1 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
3 * Don't let the fnmatch/glob macros expand the function prototype.
6 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
8 * Resolve namespace collisions on HP-UX ia64 and possibly others by
9 adding a rpl_ prefix to our fnmatch and glob replacements and
10 #defining rpl_foo to foo in the header files.
13 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
15 * Split ALL, ROLE and TYPE into their own actions. Since you can only
16 have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
17 the non-SELinux case. This is safe because the actions are in one
18 big switch() statement.
21 * Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
24 * askpass moved from sudoers to sudo.conf in sudo 1.8.0
27 * Remove obsolete warning about runas_default and ordering. Move
28 syslog facility and priority lists into the section where the
29 relevant options are described.
32 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
34 * Fix SIA support; we no longer have access to the real argc and argv
35 so allocate space for a fake one and use the argv passed to the
36 plugin with "sudo" for argv[0].
39 * Remove useless realloc when trying to get the buffer size right.
42 * Be explicit when setting euid to 0 before call to setreuid(0, 0)
45 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
51 * configure, configure.in:
52 Need to do checks for krb5_verify_user, krb5_init_secure_context and
53 krb5_get_init_creds_opt_alloc regardless of whether or
54 notkrb5-config is present.
57 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
59 * Work around weird AIX saved uid semantics on setuid() and
60 setreuid(). On AIX, setuid() will only set the saved uid if the euid
64 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
66 * update copyright year
69 * Treat a missing includedir like an empty one and do not return an
73 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
75 * Fix ARCH setting in cross-compile Solaris packages.
78 * Fix aix version setting.
81 * Remove extraneous parens in LDAP filter when sudoers_search_filter
82 is enabled that causes a search error. From Matthew Thomas.
85 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
87 * Correct sizeof() to fix test failure.
90 * "install" target should depend on "install-dirs". Fixes "make -j"
91 problem and closes bz #487. From Chris Coleman.
94 2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
97 Added tag SUDO_1_8_1 for changeset 0ed6281995f0
100 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
101 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
102 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
103 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
104 Regen man pages for 1.8.1
105 [0ed6281995f0] [SUDO_1_8_1] <1.8>
107 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
109 * Add HAVE_RFC1938_SKEYCHALLENGE
112 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
114 * Mention plugin loading and libgcc changes
117 * Load plugins after parsing arguments and potentially printing the
118 version. That way, an error loading or initializing a plugin
119 doesn't break "sudo -h" or "sudo -V".
123 When using a sub-shell to invoke the sub-make, exec make instead of
124 running it inside the shell to avoid an extra process.
127 * Stop testing unspecified behavior in fnmatch Make glob test more
131 * No need to add current dir to include path and having it breaks the
132 test programs that expect to get the system glob.h and fnmatch.h
135 * configure, configure.in:
136 Fix and document --with-plugindir; partially from Diego Elio Petteno
139 * Fix fnmatch and glob tests to not use hard-coded flag values in the
140 input file. Link test programs with libreplace so we get our
141 replacement verions as needed.
145 If make in a subdir fails, fail the target in the upper level
146 Makefile too. Adapted from a patch from Diego Elio Petteno
149 * configure, configure.in:
150 Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
151 has this. Adapted from a patch from Diego Elio Petteno
154 * Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
158 * configure, configure.in:
159 Fix warnings when -without-skey, --without-opie, --without-kerb4,
160 --without-kerb5 or --without-SecurID were specified.
163 * Add plugins/sudoers/sudoers_version.h
166 * configure, configure.in:
167 Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
168 now include LDFLAGS in the sudoers Makefile.in. Add missing settng
169 of @LDFLAGS@ in plugin Makefile.in files.
172 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
174 * Mention %#gid support in User_List and Runas_List
177 * Keep track of sudoers grammar version and report it in the -V
181 * Add multiple inclusion guard
184 * configure, configure.in:
185 The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
186 LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
187 set it to -Wc,-static-libgcc if not using GNU ld so we don't
188 have a dependency on the shared libgcc in sudoers.so.
191 * Fix typo; from Petr Uzel
194 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
196 * In dump-only mode, use "root" as the default username instead of
197 "nobody" as the latter may not be available on all systems.
200 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
202 * Remove NewArgv/NewArgc, they are no longer needed.
205 * Fix setting of user_args
208 * Add '!' token to lex tracing
211 * Use group bin in test, not wheel as most systems have the bin group
212 but the same is no longer true of wheel.
215 * Avoid using pre or post increment in a parameter to a ctype(3)
216 function as it might be a macro that causes the increment to happen
220 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
222 * Strip off the beta or release candidate version when building AIX
226 * configure, configure.in:
227 We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
228 structure checks for glibc which only has __e_termination visible
229 when _GNU_SOURCE is *not* defined.
232 * getuserattr(user, ...) will fall back to the "default" entry
233 automatically, there's no need to check "default" manually.
236 * Document parser changes.
239 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
242 If there is an existing sudoers file, only install if it passes a
246 * Add runasgroup support to testsudoers
249 * For "make check", keep going even if a test fails.
252 * More useful exit codes:
253 * 0 - parsed OK and command matched.
255 * 2 - command not matched
259 * Document %#gid, and %:#nonunix_gid syntax.
262 * Add support to user_in_group() for treating group names that begin
266 * configure, configure.in:
267 Add explicit check for struct utmpx.ut_exit.e_termination and struct
268 utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
269 ut_exit if we detect one or the other.
272 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
274 * Add back missing #include of config.h
277 * Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
281 * Quote first argument to AC_DEFUN(); from Elan Ruusamae
284 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
286 * add new sudoers tests
289 * Add test for a newline in the middle of a string when no line
290 continuation character is used.
293 * Use bitwise AND instead of modulus to check for length being odd. A
294 newline in the middle of a string is an error unless a line
295 continuation character is used.
298 * Move lexer globals initialization into init_lexer.
301 * Fix a potential crash when a non-regular file is present in an
302 includedir. Fixes bz #452
305 * On some Linux systems, "uname -p" contains detailed processor info
306 so check "uname -m" first and then "uname -p" if needed. Recognize
310 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
312 * Don't need all sudoers.h here.
315 * Print sudo version early, in case policy plugin init fails.
318 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
320 * Update to match change in input.
323 * Make an empty group or netgroup a syntax error.
326 * An empty group or netgroup should be a syntax error.
329 * Check that uids work in per-user and per-runas Defaults Check that
330 uids and gids work in a Command_Spec
333 * Test empty string in User_Alias and Command_Spec
336 * Allow a group ID in the User_Spec.
339 * Return an error for the empty string when a word is expected. Allow
340 an ID for per-user or per-runas Defaults.
343 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
345 * Fix printing "User_Alias FOO = ALL"
348 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
350 * Better error message about invalid -C argument
356 * Fix placement of equal size ('=') in user specification summary.
359 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
361 * update to match sudoers regress
364 * Restore ability to define TRACELEXER and have trace output go to
368 * Restore old behavior of setting sawspace = TRUE for command line
369 args when a line continuation character is hit to avoid causing
370 problems for existing sudoers files.
373 * Add test for line continuation and aliases
376 * Make test output line up nicely for parse vs. toke
379 * plugins/sudoers/regress/testsudoers/test1.ok,
380 plugins/sudoers/regress/testsudoers/test2.out,
381 plugins/sudoers/regress/testsudoers/test2.sh,
382 plugins/sudoers/regress/testsudoers/test3.ok,
383 plugins/sudoers/regress/testsudoers/test3.sh,
384 plugins/sudoers/regress/visudo/test1.ok,
385 plugins/sudoers/regress/visudo/test1.sh:
386 Move parser tests to sudoers directory and test the tokenizer output
390 * If we match a rule anchored to the beginning of a line after parsing
391 a line continuation character, return an ERROR token. It would be
392 nicer to use REJECT instead but that substantially slows down the
396 * Move LEXTRACE macro to toke.h so we can use it in yyerror().
399 * Make lex tracing settable at run-time in testsudoers via the -t
400 flag. Trace output goes to stderr. Will be used by regress tests
404 * Allow whitespace after the modifier in a Defaults entry. E.g.
405 "Defaults: username set_home"
408 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
410 * Don't set CC when cross-compiling.
413 * Credit Matthew Thomas for the sudoers_search_filter changes.
416 * Add the .sym files to the MANIFEST
419 * Update for sudo 1.8.1 beta
422 * user_shell -> run_shell to avoid confusion with the user's SHELL
426 * Save the controlling tty process group before suspending in pty
427 mode. Previously, we assumed that the child pgrp == child pid
428 (which is usually, but not always, the case).
431 * Add support for sudoers_search_filter setting in ldap.conf. This
432 can be used to restrict the set of records returned by the LDAP
436 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
438 * configure, configure.in:
439 Remove the hack to disable -g in CFLAGS unless --with-devel
442 * The '@' character does not normally need to be quoted.
445 * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
446 if that whitespace is followed by a comma, we want to treat it as
447 part of a list and not transition.
450 * Add check for whitespace when a User_List is used for a per-user
454 * Expand quoted name checks to cover recent fixes.
457 * Fix parsing of double-quoted names in Defaults and Aliases which was
458 broken in 601d97ea8792.
461 * toke_util.c lives in $(srcdir) not $(devdir)
464 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
466 * configure, configure.in:
467 Update version to 1.8.1
470 * Document major changes in 1.8.1 and add upgrade notes.
473 * Be careful not to deref user_stat if it is NULL. This cannot
474 currently happen in sudo but might in other programs using the
478 * configure will not add -O2 to CFLAGS if it is already defined to add
479 -O2 to the CFLAGS we pass in when PIE is being used.
482 * Warn about the dangers of log_input and mention iolog_file and
483 iolog_dir in the log_input and log_output descriptions.
486 * sync with git version
489 * It seems that h comes after i
492 * Move log_input and log_output to their proper, sorted, location.
493 Document set_utmp and utmp_runas.
496 * Save the controlling tty process group before suspending so we can
497 restore it when we resume. Fixes job control problems on Linux
498 caused by the previous attemp to fix resuming a shell when I/O
502 * Fix printing of the remainder after a newline. Fixes "sudo -l"
503 output corruption that could occur in some cases.
506 * Add support for ut_exit
509 * Add support for controlling whether utmp is updated and which user
510 is listed in the entry.
513 * Fix typo; tupple vs. tuple
516 * For legacy utmp, strip the /dev/ prefix before trying to determine
517 slot since the ttys file does not include the /dev/ prefix.
520 * Add check for _PATH_UTMP
523 * Adapt check_iolog_path to sessid changes
526 * Redo utmp handling. If no getutent()/getutxent() is available,
527 assume a ttyslot-based utmp. If getttyent() is available, use that
528 directly instead of ttyslot() so we don't have to do the stdin dup2
532 * Move utmp handling into utmp.c
535 * Update copyright years.
538 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
540 * Add "user_shell" boolean as a way to indicate to the plugin that the
544 * Move sessid out of sudo_user.
547 * Log the TSID even if it is not a simple session ID.
550 * Document noexec in sample.sudo.conf and add back noexec_file section
551 in sudoers with a note that it is deprecated.
554 * Fix running commands as non-root on systems where setreuid() changes
555 the saved uid based on the effective uid we are changing to.
558 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
560 * Move noexec path into sudo.conf now that sudo itself handles noexec.
561 Currently can be configured in sudoers too but is now undocumented
562 and will be removed in a future release.
565 * Document "Path noexec ..." in sudo.conf. No longer document
566 noexec_file in sudoers, it will be removed in a future release.
569 * Move noexec handling to sudo front-end where it is documented as
573 * Add support for disabling exec via solaris privileges. Includes
574 preparation for moving noexec support out of sudoers and into front
578 * Only export the symbols corresponding to the plugin structs.
581 * Install plugins manually instead of using libtool. This works
582 around a problem on AIX where libtool will install a .a file
583 containing the .so file instead of the .so file itself.
587 Move check into its own rule since some versions of make will run
588 both targets as the default rule.
591 * Update to libtool 2.2.10
594 * In handle_signals(), restart the read() on EINTR to make sure we
595 keep up with the signal pipe. Don't return -1 on EAGAIN, it just
596 means we have emptied the pipe.
599 * Reorder functions to quiet a compiler warning.
602 * Use the Sun Studio C compiler on Solaris if possible
605 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
607 * Fix default setting of osversion variable.
610 * Make two login_class entris consistent.
613 * Add support for adding a utmp entry when allocating a new pty.
614 Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
615 Currently only creates a new entry if the existing tty has a utmp
619 * Avoid pulling in headers we don't need on Linux For getutx?id(),
620 call setutx?ent() first and always call endutx?ent().
623 * Add some more libs to SUDOERS_LIBS instead of relying on them to be
624 pulled in by SUDO_LIBS.
627 * Fix return value of "sudo -l command" when command is not allowed,
628 broken in [c7097ea22111]. The default return value is now TRUE and
629 a bad: label is used when permission is denied. Also fixed missing
630 permissions restoration on certain errors. On error()/errorx(), the
631 password and group files are now closed before returning.
634 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
636 * Fix passing of login class back to sudo front end.
639 * Add --osversion flag to specify OS instead of running "pp
643 * Fix expr usage w/ GNU expr
646 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
648 * Fix exit value for validate and list mode.
651 * Fix non-interactive mode with sudoers plugin.
654 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
656 * sudoreplay can now find IDs other than %{seq} and display the
660 * Add support for replaying sessions when iolog_file is set to
661 something other than %{seq}.
664 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
666 * If we are killed by a signal, display the name of the signal that
670 * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
674 * Fix bug in skey/opie check that could cause a shell warning.
677 * No longer need sudo_getepw() stubs.
680 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
682 * Fix exit value of "sudo -l command" in sudoers module.
685 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
687 * Use fgets() not fgetln() for portability.
690 * Don't use the beta or release candidate version as the rpm release.
693 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
696 Adjust ChangeLog rule now that 1.8 is branched
700 Added tag SUDO_1_8_0 for changeset f6530d56f6ae
703 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
705 * configure, configure.in:
707 [f6530d56f6ae] [SUDO_1_8_0]
710 update sudo 1.8 section
713 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
715 * plugins/sudoers/regress/testsudoers/test2.sh:
719 * plugins/sudoers/regress/testsudoers/test2.out,
720 plugins/sudoers/regress/testsudoers/test2.sh,
721 plugins/sudoers/regress/visudo/test2.out,
722 plugins/sudoers/regress/visudo/test2.sh:
723 convert test2 to use testsudoers
726 * include/sudo_plugin.h, src/sudo_plugin_int.h:
727 Move struct generic_plugin to sudo_plugin_int.h
730 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
731 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
732 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
733 plugins/sudoers/sudoers.h:
734 Allow sudoers file name, mode, uid and gid to be specified in the
735 settings list. The sudo front end does not currently set these but
739 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
741 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
742 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
743 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
744 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
749 * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
750 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
751 src/parse_args.c, src/sudo.h:
752 add help text to sudo, visudo and sudoreplay for the -h option
755 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
758 avoid using "howmany" for a parameter name since it is a select-
763 mention group_plugin when describing nonunix_group
766 * doc/sudo_plugin.pod:
767 Add missing period at end of sentence
770 * Makefile.in, doc/Makefile.in, include/Makefile.in,
771 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
772 plugins/sudoers/Makefile.in, src/Makefile.in:
773 add localstatedir; closes bug 471
776 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
777 src/exec.c, src/exec_pty.c:
778 The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
783 add missing AH_TEMPLATE for ENV_RESET
787 SVR5 systems return non-zero for success on socketpair(), check for
788 -1 instead. Closes Bug 469
791 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
793 * configure, configure.in:
797 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
798 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
799 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
800 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
805 Document that a sudo.conf file with no Pligin lines uses the default
809 * src/load_plugins.c:
810 If sudo.conf contains no Plugin lines, use the default sudoers
811 policy and I/O plugins.
814 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
816 * plugins/sudoers/sudo_nss.c:
817 Avoid printing empty "Runas and Command-specific defaults for user"
822 Truncate the buffer at buf.len before printing in the non-wordwrap
827 Remove extra newline when the tty width is very small or unavailable
830 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
832 * plugins/sudoers/alias.c:
833 Remove unneeded variable.
836 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
838 * configure, configure.in:
839 Prefer getutxid over getutid
842 * plugins/sudoers/boottime.c:
843 Include utmp.h / utmpx.h before missing.h as apparently including it
844 afterwards causes a compilation problem on GNU Hurd.
847 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
849 * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
850 #include "foo.h", not <foo.h> for local includes.
857 * compat/mksiglist.c:
861 * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
862 plugins/sudoers/match.c:
863 return foo not return(foo)
866 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
869 Remove duplicate FD_SET of signal_pipe[0]
872 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
874 * compat/mksiglist.c:
875 Use "missing.h" not <missing.h> in generated code.
878 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
880 * aclocal.m4, configure:
881 fix --with-iologdir=no
884 * aclocal.m4, configure:
885 fix typo that broke --with-iologdir
888 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
890 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
891 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
892 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
893 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
895 Bump version to 1.8.0b4
902 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
903 Attempt to clarify how users and groups interact in Runas_Specs
906 * plugins/sudoers/regress/visudo/test2.out,
907 plugins/sudoers/regress/visudo/test2.sh:
908 Add test for quoted group that contains escaped double quotes
911 * src/exec.c, src/exec_pty.c:
912 Pass SIGUSR1/SIGUSR2 through to the child.
915 * src/exec_pty.c, src/sudo_exec.h:
916 Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
917 SIGUSR2 to indicate whether the child should be continued in the
918 foreground or background.
922 Use pid_t not int and check the return value of kill()
925 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
928 Remove obsolete comment
932 In non-pty mode before continuing the child, make it the foreground
933 pgrp if possible. Fixes resuming a shell.
937 If we get a signal other than SIGCHLD in the monitor, pass it
938 directly to the child.
941 * src/exec.c, src/exec_pty.c, src/sudo.h:
942 Save signal state before changing handlers and restore before we
946 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
948 * plugins/sudoers/iolog.c:
949 Use a char array to map a number to a base36 digit.
952 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
953 Be clear about what versions of sudo support new LDAP attributes.
954 Fix up some formatting of attribute names. Minor other tweaks.
957 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
959 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
960 match quoted strings the same way whether in a Defaults line or as a
961 user/group/netgroup name. Fixes escaped double quotes in quoted
962 user/group/netgroup names.
965 * plugins/sudoers/Makefile.in:
966 'make check' depends on visudo and testsudoers
969 * plugins/sudoers/sudoers2ldif:
970 Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
973 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
976 Mention LDAP attribute compatibility status.
979 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
985 * INSTALL, NEWS, config.h.in, configure, configure.in,
986 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
987 Add --disable-env-reset configure option.
990 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
991 Document that sudoers_locale also affects logging and email.
994 * NEWS, config.h.in, configure, configure.in,
995 plugins/sudoers/logging.c:
996 Do logging and email sending in the locale specified by the
997 "sudoers_locale" setting ("C" by default). Email send by sudo
998 includes MIME headers when the sudoers locale is not "C".
1001 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
1003 * plugins/sudoers/check.c:
1007 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
1009 * NEWS, src/parse_args.c, src/sudo.c:
1010 Perform command escaping for "sudo -s" and "sudo -i" after
1011 validating sudoers so the sudoers entries don't need to have all the
1015 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
1017 * plugins/sudoers/logging.c:
1018 Prepend "list " to the command logged when "sudo -l command" is used
1019 to make it clear that the command was listed, not run.
1022 * plugins/sudoers/parse.c:
1026 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
1027 common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
1028 compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
1029 compat/nanosleep.c, compat/regress/glob/globtest.c,
1030 compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
1031 compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
1032 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
1033 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
1034 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
1035 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
1036 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
1037 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
1038 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
1039 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
1040 plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
1041 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
1042 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
1043 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1044 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
1045 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
1046 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
1047 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
1048 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
1049 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
1050 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
1051 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
1052 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
1053 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
1054 src/sudo_noexec.c, src/tgetpass.c:
1055 standardize on "return foo;" rather than "return(foo);" or "return
1059 * plugins/sudoers/sudoers.c:
1060 Do not reject sudoers file just because it is root-writable.
1063 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
1069 * plugins/sudoers/sudo_nss.c:
1070 For "sudo -U user -l" if user is not authorized on the host, say so.
1073 * plugins/sudoers/ldap.c:
1074 In sudo_ldap_lookup(), always do the initial sudoers check as the
1075 invoking user. If we are listing another user's privs we will do a
1076 separate lookup using list_pw later.
1079 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
1082 add parser fill tests
1085 * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
1086 Don't test features not supported by the bundled glob()
1089 * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
1090 compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
1091 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
1092 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
1093 doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
1094 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
1095 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
1096 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1097 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
1098 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
1099 plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
1100 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
1101 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
1102 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
1103 plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
1104 Update copyright year to 2011
1107 * plugins/sudoers/sudo_nss.c:
1108 When listing, use separate lbufs for the defaults and the privileges
1109 and only print something if the number of privileges is non-zero.
1110 Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
1113 * plugins/sudoers/ldap.c:
1114 Stash pointer to user group vector in LDAP handle and only reuse the
1115 query if it has not changed. We always allocate a new buffer when
1116 we reset the group vector so a simple pointer check is sufficient.
1119 * plugins/sudoers/sudo_nss.c:
1120 Check initgroups() return value.
1123 * plugins/sudoers/Makefile.in,
1124 plugins/sudoers/regress/parser/check_fill.c:
1125 Add tests for the fill functions in toke_util.c
1128 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
1130 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
1138 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
1141 Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
1144 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
1147 Add Requires line for audit-libs >= 1.4 for RHEL5+
1151 sync with git version
1154 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
1156 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
1160 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
1163 Update for sudo 1.7.4p5
1166 * doc/schema.OpenLDAP, doc/schema.iPlanet:
1167 Add sudoNotBefore and sudoNotAfter attributes as optional attributes
1168 to the sudoRole object class. From Andreas Mueller
1171 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
1174 Mention "sudo -g group" password check fix.
1177 * plugins/sudoers/sudoers.c:
1178 Fix "sudo -g" support in the sudoers module.
1181 * plugins/sudoers/check.c:
1182 If the user is running sudo as himself but as a different group we
1183 need to prompt for a password.
1186 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
1188 * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
1189 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
1190 plugins/sudoers/ldap.c:
1191 Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
1192 LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
1193 derived LDAP SDKs but we can pass the timeout parameter to
1194 ldap_search_ext_s() or ldap_search_st() when possible.
1197 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
1201 * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
1202 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
1203 with OpenLDAP ldap.conf files.
1206 * plugins/sudoers/pwutil.c:
1207 If user has no supplementary groups, fall back on checking the group
1211 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
1213 * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
1217 * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
1218 plugins/sudoers/toke.l:
1219 Move fill macro to toke.h
1222 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
1223 plugins/sudoers/toke.h, plugins/sudoers/toke.l,
1224 plugins/sudoers/toke_util.c:
1225 Split tokenizer utility functions out into toke_util.c
1228 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1229 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
1233 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
1239 * plugins/sudoers/Makefile.in:
1240 Add visudo tests to check target
1243 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
1244 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
1245 compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
1246 Add my regress tests for fnmatch() and glob() from OpenBSD.
1249 * plugins/sudoers/regress/testsudoers/test1.sh,
1250 plugins/sudoers/regress/visudo/test1.ok,
1251 plugins/sudoers/regress/visudo/test1.sh:
1252 Add regress test for command tags using visudo -c
1255 * plugins/sudoers/Makefile.in,
1256 plugins/sudoers/regress/testsudoers/test1.ok,
1257 plugins/sudoers/regress/testsudoers/test1.sh:
1258 Add support for regress tests using testsudoers
1261 * plugins/sudoers/testsudoers.c:
1262 Need to set user_name explicitly due to internal changes made when
1263 converting sudoers to a plugin.
1266 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
1268 * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
1269 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
1270 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
1271 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
1272 plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
1274 Add regression tests for iolog_path()
1277 * Makefile.in, common/Makefile.in, compat/Makefile.in,
1278 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
1279 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
1280 src/Makefile.in, zlib/Makefile.in:
1281 Add support for "make Makefile" to regenerate Makefile from
1285 * plugins/sudoers/iolog_path.c:
1286 Quiest a bogus compiler warning.
1289 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
1291 * plugins/sudoers/iolog_path.c:
1292 Protect call to setlocale() with HAVE_SETLOCALE
1295 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
1298 mkstemps.c was renamed mktemp.c
1302 Update from 1.7 branch
1306 Use "mv -f" when regenerating ChangeLog
1309 * plugins/sudoers/match.c:
1310 Fix NULL dereference with "sudo -g group" when the sudoers rule has
1311 no runas user or group listed. Fixes RedHat bug Bug 667103.
1314 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
1316 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
1317 Correct the default sudo.conf example
1320 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
1322 * plugins/sudoers/iolog_path.c:
1323 Reset slashp if we allocate a new buffer for strftime()
1326 * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
1327 plugins/sudoers/sudoers.h:
1328 Add extra out parameter to expand_iolog_path() to allow the caller
1329 to split the path into dir and file components if needed.
1332 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
1334 * plugins/sudoers/iolog.c:
1335 mkdir_iopath() returns size_t now that it uses strlcpy() and not
1339 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
1340 Trim leading slashes from iolog_file and trailing slashes from
1344 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
1345 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
1346 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
1347 Pass a single I/O log file name in command_details instead of
1348 separate dir + file parameters.
1351 * plugins/sudoers/sudoreplay.c:
1352 change an error() to errorx()
1355 * plugins/sudoers/iolog.c:
1356 Add missing cwd line to I/O log info file that got dropped when
1357 iolog_deserialize_info() was added
1360 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
1362 * plugins/sudoers/iolog.c:
1363 Avoid relying on globals filled in by the sudoers policy module for
1364 the sudoers I/O log module. The I/O log open function now pulls the
1365 bits it needs out of user_info and command_info.
1368 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
1369 plugins/sudoers/sudoers.h:
1370 If no iolog file is specified by the policy plugin, use io_nextid()
1371 to determine the next file in the sequence.
1374 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
1376 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
1377 Document iolog_compress in command_info
1380 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
1381 Add support for the iolog_compress variable in command_info.
1384 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
1385 Add sigsetjmp() calls to all plugin entry points just to be safe.
1388 * src/sudo.c, src/sudo.h:
1389 Don't need iolog variables in struct command_details, they are for
1390 the I/O log plugins to handle.
1393 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
1395 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
1396 Document use of mkdtemp() for iolog path teplates
1399 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
1400 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
1401 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
1402 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
1406 * doc/sudo_plugin.pod, doc/sudoers.pod:
1407 Document iolog_file and supported escape sequences for sudoers.
1408 Clarify that iolog_file can contain directories.
1411 * compat/Makefile.in, configure, configure.in:
1412 Fix building of mkstemps/mkdtemp replacements.
1415 * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
1416 configure.in, include/missing.h:
1417 Provide mkdtemp() for systems without it.
1420 * plugins/sudoers/iolog_path.c:
1424 * plugins/sudoers/iolog.c:
1425 Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
1426 glibc mkdtemp() returns EINVAL.
1429 * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
1430 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
1431 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
1432 plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
1433 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
1434 Allow sudoers to specify the iolog file in addition to the iolog
1435 dir. Add escape sequence support to iolog file and dir: sequence
1436 number, user, group, runas_user, runas_group, hostname and
1437 command in addition to any escape sequence recognized by
1441 * plugins/sudoers/iolog.c:
1442 Add missing sigsetjmp() call in I/O plugin open function. Fixes a
1443 crash when the I/O plugin calls error(), errorx() or log_error().
1446 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
1448 * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
1449 plugins/sudoers/sudoers.c:
1450 Give the policy module fine-grained control over what the I/O plugin
1455 Clear OPOST from c_oflag like we used to. Fixes screen-based
1460 Clarify umask option description. From Reuben Thomas.
1463 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
1465 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
1466 Pick last match in LDAP sudoers too
1469 * doc/sudo_plugin.pod:
1470 Document iolog_file, iolog_dir and use_pty
1473 * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
1474 plugins/sudoers/sudoers.c:
1475 Adapt plugins to version I/O logging ABI 1.1
1478 * src/exec.c, src/sudo.h:
1479 Add use_pty command_info flag for policies to indicate that a pty
1480 should be allocated even if no I/O logging is performed.
1484 Add remaining plugin convenience functions
1487 * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
1488 src/sudo_plugin_int.h:
1489 Change I/O log API to pass in command info to the I/O log open
1490 function. Add iolog_file and iolog_dir parameters to command info.
1491 This allows the policy plugin to specify the I/O log pathname. Add
1492 convenience functions for calling plugin functions that handle ABI
1493 backwards compatibility.
1500 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
1502 * configure, configure.in:
1503 Bump version to 1.8.0b3
1506 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
1509 Remove extraneous newline
1512 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
1514 * doc/sudoers.pod, plugins/sudoers/def_data.c,
1515 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
1516 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
1517 Make I/O log dir configurable.
1520 * aclocal.m4, configure, configure.in, doc/sudoers.pod:
1521 Rename io_logdir to iolog_dir
1524 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
1527 Add missing '*' that prevented the generic ELF case from matching.
1531 If file(1) can't identify the ELF binary type, try readelf(1).
1534 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
1536 * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
1537 plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
1538 plugins/sudoers/sudoers.c, src/sudo.c:
1539 Use %u to print uid/gid, not %lu and adjust casts to match.
1542 * doc/sudoers.ldap.pod:
1543 Clarify ordering of entries and attributes.
1546 * doc/sudoers.ldap.pod:
1547 Fix typo and editing goof.
1550 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
1551 doc/sudoers.ldap.pod:
1552 Merge in ordered LDAP entry support from Andreas Mueller.
1555 * plugins/sudoers/ldap.c:
1556 Make sure we don't dereference a NULL handle.
1559 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
1562 Add support for RHEL 6 file modes that include a trailing dot on
1563 files with an SELinux security context
1566 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
1569 exec_setup() does not need to setuid(0), the Ubuntu issue was in the
1573 * plugins/sudoers/sudoers.c:
1574 create_admin_success_flag() should use restore_perms() rather than
1575 set_perms() to restore the uid.
1579 In exec_setup() call setuid(0) to make certain the subsequent uid
1580 and gid changes will succeed. Fixes a problem on Ubuntu.
1584 Error out if we cannot change to root's uid so we catch the failure
1588 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
1591 fix typo; from Michael T Hunter
1594 * plugins/sudoers/match.c:
1595 In sudoedit mode, assume command line arguments are paths and pass
1596 FNM_PATHNAME to fnmatch().
1599 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
1601 * configure, configure.in:
1602 Add workaround for an error in sys/types.h on HP-UX 11.23 when large
1603 file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
1604 broken bits of the header file.
1608 Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
1612 For Tru64, strip off beta version.
1615 * MANIFEST, plugins/sudoers/testsudoers.c,
1616 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
1617 Avoid conflicts with system definitions in grp.h and pwd.h
1621 Include stdio.h after zlib.h, not before. We need the large file
1622 defines to come first.
1625 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
1627 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
1632 Don't clean ChangeLog
1635 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
1636 Add prototype for cleanup()
1639 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
1641 * plugins/sudoers/group_plugin.c:
1642 Avoid deferencing group_plugin if it is NULL in
1643 group_plugin_query(). This should not happen.
1646 * plugins/sudoers/group_plugin.c:
1647 group plugin init function return TRUE when successful
1650 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
1652 * plugins/sudoers/ldap.c:
1653 Enlarge the array of entry wrappers int blocks of 100 entries to
1654 save on allocation time. From Andreas Mueller
1657 * plugins/sudoers/ldap.c:
1658 Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
1659 that was mistakenly dropped.
1662 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
1664 * doc/TROUBLESHOOTING:
1665 Mention that sudo needs "ar" to build.
1668 * configure, configure.in:
1669 Fail with a more useful error if "ar" is not found.
1672 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
1674 * plugins/sudoers/ldap.c:
1675 Merge in ordered LDAP entry support from Andreas Mueller and add
1676 local changes from the 1.7 branch.
1679 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
1681 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
1682 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
1683 Add timed entry support from Andreas Mueller.
1686 * plugins/sudoers/group_plugin.c:
1687 Don't try to unload if group_plugin is NULL. Don't call dlclose() if
1688 group_handle is NULL
1691 * plugins/sudoers/sudoers.h:
1692 It is now plugin_cleanup(), not cleanup()
1695 * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
1696 Call plugin_cleanup(), not cleanup()
1699 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
1701 * plugins/sudoers/ldap.c:
1702 Use efree() not free() and remove malloc.h include since we never
1703 directly call malloc() or free().
1706 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
1709 set PSTAMP for Solaris and move the backend-specific bits to their
1710 own %if [xxx] %endif blocks in %set.
1717 * configure, configure.in:
1718 Only substitute file zlib files when using the builtin zlib
1721 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
1722 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
1723 src/Makefile.in, zlib/Makefile.in:
1724 Give up on using VPATH to find sources as it is implemented
1725 inconsistenly in different versions of make.
1728 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
1729 plugins/sudoers/gram.c, plugins/sudoers/toke.c:
1730 Include config.h before any other includes to make sure we get the
1731 right value for _FILE_OFFSET_BITS.
1743 g/c unused $(GENERATED)
1746 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
1748 * plugins/sudoers/group_plugin.c:
1749 Zero out group_plugin on unload just to be safe.
1752 * plugins/sudoers/group_plugin.c:
1753 Unload group plugin if its init function fails.
1757 Only chdir to cwd if it is different from the current cwd or there
1758 is a new root (chroot).
1761 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
1762 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
1763 doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
1764 Bump version to 1.8.0b2
1767 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
1770 Better --enable-zlib description
1774 Use system zlib on Linux Let configure decide on Solaris For all
1775 others, use builtin zlib
1779 Add large file support.
1783 Add large file support.
1786 * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
1787 zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
1788 zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
1789 zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
1790 zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
1791 zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
1792 zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
1793 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
1794 Add local copy of zlib for systems that lack it.
1797 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
1800 If perform_io() fails, kill the child before exiting so it doesn't
1801 complain about connection reset. We can get an I/O error if, for
1802 example, and we get EIO reading from stdin.
1805 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
1807 * plugins/sudoers/sudoers.c, src/sudo.c:
1808 Fix complilation on systems with set_auth_parameters() Sprinkle
1809 volatile to quiet warnings from gcc 2.8.0
1812 * compat/dlfcn.h, compat/dlopen.c:
1813 Avoid potential namespace issues with dlopen() emulation.
1820 * plugins/sudoers/interfaces.c:
1821 Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
1826 Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
1829 * configure, configure.in:
1830 HP-UX 10.20 libc has an incompatible getline
1833 * plugins/sudoers/visudo.c:
1834 Quiet an HP-UX compiler warning.
1837 * configure, configure.in:
1838 Check for vi even with --with-editor specified; the sample plugin
1842 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
1845 Fix remaining syntax errors.
1849 sudo binary depends on the libtool-generated libs
1852 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
1853 Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
1854 include the local or system dlfcn.h
1858 Don't use run_as_superuser=false on HP-UX
1862 Use memset() instead of zero_bytes() since we don't include
1866 * plugins/sudoers/interfaces.c:
1867 Fix pasto; AF_INET not AF_INET6
1871 Actually call shl_load()
1875 Update from git repo. Debian: version numbers now compliant with
1876 policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
1880 * configure, configure.in:
1881 Fix dlopen() detection for systems where dlopen() is in a separate
1885 * plugins/sudoers/auth/pam.c:
1886 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
1887 useful message and return AUTH_FATAL so sudo does not keep trying to
1892 sudo_preload_table is an array
1896 Quiet a compiler warning and fix sudo_preload_table external
1901 Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
1904 * plugins/sudoers/group_plugin.c:
1905 Make this compile correctly when no dlopen is available.
1908 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
1910 * plugins/sudoers/check.c:
1911 Having a timestamp file defined is no longer indicative of tty
1912 tickets being enabled. Check def_tty_tickets directly.
1915 * src/exec_pty.c, src/sudo.h, src/ttysize.c:
1916 Fix TCGETWINSZ compat.
1919 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
1921 * src/exec_pty.c, src/ttysize.c:
1922 Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
1925 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
1927 * plugins/sudoers/sudoers.c, src/sudo.c:
1928 Move set_project() from sudoers module into sudo proper.
1931 * configure, configure.in:
1932 Fix typo and regenerate
1935 * plugins/sudoers/ldap.c:
1936 When iterating over returned LDAP entries, keep looking at remaining
1937 matches even if we have a positive match. This catches negative
1938 matches that may exist in other entries and more closely match the
1939 sudoers file behavior.
1943 Add support for multiple package instances on Solaris.
1947 Add missing signal_pipe[0] to fdsr for the non-pty case.
1951 Add --with-project for Solaris
1955 Need ar and ranlib too
1958 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
1960 * plugins/sudoers/env.c:
1961 Preserve ODMDIR environment variable by default on AIX.
1964 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
1966 * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
1967 config.h.in, configure, configure.in, plugins/sample/Makefile.in,
1968 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
1969 plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
1970 plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
1972 Add dlopen() emulation for systems without it. For HP-UX 10, emulate
1973 using shl_load(). For others, link sudoers plugin statically and use
1974 a lookup table to emulate dlsym().
1977 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
1979 * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
1980 compat/nanosleep.c, compat/utimes.c:
1981 When including compat headers, use the compat dir as part of the
1982 path so we are sure to get the correct header.
1985 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
1987 * plugins/sudoers/linux_audit.c:
1988 Ignore ECONNREFUSED from audit_log_user_command() which will occur
1989 if auditd is not running.
1992 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
1995 Sync with git version
1998 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
2000 * common/fileops.c, plugins/sudoers/defaults.c:
2001 Cast isblank argument to unsigned char.
2004 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
2006 * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
2007 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
2008 Implement --with-umask-override configure flag.
2011 * plugins/sudoers/env.c:
2012 Take MODE_LOGIN_SHELL into account when initially setting reset_home
2013 instead of special-casing it later.
2016 * plugins/sudoers/sudoers.c:
2017 In login mode, make a copy of the runas user's pw_shell for
2018 NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
2022 * plugins/sudoers/env.c:
2023 Reset HOME for "sudo -i" even if HOME was listed in env_keep.
2027 Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
2031 Reset signal mask at sudo startup time; we need to be able to rely
2032 on normal signal delivery to control the child process.
2035 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
2038 Use sed instead of expr to split a flag from its argument. Fixes a
2039 problem with expr interpreting its arguments as a flag when they
2044 Do not need sys/time.h after all
2048 Include sys/time.h for utimes() and struct timeval. No longer need
2049 ioctl.h or termios.h
2052 * compat/snprintf.c:
2053 Quiet bogus compiler warnings.
2056 * include/missing.h:
2057 Declare innetgr() for HP-UX which is missing a declaration. Declare
2058 domainname() for HP-UX and Solaris which are missing a declaration.
2061 * plugins/sudoers/bsm_audit.c:
2062 Use __sun for consistency with the rest of the sources.
2065 * plugins/sudoers/group_plugin.c:
2066 Quiet a bogus compiler warning.
2069 * plugins/sudoers/pwutil.c:
2070 Don't try to delref a NULL group.
2073 * common/alloc.c, common/lbuf.c:
2074 Include memory.h on systems that need it.
2077 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
2080 Quiet gcc warnings on glibc systems that use warn_unused_result for
2084 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2085 sudo_plugin is in section 8; from Ted Percival
2088 * plugins/sudoers/Makefile.in:
2089 testsudoers depends on libsudoers.la, not sudoreplay
2092 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
2095 Read as many signals on the signal pipe as we can before returning.
2098 * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
2099 Instead of using a array to store received signals, open a pipe and
2100 have the signal handler write the signal number to one end and
2101 select() on the other end. This makes it possible to handle signals
2102 similar to I/O without race conditions.
2105 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
2107 * doc/visudo.pod, plugins/sudoers/visudo.c:
2108 Make "visudo -c -f -" check the standard input.
2112 set_home and always_set_home have an effect if HOME is present in
2116 * plugins/sudoers/env.c:
2117 Make -H flag work when HOME is listed in env_keep. Also makes
2118 "set_home" and "always_set_home" override override HOME in env_keep.
2121 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
2123 * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
2124 plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
2125 plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
2126 plugins/sudoers/visudo.c, src/net_ifs.c:
2127 Convert sudoers plugin to use interface list passed in settings.
2130 * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
2131 src/parse_args.c, src/sudo.h:
2132 Query local network interfaces in the main sudo driver and pass to
2133 the plugin as "network_addrs" in the settings list.
2136 * plugins/sudoers/bsm_audit.c:
2137 Solaris BSM audit return EINVAL when auditing is not enabled,
2138 whereas OpenBSM returns ENOSYS.
2141 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
2144 missing.h should come before most local includes
2147 * plugins/sudoers/sudoreplay.c:
2148 missing.h should come before most local includes
2151 * plugins/sudoers/sudoers.h:
2152 Make local includes consistent; use double quotes for local includes
2153 except for generated ones where we use angle brackets.
2156 * plugins/sudoers/sudoers.c:
2157 Always fill in NewArgv for audit code.
2160 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2161 Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
2164 * common/alloc.c, common/atobool.c, common/fileops.c,
2165 common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
2166 common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
2167 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
2168 compat/getprogname.c, compat/glob.c, compat/isblank.c,
2169 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
2170 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
2171 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
2172 compat/unsetenv.c, compat/utimes.c, include/compat.h,
2173 plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
2174 plugins/sample_group/plugin_test.c,
2175 plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
2176 plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
2177 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
2178 plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
2179 plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
2180 plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
2181 src/sudo_noexec.c, src/ttysize.c:
2182 Make local includes consistent; use double quotes for local includes
2183 except for generated ones where we use angle brackets. Also g/c
2187 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
2189 * plugins/sudoers/match.c:
2190 When matching the runas user and runas group (-u and -g command line
2191 options), keep track of runas group and runas user matches
2192 separately. Only return a positive match if we have a match for
2193 both runas user and runas group (if specified).
2196 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
2198 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2199 Add support for multiple URI lines by joining the contents and
2200 passing the result to ldap_initialize.
2203 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
2204 Do not return -1 on error from the display functions; the caller
2205 expects a return value >= 0.
2208 * plugins/sudoers/sudoers.c:
2209 Do not set both MODE_EDIT and MODE_RUN
2212 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
2214 * include/missing.h:
2215 Move includes to the top of the file.
2218 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
2220 * plugins/sudoers/Makefile.in:
2221 Add missing definition of timedir
2224 * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
2225 compat/mksiglist.c, compat/strsignal.c,
2226 plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
2227 Add #include of sys/types.h for .c files that include missing.h to
2228 be sure that size_t and ssize_t are defined.
2231 * plugins/sudoers/Makefile.in:
2232 Install sudoers file from the build dir not hte src dir.
2235 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
2237 * plugins/sudoers/set_perms.c:
2238 If runas_pw changes, reset the stashed runas aux group vector.
2239 Otherwise, if runas_default is set in a per-command Defaults
2240 statement, the command runs with root's aux group vector (i.e. the
2241 one that was used when locating the command).
2244 * plugins/sudoers/Makefile.in:
2245 Add target to generate sudoers file Remove generated sudoers file as
2249 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
2252 When not logging I/O install a handler for SIGCONT and deliver it to
2253 the command upon resume. Fixes bugzilla #431
2256 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
2258 * plugins/sudoers/sudoers.h:
2259 g/c unused auth_pw extern definition
2262 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
2263 Move get_auth() into check.c where it is actually used.
2266 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
2269 Convert a remaining puts() and putchar() to use the output function.
2272 * plugins/sudoers/plugin_error.c:
2276 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
2278 * plugins/sudoers/env.c:
2279 Set dupcheck to TRUE when setting new HOME value if !env_reset but
2280 always_set_home is true. Prevents a duplicate HOME in the
2281 environment (old value plus the new one) introduced in f421f8827340.
2284 * configure, configure.in, plugins/sudoers/sudoers,
2285 plugins/sudoers/sudoers.in:
2286 Substitute sysconfdir in the installed sudoers file to get the
2287 correct path for sudoers.d.
2290 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
2293 Fix typo that prevented compilation on Irix; Friedrich Haubensak
2296 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
2298 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
2299 common/atobool.c, common/fileops.c, common/fmt_string.c,
2300 common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
2301 compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
2302 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
2303 compat/getprogname.c, compat/glob.c, compat/isblank.c,
2304 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
2305 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
2306 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
2307 compat/unsetenv.c, compat/utimes.c, include/compat.h,
2308 include/missing.h, plugins/sample/sample_plugin.c,
2309 plugins/sample_group/getgrent.c,
2310 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
2311 plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
2312 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
2313 plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
2314 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
2315 plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
2316 src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
2317 Merge compat.h and missing.h into missing.h
2320 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
2322 * plugins/sudoers/auth/pam.c:
2323 If the user hits ^C while a password is being read, error out before
2324 reading any further passwords in the pam conversation function.
2325 Otherwise, if multiple PAM auth methods are required, the user will
2326 have to hit ^C for each one.
2329 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
2331 * plugins/sudoers/check.c:
2335 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
2336 Document sudo_conv_t function and sudo_printf_t return values.
2339 * src/conversation.c:
2340 Make _sudo_printf return the number of characters printed on success
2344 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
2346 * plugins/sudoers/sudoers.c:
2347 sudoers.h includes sudo_plugin.h for us
2350 * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
2351 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
2353 Use gettimeofday() directly instead of via the gettime() wrapper.
2356 * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
2357 compat/strerror.c, config.h.in, configure, configure.in,
2358 include/compat.h, include/missing.h, plugins/sudoers/logging.c,
2359 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
2360 Remove some obsolete configure tests, ancient Unix systems are no
2364 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
2367 Set pp_kit_version and strip off patch level
2371 Better handling of versions with a patchlevel. For rpm and deb, use
2372 the patchlevel+1 as the release. For AIX, use the patchlevel as the
2373 4th version number. For the rest, just leave the patchlevel in the
2377 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
2379 * plugins/sudoers/auth/sudo_auth.c:
2380 For non-standalone auth methods, stop reading the password if the
2381 user enters ^C at the prompt.
2384 * configure, configure.in, plugins/sudoers/Makefile.in,
2385 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
2386 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
2387 plugins/sudoers/pwutil.c:
2388 No need to look up shadow password unless we are doing password-
2389 style authentication. This moves the shadow password lookup to the
2390 auth functions that need it.
2393 * plugins/sudoers/sudoers.c:
2394 Retain final passwd/group refs until the policy close() function.
2395 Note that this doesn't get called in all cases so putting this in a
2396 cleanup function is probably better.
2399 * plugins/sudoers/check.c:
2403 * plugins/sudoers/check.c:
2404 When removing/resetting the timestamp file ignore the tty ticket
2408 * plugins/sudoers/sudoers.c:
2409 delref sudo_user.pw, runas_pw and runas_gr immediately before we
2413 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
2415 * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
2416 plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
2417 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2418 Reference count cached passwd and group structs. The cache holds
2419 one reference itself and another is added by sudo_getgr{gid,nam} and
2420 sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
2421 group structs are persistent for now.
2428 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
2430 * plugins/sudoers/check.c:
2431 Do not produce a warning for "sudo -k" if the ticket file does not
2435 * plugins/sudoers/pwutil.c:
2436 Instead of caching struct passwd and struct group in the red-black
2437 tree, store a struct cache_item which includes both the key and
2438 datum. This allows us to user the actual name that was looked up as
2439 the key instead of the contents of struct passwd or struct group.
2440 This matters because the name in the database may not match what we
2441 looked up, due either to case folding or truncation (historically at
2442 8 characters). Also mark the disabled calls to sudo_freepwcache()
2443 and sudo_freegrcache() as broken since we use cached data for things
2444 like set_perms() and the logging functions. Fixing this would
2445 require making a copy of the structs for user and runas or adding a
2446 reference count (better).
2449 * plugins/sudoers/Makefile.in:
2450 Fix path to mkinstalldirs
2453 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
2454 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
2455 src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
2456 Quiet gcc warnings on glibc systems that use warn_unused_result for
2457 write(2) and others.
2460 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
2462 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2466 * aclocal.m4, configure, configure.in:
2467 Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
2468 back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
2472 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
2474 * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
2475 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
2476 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
2479 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
2482 Update to latest version
2485 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
2488 Let pp determine pp_aix_version itself.
2491 * INSTALL, config.h.in, configure, configure.in, mkpkg,
2492 plugins/sudoers/sudoers.c:
2493 Add support for Ubuntu admin flag file and enable it when building
2497 * plugins/sudoers/sudoers, sudo.pp:
2498 Add commented out SuSE-like targetpw settings
2501 * configure, configure.in:
2502 Only try to use +DAportable for non-GCC on hppa
2505 * configure, configure.in:
2506 Prevent configure from adding the -g flag unless in devel mode
2509 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
2512 Go back to sudo-flavor to match existing packages and only use an
2513 underscore for those that need it.
2517 Use sudo_$flavor instead of sudo-$flavor since that causes the least
2518 amount of trouble for the various package managers.
2522 Fix handling of the ldap flavor Remove destdir unless --debug was
2523 specified Make distclean before running configure if there is a
2528 Add back include file.
2532 Pass extra args on to configure on HP-UX, if we don't have the HP C
2533 compiler, disable zlib to prevent gcc from finding it in
2538 Use the HP ANSI C compiler on HP-UX if possible
2541 * plugins/sudoers/sudoreplay.c:
2542 Some getline() implementations (FreeBSD 8.0) do not ignore the
2543 length pointer when the line pointer is NULL as they should.
2546 * plugins/sudoers/sudoreplay.c:
2547 Don't need to check for *cp being non-zero, isdigit() will do that.
2550 * plugins/sudoers/sudoreplay.c:
2551 Add setlocale() so the command line arguments that use floating
2552 point work in different locales. Since sudo now logs the timing
2553 data in the C locale we must Parse the seconds in the timing file
2554 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
2555 the number of seconds with the user's locale so if the decimal point
2556 is not '.' try using the locale-specific version.
2560 Do I/O logging in the C locale so the floating point numbers in the
2561 timing file are not locale-dependent.
2564 * plugins/sudoers/sudoreplay.c:
2565 Use errorx() not error() for thingsthat don't set errno.
2568 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
2571 Better support for 1.2.3 style versions in Tru64 kits
2575 Add Tru64 kit support
2579 Remove apparently unnecessary use of sudo
2582 * Makefile.in, plugins/sudoers/Makefile.in:
2583 Create timedir as part of install-dirs target.
2587 Handle ENXIO from read/write which can occur when reading/writing a
2588 pty that has gone away.
2591 * plugins/sudoers/pwutil.c:
2592 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
2596 platform is a pp flag not a variable
2599 * Makefile.in, mkpkg, sudo.pp:
2600 Add simple arg parsing for mkpkg so we can set debug, flavor or
2605 Make rpm backend work on AIX 5.x
2608 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
2610 * plugins/sudoers/sudoers:
2611 Add commented out Defaults entry for log_output
2614 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
2617 Remove sudo docdir completely
2620 * doc/sample.sudo.conf:
2621 Add sample sudo.conf
2624 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
2626 * plugins/sudoers/Makefile.in:
2627 Add PACKAGE_TARNAME for docdir
2630 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
2633 Pass install-sh -b~ here too.
2636 * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
2637 plugins/sudoers/Makefile.in, src/Makefile.in:
2638 Install binary files with -b~ to make a backup. Fixes "text file
2639 busy" error on HP-UX during install.
2643 "mv -f" on HP-UX doesn't unlink the destination first so add an
2644 explicit rm before moving the temporary into place.
2647 * configure, configure.in:
2648 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
2651 * doc/Makefile.in, plugins/sudoers/Makefile.in:
2652 Install sudoers2ldif in the doc dir
2655 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
2658 Add missing include of maillock.h for Solaris
2661 * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
2662 doc/sample.syslog.conf, doc/sudoers.cat:
2663 Change the default syslog facility from local2 to authpriv (or auth
2664 if the operating system doesn't support authpriv).
2667 * Makefile.in, sudo.pp:
2668 Install sudoers as /etc/sudoers on RPM and debian systems where the
2669 package manager will not replace a user-modified configuration file.
2670 This fixes upgrades from the vendor sudo packages.
2674 RPM: use %config(noreplace) instead of %config for volatile This
2675 results in the new file being installed with a .rpmnew suffix
2676 instead of the file being replaced and the old one renamed with a
2680 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
2682 * compat/mkstemps.c, plugins/sudoers/boottime.c:
2683 Include time.h for struct timeval
2687 The return value of strsignal() may be const and should be treated
2688 as const regardless.
2691 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2692 Mention that 127.0.0.1 will not match, nor will localhost unless
2693 that is the actual host name.
2696 * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
2697 Rename WHATSNEW -> NEWS
2701 Updated pp with latest patches
2708 * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
2709 plugins/sudoers/sudoers:
2710 Add commented out line to add HOME to env_keep and add a warning to
2711 the note about the HOME change in UPGRADE.
2714 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
2716 * plugins/sudoers/sudoreplay.c:
2717 Add LINE_MAX define for those without it.
2720 * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
2721 doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
2722 plugins/sudoers/defaults.c:
2723 The tty_tickets option is now on by default.
2727 Mention that AIX authdb support has been fixed.
2731 setauthdb() only sets the "old" registry if it was set by a previous
2732 call to setauthdb(). To restore the original value, passing NULL
2733 (or an empty string) to setauthdb() is sufficient.
2736 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
2738 * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
2739 doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
2740 plugins/sudoers/env.c:
2741 Reset HOME when env_reset is enabled unless it is in env_keep
2744 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2745 The default for set_logname has been "true" for some time now.
2748 * plugins/sudoers/boottime.c:
2749 Add missing include of time.h
2752 * plugins/sudoers/logging.c:
2753 Fix check for dup2() return value.
2756 * plugins/sudoers/env.c:
2757 Add PYTHONUSERBASE to initial_badenv_table
2760 * plugins/sudoers/visudo.c:
2761 Treat an unknown defaults entry as a parse error.
2764 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
2765 Check return value of setdefs() but don't stop setting defaults if
2766 we hit an unknown one.
2769 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
2770 doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
2771 doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
2772 plugins/sudoers/env.c:
2773 If env_reset is enabled, set the MAIL environment variable based on
2774 the target user unless MAIL is explicitly preserved in sudoers.
2777 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
2780 decode debian code names
2787 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
2794 Restore RLIMIT_NPROC after the uid switch if it appears that
2795 runas_setup() did not do it for us. Fixes a bash script problem on
2796 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
2799 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
2801 * mkpkg, pp, sudo.pp:
2802 Restore the dot removal in the os version reported by polypkg. Adapt
2803 mkpkg and sudo.pp to the change.
2806 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
2809 document --with-pam-login
2812 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2813 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
2816 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
2819 Include flavor in solaris package name
2823 Older shells don't support IFS= so set explictly to space, tab,
2828 Use '=' not '==' in test
2832 Fix typo that prevented debian from matching
2836 Add missing prefix setting for debian
2840 Use tab indents to reduce the chance of problem with <<- Fix the
2841 debian %set section, pp does not set pp_deb_distro Uncomment %sudo
2842 line in sudoers for debian Uncomment some env_keep lines for RHEL,
2843 SLES and debian to more closely match the vendor sudoers files.
2844 Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
2845 debian for ldap flavor
2848 * plugins/sudoers/sudoers:
2849 Add commented out env_keep entries, sample Aliases and a %sudo line
2853 * configure, configure.in:
2854 Move zlib check later on in the script to avoid a strange shell
2859 Remove check for egrep; configure has its own
2862 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
2865 Enable zlib for linux distros
2869 Add ldap flavor to default build
2873 Simplify rpm linux distro settings
2876 * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
2877 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
2881 Fix ChangeLog creation from build dir
2884 * plugins/sudoers/sudoers.c:
2885 Handle getcwd() failure.
2888 * doc/Makefile.in, mkpkg, sudo.pp:
2889 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
2890 environment variable.
2894 Create sudo group on debian
2898 Add debian 4/5/6 and use the dot when doing version matches
2901 * aclocal.m4, configure:
2902 Use a loop when searching for mv, sendmail and sh
2905 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2906 Remove spurious "and"; from debian
2909 * aclocal.m4, configure, configure.in, doc/sudoers.cat,
2910 doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
2911 doc/visudo.man.in, doc/visudo.pod:
2912 Substitute the value of EDITOR into the sudoers and visudo manuals.
2915 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
2917 * mkpkg, pp, sudo.pp:
2918 Initial support for debian 4.0
2922 Some platforms need -fPIE instead of -fpie
2925 * plugins/sudoers/auth/pam.c:
2926 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
2927 On Linux it causes a DNS lookup via libaudit.
2931 Update MANIFEST to match packaging changes
2935 We now use pp to generate HP-UX packages
2938 * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
2939 Remove vestiges of old binary package bits.
2942 * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
2943 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
2944 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2946 install-man -> install-doc
2949 * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
2950 plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
2951 Use http://rc.quest.com/topics/polypkg/ for packaging
2955 Just ignore the -c option, it is the default Add support for -d
2959 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
2961 * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
2962 Use _PATH_STDPATH instead of _PATH_DEFPATH
2965 * plugins/sudoers/Makefile.in, src/Makefile.in:
2966 Do not strip binaries.
2969 * INSTALL, configure, configure.in:
2970 Add --insults=disabled configure option to allow people to build in
2971 insult support but have the insults disabled unless explicitly
2975 * compat/mkstemps.c:
2976 Add prototype for gettime()
2979 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
2980 plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
2981 plugins/sudoers/sudoers.h:
2982 Add support for a sudo-i pam.d file to be used for "sudo -i".
2983 Adapted from a RedHat patch.
2986 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
2988 * include/missing.h:
2989 Fix mkstemps() prototype
2992 * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
2993 config.h.in, configure, configure.in, include/missing.h,
2995 Use mkstemps() instead of mkstemp() in sudoedit. This allows
2996 sudoedit to preserve the file extension (if any) which may be used
2997 by the editor (like emacs) to choose the editing mode.
3000 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
3002 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
3003 plugins/sudoers/ldap.c:
3004 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
3005 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
3006 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
3007 should avoid disabling TLS_CHECKPEER is possible.
3010 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
3012 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
3013 Make sudo_plugin format a bit more like a man page
3016 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3017 Add suport for negated user/host/command lists in a Defaults entry.
3018 E.g. Defaults:!baduser noexec
3021 * Makefile.in, common/Makefile.in, compat/Makefile.in,
3022 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
3023 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3025 Add uninstall target
3028 * common/Makefile.in, compat/Makefile.in:
3029 Remove unused AR, SED and RANLIB variables
3033 Do not install sample plugins
3036 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
3038 * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
3039 configure.in, plugins/sudoers/env.c:
3040 Now that sudoers is a dynamically loaded module we cannot override
3041 the libc environment functions because the symbols may already have
3042 been resolved via libc. Remove getenv/putenv/setenv/unsetenv
3043 replacements from sudoers and add replacements for setenv/unsetenv
3044 for systems that lack them.
3047 * configure, configure.in, plugins/sudoers/Makefile.in:
3048 Link testsudoers with -ldl when needed
3051 * plugins/sample_group/plugin_test.c:
3052 Remove unused time.h and add limits.h for PATH_MAX
3055 * doc/sudoers.ldap.pod:
3059 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
3061 * plugins/sample_group/plugin_test.c:
3062 Do not depend on strlcpy/strlcat
3065 * plugins/sample_group/plugin_test.c:
3066 Standalone test driver for sudoers group plugin.
3069 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
3071 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
3072 Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
3076 * plugins/sample_group/sample_group.c:
3077 Fix style nit in function declarations
3080 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3081 Document group_plugin syntax.
3084 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
3085 Document the sudoers group plugin.
3088 * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
3089 configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
3090 plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
3091 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
3092 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
3093 plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
3094 plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
3095 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
3096 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
3097 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
3098 Replace built-in non-unix group support with a sudoers group plugin.
3099 Include a sample plugin that can read Unix-format group files.
3102 * configure, configure.in, src/load_plugins.c:
3103 Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
3106 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
3108 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
3109 doc/sudoers.man.in, doc/sudoers.pod:
3110 Move sudoers-specific bits out of sudo(8) and into sudoers(5)
3113 * aclocal.m4, configure, configure.in:
3114 Substitute @io_logdir@ for the sudoers I/O log directory.
3117 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
3119 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
3120 common/atobool.c, common/fileops.c, common/fmt_string.c,
3121 common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
3122 compat/getgrouplist.c, compat/getline.c, compat/glob.c,
3123 compat/snprintf.c, config.h.in, configure, configure.in,
3124 include/fileops.h, plugins/sample/sample_plugin.c,
3125 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
3126 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
3127 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
3128 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
3129 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
3130 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
3131 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
3132 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
3133 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
3134 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
3135 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
3136 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
3137 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
3138 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
3139 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
3140 plugins/sudoers/logging.c, plugins/sudoers/match.c,
3141 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
3142 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
3143 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
3144 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
3145 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
3146 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
3147 src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
3148 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
3149 src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
3150 Set usrinfo for AIX Set adminstrative domain for the process when
3151 looking up user's password or group info and when preparing for
3152 execve(). Include strings.h even if string.h exists since they may
3153 define different things. Fixes warnings on AIX and others.
3157 Add a separate all target for AIX make which was using the entire
3158 LHS (not just the first entry) of the first target as the implicit
3162 * plugins/sudoers/env.c:
3163 Do not rely on env.env_len when unsetting a variable, just use the
3167 * plugins/sudoers/env.c:
3168 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
3171 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
3173 * plugins/sudoers/vasgroups.c:
3174 Use warningx() instead of log_error() since the latter is not
3175 available to visudo or testsudoers. This does mean that they don't
3179 * plugins/sudoers/sudoers.c:
3180 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
3181 closed the sudoers sources. From Quest sudo.
3184 * plugins/sudoers/pwutil.c:
3185 Ignore case when matching user/group names in the cache. From Quest
3189 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
3191 * config.h.in, configure, configure.in, src/selinux.c:
3192 Add check for setkeycreatecon() when --with-selinux is specified.
3195 * configure, configure.in:
3196 Error out if libaudit.h is missing or ununable when --with-linux-
3200 * doc/HISTORY, doc/history.pod:
3201 Add =head3 entries, mostly for the html version
3204 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
3206 * doc/HISTORY, doc/history.pod:
3207 Mention when LDAP was incorporate.
3210 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
3212 * configure, configure.in:
3213 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
3214 not covered by _ALL_SOURCE.
3217 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
3219 * plugins/sudoers/iolog.c:
3220 Add a cast to quiet a compiler warning.
3223 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
3224 Quiet a compiler warning.
3227 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
3228 Call set_fqdn() after sudoers has parsed instead of inline as a
3232 * WHATSNEW, plugins/sudoers/sudoers.c:
3233 Do not call set_fqdn() until sudoers parses (where is gets run as a
3238 mention the change in tty ticket behavior when there is no tty
3241 * plugins/sudoers/check.c:
3242 Do not update tty ticket if there is no tty.
3245 * doc/LICENSE, doc/license.pod:
3246 Update copyright year
3250 Do not rely on BSD make's $>
3253 * configure, configure.in:
3254 Set timedir to /var/db/sudo for darwin to match Apple sudo's
3258 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
3260 * plugins/sudoers/sudoers.h:
3261 Add stub declarations for struct stat and struct timeval
3265 Remove compat/sigaction.c
3268 * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
3269 plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
3270 Check for zlib.h in addition to libz.
3273 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
3275 Move functions and symbols shared between exec.c and exec_pty.c into
3280 Comment out rules to build .man.in and .cat files unless --with-
3285 Comment out rules to build .man.in and .cat files unless --with-
3290 Quote any non-alphanumeric characters other than '_' or '-' when
3291 passing a command to be run via the shell for the -s and -i options.
3295 Add back .man suffix
3298 * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
3299 plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
3300 plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
3301 plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
3303 Add Linux audit support.
3306 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
3308 * plugins/sudoers/iolog.c:
3312 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
3313 plugins/sudoers/sudoreplay.c:
3314 Add -f (filter) option to sudoreplay to allow certain streams to be
3315 replayed and others ignored.
3318 * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
3320 Fix -A flag when askpass is specified in sudo.conf or if sudo
3321 doesn't need to read a password.
3324 * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
3325 src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
3329 * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
3330 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
3331 Add support for multiple sudoers_base entries in ldap.conf. From
3335 * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
3337 remove setsid check, we require a POSIX system
3340 * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
3341 src/sudo.c, src/tgetpass.c:
3342 Check for dup2() failure.
3345 * config.h.in, configure, configure.in:
3346 Remove dup2() check, it is not optional.
3349 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
3352 sync with sudo 1.7.3
3356 SunOS does not ship with an ANSI compiler
3360 Update OS specific notes. Delete some really ancient ones and move
3361 older ones to the end of the list.
3365 Sudo can be downloaded from the web site too Mention "OS dependent
3366 notes" section in INSTALL
3369 * src/exec_pty.c, src/selinux.c:
3370 Call selinux_restore_tty() as part of cleanup() so it gets called
3371 from error()/errorx()
3374 * MANIFEST, doc/PORTING:
3375 Remove obsolete porting guide
3378 * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
3379 Move union sudo_in_addr_un into interfaces.h
3383 Remove useless circular dependencies
3386 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
3387 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
3388 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
3389 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
3390 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
3391 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
3392 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
3393 Convert to ANSI C function declarations
3396 * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
3397 common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
3398 compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
3399 compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
3400 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
3401 compat/strlcpy.c, compat/timespec.h, compat/utime.h,
3402 compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
3403 include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
3404 include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
3405 plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
3406 plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
3407 plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
3408 plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
3409 plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
3410 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
3411 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
3412 plugins/sudoers/logging.h, plugins/sudoers/match.c,
3413 plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
3414 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
3415 plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
3416 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
3417 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
3418 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
3419 src/conversation.c, src/error.c, src/load_plugins.c,
3420 src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
3421 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
3422 Update copyright year
3426 Fix commented DEVDOCS when not in devel mode.
3429 * plugins/sudoers/match.c:
3430 Quiet a compiler warning.
3433 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
3434 Quiet a compiler warning.
3437 * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
3438 Make all functions in ldap.c static
3441 * doc/schema.ActiveDirectory:
3442 Updates from Alain Roy to provide better examples for importing the
3443 schema and to fix problems caused by Windows validating attributes
3444 which have not yet been added before committing the changes.
3447 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
3449 * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
3450 doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
3451 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
3452 doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
3453 doc/visudo.cat, doc/visudo.man.in:
3454 Leave rules to build .man.in and .cat files uncommented but only
3455 make them part of the "all" rule in devel mode. Generate .cat files
3456 directly from .man.in instead of .man using default values in
3460 * configure, configure.in:
3461 Bump sudo version to 1.8.0b1
3464 * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
3465 Print configure args with verbose version information.
3468 * TODO, plugins/sudoers/visudo.c:
3469 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
3470 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
3471 Use tq_append to append sudoers entries to the tail queue.
3474 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
3477 Describe tty timestamp improvements
3480 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3481 A comment character may not be part of a command line argument
3482 unless it is quoted with a backslash. Fixes parsing of:
3483 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
3487 Make this read a little bit better when passwd_timeout is 0.
3490 * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
3491 Attempt to handle a default password prompt timeout of zero more
3495 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3496 Do not override value of keepopen global, instead restore it to the
3497 value we pushed onto the stack when popping.
3500 * plugins/sudoers/Makefile.in:
3501 Add dependency for utility programs on libreplace and libcommon
3504 * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
3505 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
3506 src/exec.c, src/exec_pty.c, src/tgetpass.c:
3507 Remove sigaction emulation Use SA_INTERRUPT in sa_flags
3510 * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
3511 We don't use getgrouplist() at the moment so there's no need to
3512 provide a compat version.
3519 * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
3520 src/conversation.c, src/sudo.h, src/tgetpass.c:
3521 Fix visiblepw sudoers option; the plugin API portion still needs
3526 Print sudo version as well.
3529 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
3530 Use sudo_printf for I/O log version Clarify policy plugin version
3534 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
3535 plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
3536 Silence some compiler warnings
3539 * src/load_plugins.c, src/tgetpass.c:
3540 Store askpass path in a global instead of uses setenv() which many
3544 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
3546 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
3547 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
3548 plugins/sudoers/check.c, plugins/sudoers/def_data.c,
3549 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
3550 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
3551 plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
3553 Move askpass path specification from sudoers to sudo.conf.
3556 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
3557 Use a flag bit in struct command_details for selinux instead of a
3561 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
3562 Implement background mode. If I/O logging we use pipes instead of a
3566 * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
3567 src/exec.c, src/exec_pty.c, src/tgetpass.c:
3568 Move compat definition of NSIG to compat.h
3571 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
3572 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
3573 Mention plugins in the sudo manual and add some missing path
3574 substitution in the sudo_plugin manual.
3578 Set _PATH_SUDO_CONF based on $(sysconfdir)
3581 * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
3582 src/exec.c, src/exec_pty.c, src/ttysize.c:
3583 Require POSIX termios to build sudo
3587 Ignore SIGPIPE for "sudo -S"
3591 Fix uninitialized variable in TGP_ECHO case and print a newline if
3592 the user interrupted password input.
3596 Make TGP_ECHO override TGP_MASK and don't try to restore the
3597 terminal if we didn't modify it.
3600 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
3601 include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
3602 src/conversation.c, src/sudo.h, src/tgetpass.c:
3603 Add SUDO_CONV_PROMPT_MASK define which corresponds to the
3604 "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
3609 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
3612 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
3614 * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
3615 Add selinux_enabled flag into struct command_details and set it in
3616 command_info_to_details(). Return an error from selinux_setup()
3617 instead of exiting. Call selinux_setup() from exec_setup().
3620 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
3623 Remove commented out copy of old sudo_execve() function.
3626 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
3628 * plugins/sudoers/sudoers.c:
3629 Fix setting selinux type on command line.
3632 * plugins/sudoers/iolog.c:
3633 In sudoers_io_close(), skip NULL io_fds[] elements.
3637 No longer need NGROUPS_MAX define
3640 * compat/nanosleep.c, config.h.in, configure, configure.in,
3641 include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
3642 plugins/sudoers/visudo.c, src/sudo_edit.c:
3643 Replace timerfoo macros with timevalfoo since the timer macros are
3644 known to be busted on some systems.
3648 Remove duplicate call to selinux_setup().
3651 * plugins/sudoers/auth/pam.c:
3652 If pam_open_session() fails, pass its status to pam_end.
3655 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3656 If a file in a #includedir has improper permissions or owner just
3657 skip it. This prevents packages that incorrectly install a file
3658 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
3659 #includedir files still result in a parse error (for now).
3662 * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3663 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
3664 plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
3665 Add use_pty sudoers option to force use of a pty even when not
3669 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
3670 Make env_init() void as it never fails.
3673 * plugins/sudoers/env.c:
3674 No longer use _NSGetEnviron so don't need crt_externs.h
3677 * plugins/sudoers/env.c:
3678 Remove unused VNULL define
3681 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
3683 * plugins/sudoers/iolog.c:
3684 Add #define for maximum session id
3687 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
3688 Split exec.c into exec.c and exec_pty.c
3692 Sync with source file moves.
3695 * src/Makefile.in, src/get_pty.c, src/pty.c:
3696 Rename pty.c -> get_pty.c
3699 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
3701 * plugins/sudoers/iolog.c:
3702 Only use I/O input log file if def_log_input is set and output file
3703 if def_log_output is set.
3706 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
3708 * compat/strsignal.c:
3709 Update copyright year
3716 * plugins/sudoers/sudoers.c:
3717 For sudoedit, make a local copy of editor string si become part of
3718 argv. If no editor environment variable, split def_editor on ':'
3719 since it may be a colon-delimited path.
3723 Remove unneeded endpwent()/endgrent()
3727 Use value of nroff from configure
3731 Add missing const to I/O log action function
3734 * plugins/sudoers/check.c:
3735 Update copyright year and fix whitespace
3738 * configure, configure.in:
3742 * plugins/sudoers/iolog.c:
3743 Remove redundant tty signal blocking in log function.
3746 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
3748 * plugins/sudoers/iolog.c:
3749 Place static keyword where it belongs
3752 * plugins/sudoers/logging.c:
3753 Always use a printf format string for send_mail()
3756 * common/atobool.c, plugins/sudoers/ldap.c:
3757 Extend atobool() so we can use it in the LDAP code.
3760 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
3761 Sudo now stashes tty ctime for tty_tickets on Solaris too.
3764 * plugins/sudoers/boottime.c:
3765 Fix dummy version of get_boottime()
3768 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
3770 * plugins/sudoers/check.c:
3771 Enable tty_is_devpts() support for Solaris with the "devices"
3776 Unbreak the non-io logging case.
3779 * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
3780 Fix symbol name conflict with sudo_printf.
3783 * plugins/sudoers/auth/pam.c:
3784 Fix OpenPAM detection for newer versions.
3787 * plugins/sudoers/vasgroups.c:
3788 Sync with Quest sudo git repo
3791 * aclocal.m4, configure, configure.in:
3792 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
3793 Add missing template for ENV_DEBUG Adapted from Quest sudo
3797 Fix typos; from Quest Sudo
3800 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
3802 * plugins/sudoers/Makefile.in:
3803 Add back -I$(top_srcdir); we need it for including compat/foo.h
3804 since we cannot rely on "foo.h" being found relative to the source
3805 file when the cwd is different.
3809 Fix a bug where we could treat EAGAIN as a permanent error. Also set
3810 cstat if perform_io() returns an error.
3813 * common/alloc.c, plugins/sudoers/boottime.c,
3814 plugins/sudoers/sudoers.c:
3815 Add casts to quiet compiler warnings.
3818 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
3819 plugins/sudoers/visudo.c:
3820 Fix typo in ternary operator usage.
3823 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
3825 * INSTALL, configure, configure.in:
3826 Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
3829 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3830 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
3831 Update docs to match sudoers I/O logging changes
3834 * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
3835 pathnames.h.in, plugins/sudoers/def_data.c,
3836 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
3837 plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
3838 plugins/sudoers/gram.h, plugins/sudoers/gram.y,
3839 plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
3840 plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
3841 plugins/sudoers/sudoreplay.c:
3842 Break sudoers transcript feature up into log_input and log_output.
3845 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
3846 plugins/sudoers/visudo.c:
3847 Use setprogname() as needed.
3850 * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
3851 Adapt sudoreplay to iolog changes.
3854 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
3856 * plugins/sudoers/iolog.c:
3857 Log all input and output into separate files and store a number on
3858 each timing file line to indicate which file the data is in.
3861 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
3862 plugins/sudoers/sudoers.h:
3863 Make sudoers_io functions static to iolog.c
3866 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
3868 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
3869 src/sudo_usage.h.in:
3870 Completely remove the -L flag from the sudo front end.
3873 * plugins/sudoers/sudoreplay.c:
3874 Fix EAGAIN handling when writing to stdout.
3877 * plugins/sudoers/sudoers.c:
3878 Eliminate unused variables
3881 * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
3882 Re-enable cleanup functions in sudoers plugin and sudo driver for
3886 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
3887 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
3888 plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
3889 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
3890 Use sudo_printf to display verbose version information.
3893 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
3894 plugins/sudoers/Makefile.in, src/Makefile.in:
3895 Minor Makefile cleanup: fix a typo, change the removal order in the
3896 clean targets, and remove a superfluous include path for the sudoers
3900 * plugins/sudoers/env.c:
3901 Handle duplicate variables in the environment. For unsetenv(), keep
3902 looking even after remove the first instance. For sudo_putenv(),
3903 check for and remove dupes after we replace an existing value.
3906 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
3908 * plugins/sudoers/Makefile.in:
3909 Use explicit path to source file instead of $< for files that live
3910 in devdir and top_srcdir.
3913 * plugins/sudoers/Makefile.in:
3914 Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
3915 ending LIBSUDOERS_OBJS with a backslash
3918 * plugins/sudoers/Makefile.in, src/Makefile.in:
3919 Link libcommon before libreplace since libcommon may use functions
3920 only present in libreplace.
3923 * common/Makefile.in:
3924 Move code common to sudo and the sudoers plugin to a convenience
3925 library, libcommon. Removes the need to make links in the sudoers
3926 plugin dir and reduces re-compilation of duplicate object files.
3929 * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
3930 common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
3931 common/term.c, common/zero_bytes.c, configure, configure.in,
3932 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
3933 src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
3934 src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
3936 Move code common to sudo and the sudoers plugin to a convenience
3937 library, libcommon. Removes the need to make links in the sudoers
3938 plugin dir and reduces re-compilation of duplicate object files.
3941 * src/exec.c, src/sudo.c, src/sudo.h:
3942 Rename script_execve to sudo_execve and rename script_foo in exec.c
3945 * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
3946 rename script.c exec.c and fix up the MANIFEST file
3949 * src/script.c, src/sudo.c, src/sudo.h:
3950 Rename script_setup() to pty_setup() and call from script_execve()
3954 * configure, configure.in:
3955 bump version to 1.8.0a2
3958 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
3959 Document init_session
3962 * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
3963 plugins/sudoers/auth/sudo_auth.h:
3964 Clean up the sudoers auth API a bit and update the docs.
3967 * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
3968 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
3969 plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
3970 Add init_session function to struct policy_plugin that gets called
3971 before the uid/gid/etc changes. A struct passwd pointer is passed
3972 in,which may be NULL if the user does not exist in the passwd
3973 database.The sudoers module uses init_session to open the pam
3977 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
3979 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
3980 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
3981 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
3982 Add open/close session to sudo auth, only used by PAM. This allows
3983 us to open (and close) the PAM session from sudoers.
3986 * plugins/sudoers/Makefile.in:
3987 Add explicit rule to build getdate.o for HP-UX make.
3990 * plugins/sudoers/Makefile.in:
3991 Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
3992 rules as an alternate way to prevent HP-UX make (and others) from
3993 trying to rebuild the parser in non-dev mode.
3996 * plugins/sudoers/sudoers.c:
3997 Re-enable PATH_MAX check for command
4001 For distclean, clean the main directory last since the subdirs need
4002 to be able to run libtool to clean things.
4005 * compat/Makefile.in:
4006 Fix generation of mksiglist.h
4010 Now that we defer sending cstat until the end of script_child() we
4011 cannot reuse cstat when reading command status from parent.
4014 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
4016 * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
4017 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4018 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
4019 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
4020 Use numeric registers to handle conditionals instead of trying to do
4021 it all with text processing.
4025 Document per-command SELinux settings
4028 * plugins/sudoers/sudoers.c:
4029 Repair "sudo -l -U username"
4032 * plugins/sudoers/sudoers.c:
4033 Set selinux role and type in command details.
4036 * src/script.c, src/selinux.c, src/sudo.h:
4037 Rework SELinux support.
4040 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
4042 * src/script.c, src/selinux.c, src/sudo.h:
4043 Make SELinux support compile again. Needs more work to be complete.
4046 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4047 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4048 src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
4050 Bring back closefrom settings.
4053 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
4054 plugins/sudoers/sudoers.h:
4055 If running a command or sudoedit in transcript mode, call
4056 io_nextid() before log_allowed() so the session id is logged.
4059 * configure, configure.in:
4060 Use mandoc(1) if nroff(1) is not present.
4064 Use the --file argument to config.status instead of setting
4065 CONFIG_FILES in the environment.
4068 * plugins/sudoers/Makefile.in:
4069 We cannot conditionally update gram.h or the dependency ordering
4070 gets messed up in devel mode.
4073 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
4075 * Makefile.in, compat/Makefile.in, configure, configure.in,
4076 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4077 plugins/sudoers/Makefile.in, src/Makefile.in:
4078 Substitute @SHELL@ into Makefiles
4085 * config.guess, config.sub, configure, configure.in:
4086 Update to autoconf 2.65
4090 Fix libtool target (space vs. tabs)
4093 * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
4094 Remove use of RETSIGTYPE; all modern systems have signal handlers
4098 * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
4099 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
4100 m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
4101 plugins/sudoers/Makefile.in, src/Makefile.in:
4102 Update to libtool-2.2.6b. I haven't made any local modifications
4103 this time, which should be OK since we install sudo_noexec.so by
4107 * compat/Makefile.in, plugins/sample/Makefile.in,
4108 plugins/sudoers/Makefile.in, src/Makefile.in:
4109 Use libtool to clean objects
4112 * include/Makefile.in:
4113 Install sudo_plugin.h as part of "make install" and make other
4114 install targets callable from the top-level Makefile
4117 * configure, configure.in:
4118 regen with autoupdate to eliminate AC_TRY_LINK
4121 * Makefile.in, compat/Makefile.in, configure, configure.in,
4122 doc/Makefile.in, plugins/sample/Makefile.in,
4123 plugins/sudoers/Makefile.in, src/Makefile.in:
4124 Install sudo_plugin.h as part of "make install" and make other
4125 install targets callable from the top-level Makefile
4128 * plugins/sample/sample_plugin.c:
4129 The sample plugin doesn't support being run with no args so return a
4130 usage error in this case.
4133 * plugins/sudoers/iolog.c:
4134 Set close on exec flag for descriptors used for I/O logging so they
4135 are not present in the command being run.
4138 * plugins/sudoers/tsgetgrpw.c:
4139 Set close on exec flag in private versions of setpwent() and
4144 Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
4145 Fixes extra fds being present in the command when it is part of a
4149 * plugins/sudoers/sudoers.c:
4150 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
4151 is used when logging). Note that user_ttypath will still be NULL if
4155 * src/script.c, src/sudo.h:
4156 Cosmetic changes: add comments, remove orphaned prototype and
4157 make a global static.
4160 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
4163 Move check for maxfd == -1 to flush_output where it belongs.
4167 Break out of select loop if all the fds we want to select on are -1.
4171 Avoid possible malloc(0) if plugin returns an empty groups list.
4175 Add debugging info when calling plugin close function
4179 Avoid closing stdin/stdout/stderr when we are piping output.
4183 When execve() of the command fails, it is possible to receive
4184 SIGCHLD before we've read the error status from the pipe. Re-order
4185 things such that we send the final status at the very end and prefer
4186 error status over wait status.
4189 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
4191 * plugins/sudoers/auth/sudo_auth.c:
4192 Fix compilation for non PAM/BSD auth/AIX auth
4195 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
4198 Additional checks to make sure we don't close /dev/tty by mistake.
4199 When flushing, sleep in select as long as we have buffers that need
4204 Now that we can use pipes for stdin/stdout/stderr there is no longer
4205 a need to error out when there is no tty. We just need to make sure
4206 we don't try to use the tty fd if it is -1.
4209 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
4211 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4212 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
4213 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
4214 Add argc and argv to I/O logger open function.
4217 * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
4218 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
4219 src/parse_args.c, src/sudo.c, src/sudo_edit.c:
4220 Remove check_sudoedit function pointer in struct sudo_policy.
4221 Instead, sudo will set sudoedit=true in the settings array. The
4222 plugin should check for this and modify argv_out as appropriate in
4226 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
4228 * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
4230 If plugin sets "sudoedit=true" in the command info, enable sudoedit
4231 mode even if not invoked as sudoedit. This allows a plugin to
4232 enable sudoedit when the user runs an editor.
4235 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
4237 * plugins/sudoers/Makefile.in:
4238 gram.h must not depend on gram.y if we want to avoid unnecessary
4239 rebuilding of targets dependent on gram.h when gram.y changes.
4242 * plugins/sample/sample_plugin.c:
4243 Refactor common bits of check_policy and check_edit
4246 * plugins/sample/sample_plugin.c:
4247 Add sudoedit support
4250 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
4252 * plugins/sudoers/Makefile.in:
4253 Rely more on VPATH; fixes a dependency issue with the parser.
4257 Fix typo introduced in last commit
4261 Emulate seteuid using setreuid() or setresuid() as needed. There are
4262 still a few places that call seteuid() directly.
4265 * src/parse_args.c, src/sudo_edit.c:
4266 Attempt to fix building on systems that only have setuid.
4269 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4270 Clarify sudoedit a tad.
4273 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
4276 Fix compilation on HP-UX
4279 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4283 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
4284 Change how we handle the sudoedit argv. We now require that there
4285 be a "--" in argv to separate the editor and any command line
4286 arguments from the files to be edited.
4289 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
4290 plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
4291 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
4292 src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
4293 src/sudo.h, src/sudo_edit.c:
4294 Work in progress support for sudoedit. The actual interface used by
4295 the plugin for sudoedit is likely to change.
4298 * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
4299 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
4300 Make find_path() a little more generic by not checking def_foo
4301 variables inside it. Instead, pass in ignore_dot as a function
4305 * plugins/sudoers/env.c:
4306 Add version of getenv(3) that uses our own environ pointer.
4309 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
4312 Avoid a potential race condition if SIGCHLD is received immediately
4313 before we call select().
4316 * plugins/sudoers/sudoers.c:
4317 Call env_init() before we open the sudoers sources as those may call
4318 our setenv() replacement.
4321 * plugins/sudoers/env.c:
4322 Initialize env_len in env_init()
4325 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
4327 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
4328 Document time stamp shortcomings under SECURITY NOTES Use "time
4329 stamp" instead of timestamp.
4333 Make sed substitution of mansectsu and mansectform global.
4336 * plugins/sudoers/check.c:
4337 If the tty lives on a devpts filesystem, stash the ctime in the tty
4338 ticket file, as it is not updated when the tty is written to. This
4339 helps us determine when a tty has been reused without the user
4340 authenticating again with sudo.
4344 Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
4345 is what our compat checks set.
4348 * configure, configure.in:
4349 Add check for whether sudo need to link with -ldl to get dlopen().
4350 This is a bit of a hack that will get reworked when libtool is
4354 * plugins/sudoers/check.c:
4355 Fix timestamp removal with -k/-K
4358 * plugins/sudoers/Makefile.in:
4359 audit.c is now private to the sudoers plugin
4362 * configure, configure.in:
4363 Link with -lpthread on HP-UX since a plugin may be linked with
4364 -lpthread and dlopen() will fail if the shared object has a
4365 dependency on -lpthread but the main program is not linked with it.
4368 * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
4369 Add separate test for getresuid() since HP-UX has setresuid() but no
4374 Remove errant backslash
4378 Fix SIGPIPE handling. Now that we use may use pipes for
4379 stdin/stdout we need to pass any SIGPIPE we receive to the running
4384 Also start the command in the background if stdin is not a tty.
4387 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
4389 * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
4390 No need to use pseudo-cbreak mode now that we use pipes when stdout
4391 is not a tty. Instead, check whether stdin is a tty and if not,
4392 delay setting the tty to raw mode until the command tries to access
4393 it itself (and receives SIGTTIN or SIGTTOU).
4397 Use an array for signals received instead of a single variable so we
4398 don't lose any when there are multiple different signals.
4402 Do signal setup after turning off echo, not before. If we are using
4403 a tty but are not the foreground pgrp this will generate SIGTTOU so
4404 we want the default action to be taken (suspend process).
4407 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
4410 Flush the iobufs on suspend or child exit using the same logic as
4411 the main event loop.
4415 Free memory after we are done with it.
4418 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
4421 Quest now sponsors Sudo development
4424 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
4427 Install sudo_plugin man page.
4431 Go back to reseting io_buffer offset and length (and now also the
4432 EOF handling) in the loop we do the FD_SET, not after we drain the
4433 buffer after write() since we don't know what order reads and writes
4438 audit files moved to sudoers plugin directory
4441 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4442 Document plugin_printf and new logging functions.
4446 Add support for logging stdin when it is not a tty. There is still a
4447 bug where "cat | sudo cat" has problems because both cat and sudo
4448 are trying to read from the tty.
4451 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
4452 plugins/sudoers/sudoers.c, src/script.c:
4453 Add separate I/O logging functions for tty in/out and
4454 stdin/stdout/stderr. NOTE: stdin logging does not currently work and
4455 is disabled for now.
4458 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
4460 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
4461 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
4462 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
4463 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4464 src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
4465 Add pointer to a printf like function to plugin open functon. This
4466 can be used instead of the conversation function to display info and
4471 Stop if make in a subdir fails
4475 Only set user's tty to blocking mode when doing the final flush.
4476 Flush pipes as well as pty master when the process is done.
4479 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
4481 * plugins/sudoers/ldap.c:
4482 Use print_error() when displaying ldap config info in debugging
4486 * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
4487 No longer need strdup() or strndup() replacements.
4490 * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
4491 plugins/sudoers/sudoers.h:
4492 Add print_error() function that uses the conversation function to
4493 print a variable number of error strings and use it in log_error().
4496 * src/script.c, src/sudo.h, src/term.c:
4497 Do not need the opost flag to term_copy() now that we use pipes for
4498 stdout/stderr when they are not a tty.
4502 Use pipes to the sudo process if stdout or stderr is not a tty.
4503 Still needs some polishing and a decision as to whether it is
4504 desirable to add additonal entry points for logging
4505 stdout/stderr/stdin when they are not ttys. That would allow a
4506 replay program to keep things separate and to know whether the
4507 terminal needs to be in raw mode at replay time.
4510 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
4512 * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
4513 plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
4514 src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
4515 Move audit sources into the sudoers plugin dir; the driver does not
4519 * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
4520 compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
4521 plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
4522 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
4523 plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
4524 src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
4525 src/term.c, src/ttysize.c:
4526 Use angle brackets when including headers that can only be found
4527 when an -I flag is specified. The files in the compat dir could get
4528 away with double quotes here but I've converted all the source files
4529 to use angle brackets for consistency.
4532 * plugins/sudoers/Makefile.in:
4533 Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
4534 dir can be found when building outside the source tree.
4537 * plugins/sudoers/Makefile.in:
4538 Clean up links in distclean
4541 * plugins/sudoers/Makefile.in:
4542 Hack around VPATH semantic differences by symlinking files we need
4543 from ../../src into the current directory and build those. A better
4544 fix would be to either make a .a or .la file with those files in it
4545 or simply use a single, flat, Makefile instead of per-subdirs
4549 * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
4550 fmt_string is used by the sudoers plugin too so do not include
4551 sudo.h (which is not really needed here anyway)
4554 * compat/Makefile.in, plugins/sample/Makefile.in,
4555 plugins/sudoers/Makefile.in, src/Makefile.in:
4556 Fix building with non-BSD versions of make such as GNU make.
4557 Requires VPATH support, which should be in any non-neolithic make.
4560 * configure, configure.in, plugins/sudoers/Makefile.in,
4561 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
4563 Re-enable bsm audit. Currently auditing is done within the sudoers
4564 plugin itself. If possible, this should really be done in the main
4565 driver but we don't presently have the needed data to do that. This
4566 will be re-evaluated when Linux audit support is added.
4569 * compat/Makefile.in, plugins/sample/Makefile.in,
4570 plugins/sudoers/Makefile.in, src/Makefile.in:
4571 Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
4572 of explicit rules in the dependency.
4575 * plugins/sudoers/visudo.c:
4576 Fix mismerge; alias_remove_recursive() now returns int
4579 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
4581 * plugins/sudoers/visudo.c:
4582 Fix a crash when checking a sudoers file that has aliases that
4583 reference themselves. Based on a diff from David Wood.
4587 Print signal info after restoring the tty mode, not before.
4591 Defer call to alarm() until after we fork the child. Pass correct
4592 pid to terminate_child() If the command exits due to signal, set
4593 alive to false like we do when it exits normally. Add missing
4594 check for errpipe[0] != -1 before using it in FD_ISSET
4597 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
4599 * plugins/sudoers/boottime.c:
4600 Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
4603 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
4606 Simplify dependencies by using .c.o and .c.lo rules.
4609 * configure, configure.in, plugins/sudoers/Makefile.in,
4611 Substitute in @PROGS@ into src/Makefile to add sesh
4614 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
4616 * plugins/sudoers/sudoers.c:
4617 Add back calls to log_denial() if sudoers does not allow the
4621 * plugins/sudoers/sudoers.c:
4622 Pass in correct pwflag for list and validate.
4625 * plugins/sudoers/env.c:
4626 Add missing check for NULL in validate_env_vars
4630 Add sudo_noexec.la to "all" target, otherwise it only gets built at
4634 * plugins/sudoers/sudoers.c:
4635 Only set sudo_user.env_vars if the env_add list is empty.
4638 * plugins/sudoers/sudoers.c:
4639 Set sudo_user.env_vars so that environment variables specified on
4640 the command line get logged correctly.
4643 * plugins/sudoers/env.c, plugins/sudoers/logging.c,
4644 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
4645 Re-enable environment files and setting environment variables on the
4649 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
4651 * plugins/sudoers/check.c:
4652 Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
4653 a pointer to time_t as tv_sec in struct timeval may be long.
4656 * plugins/sudoers/check.c:
4657 Don't stash ctime in on-disk tty ticket info for now; on many
4658 (most?) systems the ctime is updated when the tty is written to.
4659 Once I have a better idea of what systems do not update ctime on
4660 ttys (and have a way to test for this) the ctime stash will be
4661 conditionally re-enabled.
4664 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
4666 * MANIFEST, Makefile.in:
4667 Add back "dist" target, this time using a MANIFEST file
4671 Remove Makefile in distclean target
4674 * Makefile.in, src/Makefile.in:
4675 Update clean and cleandir targets
4678 * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
4680 Move fileops.c defines and prototypes to filesops.h
4683 * plugins/sudoers/check.c:
4684 Lock the tty timestamp when writing. We shouldn't have to lock when
4685 reading since the file is updated via a single write system call.
4688 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
4690 * plugins/sudoers/alias.c, plugins/sudoers/check.c,
4691 plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
4692 plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
4693 plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
4694 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
4695 plugins/sudoers/logging.c, plugins/sudoers/match.c,
4696 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
4697 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
4698 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
4699 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4700 plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
4701 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
4702 Convert to ANSI C function declarations
4705 * plugins/sudoers/sudoers.h:
4706 Remove extraneous bits and classify by source file.
4710 Add timercmp macro for systems without it
4713 * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
4714 plugins/sudoers/sudoers.h:
4715 get_boottime() now fills in a timeval struct
4718 * plugins/sudoers/check.c:
4719 Store info from stat(2)ing the tty in the tty ticket when tty
4720 tickets are in use. On most systems, this closes the loophole
4721 whereby a user can log out of a tty, log back in and still have the
4725 * config.h.in, configure.in:
4726 Add timespec2timeval and use it when getting ctime/mtime
4729 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
4731 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
4732 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4733 plugins/sudoers/testsudoers.c:
4734 Convert perm setting to push/pop model; still needs some work Use
4735 the stashed runas groups instead of using getgrouplist() Reset perms
4736 to the initial value on error
4739 * config.h.in, configure.in:
4740 fix ctim_get and mtim_get macros
4743 * config.h.in, configure, configure.in, include/compat.h,
4744 plugins/sudoers/check.c, plugins/sudoers/gettime.c,
4745 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
4746 Use timeval directly instead of converting to timespec when dealing
4747 with file times and time of day.
4750 * plugins/sudoers/Makefile.in:
4751 Don't like sudoreplay with libsudoers.la due to a yacc symbol
4755 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
4757 * configure, configure.in:
4758 Darwin >= 9.x has real setreuid(2)
4761 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
4763 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
4767 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
4768 plugins/sudoers/sudoers.h:
4769 Remove remaining references to the environ pointer.
4772 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
4774 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
4775 Don't change the environ directly in the sudoers plugin
4778 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
4780 * plugins/sudoers/sudoers.c:
4784 * plugins/sudoers/alias.c:
4785 Fix use after free in error message when a duplicate alias exists.
4788 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
4790 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4792 Add a "noninteractive" boolean to the settings passed in to the
4793 plugin's open function that is set when the user specifies the -n
4797 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
4798 Add workaround for the lack of the environ pointer on Mac OS X in
4799 dlopen()ed modules. Use of environ in the sudoers plugin should
4800 ultimately be removed but this will do for the moment.
4803 * plugins/sudoers/visudo.c:
4804 Set errorfile to the sudoers path if we set parse_error manually.
4805 This prevents a NULL dereference in printf() when checking a sudoers
4806 file in strict mode when alias errors are present.
4809 * plugins/sudoers/sudoers.c:
4810 Main sudo no longer print "unable to execute" on exec failure so do
4814 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
4817 Use a pipe to pass back errno to the parent if execve() fails. If we
4818 get an error in script_child(), kill the command and exit.
4821 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4822 src/parse_args.c, src/sudo.c:
4823 Handle plugin's open function returning -2 (usage error).
4827 If execve() fails, leave it to the plugin to print an error string.
4831 If execve fails in logging mode, pass the errno directly to the
4832 grandparent on the backchannel and exit. The immediate parent will
4833 get SIGCHLD and try to report that status but its parent will no
4834 longer be listening. It would probably be cleaner to pass this over
4835 a pipe in script_child().
4838 * plugins/sudoers/sudoers.c:
4839 Don't override rval with results of check_user() unless it failed.
4842 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
4844 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4849 NULL-terminate env_add
4852 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
4855 Call the I/O log open function before the I/O version function.
4858 * plugins/sudoers/iolog.c:
4859 Remove io_conv and just use sudo_conv
4862 * plugins/sudoers/set_perms.c:
4863 Fix set/restore perms for systems w/o setresuid
4866 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
4868 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
4869 plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
4870 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
4871 Primitive set/restore permissions. Will be replaced by a push/pop
4876 Only need to take action on SIGCHLD in parent if no I/O logger. If
4877 there is an I/O logger we will receive ECONNRESET or EPIPE when we
4878 try to read from the socketpair.
4881 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
4883 * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
4884 doc/sudoers.pod, plugins/sudoers/find_path.c:
4885 Merge fb4d571495fa from the 1.7 branch to trunk.
4888 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
4891 Don't set SA_RESTART when registering SIGALRM handler. Do set
4892 SA_RESTART when registering SIGWINCH handler.
4896 Add dev targets for *.man.in and *.cat that don't specfify the
4901 If log_input or log_output returns false, terminate the command.
4905 Better signal handling. Instead of using a single variable to store
4906 the received signal, use an array so we can't lose a signal when
4907 multiple are sent. Fix process termination by SIGALRM in non-I/O
4908 logger mode. Fix relaying terminal signals to the child in non-I/O
4913 Fix a race between when we get the child pid in the parent and when
4914 the child process exits. The problem exhibited as a hang after a
4915 short-lived process, e.g. "sudo id" when no IO logger was enabled.
4918 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
4920 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4921 Add a note about the security implications of the fast_glob option.
4924 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
4926 * config.h.in, configure, configure.in:
4927 Fix up some AC_DEFINE descriptions and regen config.h.in
4930 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
4932 * include/missing.h:
4933 No longer check for strdup or strndup for LIBOBJ replacement.
4937 Avoid installing signal handlers that are io-logger specific. Fixes
4938 job control when no io logger is enabled.
4942 Only regen man pages from pod when configured with --with-devel
4945 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
4947 * Makefile, Makefile.in, configure, configure.in:
4948 Top-level Makefile.in. Nothing is currently substituted but this is
4949 needed for separate build dirs.
4952 * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
4953 plugins/sudoers/Makefile.in, src/Makefile.in:
4954 Fix out-of-tree builds
4961 We always install sudoreplay in 1.8
4964 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
4966 * compat/siglist.in:
4967 SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
4970 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
4972 * configure, configure.in:
4973 No need to provide strdup() or strndup(), sudo uses estrdup() and
4977 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
4979 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
4980 Free str after using it in the version method. Use sudo_conv, not
4981 io_conv since we don't have the IO conversation function pointer in
4982 the I/O version method anymore now that io_open is delayed.
4985 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
4987 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
4989 Add license to mksiglist.c and note that the bits from pdksh are
4993 * compat/Makefile.in:
4994 Fix LIBOBJDIR vs. srcdir wrt the siglist bits
4997 * plugins/sudoers/Makefile.in:
4998 Add sudoreplay testsudoers and visudo to clean target
5001 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
5002 compat/siglist.in, compat/strsignal.c, configure, configure.in,
5003 include/missing.h, src/script.c:
5004 Create our own sys_siglist for systems without it for use by
5008 * compat/Makefile.in:
5009 Remove duplicate $(LIBOBJDIR)
5012 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
5014 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
5015 Main sudo should not block signals; the plugin should do this in
5019 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
5022 Fix a sizeof(ptr) vs. sizeof(*ptr)
5026 Unlike most operating systems, HP-UX select() is not interrupted by
5027 SIGCHLD when the signal is registered with SA_RESTART. If we clear
5028 SA_RESTART when calling sigaction() for SIGCHLD we get the expected
5029 behavior and the code in the select() loops already handles EINTR
5033 * compat/getprogname.c:
5034 progname should be const
5037 * plugins/sudoers/Makefile.in:
5038 Move --tag=disable-static to when we link sudoers.la, not when we
5042 * src/load_plugins.c:
5043 Load the sudoers I/O plugin by default too now that it is hooked up.
5046 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
5049 It looks like AIX doesn't need to push STREAMS modules for ptys.
5052 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
5054 * src/parse_args.c, src/sudo.c:
5055 Delay calling the I/O plugin open function until the policy plugin
5059 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
5061 * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
5062 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
5063 plugins/sudoers/sudoers.h:
5064 Add back io logging (transcript) support. Currently, the open
5065 function runs too early and it is not possible to use the io module
5066 independently of the policy module.
5069 * plugins/sudoers/set_perms.c:
5070 Comment out dead code; will be removed when set_perms is rewritten.
5073 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
5075 * plugins/sudoers/sudoers.c:
5076 Fix off by one error when allocating user_groups.
5079 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
5081 * configure, configure.in, plugins/sudoers/Makefile.in:
5082 Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
5085 * plugins/sudoers/sudoers.c:
5086 Fix typo in preserve groups case
5089 * plugins/sudoers/sudoers.c:
5090 In command_info it is "runas_groups" not "groups".
5094 Fix iteration over runas_groups list.
5097 * configure, configure.in, plugins/sudoers/env.c,
5098 plugins/sudoers/match.c, src/script.c:
5099 Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
5102 * compat/getgrouplist.c:
5103 getgrouplist(3) for those without it
5106 * plugins/sudoers/sudoers.c:
5107 Set preserve_groups or groups list in command_info
5111 Fix setting of groups list
5114 * config.h.in, configure, configure.in, include/compat.h,
5116 Add checks for getgrset and getgrouplist and use replacement
5117 getgrouplist if the system doesn't support it.
5121 Pass in preserve_groups when the -P flag is specified as per the
5125 * plugins/sudoers/sudoers.c:
5126 Check preserve_groups and ignore_ticket args with atobool instead of
5127 assuming they are true if present.
5130 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
5132 * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
5133 plugins/sudoers/plugin_error.c:
5134 Rename plugin-specific error.c to plugin_error.c Wire up visudo,
5135 sudoreplay and testsudoers in the build
5138 * src/Makefile.in, src/term.c:
5139 term.c does not needto include sudo.h
5142 * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
5143 doc/sudo_plugin.pod:
5144 Document the -2 return in the check_policy section too
5147 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5148 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5149 src/parse_args.c, src/sudo.c, src/sudo.h:
5150 Fix the -s and -i flags and add support for the "implied_shell"
5151 option. If the user does not specify a command, sudo will now pass
5152 in the path to the user's shell and set impied_shell=true. The
5153 plugin can them either check the command normally or return -2 to
5154 cause sudo to print a usage message and exit.
5157 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
5159 * config.h.in, configure, configure.in, src/load_plugins.c:
5160 Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
5161 Darwin where libraries end in .dylib but modules end in .so
5164 * plugins/sudoers/parse.c:
5165 Better prefix determination now that we can't rely on len==0 to tell
5166 the beginning on an entry.
5169 * plugins/sudoers/ldap.c:
5170 display_bound_defaults() stub should return 0, not 1 since it is a
5171 count, not a boolean.
5174 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5175 Document progname in settings
5178 * compat/getprogname.c, include/compat.h,
5179 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
5180 src/parse_args.c, src/sudo.c:
5181 Rewrite compat/getprogname.c and add setprogname(). The progname is
5182 now passed to the plugin via the settings array.
5185 * configure, configure.in, plugins/sudoers/Makefile.in:
5189 * plugins/sudoers/sudo_nss.c:
5190 Add missing whitespace for Runas and Command-specific defaults
5193 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
5194 plugins/sudoers/sudo_nss.c:
5195 Use embedded newlines in lbuf instead of multiple calls to
5200 Add support for embedded newlines.
5203 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
5205 * compat/getprogname.c:
5206 If system doesn't support getprogname or __programe and we are
5207 building a shared object don't bother with Argc/Argv, just return
5211 * config.h.in, configure, configure.in, src/load_plugins.c:
5212 Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
5213 appears to always install a shared object with the .so suffix.
5216 * compat/Makefile.in, configure, configure.in,
5217 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
5219 Play more nicely with libtool and let it build libreplace (was
5223 * include/missing.h:
5224 Include stdarg.h for va_list rather than requiring all consumers of
5225 missing.h to include stdarg.h themselves.
5228 * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
5229 plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
5230 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
5232 Pass in output function to lbuf_init() instead of writing to stdout.
5233 A side effect is that the usage info can now go to stderr as it
5237 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
5239 * include/lbuf.h, plugins/sudoers/sudo_nss.c,
5240 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
5241 src/parse_args.c, src/sudo.c:
5242 Use number of tty columns that is passed in user_info instead of
5243 getting it directly in the lbuf code.
5246 * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
5247 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
5248 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
5249 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
5250 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
5251 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
5252 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5253 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
5254 plugins/sudoers/logging.h, plugins/sudoers/match.c,
5255 plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
5256 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
5257 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
5258 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
5259 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5260 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
5261 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
5262 plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
5263 plugins/sudoers/visudo.c:
5267 * config.h.in, configure, configure.in, src/load_plugins.c:
5268 Set the sudoers plugin name in configure so we get the extension
5272 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5273 Document lines/cols in user_info
5276 * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
5277 Add tty size to user info
5281 Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
5284 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
5286 * plugins/sudoers/sudoers.c:
5287 Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
5288 out if we fail to lookup the user's name that is passed in
5291 * plugins/sudoers/error.c:
5292 Pass the error value back via siglongjmp.
5295 * plugins/sudoers/check.c:
5296 Use conversation function for lecture.
5299 * plugins/sudoers/check.c:
5300 Don't update ticket file if verify_user returns FALSE.
5303 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
5305 * plugins/sudoers/sudoers.c, src/sudo.c:
5306 Wire up invalidate and validate methods for sudoers
5309 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
5310 plugins/sudoers/sudoers.h:
5311 Add support for -k flag with a command.
5315 Allow -k to be specified with a command.
5318 * plugins/sudoers/sudoers.c:
5322 * plugins/sudoers/error.c:
5323 Add newline at the end of message and space after the colon in
5327 * plugins/sudoers/auth/sudo_auth.c:
5328 Add missing newline after pass password warning
5331 * plugins/sudoers/sudoers.c:
5332 Set user_groups and user_ngroups based on user_info
5335 * plugins/sudoers/error.c:
5339 * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
5340 Make _warning in error.c use the conversation function and remove
5341 commented out warning/warningx in sudoers.c.
5344 * plugins/sudoers/logging.c:
5345 Use siglongjmp() in log_error for fatal errors
5348 * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
5349 Quiet a libtool warning
5353 Build sudoers plugin
5356 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
5357 Use warningx in yyerror() so the conversation function gets used
5358 when built as part of sudoers.
5361 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
5363 * plugins/sudoers/auth/pam.c:
5364 Rename sudo_conv to conversation to avoid a namespace conflict.
5367 * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
5368 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
5369 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
5370 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
5371 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
5372 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
5373 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
5374 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
5375 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
5376 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
5377 plugins/sudoers/env.c, plugins/sudoers/error.c,
5378 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
5379 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
5380 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
5381 plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
5382 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
5383 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
5384 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
5385 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
5386 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
5387 plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
5388 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
5389 Initial bits of sudoers plugin; still needs work.
5393 Add HAVE_STRDUP and HAVE_STRNDUP
5396 * compat/Makefile.in, configure, configure.in:
5397 Build libmissing in two flavors (one PIC one non-PIC) and link with
5398 the appropriate one.
5401 * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
5402 compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
5403 Build libmissing in two flavors (one PIC one non-PIC) and link with
5404 the appropriate one.
5407 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
5409 * include/missing.h:
5410 Add strdup and strndup and fix strsignal
5413 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
5415 * compat/strdup.c, compat/strndup.c, configure, configure.in,
5416 plugins/sample/Makefile.in, src/Makefile.in:
5417 Add strdup and strndup to compat
5420 * plugins/sample/sample_plugin.c:
5421 Need to include compat.h before missing.h
5424 * compat/strsignal.c:
5425 Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
5426 it doesn't exist configure will set it to 0.
5430 Fix botched ANSI C coversion of globexp2()
5433 * configure, configure.in:
5434 Remove redundant getgroups check
5437 * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
5438 Require either termios or termio, no more sgtty.
5441 * compat/strsignal.c, config.h.in, configure, configure.in:
5442 Change the sys_siglist check to use AC_CHECK_DECLS and also check
5443 for _sys_siglist and__sys_siglist
5446 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
5448 * configure, configure.in, src/Makefile.in:
5449 Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
5450 use SUDO_OBJS for the main driver as part of OBJS.
5453 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5454 Mention in the conversation function section that a newline is not
5459 Add definition of WCOREDUMP for systems without it. This is known
5460 to work on AIX and SunOS 4, but may be incorrect on other systems
5461 that lack WCOREDUMP.
5464 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
5466 * plugins/sample/sample_plugin.c, src/conversation.c:
5467 conversation function no longer puts a newline at the end of info or
5471 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
5474 Use parent process group id instead of parent process id when
5475 checking foreground status and suspending parent. Fixes an issue
5476 when running commands under /usr/bin/time and others.
5479 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
5482 transcript option is now --with not --enable
5485 * plugins/sample/sample_plugin.c:
5486 Add support to -u and -g flags Check fmt_string retval Add timeout
5487 for debugging purposes
5490 * src/script.c, src/sudo.c:
5491 Wire up SIGALRM handler Set close on exec flag for child side of the
5492 socketpair Fix signal handling when not doing I/O logging
5496 g/c unused SIGCHLD handler
5499 * src/fmt_string.c, src/parse_args.c, src/sudo.c:
5500 Don't use emalloc() in fmt_string(); we want to be able to use it
5505 tq_remove not list_remove
5508 * configure, configure.in:
5509 AUTH_OBJS should contain .lo files not .o files.
5512 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
5515 Simplify conversion of command line args to name=value pairs.
5518 * plugins/sample/sample_plugin.c:
5519 Handle NULL reply from conversation function
5523 Don't depend on emalloc/erealloc
5526 * plugins/sample/Makefile.in:
5527 Use $(OBJS) instead of sample_plugin.lo
5530 * plugins/sample/sample_plugin.c:
5531 runas_user is in settings not user_info
5535 Fix a mismatch between sudo_settings and settings_pairs that causes
5536 some settings to get the wrong values.
5539 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
5541 * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
5542 src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
5543 src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
5547 * src/load_plugins.c:
5548 Fix strlcpy() return value check.
5551 * INSTALL, configure, configure.in:
5552 No longer need to substitute in script.o and pty.o; I/O logging
5553 support is always built.
5556 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
5559 Add fallback to /bin/sh when execve() fails with ENOEXEC.
5562 * include/alloc.h, src/alloc.c:
5566 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
5568 * src/script.c, src/sudo.c:
5569 Refactor script_execve() a bit so that it can be used in non-script
5570 mode. Needs more cleanup.
5574 Ignore empty entries in command_info list
5577 * include/list.h, src/list.c:
5581 * src/conversation.c:
5582 Pass timeout to tgetpass()
5586 Add ChangeLog target
5590 Bump version and update things slightly for sudo 1.8.0
5593 * configure, configure.in:
5594 Sudo now requires an ANSI/ISO C compiler
5597 * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
5602 * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
5603 include/list.h, include/missing.h:
5607 * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
5608 compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
5609 compat/getprogname.c, compat/glob.c, compat/glob.h,
5610 compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
5611 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
5612 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
5613 compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
5618 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
5620 * src/sudo.c, src/tgetpass.c:
5621 Make user_details extern so tgetpass can get at the uid and gid. Set
5622 uid/gid to user before executing askpass program. Check environment
5623 for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
5624 set the askpass program itself
5628 No longer need sudo_usage.h in sudo.c
5631 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
5632 doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
5633 src/sudo_usage.h.in:
5634 Document -D level command line flag which maps to the debug_level
5638 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5639 Document debug_level in plugin doc. Still need to document the -D
5640 flag in sudo itself.
5643 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
5645 * plugins/sample/sample_plugin.c:
5646 include missing,h for vasprintf
5649 * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
5650 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5651 Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
5654 * plugins/sample/sample_plugin.c:
5655 Need to include limits.h
5662 * plugins/sample/Makefile.in, src/Makefile.in:
5663 Add missing compat bits
5666 * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
5667 compat files should not include sudo.h wire up compat in sample
5671 * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
5672 Fix up compat dependencies. Fix distclean target in doc/Makefile.in
5675 * configure, configure.in:
5679 * plugins/sample/sample_plugin.c:
5680 Log input and output to temp files for proof of concept.
5683 * Makefile, configure, configure.in, doc/Makefile.in:
5684 Add doc Makefile.in and wire it up
5688 Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
5689 suspending a shell with the "suspend" builtint.
5693 In child, handle parent side of the pipe going away.
5697 No longer need to check for explicit death of the child (process #2)
5698 since if it dies we will get EPIPE from the socketpair. Fix a
5699 sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
5704 Make sudo_debug do a single vfprintf() which will result in a single
5705 write call on most systems. Avoids problems with interleaved debug
5706 printf from different processes. Also remove an extraneous error
5707 case since recv() can't return a short read and add some more XXX.
5710 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
5713 Fix uninitialized variable.
5717 Fix sudo install target
5720 * src/parse_args.c, src/sudo.c, src/sudo.h:
5728 * configure, configure.in:
5729 Fix setting of plugin dir
5737 Add missing source for sudo front end
5740 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
5741 Sample plugin demonstrating the sudo plugin API
5744 * Makefile, configure, configure.in, install-sh, pathnames.h.in,
5745 plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
5746 src/fileops.c, src/fmt_string.c, src/load_plugins.c,
5747 src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
5748 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
5750 Modular sudo front-end which loads policy and I/O plugins that do
5751 most the actual work. Currently relies on dynamic loading using
5752 dlopen(). See doc/plugin.pod for the plugin API.
5755 * doc/plugin.pod, include/sudo_plugin.h:
5759 * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
5760 compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
5761 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
5762 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
5763 src/fileops.c, src/sudo_edit.c:
5764 Replace emul/include.h with compat/include.h to match new source
5769 Include missing.h for memrchr() proto
5772 * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
5773 TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
5774 alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
5775 auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
5776 auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
5777 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
5778 auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
5779 closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
5780 compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
5781 compat/getline.c, compat/getprogname.c, compat/glob.c,
5782 compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
5783 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
5784 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
5785 compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
5786 compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
5787 def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
5788 doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
5789 doc/license.pod, doc/sample.pam, doc/sample.sudoers,
5790 doc/sample.syslog.conf, doc/schema.ActiveDirectory,
5791 doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
5792 doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
5793 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
5794 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
5795 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
5796 doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
5797 emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
5798 error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
5799 getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
5800 gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
5801 include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
5802 include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
5803 ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
5804 interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
5805 list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
5806 mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
5807 nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
5808 plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
5809 plugins/sudoers/alias.c, plugins/sudoers/auth/API,
5810 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
5811 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
5812 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
5813 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
5814 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
5815 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
5816 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
5817 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
5818 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
5819 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
5820 plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
5821 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
5822 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
5823 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
5824 plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
5825 plugins/sudoers/gram.c, plugins/sudoers/gram.h,
5826 plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
5827 plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
5828 plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
5829 plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
5830 plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
5831 plugins/sudoers/logging.c, plugins/sudoers/logging.h,
5832 plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
5833 plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
5834 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
5835 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
5836 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
5837 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
5838 plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
5839 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5840 plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
5841 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
5842 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
5843 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
5844 plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
5845 sample.pam, sample.sudoers, sample.syslog.conf,
5846 schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
5847 selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
5848 src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
5849 src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
5850 src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
5851 src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
5852 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
5853 sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
5854 sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
5855 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
5856 sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
5857 sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
5858 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
5859 tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
5860 visudo.man.in, visudo.pod, zero_bytes.c:
5861 Rework source layout in preparation for modular sudo.
5864 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
5866 * Avoid a duplicate fclose() of the sudoers file.
5869 * Fix size arg when realloc()ing include stack. From Daniel Kopecek
5872 * Use setrlimit64(), if available, instead of setrlimit() when setting
5873 AIX resource limits since rlim_t is 32bits.
5876 * Fix use after free when sending error messages. From Timo Juhani
5880 * ChangeLog, Makefile.in:
5881 Generate the ChangeLog as part of "make dist" instead of having it
5885 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
5887 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
5888 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
5889 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
5890 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
5891 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
5892 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
5893 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
5894 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
5895 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
5896 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
5897 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
5898 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
5899 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
5900 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
5901 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
5902 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
5903 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
5904 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
5905 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
5906 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
5907 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
5908 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
5909 Remove CVS $Sudo$ tags.
5912 2010-01-18 convert-repo <convert-repo>
5918 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
5921 make this match sudoers SYNOPSIS
5925 Print a newline between Runas and Command-specific defaults in sudo
5930 Use SET and CLR macros in term_raw
5934 Set stdin to non-blocking mode early instead of in check_input. Use
5935 term_raw instead of term_cbreak since the data we get has already
5936 been expanded via OPOST.
5939 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
5942 Enable/disable all postprocessing instead of just nl->crnl
5943 processing since things like tab expansion matter too. However, if
5944 stdout is a tty leave postprocessing on in the pty since we run into
5945 problems doing it only on the real stdout with .e.g nvi.
5948 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
5951 If tty_tickets is enabled and there is no tty, prompt for a
5952 password. Do not lecture user for "sudo -k command" if user has a
5957 Document missing options: --with-efence and --with-bsm-audit
5960 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
5961 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
5962 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
5963 visudo.man.in, visudo.pod:
5964 username -> user name groupname -> group name hostname -> host name
5967 * INSTALL, README.LDAP, sudoers.pod:
5968 filename -> file name like the rest of the docs
5971 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
5974 Fix printing of entries with multiple host entries on a single line.
5977 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
5980 Mention that targetpw affects the timestamp file name.
5983 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
5985 Add compress_transcript option.
5988 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
5990 * configure, configure.in:
5994 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
5995 Better split of membership vs. traditional group check in
5996 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
5999 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
6002 Fix pasto and add default return value.
6005 * check.c, match.c, pwutil.c, sudo.h:
6006 refactor group member checking into user_in_group()
6009 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
6011 Add support for mbr_check_membership() as present in darwin.
6014 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
6017 Rename label to be accurate
6020 * Makefile.in, boottime.c, check.c, config.h.in, configure,
6021 configure.in, sudo.h:
6022 Treat timestamp files from before we booted as old. Idea from and
6026 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
6028 * sudo.c, sudo.pod, sudo_usage.h.in:
6029 Allow the -u flag to be used in conjunction with the -v flag as per
6030 older versions of sudo.
6034 fix typo in last commit
6037 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
6040 Convert fmt_first and fmt_confd into macros.
6044 timeouts can be floats now
6047 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
6048 defaults.h, mkdefaults:
6049 Add support for floating point timeout values (e.g. 2.5 minutes).
6052 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
6055 The -L flag will be removed in sudo 1.7.4
6058 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
6061 Fix a bug due to order of operators.
6064 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
6067 cmnd_matches() already deals with negation so _cmndlist_matches()
6068 does not need to do so itself. Fixes a bug with negated entries in
6072 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
6075 Don't exit() from open_sudoers, just return NULL for all errors.
6079 Can't rely on the shell sending us SIGCONT when transitioning from
6080 backgroup to foreground process.
6084 Add missing extern def for parse_error
6087 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
6090 Avoid a parse error when #includedir doesn't find any files. Closes
6095 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
6098 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
6101 Start command out in foreground mode if stdout is a tty. Works
6102 around issues with some curses-based programs that don't handle
6103 tcsetattr getting interrupted by a signal. Still allows us to avoid
6104 hogging the tty if the command is part of a pipeline.
6107 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
6108 Use a socketpair to pass signals from parent to child. Child will
6109 now pass command status change info back via the socketpair. This
6110 allows the parent to distinguish between signals it has been sent
6111 directly and signals the command has received. It also means the
6112 parent can once again print the signal notifications to the tty so
6113 all writes to the pty master occur in the parent. The command is
6114 now always started in background mode with tty signals handled by
6118 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
6120 * configure, configure.in:
6121 Fix a few typos in the descriptions; from Jeff Makey Only do the
6122 check for krb5_get_init_creds_opt_free() taking two arguments if we
6123 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
6124 positive when using our own krb5_get_init_creds_opt_free which takes
6125 only a single argument.
6128 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
6130 * configure, configure.in:
6131 Remove a spurious comma in the kerb5 bits.
6135 Call krb5_get_init_creds_opt_init() in our emulated
6136 krb5_get_init_creds_opt_alloc() for MIT kerberos.
6139 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
6146 Need to ignore SIGTT{IN,OU} in child when running the command in the
6147 background. Also some minor cleanup.
6150 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
6153 Instead of calling sigsuspend when waiting for SIGUSR[12] from
6154 parent, install the signal handlers w/o SA_RESTART and let them
6155 interrupt waitpid().
6159 Pass along SIGHUP and SIGTERM from parent to child.
6163 Close unused bits of script_fds in processes that don't need them.
6164 Restore default SIGCONT handler in child.
6168 Update foreground/background status in SIGCONT handler in parent
6172 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
6175 Defer setting terminal into raw mode until just before we fork() and
6176 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
6177 and sudo is already in the foreground be sure to set raw mode before
6178 continuing the child.
6181 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
6184 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
6185 give the command the controlling tty if the main sudo process is the
6190 Don't bother with sudo_waitpid() here for now.
6197 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
6200 Remove non-wroking code that crept into rev 1.55
6203 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
6205 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
6206 First pass at zlib support for transcript data files
6210 remove vestiges of ZLDFLAGS
6214 Add missing variable declaration for when TIOCSCTTY is not defined.
6215 Need to include sys/termio.h for TIOCSCTTY on some systems.
6219 when resuming command, send SIGCONT to its pgrp not just pid
6223 remove unused variable
6227 include selinux.h for is_selinux_enabled() proto
6231 Don't use log_error() in the child process.
6235 Do I/O in parent instead of child since the parent can have both
6236 /dev/tty as well as the pty fds open. The child just sets things up
6237 and waits for its grandchild and writes the signal description to
6238 the pty master if the command was killed by a signal.
6241 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
6243 * missing.h, sudo.h:
6244 Move two struct forward declarations from sudo.h to missing.h
6248 Make comment at the top of script_exec() match reality.
6252 if neither stdin nor stdout is a tty, check stderr
6256 Add back dependecy of gram.h on gram.y
6260 Make transcript mode work as long as we can figure out our tty, even
6261 if it is not stdin. We'd like to use /dev/tty but that won't be
6262 valid after the setsid().
6265 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
6267 * config.h.in, configure, configure.in, pty.c:
6268 Add support for IRIX-style dynamic ptys
6271 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
6272 Move alloc.c protos into alloc.h
6276 Move prototypes for missing libc functions to missing.h
6279 * Makefile.in, sudo.h, sudoreplay.c:
6280 Move prototypes for missing libc functions to missing.h
6283 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
6285 * config.h.in, configure, configure.in:
6286 Disable transcript support if no tcsetpgrp until we support older
6287 BSD-style job control.
6290 * configure, configure.in, pty.c, script.c:
6291 Break out pty code into pty.c
6294 * compat.h, config.h.in, configure, configure.in:
6295 add killpg macro if no killpg function
6298 * config.h.in, configure, configure.in, script.c:
6299 Push ptem and ldterm for STERAMS-based systems when allocating a
6303 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
6306 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
6310 Call tcgetpgrp() in the parent, not the child and have the child
6311 spin until it is granted. Fixes a race on darwin.
6315 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
6319 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
6322 In script mode, if the command is killed by a signal, print the
6323 signal description as well as a core dump notification like the
6327 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
6329 Add check for strsignal() and a simple implementation if it is not
6330 there but sys_siglist is
6334 Add missing WUNTRACED and store the signal that stopped the
6335 grandchild in suspended, not signo.
6343 Associate the grandchild's pgrp with the tty instead of the child's
6344 and just get suspend notifications via SIGCHLD instead of directly.
6345 This fixes a hang with programs that try to set terminal attributes
6346 and is more consistent with how the shell handles things.
6349 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
6352 Move setpgid() of child into the parent side of the fork() where it
6356 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
6363 Run command in its own pgrp (like the shell does) for easier
6364 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
6365 to grandchild. Don't want grandchild stopped events in the child
6366 (only termination). Flush output after suspending grandchild before
6371 Back out revision 1.34; the problem lies elsewhere.
6375 Don't set stdout to blocking mode when flushing remaining output.
6376 It can cause us to hang when trying to exit. Need to investigate
6381 Handle SIGTTOU and remove some debugging.
6385 Back out revision 1.10 as the signal that interrupts us may be
6386 SIGTTOU or SIGTTIN which the caller must handle.
6390 Apparently we need to send SIGSTOP to the command as well as ourself
6391 when we get SIGTSTP, the kernel doesn't automatically stop the
6396 Use an extra process to act as the glue bewteen the sessions
6397 associated with the user's controlling tty (what the shell uses) and
6398 the tty that sudo is using to do its logging. Basically, this means
6399 that if we get, e.g. SIGTSTP from the process sudo is running, we
6400 relay the signal to the parent so it's shell can do the job control.
6404 Handle getting/setting terminal attributes when the fd is in non-
6408 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
6410 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
6411 Add support for pausing and changing the speed in interactive mode.
6415 Already define O_NOCTTY in compat.h, don't need it here
6418 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
6424 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
6427 Always update the stashed mtime of the temp file instead of using
6428 what we have for the original because the time resolution of the
6429 filesystem the temporary is on may not match that of the filesystem
6430 that holds the original. Should fix bz #371 found by Philippe Levan.
6434 Use cbreak mode instead of raw mode and add signal handlers to
6435 restore the tty on interrupt.
6438 * script.c, sudo.h, term.c:
6439 Retain NL to NLCR conversion on the real tty and skip it on the pty
6440 we allocate. That way, if stdout is not a pty there are no extra
6445 Fix log_output(); just pass in a string and a length.
6448 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
6451 do not use errno when complaining out lack of a tty
6454 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
6456 * Makefile.in, sudoreplay.c, term.c:
6457 Instead of messing with line endings, just set terminal to raw mode
6462 When copying the terminal attributes to the pty, be sure not to set
6463 ONLCR. This prevents extra carriage returns from ending up in the
6468 Convert a do {} while into a while
6472 Use if then instead of test && when installing binaries that may not
6477 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
6478 old tty before associatng with new one.
6481 * script.c, selinux.c, sudo.c, sudo.h:
6482 First cut at refactoring some of the selinux code so it can be used
6483 in conjunction with sudo's transcript support.
6486 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
6488 * aclocal.m4, configure, configure.in:
6489 Fix default case of transcript_enabled being unset.
6492 * script.c, sudoreplay.c:
6493 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
6496 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
6497 Hook up --disable-transcript and --enable-transcript=DIR
6500 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
6502 * aclocal.m4, configure, configure.in, pathnames.h.in:
6503 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
6504 transcript=DIR option to specify the directory
6507 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
6511 * configure, configure.in, sudoers.man.pl, sudoers.pod:
6512 Substitute in default value for secure_path
6516 Mention that the password must be followed by a newline with the -S
6520 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
6523 Go back to dropping out of the select() loop when the process dies;
6524 Linux ptys apparently don't behave the same as BSD in regards to
6525 select(). No need to flush remaining output to the transcript, only
6526 to stdout. Add back code to check the master pty for additional data
6527 when we exit the main select loop.
6530 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
6533 Add getline.o to COMMON_OBJS
6537 sudoreplay depends on libsudo.a
6541 More pwutil.o into COMMON_OBJS
6544 * pwutil.c, testsudoers.c, tsgetgrpw.c:
6545 Remove my_* redirection in pwutil.c for testsudoers and just use the
6546 normal libc get{pw,gr}* names.
6549 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
6550 More time and date examples
6553 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
6554 Move nanosleep() emulation into its own file Check librt.a for
6555 nanosleep if we don't find it in libc
6558 * Makefile.in, configure, configure.in:
6559 Build libsudo with the common bits and link things against that.
6567 Keep reading from the pty master -> log file until read returns <=
6568 0. Do our best to write everything to stdout when flushing any
6573 Use unbuffered I/O when writing to stdout and make sure we write the
6577 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
6580 Only use max_wait if it is non-zero
6583 * getdate.c, getdate.y, getline.c:
6588 Fix nanosleep emulation
6592 Fix comment after #endif
6596 Add protos for missing libc bits
6599 * configure, configure.in:
6600 add missing line continuation char
6603 * config.h.in, configure, configure.in, getline.c:
6604 Implement getline() in terms of fgetln() if we have it.
6608 Print year when formatting log line
6612 Document cwd, attempt to document time/date formats.
6616 Fix getline return value check.
6619 * Makefile.in, config.h.in, configure, configure.in, getline.c,
6621 Use getline() if the system has it, else use provide our own for
6626 Refactor code to update output and timing files.
6629 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
6632 Make sudo_getln() behave more like glibc getline.
6636 When flushing remaining output, also update timing file.
6640 Use get_timestr() and make the -l output look like the regular sudo
6644 * logging.c, sudo.h, timestr.c:
6645 Make get_timestr() take a time_t so we can use it properly in
6650 Create session dir earlier now that we update the seq number early.
6653 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
6656 Use fromdate and todate as the keywords instead of from and to; the
6657 short forms will still be accepted.
6661 Fix reading long liensin sudo_getln()
6664 * script.c, sudoreplay.c:
6665 Log the cwd in the script log file. Add sudo_getln() to read
6666 arbitrarily long lines.
6669 * Makefile.in, logging.c, sudo.h, timestr.c:
6670 Move get_timestr() into its own source file so sudoreplay can use
6674 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
6677 Add to and from perdicates (date ranges); needs documentation
6680 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
6682 * Makefile.in, getdate.c, getdate.y:
6683 Fix warning and add generated getdate.c
6686 * Makefile.in, getdate.y:
6687 Add getdate.y to be used for sudoreplay date parsing.
6690 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
6693 Check more than just the first character of a predicate
6696 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
6697 Add examples, sort predicates
6700 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
6702 Implement search expressions in sudoreplay similar in concept to
6703 what find or tcpdump uses. TODO: date ranges
6706 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
6709 Remove vhangup as it was hanging up the wrong tty. Should really
6710 vhangup in the child after it as set its tty.
6714 Fix cut at documenting transcript support.
6718 ID= -> TSID= for transcript ID
6721 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
6724 Move fast_glob description to where it belongs in sorted order
6727 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
6728 parse.c, parse.h, sudo.c:
6729 Rename script -> transcript
6732 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
6735 Add timeradd and timersub for those without them
6739 Sanity check sessid before using it.
6743 Only set the session id if we are running a command or editing a
6748 Actually. qsort is fine since most versions fal back to a cheaper
6749 sort when the number of elements to sort is small (like in our
6753 * config.h.in, configure, configure.in, script.c:
6754 Check for dup2 and use dup instead if we don't have it.
6757 * script.c, sudo.c, sudo.h:
6758 Move the code to dup2 the script fds to low numbered descriptors
6759 into script_duplow() and fix the fd sorting.
6762 * script.c, sudo.c, sudo.h:
6763 Move script_setup() back to immediately before we drop privs and
6764 call the new script_nextid() in its place, which will set
6765 sudo_user.sessid for the logging functions.
6768 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
6775 remove unused variable
6778 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
6780 * logging.c, script.c, sudo.c, sudo.h:
6781 Log the session ID, if there is one. Currently logs ID=XXXXXX,
6782 perhaps should be SESSIONID or SESSID.
6785 * Makefile.in, configure, configure.in, sudoreplay.cat,
6786 sudoreplay.man.in, sudoreplay.pod:
6791 add -V (version) flag
6798 * script.c, sudoreplay.c:
6799 Use base36 number for the ID and store script files with paths like
6800 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
6801 (2,176,782,336) unique IDs.
6804 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
6806 * config.h.in, configure.in:
6807 Add check for regcomp
6811 Add support for selecting by pattern and tty when listing.
6814 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
6817 The beginnings of a list mode.
6820 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
6826 * Makefile.in, config.h.in, configure.in:
6827 Add scaffolding for building sudoreplay
6831 include error.h first arg to nanotime is const
6835 Initial cut at sudoreplay; replay a sudo session.
6838 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
6841 Fix wait() usage and use correct wait status.
6844 * sudo.c, sudo.h, tgetpass.c:
6845 Add protos for term_* to sudo.h
6849 Fix detection of the child process exiting. Since the child is in
6850 its own session we should only ever get SIGCHLD for that process but
6851 better safe than sorry.
6855 Add UNIX98 pty support.
6858 * configure, configure.in, script.c:
6859 Add UNIX98 pty support.
6862 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
6865 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
6870 Set PAM_RUSER and PAM_RHOST early so they can be used during
6871 authentication. Based on a patch from Jamie Beverly.
6875 Close dir before returning if strlcpy() reports overflow. From
6879 * config.h.in, configure, configure.in, script.c:
6880 On Linux, the openpty proto libes in pty.h
6884 Call vhangup on exit if the system has it Use setpgrp() if no
6888 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
6890 * config.h.in, configure, configure.in:
6891 Add checks for revoke and vhangup if we don't have openpty
6895 Session logging guts that got forgotten in the previous commit.
6898 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
6899 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
6900 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
6902 First cut at session logging for sudo. Still need to write
6903 get_pty() for Unix 98 and old-style BSD ptys. Also needs
6904 documentation and general cleanup.
6907 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
6909 * sudo.c, sudo_edit.c:
6910 Fix a bug introduced with def_closefrom. The value of def_closefrom
6911 already includes the +1.
6914 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
6917 Generate sudo distributions with pax in ustar mode. No longer need
6918 to use a temp file or have the source dir name match the version.
6921 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
6924 Fix expansion of %h in #include names. Fixes bugzilla 363
6927 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
6930 If no arg assume def_data.in
6935 [f5ad45f69f05] [SUDO_1_7_2]
6941 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
6943 * sudoers.cat, sudoers.man.in, sudoers.pod:
6944 Add missing single quotes around a colon in Runas_Spec definition.
6948 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
6950 * sudo.man.in, sudoers.man.in:
6955 In rbrepair, re-color the root or the first non-block node we find
6956 to be black. Re-coloring the root is probably not needed but won't
6960 * sudo.cat, sudoers.cat:
6964 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
6967 When repairing the tree, don't touch the root node.
6970 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
6973 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
6974 Reported by Josef Schmid.
6977 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
6980 Document that we accept env_pam-style environment files
6984 Adapt to accept pam_env-style /etc/environment which allows shell-
6985 style lines such as: export EDITOR="/usr/bin/vi"
6989 Make it clear that env_delete only works when !env_reset. From Lo??c
6993 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
6995 * sudo.pod, sudoers.pod:
6996 Add non-unix group bits, adapted from Quest
7000 build the .cat page in the current working dir, not the src dir
7004 Return EINVAL in setenv() if var is NULL or the empty string to
7005 match glibc behavior.
7008 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
7010 * configure, configure.in:
7011 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
7014 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
7016 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
7017 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
7021 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
7024 Document --with-libvas and --with-libvas-rpath
7027 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
7029 * ldap.c, sudoers.ldap.pod:
7030 For netscape-derived LDAP SDKs the cert and key paths may be a
7031 directory or a file. However, version 5.0 of the SDK only seems to
7032 support using a directory. If ldapssl_clientauth_init fails and the
7033 cert or key paths look like they could be files, strip off the last
7034 path element and try again.
7038 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
7041 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
7043 * configure, configure.in, match.c, sudo.c, vasgroups.c:
7044 Update non-Unix group support from Quest, as reworked by me.
7052 Add support for escaped hex chars in names, e.g. \x20 for space.
7055 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
7057 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
7058 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
7059 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
7060 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
7061 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
7062 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
7063 tgetpass.c, toke.l, visudo.c:
7064 Update copyright years.
7067 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
7069 * interfaces.c, lbuf.c:
7070 Minor fixes for Minix-3
7073 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
7076 Handle getgroups() returning 0. Also add missing check for
7080 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
7082 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
7083 version.h, visudo.c:
7084 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
7087 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
7090 Remove group setting code in setusercontext case, we will do it
7091 ourselves later on in runas_setup. Set the gid after
7092 initgroups/setgroups is called, since on Mac OS X it seems to change
7096 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
7098 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
7100 Initial bits of non-unix group support using Quest Authentication
7105 Accept %:foo as a non-Unix group
7109 Allow user/group to be double quoted in the case of non-Unix groups
7110 which contain spaces.
7113 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
7116 Don't allow the user to specify the default runas user if their
7117 sudoers entry only allows them to run as a group.
7120 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
7123 Must call audit_success before we change uids.
7126 * logging.c, set_perms.c, sudo.h, testsudoers.c:
7127 Add option for set_perm to not exit on failure and use this in the
7132 In -l mode, if the user is only allowed to run as a group, display
7133 the user's name, not root's before the allowed group.
7137 Fix -g mode, broken by rev 1.503 which had the side effect of
7138 setting the runas user to root unilaterally.
7141 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
7144 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
7148 Only cache by the method we fetched for pwd and grp lookups.
7149 Previously we cached both by namd and id but this can cause problems
7150 for entries that share the same id. Also add more info in the error
7151 message in case the insert fails (which should now be impossible).
7154 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
7157 Add a clarification from Nick Sieger
7160 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
7163 Inline the setting of the environment string.
7166 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
7169 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
7170 in BSD doesn't return an error if the name has '=' in it, it just
7171 treats the '=' as end of string.
7174 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
7177 Not all systems have d_namlen
7180 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
7183 Fix up some pod2html issues.
7186 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
7189 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
7194 Ignore files ending in '~' in sudo.d (emacs backup files)
7198 Ignore files ending in '~' in sudo.d (emacs backup files)
7201 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
7203 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
7204 For #includedir, ignore any file containing a dot
7207 * Makefile.in, version.h:
7211 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
7212 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
7214 Implement #includedir directive. Files in an includedir are not
7215 edited by visudo unless they contain a syntax error.
7220 [8741ed61a78b] [SUDO_1_7_1]
7223 Forgot umask_override
7230 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
7233 Rewind stream if we fdopen sudoers since it may not be at the
7234 beginning. Set the keepopen flag on already-open files too so the
7235 lexer doesn't close them out from under us.
7239 Print the proper file name when there is a parse error in an include
7243 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
7249 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
7251 * configure, configure.in:
7252 Fix a warning when --without-ldap is specified.
7255 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
7257 * alias.c, parse.h, visudo.c:
7258 Store aliases that we remove during check_aliases in a freelist and
7259 free them at the end so we don't leak memory.
7262 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
7265 Check aliases in -c mode too.
7268 * alias.c, parse.h, visudo.c:
7269 Make alias_remove return the alias struct instead of freeing it
7270 directly. Fixes a use after free in alias_remove_recursive, the only
7274 * alias.c, match.c, parse.c, parse.h, visudo.c:
7275 Rename find_alias -> alias_find for consistency.
7278 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
7281 When checking for unused aliases, recurse if the alias points to
7285 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
7288 Back out rev 1.105 for now. Real ldapux_client.conf support will be
7289 done later after some refactoring.
7292 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
7295 Treat ldap_hostport the same as "host" for ldapux.
7298 * configure, configure.in:
7299 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
7300 Fixes compilation with ldapux.
7303 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
7309 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
7312 remove errant carriage returns
7319 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
7320 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
7324 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
7327 Add missing HAVE_BSM_AUDIT
7335 Mention --with-netsvc
7339 Document netsvc.conf support
7342 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
7344 Add support for AIX netsvc.conf (like nsswitch.conf).
7347 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
7349 * config.h.in, configure, configure.in, env.c:
7350 Add --enable-env-debug flag to enable environment sanity checks.
7353 * sudoers.ldap.pod, sudoers.pod:
7354 Work around some pod2html issue.
7357 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
7360 Only sync environ for putenv, setenv, and unsetenv. We need to make
7361 sure that sudo_putenv and sudo_setenv only modify env.envp, not
7365 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
7368 Really fix UNSETENV_VOID
7372 Fix unsetenv when UNSETENV_VOID
7375 * aclocal.m4, configure:
7376 Fix SUDO_FUNC_PUTENV_CONST
7380 tivoli-based ldap does not have ldapssl_err2string
7387 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
7389 * config.h.in, configure, configure.in, ldap.c:
7390 Add support for Tivoli-based LDAP start TLS as seen in AIX.
7395 Add sanity checks for setenv/unsetenv
7399 Include bsm_audit.h in the tarball
7402 * Makefile.in, version.h:
7403 bump version for sudo 1.7.1
7406 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
7407 env.c, ldap.c, sudo.h:
7408 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
7409 provide our own setenv/unsetenv/putenv that operates on own env
7410 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
7413 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
7416 Make "sudoedit -h" work as expected
7420 Make sure def_prompt is always defined. This is a workaround for
7421 pam configs that prompt for a password in the session but don't have
7422 an auth line. A better fix is to expand the sudo prompt earlier and
7423 set def_prompt to that when initializing.
7427 Mention that the helper for -A may be graphical.
7431 Document what happens if there is no tty.
7443 Fix "sudo -k" with no other args
7446 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
7448 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
7449 Allow the -k flag to be specified in conjunction with a command or
7450 another option that may require authentication.
7453 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
7455 * configure, configure.in:
7456 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
7460 Parallel make fix. From Diego E. 'Flameeyes'
7463 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
7465 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
7466 Implement umask_override
7473 * sudoers.pod, toke.l, visudo.c:
7474 Implement %h escape in sudoers include filenames.
7478 Need to include compat.h
7481 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
7482 Make audit_success and audit_failure generic functions in
7483 preparation for integrating linux audit support.
7487 remove duplicate include
7490 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
7497 May need to update the runas user after parsing command-based
7501 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
7504 Add missing pair of braces introduced with character class support.
7507 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
7509 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
7510 Rename pwstars to pwfeedback
7513 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
7515 * bsm_audit.c, bsm_audit.h:
7516 Add const to make MacOS happy.
7519 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
7520 configure.in, sudo.c:
7521 Add bsm audit support from Christian S.J. Peron
7525 This is new code, no DARPA notice.
7528 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
7530 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
7531 Rename simple_glob -> fast_glob
7538 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
7539 Add simple_glob option to use fnmatch() instead of glob(). This is
7540 useful when you need to specify patterns that reference network file
7552 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
7555 Delete any pwstars we wrote after the user hits return. That way
7556 there is no record on screen as to the user's password length.
7559 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
7562 Move terminal setting bits from tgetpass.c to term.c
7565 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
7567 Add pwstars sudoers option that causes sudo to print a star every
7568 time the user presses a key.
7571 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
7574 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
7577 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
7580 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
7581 indicate no limit. From Mark Janssen.
7584 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
7587 Comments that begin with #- should not be parsed as uids.
7590 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
7593 Do not try to set the close on exec flag if we didn't actually open
7597 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
7601 [e11f0e4c1bdd] [SUDO_1_7_0]
7603 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
7609 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
7612 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
7616 * configure, configure.in:
7617 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
7618 as it cannot generate shared objects.
7621 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
7622 K&R compilation fixes
7626 Use tq_foreach_fwd when checking pseudo-commands to make it clear
7627 that we are not short-circuiting on last match. When pwcheck is
7628 'all', initialize nopass to TRUE and override it with the first non-
7632 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
7635 Do not short circuit pseudo commands when we get a match since,
7636 depending on the settings, we may need to examine all commands for
7640 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
7642 * sudoers.cat, sudoers.man.in:
7647 hostnames may also contain wildcards
7651 remove stamp-* files and linux core files in clean target
7654 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
7656 * auth/sudo_auth.h, config.h.in, configure, configure.in:
7657 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
7660 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
7662 * configure, configure.in:
7663 correctly enable SIA on Digital UNIX
7674 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
7676 * check.c, sudo.h, tgetpass.c:
7677 Even if neither stdin nor stdout are ttys we may still have /dev/tty
7681 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
7683 * sudoers.cat, sudoers.man.in:
7688 fix typos; Markus Lude
7700 Fix matching of a line that only consists of a comment char
7703 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
7706 MacOS pam will retry conversation function if it fails so just treat
7707 ^C as an empty password.
7711 When checking for alias use, also check defaults bindings.
7719 Replace my rbdelete with Emin's version (which actually works ;-)
7722 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
7729 malloc options in devel mode for visudo too
7732 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
7735 fix compilation on non-C99; from Theo
7743 when destroying an alias, free the correct data pointer
7747 add proto for aixauth_cleanup; from Dale King
7750 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
7752 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
7757 * sudo.pod, sudoers.pod, visudo.pod:
7758 standardize on the term 'option' for command line options (not flag)
7761 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
7764 Add note on configuring HP-UX pam
7767 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
7770 Move tty checks into check_user() so we only do them if we actually
7775 Don't error out if no tty or askpass unless we actually need to
7779 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
7785 * pathnames.h.in, sudo.c:
7786 s/overriden/overridden/; from Tobias Stoeckmann
7789 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
7791 * WHATSNEW, visudo.c:
7792 check sudoers owner and mode in strict mode
7799 * sudo.man.in, sudoers.man.in, visudo.man.in:
7800 Update copyright years.
7803 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
7804 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
7805 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
7806 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
7807 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
7808 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
7809 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
7810 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
7811 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
7812 visudo.pod, zero_bytes.c:
7813 Update copyright years.
7816 * emul/charclass.h, fnmatch.c, glob.c:
7820 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
7823 The loop in fill_cmnd() was going one byte too far past the end,
7824 resulting in a NUL being written immediately after the buffer end.
7827 * UPGRADE, WHATSNEW:
7828 add sections on tgetpass changes
7832 Treat EOF w/o newline as an error.
7835 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
7838 Fix "sudo -v" when NOPASSWD is set.
7841 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
7843 No longer treat an empty password at the prompt as special. To quit
7844 out of sudo you now need to hit ^C at the password prompt.
7847 * sudoers.cat, sudoers.man.in:
7851 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
7852 Sudo will now refuse to run if no tty is present unless the new
7853 visiblepw sudoers flag is set.
7856 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
7859 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
7864 fix fallback value for RLIM_SAVED_MAX
7867 * auth/aix_auth.c, auth/sudo_auth.h:
7868 Move clearing of AUTHSTATE into aixauth_cleanup.
7871 * auth/aix_auth.c, env.c:
7872 Unset AUTHSTATE after calling authenticate() as it may not be
7873 correct for the user we are running the command as.
7877 Add isblank() function for systems without it. Needed for POSIX
7878 character class matching in fnmatch.c and glob.c.
7881 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
7884 expound on sudo and cd
7887 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
7893 * sudoers.cat, sudoers.man.in:
7898 mention defauts parse order
7901 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
7903 * Makefile.in, aclocal.m4, compat.h, configure:
7904 Add isblank() function for systems without it. Needed for POSIX
7905 character class matching in fnmatch.c and glob.c.
7909 add emul/charclass.h to HDRS
7912 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
7918 * defaults.c, parse.c, testsudoers.c, visudo.c:
7919 Move update_defaults into defaults.c and call it properly from
7920 visudo and testsudoers.
7923 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
7925 use zero_bytes() instead of memset() for consistency
7928 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
7930 Zero out sigaction_t before use in case it has non-standard entries.
7938 Short circuit glob() checks if basename(pattern) !=
7939 basename(command). Refactor code that checks for a command in a
7940 directory and use it in the glob case if the resolved pattern ends
7944 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
7946 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
7947 Defer setting runas defaults until after runaspw/gr is setup.
7950 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
7952 * match.c, sudo.c, testsudoers.c:
7953 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
7954 systems do not include space for the NUL in the size. Also manually
7955 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
7959 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
7961 * sudo.c, sudoers.pod:
7962 When setting the umask, use the union of the user's umask and the
7963 default value set in sudoers so that we never lower the user's umask
7964 when running a command.
7968 Don't try to read from a zero-length sudoers file. Remove the bogus
7969 Solaris work-around for EAGAIN. Since we now use fgetc() it should
7973 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
7976 In update_defaults() check the return value of user*_matches against
7977 ALLOW so we don't inadvertantly match on UNSPEC.
7980 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
7982 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
7983 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
7984 regen man pages; no more hyphenation
7988 Don't error out on a zero-length sudoers file. With the advent of
7989 #include the user could create a situation where sudo is unusable.
7992 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
7994 * auth/kerb5.c, config.h.in, configure, configure.in:
7995 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
7996 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
7997 all. Add configure tests to handle all the cases.
8000 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
8007 document sudoers_locale
8010 * sudo.pod, sudo_edit.c:
8011 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
8016 In fill_cmnd(), collapse any escaped sudo-specific characters.
8017 Allows character classes to be used in pathnames.
8020 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
8023 fix typo in non-C89 function declaration
8027 Mention POSIX characters classes now that out fnmatch() and glob()
8031 * sample.sudoers, sudoers.pod:
8032 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
8037 use __signed char if we are going to assign a negative value since
8038 on Power, char is unsigned by default
8041 * config.h.in, configure, configure.in:
8042 Add tests for __signed char and signed char.
8046 Fix AIX limit setting. getuserattr() returns values in disk blocks
8047 rather than bytes. The default hard stack size in newer AIX is
8048 RLIM_SAVED_MAX. From Dale King.
8051 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
8053 * emul/charclass.h, fnmatch.c, glob.c:
8054 Add character class support to included glob(3) and fnmatch(3).
8057 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
8060 Remove UCB advertising clause and some compatibility defines.
8063 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
8066 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
8067 or sudo. This allows one to set EDITOR to sudoedit without getting
8068 into an infinite loop of sudoedit running itself until the path gets
8072 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
8073 Add sudoers_locale Defaults option to override the default sudoers
8077 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
8080 Set locale to system default except for during sudoers parse.
8083 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
8086 Redo change in 1.34 to use pointer arithmetic.
8089 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
8092 Fix a dereference (read) of a freed pointer. Reported by Patrick
8096 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
8099 Set locale to "C" to avoid interpretation issues with character
8100 ranges in sudoers. May want to make the locale a sudoers option in
8104 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
8107 we no longer use setproctitle
8114 * LICENSE, mkstemp.c:
8115 Use my replacement mkstemp() from the mktemp package.
8118 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
8121 regen with yacc skeleton bug fixed
8125 Remove duplicate "as root". From Martin Toft.
8128 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
8130 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
8131 Flesh out the fake passwd entry used for running commands as a uid
8132 not listed in the passwd database. Fixes an issue with some PAM
8136 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
8139 Error out in -i mode if the user has no shell. This can happen when
8140 running commands as a uid with no password entry.
8143 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
8146 Better fix for line continuation inside double quotes. Now accepts
8147 whitespace between the backslash and the newline like the main
8151 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
8154 Fix line continuation in strings. It was only being honored if
8155 preceded by whitespace.
8158 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
8160 * config.h.in, configure, configure.in, logging.c:
8161 Replace the double fork with a fork + daemonize.
8164 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
8167 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
8170 * logging.c, sudo.c, sudo_edit.c, visudo.c:
8171 Change how the mailer is waited for. Instead of having a SIGCHLD
8172 handler, use the double fork trick to orphan the child that opens
8173 the pipe to sendmail. Fixes a problem running su on some Linux
8177 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
8179 * configure, configure.in:
8180 Fix configure test for dirfd() on Linux where DIR is opaque.
8183 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
8186 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
8187 this problem we'll need to revisit this again.
8190 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
8193 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
8194 we only block the signal it may be delivered later when we unblock.
8195 Also, there is no need to block SIGCHLD since we no longer do the
8196 double fork. The normal SIGCHLD handler is sufficient.
8199 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
8201 * configure, configure.in:
8202 Add description for NO_PAM_SESSION, from a redhat patch.
8205 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
8207 * sudo.cat, sudo.man.in, sudo.pod:
8208 Fix typos in -i usage
8211 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
8213 * configure, configure.in:
8214 Redo the test for dgettext() in a way that hopefully will work
8215 around the libintl_dgettext() undefined problem.
8218 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
8220 * schema.ActiveDirectory:
8221 change filename in comment
8224 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
8226 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
8228 Reference schema.ActiveDirectory
8231 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
8233 * schema.OpenLDAP, schema.iPlanet:
8234 Mark sudoRunAs as deprecated.
8237 * schema.ActiveDirectory:
8238 add sudoRunAsUser and sudoRunAsGroup
8241 * schema.ActiveDirectory:
8242 Active Directory schema by Chantal Paradis and Eric Paquet
8245 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
8248 remove an XXX that was fixed
8256 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
8257 fixes a problem where the tag value printed was influenced by
8258 defaults set in the first pass through the parser.
8261 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
8263 * Makefile.in, sudo.psf:
8264 No point in packaging the TODO file
8271 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
8273 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
8274 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
8275 Add env_file Defaults option that is similar to /etc/environment on
8279 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
8281 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
8282 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
8283 version.h, visudo.cat, visudo.man.in:
8284 change version to 1.7.0
8288 initial valgrind pass done
8291 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
8294 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
8297 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
8300 define LDAPS_PORT if the system headers do not
8303 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
8306 Fix another memory leak in init_parser().
8309 * configure, configure.in:
8310 There was a missing space before the ldap libs in SUDO_LIBS for some
8314 * alias.c, gram.c, gram.y, toke.c, toke.l:
8315 Clean up some memory leaks pointed out by valgrind.
8318 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
8321 fix "sudo -s" broken by mode/flags breakout
8324 * configure, configure.in:
8325 remove duplicate check for dgettext
8328 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
8331 Fall back to default stanza if no user-specific limit is found.
8334 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
8337 include stdint.h if present
8341 Use LLONG_MAX, not the old QUAD_MAX
8344 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
8350 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
8356 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
8362 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
8373 Split MODE_* defines into primary and flags.
8376 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
8379 It turns out the logic for getting AIX limits is more convoluted
8380 than I realized and differs depending on whether the soft and/or
8381 hard limits are defined.
8384 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
8386 * Makefile.in, configure, configure.in:
8387 Back out AIX-specific change to set the sudo_noexec path to the .a
8388 file, we do really want to use the .so file. Since libtool doesn't
8389 do that correctly, just install the .so file ourselves in the
8394 If the file given to install is a path, only use the basename of the
8395 file when building the destination path.
8398 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
8401 parse_args() cleanup: Sort command line options in the getopt()
8402 switch The -U option requires a parameter Normalize a few ISSET
8403 calls Split mode into mode and flags and retire the now-obsolete
8407 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
8409 Add -n (non-interactive) flag.
8413 Move version printing, etc. into a separate function.
8417 Don't try to cleanup nsswitch if it has not been initialized.
8420 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
8423 Block SIGPIPE in send_mail() so sudo is not killed by a problem
8424 executing the mailer.
8427 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
8429 * configure, configure.in:
8430 AIX shared libs end in .a, not .so.
8433 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
8436 Preserve HOME by default too. Matches documentation and previous
8440 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
8443 Use getopt() to parse the command line. We need to be able to
8444 intersperse env variables and options yet still honor "--"" which
8445 complicates things slightly.
8448 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
8454 * acsite.m4, configure, ltmain.sh:
8455 update to libtool-1.5.26
8458 * config.guess, config.sub:
8459 update from libtool-1.5.26 distribution
8463 attempt to fix compilation errors on AIX
8467 fix typo in last commit
8471 Add WHATSNEW file to the distribution
8475 use warningx instead of fprintf(stderr, ...)
8479 add DEBUG to list2tq
8490 * Makefile.in, aix.c, config.h.in, configure, configure.in,
8491 set_perms.c, sudo.h:
8492 Add aix_setlimits() to set resource limits on AIX using a
8493 combination of getuserattr() and setrlimit(). Currently untested.
8496 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
8498 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
8499 sudoers.man.in, sudoers.pod:
8500 Add mailfrom Defaults option that sets the value of the From: field
8501 in the warning/error mail. If unset the login name of the invoking
8506 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
8510 When adding a default, only call list2tq() once to do the list to tq
8511 conversion. It is not legal to call list2tq multiple times on the
8512 same list since list2tq consumes and modifies the list argument.
8515 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
8516 comment out XXXs for now
8523 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
8526 Error out if both -A and -S are specified Error out if -A is
8527 specified but no askpass is configured
8530 * configure, configure.in:
8531 we are not going to ship a sudo-specific askpass
8534 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
8537 fix definition of TGP_ASKPASS
8540 * def_data.c, def_data.in:
8541 make askpass boolean-capable
8545 document --with-askpass
8548 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
8549 sudoers.man.in, visudo.cat:
8553 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
8555 * sudo.pod, sudo_usage.h.in, sudoers.pod:
8556 document -A and askpass
8559 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
8560 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
8561 sudo_usage.h.in, tgetpass.c:
8562 Add support for running a helper program to read the password when
8563 no tty is present (or when specified with the -A flag). TODO: docs.
8566 * def_data.c, def_data.in:
8567 add missing printf format to SELinux role and type strings
8570 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
8572 * INSTALL, configure, configure.in:
8573 Disable use of gss_krb5_ccache_name() by default and add
8574 --enable-gss-krb5-ccache-name configure option to enable it. It
8575 seems that gss_krb5_ccache_name() doesn't work properly with some
8576 combinations of Heimdal and OpenLDAP.
8579 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
8582 Ignore setexeccon() failing in permissive mode. Also add a call to
8583 setkeycreatecon() (though this is probably insufficient). From Dan
8588 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
8589 function may be called for non-password reading purposes so we must
8590 be careful not to use def_prompt in cases where it may not be set.
8593 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
8596 Don't free the new tty context, we need to keep it around when we
8597 restore the tty context after the command completes
8600 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
8606 * sudo.man.pl, sudo.pod:
8607 Only put login_cap(3) in SEE ALSO section if we have login.conf
8611 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
8613 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
8614 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
8619 Substitute in comment characters for lines partaining to login.conf,
8620 BSD auth and SELinux and only enable them if pertinent.
8624 Substitute in comment characters for lines partaining to login.conf,
8625 BSD auth and SELinux and only enable them if pertinent.
8629 Substitute in comment characters for lines partaining to login.conf,
8630 BSD auth and SELinux and only enable them if pertinent.
8634 Substitute in comment characters for lines partaining to login.conf,
8635 BSD auth and SELinux and only enable them if pertinent.
8638 * Makefile.in, configure, configure.in:
8639 Substitute in comment characters for lines partaining to login.conf,
8640 BSD auth and SELinux and only enable them if pertinent.
8643 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
8644 Remove the =cut on the first line (above the copyright notice) to
8645 quiet pod2man. Also remove the hackery in the FILES section and
8646 just deal with the fact that there will a newline between each
8650 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
8653 run sudo.man.pl when generating sudo.man.in
8656 * configure, configure.in, sudo.man.pl:
8657 comment out SELinux manual bits unless --with-selinux was specified
8661 document role and type defaults for SELinux
8664 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
8665 Document "sudo -ll" and make "sudo -l -l" be equivalent.
8668 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
8670 * configure, configure.in:
8671 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
8672 Debian GNU/kFreeBSD.
8675 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
8678 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
8682 * logging.c, logging.h, sudo.c:
8683 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
8684 log_auth() into log_allowed() and log_denial() Replace mail_auth()
8685 with should_mail() and a call to send_mail()
8688 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
8691 Add debugging so we can tell if the krb5 ccache is accessible
8695 mention --with-selinux
8698 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
8708 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
8709 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
8710 testsudoers.c, toke.c, toke.l:
8711 Add support for SELinux RBAC. Sudoers entries may specify a role
8712 and type. There are also role and type defaults that may be used.
8713 To make sure a transition occurs, when using RBAC commands are
8714 executed via the new sesh binary. Based on initial changes from Dan
8719 Add support for SELinux RBAC. Sudoers entries may specify a role
8720 and type. There are also role and type defaults that may be used.
8721 To make sure a transition occurs, when using RBAC commands are
8722 executed via the new sesh binary. Based on initial changes from Dan
8726 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
8727 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
8728 pathnames.h.in, selinux.c:
8729 Add support for SELinux RBAC. Sudoers entries may specify a role
8730 and type. There are also role and type defaults that may be used.
8731 To make sure a transition occurs, when using RBAC commands are
8732 executed via the new sesh binary. Based on initial changes from Dan
8736 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
8738 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
8739 Add long list (sudo -ll) support for printing verbose LDAP and
8740 sudoers file entries. Still need to update manual.
8743 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
8745 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
8746 Unify the -l output for file and ldap based sudoers and use lbufs
8747 for both. The ldap output does not currently include options that
8748 cannot be represented as tags. This will be remedied in a long list
8749 output mode to come.
8752 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
8755 Use a specific error message for errno == EAGAIN when setuid() et al
8756 fails. On Linux systems setuid() will fail with errno set to EAGAIN
8757 if changing to the new uid would result in a resource limit
8762 Unlimit nproc on Linux systems where calling the setuid() family of
8763 syscalls causes the nroc resource limit to be checked. The limits
8764 will be reset by pam_limits.so when PAM is used. In the non-PAM
8765 case the nproc limit will remain unlimited but there doesn't seem to
8766 be a way around that other than having sudo parse
8767 /etc/security/limits.conf directly.
8770 * env.c, sudo.c, sudo.pod:
8771 Only read /etc/environment on Linux and AIX
8774 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
8776 * configure, configure.in:
8777 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
8778 ldap.conf and ldap.secret paths from going into config.h. Avoid
8779 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
8780 since in some versions of bash they will end up literally in the
8784 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
8787 mention --with-nsswitch=no
8790 * configure, configure.in:
8791 ldap_ssl.h depends on ldap.h being included first
8794 * config.h.in, configure, configure.in, ldap.c:
8795 Include ldap_ssl.h if we can find it. Needed for the
8796 ldapssl_set_strength defines on HP-UX at least.
8807 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
8808 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
8813 Use 78n line length when formatting cat pages.
8817 Remove redundant info that is now in sudoers.ldap.pod
8820 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
8822 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
8823 Reorganize the first section a bit. Substitute the proper path for
8827 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
8828 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
8829 schema into EXAMPLES
8832 * configure, configure.in:
8833 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
8837 * configure, configure.in:
8838 substitute for sudoers.ldap.man
8842 Fix cut & pasto introduced when adding sudoers.ldap man page.
8845 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
8846 Fill in some of the missing pieces. Still needs some reorganization
8850 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
8852 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
8854 Beginnings of a sudoers.ldap man page. Currently, much of the
8855 information is adapted from README.LDAP.
8858 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
8861 When copying gr_mem we must guarantee that the storage space for
8862 gr_mem is properly aligned. The simplest way to do this is to
8863 simply store gr_mem directly after struct group. This is not a
8864 problem for gr_passwd or gr_name as they are simple strings.
8868 Fix a typo/thinko in one of the calls to
8869 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
8872 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
8874 * config.h.in, configure, configure.in, ldap.c:
8875 include <mps/ldap_ssl.h> in ldap.c if available
8878 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
8881 Make sure we define SIZE_MAX for yacc's skeleton.c
8885 Use TCSAFLUSH when restoring terminal settings (and echo) to
8886 guarantee that any pending output is discarded
8889 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
8892 no longer need to specify SETENV when user has sudo ALL
8896 sync user_args size calculation with sudo.c Add -g group option,
8897 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
8902 Make set_runaspw static void
8905 * testsudoers.c, visudo.c:
8906 g/c set_runaspw stub
8909 * configure, configure.in:
8910 Don't add -llber twice.
8913 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
8919 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
8925 * configure, configure.in:
8926 Fix check that determines whether -llber is required.
8929 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
8930 For netscape-based LDAP, use ldapssl_set_strength() to implement the
8931 checkpeer ldap.conf option.
8935 Delay krb5_cc_initialize() until we actually need to use the cred
8936 cache, which is what krb5_verify_user() does. Better cleanup on
8940 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
8943 Rewrite verify_krb_v5_tgt() based on what heimdal's
8944 krb5_verify_user() does.
8947 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
8950 The U suffix on constants is an ANSI feature
8953 * configure, configure.in:
8954 Add check for ber_set_option() in -llber
8957 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
8960 default if no nsswitch.conf is files only
8963 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
8966 don't tell people to mail aaron about LDAP stuff
8970 timelimit and bind_timelimit
8978 Move ldap.secret reading into a separate function.
8982 user_runas -> runas_pw
8985 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
8991 * check.c, sudo.pod, sudoers.pod:
8992 Add and document the %p escape in the password prompt. Based on a
8993 patch from Patrick Schoenfeld.
8997 Check strlcpy() return values.
9001 refactor ldap binding code into sudo_ldap_bind_s()
9005 Make it clear that host and uri can take multiple parameters. URI is
9006 now supported for more than just openldap nsswitch.conf does't
9011 comment cleanup and update (c) year
9014 * parse.c, sudo_nss.c:
9015 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
9016 This should make it possible to build an LDAP-only sudo binary.
9019 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
9020 Improve chaining of multiple sudoers sources by passing in the
9021 previous return value to the next in the chain
9025 Free up parser data structures in sudo_file_close().
9029 Free up parser data structures in sudo_file_close().
9033 Parse uri ourself if no ldap_initialize() is present Use
9034 ldap_create() instead of deprecated ldap_init() Use
9035 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
9038 * config.h.in, configure, configure.in:
9039 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
9043 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
9045 * config.h.in, configure, configure.in:
9046 add check for ldap_create
9049 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
9051 * config.h.in, configure, configure.in, ldap.c:
9052 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
9053 dn using the mechanism appropriate for the LDAP SDK in use. Use
9054 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
9055 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
9062 * config.h.in, configure.in:
9063 fix typo in mtim_getnsec
9066 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
9068 * config.h.in, configure, configure.in:
9069 add check for st__tim in struct stat as used by SCO
9073 use ldap_search_ext_s instead of deprecated ldap_search_s
9076 * Makefile.in, TODO, sudo.cat, sudo.man.in:
9077 add sudo_nss.h to HDRS
9081 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
9085 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
9088 Use ldap_get_values_len()/ldap_value_free_len() instead of the
9089 deprecated ldap_get_values()/ldap_value_free().
9100 * gettime.c, sudo.c:
9101 Remove some already fixed XXXs
9105 Same return value as non-existent sudoers if LDAP was unable to
9110 mention /etc/environment
9113 * README.LDAP, UPGRADE, WHATSNEW:
9114 Update to reflect recent developments.
9118 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
9122 When building up a query don't list groups in the aux group vector
9123 that are the same as the passwd file group. On most systems the
9124 first gid in the group vector is the same as the passwd entry gid.
9128 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
9129 ldaprc and system defaults that could affect how LDAP works.
9132 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
9133 sudo_nss.c, sudo_nss.h:
9134 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
9135 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
9136 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
9137 file and --with-ldap-secret-file
9141 Honor def_ignore_local_sudoers
9144 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
9147 no longer need to check def_ignore_local_sudoers here
9151 Refactor group vector resetting into a function and also call it
9152 from display_cmnd. Stop after the first sucessful match in
9153 display_cmnd. Print a newline between each display_privs method.
9157 fix double free introduced in rev 1.218
9161 belt and suspenders; zero out result after freeing it
9164 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
9165 Refactor line reading into a separate function, sudo_parseln(),
9166 which removes comments, leading/trailing whitespace and newlines.
9167 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
9171 Make the inability to read the sudoers file a non-fatal error if
9172 there are other sudoers sources available. sudoers_file_lookup now
9173 returns "not OK" if sudoers was not present
9177 make it clear that the global options are from LDAP
9181 allocate proper amount of space for error string
9184 * sudo_nss.c, sudo_nss.h:
9185 actual sudo nss code
9188 * ldap.c, parse.c, sudo.c, sudo.h:
9189 nss-ify display_privs and display_cmnd.
9192 * defaults.c, parse.c, testsudoers.c, visudo.c:
9193 move update_defaults() to parse.c
9196 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
9197 Use nsswitch to hide some sudoers vs. ldap implementation details
9198 and reduce the number of #ifdef LDAP TODO: fix display routines and
9202 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
9204 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
9205 First cut at nsswitch.conf support. Further reorganizaton and
9206 related changes are forthcoming.
9209 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
9211 * env.c, pathnames.h.in, sudo.c, sudo.h:
9212 Add support for reading and /etc/environment file. Still needs to
9213 be documented and should probably only applies to OSes that have it
9214 (AIX and Linux, maybe others).
9221 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
9227 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
9234 Add an example sudoRole, clarify netscape vs. openldap a bit more
9238 Be clear on what is OpenLDAP vs. Netscape-derived
9241 * config.h.in, configure, configure.in, ldap.c:
9242 Use ldapssl_init() for ldaps support instead of trying to do it
9243 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
9244 and tls_key for cert7.db and key3.db respectively. Don't print
9245 debugging info for options that are not set. Add warning if
9246 start_tls specified when not supported.
9250 fix compilation on solaris
9254 add missing .h and .c files for missing lib objs
9257 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
9260 fix LDAP_OPT_NETWORK_TIMEOUT setting
9264 fix compilation on Solaris
9267 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
9269 * configure, configure.in:
9274 try to clear up which variables are for OpenLDAP and which are for
9275 netscape-derived SDKs
9278 * config.h.in, configure, configure.in, ldap.c:
9279 Add support for "ssl on" in both netscape and openldap flavors. Only
9280 the OpenLDAP flavor has been tested.
9283 * logging.c, sudo.c, sudo.h:
9284 Call cleanup() before exit in log_error() instead of calling
9285 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
9292 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
9294 * logging.c, sudo.c, sudo.h:
9295 Better ldap cleanup.
9299 Distinguish between LDAP conf settings that are connection-specific
9300 (which take an ld pointer) and those that are default settings
9304 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
9307 Improved warnings on error.
9311 Make ldap config table driven and set the config *after* we open the
9315 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
9318 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
9321 * configure, configure.in:
9322 some operating systems need to link with -lkrb5support when using
9326 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
9332 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
9336 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
9342 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
9343 add -g support for LDAP
9346 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
9348 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
9349 The -i and -s flags can now take an optional command.
9352 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
9354 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
9356 Add passprompt_override flag to sudoers that will cause the prompt
9357 to be overridden in all cases. This flag is also set when the user
9358 specifies the -p flag.
9362 Move setting of login class until after sudoers has been parsed. Set
9363 NewArgv[0] for -i after runas_pw has been set.
9366 * configure, configure.in:
9367 Move the dgettext check.
9370 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
9372 * auth/pam.c, config.h.in, configure, configure.in:
9373 Add basic support for looking up the string "Password: " in the PAM
9374 localized text db. This allows us to determine whether the PAM
9375 prompt is the default "Password: " one even if it has been
9378 TODO: concatenate non-std PAM prompts and user-specified sudo
9382 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
9384 * Makefile.in, config.h.in, configure, configure.in, parse.c,
9385 set_perms.c, sudo.c, sudo.h:
9386 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
9390 * acsite.m4, configure, interfaces.c, memrchr.c:
9391 Fix typos; Martynas Venckus
9394 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
9397 Don't assume runas_pw is set; it may not be in the -g case.
9400 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
9402 * logging.c, set_perms.c:
9403 Set aux group vector for PERM_RUNAS and restore group vector for
9404 PERM_ROOT if we previously changed it. Stash the runas group vector
9405 so we don't have to call initgroups more than once. Also add no-op
9406 check to check_perms.
9409 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
9411 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
9412 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
9413 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
9414 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
9415 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
9416 Add support for runas groups. This allows the user to run a command
9417 with a different effective group. If the -g option is specified
9418 without -u the command will be run as the current user (only the
9419 group will change). the -g and -u options may be used together.
9420 TODO: implement runas group for ldap improve runas group
9421 documentation add testsudoers support
9424 * configure, configure.in:
9425 fix setting of mandir
9428 * sudo.pod, sudoers.pod:
9429 document that ALL implies SETENV
9433 s/setenv_ok/setenv_implied/g
9437 hostname_matches() returns TRUE on match in sudo 1.7.
9441 use strcmp, not strcasecmp when comparing ALL
9445 Make sudo ALL imply setenv. Note that unlike with file-based
9446 sudoers this does affect all the commands in the sudoRole.
9449 * gram.c, gram.y, parse.c, parse.h:
9450 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
9451 it is not passed on to other commands in the list.
9455 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
9456 sudo_getpwuid() instead of getpwuid().
9459 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
9462 Expand on the dangers of not using visudo to edit sudoers.
9465 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
9468 Don't quote *?[]! on output since the lexer does not strip off the
9469 backslash when reading those in.
9472 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
9475 expand "u_foo" types to "unsigned foo" to avoid compatibility
9479 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
9482 Refactor log line generation in to new_logline().
9485 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
9491 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
9493 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
9495 Add configure check for struct in6_addr instead of relying on
9496 AF_INET6 since some systems define AF_INET6 but do not include IPv6
9500 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
9502 * configure, configure.in:
9503 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
9507 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
9509 * configure, configure.in:
9510 POSIX states that struct timespec be declared in time.h so check
9511 there regardless of the value of TIME_WITH_SYS_TIME.
9514 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
9517 Instead of defining a macro to call the appropriate method for
9518 turning on/off echo, just define tc[gs]etattr() and the related
9519 defines that use the correct terminal ioctls if needed. Also go back
9520 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
9523 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
9533 * INSTALL, auth/pam.c, config.h.in, configure.in:
9534 Add --disable-pam-session configure option to disable calling
9535 pam_{open,close}_session. May work around bugs in some PAM
9539 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
9546 Avoid printing the prompt if we are already backgrounded. E.g. if
9547 the user runs "sudo foo &" from the shell. In this case, the call
9548 to tcsetattr() will cause SIGTTOU to be delivered.
9551 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
9553 * def_data.c, def_data.h, def_data.in:
9554 Reorder things such that the definition of env_reset come right
9555 before the env variable lists.
9559 Shrink type and seqno in struct alias from int to u_short
9562 * alias.c, match.c, parse.c, parse.h:
9563 Add a sequence number in the aliases for loop detection. If we find
9564 an alias with the seqno already set to the current (global) value we
9565 know we've visited it before so ignore it.
9568 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
9570 * TODO, auth/pam.c, sudo.c, sudo.h:
9571 PAM wants the full tty path so add user_ttypath which holds the full
9572 path to the tty or is NULL if no tty was present.
9576 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
9580 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
9586 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
9587 parse.h, testsudoers.c, visudo.c:
9591 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
9594 remove some useless casts
9598 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
9599 predates the final C99 spec and the standard specifies that it shall
9600 include stdint.h anyway
9603 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
9605 * Makefile.in, alloca.c, configure.in:
9606 Since we ship with a pre-generated parser there is no need to ship a
9607 bogus alloca implementation.
9615 remove initial setting of CHECKSIA, we require that it be unset if
9628 only do SIA checks on Digital Unix
9631 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
9633 * sudoers.cat, sudoers.man.in:
9642 Remove call to krb5_cc_register() as it is not needed for modern
9650 * aclocal.m4, configure.in:
9651 New method for setting the default authentication type and avoiding
9652 conflicts in auth types.
9655 * match.c, parse.c, testsudoers.c:
9656 Each entry in a cmndlist now has an associated runaslist so no need
9657 to keep track of the most recent non-NULL one.
9660 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
9663 back out partial ldaps support mistakenly committed
9667 Add support for unix groups and netgroups in sudoRunas
9670 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
9673 Fix sudoedit of a non-existent file. From Tilo Stritzky.
9676 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
9683 update --passprompt escape info
9687 remove now-bogus comment and update copyright date
9691 Fix up use of with_passwd
9694 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
9695 Update to autoconf-2.61 andf libtool-1.5.24
9699 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
9702 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
9709 move tags and runaslist propagation to be earlier
9713 If -f flag given use the permissions of the original file as a
9718 prevent a double free() when re-initing the parser
9721 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
9727 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
9728 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
9729 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
9730 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
9731 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
9732 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
9733 Remove support for compilers that don't support void *
9740 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
9741 parse.c, parse.h, testsudoers.c, visudo.c:
9742 Move list manipulation macros to list.h and create C versions of the
9743 more complex ones in list.c. The names have been down-cased so they
9744 appear more like normal functions.
9748 Fix cmp command when regenerating parser. Make gram.o the first
9749 dependency for all programs so gram.h will be generated before
9750 anything that needs it.
9754 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
9757 * match.c, parse.c, testsudoers.c:
9758 Use LH_FOREACH_REV when checking permission and short-circuit on the
9759 first non-UNSPEC hit we get for the command. This means that
9760 instead of cycling through the all the parsed sudoers entries we
9761 start at the end and work backwards and quit after the first
9762 positive or negative match.
9769 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
9770 Change list head macros to take a pointer, not a struct.
9778 Propagate the runasspec from one command to the next in a cmndspec.
9781 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
9784 Replace has_meta() with a macro that calls strpbrk().
9790 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
9791 testsudoers.c, visudo.c:
9792 Use a list head struct when storing the semi-circular lists and
9793 convert to tail queues in the process. This will allow us to
9794 reverse foreach loops more easily and it makes it clearer which
9795 functions expect a list as opposed to a single member.
9797 Add macros for manipulating lists. Some of these should become
9800 When freeing up a list, just pop off the last item in the queue
9801 instead of going from head to tail. This is simpler since we don't
9802 have to stash a pointer to the next member, we always just use the
9803 last one in the queue until the queue is empty.
9805 Rename match functions that take a list to have list in the name.
9806 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
9810 Fix pasto, append "!" not negated (which is an int) for sudo -l
9815 Remove the dependency of gram .h on gram.y, the .c dependency is
9816 enough. Only move y.tab.h to gram.h if it is different; avoids
9817 needless rebuilding.
9820 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
9823 Defaults lines may be associated with lists of users, hosts,
9824 commands and runas users, not just single entries.
9827 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
9830 Revert the "cmp" portion of the last diff, it doesn't make sense.
9834 Remove *.lo for clean: When generating the parser, only move the
9835 generated files into place if they differ from the existing ones.
9838 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
9841 Replace IPV6 regexp with a much simpler (readable) one and add an
9842 extra check when it matches to make sure we have a valid address.
9846 Fix thinko introduced when merging IPV6 support.
9849 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
9860 mention #uid vs. comment pitfall
9864 Merge in a patch from the libtool cvs that fixes a problem with the
9865 latest autoconf. From Stepan Kasal.
9869 Back out he XOR swap trick, it is slower than a temp variable on
9878 Convert the tail queue to a semi-circle queue and use the XOR swap
9879 trick to swap the prev pointers during append.
9882 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
9885 remove useless statement
9889 Refactor #include parsing into a separate function and return
9890 unparsed chars (such as newline or comment) back to the lexer.
9893 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
9896 mention better uid support
9900 Users may now consist of a uid.
9903 * gram.c, gram.h, toke.c:
9908 Use lbuf_append_quoted() for sudo -l output to quote characters that
9909 would require quoting in sudoers.
9913 Add lbuf_append_quoted() which takes a set of characters which
9914 should be quoted with a backslash when displayed.
9918 Require that the first character after a comment not be a digit or a
9919 dash. This allows us to remove the GOTRUNAS state and treat
9920 uid/gids similar to other words. It also means that we can now
9921 specify uids in User_Lists and a User_Spec may now contain a uid.
9925 Replace RUNAS token with '(' and ')' tokens to make the runas
9926 portion of the grammar more natural.
9930 The BUGS file is history
9933 * Makefile.in, README:
9934 The BUGS file is history
9937 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
9940 Allow comments after a RunasAlias as long as the character after the
9941 pound sign isn't a digit or a dash.
9945 Glob support was back-ported to 1.6.9
9948 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
9951 remove sudo_usage.h in distclean
9955 If a Defaults value contains a blank, double-quote the string.
9959 Properly deal with Defaults double-quoted strings that span multiple
9960 lines using the line continuation char. Previously, the entire
9961 thing, including the continuation char, newline, and spaces was
9966 Be consistent when using single quotes and backticks.
9969 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
9971 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
9972 sudo.c, sudo_usage.h.in:
9973 Add new linebuf code to do appends of dynamically allocated strings
9974 and word-wrapped output. Currently used for sudo's usage() and sudo
9975 -l output. Sudo usage strings are now in sudo_usage.h which is
9976 generated at configure time.
9979 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
9981 * parse.c, sudo.c, sudo.h:
9982 Fix line wrapping in usage() and use the actual tty width instead of
9986 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
9993 Mentioned Chris Jepeway's parser and also the new one that is in
9997 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
9999 * sudo.pod, visudo.pod:
10000 For the options list, add flag args where appropriate and increase
10001 the indent level so there is room for them.
10004 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
10007 Fix some spacing in "sudo -l" and add a comment about some bogosity
10008 in the line wrapping.
10011 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
10016 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
10017 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
10018 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
10019 testsudoers.c, toke.c, toke.l:
10020 Remove monitor support until there is a versino of systrace that
10021 uses a lookaside buffer (or we have a better mechanism to use).
10024 * config.h.in, configure, configure.in, sudo.c:
10025 use getaddrinfo() instead of gethostbyname() if it is available
10028 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
10031 Deal with OSes where sizeof(gid_t) < sizeof(int).
10035 repair non-getifaddrs() code after ipv6 integration
10039 If we can open sudoers but fail to read the first byte, close the
10040 file stream before trying again.
10043 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
10049 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
10050 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
10053 * sudo.pod, sudoers.pod, visudo.pod:
10054 Add some missing markup Update copyright
10057 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
10059 * configure, configure.in:
10060 fix sudo_noexec extension which got broken in the libtool update
10063 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
10066 explicitly specify -Tascii to nroff
10069 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
10072 remove an ANSI-ism that crept in
10075 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
10078 Adjust list indents Prevent -- from being turned into an em dash Use
10079 a list for the environment instead of a literal paragraph
10083 Use a list for the environment instead of an indented literal
10088 Adjust list indentation
10095 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
10098 mention that when specifying a uid for the -u option the shell may
10099 require that the # be escaped
10102 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
10105 Fix off by one in group matching.
10108 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
10111 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
10114 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
10116 * configure, configure.in:
10117 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
10118 -lgssapi_krb5 case.
10121 * aclocal.m4, configure, configure.in:
10122 Fix link tests such that new gcc doesn't optimize away the test.
10125 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
10127 * sudo.pod, sudoers.pod, visudo.pod:
10128 add missing over/back
10131 * sudo.pod, sudoers.pod, visudo.pod:
10132 Change FILES section to use =item
10136 Add back allocation of the env struct in rebuild_env but save a copy
10137 of the old pointer and free it before returning.
10141 Don't init the private environment in rebuild_env() since it may
10142 have already been done implicitly sudo_setenv/sudo_unsetenv.
10144 Multiply length by sizeof(char *) in memcpy/memmove when copying the
10145 environment so we copy the full thing.
10147 Add missing set of parens so we deref the right pointer in
10148 sudo_unsetenv when searching for a matching variable.
10151 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
10153 * sudo.pod, sudoers.pod, visudo.pod:
10154 Use file markup for paths in the FILES section
10157 * sudo.pod, sudoers.pod, visudo.pod:
10158 Don't capitalize sudo/visudo
10162 Sort sudoers options; based on a diff from Igor Sobrado.
10165 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
10167 * sudo.pod, sudoers.pod, visudo.pod:
10168 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
10169 latter confuses pod2man. The Makefile rules for the .man.in file
10170 will add @mansectsu@ and @mansectform@ back in after pod2man is done
10174 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
10176 * LICENSE, Makefile.in, license.pod:
10177 Move license info to pod format
10180 * configure, configure.in, sudoers.pod:
10181 Substitute value of path_info into sudoers man page.
10185 remove features that were back-ported to 1.6.9
10188 * sudo.c, sudo.pod, visudo.c, visudo.pod:
10189 Sort SYNOPSIS and sync usage. From Igor Sobrado.
10193 Only need sudo_setenv/sudo_unsetenv if we are going to use
10194 ldap_sasl_interactive_bind_s() but don't have
10195 gss_krb5_ccache_name().
10199 rebuild without branch info
10203 Add ChangeLog target
10207 Run cleanup code if the user hits ^C at the password prompt.
10211 Some versions of pam_lastlog have a bug that will cause a crash if
10212 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
10216 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
10219 ChageLog not Changelog
10227 CHANGE -> Changelog
10234 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
10236 * config.h.in, configure, configure.in, ldap.c:
10237 Add configure hooks for gss_krb5_ccache_name() and the gssapi
10241 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
10244 rebuild_env() and insert_env_vars() no longer return environment
10245 pointer, they set environ directly.
10247 No longer need to pass around an envp pointer since we just operate
10250 Add dosync argument to insert_env() that indicates whether it should
10251 reset environ when realloc()ing env.envp.
10253 Use an initial size of 128 for the environment.
10257 Split sudo_setenv() into an external version and a version only for
10258 use by rebuild_env().
10261 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
10264 Add support for using gss_krb5_ccache_name() instead of setting
10265 KRB5CCNAME. Also use sudo_unsetenv() in the non-
10266 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
10267 original environment. TODO: configure setup for
10268 gss_krb5_ccache_name()
10275 * README.LDAP, ldap.c:
10276 Add support for sasl_secprops in ldap.conf
10280 Add sudo_unsetenv() and refactor private env syncing code into
10284 * README.LDAP, ldap.c:
10285 The ldap.conf variable is sasl_auth_id not sasl_authid.
10288 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
10290 * ldap.c, sudo.c, sudo.h:
10291 Add support for krb5_ccname in ldap.conf. If specified, it will
10292 override the default value of KRB5CCNAME in the environment for the
10293 duration of the call to ldap_sasl_interactive_bind_s().
10297 Remove format_env() Add sudo_setenv() to replace most format_env() +
10298 insert_env() combinations. insert_env() no longer takes a struct
10303 Fix use_sasl vs. rootuse_sasl logic.
10306 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
10307 Add support for SASL auth when connecting to an LDAP server. Adapted
10308 from a diff by Tom McLaughlin.
10311 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
10313 * configure, configure.in:
10314 Only enable AIX or BSD auth if no other exclusive auth method has
10315 been chosen. Allows people to e.g., use PAM on AIX without adding
10316 --without-aixauth. A better solution is needed to deal with default
10317 authentication since if a non-exclusive method is chosen we will
10318 still get an error.
10321 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
10323 * HISTORY, Makefile.in, history.pod:
10324 Generate HISTORY from history.pod (which is also used for web pages)
10327 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
10329 * sudo.man.in, sudoers.man.in:
10334 Better explanation of environment handling in the sudo man page.
10338 Defer setting user-specified env vars until after authentication.
10342 honor def_default_path for PATH set on the command line
10345 * env.c, sudo.c, sudo.pod, sudoers.pod:
10346 Allow user to set environment variables on the command line as long
10347 as they are allowed by env_keep and env_check. Ie: apply the same
10348 restrictions as normal environment variables. TODO: deal with
10352 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
10354 * sudo.c, sudo_edit.c:
10355 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
10356 Don't allow -E or env var setting in sudoedit mode. More accurate
10357 usage() when called as sudoedit.
10365 add -c option to sudoedit synopsis
10373 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
10374 value from {user,host,runas,cmnd}_matches(). Rename *matches
10375 variables -> *match. Purely cosmetic.
10379 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
10387 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
10390 Make pwcheck local to the pwflag block. Use pwcheck even if user
10391 didn't match since Defaults options may still apply.
10395 Do not update timestamp if user not validated by sudoers.
10399 for PERM_RUNAS, set the egid to the runas user's gid and restore to
10400 the user's original in PERM_ROOT
10403 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
10404 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
10409 don't check timestamp mtime if we are just going to remove it
10413 Move sudoers defaults parameters into their own section.
10417 Reduce a level of indent by a few placed continue statements.
10421 Make matching but negated commands/hosts/runas entries override a
10422 previous match as expected. Also reduce some levels of indent by a
10423 few placed continue statements.
10426 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
10429 Print default runas in "sudo -l" if sudoers don't specify one.
10433 Less hacky way of testing whether the domain was set.
10436 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
10439 Mention pam-devel and openldap-devel for Linux
10442 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
10448 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
10451 fix typo in Solaris project support
10459 Make -- on the command line match the manual page. The implied shell
10460 case has been simplified as a result.
10463 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
10466 add simplistic support for sudoRunas; note that if a sudoers entry
10467 contains multiple Runas users, all will apply to the sudoRole
10471 honor SETENV and NOSETENV tags
10474 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
10477 Redo setting of user_args. We now build up a private copy of argv
10478 first and then replace the NULs?with spaces.
10482 getcwd() returns NULL on failure, not 0 on success
10486 allow chunksiz to reach 1 before erroring out
10489 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
10494 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
10496 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
10497 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
10499 Add support for setting environment variables on the command line.
10500 This is only allowed if the setenv sudoers options is enabled or if
10501 the command is prefixed with the SETENV tag.
10505 replace Aaron's email address with the sudo-workers list
10512 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
10514 * schema.OpenLDAP, schema.iPlanet:
10515 Break schema out into separate files.
10518 * Makefile.in, README.LDAP:
10519 Break schema out into separate files.
10522 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
10525 free message if set by authenticate()
10529 deal with NULL gr_mem
10532 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
10539 add template for HAVE_PROJECT_H
10546 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
10549 mention --with-project
10552 * config.h.in, configure.in, sudo.c:
10553 Add Solaris 10 "project" support. From Michael Brantley.
10565 Fix preservation of LDFLAGS in the LDAP case.
10569 Remove dependecy on NULL
10576 * aclocal.m4, configure.in:
10577 Can't use the regular autoconf fnmatch() check since we need
10578 FNM_CASEFOLD so go back to our custom one.
10582 Fix preserving of variables in env_keep.
10590 expand upon env resetting and mention that it began in 1.6.9 not
10595 Update descriptions of env_keep and env_check to match current
10599 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
10602 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
10603 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
10606 * env.c, logging.c:
10607 Treat USERNAME environemnt variable like LOGNAME/USER
10611 Don't need to populate keepenv table with the contents of the
10616 Don't force sudo into the C locale.
10620 Make env_check apply when env_reset it true. Environment variables
10621 are passed through unless they contain '/' or '%'. There is no need
10622 to have a variable in both env_check and env_keep.
10625 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
10628 Remove an duplicate lock_file() call and add a comment.
10632 Add sudo 1.6.9 upgrade note.
10635 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
10638 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
10639 small. From Klaus Wagner.
10642 * logging.c, sudo.h:
10643 Redo the long syslog line splitting based on a patch from Eygene
10644 Ryabinkin. Include memrchr() for systems without it.
10648 Redo the long syslog line splitting based on a patch from Eygene
10649 Ryabinkin. Include memrchr() for systems without it.
10652 * Makefile.in, config.h.in, configure, configure.in:
10653 Redo the long syslog line splitting based on a patch from Eygene
10654 Ryabinkin. Include memrchr() for systems without it.
10658 Since we need to be able to convert timespec to timeval for utimes()
10659 the last 3 digits in the tv_nsec are not significant. This makes the
10660 sudoedit file date comparison work again.
10663 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
10665 * aclocal.m4, configure, configure.in:
10666 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
10667 This deals with exclusive authentication methods in a simple way.
10670 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
10673 mkstemp.c is BSD code too.
10676 * sudo.pod, sudoers.pod, visudo.pod:
10677 No commercial support for now.
10680 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
10683 cleanenv() is no more.
10686 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
10689 Display branch info in Changelog
10693 Include config.h early so we have it for TIME_WITH_SYS_TIME
10697 Fix Changelog generation and update.
10700 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
10703 Use /proc/self/fd instead of /proc/$$/fd
10705 Move old-style fd closing into closefrom_fallback() and call that if
10706 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
10709 * auth/kerb5.c, config.h.in, configure.in:
10710 o use krb5_verify_user() if available instead of doing it by hand o
10711 use krb5_init_secure_context() if we have it o pass an encryption
10712 type of 0 to krb5_kt_read_service_key() instead of
10713 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
10717 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
10721 Fix closefrom() substitution in the Makefile
10725 Mention alternate sudo pronunciation.
10728 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
10731 Remove KRB5_KTNAME from environment. Allow COLORTERM.
10735 If we cannot get a valid service key using the default keytab it is
10736 a fatal error. Fixes a bug where sudo could be tricked into
10737 allowing access when it should not by a fake KDC. From Thor Lancelot
10741 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
10743 * aclocal.m4, configure, configure.in:
10744 Update long long checks to use AC_CHECK_TYPES and to cache values.
10747 * aclocal.m4, configure.in:
10748 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
10749 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
10753 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
10755 * configure, configure.in:
10756 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
10757 need it for visudo now too.
10760 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
10763 Attempt to clarify the bit talking about network numbers w/o
10768 Clarify timestamp dir ownership sentence.
10771 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
10774 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
10778 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
10781 -i is also one of the mutually exclusive options to list it in the
10782 warning message. Noted by Chris Pepper.
10785 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
10788 The sudoers variable is env_editor, not enveditor. From Jean-
10792 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
10795 I tracked down the original author so credit him and include his
10799 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
10801 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
10803 Fix typos; from Jason McIntyre.
10807 Restore signal mask before calling reapchild(). Fixes a possible
10808 race condition that could prevent sudo from properly waiting for the
10812 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
10815 Don't declare pw_free() if we are not going to use it.
10819 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
10820 LDR_PRELOAD64. The 64-bit version is not currently supported.
10821 Remove zero_env() prototype as it no longer exists.
10824 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
10827 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
10830 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
10833 If the user enters ^C at the password prompt, abort instead of
10834 trying to authenticate with an empty password (which causes an
10838 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
10840 * closefrom.c, config.h.in, configure, configure.in:
10841 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
10846 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
10849 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
10851 * config.guess, config.sub:
10852 Update to latest versions from cvs.savannah.gnu.org
10855 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
10857 * pwutil.c, sudo_edit.c:
10858 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
10859 we can close the passwd/group files early.
10862 * config.h.in, configure, configure.in, set_perms.c:
10863 Add seteuid() flavor of set_perms() for systems without setreuid()
10864 or setresuid() that have a working seteuid(). Tested on Darwin.
10867 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
10870 systrace_read() returns ssize_t
10873 * configure, configure.in:
10874 Fix typo, -lldap vs. -ldap; from Tim Knox.
10877 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
10880 Fix typo; Matt Ackeret
10883 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
10886 Print sudoers path in -V mode for root.
10889 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
10892 Do a sub tree search instead of a base search (one level in the tree
10893 only) for sudo right objects. This allows system administrators to
10894 categorize the rights in a tree to make them easier to manage.
10897 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
10903 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
10906 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
10907 bind_timelimit support; adapted from gentoo.
10910 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
10913 Support comments that start in the middle of a line
10916 * configure, configure.in:
10917 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
10920 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
10923 Silence gcc -Wsign-compare; djm@openbsd.org
10926 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
10927 cleanup() now takes an int as an arg so it can be used as a signal
10932 Make a copy of the shell field in the passwd struct for NewArgv to
10933 avoid a use after free situation after sudo_endpwent() is called.
10936 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
10938 * config.h.in, configure, configure.in:
10939 Add mkstemp() for those poor souls without it.
10943 Add mkstemp() for those poor souls without it.
10947 Add mkstemp() for those poor souls without it.
10950 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
10953 Add PERL5DB to list of environment variables to remove.
10956 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
10958 * mon_systrace.c, mon_systrace.h:
10959 Instead of calling the check function twice with a state cookie use
10960 separate check/log functions.
10962 Check more ioctl() calls for failure.
10964 systrace_{read,write} now return the number of bytes read/written or
10969 Add more environment variables to remove; from gentoo linux Add some
10970 comments about what bad env variables go to what (more to do)
10973 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
10975 * sudo.c, sudo_edit.c:
10976 Move sudo_end{gr,pw}ent() until just before the exec since they free
10977 up our cached copy of the passwd structs, including sudo_user and
10978 sudo_runas. Fixes a use-after-free bug.
10982 Close all fd's before executing editor.
10986 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
10990 Fix fd leak when lecture file option is enabled. From Jerry Brown
10993 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
10996 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
10997 environment variables to remove. From Charles Morris
11000 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
11003 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
11006 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
11009 add PS4 and SHELLOPTS to initial_badenv_table for bash
11012 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
11015 Fix typo; Toby Peterson
11018 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
11021 Make return buffers static so they don't get clobbered
11024 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
11027 Fix securid5 authentication, was not checking for ACM_OK. Also add
11028 default cases for the two switch()es. Problem noted by ccon at
11032 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
11035 Remove ncat() in favor of just counting bytes and pre-allocating
11039 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
11042 Fix up some comments Add missing fclose() for the rootbinddn case
11046 align struct ldap_config
11050 use LINE_MAX for max conf file line size
11054 add _PATH_LDAP_SECRET
11058 Mention rootbinddn Give example ou=SUDOers container
11061 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
11063 * INSTALL, configure, configure.in, ldap.c:
11064 Support rootbinddn in ldap.conf
11067 * env.c, sudo.pod, sudoers.pod:
11068 Preserve DISPLAY environment variable by default.
11071 * acsite.m4, configure:
11072 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
11075 * acsite.m4, configure:
11076 set need_version=no for all cases; this is safe for LD_PRELOAD
11083 * configure, configure.in:
11088 Fix call to pam_end() when pam_open_session() fails.
11096 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
11097 ltsugar.m4 ltversion.m4
11100 * config.guess, config.sub, ltmain.sh:
11101 merge in local changes: config.guess: o better openbsd support
11102 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
11103 libs must begin with "lib" o don't print a bunch of crap about
11104 library installs o don't run ldconfig
11107 * config.guess, config.sub, ltmain.sh:
11112 Update with autoupdate and make minor changes for libtool 1.9f
11115 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
11118 don't call sudo_ldap_display_cmnd if ldap not setup
11121 * sudo_edit.c, visudo.c:
11122 Move declatation of struct timespec to its own include files for
11123 systems without it since it needs time_t defined.
11127 Move declatation of struct timespec to its own include files for
11128 systems without it since it needs time_t defined.
11132 Move declatation of struct timespec to its own include files for
11133 systems without it since it needs time_t defined.
11137 Move declatation of struct timespec to its own include files for
11138 systems without it since it needs time_t defined.
11141 * check.c, compat.h:
11142 Move declatation of struct timespec to its own include files for
11143 systems without it since it needs time_t defined.
11147 Don't set safe_cmnd for the "sudo ALL" case.
11150 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
11153 Call pam_open_session() and pam_close_session() to give pam_limits a
11154 chance to run. Idea from Karel Zak.
11157 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
11160 Add explicit cast from mode_t -> u_int in printf to silence warnings
11165 include grp.h to silence a warning on Solaris
11168 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
11171 Fix printing of += and -= defaults.
11174 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
11177 Sanity check number of syscall args with argsize. Not really needed
11178 but a little paranoia never hurts.
11181 * mon_systrace.c, mon_systrace.h:
11182 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
11183 for systrace lengths (since it uses int)
11186 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
11189 Add some memsets for paranoia Fix namespace collsion w/ error Check
11190 rval of decode_args() and update_env() Remove improper setting of
11194 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
11196 * parse.c, sudo.c, sudo.h:
11197 In -l mode, only check local sudoers file if def_ignore_sudoers is
11198 not set and call LDAP versions from display_privs() and
11199 display_cmnd() instead of directly from main(). Because of this we
11200 need to defer closing the ldap connection until after -l processing
11201 has ocurred and we must pass in the ldap pointer to display_privs()
11202 and display_cmnd().
11206 Reorganize LDAP code to better match normal sudoers parsing.
11207 Instead of storing strings for later printing in -l mode we do
11208 another query since the authenticating user and the user being
11209 listed may not be the same (the new -U flag). Also add support for
11212 There is still a fair bit if duplicated code that can probably be
11216 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
11219 Replace pass variable with do_netgr for better readability.
11227 estrdup, not strdup
11230 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
11233 Add macro to test if the tag changed to improve readability.
11237 Avoid printing defaults header if there are no defaults to print...
11241 Fix a warning on systems without strlcpy().
11245 Use macros where possible for sudo_grdup() like sudo_pwdup().
11248 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
11251 It is possible for tv_usec to hold >= 1000000 usecs so add in
11255 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
11258 The component in krb5_principal_get_comp_string() should be 1, not 0
11259 for Heimdal. From Alex Plotnick.
11262 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
11264 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
11265 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
11266 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
11267 Add efree() for consistency with emalloc() et al. Allows us to rely
11268 on C89 behavior (free(NULL) is valid) even on K&R.
11272 Move initgroups() for -U option into display_privs() so group
11273 matching in sudoers works correctly.
11276 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
11279 Removed duplicate call to ldap_unbind_s introduced along with
11284 Add missing space in Defaults printing
11287 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
11290 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
11294 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
11297 Zero old pw_passwd before replacing with version from shadow file.
11300 * configure, configure.in:
11301 Only attempt shadow password detection if PAM is not being used Add
11302 shadow_* variables to make shadow password detection more generic.
11306 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
11309 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
11312 use a non-breaking space to avoid a double space after e.g.
11316 commna, not colon after e.g.
11319 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
11322 Add __ variants of the exec functions. GNU libc at least uses
11323 __execve() internally.
11327 Match reality a bit more.
11331 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
11335 Store shadow password after making a local copy of struct passwd in
11336 case normal and shadow routines use the same internal buffer in
11340 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
11342 * alloc.c, logging.c:
11343 Make varargs usage consistent with the rest of the code.
11346 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
11349 Wrap more of the exec family since on Linux the others do not appear
11350 to go through the normal execve() path.
11354 make print_unused static like proto says
11358 silence a warning on K&R systems
11361 * alias.c, error.c:
11362 make this build in K&R land
11366 make this build in K&R land
11369 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
11375 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
11378 return(foo) not return foo optimize _atobool() slightly
11386 Reformat to match the rest of sudo's code.
11390 I am the primary author
11393 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
11395 * Makefile.in, README, RUNSON:
11396 The RUNSON file is toast--it confused too many people and really
11397 isn't needed in a configure-oriented world.
11401 alternate -> alternative
11405 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
11410 Allow leading blanks before Defaults and Foo_Alias definitions
11414 fix rules to build toke.o and gram.o in devel mode
11417 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
11420 env_keep overrides set_logname
11424 Fix disabling set_logname and make env_keep override set_logname.
11427 * compat.h, config.h.in, configure, configure.in:
11428 No longer need memmove()
11432 Just clean the environment once. This assumes that any further
11433 setenv/putenv will be able to handle the fact that we replaced
11434 environ with our own malloc'd copy but all the implementations I've
11438 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
11441 In -i mode, base the value of insert_env()'s dupcheck flag on
11442 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
11445 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
11448 Move setting of user_path, user_shell, user_prompt and prev_user
11449 into init_vars() since user_shell at least is needed there.
11452 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
11459 Fix some printf format mismatches on error.
11463 Fix some printf format mismatches on error.
11466 * configure, gram.c, toke.c:
11470 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
11471 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
11472 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
11473 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
11474 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
11475 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
11476 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
11477 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
11478 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
11479 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
11480 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
11481 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
11482 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
11483 visudo.pod, zero_bytes.c:
11484 Update copyright years.
11487 * Makefile.binary.in:
11488 Update copyright years.
11492 Update copyright years.
11495 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
11500 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
11503 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
11505 * compat.h, logging.h, sudo.h:
11506 Add __printflike and use it with gcc to warn about printf-like
11510 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
11512 * CHANGES, ChangeLog:
11513 Replaced CHANGES file with ChangeLog generated from cvs logs
11517 Use warning/error instead of perror/fatal.
11521 Update OpenBSD section
11525 Add upgrading noted for 1.7
11528 * env.c, sudo.c, sudoers.pod:
11529 Instead of zeroing out the environment, just prune out entries based
11530 on the env_delete and env_check lists. Base building up the new
11531 environment on the current environment and the variables we removed
11535 * config.h.in, configure, configure.in, sudo.c:
11536 Set locale to "C" if locales are supported, just to be safe.
11540 Cast?argument to ctype functions to unsigned char.
11543 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
11546 correct value for DID_USER
11549 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
11550 #include <compat.h> not "compat.h"
11554 Reset the environment by default.
11558 Alloc an extra slot in NewArgv. Removes the need to malloc an new
11559 vector if execve() fails.
11562 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
11564 * INSTALL, config.h.in, configure, configure.in, sudo.c:
11565 Use execve(2) and wrap the command in sh if we get ENOEXEC.
11568 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
11571 Only include time.h on systems that lack struct timespec which gets
11572 defind in compat.h (using time_t).
11576 Include time.h for time_t in compat.h for systems w/o struct
11580 * compat.h, config.h.in, configure, configure.in:
11581 use bcopy on systems w/o memmove
11585 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
11590 Add explicit rule to build sudo_noexec.lo
11593 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
11595 * INSTALL.configure, Makefile.in:
11596 No longer depend on VPATH; pointed out a bunch of missed
11601 Help for PAM when account section is missing
11605 Give user a clue when there is a missing "account" section in the
11610 Better error handling.
11613 * config.h.in, configure, configure.in:
11614 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
11615 possible. Silences a warning about isblank() on linux.
11619 Fix typo (missing comma) that caused an incorrect number of args to
11620 be passed to log_error().
11623 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
11626 Don't try to destroy a tree we didn't create.
11629 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
11631 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
11632 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
11633 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
11634 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
11635 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
11636 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
11637 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
11638 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
11639 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
11640 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
11641 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
11642 Add __unused to rcsids
11645 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
11647 * configure, configure.in:
11648 Fix error message when mixing invalid auth types
11652 PAM, AIX auth, BSD auth and login_cap are now on by default if the
11656 * auth/sudo_auth.h, config.h.in:
11657 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
11661 Better checking for conflicting authentication methods Display the
11662 authentication methods used at the end of configure Rename --with-
11663 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
11664 --with-pam, --with-logincap by default on systems that support them
11665 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
11666 OSREV has full version number
11669 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
11671 * def_data.c, def_data.in, sudo.c, sudoers.pod:
11675 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
11678 Replace: test -n "$FOO" || FOO="bar"
11680 With: : ${FOO='bar'}
11683 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
11685 * pwutil.c, testsudoers.c, tsgetgrpw.c:
11686 Use function pointers to only call private passwd/group routines
11687 when using a nonstandard passwd/group file.
11690 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
11697 Can't use strtok() since it doesn't handle empty fields so add
11698 getpwent()/getgrent() functions and call those.
11701 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
11704 Fix dummied out toke.c and gram.c dependencies.
11708 Rename PARSESRCS -> GENERATED since it is only used in the clean
11709 target Add devdir variable and use it to specify the path to parser
11718 Add a devdir variables that defaults to $(srcdir) and is set to . if
11719 --devel was specified. Allows for proper dependecies building the
11724 Add support for custom passwd/group files.
11728 Build private copy of pwutil.o for testsudoers with MYPW defined so
11729 it uses our own passwd/group routines.
11733 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
11734 stubs instead. We can now just use the caching sudo_*{pw,gr}*
11735 functions in pwutil.c Add comment about wanting to call
11736 sudo_endpwent/sudo_endgrent in cleanup()
11740 Remove caching; we will just use what is in pwutil.c Use global
11741 buffers for passwd/group structs Rename functions from sudo_* to
11745 * logging.c, sudo.c:
11746 g/c pwcache_init/pwcache_destroy
11750 Undo last commit and add sudo_setspent and sudo_endspent instead.
11753 * getspwuid.c, pwutil.c:
11754 Move all but the shadow stuff from getspwuid.c to pwutil.c and
11755 pwcache_get and pwcache_put as they are no longer needed. Also add
11756 preprocessor magic to use private versions of the passwd and group
11757 routines if MYPW is defined (for use by testsudoers).
11761 zero out struct passwd/group before filling it in so if there are
11762 fields we don't handle they end up as 0.
11765 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
11770 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
11775 Passwd and group lookup routines for testsudoers that support
11776 alternate passwd and group files.
11779 * getspwuid.c, pwutil.c:
11780 Split off pw/gr cache and dup code into its own file. This allows
11781 visudo and testsudoers to use the pw/gr cache too.
11784 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
11787 Print Defaults info in "sudo -l" output and wrap lines based on the
11791 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
11793 * match.c, testsudoers.c, visudo.c:
11794 Only check group vector in usergr_matches() if we are matching the
11795 invoking or list user. Always check the group members, even if
11796 there was a group vector.
11799 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
11801 * LICENSE, Makefile.in, fnmatch.3:
11802 No longer bundle fnmatch.3
11809 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
11816 Sort command line options
11819 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
11820 sudo.pod, sudoers.pod:
11821 Add closefrom sudoers option to start closing at a point other than
11822 3. Add closefrom_override sudoers option and -C sudo flag to allow
11823 the user to specify a different closefrom starting point.
11827 Add _PATH_DEVNULL for those without it.
11831 no more UCB strcasecmp
11835 replace BSD licensed one with version derived from pdksh
11838 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
11845 Make sure stdin, stdout and stderr are open and dup them to
11849 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
11851 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
11852 add sudo_ldap_close
11855 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
11856 Use TIME_WITH_SYS_TIME
11859 * config.h.in, configure, configure.in:
11860 Add TIME_WITH_SYS_TIME_H
11863 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
11866 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
11867 unconditionally on darwin. From Toby Peterson.
11871 Check rbinsert() return value. In the case of faked up entries
11872 there is usually a negative response cached that we need to
11875 In pwfree() don't try to zero out a NULL pw_passwd pointer.
11879 Use the double fork trick to avoid the monitor process being waited
11880 for by the main program run through sudo.
11883 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
11886 Call initgroups() in -U mode so group matches work normally.
11889 * def_data.h, mkdefaults:
11890 Don't print a trailing comma for the last entry in enum def_tupple
11893 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
11895 * sudoers.cat, sudoers.man.in, sudoers.pod:
11896 Mention values when lecture, listpw and verifypw are used in boolean
11900 * def_data.c, def_data.in:
11901 verifypw when used in a boolean TRUE context should be "all", not
11905 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
11907 * def_data.in, defaults.c:
11908 Allow tuples that can be used as booleans to be used as boolean
11909 TRUE. In this case the 2nd possible value of the tuple is used for
11913 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
11915 * configure, configure.in:
11916 Correct the test for 2-parameter timespecsub
11920 Add strub struct definitions for passwd, timeval and timespec
11923 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
11924 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
11925 and fix a typo in the gettimeofday check.
11928 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
11930 * match.c, testsudoers.c:
11931 Deal with user_stat being NULL as it is for visudo and testsudoers.
11934 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
11935 Add -U option to use in conjunction with -l instead of -u. Add
11936 support for "sudo -l command" to test a specific command.
11939 * gram.c, gram.y, sudo.c:
11940 Set safe_cmnd after sudoers_lookup() if it has not been set.
11941 Previously it was set by sudo "ALL" in the parser but at that point
11942 the fully-qualified pathname has not yet been found.
11945 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
11947 * parse.c, testsudoers.c:
11948 Correctly handle multiple privileges per userspec and runas
11952 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
11955 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
11958 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
11961 make per-command defaults work with sudoedit
11964 * ldap.c, parse.c, sudo.c, sudo.h:
11965 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
11966 Instead, we just set the approriate defaults variable.
11969 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
11970 Document per-command Defaults.
11973 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
11974 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
11975 Add support for command-specific Defaults entries. E.g.
11976 Defaults!/usr/bin/vi noexec
11979 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
11980 Change an occurence of user_matches() -> runas_matches() missed
11981 previously runas_matches(), host_matches() and cmnd_matches() only
11982 really need to pass in a list of members. user_matches() still
11983 needs to pass in a passwd struct because of "sudo -l"
11987 Check def_authenticate, def_noexec and def_monitor when setting
11988 return flags. XXX May be better to just set the defaults directly
11989 and get rid of those flags.
11992 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
11993 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
11994 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
11995 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
11996 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
11997 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
11998 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
11999 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
12000 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
12001 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
12002 visudo.c, zero_bytes.c:
12003 Use: #include <config.h> Not: #include "config.h" That way we get
12004 the correct config.h when build dir != src dir
12008 Back out part of rev 1.263; fix -I order
12012 More robust parsing if #include; could be much better still.
12015 * sudo_edit.c, visudo.c:
12016 Make arg splitting in visudo and sudoedit consistent.
12019 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
12020 Split alias routines out into their own file.
12024 __attribute__ is already defined in compat.h
12028 quit() should not be __noreturn__ as it is non-void on some
12032 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
12033 Add local error/warning functions like err/warn but that call an
12034 additional cleanup routine in the error case. This means we no
12035 longer need to compile a special version of alloc.o for visudo.
12039 Clarify comments about the data structures
12042 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
12045 Add support for VISUAL and EDITOR containing command line args. If
12046 env_editor is not set any args in VISUAL and EDITOR are ignored.
12047 Arguments are also now supported in def_editor.
12050 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
12053 alias_matches() is no more
12061 When regenerating the parser, don't replace gram.h unless it has
12066 remove Makefile.binary for distclean
12070 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
12071 sure we can't overflow new_env.
12075 paranoia when stripping trailing slashes from tempdir.
12079 Set user_ngroups to 0 if getgroups() returns an error.
12082 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
12084 * config.h.in, configure, configure.in, sudo.c:
12085 Add configure check for getgroups()
12089 Use supplementary group vector in struct sudo_user.
12093 Only do string comparisons on the group members if there is no
12094 supplemental group list.
12102 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
12103 chop off any trailing slashes we see and add an explicit one.
12107 remove bogus XXX comment
12111 Get rid of alias_matches and correctly fall through to the non-alias
12112 cases when there is no alias with the specified name.
12116 Cache non-existent passwd/group entries too.
12127 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
12128 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
12129 Implement group caching and use the passwd and group caches
12133 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
12136 Properly negate the return value of alias_matches() when
12141 Make hostname_matches() return TRUE for a match, else FALSE like the
12146 Add missing dependencies on gram.h
12150 Use runas_matches in alias_matches() now that we have it.
12153 * parse.c, parse.h:
12154 Expand aliases in "sudo -l" mode
12158 Use ALIAS for the member type when storing an alias instead of
12159 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
12160 more generic type. Expand runas_matches instead of calling
12161 user_matches() inside of it since user_matches() looks up
12162 USERALIASes, not RUNASALIASes.
12165 * CHANGES, getspwuid.c:
12166 Paranoia; zero out pw_passwd before freeing passwd entry.
12169 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
12170 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
12171 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
12172 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
12173 Add local error/warning functions like err/warn but that call an
12174 additional cleanup routine in the error case. This means we no
12175 longer need to compile a special version of alloc.o for visudo.
12179 Use userpw_matches() to compare usernames, not strcmp(), since the
12180 latter checks for "#uid".
12183 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
12184 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
12185 the other by user name. The data returned from the cache should be
12186 considered read-only and is destroyed by sudo_endpwent().
12194 missing free in alias_destroy
12198 Can't use rbapply() for rbdestroy since the destructor is passed a
12199 data pointer, not a node pointer.
12202 * getspwuid.c, logging.c, sudo.c, sudo.h:
12203 Create and use private versions of setpwent() and endpwent() that
12204 set/end the shadow password file too.
12207 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
12208 Store aliases in a red-black tree.
12211 * Makefile.in, redblack.c, redblack.h:
12212 red-black tree implementation
12216 Edit all sudoers file if there were unused or undefined aliases and
12217 we are in strict mode.
12220 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
12222 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
12223 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
12224 Bring back the "secure_path" Defaults option now that Defaults take
12225 effect before the path is searched.
12228 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
12230 * logging.c, parse.c:
12231 A user can always list their own entries, even with -u. Better error
12232 message when failing to list another user's entries.
12235 * parse.c, sudo.c, sudo.h:
12236 The syntax to list another user's entries is now "-u otheruser -l".
12237 Only root or users with sudo "ALL" may list other user's entries.
12240 * sudo.cat, sudo.man.in, sudo.pod:
12241 Update env variable info in SECURITY NOTES
12249 strip exported bash functions from the environment.
12252 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
12255 Only reset sudo_user.pw based on SUDO_USER environment variables for
12256 real commands and sudoedit. This avoids a confusing message when a
12257 user tries "sudo -l" or "sudo -v" and is denied.
12260 * gram.c, gram.y, parse.h:
12261 Extend LIST_APPEND to deal with appending lists too
12264 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
12267 Convert some bitwise AND to ISSET
12270 * lex.yy.c, toke.c:
12271 toke.c replaces lex.yy.c
12279 new parser fixes most of the outstanding bugs
12287 Rework for the new parser. Now checks for unused aliases in sudoers.
12291 Rewrite for the new parser. Now supports a -d flag (dump) and adds
12292 a -h flag (host). It now defaults to the local hostname unless
12293 otherwise specified.
12297 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
12301 Update for new parse. We now call find_path() *after* we have
12302 updated the global defaults based on sudoers. Also adds support for
12303 listing other user's privs if you are root.
12307 Working LDAP support; also remove a now-unneeded rewind().
12310 * logging.c, logging.h:
12311 Add NO_STDERR flag.
12315 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
12316 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
12317 connecto to LDAP, apply the default options, find the command in the
12318 user's path, and then check whether the user is allowed to run it.
12319 The important thing here is that the default runas user may be
12320 specified as a default option and that needs to be set before we
12321 search for the command.
12325 Add casts to unsigned char for isspace() to quiet a gcc warning.
12329 Add prototype for update_defaults()
12333 Don't warn about line numbers now that we operate on a set of data
12334 structures (or LDAP) and not a file.
12338 No long use lsearch()
12342 Update for new and changed file names.
12346 no more BSD lsearch.c
12350 foo_matches() routines now live in match.c Added user_matches(),
12351 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
12352 that operate on the parsed sudoers file.
12355 * parse.lex, toke.l:
12356 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
12357 WORD no longer needs to exclude '@' kill yywrap()
12360 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
12362 Rewritten parser that converts sudoers into a set of data
12363 structures. This eliminates ordering issues and makes it possible to
12364 apply sudoers Defaults entries before searching for the command.
12367 * configure.in, emul/search.h, lsearch.c:
12368 We won't be using lsearch() any longer.
12372 sudo should not send mail if someone who runs 'sudo -l' has no
12376 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
12382 Update warnings to match new visudo
12386 The new parser doesn't have the old ordering constraints.
12390 Document that -l now takes an optional username argument
12393 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
12400 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
12401 a compilation problem with Solaris 9's native LDAP.
12403 Set FLAG_MONITOR when needed.
12406 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
12409 Call sudo_goodpath() *after* changing the cwd to match the traced
12410 process. Fixes relative paths.
12413 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
12416 Kill set_perms() stub--it is no longer needed.
12419 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
12421 * sudoers.cat, sudoers.man.in, sudoers.pod:
12422 stay_setuid now requires set_reuid() or setresuid()
12425 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
12426 configure.in, set_perms.c, sudo.c, sudo.h:
12427 Kill use of POSIX saved uids; they aren't worth bothering with.
12430 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
12433 remove call to issetugid()
12436 * sudoers.cat, sudoers.man.in, sudoers.pod:
12437 Remove warning about wildcards. Now that we use glob() the bug is
12442 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
12443 each result that matches the basename of the user's command. This
12444 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
12445 /usr/bin/blah. Fixes bug #143.
12448 * config.h.in, configure, configure.in:
12449 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
12453 * config.h.in, configure, configure.in:
12454 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
12462 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
12467 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
12471 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
12474 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
12475 means we are out of space in the stack gap...
12483 Take a stab at ldap sudoers support here.
12486 * mon_systrace.c, mon_systrace.h:
12487 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
12488 doesn't cause reboot to inadvertanly kill itself.
12492 put "monitor" in the proctitle, not "systrace"
12496 When modifying the environment, don't replace envp when we can get
12497 away with just rewriting pointers in the traced process.
12500 * mon_systrace.c, mon_systrace.h:
12501 Add environment updating via STRIOCINJECT (if available).
12504 * sudoers.cat, sudoers.man.in:
12508 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
12515 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
12519 Include file is now mon_systrace.h
12522 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
12523 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
12524 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
12525 No longer call it tracing, it is now "monitoring" which should be
12526 more a obvious name to non-hackers.
12529 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
12531 * mon_systrace.c, mon_systrace.h:
12535 * mon_systrace.c, mon_systrace.h:
12536 No need to include syscall.h, use 1024 as the max # of entries (the
12537 max that systrace(4) allows).
12539 Only need to use SYSTR_POLICY_ASSIGN once
12541 Change check_syscall() -> find_handler() and have it return the
12542 handler instead of just running it. We need this since handler now
12543 have two parts: one part that generates and answer and another that
12544 gets called after the answer is accepted (to do logging).
12546 Add some missing check_exec for emul execv
12549 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
12554 Add missing HAVE_LINUX_SYSTRACE_H
12558 add trace_systrace.o dependency
12561 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
12563 * configure, configure.in:
12564 Also look for systrace.h in /usr/include/linux
12567 * mon_systrace.c, mon_systrace.h:
12568 Move all struct defs and prototypes into trace_systrace.h and mark
12569 all but systace_attach() static.
12572 * mon_systrace.c, mon_systrace.h:
12573 Add support for tracing emulations. At the moment, all emulations
12574 are compiled in. It might make sense to #ifdef them in the future,
12575 though this impeeds readability.
12578 * Makefile.in, configure, configure.in:
12579 rename systrace.c -> trace_systrace.c
12582 * parse.yacc, sudo.tab.c:
12583 Allow this to build with a K&R compiler again
12590 * compat.h, sudo.c, visudo.c:
12591 Use __attribute__((__noreturn__))
12595 Exit() takes a negative value to indicate it was not called via
12599 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
12604 * Makefile.in, visudo.c:
12605 Define Err() and Errx() that are like err() and errx() but call
12606 Exit() instead of exit(). Build private copy of alloc.o for visudo
12607 that calls Err() and Errx().
12610 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
12612 * lex.yy.c, sudo.tab.c:
12621 Overhaul visudo for editing multiple files: o visudo has been
12622 broken out into functions (more work needed here) o each file is
12623 now edited before sudoers is re-parsed o if a #include line is
12624 added that file will be edited too
12626 TODO: o cleanup temp files when exiting via err() or errx() o
12627 continue breaking things out into separate functions
12630 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
12631 Add keepopen arg to open_sudoers that open_sudoers can use to
12632 indicate to the caller that the fd should not be closed when it is
12633 done with it. To be used by visudo to keep locked fds from being
12634 closed prematurely (and thus losing the lock).
12637 * parse.yacc, sudo.c:
12638 Add errorfile global that contains the name of the file that caused
12643 return COMMENT to yacc grammar for a #include line
12647 Remove us of unput() in favor of yyless() which is cheaper.
12651 Allow an empty sudoers file.
12654 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
12657 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
12660 * lex.yy.c, sudo.tab.c:
12665 Do signal setup before calling edit_sudoers(). Don't shadow the
12670 If a sudoers file includes other files, edit those too. Does not yes
12671 deal with creating the new includes files itself.
12675 init_parser now takes a path
12678 * parse.c, parse.h, parse.lex, parse.yacc:
12679 More scaffolding for dealing with multiple sudoers files: o
12680 init_parser() now takes a path used to populate the sudoers global
12681 o the sudoers global is used to print the correct file in yyerror()
12682 o when switching to a new sudoers file, perserve old file name and
12686 * Makefile.in, pathnames.h.in:
12687 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
12688 multiple sudoers files.
12692 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
12693 we start at the right file position when reading include files.
12705 Add max depth of 128 for the include stack to avoid loops.
12707 Since yyerror() doesn't stop parsing, pass return values back to
12708 yylex and call yyterminate() on error.
12711 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
12718 Mention PREVENTING SHELL ESCAPES section of sudoers man page
12721 * lex.yy.c, sudo.tab.c:
12726 Add support for #include in sudoers (visudo support TBD)
12730 make yyerror()'s argument const
12733 * testsudoers.c, visudo.c:
12734 Add open_sudoers() stubs.
12738 Rename check_sudoers() open_sudoers() and make it return a FILE *
12741 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
12743 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
12748 * Makefile.in, sudo.psf:
12749 Better HP-UX depot construction
12752 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
12755 o Made children global so check_exec() can lookup a child. o
12756 Replaced uid in struct childinfo with struct passwd * (for runas) o
12757 new_child() now takes a parent pid so the runas info can be
12758 inherited o Added find_child() to lookup a child by its pid o
12759 update_child() now fills in a struct passwd o Converted the big
12760 if/else mess in set_policy to a switch o Syscalls that change uid
12761 are now "ask" so we get SYSTR_MSG_UGID events
12765 Add flag to sudo_pwdup that indicates whether or not to lookup the
12766 shadow password. Will be used to a struct passwd that has the
12767 shadow password already filled in.
12771 add missing increment of addr in read_string()
12775 Remove bogus call to update_child() and some cosmetic fixes
12779 Don't leak /dev/systrace fd to tracee Make initialized global for
12780 simplicity If STRIOCATTACH returns EBUSY we are already being traced
12781 Check for user_args == NULL in setproctitle() call Add missing calls
12786 g/c sudo_pwdup proto
12789 * Makefile.in, sudo.psf:
12790 Add target for building a depot file
12797 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
12799 * lex.yy.c, sudo.tab.c, sudo.tab.h:
12804 document --with-systrace
12807 * config.h.in, configure, configure.in:
12808 Add check for setproctitle
12812 pass struct str_msg_ask in to syscall checker so it can set the
12817 systrace(4) support for sudo. On systems with the systrace(4)
12818 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
12819 intercept exec calls and check the exec args against the sudoers
12820 file. In other words, sudo can now control subcommands and shell
12825 Call systrace_attach() if FLAG_TRACE is set.
12828 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
12829 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
12833 Don't close sudoers_fp, keep it open and set close on exec flag
12837 * def_data.c, def_data.h, def_data.in:
12846 SunOS /bin/sh blows up with configure
12849 * configure, configure.in:
12850 Include sys/param.h before systrace.h
12862 line up options in --help
12865 * config.h.in, configure.in:
12866 Add --with-systrace
12869 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
12875 * aclocal.m4, configure.in:
12876 make this work with autoconf-2.59
12879 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
12882 Simplify logic around open & stat of files and do sanity on edited
12883 file even if we lack fstat (still racable but worth doing).
12886 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
12894 [b84ebfaf1552] [SUDO_1_6_8p1]
12897 more changes for 1.6.8p1
12904 * CHANGES, sudo_edit.c:
12905 Add sanity check so we don't try to edit something other than a
12909 2004-09-15 Aaron Spangler <aaron777@gmail.com>
12916 document --with-ldap-conf-file
12919 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
12921 * CHANGES, ins_csops.h:
12922 political correctness strikes again
12929 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
12931 * Makefile.binary.in, Makefile.in:
12932 Install sudoedit man link
12936 Update PAM note and mention where HP-UX users can download gcc
12941 libtool wants to install stuff from .libs so fake one up for binary
12945 * Makefile.binary.in:
12946 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
12950 Deal with "uname -m" having slashes in it rm -f old sudoedit link
12951 instead of using ln -f
12954 * Makefile.binary, Makefile.binary.in:
12955 Makefile.binary -> Makefile.binary.in for config.status substitution
12956 Add support for installing noexec bits
12960 Copy noexec bits into binary dists too No longer use my old arch
12961 script for making binary dists
12965 Install sudoedit link.
12968 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
12971 avoid __P so there is no need for compat.h to be included
12975 Don't use HAVE_UTIME_H before including config.h.
12978 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
12981 Fix Solatis futimes macro
12984 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
12987 Rename ots -> omtim for improved readability.
12990 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
12993 Redo changes in revision 1.7. Don't really need to keep the temp
12994 file open; re-opening it with the invoking user's euid is
13002 * sudo.cat, sudo.man.in:
13007 back out revision 1.70; it is no long applicable
13011 Let the loader initialize nep
13014 * config.h.in, configure, configure.in:
13015 Removed unneed check for fchown Add check for gettimeofday Move
13016 autoheader template stuff into separate AH_TEMPLATE lines
13019 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
13020 Use timespec throughout.
13028 function to return the current time in a struct timespec
13032 Not a darpa-sponsored file.
13035 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
13037 * compat.h, config.h.in, configure, configure.in:
13038 Add a check for struct timespec and provide it for those without.
13041 * config.h.in, configure, configure.in, sudo_edit.c:
13042 Add checks for st_mtim and st_mtimespec and add macros for pulling
13043 the mtime sec and nsec out of struct stat. These are used in
13044 sudo_edit() to better tell whether or not the file has changed.
13047 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
13048 Add an extra param to touch() for nsec
13052 Call mkstemp() as the in invoking user so we don't have to chown the
13053 file later. Only touch() the temp file if we can do it via the file
13054 descriptor. Don't check for modification of the temp file if we lack
13055 fstat(). Catch errors read()ing the temp file.
13059 If path is NULL and fd == -1 return -1.
13063 closefrom() is overkill, the only extra fds are the ones we opened
13064 so just close those in the child.
13067 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
13068 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
13070 Use utimes() and futimes() instead of utime() in touch(), emulating
13071 as needed. Not all systems are able to support setting the times of
13072 an fd so touch() takes both an fd and a file name as arguments.
13075 2004-09-07 Aaron Spangler <aaron777@gmail.com>
13081 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
13083 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13088 * sudo.pod, sudoers.pod, visudo.pod:
13089 Add SUPPORT section and re-order some of the sections to match the
13090 order we use in OpenBSD.
13093 2004-09-06 Aaron Spangler <aaron777@gmail.com>
13096 Openldap ~/.ldaprc fix
13099 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
13102 Talk about how the editor must write its changes to the original
13103 file and not just use rename(2).
13111 Keep the temp file open instead of re-opening after the editor has
13116 Update for current redhat/fedora core.
13119 2004-09-03 Aaron Spangler <aaron777@gmail.com>
13125 2004-09-02 Aaron Spangler <aaron777@gmail.com>
13128 config tls_* options
13131 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
13133 * configure, configure.in:
13134 No need for -lcrypt when using pam.
13137 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
13143 2004-08-27 Aaron Spangler <aaron777@gmail.com>
13145 * configure.in, ldap.c, pathnames.h.in:
13146 Allow --with-ldap-conf-file option to override LDAP_CONF
13150 cleanup debug message
13153 2004-08-26 Aaron Spangler <aaron777@gmail.com>
13159 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
13161 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
13162 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
13163 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
13164 longer use gross statics in command_matches(). Also rename some
13165 variables for improved clarity.
13168 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
13171 document HP's crippled compiler deficiency.
13175 Fix some thinkos in --with-editor and --with-env-editor
13176 descriptions. Noticed by Norihiko Murase.
13179 * configure, configure.in:
13180 --with-noexec takes an optional PATH argument.
13184 document --with-noexec
13187 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
13191 [f2503bd13373] [SUDO_1_6_8]
13194 Better warning message when sudoedit is unable to write to the
13198 * sudo.cat, sudo.man.in:
13203 Don't italicize the string "sudoedit"
13206 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
13212 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
13219 Reset used_runas to FALSE when re-intializing the parser.
13222 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
13225 Correct OpenBSD mips support
13232 2004-08-07 Aaron Spangler <aaron777@gmail.com>
13235 More behavior notes
13239 Updates on current behavior
13242 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
13245 =back does not take an indentlevel (makes no difference to formatted
13250 =back does not take an indentlevel (makes no difference to formatted
13259 Consistency. Use same error for bad -u #uid when targetpw is set as
13260 we do when a bad -u username is specified.
13264 Add checksum idea from Steve Mancini
13267 * sudoers.cat, sudoers.man.in:
13271 * sudo.cat, sudo.man.in:
13275 * sudo.pod, sudoers.pod:
13276 Document the restriction on uids specified via -u when targetpw is
13281 Error out when targetpw is enabled and sudo is run with -u #uid but
13282 #uid does not exist in the passwd database. We can't do target
13283 authentication when the target is not in passwd!
13286 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
13291 Some more todo for the next release.
13295 Make it clear that PAM should be used for DCE support when possible.
13299 o Document problems with wildcards and relative paths. o Make the
13300 order requirements more prominent. o Change a "set" to "reset" for
13304 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
13307 Mention --with-secure-path, not SECURE_PATH.
13310 2004-08-03 Aaron Spangler <aaron777@gmail.com>
13313 reflect changes to parse.c
13316 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
13322 * parse.c, parse.h, testsudoers.c, visudo.c:
13323 Don't pass user_cmnd and user_args to command_matches(), just use
13324 the globals there. Since we keep state with statics anyway it is
13325 misleading to pretend that passing in different cmnd and cmnd_args
13330 Don't pass user_cmnd and user_args to command_matches(), just use
13331 the globals there. Since we keep state with statics anyway it is
13332 misleading to pretend that passing in different cmnd and cmnd_args
13337 Fix a bug introduced in rev. 1.149. When checking for pseudo-
13338 commands check for a '/' anywhere in cmnd, not just the first
13342 2004-07-31 Aaron Spangler <aaron777@gmail.com>
13344 * sudo.man.in, sudo.pod:
13345 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
13348 * sudoers.man.in, sudoers.pod:
13349 Add ignore_local_sudoers
13353 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
13357 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
13363 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
13370 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
13371 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
13374 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
13380 2004-07-08 Aaron Spangler <aaron777@gmail.com>
13383 Better debugging of ALL command
13386 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
13389 When matching for "sudoedit" in sudoers check both the command the
13390 user typed *and* the command that is listed in the sudoers entry.
13393 2004-07-04 Aaron Spangler <aaron777@gmail.com>
13396 Added !command feature
13399 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
13402 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
13405 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
13408 License is ISC-style, not BSD-style
13415 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
13417 * sudo.cat, sudo.man.in:
13422 o Update some out of date bits to reality o Change the shell promt
13423 in examples to bourne-shell style o Clarify some details o Add a
13424 CAVEAT about "sudo cd /foo"
13428 Don't ask for a password if invoking user == target user.
13435 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
13437 * sudoers.cat, sudoers.man.in:
13442 Expand on NOEXEC a little.
13449 * visudo.cat, visudo.man.in:
13458 Add a check in visudo for runas_default being set after it has
13462 * CHANGES, parse.yacc, visudo.c:
13463 Add a check in visudo for runas_default being set after it has
13472 Add a MATCHED macro for testing whether foo_matches has been set to
13473 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
13474 Doesn't change the actual code generated.
13477 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
13488 Correct description of where Defaults specs should go.
13492 Correct description of where Defaults specs should go.
13495 * testsudoers.c, visudo.c:
13515 * auth/bsdauth.c, auth/kerb5.c:
13519 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
13525 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
13526 Remove trailing spaces, no actual code changes.
13530 Remove trailing spaces, no actual code changes.
13533 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
13534 Remove trailing spaces, no actual code changes.
13538 Remove trailing spaces, no actual code changes.
13542 Remove trailing spaces, no actual code changes.
13545 * compat.h, defaults.c, env.c:
13546 Remove trailing spaces, no actual code changes.
13550 Remove trailing spaces, no actual code changes.
13558 Fix a >=0 that should be <0 that was improperly converted when
13563 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
13564 NOMATCH when resetting it.
13568 Fix pastos introduced in SETNMATCH addition.
13571 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
13574 Update for configure changes
13582 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
13583 these in parse.yacc. Also in parse.yacc initialize the *_matches
13584 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
13585 when setting *_matches to a value that may be
13586 NOMATCH/UNSPEC/TRUE/FALSE.
13590 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
13591 these in parse.yacc. Also in parse.yacc initialize the *_matches
13592 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
13593 when setting *_matches to a value that may be
13594 NOMATCH/UNSPEC/TRUE/FALSE.
13598 Initialize runas to -2, not -1 since we need to be able to
13599 distinguish between the initialized value and the value of a non-
13600 match when passing along the runas value to multiple commands.
13602 The result of this is that an unmatched runas is now set to -1, not
13603 0. This is required now that parse.c treats a FALSE value for runas
13604 as being explicitly denied.
13607 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
13609 * sudo.c, visudo.c:
13610 Error out if argc < 1.
13614 Error out if argc < 1.
13617 * configure, configure.in:
13618 Add tests for what libs we need to link with for ldap and for
13619 whether or not lber.h needs to be explicitly included.
13622 2004-06-03 Aaron Spangler <aaron777@gmail.com>
13625 Solaris native LDAP build fix
13628 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
13631 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
13636 Add prototype for sudo_ldap_list_matches
13639 * configure, configure.in:
13640 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
13641 version too. Added check for dd_fd in `DIR' if no dirfd is found;
13642 this is now used to confitionally define the dirfd macro in
13647 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
13648 version too. Added check for dd_fd in `DIR' if no dirfd is found;
13649 this is now used to confitionally define the dirfd macro in
13654 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
13655 version too. Added check for dd_fd in `DIR' if no dirfd is found;
13656 this is now used to confitionally define the dirfd macro in
13661 Only check /proc/$$/fd if we have the dirfd function/macro.
13664 * compat.h, config.h.in, configure, configure.in:
13665 Add a check for a dirfd() function (like Linux) and add a dirfd
13666 macro in compat.h if there is no dirfd() function or macro.
13669 * closefrom.c, getcwd.c:
13670 dirfd() is now defined in compat.h as needed.
13674 Clarify closefrom() note.
13678 When checking for a command in the directory, only copy the base dir
13683 If there is a /proc/$$/fd directory, behave like the Solaris
13684 closefrom() and only close the descriptors listed therein.
13688 compat.h guarantees INT_MAX is defined.
13692 Add definitions of OPEN_MAX and INT_MAX for those without it and
13693 remove definition of RLIM_INFINITY (now unused).
13696 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
13697 sudo.c, sudo.h, visudo.c:
13698 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
13701 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
13708 Add some entries that were mailed in a while ago
13712 o sysconf returns a long, not an int. o check for negative return
13713 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
13714 define OPEN_MAX to 256 for those without it (a fair guess...)
13717 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
13720 Mention change in parse order for RunAs entries.
13727 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
13729 * INSTALL, README.LDAP, config.h.in, configure.in:
13730 o --with-ldap now takes an optional dir as a parameter o added
13731 check for ldap_initialize() and start_tls_s()
13735 Fix some typos, word choice and formatting issues.
13738 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
13741 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
13742 read/write as it is simpler.
13745 * configure, configure.in:
13746 Remove hack overriding cross-compiler check. It should no longer be
13751 Remove select() compat bits since we no longer use select().
13754 * CHANGES, tgetpass.c:
13755 Use alarm() instead of select() for the timeout for systems that
13756 don't fully/properly implement select().
13759 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
13770 Deal with systems that have no way of setting the effective uid such
13774 * configure, configure.in:
13775 Define NO_SAVED_IDS if we don't find seteuid()
13778 * config.h.in, configure, configure.in:
13779 Add back check for setreuid() since NSK doesn't have it.
13782 * sudoers.cat, sudoers.man.in:
13795 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
13796 explicitly denied and the command matched. This fixes a long-
13797 standing bug and makes: foo machine = (ALL) /usr/bin/blah
13798 foo machine = (!bar) /usr/bin/blah
13800 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
13804 Clarify mail_noperm
13807 2004-05-20 Aaron Spangler <aaron777@gmail.com>
13810 Missing DESTDIR in make install for sudo_noexec.la
13813 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
13815 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13825 Remove fastboot/fasthalt (who still remembers these?) and add a
13826 minimal sudoedit example.
13830 Remove fastboot/fasthalt (who still remembers these?) and add a
13831 minimal sudoedit example.
13834 * UPGRADE, sudo.c, visudo.c:
13835 filesystem -> file system
13839 filesystem -> file system
13842 * CHANGES, INSTALL:
13843 filesystem -> file system
13846 * sudo.pod, sudoers.pod:
13847 Fix some minor typos and formatting goofs
13855 remove my email addr
13858 * sudo.pod, sudoers.pod, visudo.pod:
13859 Use @mansectform@ and @mansectsu@ everywhere Make man page
13860 references links with L<>
13864 Accept quoted globbing characters and pass them verbatim for
13869 Document that /tmp/.odus is gone.
13873 No longer use /tmp/.odus as a possible timestamp dir unless
13874 specifically configured to do so. Instead, if no /var/run exists,
13875 use /var/adm/sudo or /usr/adm/sudo.
13879 No longer use /tmp/.odus as a possible timestamp dir unless
13880 specifically configured to do so. Instead, if no /var/run exists,
13881 use /var/adm/sudo or /usr/adm/sudo.
13885 No longer use /tmp/.odus as a possible timestamp dir unless
13886 specifically configured to do so. Instead, if no /var/run exists,
13887 use /var/adm/sudo or /usr/adm/sudo.
13891 No longer use /tmp/.odus as a possible timestamp dir unless
13892 specifically configured to do so. Instead, if no /var/run exists,
13893 use /var/adm/sudo or /usr/adm/sudo.
13896 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
13897 Preliminary changes to support nsr-tandem-nsk. Based on patches
13902 Preliminary changes to support nsr-tandem-nsk. Based on patches
13906 * check.c, compat.h:
13907 Preliminary changes to support nsr-tandem-nsk. Based on patches
13911 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
13914 There was no 1.6.7p6.
13922 add missing files to DISTFILES
13925 * sudo.cat, sudoers.cat, visudo.cat:
13934 Fix some line wrap and update (c) year
13937 2004-04-28 Aaron Spangler <aaron777@gmail.com>
13943 2004-04-07 Aaron Spangler <aaron777@gmail.com>
13949 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
13956 In Exit() when used as a signal handler, emsg is a pointer so
13957 sizeof() is wrong so make it a #define instead. Also avoid using a
13958 negative exit value. Found by Aaron Campbell
13961 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
13964 Remove bogus sentence about uids in a User_List. Document usernames
13965 vs. uid parsing in a Runas_List.
13968 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
13969 If the user specified a uid with the -u flag and the uid exists in
13970 the passwd file, set runas_user to the name, not the uid.
13972 When comparing usernames in sudoers, if a name is really a uid
13973 (starts with '#') compare it numerically to pw_uid.
13976 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
13979 krb5_mcc_ops should be const; Johnny C. Lam
13982 2004-02-28 Aaron Spangler <aaron777@gmail.com>
13984 * CHANGES, config.h.in, ldap.c:
13985 Added start_tls support
13988 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
13991 Clean up libtool stuff for 'make distclean' and add def_data.c,
13992 def_data.h to PARSESRCS.
13995 2004-02-14 Aaron Spangler <aaron777@gmail.com>
13997 * strlcat.c, strlcpy.c:
13998 Un-Fix last license munge
14001 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
14007 * CHANGES, RUNSON, TODO:
14011 * lex.yy.c, sudo.tab.c:
14015 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
14016 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
14017 emul/search.h, emul/utime.h:
14018 More to a less restrictive, ISC-style license.
14021 * auth/kerb5.c, auth/pam.c:
14022 More to a less restrictive, ISC-style license.
14025 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
14026 More to a less restrictive, ISC-style license.
14030 More to a less restrictive, ISC-style license.
14033 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
14034 More to a less restrictive, ISC-style license.
14037 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
14038 visudo.man.in, visudo.pod:
14039 More to a less restrictive, ISC-style license.
14043 More to a less restrictive, ISC-style license.
14046 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
14048 More to a less restrictive, ISC-style license.
14051 * sigaction.c, strerror.c:
14052 More to a less restrictive, ISC-style license.
14055 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
14057 More to a less restrictive, ISC-style license.
14060 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
14061 ins_goons.h, insults.h, interfaces.c, interfaces.h:
14062 More to a less restrictive, ISC-style license.
14065 * find_path.c, getprogname.c:
14066 More to a less restrictive, ISC-style license.
14070 More to a less restrictive, ISC-style license.
14074 More to a less restrictive, ISC-style license.
14078 More to a less restrictive, ISC-style license.
14081 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
14083 More to a less restrictive, ISC-style license.
14086 * utime.c, version.h:
14087 More to a less restrictive, ISC-style license.
14090 * parse.lex, parse.yacc:
14091 More to a less restrictive, ISC-style license.
14095 More to a less restrictive, ISC-style license.
14098 2004-02-13 Aaron Spangler <aaron777@gmail.com>
14101 Merged in LDAP Support
14104 * ldap.c, sudo.c, sudo.h:
14105 Merged in LDAP Support
14108 * def_data.c, def_data.h, def_data.in:
14109 Merged in LDAP Support
14112 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
14113 Merged in LDAP Support
14116 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
14118 * sudo.h, sudo_noexec.c:
14119 Only do "extern int errno" if errno is not a macro.
14122 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
14125 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
14126 euid first, then just call setuid(0) to set the real uid too.
14130 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
14131 instead of seteuid() which may not exist.
14134 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
14140 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
14141 Add --with-pc-insults configure option
14145 Prefer VISUAL over EDITOR like old vipw did.
14148 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
14150 * sudo.man.in, sudoers.man.in:
14155 Add a note that noexec is not a cure-all.
14159 Mention that disabling "root_sudo" is pretty pointless.
14162 * configure, configure.in:
14163 Substitute for root_sudo in sudoers.pod
14167 Add sudoedit to the NAME section
14171 Document that fact that setting ignore_dot in sudoers has no effect
14172 due to the fact that find_path() is called *before* sudoers is read.
14175 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
14178 Do not require _PATH_USRTMP to be set.
14181 * BUGS, CHANGES, TODO:
14190 Clarify that when sudo is run by root with the SUDO_USER variable
14191 set, the sudoers lookup happens for root and not the SUDO_USER user.
14194 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
14196 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
14197 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
14198 Use the SET, CLR and ISSET macros.
14202 Use the SET, CLR and ISSET macros.
14205 * defaults.c, env.c:
14206 Use the SET, CLR and ISSET macros.
14210 MAIN was replaced with _SUDO_MAIN some time ago.
14214 Don't look at prev_user until after we've parsed sudoers and done
14215 the password check. That way, if sudo/sudoedit is run from a root
14216 process that was invoked by sudo, we check sudoers for root, not the
14217 previous user. This makes sudoedit much more useful and means that
14218 for the sudo case, we get correct logging on who actually ran the
14222 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
14225 Add a comment describing why we need to be notified about our child
14229 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
14231 * def_data.c, def_data.in:
14232 Update the noexec variable descriptions
14235 * sudoers.man.in, sudoers.pod:
14236 noexec now replaces more than just execve()
14240 Alas, all the world does not go through execve(2). Many systems
14241 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
14242 and it is not uncommon for libc to have underscore ('_') versions of
14243 the functions to be used internally by the library. Instead of
14244 stubbing all these out by hand, define a macro and let it do the
14245 work. Extra exec functions pointed out by Reznic Valery.
14248 * sudo.c, sudo_edit.c:
14249 Fix suspending the editor in -e mode. Because we do a fork() first
14250 we need to be notified when the child has been stopped and then send
14251 that same signal to ourself so the shell can do its job control
14256 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
14257 there that want to run sudo that still don't support these we can
14258 try to deal with that later.
14265 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
14266 Document sudo -e / sudoedit
14269 * configure, configure.in:
14273 * config.h.in, configure.in:
14277 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
14280 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
14281 long usage() line to not wrap (assumes 80 char display)
14284 * Makefile.in, sudo.c:
14285 If sudo is invoked as "sudoedit" the -e flag is implied and no other
14286 flags are permitted.
14290 Add a new flag, -e, that makes it possible to give users the ability
14291 to edit files with the editor of their choice as the invoking user,
14292 not the runas user. Temporary files are used for the actual edit
14293 and the temp file is copied over the original after the editor is
14297 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
14298 Add a new flag, -e, that makes it possible to give users the ability
14299 to edit files with the editor of their choice as the invoking user,
14300 not the runas user. Temporary files are used for the actual edit
14301 and the temp file is copied over the original after the editor is
14306 If real uid == 0 and the SUDO_USER environment variables is set, use
14307 that to determine the invoking user's true identity. That way the
14308 proper info gets logged by someone who has done "sudo su" but still
14309 uses sudo to as root. We can't do this for non-root users since
14310 that would open up a security hole, though perhaps it would be
14311 acceptable to use getlogin(2) on OSes where this a system call (and
14312 doesn't just look in the utmp file).
14316 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
14319 * config.h.in, configure, configure.in:
14320 Add check for fchown(2)
14323 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
14326 Back out portions of the -i commit that set NewArgv[0] in
14327 set_runaspw. It is far to late to set NewArgv[0] there and will have
14328 no effect anyway as cmnd and safe_cmnd have already been set.
14331 * visudo.c, visudo.pod:
14332 Prefer VISUAL over EDITOR like old vipw did.
14335 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
14338 In -i mode always set new environment based on the runas user's
14342 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
14344 * sudo.man.in, sudo.pod:
14345 Document the new -i flag and sync SYNOPSIS section with usage() in
14346 sudo.c. Also sort the flags in the OPTIONS section.
14350 o Add -i that acts similar to "su -", based on patches from David J.
14351 MacKenzie o Sort the flags in the usage message
14354 * sudoers.man.in, sudoers.pod:
14355 Add a missing @runas_default@ substitution.
14358 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
14361 Change euid to runas user before calling find_path().
14362 Unfortunately, though runas_user can be modified in sudoers we
14363 haven't parsed sudoers yet.
14366 * sudoers.man.in, sudoers.pod:
14367 Add missing defintion of Parameter_List and use single pipes in the
14368 Defaults EBNF definition.
14372 Fix a bug when set_runaspw() is used as a callback. We don't want
14373 to reset the contents of runas_pw if the user specified a user via
14376 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
14377 already have the info in runas_pw.
14380 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
14383 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
14387 Update sudo_getepw() proto and add one for set_runaspw()
14391 If we can't stat the command as root, try as the runas user instead.
14394 * testsudoers.c, visudo.c:
14395 Add stub set_runaspw() function
14399 Add set_runaspw() function to fill in runas_pw. This will be used
14400 as a callback to update runas_pw when the runas user changes.
14404 PERM_RUNAS -> PERM_FULL_RUNAS
14407 * set_perms.c, sudo.h:
14408 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
14413 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
14414 one chunk for easy free()ing. Also change it from static to extern.
14417 * defaults.c, defaults.h:
14418 Add callback support
14422 Add a callback field and use it for runas_default
14425 * def_data.c, def_data.in:
14426 Add a callback field and use it for runas_default
14429 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
14432 Add support for chalnecho and display server responses used by fwtk
14436 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
14438 * sudoers.man.in, sudoers.pod:
14439 ld.so is ld.so.1 on solaris
14442 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
14443 Use closefrom() instead of doing the equivalent inline.
14447 closefrom(3) for systems w/o it
14450 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
14453 Update from .pod file.
14456 * configure, configure.in:
14457 Substitute noexec_file for the sudoers man page
14460 * sudo.man.in, sudo.pod:
14464 * sudoers.man.in, sudoers.pod:
14468 * auth/pam.c, config.h.in, configure.in:
14469 Move PAM_CONST macro definition from config.h to pam.c where it
14470 belongs. We can't have this in config.h since that gets included too
14474 * auth/pam.c, config.h.in, configure, configure.in:
14475 Some PAM implementations put their headers in /usr/include/pam
14476 instead of /usr/include/security.
14480 I missed changing the EXEC macro -> EXECV here when I changed this
14481 in config.h.in and sudo.c a while ago.
14485 OpenBSD vax/m88k/hppa don't do shared libs
14488 * configure, configure.in:
14489 o merge the hpux case entries into a single entry w/ its own sub-
14490 case statement. o HP-UX >= 11 support getspnam(), use it in
14491 preference to getprpwuid()
14494 * configure, configure.in:
14495 eval $shrext so that it expands nicely on MacOS X
14499 Don't lie about making a module, it does the wrong thing on mach
14503 Remove requirement that libs must begin with "lib". They don't when
14504 we point directly at the lib using LD_PRELOAD or its equivalent.
14508 Disable support for c++, f77 and java. We don't need it, it takes a
14509 lot of time, and it hosed our check for shared lib support.
14517 Call AC_ENABLE_SHARED and check the status of enable_shared to know
14518 when shared libs are available.
14522 Duh, OpenBSD suports shared libs too
14525 * config.h.in, configure.in:
14526 Only OpenPAM and Linux PAM use const qualifiers.
14529 * configure, configure.in:
14530 o No need to check for sed, libtool config does that for us o move
14531 check for --with-noexec until after libtool magic is run so we can
14532 use $can_build_shared and $shrext
14536 Don't print a bunch of crap about library installs since we are not
14537 really installing a library.
14541 Make format_env() varargs Add noexec support for Darwin, MacOS X,
14545 * acsite.m4, ltconfig, ltmain.sh:
14546 Update to libtool 1.5 with local changes: o no ldconfig in the
14547 finish step o assume no libprefix or version is needed
14551 Fix compilation under K&R
14554 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
14561 stub execve() that just returns EACCES; used for noexec
14566 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
14571 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
14575 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
14577 * def_data.c, def_data.h, def_data.in:
14578 Move the environment defaults to the end and shorten a few of the
14582 * configure, configure.in:
14583 no shared libs on ultris or convexos
14586 * Makefile.in, configure, configure.in:
14587 Build sudo_noexec shared object using libtool; could use some
14591 * acsite.m4, ltconfig, ltmain.sh:
14592 libtool scaffolding
14595 * parse.yacc, sudo.tab.c:
14596 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
14600 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
14601 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
14602 update copyright year
14605 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
14606 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
14607 option. The default value of noexec_file is set to this.
14610 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
14611 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
14613 Add support for preloading a shared object containing a dummy
14614 execve() function that just sets error and returns -1. This adds a
14615 "noexec_file" option to load the filename as well as a "noexec" flag
14616 to enable it unconditionally. There is also a NOEXEC tag that can
14617 be attached to specific commands and an EXEC tag to disable it.
14621 add missing newline to usage statement
14624 * config.h.in, sudo.c:
14625 Rename EXEC macro -> EXECV
14629 Don't truncate usernames to 8 characters in the log message.
14632 * check.c, sudoers.man.in, sudoers.pod:
14633 Update copyright year
14636 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
14638 Add a new option, lecture_file, that can be used to point to a
14639 custom sudo lecture.
14642 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
14644 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
14646 Add a zero_bytes() function to do the equivalent of bzero in such a
14647 way that will heopfully not be optimized away by sneaky compilers.
14651 Add a zero_bytes() function to do the equivalent of bzero in such a
14652 way that will heopfully not be optimized away by sneaky compilers.
14655 * Makefile.in, sudo.h:
14656 Add a zero_bytes() function to do the equivalent of bzero in such a
14657 way that will heopfully not be optimized away by sneaky compilers.
14661 Use #ifdef __STDC__, not #if __STDC__.
14664 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
14667 Always put at least one space between the def_* macro name and its
14671 * configure, configure.in:
14672 Adjust code for --without-lecture to match new values.
14676 regen after pasto fix
14679 * sudoers.man.in, sudoers.pod:
14680 Document that "lecture" has changed from a flag to a tuple.
14683 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
14684 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
14685 Add support for tuples in def_data.in; these are implemented as an
14686 enum type. Currently there is only a single tuple enum but in the
14687 future we may have one tuple enum per T_TUPLE entry in def_data.in.
14688 Currently listpw, verifypw and lecture are tuples. This avoids the
14689 need to have two entries (one ival, one str) for pwflags and syslog
14692 lecture is now a tuple with the following values: never, once,
14695 We no longer use both an int and string entry for syslog facilities
14696 and priorities. Instead, there are logfac2str() and logpri2str()
14697 functions that get used when we need to print the string values.
14700 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
14701 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
14702 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
14703 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
14704 sudo.tab.c, visudo.c:
14705 Create def_* macros for each defaults value so we no longer need the
14706 def_{flag,ival,str,list,mode} macros (which have been removed). This
14707 is a step toward more flexible data types in def_data.in.
14714 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
14717 If we are in -k/-K mode, just spew to stderr. It is not unusual for
14718 users to place "sudo -k" in a .logout file which can cause sudo to
14719 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
14720 Previously, this would result in useless mail and logging.
14723 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
14726 fix pasto in VISUAL description
14729 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
14740 Some OSes (like Solaris) allow export w/ nosuid too
14743 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
14746 We don't use FD_ZERO anymore so just define FD_SET (if not already
14750 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
14753 Fix a core dump on Solaris by preserving the pam_handle_t we used
14754 during authentication for pam_prep_user(). If we didn't
14755 authenticate (ie: ticket still valid), we call pam_init() from
14756 pam_prep_user(). This is something of a hack; it may be better to
14757 change the auth API and add an auth_final() function that acts like
14761 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
14764 Add explicit declaration of printerr variable in function header
14765 (was defaulting to int which is OK but oh so K&R :-). From Theo.
14768 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
14770 * config.h.in, configure.in:
14771 s/HAVE_STOW/USE_STOW/
14775 Also exit waitpid() loop when pid == 0. Fixes a problem where the
14776 sudo process would spin eating up CPU until sendmail finished when
14777 it has to send mail.
14780 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
14783 Remove advertising clause, UCB has disavowed it
14787 Remove advertising clause, UCB has disavowed it
14790 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
14793 Don't assume that getgrnam() calls don't modify contents of struct
14794 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
14795 Based on a patch from Kirk Webb.
14798 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
14805 darwin has a broken setreuid() in at least some versions
14809 Fix an off by one error when reallocating the environment; Kevin Pye
14812 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
14815 Fix User_Spec definition; SEKINE Tatsuo
14818 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
14821 More info on the early days from Coggs.
14824 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
14827 remove errant semicolon that prevented compilation under heimdal
14830 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
14832 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
14833 add DARPA credit on affected files
14837 add DARPA credit on affected files
14840 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
14842 add DARPA credit on affected files
14846 add DARPA credit on affected files
14850 add DARPA credit on affected files
14853 * logging.c, parse.c:
14854 add DARPA credit on affected files
14857 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
14858 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
14859 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
14861 add DARPA credit on affected files
14864 * auth/kerb5.c, auth/pam.c:
14865 add DARPA credit on affected files
14868 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
14869 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
14871 add DARPA credit on affected files
14875 add DARPA credit on affected files
14878 * defaults.c, defaults.h:
14879 add DARPA credit on affected files
14883 add DARPA credit on affected files
14886 * Makefile.in, alloc.c, check.c:
14887 add DARPA credit on affected files
14891 slightly different wording for the darpa credit
14894 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
14900 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
14903 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
14904 Kerberos like we did before I messed things up ;-)
14906 Use krb5_principal_get_comp_string() to do the same thing w/
14907 Heimdal. I'm not sure if the component should be 0 or 1 in this
14910 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
14911 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
14912 should be a configure check for this I guess.
14915 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
14918 builtin -> built-in; Jason McIntyre
14921 * TROUBLESHOOTING, config.h.in, configure, configure.in:
14922 builtin -> built-in; Jason McIntyre
14926 built in -> built-in; Jason McIntyre
14929 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
14932 checkpoint for 1.6.7p3
14936 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
14937 Amazingly, sudo source from 1985 is available via groups.google.com
14941 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
14942 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
14943 RLIMIT_CORE restoration on some OSes.
14946 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
14949 Make this compile on Heimdal and MIT Kerberos 5
14952 * config.h.in, configure, configure.in:
14953 Check for heimdal even if we found krb5-config and define
14958 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
14959 no longer defined by MIT kerb5 (though it used to be and indeed
14960 remains so in Heimdal).
14963 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
14966 Remove newer stuff that passes multiple (possibly duplicate)
14967 directories to "mkdir -p" since that seems to break on Tru64 Unix at
14968 least. This basically brings back what shipped with sudo 1.6.6.
14971 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
14974 Correct number of args to krb5_principal_get_realm() and fix an
14975 unclosed comment that hid the bug.
15002 * CHANGES, version.h:
15011 use krb5-config to determine Kerberos V details if it exists
15014 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
15015 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
15016 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
15017 testsudoers.c, visudo.c:
15018 Use warn/err and getprogname() throughout. The main exception is
15019 openlog(). Since the admin may be filtering logs based on the
15020 program name in the log files, hard code this to "sudo".
15024 Add getprogname.c and err.c
15031 * config.h.in, configure.in:
15032 Add checks for getprognam(), __progname and err.h
15036 For systems withour err/warn functions.
15040 For systems withour err/warn functions.
15044 For systems neither getprogname() nor __progname; uses Argv[0].
15047 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
15050 checkpoint for 1.6.7p1
15053 * sudo.c, testsudoers.c:
15054 fix strlcpy() rval check (innocuous)
15058 oflow detection in expand_prompt() was faulty (false positives). The
15059 count was based on strlcat() return value which includes the length
15060 of the entire string.
15063 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
15066 checkpoint for the sudo 1.6.7 release
15067 [096bab4da29a] [SUDO_1_6_7]
15070 checkpoint for the sudo 1.6.7 release
15073 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
15076 g/c unused variable
15084 use man sections 8 and 5 for csops
15087 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
15094 Add -lskey or -lopie directly to SUDO_LIBS instead of having
15095 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
15103 Add --with-blibpath for AIX. An alternate libpath may be specified
15105 -blibpath support can be disabled. Also change conifgure such that
15106 -blibpath is not specified if no -L libpaths were added to
15111 Add --with-blibpath for AIX. An alternate libpath may be specified
15113 -blibpath support can be disabled. Also change conifgure such that
15114 -blibpath is not specified if no -L libpaths were added to
15119 Add --with-blibpath for AIX. An alternate libpath may be specified
15121 -blibpath support can be disabled. Also change conifgure such that
15122 -blibpath is not specified if no -L libpaths were added to
15127 add AIX blibpath support
15130 * INSTALL, configure.in:
15131 --with-skey and --with-opie now take an option directory argument
15132 This obsoletes a --with-csops hack (/tools/cs/skey)
15134 Also remove the remaining direct uses of "echo"
15137 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
15140 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
15141 for KTH Kerberos IV and V.
15145 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
15146 -R/path/to/dir if $with_rpath) to the specified variable.
15149 * INSTALL, configure.in:
15150 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
15151 option, --with-rpath to control this behavior.
15155 for kerb4 put libdes after libkrb on the link line
15163 fix kerberos lib check when a path is specified
15167 Fix boolean thinko in SIGCHLD reaper and call reapchild after
15168 sending mail instead of doing a conditional sudo_waitpid.
15171 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
15178 replace =DIR with [=DIR] where sensible
15182 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
15183 detection based on openssh's configure.in
15187 --with-kerb4 and --with-kerb5 now take an optional argument.
15190 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
15193 Kill remaining strcpy(), the programmer's guide says username is 32
15198 trat uid_t as unsigned long for printf and use snprintf, not sprintf
15205 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
15207 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
15208 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
15209 auth/rfc1938.c, auth/sudo_auth.c:
15210 update copyright year
15213 * sudo.man.in, sudoers.man.in, visudo.man.in:
15214 update copyright year
15217 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
15218 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
15219 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
15220 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
15221 update copyright year
15224 * check.c, env.c, sudo.c:
15225 Cast [ug]ids to unsigned long and printf with %lu
15233 correct error messages for --with-sudoers-{mode,uid,gid}
15237 make the malloc(0) error specific to each function to aid tracking
15242 deal with platforms where size_t is signed and there is no SIZE_MAX
15247 Make this compile w/ Heimdal and fix some gcc warnings.
15251 Use stat_sudoers macro so --with-stow can work
15254 * INSTALL, config.h.in, configure, configure.in:
15255 Add support for --with-stow based on patches from Robert Uhl
15271 use strlcpy, not strncpy
15275 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
15282 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
15284 * strlcat.c, strlcpy.c:
15285 Make gcc shutup about unused rcsid
15289 Move the n == 0 check for the non-getifaddrs cas
15293 skeychallenge() on NetBSD take a size parameter
15301 put -ldl after -lpam, not before; fixes static linking on Linux
15305 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
15309 * sudo.cat, sudoers.cat, visudo.cat:
15313 * sudo.man.in, sudoers.man.in, visudo.man.in:
15318 Preserve copyright notice from .pod file in .man.in file
15322 Add sudoers(5) to SEE ALSO
15325 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
15332 Don't assume libc can realloc() a NULL string. If malloc/realloc
15333 fails, make sure we just return; yyerror() is not terminal.
15341 simplify fill_args a little and use strlcpy for paranoia
15348 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
15350 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
15351 cases the strings were either pre-allocated to the correct size of
15352 length checks were done before the copy but a little paranoia can go
15357 Add strlc{at,py} protos
15360 * env.c, interfaces.c:
15369 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
15370 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
15374 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
15379 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
15382 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
15385 Use snprintf() for paranoia
15389 Use emalloc2 and erealloc3
15393 strlc{at,py} for those w/o it
15396 * strlcat.c, strlcpy.c:
15397 stlc{at,py} for those w/o it.
15400 * config.h.in, configure, configure.in:
15401 Add stlc{at,py} for those w/o it.
15405 Add erealloc3(), a realloc() version of emalloc2().
15408 * interfaces.c, sudo.c:
15409 Use emalloc2() to allocate N things of a certain size.
15413 Add emalloc2() -- like calloc() but w/o the bzero and with
15414 error/oflow checking.
15418 Error out on malloc(0); suggested by theo
15421 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
15423 * configure, configure.in:
15424 fix a typo; David Krause
15427 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
15433 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
15436 Remove DYLD_ from the environment for MacOS X; from bbraun
15439 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
15441 * config.h.in, configure.in:
15442 not not; Anil Madhavapeddy
15445 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
15447 * sudo.pod, sudoers.pod, visudo.pod:
15448 typos; jmc@openbsd.org
15451 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
15454 Add some missing ';' rule terminators that bison warns about.
15458 fix typo I introduced in last merge
15462 regenerate with autoconf 2.57
15466 Add missing "$HOME"
15470 Add some more square backets to make autoconf 2.57 happy
15473 * config.sub, mkinstalldirs:
15474 Updates from autoconf-2.57
15478 Updates from autoconf-2.57
15481 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
15487 * lex.yy.c, sudo.tab.c:
15491 * parse.lex, parse.yacc, sudoers.pod:
15492 Add support for Defaults>RunasUser
15495 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
15498 fclose() yyin after each yyparse() is done and use fopen() instead
15499 of using freopen().
15503 Better fix for sudoers files w/o a newline before EOF. It looks
15504 like the issue is that yyrestart() does not reset the start
15505 condition to INITIAL which is an issue since we parse sudoers
15509 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
15512 Work around what appears to be a flex bug when dealing with files
15513 that lack a final newline before EOF. This adds a rule to match EOF
15514 in the non-initial states which resets the state to INITIAL and
15519 o The parser needs sudoers to end with a newline but some editors
15520 (emacs) may not add one. Check for a missing newline at EOF and
15521 add one if needed. o Set quiet flag during initial sudoers parse (to
15522 get options) o Move yyrestart() call and always use freopen() to
15523 open yyin after initial sudoers parse.
15526 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
15529 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
15530 effective gid, not real gid, when reading sudoers.
15534 don't compile set_perms_posix if we have setreuid or setresuid
15537 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
15539 * sudo.pod, sudoers.pod:
15540 document new prompt escapes
15544 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
15545 collapsed to "%" as was originally intended. This also gets rid of
15546 lastchar (does lookahead instead of lookback) which should simplify
15547 the logic slightly.
15550 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
15553 Write the prompt *after* turning off echo to avoid some password
15554 characters being echoed on heavily-loaded machines with fast
15559 Add support for mipseb; wiz@danbala.tuwien.ac.at
15563 Fix IRIX fallout from name changes in man dir/sect Makefile
15564 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
15568 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
15569 the global copy. Problem noted by Peter Pentchev.
15572 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
15579 Add missing yyerror() calls; YYERROR does not seem to call this for
15583 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
15586 fix typo in comment; Pedro Bastos
15589 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
15592 document --disable-setresuid
15595 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
15597 Sprinkle some volatile qualifiers to prevent over-enthusiastic
15598 optimizers from removing memset() calls.
15601 * logging.c, parse.yacc:
15602 minor sign fixes pointed out by gcc -Wsign-compare
15605 * set_perms.c, sudo.c, sudo.h:
15606 Revamp set_perms. We now use a version based on setresuid() or
15607 setreuid() when possible since that allows us to support the
15608 stay_setuid option and we always know exactly what the semantics
15609 will be (various Linux kernels have broken POSIX saved uid support).
15612 * config.h.in, configure:
15613 regen from configure.in
15617 Add checks for setresuid() and a way to disable using it
15621 No long need to emulate set*[ug]id() via setres[ug]id() or
15622 setre[ug]id(). The new set_perms stuff only uses things it knows are
15627 Before exec, restore state of signal handlers to be the same as when
15628 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
15629 a problem when using sudo with nohup. Based on a patch from Paul
15634 o timestamp_uid should be uid_t, not int o clarify error message
15635 when sudo is run by root and no_root_sudo is set
15638 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
15641 update ftp link for bison
15644 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
15647 Error out if setusercontext() fails and the runas user is not root.
15650 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
15657 Fix SecurID API test
15660 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
15667 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
15668 but I don't see a better way at the moment.
15671 * Makefile.in, auth/securid5.c:
15672 SecurID API version 5 support from Michael Stroucken
15676 Add check for SecurID 5.0 API
15679 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
15682 We actually do still need config.h to get the 'const' definition for
15686 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
15689 regen with autoconf 2.5.3
15693 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
15697 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
15698 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
15701 * env.c, sudo.c, sudo.h:
15702 No need for dump_badenv() now that dump_defaults() knows how to dump
15706 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
15712 document timestampowner
15716 Don't call set_perms() when doing timestamp stuff unless
15717 timestamp_uid != 0.
15720 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
15721 sudo.h, testsudoers.c:
15722 g/c second arg to set_perms--it is no longer used
15725 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
15727 * check.c, set_perms.c, sudo.c, sudo.h:
15728 Add support for non-root timestamp dirs. This allows the timestamp
15729 dir to be shared via NFS (though this is not recommended).
15732 * def_data.c, def_data.h, def_data.in:
15733 Add timestampowner, "Owner of the authentication timestamp dir"
15736 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
15739 Don't try to pre-compute the size of the new envp, just allocate
15740 space up front and realloc as needed. Changes to the new env
15741 pointer must all be made through insert_env() which now keeps track
15742 of spaced used and allocates as needed.
15745 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
15752 Fix two typo/pastos; from jrj@purdue.edu
15755 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
15757 * INSTALL.binary, README:
15759 [a1e33027278c] [SUDO_1_6_6]
15761 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
15762 visudo.cat, visudo.man.in:
15766 * CHANGES, RUNSON, TODO:
15771 The the loop used to expand %h and %u, the lastchar variable was not
15772 being initialized. This means that if the last char in the prompt
15773 is '%' and the first char is 'h' or 'u' a extra copy of the host or
15774 user name would be copied, for which space had not been allocated.
15777 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
15779 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
15780 crank version to 1.6.6
15784 #undef VOID to get rid of an AFS warning
15788 Use easprintf instead of emalloc + sprintf for some things.
15791 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
15793 * lex.yy.c, sudo.tab.c:
15797 * parse.c, parse.lex, parse.yacc, testsudoers.c:
15798 Remove Chris Jepeway's email address so people don't bug him ;-)
15801 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
15804 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
15805 endgrent() at the same time.
15808 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
15811 Make it clear which configure options take arguments.
15814 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
15817 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
15818 RLIM_INFINITY, just pretend it is -1. This works because we only
15819 check for RLIM_INFINITY and do not set anything to that value.
15822 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
15825 Zero and free allocated memory when there is a conversation error.
15829 Use sigaction() not signal()
15833 Mention that some linux kernels have broken POSIX saved ID support
15837 checkpoint for 1.6.5p2
15845 Add --disable-setreuid flag
15849 Document new --disable-setreuid option and change description for
15850 --disable-saved-ids to match new error message.
15854 fatal() now takes an argument that determines whether or not to call
15859 Update for new error messages from set_perms()
15863 Update for new error messages from set_perms()
15866 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
15869 Make this compile w/o warnings
15873 Mention that we can't use pam_acct_mgmt()
15876 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
15877 The user's password was not zeroed after use when AIX
15878 authentication, BSD authentication, FWTK or PAM was in use.
15881 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
15884 Avoid giving PAM a NULL password response, use the empty string
15885 instead. This avoids a log warning when the user hits ^C at the
15886 password prompt when PAM is in use.
15890 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
15891 pam_setcred() returns the last saved return code, not the return
15892 code for the setcred module. Because we haven't called
15893 pam_authenticate(), this is not set and so pam_setcred() returns
15898 Don't need a '/' between $(DESTDIR) and a directory.
15902 Don't need a '/' between $(DESTDIR) and a directory.
15905 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
15912 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
15913 setreuid() o new NetBSD has a real setreuid() o add check for
15914 freeifaddrs() if getifaddrs() exists.
15917 * config.h.in, interfaces.c:
15918 Older BSDi releases lack freeifaddrs() so add a test for that and if
15919 it is not present just use free().
15922 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
15925 Checkpoint for 1.6.5p1
15929 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
15930 to normal passwords, not AUTH_FATAL (which just causes an exit).
15934 Don't use memory after it has been freed.
15938 skeyaccess() wants a struct passwd * not a char *; Patch from
15940 [65a1d3806fcd] [SUDO_1_6_5]
15946 * CHANGES, RUNSON, TODO:
15947 checkpoint for sudo 1.6.5
15950 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
15956 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
15960 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
15966 o when invoking the mailer as root use a hard-coded environment that
15967 doesn't include any info from the user's environment. Basically
15970 o Add support for the NO_ROOT_MAILER compile-time option and run the
15971 mailer as the user and not root if NO_ROOT_MAILER is defined.
15974 * set_perms.c, sudo.h:
15975 Bring back PERM_FULL_USER
15986 * INSTALL, config.h.in, configure.in:
15987 Add --disable-root-mailer option to run the mailer as the user and
15992 checkpoint for 1.6.4p2
15996 Mention the "seteuid(0): Operation not permitted" problem here too
15997 just for good measure.
16000 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
16002 * env.c, getspwuid.c, sudo.c:
16003 The SHELL environment variable was preserved from the user's
16004 environment instead of being reset based on the passwd database when
16005 the "env_reset" option was used. Now it is reset as it should be.
16012 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
16014 Add a configure option to turn off use of POSIX saved IDs
16022 add --with-efence option
16026 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
16027 "sudo -l" would not work if always_set_home was set.
16035 Quoted commas were not being treated correctly in command line
16040 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
16041 Otherwise, the set_home option has no effect.
16043 o Fix use of freed memory when the "fqdn" flag is set. This was
16044 introduced by the fix for the "segv when gethostbynam() fails" bug.
16045 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
16046 there is no need to check the "fqdn" flag in set_fqdn() itself.
16050 Add 'continue' statements to optimize the switch statement. From
16054 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
16056 * sudoers.cat, sudoers.man.in:
16057 Regen from new sudoers.pod
16058 [6ecc07b3d0e1] [SUDO_1_6_4]
16061 Add caveat about stay_setuid flag
16065 If set_perms == set_perms_posix and the stay_setuid flag is not set,
16066 set all uids to 0 and use set_perms_fallback().
16069 * set_perms.c, sudo.h:
16070 Remove PERM_FULL_USER (which is no longer used) and add
16071 PERM_FULL_ROOT (used when exec'ing the mailer).
16075 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
16076 never want to run the mailer setuid.
16079 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
16081 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
16083 Use sudo.ws instead of courtesan.com in URLs
16086 * Makefile.binary, Makefile.in:
16087 Fix mansect substitution
16091 Substitute man sections in Makefile.binary
16095 Sync install targets with Makefile.in and substitute in man
16099 * INSTALL, INSTALL.binary:
16104 Repair bindist target
16111 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
16114 Fix case where neither whoami nor id are found
16117 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
16120 If neither whoami nor id exists, just assume we are root.
16124 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
16125 on AIX which for some reason isn't pulling in the malloc prototype.
16128 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
16130 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
16139 Defer assigning new environment until right before the exec.
16143 kill extra blank line
16146 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
16153 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
16154 compiler doesn't recognise -O2.
16158 Clarify origins of Root Group sudo a bit based on info from
16159 billp@rootgroup.com
16162 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
16169 checkpoint for 1.6.4rc1
16172 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
16175 now generated via autoheader
16183 Move in some stuff that was previously in config.h.
16186 * aclocal.m4, configure.in:
16187 Add info for autoheader.
16190 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
16193 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
16194 -g to facilitate non-root installs
16198 Add -M option (like -m but only for root) If we can't find "whoami",
16199 use "id" w/ some sed.
16207 allow user to always override mansectsu and mansectform
16210 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
16213 update from autoconf 2.52
16216 * config.guess, config.sub:
16217 Update from autoconf 2.52
16221 regen with autoconf 2.52
16225 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
16226 mode o Remove compiler-specific checks for HP-UX now that we use
16235 o Add pam_prep_user function to call pam_setcred() for the target
16236 user; on Linux this often sets resource limits. o When calling
16237 pam_end(), try to convert the auth->result to a PAM_FOO value.
16238 This is a hack--we really need to stash the last PAM_FOO value
16239 received and use that instead.
16242 * set_perms.c, sudo.h:
16243 o Add pam_prep_user function to call pam_setcred() for the target
16244 user; on Linux this often sets resource limits.
16248 Fix off by one error in number of bytes allocated via malloc (does
16249 not affected any released version of sudo).
16252 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
16259 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
16260 requiring that they be quoted.
16263 * sudoers.cat, sudoers.man.in, sudoers.pod:
16264 Mention that no double quotes are needed when
16265 adding/deleting/assigning a single value to a list.
16269 Don't rely on mkdefaults being executable, call perl explicitly.
16277 Remove some XXX that are no longer relevant.
16281 o Roll our own loop instead of using strpbrk() for better
16282 grokability o When adding to a list we must malloc() and use
16283 memcpy(), not strdup() since we must only copy len bytes from str.
16286 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
16296 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
16307 avoid the -g flag unless --with-devel was specified
16311 mkdefaults, def_data.in and sigaction.c were missing from the
16316 def_data.c was missing
16319 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
16322 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
16323 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
16331 Add comment for Default section so folks know where it should go.
16334 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
16337 Use TCSETAF, not TCSETA to set terminal in termio case
16340 * sudoers.cat, sudoers.man.in:
16341 regen from sudoers.pod
16345 o Typo, Runas_User_List should be Runas_List o a User_List can not
16346 contain a uid o mention that the Defaults section should come after
16347 Alias definitions but before the user specifications
16350 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
16352 * sudoers.cat, sudoers.man.in:
16357 Fix listpw and verifypw sections, they were not being formatted
16361 * sudoers.cat, sudoers.man.in:
16373 * config.h.in, configure.in:
16374 use AC_SYS_POSIX_TERMIOS instead of rolling our own
16378 Reference sudo.ws not courtesan.com
16382 Add notes on shadow passwords
16386 In list mode (sudo -l), characters escaped with a backslash are
16387 shown verbatim with the backslash.
16391 Add simple examples from OpenBSD (Marc Espie)
16395 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
16399 minor prettyification
16407 Fix CIDR handling here too.
16411 Apparently a NULL response is OK
16415 Checkpoint for upcoming beta release
16419 Many people believe that adding a runas spec should obviate the need
16420 for the -u flag. It does not.
16424 checkpoint update for upcoming 1.6.4 beta
16428 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
16429 if HAVE_STRING_H is defined -- this is safe now
16433 Add signals section
16441 Fix check for sigaction_t
16445 XXX - should call find_path() as runas user, not root. Can't do
16446 that until the parser changes though.
16450 If find_path() fails as root, try again as the invoking user (useful
16451 for NFS). Idea from Chip Capelik.
16454 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
16455 Regenerate after pod file changes
16458 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
16459 sudo.pod, sudoers.pod:
16460 Add new sudoers option "preserve_groups". Previously sudo would not
16461 call initgroups() if the target user was root. Now it always calls
16462 initgroups() unless the -P command line option or the
16463 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
16466 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
16468 * compat.h, config.h.in:
16469 Use new HAVE_SIGACTION_T define
16473 Fix compilation on K&C
16481 Add check for sigaction_t -- IRIX already defines this so don't
16490 need stdlib.h here too
16498 Remove redundant checks for string.h, strings.h and unistd.h
16501 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
16503 Regen from pod files
16510 * configure, lex.yy.c, sudo.tab.c:
16515 Return EINVAL if errnum > sys_nerr
16518 * auth/sudo_auth.h:
16519 o Update copyright year
16522 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
16523 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
16525 o Update copyright year
16529 o Don't define STDC_HEADERS unconditionally for IRIX o Update
16537 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
16538 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
16539 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
16540 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
16541 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
16543 o Reorder some headers and use STDC_HEADERS define properly o Update
16548 o Reorder some headers and use STDC_HEADERS define properly o Update
16552 * getspwuid.c, goodpath.c, interfaces.c:
16553 o Reorder some headers and use STDC_HEADERS define properly o Update
16558 o Reorder some headers and use STDC_HEADERS define properly o Update
16562 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
16564 o Reorder some headers and use STDC_HEADERS define properly o Update
16573 flags set in signal handlers should be volatile sig_atomic_t
16576 * config.h.in, configure.in:
16577 Add checks for volatile and sig_atomic_t
16580 * configure, lex.yy.c:
16584 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
16585 sudo.c, sudoers.pod:
16586 Remove "secure_path" Defaults option since it cannot work with the
16590 * find_path.c, sudo.c:
16591 Unset "secure_path" if user_is_exempt()
16594 * env.c, pathnames.h.in:
16595 o Remove assumption that PATH and TERM are not listed in env_keep o
16596 If no PATH is in the environment use a default value o If TERM is
16597 not set in the non-reset case also give it a default value.
16600 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
16601 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
16602 systems that define in paths.h
16605 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
16606 Add support for skeyaccess(3) if it is present in libskey.
16609 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
16612 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
16616 '\\' is a perfectly legal character to have in a command line
16621 o Defer call to set_fqdn() until it is safe to use log_error() o
16622 Don't print errno string value if gethostbyname fails, it is not
16627 Fix CIDR -> in_addr_t conversion.
16630 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
16633 Remove an extra "User_List" in the User_Spec definition From
16634 ybertrand AT snoopymail.com
16638 Make 'listpw=never' work for users who are not explicitly mentioned
16643 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
16647 Document new list Defaults type and convert env_keep and env_delete
16648 to lists. Document new env_check option.
16651 * lex.yy.c, sudo.tab.c, sudo.tab.h:
16656 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
16665 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
16668 * config.h.in, configure.in:
16669 Add check for skeyaccess(3)
16673 Document new -c, -f, and -q options
16677 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
16684 * aclocal.m4, config.h.in, configure.in:
16685 Add check for isblank and a replacement macro if it doesn't exist.
16688 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
16691 In check-only mode, don't create sudoers if it does not already
16696 o Add a new token, DEFVAR, to indicate a Defaults variable name o
16697 Add support for "+=" and "-=" list operators o replace some 1 and 0
16698 with TRUE and FALSE for greater legibility.
16702 o Use exclusive start conditions to remove some ambiguity in the
16703 lexer. Also reorder some things for clarity. o Add support for
16704 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
16705 a Defaults variable name.
16709 Prototype init_envtables()
16713 o Convert environment handling to use lists instead of strings.
16714 This greatly simplifies routines that need to do "foreach" type
16715 operations. o Add new init_envtables() function to set env_check
16716 and env_delete defaults based on initial_badenv_table and
16717 initial_checkenv_table (formerly sudo_badenv_table).
16720 * defaults.c, defaults.h:
16721 o Add a new LIST type and functions to manipulate it. o This is for
16722 use with environment handling variables. o Call new
16723 init_envtables() routine inside init_defaults() to initialize the
16727 * def_data.c, def_data.h, def_data.in:
16728 Convert environment options to use the new LIST type and add a new
16729 one, env_check that only deletes if the sanity check fails.
16733 Add dummy version of init_envtables()
16741 Add check-only mode
16745 Fix generation of entries with NULL descriptions.
16748 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
16751 Use sigaction_t and quiet a gcc warning.
16755 Must reset signal handlers before we exec
16758 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
16760 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
16761 version needs testing. Set SIGTSTP to SIG_DFL during password entry
16762 so user can suspend us.
16766 Add support for interrupting/suspending tgetpass via keyboard input.
16767 If you suspend sudo from the password prompt and resume it will re-
16772 Don't block keyboard interrupt signals, just set them to SIG_IGN.
16775 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
16778 add back HAVE_SIGACTION
16785 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
16786 Kill POSIX_SIGNALS define and old signal support now that we emulate
16787 POSIX ones Also be sure to correctly initialize struct sigaction.
16791 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
16795 Add scaffolding for POSIX signal emulation
16799 o Add missing ';' so this compiles o Can't use NULL since we don't
16804 Emulate sigaction() using sigvec()
16807 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
16810 Document new behavior of negative values of timestamp_timeout Fix a
16815 Add security note about command not being logged after 'sudo su' and
16820 Mention that -V prints default values when run as root, including
16821 the list of environment variables to clear.
16825 Run pod2man with --quotes=none to avoid stupid quoting of C<>
16829 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
16831 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
16832 Add mail_badpass option Also modify mail_always behavior to also
16833 send mail when the password is wrong
16836 * env.c, sudo.c, sudo.h:
16837 Dump default bad env table when 'sudo -V' is run by root.
16841 document env_delete
16845 Add support for '*' in env_keep when not resetting the environment
16846 (ie: the normal case).
16850 Add env_delete variable that lets the user replace/add to the
16851 bad_env_table. Allow '*' wildcard in env_keep entries.
16854 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
16857 Force umask to 022 to guarantee sane directory permissions.
16860 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
16863 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
16867 fix breakage in last commit
16871 acsite.m4 -> aclocal.m4
16875 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
16879 regenerated from def_data.in
16882 * check.c, defaults.c, defaults.h:
16883 Add new T_UINT type that most things use instead of T_INT If
16884 timestamp_timeout is < 0 then treat the ticket as never expiring (to
16885 be expired manually by the user).
16889 change most T_INT -> T_UINT
16893 fix warning when no args
16897 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
16898 we are a signal handler. We no longer print the signal number but
16899 the user can just check the exit value for that.
16902 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
16905 when setting up pipes in child process check for case where stdin ==
16909 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
16912 Ignore editor exit value since XPG4 says vi's exit value is the
16913 count of editing errors made (failed searches, etc).
16916 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
16923 sco now is identified by config.guess as *-sco-*
16927 Check for getspnam() in -lgen if not in -lc for UnixWare.
16930 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
16932 * sudoers.pod, visudo.pod:
16933 "upper case" -> "uppercase"
16937 fix typos and grammar; pjanzen@foatdi.harvard.edu
16940 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
16943 Missing word (specify); krapht@secureops.com
16946 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
16949 If we fail to lookup a login class, apply the default one.
16953 In log_error() free message, not logline unconditionally, then free
16954 logline if it is not the same as message. No function change but
16955 this mirrors how they are allocated.
16958 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
16965 remove some backslash quotes that are unneeded
16969 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
16970 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
16971 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
16972 to AC_DEFINE things manually.
16975 * config.guess, config.sub:
16976 Updated from autoconf-2.50
16979 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
16982 Update mailing list section. We use mailman now, not majordomo.
16985 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
16987 * getspwuid.c, logging.c, sudo.c:
16988 Use setpwent()/endpwent() + all the shadow variants to make sure we
16989 don't inadvertantly leak an fd to the child. Apparently Linux's
16990 shadow routines leave the fd open even if you don't call setspent().
16991 Reported by mike@gistnet.com; different patch used.
16994 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
17001 select() may return EAGAIN. If so, continue like we do for EINTR.
17005 Fix a non-exploitable buffer overflow in the word splitting code.
17006 This should really be rewritten.
17014 Tell people to look in sample.syslog.conf for examples, not FAQ
17018 Update list of env vars that are cleared
17022 remove struct env_table decl since that stuff has all moved to env.c
17025 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
17028 Fix a pasto in flock-style unlocking and include <sys/file.h> for
17029 flock on older systems; twetzel@gwdg.de
17033 regen to get NeXT lockf/flock fix
17037 force NeXT to use flock since lockf is broken
17040 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
17043 Use stashed user_gid when checking against exempt gid since sudo
17044 sets its gid to a a value that makes sudoers readable. Previously
17045 if you used gid 0 as the exempt group everyone would be exempt. From
17046 Paul Kranenburg <pk@cs.few.eur.nl>
17049 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
17056 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
17057 some types (such as ssize_t) therein.
17060 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
17063 Fix negation of paths in a boolean context. Problem found by
17067 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
17073 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
17076 SA_RESETHAND means the opposite of what I was thinking--oops To
17077 block all signals in old-style signals use ~0, not 0xffffffff
17080 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
17083 coerce difference of pointers to int when used in a string length
17084 printf format; deraadt@openbsd.org
17087 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
17090 Block all signals in Exit() to avoid a signal race. There is still
17091 a tiny window but I'm not going to worry about it.
17094 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
17097 glibc uses the LANGUAGE env var so clear that too; Solar Designer
17101 Regenerate with a fix to flex.skl that preserves errno from
17102 clobbering by isatty().
17105 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
17107 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
17108 auth/sia.c, auth/sudo_auth.c:
17109 Some defaults I_ defines got renamed.
17112 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
17113 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
17114 set_perms.c, sudo.c, sudo.tab.c:
17115 Move defaults info into its own files from which we generate .h and
17116 .c files. This makes adding or rearranging variables much simpler.
17119 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
17121 * configure, configure.in:
17122 fix typo in last commit
17125 * compat.h, config.h.in, configure, configure.in:
17126 Add check + emulation for setegid (like seteuid).
17130 Make env_keep override badenv_table as documented Fix traversal of
17131 badenv_table (broken in last commit)
17134 * set_perms.c, sudo.c, sudo.h:
17135 Don't try and build saved uid version of set_perms on systems w/o
17136 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
17137 set_perms_setreuid simply be set_perms_fallback() and simply include
17138 the appropriate function at compile time (setreuid() vs. setuid()).
17141 * sudoers.cat, sudoers.man.in, sudoers.pod:
17142 PATH is also preserved when env_reset is in effect
17145 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
17146 configure.in, defaults.c, defaults.h, env.c, find_path.c,
17147 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
17148 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
17149 visudo.c, visudo.cat, visudo.man.in:
17150 New Defaults options: o stay_setuid - sudo will remain setuid if
17151 system has saved uids or setreuid(2) o env_reset - reset the
17152 environment to a sane default o env_keep - preserve environment
17153 variables that would otherwise be cleared
17155 No longer use getenv/putenv/setenv functions--do environment munging
17156 by hand. Potentially dangerous environment variables can be cleared
17157 only if they contain '/' pr '%' characters to protect buggy
17158 programs. Moved environment routines into env.c (new file)
17162 Clear up --without-passwd description
17165 * putenv.c, sudo_setenv.c:
17166 We now build up a new environment from scratch and assign it to
17170 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
17172 * sudo.pod, visudo.pod:
17173 Grammatical fixes from Paul Janzen
17176 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
17179 If there was a syntax error and the user just wants to quit, unlink
17180 sudoers if it is zero length.
17184 'Q' means ignore parse error, not 'q'
17188 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
17192 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
17195 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
17198 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
17200 * config.guess, config.sub:
17201 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
17204 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
17206 * sudo.c, visudo.c:
17207 Use exit(127), not exit(-1)
17210 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
17211 Move set_perms() to its own file and use POSIX saved uid or
17212 setreuid() if available.
17214 Added stay_setuid option for systems that have libraries that
17215 perform extra paranoia checks in system libraries for setuid
17216 programs (ie: anything with issetugid(2)).
17220 strip more bits from the environment and add a facility for
17221 stripping things only if they contain '/' or '%' to address printf
17222 format string vulnerabilities in other programs.
17225 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
17232 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
17241 Check for strcasecmp(3) in -lc89 for NCR Unix
17244 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
17247 Define HAVE_INNETGR #ifdef HAVE__INNETGR
17254 * compat.h, config.h.in, configure.in:
17255 Add check for _innetgr(3) since NCR systems have that instead of
17259 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
17262 check return value of creadcfg() call sd_close() after sd_auth()
17263 store username in sd->username so we don't rely on the USER env
17267 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
17270 document --with-bsdauth
17278 --with-bsdauth assumes --with-logincap
17281 * auth/bsdauth.c, auth/fwtk.c:
17282 When prompting for a response to a challenge, if the user just hits
17283 return then reprompt with echo turned on.
17286 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
17289 Remove debugging code that should not have been committed, oops.
17293 Use lower-level routines and get the password ourselves. Checks for
17294 a challenge and if there is one echo is not turned off.
17297 * auth/pam.c, auth/sudo_auth.h:
17298 minor housekeeping, no real code changes
17301 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
17304 Fix a coredump in the logging functions if gethostname(2) fails by
17305 deferring the call to log_error() until things are better setup.
17307 Fix return value of set_loginclass() in non-BSD-auth case.
17309 Hard-code 'sudo' in the usage message so we can fit more options on
17314 Fix errant ';' (typo) that broken MSG_ONLY
17317 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
17319 * sudo.cat, sudo.man.in:
17327 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
17328 configure, configure.in, getspwuid.c, sudo.c:
17329 Add support for BSD authentication.
17332 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
17335 Fix typo; from sato@complex.eng.hokudai.ac.jp
17338 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
17341 Mention negating umask
17345 Allow user to specify umask of 0777 (same as !umask)
17348 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
17350 * sudo.pod, visudo.pod:
17351 Fix a typo and give a URL for the sudo history.
17354 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
17356 * defaults.c, sudo.pod:
17357 fix typos; pepper@reppep.com
17360 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
17362 * sudo.c, sudo.h, sudo_setenv.c:
17363 sudo_setenv() now exits on memory alloc failure instead of returning
17367 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
17370 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
17371 and possibly others.
17375 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
17376 that "%m" won't be expanded but we don't use that anyway since the
17377 logging routines may splat to stderr as well.
17380 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
17382 Add always_set_home variable
17385 * configure, configure.in:
17386 Have to hard code default values in help since the defaults are set
17387 _after_ the help stuff.
17390 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
17392 * lex.yy.c, parse.lex:
17393 Allow special characters (including '#') to be embedded in pathnames
17394 if quoted by a '\\'. The quoted chars will be dealt with by
17395 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
17398 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
17401 Better path searching for programs we need.
17405 Add section on "C compiler cannot create executables" errors.
17408 * Makefile.binary, Makefile.in, version.h:
17412 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
17413 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
17414 visudo.man.in, visudo.pod:
17415 Substitute values from configure into man pages.
17418 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
17421 The listpw and verifypw sudoers options would not take effect
17422 because the value of the default was checked *before* sudoers was
17423 parsed. Instead of passing in the value of PWCHECK_* to
17424 sudoers_lookup(), pass in the arg for def_ival() so the check can be
17425 deferred until after sudoers is parsed.
17428 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
17431 When writing prompt, no need to write the NUL as well;
17435 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
17438 When looking for chown, check in /sbin too
17441 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
17444 Remove extraneous call to init_defaults() and set runas_user to NULL
17445 betweem parses so init_defaults will reset it each time, thus
17446 avoiding a reference to free()d data.
17449 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
17451 * config.h.in, interfaces.c, interfaces.h, sudo.c:
17452 Add support for using getifaddrs() to get the list of ip addr /
17453 netmask pairs. Currently IPv4-only.
17457 Add a missing check for UserEditor == NULL Add missing '+' before
17458 line number when invoking editor to fix a syntax error
17461 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
17464 Call clean_env very early in main() for paranoia's sake. Idea from
17468 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
17471 Update proto for evasprintf and easprintf
17475 Make easprintf() and evasprintf() return an int.
17479 If the targetpw flag is set, use target username as part of the
17480 timestamp path. If tty tickets are in effect cat the tty and the
17481 target username with a ':' as the separator.
17484 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
17487 Backout part of last change; setting PAM_USER to the invoking user
17488 breaks things like targetpw.
17492 set tty and username via pam_set_item
17495 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
17496 Fix root, runas, and target authentication for non-passwd file auth
17500 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
17502 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
17503 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
17504 Use B<-Z> not C<-Z> for command line flags in all places. This is
17505 more consistent and works around a bug in Pod::Man.
17508 * sudoers.cat, sudoers.man.in, sudoers.pod:
17509 Fix an occurence of 'semicolon' that should be 'colon'
17512 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
17514 * configure, configure.in:
17515 Fix --with-badpri help line
17518 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
17520 * defaults.c, logging.c, sudo.c:
17521 Bracket calls to syslog with an openlog() and closelog() since some
17522 authentication methods (like PAM) may do their own logging via
17523 syslog. Since we don't use syslog much (usually just once per
17524 session) this doesn't really incur a performance penalty. It also
17525 Fixes a SEGV with pam_kafs.
17528 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
17531 Fix -H flag. runas_homedir is only valid after
17532 set_perms(PERM_RUNAS, mode)
17535 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
17538 Clarify the fact that insults are not enabled just by including them
17542 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
17544 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17546 Regenerated with perl 5.6.0 pod2man
17550 Give date string to pod2man since its default is ugly and it ain't
17555 Do section substitution on the output of pod2man and remove hack
17556 needed for old pod2man.
17559 * sudo.pod, sudoers.pod, visudo.pod:
17560 Put back real man sections, we will do the substitution later.
17563 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
17565 * configure, configure.in:
17566 Don't bother checking for the path to vi if user specified --with-
17570 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
17572 * CHANGES, visudo.c:
17573 Visudo now does its own fork/exec instead of calling system(3).
17576 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
17577 sudoers.pod, visudo.c:
17578 Visudo now checks for the existence of an editor and gives a
17579 sensible error if it does not exist.
17581 The path to the editor for visudo is now a colon-separated list of
17582 allowable editors. If the user has $EDITOR set and it matches one
17583 of the allowed editors that editor will be used. If not, the first
17584 editor in the list that actually exists is used.
17587 * sudo.cat, sudo.man.in, sudo.pod:
17588 Clear up confusion wrt sudo's return value.
17591 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
17594 Strip sudo and visudo for bindist target
17597 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
17598 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
17599 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
17600 [5eb9e60a726f] [SUDO_1_6_3]
17602 * visudo.cat, visudo.man.in, visudo.pod:
17603 Typo: @sysconf@ -> @sysconfdir@
17607 'make dist' should not cause any files to be modified so remove its
17612 Whoops, forgot to add release marker
17615 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
17618 Final change for 1.6.3 (or so I hope)
17621 * sudo.cat, sudoers.cat, visudo.cat:
17622 Use SYSV man sections since BSD systems will have nroff...
17625 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
17627 * parse.yacc, sudo.tab.c:
17628 When checking to see if the host/user matches in a defaults spec,
17629 check against TRUE, not just non-zero since it might be -1.
17632 * configure, configure.in:
17633 OSF/1 puts file formats in section 4, not 5.
17636 * CHANGES, INSTALL, sudo.c:
17637 Make login class support work on BSD/OS
17644 * configure, configure.in:
17645 If there is no inet_addr but there *is* an __inet_addr that's ok
17646 since inet_addr is probably just a macro then. The better thing to
17647 do would be to look for the macro, but this is fine for now.
17650 * configure, configure.in:
17651 Don't use shlicc for BSD/OS 4.x
17654 * Makefile.in, configure, configure.in:
17655 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
17656 configure variable so we can deal with this. Also, only remove *.man
17657 for 'distclean' not 'clean'.
17661 set_loginclass() should be static like the proto says
17664 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
17667 Add #ifdef __STDC__ around the rangematch function header to avoid
17668 promotion of test to int, thus violating the prototype. Gcc handles
17669 this gracefully but more std ANSI compilers will complain.
17673 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
17676 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
17677 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
17678 FNM_CASEFOLD in configure
17685 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
17686 Fully qualified hosts w/ wildcards were not matching the FQHOST
17687 token type. There's really no need for a separate token for fully-
17688 qualified vs. unqualified anymore so FQHOST is now history and
17689 hostname_matches now decides which hostname (short or long) to check
17690 based on whether or not the pattern contains a '.'.
17694 Fully qualified hosts w/ wildcards were not matching the FQHOST
17695 token type. There's really no need for a separate token for fully-
17696 qualified vs. unqualified anymore so FQHOST is now history and
17697 hostname_matches now decides which hostname (short or long) to check
17698 based on whether or not the pattern contains a '.'.
17701 * lex.yy.c, parse.c, parse.lex, parse.yacc:
17702 Fully qualified hosts w/ wildcards were not matching the FQHOST
17703 token type. There's really no need for a separate token for fully-
17704 qualified vs. unqualified anymore so FQHOST is now history and
17705 hostname_matches now decides which hostname (short or long) to check
17706 based on whether or not the pattern contains a '.'.
17709 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
17710 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
17711 Add support for wildcards in the hostname.
17715 Add targets for *.man.in, using config.status to generate *.man from
17719 * sudoers.cat, sudoers.man.in, sudoers.pod:
17720 Document set_logname option and enbolden refs to sudo and visudo.
17723 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
17724 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
17725 visudo.cat, visudo.man.in, visudo.pod:
17726 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
17727 from Michael D. Marchionna. configure now does substitution on the
17728 man pages, allowing us to fix up the paths and set the section
17729 correctly. Based on an idea from Michael D. Marchionna.
17733 Better fix for handling HP-UX aging info.
17737 Add support for set_logname run-time default
17740 * sudo.man.in, sudoers.man.in, visudo.man.in:
17741 configure does substitution on these to produce *.man
17744 * sudo.man, sudoers.man, visudo.man:
17745 These files now get generated from *.man.in at configure time.
17748 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
17750 * defaults.c, defaults.h:
17751 Add set_logname option so users can turn off setting of LOGNAME/USER
17752 environment variables.
17755 * lsearch.c, parse.c, testsudoers.c:
17759 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
17762 HP-UX adds extra info at the end for password aging so when
17763 comparing the result of crypt to pw_passwd we only compare the first
17764 len(epass) bytes *unless* the user entered an empty string for a
17769 Get rid of grandchild hack, it was causing problems and there is
17770 really no need for it. This fixes a bug where we spin eating up CPU
17771 when the user runs a long-running process like a shell.
17774 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
17777 User can always specify a login class if he/she is already root.
17780 * config.h.in, configure, configure.in, defaults.c, defaults.h,
17782 FreeBSD login class (login.conf) support.
17785 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
17787 * auth/sudo_auth.c:
17788 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
17791 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
17794 Truncate unencrypted password to 8 chars if encrypted password is
17795 exactly 13 characters (indicateing standard a DES password). Many
17796 versions of crypt() do this for you, but not all (like HP-UX's).
17799 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
17802 Mention that gcc on dynix may have problems
17805 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
17808 Link visudo with NET_LIBS since we now call syslog via defaults.c
17812 Use Argv[0] as the first arg to openlog() since visudo uses this
17816 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
17819 Stash coredumpsize resource limit and retsore it before the exec()
17820 Otherwise the child ends up with a coredumpsize of 0.
17823 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
17825 * sudo.cat, sudo.man, sudo.pod:
17833 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
17834 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
17835 Added -S flag (read passwd from stdin) and tgetpass_flags global
17836 that holds flags to be passed in to tgetpass(). Change echo_off
17837 param to tgetpass() into a flags field. There are currently 2
17838 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
17839 tgetpass(), abstract the echo set/clear via macros and if (flags &
17840 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
17844 Fixed a bug that caused an infinite loop when the password timeout
17848 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
17850 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
17851 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
17852 Add rootpw, runaspw, and targetpw options.
17855 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
17857 enveditor -> env_editor
17860 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
17862 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
17863 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
17865 crank versino to 1.6.3
17868 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
17869 sudoers.pod, visudo.c:
17870 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
17871 them. This means that visudo will now parse the sudoers file
17872 *before* it is edited so a bogus sudoers file will cause a warning
17873 to go to stderr. Also, visudo checks the variables once--it does not
17874 check them after each editor run since that could be confusing.
17877 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
17883 * check.c, sudo.c, sudo.h:
17884 Move user_is_exempt prototype into sudo.h
17887 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
17889 * configure, configure.in:
17890 Fix thinko, some && should have been || in the last commit
17893 * configure, configure.in:
17894 Don't initialized Makefile variables to be NULL since the user may
17895 want to import variables from their environment.
17898 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
17900 * configure, configure.in:
17904 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
17907 fix a yacc (skeleton.c) warning
17910 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
17912 * INSTALL, RUNSON, configure, configure.in:
17913 Make pam work on HP-UX 11.0;jaearick@colby.edu
17917 recent changes; prepare for 1.6.2p1
17921 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
17924 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
17927 Regen with yacc that has a memory leak plugged.
17930 * sudoers.cat, sudoers.man, sudoers.pod:
17931 Expanded docs on sudoers 'defaults' options based on INSTALL file
17936 Fix some while lies
17939 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
17942 When making a bindist, link FAQ to TROUBLESHOOTING instead of
17946 * sudoers.cat, sudoers.man, sudoers.pod:
17947 Add netgroup caveat
17948 [28d119f466e3] [SUDO_1_6_2]
17951 Last minute updates
17967 Better detection of PAM errors and fix custom prompts with PAM.
17968 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
17971 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
17974 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
17978 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
17980 * CHANGES, config.h.in, configure, configure.in, visudo.c:
17981 Fix sudoers locking in visudo. We now lock the sudoers file itself,
17982 not the temp file (since locking the temp file can foul up editors).
17983 The previous locking scheme didn't work because the fd was closed
17987 * config.h.in, configure, configure.in:
17988 Don't need test for ftruncate() any more.
17991 * configure, configure.in:
17992 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
17993 the unbundled HP-UX cc.
17996 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
17998 * sudoers.cat, sudoers.man, sudoers.pod:
17999 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
18002 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
18004 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
18005 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
18006 version.h, visudo.c:
18007 update copyright year on changed files
18019 Crank version to 1.6.2
18023 Crank version to 1.6.2
18027 When using rlimit check for RLIM_INFINITY When computing the value
18028 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
18035 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
18036 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
18037 Crank version to 1.6.2
18040 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
18041 Add 'shell_noargs' runtime option back in. We have to defer
18042 checking until after the sudoers file has been parsed but since
18043 there are now other options that operate that way this one can too.
18044 Based on a patch from bguillory@email.com.
18047 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
18048 Add "listpw" and "verifypw" options.
18051 * sudoers.cat, sudoers.man, sudoers.pod:
18052 o Fix some typos/omissions o Add section on verifypw and listpw o
18053 Define how NOPASSWD interacts with the -v and -l flags
18056 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
18058 * configure, configure.in:
18059 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
18060 -D_HPUX_SOURCE to CPPFLAGS.
18063 * defaults.c, defaults.h:
18064 In struct sudo_defs_types, move the union to the end and don't
18065 initialize the union member since that only works with an ANSI
18066 compiler. We set the value of the union by hand in init_defaults()
18067 anyway. This allows sudo to compile on a K&R compiler again.
18070 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
18072 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
18073 netgr_matches needs to check shost as well as host since they may be
18078 End on \r as well as \n
18081 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
18084 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
18085 from 0400 to whatever SUDOERS_MODE is (converting from the old
18086 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
18087 0400 which should always be the case.
18090 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
18091 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
18092 w/o a passwd if there is *any* entry for the user on the host with a
18093 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
18094 the user on the host w/ the specified runas user have the NOPASSWD
18102 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
18105 Treat EOF at whatnow prompt like 'x' instead of looping.
18108 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
18112 [5836a9452568] [SUDO_1_6_1]
18114 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
18116 * config.h.in, configure, configure.in, sudo.c:
18117 Add check for initgroups() since old SYSV lacks this.
18120 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
18121 parse.c, testsudoers.c:
18122 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
18126 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
18128 * auth/sudo_auth.c:
18129 Don't allow insults to be enabled if the insults[] array is empty.
18130 Otherwise there would be division by zero.
18134 Don't allow insults to be enabled if the insults[] array is empty.
18135 Otherwise there would be division by zero.
18139 Don't allow insults to be enabled if the insults[] array is empty.
18140 Otherwise there would be division by zero.
18144 Don't care about USE_INSULTS #define since the insult stuff may be
18145 overridden at runtime.
18148 * auth/sudo_auth.c:
18149 Honor insults flag.
18152 * CHANGES, parse.c:
18153 Don't ask the user for a password if the user is not allowed to run
18154 the command and the authenticate flag (in sudoers) is false.
18157 * CHANGES, RUNSON, lex.yy.c, parse.lex:
18158 o Whenever we get a bare newline we change to the INITIAL state. o
18159 Enter GOTRUNAS when we see Runas_Alias
18161 This allows #uid to work in a RunasAlias.
18164 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
18166 * CHANGES, parse.yacc, sudo.tab.c:
18167 fix parsing of runas lists: o oprunasuser and runaslist now return a
18168 value o in a runasspec, if a runaslist does not return TRUE, set
18169 runas_matches to FALSE. Normally, a runaslist only returns FALSE
18170 for explicitly denied users. o since runaslist does not modify the
18171 stack there is no need for a push/pop in runasalias.
18175 Don't kill the user's tickets until after sudoers has been parsed
18176 since tty_tickets and ticket_dir could be set in sudoers.
18179 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
18180 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
18181 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
18182 crank version to 1.6
18186 add set_fqdn() stub
18189 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
18191 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
18192 sudoers.man, sudoers.pod, visudo.c:
18193 o Kill shell_noargs option, it cannot work since the command needs
18194 to be set before sudoers is parsed. o Fix the "set_home" sudoers
18195 option (only worked at compile time). o Fix "fqdn" sudoers option.
18196 We now set host/shost via set_fqdn which gets called when the
18197 "fqdn" option is set in sudoers. o Move the openlog() to
18198 store_syslogfac() so this gets overridden correctly from the
18203 SecurID support should compile now.
18206 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
18208 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
18209 visudo.man, visudo.pod:
18210 fix some syntactic goofs
18213 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
18215 * Makefile.in, sudo.html, sudoers.html, visudo.html:
18216 No longer need the .html files as they are generated automatically
18220 * CHANGES, LICENSE:
18221 kill characters that made wml unhappy
18228 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
18231 majordomo@cs.colorado.edu -> majordomo@courtesan.com
18234 * Makefile.in, configure:
18235 Wrap script execution w/ /bin/sh for the benefit of ctm
18238 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
18241 Make the -s flag be exclusive too. Also reorder the flags in the
18242 exclusive usage message so they are alphabetical.
18245 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
18248 make pam errors other than PAM_PERM_DENIED fatal
18256 make it clear that /etc/pam.d/sudo is required on linux
18260 fix a warning on redhat and spew an error if pam_authenticate()
18261 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
18264 * sudo.cat, sudo.html, sudo.man, sudo.pod:
18265 Be very clear that the password required is the user's not root's
18268 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
18271 add sample.syslog.conf to DISTFILES and BINFILES
18274 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
18277 updates from Brian Jackson + some formatting
18280 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
18282 * INSTALL.binary, Makefile.binary, README, RUNSON:
18283 o One RUNSon update o Changes for automating real binary releases
18290 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
18293 talk about run-time options in addition to compile-time options
18294 [1eb813ff0a9a] [SUDO_1_6_0]
18301 need sys/time.h if HAVE_SETRLIMIT
18304 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
18305 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
18306 get rid of references to sudo-bugs. Now mention the web site or the
18311 repair pod2html damage
18315 Update for 1.6 release
18318 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
18319 Add warning about using ALL in a command context.
18322 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
18325 Call yyrestart() on a parse error to reset the lexer state.
18328 * lex.yy.c, parse.lex:
18329 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
18330 since it might not get called in yywrap if we get a parse error
18331 (and we only reread the file on error anyway).
18334 * lex.yy.c, parse.lex:
18335 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
18336 might still exist. Call yyrestart() instead of using the deprecated
18340 * lex.yy.c, parse.lex:
18341 flex doesn't need %N table size declarations
18344 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
18345 Mention what characters need to be escaped in names.
18348 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
18355 clarify Mac OS X entry
18363 o Use AC_MSG_ERROR throughout o Check syslog configure options for
18367 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
18370 Fix printing of type T_MODE in dump_defaults()
18374 missing sys/types.h
18378 Break out options that may be overridden at run time into their own
18379 section. Add a not about Max OS X and correct some lies.
18382 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
18384 * CHANGES, config.h.in, configure, configure.in, sudo.c:
18385 o Now use getrlimit to find the highest fd when closing all non-std
18386 fd's o Turn off core dumps via setrlimit for the sake of paranoia
18393 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
18400 When read()'ing, do a single character at a time to be sure we don't
18401 go oast the newline.
18405 For the sudo_root option, check against user_uid, not getuid() since
18406 at this point, ruid == euid == 0.
18414 Fix compilation problem when --with-logging=file was specified.
18415 This means that syslog is now required to build sudo but that should
18416 not be a problem. If it is it can be fixed trivially with a
18417 configure check for syslog() or syslog.h.
18421 Make this work again for things like "sudo echo hi | more" where the
18422 tty gets put into character at a time mode. We read until we read
18423 end of line or we run out of space (similar to fgets(3)).
18426 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
18428 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
18429 change ital to bold
18436 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
18439 Error out if syslog parameters are given without a value. For
18440 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
18441 no facilities in the 4.2BSD syslog.
18444 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
18447 Ignore the syslog facility for systems w/ old syslog like Ultrix.
18451 people with "." early in their path can have problems running sudo
18452 from the build dir ;-)
18455 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
18457 * sudo.cat, sudo.html, sudo.man, sudo.pod:
18458 Remove -r realm option
18461 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
18462 configure.in, sudo.c:
18463 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
18470 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
18473 include <auth.h> to get function prototypes.
18476 * sudo.cat, sudo.html, sudo.man, sudo.pod:
18480 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
18483 in set_perms(), always call setuid(0) before changing the ruid/euid
18484 so we always know it will succeed.
18488 #undef T_FOO to avoid conflicts with system defines (like on
18492 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
18494 Docuement "Defaults" lines in /etc/sudoers. Still needs some
18495 fleshing out but this is a start.
18498 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
18500 * use strtol, not strtoul since not everyone has not strtoul
18504 use strtol, not strtoul since not everyone has not strtoul
18507 * lex.yy.c, parse.lex:
18508 last {WORD} rule should only apply in the INITIAL state
18511 * lex.yy.c, parse.lex:
18512 o Add support for escaped characters in the WORD macro o Modify
18513 fill() to squash escape chars
18516 * defaults.c, defaults.h:
18517 o Add T_PATH flag to allow simple sanity checks for default values
18518 that are supposed to be pathnames. o Fix a duplicate free when
18519 visudo finds an error.
18522 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
18524 * defaults.c, defaults.h, logging.c:
18525 mail_if_foo -> mail_foo
18528 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
18530 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
18531 o Add requiretty option o Move O_NOCTTY to compat.h
18535 The exit() in log_error() was mistakenly removed in a previous
18536 version. Put it back...
18539 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
18541 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
18542 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
18543 configure, configure.in, defaults.c, defaults.h, find_path.c,
18544 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
18545 o Change defaults stuff to put the value right in the struct. o
18546 Implement mailer_flags o Store syslog stuff both in int and string
18547 form. Setting the string form magically updates the int version.
18548 o Add boolean attribute to strings where it makes sense to say !foo
18552 add O_NOCTTY when opening /dev/tty just in case
18555 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
18558 cleanup function no longer takes a status arg
18565 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
18567 * TODO, config.h.in, configure, configure.in, logging.c:
18568 Use strftime() instead of ctime() if it is available.
18571 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
18578 update ReliantUNIX entry
18581 * defaults.c, defaults.h, logging.c:
18582 add log_year option
18585 * configure, configure.in:
18586 add --without-sendmail to help output
18589 * configure, configure.in:
18590 enforce an otctal arg for --with-suoders-mode
18593 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
18595 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
18596 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
18597 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
18598 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
18599 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
18600 testsudoers.c, version.c, visudo.c:
18601 Add support for "Defaults" line in sudoers to make configuration
18602 variables changable at runtime (and on a global, per-host and per-
18603 user basis). Both the names and the internal representation are
18604 still subject to change. It was necessary to make sudo_user.runas
18605 but a char ** instead of a char * since this value can be changed by
18606 a Defaults line. There is a similar (but more complicated) issue
18607 with sudo_user.prompt but it is handled differently at the moment.
18609 Add a "-L" flag to list the name of options with their descriptions.
18610 This may only be temporary.
18612 Move some prototypes to parse.h
18614 Be much less restrictive on what is allowed for a username.
18617 * sample.syslog.conf:
18621 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
18623 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
18625 UCB has dropped the advertising clause from their license.
18628 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
18630 * auth/sudo_auth.h:
18631 move dce_verofy proto to correct section
18638 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
18641 Add fnmatch() prototype
18644 * fnmatch.c, parse.c, testsudoers.c:
18645 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
18649 add strcasecmp proto
18652 * auth/sudo_auth.c:
18653 add check for case where there are no auth methods
18656 * configure, configure.in:
18657 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
18661 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
18662 include strings.h everywhere we include string.h
18666 nicer output when showing auth methods
18670 Add support for SEND_MAIL_WHEN_NO_HOST
18673 * config.h.in, configure, configure.in:
18674 Add _GNU_SOURCE for Linux
18677 * lex.yy.c, parse.lex:
18678 fix definition of OCTECT
18681 * configure, configure.in:
18682 aix_auth.o not authenticate.o
18685 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
18688 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
18689 keyboard). Since we run with ruid/euid == 0 the user can't really
18690 signal us in nasty ways.
18694 Don't need to worry about catching too many signals since we do
18695 locking on the tmp file. If a lockfile is really stale, it will be
18696 detected and overwritten.
18699 * INSTALL, Makefile.in:
18700 include auth/API in tarball
18703 * auth/sudo_auth.c:
18704 move memset() of plaintext pw outside of verify loop and only do the
18705 memset if we are *not* in standalone mode.
18708 * auth/sudo_auth.c, auth/sudo_auth.h:
18709 DCE is not a standalone method
18713 fix --enable-noargs-shell
18717 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
18720 * auth/fwtk.c, auth/sia.c:
18721 _cleanup() function returns an int.
18725 there were still some return(0)'s hanging around, make them
18734 add missing semicolon
18737 * auth/sudo_auth.h:
18741 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
18743 * CHANGES, config.h.in, configure, configure.in:
18744 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
18748 add parse.h to HDRS
18751 * Makefile.in, configure, configure.in:
18752 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
18753 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
18754 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
18755 testsudoers to build on Solaris and is a bit cleaner in general.
18759 mention ptmp -> sudoers.tmp
18762 * config.h.in, configure, configure.in:
18763 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
18771 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
18772 return a value more like a system function
18784 update based on what is in the man page
18787 * parse.yacc, sudo.tab.c:
18788 minor change to first line printed in -l mode
18791 * sudo.cat, sudo.html, sudo.man, sudo.pod:
18792 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
18793 standard and add "EXAMPLES" section
18796 * visudo.cat, visudo.html, visudo.man, visudo.pod:
18797 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
18801 * logging.c, parse.c, sudo.h:
18805 * lex.yy.c, parse.lex:
18806 make an OCTET really be limited to 0-255
18810 mention timestamp changes
18817 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
18818 new sudoers(8) man page
18821 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
18824 Update comments about syslog name tables
18827 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
18828 strcasecmp.c, sudo.tab.c:
18829 include strcasecmp() for those without it
18833 Use the : operator some more and fix a typo
18837 update the history of sudo
18840 * parse.c, parse.lex, testsudoers.c:
18841 CIDR-style netmask support
18848 * sudo.tab.c, sudo.tab.h:
18849 these should be generated with byacc, not bison
18856 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
18857 In "sudo -l" mode, the type of the stored (expanded) alias was not
18858 stored with the contents. This could lead to incorrect output if
18859 the sudoers file had different alias types with the same name.
18860 Normal parsing (ie: not in '-l' mode) is unaffected.
18863 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
18865 * configure, configure.in:
18866 define _XOPEN_SOURCE to get at crypt() proto on some systems
18869 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
18876 don't need limits.h
18880 kill bogus reference to vfprintf
18883 * sample.sudoers, sudoers:
18888 Add some const in the K&R defs. This is safe since we define const
18889 away if the compiler doesn't grok it.
18892 * aclocal.m4, configure:
18893 Better test for working long long support. Ultrix compiler supports
18894 basic long long but not all operations on them.
18897 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
18898 snprintf.c, sudo.c:
18899 Add check for LONG_IS_QUAD #undef MAXINT before including
18900 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
18901 in snprintf.c and use LONG_IS_QUAD
18904 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
18906 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
18908 UCB-derived snprintf + asprintf support. Supports quads if the
18909 compiler does. No floating point yet, perhaps later...
18912 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
18914 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
18915 goodpath.c, logging.c, parse.c, sudo.c:
18916 Run most of the code as root, not the invoking user. It doesn't
18917 really gain us anything to run as the user since an attacker can
18918 just have an setuid(0) in their egg. Running as root solves
18919 potential problems wrt signalling.
18926 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
18928 * logging.c, sudo.c:
18929 Don't wait for child to finish in log_error(), let the signal
18930 handler get it if we are still running, else let init reap it for
18931 us. The extra time it takes to wait lets the user know that mail is
18934 Install SIGCHLD handler in main() and for POSIX signals, block
18939 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
18940 parse.yacc, sudo.c, sudo.h:
18941 sudoers_lookup() now returns a bitmap instead of an int. This makes
18942 it possible to express things like "failed to validate because user
18943 not listed for this host". Some thigns that were previously
18944 VALIDATE_FOO are now FLAG_FOO. This may change later on.
18946 Reorganized code in log_auth() and sudo.c to deal with above
18949 Safer versions of push/pushcp with in the do { ... } while (0) style
18951 parse.yacc now saves info on the stack to allow parse.c to determine
18952 if a user was listed, but not for the host he/she tried to run on.
18954 Added --with-mail-if-no-host option
18957 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
18959 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
18960 visudo.man, visudo.pod:
18961 o NewArgv and NewArgc don't need to be externally visible. o If
18962 pedantic > 1, it is a parse error. o Add -s (strict) option to
18963 visudo which sets pedantic to 2.
18966 * HISTORY, INSTALL:
18967 Just have sudo-bugs contact info in one place
18970 * sudo.cat, sudo.html, sudo.man, sudo.pod:
18974 * Makefile.in, configure, configure.in:
18975 Add testsudoers to default build target if --with-devel Don't clean
18976 generated parser files unless "distclean".
18979 * parse.yacc, sudo.tab.c:
18980 In pedantic mode we need to save *all* the aliases, not just those
18981 that match, or we get spurious warnings.
18985 reference samples.sylog.conf
18988 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
18990 * sample.syslog.conf:
18991 Sample entries for syslog.conf
18998 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
18999 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
19000 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
19001 auth/sudo_auth.c, auth/sudo_auth.h:
19002 In struct sudo_auth, turn need_root and configured into flags and
19003 add a flag to specify an auth method is running alone (the only
19004 one). Pass auth methods their sudo_auth pointer, not the data
19005 pointer. This allows us to get at the flags and tell if we are the
19006 only auth method. That, in turn, allows the method to be able to
19007 decide what should/should not be a fatal error. Currently only
19008 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
19009 define and te hackery that went with it. With access to the
19010 sudo_auth struct, methods can also get at a string holding their
19011 cannonical name (useful in error messages).
19014 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
19015 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
19017 o --with-otp deprecated, use --without-passwd instead o real
19018 dependencies in the Makefile o --with-devel option to enable yacc,
19019 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
19020 back to being a token, not a string but don't leak memory o rename
19021 hsotspec -> host in parse.yacc
19024 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
19030 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
19032 o Digital UNIX needs to check for *snprintf() before -ldb is added
19033 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
19034 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
19035 functions in snprintf.c to fix -Wall o Add missing includes to fix
19039 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
19040 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
19042 o Add a "pedentic" flag to the parser. This makes sudo warn in
19043 cases where an alias may be used before it is defined. Only turned
19044 on for visudo and testsudoers. o Add --disable-authentication option
19045 that makes sudo not require authentication by default. The PASSWD
19046 tag can be used to require authentication for an entry. We no
19047 longer overload --without-passwd.
19050 * lex.yy.c, parse.lex:
19051 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
19052 username can contain just about anything so be very permissive. Also
19053 drop the unused \. punctuation.
19056 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
19058 * parse.yacc, sudo.tab.c:
19059 o add a 'val' element to aliasinfo struct and move -> parse.h o
19060 find_alias() now returns an aliasinfo * instead of boolean o
19061 add_alias() now takes a value parameter to store in the
19062 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
19063 return: 1) positive match 0) negative match (due to '!')
19064 -1) no match This means setting $$ explicitly in all cases, which I
19065 should have done in the first place. It also means that we always
19066 store a value that is != -1 and when we see a '!' we can set
19067 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
19068 now works the way it should in lists and some of the rules are more
19069 uniform and sensible.
19073 add parse.h dependency
19077 kill unused *_matched macros
19081 Allow a list of users as the first thing in a user spec, not just a
19082 single entry. This makes things more uniform, though it does allow
19083 you to write user specs that are hard to read.
19095 fix check for crypt() in libufc
19098 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
19101 sudo-users list now exists
19104 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
19108 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
19109 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
19110 version.c, visudo.c:
19111 o Move lock_file() and touch() into fileops.c so visudo can use them
19112 o Visudo now locks the sudoers temp file instead of bailing when the
19113 temp file already exists. This fixes the problem of stale temp
19114 files but it does *require* that you not try to put the temp file in
19115 a world-writable directory. This shoud not be an issue as the temp
19116 file should live in the same dir as sudoers. o Visudo now only
19117 installs the temp file as sudoers if it changed.
19120 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
19126 * config.h.in, configure, configure.in, logging.c:
19130 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
19131 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
19132 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
19133 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
19134 -> _PATH_SUDOERS_TMP
19137 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
19139 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
19140 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
19141 root sudo -V config reporting
19144 * configure, configure.in:
19145 aix_auth.o not authenticate.o
19149 Add --with-goodpri and --with-badpri configure options to specify
19150 the syslog priority to use.
19153 * INSTALL, configure, configure.in, logging.h:
19154 Add --with-goodpri and --with-badpri configure options to specify
19155 the syslog priority to use.
19159 kill crufty AIX stuff
19163 Sigh, some versions of make (like Solaris's) don't deal with $< like
19164 I would expect. Both GNU and BSD makes get this right but... So, we
19165 just expand $< inline at the cost of some ugliness.
19169 If the invoking user is root, sudo will now print configure info in
19170 -V mode. Currently just prints logging info, to be expanded later.
19173 * logging.c, logging.h, sudo.c, sudo.h:
19174 o new defines for syslog facility and priority o use new
19175 print_version() functino for -V mode
19179 Don't need version.c
19182 * aclocal.m4, config.h.in, configure, configure.in:
19183 Add check for syslog facilities and priorities tables in syslog.h
19187 o authenticate -> aix_auth o add version.c
19190 * auth/sudo_auth.c:
19191 Missed a prompt -> user_prompt conversion
19194 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
19197 sudo should lock its logfile
19200 * parse.yacc, sudo.tab.c:
19201 o Add '!' correctly when expanding Aliases. o Add shortcut macros
19202 for append() to make things more readable. o The separator in
19203 append() is now a string instead of a char. o In append(), only
19204 prepend the separator if the last char is not a '!'. This is a
19205 hack but it greatly simplifies '!' handling. o In -l mode, Runas
19206 lists and NOPASSWD/PASSWD tags are now inherited across entries in
19207 a list (matches current behavior). o Fix formatting in -l mode such
19208 that items in a list are separated by a space. Greatlt improves
19209 readability. o Space for name field in struct aliasinfo is now
19210 allocated dyanically instead of using a (big) buffer. o In
19211 add_alias(), only search the list once (lsearch instead of lfind +
19215 * lex.yy.c, sudo.tab.c, sudo.tab.h:
19219 * configure, configure.in:
19220 Solais pam doesn't require anye xtra setup
19224 o Simpler '!' support now that the lexer deals with multiple !'s for
19225 us. o In the case of opFOO, have FOO give a boolean return value and
19226 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
19227 it gets fill()'d in parse.lex--fixes a small memory leak. In the
19228 long run it may be better to just fix parse.lex and make ALL back
19229 into a token. However, having it be a string is useful since it
19230 can be easily passed back to the parent rule if we so desire.
19234 o Remove some unnecessary backslashes o collapse multiple !'s by
19235 using !+ and checking if yyleng is even or odd. this allows us to
19236 simplify ! handling in parse.yacc
19240 -u flag was being ignored
19243 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
19250 work around pod2man stupididy
19254 correct dependencies for .cat
19257 * sudo.cat, sudo.man, visudo.cat, visudo.man:
19261 * sudo.pod, visudo.pod:
19262 Add copyright Update to reality
19265 * parse.c, sudo.c, sudo.h:
19266 rename validate() to the more descriptive sudoers_lookup()
19273 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
19279 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
19280 configure, configure.in, sudo.c:
19285 add 4th term to license similar to term 5 in the apache license
19288 * emul/search.h, emul/utime.h:
19289 add 4th term to license similar to term 5 in the apache license
19292 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
19293 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
19294 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
19295 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
19296 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
19297 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
19298 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
19300 add 4th term to license similar to term 5 in the apache license
19303 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
19304 add 4th term to license similar to term 5 in the apache license
19307 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
19308 getspwuid.c, goodpath.c:
19309 add 4th term to license similar to term 5 in the apache license
19312 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
19313 insults.h, logging.c, sudo.c, sudo.h:
19314 there was a 1995 release too
19317 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
19324 Use dirs instead of files for timestamp. This allows tty and non-
19325 tty schemes to coexist reasonably. Note, however, that when you
19326 update a tty ticket, the mtime on the user dir gets updated as well.
19329 * configure, configure.in:
19330 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
19331 when linking test program, not just -lprot. Also add check for
19332 getspnam(). The SCO docs indicate that /etc/shadow can be used but
19336 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
19339 first cut at auth API description
19342 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
19344 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
19345 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
19347 auth API change. There is now an init method that gets run before
19348 the main loop. This allows auth routines to differentiate between
19349 initialization that happens once vs. setup that needs to run each
19350 time through the loop.
19353 * auth/kerb5.c, logging.c:
19354 use easprintf() and evasprintf()
19358 add easprintf() and evasprintf(), error checking versions of
19359 asprintf() and vasprintf()
19363 remove 2 items. One done, one won't do.
19366 * lex.yy.c, sudo.tab.c:
19370 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
19371 visudo.html, visudo.man:
19380 o Document -K flag and update meaning of -k flag. o BSD-style
19381 copyright o Document clearing of BIND resolver environment variables
19382 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
19383 if your OS gives away files
19391 BSD-style copyright
19395 o BSD copyright o no need to block signals, we now do that in main()
19399 * testsudoers.c, visudo.c:
19400 o BSD-style copyright o Use "struct sudo_user" instead of old
19401 globals. o some cometic cleanup
19405 BSD-style copyright
19409 o BSD copyright o logging and parser bits moved to their own .h
19410 files o new "struct sudo_user" to encapsulate many of the old
19415 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
19416 logging routines o simplified flow of control o BIND resolver
19417 additions to badenv_table
19421 BSD-style copyright
19425 Now compiles on more K&R compilers
19429 BSD-style copyright, cosmetic changes
19433 BSD-style copyright
19436 * parse.c, parse.h, parse.lex, parse.yacc:
19437 BSD-style copyright. Move parser-specific defines and structs into
19438 parse.h + other cosmetic changes
19442 defines for logging routines
19445 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
19446 BSD-style copyright, cosmetic changes
19449 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
19451 BSD-style copyright
19455 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
19456 kill --disable-tgetpass o add --without-passwd o changes to fill in
19457 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
19458 v?asprintf() o replace --with-AuthSRV with --with-fwtk
19462 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
19463 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
19464 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
19468 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
19472 BSD-style copyright
19476 no more --with-getpass
19480 Take out things I've done...
19488 --with-getpass no longer exists
19492 BSD-style copyright. Update to reflect reality wrt new files and
19497 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
19502 Update history a bit
19505 * COPYING, LICENSE:
19506 Now distributed under a BSD-style license
19509 * auth/sudo_auth.c:
19510 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
19511 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
19515 * auth/pam.c, auth/sia.c:
19516 BSD-style copyright and use new log functions
19520 o BSD-style copyright o Use new log functiongs o Use asprintf() and
19521 snprintf() where sensible.
19525 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
19526 done more reasonably--better sanity checks and tty-based stamps are
19527 now done as files in a directory with the same name as the invoking
19528 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
19529 to mix tty and non-tty based ticket schemes but this may change in
19530 the future (it requires sudo to use a directory instead of a file in
19531 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
19532 the epoch and ``sudo -K'' really deletes the file. That way you
19533 don't get the lecture again just because you killed your ticket in
19534 .logout. BSD-style copyright now.
19538 o rewritten logging routines. log_error() now takes printf-style
19539 varargs and log_auth() for the return value of validate(). o BSD-
19543 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
19544 superceded by new auth API
19548 BSD-style copyright
19552 Use snprintf() where it makes sense and add a BSD-style copyright
19555 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
19556 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
19557 BSD-style copyright
19560 * emul/utime.h, utime.c:
19561 BSD-style copyright
19565 this has been rewritten so use my BSD-style copyright
19568 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
19571 include malloc.h if no stdlib.h
19575 KTH snprintf()/asprintf() for systems w/o them
19579 strerror() for systems w/o it
19582 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
19588 * parse.c, parse.lex, parse.yacc:
19589 Add contribution info in the main comment
19592 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
19595 remove missed ref to PAM_nullpw
19598 * auth/sudo_auth.h:
19603 more or less complete now--still untested
19606 * auth/afs.c, auth/pam.c:
19607 don't use user_name macro, it will go away
19610 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
19611 combine skey/opie code into rfc1938.c
19614 * auth/dce.c, auth/sudo_auth.h:
19615 DCE authentication method; basically unchanged from dce_pwent.c
19618 * auth/aix_auth.c, auth/sudo_auth.h:
19619 AIX authenticate() support. Could probably be much better
19623 Fix an uninitialized variable and some cleanup. Now works (tested)
19626 * auth/sia.c, auth/sudo_auth.h:
19627 SIA support for digital unix
19631 don't use prompt global, it will go away
19634 * auth/secureware.c:
19635 correct copyright years
19638 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
19639 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
19640 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
19641 New authentication API and methods
19644 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
19651 only save an entry if user_matches && host_matches, even if the
19652 stack is empty (fix for previous commit)
19660 1) Always save an entry on the stack if it is empty. This fixes the
19661 -l and -v flags that were broken by earlier parser changes.
19663 2) In a Runas list, don't negate FALSE -> TRUE since that would make
19664 !foo match any time the user specified a runas user (via -u) other
19669 interfaces and num_interfaces are now auto, not extern
19672 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
19675 use a static global to keep stae about empty passwords
19679 make PASSWORD_NOT_CORRECT logging consistent with other modules
19682 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
19685 PAM prompt code was wrong, looks like we have to kludge it after
19690 In the PAM code, when a user hits return at the first password
19691 prompt, exit without a warning just like the normal auth code
19694 * configure, configure.in:
19695 kludge around cross-compiler false positives
19698 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
19699 New (correct) PAM code Tgetpass now takes an echo flag for use with
19700 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
19701 useless umask setting Change error from BAD_ALLOCATION ->
19702 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
19707 Some -Wall and kill some trailing spaces
19711 define -D__EXTENSIONS__ for solaris so we get crypt() proto
19714 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
19720 * INSTALL, config.h.in, configure, configure.in:
19721 for kerberos V < version, fall back on old kerb4 auth code
19725 clarify some things
19728 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
19732 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
19735 mention why DONT_LEAK_PATH_INFO is not the default
19738 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
19741 Fix open(2) return value checking, was NULL for fopen, should be -1
19750 better wording for solaris pam notice
19754 document recent changes
19758 Update shadow password section
19762 move authentication code from check.c to auth.c
19765 * Makefile.in, check.c, sudo.h:
19766 move authentication code to auth.c
19769 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
19771 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
19772 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
19773 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
19774 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
19776 Move interface-related defines to interfaces.h so we don't have to
19777 include <netinet/in.h> everywhere.
19780 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
19782 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
19783 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
19784 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
19785 turns out the old DES crypt does the right thing with passwords
19786 longert than 8 characters. o Fix common typo (necesary ->
19787 necessary) o Update TODO list
19790 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
19793 set $LOGNAME when we set $USER
19796 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
19799 add comment about digital unix and interfaces.c warning with gcc
19802 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
19805 use modern paths and give examples for some of the new parser
19809 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
19815 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
19816 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
19817 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
19818 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
19819 Function names should be flush with the start of the line so they
19820 can be found trivially in an editor and with grep
19823 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
19824 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
19825 free(3) is already void, no need to cast it
19828 * logging.c, sudo.c, sudo.h:
19829 catch case where cmnd_safe is not set (this should not be possible)
19832 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
19833 testsudoers.c, visudo.c:
19834 Stash the "safe" path (ie: the one listed in sudoers) to the command
19835 instead of stashing the struct stat. Should be safer.
19838 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
19840 * INSTALL, Makefile.in, UPGRADE:
19841 notes on updating from an earlier release
19848 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
19850 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
19851 sudoers.man, sudoers.pod:
19852 You can now specifiy a host list instead of just a host or alias.
19853 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
19860 * parse.yacc, sudo.tab.c:
19861 Move the push from the beginning of cmndspec to the end. This means
19862 we no longer have to do a push at the end of privilege, just reset
19866 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19867 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
19868 use "!" most everywhere
19871 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
19874 modernize paths and update su example based on sample.sudoers one
19878 New runas semantics
19881 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
19883 In estrdup(), do the malloc ourselves so we don't need to rely on
19884 the system strdup(3) which may or may not exist. There is now no
19885 need to provide strdup() for those w/o it. Also, the prototype for
19886 estrdup() was wrong, it returns char * and its param is const.
19894 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
19897 * CHANGES, TODO, parse.yacc, sudo.tab.c:
19898 It is now possible to use the '!' operator in a runas list as well
19899 as in a Cmnd_Alias, Host_Alias and User_Alias.
19902 * logging.c, sudo.h:
19903 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
19907 Definitions of *_matched were wrong--user top, not top-2 as
19911 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
19912 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
19913 command but the NOPASSWD flag was set. Make runasspec, runaslist,
19914 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
19915 in the runas list Fix double printing of '%' and '+' for groups and
19916 netgroups respectively Add *_matched macros (no need for local stack
19917 variable). Should only be used directly after a pop (since top must
19921 * aclocal.m4, configure.in:
19922 Add copyright, somewhat silly
19925 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
19927 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
19928 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
19929 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
19930 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
19931 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
19932 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
19933 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
19934 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
19936 Crank version to 1.6 and combine copyright statements
19940 Use ! not ^ to do negation
19943 * lex.yy.c, sudo.tab.c:
19947 * parse.lex, parse.yacc:
19948 Make runas and NOPASSWD tags persistent across entris in a command
19949 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
19950 runas or *PASSWD tag the value given becomes the new default for the
19951 rest of the command list.
19954 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
19958 [a1ae9d4a7d54] [SUDO_1_5_9]
19961 Shift return value of system(3) by 8 to get real exit value and if
19962 it is not 1 or 0 print the retval along with the error message.
19965 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
19968 testsudoers needs LIBOBJS too
19971 * parse.c, parse.yacc, sudo.tab.c:
19972 Fix another parser bug. For a sudoers entry like this: millert
19973 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
19981 * parse.yacc, sudo.tab.c:
19982 Save entries that match a ! command on the matching stack too
19986 Make sudo's usage info better when mutually exclusive args are given
19987 and don't rely on argument order to detect this; nick@zeta.org.au
19990 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
19992 * CHANGES, Makefile.in, RUNSON:
20000 * parse.yacc, sudo.tab.c:
20001 Fix off by one error introduced in *alloc changes
20004 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
20005 check_sia.c, compat.h, config.h.in, configure, configure.in,
20006 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
20007 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
20008 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
20009 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
20010 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
20011 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
20012 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
20016 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
20017 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
20018 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
20019 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
20020 Use emalloc/erealloc/estrdup
20024 error checking memory allocation routines
20027 * parse.yacc, sudo.tab.c:
20028 Still not right, this fixes it for real
20031 * parse.yacc, sudo.tab.c:
20032 Fix for previous commit
20035 * CHANGES, INSTALL, parse.yacc:
20036 Fix a parser bug that was exposed when mixing different runas specs
20037 and ! commands. For example: millert ALL=(daemon)
20038 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
20039 as well as daemon when it should just allow daemon. The problem was
20040 that comma-separated commands in a list shared the same entry on the
20041 matching stack. Now they get their own entry iff there is a full
20042 match. It may be better to just make the runas spec persistent
20043 across all commands in a list like the user and host entries of the
20044 matching stack. However, since that is a fairly major change it
20045 should gets its own minor rev increase.
20048 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
20050 * check.c, config.h.in:
20051 Simplify PAM code and fix a PAM-related warning on Linux
20054 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
20068 * check.c, configure.in:
20069 new pam code that works on solaris, should work on linux too;
20073 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
20080 only include strings.h if there is no string.h
20083 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
20086 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
20089 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
20092 shost must be set before log functions are called #ifdef HOST_IN_LOG
20095 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
20097 * CHANGES, lex.yy.c, parse.lex:
20098 Fix a bug wrt quoting characters in command args. Stop processing
20099 an arg when you hit a backslash so the quoted-character detection
20103 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
20106 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
20109 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
20111 * configure, configure.in:
20112 add missing case statement so --without-sendmail works
20115 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
20121 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
20123 * configure, configure.in:
20124 only search for -lsun in irix <= 4.x
20127 * configure, configure.in:
20128 back out last configure.in change now that I've hacked autoconf to
20129 fix the real problem and add a missing newline
20137 add def of dirfd() for those without it
20140 * configure, configure.in:
20141 When falling back to checking for socket() when linking with
20142 "-lsocket -lnsl" check for main() instead since autoconf has already
20143 cached the results of checking for socket() in -lsocket. This is
20144 really an autoconf bug as it should use the extra libs as part of
20145 the cache variable name.
20152 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
20155 fix occurrence of $with_timeout that should be
20156 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
20160 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
20162 * sudo.cat, sudo.html, sudo.man, sudo.pod:
20163 fix grammar; espie@openbsd.org
20164 [7031d9dfbc3e] [SUDO_1_5_8]
20166 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
20168 * parse.yacc, sudo.c, testsudoers.c:
20169 add cast for strdup in places it does not have it
20172 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
20174 * configure, configure.in:
20175 define for_BSD_TYPES irix
20178 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
20180 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
20181 Make it clear that it is the user's password, not root's, that we
20186 If the user enters an empty password and really has no password,
20187 accept the empty password they entered. Perviously, they could
20189 *but* an empty password. Also, add GETPASS macro that calls either
20190 tgetpass() or getpass() depending on how sudo was configured.
20191 Problem noted by jdg@maths.qmw.ac.uk
20194 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
20196 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
20197 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
20198 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
20199 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
20200 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
20201 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
20203 add explicate copyright
20207 mention -lsocket, -lnsl configure changes
20210 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
20213 Don't clobber errno after calling check_sudoers().
20216 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
20218 * configure, configure.in:
20219 When linking with both -lsocket and -lnsl be sure to do so in that
20220 order. Also, when we can't find socket() or inet_addr() and have to
20221 try linking with both libs, issue a warning.
20224 * sudo.cat, sudo.man, sudo.pod:
20225 clarify bad timestamp and fmt
20228 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
20231 be clear that pam is linux-only and add a RUNSON entry
20234 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
20236 * CHANGES, INSTALL, configure, configure.in:
20237 fix and correctly document --with-umask; problem noted by
20241 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
20243 * configure, configure.in:
20244 only use /usr/{man,catman}/local to store man pages if suer didn't
20245 override prefix or mandir
20248 * INSTALL, configure, configure.in:
20249 fix typo, make --with-SecurID take an arg
20252 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
20258 * CHANGES, INSTALL, check.c, configure, configure.in:
20259 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
20262 * configure, configure.in:
20263 better fix for the problem of unresolved symbols in -lnsl or
20267 * configure, configure.in:
20268 when checking for functions in -lnsl and -lsocket link with both of
20269 them to avoid unresolved symbols on some weirdo systems
20272 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
20274 * BUGS, CHANGES, RUNSON, TODO:
20275 old changes that didn't make it into RCS before the RCS->CVS switch
20278 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
20280 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
20281 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
20282 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
20283 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
20284 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
20285 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
20286 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
20299 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
20300 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
20301 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
20302 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
20303 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
20304 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
20305 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
20306 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
20307 crank version and regen files
20311 kill rcs goop in update_version and fix now that version is a const
20314 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
20315 sudo.c, sudo.h, sudo.pod:
20316 kerb5 support from fcusack@iconnet.net
20319 * realpath.c, sudo_realpath.c:
20320 we no longer use realpath
20324 replaced by find_path.c
20328 all options are now configure flags
20336 superceded by getcwd.c
20340 superceded by tgetpass.c
20344 superceded by RUNSON
20348 No longer used now that we have configure options for everything.
20352 regen based on configure.in
20355 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
20356 sudoers.man, visudo.cat, visudo.html, visudo.man:
20357 regen based on sudo.pod, sudoers.pod, and visudo.pod
20360 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
20363 fix tty tickets in remove_timestamp (didn't use ':')
20366 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
20369 close sock when we are done with it
20372 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
20375 never say "error on line -1"
20378 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
20381 check for -lnsl before -lsocket
20385 quote '[', ']' used in ranges correctly
20388 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
20391 add missing NO_ROOT_SUDO noted by drno@tsd.edu
20394 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
20401 more info for 1.5.7
20409 make increases of cm_list_size and ga_list_size be similar to
20410 increases of stacksize (ie: >= not > in initial compare).
20414 when we get a syntax error, report it for the previous line since
20415 that's generally where the error occurred.
20418 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
20420 * config.h.in, configure.in, interfaces.c:
20421 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
20423 [d197f31fd1e4] [SUDO_1_5_7]
20426 define BSD_COMP for svr4
20429 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
20430 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
20431 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
20432 testsudoers.c, tgetpass.c, utime.c, visudo.c:
20437 kill check for sockio,h
20441 no more HAVE_SYS_SOCKIO_H
20444 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
20445 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
20446 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
20447 testsudoers.c, tgetpass.c, utime.c, visudo.c:
20451 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
20454 add missing inform_user()
20457 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
20460 return NOT_FOUND if given fully qualified path and it does not exist
20461 previously it would perror(ENOENT) which bypasses the option to not
20466 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
20470 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
20473 tty tickets are user:tty now
20477 when using tty tickets make it user:tty not user.tty as a username
20478 could have a '.' in it
20481 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
20484 add "ignoring foo found in ." for auth successful case
20487 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
20490 add missing printf param
20493 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
20495 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
20496 go back to printing "command not found" unless --disable-path-info
20497 specified. Also, tell user when we ignore '.' in their path and it
20498 would have been used but for --with-ignore-dot.
20502 Only one space after a colon, not two, in printf's
20505 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
20508 document setting $USER
20512 fix bugs with prompt expansion
20516 set $USER for root too
20519 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
20526 HP-UX's iscomsec is in -lsec, not libc
20530 remove some entries in the OS case statement that did nothing
20534 add "cd" section and flush out syslog section
20538 no more sudo-lex.yy.c
20542 add custom prompt support
20546 kill perror("malloc") since we already have a good error messages
20547 pw_ent -> pw for brevity
20551 kill perror("malloc") since we already have a good error messages
20552 pw_ent -> pw for brevity set $USER if -u specified
20556 kill perror("malloc") since we already have a good error messages
20560 kill perror("malloc") since we already have a good error messages
20561 pw_ent -> pw for brevity when checking if %group matches, look up
20562 user in password file so that %groups works in a RunAs spec.
20566 kill perror("malloc") since we already have a good error messages
20569 * check.c, getspwuid.c, interfaces.c:
20570 kill perror("malloc") since we already have a good error messages
20571 pw_ent -> pw for brevity
20574 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
20577 the prompt is expanded before tgetpass is called
20581 tgetpass now has the same args as getpass again
20585 add iscomsec, issecure support
20589 we now expand any %h or %u in the prompt before passing to tgetpass
20593 add check for syslog(3) in -lsocket, -lnsl, -linet
20597 add HAVE_ISCOMSEC and HAVE_ISSECURE
20601 add check for iscomsec in HP-UX
20605 check for issecure if we have getpwanam on SunOS some options are
20606 incompatible with DUNIX SIA check for dispcrypt on DUNIX
20609 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
20616 add back support for non-dispcrypt based checking for older DUNIX
20624 SIA becomes the default on Digital UNIX now havbe --disable-sia to
20629 move local includes after system ones
20632 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
20634 * check.c, check_sia.c, sudo.h:
20635 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
20640 fix while loop in sia_attempt_auth() that checks the password. Only
20641 the first iteration was working.
20644 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
20647 don't trust UID_MAX or MAXUID
20658 * getspwuid.c, secureware.c:
20659 init crypt_type to INT_MAX since it is legal to be negative in DUNX
20664 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
20665 -ldb since DUNX < 4.0 lacks it
20668 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
20670 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
20671 secureware.c, sudo.c, tgetpass.c:
20672 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
20673 minutes if the shadow files don't exist).
20676 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
20679 updated --with-editor blurb
20683 tell how to put sudoers in a different dir
20687 add missing quotes around $with_editor
20691 typo in --with-editor bits
20695 I don't expect it to work on Solaris
20699 add back security/pam_misc.h
20702 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
20705 remove dunix note since configure checks for this now
20709 add check for broken dunix prot.h (4.0 < 4.0D is bad)
20712 * getspwuid.c, secureware.c, tgetpass.c:
20713 new dunix shadow code, use dispcrypt(3)
20721 call initprivs() if we have it for getprpwuid later on
20725 clean pathnames.h too
20729 quote "Sorry, try again." with [] since it has a comma in it set
20730 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
20731 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
20736 update Digital UNIX note about acl.h
20741 --without-root-sudo -> --disable-root-sudo some reordering
20748 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
20756 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
20759 when checking for -lsocket, -lnsl, and -linet, check for the
20760 specific functions we need from them.
20763 * config.h.in, sudo.h:
20764 move Syslog_* defs into sudo.h
20767 * Makefile.in, sudo.h:
20768 added check_secureware
20772 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
20776 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
20777 defined. configure now does that for us
20781 move some --with options around change a bunch of echo's to
20782 AC_MSG_CHECKING, AC_MSG_RESULT pairs
20786 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
20787 syntax error add some echo verbage
20790 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
20793 moved SecureWare stuff into secureware.c
20801 update url to solaris gcc bins
20805 change option formatter and flesh out someentries
20808 * TROUBLESHOOTING, sudo.pod, visudo.pod:
20809 environmental variable -> environment variable
20813 everything is now done via configure
20821 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
20825 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
20829 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
20830 sudoers_mode from configure
20834 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
20835 the Makefile, not config.h
20839 document all --with/--enable options
20842 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
20845 options.h is no more
20849 assimilated options.h
20853 moved options from options.h to configure
20856 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
20857 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
20858 sudo_setenv.c, visudo.c:
20862 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
20863 remove references to options.h
20866 * dce_pwent.c, interfaces.c, sudo.c:
20871 if select return < -1 still prompt for pw
20875 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
20880 FAST_MATCH is no longer an optino
20884 remove_timestamp() if timestamp is preposterous
20888 convert more options to --with/--enable
20891 * INSTALL, aclocal.m4:
20896 convert more options into --with and --enable
20900 catch EINTR in select and restart
20907 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
20910 UMASK -> SUDO_UMASK.
20913 * check.c, logging.c:
20914 time.h, not sys/time.h
20917 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
20920 MAILER -> _PATH_SENDMAIL
20923 * INSTALL, configure.in:
20924 no more --with-C2, now it is --disable-shadow
20927 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
20928 getspwuid.c, sudo.c, tgetpass.c:
20929 new shadow password scheme. Always include shadow support if the
20930 platform supports it and the user did not disable it via configure
20933 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
20936 --with-getpass -> --{enable,disable}-tgetpass
20940 pathnames.h -> pathnames.h.in
20948 move pam_conv to be static to auth function remove pam_misc.h
20949 (solaris doesn't have one)
20953 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
20957 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
20961 convert to pathnames.h.in
20964 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
20967 fix typo in sysv4 matching case /.
20970 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
20973 pam stuff needs to run as root, not user, for shadow passwords
20976 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
20978 * BUGS, INSTALL, README, configure.in:
20982 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
20983 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
20984 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
20985 logging.c, options.h, parse.c, parse.lex, parse.yacc,
20986 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
20987 testsudoers.c, tgetpass.c, utime.c, visudo.c:
20992 user version.h for long message
20996 this is version 1.5.6
20999 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
21002 remove errant backslash
21005 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
21007 * options.h, parse.yacc, pathnames.h.in:
21009 [fdee73255d64] [SUDO_1_5_6]
21011 * BUGS, CHANGES, TODO:
21019 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
21022 kill unused localhost_mask var copy if name to ifr_tmp after we zero
21026 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
21029 Better description of new vs. old sudoers modes fix some typos
21030 better description of /usr/ucb/cc gotchas on slowaris
21038 set NewArgv[0] to user_shell, not basename(user_shell)
21041 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
21044 mention TROUBLESHOOTING more fix some typos
21048 move --enable/--disable to be after --with
21052 document --enable/--disable
21056 document --with-pam
21059 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
21062 Add message for pam users
21073 * check.c, config.h.in, configure.in:
21074 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
21077 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
21080 add HOST_IN_LOG and WRAP_LOG
21084 add WRAP_LOG and HOST_IN_LOG
21088 add --enable-log-host and --enable-log-wrap
21092 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
21095 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
21102 include sys/param.h to get howmany macro
21105 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
21107 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
21111 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
21114 bring in stdio.h for NULL
21118 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
21122 use HAVE_SET_AUTH_PARAMETERS
21126 add HAVE_SET_AUTH_PARAMETERS
21130 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
21134 add support for HI-UX/MPP SR220001 02-03 0 SR2201
21138 initialize previfname
21142 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
21143 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
21152 don't need special build line for sudo.tab.o
21156 don't clean sudo.tab.[ch]
21160 Sudo should prompt for a password before telling the user that a
21161 command could not be found.
21169 no longer require yacc
21177 y.tab -> sudo.tab include pre-yacc'd parse.yacc
21181 include sudo.tab.h, not y.tab.h don't break out of command args if
21189 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
21198 getcwd(3) from OpenBSD for those without it.
21202 HAVE_GETWD -> HAVE_GETCWD
21206 pretend sunos doesn't have getcwd(3) since it opens a pipe to
21215 remove duplicate include of string.h
21219 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
21223 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
21227 add dev_t and ino_t
21230 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
21233 fix OTP_ONLY for opie
21236 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
21238 * testsudoers.c, tgetpass.c:
21239 include stdlib.h for malloc proto
21242 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
21245 make update_version saner
21249 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
21253 check for waitpid and wait3 or no waitpid
21257 used waitpid or wait3 if we have 'em
21260 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
21263 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
21266 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
21269 don't need to explicately mention -lsocket -lnsl for sequent
21272 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
21275 dynix should not link with -linet
21278 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
21281 mention that HP-UX doesn't ship with yacc
21284 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
21287 ignore kerberos if we can't get the local realm
21290 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
21292 * BUGS, INSTALL, README, configure.in:
21300 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
21301 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
21302 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
21303 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
21312 don't use popen/pclose. Do it inline.
21323 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
21324 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
21329 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
21334 getwd.c -> getcwd.c
21346 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
21350 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
21352 * OPTIONS, options.h:
21353 add STUB_LOAD_INTERFACES
21356 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
21357 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
21358 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
21359 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
21360 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
21361 testsudoers.c, tgetpass.c, utime.c, visudo.c:
21366 support *-ccur-sysv4 and fix two typos
21369 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
21372 don't echo about with_logfile and with_timedir
21376 document --with-logfile and --with-timedir
21380 support --with-logfile and --with-timedir
21384 Add --with-logfile and --with-timedir
21388 change size computation of NewArgv for UNICOS
21391 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
21394 treate -*-sysv4* like *-*-svr4
21397 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
21400 fix spacing for --with-authenticate help
21403 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
21404 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
21405 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
21406 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
21407 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
21408 testsudoers.c, tgetpass.c, utime.c, visudo.c:
21413 fix off by one error in push macro
21416 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
21419 removed bogus alloca hack
21423 added AIX 4.x authenticate() support
21427 include alloca.h if using bison and not gcc and it exists. fixes an
21428 alloca problem on hpux 10.x
21432 mention --with-authenticate
21436 added AIX authenticate() support
21440 add HAVE_AUTHENTICATE
21444 dynamically size ifconf buffer
21451 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
21452 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
21453 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
21454 logging.c, options.h, parse.c, parse.lex, parse.yacc,
21455 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
21456 testsudoers.c, tgetpass.c, utime.c, visudo.c:
21464 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
21467 add busy stmp file explanation
21470 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
21473 the name of the cached var that signals whether or not you are cross
21474 compiling changed. It is now ac_cv_prog_cc_cross
21477 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
21480 mention glibc 2.07 is fixed wrt lsearch()\.
21483 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
21485 * sample.sudoers, sudoers.pod:
21486 better example of su but not root su
21489 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
21491 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
21492 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
21493 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
21494 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
21495 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
21496 testsudoers.c, tgetpass.c, utime.c, visudo.c:
21501 correct regexp for updating version
21505 remove bogus flush of stderr spew prompt before turning off echo.
21506 Seems to fix a weird problem where if sudo complained about a bogus
21507 stamp file the user would sometimes not have a chance to enter a
21512 fix bogus flush of stderr
21516 close fd's <=2 not <=3 and move that chunk of code up
21520 support hpux1[0-9] not just hpux10
21523 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
21526 set sudoers_fp to nil after closing
21529 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
21531 * config.guess, config.sub:
21532 updated from autoconf 2.12
21539 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
21542 fix select usage for high fd's (dynamically allocate readfds)
21546 kill extra whitespace
21550 do an initgroups() before running a command, unless the target user
21554 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
21557 tell people to use tabs, not spaces, in syslog.conf
21560 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
21562 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
21563 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
21567 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
21568 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
21572 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
21573 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
21578 more tweaks to update_version
21582 fixed up update_version rule
21590 removed supe of check.c
21601 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
21602 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
21603 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
21604 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
21605 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
21606 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
21616 add rules to update version stuff in files so I don't need to do it
21621 sudoers_fp is now extern
21625 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
21626 don't have to open it again in the parse. This may help with weird
21627 solaris problems where EAGAIN sometime occurrs.
21631 sudoers file open is now done only in check_sudoers() so we just do
21632 a rewind() instead of an open. May help people on solaris who were
21636 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
21639 mention that newer glibc is fixed
21642 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
21645 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
21646 _RLD* instead of _RLD_*
21654 fix that bug for real
21658 document Linux's libc6 brokenness.
21667 [4949a1bbd0a9] [SUDO_1_5_4]
21670 remind people to HUP syslogd
21686 remove author's email addr. people should mail sudo-bugs
21693 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
21694 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
21695 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
21696 logging.c, options.h, parse.c, parse.lex, parse.yacc,
21697 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
21698 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
21706 * INSTALL, Makefile.in:
21715 exit(1) if user enters no passwd
21723 commands can start with ./* not just /* -- fixes a serious security
21727 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
21730 Don't set the tty variable to NULL when we lack a tty, leave it as
21734 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
21737 fix usage of (username) in conjunction with , and !
21741 catch the case where the user is not in the passwd file
21745 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
21750 define tty global to an initial value to avoid dumping core in
21751 logging functions when passwd file is unavailable.
21755 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
21760 talk about problem of ALL
21763 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
21770 fdesc bug is fixed in Open/Net BSD
21774 updates from Nieusma
21777 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
21780 move compat.h after the system includes
21783 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
21786 save errno from being clobbered by wait(). From Theo
21789 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
21792 fix an occurence of setresuid -> setreuid (typo)
21795 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
21798 check for path to strip
21801 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
21804 deal with maxfilelen < 0 case
21811 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
21814 correct error message if mode/owner wrong and not statable by owner
21815 but is statable by root.
21818 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
21820 * config.guess, config.sub:
21824 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
21826 * CHANGES, RUNSON, TODO:
21830 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
21832 * parse.yacc, sudo.h:
21833 command_alias -> generic_alias
21834 [c404ca8c510d] [SUDO_1_5_3]
21837 added Runas_Alias example and fixed syntax errors
21840 * OPTIONS, options.h:
21841 updated MAILSUBJECT
21848 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
21849 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
21850 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
21851 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
21852 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
21853 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
21858 * BUGS, emul/utime.h:
21863 document Runas_Alias
21871 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
21876 add size params to sprintf
21880 allow trailing space after '\\' but before '\n'
21884 off by one error in path size check
21891 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
21898 now warns if killed by signal ./
21901 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
21904 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
21909 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
21913 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
21917 Add Runas_Alias and simplify a rule.
21921 always store User_Alias's since they can be used inside of a runas
21922 list. Sigh. Really need a Runas_Alias instead.
21925 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
21928 deal with case where there is no sudoers file
21931 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
21937 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
21939 * HISTORY, testsudoers.c:
21940 developement -> development
21955 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
21958 removed seteuid() notes
21959 [1010a60f281d] [SUDO_1_5_2]
21961 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
21964 better seteuid() emulatino
21968 added check for seteuid
21975 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
21978 first stab at sequent support
21982 added HAVE_SYS_SELECT_H
21986 sequent -> _SEQUENT_
21990 added seteuid() macro for DYNIX
21994 _AIX -> HAVE_SYS_SELECT_H
21997 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
21999 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
22000 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
22001 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22005 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
22006 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
22007 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
22008 pathnames.h.in, version.h:
22013 added -H and SUDO_PS1
22017 use SUDO_FUNC_FNMATCH
22021 added SUDO_FUNC_FNMATCH
22029 added MODE_RESET_HOME /
22032 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
22046 * compat.h, config.h.in:
22051 added HAVE_OPIE and changed to *_OTP_*
22058 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
22061 moved fclose() in skey stuff.
22064 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
22067 index -> strchr remove unnecesary stuff
22071 now call skeychallenge() to get challenge instead of making one up
22072 ourselves. this way, we get extra goodies in the prompt.
22075 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
22079 [3f5149357e2a] [SUDO_1_5_1]
22082 allow logins to start with a number (YUCK!)
22085 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
22088 added soalris 2.5 vs 2.4 note
22092 DUNIX doesn't need -lnsl
22096 *** empty log message ***
22099 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
22100 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
22101 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
22102 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
22103 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
22104 utime.c, version.h, visudo.c:
22108 * PORTING, README, RUNSON:
22112 * INSTALL, Makefile.in, TROUBLESHOOTING:
22117 *** empty log message ***
22120 * sudo.pod, visudo.pod:
22124 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
22130 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
22133 added $SUDO_PROMPT support
22136 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
22139 print long skey challemged to stderr, not stdout
22142 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
22152 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
22158 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
22161 use shost, not host for tgetpass
22165 documented %u and %h
22169 documented %u and %h
22176 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
22177 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22178 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22179 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22180 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22181 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
22189 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
22191 * Makefile.in, configure.in, version.h:
22196 new tgetpass() params
22200 pass use and host to tgetpass
22204 added %u and %h escapes
22207 * OPTIONS, check.c, options.h:
22212 added cray (unicos) support
22215 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
22217 * OPTIONS, options.h, sudo.c:
22218 added SHELL_SETS_HOME
22221 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
22224 added note about "make install"
22228 changed length/size params from int to size_t
22232 now get CSOPS insults as well by default
22236 use csops insults too by default
22239 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
22244 added runas_homedir
22260 added "upgrading" notes
22263 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
22266 now do chmod and chown after edit of temp file and before rename
22267 [de174e34faa7] [SUDO_1_5_0]
22269 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
22272 ++version added INSTALL.configure
22275 * configure.in, version.h:
22280 *** empty log message ***
22288 sets $HOME to pw_dir of runas user
22292 document $HOME change
22295 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
22298 fixed up some wording
22301 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22302 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
22303 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
22308 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22309 insults.h, options.h, pathnames.h.in, sudo.h:
22318 name nad type changes
22322 now works with new sudo
22330 some variable name changes + comment headers for functions.
22334 added extra paren's to make compilers happy
22338 *** empty log message ***
22342 now uses init_parser() if not in sudoers and tries "list" or
22343 "validate" scold but don't be nasty.
22347 now can use upper case login names
22351 now uses init_parser()
22359 added info about PASSWORD_TIMEOUT
22362 * INSTALL.configure:
22371 now dynamically allocates memory for the stacks -- no more
22376 -l now explands command aliases
22380 hacks to expand command aliases for `sudo -l'
22384 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
22388 added struct command_alias
22396 in compar() key should be first arg
22399 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
22406 can now deal with upcase HOST and USER names
22410 don't yell too loudly at non-sudoers if they do "sudo -l"
22421 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
22423 * parse.c, parse.yacc:
22424 added support for new `sudo -l' stuff
22428 now uses list_matches()
22432 added struct sudo_match
22436 now more -lgnumalloc
22439 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
22442 added more paths for chown and whoami
22445 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
22451 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
22454 fixed DUNIX check for shadow pw
22458 now only turn off echo if it is already on. this fixes a race when
22459 you use sudo in a pipelin
22467 changed "test -z $foo && do_this" to if; then construct
22470 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
22473 added missing defines of SHADOW_TYPE
22476 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
22479 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
22484 added AUTH_CRYPT_C1CRYPT support
22488 no longer return VALIDATE_NOT_OK if there was a runas that didn't
22489 match. Now we can have runas stuff on more than one line.
22492 * getspwuid.c, sudo.c, tgetpass.c:
22493 use SHADOW_TYPE instead of HAVE_C2_SECURITY
22497 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
22502 removed HAVE_C2_SECURITY added SPW_BSD
22506 use SHADOW_TYPE instead of HAVE_C2_SECURITY
22510 SHADOW_TYPE is always defined so just against its value
22514 added SUDO_CHECK_SHADOW_DUNIX
22517 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
22520 * -> ?* in one example added another instance of (runas) and one of
22524 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
22527 added back check for config.cache from other host type
22531 removed an instance of \"
22539 updated wrt new wildcard matching
22543 new check for shadow passwords if we don't know anything
22547 new SUDO_CHECK_SHADOW_GENERIC
22551 added back check for -lsocket (oops)
22555 better (working) check for shadow passwd type if we know to use C2.
22559 now uses AC_CANONICAL_HOST to figure out os type
22563 added config.{guess,sub}
22567 removed unused stuff to figure out os type
22583 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
22584 pathname. need to check against sudoers_args even if user_args is
22589 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
22590 pathname need to check against sudoers_args even if user_args is nil
22593 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
22596 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
22600 now takes command line args and uses cmnd_args
22604 fill_args was adding an extra leading space
22607 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
22610 fixed dummy command_matches()
22622 now uses flat args string
22625 * parse.c, parse.lex:
22626 now uses flat arg string
22630 added cmnd_args def
22634 now sets cmnd_args global
22638 cmnd_args is now exported from sudo.[ch]
22641 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
22644 can't rely on cmnd_matches as much as I thought -- added some $$
22645 stuff back in to prevent namespace pollution problems.
22649 Simplified parse rules wrt runas and NOPASSWD (more consistent).
22652 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
22655 NOPASSWD may now have blanks before the ':' '(' only starts a
22656 'runas' if in the initial state to avoid collision with command args
22660 added checks for specific shadow passwd schemes
22664 added routines to check for specific shadow passwd types
22667 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
22670 added support for ncr boxen
22674 added support for detecting ncr boxen
22677 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
22680 added sinix support
22683 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
22686 added info about "config.cache from other other" error.
22690 now makes sure you don't have a config.cache file from another OS
22694 now sets $LIBS when needed to configure links with libs when doing
22695 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
22696 bigcrypt(3) if SPW_SECUREWARE
22704 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
22712 no more SPW_HPUX10 added HAVE_BIGCRYPT
22716 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
22720 SPW_SECUREWARE now uses bigcrypt
22723 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
22726 fixed 2 syntax errors
22730 root may now run ALL as ALL
22733 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
22736 fixed a typo/thinko that broke BSD's with sa_len
22739 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
22741 * check.c, configure.in:
22742 updated AFS support
22746 added entry about /usr/ucb/cc
22750 prep no longer holds gcc binaries
22762 AFS allows long passwords
22766 fixed -u user support
22770 sudo -v now groks VALIDATE_OK_NOPASS
22774 fixed no_passwd vs. runas_matched
22778 took out stuff about NFS-mounting since it is no longer an issue
22782 added --with-libraries > --with-libpath --with-incpath
22786 was setting runas_matches to -1 in wrong place
22790 removed usersec.h which is not present in new AFS versions
22794 now deals with timeout <= 0
22802 BSD/OS >= 2.0 now uses shlicc instead of just gcc
22806 fixed backwards compatibility with sudo 1.4 sudoers mode for root
22807 readable/writable filesystems
22811 now gives INSTALL -c flag
22815 slightly simpler initialization of no_passwd and runas_matches
22819 added -u username support
22823 improved --with-libraries support
22826 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
22829 added --with-incpath, --with-libpath, --with-libraries
22833 now initializes some fields that weren't getting set to -1 pretty
22834 gross -- need a rewrite.
22837 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
22844 no longer add -lPW to *_LIBS since we include alloca.c
22848 added HAVE_ALLOCA_H
22863 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
22866 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
22867 not always set to a valid uid.
22871 fixed entry for SUDO_MODE
22875 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
22876 being set to -2. Now beat NFS to the punch and set uid to "nobody"
22877 ourselves, preserving group 0 to read sudoers.
22881 moved set_perms(PERM_ROOT) to be before yyparse()
22889 no longer need AC_PROG_INSTALL
22893 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
22897 make clean -> make distclean
22900 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
22903 removed some unnecsary if's
22906 * Makefile.in, version.h:
22910 * parse.c, testsudoers.c:
22911 now includes netgroup.h
22915 removed cats of ioctl to int since they didn't shut up -Wall
22919 explicately cast ioctl() to int since it it not always declared
22923 added declarations for yyparse() and yylex()
22927 fixed an occurence of '==' -> '='
22930 * config.h.in, configure.in:
22931 added check for netgroup.h
22935 fixed 2 compiler warnings
22939 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
22943 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
22949 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
22952 fixed a formatting thingie
22955 * parse.c, parse.yacc:
22956 fixed -u support with multiple user lists on a line
22960 unixware needs -lgen
22964 updated ftp location
22968 add net_addr/netmask support
22972 added net_addr/mask example
22975 * parse.c, parse.lex:
22976 added support for net_addr/netmask
22979 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
22985 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
22995 * BUGS, TODO, TROUBLESHOOTING:
23000 updated with examples of new stuff
23008 updated wrt -u and NOPASSWD
23012 updated wrt -u and CAVEATS
23015 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
23022 now use :foo: character classes (makes no diff for generated lexer)
23025 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
23028 fixed LONG_SKEY_PROMPT stuff
23031 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
23038 make more like NetBSD one -- now compiles w/o warnings
23042 fixed decls of lsearch()
23045 * config.h.in, configure.in, getspwuid.c:
23050 hpux 10 uses bigcrypt() if C2
23053 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
23056 now always uses fnmatch to match args
23060 back to using stdio instead of raw i/o since that caused some
23064 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
23067 now give usage warning if use -l,-v,-k with args
23070 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
23073 NewArgc is now set to 1 for -l, -v, -k
23077 now sets sudoers to correct group if mode is 0400
23081 updated to version used by inn and bind
23085 now uses -lgnumalloc if it exists
23089 "make install" now sets uid/gid and mode on sudoers if it exists
23093 rmeoved debugging statements
23097 added a missing free()
23101 now uses user_gid instead of getegid (which was wrong anyway) to set
23102 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
23103 (logging.c depends on args being in the environment)
23107 now uses SUDO_COMMAND envariable to get command args rather than
23108 building it up again.
23116 fixed off by one error in allocation NewArgv
23120 in sudoers, 'command ""' now means command with no args
23124 added check for fnmatch(3) and fnmatch.h
23132 replaced wildcat.* with fnmatch.*
23139 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
23142 now uses fnmatch() instead of wildmat a trailing star (*) by itself
23143 now matches multiple args added support for wildcards in the
23144 pathname in sudoers
23147 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
23150 now includes compat.h and config.h
23154 added HAVE_FNMATCH_H
23158 now checks for alloca() (if needed by bison or dce) and links with
23159 -lPW if it contains alloca() and libv and compiler do not.
23162 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
23166 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
23169 now fixes mode on sudoers if set to 0400 to aid in upgrade
23172 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
23175 fixed pod2man usage
23178 * Makefile.in, configure.in, version.h:
23182 * testsudoers.c, visudo.c:
23183 runas_user is now initialized to "root"
23187 removed PERM_FULL_ROOT
23191 runas_user defaults to "root" so no more need to PERM_RUNAS
23195 will now only running commands as root if there was no runas list
23196 (or if root is in the runas list)
23204 runas_matches is now set to false if we get a negative match
23208 make #uid work + some minor cleanup
23212 added support for NOPASSWD and "runas" from garp@opustel.com /
23216 added support for "runas" from garp@opustel.com replaced
23217 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
23222 added support for "runas" from garp@opustel.com
23226 added support for NO_PASSWD and runas from garp@opustel.com replaced
23227 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
23232 added support for NO_PASSWD and runas from garp@opustel.com replaced
23233 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
23238 added support for NO_PASSWD and runas from garp@opustel.com
23241 * parse.c, parse.lex:
23242 added support for NO_PASSWD and runas from garp@opustel.com
23246 added support for SUDOERS_WRONG_MODE and "runas"
23250 added --with-CC only link with -lshadow on linux (with shadow pw) if
23251 libc lacks getspnam()
23254 * OPTIONS, options.h:
23255 removed NO_PASSWD since it is not possible to do this in the sudoers
23256 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
23257 SUDOERS_GID. Added SUDOERS_MODE.
23261 now uses SUDOERS_UID and SUDOERS_GID
23264 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
23270 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
23273 added double quote support
23277 documented double quoting
23280 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
23287 fixed some indentation
23295 added install-dirs .
23298 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
23301 new version from "Jeff A. Earickson" <jaearick@colby.edu>
23304 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
23307 $CSOPS -> $with_csops (whoops, missed one)
23315 FQHOST now has same constraints as non-FQHOST
23319 added note about OS's w/ shadow passwords turned on by default
23322 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
23329 added support for --without-THING sanitized shadow pw situtation by
23335 fixed a typo wrt placement of an end paren
23339 was closing an fd that may not have been opened
23342 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
23344 * OPTIONS, options.h, sudo.c:
23348 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
23351 now always use shadow pw on some arches
23354 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
23357 added pyramid support
23361 no longer check for C2 if alternate passwd method is used no longer
23362 check for some libs twice
23366 moved fqdn stuff into parse.lex (FQHOST)
23374 now define TCSASOFT in necesary
23378 now uses read/write instead of stdio string goop to avoid problems
23382 * OPTIONS, find_path.c, options.h:
23383 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
23386 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
23389 added note about no shadow auto-detect if using alternate auth
23394 don't check for C2 if AFS or DCE (unless they said --with-C2)
23401 * OPTIONS, find_path.c, options.h:
23405 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
23408 checkdot now works correctly
23411 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
23414 can't have DCE and C2 passwords both...
23417 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
23419 * parse.yacc, sudo.c, sudo.h, visudo.c:
23420 now uses shost even if not FQDN
23424 now looks for skey in /usr/lib and doesn't require libskey to be in
23425 /usr/local/lib just because skey.h is (for my netbsd box :-)
23428 * aclocal.m4, config.h.in, pathnames.h.in:
23429 _SUDO_PATH_ -> _CONFIG_PATH_
23432 * aclocal.m4, sudo.pod:
23433 /var/run/.odus -> /var/run/sudo
23437 now uses _SUDO_PATH_TIMEDIR
23444 * aclocal.m4, configure.in:
23449 added _SUDO_PATH_TIMEDIR
23453 updated wrt /var/run/sudo
23457 added support for shost if FQDN
23460 * parse.yacc, visudo.c:
23461 now uses shost if FQDN
23465 Now use skeylookup() instead off skeychallenge()
23468 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
23471 mail_argv should not contain ALERTMAIL as it includes "-t"
23474 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
23476 * INSTALL, Makefile.in, README, configure.in, version.h:
23481 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
23485 now includes limits.h moved _PASSWD_LEN -> compat.h
23488 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
23506 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
23513 done for 1.4.1 (I hope)
23517 added info on wildcards
23521 added wildcard example
23525 now uses *.pod to build *.man and *.cat & *.html
23529 addedSUDO_PROG_BSHELL !ll
23533 fixed up some formatting
23537 redid section describing sample sudoers stuff
23541 fixed some formatting
23545 now treats "" as bourne shell
23549 TESTOBJS nwo includes wildmat.o
23553 now works with NewArg[cv]
23557 removed an XXX (fixed it in getspwuid.c)
23561 added check for bourne shell
23569 added _SUDO_PATH_BSHELL
23572 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
23575 unixware vi returns 256 instead of 0
23583 fixed up some XXX's. file log format now looks a little more like
23584 real syslog(3) format.
23587 * README, TROUBLESHOOTING:
23588 updated wrt lex/flex
23592 commented out rule to build lex.yy.c from parse.lex since we ship
23593 with a pre-flex'd parser
23596 * parse.c, parse.yacc, visudo.c:
23597 path_matches -> command_matches
23601 eliminated some strcat()'s
23605 no longer checks for lex/flex (now assumes flex)
23609 now checks for $kerb_dir_candidate/krb.h instead of just
23613 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
23616 now use a 'hook' expression instead of an iffy one :-)
23619 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
23622 now works with new sudo arg stuff
23626 fixed dereferencing deadbeef
23630 changed an occurrence of Argv to NewArgv
23634 took out support for quoted commands since there is no need...
23638 fixed a typo in a for() loop
23642 protected against dereferencing rogue pointers
23646 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
23647 also allows us to eliminate some kludges in parse_args() and
23648 eliminate superfluous code.
23652 no longer uses cmnd_args, now uses NewArgv instead.
23656 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
23661 added wildmat.c to SRCS & SUDOBJS
23665 COMMAND is now a struct containing the path and args
23669 replaced append() with fill_cmnd() and fill_args. command args from
23670 a sudoers entry are now stored in an arrary for easy matching.
23674 command line args from sudoers file are now in an array like ones
23675 passed in from the command line
23678 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
23681 wildwat stuff now works
23684 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
23691 ++version added wildmat.*
23694 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
23697 added support for quoted commands (w/ or w/o args)
23700 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
23702 * sudo.pod, visudo.pod:
23703 cleaned up formatting
23706 * sudo.pod, visudo.pod:
23710 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
23713 looks reasonable, could be mroe readable
23720 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
23727 updated NO_ROOT_SUDO entry
23730 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
23733 *** empty log message ***
23734 [5b63de579ff7] [SUDO_1_4_0]
23745 AIX aixcrypt.exp now uses $(srcdir)
23749 added entry for anal ansi compilers
23752 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
23755 added info on libcrypt_i for SCO
23759 *** empty log message ***
23774 * INSTALL, OPTIONS, README, config.h.in, configure.in:
23779 ++version and fixed ISC
23782 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
23783 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
23784 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
23785 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
23791 added STUB_LOAD_INTERFACES ++version
23794 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
23800 added info about fd_set in tgetpass added info on interfaces.c
23803 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
23814 tgetpass.o is now only linked in with sudo (not visudo)
23817 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
23819 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
23825 added copyright notice
23828 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23829 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23830 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
23831 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
23832 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
23837 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
23841 ISC now gets -lcrypt now check for sys/bsdtypes.h
23845 added check for sys/bsdtypes.h
23848 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
23851 removed debugging stuff (setting freed ptr to NULL)
23863 added section on syslog
23867 added AC_ISC_POSIX for better ISC support
23875 added define for _POSIX_SOURCE
23878 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
23881 fixed check for lsearch()
23884 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
23887 fixed for AIX now deal if num_interfaces == 0 (should not happen)
23890 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
23893 now only define HAVE_LSEARCH if there is a corresponding search.h
23900 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
23903 now define HAVE_LSEARCH if we find lsearch() in libcompat
23907 char * -> const char *
23911 now looks in -lcompat for lsearch()
23915 remove sudo.core visudo.core for clan target
23919 added UID_MAX support in check for MAX_UID_T_LEN
23923 fixed another occurence of sudo_getpwuid.*
23926 * Makefile.in, getspwuid.c:
23927 sudo_getpwuid.c -> getspwuid.c
23934 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
23935 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
23936 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
23937 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
23938 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
23939 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
23940 version.h, visudo.c:
23945 added group support
23953 documented group support
23956 * parse.c, parse.lex, parse.yacc, visudo.c:
23957 added group support
23960 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
23963 tkfile was too short and overflowed the kerberos realm
23966 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
23969 now copy command args directly from Argv
23973 replaced code to copy cmnd_args so that is does not use realloc
23974 since most realloc()'s really stink
23977 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
23980 syslog() fixed in hpux 10.01
23983 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
23986 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
23990 better error if cannot find skey incs or libs
23994 now use a temp file for determining max len of uid_t in string form.
23995 the old hacky way broke on netbsd
23999 added set of parens and a space
24002 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
24005 fixes from Jeff Earickson <jaearick@colby.edu> ,
24013 fixed up testsudoers target
24017 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
24018 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
24022 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
24026 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
24029 fix for C2 on hpux 10 now uses -linet if it exists
24033 LONG_SKEY_PROMPT is less of a klusge /
24037 fixed typos w/ dce stuff
24044 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
24047 amended section on combining authentication mechanisms
24051 minor updates for 1.3.6
24055 added 2 more entries
24067 rewrote for sudo 1.3.6
24074 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
24076 * find_path.c, getspwuid.c, sudo.c:
24077 added explict casts for strdup since many includes don't prototype
24082 removed prototype for sudo_getpwuid() since convex C compiler choked
24087 added prototype for sudo_getpwuid()
24091 now compiles on strict ANSI compilers
24095 added LONG_SKEY_PROMPT support
24099 added extra $'s for make to eat up, yum.
24102 * OPTIONS, options.h:
24103 added LONG_SKEY_PROMPT
24106 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
24109 s/key support now works with normal s/key as well as logdaemon
24112 * OPTIONS, options.h:
24117 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
24121 added DCE note added more AIX notes
24125 now include pthread.h for DCE support
24129 dce_pwent() is ok after all .,
24133 now uses SYSLOG() macro that equates to either syslog() or
24138 minor formatting changes. renamed check() to somthing less generic
24141 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
24143 now uses user_pw_ent and simple macros to get at the contents
24146 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
24149 simpler dec unix C2 support
24153 now sets crypt_type for DEC unix C2
24156 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
24159 added csops paths for skey
24163 now includes string.h for strdup() prototype
24171 now includes skey.h
24179 moved a lot of the shadow passwd crap to sudo_getpwuid()
24183 now uses sudo_pw_ent
24187 now uses sudo_pw_ent
24191 now sets sudo_pw_ent
24199 moved dce stuff into compat.h
24202 * logging.c, sudo.h:
24203 now uses sudo_pw_ent
24207 added sudo_getpwuid.c
24215 now uses sudo_pw_ent
24218 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
24221 fixed exempt_group stuff for OS's that don't put base gid in group
24226 S/Key support now works with sunos4 shadow passwords
24233 * config.h.in, configure.in:
24242 first stab at dce support
24246 now smells like sudo
24254 skey'd sudo now works w/ normal password as well
24257 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
24259 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
24260 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
24261 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
24262 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
24263 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
24264 version.h, visudo.c:
24265 updated version number
24269 updated to reflect version change
24273 --with options now line up ++version
24277 removed unecesary S/Key stuff
24281 fixed S/Key support
24285 -I stuff now goes in CPPFLAGS
24297 fixed description of EXEMPTGROUP
24301 more people use _RLD_ than just alphas...
24305 replaced $man_prefix with $mandir
24313 now use more GNU'ish dir names
24317 now set *dir correctly (can override from command line)
24321 now deal with situations where we getwd() fails
24324 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
24327 added etc_dir, bin_dir, sbin_dir
24335 now ship a flex-generated lex.yy.c
24339 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
24343 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
24347 no more error for redefining SUDOERS_OWNER
24351 expanded SUDOERS_OWNER section
24354 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
24357 now warn if chown(2) failed
24361 better default warning for NO_SUDOERS_FILE
24365 added missing set_perms() no more cryptic message if the sudoers
24366 file is zero length, now just give a parse error
24370 better diagnostics if NO_SUDOERS_FILE
24374 check_sudoers() now catches sudoers files that are not readable (but
24378 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
24381 now add -D__STDC__ for convex cc (not gcc)
24385 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
24389 now uses exec_prefix & prefix from configure
24392 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
24393 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
24395 options.h is now <> instead of "" so shadow build trees can have a
24396 custom copy of options.h
24400 user_is_exempt() is no longer a hack, it now uses getgrnam()
24404 EXEMPTGROUP is now "sudo"
24408 MAN_POSTINSTALL now contains a leading space
24412 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
24413 testsudoers in clean:
24417 includes pwd.h to get _PASSWD_LEN definition
24420 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
24423 unset the KRB_CONF envariable if using kerberos so we don't get
24424 spoofed into using a bogus server
24427 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
24430 now explicately initialize match[] tp be FALSE
24433 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
24436 removed unused variable now passes -Wall
24440 yyerror and dumpaliases are now void's now passes -Wall
24444 added prototype for yyerror
24447 * check.c, logging.c, parse.c:
24452 rmeoved unused cruft now passes -Wall
24456 fixed headers that moved to emul dir
24460 fixed deref of nil pointer if no args
24463 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
24466 added a caveat to FQDN section
24469 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
24472 more $srcdir support for install targets
24475 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
24476 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
24477 don't include malloc.h if we include stdlib.h
24481 local search.h now lives in emul
24484 * check.c, utime.c:
24485 local utime.h now lives in emul dir
24489 local search.h now lives in emul
24493 added support for building in other than the sourcedir
24496 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
24499 annotated CSOPS_INSULTS option
24503 updated shadow passwords blurb
24507 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
24508 passes along foo as the arguments
24511 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
24514 collapsed pathname and dir sections into one -- its now less
24519 fixed spacing quoting [,:\\=] now works correctly append() and
24520 fill() now take args to make the above work
24524 fixed a typo that caused commands with no tty on fd 0 but a tty on
24525 fd 1 to erroneously have "none" as their tty
24528 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
24531 timestampfile is now a global static removed decl of timestampfile
24532 in remove_timestamp since we can just use the global one
24536 created touch() to update timestamps added USE_TTY_TICKETS support
24541 added _S_IFDIR and S_ISDIR
24544 * OPTIONS, options.h:
24545 added USE_TTY_TICKETS
24549 removed const from casts for lsearch() & lfind() to placate irix 4.x
24553 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
24556 now only strip '/dev/' off of a tty if it starts with '/dev/'
24564 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
24569 fixed incorrect #ifdef termio uses "unsigned short" not int for
24573 * parse.lex, parse.yacc:
24574 fixed a spelling error
24581 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
24588 added dotcat() to cat 2 strings w/ a dot effeciently now that we
24589 dynamically allocate strings they need to be free()'d
24593 dynamically allocates space for strings
24597 no more MAXCOMMANDLENGTH
24604 * logging.c, sudo.c:
24605 moved tty stuff into sudo.c
24608 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
24611 fixed a logic bug. Was denying a command if user gave command line
24612 args but there were none in the sudoers file which is wrong.
24616 MAXCOMMMANDLEN dropped down to 1K
24620 return foo; -> return(foo);
24624 fixed netgr_matches() prototype
24628 added support for escaping "termination" characters
24632 buf is now of size MAXPATHLEN+1 since it never holds command args
24640 fixed negation problem (doh!)
24644 fixed 2nd parameter to lfind()
24648 now do bounds checking in fill() and append()
24652 include netdb.h as we should added a missing void cast added
24653 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
24654 realloc actually moved the string instead of shrinking it
24658 updated with examples of new features
24662 now set errno to EACCES if not a regular file or not executable
24666 if given a fully-qualified or relative path we now check it with
24667 sudo_goodpath() and error out with the appropriate error message if
24668 the file does not exist or is not executable
24671 * emul/search.h, lsearch.c:
24672 now use correct args for lfind
24680 added in CSOps insults
24692 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
24696 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
24700 fixed -k load_interfaces() now gets called if FQDN is set
24701 -p now works with -s
24705 don't try to stat() "pseudo commands" like "validate"
24709 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
24713 added SecurID support added other insults to --with-csops
24721 added clobber target added ins_csops.h now gets CFLAGS from
24726 relaxed SUDO_FULL_VOID
24730 function comment blocks are now in same style as rest of code
24734 added support for command line args in /etc/sudoers
24738 updated to have command args in the sudoers file
24742 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
24745 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
24748 PATH renamed to COMMAND
24752 it is now a parse error for directories to have args attached to
24757 now say command args if telling user to buzz off
24761 -s no longer indicates end of args sped up loading on cmnd_args in
24766 removed an unreachable statement
24770 made more efficient by pulling out the terminators when in GOTCMND
24771 state and making them their own rule
24774 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
24777 removed MAXLOGLEN since it is no longer used
24781 now allows command args
24785 now groks command arguments
24789 now sets tty correctly when piped input
24793 fixed loading of cmnd_args (was including command name too)
24797 fixed a core dump due to incorrect if construct
24800 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
24803 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
24807 fixed check for ISC
24811 now sets cmnd_args used by log_error() and that will be used by the
24812 parse to check against command args
24820 now dynamically allocate logline since we can guess at its size
24823 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
24826 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
24827 "register" since the compiler knows more than I do now do a
24828 "basename" of the tty
24831 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
24838 added shell extern changed MODE_* to be bit masks to allow for
24839 several options together
24843 added -s (shell) option made MODE_* masks so we can do bitwise & and
24844 | to see if multiple flags are set.
24848 added securid support
24851 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
24854 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
24857 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
24859 * Makefile.in, version.h:
24863 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
24866 fixed free() of an uninitialized pointer (yuck)
24870 added netgr_matches
24874 cleaned up netgr_matches
24877 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
24883 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
24886 now installs sudoers.man -- really should clean this up though.
24890 added sudoers.cat and sudoers.man
24894 pulled out stuff on the sudoers file format into a separate man page
24902 fixed up my email address
24906 added checks for innetgr and getdomainname
24910 added dummy netgr_matches function
24914 added netgr_matches
24917 * parse.lex, parse.yacc:
24918 added NETGROUP support
24922 added HAVE_INNETGR & HAVE_GETDOMAINNAME
24925 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
24928 rewrote clean_env() that has rm_env() builtin
24931 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
24934 now cast uid to long in sprintf
24938 added _INSULTS suffix to HAL & GOONS end
24942 added _INSULTS suffix to HAL & GOONS
24945 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
24946 converted to new scheme of insult "unions" end
24950 now uses MAX_UID_T_LEN
24954 added SUDO_UID_T_LEN !l
24958 added MAX_UID_T_LEN
24962 now use MAX_UID_T_LEN
24966 added check for max len of uid_t fixed sco vs. isc check
24969 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
24980 hack to check for sco
24984 removed #include <net/route.h> since it was hosing some OS's
24987 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
24990 fixed prreadlink() prototype
24994 added parens in #if's
25002 moved SPW_* to config.h.in
25006 added a set of parens
25014 added SPW_* reordered error codes
25018 moved SPW_* to sudo.h
25021 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
25024 SPW_AUTH -> SPW_SECUREWARE
25028 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
25036 SPW_AUTH -> SPW_SECUREWARE
25040 now uses SHADOW_TYPE to make shadow pw support more readable and
25041 modular. It's a start...
25045 added autodetection of shadow passwords
25049 now uses SHADOW_TYPE define
25053 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
25057 added SUDO_CHECK_SHADOW
25060 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
25063 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
25064 memmove() since we dno longer use it...
25072 added BROKEN_SYSLOG support
25076 added BROKEN_SYSLOG
25080 now only bitch it timestamp > time_now + 2 * timeout to allow for a
25081 machine udpating its time from a server
25085 added 2 security notes updated Nieusma's email addr
25089 changed a memmove() to memcpy() since we don't have to worry about
25090 overlapping segments.
25093 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
25096 cleanup up the loop when interfaces are groped in so that it is
25100 * Makefile.in, version.h:
25104 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
25110 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
25113 fixed permissions check on /tmp/.odus
25116 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
25119 fixed some comments
25123 now checks owner & mode of timedir also checks for bogus dates on
25128 updated TIMEOUT info
25131 * logging.c, sudo.h:
25132 added BAD_STAMPDIR and BAD_STAMPFILE
25136 added definition of S_IRWXU
25143 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
25146 added #ifdef to make it compile on strange arches
25149 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
25152 fixed check for fulkl void impl.
25156 added mssing "static"
25160 replaced #elif with #else #if constructs for ancient C compilers
25164 updated irix c2 & kerb5 info
25168 added shadow pw support for irix
25171 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
25178 last changes for sudo 1.3.3
25182 now calls SUDO_SOCK_SA_LEN
25190 added SUDO_SOCK_SA_LEN
25194 now works with ip implementations that use sa_len in sockaddr
25198 added note about buggy AIX compiler
25202 now include sys/time.h for AIX
25205 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
25212 now works for ISC and others. yay.
25215 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
25217 * Makefile.in, version.h:
25221 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
25224 fixed test for full void impl
25228 now check to see that st_dev is non-zero before assuming that we are
25232 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
25234 * aclocal.m4, configure.in:
25235 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
25238 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
25241 fixed include file order for SUDO_FUNC_UTIME_POSIX
25245 added cast for ttyname()
25253 now deal correctly with all known variation of utime() -- yippe
25257 added SUDO_FUNC_UTIME_POSIX
25261 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
25265 added HAVE_UTIME_POSIX
25273 no longer assume !HAVE_UTIME_NULL means old BSD utime()
25277 fixed fascist C compiler warning
25281 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
25282 to 0 (just to be anal)
25285 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
25288 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
25296 reworked the ISC code
25299 * Makefile.in, version.h:
25304 now expect old-style utime(3) if utime() can't take NULL as an arg
25308 added check for utime.h
25316 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
25320 now search for kerb libs and includes
25324 added support for utime(2)'s that can't take a NULL parameter
25328 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
25332 added utime(s) stuff
25340 added HAVE_UTIME and HAVE_UTIME_NULL
25343 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
25346 now use HAVE_UTIME_NULL
25349 * emul/utime.h, utime.c:
25354 need to setuid(0) to make kerb4 stuff work.
25358 no more special case for kerberos
25362 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
25367 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
25372 now use private ticket file for kerberos support to avoid trouncing
25376 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
25379 added SPOOF_ATTEMPT & cmnd_st
25383 added anti-spoofing support
25387 now use global cmnd_st
25391 added SPOOF_ATTEMPT suypport
25394 * testsudoers.c, visudo.c:
25395 added void casts where appropriate
25399 fixed up spacing and added void casts where appropriate
25403 fixed problem with "-p prompt" but no args
25406 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
25409 added BUGS and annotated -l description
25413 validate() now takes a flag
25417 validate() now takes a flag added -l
25421 added support for -l
25425 validate() now takes a flag that says whether or not to check the
25429 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
25432 now deals with Argv == 1
25440 added prompt support reworked parse_args()
25452 now use BUFSIZ as length of kerb password added kpass so pass is
25453 always a char * now use prompt global when asking for a password
25457 now use BUFSIZ as _PASSWD_LEN if using kerberos
25464 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
25467 only look for -lufc or -lcrypt if crypt() not in libc
25471 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
25472 (unknown user) silently fail
25480 HAVE_KERBEROS -> HAVE_KERB4
25484 removed debugging printf
25488 KERBEROS -> KERB4 added checks for setreuid & setresuid
25492 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
25496 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
25497 with setresuid if applic
25501 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
25502 no setreuid() or a broken one
25505 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
25508 added kerberos support
25512 added HAVE_KERBEROS
25516 added KERBEROS support (long passwords)
25520 added kerberos support
25523 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
25526 added MODE_BACKGROUND
25530 escaped dashes added -b option
25538 added crypt() for osf/1 3.x enhanced secuiry
25542 now check for -lcrypt
25546 added ENXIO like EADDRNOTAVAIL
25549 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
25552 now emulate getwd(), not getcwd()
25556 getcwd() -> getwd()
25563 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
25565 * ins_2001.h, ins_classic.h, ins_goons.h:
25570 broke out insults into separate include files
25573 * OPTIONS, options.h:
25578 added ins_2001.h ins_classic.h ins_goons.h
25581 * Makefile.in, version.h:
25586 moved signal handler setup to setup_signals()
25590 added load_interfaces()
25594 moved load_interfaces to interfaces.c
25601 * OPTIONS, options.h:
25606 now uses clearaliases variable
25614 added interfaces.[co]
25618 now uses ip addrs and netmasks via load_interfaces()
25622 now remove IFS instead of setting to "sane" value
25625 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
25631 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
25634 sudo_goodpath.c-> goodpath.c
25638 added Andy's new ISC changes
25641 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
25644 added a sentence to SECURE_PATH info
25659 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
25665 * Makefile.in, version.h:
25670 sendmail is now looked for in
\17/usr/ucblib
25686 added unixware case
25690 user_is_exempt is no longer hidden
25698 isc and riscos changes
25702 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
25706 fixed a typo and added testsudoers stuff
25713 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
25716 applied fixed patch from Chris
25719 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
25726 added a set of braces for bison
25730 merged in Chris' changes to dekludge the parser.
25734 send_mail() was calling find_path() which is wrong since find_path()
25735 stores cmnd in a static var. Anyhow, it doesn't make much sense
25736 since MAILER should always be fully qualified
25739 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
25742 added User_Alias stuff
25746 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
25750 added DEC UNIX 3.0 w/ gcc
25754 Exit was being used in places where exit should be used
25758 added "User alias specification"
25762 fixed probs caused by making nslots and naliases a size_t
25766 added KSR, upped rev to 1.3.1b2
25769 * logging.c, parse.yacc:
25774 void * -> VOID * naliases and nslots are now size_t to appease
25775 lsearch on 64-bit machines
25778 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
25781 did a bunch of things and added a bunch :-)
25789 closer to BSD manpage style
25793 closer to standard BSD man format
25796 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
25797 pathnames.h.in, sudo.h, version.h:
25802 removed crufty #defines that are no longer used
25810 updated based on sudo changes
25814 now allow ALL keyword in User_Aliases now allow ALL keyword as well
25823 now sets SUDO_COMMAND and SUDO_GID envariables.
25827 fixed bug with full void impl check
25831 fixed User_Alias supoprt
25835 added stubs for User_Alias support
25839 now sets removes # bogus interfaces from num_interfaces
25843 added User_Alias support
25846 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
25849 removed extraneous TODO
25852 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
25855 ntwk_matches -> addr_matches
25859 ntwk_matches -> addr_matches
25863 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
25864 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
25869 took out debugging info
25873 OS was being set to unknown before non-uname based host checks.
25874 This caused no checks to happen since $OS was not zero-length.
25878 fixed loading of interfaces struct still has debugging info in
25886 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
25897 removed extraneous extern decl of "top
25905 removed parser_cleanup (no need for it now)
25909 now calls reset_aliases() directly
25912 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
25915 added a sentence to SECURE_PATH description
25919 fixed my stupid bug where I used NAMLEN on something I wanted to
25920 just get the name from. argh.
25923 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
25926 fixed argument order of memmove() that i hosed when converting from
25931 finally fixed DISTFILES line
25939 added missing files to DISTFILES
25943 SUPPORTED -> RUNSON
25946 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
25953 updated for pl5b1 release
25961 fixed bug where if you hit return at first sudo prompt it would
25962 still log as a failure
25970 better test for bogus void * implementation
25974 added PASSWORDS_NOT_CORRECT
25978 added PASSWORDS_NOT_CORRECT stuff]
25982 added PASSWORDS_NOT_CORRECT
25990 removed some unused vars and fixed up uid2str
25997 * getcwd.c, getwd.c:
26001 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
26004 fixed a typo I introduced in the last checkin :-(
26008 can't have #ifdef's where N is defined so just do this the broken
26013 better hack from Chris (but still a hack)
26017 stupid hack for broken aix lex
26021 now includes compat.h
\ 6
26025 now includes fcntl.h
26029 added FD_SET and FD_ZERO for 4.2BSD
26033 dirty hack to fix parser bug. i don't really like this but it works
26038 uid2str is now static like the prototype says
26041 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
26043 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
26052 check_sudoers now returns an error code and sudo calls inform_user
26053 and log_error based on the return value.
26056 * logging.c, sudo.h:
26057 added entries for new errors
26061 now set uid to that of SUDOERS_OWNER while parsing sudoers file
26065 took out testsudoers
\ 6
26069 now explicately checks that it is setuid root
26073 If a user has no passwd entry sudo would segv (writing to a garbage
26074 pointer). Now allocate space before writing :-)
26078 reordered AC_CHECK_FUNCS
26085 * tgetpass.c, visudo.c:
26090 bzero -> memset when a parse error is logged the line number of the
26091 error is now logged too
26095 added Sunos to blurb about c2 security
26099 added a SUN4 define for C2 security
26103 bcopy -> memmove bzero -> memset
26107 bcopy -> memmove char * -> VOID *
26111 added support for sunos with C2 security
26114 * OPTIONS, options.h:
26119 _PATH_SUDO_LOGFILE now set based on configure
26123 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
26127 added _SUDO_PATH_LOGFILE
26131 added SUDO_LOGFILE to find where to put sudo.log added
26132 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
26133 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
26136 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
26143 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
26144 to work around a problem is trusted hpux shadow passwords. yuck.
26148 backed out a change in malloc/realloc
26152 now include stdlib.h
26156 now do an freopen() of the stmp file so that yyin will always point
26157 to the same thing. This is important for flex since we are doing a
26162 replaced yywrap() with parser_cleanup() since yywrap() needs to be
26163 in parse.lex to be able to use YY_NEW_FILE. sigh.
26167 now have a rule that matches anything that doesn't match an
26168 explicite rule. well, you know what i mean (. matches anything not
26169 yet matched). However, this means that there is input still queued
26170 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
26171 into parse.lex and it calls parser_cleanup() which is most of the
26179 * getcwd.c, getwd.c:
26180 moved compat.h to be the last include file
26184 fixed type of aliascmp() args
26192 added casts to lfind and lsearch args for irix
26196 bsdinstall -> install-sh
26200 added info about make realclean
26204 updated VERSION added dependencies for visudo.cat
26216 now there is a real visudo.man and visudo.cat
26220 took out visudo stuff
26227 * parse.c, parse.lex, parse.yacc:
26236 updated Nieusma & Hieb email addresses
26240 updated to include options.h and OPTIONS
26248 eliminated bug #1 (yay)
26252 sunos no longer gets linked statically
26255 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
26258 prototype now uses __P()
26262 make fill() non-ansi
26266 made -v (validate) work
26274 don't check for execute/statable if fq or relative path given
26282 now include ctype.h for islower and tolower macros
26286 moved _S_IFMT & _S_ISREG to compat.h
26290 moved a set of parens
26294 now include compat.h
26302 now cast malloc & realloc return vals added search for HAVE_LSEARCH
26303 now use strcmp if no strcasecmp available
26311 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
26312 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
26316 added _S_IFMT, _S_IFREG, and S_ISREG
26320 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
26321 to most SUDO_* macros
26329 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
26330 AC_INSTALL_PROG instead of custom one added check for fully woorking
26331 void implementation
26335 added lsearch & search.h visudo links into $(LIBOBJS)
26339 partial 1.x to 2.x changes added SUDO_FULL_VOID
26343 whatnow_help was prototyped to be static be was not declared as
26348 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
26349 for dirent/dir/ndir.h
26353 now use groovy gnu autoconf macro AC_HEADER_DIRENT
26356 * getcwd.c, getwd.c:
26357 MAXPATHLEN -> MAXPATHLEN+1
26360 * emul/search.h, lsearch.c:
26364 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
26367 eliminated bison warnings
26375 now iincludes signal.h
26379 only clear data structures on a parse error
26383 whatnow() now gives help on invalid input
26387 added a whatnow() function (sort of like mh)
26391 kill_aliases -> reset_aliases yywrap() now cleans up by calling
26392 reset_aliases() and clearing top took reset stuff out of yyerror()
26393 since it doesn't beling there (and doesn't work anyway). errorlineno
26394 is now initially set to -1 so we can set it to the first error that
26395 occurrs (it was getting set to the last)
26403 rewrote from scratch based on 4.3BSD vipw.c
26406 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
26413 no more sudo_realpath() and find_path() changed params
26417 find_path() changed since no more realpath()
26421 on error, errorlineno is set to the line where the error occurred
26422 added kill_aliases() to free the aliases struct now clean up in
26423 yyerror() so we can reparse cleanly
26426 * options.h, parse.c:
26427 no more USE_REALPATH
26431 changed to use new find_path()
26435 removed all the realpath() stuff
26439 sudo_realpath.c -> sudo_goodpath.c
26443 now works correctly with utk parser
26451 eliminated a compiler warning
26455 elinated compiler warning
26459 added sudo_goodpath()
26463 added prototype for sudo_goodpath
26467 added support for /sys/dir.h
26471 USE_REALPATH turned off
26475 added calls to sudo_goodpath()
26479 added check for dirent.h
26483 added HAVE_DIRENT_H
26487 added in linux shadow pass stuff
\ 6
26490 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
26493 added back host, user, cmnd, parse_error
26497 added in utk changes plus some minor cosmetic changes
26500 * sudo.c, sudo_realpath.c:
26501 added void casts for printf's
26505 added a define of USE_REALPATH
26509 there is no more visudoers/Makefile
26513 added in utk changes (visudo is now built from the toplevel)
26517 added (void) casts to printf's
26520 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
26521 merged in utk changes
26524 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
26527 now check to see that what we are trying to run is a file (or a link
26528 to a file, we do a stat(2) so there is no diff)
26531 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
26538 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
26542 added myself as maintainer
26545 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
26548 changed setegid -> setgid
26551 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
26554 fixed the test for irix 5.x to skip bad libs
26558 now initialize OS and OSREV
26561 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
26568 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
26572 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
26575 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
26576 thing wrt yyrestart (grrrr)
26579 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
26582 added visudoers/compat.h to DISTFILES
26590 added ocmnd declaration adjusted for find_path()'s new parameters
26594 added ocmnd extern adjusted find_path() prototype
26598 cmndcmp() now takes 3 arguments and checks against the qualified as
26599 well as the unqualified pathname. more code that should use
26600 cmndcmp() but did not, now does
26608 changed to use new find_path() parameter passing
26612 find_path() now takes 2 copyout parameters (one for the qualified
26613 pathname and one for the unqualified pathname). The third parameter
26618 no longer munge pathnames.h
26622 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
26623 as a result, pathnames.h does not need to be run through configure
26624 and the user can override the configured values easily.
26628 added _SUDO_PATH_* entries
26632 _PATH* -> _SUDO_PATH_*
26636 updated DISTFILES and HDRS .o's now depend on config.h
26639 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
26642 removed extraneous #endif
26650 added SUDO_PROG_MV added riscos and isc os types took out
26651 -DSHORT_MESSAGE from --with-csops since it is now the default
26655 move the include of id.h to compat.h now includes options.h
26659 moved compatibility #defines to compat.h
26667 move __P to compat.h
26670 * getcwd.c, getwd.c, putenv.c:
26671 now includes compat.h
26678 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
26681 pull user-configurable stuff out and put in options.h
26684 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
26686 * parse.lex, parse.yacc, visudo.c:
26687 now includes options.h
26690 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
26692 now includes options.h
26696 added visudoers/options.h
26699 * OPTIONS, options.h:
26704 added OPTIONS and options.h
26708 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
26712 changed PASSWORD_TIMEOUT to minutes
26715 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
26718 now only do Editor +line_num if line_num != 0
26721 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
26724 now use mv if rename(2) fails
26735 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
26738 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
26741 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
26744 added mips & isc support
26748 added support for non-root owned sudoers file
26752 added exempt group support
26756 added set_perms() support added SUDOERS_OWNER so can have non-root
26757 own sudoers file added exempt group support added isc support
26761 now copy sudoers to temp file via read/write (not stdio) now chown
26762 new sudoers file to SUDOERS_OWNER
26765 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
26776 fixed typo added set_perms support added skey support added
26777 seteuid()/setegid() emulation for AIX
26781 be_* -> setperms() now check to make sure sudoers file is owned by
26782 root nread/write by only root
26785 * logging.c, parse.c:
26790 be_* -> set_perms() added skey support
26793 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
26803 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
26813 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
26819 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
26834 now bail if ARgv[1] > MAXPATHLEN
26838 added function check for tcgetattr(3)
26842 only define HAVE_TERMIOS_H if you have tcgetattr(3)
26846 added check for tcgetattr
26849 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
26855 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
26858 now only include unistd.h for linux
26861 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
26864 added visudo.8 generation
26868 added -Wl,-bI:./aixcrypt.exp to aix flags
26871 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
26882 added mailing list info
26886 now use sudolineno instead of yylineno fixed bison warnings
26890 now use -no_library_replacement for osf don't make a static binary
26895 added string.h/strings.h inclusion
26903 added inclusion of string.h/strings.h
26907 fixed uname | sed (needed to quote the '[')
26911 replaced yylineno with sudolineno fixed bison syntax errors
26915 changed yylineno to sudolineno since yylineno cannot be counted
26924 added code to support command listings
26928 added code for -l flag
26932 fixed typo added info for -l flag
26936 AC_SSIZE_T -> SUDO_SSIZE_T
26951 * find_path.c, sudo_realpath.c:
26952 readlink() is now declared as returning ssize~_t
26956 added -laud for OSF c2
26959 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
26961 * Makefile.in, visudo.c:
26962 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
26965 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
26966 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
26969 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
26970 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
26971 sudo_setenv.c, tgetpass.c, version.h:
26972 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
26975 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
26986 added host to alertmail messages
26994 fixed logging problem where mail would not say which user it was
26998 added -laud for gcc if osf & c2
27002 moved set_auth_parameters to sudo.c
27006 added set_auth_parameters for osf
27010 cleaned up -static stuff
27022 changed setenv() to sudo_setenv()
27038 added osf auth support & removed some extra spaces
27041 * INSTALL, SUPPORTED:
27045 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
27048 added 2 suggestions
27052 removed README.v1.3.1 and added VERSION stuff
27059 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
27070 mention HISTPRY file
27074 use sizeof instead of a constant in 1 place
27093 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
27097 [7dfbb4a810bb] [SUDO_1_3_1]
27104 added unistd.h include
27107 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
27110 added sys/time.h for AIX
27113 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
27116 added check for -lsocket and sys/sockio.h
27120 took out libshadow check and added in sys/sockio.h check
27124 now include sockio.h instead of ioctl.h if it exists "sudo -" now
27125 gets a better error message
27129 now has a dir and subnet entry
27132 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
27143 added network and ip addresses to man page
27147 no error if can't get interfaces or netmask since networking may not
27152 nwo check for interfaces == NULL
27156 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
27157 the last entry in the spec failed (ie: it was only looking at the
27158 last entry). CLeaned things up by adding the cmndcmp() function--all
27166 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
27169 now do two passes to skip bogus interfaces (lo0, etc)
27172 * parse.lex, parse.yacc, visudo.c:
27173 added include of netinet/in.h
27176 * logging.c, sudo_realpath.c, sudo_setenv.c:
27177 added ninclude of netinet/in.h
27180 * check.c, find_path.c, getcwd.c, getwd.c:
27181 added include of netinet/in.h
27189 added interfaces global
27193 now uses new interfaces global
27197 now ip addresses are gleaned fw/o dns
27200 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
27203 added load_ip_addrs() to load the ip_addrs global var
27207 added hostcmp() to compare hostnames, ip addrs, and network addrs
27211 added ip_addrs def added load_ip_addrs prototype
27214 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
27221 removed multiple entries in DISTFILES
27225 ansified the !STDC_HEADERS decls
27228 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
27229 don't do malloc decl if gnuc
27233 can't use getopt(3) since it munges args to the command to be run as
27234 root don't do malloc decl if gnuc
27237 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
27238 sudo_realpath.c, sudo_setenv.c:
27239 ansi-fied !STDC_HEADER function prottypes
27242 * getcwd.c, getwd.c:
27243 added missing paren
27247 added putenv.c to DISTFILES
27251 added params to func decls when STDC_HEADERS is not defined now can
27252 count on putenv() being there
27256 took out errno decl since sudo.h does it for us fixed up a next cc
27257 warning added params to func decls when STDC_HEADERS is not defined
27261 took out environ extern added local declaratio of putenv() if local
27265 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
27266 added params to func decls when STDC_HEADERS is not defined
27270 added memcpy check check to see that ansi vs bsd macros are ntot
27271 already defiend before defining (ie: avoid redefinition)
27275 removed fluff setenv check plus check w/ replace for putenv if also
27283 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
27290 rm'd s realp[ath added sudo_realpath and sudo_setenv
27294 now use sudo_setenvc
27298 added puteenv and setenv, removed realpath
27302 added putenv & setenv
27313 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
27316 added MAN_POSTINSTALL and /usr/share/catman for irix
27320 added MAN_POSTINSTALL
27328 added SUDO_* plus new options
27336 took out shadow lib
27344 now use yyrestart() if flex now reset yylineno to 0
27348 support for installing a cat page instead of a man page if no nroff
27352 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
27353 to determine whether or not to install a cat or man page
27361 not set ret to MODE_RUN initially
27365 made command (and therefor cmnd dynamically allocated)
27377 changed bufs from MAXPATHLEN to MAXPATHLEN+1
27381 added MODE_ removed validate_only and added remove_timestamp()
27385 usage() now takes an int (exit value) added parse_args() to parse
27386 command line arguments moved call to find_path() from load_globals
27387 to new function load_cmnd() removed validate_only global -- now use
27388 the concept of "modes" added -h and -k options
27392 no longer use global validate_only now checks for command called
27393 "validate" removed check for non-fully qualified commands since that
27394 is done by find_path
27398 changed MAXPATHLEN r to MAXPATHLEN+1
27402 fixed off by one error with MAXPATHLEN and fixed a comment
27406 check_timestamp no longer runs reminder(), it is implied in the
27407 return val added remove_timestamp()
27414 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
27428 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
27431 moved send_mail to after syslog
27435 now set SUDO_ envariables
27438 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
27445 now print error if chdir fails
27452 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
27459 no more static binaries for aix
27462 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
27469 took out stuff not needed for sudo now does be_root/be_user itself
27470 now uses cwd global
27477 * logging.c, sudo.c:
27478 be_root/be_user is now down in sudo_realpath()
27481 * logging.c, sudo.h:
27482 now works with 4.2BSD syslog (blech)
27486 now use sudo_realpath()
27490 took out realpth() stuff since we now use sudo_realpath()
27494 ultrix enhanced sec
27498 added ultrix enhanced sec.
27506 ultrix enhanced security suport
27510 added sudo_realpath.c
27518 increased passwd len to 24 for c2 security
27525 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
27528 now use user global var
27535 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
27542 user is now a char * added epasswd
27546 added tzset() to load_globals added epasswd (encrypted password)
27547 global made user dynamically allocated
27559 cleaned up encrypted passwd grab somewhat
27575 can now log to both syslog & a file
27599 removed AFS stuff :-)
27603 include sys/select for AIX
27614 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
27616 * CHANGES, SUPPORTED:
27621 can now have MAILER undefined
27625 new sub-note about MAILER
27629 added blurb about password timeout
27637 took out duplicate define of _CONVEX_SOURCE
27649 added a goto if fgets fails
27653 use __hpux not hpux convex c2 stuff
27657 use __hpux not hpux
27665 define ansi-ish cpp os defines if non-ansi are defined for hpux &
27670 updated to say we support sonvex C2
27674 added convex c2 support
27677 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
27680 no more ioctl never returns NULL uses fgets() and select() to
27684 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
27687 things were testing -n "$GCC" instead of -z "$GCC"
27691 now works + uses fgets()
27694 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
27697 select doesn't seem to recognize a single '\n' as input waiting so
27698 we can;t use it, sigh.
27701 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
27704 updated tgetpass() blurb
27708 added --with-getpass
27712 added tgetpass stuff
27723 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
27730 added USE_GETPASS && HAVE_C2_SECURITY
27734 fixed a test aded --with-C2 and --with-tgetpass
27742 took out tgetpass.*
27749 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
27752 no termio(s) for ultrix since it is broken
27756 added a space (yeah, anal)
27759 * realpath.c, sudo_realpath.c:
27760 fixed it (duh, rtfm)
27763 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
27766 took out bsd signal stuff for irix
27774 don't define BSD signals for irix
27785 * realpath.c, sudo_realpath.c:
27786 took out unneeded code by changing where a strings was terminated
27789 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
27791 * realpath.c, sudo_realpath.c:
27792 fix bug where /dirname would return NULL
27796 move __P to config.h
27799 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
27800 added errno definition
27815 * realpath.c, sudo_realpath.c:
27816 now works if no fchdir
27820 define SA_RESETHAND to null if not defined
27824 added check & replace
27828 took out -static for nextstep -- it doesn't work
27831 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
27834 moved #endif to where it belongs
27842 now checks for strdup realpath getcwd bzero
27850 added posic signals
27858 added posix signals
27862 removed BROKEN_GETPASS added new srcs toreplace missing functions
27866 added posix signal stuff
27878 now uses posix signals
27882 updated sto reflect major changes
27890 uses sysconf() if available
27894 added PASSWORD_TIMEOUT + prototypes for new functions
27897 * realpath.c, sudo_realpath.c:
27898 for those w/o this in libc
27901 * getcwd.c, getwd.c:
27906 rewrote to use realpath(3) - nis now all my code
27910 added HAVE_REALPATH
27918 added LIBOBJS use tgetpass.c
27921 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
27935 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
27946 added check for getwd
27950 replace strdup & realpath & getcwd if missing
27958 added SUDO_PROG_PWD
27965 * realpath.c, sudo_realpath.c:
27969 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
27972 quoted quare brackets
27975 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
27978 no need to strdup() a constant
27993 * parse.c, sudo.c, sudo.h:
27994 added validate_only stuff
27997 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
28004 $OSREV is now an int
28007 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
28010 added mtxinu to caser
28018 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
28022 changed mail_argv[] def now use EXEC() macro
28026 took out crypt() definition
28034 always look for -lnsl
28042 SHORT_MESSAGE is now the default
28050 added missing AC_DEFINE(SVR4) for solaris
28054 documented the -v flag
28066 added LIBSHADOW undef
28070 nwo set OS to be lowercase
28073 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
28076 now use SUDO_OSTYPE to set $OS
28080 now use uname to determine os
28084 added prototypes & moved sig handler around
28091 * check.c, logging.c, sudo.c:
28100 nwo use _BSD_SIGNALS not _BSD_COMPAT
28111 * parse.lex, parse.yacc:
28112 moved config.h to top of includes
28115 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
28118 now don't bitch if get EACCESS (treat like EPERM)
28122 added -v flag and usage()
28130 cast Argv to a const for exec added -v flag
28134 mail_argv is now a const
28138 only set RETSIGTYPE if it is not set already
28142 now defines & STDC_HEADERS for Irix
28149 * insults.h, sudo.h:
28150 prevent multiple inclusion
28157 * parse.lex, parse.yacc:
28158 now includes config.h
28162 now talks about sunos 4.x
28166 calls to Exit now pass an arg
28169 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
28172 signal handler now takes an int argument
28180 ok, the getcwd() is now *really* done as the user
28184 changed AIX STATIC_FLAGS
28188 solaris now defines SVR4
28192 added cwd and fixed stupid core dump that makes no sense. sigh.
28196 moved getcwd stuff into load_globals
28200 took out externs that are in suod.h
28204 moved cwd into load_globals
28212 fixed make distclean & realclean
28220 added solaris changes
28224 added solaris changes, need to rework
28228 cleaned up for solaris
28232 reinstall reapchild signal handler for non-bsd signals
28236 took out getdtablesize() emulation for HP-UX (no longer needed)
28240 support for HAVE_SYSCONF
28244 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
28252 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
28255 now tells you what os you are running /.
28262 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
28277 uid seinitialized to -2
28280 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
28283 now removes LIBPATH for AIX
28286 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
28289 now uses ufc if it finds it
28292 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
28295 no longer define yyval & yylval since yacc does it
28299 now defines yylval as extenr
28303 BROKEN_GETPASS is now an OPTION
28307 took out BROKEN_GETPASS
28311 took out big comment
28319 took out README.beta
28327 now reference SUPPORTED .,
28331 now check for convex OR __convex__
28335 now check for convex or __convex__
28347 now use _S_* stat stuff to be ansi-like
28351 updated for configure directions
28355 distclean now removes config.h and pathnames.h
28374 * config.h.in, pathnames.h.in:
28375 added copyright header
28378 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
28379 parse.yacc, sudo.c, sudo.h:
28384 udpated to use configure + pathnames.h
28391 * Makefile.in, config.h.in, configure.in:
28396 now works with configure
28399 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
28400 updated to work with configure + pathnames.h
28407 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
28410 updated gnu general licence to versio 2
28413 * config.h.in, pathnames.h.in:
28418 changed to work with configure
28421 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
28423 * Makefile.in, aclocal.m4, configure.in:
28428 now uses defines used by configure
28431 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
28434 sudo won't bitch about EPERM now, for real
28437 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
28440 renamed exec_argv to eliminate a libc name clash with ksros
28447 * logging.c, sudo.c, sudo.h:
28464 added UMASK and mode_t declaration
28472 now opens log file with mode 077
28476 saved current umask ans restores it
28480 added MAXLOGFILELEN
28484 split long log lines. FOr syslog, split into multiple entries, for
28485 a log file, indent the extra for readability
28488 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
28495 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
28498 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
28501 added input from Brett M Hogden <hogden@rge.com>
28504 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
28507 added rmenv() to remove stuff from environ. can now uses execvp()
28508 OR execve() becuase of this.
28512 now uses execvp() OR execve()
28528 moved some func decls out of sudo.h and into sudo.c as statics /.
28539 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
28545 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
28560 added sample.sudoers note
28567 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
28574 took out SAVED_UID garbage
28575 [b7c2d3469661] [SUDO_1_3_0]
28594 more verbose error if mailer not found
28598 now do getpwent as root for soem shadow password systems (bsdi)
28601 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
28604 took out SAVED_UID garbade
28608 took out SAVED_UID garbage since it don't work
28611 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
28618 added a missing space :-)
28622 took out multimax cruft
28634 fixed a typo + indentation
28637 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
28640 took outumoved some defines to the config file ,. ,.
28652 added HAS_SAVED_UID
28659 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
28665 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
28671 * check.c, logging.c, parse.c, sudo.c, sudo.h:
28672 now is only root when abs necesary
28679 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
28694 now removed _RLD_* for alphas
28698 updated for new config scheme
28702 more verbose eror messages
28705 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
28712 define __svr4__ for SOLARIS
28716 added svr4 junk for shadow pws for solaris 2.x
28720 took out setuid(0) and setreuid(udi) garbage. Its not needed since
28721 we start out setuid with the correct perms.
28724 * check.c, sudo.c, sudo.h:
28728 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
28731 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
28736 now uses ENV_EDITOR if you want to use the EDITOR envar
28740 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
28743 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
28746 rewrote most of this
28750 minor update + spell fix
28754 added all options that are in the Makefile
28758 now use USE_TERMIO #define for sgi & hpux
28765 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
28767 * check.c, find_path.c:
28768 always include strings.h
28776 sgi has vi in /usr/bin too
28783 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
28786 sue /usr/bin/vi on some systems
28790 fixed warning (include strings.h)
28794 added John_Rouillard@dl5000.bc.edu's changes (new features)
28798 changes from John_Rouillard@dl5000.bc.edu
28805 * check.c, find_path.c, parse.c, sudo.c:
28806 added patches from John_Rouillard directory spec
28810 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
28813 added flush for hpux
28816 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
28819 no longer assume malloc returns a char *
28823 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
28824 gets removed correctly
28828 added STD_HEADERS macro
28832 now uses STD_HEADERS macor for ansi
28836 now uses STD_HEADERS macro
28840 niceties for C compiler bitches -- no real change
28843 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
28846 now doesn't fclose a file never opened.
28849 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
28856 added error stuff added me in there...
28864 added blurb about reading stuff
28872 corrected somments and removed newlines
28884 added dec syslog note
28888 added real stuff in there
28899 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
28906 updated with changes
28917 * CHANGES, COPYING, INSTALL, README, TODO:
28922 updated version number and took out jeff's old addr since it is no
28926 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
28928 updated version number and took out jeff's email (since it is
28932 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
28938 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
28941 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
28944 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
28951 now sudo.h gets included first
28954 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
28965 hpux 9 fix, removes SHLIB_PATH linux patch
28972 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
28975 stat now ignores EINVAL
28978 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
28980 * find_path.c, sudo.c:
28981 now declare strdup as extern
28984 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
28987 reformatted with indent + by hand
28990 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
28991 used indent to "fix" coding style
28995 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
28996 move the code that does this into the loop body. makes it messier
29000 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
29003 redid the fix for non-executable files in an easier to read way plus
29004 some minor aethetic changes
29008 fixed bug with non-executable tings of same name in path introduced
29009 by checkig errno after stat(2).
29012 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
29015 fixed off by one error
29019 now handles decending below '/' correctly
29023 now actually builds Envp instead of munging envp
29026 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
29029 now includes sys/param.h
29033 now includes sys/param.h
29037 fixed ifndef -> ifdef
29041 make more like find_path.c
29045 rewritten by millert
29049 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
29050 about new defines in the comment
29058 added delc for clean_envp() and Envp
29062 now rips LD_* env vars out of envp and passed sanitized Envp to exec
29070 ENOTDIR is ok now too (in case part of the path is bogus)
29074 now works correctly (ttaltotal rewrite)
29078 now includes sys/param.h didn't match trailing / -- fix from
29082 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
29085 moved around the #ifndef _AIX
29088 * check.c, logging.c, parse.c:
29092 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
29098 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
29101 now works if you do sudo bin/test
29108 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
29118 * parse.lex, parse.yacc:
29122 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
29129 now spews error if exec fails and exits with -1
29137 now only execs files with (an) executable bit set.
29144 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>