999 a list (matches current behavior). o Fix formatting in -l mode such
23000 that items in a list are separated by a space. Greatlt improves
23001 readability. o Space for name field in struct aliasinfo is now
23002 allocated dyanically instead of using a (big) buffer. o In
23003 add_alias(), only search the list once (lsearch instead of lfind +
23007 * lex.yy.c, sudo.tab.c, sudo.tab.h:
23011 * configure, configure.in:
23012 Solais pam doesn't require anye xtra setup
23016 o Simpler '!' support now that the lexer deals with multiple !'s for
23017 us. o In the case of opFOO, have FOO give a boolean return value and
23018 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
23019 it gets fill()'d in parse.lex--fixes a small memory leak. In the
23020 long run it may be better to just fix parse.lex and make ALL back
23021 into a token. However, having it be a string is useful since it
23022 can be easily passed back to the parent rule if we so desire.
23026 o Remove some unnecessary backslashes o collapse multiple !'s by
23027 using !+ and checking if yyleng is even or odd. this allows us to
23028 simplify ! handling in parse.yacc
23032 -u flag was being ignored
23035 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
23042 work around pod2man stupididy
23046 correct dependencies for .cat
23049 * sudo.cat, sudo.man, visudo.cat, visudo.man:
23053 * sudo.pod, visudo.pod:
23054 Add copyright Update to reality
23057 * parse.c, sudo.c, sudo.h:
23058 rename validate() to the more descriptive sudoers_lookup()
23065 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
23071 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
23072 configure, configure.in, sudo.c:
23077 add 4th term to license similar to term 5 in the apache license
23080 * emul/search.h, emul/utime.h:
23081 add 4th term to license similar to term 5 in the apache license
23084 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
23085 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
23086 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
23087 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
23088 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
23089 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
23090 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
23092 add 4th term to license similar to term 5 in the apache license
23095 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
23096 add 4th term to license similar to term 5 in the apache license
23099 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
23100 getspwuid.c, goodpath.c:
23101 add 4th term to license similar to term 5 in the apache license
23104 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
23105 insults.h, logging.c, sudo.c, sudo.h:
23106 there was a 1995 release too
23109 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
23116 Use dirs instead of files for timestamp. This allows tty and non-
23117 tty schemes to coexist reasonably. Note, however, that when you
23118 update a tty ticket, the mtime on the user dir gets updated as well.
23121 * configure, configure.in:
23122 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
23123 when linking test program, not just -lprot. Also add check for
23124 getspnam(). The SCO docs indicate that /etc/shadow can be used but
23128 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
23131 first cut at auth API description
23134 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
23136 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
23137 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
23139 auth API change. There is now an init method that gets run before
23140 the main loop. This allows auth routines to differentiate between
23141 initialization that happens once vs. setup that needs to run each
23142 time through the loop.
23145 * auth/kerb5.c, logging.c:
23146 use easprintf() and evasprintf()
23150 add easprintf() and evasprintf(), error checking versions of
23151 asprintf() and vasprintf()
23155 remove 2 items. One done, one won't do.
23158 * lex.yy.c, sudo.tab.c:
23162 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
23163 visudo.html, visudo.man:
23172 o Document -K flag and update meaning of -k flag. o BSD-style
23173 copyright o Document clearing of BIND resolver environment variables
23174 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
23175 if your OS gives away files
23183 BSD-style copyright
23187 o BSD copyright o no need to block signals, we now do that in main()
23191 * testsudoers.c, visudo.c:
23192 o BSD-style copyright o Use "struct sudo_user" instead of old
23193 globals. o some cometic cleanup
23197 BSD-style copyright
23201 o BSD copyright o logging and parser bits moved to their own .h
23202 files o new "struct sudo_user" to encapsulate many of the old
23207 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
23208 logging routines o simplified flow of control o BIND resolver
23209 additions to badenv_table
23213 BSD-style copyright
23217 Now compiles on more K&R compilers
23221 BSD-style copyright, cosmetic changes
23225 BSD-style copyright
23228 * parse.c, parse.h, parse.lex, parse.yacc:
23229 BSD-style copyright. Move parser-specific defines and structs into
23230 parse.h + other cosmetic changes
23234 defines for logging routines
23237 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
23238 BSD-style copyright, cosmetic changes
23241 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23243 BSD-style copyright
23247 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
23248 kill --disable-tgetpass o add --without-passwd o changes to fill in
23249 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
23250 v?asprintf() o replace --with-AuthSRV with --with-fwtk
23254 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
23255 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
23256 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
23260 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
23264 BSD-style copyright
23268 no more --with-getpass
23272 Take out things I've done...
23280 --with-getpass no longer exists
23284 BSD-style copyright. Update to reflect reality wrt new files and
23289 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
23294 Update history a bit
23297 * COPYING, LICENSE:
23298 Now distributed under a BSD-style license
23301 * auth/sudo_auth.c:
23302 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
23303 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
23307 * auth/pam.c, auth/sia.c:
23308 BSD-style copyright and use new log functions
23312 o BSD-style copyright o Use new log functiongs o Use asprintf() and
23313 snprintf() where sensible.
23317 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
23318 done more reasonably--better sanity checks and tty-based stamps are
23319 now done as files in a directory with the same name as the invoking
23320 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
23321 to mix tty and non-tty based ticket schemes but this may change in
23322 the future (it requires sudo to use a directory instead of a file in
23323 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
23324 the epoch and ``sudo -K'' really deletes the file. That way you
23325 don't get the lecture again just because you killed your ticket in
23326 .logout. BSD-style copyright now.
23330 o rewritten logging routines. log_error() now takes printf-style
23331 varargs and log_auth() for the return value of validate(). o BSD-
23335 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
23336 superceded by new auth API
23340 BSD-style copyright
23344 Use snprintf() where it makes sense and add a BSD-style copyright
23347 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
23348 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
23349 BSD-style copyright
23352 * emul/utime.h, utime.c:
23353 BSD-style copyright
23357 this has been rewritten so use my BSD-style copyright
23360 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
23363 include malloc.h if no stdlib.h
23367 KTH snprintf()/asprintf() for systems w/o them
23371 strerror() for systems w/o it
23374 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
23380 * parse.c, parse.lex, parse.yacc:
23381 Add contribution info in the main comment
23384 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
23387 remove missed ref to PAM_nullpw
23390 * auth/sudo_auth.h:
23395 more or less complete now--still untested
23398 * auth/afs.c, auth/pam.c:
23399 don't use user_name macro, it will go away
23402 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
23403 combine skey/opie code into rfc1938.c
23406 * auth/dce.c, auth/sudo_auth.h:
23407 DCE authentication method; basically unchanged from dce_pwent.c
23410 * auth/aix_auth.c, auth/sudo_auth.h:
23411 AIX authenticate() support. Could probably be much better
23415 Fix an uninitialized variable and some cleanup. Now works (tested)
23418 * auth/sia.c, auth/sudo_auth.h:
23419 SIA support for digital unix
23423 don't use prompt global, it will go away
23426 * auth/secureware.c:
23427 correct copyright years
23430 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
23431 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
23432 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
23433 New authentication API and methods
23436 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
23443 only save an entry if user_matches && host_matches, even if the
23444 stack is empty (fix for previous commit)
23452 1) Always save an entry on the stack if it is empty. This fixes the
23453 -l and -v flags that were broken by earlier parser changes.
23455 2) In a Runas list, don't negate FALSE -> TRUE since that would make
23456 !foo match any time the user specified a runas user (via -u) other
23461 interfaces and num_interfaces are now auto, not extern
23464 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
23467 use a static global to keep stae about empty passwords
23471 make PASSWORD_NOT_CORRECT logging consistent with other modules
23474 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
23477 PAM prompt code was wrong, looks like we have to kludge it after
23482 In the PAM code, when a user hits return at the first password
23483 prompt, exit without a warning just like the normal auth code
23486 * configure, configure.in:
23487 kludge around cross-compiler false positives
23490 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
23491 New (correct) PAM code Tgetpass now takes an echo flag for use with
23492 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
23493 useless umask setting Change error from BAD_ALLOCATION ->
23494 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
23499 Some -Wall and kill some trailing spaces
23503 define -D__EXTENSIONS__ for solaris so we get crypt() proto
23506 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
23512 * INSTALL, config.h.in, configure, configure.in:
23513 for kerberos V < version, fall back on old kerb4 auth code
23517 clarify some things
23520 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
23524 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
23527 mention why DONT_LEAK_PATH_INFO is not the default
23530 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
23533 Fix open(2) return value checking, was NULL for fopen, should be -1
23542 better wording for solaris pam notice
23546 document recent changes
23550 Update shadow password section
23554 move authentication code from check.c to auth.c
23557 * Makefile.in, check.c, sudo.h:
23558 move authentication code to auth.c
23561 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
23563 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
23564 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
23565 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
23566 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
23568 Move interface-related defines to interfaces.h so we don't have to
23569 include <netinet/in.h> everywhere.
23572 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
23574 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
23575 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
23576 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
23577 turns out the old DES crypt does the right thing with passwords
23578 longert than 8 characters. o Fix common typo (necesary ->
23579 necessary) o Update TODO list
23582 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
23585 set $LOGNAME when we set $USER
23588 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
23591 add comment about digital unix and interfaces.c warning with gcc
23594 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
23597 use modern paths and give examples for some of the new parser
23601 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
23607 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
23608 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
23609 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
23610 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
23611 Function names should be flush with the start of the line so they
23612 can be found trivially in an editor and with grep
23615 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
23616 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
23617 free(3) is already void, no need to cast it
23620 * logging.c, sudo.c, sudo.h:
23621 catch case where cmnd_safe is not set (this should not be possible)
23624 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
23625 testsudoers.c, visudo.c:
23626 Stash the "safe" path (ie: the one listed in sudoers) to the command
23627 instead of stashing the struct stat. Should be safer.
23630 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
23632 * INSTALL, Makefile.in, UPGRADE:
23633 notes on updating from an earlier release
23640 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
23642 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
23643 sudoers.man, sudoers.pod:
23644 You can now specifiy a host list instead of just a host or alias.
23645 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
23652 * parse.yacc, sudo.tab.c:
23653 Move the push from the beginning of cmndspec to the end. This means
23654 we no longer have to do a push at the end of privilege, just reset
23658 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
23659 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
23660 use "!" most everywhere
23663 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
23666 modernize paths and update su example based on sample.sudoers one
23670 New runas semantics
23673 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
23675 In estrdup(), do the malloc ourselves so we don't need to rely on
23676 the system strdup(3) which may or may not exist. There is now no
23677 need to provide strdup() for those w/o it. Also, the prototype for
23678 estrdup() was wrong, it returns char * and its param is const.
23686 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
23689 * CHANGES, TODO, parse.yacc, sudo.tab.c:
23690 It is now possible to use the '!' operator in a runas list as well
23691 as in a Cmnd_Alias, Host_Alias and User_Alias.
23694 * logging.c, sudo.h:
23695 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
23699 Definitions of *_matched were wrong--user top, not top-2 as
23703 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
23704 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
23705 command but the NOPASSWD flag was set. Make runasspec, runaslist,
23706 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
23707 in the runas list Fix double printing of '%' and '+' for groups and
23708 netgroups respectively Add *_matched macros (no need for local stack
23709 variable). Should only be used directly after a pop (since top must
23713 * aclocal.m4, configure.in:
23714 Add copyright, somewhat silly
23717 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
23719 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
23720 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
23721 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
23722 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
23723 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
23724 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
23725 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
23726 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
23728 Crank version to 1.6 and combine copyright statements
23732 Use ! not ^ to do negation
23735 * lex.yy.c, sudo.tab.c:
23739 * parse.lex, parse.yacc:
23740 Make runas and NOPASSWD tags persistent across entris in a command
23741 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
23742 runas or *PASSWD tag the value given becomes the new default for the
23743 rest of the command list.
23746 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
23750 [a1ae9d4a7d54] [SUDO_1_5_9]
23753 Shift return value of system(3) by 8 to get real exit value and if
23754 it is not 1 or 0 print the retval along with the error message.
23757 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
23760 testsudoers needs LIBOBJS too
23763 * parse.c, parse.yacc, sudo.tab.c:
23764 Fix another parser bug. For a sudoers entry like this: millert
23765 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
23773 * parse.yacc, sudo.tab.c:
23774 Save entries that match a ! command on the matching stack too
23778 Make sudo's usage info better when mutually exclusive args are given
23779 and don't rely on argument order to detect this; nick@zeta.org.au
23782 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
23784 * CHANGES, Makefile.in, RUNSON:
23792 * parse.yacc, sudo.tab.c:
23793 Fix off by one error introduced in *alloc changes
23796 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
23797 check_sia.c, compat.h, config.h.in, configure, configure.in,
23798 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
23799 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23800 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
23801 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
23802 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
23803 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
23804 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
23808 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
23809 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
23810 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
23811 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
23812 Use emalloc/erealloc/estrdup
23816 error checking memory allocation routines
23819 * parse.yacc, sudo.tab.c:
23820 Still not right, this fixes it for real
23823 * parse.yacc, sudo.tab.c:
23824 Fix for previous commit
23827 * CHANGES, INSTALL, parse.yacc:
23828 Fix a parser bug that was exposed when mixing different runas specs
23829 and ! commands. For example: millert ALL=(daemon)
23830 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
23831 as well as daemon when it should just allow daemon. The problem was
23832 that comma-separated commands in a list shared the same entry on the
23833 matching stack. Now they get their own entry iff there is a full
23834 match. It may be better to just make the runas spec persistent
23835 across all commands in a list like the user and host entries of the
23836 matching stack. However, since that is a fairly major change it
23837 should gets its own minor rev increase.
23840 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
23842 * check.c, config.h.in:
23843 Simplify PAM code and fix a PAM-related warning on Linux
23846 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
23860 * check.c, configure.in:
23861 new pam code that works on solaris, should work on linux too;
23865 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
23872 only include strings.h if there is no string.h
23875 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
23878 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
23881 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
23884 shost must be set before log functions are called #ifdef HOST_IN_LOG
23887 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
23889 * CHANGES, lex.yy.c, parse.lex:
23890 Fix a bug wrt quoting characters in command args. Stop processing
23891 an arg when you hit a backslash so the quoted-character detection
23895 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
23898 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
23901 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
23903 * configure, configure.in:
23904 add missing case statement so --without-sendmail works
23907 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
23913 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
23915 * configure, configure.in:
23916 only search for -lsun in irix <= 4.x
23919 * configure, configure.in:
23920 back out last configure.in change now that I've hacked autoconf to
23921 fix the real problem and add a missing newline
23929 add def of dirfd() for those without it
23932 * configure, configure.in:
23933 When falling back to checking for socket() when linking with
23934 "-lsocket -lnsl" check for main() instead since autoconf has already
23935 cached the results of checking for socket() in -lsocket. This is
23936 really an autoconf bug as it should use the extra libs as part of
23937 the cache variable name.
23944 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
23947 fix occurrence of $with_timeout that should be
23948 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
23952 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
23954 * sudo.cat, sudo.html, sudo.man, sudo.pod:
23955 fix grammar; espie@openbsd.org
23956 [7031d9dfbc3e] [SUDO_1_5_8]
23958 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
23960 * parse.yacc, sudo.c, testsudoers.c:
23961 add cast for strdup in places it does not have it
23964 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
23966 * configure, configure.in:
23967 define for_BSD_TYPES irix
23970 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
23972 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
23973 Make it clear that it is the user's password, not root's, that we
23978 If the user enters an empty password and really has no password,
23979 accept the empty password they entered. Perviously, they could
23981 *but* an empty password. Also, add GETPASS macro that calls either
23982 tgetpass() or getpass() depending on how sudo was configured.
23983 Problem noted by jdg@maths.qmw.ac.uk
23986 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
23988 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
23989 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
23990 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23991 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
23992 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
23993 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
23995 add explicate copyright
23999 mention -lsocket, -lnsl configure changes
24002 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
24005 Don't clobber errno after calling check_sudoers().
24008 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
24010 * configure, configure.in:
24011 When linking with both -lsocket and -lnsl be sure to do so in that
24012 order. Also, when we can't find socket() or inet_addr() and have to
24013 try linking with both libs, issue a warning.
24016 * sudo.cat, sudo.man, sudo.pod:
24017 clarify bad timestamp and fmt
24020 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
24023 be clear that pam is linux-only and add a RUNSON entry
24026 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
24028 * CHANGES, INSTALL, configure, configure.in:
24029 fix and correctly document --with-umask; problem noted by
24033 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
24035 * configure, configure.in:
24036 only use /usr/{man,catman}/local to store man pages if suer didn't
24037 override prefix or mandir
24040 * INSTALL, configure, configure.in:
24041 fix typo, make --with-SecurID take an arg
24044 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
24050 * CHANGES, INSTALL, check.c, configure, configure.in:
24051 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
24054 * configure, configure.in:
24055 better fix for the problem of unresolved symbols in -lnsl or
24059 * configure, configure.in:
24060 when checking for functions in -lnsl and -lsocket link with both of
24061 them to avoid unresolved symbols on some weirdo systems
24064 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
24066 * BUGS, CHANGES, RUNSON, TODO:
24067 old changes that didn't make it into RCS before the RCS->CVS switch
24070 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
24072 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
24073 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
24074 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
24075 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
24076 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
24077 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
24078 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
24091 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
24092 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
24093 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
24094 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
24095 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
24096 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
24097 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
24098 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
24099 crank version and regen files
24103 kill rcs goop in update_version and fix now that version is a const
24106 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
24107 sudo.c, sudo.h, sudo.pod:
24108 kerb5 support from fcusack@iconnet.net
24111 * realpath.c, sudo_realpath.c:
24112 we no longer use realpath
24116 replaced by find_path.c
24120 all options are now configure flags
24128 superceded by getcwd.c
24132 superceded by tgetpass.c
24136 superceded by RUNSON
24140 No longer used now that we have configure options for everything.
24144 regen based on configure.in
24147 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
24148 sudoers.man, visudo.cat, visudo.html, visudo.man:
24149 regen based on sudo.pod, sudoers.pod, and visudo.pod
24152 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
24155 fix tty tickets in remove_timestamp (didn't use ':')
24158 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
24161 close sock when we are done with it
24164 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
24167 never say "error on line -1"
24170 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
24173 check for -lnsl before -lsocket
24177 quote '[', ']' used in ranges correctly
24180 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
24183 add missing NO_ROOT_SUDO noted by drno@tsd.edu
24186 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
24193 more info for 1.5.7
24201 make increases of cm_list_size and ga_list_size be similar to
24202 increases of stacksize (ie: >= not > in initial compare).
24206 when we get a syntax error, report it for the previous line since
24207 that's generally where the error occurred.
24210 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
24212 * config.h.in, configure.in, interfaces.c:
24213 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
24215 [d197f31fd1e4] [SUDO_1_5_7]
24218 define BSD_COMP for svr4
24221 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
24222 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
24223 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
24224 testsudoers.c, tgetpass.c, utime.c, visudo.c:
24229 kill check for sockio,h
24233 no more HAVE_SYS_SOCKIO_H
24236 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
24237 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
24238 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
24239 testsudoers.c, tgetpass.c, utime.c, visudo.c:
24243 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
24246 add missing inform_user()
24249 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
24252 return NOT_FOUND if given fully qualified path and it does not exist
24253 previously it would perror(ENOENT) which bypasses the option to not
24258 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
24262 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
24265 tty tickets are user:tty now
24269 when using tty tickets make it user:tty not user.tty as a username
24270 could have a '.' in it
24273 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
24276 add "ignoring foo found in ." for auth successful case
24279 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
24282 add missing printf param
24285 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
24287 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
24288 go back to printing "command not found" unless --disable-path-info
24289 specified. Also, tell user when we ignore '.' in their path and it
24290 would have been used but for --with-ignore-dot.
24294 Only one space after a colon, not two, in printf's
24297 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
24300 document setting $USER
24304 fix bugs with prompt expansion
24308 set $USER for root too
24311 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
24318 HP-UX's iscomsec is in -lsec, not libc
24322 remove some entries in the OS case statement that did nothing
24326 add "cd" section and flush out syslog section
24330 no more sudo-lex.yy.c
24334 add custom prompt support
24338 kill perror("malloc") since we already have a good error messages
24339 pw_ent -> pw for brevity
24343 kill perror("malloc") since we already have a good error messages
24344 pw_ent -> pw for brevity set $USER if -u specified
24348 kill perror("malloc") since we already have a good error messages
24352 kill perror("malloc") since we already have a good error messages
24353 pw_ent -> pw for brevity when checking if %group matches, look up
24354 user in password file so that %groups works in a RunAs spec.
24358 kill perror("malloc") since we already have a good error messages
24361 * check.c, getspwuid.c, interfaces.c:
24362 kill perror("malloc") since we already have a good error messages
24363 pw_ent -> pw for brevity
24366 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
24369 the prompt is expanded before tgetpass is called
24373 tgetpass now has the same args as getpass again
24377 add iscomsec, issecure support
24381 we now expand any %h or %u in the prompt before passing to tgetpass
24385 add check for syslog(3) in -lsocket, -lnsl, -linet
24389 add HAVE_ISCOMSEC and HAVE_ISSECURE
24393 add check for iscomsec in HP-UX
24397 check for issecure if we have getpwanam on SunOS some options are
24398 incompatible with DUNIX SIA check for dispcrypt on DUNIX
24401 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
24408 add back support for non-dispcrypt based checking for older DUNIX
24416 SIA becomes the default on Digital UNIX now havbe --disable-sia to
24421 move local includes after system ones
24424 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
24426 * check.c, check_sia.c, sudo.h:
24427 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
24432 fix while loop in sia_attempt_auth() that checks the password. Only
24433 the first iteration was working.
24436 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
24439 don't trust UID_MAX or MAXUID
24450 * getspwuid.c, secureware.c:
24451 init crypt_type to INT_MAX since it is legal to be negative in DUNX
24456 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
24457 -ldb since DUNX < 4.0 lacks it
24460 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
24462 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
24463 secureware.c, sudo.c, tgetpass.c:
24464 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
24465 minutes if the shadow files don't exist).
24468 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
24471 updated --with-editor blurb
24475 tell how to put sudoers in a different dir
24479 add missing quotes around $with_editor
24483 typo in --with-editor bits
24487 I don't expect it to work on Solaris
24491 add back security/pam_misc.h
24494 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
24497 remove dunix note since configure checks for this now
24501 add check for broken dunix prot.h (4.0 < 4.0D is bad)
24504 * getspwuid.c, secureware.c, tgetpass.c:
24505 new dunix shadow code, use dispcrypt(3)
24513 call initprivs() if we have it for getprpwuid later on
24517 clean pathnames.h too
24521 quote "Sorry, try again." with [] since it has a comma in it set
24522 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
24523 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
24528 update Digital UNIX note about acl.h
24533 --without-root-sudo -> --disable-root-sudo some reordering
24540 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
24548 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
24551 when checking for -lsocket, -lnsl, and -linet, check for the
24552 specific functions we need from them.
24555 * config.h.in, sudo.h:
24556 move Syslog_* defs into sudo.h
24559 * Makefile.in, sudo.h:
24560 added check_secureware
24564 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
24568 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
24569 defined. configure now does that for us
24573 move some --with options around change a bunch of echo's to
24574 AC_MSG_CHECKING, AC_MSG_RESULT pairs
24578 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
24579 syntax error add some echo verbage
24582 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
24585 moved SecureWare stuff into secureware.c
24593 update url to solaris gcc bins
24597 change option formatter and flesh out someentries
24600 * TROUBLESHOOTING, sudo.pod, visudo.pod:
24601 environmental variable -> environment variable
24605 everything is now done via configure
24613 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
24617 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
24621 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
24622 sudoers_mode from configure
24626 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
24627 the Makefile, not config.h
24631 document all --with/--enable options
24634 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
24637 options.h is no more
24641 assimilated options.h
24645 moved options from options.h to configure
24648 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
24649 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
24650 sudo_setenv.c, visudo.c:
24654 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
24655 remove references to options.h
24658 * dce_pwent.c, interfaces.c, sudo.c:
24663 if select return < -1 still prompt for pw
24667 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
24672 FAST_MATCH is no longer an optino
24676 remove_timestamp() if timestamp is preposterous
24680 convert more options to --with/--enable
24683 * INSTALL, aclocal.m4:
24688 convert more options into --with and --enable
24692 catch EINTR in select and restart
24699 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
24702 UMASK -> SUDO_UMASK.
24705 * check.c, logging.c:
24706 time.h, not sys/time.h
24709 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
24712 MAILER -> _PATH_SENDMAIL
24715 * INSTALL, configure.in:
24716 no more --with-C2, now it is --disable-shadow
24719 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
24720 getspwuid.c, sudo.c, tgetpass.c:
24721 new shadow password scheme. Always include shadow support if the
24722 platform supports it and the user did not disable it via configure
24725 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
24728 --with-getpass -> --{enable,disable}-tgetpass
24732 pathnames.h -> pathnames.h.in
24740 move pam_conv to be static to auth function remove pam_misc.h
24741 (solaris doesn't have one)
24745 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
24749 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
24753 convert to pathnames.h.in
24756 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
24759 fix typo in sysv4 matching case /.
24762 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
24765 pam stuff needs to run as root, not user, for shadow passwords
24768 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
24770 * BUGS, INSTALL, README, configure.in:
24774 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
24775 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
24776 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
24777 logging.c, options.h, parse.c, parse.lex, parse.yacc,
24778 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
24779 testsudoers.c, tgetpass.c, utime.c, visudo.c:
24784 user version.h for long message
24788 this is version 1.5.6
24791 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
24794 remove errant backslash
24797 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
24799 * options.h, parse.yacc, pathnames.h.in:
24801 [fdee73255d64] [SUDO_1_5_6]
24803 * BUGS, CHANGES, TODO:
24811 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
24814 kill unused localhost_mask var copy if name to ifr_tmp after we zero
24818 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
24821 Better description of new vs. old sudoers modes fix some typos
24822 better description of /usr/ucb/cc gotchas on slowaris
24830 set NewArgv[0] to user_shell, not basename(user_shell)
24833 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
24836 mention TROUBLESHOOTING more fix some typos
24840 move --enable/--disable to be after --with
24844 document --enable/--disable
24848 document --with-pam
24851 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
24854 Add message for pam users
24865 * check.c, config.h.in, configure.in:
24866 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
24869 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
24872 add HOST_IN_LOG and WRAP_LOG
24876 add WRAP_LOG and HOST_IN_LOG
24880 add --enable-log-host and --enable-log-wrap
24884 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
24887 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
24894 include sys/param.h to get howmany macro
24897 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
24899 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
24903 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
24906 bring in stdio.h for NULL
24910 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
24914 use HAVE_SET_AUTH_PARAMETERS
24918 add HAVE_SET_AUTH_PARAMETERS
24922 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
24926 add support for HI-UX/MPP SR220001 02-03 0 SR2201
24930 initialize previfname
24934 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
24935 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
24944 don't need special build line for sudo.tab.o
24948 don't clean sudo.tab.[ch]
24952 Sudo should prompt for a password before telling the user that a
24953 command could not be found.
24961 no longer require yacc
24969 y.tab -> sudo.tab include pre-yacc'd parse.yacc
24973 include sudo.tab.h, not y.tab.h don't break out of command args if
24981 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
24990 getcwd(3) from OpenBSD for those without it.
24994 HAVE_GETWD -> HAVE_GETCWD
24998 pretend sunos doesn't have getcwd(3) since it opens a pipe to
25007 remove duplicate include of string.h
25011 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
25015 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
25019 add dev_t and ino_t
25022 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
25025 fix OTP_ONLY for opie
25028 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
25030 * testsudoers.c, tgetpass.c:
25031 include stdlib.h for malloc proto
25034 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
25037 make update_version saner
25041 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
25045 check for waitpid and wait3 or no waitpid
25049 used waitpid or wait3 if we have 'em
25052 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
25055 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
25058 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
25061 don't need to explicately mention -lsocket -lnsl for sequent
25064 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
25067 dynix should not link with -linet
25070 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
25073 mention that HP-UX doesn't ship with yacc
25076 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
25079 ignore kerberos if we can't get the local realm
25082 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
25084 * BUGS, INSTALL, README, configure.in:
25092 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
25093 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
25094 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
25095 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
25104 don't use popen/pclose. Do it inline.
25115 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
25116 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
25121 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
25126 getwd.c -> getcwd.c
25138 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
25142 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
25144 * OPTIONS, options.h:
25145 add STUB_LOAD_INTERFACES
25148 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
25149 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25150 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25151 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
25152 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25153 testsudoers.c, tgetpass.c, utime.c, visudo.c:
25158 support *-ccur-sysv4 and fix two typos
25161 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
25164 don't echo about with_logfile and with_timedir
25168 document --with-logfile and --with-timedir
25172 support --with-logfile and --with-timedir
25176 Add --with-logfile and --with-timedir
25180 change size computation of NewArgv for UNICOS
25183 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
25186 treate -*-sysv4* like *-*-svr4
25189 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
25192 fix spacing for --with-authenticate help
25195 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
25196 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25197 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25198 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
25199 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25200 testsudoers.c, tgetpass.c, utime.c, visudo.c:
25205 fix off by one error in push macro
25208 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
25211 removed bogus alloca hack
25215 added AIX 4.x authenticate() support
25219 include alloca.h if using bison and not gcc and it exists. fixes an
25220 alloca problem on hpux 10.x
25224 mention --with-authenticate
25228 added AIX authenticate() support
25232 add HAVE_AUTHENTICATE
25236 dynamically size ifconf buffer
25243 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
25244 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25245 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25246 logging.c, options.h, parse.c, parse.lex, parse.yacc,
25247 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25248 testsudoers.c, tgetpass.c, utime.c, visudo.c:
25256 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
25259 add busy stmp file explanation
25262 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
25265 the name of the cached var that signals whether or not you are cross
25266 compiling changed. It is now ac_cv_prog_cc_cross
25269 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
25272 mention glibc 2.07 is fixed wrt lsearch()\.
25275 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
25277 * sample.sudoers, sudoers.pod:
25278 better example of su but not root su
25281 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
25283 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
25284 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25285 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25286 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
25287 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25288 testsudoers.c, tgetpass.c, utime.c, visudo.c:
25293 correct regexp for updating version
25297 remove bogus flush of stderr spew prompt before turning off echo.
25298 Seems to fix a weird problem where if sudo complained about a bogus
25299 stamp file the user would sometimes not have a chance to enter a
25304 fix bogus flush of stderr
25308 close fd's <=2 not <=3 and move that chunk of code up
25312 support hpux1[0-9] not just hpux10
25315 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
25318 set sudoers_fp to nil after closing
25321 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
25323 * config.guess, config.sub:
25324 updated from autoconf 2.12
25331 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
25334 fix select usage for high fd's (dynamically allocate readfds)
25338 kill extra whitespace
25342 do an initgroups() before running a command, unless the target user
25346 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
25349 tell people to use tabs, not spaces, in syslog.conf
25352 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
25354 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
25355 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
25359 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
25360 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
25364 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
25365 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
25370 more tweaks to update_version
25374 fixed up update_version rule
25382 removed supe of check.c
25393 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
25394 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
25395 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
25396 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
25397 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
25398 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
25408 add rules to update version stuff in files so I don't need to do it
25413 sudoers_fp is now extern
25417 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
25418 don't have to open it again in the parse. This may help with weird
25419 solaris problems where EAGAIN sometime occurrs.
25423 sudoers file open is now done only in check_sudoers() so we just do
25424 a rewind() instead of an open. May help people on solaris who were
25428 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
25431 mention that newer glibc is fixed
25434 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
25437 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
25438 _RLD* instead of _RLD_*
25446 fix that bug for real
25450 document Linux's libc6 brokenness.
25459 [4949a1bbd0a9] [SUDO_1_5_4]
25462 remind people to HUP syslogd
25478 remove author's email addr. people should mail sudo-bugs
25485 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
25486 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
25487 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
25488 logging.c, options.h, parse.c, parse.lex, parse.yacc,
25489 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25490 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
25498 * INSTALL, Makefile.in:
25507 exit(1) if user enters no passwd
25515 commands can start with ./* not just /* -- fixes a serious security
25519 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
25522 Don't set the tty variable to NULL when we lack a tty, leave it as
25526 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
25529 fix usage of (username) in conjunction with , and !
25533 catch the case where the user is not in the passwd file
25537 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
25542 define tty global to an initial value to avoid dumping core in
25543 logging functions when passwd file is unavailable.
25547 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
25552 talk about problem of ALL
25555 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
25562 fdesc bug is fixed in Open/Net BSD
25566 updates from Nieusma
25569 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
25572 move compat.h after the system includes
25575 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
25578 save errno from being clobbered by wait(). From Theo
25581 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
25584 fix an occurence of setresuid -> setreuid (typo)
25587 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
25590 check for path to strip
25593 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
25596 deal with maxfilelen < 0 case
25603 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
25606 correct error message if mode/owner wrong and not statable by owner
25607 but is statable by root.
25610 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
25612 * config.guess, config.sub:
25616 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
25618 * CHANGES, RUNSON, TODO:
25622 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
25624 * parse.yacc, sudo.h:
25625 command_alias -> generic_alias
25626 [c404ca8c510d] [SUDO_1_5_3]
25629 added Runas_Alias example and fixed syntax errors
25632 * OPTIONS, options.h:
25633 updated MAILSUBJECT
25640 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
25641 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
25642 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
25643 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
25644 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
25645 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
25650 * BUGS, emul/utime.h:
25655 document Runas_Alias
25663 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
25668 add size params to sprintf
25672 allow trailing space after '\\' but before '\n'
25676 off by one error in path size check
25683 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
25690 now warns if killed by signal ./
25693 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
25696 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
25701 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
25705 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
25709 Add Runas_Alias and simplify a rule.
25713 always store User_Alias's since they can be used inside of a runas
25714 list. Sigh. Really need a Runas_Alias instead.
25717 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
25720 deal with case where there is no sudoers file
25723 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
25729 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
25731 * HISTORY, testsudoers.c:
25732 developement -> development
25747 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
25750 removed seteuid() notes
25751 [1010a60f281d] [SUDO_1_5_2]
25753 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
25756 better seteuid() emulatino
25760 added check for seteuid
25767 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
25770 first stab at sequent support
25774 added HAVE_SYS_SELECT_H
25778 sequent -> _SEQUENT_
25782 added seteuid() macro for DYNIX
25786 _AIX -> HAVE_SYS_SELECT_H
25789 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
25791 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
25792 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
25793 testsudoers.c, tgetpass.c, utime.c, visudo.c:
25797 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
25798 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
25799 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
25800 pathnames.h.in, version.h:
25805 added -H and SUDO_PS1
25809 use SUDO_FUNC_FNMATCH
25813 added SUDO_FUNC_FNMATCH
25821 added MODE_RESET_HOME /
25824 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
25838 * compat.h, config.h.in:
25843 added HAVE_OPIE and changed to *_OTP_*
25850 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
25853 moved fclose() in skey stuff.
25856 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
25859 index -> strchr remove unnecesary stuff
25863 now call skeychallenge() to get challenge instead of making one up
25864 ourselves. this way, we get extra goodies in the prompt.
25867 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
25871 [3f5149357e2a] [SUDO_1_5_1]
25874 allow logins to start with a number (YUCK!)
25877 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
25880 added soalris 2.5 vs 2.4 note
25884 DUNIX doesn't need -lnsl
25888 *** empty log message ***
25891 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
25892 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
25893 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
25894 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
25895 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
25896 utime.c, version.h, visudo.c:
25900 * PORTING, README, RUNSON:
25904 * INSTALL, Makefile.in, TROUBLESHOOTING:
25909 *** empty log message ***
25912 * sudo.pod, visudo.pod:
25916 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
25922 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
25925 added $SUDO_PROMPT support
25928 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
25931 print long skey challemged to stderr, not stdout
25934 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
25944 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
25950 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
25953 use shost, not host for tgetpass
25957 documented %u and %h
25961 documented %u and %h
25968 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
25969 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25970 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25971 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
25972 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25973 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
25981 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
25983 * Makefile.in, configure.in, version.h:
25988 new tgetpass() params
25992 pass use and host to tgetpass
25996 added %u and %h escapes
25999 * OPTIONS, check.c, options.h:
26004 added cray (unicos) support
26007 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
26009 * OPTIONS, options.h, sudo.c:
26010 added SHELL_SETS_HOME
26013 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
26016 added note about "make install"
26020 changed length/size params from int to size_t
26024 now get CSOPS insults as well by default
26028 use csops insults too by default
26031 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
26036 added runas_homedir
26052 added "upgrading" notes
26055 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
26058 now do chmod and chown after edit of temp file and before rename
26059 [de174e34faa7] [SUDO_1_5_0]
26061 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
26064 ++version added INSTALL.configure
26067 * configure.in, version.h:
26072 *** empty log message ***
26080 sets $HOME to pw_dir of runas user
26084 document $HOME change
26087 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
26090 fixed up some wording
26093 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
26094 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
26095 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
26100 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
26101 insults.h, options.h, pathnames.h.in, sudo.h:
26110 name nad type changes
26114 now works with new sudo
26122 some variable name changes + comment headers for functions.
26126 added extra paren's to make compilers happy
26130 *** empty log message ***
26134 now uses init_parser() if not in sudoers and tries "list" or
26135 "validate" scold but don't be nasty.
26139 now can use upper case login names
26143 now uses init_parser()
26151 added info about PASSWORD_TIMEOUT
26154 * INSTALL.configure:
26163 now dynamically allocates memory for the stacks -- no more
26168 -l now explands command aliases
26172 hacks to expand command aliases for `sudo -l'
26176 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
26180 added struct command_alias
26188 in compar() key should be first arg
26191 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
26198 can now deal with upcase HOST and USER names
26202 don't yell too loudly at non-sudoers if they do "sudo -l"
26213 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
26215 * parse.c, parse.yacc:
26216 added support for new `sudo -l' stuff
26220 now uses list_matches()
26224 added struct sudo_match
26228 now more -lgnumalloc
26231 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
26234 added more paths for chown and whoami
26237 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
26243 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
26246 fixed DUNIX check for shadow pw
26250 now only turn off echo if it is already on. this fixes a race when
26251 you use sudo in a pipelin
26259 changed "test -z $foo && do_this" to if; then construct
26262 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
26265 added missing defines of SHADOW_TYPE
26268 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
26271 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
26276 added AUTH_CRYPT_C1CRYPT support
26280 no longer return VALIDATE_NOT_OK if there was a runas that didn't
26281 match. Now we can have runas stuff on more than one line.
26284 * getspwuid.c, sudo.c, tgetpass.c:
26285 use SHADOW_TYPE instead of HAVE_C2_SECURITY
26289 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
26294 removed HAVE_C2_SECURITY added SPW_BSD
26298 use SHADOW_TYPE instead of HAVE_C2_SECURITY
26302 SHADOW_TYPE is always defined so just against its value
26306 added SUDO_CHECK_SHADOW_DUNIX
26309 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
26312 * -> ?* in one example added another instance of (runas) and one of
26316 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
26319 added back check for config.cache from other host type
26323 removed an instance of \"
26331 updated wrt new wildcard matching
26335 new check for shadow passwords if we don't know anything
26339 new SUDO_CHECK_SHADOW_GENERIC
26343 added back check for -lsocket (oops)
26347 better (working) check for shadow passwd type if we know to use C2.
26351 now uses AC_CANONICAL_HOST to figure out os type
26355 added config.{guess,sub}
26359 removed unused stuff to figure out os type
26375 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
26376 pathname. need to check against sudoers_args even if user_args is
26381 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
26382 pathname need to check against sudoers_args even if user_args is nil
26385 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
26388 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
26392 now takes command line args and uses cmnd_args
26396 fill_args was adding an extra leading space
26399 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
26402 fixed dummy command_matches()
26414 now uses flat args string
26417 * parse.c, parse.lex:
26418 now uses flat arg string
26422 added cmnd_args def
26426 now sets cmnd_args global
26430 cmnd_args is now exported from sudo.[ch]
26433 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
26436 can't rely on cmnd_matches as much as I thought -- added some $$
26437 stuff back in to prevent namespace pollution problems.
26441 Simplified parse rules wrt runas and NOPASSWD (more consistent).
26444 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
26447 NOPASSWD may now have blanks before the ':' '(' only starts a
26448 'runas' if in the initial state to avoid collision with command args
26452 added checks for specific shadow passwd schemes
26456 added routines to check for specific shadow passwd types
26459 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
26462 added support for ncr boxen
26466 added support for detecting ncr boxen
26469 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
26472 added sinix support
26475 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
26478 added info about "config.cache from other other" error.
26482 now makes sure you don't have a config.cache file from another OS
26486 now sets $LIBS when needed to configure links with libs when doing
26487 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
26488 bigcrypt(3) if SPW_SECUREWARE
26496 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
26504 no more SPW_HPUX10 added HAVE_BIGCRYPT
26508 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
26512 SPW_SECUREWARE now uses bigcrypt
26515 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
26518 fixed 2 syntax errors
26522 root may now run ALL as ALL
26525 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
26528 fixed a typo/thinko that broke BSD's with sa_len
26531 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
26533 * check.c, configure.in:
26534 updated AFS support
26538 added entry about /usr/ucb/cc
26542 prep no longer holds gcc binaries
26554 AFS allows long passwords
26558 fixed -u user support
26562 sudo -v now groks VALIDATE_OK_NOPASS
26566 fixed no_passwd vs. runas_matched
26570 took out stuff about NFS-mounting since it is no longer an issue
26574 added --with-libraries > --with-libpath --with-incpath
26578 was setting runas_matches to -1 in wrong place
26582 removed usersec.h which is not present in new AFS versions
26586 now deals with timeout <= 0
26594 BSD/OS >= 2.0 now uses shlicc instead of just gcc
26598 fixed backwards compatibility with sudo 1.4 sudoers mode for root
26599 readable/writable filesystems
26603 now gives INSTALL -c flag
26607 slightly simpler initialization of no_passwd and runas_matches
26611 added -u username support
26615 improved --with-libraries support
26618 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
26621 added --with-incpath, --with-libpath, --with-libraries
26625 now initializes some fields that weren't getting set to -1 pretty
26626 gross -- need a rewrite.
26629 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
26636 no longer add -lPW to *_LIBS since we include alloca.c
26640 added HAVE_ALLOCA_H
26655 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
26658 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
26659 not always set to a valid uid.
26663 fixed entry for SUDO_MODE
26667 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
26668 being set to -2. Now beat NFS to the punch and set uid to "nobody"
26669 ourselves, preserving group 0 to read sudoers.
26673 moved set_perms(PERM_ROOT) to be before yyparse()
26681 no longer need AC_PROG_INSTALL
26685 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
26689 make clean -> make distclean
26692 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
26695 removed some unnecsary if's
26698 * Makefile.in, version.h:
26702 * parse.c, testsudoers.c:
26703 now includes netgroup.h
26707 removed cats of ioctl to int since they didn't shut up -Wall
26711 explicately cast ioctl() to int since it it not always declared
26715 added declarations for yyparse() and yylex()
26719 fixed an occurence of '==' -> '='
26722 * config.h.in, configure.in:
26723 added check for netgroup.h
26727 fixed 2 compiler warnings
26731 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
26735 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
26741 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
26744 fixed a formatting thingie
26747 * parse.c, parse.yacc:
26748 fixed -u support with multiple user lists on a line
26752 unixware needs -lgen
26756 updated ftp location
26760 add net_addr/netmask support
26764 added net_addr/mask example
26767 * parse.c, parse.lex:
26768 added support for net_addr/netmask
26771 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
26777 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
26787 * BUGS, TODO, TROUBLESHOOTING:
26792 updated with examples of new stuff
26800 updated wrt -u and NOPASSWD
26804 updated wrt -u and CAVEATS
26807 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
26814 now use :foo: character classes (makes no diff for generated lexer)
26817 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
26820 fixed LONG_SKEY_PROMPT stuff
26823 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
26830 make more like NetBSD one -- now compiles w/o warnings
26834 fixed decls of lsearch()
26837 * config.h.in, configure.in, getspwuid.c:
26842 hpux 10 uses bigcrypt() if C2
26845 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
26848 now always uses fnmatch to match args
26852 back to using stdio instead of raw i/o since that caused some
26856 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
26859 now give usage warning if use -l,-v,-k with args
26862 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
26865 NewArgc is now set to 1 for -l, -v, -k
26869 now sets sudoers to correct group if mode is 0400
26873 updated to version used by inn and bind
26877 now uses -lgnumalloc if it exists
26881 "make install" now sets uid/gid and mode on sudoers if it exists
26885 rmeoved debugging statements
26889 added a missing free()
26893 now uses user_gid instead of getegid (which was wrong anyway) to set
26894 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
26895 (logging.c depends on args being in the environment)
26899 now uses SUDO_COMMAND envariable to get command args rather than
26900 building it up again.
26908 fixed off by one error in allocation NewArgv
26912 in sudoers, 'command ""' now means command with no args
26916 added check for fnmatch(3) and fnmatch.h
26924 replaced wildcat.* with fnmatch.*
26931 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
26934 now uses fnmatch() instead of wildmat a trailing star (*) by itself
26935 now matches multiple args added support for wildcards in the
26936 pathname in sudoers
26939 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
26942 now includes compat.h and config.h
26946 added HAVE_FNMATCH_H
26950 now checks for alloca() (if needed by bison or dce) and links with
26951 -lPW if it contains alloca() and libv and compiler do not.
26954 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
26958 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
26961 now fixes mode on sudoers if set to 0400 to aid in upgrade
26964 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
26967 fixed pod2man usage
26970 * Makefile.in, configure.in, version.h:
26974 * testsudoers.c, visudo.c:
26975 runas_user is now initialized to "root"
26979 removed PERM_FULL_ROOT
26983 runas_user defaults to "root" so no more need to PERM_RUNAS
26987 will now only running commands as root if there was no runas list
26988 (or if root is in the runas list)
26996 runas_matches is now set to false if we get a negative match
27000 make #uid work + some minor cleanup
27004 added support for NOPASSWD and "runas" from garp@opustel.com /
27008 added support for "runas" from garp@opustel.com replaced
27009 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
27014 added support for "runas" from garp@opustel.com
27018 added support for NO_PASSWD and runas from garp@opustel.com replaced
27019 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
27024 added support for NO_PASSWD and runas from garp@opustel.com replaced
27025 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
27030 added support for NO_PASSWD and runas from garp@opustel.com
27033 * parse.c, parse.lex:
27034 added support for NO_PASSWD and runas from garp@opustel.com
27038 added support for SUDOERS_WRONG_MODE and "runas"
27042 added --with-CC only link with -lshadow on linux (with shadow pw) if
27043 libc lacks getspnam()
27046 * OPTIONS, options.h:
27047 removed NO_PASSWD since it is not possible to do this in the sudoers
27048 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
27049 SUDOERS_GID. Added SUDOERS_MODE.
27053 now uses SUDOERS_UID and SUDOERS_GID
27056 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
27062 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
27065 added double quote support
27069 documented double quoting
27072 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
27079 fixed some indentation
27087 added install-dirs .
27090 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
27093 new version from "Jeff A. Earickson" <jaearick@colby.edu>
27096 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
27099 $CSOPS -> $with_csops (whoops, missed one)
27107 FQHOST now has same constraints as non-FQHOST
27111 added note about OS's w/ shadow passwords turned on by default
27114 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
27121 added support for --without-THING sanitized shadow pw situtation by
27127 fixed a typo wrt placement of an end paren
27131 was closing an fd that may not have been opened
27134 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
27136 * OPTIONS, options.h, sudo.c:
27140 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
27143 now always use shadow pw on some arches
27146 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
27149 added pyramid support
27153 no longer check for C2 if alternate passwd method is used no longer
27154 check for some libs twice
27158 moved fqdn stuff into parse.lex (FQHOST)
27166 now define TCSASOFT in necesary
27170 now uses read/write instead of stdio string goop to avoid problems
27174 * OPTIONS, find_path.c, options.h:
27175 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
27178 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
27181 added note about no shadow auto-detect if using alternate auth
27186 don't check for C2 if AFS or DCE (unless they said --with-C2)
27193 * OPTIONS, find_path.c, options.h:
27197 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
27200 checkdot now works correctly
27203 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
27206 can't have DCE and C2 passwords both...
27209 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
27211 * parse.yacc, sudo.c, sudo.h, visudo.c:
27212 now uses shost even if not FQDN
27216 now looks for skey in /usr/lib and doesn't require libskey to be in
27217 /usr/local/lib just because skey.h is (for my netbsd box :-)
27220 * aclocal.m4, config.h.in, pathnames.h.in:
27221 _SUDO_PATH_ -> _CONFIG_PATH_
27224 * aclocal.m4, sudo.pod:
27225 /var/run/.odus -> /var/run/sudo
27229 now uses _SUDO_PATH_TIMEDIR
27236 * aclocal.m4, configure.in:
27241 added _SUDO_PATH_TIMEDIR
27245 updated wrt /var/run/sudo
27249 added support for shost if FQDN
27252 * parse.yacc, visudo.c:
27253 now uses shost if FQDN
27257 Now use skeylookup() instead off skeychallenge()
27260 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
27263 mail_argv should not contain ALERTMAIL as it includes "-t"
27266 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
27268 * INSTALL, Makefile.in, README, configure.in, version.h:
27273 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
27277 now includes limits.h moved _PASSWD_LEN -> compat.h
27280 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
27298 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
27305 done for 1.4.1 (I hope)
27309 added info on wildcards
27313 added wildcard example
27317 now uses *.pod to build *.man and *.cat & *.html
27321 addedSUDO_PROG_BSHELL !ll
27325 fixed up some formatting
27329 redid section describing sample sudoers stuff
27333 fixed some formatting
27337 now treats "" as bourne shell
27341 TESTOBJS nwo includes wildmat.o
27345 now works with NewArg[cv]
27349 removed an XXX (fixed it in getspwuid.c)
27353 added check for bourne shell
27361 added _SUDO_PATH_BSHELL
27364 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
27367 unixware vi returns 256 instead of 0
27375 fixed up some XXX's. file log format now looks a little more like
27376 real syslog(3) format.
27379 * README, TROUBLESHOOTING:
27380 updated wrt lex/flex
27384 commented out rule to build lex.yy.c from parse.lex since we ship
27385 with a pre-flex'd parser
27388 * parse.c, parse.yacc, visudo.c:
27389 path_matches -> command_matches
27393 eliminated some strcat()'s
27397 no longer checks for lex/flex (now assumes flex)
27401 now checks for $kerb_dir_candidate/krb.h instead of just
27405 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
27408 now use a 'hook' expression instead of an iffy one :-)
27411 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
27414 now works with new sudo arg stuff
27418 fixed dereferencing deadbeef
27422 changed an occurrence of Argv to NewArgv
27426 took out support for quoted commands since there is no need...
27430 fixed a typo in a for() loop
27434 protected against dereferencing rogue pointers
27438 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
27439 also allows us to eliminate some kludges in parse_args() and
27440 eliminate superfluous code.
27444 no longer uses cmnd_args, now uses NewArgv instead.
27448 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
27453 added wildmat.c to SRCS & SUDOBJS
27457 COMMAND is now a struct containing the path and args
27461 replaced append() with fill_cmnd() and fill_args. command args from
27462 a sudoers entry are now stored in an arrary for easy matching.
27466 command line args from sudoers file are now in an array like ones
27467 passed in from the command line
27470 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
27473 wildwat stuff now works
27476 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
27483 ++version added wildmat.*
27486 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
27489 added support for quoted commands (w/ or w/o args)
27492 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
27494 * sudo.pod, visudo.pod:
27495 cleaned up formatting
27498 * sudo.pod, visudo.pod:
27502 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
27505 looks reasonable, could be mroe readable
27512 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
27519 updated NO_ROOT_SUDO entry
27522 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
27525 *** empty log message ***
27526 [5b63de579ff7] [SUDO_1_4_0]
27537 AIX aixcrypt.exp now uses $(srcdir)
27541 added entry for anal ansi compilers
27544 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
27547 added info on libcrypt_i for SCO
27551 *** empty log message ***
27566 * INSTALL, OPTIONS, README, config.h.in, configure.in:
27571 ++version and fixed ISC
27574 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
27575 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
27576 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
27577 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
27583 added STUB_LOAD_INTERFACES ++version
27586 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
27592 added info about fd_set in tgetpass added info on interfaces.c
27595 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
27606 tgetpass.o is now only linked in with sudo (not visudo)
27609 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
27611 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
27617 added copyright notice
27620 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
27621 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
27622 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
27623 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
27624 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
27629 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
27633 ISC now gets -lcrypt now check for sys/bsdtypes.h
27637 added check for sys/bsdtypes.h
27640 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
27643 removed debugging stuff (setting freed ptr to NULL)
27655 added section on syslog
27659 added AC_ISC_POSIX for better ISC support
27667 added define for _POSIX_SOURCE
27670 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
27673 fixed check for lsearch()
27676 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
27679 fixed for AIX now deal if num_interfaces == 0 (should not happen)
27682 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
27685 now only define HAVE_LSEARCH if there is a corresponding search.h
27692 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
27695 now define HAVE_LSEARCH if we find lsearch() in libcompat
27699 char * -> const char *
27703 now looks in -lcompat for lsearch()
27707 remove sudo.core visudo.core for clan target
27711 added UID_MAX support in check for MAX_UID_T_LEN
27715 fixed another occurence of sudo_getpwuid.*
27718 * Makefile.in, getspwuid.c:
27719 sudo_getpwuid.c -> getspwuid.c
27726 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
27727 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
27728 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
27729 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
27730 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
27731 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
27732 version.h, visudo.c:
27737 added group support
27745 documented group support
27748 * parse.c, parse.lex, parse.yacc, visudo.c:
27749 added group support
27752 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
27755 tkfile was too short and overflowed the kerberos realm
27758 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
27761 now copy command args directly from Argv
27765 replaced code to copy cmnd_args so that is does not use realloc
27766 since most realloc()'s really stink
27769 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
27772 syslog() fixed in hpux 10.01
27775 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
27778 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
27782 better error if cannot find skey incs or libs
27786 now use a temp file for determining max len of uid_t in string form.
27787 the old hacky way broke on netbsd
27791 added set of parens and a space
27794 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
27797 fixes from Jeff Earickson <jaearick@colby.edu> ,
27805 fixed up testsudoers target
27809 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
27810 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
27814 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
27818 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
27821 fix for C2 on hpux 10 now uses -linet if it exists
27825 LONG_SKEY_PROMPT is less of a klusge /
27829 fixed typos w/ dce stuff
27836 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
27839 amended section on combining authentication mechanisms
27843 minor updates for 1.3.6
27847 added 2 more entries
27859 rewrote for sudo 1.3.6
27866 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
27868 * find_path.c, getspwuid.c, sudo.c:
27869 added explict casts for strdup since many includes don't prototype
27874 removed prototype for sudo_getpwuid() since convex C compiler choked
27879 added prototype for sudo_getpwuid()
27883 now compiles on strict ANSI compilers
27887 added LONG_SKEY_PROMPT support
27891 added extra $'s for make to eat up, yum.
27894 * OPTIONS, options.h:
27895 added LONG_SKEY_PROMPT
27898 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
27901 s/key support now works with normal s/key as well as logdaemon
27904 * OPTIONS, options.h:
27909 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
27913 added DCE note added more AIX notes
27917 now include pthread.h for DCE support
27921 dce_pwent() is ok after all .,
27925 now uses SYSLOG() macro that equates to either syslog() or
27930 minor formatting changes. renamed check() to somthing less generic
27933 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
27935 now uses user_pw_ent and simple macros to get at the contents
27938 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
27941 simpler dec unix C2 support
27945 now sets crypt_type for DEC unix C2
27948 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
27951 added csops paths for skey
27955 now includes string.h for strdup() prototype
27963 now includes skey.h
27971 moved a lot of the shadow passwd crap to sudo_getpwuid()
27975 now uses sudo_pw_ent
27979 now uses sudo_pw_ent
27983 now sets sudo_pw_ent
27991 moved dce stuff into compat.h
27994 * logging.c, sudo.h:
27995 now uses sudo_pw_ent
27999 added sudo_getpwuid.c
28007 now uses sudo_pw_ent
28010 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
28013 fixed exempt_group stuff for OS's that don't put base gid in group
28018 S/Key support now works with sunos4 shadow passwords
28025 * config.h.in, configure.in:
28034 first stab at dce support
28038 now smells like sudo
28046 skey'd sudo now works w/ normal password as well
28049 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
28051 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
28052 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
28053 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
28054 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
28055 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
28056 version.h, visudo.c:
28057 updated version number
28061 updated to reflect version change
28065 --with options now line up ++version
28069 removed unecesary S/Key stuff
28073 fixed S/Key support
28077 -I stuff now goes in CPPFLAGS
28089 fixed description of EXEMPTGROUP
28093 more people use _RLD_ than just alphas...
28097 replaced $man_prefix with $mandir
28105 now use more GNU'ish dir names
28109 now set *dir correctly (can override from command line)
28113 now deal with situations where we getwd() fails
28116 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
28119 added etc_dir, bin_dir, sbin_dir
28127 now ship a flex-generated lex.yy.c
28131 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
28135 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
28139 no more error for redefining SUDOERS_OWNER
28143 expanded SUDOERS_OWNER section
28146 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
28149 now warn if chown(2) failed
28153 better default warning for NO_SUDOERS_FILE
28157 added missing set_perms() no more cryptic message if the sudoers
28158 file is zero length, now just give a parse error
28162 better diagnostics if NO_SUDOERS_FILE
28166 check_sudoers() now catches sudoers files that are not readable (but
28170 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
28173 now add -D__STDC__ for convex cc (not gcc)
28177 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
28181 now uses exec_prefix & prefix from configure
28184 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
28185 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
28187 options.h is now <> instead of "" so shadow build trees can have a
28188 custom copy of options.h
28192 user_is_exempt() is no longer a hack, it now uses getgrnam()
28196 EXEMPTGROUP is now "sudo"
28200 MAN_POSTINSTALL now contains a leading space
28204 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
28205 testsudoers in clean:
28209 includes pwd.h to get _PASSWD_LEN definition
28212 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
28215 unset the KRB_CONF envariable if using kerberos so we don't get
28216 spoofed into using a bogus server
28219 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
28222 now explicately initialize match[] tp be FALSE
28225 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
28228 removed unused variable now passes -Wall
28232 yyerror and dumpaliases are now void's now passes -Wall
28236 added prototype for yyerror
28239 * check.c, logging.c, parse.c:
28244 rmeoved unused cruft now passes -Wall
28248 fixed headers that moved to emul dir
28252 fixed deref of nil pointer if no args
28255 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
28258 added a caveat to FQDN section
28261 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
28264 more $srcdir support for install targets
28267 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
28268 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
28269 don't include malloc.h if we include stdlib.h
28273 local search.h now lives in emul
28276 * check.c, utime.c:
28277 local utime.h now lives in emul dir
28281 local search.h now lives in emul
28285 added support for building in other than the sourcedir
28288 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
28291 annotated CSOPS_INSULTS option
28295 updated shadow passwords blurb
28299 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
28300 passes along foo as the arguments
28303 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
28306 collapsed pathname and dir sections into one -- its now less
28311 fixed spacing quoting [,:\\=] now works correctly append() and
28312 fill() now take args to make the above work
28316 fixed a typo that caused commands with no tty on fd 0 but a tty on
28317 fd 1 to erroneously have "none" as their tty
28320 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
28323 timestampfile is now a global static removed decl of timestampfile
28324 in remove_timestamp since we can just use the global one
28328 created touch() to update timestamps added USE_TTY_TICKETS support
28333 added _S_IFDIR and S_ISDIR
28336 * OPTIONS, options.h:
28337 added USE_TTY_TICKETS
28341 removed const from casts for lsearch() & lfind() to placate irix 4.x
28345 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
28348 now only strip '/dev/' off of a tty if it starts with '/dev/'
28356 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
28361 fixed incorrect #ifdef termio uses "unsigned short" not int for
28365 * parse.lex, parse.yacc:
28366 fixed a spelling error
28373 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
28380 added dotcat() to cat 2 strings w/ a dot effeciently now that we
28381 dynamically allocate strings they need to be free()'d
28385 dynamically allocates space for strings
28389 no more MAXCOMMANDLENGTH
28396 * logging.c, sudo.c:
28397 moved tty stuff into sudo.c
28400 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
28403 fixed a logic bug. Was denying a command if user gave command line
28404 args but there were none in the sudoers file which is wrong.
28408 MAXCOMMMANDLEN dropped down to 1K
28412 return foo; -> return(foo);
28416 fixed netgr_matches() prototype
28420 added support for escaping "termination" characters
28424 buf is now of size MAXPATHLEN+1 since it never holds command args
28432 fixed negation problem (doh!)
28436 fixed 2nd parameter to lfind()
28440 now do bounds checking in fill() and append()
28444 include netdb.h as we should added a missing void cast added
28445 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
28446 realloc actually moved the string instead of shrinking it
28450 updated with examples of new features
28454 now set errno to EACCES if not a regular file or not executable
28458 if given a fully-qualified or relative path we now check it with
28459 sudo_goodpath() and error out with the appropriate error message if
28460 the file does not exist or is not executable
28463 * emul/search.h, lsearch.c:
28464 now use correct args for lfind
28472 added in CSOps insults
28484 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
28488 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
28492 fixed -k load_interfaces() now gets called if FQDN is set
28493 -p now works with -s
28497 don't try to stat() "pseudo commands" like "validate"
28501 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
28505 added SecurID support added other insults to --with-csops
28513 added clobber target added ins_csops.h now gets CFLAGS from
28518 relaxed SUDO_FULL_VOID
28522 function comment blocks are now in same style as rest of code
28526 added support for command line args in /etc/sudoers
28530 updated to have command args in the sudoers file
28534 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
28537 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
28540 PATH renamed to COMMAND
28544 it is now a parse error for directories to have args attached to
28549 now say command args if telling user to buzz off
28553 -s no longer indicates end of args sped up loading on cmnd_args in
28558 removed an unreachable statement
28562 made more efficient by pulling out the terminators when in GOTCMND
28563 state and making them their own rule
28566 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
28569 removed MAXLOGLEN since it is no longer used
28573 now allows command args
28577 now groks command arguments
28581 now sets tty correctly when piped input
28585 fixed loading of cmnd_args (was including command name too)
28589 fixed a core dump due to incorrect if construct
28592 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
28595 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
28599 fixed check for ISC
28603 now sets cmnd_args used by log_error() and that will be used by the
28604 parse to check against command args
28612 now dynamically allocate logline since we can guess at its size
28615 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
28618 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
28619 "register" since the compiler knows more than I do now do a
28620 "basename" of the tty
28623 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
28630 added shell extern changed MODE_* to be bit masks to allow for
28631 several options together
28635 added -s (shell) option made MODE_* masks so we can do bitwise & and
28636 | to see if multiple flags are set.
28640 added securid support
28643 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
28646 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
28649 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
28651 * Makefile.in, version.h:
28655 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
28658 fixed free() of an uninitialized pointer (yuck)
28662 added netgr_matches
28666 cleaned up netgr_matches
28669 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
28675 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
28678 now installs sudoers.man -- really should clean this up though.
28682 added sudoers.cat and sudoers.man
28686 pulled out stuff on the sudoers file format into a separate man page
28694 fixed up my email address
28698 added checks for innetgr and getdomainname
28702 added dummy netgr_matches function
28706 added netgr_matches
28709 * parse.lex, parse.yacc:
28710 added NETGROUP support
28714 added HAVE_INNETGR & HAVE_GETDOMAINNAME
28717 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
28720 rewrote clean_env() that has rm_env() builtin
28723 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
28726 now cast uid to long in sprintf
28730 added _INSULTS suffix to HAL & GOONS end
28734 added _INSULTS suffix to HAL & GOONS
28737 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
28738 converted to new scheme of insult "unions" end
28742 now uses MAX_UID_T_LEN
28746 added SUDO_UID_T_LEN !l
28750 added MAX_UID_T_LEN
28754 now use MAX_UID_T_LEN
28758 added check for max len of uid_t fixed sco vs. isc check
28761 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
28772 hack to check for sco
28776 removed #include <net/route.h> since it was hosing some OS's
28779 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
28782 fixed prreadlink() prototype
28786 added parens in #if's
28794 moved SPW_* to config.h.in
28798 added a set of parens
28806 added SPW_* reordered error codes
28810 moved SPW_* to sudo.h
28813 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
28816 SPW_AUTH -> SPW_SECUREWARE
28820 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
28828 SPW_AUTH -> SPW_SECUREWARE
28832 now uses SHADOW_TYPE to make shadow pw support more readable and
28833 modular. It's a start...
28837 added autodetection of shadow passwords
28841 now uses SHADOW_TYPE define
28845 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
28849 added SUDO_CHECK_SHADOW
28852 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
28855 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
28856 memmove() since we dno longer use it...
28864 added BROKEN_SYSLOG support
28868 added BROKEN_SYSLOG
28872 now only bitch it timestamp > time_now + 2 * timeout to allow for a
28873 machine udpating its time from a server
28877 added 2 security notes updated Nieusma's email addr
28881 changed a memmove() to memcpy() since we don't have to worry about
28882 overlapping segments.
28885 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
28888 cleanup up the loop when interfaces are groped in so that it is
28892 * Makefile.in, version.h:
28896 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
28902 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
28905 fixed permissions check on /tmp/.odus
28908 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
28911 fixed some comments
28915 now checks owner & mode of timedir also checks for bogus dates on
28920 updated TIMEOUT info
28923 * logging.c, sudo.h:
28924 added BAD_STAMPDIR and BAD_STAMPFILE
28928 added definition of S_IRWXU
28935 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
28938 added #ifdef to make it compile on strange arches
28941 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
28944 fixed check for fulkl void impl.
28948 added mssing "static"
28952 replaced #elif with #else #if constructs for ancient C compilers
28956 updated irix c2 & kerb5 info
28960 added shadow pw support for irix
28963 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
28970 last changes for sudo 1.3.3
28974 now calls SUDO_SOCK_SA_LEN
28982 added SUDO_SOCK_SA_LEN
28986 now works with ip implementations that use sa_len in sockaddr
28990 added note about buggy AIX compiler
28994 now include sys/time.h for AIX
28997 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
29004 now works for ISC and others. yay.
29007 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
29009 * Makefile.in, version.h:
29013 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
29016 fixed test for full void impl
29020 now check to see that st_dev is non-zero before assuming that we are
29024 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
29026 * aclocal.m4, configure.in:
29027 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
29030 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
29033 fixed include file order for SUDO_FUNC_UTIME_POSIX
29037 added cast for ttyname()
29045 now deal correctly with all known variation of utime() -- yippe
29049 added SUDO_FUNC_UTIME_POSIX
29053 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
29057 added HAVE_UTIME_POSIX
29065 no longer assume !HAVE_UTIME_NULL means old BSD utime()
29069 fixed fascist C compiler warning
29073 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
29074 to 0 (just to be anal)
29077 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
29080 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
29088 reworked the ISC code
29091 * Makefile.in, version.h:
29096 now expect old-style utime(3) if utime() can't take NULL as an arg
29100 added check for utime.h
29108 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
29112 now search for kerb libs and includes
29116 added support for utime(2)'s that can't take a NULL parameter
29120 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
29124 added utime(s) stuff
29132 added HAVE_UTIME and HAVE_UTIME_NULL
29135 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
29138 now use HAVE_UTIME_NULL
29141 * emul/utime.h, utime.c:
29146 need to setuid(0) to make kerb4 stuff work.
29150 no more special case for kerberos
29154 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
29159 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
29164 now use private ticket file for kerberos support to avoid trouncing
29168 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
29171 added SPOOF_ATTEMPT & cmnd_st
29175 added anti-spoofing support
29179 now use global cmnd_st
29183 added SPOOF_ATTEMPT suypport
29186 * testsudoers.c, visudo.c:
29187 added void casts where appropriate
29191 fixed up spacing and added void casts where appropriate
29195 fixed problem with "-p prompt" but no args
29198 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
29201 added BUGS and annotated -l description
29205 validate() now takes a flag
29209 validate() now takes a flag added -l
29213 added support for -l
29217 validate() now takes a flag that says whether or not to check the
29221 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
29224 now deals with Argv == 1
29232 added prompt support reworked parse_args()
29244 now use BUFSIZ as length of kerb password added kpass so pass is
29245 always a char * now use prompt global when asking for a password
29249 now use BUFSIZ as _PASSWD_LEN if using kerberos
29256 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
29259 only look for -lufc or -lcrypt if crypt() not in libc
29263 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
29264 (unknown user) silently fail
29272 HAVE_KERBEROS -> HAVE_KERB4
29276 removed debugging printf
29280 KERBEROS -> KERB4 added checks for setreuid & setresuid
29284 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
29288 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
29289 with setresuid if applic
29293 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
29294 no setreuid() or a broken one
29297 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
29300 added kerberos support
29304 added HAVE_KERBEROS
29308 added KERBEROS support (long passwords)
29312 added kerberos support
29315 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
29318 added MODE_BACKGROUND
29322 escaped dashes added -b option
29330 added crypt() for osf/1 3.x enhanced secuiry
29334 now check for -lcrypt
29338 added ENXIO like EADDRNOTAVAIL
29341 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
29344 now emulate getwd(), not getcwd()
29348 getcwd() -> getwd()
29355 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
29357 * ins_2001.h, ins_classic.h, ins_goons.h:
29362 broke out insults into separate include files
29365 * OPTIONS, options.h:
29370 added ins_2001.h ins_classic.h ins_goons.h
29373 * Makefile.in, version.h:
29378 moved signal handler setup to setup_signals()
29382 added load_interfaces()
29386 moved load_interfaces to interfaces.c
29393 * OPTIONS, options.h:
29398 now uses clearaliases variable
29406 added interfaces.[co]
29410 now uses ip addrs and netmasks via load_interfaces()
29414 now remove IFS instead of setting to "sane" value
29417 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
29423 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
29426 sudo_goodpath.c-> goodpath.c
29430 added Andy's new ISC changes
29433 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
29436 added a sentence to SECURE_PATH info
29451 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
29457 * Makefile.in, version.h:
29462 sendmail is now looked for in
\17/usr/ucblib
29478 added unixware case
29482 user_is_exempt is no longer hidden
29490 isc and riscos changes
29494 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
29498 fixed a typo and added testsudoers stuff
29505 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
29508 applied fixed patch from Chris
29511 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
29518 added a set of braces for bison
29522 merged in Chris' changes to dekludge the parser.
29526 send_mail() was calling find_path() which is wrong since find_path()
29527 stores cmnd in a static var. Anyhow, it doesn't make much sense
29528 since MAILER should always be fully qualified
29531 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
29534 added User_Alias stuff
29538 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
29542 added DEC UNIX 3.0 w/ gcc
29546 Exit was being used in places where exit should be used
29550 added "User alias specification"
29554 fixed probs caused by making nslots and naliases a size_t
29558 added KSR, upped rev to 1.3.1b2
29561 * logging.c, parse.yacc:
29566 void * -> VOID * naliases and nslots are now size_t to appease
29567 lsearch on 64-bit machines
29570 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
29573 did a bunch of things and added a bunch :-)
29581 closer to BSD manpage style
29585 closer to standard BSD man format
29588 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
29589 pathnames.h.in, sudo.h, version.h:
29594 removed crufty #defines that are no longer used
29602 updated based on sudo changes
29606 now allow ALL keyword in User_Aliases now allow ALL keyword as well
29615 now sets SUDO_COMMAND and SUDO_GID envariables.
29619 fixed bug with full void impl check
29623 fixed User_Alias supoprt
29627 added stubs for User_Alias support
29631 now sets removes # bogus interfaces from num_interfaces
29635 added User_Alias support
29638 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
29641 removed extraneous TODO
29644 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
29647 ntwk_matches -> addr_matches
29651 ntwk_matches -> addr_matches
29655 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
29656 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
29661 took out debugging info
29665 OS was being set to unknown before non-uname based host checks.
29666 This caused no checks to happen since $OS was not zero-length.
29670 fixed loading of interfaces struct still has debugging info in
29678 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
29689 removed extraneous extern decl of "top
29697 removed parser_cleanup (no need for it now)
29701 now calls reset_aliases() directly
29704 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
29707 added a sentence to SECURE_PATH description
29711 fixed my stupid bug where I used NAMLEN on something I wanted to
29712 just get the name from. argh.
29715 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
29718 fixed argument order of memmove() that i hosed when converting from
29723 finally fixed DISTFILES line
29731 added missing files to DISTFILES
29735 SUPPORTED -> RUNSON
29738 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
29745 updated for pl5b1 release
29753 fixed bug where if you hit return at first sudo prompt it would
29754 still log as a failure
29762 better test for bogus void * implementation
29766 added PASSWORDS_NOT_CORRECT
29770 added PASSWORDS_NOT_CORRECT stuff]
29774 added PASSWORDS_NOT_CORRECT
29782 removed some unused vars and fixed up uid2str
29789 * getcwd.c, getwd.c:
29793 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
29796 fixed a typo I introduced in the last checkin :-(
29800 can't have #ifdef's where N is defined so just do this the broken
29805 better hack from Chris (but still a hack)
29809 stupid hack for broken aix lex
29813 now includes compat.h
\ 6
29817 now includes fcntl.h
29821 added FD_SET and FD_ZERO for 4.2BSD
29825 dirty hack to fix parser bug. i don't really like this but it works
29830 uid2str is now static like the prototype says
29833 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
29835 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
29844 check_sudoers now returns an error code and sudo calls inform_user
29845 and log_error based on the return value.
29848 * logging.c, sudo.h:
29849 added entries for new errors
29853 now set uid to that of SUDOERS_OWNER while parsing sudoers file
29857 took out testsudoers
\ 6
29861 now explicately checks that it is setuid root
29865 If a user has no passwd entry sudo would segv (writing to a garbage
29866 pointer). Now allocate space before writing :-)
29870 reordered AC_CHECK_FUNCS
29877 * tgetpass.c, visudo.c:
29882 bzero -> memset when a parse error is logged the line number of the
29883 error is now logged too
29887 added Sunos to blurb about c2 security
29891 added a SUN4 define for C2 security
29895 bcopy -> memmove bzero -> memset
29899 bcopy -> memmove char * -> VOID *
29903 added support for sunos with C2 security
29906 * OPTIONS, options.h:
29911 _PATH_SUDO_LOGFILE now set based on configure
29915 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
29919 added _SUDO_PATH_LOGFILE
29923 added SUDO_LOGFILE to find where to put sudo.log added
29924 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
29925 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
29928 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
29935 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
29936 to work around a problem is trusted hpux shadow passwords. yuck.
29940 backed out a change in malloc/realloc
29944 now include stdlib.h
29948 now do an freopen() of the stmp file so that yyin will always point
29949 to the same thing. This is important for flex since we are doing a
29954 replaced yywrap() with parser_cleanup() since yywrap() needs to be
29955 in parse.lex to be able to use YY_NEW_FILE. sigh.
29959 now have a rule that matches anything that doesn't match an
29960 explicite rule. well, you know what i mean (. matches anything not
29961 yet matched). However, this means that there is input still queued
29962 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
29963 into parse.lex and it calls parser_cleanup() which is most of the
29971 * getcwd.c, getwd.c:
29972 moved compat.h to be the last include file
29976 fixed type of aliascmp() args
29984 added casts to lfind and lsearch args for irix
29988 bsdinstall -> install-sh
29992 added info about make realclean
29996 updated VERSION added dependencies for visudo.cat
30008 now there is a real visudo.man and visudo.cat
30012 took out visudo stuff
30019 * parse.c, parse.lex, parse.yacc:
30028 updated Nieusma & Hieb email addresses
30032 updated to include options.h and OPTIONS
30040 eliminated bug #1 (yay)
30044 sunos no longer gets linked statically
30047 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
30050 prototype now uses __P()
30054 make fill() non-ansi
30058 made -v (validate) work
30066 don't check for execute/statable if fq or relative path given
30074 now include ctype.h for islower and tolower macros
30078 moved _S_IFMT & _S_ISREG to compat.h
30082 moved a set of parens
30086 now include compat.h
30094 now cast malloc & realloc return vals added search for HAVE_LSEARCH
30095 now use strcmp if no strcasecmp available
30103 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
30104 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
30108 added _S_IFMT, _S_IFREG, and S_ISREG
30112 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
30113 to most SUDO_* macros
30121 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
30122 AC_INSTALL_PROG instead of custom one added check for fully woorking
30123 void implementation
30127 added lsearch & search.h visudo links into $(LIBOBJS)
30131 partial 1.x to 2.x changes added SUDO_FULL_VOID
30135 whatnow_help was prototyped to be static be was not declared as
30140 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
30141 for dirent/dir/ndir.h
30145 now use groovy gnu autoconf macro AC_HEADER_DIRENT
30148 * getcwd.c, getwd.c:
30149 MAXPATHLEN -> MAXPATHLEN+1
30152 * emul/search.h, lsearch.c:
30156 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
30159 eliminated bison warnings
30167 now iincludes signal.h
30171 only clear data structures on a parse error
30175 whatnow() now gives help on invalid input
30179 added a whatnow() function (sort of like mh)
30183 kill_aliases -> reset_aliases yywrap() now cleans up by calling
30184 reset_aliases() and clearing top took reset stuff out of yyerror()
30185 since it doesn't beling there (and doesn't work anyway). errorlineno
30186 is now initially set to -1 so we can set it to the first error that
30187 occurrs (it was getting set to the last)
30195 rewrote from scratch based on 4.3BSD vipw.c
30198 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
30205 no more sudo_realpath() and find_path() changed params
30209 find_path() changed since no more realpath()
30213 on error, errorlineno is set to the line where the error occurred
30214 added kill_aliases() to free the aliases struct now clean up in
30215 yyerror() so we can reparse cleanly
30218 * options.h, parse.c:
30219 no more USE_REALPATH
30223 changed to use new find_path()
30227 removed all the realpath() stuff
30231 sudo_realpath.c -> sudo_goodpath.c
30235 now works correctly with utk parser
30243 eliminated a compiler warning
30247 elinated compiler warning
30251 added sudo_goodpath()
30255 added prototype for sudo_goodpath
30259 added support for /sys/dir.h
30263 USE_REALPATH turned off
30267 added calls to sudo_goodpath()
30271 added check for dirent.h
30275 added HAVE_DIRENT_H
30279 added in linux shadow pass stuff
\ 6
30282 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
30285 added back host, user, cmnd, parse_error
30289 added in utk changes plus some minor cosmetic changes
30292 * sudo.c, sudo_realpath.c:
30293 added void casts for printf's
30297 added a define of USE_REALPATH
30301 there is no more visudoers/Makefile
30305 added in utk changes (visudo is now built from the toplevel)
30309 added (void) casts to printf's
30312 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
30313 merged in utk changes
30316 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
30319 now check to see that what we are trying to run is a file (or a link
30320 to a file, we do a stat(2) so there is no diff)
30323 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
30330 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
30334 added myself as maintainer
30337 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
30340 changed setegid -> setgid
30343 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
30346 fixed the test for irix 5.x to skip bad libs
30350 now initialize OS and OSREV
30353 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
30360 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
30364 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
30367 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
30368 thing wrt yyrestart (grrrr)
30371 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
30374 added visudoers/compat.h to DISTFILES
30382 added ocmnd declaration adjusted for find_path()'s new parameters
30386 added ocmnd extern adjusted find_path() prototype
30390 cmndcmp() now takes 3 arguments and checks against the qualified as
30391 well as the unqualified pathname. more code that should use
30392 cmndcmp() but did not, now does
30400 changed to use new find_path() parameter passing
30404 find_path() now takes 2 copyout parameters (one for the qualified
30405 pathname and one for the unqualified pathname). The third parameter
30410 no longer munge pathnames.h
30414 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
30415 as a result, pathnames.h does not need to be run through configure
30416 and the user can override the configured values easily.
30420 added _SUDO_PATH_* entries
30424 _PATH* -> _SUDO_PATH_*
30428 updated DISTFILES and HDRS .o's now depend on config.h
30431 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
30434 removed extraneous #endif
30442 added SUDO_PROG_MV added riscos and isc os types took out
30443 -DSHORT_MESSAGE from --with-csops since it is now the default
30447 move the include of id.h to compat.h now includes options.h
30451 moved compatibility #defines to compat.h
30459 move __P to compat.h
30462 * getcwd.c, getwd.c, putenv.c:
30463 now includes compat.h
30470 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
30473 pull user-configurable stuff out and put in options.h
30476 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
30478 * parse.lex, parse.yacc, visudo.c:
30479 now includes options.h
30482 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
30484 now includes options.h
30488 added visudoers/options.h
30491 * OPTIONS, options.h:
30496 added OPTIONS and options.h
30500 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
30504 changed PASSWORD_TIMEOUT to minutes
30507 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
30510 now only do Editor +line_num if line_num != 0
30513 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
30516 now use mv if rename(2) fails
30527 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
30530 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
30533 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
30536 added mips & isc support
30540 added support for non-root owned sudoers file
30544 added exempt group support
30548 added set_perms() support added SUDOERS_OWNER so can have non-root
30549 own sudoers file added exempt group support added isc support
30553 now copy sudoers to temp file via read/write (not stdio) now chown
30554 new sudoers file to SUDOERS_OWNER
30557 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
30568 fixed typo added set_perms support added skey support added
30569 seteuid()/setegid() emulation for AIX
30573 be_* -> setperms() now check to make sure sudoers file is owned by
30574 root nread/write by only root
30577 * logging.c, parse.c:
30582 be_* -> set_perms() added skey support
30585 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
30595 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
30605 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
30611 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
30626 now bail if ARgv[1] > MAXPATHLEN
30630 added function check for tcgetattr(3)
30634 only define HAVE_TERMIOS_H if you have tcgetattr(3)
30638 added check for tcgetattr
30641 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
30647 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
30650 now only include unistd.h for linux
30653 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
30656 added visudo.8 generation
30660 added -Wl,-bI:./aixcrypt.exp to aix flags
30663 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
30674 added mailing list info
30678 now use sudolineno instead of yylineno fixed bison warnings
30682 now use -no_library_replacement for osf don't make a static binary
30687 added string.h/strings.h inclusion
30695 added inclusion of string.h/strings.h
30699 fixed uname | sed (needed to quote the '[')
30703 replaced yylineno with sudolineno fixed bison syntax errors
30707 changed yylineno to sudolineno since yylineno cannot be counted
30716 added code to support command listings
30720 added code for -l flag
30724 fixed typo added info for -l flag
30728 AC_SSIZE_T -> SUDO_SSIZE_T
30743 * find_path.c, sudo_realpath.c:
30744 readlink() is now declared as returning ssize~_t
30748 added -laud for OSF c2
30751 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
30753 * Makefile.in, visudo.c:
30754 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
30757 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
30758 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
30761 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
30762 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
30763 sudo_setenv.c, tgetpass.c, version.h:
30764 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
30767 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
30778 added host to alertmail messages
30786 fixed logging problem where mail would not say which user it was
30790 added -laud for gcc if osf & c2
30794 moved set_auth_parameters to sudo.c
30798 added set_auth_parameters for osf
30802 cleaned up -static stuff
30814 changed setenv() to sudo_setenv()
30830 added osf auth support & removed some extra spaces
30833 * INSTALL, SUPPORTED:
30837 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
30840 added 2 suggestions
30844 removed README.v1.3.1 and added VERSION stuff
30851 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
30862 mention HISTPRY file
30866 use sizeof instead of a constant in 1 place
30885 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
30889 [7dfbb4a810bb] [SUDO_1_3_1]
30896 added unistd.h include
30899 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
30902 added sys/time.h for AIX
30905 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
30908 added check for -lsocket and sys/sockio.h
30912 took out libshadow check and added in sys/sockio.h check
30916 now include sockio.h instead of ioctl.h if it exists "sudo -" now
30917 gets a better error message
30921 now has a dir and subnet entry
30924 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
30935 added network and ip addresses to man page
30939 no error if can't get interfaces or netmask since networking may not
30944 nwo check for interfaces == NULL
30948 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
30949 the last entry in the spec failed (ie: it was only looking at the
30950 last entry). CLeaned things up by adding the cmndcmp() function--all
30958 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
30961 now do two passes to skip bogus interfaces (lo0, etc)
30964 * parse.lex, parse.yacc, visudo.c:
30965 added include of netinet/in.h
30968 * logging.c, sudo_realpath.c, sudo_setenv.c:
30969 added ninclude of netinet/in.h
30972 * check.c, find_path.c, getcwd.c, getwd.c:
30973 added include of netinet/in.h
30981 added interfaces global
30985 now uses new interfaces global
30989 now ip addresses are gleaned fw/o dns
30992 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
30995 added load_ip_addrs() to load the ip_addrs global var
30999 added hostcmp() to compare hostnames, ip addrs, and network addrs
31003 added ip_addrs def added load_ip_addrs prototype
31006 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
31013 removed multiple entries in DISTFILES
31017 ansified the !STDC_HEADERS decls
31020 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
31021 don't do malloc decl if gnuc
31025 can't use getopt(3) since it munges args to the command to be run as
31026 root don't do malloc decl if gnuc
31029 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
31030 sudo_realpath.c, sudo_setenv.c:
31031 ansi-fied !STDC_HEADER function prottypes
31034 * getcwd.c, getwd.c:
31035 added missing paren
31039 added putenv.c to DISTFILES
31043 added params to func decls when STDC_HEADERS is not defined now can
31044 count on putenv() being there
31048 took out errno decl since sudo.h does it for us fixed up a next cc
31049 warning added params to func decls when STDC_HEADERS is not defined
31053 took out environ extern added local declaratio of putenv() if local
31057 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
31058 added params to func decls when STDC_HEADERS is not defined
31062 added memcpy check check to see that ansi vs bsd macros are ntot
31063 already defiend before defining (ie: avoid redefinition)
31067 removed fluff setenv check plus check w/ replace for putenv if also
31075 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
31082 rm'd s realp[ath added sudo_realpath and sudo_setenv
31086 now use sudo_setenvc
31090 added puteenv and setenv, removed realpath
31094 added putenv & setenv
31105 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
31108 added MAN_POSTINSTALL and /usr/share/catman for irix
31112 added MAN_POSTINSTALL
31120 added SUDO_* plus new options
31128 took out shadow lib
31136 now use yyrestart() if flex now reset yylineno to 0
31140 support for installing a cat page instead of a man page if no nroff
31144 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
31145 to determine whether or not to install a cat or man page
31153 not set ret to MODE_RUN initially
31157 made command (and therefor cmnd dynamically allocated)
31169 changed bufs from MAXPATHLEN to MAXPATHLEN+1
31173 added MODE_ removed validate_only and added remove_timestamp()
31177 usage() now takes an int (exit value) added parse_args() to parse
31178 command line arguments moved call to find_path() from load_globals
31179 to new function load_cmnd() removed validate_only global -- now use
31180 the concept of "modes" added -h and -k options
31184 no longer use global validate_only now checks for command called
31185 "validate" removed check for non-fully qualified commands since that
31186 is done by find_path
31190 changed MAXPATHLEN r to MAXPATHLEN+1
31194 fixed off by one error with MAXPATHLEN and fixed a comment
31198 check_timestamp no longer runs reminder(), it is implied in the
31199 return val added remove_timestamp()
31206 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
31220 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
31223 moved send_mail to after syslog
31227 now set SUDO_ envariables
31230 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
31237 now print error if chdir fails
31244 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
31251 no more static binaries for aix
31254 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
31261 took out stuff not needed for sudo now does be_root/be_user itself
31262 now uses cwd global
31269 * logging.c, sudo.c:
31270 be_root/be_user is now down in sudo_realpath()
31273 * logging.c, sudo.h:
31274 now works with 4.2BSD syslog (blech)
31278 now use sudo_realpath()
31282 took out realpth() stuff since we now use sudo_realpath()
31286 ultrix enhanced sec
31290 added ultrix enhanced sec.
31298 ultrix enhanced security suport
31302 added sudo_realpath.c
31310 increased passwd len to 24 for c2 security
31317 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
31320 now use user global var
31327 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
31334 user is now a char * added epasswd
31338 added tzset() to load_globals added epasswd (encrypted password)
31339 global made user dynamically allocated
31351 cleaned up encrypted passwd grab somewhat
31367 can now log to both syslog & a file
31391 removed AFS stuff :-)
31395 include sys/select for AIX
31406 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
31408 * CHANGES, SUPPORTED:
31413 can now have MAILER undefined
31417 new sub-note about MAILER
31421 added blurb about password timeout
31429 took out duplicate define of _CONVEX_SOURCE
31441 added a goto if fgets fails
31445 use __hpux not hpux convex c2 stuff
31449 use __hpux not hpux
31457 define ansi-ish cpp os defines if non-ansi are defined for hpux &
31462 updated to say we support sonvex C2
31466 added convex c2 support
31469 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
31472 no more ioctl never returns NULL uses fgets() and select() to
31476 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
31479 things were testing -n "$GCC" instead of -z "$GCC"
31483 now works + uses fgets()
31486 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
31489 select doesn't seem to recognize a single '\n' as input waiting so
31490 we can;t use it, sigh.
31493 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
31496 updated tgetpass() blurb
31500 added --with-getpass
31504 added tgetpass stuff
31515 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
31522 added USE_GETPASS && HAVE_C2_SECURITY
31526 fixed a test aded --with-C2 and --with-tgetpass
31534 took out tgetpass.*
31541 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
31544 no termio(s) for ultrix since it is broken
31548 added a space (yeah, anal)
31551 * realpath.c, sudo_realpath.c:
31552 fixed it (duh, rtfm)
31555 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
31558 took out bsd signal stuff for irix
31566 don't define BSD signals for irix
31577 * realpath.c, sudo_realpath.c:
31578 took out unneeded code by changing where a strings was terminated
31581 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
31583 * realpath.c, sudo_realpath.c:
31584 fix bug where /dirname would return NULL
31588 move __P to config.h
31591 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
31592 added errno definition
31607 * realpath.c, sudo_realpath.c:
31608 now works if no fchdir
31612 define SA_RESETHAND to null if not defined
31616 added check & replace
31620 took out -static for nextstep -- it doesn't work
31623 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
31626 moved #endif to where it belongs
31634 now checks for strdup realpath getcwd bzero
31642 added posic signals
31650 added posix signals
31654 removed BROKEN_GETPASS added new srcs toreplace missing functions
31658 added posix signal stuff
31670 now uses posix signals
31674 updated sto reflect major changes
31682 uses sysconf() if available
31686 added PASSWORD_TIMEOUT + prototypes for new functions
31689 * realpath.c, sudo_realpath.c:
31690 for those w/o this in libc
31693 * getcwd.c, getwd.c:
31698 rewrote to use realpath(3) - nis now all my code
31702 added HAVE_REALPATH
31710 added LIBOBJS use tgetpass.c
31713 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
31727 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
31738 added check for getwd
31742 replace strdup & realpath & getcwd if missing
31750 added SUDO_PROG_PWD
31757 * realpath.c, sudo_realpath.c:
31761 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
31764 quoted quare brackets
31767 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
31770 no need to strdup() a constant
31785 * parse.c, sudo.c, sudo.h:
31786 added validate_only stuff
31789 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
31796 $OSREV is now an int
31799 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
31802 added mtxinu to caser
31810 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
31814 changed mail_argv[] def now use EXEC() macro
31818 took out crypt() definition
31826 always look for -lnsl
31834 SHORT_MESSAGE is now the default
31842 added missing AC_DEFINE(SVR4) for solaris
31846 documented the -v flag
31858 added LIBSHADOW undef
31862 nwo set OS to be lowercase
31865 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
31868 now use SUDO_OSTYPE to set $OS
31872 now use uname to determine os
31876 added prototypes & moved sig handler around
31883 * check.c, logging.c, sudo.c:
31892 nwo use _BSD_SIGNALS not _BSD_COMPAT
31903 * parse.lex, parse.yacc:
31904 moved config.h to top of includes
31907 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
31910 now don't bitch if get EACCESS (treat like EPERM)
31914 added -v flag and usage()
31922 cast Argv to a const for exec added -v flag
31926 mail_argv is now a const
31930 only set RETSIGTYPE if it is not set already
31934 now defines & STDC_HEADERS for Irix
31941 * insults.h, sudo.h:
31942 prevent multiple inclusion
31949 * parse.lex, parse.yacc:
31950 now includes config.h
31954 now talks about sunos 4.x
31958 calls to Exit now pass an arg
31961 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
31964 signal handler now takes an int argument
31972 ok, the getcwd() is now *really* done as the user
31976 changed AIX STATIC_FLAGS
31980 solaris now defines SVR4
31984 added cwd and fixed stupid core dump that makes no sense. sigh.
31988 moved getcwd stuff into load_globals
31992 took out externs that are in suod.h
31996 moved cwd into load_globals
32004 fixed make distclean & realclean
32012 added solaris changes
32016 added solaris changes, need to rework
32020 cleaned up for solaris
32024 reinstall reapchild signal handler for non-bsd signals
32028 took out getdtablesize() emulation for HP-UX (no longer needed)
32032 support for HAVE_SYSCONF
32036 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
32044 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
32047 now tells you what os you are running /.
32054 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
32069 uid seinitialized to -2
32072 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
32075 now removes LIBPATH for AIX
32078 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
32081 now uses ufc if it finds it
32084 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
32087 no longer define yyval & yylval since yacc does it
32091 now defines yylval as extenr
32095 BROKEN_GETPASS is now an OPTION
32099 took out BROKEN_GETPASS
32103 took out big comment
32111 took out README.beta
32119 now reference SUPPORTED .,
32123 now check for convex OR __convex__
32127 now check for convex or __convex__
32139 now use _S_* stat stuff to be ansi-like
32143 updated for configure directions
32147 distclean now removes config.h and pathnames.h
32166 * config.h.in, pathnames.h.in:
32167 added copyright header
32170 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
32171 parse.yacc, sudo.c, sudo.h:
32176 udpated to use configure + pathnames.h
32183 * Makefile.in, config.h.in, configure.in:
32188 now works with configure
32191 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
32192 updated to work with configure + pathnames.h
32199 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
32202 updated gnu general licence to versio 2
32205 * config.h.in, pathnames.h.in:
32210 changed to work with configure
32213 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
32215 * Makefile.in, aclocal.m4, configure.in:
32220 now uses defines used by configure
32223 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
32226 sudo won't bitch about EPERM now, for real
32229 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
32232 renamed exec_argv to eliminate a libc name clash with ksros
32239 * logging.c, sudo.c, sudo.h:
32256 added UMASK and mode_t declaration
32264 now opens log file with mode 077
32268 saved current umask ans restores it
32272 added MAXLOGFILELEN
32276 split long log lines. FOr syslog, split into multiple entries, for
32277 a log file, indent the extra for readability
32280 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
32287 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
32290 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
32293 added input from Brett M Hogden <hogden@rge.com>
32296 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
32299 added rmenv() to remove stuff from environ. can now uses execvp()
32300 OR execve() becuase of this.
32304 now uses execvp() OR execve()
32320 moved some func decls out of sudo.h and into sudo.c as statics /.
32331 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
32337 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
32352 added sample.sudoers note
32359 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
32366 took out SAVED_UID garbage
32367 [b7c2d3469661] [SUDO_1_3_0]
32386 more verbose error if mailer not found
32390 now do getpwent as root for soem shadow password systems (bsdi)
32393 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
32396 took out SAVED_UID garbade
32400 took out SAVED_UID garbage since it don't work
32403 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
32410 added a missing space :-)
32414 took out multimax cruft
32426 fixed a typo + indentation
32429 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
32432 took outumoved some defines to the config file ,. ,.
32444 added HAS_SAVED_UID
32451 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
32457 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
32463 * check.c, logging.c, parse.c, sudo.c, sudo.h:
32464 now is only root when abs necesary
32471 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
32486 now removed _RLD_* for alphas
32490 updated for new config scheme
32494 more verbose eror messages
32497 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
32504 define __svr4__ for SOLARIS
32508 added svr4 junk for shadow pws for solaris 2.x
32512 took out setuid(0) and setreuid(udi) garbage. Its not needed since
32513 we start out setuid with the correct perms.
32516 * check.c, sudo.c, sudo.h:
32520 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
32523 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
32528 now uses ENV_EDITOR if you want to use the EDITOR envar
32532 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
32535 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
32538 rewrote most of this
32542 minor update + spell fix
32546 added all options that are in the Makefile
32550 now use USE_TERMIO #define for sgi & hpux
32557 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
32559 * check.c, find_path.c:
32560 always include strings.h
32568 sgi has vi in /usr/bin too
32575 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
32578 sue /usr/bin/vi on some systems
32582 fixed warning (include strings.h)
32586 added John_Rouillard@dl5000.bc.edu's changes (new features)
32590 changes from John_Rouillard@dl5000.bc.edu
32597 * check.c, find_path.c, parse.c, sudo.c:
32598 added patches from John_Rouillard directory spec
32602 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
32605 added flush for hpux
32608 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
32611 no longer assume malloc returns a char *
32615 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
32616 gets removed correctly
32620 added STD_HEADERS macro
32624 now uses STD_HEADERS macor for ansi
32628 now uses STD_HEADERS macro
32632 niceties for C compiler bitches -- no real change
32635 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
32638 now doesn't fclose a file never opened.
32641 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
32648 added error stuff added me in there...
32656 added blurb about reading stuff
32664 corrected somments and removed newlines
32676 added dec syslog note
32680 added real stuff in there
32691 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
32698 updated with changes
32709 * CHANGES, COPYING, INSTALL, README, TODO:
32714 updated version number and took out jeff's old addr since it is no
32718 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
32720 updated version number and took out jeff's email (since it is
32724 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
32730 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
32733 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
32736 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
32743 now sudo.h gets included first
32746 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
32757 hpux 9 fix, removes SHLIB_PATH linux patch
32764 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
32767 stat now ignores EINVAL
32770 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
32772 * find_path.c, sudo.c:
32773 now declare strdup as extern
32776 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
32779 reformatted with indent + by hand
32782 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
32783 used indent to "fix" coding style
32787 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
32788 move the code that does this into the loop body. makes it messier
32792 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
32795 redid the fix for non-executable files in an easier to read way plus
32796 some minor aethetic changes
32800 fixed bug with non-executable tings of same name in path introduced
32801 by checkig errno after stat(2).
32804 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
32807 fixed off by one error
32811 now handles decending below '/' correctly
32815 now actually builds Envp instead of munging envp
32818 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
32821 now includes sys/param.h
32825 now includes sys/param.h
32829 fixed ifndef -> ifdef
32833 make more like find_path.c
32837 rewritten by millert
32841 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
32842 about new defines in the comment
32850 added delc for clean_envp() and Envp
32854 now rips LD_* env vars out of envp and passed sanitized Envp to exec
32862 ENOTDIR is ok now too (in case part of the path is bogus)
32866 now works correctly (ttaltotal rewrite)
32870 now includes sys/param.h didn't match trailing / -- fix from
32874 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
32877 moved around the #ifndef _AIX
32880 * check.c, logging.c, parse.c:
32884 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
32890 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
32893 now works if you do sudo bin/test
32900 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
32910 * parse.lex, parse.yacc:
32914 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
32921 now spews error if exec fails and exits with -1
32929 now only execs files with (an) executable bit set.
32936 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>