1 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
4 If the user is running sudo as himself but as a different group we
5 need to prompt for a password.
8 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
11 If user has no supplementary groups, fall back on checking the group
15 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
18 Fix NULL dereference with "sudo -g group" when the sudoers rule has
19 no runas user or group listed. Fixes RedHat bug Bug 667103.
22 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
25 Clear OPOST from c_oflag like we used to. Fixes screen-based
30 Clarify umask option description. From Reuben Thomas.
33 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
36 Add support for RHEL 6 file modes that include a trailing dot on
37 files with an SELinux security context
40 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
43 fix typo; from Michael T Hunter
46 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
49 Having a timestamp file defined is no longer indicative of tty
50 tickets being enabled. Check def_tty_tickets directly.
53 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
56 Sync set_project() with trunk.
59 * set_perms.c, sudo.c:
60 Move set_project() into runas_setup(). Fixes a NULL deref when
61 project support is enabled and sudo's -g flag is used without the
65 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
68 Ignore ECONNREFUSED from audit_log_user_command() which will occur
69 if auditd is not running.
72 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
75 Use sed instead of expr to split a flag from its argument. Fixes a
76 problem with expr interpreting its arguments as a flag when they
80 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
83 Solaris BSM audit return EINVAL when auditing is not enabled,
84 whereas OpenBSM returns ENOSYS.
87 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
90 Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
94 Set NewArgv[0] to the name of the pseudo-command we are running.
95 Fixes a problem with "sudo -l" when auditing is enabled and the user
96 is not allowed to run any commands on the host. Adapted from a patch
100 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
103 When matching the runas user and runas group (-u and -g command line
104 options), keep track of runas group and runas user matches
105 separately. Only return a positive match if we have a match for
106 both runas user and runas group (if specified).
109 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
112 Do not return -1 on error from the display functions; the call
113 expects a return value >= 0.
117 display_bound_defaults now returns a count so make the stub return
121 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
124 It looks like AIX doesn't need to push STREAMS modules for ptys.
127 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
130 Install sudoers file from the build dir not hte src dir.
133 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
136 If runas_pw changes, reset the stashed runas aux group vector.
137 Otherwise, if runas_default is set in a per-command Defaults
138 statement, the command runs with root's aux group vector (i.e. the
139 one that was used when locating the command).
143 Add target to generate sudoers file Remove generated sudoers file as
147 2010-08-23 millert <millert@rh4-x86.home.courtesan.com>
150 When not logging I/O install a handler for SIGCONT and deliver it to
151 the command upon resume. Fixes bugzilla #431
154 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
157 Don't need to fork and wait when compiled with --disable-pam-session
160 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
163 Convert a remaining puts() and putchar() to use the output function.
166 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
169 Replace sudoers with sudoers.in in DISTFILES
173 Set dupcheck to TRUE when setting new HOME value if !env_reset but
174 always_set_home is true. Prevents a duplicate HOME in the
175 environment (old value plus the new one) introduced in 9f97e4b43a4b.
178 * configure, configure.in, sudoers, sudoers.in:
179 Substitute sysconfdir in the installed sudoers file to get the
180 correct path for sudoers.d.
183 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
185 * boottime.c, get_pty.c:
186 Fix typos that prevented compilation on Irix; Friedrich Haubensak
189 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
192 If the user hits ^C while a password is being read, error out before
193 reading any further passwords in the pam conversation function.
194 Otherwise, if multiple PAM auth methods are required, the user will
195 have to hit ^C for each one.
198 2010-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
201 Fix waitpid() loop termination condition.
205 Use sudo_waitpid() instead of bare waitpid()
208 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
211 Set pp_kit_version and strip off patchlevel
215 Better handling of versions with a patchlevel. For rpm and deb, use
216 the patchlevel+1 as the release. For AIX, use the patchlevel as the
217 4th version number. For the rest, just leave the patchlevel in the
221 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
224 For non-standalone auth methods, stop reading the password if the
225 user enters ^C at the prompt.
229 When removing/resetting the timestamp file ignore the tty ticket
233 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
239 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
242 Do not produce a warning for "sudo -k" if the ticket file does not
246 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
248 * aclocal.m4, configure:
249 Add cross-compile defaults for remaining AC_TRY_RUN usage.
252 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
254 * aclocal.m4, config.h.in, configure, configure.in, snprintf.c:
255 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
256 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
259 2010-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
262 Added tag SUDO_1_7_4 for changeset 2920a3b9d568
266 Debian: Remove dots from decoded release number AIX: looser matching
267 of file command output for AIX 5.1
268 [2920a3b9d568] [SUDO_1_7_4]
271 Added tag SUDO_1_7_4 for changeset 0d844aa34c1d
274 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
277 exec_monitor is static
281 Update to latest version
284 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
287 Let pp determine pp_aix_version itself.
290 * INSTALL, config.h.in, configure, configure.in, mkpkg, sudo.c:
291 Add support for Ubuntu admin flag file and enable it when building
296 Add commented out SuSE-like targetpw settings
299 * configure, configure.in:
300 Only try to use +DAportable for non-GCC on hppa Check the value of
301 $pic_flag insteaf of whether the compiler is ANSI C when detecting
302 the HP-UX bundled C compiler.
305 * configure, configure.in:
306 Prevent configure from adding the -g flag unless in devel mode
309 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
312 Go back to sudo-flavor to match existing packages and only use an
313 underscore for those that need it.
317 Use sudo_$flavor instead of sudo-$flavor since that causes the least
318 amount of trouble for the various package managers.
322 Fix handling of the ldap flavor Remove destdir unless --debug was
323 specified Make distclean before running configure if there is a
327 * configure, configure.in:
328 Back out version change in 5baf2187a138
332 Pass extra args on to configure on HP-UX, if we don't have the HP C
333 compiler, disable zlib to prevent gcc from finding it in
337 * configure, configure.in, mkpkg:
338 Use the HP ANSI C compiler on HP-UX if possible
342 Some getline() implementations (FreeBSD 8.0) do not ignore the
343 length pointer when the line pointer is NULL as they should.
347 Don't need to check for *cp being non-zero, isdigit() will do that.
351 Add setlocale() so the command line arguments that use floating
352 point work in different locales. Since sudo now logs the timing
353 data in the C locale we must Parse the seconds in the timing file
354 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
355 the number of seconds with the user's locale so if the decimal point
356 is not '.' try using the locale-specific version.
360 Do I/O logging in the C locale so the floating point numbers in the
361 timing file are not locale-dependent.
365 Use errorx() not error() for thingsthat don't set errno.
368 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
371 Add Tru64 kit support
375 Better support for 1.2.3 style versions in Tru64 kits
379 Remove apparently unnecessary use of sudo
383 Create timedir as part of install-dirs target.
387 Handle ENXIO from read/write which can occur when reading/writing a
388 pty that has gone away. Fixes bugzilla 422
392 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
396 platform is a pp flag not a variable
399 * Makefile.in, mkpkg, sudo.pp:
400 Add simple arg parsing for mkpkg so we can set debug, flavor or
405 Make rpm backend work on AIX 5.x
408 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
411 Add commented out Defaults entry for log_output
414 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
417 Install binary files with -b~ to make a backup. Fixes "text file
418 busy" error on HP-UX during install.
422 "mv -f" on HP-UX doesn't unlink the destination first so add an
423 explicit rm before moving the temporary into place.
426 * configure, configure.in:
427 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
430 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
433 Add missing include of maillock.h for Solaris
436 * NEWS, TROUBLESHOOTING, UPGRADE, configure, configure.in,
437 sample.syslog.conf, sudoers.cat:
438 Change the default syslog facility from local2 to authpriv (or auth
439 if the operating system doesn't support authpriv).
442 * Makefile.in, configure, configure.in, sudo.pp:
443 Install sudoers as /etc/sudoers on RPM and debian systems where the
444 package manager will not replace a user-modified configuration file.
445 This fixes upgrades from the vendor sudo packages.
449 RPM: use %config(noreplace) instead of %config for volatile This
450 results in the new file being installed with a .rpmnew suffix
451 instead of the file being replaced and the old one renamed with a
455 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
457 * boottime.c, mkstemps.c:
458 Include time.h for struct timeval.
462 The return value of strsignal() may be const and should be treated
466 * sudoers.cat, sudoers.man.in, sudoers.pod:
467 Mention that 127.0.0.1 will not match, nor will localhost unless
468 that is the actual host name.
475 * Makefile.in, NEWS, README, UPGRADE, WHATSNEW:
476 Rename WHATSNEW -> NEWS
480 Updated pp with latest patches
483 * WHATSNEW, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
484 If pam is in use, wait until the process has finished before calling
488 * sudoers.cat, sudoers.man.in:
492 * UPGRADE, sudoers, sudoers.pod:
493 Add commented out line to add HOME to env_keep and add a warning to
494 the note about the HOME change in UPGRADE.
497 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
500 Add LINE_MAX define for those without it.
504 Mention that tty_tickets is now the default.
507 * INSTALL, UPGRADE, config.h.in, configure, configure.in, defaults.c,
508 sudoers.cat, sudoers.man.in, sudoers.pod:
509 The tty_tickets option is now on by default.
513 Mention that AIX authdb support has been fixed.
517 setauthdb() only sets the "old" registry if it was set by a previous
518 call to setauthdb(). To restore the original value, passing NULL
519 (or an empty string) to setauthdb() is sufficient.
522 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
524 * sudoers.cat, sudoers.man.in, sudoers.pod:
525 Mention new handling of HOME in always_set_home and set_home
529 * sudo.cat, sudo.man.in, sudo.pod:
533 * UPGRADE, WHATSNEW, env.c, sudo.cat, sudo.man.in, sudo.pod:
534 Reset HOME when env_reset is enabled unless it is in env_keep
537 * sudoers.cat, sudoers.man.in, sudoers.pod:
538 The default for set_logname has been "true" for some time now.
541 * sudoers.cat, sudoers.man.in, sudoers.pod:
542 Document that MAIL it set in env_reset mode.
546 Add missing include of time.h
549 * defaults.c, sudo.c:
550 Check return value of setdefs() but don't stop setting defaults if
551 we hit an unknown one.
555 Fix check for dup2() return value.
559 Treat an unknown defaults entry as a parse error.
563 Check KEPT_MAIL not DID_MAIL when determining whether to set MAIL in
564 -i and env_reset mode.
568 Add PYTHONUSERBASE to initial_badenv_table
571 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, env.c,
572 pathnames.h.in, sudo.cat, sudo.man.in, sudo.pod:
573 If env_reset is enabled, set the MAIL environment variable based on
574 the target user unless MAIL is explicitly preserved in sudoers.
577 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
580 decode debian code names
587 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
590 Add entry about SuSE bash script fix.
594 Restore RLIMIT_NPROC after the uid switch if it appears that
595 runas_setup() did not do it for us. Fixes a bash script problem on
596 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
599 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
601 * mkpkg, pp, sudo.pp:
602 Restore the dot removal in the os version reported by polypkg. Adapt
603 mkpkg and sudo.pp to the change.
606 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
613 Update for sudo 1.7.4
617 document --with-pam-login
620 * sudoers.cat, sudoers.man.in, sudoers.pod:
621 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
624 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
627 Include flavor in solaris package name
631 Older shells don't support IFS= so set explictly to space, tab,
636 Use '=' not '==' in test
640 Fix typo that prevented debian from matching
644 Add missing prefix setting for debian
648 Use tab indents to reduce the chance of problem with <<- Uncomment
649 some env_keep lines for RHEL, SLES and Debian to more closely match
650 the vendor sudoers files.
654 Fix indentation Fix the debian %set section, pp does not set
655 pp_deb_distro Uncomment %sudo line in sudoers for debian Add pam.d
656 to %files for debian Remove the /etc/sudo-ldap.conf symlink on
657 debian for ldap flavor
661 Add commented out env_keep entries, sample Aliases and a %sudo line
665 * configure, configure.in:
666 Remove check for egrep; configure has its own
670 Use enable_zlib instead of enableval for consistency
673 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
676 Enable zlib for linux distros
680 Add ldap flavor to default build
684 Simplify rpm linux distro settings
687 * UPGRADE, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
689 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
692 * Makefile.in, mkpkg, sudo.pp:
693 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
694 environment variable.
698 Create sudo group on debian
702 Add debian 4/5/6 and use the dot when doing version matches
705 * sudoers.cat, sudoers.man.in, sudoers.pod:
706 Remove spurious "and"; from debian
709 * aclocal.m4, configure:
710 Use a loop when searching for mv, sendmail and sh
713 * aclocal.m4, configure, configure.in, sudoers.cat, sudoers.man.in,
714 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
715 Substitute the value of EDITOR into the sudoers and visudo manuals.
718 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
720 * mkpkg, pp, sudo.pp:
721 Initial debian 4.0 support
725 Some platforms need -fPIE instead of -fpie
729 Add packaging bits to DISTFILES
733 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
734 On Linux it causes a DNS lookup via libaudit.
738 We now use pp to generate HP-UX packages
741 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
747 * INSTALL, Makefile.in:
748 isntall-man -> install-doc
751 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
752 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
753 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
754 Bump version to 1.7.4
757 * INSTALL.binary, Makefile.binary.in, Makefile.in:
758 Remove remaining bits of the old binary package
762 Use http://rc.quest.com/topics/polypkg/ for packaging
765 * Makefile.in, mkpkg, pp:
766 Use http://rc.quest.com/topics/polypkg/ for packaging
770 Just ignore the -c option, it is the default Add support for -d
774 * env.c, logging.c, pathnames.h.in:
775 Use _PATH_STDPATH instead of _PATH_DEFPATH
779 Do not strip binaries.
782 * INSTALL, configure, configure.in:
783 Add --insults=disabled configure option to allow people to build in
784 insult support but have the insults disabled unless explicitly
788 2010-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
790 * env.c, sudoreplay.c:
794 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
796 * auth/pam.c, config.h.in, configure, configure.in, env.c, sudo.c,
798 Add support for a sudo-i pam.d file to be used for "sudo -i".
799 Adapted from a RedHat patch.
803 Fix installation of sudo_noexec.so
806 * Makefile.in, config.h.in, configure, configure.in, missing.h,
807 mkstemp.c, mkstemps.c, sudo_edit.c:
808 Use mkstemps() instead of mkstemp() in sudoedit. This allows
809 sudoedit to preserve the file extension (if any) which may be used
810 by the editor (like emacs) to choose the editing mode.
813 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
815 * ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
816 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
817 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
818 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
819 should avoid disabling TLS_CHECKPEER is possible.
822 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
825 Add suport for negated user/host/command lists in a Defaults entry.
826 E.g. Defaults:!baduser noexec
829 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
835 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
838 Added tag SUDO_1_7_3 for changeset 72fd1f510a08
841 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
842 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
843 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
845 [72fd1f510a08] [SUDO_1_7_3]
847 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
848 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
849 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
850 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, boottime.c, check.c,
851 defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c,
852 fnmatch.c, get_pty.c, getcwd.c, getdate.c, getdate.y, getline.c,
853 getspwuid.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c,
854 iolog.c, lbuf.c, ldap.c, logging.c, match.c, parse.c, parse_args.c,
855 pwutil.c, set_perms.c, snprintf.c, sudo.c, sudo_edit.c, sudo_nss.c,
856 sudoreplay.c, term.c, testsudoers.c, tgetpass.c, toke.c, toke.l,
857 tsgetgrpw.c, visudo.c:
858 Include strings.h even if string.h exists since they may define
859 different things. Fixes warnings on AIX and others.
863 Do not rely on env.env_len when unsetting a variable, just use the
868 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
871 2010-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
873 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
874 Mention that multiple URI lines are merged into a single one.
881 2010-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
883 * env.c, sudo.c, sudo.h:
884 For env_init() just use environ not the envp from main().
887 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
889 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
890 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
891 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
892 Update version to 1.7.3rc1
896 fqdn issue is resolved
900 In unsetenv(), assign ep in the for loop instead of doing it
901 earlier. This version of the code does not change env.envp in
902 between when ep is assigned and when it is used but older versions
907 Use S_REGISTRY instead of S_AUTHSYSTEM as the argument to
908 getuserattr() when fetching the administrative domain to be used by
909 setauthdb(). This was suggested by AIX support and is consistent
910 with what OpenSSH does.
914 Use warningx() instead of log_error() since the latter is not
915 available to visudo or testsudoers. This does mean that they don't
920 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
921 closed the sudoers sources. From Quest sudo.
925 Ignore case when matching user/group names in the cache. From Quest
929 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
931 * config.h.in, configure, configure.in, selinux.c:
932 Add check for setkeycreatecon() when --with-selinux is specified.
935 * configure, configure.in:
936 Bump version to 1.7.3b5 Error out if libaudit.h is missing or
937 ununable when --with-linux-audit was specified
941 K&R function declaration for aix_setauthdb()
944 * env.c, sudo.c, sudo.h:
945 If env_init() was called implicitly via getenv(), setenv() or
946 putenv() just use the specified envp instead of mallocing a new
947 copy. This prevents an infinite loop on OpenBSD which calls
948 getenv() from malloc() to get MALLOC_OPTIONS.
952 Add support for multiple URI lines by joining the contents and
953 passing the result to ldap_initialize.
956 2010-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
958 * pwutil.c, set_perms.c, sudo_nss.c:
959 Bracket initgroups with calls to aix_setauthdb() and
964 Include compat.h before alloc.h to get __P
968 Include usersec.h for authenticate() prototype
972 Add missing includes Add missing trailing NUL in userinfo string
975 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
977 * HISTORY, history.pod:
978 Mention when LDAP was incorporated.
981 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
984 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
985 not covered by _ALL_SOURCE.
989 Include usersec.h on AIX to get IDtouser() prototype.
993 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
994 not covered by _ALL_SOURCE.
997 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
1000 Add a cast to quiet a compiler warning.
1004 Use memset() instead of zero_bytes() since we don't include sudo.h
1008 getline.o is already in LIB_OBJS, do not need it in COMMON_OBJS
1011 * getdate.c, getdate.y:
1012 Quiet a compiler warning.
1015 * defaults.c, sudo.c:
1016 Call set_fqdn() after sudoers has parsed instead of inline as a
1021 Do not call set_fqdn() until sudoers parses (where is gets run as a
1026 Do not call set_fqdn() until sudoers parses (where is gets run as a
1027 callback). Otherwise, if sudo is built --with-fqdn the fqdn will be
1028 set even if !fqdn is set in sudoers.
1031 * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
1032 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
1033 sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
1034 Bump version to 1.7.3b4
1038 mention the change in tty ticket behavior when there is no tty
1046 Remove comment; NAME in usrinfo should be user name.
1050 Do not update tty ticket if there is no tty.
1053 * sudo.cat, sudo.man.in, sudo.pod:
1054 No longer need to use -- with the -s flag
1058 Add missing $(srcdir) to sudo.man.in target
1062 Do not rely on BSD make's $>
1065 * configure, configure.in:
1066 Set timedir to /var/db/sudo for darwin to match Apple sudo's
1070 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
1072 * Makefile.in, configure, configure.in:
1073 Move aix.o from SUDO_OBJS to COMMON_OBJS
1076 * config.h.in, configure, configure.in, defaults.c, iolog.c,
1078 Check for zlib.h in addition to libz.
1081 * Makefile.in, exec.c, exec_pty.c, sudo.h, sudo_exec.h:
1082 Move functions and symbols shared between exec.c and exec_pty.c into
1087 Add missing prototypes for aix_setauthdb and aix_restoreauthdb
1091 Comment out rules to build .man.in and .cat files unless --with-
1095 * aix.c, pwutil.c, set_perms.c, sudo.h:
1096 Fix AIX compilation problems.
1100 Cast isalnum() arg to unsigned char.
1104 Add Linux audit support.
1108 Quote any non-alphanumeric characters other than '_' or '-' when
1109 passing a command to be run via the shell for the -s and -i options.
1113 Add missing braces that broke -i mode.
1117 Fix linux_audit_command() return value
1120 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
1122 * Makefile.in, linux_audit.c, linux_audit.h:
1123 Add Linux audit support.
1126 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
1128 * INSTALL, audit.c, bsm_audit.c, config.h.in, configure, configure.in,
1129 logging.h, selinux.c:
1130 Add Linux audit support.
1133 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
1135 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
1136 Sync sudoreplay with trunk
1143 * aix.c, configure, configure.in, pwutil.c, set_perms.c, sudo.h:
1144 Set usrinfo for AIX Set adminstrative domain for the process when
1145 looking up user's password info and when preparing for execve().
1149 Better prefix determination now that we can't rely on len==0 to tell
1150 the beginning on an entry.
1153 * WHATSNEW, ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in,
1155 Add support for multiple sudoers_base entries in ldap.conf. From
1159 * configure, configure.in:
1160 Remove duplicate setsid check
1163 * Makefile.in, config.h.in, configure, configure.in, exec_pty.c,
1164 logging.c, missing.h, setsid.c:
1165 Move setsid emulation into setsid.c
1168 * exec_pty.c, logging.c, selinux.c, sudo.c, tgetpass.c:
1169 Check for dup2() failure.
1172 * config.h.in, configure, configure.in:
1173 Remove dup2 check, it is not optional.
1176 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
1179 Add mbr_check_membership support and SELinux fixes
1183 Sync SRCS and DISTFILES with reality
1187 Update OS specific notes. Delete some really ancient ones and move
1188 older ones to the end of the list.
1192 Bump for sudo 1.7.3 Merge some changes from trunk
1195 * selinux.c, sudo.c:
1196 Call selinux_restore_tty() as part of cleanup() so it gets called
1197 from error()/errorx()
1201 No longer use SA_NOCLDSTOP
1204 * interfaces.h, match.c:
1205 Move union sudo_in_addr_un into interfaces.h
1209 Update copyright year
1212 * HISTORY, LICENSE, aix.c, alias.c, alloc.h, boottime.c, bsm_audit.h,
1213 compat.h, defaults.c, defaults.h, env.c, fileops.c, find_path.c,
1214 gettime.c, gram.y, history.pod, lbuf.h, license.pod, logging.c,
1215 match.c, missing.h, nanosleep.c, parse.h, set_perms.c,
1216 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
1217 sudoreplay.c, term.c, tgetpass.c, toke.l, visudo.c, visudo.cat,
1218 visudo.man.in, visudo.pod:
1219 Update copyright year
1223 Remove varsub as part of clean
1227 Quiet a compiler warning.
1230 * getdate.c, getdate.y:
1231 Quiet a compiler warning.
1235 Make the remaining functions in ldap.c static
1239 Make private functions static. Diff from Joachim Henke
1242 * schema.ActiveDirectory:
1243 Updates from Alain Roy to provide better examples for importing the
1244 schema and to fix problems caused by Windows validating attributes
1245 which have not yet been added before committing the changes.
1248 2010-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
1250 * Makefile.in, configure, configure.in, sudo.cat, sudoers.cat:
1251 Generate .cat files directly from .man.in instead of .man using
1252 default values in configure.in
1255 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
1257 * configure, configure.in, sudo.c, sudo_usage.h.in:
1258 Print configure args with verbose version information.
1262 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
1263 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
1264 Use tq_append to append sudoers entries to the tail queue.
1267 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
1270 Describe tty timestamp improvements
1274 A comment character may not be part of a command line argument
1275 unless it is quoted with a backslash. Fixes parsing of:
1276 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
1279 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
1284 Make this read a little bit better when passwd_timeout is 0.
1288 Use the --file argument to config.status instead of setting
1292 * sudo.man.pl, sudo.pod:
1293 Attempt to handle a default password prompt timeout of zero more
1298 Do not override value of keepopen global, instead restore it to the
1299 value we pushed onto the stack when popping.
1302 * exec.c, exec_pty.c, logging.c, mon_systrace.c, tgetpass.c:
1303 Use SA_INTERRUPT in sa_flags
1306 * getdate.c, getdate.y, ldap.c, sudoreplay.c:
1307 Silence some compiler warnings
1310 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
1312 * exec.c, exec_pty.c, sudo.c, sudo.h:
1313 Implement background mode. If I/O logging we use pipes instead of a
1317 * compat.h, exec.c, exec_pty.c, mksiglist.c, strsignal.c, tgetpass.c:
1318 Move compat definition of NSIG to compat.h
1322 Ignore SIGPIPE for "sudo -S"
1326 Properly handle TGP_ECHO again. Print a newline if the user
1327 interrupted password input.
1331 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
1334 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
1336 * exec.c, exec_pty.c, selinux.c, sudo.c, sudo.h:
1337 Return an error from selinux_setup() instead of exiting. Call
1338 selinux_setup() from exec_setup().
1342 Add definition of WCOREDUMP for systems without it. This is known
1343 to work on AIX and SunOS 4, but may be incorrect on other systems
1344 that lack WCOREDUMP.
1347 * check.c, compat.h, config.h.in, configure, configure.in, iolog.c,
1348 nanosleep.c, sudo_edit.c, visudo.c:
1349 Replace timerfoo macros with timevalfoo since the timer macros are
1350 known to be busted on some systems.
1354 If a file in a #includedir has improper permissions or owner just
1355 skip it. This prevents packages that incorrectly install a file
1356 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
1357 #includedir files still result in a parse error (for now).
1360 * TODO, auth/pam.c, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
1361 Defer call to pam_close_session() until after the command finishes
1362 if there is a monitor process.
1365 * WHATSNEW, def_data.c, def_data.h, def_data.in, exec.c, sudoers.cat,
1366 sudoers.man.in, sudoers.pod:
1367 Add use_pty sudoers option to force use of a pty even when not
1371 * env.c, sudo.c, sudo.h:
1372 Instead of trying to keep the global environment in sync with our
1373 private copy, provide our own getenv() that returns values from the
1374 private environment and use env_get() to pass the environment in to
1382 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
1385 Rename pty.c -> get_pty.c
1389 Add #define for maximum session id
1392 * Makefile.in, configure, configure.in, exec.c, exec_pty.c, iolog.c,
1393 selinux.c, sudo.c, sudo.h, sudo_edit.c:
1394 Split exec.c into exec.c and exec_pty.c Pass a flag in to
1395 sudo_execve to indicate whether we need to wait for the command
1396 to finish (fork + execve vs. execve).
1399 * Makefile.in, configure, configure.in, get_pty.c, pty.c:
1400 Rename pty.c -> get_pty.c
1403 * aclocal.m4, configure, configure.in:
1404 Fix --without-iologdir
1407 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
1410 Only use I/O input log file if def_log_input is set and output file
1411 if def_log_output is set.
1414 2010-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
1416 * parse_args.c, sudo.c:
1417 Include sudo_usage.h after sudo.h now that it has function
1418 prototypes to guarantee that __P is defined.
1421 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
1424 Do signal setup after turning off echo, not before. If we are using
1425 a tty but are not the foreground pgrp this will generate SIGTTOU so
1426 we want the default action to be taken (suspend process). Use an
1427 array for signals received instead of a single variable so we don't
1428 lose any when there are multiple different signals.
1431 * defaults.h, lbuf.h, sudo.h:
1432 Reorg function prototypes a bit
1435 * Makefile.in, parse_args.c, sudo.c, sudo.h, sudo_usage.h.in:
1436 Move argument parsing into parse_args.c
1439 * Makefile.in, config.h.in, configure, configure.in, missing.h,
1440 mksiglist.c, mksiglist.h, siglist.in, strsignal.c:
1441 Build our own sys_siglist for systems that lack it.
1444 * exec.c, iolog.c, missing.h, sudo_edit.c:
1448 * exec.c, pty.c, sudo.c, sudo.h, sudo_edit.c:
1449 Log sudoedit sessions as well; adapted from trunk
1456 * INSTALL, Makefile.in, WHATSNEW, aclocal.m4, configure, configure.in,
1457 def_data.c, def_data.h, def_data.in, defaults.c, exec.c, gram.c,
1458 gram.h, gram.y, iolog.c, parse.c, parse.h, pathnames.h.in, pty.c,
1459 script.c, selinux.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in,
1460 sudoers.pod, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
1461 sudoreplay.pod, term.c:
1462 Merge I/O logging changes from trunk. Disabling I/O log support at
1463 compile time does not currently work. Sudoedit is not yet hooked up
1467 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
1469 * INSTALL, configure, configure.in:
1470 Add --enable-warnings configure option
1473 * check.c, lbuf.h, script.c, sudo.c, sudo_nss.c:
1474 Fix K&R compilation issues on HP-UX.
1477 * lbuf.c, lbuf.h, ldap.c, parse.c, sudo.c, sudo_nss.c:
1478 Pass in output function to lbuf_init() instead of writing to stdout.
1479 A side effect is that the usage info can now go to stderr as it
1480 should. Add support for embedded newlines in lbuf and use that
1481 instead of multiple calls to lbuf_print.
1484 * configure, configure.in, sudo.man.pl, sudoers.man.pl:
1485 Use numeric registers to handle conditionals instead of trying to do
1486 it all with text processing.
1490 Document per-command SELinux settings
1494 timestamp -> time stamp
1498 Set close on exec flag in private versions of setpwent() and
1503 Make send_mail() take a printf-style argument list
1506 * Makefile.binary.in, Makefile.in, aclocal.m4, acsite.m4,
1507 config.guess, config.h.in, config.sub, configure, configure.in,
1508 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
1509 m4/ltversion.m4, m4/lt~obsolete.m4:
1510 Update to autoconf 2.65 and libtool 2.2.6b
1514 Don't use TRUE/FALSE which may not be defined.
1517 * sudo.cat, sudo.man.in, sudo.pod:
1518 Document new tty_ticket behavior
1521 * find_path.c, sudo.c, sudo.h, visudo.c:
1522 Make find_path() a little more generic by not checking def_foo
1523 variables inside it. Instead, pass in ignore_dot as a function
1528 Store info from stat(2)ing the tty in the tty ticket when tty
1529 tickets are in use. If the tty lives on a devpts (Linux) or devices
1530 (Solaris) filesystem, stash the ctime in the tty ticket file, as it
1531 is not updated when the tty is written to. This helps us determine
1532 when a tty has been reused without the user authenticating again
1536 * boottime.c, check.c, sudo.h:
1537 get_boottime() now fills in a timeval struct
1540 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
1542 * check.c, compat.h, config.h.in, configure, configure.in, fileops.c,
1543 gettime.c, sudo.h, sudo_edit.c, visudo.c:
1544 Use timeval directly instead of converting to timespec when dealing
1545 with file times and time of day.
1549 Fix OpenPAM detection for newer versions.
1553 Sync with Quest sudo git repo
1556 * aclocal.m4, configure, configure.in:
1557 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
1558 libvas may need libdl for dlopen() Add missing template for
1559 ENV_DEBUG Adapted from Quest sudo
1563 Fix typos; from Quest Sudo
1566 * Makefile.in, configure.in:
1567 Use value of SHELL from configure in Makefile
1570 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
1573 Handle duplicate variables in the environment. For unsetenv(), keep
1574 looking even after remove the first instance. For sudo_putenv(),
1575 check for and remove dupes after we replace an existing value.
1578 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
1581 Fix a crash when checking a sudoers file that has aliases that
1582 reference themselves. Based on a diff from David Wood.
1585 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
1588 Fix use after free in error message when a duplicate alias exists.
1591 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
1594 Set errorfile to the sudoers path if we set parse_error manually.
1595 This prevents a NULL dereference in printf() when checking a sudoers
1596 file in strict mode when alias errors are present.
1599 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
1601 * TODO, sudoers.cat, sudoers.man.in, sudoers.pod:
1605 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
1608 Qualify the command even if it is in the current working directory,
1609 e.g. "./foo" instead of just returning "foo". This removes an
1610 ambiguity between real commands and possible pseudo-commands in
1614 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
1616 * sudoers.cat, sudoers.man.in, sudoers.pod:
1617 Add a note about the security implications of the fast_glob option.
1621 Remove duplicate includes
1624 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
1626 * configure, configure.in:
1627 Fix installation of sudoers.ldap in "make install" when --with-ldap
1628 was specified without a directory. From Prof. Dr. Andreas Mueller
1631 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
1634 When doing a glob match, short circuit if gl.gl_pathc is 0. From
1638 2010-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
1641 Use parent process group id instead of parent process id when
1642 checking foreground status and suspending parent. Fixes an issue
1643 when running commands under /usr/bin/time and others.
1647 In setenv(), if the var is empty, return 1 and set errno to EINVAL
1648 instead of returning EINVAL directly.
1651 2010-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
1654 Check for pseudo-command by looking at the first character of the
1655 command in sudoers instead of checking the user-supplied command for
1659 2010-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
1662 Avoid a duplicate fclose() of the sudoers file.
1666 Fix size arg when realloc()ing include stack. From Daniel Kopecek
1669 2010-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
1671 * aix.c, config.h.in, configure, configure.in:
1672 Use setrlimit64(), if available, instead of setrlimit() when setting
1673 AIX resource limits since rlim_t is 32bits.
1677 Fix use after free when sending error messages. From Timo Juhani
1681 2010-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
1683 * ChangeLog, Makefile.in:
1684 Generate the ChangeLog as part of "make dist" instead of having it
1688 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
1691 Generate correct ChangeLog for 1.7 branch.
1694 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
1696 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
1697 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
1698 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
1699 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
1700 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
1701 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
1702 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
1703 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
1704 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
1705 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
1706 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
1707 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
1708 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
1709 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
1710 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
1711 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
1712 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
1713 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
1714 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
1715 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
1716 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
1717 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
1718 Remove CVS $Sudo$ tags.
1721 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
1724 make this match sudoers SYNOPSIS
1728 Print a newline between Runas and Command-specific defaults in sudo
1733 Use SET and CLR macros in term_raw
1737 Set stdin to non-blocking mode early instead of in check_input. Use
1738 term_raw instead of term_cbreak since the data we get has already
1739 been expanded via OPOST.
1742 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
1745 Enable/disable all postprocessing instead of just nl->crnl
1746 processing since things like tab expansion matter too. However, if
1747 stdout is a tty leave postprocessing on in the pty since we run into
1748 problems doing it only on the real stdout with .e.g nvi.
1751 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
1754 If tty_tickets is enabled and there is no tty, prompt for a
1755 password. Do not lecture user for "sudo -k command" if user has a
1760 Document missing options: --with-efence and --with-bsm-audit
1763 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
1764 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
1765 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
1766 visudo.man.in, visudo.pod:
1767 username -> user name groupname -> group name hostname -> host name
1770 * INSTALL, README.LDAP, sudoers.pod:
1771 filename -> file name like the rest of the docs
1774 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
1777 Fix printing of entries with multiple host entries on a single line.
1780 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
1783 Mention that targetpw affects the timestamp file name.
1786 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
1788 Add compress_transcript option.
1791 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
1793 * configure, configure.in:
1797 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
1798 Better split of membership vs. traditional group check in
1799 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
1802 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
1805 Fix pasto and add default return value.
1808 * check.c, match.c, pwutil.c, sudo.h:
1809 refactor group member checking into user_in_group()
1812 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
1814 Add support for mbr_check_membership() as present in darwin.
1817 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
1820 Rename label to be accurate
1823 * Makefile.in, boottime.c, check.c, config.h.in, configure,
1824 configure.in, sudo.h:
1825 Treat timestamp files from before we booted as old. Idea from and
1829 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
1831 * sudo.c, sudo.pod, sudo_usage.h.in:
1832 Allow the -u flag to be used in conjunction with the -v flag as per
1833 older versions of sudo.
1837 fix typo in last commit
1840 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
1843 Convert fmt_first and fmt_confd into macros.
1847 timeouts can be floats now
1850 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
1851 defaults.h, mkdefaults:
1852 Add support for floating point timeout values (e.g. 2.5 minutes).
1855 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
1858 The -L flag will be removed in sudo 1.7.4
1861 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
1864 Fix a bug due to order of operators.
1867 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
1870 cmnd_matches() already deals with negation so _cmndlist_matches()
1871 does not need to do so itself. Fixes a bug with negated entries in
1875 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
1878 Don't exit() from open_sudoers, just return NULL for all errors.
1882 Can't rely on the shell sending us SIGCONT when transitioning from
1883 backgroup to foreground process.
1887 Add missing extern def for parse_error
1890 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
1893 Avoid a parse error when #includedir doesn't find any files. Closes
1898 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
1901 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
1904 Start command out in foreground mode if stdout is a tty. Works
1905 around issues with some curses-based programs that don't handle
1906 tcsetattr getting interrupted by a signal. Still allows us to avoid
1907 hogging the tty if the command is part of a pipeline.
1910 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
1911 Use a socketpair to pass signals from parent to child. Child will
1912 now pass command status change info back via the socketpair. This
1913 allows the parent to distinguish between signals it has been sent
1914 directly and signals the command has received. It also means the
1915 parent can once again print the signal notifications to the tty so
1916 all writes to the pty master occur in the parent. The command is
1917 now always started in background mode with tty signals handled by
1921 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
1923 * configure, configure.in:
1924 Fix a few typos in the descriptions; from Jeff Makey Only do the
1925 check for krb5_get_init_creds_opt_free() taking two arguments if we
1926 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
1927 positive when using our own krb5_get_init_creds_opt_free which takes
1928 only a single argument.
1931 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
1933 * configure, configure.in:
1934 Remove a spurious comma in the kerb5 bits.
1938 Call krb5_get_init_creds_opt_init() in our emulated
1939 krb5_get_init_creds_opt_alloc() for MIT kerberos.
1942 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
1949 Need to ignore SIGTT{IN,OU} in child when running the command in the
1950 background. Also some minor cleanup.
1953 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
1956 Instead of calling sigsuspend when waiting for SIGUSR[12] from
1957 parent, install the signal handlers w/o SA_RESTART and let them
1958 interrupt waitpid().
1962 Pass along SIGHUP and SIGTERM from parent to child.
1966 Close unused bits of script_fds in processes that don't need them.
1967 Restore default SIGCONT handler in child.
1971 Update foreground/background status in SIGCONT handler in parent
1975 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
1978 Defer setting terminal into raw mode until just before we fork() and
1979 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
1980 and sudo is already in the foreground be sure to set raw mode before
1981 continuing the child.
1984 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
1987 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
1988 give the command the controlling tty if the main sudo process is the
1993 Don't bother with sudo_waitpid() here for now.
2000 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
2003 Remove non-wroking code that crept into rev 1.55
2006 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
2008 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
2009 First pass at zlib support for transcript data files
2013 remove vestiges of ZLDFLAGS
2017 Add missing variable declaration for when TIOCSCTTY is not defined.
2018 Need to include sys/termio.h for TIOCSCTTY on some systems.
2022 when resuming command, send SIGCONT to its pgrp not just pid
2026 remove unused variable
2030 include selinux.h for is_selinux_enabled() proto
2034 Don't use log_error() in the child process.
2038 Do I/O in parent instead of child since the parent can have both
2039 /dev/tty as well as the pty fds open. The child just sets things up
2040 and waits for its grandchild and writes the signal description to
2041 the pty master if the command was killed by a signal.
2044 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
2046 * missing.h, sudo.h:
2047 Move two struct forward declarations from sudo.h to missing.h
2051 Make comment at the top of script_exec() match reality.
2055 if neither stdin nor stdout is a tty, check stderr
2059 Add back dependecy of gram.h on gram.y
2063 Make transcript mode work as long as we can figure out our tty, even
2064 if it is not stdin. We'd like to use /dev/tty but that won't be
2065 valid after the setsid().
2068 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
2070 * config.h.in, configure, configure.in, pty.c:
2071 Add support for IRIX-style dynamic ptys
2074 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
2075 Move alloc.c protos into alloc.h
2079 Move prototypes for missing libc functions to missing.h
2082 * Makefile.in, sudo.h, sudoreplay.c:
2083 Move prototypes for missing libc functions to missing.h
2086 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
2088 * config.h.in, configure, configure.in:
2089 Disable transcript support if no tcsetpgrp until we support older
2090 BSD-style job control.
2093 * configure, configure.in, pty.c, script.c:
2094 Break out pty code into pty.c
2097 * compat.h, config.h.in, configure, configure.in:
2098 add killpg macro if no killpg function
2101 * config.h.in, configure, configure.in, script.c:
2102 Push ptem and ldterm for STERAMS-based systems when allocating a
2106 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
2109 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
2113 Call tcgetpgrp() in the parent, not the child and have the child
2114 spin until it is granted. Fixes a race on darwin.
2118 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
2122 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
2125 In script mode, if the command is killed by a signal, print the
2126 signal description as well as a core dump notification like the
2130 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
2132 Add check for strsignal() and a simple implementation if it is not
2133 there but sys_siglist is
2137 Add missing WUNTRACED and store the signal that stopped the
2138 grandchild in suspended, not signo.
2146 Associate the grandchild's pgrp with the tty instead of the child's
2147 and just get suspend notifications via SIGCHLD instead of directly.
2148 This fixes a hang with programs that try to set terminal attributes
2149 and is more consistent with how the shell handles things.
2152 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
2155 Move setpgid() of child into the parent side of the fork() where it
2159 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
2166 Run command in its own pgrp (like the shell does) for easier
2167 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
2168 to grandchild. Don't want grandchild stopped events in the child
2169 (only termination). Flush output after suspending grandchild before
2174 Back out revision 1.34; the problem lies elsewhere.
2178 Don't set stdout to blocking mode when flushing remaining output.
2179 It can cause us to hang when trying to exit. Need to investigate
2184 Handle SIGTTOU and remove some debugging.
2188 Back out revision 1.10 as the signal that interrupts us may be
2189 SIGTTOU or SIGTTIN which the caller must handle.
2193 Apparently we need to send SIGSTOP to the command as well as ourself
2194 when we get SIGTSTP, the kernel doesn't automatically stop the
2199 Use an extra process to act as the glue bewteen the sessions
2200 associated with the user's controlling tty (what the shell uses) and
2201 the tty that sudo is using to do its logging. Basically, this means
2202 that if we get, e.g. SIGTSTP from the process sudo is running, we
2203 relay the signal to the parent so it's shell can do the job control.
2207 Handle getting/setting terminal attributes when the fd is in non-
2211 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
2213 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
2214 Add support for pausing and changing the speed in interactive mode.
2218 Already define O_NOCTTY in compat.h, don't need it here
2221 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
2227 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
2230 Always update the stashed mtime of the temp file instead of using
2231 what we have for the original because the time resolution of the
2232 filesystem the temporary is on may not match that of the filesystem
2233 that holds the original. Should fix bz #371 found by Philippe Levan.
2237 Use cbreak mode instead of raw mode and add signal handlers to
2238 restore the tty on interrupt.
2241 * script.c, sudo.h, term.c:
2242 Retain NL to NLCR conversion on the real tty and skip it on the pty
2243 we allocate. That way, if stdout is not a pty there are no extra
2248 Fix log_output(); just pass in a string and a length.
2251 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
2254 do not use errno when complaining out lack of a tty
2257 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
2259 * Makefile.in, sudoreplay.c, term.c:
2260 Instead of messing with line endings, just set terminal to raw mode
2265 When copying the terminal attributes to the pty, be sure not to set
2266 ONLCR. This prevents extra carriage returns from ending up in the
2271 Convert a do {} while into a while
2275 Use if then instead of test && when installing binaries that may not
2280 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
2281 old tty before associatng with new one.
2284 * script.c, selinux.c, sudo.c, sudo.h:
2285 First cut at refactoring some of the selinux code so it can be used
2286 in conjunction with sudo's transcript support.
2289 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
2291 * aclocal.m4, configure, configure.in:
2292 Fix default case of transcript_enabled being unset.
2295 * script.c, sudoreplay.c:
2296 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
2299 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
2300 Hook up --disable-transcript and --enable-transcript=DIR
2303 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
2305 * aclocal.m4, configure, configure.in, pathnames.h.in:
2306 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
2307 transcript=DIR option to specify the directory
2310 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
2314 * configure, configure.in, sudoers.man.pl, sudoers.pod:
2315 Substitute in default value for secure_path
2319 Mention that the password must be followed by a newline with the -S
2323 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
2326 Go back to dropping out of the select() loop when the process dies;
2327 Linux ptys apparently don't behave the same as BSD in regards to
2328 select(). No need to flush remaining output to the transcript, only
2329 to stdout. Add back code to check the master pty for additional data
2330 when we exit the main select loop.
2333 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
2336 Add getline.o to COMMON_OBJS
2340 sudoreplay depends on libsudo.a
2344 More pwutil.o into COMMON_OBJS
2347 * pwutil.c, testsudoers.c, tsgetgrpw.c:
2348 Remove my_* redirection in pwutil.c for testsudoers and just use the
2349 normal libc get{pw,gr}* names.
2352 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
2353 More time and date examples
2356 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
2357 Move nanosleep() emulation into its own file Check librt.a for
2358 nanosleep if we don't find it in libc
2361 * Makefile.in, configure, configure.in:
2362 Build libsudo with the common bits and link things against that.
2370 Keep reading from the pty master -> log file until read returns <=
2371 0. Do our best to write everything to stdout when flushing any
2376 Use unbuffered I/O when writing to stdout and make sure we write the
2380 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
2383 Only use max_wait if it is non-zero
2386 * getdate.c, getdate.y, getline.c:
2391 Fix nanosleep emulation
2395 Fix comment after #endif
2399 Add protos for missing libc bits
2402 * configure, configure.in:
2403 add missing line continuation char
2406 * config.h.in, configure, configure.in, getline.c:
2407 Implement getline() in terms of fgetln() if we have it.
2411 Print year when formatting log line
2415 Document cwd, attempt to document time/date formats.
2419 Fix getline return value check.
2422 * Makefile.in, config.h.in, configure, configure.in, getline.c,
2424 Use getline() if the system has it, else use provide our own for
2429 Refactor code to update output and timing files.
2432 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
2435 Make sudo_getln() behave more like glibc getline.
2439 When flushing remaining output, also update timing file.
2443 Use get_timestr() and make the -l output look like the regular sudo
2447 * logging.c, sudo.h, timestr.c:
2448 Make get_timestr() take a time_t so we can use it properly in
2453 Create session dir earlier now that we update the seq number early.
2456 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
2459 Use fromdate and todate as the keywords instead of from and to; the
2460 short forms will still be accepted.
2464 Fix reading long liensin sudo_getln()
2467 * script.c, sudoreplay.c:
2468 Log the cwd in the script log file. Add sudo_getln() to read
2469 arbitrarily long lines.
2472 * Makefile.in, logging.c, sudo.h, timestr.c:
2473 Move get_timestr() into its own source file so sudoreplay can use
2477 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
2480 Add to and from perdicates (date ranges); needs documentation
2483 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
2485 * Makefile.in, getdate.c, getdate.y:
2486 Fix warning and add generated getdate.c
2489 * Makefile.in, getdate.y:
2490 Add getdate.y to be used for sudoreplay date parsing.
2493 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
2496 Check more than just the first character of a predicate
2499 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
2500 Add examples, sort predicates
2503 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
2505 Implement search expressions in sudoreplay similar in concept to
2506 what find or tcpdump uses. TODO: date ranges
2509 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
2512 Remove vhangup as it was hanging up the wrong tty. Should really
2513 vhangup in the child after it as set its tty.
2517 Fix cut at documenting transcript support.
2521 ID= -> TSID= for transcript ID
2524 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
2527 Move fast_glob description to where it belongs in sorted order
2530 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
2531 parse.c, parse.h, sudo.c:
2532 Rename script -> transcript
2535 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
2538 Add timeradd and timersub for those without them
2542 Sanity check sessid before using it.
2546 Only set the session id if we are running a command or editing a
2551 Actually. qsort is fine since most versions fal back to a cheaper
2552 sort when the number of elements to sort is small (like in our
2556 * config.h.in, configure, configure.in, script.c:
2557 Check for dup2 and use dup instead if we don't have it.
2560 * script.c, sudo.c, sudo.h:
2561 Move the code to dup2 the script fds to low numbered descriptors
2562 into script_duplow() and fix the fd sorting.
2565 * script.c, sudo.c, sudo.h:
2566 Move script_setup() back to immediately before we drop privs and
2567 call the new script_nextid() in its place, which will set
2568 sudo_user.sessid for the logging functions.
2571 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
2578 remove unused variable
2581 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
2583 * logging.c, script.c, sudo.c, sudo.h:
2584 Log the session ID, if there is one. Currently logs ID=XXXXXX,
2585 perhaps should be SESSIONID or SESSID.
2588 * Makefile.in, configure, configure.in, sudoreplay.cat,
2589 sudoreplay.man.in, sudoreplay.pod:
2594 add -V (version) flag
2601 * script.c, sudoreplay.c:
2602 Use base36 number for the ID and store script files with paths like
2603 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
2604 (2,176,782,336) unique IDs.
2607 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
2609 * config.h.in, configure.in:
2610 Add check for regcomp
2614 Add support for selecting by pattern and tty when listing.
2617 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
2620 The beginnings of a list mode.
2623 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
2629 * Makefile.in, config.h.in, configure.in:
2630 Add scaffolding for building sudoreplay
2634 include error.h first arg to nanotime is const
2638 Initial cut at sudoreplay; replay a sudo session.
2641 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
2644 Fix wait() usage and use correct wait status.
2647 * sudo.c, sudo.h, tgetpass.c:
2648 Add protos for term_* to sudo.h
2652 Fix detection of the child process exiting. Since the child is in
2653 its own session we should only ever get SIGCHLD for that process but
2654 better safe than sorry.
2658 Add UNIX98 pty support.
2661 * configure, configure.in, script.c:
2662 Add UNIX98 pty support.
2665 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
2668 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
2673 Set PAM_RUSER and PAM_RHOST early so they can be used during
2674 authentication. Based on a patch from Jamie Beverly.
2678 Close dir before returning if strlcpy() reports overflow. From
2682 * config.h.in, configure, configure.in, script.c:
2683 On Linux, the openpty proto libes in pty.h
2687 Call vhangup on exit if the system has it Use setpgrp() if no
2691 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
2693 * config.h.in, configure, configure.in:
2694 Add checks for revoke and vhangup if we don't have openpty
2698 Session logging guts that got forgotten in the previous commit.
2701 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
2702 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
2703 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
2705 First cut at session logging for sudo. Still need to write
2706 get_pty() for Unix 98 and old-style BSD ptys. Also needs
2707 documentation and general cleanup.
2710 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
2712 * sudo.c, sudo_edit.c:
2713 Fix a bug introduced with def_closefrom. The value of def_closefrom
2714 already includes the +1.
2717 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
2720 Generate sudo distributions with pax in ustar mode. No longer need
2721 to use a temp file or have the source dir name match the version.
2724 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
2727 Fix expansion of %h in #include names. Fixes bugzilla 363
2730 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
2733 If no arg assume def_data.in
2738 [f5ad45f69f05] [SUDO_1_7_2]
2744 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
2746 * sudoers.cat, sudoers.man.in, sudoers.pod:
2747 Add missing single quotes around a colon in Runas_Spec definition.
2751 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
2753 * sudo.man.in, sudoers.man.in:
2758 In rbrepair, re-color the root or the first non-block node we find
2759 to be black. Re-coloring the root is probably not needed but won't
2763 * sudo.cat, sudoers.cat:
2767 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
2770 When repairing the tree, don't touch the root node.
2773 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
2776 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
2777 Reported by Josef Schmid.
2780 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
2783 Document that we accept env_pam-style environment files
2787 Adapt to accept pam_env-style /etc/environment which allows shell-
2788 style lines such as: export EDITOR="/usr/bin/vi"
2792 Make it clear that env_delete only works when !env_reset. From Lo??c
2796 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
2798 * sudo.pod, sudoers.pod:
2799 Add non-unix group bits, adapted from Quest
2803 build the .cat page in the current working dir, not the src dir
2807 Return EINVAL in setenv() if var is NULL or the empty string to
2808 match glibc behavior.
2811 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
2813 * configure, configure.in:
2814 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
2817 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
2819 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
2820 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
2824 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
2827 Document --with-libvas and --with-libvas-rpath
2830 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
2832 * ldap.c, sudoers.ldap.pod:
2833 For netscape-derived LDAP SDKs the cert and key paths may be a
2834 directory or a file. However, version 5.0 of the SDK only seems to
2835 support using a directory. If ldapssl_clientauth_init fails and the
2836 cert or key paths look like they could be files, strip off the last
2837 path element and try again.
2841 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
2844 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
2846 * configure, configure.in, match.c, sudo.c, vasgroups.c:
2847 Update non-Unix group support from Quest, as reworked by me.
2855 Add support for escaped hex chars in names, e.g. \x20 for space.
2858 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
2860 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
2861 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
2862 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
2863 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
2864 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
2865 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
2866 tgetpass.c, toke.l, visudo.c:
2867 Update copyright years.
2870 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
2872 * interfaces.c, lbuf.c:
2873 Minor fixes for Minix-3
2876 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
2879 Handle getgroups() returning 0. Also add missing check for
2883 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
2885 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
2886 version.h, visudo.c:
2887 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
2890 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
2893 Remove group setting code in setusercontext case, we will do it
2894 ourselves later on in runas_setup. Set the gid after
2895 initgroups/setgroups is called, since on Mac OS X it seems to change
2899 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
2901 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
2903 Initial bits of non-unix group support using Quest Authentication
2908 Accept %:foo as a non-Unix group
2912 Allow user/group to be double quoted in the case of non-Unix groups
2913 which contain spaces.
2916 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
2919 Don't allow the user to specify the default runas user if their
2920 sudoers entry only allows them to run as a group.
2923 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
2926 Must call audit_success before we change uids.
2929 * logging.c, set_perms.c, sudo.h, testsudoers.c:
2930 Add option for set_perm to not exit on failure and use this in the
2935 In -l mode, if the user is only allowed to run as a group, display
2936 the user's name, not root's before the allowed group.
2940 Fix -g mode, broken by rev 1.503 which had the side effect of
2941 setting the runas user to root unilaterally.
2944 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
2947 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
2951 Only cache by the method we fetched for pwd and grp lookups.
2952 Previously we cached both by namd and id but this can cause problems
2953 for entries that share the same id. Also add more info in the error
2954 message in case the insert fails (which should now be impossible).
2957 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
2960 Add a clarification from Nick Sieger
2963 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
2966 Inline the setting of the environment string.
2969 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
2972 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
2973 in BSD doesn't return an error if the name has '=' in it, it just
2974 treats the '=' as end of string.
2977 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
2980 Not all systems have d_namlen
2983 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
2986 Fix up some pod2html issues.
2989 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
2992 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
2997 Ignore files ending in '~' in sudo.d (emacs backup files)
3001 Ignore files ending in '~' in sudo.d (emacs backup files)
3004 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
3006 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
3007 For #includedir, ignore any file containing a dot
3010 * Makefile.in, version.h:
3014 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
3015 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
3017 Implement #includedir directive. Files in an includedir are not
3018 edited by visudo unless they contain a syntax error.
3023 [8741ed61a78b] [SUDO_1_7_1]
3026 Forgot umask_override
3033 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
3036 Rewind stream if we fdopen sudoers since it may not be at the
3037 beginning. Set the keepopen flag on already-open files too so the
3038 lexer doesn't close them out from under us.
3042 Print the proper file name when there is a parse error in an include
3046 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
3052 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
3054 * configure, configure.in:
3055 Fix a warning when --without-ldap is specified.
3058 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
3060 * alias.c, parse.h, visudo.c:
3061 Store aliases that we remove during check_aliases in a freelist and
3062 free them at the end so we don't leak memory.
3065 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
3068 Check aliases in -c mode too.
3071 * alias.c, parse.h, visudo.c:
3072 Make alias_remove return the alias struct instead of freeing it
3073 directly. Fixes a use after free in alias_remove_recursive, the only
3077 * alias.c, match.c, parse.c, parse.h, visudo.c:
3078 Rename find_alias -> alias_find for consistency.
3081 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
3084 When checking for unused aliases, recurse if the alias points to
3088 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
3091 Back out rev 1.105 for now. Real ldapux_client.conf support will be
3092 done later after some refactoring.
3095 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
3098 Treat ldap_hostport the same as "host" for ldapux.
3101 * configure, configure.in:
3102 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
3103 Fixes compilation with ldapux.
3106 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
3112 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
3115 remove errant carriage returns
3122 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
3123 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
3127 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
3130 Add missing HAVE_BSM_AUDIT
3138 Mention --with-netsvc
3142 Document netsvc.conf support
3145 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
3147 Add support for AIX netsvc.conf (like nsswitch.conf).
3150 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
3152 * config.h.in, configure, configure.in, env.c:
3153 Add --enable-env-debug flag to enable environment sanity checks.
3156 * sudoers.ldap.pod, sudoers.pod:
3157 Work around some pod2html issue.
3160 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
3163 Only sync environ for putenv, setenv, and unsetenv. We need to make
3164 sure that sudo_putenv and sudo_setenv only modify env.envp, not
3168 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
3171 Really fix UNSETENV_VOID
3175 Fix unsetenv when UNSETENV_VOID
3178 * aclocal.m4, configure:
3179 Fix SUDO_FUNC_PUTENV_CONST
3183 tivoli-based ldap does not have ldapssl_err2string
3190 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
3192 * config.h.in, configure, configure.in, ldap.c:
3193 Add support for Tivoli-based LDAP start TLS as seen in AIX.
3198 Add sanity checks for setenv/unsetenv
3202 Include bsm_audit.h in the tarball
3205 * Makefile.in, version.h:
3206 bump version for sudo 1.7.1
3209 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
3210 env.c, ldap.c, sudo.h:
3211 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
3212 provide our own setenv/unsetenv/putenv that operates on own env
3213 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
3216 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
3219 Make "sudoedit -h" work as expected
3223 Make sure def_prompt is always defined. This is a workaround for
3224 pam configs that prompt for a password in the session but don't have
3225 an auth line. A better fix is to expand the sudo prompt earlier and
3226 set def_prompt to that when initializing.
3230 Mention that the helper for -A may be graphical.
3234 Document what happens if there is no tty.
3246 Fix "sudo -k" with no other args
3249 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
3251 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
3252 Allow the -k flag to be specified in conjunction with a command or
3253 another option that may require authentication.
3256 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
3258 * configure, configure.in:
3259 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
3263 Parallel make fix. From Diego E. 'Flameeyes'
3266 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
3268 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
3269 Implement umask_override
3276 * sudoers.pod, toke.l, visudo.c:
3277 Implement %h escape in sudoers include filenames.
3281 Need to include compat.h
3284 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
3285 Make audit_success and audit_failure generic functions in
3286 preparation for integrating linux audit support.
3290 remove duplicate include
3293 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
3300 May need to update the runas user after parsing command-based
3304 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
3307 Add missing pair of braces introduced with character class support.
3310 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
3312 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
3313 Rename pwstars to pwfeedback
3316 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
3318 * bsm_audit.c, bsm_audit.h:
3319 Add const to make MacOS happy.
3322 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
3323 configure.in, sudo.c:
3324 Add bsm audit support from Christian S.J. Peron
3328 This is new code, no DARPA notice.
3331 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
3333 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
3334 Rename simple_glob -> fast_glob
3341 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
3342 Add simple_glob option to use fnmatch() instead of glob(). This is
3343 useful when you need to specify patterns that reference network file
3355 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
3358 Delete any pwstars we wrote after the user hits return. That way
3359 there is no record on screen as to the user's password length.
3362 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
3365 Move terminal setting bits from tgetpass.c to term.c
3368 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
3370 Add pwstars sudoers option that causes sudo to print a star every
3371 time the user presses a key.
3374 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
3377 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
3380 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
3383 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
3384 indicate no limit. From Mark Janssen.
3387 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
3390 Comments that begin with #- should not be parsed as uids.
3393 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
3396 Do not try to set the close on exec flag if we didn't actually open
3400 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
3404 [e11f0e4c1bdd] [SUDO_1_7_0]
3406 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
3412 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
3415 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
3419 * configure, configure.in:
3420 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
3421 as it cannot generate shared objects.
3424 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
3425 K&R compilation fixes
3429 Use tq_foreach_fwd when checking pseudo-commands to make it clear
3430 that we are not short-circuiting on last match. When pwcheck is
3431 'all', initialize nopass to TRUE and override it with the first non-
3435 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
3438 Do not short circuit pseudo commands when we get a match since,
3439 depending on the settings, we may need to examine all commands for
3443 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
3445 * sudoers.cat, sudoers.man.in:
3450 hostnames may also contain wildcards
3454 remove stamp-* files and linux core files in clean target
3457 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
3459 * auth/sudo_auth.h, config.h.in, configure, configure.in:
3460 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
3463 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
3465 * configure, configure.in:
3466 correctly enable SIA on Digital UNIX
3477 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
3479 * check.c, sudo.h, tgetpass.c:
3480 Even if neither stdin nor stdout are ttys we may still have /dev/tty
3484 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
3486 * sudoers.cat, sudoers.man.in:
3491 fix typos; Markus Lude
3503 Fix matching of a line that only consists of a comment char
3506 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
3509 MacOS pam will retry conversation function if it fails so just treat
3510 ^C as an empty password.
3514 When checking for alias use, also check defaults bindings.
3522 Replace my rbdelete with Emin's version (which actually works ;-)
3525 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
3532 malloc options in devel mode for visudo too
3535 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
3538 fix compilation on non-C99; from Theo
3546 when destroying an alias, free the correct data pointer
3550 add proto for aixauth_cleanup; from Dale King
3553 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
3555 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
3560 * sudo.pod, sudoers.pod, visudo.pod:
3561 standardize on the term 'option' for command line options (not flag)
3564 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
3567 Add note on configuring HP-UX pam
3570 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
3573 Move tty checks into check_user() so we only do them if we actually
3578 Don't error out if no tty or askpass unless we actually need to
3582 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
3588 * pathnames.h.in, sudo.c:
3589 s/overriden/overridden/; from Tobias Stoeckmann
3592 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
3594 * WHATSNEW, visudo.c:
3595 check sudoers owner and mode in strict mode
3602 * sudo.man.in, sudoers.man.in, visudo.man.in:
3603 Update copyright years.
3606 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
3607 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
3608 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
3609 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
3610 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
3611 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
3612 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
3613 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
3614 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
3615 visudo.pod, zero_bytes.c:
3616 Update copyright years.
3619 * emul/charclass.h, fnmatch.c, glob.c:
3623 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
3626 The loop in fill_cmnd() was going one byte too far past the end,
3627 resulting in a NUL being written immediately after the buffer end.
3630 * UPGRADE, WHATSNEW:
3631 add sections on tgetpass changes
3635 Treat EOF w/o newline as an error.
3638 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
3641 Fix "sudo -v" when NOPASSWD is set.
3644 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
3646 No longer treat an empty password at the prompt as special. To quit
3647 out of sudo you now need to hit ^C at the password prompt.
3650 * sudoers.cat, sudoers.man.in:
3654 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
3655 Sudo will now refuse to run if no tty is present unless the new
3656 visiblepw sudoers flag is set.
3659 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
3662 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
3667 fix fallback value for RLIM_SAVED_MAX
3670 * auth/aix_auth.c, auth/sudo_auth.h:
3671 Move clearing of AUTHSTATE into aixauth_cleanup.
3674 * auth/aix_auth.c, env.c:
3675 Unset AUTHSTATE after calling authenticate() as it may not be
3676 correct for the user we are running the command as.
3680 Add isblank() function for systems without it. Needed for POSIX
3681 character class matching in fnmatch.c and glob.c.
3684 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
3687 expound on sudo and cd
3690 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
3696 * sudoers.cat, sudoers.man.in:
3701 mention defauts parse order
3704 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
3706 * Makefile.in, aclocal.m4, compat.h, configure:
3707 Add isblank() function for systems without it. Needed for POSIX
3708 character class matching in fnmatch.c and glob.c.
3712 add emul/charclass.h to HDRS
3715 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
3721 * defaults.c, parse.c, testsudoers.c, visudo.c:
3722 Move update_defaults into defaults.c and call it properly from
3723 visudo and testsudoers.
3726 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
3728 use zero_bytes() instead of memset() for consistency
3731 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
3733 Zero out sigaction_t before use in case it has non-standard entries.
3741 Short circuit glob() checks if basename(pattern) !=
3742 basename(command). Refactor code that checks for a command in a
3743 directory and use it in the glob case if the resolved pattern ends
3747 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
3749 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
3750 Defer setting runas defaults until after runaspw/gr is setup.
3753 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
3755 * match.c, sudo.c, testsudoers.c:
3756 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
3757 systems do not include space for the NUL in the size. Also manually
3758 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
3762 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
3764 * sudo.c, sudoers.pod:
3765 When setting the umask, use the union of the user's umask and the
3766 default value set in sudoers so that we never lower the user's umask
3767 when running a command.
3771 Don't try to read from a zero-length sudoers file. Remove the bogus
3772 Solaris work-around for EAGAIN. Since we now use fgetc() it should
3776 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
3779 In update_defaults() check the return value of user*_matches against
3780 ALLOW so we don't inadvertantly match on UNSPEC.
3783 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
3785 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
3786 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
3787 regen man pages; no more hyphenation
3791 Don't error out on a zero-length sudoers file. With the advent of
3792 #include the user could create a situation where sudo is unusable.
3795 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
3797 * auth/kerb5.c, config.h.in, configure, configure.in:
3798 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
3799 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
3800 all. Add configure tests to handle all the cases.
3803 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
3810 document sudoers_locale
3813 * sudo.pod, sudo_edit.c:
3814 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
3819 In fill_cmnd(), collapse any escaped sudo-specific characters.
3820 Allows character classes to be used in pathnames.
3823 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
3826 fix typo in non-C89 function declaration
3830 Mention POSIX characters classes now that out fnmatch() and glob()
3834 * sample.sudoers, sudoers.pod:
3835 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
3840 use __signed char if we are going to assign a negative value since
3841 on Power, char is unsigned by default
3844 * config.h.in, configure, configure.in:
3845 Add tests for __signed char and signed char.
3849 Fix AIX limit setting. getuserattr() returns values in disk blocks
3850 rather than bytes. The default hard stack size in newer AIX is
3851 RLIM_SAVED_MAX. From Dale King.
3854 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
3856 * emul/charclass.h, fnmatch.c, glob.c:
3857 Add character class support to included glob(3) and fnmatch(3).
3860 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
3863 Remove UCB advertising clause and some compatibility defines.
3866 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
3869 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
3870 or sudo. This allows one to set EDITOR to sudoedit without getting
3871 into an infinite loop of sudoedit running itself until the path gets
3875 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
3876 Add sudoers_locale Defaults option to override the default sudoers
3880 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
3883 Set locale to system default except for during sudoers parse.
3886 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
3889 Redo change in 1.34 to use pointer arithmetic.
3892 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
3895 Fix a dereference (read) of a freed pointer. Reported by Patrick
3899 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
3902 Set locale to "C" to avoid interpretation issues with character
3903 ranges in sudoers. May want to make the locale a sudoers option in
3907 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
3910 we no longer use setproctitle
3917 * LICENSE, mkstemp.c:
3918 Use my replacement mkstemp() from the mktemp package.
3921 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
3924 regen with yacc skeleton bug fixed
3928 Remove duplicate "as root". From Martin Toft.
3931 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
3933 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
3934 Flesh out the fake passwd entry used for running commands as a uid
3935 not listed in the passwd database. Fixes an issue with some PAM
3939 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
3942 Error out in -i mode if the user has no shell. This can happen when
3943 running commands as a uid with no password entry.
3946 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
3949 Better fix for line continuation inside double quotes. Now accepts
3950 whitespace between the backslash and the newline like the main
3954 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
3957 Fix line continuation in strings. It was only being honored if
3958 preceded by whitespace.
3961 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
3963 * config.h.in, configure, configure.in, logging.c:
3964 Replace the double fork with a fork + daemonize.
3967 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
3970 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
3973 * logging.c, sudo.c, sudo_edit.c, visudo.c:
3974 Change how the mailer is waited for. Instead of having a SIGCHLD
3975 handler, use the double fork trick to orphan the child that opens
3976 the pipe to sendmail. Fixes a problem running su on some Linux
3980 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
3982 * configure, configure.in:
3983 Fix configure test for dirfd() on Linux where DIR is opaque.
3986 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
3989 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
3990 this problem we'll need to revisit this again.
3993 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
3996 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
3997 we only block the signal it may be delivered later when we unblock.
3998 Also, there is no need to block SIGCHLD since we no longer do the
3999 double fork. The normal SIGCHLD handler is sufficient.
4002 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4004 * configure, configure.in:
4005 Add description for NO_PAM_SESSION, from a redhat patch.
4008 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
4010 * sudo.cat, sudo.man.in, sudo.pod:
4011 Fix typos in -i usage
4014 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
4016 * configure, configure.in:
4017 Redo the test for dgettext() in a way that hopefully will work
4018 around the libintl_dgettext() undefined problem.
4021 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
4023 * schema.ActiveDirectory:
4024 change filename in comment
4027 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
4029 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
4031 Reference schema.ActiveDirectory
4034 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
4036 * schema.OpenLDAP, schema.iPlanet:
4037 Mark sudoRunAs as deprecated.
4040 * schema.ActiveDirectory:
4041 add sudoRunAsUser and sudoRunAsGroup
4044 * schema.ActiveDirectory:
4045 Active Directory schema by Chantal Paradis and Eric Paquet
4048 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
4051 remove an XXX that was fixed
4059 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
4060 fixes a problem where the tag value printed was influenced by
4061 defaults set in the first pass through the parser.
4064 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
4066 * Makefile.in, sudo.psf:
4067 No point in packaging the TODO file
4074 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
4076 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
4077 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
4078 Add env_file Defaults option that is similar to /etc/environment on
4082 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
4084 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
4085 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
4086 version.h, visudo.cat, visudo.man.in:
4087 change version to 1.7.0
4091 initial valgrind pass done
4094 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
4097 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
4100 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
4103 define LDAPS_PORT if the system headers do not
4106 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
4109 Fix another memory leak in init_parser().
4112 * configure, configure.in:
4113 There was a missing space before the ldap libs in SUDO_LIBS for some
4117 * alias.c, gram.c, gram.y, toke.c, toke.l:
4118 Clean up some memory leaks pointed out by valgrind.
4121 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
4124 fix "sudo -s" broken by mode/flags breakout
4127 * configure, configure.in:
4128 remove duplicate check for dgettext
4131 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
4134 Fall back to default stanza if no user-specific limit is found.
4137 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
4140 include stdint.h if present
4144 Use LLONG_MAX, not the old QUAD_MAX
4147 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
4153 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
4159 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
4165 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
4176 Split MODE_* defines into primary and flags.
4179 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
4182 It turns out the logic for getting AIX limits is more convoluted
4183 than I realized and differs depending on whether the soft and/or
4184 hard limits are defined.
4187 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
4189 * Makefile.in, configure, configure.in:
4190 Back out AIX-specific change to set the sudo_noexec path to the .a
4191 file, we do really want to use the .so file. Since libtool doesn't
4192 do that correctly, just install the .so file ourselves in the
4197 If the file given to install is a path, only use the basename of the
4198 file when building the destination path.
4201 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
4204 parse_args() cleanup: Sort command line options in the getopt()
4205 switch The -U option requires a parameter Normalize a few ISSET
4206 calls Split mode into mode and flags and retire the now-obsolete
4210 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
4212 Add -n (non-interactive) flag.
4216 Move version printing, etc. into a separate function.
4220 Don't try to cleanup nsswitch if it has not been initialized.
4223 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
4226 Block SIGPIPE in send_mail() so sudo is not killed by a problem
4227 executing the mailer.
4230 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
4232 * configure, configure.in:
4233 AIX shared libs end in .a, not .so.
4236 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
4239 Preserve HOME by default too. Matches documentation and previous
4243 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
4246 Use getopt() to parse the command line. We need to be able to
4247 intersperse env variables and options yet still honor "--"" which
4248 complicates things slightly.
4251 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
4257 * acsite.m4, configure, ltmain.sh:
4258 update to libtool-1.5.26
4261 * config.guess, config.sub:
4262 update from libtool-1.5.26 distribution
4266 attempt to fix compilation errors on AIX
4270 fix typo in last commit
4274 Add WHATSNEW file to the distribution
4278 use warningx instead of fprintf(stderr, ...)
4282 add DEBUG to list2tq
4293 * Makefile.in, aix.c, config.h.in, configure, configure.in,
4294 set_perms.c, sudo.h:
4295 Add aix_setlimits() to set resource limits on AIX using a
4296 combination of getuserattr() and setrlimit(). Currently untested.
4299 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
4301 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
4302 sudoers.man.in, sudoers.pod:
4303 Add mailfrom Defaults option that sets the value of the From: field
4304 in the warning/error mail. If unset the login name of the invoking
4309 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
4313 When adding a default, only call list2tq() once to do the list to tq
4314 conversion. It is not legal to call list2tq multiple times on the
4315 same list since list2tq consumes and modifies the list argument.
4318 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4319 comment out XXXs for now
4326 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
4329 Error out if both -A and -S are specified Error out if -A is
4330 specified but no askpass is configured
4333 * configure, configure.in:
4334 we are not going to ship a sudo-specific askpass
4337 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
4340 fix definition of TGP_ASKPASS
4343 * def_data.c, def_data.in:
4344 make askpass boolean-capable
4348 document --with-askpass
4351 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4352 sudoers.man.in, visudo.cat:
4356 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
4358 * sudo.pod, sudo_usage.h.in, sudoers.pod:
4359 document -A and askpass
4362 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
4363 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
4364 sudo_usage.h.in, tgetpass.c:
4365 Add support for running a helper program to read the password when
4366 no tty is present (or when specified with the -A flag). TODO: docs.
4369 * def_data.c, def_data.in:
4370 add missing printf format to SELinux role and type strings
4373 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
4375 * INSTALL, configure, configure.in:
4376 Disable use of gss_krb5_ccache_name() by default and add
4377 --enable-gss-krb5-ccache-name configure option to enable it. It
4378 seems that gss_krb5_ccache_name() doesn't work properly with some
4379 combinations of Heimdal and OpenLDAP.
4382 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
4385 Ignore setexeccon() failing in permissive mode. Also add a call to
4386 setkeycreatecon() (though this is probably insufficient). From Dan
4391 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
4392 function may be called for non-password reading purposes so we must
4393 be careful not to use def_prompt in cases where it may not be set.
4396 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
4399 Don't free the new tty context, we need to keep it around when we
4400 restore the tty context after the command completes
4403 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
4409 * sudo.man.pl, sudo.pod:
4410 Only put login_cap(3) in SEE ALSO section if we have login.conf
4414 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
4416 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4417 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
4422 Substitute in comment characters for lines partaining to login.conf,
4423 BSD auth and SELinux and only enable them if pertinent.
4427 Substitute in comment characters for lines partaining to login.conf,
4428 BSD auth and SELinux and only enable them if pertinent.
4432 Substitute in comment characters for lines partaining to login.conf,
4433 BSD auth and SELinux and only enable them if pertinent.
4437 Substitute in comment characters for lines partaining to login.conf,
4438 BSD auth and SELinux and only enable them if pertinent.
4441 * Makefile.in, configure, configure.in:
4442 Substitute in comment characters for lines partaining to login.conf,
4443 BSD auth and SELinux and only enable them if pertinent.
4446 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
4447 Remove the =cut on the first line (above the copyright notice) to
4448 quiet pod2man. Also remove the hackery in the FILES section and
4449 just deal with the fact that there will a newline between each
4453 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
4456 run sudo.man.pl when generating sudo.man.in
4459 * configure, configure.in, sudo.man.pl:
4460 comment out SELinux manual bits unless --with-selinux was specified
4464 document role and type defaults for SELinux
4467 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
4468 Document "sudo -ll" and make "sudo -l -l" be equivalent.
4471 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
4473 * configure, configure.in:
4474 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
4475 Debian GNU/kFreeBSD.
4478 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
4481 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
4485 * logging.c, logging.h, sudo.c:
4486 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
4487 log_auth() into log_allowed() and log_denial() Replace mail_auth()
4488 with should_mail() and a call to send_mail()
4491 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
4494 Add debugging so we can tell if the krb5 ccache is accessible
4498 mention --with-selinux
4501 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
4511 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
4512 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
4513 testsudoers.c, toke.c, toke.l:
4514 Add support for SELinux RBAC. Sudoers entries may specify a role
4515 and type. There are also role and type defaults that may be used.
4516 To make sure a transition occurs, when using RBAC commands are
4517 executed via the new sesh binary. Based on initial changes from Dan
4522 Add support for SELinux RBAC. Sudoers entries may specify a role
4523 and type. There are also role and type defaults that may be used.
4524 To make sure a transition occurs, when using RBAC commands are
4525 executed via the new sesh binary. Based on initial changes from Dan
4529 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
4530 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
4531 pathnames.h.in, selinux.c:
4532 Add support for SELinux RBAC. Sudoers entries may specify a role
4533 and type. There are also role and type defaults that may be used.
4534 To make sure a transition occurs, when using RBAC commands are
4535 executed via the new sesh binary. Based on initial changes from Dan
4539 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
4541 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
4542 Add long list (sudo -ll) support for printing verbose LDAP and
4543 sudoers file entries. Still need to update manual.
4546 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
4548 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
4549 Unify the -l output for file and ldap based sudoers and use lbufs
4550 for both. The ldap output does not currently include options that
4551 cannot be represented as tags. This will be remedied in a long list
4552 output mode to come.
4555 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
4558 Use a specific error message for errno == EAGAIN when setuid() et al
4559 fails. On Linux systems setuid() will fail with errno set to EAGAIN
4560 if changing to the new uid would result in a resource limit
4565 Unlimit nproc on Linux systems where calling the setuid() family of
4566 syscalls causes the nroc resource limit to be checked. The limits
4567 will be reset by pam_limits.so when PAM is used. In the non-PAM
4568 case the nproc limit will remain unlimited but there doesn't seem to
4569 be a way around that other than having sudo parse
4570 /etc/security/limits.conf directly.
4573 * env.c, sudo.c, sudo.pod:
4574 Only read /etc/environment on Linux and AIX
4577 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
4579 * configure, configure.in:
4580 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
4581 ldap.conf and ldap.secret paths from going into config.h. Avoid
4582 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
4583 since in some versions of bash they will end up literally in the
4587 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
4590 mention --with-nsswitch=no
4593 * configure, configure.in:
4594 ldap_ssl.h depends on ldap.h being included first
4597 * config.h.in, configure, configure.in, ldap.c:
4598 Include ldap_ssl.h if we can find it. Needed for the
4599 ldapssl_set_strength defines on HP-UX at least.
4610 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
4611 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
4616 Use 78n line length when formatting cat pages.
4620 Remove redundant info that is now in sudoers.ldap.pod
4623 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
4625 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4626 Reorganize the first section a bit. Substitute the proper path for
4630 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4631 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
4632 schema into EXAMPLES
4635 * configure, configure.in:
4636 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
4640 * configure, configure.in:
4641 substitute for sudoers.ldap.man
4645 Fix cut & pasto introduced when adding sudoers.ldap man page.
4648 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
4649 Fill in some of the missing pieces. Still needs some reorganization
4653 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
4655 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
4657 Beginnings of a sudoers.ldap man page. Currently, much of the
4658 information is adapted from README.LDAP.
4661 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
4664 When copying gr_mem we must guarantee that the storage space for
4665 gr_mem is properly aligned. The simplest way to do this is to
4666 simply store gr_mem directly after struct group. This is not a
4667 problem for gr_passwd or gr_name as they are simple strings.
4671 Fix a typo/thinko in one of the calls to
4672 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
4675 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
4677 * config.h.in, configure, configure.in, ldap.c:
4678 include <mps/ldap_ssl.h> in ldap.c if available
4681 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
4684 Make sure we define SIZE_MAX for yacc's skeleton.c
4688 Use TCSAFLUSH when restoring terminal settings (and echo) to
4689 guarantee that any pending output is discarded
4692 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
4695 no longer need to specify SETENV when user has sudo ALL
4699 sync user_args size calculation with sudo.c Add -g group option,
4700 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
4705 Make set_runaspw static void
4708 * testsudoers.c, visudo.c:
4709 g/c set_runaspw stub
4712 * configure, configure.in:
4713 Don't add -llber twice.
4716 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
4722 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
4728 * configure, configure.in:
4729 Fix check that determines whether -llber is required.
4732 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
4733 For netscape-based LDAP, use ldapssl_set_strength() to implement the
4734 checkpeer ldap.conf option.
4738 Delay krb5_cc_initialize() until we actually need to use the cred
4739 cache, which is what krb5_verify_user() does. Better cleanup on
4743 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
4746 Rewrite verify_krb_v5_tgt() based on what heimdal's
4747 krb5_verify_user() does.
4750 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
4753 The U suffix on constants is an ANSI feature
4756 * configure, configure.in:
4757 Add check for ber_set_option() in -llber
4760 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
4763 default if no nsswitch.conf is files only
4766 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
4769 don't tell people to mail aaron about LDAP stuff
4773 timelimit and bind_timelimit
4781 Move ldap.secret reading into a separate function.
4785 user_runas -> runas_pw
4788 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
4794 * check.c, sudo.pod, sudoers.pod:
4795 Add and document the %p escape in the password prompt. Based on a
4796 patch from Patrick Schoenfeld.
4800 Check strlcpy() return values.
4804 refactor ldap binding code into sudo_ldap_bind_s()
4808 Make it clear that host and uri can take multiple parameters. URI is
4809 now supported for more than just openldap nsswitch.conf does't
4814 comment cleanup and update (c) year
4817 * parse.c, sudo_nss.c:
4818 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
4819 This should make it possible to build an LDAP-only sudo binary.
4822 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
4823 Improve chaining of multiple sudoers sources by passing in the
4824 previous return value to the next in the chain
4828 Free up parser data structures in sudo_file_close().
4832 Free up parser data structures in sudo_file_close().
4836 Parse uri ourself if no ldap_initialize() is present Use
4837 ldap_create() instead of deprecated ldap_init() Use
4838 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
4841 * config.h.in, configure, configure.in:
4842 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
4846 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
4848 * config.h.in, configure, configure.in:
4849 add check for ldap_create
4852 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
4854 * config.h.in, configure, configure.in, ldap.c:
4855 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
4856 dn using the mechanism appropriate for the LDAP SDK in use. Use
4857 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
4858 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
4865 * config.h.in, configure.in:
4866 fix typo in mtim_getnsec
4869 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
4871 * config.h.in, configure, configure.in:
4872 add check for st__tim in struct stat as used by SCO
4876 use ldap_search_ext_s instead of deprecated ldap_search_s
4879 * Makefile.in, TODO, sudo.cat, sudo.man.in:
4880 add sudo_nss.h to HDRS
4884 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
4888 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
4891 Use ldap_get_values_len()/ldap_value_free_len() instead of the
4892 deprecated ldap_get_values()/ldap_value_free().
4903 * gettime.c, sudo.c:
4904 Remove some already fixed XXXs
4908 Same return value as non-existent sudoers if LDAP was unable to
4913 mention /etc/environment
4916 * README.LDAP, UPGRADE, WHATSNEW:
4917 Update to reflect recent developments.
4921 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
4925 When building up a query don't list groups in the aux group vector
4926 that are the same as the passwd file group. On most systems the
4927 first gid in the group vector is the same as the passwd entry gid.
4931 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
4932 ldaprc and system defaults that could affect how LDAP works.
4935 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
4936 sudo_nss.c, sudo_nss.h:
4937 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
4938 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
4939 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
4940 file and --with-ldap-secret-file
4944 Honor def_ignore_local_sudoers
4947 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
4950 no longer need to check def_ignore_local_sudoers here
4954 Refactor group vector resetting into a function and also call it
4955 from display_cmnd. Stop after the first sucessful match in
4956 display_cmnd. Print a newline between each display_privs method.
4960 fix double free introduced in rev 1.218
4964 belt and suspenders; zero out result after freeing it
4967 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
4968 Refactor line reading into a separate function, sudo_parseln(),
4969 which removes comments, leading/trailing whitespace and newlines.
4970 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
4974 Make the inability to read the sudoers file a non-fatal error if
4975 there are other sudoers sources available. sudoers_file_lookup now
4976 returns "not OK" if sudoers was not present
4980 make it clear that the global options are from LDAP
4984 allocate proper amount of space for error string
4987 * sudo_nss.c, sudo_nss.h:
4988 actual sudo nss code
4991 * ldap.c, parse.c, sudo.c, sudo.h:
4992 nss-ify display_privs and display_cmnd.
4995 * defaults.c, parse.c, testsudoers.c, visudo.c:
4996 move update_defaults() to parse.c
4999 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
5000 Use nsswitch to hide some sudoers vs. ldap implementation details
5001 and reduce the number of #ifdef LDAP TODO: fix display routines and
5005 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
5007 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
5008 First cut at nsswitch.conf support. Further reorganizaton and
5009 related changes are forthcoming.
5012 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
5014 * env.c, pathnames.h.in, sudo.c, sudo.h:
5015 Add support for reading and /etc/environment file. Still needs to
5016 be documented and should probably only applies to OSes that have it
5017 (AIX and Linux, maybe others).
5024 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
5030 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
5037 Add an example sudoRole, clarify netscape vs. openldap a bit more
5041 Be clear on what is OpenLDAP vs. Netscape-derived
5044 * config.h.in, configure, configure.in, ldap.c:
5045 Use ldapssl_init() for ldaps support instead of trying to do it
5046 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
5047 and tls_key for cert7.db and key3.db respectively. Don't print
5048 debugging info for options that are not set. Add warning if
5049 start_tls specified when not supported.
5053 fix compilation on solaris
5057 add missing .h and .c files for missing lib objs
5060 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
5063 fix LDAP_OPT_NETWORK_TIMEOUT setting
5067 fix compilation on Solaris
5070 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
5072 * configure, configure.in:
5077 try to clear up which variables are for OpenLDAP and which are for
5078 netscape-derived SDKs
5081 * config.h.in, configure, configure.in, ldap.c:
5082 Add support for "ssl on" in both netscape and openldap flavors. Only
5083 the OpenLDAP flavor has been tested.
5086 * logging.c, sudo.c, sudo.h:
5087 Call cleanup() before exit in log_error() instead of calling
5088 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
5095 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
5097 * logging.c, sudo.c, sudo.h:
5098 Better ldap cleanup.
5102 Distinguish between LDAP conf settings that are connection-specific
5103 (which take an ld pointer) and those that are default settings
5107 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
5110 Improved warnings on error.
5114 Make ldap config table driven and set the config *after* we open the
5118 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
5121 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
5124 * configure, configure.in:
5125 some operating systems need to link with -lkrb5support when using
5129 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
5135 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
5139 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
5145 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
5146 add -g support for LDAP
5149 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
5151 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
5152 The -i and -s flags can now take an optional command.
5155 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
5157 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
5159 Add passprompt_override flag to sudoers that will cause the prompt
5160 to be overridden in all cases. This flag is also set when the user
5161 specifies the -p flag.
5165 Move setting of login class until after sudoers has been parsed. Set
5166 NewArgv[0] for -i after runas_pw has been set.
5169 * configure, configure.in:
5170 Move the dgettext check.
5173 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
5175 * auth/pam.c, config.h.in, configure, configure.in:
5176 Add basic support for looking up the string "Password: " in the PAM
5177 localized text db. This allows us to determine whether the PAM
5178 prompt is the default "Password: " one even if it has been
5181 TODO: concatenate non-std PAM prompts and user-specified sudo
5185 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
5187 * Makefile.in, config.h.in, configure, configure.in, parse.c,
5188 set_perms.c, sudo.c, sudo.h:
5189 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
5193 * acsite.m4, configure, interfaces.c, memrchr.c:
5194 Fix typos; Martynas Venckus
5197 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
5200 Don't assume runas_pw is set; it may not be in the -g case.
5203 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
5205 * logging.c, set_perms.c:
5206 Set aux group vector for PERM_RUNAS and restore group vector for
5207 PERM_ROOT if we previously changed it. Stash the runas group vector
5208 so we don't have to call initgroups more than once. Also add no-op
5209 check to check_perms.
5212 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
5214 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
5215 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
5216 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
5217 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
5218 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
5219 Add support for runas groups. This allows the user to run a command
5220 with a different effective group. If the -g option is specified
5221 without -u the command will be run as the current user (only the
5222 group will change). the -g and -u options may be used together.
5223 TODO: implement runas group for ldap improve runas group
5224 documentation add testsudoers support
5227 * configure, configure.in:
5228 fix setting of mandir
5231 * sudo.pod, sudoers.pod:
5232 document that ALL implies SETENV
5236 s/setenv_ok/setenv_implied/g
5240 hostname_matches() returns TRUE on match in sudo 1.7.
5244 use strcmp, not strcasecmp when comparing ALL
5248 Make sudo ALL imply setenv. Note that unlike with file-based
5249 sudoers this does affect all the commands in the sudoRole.
5252 * gram.c, gram.y, parse.c, parse.h:
5253 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
5254 it is not passed on to other commands in the list.
5258 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
5259 sudo_getpwuid() instead of getpwuid().
5262 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
5265 Expand on the dangers of not using visudo to edit sudoers.
5268 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
5271 Don't quote *?[]! on output since the lexer does not strip off the
5272 backslash when reading those in.
5275 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
5278 expand "u_foo" types to "unsigned foo" to avoid compatibility
5282 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
5285 Refactor log line generation in to new_logline().
5288 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
5294 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
5296 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
5298 Add configure check for struct in6_addr instead of relying on
5299 AF_INET6 since some systems define AF_INET6 but do not include IPv6
5303 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
5305 * configure, configure.in:
5306 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
5310 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
5312 * configure, configure.in:
5313 POSIX states that struct timespec be declared in time.h so check
5314 there regardless of the value of TIME_WITH_SYS_TIME.
5317 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
5320 Instead of defining a macro to call the appropriate method for
5321 turning on/off echo, just define tc[gs]etattr() and the related
5322 defines that use the correct terminal ioctls if needed. Also go back
5323 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
5326 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
5336 * INSTALL, auth/pam.c, config.h.in, configure.in:
5337 Add --disable-pam-session configure option to disable calling
5338 pam_{open,close}_session. May work around bugs in some PAM
5342 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
5349 Avoid printing the prompt if we are already backgrounded. E.g. if
5350 the user runs "sudo foo &" from the shell. In this case, the call
5351 to tcsetattr() will cause SIGTTOU to be delivered.
5354 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
5356 * def_data.c, def_data.h, def_data.in:
5357 Reorder things such that the definition of env_reset come right
5358 before the env variable lists.
5362 Shrink type and seqno in struct alias from int to u_short
5365 * alias.c, match.c, parse.c, parse.h:
5366 Add a sequence number in the aliases for loop detection. If we find
5367 an alias with the seqno already set to the current (global) value we
5368 know we've visited it before so ignore it.
5371 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
5373 * TODO, auth/pam.c, sudo.c, sudo.h:
5374 PAM wants the full tty path so add user_ttypath which holds the full
5375 path to the tty or is NULL if no tty was present.
5379 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
5383 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
5389 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
5390 parse.h, testsudoers.c, visudo.c:
5394 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
5397 remove some useless casts
5401 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
5402 predates the final C99 spec and the standard specifies that it shall
5403 include stdint.h anyway
5406 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
5408 * Makefile.in, alloca.c, configure.in:
5409 Since we ship with a pre-generated parser there is no need to ship a
5410 bogus alloca implementation.
5418 remove initial setting of CHECKSIA, we require that it be unset if
5431 only do SIA checks on Digital Unix
5434 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
5436 * sudoers.cat, sudoers.man.in:
5445 Remove call to krb5_cc_register() as it is not needed for modern
5453 * aclocal.m4, configure.in:
5454 New method for setting the default authentication type and avoiding
5455 conflicts in auth types.
5458 * match.c, parse.c, testsudoers.c:
5459 Each entry in a cmndlist now has an associated runaslist so no need
5460 to keep track of the most recent non-NULL one.
5463 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
5466 back out partial ldaps support mistakenly committed
5470 Add support for unix groups and netgroups in sudoRunas
5473 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
5476 Fix sudoedit of a non-existent file. From Tilo Stritzky.
5479 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
5486 update --passprompt escape info
5490 remove now-bogus comment and update copyright date
5494 Fix up use of with_passwd
5497 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
5498 Update to autoconf-2.61 andf libtool-1.5.24
5502 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
5505 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
5512 move tags and runaslist propagation to be earlier
5516 If -f flag given use the permissions of the original file as a
5521 prevent a double free() when re-initing the parser
5524 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
5530 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
5531 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
5532 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
5533 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
5534 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
5535 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
5536 Remove support for compilers that don't support void *
5543 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
5544 parse.c, parse.h, testsudoers.c, visudo.c:
5545 Move list manipulation macros to list.h and create C versions of the
5546 more complex ones in list.c. The names have been down-cased so they
5547 appear more like normal functions.
5551 Fix cmp command when regenerating parser. Make gram.o the first
5552 dependency for all programs so gram.h will be generated before
5553 anything that needs it.
5557 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
5560 * match.c, parse.c, testsudoers.c:
5561 Use LH_FOREACH_REV when checking permission and short-circuit on the
5562 first non-UNSPEC hit we get for the command. This means that
5563 instead of cycling through the all the parsed sudoers entries we
5564 start at the end and work backwards and quit after the first
5565 positive or negative match.
5572 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
5573 Change list head macros to take a pointer, not a struct.
5581 Propagate the runasspec from one command to the next in a cmndspec.
5584 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
5587 Replace has_meta() with a macro that calls strpbrk().
5593 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
5594 testsudoers.c, visudo.c:
5595 Use a list head struct when storing the semi-circular lists and
5596 convert to tail queues in the process. This will allow us to
5597 reverse foreach loops more easily and it makes it clearer which
5598 functions expect a list as opposed to a single member.
5600 Add macros for manipulating lists. Some of these should become
5603 When freeing up a list, just pop off the last item in the queue
5604 instead of going from head to tail. This is simpler since we don't
5605 have to stash a pointer to the next member, we always just use the
5606 last one in the queue until the queue is empty.
5608 Rename match functions that take a list to have list in the name.
5609 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
5613 Fix pasto, append "!" not negated (which is an int) for sudo -l
5618 Remove the dependency of gram .h on gram.y, the .c dependency is
5619 enough. Only move y.tab.h to gram.h if it is different; avoids
5620 needless rebuilding.
5623 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
5626 Defaults lines may be associated with lists of users, hosts,
5627 commands and runas users, not just single entries.
5630 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
5633 Revert the "cmp" portion of the last diff, it doesn't make sense.
5637 Remove *.lo for clean: When generating the parser, only move the
5638 generated files into place if they differ from the existing ones.
5641 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
5644 Replace IPV6 regexp with a much simpler (readable) one and add an
5645 extra check when it matches to make sure we have a valid address.
5649 Fix thinko introduced when merging IPV6 support.
5652 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
5663 mention #uid vs. comment pitfall
5667 Merge in a patch from the libtool cvs that fixes a problem with the
5668 latest autoconf. From Stepan Kasal.
5672 Back out he XOR swap trick, it is slower than a temp variable on
5681 Convert the tail queue to a semi-circle queue and use the XOR swap
5682 trick to swap the prev pointers during append.
5685 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
5688 remove useless statement
5692 Refactor #include parsing into a separate function and return
5693 unparsed chars (such as newline or comment) back to the lexer.
5696 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
5699 mention better uid support
5703 Users may now consist of a uid.
5706 * gram.c, gram.h, toke.c:
5711 Use lbuf_append_quoted() for sudo -l output to quote characters that
5712 would require quoting in sudoers.
5716 Add lbuf_append_quoted() which takes a set of characters which
5717 should be quoted with a backslash when displayed.
5721 Require that the first character after a comment not be a digit or a
5722 dash. This allows us to remove the GOTRUNAS state and treat
5723 uid/gids similar to other words. It also means that we can now
5724 specify uids in User_Lists and a User_Spec may now contain a uid.
5728 Replace RUNAS token with '(' and ')' tokens to make the runas
5729 portion of the grammar more natural.
5733 The BUGS file is history
5736 * Makefile.in, README:
5737 The BUGS file is history
5740 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
5743 Allow comments after a RunasAlias as long as the character after the
5744 pound sign isn't a digit or a dash.
5748 Glob support was back-ported to 1.6.9
5751 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
5754 remove sudo_usage.h in distclean
5758 If a Defaults value contains a blank, double-quote the string.
5762 Properly deal with Defaults double-quoted strings that span multiple
5763 lines using the line continuation char. Previously, the entire
5764 thing, including the continuation char, newline, and spaces was
5769 Be consistent when using single quotes and backticks.
5772 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
5774 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
5775 sudo.c, sudo_usage.h.in:
5776 Add new linebuf code to do appends of dynamically allocated strings
5777 and word-wrapped output. Currently used for sudo's usage() and sudo
5778 -l output. Sudo usage strings are now in sudo_usage.h which is
5779 generated at configure time.
5782 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
5784 * parse.c, sudo.c, sudo.h:
5785 Fix line wrapping in usage() and use the actual tty width instead of
5789 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
5796 Mentioned Chris Jepeway's parser and also the new one that is in
5800 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
5802 * sudo.pod, visudo.pod:
5803 For the options list, add flag args where appropriate and increase
5804 the indent level so there is room for them.
5807 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
5810 Fix some spacing in "sudo -l" and add a comment about some bogosity
5811 in the line wrapping.
5814 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
5819 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
5820 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
5821 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
5822 testsudoers.c, toke.c, toke.l:
5823 Remove monitor support until there is a versino of systrace that
5824 uses a lookaside buffer (or we have a better mechanism to use).
5827 * config.h.in, configure, configure.in, sudo.c:
5828 use getaddrinfo() instead of gethostbyname() if it is available
5831 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
5834 Deal with OSes where sizeof(gid_t) < sizeof(int).
5838 repair non-getifaddrs() code after ipv6 integration
5842 If we can open sudoers but fail to read the first byte, close the
5843 file stream before trying again.
5846 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
5852 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
5853 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
5856 * sudo.pod, sudoers.pod, visudo.pod:
5857 Add some missing markup Update copyright
5860 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
5862 * configure, configure.in:
5863 fix sudo_noexec extension which got broken in the libtool update
5866 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
5869 explicitly specify -Tascii to nroff
5872 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
5875 remove an ANSI-ism that crept in
5878 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
5881 Adjust list indents Prevent -- from being turned into an em dash Use
5882 a list for the environment instead of a literal paragraph
5886 Use a list for the environment instead of an indented literal
5891 Adjust list indentation
5898 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
5901 mention that when specifying a uid for the -u option the shell may
5902 require that the # be escaped
5905 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
5908 Fix off by one in group matching.
5911 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
5914 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
5917 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
5919 * configure, configure.in:
5920 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
5924 * aclocal.m4, configure, configure.in:
5925 Fix link tests such that new gcc doesn't optimize away the test.
5928 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
5930 * sudo.pod, sudoers.pod, visudo.pod:
5931 add missing over/back
5934 * sudo.pod, sudoers.pod, visudo.pod:
5935 Change FILES section to use =item
5939 Add back allocation of the env struct in rebuild_env but save a copy
5940 of the old pointer and free it before returning.
5944 Don't init the private environment in rebuild_env() since it may
5945 have already been done implicitly sudo_setenv/sudo_unsetenv.
5947 Multiply length by sizeof(char *) in memcpy/memmove when copying the
5948 environment so we copy the full thing.
5950 Add missing set of parens so we deref the right pointer in
5951 sudo_unsetenv when searching for a matching variable.
5954 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
5956 * sudo.pod, sudoers.pod, visudo.pod:
5957 Use file markup for paths in the FILES section
5960 * sudo.pod, sudoers.pod, visudo.pod:
5961 Don't capitalize sudo/visudo
5965 Sort sudoers options; based on a diff from Igor Sobrado.
5968 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
5970 * sudo.pod, sudoers.pod, visudo.pod:
5971 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
5972 latter confuses pod2man. The Makefile rules for the .man.in file
5973 will add @mansectsu@ and @mansectform@ back in after pod2man is done
5977 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
5979 * LICENSE, Makefile.in, license.pod:
5980 Move license info to pod format
5983 * configure, configure.in, sudoers.pod:
5984 Substitute value of path_info into sudoers man page.
5988 remove features that were back-ported to 1.6.9
5991 * sudo.c, sudo.pod, visudo.c, visudo.pod:
5992 Sort SYNOPSIS and sync usage. From Igor Sobrado.
5996 Only need sudo_setenv/sudo_unsetenv if we are going to use
5997 ldap_sasl_interactive_bind_s() but don't have
5998 gss_krb5_ccache_name().
6002 rebuild without branch info
6006 Add ChangeLog target
6010 Run cleanup code if the user hits ^C at the password prompt.
6014 Some versions of pam_lastlog have a bug that will cause a crash if
6015 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
6019 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
6022 ChageLog not Changelog
6037 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
6039 * config.h.in, configure, configure.in, ldap.c:
6040 Add configure hooks for gss_krb5_ccache_name() and the gssapi
6044 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
6047 rebuild_env() and insert_env_vars() no longer return environment
6048 pointer, they set environ directly.
6050 No longer need to pass around an envp pointer since we just operate
6053 Add dosync argument to insert_env() that indicates whether it should
6054 reset environ when realloc()ing env.envp.
6056 Use an initial size of 128 for the environment.
6060 Split sudo_setenv() into an external version and a version only for
6061 use by rebuild_env().
6064 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
6067 Add support for using gss_krb5_ccache_name() instead of setting
6068 KRB5CCNAME. Also use sudo_unsetenv() in the non-
6069 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
6070 original environment. TODO: configure setup for
6071 gss_krb5_ccache_name()
6078 * README.LDAP, ldap.c:
6079 Add support for sasl_secprops in ldap.conf
6083 Add sudo_unsetenv() and refactor private env syncing code into
6087 * README.LDAP, ldap.c:
6088 The ldap.conf variable is sasl_auth_id not sasl_authid.
6091 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
6093 * ldap.c, sudo.c, sudo.h:
6094 Add support for krb5_ccname in ldap.conf. If specified, it will
6095 override the default value of KRB5CCNAME in the environment for the
6096 duration of the call to ldap_sasl_interactive_bind_s().
6100 Remove format_env() Add sudo_setenv() to replace most format_env() +
6101 insert_env() combinations. insert_env() no longer takes a struct
6106 Fix use_sasl vs. rootuse_sasl logic.
6109 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
6110 Add support for SASL auth when connecting to an LDAP server. Adapted
6111 from a diff by Tom McLaughlin.
6114 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
6116 * configure, configure.in:
6117 Only enable AIX or BSD auth if no other exclusive auth method has
6118 been chosen. Allows people to e.g., use PAM on AIX without adding
6119 --without-aixauth. A better solution is needed to deal with default
6120 authentication since if a non-exclusive method is chosen we will
6124 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
6126 * HISTORY, Makefile.in, history.pod:
6127 Generate HISTORY from history.pod (which is also used for web pages)
6130 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
6132 * sudo.man.in, sudoers.man.in:
6137 Better explanation of environment handling in the sudo man page.
6141 Defer setting user-specified env vars until after authentication.
6145 honor def_default_path for PATH set on the command line
6148 * env.c, sudo.c, sudo.pod, sudoers.pod:
6149 Allow user to set environment variables on the command line as long
6150 as they are allowed by env_keep and env_check. Ie: apply the same
6151 restrictions as normal environment variables. TODO: deal with
6155 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
6157 * sudo.c, sudo_edit.c:
6158 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
6159 Don't allow -E or env var setting in sudoedit mode. More accurate
6160 usage() when called as sudoedit.
6168 add -c option to sudoedit synopsis
6176 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
6177 value from {user,host,runas,cmnd}_matches(). Rename *matches
6178 variables -> *match. Purely cosmetic.
6182 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
6190 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
6193 Make pwcheck local to the pwflag block. Use pwcheck even if user
6194 didn't match since Defaults options may still apply.
6198 Do not update timestamp if user not validated by sudoers.
6202 for PERM_RUNAS, set the egid to the runas user's gid and restore to
6203 the user's original in PERM_ROOT
6206 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
6207 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
6212 don't check timestamp mtime if we are just going to remove it
6216 Move sudoers defaults parameters into their own section.
6220 Reduce a level of indent by a few placed continue statements.
6224 Make matching but negated commands/hosts/runas entries override a
6225 previous match as expected. Also reduce some levels of indent by a
6226 few placed continue statements.
6229 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
6232 Print default runas in "sudo -l" if sudoers don't specify one.
6236 Less hacky way of testing whether the domain was set.
6239 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
6242 Mention pam-devel and openldap-devel for Linux
6245 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
6251 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
6254 fix typo in Solaris project support
6262 Make -- on the command line match the manual page. The implied shell
6263 case has been simplified as a result.
6266 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
6269 add simplistic support for sudoRunas; note that if a sudoers entry
6270 contains multiple Runas users, all will apply to the sudoRole
6274 honor SETENV and NOSETENV tags
6277 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
6280 Redo setting of user_args. We now build up a private copy of argv
6281 first and then replace the NULs?with spaces.
6285 getcwd() returns NULL on failure, not 0 on success
6289 allow chunksiz to reach 1 before erroring out
6292 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
6297 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
6299 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
6300 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
6302 Add support for setting environment variables on the command line.
6303 This is only allowed if the setenv sudoers options is enabled or if
6304 the command is prefixed with the SETENV tag.
6308 replace Aaron's email address with the sudo-workers list
6315 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
6317 * schema.OpenLDAP, schema.iPlanet:
6318 Break schema out into separate files.
6321 * Makefile.in, README.LDAP:
6322 Break schema out into separate files.
6325 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
6328 free message if set by authenticate()
6332 deal with NULL gr_mem
6335 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
6342 add template for HAVE_PROJECT_H
6349 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
6352 mention --with-project
6355 * config.h.in, configure.in, sudo.c:
6356 Add Solaris 10 "project" support. From Michael Brantley.
6368 Fix preservation of LDFLAGS in the LDAP case.
6372 Remove dependecy on NULL
6379 * aclocal.m4, configure.in:
6380 Can't use the regular autoconf fnmatch() check since we need
6381 FNM_CASEFOLD so go back to our custom one.
6385 Fix preserving of variables in env_keep.
6393 expand upon env resetting and mention that it began in 1.6.9 not
6398 Update descriptions of env_keep and env_check to match current
6402 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
6405 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
6406 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
6410 Treat USERNAME environemnt variable like LOGNAME/USER
6414 Don't need to populate keepenv table with the contents of the
6419 Don't force sudo into the C locale.
6423 Make env_check apply when env_reset it true. Environment variables
6424 are passed through unless they contain '/' or '%'. There is no need
6425 to have a variable in both env_check and env_keep.
6428 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
6431 Remove an duplicate lock_file() call and add a comment.
6435 Add sudo 1.6.9 upgrade note.
6438 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
6441 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
6442 small. From Klaus Wagner.
6445 * logging.c, sudo.h:
6446 Redo the long syslog line splitting based on a patch from Eygene
6447 Ryabinkin. Include memrchr() for systems without it.
6451 Redo the long syslog line splitting based on a patch from Eygene
6452 Ryabinkin. Include memrchr() for systems without it.
6455 * Makefile.in, config.h.in, configure, configure.in:
6456 Redo the long syslog line splitting based on a patch from Eygene
6457 Ryabinkin. Include memrchr() for systems without it.
6461 Since we need to be able to convert timespec to timeval for utimes()
6462 the last 3 digits in the tv_nsec are not significant. This makes the
6463 sudoedit file date comparison work again.
6466 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
6468 * aclocal.m4, configure, configure.in:
6469 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
6470 This deals with exclusive authentication methods in a simple way.
6473 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
6476 mkstemp.c is BSD code too.
6479 * sudo.pod, sudoers.pod, visudo.pod:
6480 No commercial support for now.
6483 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
6486 cleanenv() is no more.
6489 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
6492 Display branch info in Changelog
6496 Include config.h early so we have it for TIME_WITH_SYS_TIME
6500 Fix Changelog generation and update.
6503 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
6506 Use /proc/self/fd instead of /proc/$$/fd
6508 Move old-style fd closing into closefrom_fallback() and call that if
6509 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
6512 * auth/kerb5.c, config.h.in, configure.in:
6513 o use krb5_verify_user() if available instead of doing it by hand o
6514 use krb5_init_secure_context() if we have it o pass an encryption
6515 type of 0 to krb5_kt_read_service_key() instead of
6516 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
6520 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
6524 Fix closefrom() substitution in the Makefile
6528 Mention alternate sudo pronunciation.
6531 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
6534 Remove KRB5_KTNAME from environment. Allow COLORTERM.
6538 If we cannot get a valid service key using the default keytab it is
6539 a fatal error. Fixes a bug where sudo could be tricked into
6540 allowing access when it should not by a fake KDC. From Thor Lancelot
6544 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
6546 * aclocal.m4, configure, configure.in:
6547 Update long long checks to use AC_CHECK_TYPES and to cache values.
6550 * aclocal.m4, configure.in:
6551 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
6552 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
6556 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
6558 * configure, configure.in:
6559 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
6560 need it for visudo now too.
6563 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
6566 Attempt to clarify the bit talking about network numbers w/o
6571 Clarify timestamp dir ownership sentence.
6574 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
6577 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
6581 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
6584 -i is also one of the mutually exclusive options to list it in the
6585 warning message. Noted by Chris Pepper.
6588 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
6591 The sudoers variable is env_editor, not enveditor. From Jean-
6595 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
6598 I tracked down the original author so credit him and include his
6602 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
6604 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
6606 Fix typos; from Jason McIntyre.
6610 Restore signal mask before calling reapchild(). Fixes a possible
6611 race condition that could prevent sudo from properly waiting for the
6615 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
6618 Don't declare pw_free() if we are not going to use it.
6622 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
6623 LDR_PRELOAD64. The 64-bit version is not currently supported.
6624 Remove zero_env() prototype as it no longer exists.
6627 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
6630 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
6633 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
6636 If the user enters ^C at the password prompt, abort instead of
6637 trying to authenticate with an empty password (which causes an
6641 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
6643 * closefrom.c, config.h.in, configure, configure.in:
6644 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
6649 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
6652 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
6654 * config.guess, config.sub:
6655 Update to latest versions from cvs.savannah.gnu.org
6658 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
6660 * pwutil.c, sudo_edit.c:
6661 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
6662 we can close the passwd/group files early.
6665 * config.h.in, configure, configure.in, set_perms.c:
6666 Add seteuid() flavor of set_perms() for systems without setreuid()
6667 or setresuid() that have a working seteuid(). Tested on Darwin.
6670 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
6673 systrace_read() returns ssize_t
6676 * configure, configure.in:
6677 Fix typo, -lldap vs. -ldap; from Tim Knox.
6680 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
6683 Fix typo; Matt Ackeret
6686 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
6689 Print sudoers path in -V mode for root.
6692 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
6695 Do a sub tree search instead of a base search (one level in the tree
6696 only) for sudo right objects. This allows system administrators to
6697 categorize the rights in a tree to make them easier to manage.
6700 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
6706 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
6709 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
6710 bind_timelimit support; adapted from gentoo.
6713 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
6716 Support comments that start in the middle of a line
6719 * configure, configure.in:
6720 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
6723 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
6726 Silence gcc -Wsign-compare; djm@openbsd.org
6729 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
6730 cleanup() now takes an int as an arg so it can be used as a signal
6735 Make a copy of the shell field in the passwd struct for NewArgv to
6736 avoid a use after free situation after sudo_endpwent() is called.
6739 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
6741 * config.h.in, configure, configure.in:
6742 Add mkstemp() for those poor souls without it.
6746 Add mkstemp() for those poor souls without it.
6750 Add mkstemp() for those poor souls without it.
6753 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
6756 Add PERL5DB to list of environment variables to remove.
6759 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
6761 * mon_systrace.c, mon_systrace.h:
6762 Instead of calling the check function twice with a state cookie use
6763 separate check/log functions.
6765 Check more ioctl() calls for failure.
6767 systrace_{read,write} now return the number of bytes read/written or
6772 Add more environment variables to remove; from gentoo linux Add some
6773 comments about what bad env variables go to what (more to do)
6776 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
6778 * sudo.c, sudo_edit.c:
6779 Move sudo_end{gr,pw}ent() until just before the exec since they free
6780 up our cached copy of the passwd structs, including sudo_user and
6781 sudo_runas. Fixes a use-after-free bug.
6785 Close all fd's before executing editor.
6789 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
6793 Fix fd leak when lecture file option is enabled. From Jerry Brown
6796 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
6799 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
6800 environment variables to remove. From Charles Morris
6803 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
6806 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
6809 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
6812 add PS4 and SHELLOPTS to initial_badenv_table for bash
6815 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
6818 Fix typo; Toby Peterson
6821 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
6824 Make return buffers static so they don't get clobbered
6827 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
6830 Fix securid5 authentication, was not checking for ACM_OK. Also add
6831 default cases for the two switch()es. Problem noted by ccon at
6835 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
6838 Remove ncat() in favor of just counting bytes and pre-allocating
6842 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
6845 Fix up some comments Add missing fclose() for the rootbinddn case
6849 align struct ldap_config
6853 use LINE_MAX for max conf file line size
6857 add _PATH_LDAP_SECRET
6861 Mention rootbinddn Give example ou=SUDOers container
6864 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
6866 * INSTALL, configure, configure.in, ldap.c:
6867 Support rootbinddn in ldap.conf
6870 * env.c, sudo.pod, sudoers.pod:
6871 Preserve DISPLAY environment variable by default.
6874 * acsite.m4, configure:
6875 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
6878 * acsite.m4, configure:
6879 set need_version=no for all cases; this is safe for LD_PRELOAD
6886 * configure, configure.in:
6891 Fix call to pam_end() when pam_open_session() fails.
6899 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
6900 ltsugar.m4 ltversion.m4
6903 * config.guess, config.sub, ltmain.sh:
6904 merge in local changes: config.guess: o better openbsd support
6905 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
6906 libs must begin with "lib" o don't print a bunch of crap about
6907 library installs o don't run ldconfig
6910 * config.guess, config.sub, ltmain.sh:
6915 Update with autoupdate and make minor changes for libtool 1.9f
6918 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
6921 don't call sudo_ldap_display_cmnd if ldap not setup
6924 * sudo_edit.c, visudo.c:
6925 Move declatation of struct timespec to its own include files for
6926 systems without it since it needs time_t defined.
6930 Move declatation of struct timespec to its own include files for
6931 systems without it since it needs time_t defined.
6935 Move declatation of struct timespec to its own include files for
6936 systems without it since it needs time_t defined.
6940 Move declatation of struct timespec to its own include files for
6941 systems without it since it needs time_t defined.
6944 * check.c, compat.h:
6945 Move declatation of struct timespec to its own include files for
6946 systems without it since it needs time_t defined.
6950 Don't set safe_cmnd for the "sudo ALL" case.
6953 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
6956 Call pam_open_session() and pam_close_session() to give pam_limits a
6957 chance to run. Idea from Karel Zak.
6960 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
6963 Add explicit cast from mode_t -> u_int in printf to silence warnings
6968 include grp.h to silence a warning on Solaris
6971 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
6974 Fix printing of += and -= defaults.
6977 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
6980 Sanity check number of syscall args with argsize. Not really needed
6981 but a little paranoia never hurts.
6984 * mon_systrace.c, mon_systrace.h:
6985 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
6986 for systrace lengths (since it uses int)
6989 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
6992 Add some memsets for paranoia Fix namespace collsion w/ error Check
6993 rval of decode_args() and update_env() Remove improper setting of
6997 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
6999 * parse.c, sudo.c, sudo.h:
7000 In -l mode, only check local sudoers file if def_ignore_sudoers is
7001 not set and call LDAP versions from display_privs() and
7002 display_cmnd() instead of directly from main(). Because of this we
7003 need to defer closing the ldap connection until after -l processing
7004 has ocurred and we must pass in the ldap pointer to display_privs()
7009 Reorganize LDAP code to better match normal sudoers parsing.
7010 Instead of storing strings for later printing in -l mode we do
7011 another query since the authenticating user and the user being
7012 listed may not be the same (the new -U flag). Also add support for
7015 There is still a fair bit if duplicated code that can probably be
7019 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
7022 Replace pass variable with do_netgr for better readability.
7033 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
7036 Add macro to test if the tag changed to improve readability.
7040 Avoid printing defaults header if there are no defaults to print...
7044 Fix a warning on systems without strlcpy().
7048 Use macros where possible for sudo_grdup() like sudo_pwdup().
7051 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
7054 It is possible for tv_usec to hold >= 1000000 usecs so add in
7058 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
7061 The component in krb5_principal_get_comp_string() should be 1, not 0
7062 for Heimdal. From Alex Plotnick.
7065 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
7067 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
7068 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
7069 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
7070 Add efree() for consistency with emalloc() et al. Allows us to rely
7071 on C89 behavior (free(NULL) is valid) even on K&R.
7075 Move initgroups() for -U option into display_privs() so group
7076 matching in sudoers works correctly.
7079 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
7082 Removed duplicate call to ldap_unbind_s introduced along with
7087 Add missing space in Defaults printing
7090 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
7093 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
7097 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
7100 Zero old pw_passwd before replacing with version from shadow file.
7103 * configure, configure.in:
7104 Only attempt shadow password detection if PAM is not being used Add
7105 shadow_* variables to make shadow password detection more generic.
7109 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
7112 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
7115 use a non-breaking space to avoid a double space after e.g.
7119 commna, not colon after e.g.
7122 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
7125 Add __ variants of the exec functions. GNU libc at least uses
7126 __execve() internally.
7130 Match reality a bit more.
7134 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
7138 Store shadow password after making a local copy of struct passwd in
7139 case normal and shadow routines use the same internal buffer in
7143 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
7145 * alloc.c, logging.c:
7146 Make varargs usage consistent with the rest of the code.
7149 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
7152 Wrap more of the exec family since on Linux the others do not appear
7153 to go through the normal execve() path.
7157 make print_unused static like proto says
7161 silence a warning on K&R systems
7165 make this build in K&R land
7169 make this build in K&R land
7172 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
7178 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
7181 return(foo) not return foo optimize _atobool() slightly
7189 Reformat to match the rest of sudo's code.
7193 I am the primary author
7196 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
7198 * Makefile.in, README, RUNSON:
7199 The RUNSON file is toast--it confused too many people and really
7200 isn't needed in a configure-oriented world.
7204 alternate -> alternative
7208 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
7213 Allow leading blanks before Defaults and Foo_Alias definitions
7217 fix rules to build toke.o and gram.o in devel mode
7220 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
7223 env_keep overrides set_logname
7227 Fix disabling set_logname and make env_keep override set_logname.
7230 * compat.h, config.h.in, configure, configure.in:
7231 No longer need memmove()
7235 Just clean the environment once. This assumes that any further
7236 setenv/putenv will be able to handle the fact that we replaced
7237 environ with our own malloc'd copy but all the implementations I've
7241 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
7244 In -i mode, base the value of insert_env()'s dupcheck flag on
7245 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
7248 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
7251 Move setting of user_path, user_shell, user_prompt and prev_user
7252 into init_vars() since user_shell at least is needed there.
7255 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
7262 Fix some printf format mismatches on error.
7266 Fix some printf format mismatches on error.
7269 * configure, gram.c, toke.c:
7273 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
7274 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
7275 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
7276 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
7277 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
7278 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
7279 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
7280 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
7281 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
7282 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
7283 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
7284 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
7285 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
7286 visudo.pod, zero_bytes.c:
7287 Update copyright years.
7290 * Makefile.binary.in:
7291 Update copyright years.
7295 Update copyright years.
7298 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
7303 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
7306 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
7308 * compat.h, logging.h, sudo.h:
7309 Add __printflike and use it with gcc to warn about printf-like
7313 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
7315 * CHANGES, ChangeLog:
7316 Replaced CHANGES file with ChangeLog generated from cvs logs
7320 Use warning/error instead of perror/fatal.
7324 Update OpenBSD section
7328 Add upgrading noted for 1.7
7331 * env.c, sudo.c, sudoers.pod:
7332 Instead of zeroing out the environment, just prune out entries based
7333 on the env_delete and env_check lists. Base building up the new
7334 environment on the current environment and the variables we removed
7338 * config.h.in, configure, configure.in, sudo.c:
7339 Set locale to "C" if locales are supported, just to be safe.
7343 Cast?argument to ctype functions to unsigned char.
7346 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
7349 correct value for DID_USER
7352 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
7353 #include <compat.h> not "compat.h"
7357 Reset the environment by default.
7361 Alloc an extra slot in NewArgv. Removes the need to malloc an new
7362 vector if execve() fails.
7365 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
7367 * INSTALL, config.h.in, configure, configure.in, sudo.c:
7368 Use execve(2) and wrap the command in sh if we get ENOEXEC.
7371 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
7374 Only include time.h on systems that lack struct timespec which gets
7375 defind in compat.h (using time_t).
7379 Include time.h for time_t in compat.h for systems w/o struct
7383 * compat.h, config.h.in, configure, configure.in:
7384 use bcopy on systems w/o memmove
7388 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
7393 Add explicit rule to build sudo_noexec.lo
7396 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
7398 * INSTALL.configure, Makefile.in:
7399 No longer depend on VPATH; pointed out a bunch of missed
7404 Help for PAM when account section is missing
7408 Give user a clue when there is a missing "account" section in the
7413 Better error handling.
7416 * config.h.in, configure, configure.in:
7417 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
7418 possible. Silences a warning about isblank() on linux.
7422 Fix typo (missing comma) that caused an incorrect number of args to
7423 be passed to log_error().
7426 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
7429 Don't try to destroy a tree we didn't create.
7432 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
7434 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
7435 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
7436 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
7437 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
7438 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
7439 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
7440 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
7441 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
7442 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
7443 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
7444 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
7445 Add __unused to rcsids
7448 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
7450 * configure, configure.in:
7451 Fix error message when mixing invalid auth types
7455 PAM, AIX auth, BSD auth and login_cap are now on by default if the
7459 * auth/sudo_auth.h, config.h.in:
7460 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
7464 Better checking for conflicting authentication methods Display the
7465 authentication methods used at the end of configure Rename --with-
7466 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
7467 --with-pam, --with-logincap by default on systems that support them
7468 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
7469 OSREV has full version number
7472 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
7474 * def_data.c, def_data.in, sudo.c, sudoers.pod:
7478 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
7481 Replace: test -n "$FOO" || FOO="bar"
7483 With: : ${FOO='bar'}
7486 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
7488 * pwutil.c, testsudoers.c, tsgetgrpw.c:
7489 Use function pointers to only call private passwd/group routines
7490 when using a nonstandard passwd/group file.
7493 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
7500 Can't use strtok() since it doesn't handle empty fields so add
7501 getpwent()/getgrent() functions and call those.
7504 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
7507 Fix dummied out toke.c and gram.c dependencies.
7511 Rename PARSESRCS -> GENERATED since it is only used in the clean
7512 target Add devdir variable and use it to specify the path to parser
7521 Add a devdir variables that defaults to $(srcdir) and is set to . if
7522 --devel was specified. Allows for proper dependecies building the
7527 Add support for custom passwd/group files.
7531 Build private copy of pwutil.o for testsudoers with MYPW defined so
7532 it uses our own passwd/group routines.
7536 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
7537 stubs instead. We can now just use the caching sudo_*{pw,gr}*
7538 functions in pwutil.c Add comment about wanting to call
7539 sudo_endpwent/sudo_endgrent in cleanup()
7543 Remove caching; we will just use what is in pwutil.c Use global
7544 buffers for passwd/group structs Rename functions from sudo_* to
7548 * logging.c, sudo.c:
7549 g/c pwcache_init/pwcache_destroy
7553 Undo last commit and add sudo_setspent and sudo_endspent instead.
7556 * getspwuid.c, pwutil.c:
7557 Move all but the shadow stuff from getspwuid.c to pwutil.c and
7558 pwcache_get and pwcache_put as they are no longer needed. Also add
7559 preprocessor magic to use private versions of the passwd and group
7560 routines if MYPW is defined (for use by testsudoers).
7564 zero out struct passwd/group before filling it in so if there are
7565 fields we don't handle they end up as 0.
7568 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
7573 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
7578 Passwd and group lookup routines for testsudoers that support
7579 alternate passwd and group files.
7582 * getspwuid.c, pwutil.c:
7583 Split off pw/gr cache and dup code into its own file. This allows
7584 visudo and testsudoers to use the pw/gr cache too.
7587 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
7590 Print Defaults info in "sudo -l" output and wrap lines based on the
7594 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
7596 * match.c, testsudoers.c, visudo.c:
7597 Only check group vector in usergr_matches() if we are matching the
7598 invoking or list user. Always check the group members, even if
7599 there was a group vector.
7602 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
7604 * LICENSE, Makefile.in, fnmatch.3:
7605 No longer bundle fnmatch.3
7612 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
7619 Sort command line options
7622 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
7623 sudo.pod, sudoers.pod:
7624 Add closefrom sudoers option to start closing at a point other than
7625 3. Add closefrom_override sudoers option and -C sudo flag to allow
7626 the user to specify a different closefrom starting point.
7630 Add _PATH_DEVNULL for those without it.
7634 no more UCB strcasecmp
7638 replace BSD licensed one with version derived from pdksh
7641 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
7648 Make sure stdin, stdout and stderr are open and dup them to
7652 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
7654 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
7658 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
7659 Use TIME_WITH_SYS_TIME
7662 * config.h.in, configure, configure.in:
7663 Add TIME_WITH_SYS_TIME_H
7666 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
7669 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
7670 unconditionally on darwin. From Toby Peterson.
7674 Check rbinsert() return value. In the case of faked up entries
7675 there is usually a negative response cached that we need to
7678 In pwfree() don't try to zero out a NULL pw_passwd pointer.
7682 Use the double fork trick to avoid the monitor process being waited
7683 for by the main program run through sudo.
7686 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
7689 Call initgroups() in -U mode so group matches work normally.
7692 * def_data.h, mkdefaults:
7693 Don't print a trailing comma for the last entry in enum def_tupple
7696 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
7698 * sudoers.cat, sudoers.man.in, sudoers.pod:
7699 Mention values when lecture, listpw and verifypw are used in boolean
7703 * def_data.c, def_data.in:
7704 verifypw when used in a boolean TRUE context should be "all", not
7708 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
7710 * def_data.in, defaults.c:
7711 Allow tuples that can be used as booleans to be used as boolean
7712 TRUE. In this case the 2nd possible value of the tuple is used for
7716 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
7718 * configure, configure.in:
7719 Correct the test for 2-parameter timespecsub
7723 Add strub struct definitions for passwd, timeval and timespec
7726 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
7727 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
7728 and fix a typo in the gettimeofday check.
7731 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
7733 * match.c, testsudoers.c:
7734 Deal with user_stat being NULL as it is for visudo and testsudoers.
7737 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
7738 Add -U option to use in conjunction with -l instead of -u. Add
7739 support for "sudo -l command" to test a specific command.
7742 * gram.c, gram.y, sudo.c:
7743 Set safe_cmnd after sudoers_lookup() if it has not been set.
7744 Previously it was set by sudo "ALL" in the parser but at that point
7745 the fully-qualified pathname has not yet been found.
7748 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
7750 * parse.c, testsudoers.c:
7751 Correctly handle multiple privileges per userspec and runas
7755 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
7758 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
7761 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
7764 make per-command defaults work with sudoedit
7767 * ldap.c, parse.c, sudo.c, sudo.h:
7768 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
7769 Instead, we just set the approriate defaults variable.
7772 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
7773 Document per-command Defaults.
7776 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
7777 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
7778 Add support for command-specific Defaults entries. E.g.
7779 Defaults!/usr/bin/vi noexec
7782 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
7783 Change an occurence of user_matches() -> runas_matches() missed
7784 previously runas_matches(), host_matches() and cmnd_matches() only
7785 really need to pass in a list of members. user_matches() still
7786 needs to pass in a passwd struct because of "sudo -l"
7790 Check def_authenticate, def_noexec and def_monitor when setting
7791 return flags. XXX May be better to just set the defaults directly
7792 and get rid of those flags.
7795 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
7796 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
7797 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
7798 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
7799 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
7800 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
7801 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
7802 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
7803 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
7804 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
7805 visudo.c, zero_bytes.c:
7806 Use: #include <config.h> Not: #include "config.h" That way we get
7807 the correct config.h when build dir != src dir
7811 Back out part of rev 1.263; fix -I order
7815 More robust parsing if #include; could be much better still.
7818 * sudo_edit.c, visudo.c:
7819 Make arg splitting in visudo and sudoedit consistent.
7822 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
7823 Split alias routines out into their own file.
7827 __attribute__ is already defined in compat.h
7831 quit() should not be __noreturn__ as it is non-void on some
7835 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
7836 Add local error/warning functions like err/warn but that call an
7837 additional cleanup routine in the error case. This means we no
7838 longer need to compile a special version of alloc.o for visudo.
7842 Clarify comments about the data structures
7845 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
7848 Add support for VISUAL and EDITOR containing command line args. If
7849 env_editor is not set any args in VISUAL and EDITOR are ignored.
7850 Arguments are also now supported in def_editor.
7853 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
7856 alias_matches() is no more
7864 When regenerating the parser, don't replace gram.h unless it has
7869 remove Makefile.binary for distclean
7873 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
7874 sure we can't overflow new_env.
7878 paranoia when stripping trailing slashes from tempdir.
7882 Set user_ngroups to 0 if getgroups() returns an error.
7885 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
7887 * config.h.in, configure, configure.in, sudo.c:
7888 Add configure check for getgroups()
7892 Use supplementary group vector in struct sudo_user.
7896 Only do string comparisons on the group members if there is no
7897 supplemental group list.
7905 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
7906 chop off any trailing slashes we see and add an explicit one.
7910 remove bogus XXX comment
7914 Get rid of alias_matches and correctly fall through to the non-alias
7915 cases when there is no alias with the specified name.
7919 Cache non-existent passwd/group entries too.
7930 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
7931 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
7932 Implement group caching and use the passwd and group caches
7936 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
7939 Properly negate the return value of alias_matches() when
7944 Make hostname_matches() return TRUE for a match, else FALSE like the
7949 Add missing dependencies on gram.h
7953 Use runas_matches in alias_matches() now that we have it.
7957 Expand aliases in "sudo -l" mode
7961 Use ALIAS for the member type when storing an alias instead of
7962 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
7963 more generic type. Expand runas_matches instead of calling
7964 user_matches() inside of it since user_matches() looks up
7965 USERALIASes, not RUNASALIASes.
7968 * CHANGES, getspwuid.c:
7969 Paranoia; zero out pw_passwd before freeing passwd entry.
7972 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
7973 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
7974 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
7975 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
7976 Add local error/warning functions like err/warn but that call an
7977 additional cleanup routine in the error case. This means we no
7978 longer need to compile a special version of alloc.o for visudo.
7982 Use userpw_matches() to compare usernames, not strcmp(), since the
7983 latter checks for "#uid".
7986 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
7987 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
7988 the other by user name. The data returned from the cache should be
7989 considered read-only and is destroyed by sudo_endpwent().
7997 missing free in alias_destroy
8001 Can't use rbapply() for rbdestroy since the destructor is passed a
8002 data pointer, not a node pointer.
8005 * getspwuid.c, logging.c, sudo.c, sudo.h:
8006 Create and use private versions of setpwent() and endpwent() that
8007 set/end the shadow password file too.
8010 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
8011 Store aliases in a red-black tree.
8014 * Makefile.in, redblack.c, redblack.h:
8015 red-black tree implementation
8019 Edit all sudoers file if there were unused or undefined aliases and
8020 we are in strict mode.
8023 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
8025 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
8026 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
8027 Bring back the "secure_path" Defaults option now that Defaults take
8028 effect before the path is searched.
8031 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
8033 * logging.c, parse.c:
8034 A user can always list their own entries, even with -u. Better error
8035 message when failing to list another user's entries.
8038 * parse.c, sudo.c, sudo.h:
8039 The syntax to list another user's entries is now "-u otheruser -l".
8040 Only root or users with sudo "ALL" may list other user's entries.
8043 * sudo.cat, sudo.man.in, sudo.pod:
8044 Update env variable info in SECURITY NOTES
8052 strip exported bash functions from the environment.
8055 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
8058 Only reset sudo_user.pw based on SUDO_USER environment variables for
8059 real commands and sudoedit. This avoids a confusing message when a
8060 user tries "sudo -l" or "sudo -v" and is denied.
8063 * gram.c, gram.y, parse.h:
8064 Extend LIST_APPEND to deal with appending lists too
8067 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
8070 Convert some bitwise AND to ISSET
8074 toke.c replaces lex.yy.c
8082 new parser fixes most of the outstanding bugs
8090 Rework for the new parser. Now checks for unused aliases in sudoers.
8094 Rewrite for the new parser. Now supports a -d flag (dump) and adds
8095 a -h flag (host). It now defaults to the local hostname unless
8096 otherwise specified.
8100 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
8104 Update for new parse. We now call find_path() *after* we have
8105 updated the global defaults based on sudoers. Also adds support for
8106 listing other user's privs if you are root.
8110 Working LDAP support; also remove a now-unneeded rewind().
8113 * logging.c, logging.h:
8118 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
8119 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
8120 connecto to LDAP, apply the default options, find the command in the
8121 user's path, and then check whether the user is allowed to run it.
8122 The important thing here is that the default runas user may be
8123 specified as a default option and that needs to be set before we
8124 search for the command.
8128 Add casts to unsigned char for isspace() to quiet a gcc warning.
8132 Add prototype for update_defaults()
8136 Don't warn about line numbers now that we operate on a set of data
8137 structures (or LDAP) and not a file.
8141 No long use lsearch()
8145 Update for new and changed file names.
8149 no more BSD lsearch.c
8153 foo_matches() routines now live in match.c Added user_matches(),
8154 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
8155 that operate on the parsed sudoers file.
8158 * parse.lex, toke.l:
8159 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
8160 WORD no longer needs to exclude '@' kill yywrap()
8163 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
8165 Rewritten parser that converts sudoers into a set of data
8166 structures. This eliminates ordering issues and makes it possible to
8167 apply sudoers Defaults entries before searching for the command.
8170 * configure.in, emul/search.h, lsearch.c:
8171 We won't be using lsearch() any longer.
8175 sudo should not send mail if someone who runs 'sudo -l' has no
8179 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8185 Update warnings to match new visudo
8189 The new parser doesn't have the old ordering constraints.
8193 Document that -l now takes an optional username argument
8196 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
8203 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
8204 a compilation problem with Solaris 9's native LDAP.
8206 Set FLAG_MONITOR when needed.
8209 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
8212 Call sudo_goodpath() *after* changing the cwd to match the traced
8213 process. Fixes relative paths.
8216 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
8219 Kill set_perms() stub--it is no longer needed.
8222 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
8224 * sudoers.cat, sudoers.man.in, sudoers.pod:
8225 stay_setuid now requires set_reuid() or setresuid()
8228 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
8229 configure.in, set_perms.c, sudo.c, sudo.h:
8230 Kill use of POSIX saved uids; they aren't worth bothering with.
8233 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
8236 remove call to issetugid()
8239 * sudoers.cat, sudoers.man.in, sudoers.pod:
8240 Remove warning about wildcards. Now that we use glob() the bug is
8245 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
8246 each result that matches the basename of the user's command. This
8247 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
8248 /usr/bin/blah. Fixes bug #143.
8251 * config.h.in, configure, configure.in:
8252 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
8256 * config.h.in, configure, configure.in:
8257 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
8265 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
8270 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
8274 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
8277 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
8278 means we are out of space in the stack gap...
8286 Take a stab at ldap sudoers support here.
8289 * mon_systrace.c, mon_systrace.h:
8290 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
8291 doesn't cause reboot to inadvertanly kill itself.
8295 put "monitor" in the proctitle, not "systrace"
8299 When modifying the environment, don't replace envp when we can get
8300 away with just rewriting pointers in the traced process.
8303 * mon_systrace.c, mon_systrace.h:
8304 Add environment updating via STRIOCINJECT (if available).
8307 * sudoers.cat, sudoers.man.in:
8311 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
8318 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
8322 Include file is now mon_systrace.h
8325 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
8326 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
8327 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
8328 No longer call it tracing, it is now "monitoring" which should be
8329 more a obvious name to non-hackers.
8332 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
8334 * mon_systrace.c, mon_systrace.h:
8338 * mon_systrace.c, mon_systrace.h:
8339 No need to include syscall.h, use 1024 as the max # of entries (the
8340 max that systrace(4) allows).
8342 Only need to use SYSTR_POLICY_ASSIGN once
8344 Change check_syscall() -> find_handler() and have it return the
8345 handler instead of just running it. We need this since handler now
8346 have two parts: one part that generates and answer and another that
8347 gets called after the answer is accepted (to do logging).
8349 Add some missing check_exec for emul execv
8352 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
8357 Add missing HAVE_LINUX_SYSTRACE_H
8361 add trace_systrace.o dependency
8364 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
8366 * configure, configure.in:
8367 Also look for systrace.h in /usr/include/linux
8370 * mon_systrace.c, mon_systrace.h:
8371 Move all struct defs and prototypes into trace_systrace.h and mark
8372 all but systace_attach() static.
8375 * mon_systrace.c, mon_systrace.h:
8376 Add support for tracing emulations. At the moment, all emulations
8377 are compiled in. It might make sense to #ifdef them in the future,
8378 though this impeeds readability.
8381 * Makefile.in, configure, configure.in:
8382 rename systrace.c -> trace_systrace.c
8385 * parse.yacc, sudo.tab.c:
8386 Allow this to build with a K&R compiler again
8393 * compat.h, sudo.c, visudo.c:
8394 Use __attribute__((__noreturn__))
8398 Exit() takes a negative value to indicate it was not called via
8402 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8407 * Makefile.in, visudo.c:
8408 Define Err() and Errx() that are like err() and errx() but call
8409 Exit() instead of exit(). Build private copy of alloc.o for visudo
8410 that calls Err() and Errx().
8413 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
8415 * lex.yy.c, sudo.tab.c:
8424 Overhaul visudo for editing multiple files: o visudo has been
8425 broken out into functions (more work needed here) o each file is
8426 now edited before sudoers is re-parsed o if a #include line is
8427 added that file will be edited too
8429 TODO: o cleanup temp files when exiting via err() or errx() o
8430 continue breaking things out into separate functions
8433 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
8434 Add keepopen arg to open_sudoers that open_sudoers can use to
8435 indicate to the caller that the fd should not be closed when it is
8436 done with it. To be used by visudo to keep locked fds from being
8437 closed prematurely (and thus losing the lock).
8440 * parse.yacc, sudo.c:
8441 Add errorfile global that contains the name of the file that caused
8446 return COMMENT to yacc grammar for a #include line
8450 Remove us of unput() in favor of yyless() which is cheaper.
8454 Allow an empty sudoers file.
8457 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
8460 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
8463 * lex.yy.c, sudo.tab.c:
8468 Do signal setup before calling edit_sudoers(). Don't shadow the
8473 If a sudoers file includes other files, edit those too. Does not yes
8474 deal with creating the new includes files itself.
8478 init_parser now takes a path
8481 * parse.c, parse.h, parse.lex, parse.yacc:
8482 More scaffolding for dealing with multiple sudoers files: o
8483 init_parser() now takes a path used to populate the sudoers global
8484 o the sudoers global is used to print the correct file in yyerror()
8485 o when switching to a new sudoers file, perserve old file name and
8489 * Makefile.in, pathnames.h.in:
8490 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
8491 multiple sudoers files.
8495 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
8496 we start at the right file position when reading include files.
8508 Add max depth of 128 for the include stack to avoid loops.
8510 Since yyerror() doesn't stop parsing, pass return values back to
8511 yylex and call yyterminate() on error.
8514 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
8521 Mention PREVENTING SHELL ESCAPES section of sudoers man page
8524 * lex.yy.c, sudo.tab.c:
8529 Add support for #include in sudoers (visudo support TBD)
8533 make yyerror()'s argument const
8536 * testsudoers.c, visudo.c:
8537 Add open_sudoers() stubs.
8541 Rename check_sudoers() open_sudoers() and make it return a FILE *
8544 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
8546 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
8551 * Makefile.in, sudo.psf:
8552 Better HP-UX depot construction
8555 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
8558 o Made children global so check_exec() can lookup a child. o
8559 Replaced uid in struct childinfo with struct passwd * (for runas) o
8560 new_child() now takes a parent pid so the runas info can be
8561 inherited o Added find_child() to lookup a child by its pid o
8562 update_child() now fills in a struct passwd o Converted the big
8563 if/else mess in set_policy to a switch o Syscalls that change uid
8564 are now "ask" so we get SYSTR_MSG_UGID events
8568 Add flag to sudo_pwdup that indicates whether or not to lookup the
8569 shadow password. Will be used to a struct passwd that has the
8570 shadow password already filled in.
8574 add missing increment of addr in read_string()
8578 Remove bogus call to update_child() and some cosmetic fixes
8582 Don't leak /dev/systrace fd to tracee Make initialized global for
8583 simplicity If STRIOCATTACH returns EBUSY we are already being traced
8584 Check for user_args == NULL in setproctitle() call Add missing calls
8589 g/c sudo_pwdup proto
8592 * Makefile.in, sudo.psf:
8593 Add target for building a depot file
8600 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
8602 * lex.yy.c, sudo.tab.c, sudo.tab.h:
8607 document --with-systrace
8610 * config.h.in, configure, configure.in:
8611 Add check for setproctitle
8615 pass struct str_msg_ask in to syscall checker so it can set the
8620 systrace(4) support for sudo. On systems with the systrace(4)
8621 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
8622 intercept exec calls and check the exec args against the sudoers
8623 file. In other words, sudo can now control subcommands and shell
8628 Call systrace_attach() if FLAG_TRACE is set.
8631 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
8632 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
8636 Don't close sudoers_fp, keep it open and set close on exec flag
8640 * def_data.c, def_data.h, def_data.in:
8649 SunOS /bin/sh blows up with configure
8652 * configure, configure.in:
8653 Include sys/param.h before systrace.h
8665 line up options in --help
8668 * config.h.in, configure.in:
8672 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
8678 * aclocal.m4, configure.in:
8679 make this work with autoconf-2.59
8682 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
8685 Simplify logic around open & stat of files and do sanity on edited
8686 file even if we lack fstat (still racable but worth doing).
8689 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
8697 [b84ebfaf1552] [SUDO_1_6_8p1]
8700 more changes for 1.6.8p1
8707 * CHANGES, sudo_edit.c:
8708 Add sanity check so we don't try to edit something other than a
8712 2004-09-15 Aaron Spangler <aaron777@gmail.com>
8719 document --with-ldap-conf-file
8722 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
8724 * CHANGES, ins_csops.h:
8725 political correctness strikes again
8732 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
8734 * Makefile.binary.in, Makefile.in:
8735 Install sudoedit man link
8739 Update PAM note and mention where HP-UX users can download gcc
8744 libtool wants to install stuff from .libs so fake one up for binary
8748 * Makefile.binary.in:
8749 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
8753 Deal with "uname -m" having slashes in it rm -f old sudoedit link
8754 instead of using ln -f
8757 * Makefile.binary, Makefile.binary.in:
8758 Makefile.binary -> Makefile.binary.in for config.status substitution
8759 Add support for installing noexec bits
8763 Copy noexec bits into binary dists too No longer use my old arch
8764 script for making binary dists
8768 Install sudoedit link.
8771 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
8774 avoid __P so there is no need for compat.h to be included
8778 Don't use HAVE_UTIME_H before including config.h.
8781 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
8784 Fix Solatis futimes macro
8787 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
8790 Rename ots -> omtim for improved readability.
8793 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
8796 Redo changes in revision 1.7. Don't really need to keep the temp
8797 file open; re-opening it with the invoking user's euid is
8805 * sudo.cat, sudo.man.in:
8810 back out revision 1.70; it is no long applicable
8814 Let the loader initialize nep
8817 * config.h.in, configure, configure.in:
8818 Removed unneed check for fchown Add check for gettimeofday Move
8819 autoheader template stuff into separate AH_TEMPLATE lines
8822 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
8823 Use timespec throughout.
8831 function to return the current time in a struct timespec
8835 Not a darpa-sponsored file.
8838 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
8840 * compat.h, config.h.in, configure, configure.in:
8841 Add a check for struct timespec and provide it for those without.
8844 * config.h.in, configure, configure.in, sudo_edit.c:
8845 Add checks for st_mtim and st_mtimespec and add macros for pulling
8846 the mtime sec and nsec out of struct stat. These are used in
8847 sudo_edit() to better tell whether or not the file has changed.
8850 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
8851 Add an extra param to touch() for nsec
8855 Call mkstemp() as the in invoking user so we don't have to chown the
8856 file later. Only touch() the temp file if we can do it via the file
8857 descriptor. Don't check for modification of the temp file if we lack
8858 fstat(). Catch errors read()ing the temp file.
8862 If path is NULL and fd == -1 return -1.
8866 closefrom() is overkill, the only extra fds are the ones we opened
8867 so just close those in the child.
8870 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
8871 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
8873 Use utimes() and futimes() instead of utime() in touch(), emulating
8874 as needed. Not all systems are able to support setting the times of
8875 an fd so touch() takes both an fd and a file name as arguments.
8878 2004-09-07 Aaron Spangler <aaron777@gmail.com>
8884 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
8886 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8891 * sudo.pod, sudoers.pod, visudo.pod:
8892 Add SUPPORT section and re-order some of the sections to match the
8893 order we use in OpenBSD.
8896 2004-09-06 Aaron Spangler <aaron777@gmail.com>
8899 Openldap ~/.ldaprc fix
8902 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
8905 Talk about how the editor must write its changes to the original
8906 file and not just use rename(2).
8914 Keep the temp file open instead of re-opening after the editor has
8919 Update for current redhat/fedora core.
8922 2004-09-03 Aaron Spangler <aaron777@gmail.com>
8928 2004-09-02 Aaron Spangler <aaron777@gmail.com>
8931 config tls_* options
8934 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
8936 * configure, configure.in:
8937 No need for -lcrypt when using pam.
8940 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
8946 2004-08-27 Aaron Spangler <aaron777@gmail.com>
8948 * configure.in, ldap.c, pathnames.h.in:
8949 Allow --with-ldap-conf-file option to override LDAP_CONF
8953 cleanup debug message
8956 2004-08-26 Aaron Spangler <aaron777@gmail.com>
8962 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
8964 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
8965 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
8966 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
8967 longer use gross statics in command_matches(). Also rename some
8968 variables for improved clarity.
8971 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
8974 document HP's crippled compiler deficiency.
8978 Fix some thinkos in --with-editor and --with-env-editor
8979 descriptions. Noticed by Norihiko Murase.
8982 * configure, configure.in:
8983 --with-noexec takes an optional PATH argument.
8987 document --with-noexec
8990 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
8994 [f2503bd13373] [SUDO_1_6_8]
8997 Better warning message when sudoedit is unable to write to the
9001 * sudo.cat, sudo.man.in:
9006 Don't italicize the string "sudoedit"
9009 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
9015 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
9022 Reset used_runas to FALSE when re-intializing the parser.
9025 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
9028 Correct OpenBSD mips support
9035 2004-08-07 Aaron Spangler <aaron777@gmail.com>
9042 Updates on current behavior
9045 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
9048 =back does not take an indentlevel (makes no difference to formatted
9053 =back does not take an indentlevel (makes no difference to formatted
9062 Consistency. Use same error for bad -u #uid when targetpw is set as
9063 we do when a bad -u username is specified.
9067 Add checksum idea from Steve Mancini
9070 * sudoers.cat, sudoers.man.in:
9074 * sudo.cat, sudo.man.in:
9078 * sudo.pod, sudoers.pod:
9079 Document the restriction on uids specified via -u when targetpw is
9084 Error out when targetpw is enabled and sudo is run with -u #uid but
9085 #uid does not exist in the passwd database. We can't do target
9086 authentication when the target is not in passwd!
9089 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
9094 Some more todo for the next release.
9098 Make it clear that PAM should be used for DCE support when possible.
9102 o Document problems with wildcards and relative paths. o Make the
9103 order requirements more prominent. o Change a "set" to "reset" for
9107 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
9110 Mention --with-secure-path, not SECURE_PATH.
9113 2004-08-03 Aaron Spangler <aaron777@gmail.com>
9116 reflect changes to parse.c
9119 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
9125 * parse.c, parse.h, testsudoers.c, visudo.c:
9126 Don't pass user_cmnd and user_args to command_matches(), just use
9127 the globals there. Since we keep state with statics anyway it is
9128 misleading to pretend that passing in different cmnd and cmnd_args
9133 Don't pass user_cmnd and user_args to command_matches(), just use
9134 the globals there. Since we keep state with statics anyway it is
9135 misleading to pretend that passing in different cmnd and cmnd_args
9140 Fix a bug introduced in rev. 1.149. When checking for pseudo-
9141 commands check for a '/' anywhere in cmnd, not just the first
9145 2004-07-31 Aaron Spangler <aaron777@gmail.com>
9147 * sudo.man.in, sudo.pod:
9148 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
9151 * sudoers.man.in, sudoers.pod:
9152 Add ignore_local_sudoers
9156 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
9160 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
9166 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
9173 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
9174 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
9177 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
9183 2004-07-08 Aaron Spangler <aaron777@gmail.com>
9186 Better debugging of ALL command
9189 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
9192 When matching for "sudoedit" in sudoers check both the command the
9193 user typed *and* the command that is listed in the sudoers entry.
9196 2004-07-04 Aaron Spangler <aaron777@gmail.com>
9199 Added !command feature
9202 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
9205 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
9208 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
9211 License is ISC-style, not BSD-style
9218 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
9220 * sudo.cat, sudo.man.in:
9225 o Update some out of date bits to reality o Change the shell promt
9226 in examples to bourne-shell style o Clarify some details o Add a
9227 CAVEAT about "sudo cd /foo"
9231 Don't ask for a password if invoking user == target user.
9238 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
9240 * sudoers.cat, sudoers.man.in:
9245 Expand on NOEXEC a little.
9252 * visudo.cat, visudo.man.in:
9261 Add a check in visudo for runas_default being set after it has
9265 * CHANGES, parse.yacc, visudo.c:
9266 Add a check in visudo for runas_default being set after it has
9275 Add a MATCHED macro for testing whether foo_matches has been set to
9276 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
9277 Doesn't change the actual code generated.
9280 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
9291 Correct description of where Defaults specs should go.
9295 Correct description of where Defaults specs should go.
9298 * testsudoers.c, visudo.c:
9318 * auth/bsdauth.c, auth/kerb5.c:
9322 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
9328 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
9329 Remove trailing spaces, no actual code changes.
9333 Remove trailing spaces, no actual code changes.
9336 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
9337 Remove trailing spaces, no actual code changes.
9341 Remove trailing spaces, no actual code changes.
9345 Remove trailing spaces, no actual code changes.
9348 * compat.h, defaults.c, env.c:
9349 Remove trailing spaces, no actual code changes.
9353 Remove trailing spaces, no actual code changes.
9361 Fix a >=0 that should be <0 that was improperly converted when
9366 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
9367 NOMATCH when resetting it.
9371 Fix pastos introduced in SETNMATCH addition.
9374 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
9377 Update for configure changes
9385 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
9386 these in parse.yacc. Also in parse.yacc initialize the *_matches
9387 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
9388 when setting *_matches to a value that may be
9389 NOMATCH/UNSPEC/TRUE/FALSE.
9393 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
9394 these in parse.yacc. Also in parse.yacc initialize the *_matches
9395 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
9396 when setting *_matches to a value that may be
9397 NOMATCH/UNSPEC/TRUE/FALSE.
9401 Initialize runas to -2, not -1 since we need to be able to
9402 distinguish between the initialized value and the value of a non-
9403 match when passing along the runas value to multiple commands.
9405 The result of this is that an unmatched runas is now set to -1, not
9406 0. This is required now that parse.c treats a FALSE value for runas
9407 as being explicitly denied.
9410 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
9413 Error out if argc < 1.
9417 Error out if argc < 1.
9420 * configure, configure.in:
9421 Add tests for what libs we need to link with for ldap and for
9422 whether or not lber.h needs to be explicitly included.
9425 2004-06-03 Aaron Spangler <aaron777@gmail.com>
9428 Solaris native LDAP build fix
9431 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
9434 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
9439 Add prototype for sudo_ldap_list_matches
9442 * configure, configure.in:
9443 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
9444 version too. Added check for dd_fd in `DIR' if no dirfd is found;
9445 this is now used to confitionally define the dirfd macro in
9450 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
9451 version too. Added check for dd_fd in `DIR' if no dirfd is found;
9452 this is now used to confitionally define the dirfd macro in
9457 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
9458 version too. Added check for dd_fd in `DIR' if no dirfd is found;
9459 this is now used to confitionally define the dirfd macro in
9464 Only check /proc/$$/fd if we have the dirfd function/macro.
9467 * compat.h, config.h.in, configure, configure.in:
9468 Add a check for a dirfd() function (like Linux) and add a dirfd
9469 macro in compat.h if there is no dirfd() function or macro.
9472 * closefrom.c, getcwd.c:
9473 dirfd() is now defined in compat.h as needed.
9477 Clarify closefrom() note.
9481 When checking for a command in the directory, only copy the base dir
9486 If there is a /proc/$$/fd directory, behave like the Solaris
9487 closefrom() and only close the descriptors listed therein.
9491 compat.h guarantees INT_MAX is defined.
9495 Add definitions of OPEN_MAX and INT_MAX for those without it and
9496 remove definition of RLIM_INFINITY (now unused).
9499 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
9500 sudo.c, sudo.h, visudo.c:
9501 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
9504 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
9511 Add some entries that were mailed in a while ago
9515 o sysconf returns a long, not an int. o check for negative return
9516 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
9517 define OPEN_MAX to 256 for those without it (a fair guess...)
9520 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
9523 Mention change in parse order for RunAs entries.
9530 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
9532 * INSTALL, README.LDAP, config.h.in, configure.in:
9533 o --with-ldap now takes an optional dir as a parameter o added
9534 check for ldap_initialize() and start_tls_s()
9538 Fix some typos, word choice and formatting issues.
9541 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
9544 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
9545 read/write as it is simpler.
9548 * configure, configure.in:
9549 Remove hack overriding cross-compiler check. It should no longer be
9554 Remove select() compat bits since we no longer use select().
9557 * CHANGES, tgetpass.c:
9558 Use alarm() instead of select() for the timeout for systems that
9559 don't fully/properly implement select().
9562 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
9573 Deal with systems that have no way of setting the effective uid such
9577 * configure, configure.in:
9578 Define NO_SAVED_IDS if we don't find seteuid()
9581 * config.h.in, configure, configure.in:
9582 Add back check for setreuid() since NSK doesn't have it.
9585 * sudoers.cat, sudoers.man.in:
9598 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
9599 explicitly denied and the command matched. This fixes a long-
9600 standing bug and makes: foo machine = (ALL) /usr/bin/blah
9601 foo machine = (!bar) /usr/bin/blah
9603 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
9610 2004-05-20 Aaron Spangler <aaron777@gmail.com>
9613 Missing DESTDIR in make install for sudo_noexec.la
9616 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
9618 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
9628 Remove fastboot/fasthalt (who still remembers these?) and add a
9629 minimal sudoedit example.
9633 Remove fastboot/fasthalt (who still remembers these?) and add a
9634 minimal sudoedit example.
9637 * UPGRADE, sudo.c, visudo.c:
9638 filesystem -> file system
9642 filesystem -> file system
9646 filesystem -> file system
9649 * sudo.pod, sudoers.pod:
9650 Fix some minor typos and formatting goofs
9658 remove my email addr
9661 * sudo.pod, sudoers.pod, visudo.pod:
9662 Use @mansectform@ and @mansectsu@ everywhere Make man page
9663 references links with L<>
9667 Accept quoted globbing characters and pass them verbatim for
9672 Document that /tmp/.odus is gone.
9676 No longer use /tmp/.odus as a possible timestamp dir unless
9677 specifically configured to do so. Instead, if no /var/run exists,
9678 use /var/adm/sudo or /usr/adm/sudo.
9682 No longer use /tmp/.odus as a possible timestamp dir unless
9683 specifically configured to do so. Instead, if no /var/run exists,
9684 use /var/adm/sudo or /usr/adm/sudo.
9688 No longer use /tmp/.odus as a possible timestamp dir unless
9689 specifically configured to do so. Instead, if no /var/run exists,
9690 use /var/adm/sudo or /usr/adm/sudo.
9694 No longer use /tmp/.odus as a possible timestamp dir unless
9695 specifically configured to do so. Instead, if no /var/run exists,
9696 use /var/adm/sudo or /usr/adm/sudo.
9699 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
9700 Preliminary changes to support nsr-tandem-nsk. Based on patches
9705 Preliminary changes to support nsr-tandem-nsk. Based on patches
9709 * check.c, compat.h:
9710 Preliminary changes to support nsr-tandem-nsk. Based on patches
9714 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
9717 There was no 1.6.7p6.
9725 add missing files to DISTFILES
9728 * sudo.cat, sudoers.cat, visudo.cat:
9737 Fix some line wrap and update (c) year
9740 2004-04-28 Aaron Spangler <aaron777@gmail.com>
9746 2004-04-07 Aaron Spangler <aaron777@gmail.com>
9752 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
9759 In Exit() when used as a signal handler, emsg is a pointer so
9760 sizeof() is wrong so make it a #define instead. Also avoid using a
9761 negative exit value. Found by Aaron Campbell
9764 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
9767 Remove bogus sentence about uids in a User_List. Document usernames
9768 vs. uid parsing in a Runas_List.
9771 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
9772 If the user specified a uid with the -u flag and the uid exists in
9773 the passwd file, set runas_user to the name, not the uid.
9775 When comparing usernames in sudoers, if a name is really a uid
9776 (starts with '#') compare it numerically to pw_uid.
9779 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
9782 krb5_mcc_ops should be const; Johnny C. Lam
9785 2004-02-28 Aaron Spangler <aaron777@gmail.com>
9787 * CHANGES, config.h.in, ldap.c:
9788 Added start_tls support
9791 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
9794 Clean up libtool stuff for 'make distclean' and add def_data.c,
9795 def_data.h to PARSESRCS.
9798 2004-02-14 Aaron Spangler <aaron777@gmail.com>
9800 * strlcat.c, strlcpy.c:
9801 Un-Fix last license munge
9804 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
9810 * CHANGES, RUNSON, TODO:
9814 * lex.yy.c, sudo.tab.c:
9818 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
9819 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
9820 emul/search.h, emul/utime.h:
9821 More to a less restrictive, ISC-style license.
9824 * auth/kerb5.c, auth/pam.c:
9825 More to a less restrictive, ISC-style license.
9828 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
9829 More to a less restrictive, ISC-style license.
9833 More to a less restrictive, ISC-style license.
9836 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
9837 More to a less restrictive, ISC-style license.
9840 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
9841 visudo.man.in, visudo.pod:
9842 More to a less restrictive, ISC-style license.
9846 More to a less restrictive, ISC-style license.
9849 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
9851 More to a less restrictive, ISC-style license.
9854 * sigaction.c, strerror.c:
9855 More to a less restrictive, ISC-style license.
9858 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
9860 More to a less restrictive, ISC-style license.
9863 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
9864 ins_goons.h, insults.h, interfaces.c, interfaces.h:
9865 More to a less restrictive, ISC-style license.
9868 * find_path.c, getprogname.c:
9869 More to a less restrictive, ISC-style license.
9873 More to a less restrictive, ISC-style license.
9877 More to a less restrictive, ISC-style license.
9881 More to a less restrictive, ISC-style license.
9884 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
9886 More to a less restrictive, ISC-style license.
9889 * utime.c, version.h:
9890 More to a less restrictive, ISC-style license.
9893 * parse.lex, parse.yacc:
9894 More to a less restrictive, ISC-style license.
9898 More to a less restrictive, ISC-style license.
9901 2004-02-13 Aaron Spangler <aaron777@gmail.com>
9904 Merged in LDAP Support
9907 * ldap.c, sudo.c, sudo.h:
9908 Merged in LDAP Support
9911 * def_data.c, def_data.h, def_data.in:
9912 Merged in LDAP Support
9915 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
9916 Merged in LDAP Support
9919 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
9921 * sudo.h, sudo_noexec.c:
9922 Only do "extern int errno" if errno is not a macro.
9925 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
9928 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
9929 euid first, then just call setuid(0) to set the real uid too.
9933 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
9934 instead of seteuid() which may not exist.
9937 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
9943 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
9944 Add --with-pc-insults configure option
9948 Prefer VISUAL over EDITOR like old vipw did.
9951 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
9953 * sudo.man.in, sudoers.man.in:
9958 Add a note that noexec is not a cure-all.
9962 Mention that disabling "root_sudo" is pretty pointless.
9965 * configure, configure.in:
9966 Substitute for root_sudo in sudoers.pod
9970 Add sudoedit to the NAME section
9974 Document that fact that setting ignore_dot in sudoers has no effect
9975 due to the fact that find_path() is called *before* sudoers is read.
9978 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
9981 Do not require _PATH_USRTMP to be set.
9984 * BUGS, CHANGES, TODO:
9993 Clarify that when sudo is run by root with the SUDO_USER variable
9994 set, the sudoers lookup happens for root and not the SUDO_USER user.
9997 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
9999 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
10000 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
10001 Use the SET, CLR and ISSET macros.
10005 Use the SET, CLR and ISSET macros.
10008 * defaults.c, env.c:
10009 Use the SET, CLR and ISSET macros.
10013 MAIN was replaced with _SUDO_MAIN some time ago.
10017 Don't look at prev_user until after we've parsed sudoers and done
10018 the password check. That way, if sudo/sudoedit is run from a root
10019 process that was invoked by sudo, we check sudoers for root, not the
10020 previous user. This makes sudoedit much more useful and means that
10021 for the sudo case, we get correct logging on who actually ran the
10025 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
10028 Add a comment describing why we need to be notified about our child
10032 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
10034 * def_data.c, def_data.in:
10035 Update the noexec variable descriptions
10038 * sudoers.man.in, sudoers.pod:
10039 noexec now replaces more than just execve()
10043 Alas, all the world does not go through execve(2). Many systems
10044 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
10045 and it is not uncommon for libc to have underscore ('_') versions of
10046 the functions to be used internally by the library. Instead of
10047 stubbing all these out by hand, define a macro and let it do the
10048 work. Extra exec functions pointed out by Reznic Valery.
10051 * sudo.c, sudo_edit.c:
10052 Fix suspending the editor in -e mode. Because we do a fork() first
10053 we need to be notified when the child has been stopped and then send
10054 that same signal to ourself so the shell can do its job control
10059 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
10060 there that want to run sudo that still don't support these we can
10061 try to deal with that later.
10068 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
10069 Document sudo -e / sudoedit
10072 * configure, configure.in:
10076 * config.h.in, configure.in:
10080 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
10083 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
10084 long usage() line to not wrap (assumes 80 char display)
10087 * Makefile.in, sudo.c:
10088 If sudo is invoked as "sudoedit" the -e flag is implied and no other
10089 flags are permitted.
10093 Add a new flag, -e, that makes it possible to give users the ability
10094 to edit files with the editor of their choice as the invoking user,
10095 not the runas user. Temporary files are used for the actual edit
10096 and the temp file is copied over the original after the editor is
10100 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
10101 Add a new flag, -e, that makes it possible to give users the ability
10102 to edit files with the editor of their choice as the invoking user,
10103 not the runas user. Temporary files are used for the actual edit
10104 and the temp file is copied over the original after the editor is
10109 If real uid == 0 and the SUDO_USER environment variables is set, use
10110 that to determine the invoking user's true identity. That way the
10111 proper info gets logged by someone who has done "sudo su" but still
10112 uses sudo to as root. We can't do this for non-root users since
10113 that would open up a security hole, though perhaps it would be
10114 acceptable to use getlogin(2) on OSes where this a system call (and
10115 doesn't just look in the utmp file).
10119 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
10122 * config.h.in, configure, configure.in:
10123 Add check for fchown(2)
10126 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
10129 Back out portions of the -i commit that set NewArgv[0] in
10130 set_runaspw. It is far to late to set NewArgv[0] there and will have
10131 no effect anyway as cmnd and safe_cmnd have already been set.
10134 * visudo.c, visudo.pod:
10135 Prefer VISUAL over EDITOR like old vipw did.
10138 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
10141 In -i mode always set new environment based on the runas user's
10145 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
10147 * sudo.man.in, sudo.pod:
10148 Document the new -i flag and sync SYNOPSIS section with usage() in
10149 sudo.c. Also sort the flags in the OPTIONS section.
10153 o Add -i that acts similar to "su -", based on patches from David J.
10154 MacKenzie o Sort the flags in the usage message
10157 * sudoers.man.in, sudoers.pod:
10158 Add a missing @runas_default@ substitution.
10161 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
10164 Change euid to runas user before calling find_path().
10165 Unfortunately, though runas_user can be modified in sudoers we
10166 haven't parsed sudoers yet.
10169 * sudoers.man.in, sudoers.pod:
10170 Add missing defintion of Parameter_List and use single pipes in the
10171 Defaults EBNF definition.
10175 Fix a bug when set_runaspw() is used as a callback. We don't want
10176 to reset the contents of runas_pw if the user specified a user via
10179 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
10180 already have the info in runas_pw.
10183 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
10186 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
10190 Update sudo_getepw() proto and add one for set_runaspw()
10194 If we can't stat the command as root, try as the runas user instead.
10197 * testsudoers.c, visudo.c:
10198 Add stub set_runaspw() function
10202 Add set_runaspw() function to fill in runas_pw. This will be used
10203 as a callback to update runas_pw when the runas user changes.
10207 PERM_RUNAS -> PERM_FULL_RUNAS
10210 * set_perms.c, sudo.h:
10211 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
10216 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
10217 one chunk for easy free()ing. Also change it from static to extern.
10220 * defaults.c, defaults.h:
10221 Add callback support
10225 Add a callback field and use it for runas_default
10228 * def_data.c, def_data.in:
10229 Add a callback field and use it for runas_default
10232 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
10235 Add support for chalnecho and display server responses used by fwtk
10239 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
10241 * sudoers.man.in, sudoers.pod:
10242 ld.so is ld.so.1 on solaris
10245 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
10246 Use closefrom() instead of doing the equivalent inline.
10250 closefrom(3) for systems w/o it
10253 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
10256 Update from .pod file.
10259 * configure, configure.in:
10260 Substitute noexec_file for the sudoers man page
10263 * sudo.man.in, sudo.pod:
10267 * sudoers.man.in, sudoers.pod:
10271 * auth/pam.c, config.h.in, configure.in:
10272 Move PAM_CONST macro definition from config.h to pam.c where it
10273 belongs. We can't have this in config.h since that gets included too
10277 * auth/pam.c, config.h.in, configure, configure.in:
10278 Some PAM implementations put their headers in /usr/include/pam
10279 instead of /usr/include/security.
10283 I missed changing the EXEC macro -> EXECV here when I changed this
10284 in config.h.in and sudo.c a while ago.
10288 OpenBSD vax/m88k/hppa don't do shared libs
10291 * configure, configure.in:
10292 o merge the hpux case entries into a single entry w/ its own sub-
10293 case statement. o HP-UX >= 11 support getspnam(), use it in
10294 preference to getprpwuid()
10297 * configure, configure.in:
10298 eval $shrext so that it expands nicely on MacOS X
10302 Don't lie about making a module, it does the wrong thing on mach
10306 Remove requirement that libs must begin with "lib". They don't when
10307 we point directly at the lib using LD_PRELOAD or its equivalent.
10311 Disable support for c++, f77 and java. We don't need it, it takes a
10312 lot of time, and it hosed our check for shared lib support.
10320 Call AC_ENABLE_SHARED and check the status of enable_shared to know
10321 when shared libs are available.
10325 Duh, OpenBSD suports shared libs too
10328 * config.h.in, configure.in:
10329 Only OpenPAM and Linux PAM use const qualifiers.
10332 * configure, configure.in:
10333 o No need to check for sed, libtool config does that for us o move
10334 check for --with-noexec until after libtool magic is run so we can
10335 use $can_build_shared and $shrext
10339 Don't print a bunch of crap about library installs since we are not
10340 really installing a library.
10344 Make format_env() varargs Add noexec support for Darwin, MacOS X,
10348 * acsite.m4, ltconfig, ltmain.sh:
10349 Update to libtool 1.5 with local changes: o no ldconfig in the
10350 finish step o assume no libprefix or version is needed
10354 Fix compilation under K&R
10357 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
10364 stub execve() that just returns EACCES; used for noexec
10369 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
10374 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
10378 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
10380 * def_data.c, def_data.h, def_data.in:
10381 Move the environment defaults to the end and shorten a few of the
10385 * configure, configure.in:
10386 no shared libs on ultris or convexos
10389 * Makefile.in, configure, configure.in:
10390 Build sudo_noexec shared object using libtool; could use some
10394 * acsite.m4, ltconfig, ltmain.sh:
10395 libtool scaffolding
10398 * parse.yacc, sudo.tab.c:
10399 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
10403 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
10404 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
10405 update copyright year
10408 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
10409 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
10410 option. The default value of noexec_file is set to this.
10413 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
10414 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
10416 Add support for preloading a shared object containing a dummy
10417 execve() function that just sets error and returns -1. This adds a
10418 "noexec_file" option to load the filename as well as a "noexec" flag
10419 to enable it unconditionally. There is also a NOEXEC tag that can
10420 be attached to specific commands and an EXEC tag to disable it.
10424 add missing newline to usage statement
10427 * config.h.in, sudo.c:
10428 Rename EXEC macro -> EXECV
10432 Don't truncate usernames to 8 characters in the log message.
10435 * check.c, sudoers.man.in, sudoers.pod:
10436 Update copyright year
10439 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
10441 Add a new option, lecture_file, that can be used to point to a
10442 custom sudo lecture.
10445 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
10447 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
10449 Add a zero_bytes() function to do the equivalent of bzero in such a
10450 way that will heopfully not be optimized away by sneaky compilers.
10454 Add a zero_bytes() function to do the equivalent of bzero in such a
10455 way that will heopfully not be optimized away by sneaky compilers.
10458 * Makefile.in, sudo.h:
10459 Add a zero_bytes() function to do the equivalent of bzero in such a
10460 way that will heopfully not be optimized away by sneaky compilers.
10464 Use #ifdef __STDC__, not #if __STDC__.
10467 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
10470 Always put at least one space between the def_* macro name and its
10474 * configure, configure.in:
10475 Adjust code for --without-lecture to match new values.
10479 regen after pasto fix
10482 * sudoers.man.in, sudoers.pod:
10483 Document that "lecture" has changed from a flag to a tuple.
10486 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
10487 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
10488 Add support for tuples in def_data.in; these are implemented as an
10489 enum type. Currently there is only a single tuple enum but in the
10490 future we may have one tuple enum per T_TUPLE entry in def_data.in.
10491 Currently listpw, verifypw and lecture are tuples. This avoids the
10492 need to have two entries (one ival, one str) for pwflags and syslog
10495 lecture is now a tuple with the following values: never, once,
10498 We no longer use both an int and string entry for syslog facilities
10499 and priorities. Instead, there are logfac2str() and logpri2str()
10500 functions that get used when we need to print the string values.
10503 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
10504 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
10505 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
10506 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
10507 sudo.tab.c, visudo.c:
10508 Create def_* macros for each defaults value so we no longer need the
10509 def_{flag,ival,str,list,mode} macros (which have been removed). This
10510 is a step toward more flexible data types in def_data.in.
10517 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
10520 If we are in -k/-K mode, just spew to stderr. It is not unusual for
10521 users to place "sudo -k" in a .logout file which can cause sudo to
10522 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
10523 Previously, this would result in useless mail and logging.
10526 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
10529 fix pasto in VISUAL description
10532 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
10543 Some OSes (like Solaris) allow export w/ nosuid too
10546 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
10549 We don't use FD_ZERO anymore so just define FD_SET (if not already
10553 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
10556 Fix a core dump on Solaris by preserving the pam_handle_t we used
10557 during authentication for pam_prep_user(). If we didn't
10558 authenticate (ie: ticket still valid), we call pam_init() from
10559 pam_prep_user(). This is something of a hack; it may be better to
10560 change the auth API and add an auth_final() function that acts like
10564 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
10567 Add explicit declaration of printerr variable in function header
10568 (was defaulting to int which is OK but oh so K&R :-). From Theo.
10571 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
10573 * config.h.in, configure.in:
10574 s/HAVE_STOW/USE_STOW/
10578 Also exit waitpid() loop when pid == 0. Fixes a problem where the
10579 sudo process would spin eating up CPU until sendmail finished when
10580 it has to send mail.
10583 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
10586 Remove advertising clause, UCB has disavowed it
10590 Remove advertising clause, UCB has disavowed it
10593 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
10596 Don't assume that getgrnam() calls don't modify contents of struct
10597 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
10598 Based on a patch from Kirk Webb.
10601 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
10608 darwin has a broken setreuid() in at least some versions
10612 Fix an off by one error when reallocating the environment; Kevin Pye
10615 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
10618 Fix User_Spec definition; SEKINE Tatsuo
10621 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
10624 More info on the early days from Coggs.
10627 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
10630 remove errant semicolon that prevented compilation under heimdal
10633 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
10635 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
10636 add DARPA credit on affected files
10640 add DARPA credit on affected files
10643 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
10645 add DARPA credit on affected files
10649 add DARPA credit on affected files
10653 add DARPA credit on affected files
10656 * logging.c, parse.c:
10657 add DARPA credit on affected files
10660 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
10661 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
10662 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
10664 add DARPA credit on affected files
10667 * auth/kerb5.c, auth/pam.c:
10668 add DARPA credit on affected files
10671 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
10672 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
10674 add DARPA credit on affected files
10678 add DARPA credit on affected files
10681 * defaults.c, defaults.h:
10682 add DARPA credit on affected files
10686 add DARPA credit on affected files
10689 * Makefile.in, alloc.c, check.c:
10690 add DARPA credit on affected files
10694 slightly different wording for the darpa credit
10697 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
10703 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
10706 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
10707 Kerberos like we did before I messed things up ;-)
10709 Use krb5_principal_get_comp_string() to do the same thing w/
10710 Heimdal. I'm not sure if the component should be 0 or 1 in this
10713 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
10714 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
10715 should be a configure check for this I guess.
10718 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
10721 builtin -> built-in; Jason McIntyre
10724 * TROUBLESHOOTING, config.h.in, configure, configure.in:
10725 builtin -> built-in; Jason McIntyre
10729 built in -> built-in; Jason McIntyre
10732 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
10735 checkpoint for 1.6.7p3
10739 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
10740 Amazingly, sudo source from 1985 is available via groups.google.com
10744 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
10745 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
10746 RLIMIT_CORE restoration on some OSes.
10749 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
10752 Make this compile on Heimdal and MIT Kerberos 5
10755 * config.h.in, configure, configure.in:
10756 Check for heimdal even if we found krb5-config and define
10761 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
10762 no longer defined by MIT kerb5 (though it used to be and indeed
10763 remains so in Heimdal).
10766 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
10769 Remove newer stuff that passes multiple (possibly duplicate)
10770 directories to "mkdir -p" since that seems to break on Tru64 Unix at
10771 least. This basically brings back what shipped with sudo 1.6.6.
10774 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
10777 Correct number of args to krb5_principal_get_realm() and fix an
10778 unclosed comment that hid the bug.
10805 * CHANGES, version.h:
10814 use krb5-config to determine Kerberos V details if it exists
10817 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
10818 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
10819 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
10820 testsudoers.c, visudo.c:
10821 Use warn/err and getprogname() throughout. The main exception is
10822 openlog(). Since the admin may be filtering logs based on the
10823 program name in the log files, hard code this to "sudo".
10827 Add getprogname.c and err.c
10834 * config.h.in, configure.in:
10835 Add checks for getprognam(), __progname and err.h
10839 For systems withour err/warn functions.
10843 For systems withour err/warn functions.
10847 For systems neither getprogname() nor __progname; uses Argv[0].
10850 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
10853 checkpoint for 1.6.7p1
10856 * sudo.c, testsudoers.c:
10857 fix strlcpy() rval check (innocuous)
10861 oflow detection in expand_prompt() was faulty (false positives). The
10862 count was based on strlcat() return value which includes the length
10863 of the entire string.
10866 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
10869 checkpoint for the sudo 1.6.7 release
10870 [096bab4da29a] [SUDO_1_6_7]
10873 checkpoint for the sudo 1.6.7 release
10876 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
10879 g/c unused variable
10887 use man sections 8 and 5 for csops
10890 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
10897 Add -lskey or -lopie directly to SUDO_LIBS instead of having
10898 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
10906 Add --with-blibpath for AIX. An alternate libpath may be specified
10908 -blibpath support can be disabled. Also change conifgure such that
10909 -blibpath is not specified if no -L libpaths were added to
10914 Add --with-blibpath for AIX. An alternate libpath may be specified
10916 -blibpath support can be disabled. Also change conifgure such that
10917 -blibpath is not specified if no -L libpaths were added to
10922 Add --with-blibpath for AIX. An alternate libpath may be specified
10924 -blibpath support can be disabled. Also change conifgure such that
10925 -blibpath is not specified if no -L libpaths were added to
10930 add AIX blibpath support
10933 * INSTALL, configure.in:
10934 --with-skey and --with-opie now take an option directory argument
10935 This obsoletes a --with-csops hack (/tools/cs/skey)
10937 Also remove the remaining direct uses of "echo"
10940 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
10943 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
10944 for KTH Kerberos IV and V.
10948 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
10949 -R/path/to/dir if $with_rpath) to the specified variable.
10952 * INSTALL, configure.in:
10953 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
10954 option, --with-rpath to control this behavior.
10958 for kerb4 put libdes after libkrb on the link line
10966 fix kerberos lib check when a path is specified
10970 Fix boolean thinko in SIGCHLD reaper and call reapchild after
10971 sending mail instead of doing a conditional sudo_waitpid.
10974 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
10981 replace =DIR with [=DIR] where sensible
10985 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
10986 detection based on openssh's configure.in
10990 --with-kerb4 and --with-kerb5 now take an optional argument.
10993 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
10996 Kill remaining strcpy(), the programmer's guide says username is 32
11001 trat uid_t as unsigned long for printf and use snprintf, not sprintf
11008 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
11010 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
11011 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
11012 auth/rfc1938.c, auth/sudo_auth.c:
11013 update copyright year
11016 * sudo.man.in, sudoers.man.in, visudo.man.in:
11017 update copyright year
11020 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
11021 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
11022 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
11023 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
11024 update copyright year
11027 * check.c, env.c, sudo.c:
11028 Cast [ug]ids to unsigned long and printf with %lu
11036 correct error messages for --with-sudoers-{mode,uid,gid}
11040 make the malloc(0) error specific to each function to aid tracking
11045 deal with platforms where size_t is signed and there is no SIZE_MAX
11050 Make this compile w/ Heimdal and fix some gcc warnings.
11054 Use stat_sudoers macro so --with-stow can work
11057 * INSTALL, config.h.in, configure, configure.in:
11058 Add support for --with-stow based on patches from Robert Uhl
11074 use strlcpy, not strncpy
11078 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
11085 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
11087 * strlcat.c, strlcpy.c:
11088 Make gcc shutup about unused rcsid
11092 Move the n == 0 check for the non-getifaddrs cas
11096 skeychallenge() on NetBSD take a size parameter
11104 put -ldl after -lpam, not before; fixes static linking on Linux
11108 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
11112 * sudo.cat, sudoers.cat, visudo.cat:
11116 * sudo.man.in, sudoers.man.in, visudo.man.in:
11121 Preserve copyright notice from .pod file in .man.in file
11125 Add sudoers(5) to SEE ALSO
11128 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
11135 Don't assume libc can realloc() a NULL string. If malloc/realloc
11136 fails, make sure we just return; yyerror() is not terminal.
11144 simplify fill_args a little and use strlcpy for paranoia
11151 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
11153 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
11154 cases the strings were either pre-allocated to the correct size of
11155 length checks were done before the copy but a little paranoia can go
11160 Add strlc{at,py} protos
11163 * env.c, interfaces.c:
11172 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
11173 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
11177 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
11182 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
11185 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
11188 Use snprintf() for paranoia
11192 Use emalloc2 and erealloc3
11196 strlc{at,py} for those w/o it
11199 * strlcat.c, strlcpy.c:
11200 stlc{at,py} for those w/o it.
11203 * config.h.in, configure, configure.in:
11204 Add stlc{at,py} for those w/o it.
11208 Add erealloc3(), a realloc() version of emalloc2().
11211 * interfaces.c, sudo.c:
11212 Use emalloc2() to allocate N things of a certain size.
11216 Add emalloc2() -- like calloc() but w/o the bzero and with
11217 error/oflow checking.
11221 Error out on malloc(0); suggested by theo
11224 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
11226 * configure, configure.in:
11227 fix a typo; David Krause
11230 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
11236 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
11239 Remove DYLD_ from the environment for MacOS X; from bbraun
11242 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
11244 * config.h.in, configure.in:
11245 not not; Anil Madhavapeddy
11248 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
11250 * sudo.pod, sudoers.pod, visudo.pod:
11251 typos; jmc@openbsd.org
11254 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
11257 Add some missing ';' rule terminators that bison warns about.
11261 fix typo I introduced in last merge
11265 regenerate with autoconf 2.57
11269 Add missing "$HOME"
11273 Add some more square backets to make autoconf 2.57 happy
11276 * config.sub, mkinstalldirs:
11277 Updates from autoconf-2.57
11281 Updates from autoconf-2.57
11284 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
11290 * lex.yy.c, sudo.tab.c:
11294 * parse.lex, parse.yacc, sudoers.pod:
11295 Add support for Defaults>RunasUser
11298 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
11301 fclose() yyin after each yyparse() is done and use fopen() instead
11302 of using freopen().
11306 Better fix for sudoers files w/o a newline before EOF. It looks
11307 like the issue is that yyrestart() does not reset the start
11308 condition to INITIAL which is an issue since we parse sudoers
11312 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
11315 Work around what appears to be a flex bug when dealing with files
11316 that lack a final newline before EOF. This adds a rule to match EOF
11317 in the non-initial states which resets the state to INITIAL and
11322 o The parser needs sudoers to end with a newline but some editors
11323 (emacs) may not add one. Check for a missing newline at EOF and
11324 add one if needed. o Set quiet flag during initial sudoers parse (to
11325 get options) o Move yyrestart() call and always use freopen() to
11326 open yyin after initial sudoers parse.
11329 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
11332 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
11333 effective gid, not real gid, when reading sudoers.
11337 don't compile set_perms_posix if we have setreuid or setresuid
11340 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
11342 * sudo.pod, sudoers.pod:
11343 document new prompt escapes
11347 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
11348 collapsed to "%" as was originally intended. This also gets rid of
11349 lastchar (does lookahead instead of lookback) which should simplify
11350 the logic slightly.
11353 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
11356 Write the prompt *after* turning off echo to avoid some password
11357 characters being echoed on heavily-loaded machines with fast
11362 Add support for mipseb; wiz@danbala.tuwien.ac.at
11366 Fix IRIX fallout from name changes in man dir/sect Makefile
11367 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
11371 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
11372 the global copy. Problem noted by Peter Pentchev.
11375 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
11382 Add missing yyerror() calls; YYERROR does not seem to call this for
11386 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
11389 fix typo in comment; Pedro Bastos
11392 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
11395 document --disable-setresuid
11398 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
11400 Sprinkle some volatile qualifiers to prevent over-enthusiastic
11401 optimizers from removing memset() calls.
11404 * logging.c, parse.yacc:
11405 minor sign fixes pointed out by gcc -Wsign-compare
11408 * set_perms.c, sudo.c, sudo.h:
11409 Revamp set_perms. We now use a version based on setresuid() or
11410 setreuid() when possible since that allows us to support the
11411 stay_setuid option and we always know exactly what the semantics
11412 will be (various Linux kernels have broken POSIX saved uid support).
11415 * config.h.in, configure:
11416 regen from configure.in
11420 Add checks for setresuid() and a way to disable using it
11424 No long need to emulate set*[ug]id() via setres[ug]id() or
11425 setre[ug]id(). The new set_perms stuff only uses things it knows are
11430 Before exec, restore state of signal handlers to be the same as when
11431 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
11432 a problem when using sudo with nohup. Based on a patch from Paul
11437 o timestamp_uid should be uid_t, not int o clarify error message
11438 when sudo is run by root and no_root_sudo is set
11441 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
11444 update ftp link for bison
11447 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
11450 Error out if setusercontext() fails and the runas user is not root.
11453 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
11460 Fix SecurID API test
11463 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
11470 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
11471 but I don't see a better way at the moment.
11474 * Makefile.in, auth/securid5.c:
11475 SecurID API version 5 support from Michael Stroucken
11479 Add check for SecurID 5.0 API
11482 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
11485 We actually do still need config.h to get the 'const' definition for
11489 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
11492 regen with autoconf 2.5.3
11496 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
11500 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
11501 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
11504 * env.c, sudo.c, sudo.h:
11505 No need for dump_badenv() now that dump_defaults() knows how to dump
11509 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
11515 document timestampowner
11519 Don't call set_perms() when doing timestamp stuff unless
11520 timestamp_uid != 0.
11523 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
11524 sudo.h, testsudoers.c:
11525 g/c second arg to set_perms--it is no longer used
11528 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
11530 * check.c, set_perms.c, sudo.c, sudo.h:
11531 Add support for non-root timestamp dirs. This allows the timestamp
11532 dir to be shared via NFS (though this is not recommended).
11535 * def_data.c, def_data.h, def_data.in:
11536 Add timestampowner, "Owner of the authentication timestamp dir"
11539 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
11542 Don't try to pre-compute the size of the new envp, just allocate
11543 space up front and realloc as needed. Changes to the new env
11544 pointer must all be made through insert_env() which now keeps track
11545 of spaced used and allocates as needed.
11548 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
11555 Fix two typo/pastos; from jrj@purdue.edu
11558 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
11560 * INSTALL.binary, README:
11562 [a1e33027278c] [SUDO_1_6_6]
11564 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
11565 visudo.cat, visudo.man.in:
11569 * CHANGES, RUNSON, TODO:
11574 The the loop used to expand %h and %u, the lastchar variable was not
11575 being initialized. This means that if the last char in the prompt
11576 is '%' and the first char is 'h' or 'u' a extra copy of the host or
11577 user name would be copied, for which space had not been allocated.
11580 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
11582 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
11583 crank version to 1.6.6
11587 #undef VOID to get rid of an AFS warning
11591 Use easprintf instead of emalloc + sprintf for some things.
11594 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
11596 * lex.yy.c, sudo.tab.c:
11600 * parse.c, parse.lex, parse.yacc, testsudoers.c:
11601 Remove Chris Jepeway's email address so people don't bug him ;-)
11604 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
11607 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
11608 endgrent() at the same time.
11611 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
11614 Make it clear which configure options take arguments.
11617 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
11620 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
11621 RLIM_INFINITY, just pretend it is -1. This works because we only
11622 check for RLIM_INFINITY and do not set anything to that value.
11625 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
11628 Zero and free allocated memory when there is a conversation error.
11632 Use sigaction() not signal()
11636 Mention that some linux kernels have broken POSIX saved ID support
11640 checkpoint for 1.6.5p2
11648 Add --disable-setreuid flag
11652 Document new --disable-setreuid option and change description for
11653 --disable-saved-ids to match new error message.
11657 fatal() now takes an argument that determines whether or not to call
11662 Update for new error messages from set_perms()
11666 Update for new error messages from set_perms()
11669 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
11672 Make this compile w/o warnings
11676 Mention that we can't use pam_acct_mgmt()
11679 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
11680 The user's password was not zeroed after use when AIX
11681 authentication, BSD authentication, FWTK or PAM was in use.
11684 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
11687 Avoid giving PAM a NULL password response, use the empty string
11688 instead. This avoids a log warning when the user hits ^C at the
11689 password prompt when PAM is in use.
11693 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
11694 pam_setcred() returns the last saved return code, not the return
11695 code for the setcred module. Because we haven't called
11696 pam_authenticate(), this is not set and so pam_setcred() returns
11701 Don't need a '/' between $(DESTDIR) and a directory.
11705 Don't need a '/' between $(DESTDIR) and a directory.
11708 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
11715 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
11716 setreuid() o new NetBSD has a real setreuid() o add check for
11717 freeifaddrs() if getifaddrs() exists.
11720 * config.h.in, interfaces.c:
11721 Older BSDi releases lack freeifaddrs() so add a test for that and if
11722 it is not present just use free().
11725 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
11728 Checkpoint for 1.6.5p1
11732 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
11733 to normal passwords, not AUTH_FATAL (which just causes an exit).
11737 Don't use memory after it has been freed.
11741 skeyaccess() wants a struct passwd * not a char *; Patch from
11743 [65a1d3806fcd] [SUDO_1_6_5]
11749 * CHANGES, RUNSON, TODO:
11750 checkpoint for sudo 1.6.5
11753 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
11759 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
11763 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11769 o when invoking the mailer as root use a hard-coded environment that
11770 doesn't include any info from the user's environment. Basically
11773 o Add support for the NO_ROOT_MAILER compile-time option and run the
11774 mailer as the user and not root if NO_ROOT_MAILER is defined.
11777 * set_perms.c, sudo.h:
11778 Bring back PERM_FULL_USER
11789 * INSTALL, config.h.in, configure.in:
11790 Add --disable-root-mailer option to run the mailer as the user and
11795 checkpoint for 1.6.4p2
11799 Mention the "seteuid(0): Operation not permitted" problem here too
11800 just for good measure.
11803 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
11805 * env.c, getspwuid.c, sudo.c:
11806 The SHELL environment variable was preserved from the user's
11807 environment instead of being reset based on the passwd database when
11808 the "env_reset" option was used. Now it is reset as it should be.
11815 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
11817 Add a configure option to turn off use of POSIX saved IDs
11825 add --with-efence option
11829 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
11830 "sudo -l" would not work if always_set_home was set.
11838 Quoted commas were not being treated correctly in command line
11843 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
11844 Otherwise, the set_home option has no effect.
11846 o Fix use of freed memory when the "fqdn" flag is set. This was
11847 introduced by the fix for the "segv when gethostbynam() fails" bug.
11848 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
11849 there is no need to check the "fqdn" flag in set_fqdn() itself.
11853 Add 'continue' statements to optimize the switch statement. From
11857 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
11859 * sudoers.cat, sudoers.man.in:
11860 Regen from new sudoers.pod
11861 [6ecc07b3d0e1] [SUDO_1_6_4]
11864 Add caveat about stay_setuid flag
11868 If set_perms == set_perms_posix and the stay_setuid flag is not set,
11869 set all uids to 0 and use set_perms_fallback().
11872 * set_perms.c, sudo.h:
11873 Remove PERM_FULL_USER (which is no longer used) and add
11874 PERM_FULL_ROOT (used when exec'ing the mailer).
11878 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
11879 never want to run the mailer setuid.
11882 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
11884 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
11886 Use sudo.ws instead of courtesan.com in URLs
11889 * Makefile.binary, Makefile.in:
11890 Fix mansect substitution
11894 Substitute man sections in Makefile.binary
11898 Sync install targets with Makefile.in and substitute in man
11902 * INSTALL, INSTALL.binary:
11907 Repair bindist target
11914 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
11917 Fix case where neither whoami nor id are found
11920 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
11923 If neither whoami nor id exists, just assume we are root.
11927 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
11928 on AIX which for some reason isn't pulling in the malloc prototype.
11931 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
11933 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
11942 Defer assigning new environment until right before the exec.
11946 kill extra blank line
11949 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
11956 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
11957 compiler doesn't recognise -O2.
11961 Clarify origins of Root Group sudo a bit based on info from
11962 billp@rootgroup.com
11965 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
11972 checkpoint for 1.6.4rc1
11975 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
11978 now generated via autoheader
11986 Move in some stuff that was previously in config.h.
11989 * aclocal.m4, configure.in:
11990 Add info for autoheader.
11993 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
11996 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
11997 -g to facilitate non-root installs
12001 Add -M option (like -m but only for root) If we can't find "whoami",
12002 use "id" w/ some sed.
12010 allow user to always override mansectsu and mansectform
12013 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
12016 update from autoconf 2.52
12019 * config.guess, config.sub:
12020 Update from autoconf 2.52
12024 regen with autoconf 2.52
12028 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
12029 mode o Remove compiler-specific checks for HP-UX now that we use
12038 o Add pam_prep_user function to call pam_setcred() for the target
12039 user; on Linux this often sets resource limits. o When calling
12040 pam_end(), try to convert the auth->result to a PAM_FOO value.
12041 This is a hack--we really need to stash the last PAM_FOO value
12042 received and use that instead.
12045 * set_perms.c, sudo.h:
12046 o Add pam_prep_user function to call pam_setcred() for the target
12047 user; on Linux this often sets resource limits.
12051 Fix off by one error in number of bytes allocated via malloc (does
12052 not affected any released version of sudo).
12055 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
12062 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
12063 requiring that they be quoted.
12066 * sudoers.cat, sudoers.man.in, sudoers.pod:
12067 Mention that no double quotes are needed when
12068 adding/deleting/assigning a single value to a list.
12072 Don't rely on mkdefaults being executable, call perl explicitly.
12080 Remove some XXX that are no longer relevant.
12084 o Roll our own loop instead of using strpbrk() for better
12085 grokability o When adding to a list we must malloc() and use
12086 memcpy(), not strdup() since we must only copy len bytes from str.
12089 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
12099 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
12110 avoid the -g flag unless --with-devel was specified
12114 mkdefaults, def_data.in and sigaction.c were missing from the
12119 def_data.c was missing
12122 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
12125 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
12126 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
12134 Add comment for Default section so folks know where it should go.
12137 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
12140 Use TCSETAF, not TCSETA to set terminal in termio case
12143 * sudoers.cat, sudoers.man.in:
12144 regen from sudoers.pod
12148 o Typo, Runas_User_List should be Runas_List o a User_List can not
12149 contain a uid o mention that the Defaults section should come after
12150 Alias definitions but before the user specifications
12153 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
12155 * sudoers.cat, sudoers.man.in:
12160 Fix listpw and verifypw sections, they were not being formatted
12164 * sudoers.cat, sudoers.man.in:
12176 * config.h.in, configure.in:
12177 use AC_SYS_POSIX_TERMIOS instead of rolling our own
12181 Reference sudo.ws not courtesan.com
12185 Add notes on shadow passwords
12189 In list mode (sudo -l), characters escaped with a backslash are
12190 shown verbatim with the backslash.
12194 Add simple examples from OpenBSD (Marc Espie)
12198 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
12202 minor prettyification
12210 Fix CIDR handling here too.
12214 Apparently a NULL response is OK
12218 Checkpoint for upcoming beta release
12222 Many people believe that adding a runas spec should obviate the need
12223 for the -u flag. It does not.
12227 checkpoint update for upcoming 1.6.4 beta
12231 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
12232 if HAVE_STRING_H is defined -- this is safe now
12236 Add signals section
12244 Fix check for sigaction_t
12248 XXX - should call find_path() as runas user, not root. Can't do
12249 that until the parser changes though.
12253 If find_path() fails as root, try again as the invoking user (useful
12254 for NFS). Idea from Chip Capelik.
12257 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
12258 Regenerate after pod file changes
12261 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
12262 sudo.pod, sudoers.pod:
12263 Add new sudoers option "preserve_groups". Previously sudo would not
12264 call initgroups() if the target user was root. Now it always calls
12265 initgroups() unless the -P command line option or the
12266 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
12269 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
12271 * compat.h, config.h.in:
12272 Use new HAVE_SIGACTION_T define
12276 Fix compilation on K&C
12284 Add check for sigaction_t -- IRIX already defines this so don't
12293 need stdlib.h here too
12301 Remove redundant checks for string.h, strings.h and unistd.h
12304 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
12306 Regen from pod files
12313 * configure, lex.yy.c, sudo.tab.c:
12318 Return EINVAL if errnum > sys_nerr
12321 * auth/sudo_auth.h:
12322 o Update copyright year
12325 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
12326 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
12328 o Update copyright year
12332 o Don't define STDC_HEADERS unconditionally for IRIX o Update
12340 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
12341 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
12342 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
12343 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
12344 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
12346 o Reorder some headers and use STDC_HEADERS define properly o Update
12351 o Reorder some headers and use STDC_HEADERS define properly o Update
12355 * getspwuid.c, goodpath.c, interfaces.c:
12356 o Reorder some headers and use STDC_HEADERS define properly o Update
12361 o Reorder some headers and use STDC_HEADERS define properly o Update
12365 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
12367 o Reorder some headers and use STDC_HEADERS define properly o Update
12376 flags set in signal handlers should be volatile sig_atomic_t
12379 * config.h.in, configure.in:
12380 Add checks for volatile and sig_atomic_t
12383 * configure, lex.yy.c:
12387 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
12388 sudo.c, sudoers.pod:
12389 Remove "secure_path" Defaults option since it cannot work with the
12393 * find_path.c, sudo.c:
12394 Unset "secure_path" if user_is_exempt()
12397 * env.c, pathnames.h.in:
12398 o Remove assumption that PATH and TERM are not listed in env_keep o
12399 If no PATH is in the environment use a default value o If TERM is
12400 not set in the non-reset case also give it a default value.
12403 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
12404 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
12405 systems that define in paths.h
12408 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
12409 Add support for skeyaccess(3) if it is present in libskey.
12412 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
12415 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
12419 '\\' is a perfectly legal character to have in a command line
12424 o Defer call to set_fqdn() until it is safe to use log_error() o
12425 Don't print errno string value if gethostbyname fails, it is not
12430 Fix CIDR -> in_addr_t conversion.
12433 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
12436 Remove an extra "User_List" in the User_Spec definition From
12437 ybertrand AT snoopymail.com
12441 Make 'listpw=never' work for users who are not explicitly mentioned
12446 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
12450 Document new list Defaults type and convert env_keep and env_delete
12451 to lists. Document new env_check option.
12454 * lex.yy.c, sudo.tab.c, sudo.tab.h:
12459 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
12468 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
12471 * config.h.in, configure.in:
12472 Add check for skeyaccess(3)
12476 Document new -c, -f, and -q options
12480 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
12487 * aclocal.m4, config.h.in, configure.in:
12488 Add check for isblank and a replacement macro if it doesn't exist.
12491 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
12494 In check-only mode, don't create sudoers if it does not already
12499 o Add a new token, DEFVAR, to indicate a Defaults variable name o
12500 Add support for "+=" and "-=" list operators o replace some 1 and 0
12501 with TRUE and FALSE for greater legibility.
12505 o Use exclusive start conditions to remove some ambiguity in the
12506 lexer. Also reorder some things for clarity. o Add support for
12507 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
12508 a Defaults variable name.
12512 Prototype init_envtables()
12516 o Convert environment handling to use lists instead of strings.
12517 This greatly simplifies routines that need to do "foreach" type
12518 operations. o Add new init_envtables() function to set env_check
12519 and env_delete defaults based on initial_badenv_table and
12520 initial_checkenv_table (formerly sudo_badenv_table).
12523 * defaults.c, defaults.h:
12524 o Add a new LIST type and functions to manipulate it. o This is for
12525 use with environment handling variables. o Call new
12526 init_envtables() routine inside init_defaults() to initialize the
12530 * def_data.c, def_data.h, def_data.in:
12531 Convert environment options to use the new LIST type and add a new
12532 one, env_check that only deletes if the sanity check fails.
12536 Add dummy version of init_envtables()
12544 Add check-only mode
12548 Fix generation of entries with NULL descriptions.
12551 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
12554 Use sigaction_t and quiet a gcc warning.
12558 Must reset signal handlers before we exec
12561 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
12563 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
12564 version needs testing. Set SIGTSTP to SIG_DFL during password entry
12565 so user can suspend us.
12569 Add support for interrupting/suspending tgetpass via keyboard input.
12570 If you suspend sudo from the password prompt and resume it will re-
12575 Don't block keyboard interrupt signals, just set them to SIG_IGN.
12578 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
12581 add back HAVE_SIGACTION
12588 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
12589 Kill POSIX_SIGNALS define and old signal support now that we emulate
12590 POSIX ones Also be sure to correctly initialize struct sigaction.
12594 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
12598 Add scaffolding for POSIX signal emulation
12602 o Add missing ';' so this compiles o Can't use NULL since we don't
12607 Emulate sigaction() using sigvec()
12610 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
12613 Document new behavior of negative values of timestamp_timeout Fix a
12618 Add security note about command not being logged after 'sudo su' and
12623 Mention that -V prints default values when run as root, including
12624 the list of environment variables to clear.
12628 Run pod2man with --quotes=none to avoid stupid quoting of C<>
12632 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
12634 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
12635 Add mail_badpass option Also modify mail_always behavior to also
12636 send mail when the password is wrong
12639 * env.c, sudo.c, sudo.h:
12640 Dump default bad env table when 'sudo -V' is run by root.
12644 document env_delete
12648 Add support for '*' in env_keep when not resetting the environment
12649 (ie: the normal case).
12653 Add env_delete variable that lets the user replace/add to the
12654 bad_env_table. Allow '*' wildcard in env_keep entries.
12657 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
12660 Force umask to 022 to guarantee sane directory permissions.
12663 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
12666 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
12670 fix breakage in last commit
12674 acsite.m4 -> aclocal.m4
12678 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
12682 regenerated from def_data.in
12685 * check.c, defaults.c, defaults.h:
12686 Add new T_UINT type that most things use instead of T_INT If
12687 timestamp_timeout is < 0 then treat the ticket as never expiring (to
12688 be expired manually by the user).
12692 change most T_INT -> T_UINT
12696 fix warning when no args
12700 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
12701 we are a signal handler. We no longer print the signal number but
12702 the user can just check the exit value for that.
12705 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
12708 when setting up pipes in child process check for case where stdin ==
12712 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
12715 Ignore editor exit value since XPG4 says vi's exit value is the
12716 count of editing errors made (failed searches, etc).
12719 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
12726 sco now is identified by config.guess as *-sco-*
12730 Check for getspnam() in -lgen if not in -lc for UnixWare.
12733 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
12735 * sudoers.pod, visudo.pod:
12736 "upper case" -> "uppercase"
12740 fix typos and grammar; pjanzen@foatdi.harvard.edu
12743 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
12746 Missing word (specify); krapht@secureops.com
12749 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
12752 If we fail to lookup a login class, apply the default one.
12756 In log_error() free message, not logline unconditionally, then free
12757 logline if it is not the same as message. No function change but
12758 this mirrors how they are allocated.
12761 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
12768 remove some backslash quotes that are unneeded
12772 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
12773 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
12774 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
12775 to AC_DEFINE things manually.
12778 * config.guess, config.sub:
12779 Updated from autoconf-2.50
12782 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
12785 Update mailing list section. We use mailman now, not majordomo.
12788 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
12790 * getspwuid.c, logging.c, sudo.c:
12791 Use setpwent()/endpwent() + all the shadow variants to make sure we
12792 don't inadvertantly leak an fd to the child. Apparently Linux's
12793 shadow routines leave the fd open even if you don't call setspent().
12794 Reported by mike@gistnet.com; different patch used.
12797 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
12804 select() may return EAGAIN. If so, continue like we do for EINTR.
12808 Fix a non-exploitable buffer overflow in the word splitting code.
12809 This should really be rewritten.
12817 Tell people to look in sample.syslog.conf for examples, not FAQ
12821 Update list of env vars that are cleared
12825 remove struct env_table decl since that stuff has all moved to env.c
12828 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
12831 Fix a pasto in flock-style unlocking and include <sys/file.h> for
12832 flock on older systems; twetzel@gwdg.de
12836 regen to get NeXT lockf/flock fix
12840 force NeXT to use flock since lockf is broken
12843 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12846 Use stashed user_gid when checking against exempt gid since sudo
12847 sets its gid to a a value that makes sudoers readable. Previously
12848 if you used gid 0 as the exempt group everyone would be exempt. From
12849 Paul Kranenburg <pk@cs.few.eur.nl>
12852 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
12859 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
12860 some types (such as ssize_t) therein.
12863 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
12866 Fix negation of paths in a boolean context. Problem found by
12870 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
12876 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
12879 SA_RESETHAND means the opposite of what I was thinking--oops To
12880 block all signals in old-style signals use ~0, not 0xffffffff
12883 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
12886 coerce difference of pointers to int when used in a string length
12887 printf format; deraadt@openbsd.org
12890 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
12893 Block all signals in Exit() to avoid a signal race. There is still
12894 a tiny window but I'm not going to worry about it.
12897 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
12900 glibc uses the LANGUAGE env var so clear that too; Solar Designer
12904 Regenerate with a fix to flex.skl that preserves errno from
12905 clobbering by isatty().
12908 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
12910 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
12911 auth/sia.c, auth/sudo_auth.c:
12912 Some defaults I_ defines got renamed.
12915 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
12916 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
12917 set_perms.c, sudo.c, sudo.tab.c:
12918 Move defaults info into its own files from which we generate .h and
12919 .c files. This makes adding or rearranging variables much simpler.
12922 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
12924 * configure, configure.in:
12925 fix typo in last commit
12928 * compat.h, config.h.in, configure, configure.in:
12929 Add check + emulation for setegid (like seteuid).
12933 Make env_keep override badenv_table as documented Fix traversal of
12934 badenv_table (broken in last commit)
12937 * set_perms.c, sudo.c, sudo.h:
12938 Don't try and build saved uid version of set_perms on systems w/o
12939 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
12940 set_perms_setreuid simply be set_perms_fallback() and simply include
12941 the appropriate function at compile time (setreuid() vs. setuid()).
12944 * sudoers.cat, sudoers.man.in, sudoers.pod:
12945 PATH is also preserved when env_reset is in effect
12948 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
12949 configure.in, defaults.c, defaults.h, env.c, find_path.c,
12950 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
12951 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
12952 visudo.c, visudo.cat, visudo.man.in:
12953 New Defaults options: o stay_setuid - sudo will remain setuid if
12954 system has saved uids or setreuid(2) o env_reset - reset the
12955 environment to a sane default o env_keep - preserve environment
12956 variables that would otherwise be cleared
12958 No longer use getenv/putenv/setenv functions--do environment munging
12959 by hand. Potentially dangerous environment variables can be cleared
12960 only if they contain '/' pr '%' characters to protect buggy
12961 programs. Moved environment routines into env.c (new file)
12965 Clear up --without-passwd description
12968 * putenv.c, sudo_setenv.c:
12969 We now build up a new environment from scratch and assign it to
12973 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
12975 * sudo.pod, visudo.pod:
12976 Grammatical fixes from Paul Janzen
12979 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
12982 If there was a syntax error and the user just wants to quit, unlink
12983 sudoers if it is zero length.
12987 'Q' means ignore parse error, not 'q'
12991 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
12995 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
12998 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
13001 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
13003 * config.guess, config.sub:
13004 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
13007 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
13009 * sudo.c, visudo.c:
13010 Use exit(127), not exit(-1)
13013 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
13014 Move set_perms() to its own file and use POSIX saved uid or
13015 setreuid() if available.
13017 Added stay_setuid option for systems that have libraries that
13018 perform extra paranoia checks in system libraries for setuid
13019 programs (ie: anything with issetugid(2)).
13023 strip more bits from the environment and add a facility for
13024 stripping things only if they contain '/' or '%' to address printf
13025 format string vulnerabilities in other programs.
13028 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
13035 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
13044 Check for strcasecmp(3) in -lc89 for NCR Unix
13047 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
13050 Define HAVE_INNETGR #ifdef HAVE__INNETGR
13057 * compat.h, config.h.in, configure.in:
13058 Add check for _innetgr(3) since NCR systems have that instead of
13062 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
13065 check return value of creadcfg() call sd_close() after sd_auth()
13066 store username in sd->username so we don't rely on the USER env
13070 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
13073 document --with-bsdauth
13081 --with-bsdauth assumes --with-logincap
13084 * auth/bsdauth.c, auth/fwtk.c:
13085 When prompting for a response to a challenge, if the user just hits
13086 return then reprompt with echo turned on.
13089 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
13092 Remove debugging code that should not have been committed, oops.
13096 Use lower-level routines and get the password ourselves. Checks for
13097 a challenge and if there is one echo is not turned off.
13100 * auth/pam.c, auth/sudo_auth.h:
13101 minor housekeeping, no real code changes
13104 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
13107 Fix a coredump in the logging functions if gethostname(2) fails by
13108 deferring the call to log_error() until things are better setup.
13110 Fix return value of set_loginclass() in non-BSD-auth case.
13112 Hard-code 'sudo' in the usage message so we can fit more options on
13117 Fix errant ';' (typo) that broken MSG_ONLY
13120 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
13122 * sudo.cat, sudo.man.in:
13130 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
13131 configure, configure.in, getspwuid.c, sudo.c:
13132 Add support for BSD authentication.
13135 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
13138 Fix typo; from sato@complex.eng.hokudai.ac.jp
13141 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
13144 Mention negating umask
13148 Allow user to specify umask of 0777 (same as !umask)
13151 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
13153 * sudo.pod, visudo.pod:
13154 Fix a typo and give a URL for the sudo history.
13157 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
13159 * defaults.c, sudo.pod:
13160 fix typos; pepper@reppep.com
13163 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
13165 * sudo.c, sudo.h, sudo_setenv.c:
13166 sudo_setenv() now exits on memory alloc failure instead of returning
13170 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
13173 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
13174 and possibly others.
13178 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
13179 that "%m" won't be expanded but we don't use that anyway since the
13180 logging routines may splat to stderr as well.
13183 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
13185 Add always_set_home variable
13188 * configure, configure.in:
13189 Have to hard code default values in help since the defaults are set
13190 _after_ the help stuff.
13193 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
13195 * lex.yy.c, parse.lex:
13196 Allow special characters (including '#') to be embedded in pathnames
13197 if quoted by a '\\'. The quoted chars will be dealt with by
13198 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
13201 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
13204 Better path searching for programs we need.
13208 Add section on "C compiler cannot create executables" errors.
13211 * Makefile.binary, Makefile.in, version.h:
13215 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
13216 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
13217 visudo.man.in, visudo.pod:
13218 Substitute values from configure into man pages.
13221 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
13224 The listpw and verifypw sudoers options would not take effect
13225 because the value of the default was checked *before* sudoers was
13226 parsed. Instead of passing in the value of PWCHECK_* to
13227 sudoers_lookup(), pass in the arg for def_ival() so the check can be
13228 deferred until after sudoers is parsed.
13231 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
13234 When writing prompt, no need to write the NUL as well;
13238 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
13241 When looking for chown, check in /sbin too
13244 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
13247 Remove extraneous call to init_defaults() and set runas_user to NULL
13248 betweem parses so init_defaults will reset it each time, thus
13249 avoiding a reference to free()d data.
13252 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
13254 * config.h.in, interfaces.c, interfaces.h, sudo.c:
13255 Add support for using getifaddrs() to get the list of ip addr /
13256 netmask pairs. Currently IPv4-only.
13260 Add a missing check for UserEditor == NULL Add missing '+' before
13261 line number when invoking editor to fix a syntax error
13264 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
13267 Call clean_env very early in main() for paranoia's sake. Idea from
13271 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
13274 Update proto for evasprintf and easprintf
13278 Make easprintf() and evasprintf() return an int.
13282 If the targetpw flag is set, use target username as part of the
13283 timestamp path. If tty tickets are in effect cat the tty and the
13284 target username with a ':' as the separator.
13287 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
13290 Backout part of last change; setting PAM_USER to the invoking user
13291 breaks things like targetpw.
13295 set tty and username via pam_set_item
13298 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
13299 Fix root, runas, and target authentication for non-passwd file auth
13303 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
13305 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
13306 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
13307 Use B<-Z> not C<-Z> for command line flags in all places. This is
13308 more consistent and works around a bug in Pod::Man.
13311 * sudoers.cat, sudoers.man.in, sudoers.pod:
13312 Fix an occurence of 'semicolon' that should be 'colon'
13315 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
13317 * configure, configure.in:
13318 Fix --with-badpri help line
13321 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
13323 * defaults.c, logging.c, sudo.c:
13324 Bracket calls to syslog with an openlog() and closelog() since some
13325 authentication methods (like PAM) may do their own logging via
13326 syslog. Since we don't use syslog much (usually just once per
13327 session) this doesn't really incur a performance penalty. It also
13328 Fixes a SEGV with pam_kafs.
13331 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
13334 Fix -H flag. runas_homedir is only valid after
13335 set_perms(PERM_RUNAS, mode)
13338 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
13341 Clarify the fact that insults are not enabled just by including them
13345 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
13347 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13349 Regenerated with perl 5.6.0 pod2man
13353 Give date string to pod2man since its default is ugly and it ain't
13358 Do section substitution on the output of pod2man and remove hack
13359 needed for old pod2man.
13362 * sudo.pod, sudoers.pod, visudo.pod:
13363 Put back real man sections, we will do the substitution later.
13366 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
13368 * configure, configure.in:
13369 Don't bother checking for the path to vi if user specified --with-
13373 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
13375 * CHANGES, visudo.c:
13376 Visudo now does its own fork/exec instead of calling system(3).
13379 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
13380 sudoers.pod, visudo.c:
13381 Visudo now checks for the existence of an editor and gives a
13382 sensible error if it does not exist.
13384 The path to the editor for visudo is now a colon-separated list of
13385 allowable editors. If the user has $EDITOR set and it matches one
13386 of the allowed editors that editor will be used. If not, the first
13387 editor in the list that actually exists is used.
13390 * sudo.cat, sudo.man.in, sudo.pod:
13391 Clear up confusion wrt sudo's return value.
13394 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
13397 Strip sudo and visudo for bindist target
13400 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
13401 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
13402 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
13403 [5eb9e60a726f] [SUDO_1_6_3]
13405 * visudo.cat, visudo.man.in, visudo.pod:
13406 Typo: @sysconf@ -> @sysconfdir@
13410 'make dist' should not cause any files to be modified so remove its
13415 Whoops, forgot to add release marker
13418 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
13421 Final change for 1.6.3 (or so I hope)
13424 * sudo.cat, sudoers.cat, visudo.cat:
13425 Use SYSV man sections since BSD systems will have nroff...
13428 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
13430 * parse.yacc, sudo.tab.c:
13431 When checking to see if the host/user matches in a defaults spec,
13432 check against TRUE, not just non-zero since it might be -1.
13435 * configure, configure.in:
13436 OSF/1 puts file formats in section 4, not 5.
13439 * CHANGES, INSTALL, sudo.c:
13440 Make login class support work on BSD/OS
13447 * configure, configure.in:
13448 If there is no inet_addr but there *is* an __inet_addr that's ok
13449 since inet_addr is probably just a macro then. The better thing to
13450 do would be to look for the macro, but this is fine for now.
13453 * configure, configure.in:
13454 Don't use shlicc for BSD/OS 4.x
13457 * Makefile.in, configure, configure.in:
13458 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
13459 configure variable so we can deal with this. Also, only remove *.man
13460 for 'distclean' not 'clean'.
13464 set_loginclass() should be static like the proto says
13467 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
13470 Add #ifdef __STDC__ around the rangematch function header to avoid
13471 promotion of test to int, thus violating the prototype. Gcc handles
13472 this gracefully but more std ANSI compilers will complain.
13476 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
13479 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
13480 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
13481 FNM_CASEFOLD in configure
13488 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
13489 Fully qualified hosts w/ wildcards were not matching the FQHOST
13490 token type. There's really no need for a separate token for fully-
13491 qualified vs. unqualified anymore so FQHOST is now history and
13492 hostname_matches now decides which hostname (short or long) to check
13493 based on whether or not the pattern contains a '.'.
13497 Fully qualified hosts w/ wildcards were not matching the FQHOST
13498 token type. There's really no need for a separate token for fully-
13499 qualified vs. unqualified anymore so FQHOST is now history and
13500 hostname_matches now decides which hostname (short or long) to check
13501 based on whether or not the pattern contains a '.'.
13504 * lex.yy.c, parse.c, parse.lex, parse.yacc:
13505 Fully qualified hosts w/ wildcards were not matching the FQHOST
13506 token type. There's really no need for a separate token for fully-
13507 qualified vs. unqualified anymore so FQHOST is now history and
13508 hostname_matches now decides which hostname (short or long) to check
13509 based on whether or not the pattern contains a '.'.
13512 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
13513 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
13514 Add support for wildcards in the hostname.
13518 Add targets for *.man.in, using config.status to generate *.man from
13522 * sudoers.cat, sudoers.man.in, sudoers.pod:
13523 Document set_logname option and enbolden refs to sudo and visudo.
13526 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
13527 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
13528 visudo.cat, visudo.man.in, visudo.pod:
13529 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
13530 from Michael D. Marchionna. configure now does substitution on the
13531 man pages, allowing us to fix up the paths and set the section
13532 correctly. Based on an idea from Michael D. Marchionna.
13536 Better fix for handling HP-UX aging info.
13540 Add support for set_logname run-time default
13543 * sudo.man.in, sudoers.man.in, visudo.man.in:
13544 configure does substitution on these to produce *.man
13547 * sudo.man, sudoers.man, visudo.man:
13548 These files now get generated from *.man.in at configure time.
13551 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
13553 * defaults.c, defaults.h:
13554 Add set_logname option so users can turn off setting of LOGNAME/USER
13555 environment variables.
13558 * lsearch.c, parse.c, testsudoers.c:
13562 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
13565 HP-UX adds extra info at the end for password aging so when
13566 comparing the result of crypt to pw_passwd we only compare the first
13567 len(epass) bytes *unless* the user entered an empty string for a
13572 Get rid of grandchild hack, it was causing problems and there is
13573 really no need for it. This fixes a bug where we spin eating up CPU
13574 when the user runs a long-running process like a shell.
13577 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
13580 User can always specify a login class if he/she is already root.
13583 * config.h.in, configure, configure.in, defaults.c, defaults.h,
13585 FreeBSD login class (login.conf) support.
13588 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
13590 * auth/sudo_auth.c:
13591 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
13594 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
13597 Truncate unencrypted password to 8 chars if encrypted password is
13598 exactly 13 characters (indicateing standard a DES password). Many
13599 versions of crypt() do this for you, but not all (like HP-UX's).
13602 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
13605 Mention that gcc on dynix may have problems
13608 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
13611 Link visudo with NET_LIBS since we now call syslog via defaults.c
13615 Use Argv[0] as the first arg to openlog() since visudo uses this
13619 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
13622 Stash coredumpsize resource limit and retsore it before the exec()
13623 Otherwise the child ends up with a coredumpsize of 0.
13626 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
13628 * sudo.cat, sudo.man, sudo.pod:
13636 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
13637 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
13638 Added -S flag (read passwd from stdin) and tgetpass_flags global
13639 that holds flags to be passed in to tgetpass(). Change echo_off
13640 param to tgetpass() into a flags field. There are currently 2
13641 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
13642 tgetpass(), abstract the echo set/clear via macros and if (flags &
13643 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
13647 Fixed a bug that caused an infinite loop when the password timeout
13651 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
13653 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
13654 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
13655 Add rootpw, runaspw, and targetpw options.
13658 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
13660 enveditor -> env_editor
13663 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
13665 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
13666 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
13668 crank versino to 1.6.3
13671 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
13672 sudoers.pod, visudo.c:
13673 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
13674 them. This means that visudo will now parse the sudoers file
13675 *before* it is edited so a bogus sudoers file will cause a warning
13676 to go to stderr. Also, visudo checks the variables once--it does not
13677 check them after each editor run since that could be confusing.
13680 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
13686 * check.c, sudo.c, sudo.h:
13687 Move user_is_exempt prototype into sudo.h
13690 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
13692 * configure, configure.in:
13693 Fix thinko, some && should have been || in the last commit
13696 * configure, configure.in:
13697 Don't initialized Makefile variables to be NULL since the user may
13698 want to import variables from their environment.
13701 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
13703 * configure, configure.in:
13707 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
13710 fix a yacc (skeleton.c) warning
13713 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
13715 * INSTALL, RUNSON, configure, configure.in:
13716 Make pam work on HP-UX 11.0;jaearick@colby.edu
13720 recent changes; prepare for 1.6.2p1
13724 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
13727 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
13730 Regen with yacc that has a memory leak plugged.
13733 * sudoers.cat, sudoers.man, sudoers.pod:
13734 Expanded docs on sudoers 'defaults' options based on INSTALL file
13739 Fix some while lies
13742 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
13745 When making a bindist, link FAQ to TROUBLESHOOTING instead of
13749 * sudoers.cat, sudoers.man, sudoers.pod:
13750 Add netgroup caveat
13751 [28d119f466e3] [SUDO_1_6_2]
13754 Last minute updates
13770 Better detection of PAM errors and fix custom prompts with PAM.
13771 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
13774 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
13777 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
13781 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
13783 * CHANGES, config.h.in, configure, configure.in, visudo.c:
13784 Fix sudoers locking in visudo. We now lock the sudoers file itself,
13785 not the temp file (since locking the temp file can foul up editors).
13786 The previous locking scheme didn't work because the fd was closed
13790 * config.h.in, configure, configure.in:
13791 Don't need test for ftruncate() any more.
13794 * configure, configure.in:
13795 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
13796 the unbundled HP-UX cc.
13799 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
13801 * sudoers.cat, sudoers.man, sudoers.pod:
13802 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
13805 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
13807 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
13808 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
13809 version.h, visudo.c:
13810 update copyright year on changed files
13822 Crank version to 1.6.2
13826 Crank version to 1.6.2
13830 When using rlimit check for RLIM_INFINITY When computing the value
13831 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
13838 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
13839 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
13840 Crank version to 1.6.2
13843 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
13844 Add 'shell_noargs' runtime option back in. We have to defer
13845 checking until after the sudoers file has been parsed but since
13846 there are now other options that operate that way this one can too.
13847 Based on a patch from bguillory@email.com.
13850 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
13851 Add "listpw" and "verifypw" options.
13854 * sudoers.cat, sudoers.man, sudoers.pod:
13855 o Fix some typos/omissions o Add section on verifypw and listpw o
13856 Define how NOPASSWD interacts with the -v and -l flags
13859 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
13861 * configure, configure.in:
13862 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
13863 -D_HPUX_SOURCE to CPPFLAGS.
13866 * defaults.c, defaults.h:
13867 In struct sudo_defs_types, move the union to the end and don't
13868 initialize the union member since that only works with an ANSI
13869 compiler. We set the value of the union by hand in init_defaults()
13870 anyway. This allows sudo to compile on a K&R compiler again.
13873 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
13875 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
13876 netgr_matches needs to check shost as well as host since they may be
13881 End on \r as well as \n
13884 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
13887 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
13888 from 0400 to whatever SUDOERS_MODE is (converting from the old
13889 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
13890 0400 which should always be the case.
13893 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
13894 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
13895 w/o a passwd if there is *any* entry for the user on the host with a
13896 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
13897 the user on the host w/ the specified runas user have the NOPASSWD
13905 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
13908 Treat EOF at whatnow prompt like 'x' instead of looping.
13911 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
13915 [5836a9452568] [SUDO_1_6_1]
13917 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
13919 * config.h.in, configure, configure.in, sudo.c:
13920 Add check for initgroups() since old SYSV lacks this.
13923 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
13924 parse.c, testsudoers.c:
13925 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
13929 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
13931 * auth/sudo_auth.c:
13932 Don't allow insults to be enabled if the insults[] array is empty.
13933 Otherwise there would be division by zero.
13937 Don't allow insults to be enabled if the insults[] array is empty.
13938 Otherwise there would be division by zero.
13942 Don't allow insults to be enabled if the insults[] array is empty.
13943 Otherwise there would be division by zero.
13947 Don't care about USE_INSULTS #define since the insult stuff may be
13948 overridden at runtime.
13951 * auth/sudo_auth.c:
13952 Honor insults flag.
13955 * CHANGES, parse.c:
13956 Don't ask the user for a password if the user is not allowed to run
13957 the command and the authenticate flag (in sudoers) is false.
13960 * CHANGES, RUNSON, lex.yy.c, parse.lex:
13961 o Whenever we get a bare newline we change to the INITIAL state. o
13962 Enter GOTRUNAS when we see Runas_Alias
13964 This allows #uid to work in a RunasAlias.
13967 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
13969 * CHANGES, parse.yacc, sudo.tab.c:
13970 fix parsing of runas lists: o oprunasuser and runaslist now return a
13971 value o in a runasspec, if a runaslist does not return TRUE, set
13972 runas_matches to FALSE. Normally, a runaslist only returns FALSE
13973 for explicitly denied users. o since runaslist does not modify the
13974 stack there is no need for a push/pop in runasalias.
13978 Don't kill the user's tickets until after sudoers has been parsed
13979 since tty_tickets and ticket_dir could be set in sudoers.
13982 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
13983 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
13984 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
13985 crank version to 1.6
13989 add set_fqdn() stub
13992 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
13994 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
13995 sudoers.man, sudoers.pod, visudo.c:
13996 o Kill shell_noargs option, it cannot work since the command needs
13997 to be set before sudoers is parsed. o Fix the "set_home" sudoers
13998 option (only worked at compile time). o Fix "fqdn" sudoers option.
13999 We now set host/shost via set_fqdn which gets called when the
14000 "fqdn" option is set in sudoers. o Move the openlog() to
14001 store_syslogfac() so this gets overridden correctly from the
14006 SecurID support should compile now.
14009 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
14011 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
14012 visudo.man, visudo.pod:
14013 fix some syntactic goofs
14016 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
14018 * Makefile.in, sudo.html, sudoers.html, visudo.html:
14019 No longer need the .html files as they are generated automatically
14023 * CHANGES, LICENSE:
14024 kill characters that made wml unhappy
14031 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
14034 majordomo@cs.colorado.edu -> majordomo@courtesan.com
14037 * Makefile.in, configure:
14038 Wrap script execution w/ /bin/sh for the benefit of ctm
14041 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
14044 Make the -s flag be exclusive too. Also reorder the flags in the
14045 exclusive usage message so they are alphabetical.
14048 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
14051 make pam errors other than PAM_PERM_DENIED fatal
14059 make it clear that /etc/pam.d/sudo is required on linux
14063 fix a warning on redhat and spew an error if pam_authenticate()
14064 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
14067 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14068 Be very clear that the password required is the user's not root's
14071 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
14074 add sample.syslog.conf to DISTFILES and BINFILES
14077 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
14080 updates from Brian Jackson + some formatting
14083 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
14085 * INSTALL.binary, Makefile.binary, README, RUNSON:
14086 o One RUNSon update o Changes for automating real binary releases
14093 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
14096 talk about run-time options in addition to compile-time options
14097 [1eb813ff0a9a] [SUDO_1_6_0]
14104 need sys/time.h if HAVE_SETRLIMIT
14107 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
14108 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
14109 get rid of references to sudo-bugs. Now mention the web site or the
14114 repair pod2html damage
14118 Update for 1.6 release
14121 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
14122 Add warning about using ALL in a command context.
14125 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
14128 Call yyrestart() on a parse error to reset the lexer state.
14131 * lex.yy.c, parse.lex:
14132 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
14133 since it might not get called in yywrap if we get a parse error
14134 (and we only reread the file on error anyway).
14137 * lex.yy.c, parse.lex:
14138 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
14139 might still exist. Call yyrestart() instead of using the deprecated
14143 * lex.yy.c, parse.lex:
14144 flex doesn't need %N table size declarations
14147 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
14148 Mention what characters need to be escaped in names.
14151 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
14158 clarify Mac OS X entry
14166 o Use AC_MSG_ERROR throughout o Check syslog configure options for
14170 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
14173 Fix printing of type T_MODE in dump_defaults()
14177 missing sys/types.h
14181 Break out options that may be overridden at run time into their own
14182 section. Add a not about Max OS X and correct some lies.
14185 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
14187 * CHANGES, config.h.in, configure, configure.in, sudo.c:
14188 o Now use getrlimit to find the highest fd when closing all non-std
14189 fd's o Turn off core dumps via setrlimit for the sake of paranoia
14196 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
14203 When read()'ing, do a single character at a time to be sure we don't
14204 go oast the newline.
14208 For the sudo_root option, check against user_uid, not getuid() since
14209 at this point, ruid == euid == 0.
14217 Fix compilation problem when --with-logging=file was specified.
14218 This means that syslog is now required to build sudo but that should
14219 not be a problem. If it is it can be fixed trivially with a
14220 configure check for syslog() or syslog.h.
14224 Make this work again for things like "sudo echo hi | more" where the
14225 tty gets put into character at a time mode. We read until we read
14226 end of line or we run out of space (similar to fgets(3)).
14229 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
14231 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
14232 change ital to bold
14239 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
14242 Error out if syslog parameters are given without a value. For
14243 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
14244 no facilities in the 4.2BSD syslog.
14247 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
14250 Ignore the syslog facility for systems w/ old syslog like Ultrix.
14254 people with "." early in their path can have problems running sudo
14255 from the build dir ;-)
14258 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
14260 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14261 Remove -r realm option
14264 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
14265 configure.in, sudo.c:
14266 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
14273 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
14276 include <auth.h> to get function prototypes.
14279 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14283 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
14286 in set_perms(), always call setuid(0) before changing the ruid/euid
14287 so we always know it will succeed.
14291 #undef T_FOO to avoid conflicts with system defines (like on
14295 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
14297 Docuement "Defaults" lines in /etc/sudoers. Still needs some
14298 fleshing out but this is a start.
14301 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
14303 * use strtol, not strtoul since not everyone has not strtoul
14307 use strtol, not strtoul since not everyone has not strtoul
14310 * lex.yy.c, parse.lex:
14311 last {WORD} rule should only apply in the INITIAL state
14314 * lex.yy.c, parse.lex:
14315 o Add support for escaped characters in the WORD macro o Modify
14316 fill() to squash escape chars
14319 * defaults.c, defaults.h:
14320 o Add T_PATH flag to allow simple sanity checks for default values
14321 that are supposed to be pathnames. o Fix a duplicate free when
14322 visudo finds an error.
14325 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
14327 * defaults.c, defaults.h, logging.c:
14328 mail_if_foo -> mail_foo
14331 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
14333 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
14334 o Add requiretty option o Move O_NOCTTY to compat.h
14338 The exit() in log_error() was mistakenly removed in a previous
14339 version. Put it back...
14342 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
14344 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
14345 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
14346 configure, configure.in, defaults.c, defaults.h, find_path.c,
14347 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
14348 o Change defaults stuff to put the value right in the struct. o
14349 Implement mailer_flags o Store syslog stuff both in int and string
14350 form. Setting the string form magically updates the int version.
14351 o Add boolean attribute to strings where it makes sense to say !foo
14355 add O_NOCTTY when opening /dev/tty just in case
14358 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
14361 cleanup function no longer takes a status arg
14368 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
14370 * TODO, config.h.in, configure, configure.in, logging.c:
14371 Use strftime() instead of ctime() if it is available.
14374 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
14381 update ReliantUNIX entry
14384 * defaults.c, defaults.h, logging.c:
14385 add log_year option
14388 * configure, configure.in:
14389 add --without-sendmail to help output
14392 * configure, configure.in:
14393 enforce an otctal arg for --with-suoders-mode
14396 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
14398 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
14399 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
14400 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
14401 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
14402 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
14403 testsudoers.c, version.c, visudo.c:
14404 Add support for "Defaults" line in sudoers to make configuration
14405 variables changable at runtime (and on a global, per-host and per-
14406 user basis). Both the names and the internal representation are
14407 still subject to change. It was necessary to make sudo_user.runas
14408 but a char ** instead of a char * since this value can be changed by
14409 a Defaults line. There is a similar (but more complicated) issue
14410 with sudo_user.prompt but it is handled differently at the moment.
14412 Add a "-L" flag to list the name of options with their descriptions.
14413 This may only be temporary.
14415 Move some prototypes to parse.h
14417 Be much less restrictive on what is allowed for a username.
14420 * sample.syslog.conf:
14424 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
14426 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
14428 UCB has dropped the advertising clause from their license.
14431 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
14433 * auth/sudo_auth.h:
14434 move dce_verofy proto to correct section
14441 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
14444 Add fnmatch() prototype
14447 * fnmatch.c, parse.c, testsudoers.c:
14448 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
14452 add strcasecmp proto
14455 * auth/sudo_auth.c:
14456 add check for case where there are no auth methods
14459 * configure, configure.in:
14460 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
14464 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
14465 include strings.h everywhere we include string.h
14469 nicer output when showing auth methods
14473 Add support for SEND_MAIL_WHEN_NO_HOST
14476 * config.h.in, configure, configure.in:
14477 Add _GNU_SOURCE for Linux
14480 * lex.yy.c, parse.lex:
14481 fix definition of OCTECT
14484 * configure, configure.in:
14485 aix_auth.o not authenticate.o
14488 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
14491 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
14492 keyboard). Since we run with ruid/euid == 0 the user can't really
14493 signal us in nasty ways.
14497 Don't need to worry about catching too many signals since we do
14498 locking on the tmp file. If a lockfile is really stale, it will be
14499 detected and overwritten.
14502 * INSTALL, Makefile.in:
14503 include auth/API in tarball
14506 * auth/sudo_auth.c:
14507 move memset() of plaintext pw outside of verify loop and only do the
14508 memset if we are *not* in standalone mode.
14511 * auth/sudo_auth.c, auth/sudo_auth.h:
14512 DCE is not a standalone method
14516 fix --enable-noargs-shell
14520 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
14523 * auth/fwtk.c, auth/sia.c:
14524 _cleanup() function returns an int.
14528 there were still some return(0)'s hanging around, make them
14537 add missing semicolon
14540 * auth/sudo_auth.h:
14544 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
14546 * CHANGES, config.h.in, configure, configure.in:
14547 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
14551 add parse.h to HDRS
14554 * Makefile.in, configure, configure.in:
14555 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
14556 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
14557 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
14558 testsudoers to build on Solaris and is a bit cleaner in general.
14562 mention ptmp -> sudoers.tmp
14565 * config.h.in, configure, configure.in:
14566 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
14574 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
14575 return a value more like a system function
14587 update based on what is in the man page
14590 * parse.yacc, sudo.tab.c:
14591 minor change to first line printed in -l mode
14594 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14595 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
14596 standard and add "EXAMPLES" section
14599 * visudo.cat, visudo.html, visudo.man, visudo.pod:
14600 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
14604 * logging.c, parse.c, sudo.h:
14608 * lex.yy.c, parse.lex:
14609 make an OCTET really be limited to 0-255
14613 mention timestamp changes
14620 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
14621 new sudoers(8) man page
14624 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
14627 Update comments about syslog name tables
14630 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
14631 strcasecmp.c, sudo.tab.c:
14632 include strcasecmp() for those without it
14636 Use the : operator some more and fix a typo
14640 update the history of sudo
14643 * parse.c, parse.lex, testsudoers.c:
14644 CIDR-style netmask support
14651 * sudo.tab.c, sudo.tab.h:
14652 these should be generated with byacc, not bison
14659 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
14660 In "sudo -l" mode, the type of the stored (expanded) alias was not
14661 stored with the contents. This could lead to incorrect output if
14662 the sudoers file had different alias types with the same name.
14663 Normal parsing (ie: not in '-l' mode) is unaffected.
14666 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
14668 * configure, configure.in:
14669 define _XOPEN_SOURCE to get at crypt() proto on some systems
14672 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
14679 don't need limits.h
14683 kill bogus reference to vfprintf
14686 * sample.sudoers, sudoers:
14691 Add some const in the K&R defs. This is safe since we define const
14692 away if the compiler doesn't grok it.
14695 * aclocal.m4, configure:
14696 Better test for working long long support. Ultrix compiler supports
14697 basic long long but not all operations on them.
14700 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
14701 snprintf.c, sudo.c:
14702 Add check for LONG_IS_QUAD #undef MAXINT before including
14703 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
14704 in snprintf.c and use LONG_IS_QUAD
14707 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
14709 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
14711 UCB-derived snprintf + asprintf support. Supports quads if the
14712 compiler does. No floating point yet, perhaps later...
14715 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
14717 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
14718 goodpath.c, logging.c, parse.c, sudo.c:
14719 Run most of the code as root, not the invoking user. It doesn't
14720 really gain us anything to run as the user since an attacker can
14721 just have an setuid(0) in their egg. Running as root solves
14722 potential problems wrt signalling.
14729 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
14731 * logging.c, sudo.c:
14732 Don't wait for child to finish in log_error(), let the signal
14733 handler get it if we are still running, else let init reap it for
14734 us. The extra time it takes to wait lets the user know that mail is
14737 Install SIGCHLD handler in main() and for POSIX signals, block
14742 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
14743 parse.yacc, sudo.c, sudo.h:
14744 sudoers_lookup() now returns a bitmap instead of an int. This makes
14745 it possible to express things like "failed to validate because user
14746 not listed for this host". Some thigns that were previously
14747 VALIDATE_FOO are now FLAG_FOO. This may change later on.
14749 Reorganized code in log_auth() and sudo.c to deal with above
14752 Safer versions of push/pushcp with in the do { ... } while (0) style
14754 parse.yacc now saves info on the stack to allow parse.c to determine
14755 if a user was listed, but not for the host he/she tried to run on.
14757 Added --with-mail-if-no-host option
14760 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
14762 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
14763 visudo.man, visudo.pod:
14764 o NewArgv and NewArgc don't need to be externally visible. o If
14765 pedantic > 1, it is a parse error. o Add -s (strict) option to
14766 visudo which sets pedantic to 2.
14769 * HISTORY, INSTALL:
14770 Just have sudo-bugs contact info in one place
14773 * sudo.cat, sudo.html, sudo.man, sudo.pod:
14777 * Makefile.in, configure, configure.in:
14778 Add testsudoers to default build target if --with-devel Don't clean
14779 generated parser files unless "distclean".
14782 * parse.yacc, sudo.tab.c:
14783 In pedantic mode we need to save *all* the aliases, not just those
14784 that match, or we get spurious warnings.
14788 reference samples.sylog.conf
14791 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
14793 * sample.syslog.conf:
14794 Sample entries for syslog.conf
14801 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
14802 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
14803 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
14804 auth/sudo_auth.c, auth/sudo_auth.h:
14805 In struct sudo_auth, turn need_root and configured into flags and
14806 add a flag to specify an auth method is running alone (the only
14807 one). Pass auth methods their sudo_auth pointer, not the data
14808 pointer. This allows us to get at the flags and tell if we are the
14809 only auth method. That, in turn, allows the method to be able to
14810 decide what should/should not be a fatal error. Currently only
14811 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
14812 define and te hackery that went with it. With access to the
14813 sudo_auth struct, methods can also get at a string holding their
14814 cannonical name (useful in error messages).
14817 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
14818 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
14820 o --with-otp deprecated, use --without-passwd instead o real
14821 dependencies in the Makefile o --with-devel option to enable yacc,
14822 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
14823 back to being a token, not a string but don't leak memory o rename
14824 hsotspec -> host in parse.yacc
14827 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
14833 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
14835 o Digital UNIX needs to check for *snprintf() before -ldb is added
14836 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
14837 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
14838 functions in snprintf.c to fix -Wall o Add missing includes to fix
14842 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
14843 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
14845 o Add a "pedentic" flag to the parser. This makes sudo warn in
14846 cases where an alias may be used before it is defined. Only turned
14847 on for visudo and testsudoers. o Add --disable-authentication option
14848 that makes sudo not require authentication by default. The PASSWD
14849 tag can be used to require authentication for an entry. We no
14850 longer overload --without-passwd.
14853 * lex.yy.c, parse.lex:
14854 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
14855 username can contain just about anything so be very permissive. Also
14856 drop the unused \. punctuation.
14859 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
14861 * parse.yacc, sudo.tab.c:
14862 o add a 'val' element to aliasinfo struct and move -> parse.h o
14863 find_alias() now returns an aliasinfo * instead of boolean o
14864 add_alias() now takes a value parameter to store in the
14865 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
14866 return: 1) positive match 0) negative match (due to '!')
14867 -1) no match This means setting $$ explicitly in all cases, which I
14868 should have done in the first place. It also means that we always
14869 store a value that is != -1 and when we see a '!' we can set
14870 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
14871 now works the way it should in lists and some of the rules are more
14872 uniform and sensible.
14876 add parse.h dependency
14880 kill unused *_matched macros
14884 Allow a list of users as the first thing in a user spec, not just a
14885 single entry. This makes things more uniform, though it does allow
14886 you to write user specs that are hard to read.
14898 fix check for crypt() in libufc
14901 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
14904 sudo-users list now exists
14907 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
14911 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
14912 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
14913 version.c, visudo.c:
14914 o Move lock_file() and touch() into fileops.c so visudo can use them
14915 o Visudo now locks the sudoers temp file instead of bailing when the
14916 temp file already exists. This fixes the problem of stale temp
14917 files but it does *require* that you not try to put the temp file in
14918 a world-writable directory. This shoud not be an issue as the temp
14919 file should live in the same dir as sudoers. o Visudo now only
14920 installs the temp file as sudoers if it changed.
14923 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
14929 * config.h.in, configure, configure.in, logging.c:
14933 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
14934 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
14935 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
14936 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
14937 -> _PATH_SUDOERS_TMP
14940 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
14942 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
14943 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
14944 root sudo -V config reporting
14947 * configure, configure.in:
14948 aix_auth.o not authenticate.o
14952 Add --with-goodpri and --with-badpri configure options to specify
14953 the syslog priority to use.
14956 * INSTALL, configure, configure.in, logging.h:
14957 Add --with-goodpri and --with-badpri configure options to specify
14958 the syslog priority to use.
14962 kill crufty AIX stuff
14966 Sigh, some versions of make (like Solaris's) don't deal with $< like
14967 I would expect. Both GNU and BSD makes get this right but... So, we
14968 just expand $< inline at the cost of some ugliness.
14972 If the invoking user is root, sudo will now print configure info in
14973 -V mode. Currently just prints logging info, to be expanded later.
14976 * logging.c, logging.h, sudo.c, sudo.h:
14977 o new defines for syslog facility and priority o use new
14978 print_version() functino for -V mode
14982 Don't need version.c
14985 * aclocal.m4, config.h.in, configure, configure.in:
14986 Add check for syslog facilities and priorities tables in syslog.h
14990 o authenticate -> aix_auth o add version.c
14993 * auth/sudo_auth.c:
14994 Missed a prompt -> user_prompt conversion
14997 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
15000 sudo should lock its logfile
15003 * parse.yacc, sudo.tab.c:
15004 o Add '!' correctly when expanding Aliases. o Add shortcut macros
15005 for append() to make things more readable. o The separator in
15006 append() is now a string instead of a char. o In append(), only
15007 prepend the separator if the last char is not a '!'. This is a
15008 hack but it greatly simplifies '!' handling. o In -l mode, Runas
15009 lists and NOPASSWD/PASSWD tags are now inherited across entries in
15010 a list (matches current behavior). o Fix formatting in -l mode such
15011 that items in a list are separated by a space. Greatlt improves
15012 readability. o Space for name field in struct aliasinfo is now
15013 allocated dyanically instead of using a (big) buffer. o In
15014 add_alias(), only search the list once (lsearch instead of lfind +
15018 * lex.yy.c, sudo.tab.c, sudo.tab.h:
15022 * configure, configure.in:
15023 Solais pam doesn't require anye xtra setup
15027 o Simpler '!' support now that the lexer deals with multiple !'s for
15028 us. o In the case of opFOO, have FOO give a boolean return value and
15029 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
15030 it gets fill()'d in parse.lex--fixes a small memory leak. In the
15031 long run it may be better to just fix parse.lex and make ALL back
15032 into a token. However, having it be a string is useful since it
15033 can be easily passed back to the parent rule if we so desire.
15037 o Remove some unnecessary backslashes o collapse multiple !'s by
15038 using !+ and checking if yyleng is even or odd. this allows us to
15039 simplify ! handling in parse.yacc
15043 -u flag was being ignored
15046 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
15053 work around pod2man stupididy
15057 correct dependencies for .cat
15060 * sudo.cat, sudo.man, visudo.cat, visudo.man:
15064 * sudo.pod, visudo.pod:
15065 Add copyright Update to reality
15068 * parse.c, sudo.c, sudo.h:
15069 rename validate() to the more descriptive sudoers_lookup()
15076 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
15082 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
15083 configure, configure.in, sudo.c:
15088 add 4th term to license similar to term 5 in the apache license
15091 * emul/search.h, emul/utime.h:
15092 add 4th term to license similar to term 5 in the apache license
15095 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
15096 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
15097 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
15098 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
15099 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
15100 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
15101 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
15103 add 4th term to license similar to term 5 in the apache license
15106 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
15107 add 4th term to license similar to term 5 in the apache license
15110 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
15111 getspwuid.c, goodpath.c:
15112 add 4th term to license similar to term 5 in the apache license
15115 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
15116 insults.h, logging.c, sudo.c, sudo.h:
15117 there was a 1995 release too
15120 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
15127 Use dirs instead of files for timestamp. This allows tty and non-
15128 tty schemes to coexist reasonably. Note, however, that when you
15129 update a tty ticket, the mtime on the user dir gets updated as well.
15132 * configure, configure.in:
15133 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
15134 when linking test program, not just -lprot. Also add check for
15135 getspnam(). The SCO docs indicate that /etc/shadow can be used but
15139 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
15142 first cut at auth API description
15145 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
15147 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
15148 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
15150 auth API change. There is now an init method that gets run before
15151 the main loop. This allows auth routines to differentiate between
15152 initialization that happens once vs. setup that needs to run each
15153 time through the loop.
15156 * auth/kerb5.c, logging.c:
15157 use easprintf() and evasprintf()
15161 add easprintf() and evasprintf(), error checking versions of
15162 asprintf() and vasprintf()
15166 remove 2 items. One done, one won't do.
15169 * lex.yy.c, sudo.tab.c:
15173 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
15174 visudo.html, visudo.man:
15183 o Document -K flag and update meaning of -k flag. o BSD-style
15184 copyright o Document clearing of BIND resolver environment variables
15185 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
15186 if your OS gives away files
15194 BSD-style copyright
15198 o BSD copyright o no need to block signals, we now do that in main()
15202 * testsudoers.c, visudo.c:
15203 o BSD-style copyright o Use "struct sudo_user" instead of old
15204 globals. o some cometic cleanup
15208 BSD-style copyright
15212 o BSD copyright o logging and parser bits moved to their own .h
15213 files o new "struct sudo_user" to encapsulate many of the old
15218 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
15219 logging routines o simplified flow of control o BIND resolver
15220 additions to badenv_table
15224 BSD-style copyright
15228 Now compiles on more K&R compilers
15232 BSD-style copyright, cosmetic changes
15236 BSD-style copyright
15239 * parse.c, parse.h, parse.lex, parse.yacc:
15240 BSD-style copyright. Move parser-specific defines and structs into
15241 parse.h + other cosmetic changes
15245 defines for logging routines
15248 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
15249 BSD-style copyright, cosmetic changes
15252 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
15254 BSD-style copyright
15258 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
15259 kill --disable-tgetpass o add --without-passwd o changes to fill in
15260 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
15261 v?asprintf() o replace --with-AuthSRV with --with-fwtk
15265 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
15266 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
15267 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
15271 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
15275 BSD-style copyright
15279 no more --with-getpass
15283 Take out things I've done...
15291 --with-getpass no longer exists
15295 BSD-style copyright. Update to reflect reality wrt new files and
15300 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
15305 Update history a bit
15308 * COPYING, LICENSE:
15309 Now distributed under a BSD-style license
15312 * auth/sudo_auth.c:
15313 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
15314 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
15318 * auth/pam.c, auth/sia.c:
15319 BSD-style copyright and use new log functions
15323 o BSD-style copyright o Use new log functiongs o Use asprintf() and
15324 snprintf() where sensible.
15328 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
15329 done more reasonably--better sanity checks and tty-based stamps are
15330 now done as files in a directory with the same name as the invoking
15331 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
15332 to mix tty and non-tty based ticket schemes but this may change in
15333 the future (it requires sudo to use a directory instead of a file in
15334 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
15335 the epoch and ``sudo -K'' really deletes the file. That way you
15336 don't get the lecture again just because you killed your ticket in
15337 .logout. BSD-style copyright now.
15341 o rewritten logging routines. log_error() now takes printf-style
15342 varargs and log_auth() for the return value of validate(). o BSD-
15346 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
15347 superceded by new auth API
15351 BSD-style copyright
15355 Use snprintf() where it makes sense and add a BSD-style copyright
15358 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
15359 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
15360 BSD-style copyright
15363 * emul/utime.h, utime.c:
15364 BSD-style copyright
15368 this has been rewritten so use my BSD-style copyright
15371 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
15374 include malloc.h if no stdlib.h
15378 KTH snprintf()/asprintf() for systems w/o them
15382 strerror() for systems w/o it
15385 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
15391 * parse.c, parse.lex, parse.yacc:
15392 Add contribution info in the main comment
15395 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
15398 remove missed ref to PAM_nullpw
15401 * auth/sudo_auth.h:
15406 more or less complete now--still untested
15409 * auth/afs.c, auth/pam.c:
15410 don't use user_name macro, it will go away
15413 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
15414 combine skey/opie code into rfc1938.c
15417 * auth/dce.c, auth/sudo_auth.h:
15418 DCE authentication method; basically unchanged from dce_pwent.c
15421 * auth/aix_auth.c, auth/sudo_auth.h:
15422 AIX authenticate() support. Could probably be much better
15426 Fix an uninitialized variable and some cleanup. Now works (tested)
15429 * auth/sia.c, auth/sudo_auth.h:
15430 SIA support for digital unix
15434 don't use prompt global, it will go away
15437 * auth/secureware.c:
15438 correct copyright years
15441 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
15442 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
15443 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
15444 New authentication API and methods
15447 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
15454 only save an entry if user_matches && host_matches, even if the
15455 stack is empty (fix for previous commit)
15463 1) Always save an entry on the stack if it is empty. This fixes the
15464 -l and -v flags that were broken by earlier parser changes.
15466 2) In a Runas list, don't negate FALSE -> TRUE since that would make
15467 !foo match any time the user specified a runas user (via -u) other
15472 interfaces and num_interfaces are now auto, not extern
15475 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
15478 use a static global to keep stae about empty passwords
15482 make PASSWORD_NOT_CORRECT logging consistent with other modules
15485 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
15488 PAM prompt code was wrong, looks like we have to kludge it after
15493 In the PAM code, when a user hits return at the first password
15494 prompt, exit without a warning just like the normal auth code
15497 * configure, configure.in:
15498 kludge around cross-compiler false positives
15501 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
15502 New (correct) PAM code Tgetpass now takes an echo flag for use with
15503 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
15504 useless umask setting Change error from BAD_ALLOCATION ->
15505 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
15510 Some -Wall and kill some trailing spaces
15514 define -D__EXTENSIONS__ for solaris so we get crypt() proto
15517 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
15523 * INSTALL, config.h.in, configure, configure.in:
15524 for kerberos V < version, fall back on old kerb4 auth code
15528 clarify some things
15531 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
15535 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
15538 mention why DONT_LEAK_PATH_INFO is not the default
15541 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
15544 Fix open(2) return value checking, was NULL for fopen, should be -1
15553 better wording for solaris pam notice
15557 document recent changes
15561 Update shadow password section
15565 move authentication code from check.c to auth.c
15568 * Makefile.in, check.c, sudo.h:
15569 move authentication code to auth.c
15572 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
15574 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
15575 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
15576 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
15577 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
15579 Move interface-related defines to interfaces.h so we don't have to
15580 include <netinet/in.h> everywhere.
15583 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
15585 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
15586 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
15587 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
15588 turns out the old DES crypt does the right thing with passwords
15589 longert than 8 characters. o Fix common typo (necesary ->
15590 necessary) o Update TODO list
15593 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
15596 set $LOGNAME when we set $USER
15599 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
15602 add comment about digital unix and interfaces.c warning with gcc
15605 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
15608 use modern paths and give examples for some of the new parser
15612 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
15618 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
15619 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
15620 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
15621 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
15622 Function names should be flush with the start of the line so they
15623 can be found trivially in an editor and with grep
15626 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
15627 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
15628 free(3) is already void, no need to cast it
15631 * logging.c, sudo.c, sudo.h:
15632 catch case where cmnd_safe is not set (this should not be possible)
15635 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
15636 testsudoers.c, visudo.c:
15637 Stash the "safe" path (ie: the one listed in sudoers) to the command
15638 instead of stashing the struct stat. Should be safer.
15641 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
15643 * INSTALL, Makefile.in, UPGRADE:
15644 notes on updating from an earlier release
15651 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
15653 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
15654 sudoers.man, sudoers.pod:
15655 You can now specifiy a host list instead of just a host or alias.
15656 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
15663 * parse.yacc, sudo.tab.c:
15664 Move the push from the beginning of cmndspec to the end. This means
15665 we no longer have to do a push at the end of privilege, just reset
15669 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
15670 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
15671 use "!" most everywhere
15674 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
15677 modernize paths and update su example based on sample.sudoers one
15681 New runas semantics
15684 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
15686 In estrdup(), do the malloc ourselves so we don't need to rely on
15687 the system strdup(3) which may or may not exist. There is now no
15688 need to provide strdup() for those w/o it. Also, the prototype for
15689 estrdup() was wrong, it returns char * and its param is const.
15697 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
15700 * CHANGES, TODO, parse.yacc, sudo.tab.c:
15701 It is now possible to use the '!' operator in a runas list as well
15702 as in a Cmnd_Alias, Host_Alias and User_Alias.
15705 * logging.c, sudo.h:
15706 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
15710 Definitions of *_matched were wrong--user top, not top-2 as
15714 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
15715 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
15716 command but the NOPASSWD flag was set. Make runasspec, runaslist,
15717 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
15718 in the runas list Fix double printing of '%' and '+' for groups and
15719 netgroups respectively Add *_matched macros (no need for local stack
15720 variable). Should only be used directly after a pop (since top must
15724 * aclocal.m4, configure.in:
15725 Add copyright, somewhat silly
15728 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
15730 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
15731 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
15732 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
15733 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
15734 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
15735 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
15736 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
15737 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
15739 Crank version to 1.6 and combine copyright statements
15743 Use ! not ^ to do negation
15746 * lex.yy.c, sudo.tab.c:
15750 * parse.lex, parse.yacc:
15751 Make runas and NOPASSWD tags persistent across entris in a command
15752 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
15753 runas or *PASSWD tag the value given becomes the new default for the
15754 rest of the command list.
15757 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
15761 [a1ae9d4a7d54] [SUDO_1_5_9]
15764 Shift return value of system(3) by 8 to get real exit value and if
15765 it is not 1 or 0 print the retval along with the error message.
15768 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
15771 testsudoers needs LIBOBJS too
15774 * parse.c, parse.yacc, sudo.tab.c:
15775 Fix another parser bug. For a sudoers entry like this: millert
15776 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
15784 * parse.yacc, sudo.tab.c:
15785 Save entries that match a ! command on the matching stack too
15789 Make sudo's usage info better when mutually exclusive args are given
15790 and don't rely on argument order to detect this; nick@zeta.org.au
15793 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
15795 * CHANGES, Makefile.in, RUNSON:
15803 * parse.yacc, sudo.tab.c:
15804 Fix off by one error introduced in *alloc changes
15807 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
15808 check_sia.c, compat.h, config.h.in, configure, configure.in,
15809 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
15810 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
15811 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
15812 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
15813 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
15814 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
15815 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
15819 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
15820 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
15821 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
15822 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
15823 Use emalloc/erealloc/estrdup
15827 error checking memory allocation routines
15830 * parse.yacc, sudo.tab.c:
15831 Still not right, this fixes it for real
15834 * parse.yacc, sudo.tab.c:
15835 Fix for previous commit
15838 * CHANGES, INSTALL, parse.yacc:
15839 Fix a parser bug that was exposed when mixing different runas specs
15840 and ! commands. For example: millert ALL=(daemon)
15841 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
15842 as well as daemon when it should just allow daemon. The problem was
15843 that comma-separated commands in a list shared the same entry on the
15844 matching stack. Now they get their own entry iff there is a full
15845 match. It may be better to just make the runas spec persistent
15846 across all commands in a list like the user and host entries of the
15847 matching stack. However, since that is a fairly major change it
15848 should gets its own minor rev increase.
15851 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
15853 * check.c, config.h.in:
15854 Simplify PAM code and fix a PAM-related warning on Linux
15857 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
15871 * check.c, configure.in:
15872 new pam code that works on solaris, should work on linux too;
15876 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
15883 only include strings.h if there is no string.h
15886 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
15889 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
15892 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
15895 shost must be set before log functions are called #ifdef HOST_IN_LOG
15898 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
15900 * CHANGES, lex.yy.c, parse.lex:
15901 Fix a bug wrt quoting characters in command args. Stop processing
15902 an arg when you hit a backslash so the quoted-character detection
15906 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
15909 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
15912 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
15914 * configure, configure.in:
15915 add missing case statement so --without-sendmail works
15918 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
15924 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
15926 * configure, configure.in:
15927 only search for -lsun in irix <= 4.x
15930 * configure, configure.in:
15931 back out last configure.in change now that I've hacked autoconf to
15932 fix the real problem and add a missing newline
15940 add def of dirfd() for those without it
15943 * configure, configure.in:
15944 When falling back to checking for socket() when linking with
15945 "-lsocket -lnsl" check for main() instead since autoconf has already
15946 cached the results of checking for socket() in -lsocket. This is
15947 really an autoconf bug as it should use the extra libs as part of
15948 the cache variable name.
15955 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
15958 fix occurrence of $with_timeout that should be
15959 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
15963 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
15965 * sudo.cat, sudo.html, sudo.man, sudo.pod:
15966 fix grammar; espie@openbsd.org
15967 [7031d9dfbc3e] [SUDO_1_5_8]
15969 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
15971 * parse.yacc, sudo.c, testsudoers.c:
15972 add cast for strdup in places it does not have it
15975 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
15977 * configure, configure.in:
15978 define for_BSD_TYPES irix
15981 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
15983 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
15984 Make it clear that it is the user's password, not root's, that we
15989 If the user enters an empty password and really has no password,
15990 accept the empty password they entered. Perviously, they could
15992 *but* an empty password. Also, add GETPASS macro that calls either
15993 tgetpass() or getpass() depending on how sudo was configured.
15994 Problem noted by jdg@maths.qmw.ac.uk
15997 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
15999 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
16000 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
16001 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
16002 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
16003 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
16004 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
16006 add explicate copyright
16010 mention -lsocket, -lnsl configure changes
16013 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
16016 Don't clobber errno after calling check_sudoers().
16019 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
16021 * configure, configure.in:
16022 When linking with both -lsocket and -lnsl be sure to do so in that
16023 order. Also, when we can't find socket() or inet_addr() and have to
16024 try linking with both libs, issue a warning.
16027 * sudo.cat, sudo.man, sudo.pod:
16028 clarify bad timestamp and fmt
16031 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
16034 be clear that pam is linux-only and add a RUNSON entry
16037 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
16039 * CHANGES, INSTALL, configure, configure.in:
16040 fix and correctly document --with-umask; problem noted by
16044 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
16046 * configure, configure.in:
16047 only use /usr/{man,catman}/local to store man pages if suer didn't
16048 override prefix or mandir
16051 * INSTALL, configure, configure.in:
16052 fix typo, make --with-SecurID take an arg
16055 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
16061 * CHANGES, INSTALL, check.c, configure, configure.in:
16062 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
16065 * configure, configure.in:
16066 better fix for the problem of unresolved symbols in -lnsl or
16070 * configure, configure.in:
16071 when checking for functions in -lnsl and -lsocket link with both of
16072 them to avoid unresolved symbols on some weirdo systems
16075 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
16077 * BUGS, CHANGES, RUNSON, TODO:
16078 old changes that didn't make it into RCS before the RCS->CVS switch
16081 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
16083 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
16084 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
16085 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
16086 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
16087 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
16088 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
16089 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
16102 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
16103 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
16104 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
16105 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
16106 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
16107 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
16108 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
16109 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
16110 crank version and regen files
16114 kill rcs goop in update_version and fix now that version is a const
16117 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
16118 sudo.c, sudo.h, sudo.pod:
16119 kerb5 support from fcusack@iconnet.net
16122 * realpath.c, sudo_realpath.c:
16123 we no longer use realpath
16127 replaced by find_path.c
16131 all options are now configure flags
16139 superceded by getcwd.c
16143 superceded by tgetpass.c
16147 superceded by RUNSON
16151 No longer used now that we have configure options for everything.
16155 regen based on configure.in
16158 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
16159 sudoers.man, visudo.cat, visudo.html, visudo.man:
16160 regen based on sudo.pod, sudoers.pod, and visudo.pod
16163 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
16166 fix tty tickets in remove_timestamp (didn't use ':')
16169 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
16172 close sock when we are done with it
16175 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
16178 never say "error on line -1"
16181 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
16184 check for -lnsl before -lsocket
16188 quote '[', ']' used in ranges correctly
16191 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
16194 add missing NO_ROOT_SUDO noted by drno@tsd.edu
16197 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
16204 more info for 1.5.7
16212 make increases of cm_list_size and ga_list_size be similar to
16213 increases of stacksize (ie: >= not > in initial compare).
16217 when we get a syntax error, report it for the previous line since
16218 that's generally where the error occurred.
16221 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
16223 * config.h.in, configure.in, interfaces.c:
16224 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
16226 [d197f31fd1e4] [SUDO_1_5_7]
16229 define BSD_COMP for svr4
16232 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
16233 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
16234 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
16235 testsudoers.c, tgetpass.c, utime.c, visudo.c:
16240 kill check for sockio,h
16244 no more HAVE_SYS_SOCKIO_H
16247 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
16248 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
16249 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
16250 testsudoers.c, tgetpass.c, utime.c, visudo.c:
16254 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
16257 add missing inform_user()
16260 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
16263 return NOT_FOUND if given fully qualified path and it does not exist
16264 previously it would perror(ENOENT) which bypasses the option to not
16269 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
16273 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
16276 tty tickets are user:tty now
16280 when using tty tickets make it user:tty not user.tty as a username
16281 could have a '.' in it
16284 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
16287 add "ignoring foo found in ." for auth successful case
16290 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
16293 add missing printf param
16296 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
16298 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
16299 go back to printing "command not found" unless --disable-path-info
16300 specified. Also, tell user when we ignore '.' in their path and it
16301 would have been used but for --with-ignore-dot.
16305 Only one space after a colon, not two, in printf's
16308 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
16311 document setting $USER
16315 fix bugs with prompt expansion
16319 set $USER for root too
16322 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
16329 HP-UX's iscomsec is in -lsec, not libc
16333 remove some entries in the OS case statement that did nothing
16337 add "cd" section and flush out syslog section
16341 no more sudo-lex.yy.c
16345 add custom prompt support
16349 kill perror("malloc") since we already have a good error messages
16350 pw_ent -> pw for brevity
16354 kill perror("malloc") since we already have a good error messages
16355 pw_ent -> pw for brevity set $USER if -u specified
16359 kill perror("malloc") since we already have a good error messages
16363 kill perror("malloc") since we already have a good error messages
16364 pw_ent -> pw for brevity when checking if %group matches, look up
16365 user in password file so that %groups works in a RunAs spec.
16369 kill perror("malloc") since we already have a good error messages
16372 * check.c, getspwuid.c, interfaces.c:
16373 kill perror("malloc") since we already have a good error messages
16374 pw_ent -> pw for brevity
16377 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
16380 the prompt is expanded before tgetpass is called
16384 tgetpass now has the same args as getpass again
16388 add iscomsec, issecure support
16392 we now expand any %h or %u in the prompt before passing to tgetpass
16396 add check for syslog(3) in -lsocket, -lnsl, -linet
16400 add HAVE_ISCOMSEC and HAVE_ISSECURE
16404 add check for iscomsec in HP-UX
16408 check for issecure if we have getpwanam on SunOS some options are
16409 incompatible with DUNIX SIA check for dispcrypt on DUNIX
16412 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
16419 add back support for non-dispcrypt based checking for older DUNIX
16427 SIA becomes the default on Digital UNIX now havbe --disable-sia to
16432 move local includes after system ones
16435 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
16437 * check.c, check_sia.c, sudo.h:
16438 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
16443 fix while loop in sia_attempt_auth() that checks the password. Only
16444 the first iteration was working.
16447 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
16450 don't trust UID_MAX or MAXUID
16461 * getspwuid.c, secureware.c:
16462 init crypt_type to INT_MAX since it is legal to be negative in DUNX
16467 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
16468 -ldb since DUNX < 4.0 lacks it
16471 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
16473 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
16474 secureware.c, sudo.c, tgetpass.c:
16475 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
16476 minutes if the shadow files don't exist).
16479 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
16482 updated --with-editor blurb
16486 tell how to put sudoers in a different dir
16490 add missing quotes around $with_editor
16494 typo in --with-editor bits
16498 I don't expect it to work on Solaris
16502 add back security/pam_misc.h
16505 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
16508 remove dunix note since configure checks for this now
16512 add check for broken dunix prot.h (4.0 < 4.0D is bad)
16515 * getspwuid.c, secureware.c, tgetpass.c:
16516 new dunix shadow code, use dispcrypt(3)
16524 call initprivs() if we have it for getprpwuid later on
16528 clean pathnames.h too
16532 quote "Sorry, try again." with [] since it has a comma in it set
16533 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
16534 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
16539 update Digital UNIX note about acl.h
16544 --without-root-sudo -> --disable-root-sudo some reordering
16551 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
16559 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
16562 when checking for -lsocket, -lnsl, and -linet, check for the
16563 specific functions we need from them.
16566 * config.h.in, sudo.h:
16567 move Syslog_* defs into sudo.h
16570 * Makefile.in, sudo.h:
16571 added check_secureware
16575 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
16579 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
16580 defined. configure now does that for us
16584 move some --with options around change a bunch of echo's to
16585 AC_MSG_CHECKING, AC_MSG_RESULT pairs
16589 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
16590 syntax error add some echo verbage
16593 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
16596 moved SecureWare stuff into secureware.c
16604 update url to solaris gcc bins
16608 change option formatter and flesh out someentries
16611 * TROUBLESHOOTING, sudo.pod, visudo.pod:
16612 environmental variable -> environment variable
16616 everything is now done via configure
16624 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
16628 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
16632 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
16633 sudoers_mode from configure
16637 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
16638 the Makefile, not config.h
16642 document all --with/--enable options
16645 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
16648 options.h is no more
16652 assimilated options.h
16656 moved options from options.h to configure
16659 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
16660 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
16661 sudo_setenv.c, visudo.c:
16665 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
16666 remove references to options.h
16669 * dce_pwent.c, interfaces.c, sudo.c:
16674 if select return < -1 still prompt for pw
16678 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
16683 FAST_MATCH is no longer an optino
16687 remove_timestamp() if timestamp is preposterous
16691 convert more options to --with/--enable
16694 * INSTALL, aclocal.m4:
16699 convert more options into --with and --enable
16703 catch EINTR in select and restart
16710 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
16713 UMASK -> SUDO_UMASK.
16716 * check.c, logging.c:
16717 time.h, not sys/time.h
16720 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
16723 MAILER -> _PATH_SENDMAIL
16726 * INSTALL, configure.in:
16727 no more --with-C2, now it is --disable-shadow
16730 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
16731 getspwuid.c, sudo.c, tgetpass.c:
16732 new shadow password scheme. Always include shadow support if the
16733 platform supports it and the user did not disable it via configure
16736 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
16739 --with-getpass -> --{enable,disable}-tgetpass
16743 pathnames.h -> pathnames.h.in
16751 move pam_conv to be static to auth function remove pam_misc.h
16752 (solaris doesn't have one)
16756 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
16760 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
16764 convert to pathnames.h.in
16767 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
16770 fix typo in sysv4 matching case /.
16773 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
16776 pam stuff needs to run as root, not user, for shadow passwords
16779 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
16781 * BUGS, INSTALL, README, configure.in:
16785 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
16786 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
16787 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
16788 logging.c, options.h, parse.c, parse.lex, parse.yacc,
16789 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
16790 testsudoers.c, tgetpass.c, utime.c, visudo.c:
16795 user version.h for long message
16799 this is version 1.5.6
16802 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
16805 remove errant backslash
16808 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
16810 * options.h, parse.yacc, pathnames.h.in:
16812 [fdee73255d64] [SUDO_1_5_6]
16814 * BUGS, CHANGES, TODO:
16822 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
16825 kill unused localhost_mask var copy if name to ifr_tmp after we zero
16829 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
16832 Better description of new vs. old sudoers modes fix some typos
16833 better description of /usr/ucb/cc gotchas on slowaris
16841 set NewArgv[0] to user_shell, not basename(user_shell)
16844 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
16847 mention TROUBLESHOOTING more fix some typos
16851 move --enable/--disable to be after --with
16855 document --enable/--disable
16859 document --with-pam
16862 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
16865 Add message for pam users
16876 * check.c, config.h.in, configure.in:
16877 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
16880 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
16883 add HOST_IN_LOG and WRAP_LOG
16887 add WRAP_LOG and HOST_IN_LOG
16891 add --enable-log-host and --enable-log-wrap
16895 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
16898 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
16905 include sys/param.h to get howmany macro
16908 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
16910 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
16914 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
16917 bring in stdio.h for NULL
16921 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
16925 use HAVE_SET_AUTH_PARAMETERS
16929 add HAVE_SET_AUTH_PARAMETERS
16933 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
16937 add support for HI-UX/MPP SR220001 02-03 0 SR2201
16941 initialize previfname
16945 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
16946 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
16955 don't need special build line for sudo.tab.o
16959 don't clean sudo.tab.[ch]
16963 Sudo should prompt for a password before telling the user that a
16964 command could not be found.
16972 no longer require yacc
16980 y.tab -> sudo.tab include pre-yacc'd parse.yacc
16984 include sudo.tab.h, not y.tab.h don't break out of command args if
16992 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
17001 getcwd(3) from OpenBSD for those without it.
17005 HAVE_GETWD -> HAVE_GETCWD
17009 pretend sunos doesn't have getcwd(3) since it opens a pipe to
17018 remove duplicate include of string.h
17022 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
17026 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
17030 add dev_t and ino_t
17033 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
17036 fix OTP_ONLY for opie
17039 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
17041 * testsudoers.c, tgetpass.c:
17042 include stdlib.h for malloc proto
17045 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
17048 make update_version saner
17052 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
17056 check for waitpid and wait3 or no waitpid
17060 used waitpid or wait3 if we have 'em
17063 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
17066 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
17069 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
17072 don't need to explicately mention -lsocket -lnsl for sequent
17075 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
17078 dynix should not link with -linet
17081 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
17084 mention that HP-UX doesn't ship with yacc
17087 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
17090 ignore kerberos if we can't get the local realm
17093 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
17095 * BUGS, INSTALL, README, configure.in:
17103 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
17104 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
17105 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
17106 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
17115 don't use popen/pclose. Do it inline.
17126 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
17127 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
17132 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
17137 getwd.c -> getcwd.c
17149 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
17153 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
17155 * OPTIONS, options.h:
17156 add STUB_LOAD_INTERFACES
17159 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
17160 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17161 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17162 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17163 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17164 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17169 support *-ccur-sysv4 and fix two typos
17172 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
17175 don't echo about with_logfile and with_timedir
17179 document --with-logfile and --with-timedir
17183 support --with-logfile and --with-timedir
17187 Add --with-logfile and --with-timedir
17191 change size computation of NewArgv for UNICOS
17194 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
17197 treate -*-sysv4* like *-*-svr4
17200 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
17203 fix spacing for --with-authenticate help
17206 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
17207 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17208 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17209 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17210 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17211 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17216 fix off by one error in push macro
17219 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
17222 removed bogus alloca hack
17226 added AIX 4.x authenticate() support
17230 include alloca.h if using bison and not gcc and it exists. fixes an
17231 alloca problem on hpux 10.x
17235 mention --with-authenticate
17239 added AIX authenticate() support
17243 add HAVE_AUTHENTICATE
17247 dynamically size ifconf buffer
17254 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
17255 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17256 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17257 logging.c, options.h, parse.c, parse.lex, parse.yacc,
17258 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17259 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17267 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
17270 add busy stmp file explanation
17273 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
17276 the name of the cached var that signals whether or not you are cross
17277 compiling changed. It is now ac_cv_prog_cc_cross
17280 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
17283 mention glibc 2.07 is fixed wrt lsearch()\.
17286 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
17288 * sample.sudoers, sudoers.pod:
17289 better example of su but not root su
17292 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
17294 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
17295 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17296 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17297 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17298 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17299 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17304 correct regexp for updating version
17308 remove bogus flush of stderr spew prompt before turning off echo.
17309 Seems to fix a weird problem where if sudo complained about a bogus
17310 stamp file the user would sometimes not have a chance to enter a
17315 fix bogus flush of stderr
17319 close fd's <=2 not <=3 and move that chunk of code up
17323 support hpux1[0-9] not just hpux10
17326 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
17329 set sudoers_fp to nil after closing
17332 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
17334 * config.guess, config.sub:
17335 updated from autoconf 2.12
17342 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
17345 fix select usage for high fd's (dynamically allocate readfds)
17349 kill extra whitespace
17353 do an initgroups() before running a command, unless the target user
17357 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
17360 tell people to use tabs, not spaces, in syslog.conf
17363 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
17365 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
17366 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
17370 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
17371 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
17375 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
17376 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
17381 more tweaks to update_version
17385 fixed up update_version rule
17393 removed supe of check.c
17404 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
17405 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
17406 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
17407 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
17408 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
17409 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
17419 add rules to update version stuff in files so I don't need to do it
17424 sudoers_fp is now extern
17428 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
17429 don't have to open it again in the parse. This may help with weird
17430 solaris problems where EAGAIN sometime occurrs.
17434 sudoers file open is now done only in check_sudoers() so we just do
17435 a rewind() instead of an open. May help people on solaris who were
17439 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
17442 mention that newer glibc is fixed
17445 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
17448 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
17449 _RLD* instead of _RLD_*
17457 fix that bug for real
17461 document Linux's libc6 brokenness.
17470 [4949a1bbd0a9] [SUDO_1_5_4]
17473 remind people to HUP syslogd
17489 remove author's email addr. people should mail sudo-bugs
17496 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
17497 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
17498 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
17499 logging.c, options.h, parse.c, parse.lex, parse.yacc,
17500 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17501 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
17509 * INSTALL, Makefile.in:
17518 exit(1) if user enters no passwd
17526 commands can start with ./* not just /* -- fixes a serious security
17530 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
17533 Don't set the tty variable to NULL when we lack a tty, leave it as
17537 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
17540 fix usage of (username) in conjunction with , and !
17544 catch the case where the user is not in the passwd file
17548 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
17553 define tty global to an initial value to avoid dumping core in
17554 logging functions when passwd file is unavailable.
17558 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
17563 talk about problem of ALL
17566 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
17573 fdesc bug is fixed in Open/Net BSD
17577 updates from Nieusma
17580 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
17583 move compat.h after the system includes
17586 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
17589 save errno from being clobbered by wait(). From Theo
17592 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
17595 fix an occurence of setresuid -> setreuid (typo)
17598 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
17601 check for path to strip
17604 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
17607 deal with maxfilelen < 0 case
17614 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
17617 correct error message if mode/owner wrong and not statable by owner
17618 but is statable by root.
17621 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
17623 * config.guess, config.sub:
17627 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
17629 * CHANGES, RUNSON, TODO:
17633 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
17635 * parse.yacc, sudo.h:
17636 command_alias -> generic_alias
17637 [c404ca8c510d] [SUDO_1_5_3]
17640 added Runas_Alias example and fixed syntax errors
17643 * OPTIONS, options.h:
17644 updated MAILSUBJECT
17651 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
17652 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
17653 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
17654 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
17655 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
17656 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
17661 * BUGS, emul/utime.h:
17666 document Runas_Alias
17674 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
17679 add size params to sprintf
17683 allow trailing space after '\\' but before '\n'
17687 off by one error in path size check
17694 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
17701 now warns if killed by signal ./
17704 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
17707 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
17712 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
17716 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
17720 Add Runas_Alias and simplify a rule.
17724 always store User_Alias's since they can be used inside of a runas
17725 list. Sigh. Really need a Runas_Alias instead.
17728 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
17731 deal with case where there is no sudoers file
17734 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
17740 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
17742 * HISTORY, testsudoers.c:
17743 developement -> development
17758 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
17761 removed seteuid() notes
17762 [1010a60f281d] [SUDO_1_5_2]
17764 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
17767 better seteuid() emulatino
17771 added check for seteuid
17778 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
17781 first stab at sequent support
17785 added HAVE_SYS_SELECT_H
17789 sequent -> _SEQUENT_
17793 added seteuid() macro for DYNIX
17797 _AIX -> HAVE_SYS_SELECT_H
17800 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
17802 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
17803 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
17804 testsudoers.c, tgetpass.c, utime.c, visudo.c:
17808 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
17809 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
17810 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
17811 pathnames.h.in, version.h:
17816 added -H and SUDO_PS1
17820 use SUDO_FUNC_FNMATCH
17824 added SUDO_FUNC_FNMATCH
17832 added MODE_RESET_HOME /
17835 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
17849 * compat.h, config.h.in:
17854 added HAVE_OPIE and changed to *_OTP_*
17861 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
17864 moved fclose() in skey stuff.
17867 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
17870 index -> strchr remove unnecesary stuff
17874 now call skeychallenge() to get challenge instead of making one up
17875 ourselves. this way, we get extra goodies in the prompt.
17878 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
17882 [3f5149357e2a] [SUDO_1_5_1]
17885 allow logins to start with a number (YUCK!)
17888 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
17891 added soalris 2.5 vs 2.4 note
17895 DUNIX doesn't need -lnsl
17899 *** empty log message ***
17902 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
17903 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
17904 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
17905 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
17906 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
17907 utime.c, version.h, visudo.c:
17911 * PORTING, README, RUNSON:
17915 * INSTALL, Makefile.in, TROUBLESHOOTING:
17920 *** empty log message ***
17923 * sudo.pod, visudo.pod:
17927 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
17933 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
17936 added $SUDO_PROMPT support
17939 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
17942 print long skey challemged to stderr, not stdout
17945 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
17955 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
17961 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
17964 use shost, not host for tgetpass
17968 documented %u and %h
17972 documented %u and %h
17979 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
17980 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
17981 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
17982 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
17983 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
17984 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
17992 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
17994 * Makefile.in, configure.in, version.h:
17999 new tgetpass() params
18003 pass use and host to tgetpass
18007 added %u and %h escapes
18010 * OPTIONS, check.c, options.h:
18015 added cray (unicos) support
18018 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
18020 * OPTIONS, options.h, sudo.c:
18021 added SHELL_SETS_HOME
18024 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
18027 added note about "make install"
18031 changed length/size params from int to size_t
18035 now get CSOPS insults as well by default
18039 use csops insults too by default
18042 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
18047 added runas_homedir
18063 added "upgrading" notes
18066 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
18069 now do chmod and chown after edit of temp file and before rename
18070 [de174e34faa7] [SUDO_1_5_0]
18072 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
18075 ++version added INSTALL.configure
18078 * configure.in, version.h:
18083 *** empty log message ***
18091 sets $HOME to pw_dir of runas user
18095 document $HOME change
18098 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
18101 fixed up some wording
18104 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
18105 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
18106 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
18111 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
18112 insults.h, options.h, pathnames.h.in, sudo.h:
18121 name nad type changes
18125 now works with new sudo
18133 some variable name changes + comment headers for functions.
18137 added extra paren's to make compilers happy
18141 *** empty log message ***
18145 now uses init_parser() if not in sudoers and tries "list" or
18146 "validate" scold but don't be nasty.
18150 now can use upper case login names
18154 now uses init_parser()
18162 added info about PASSWORD_TIMEOUT
18165 * INSTALL.configure:
18174 now dynamically allocates memory for the stacks -- no more
18179 -l now explands command aliases
18183 hacks to expand command aliases for `sudo -l'
18187 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
18191 added struct command_alias
18199 in compar() key should be first arg
18202 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
18209 can now deal with upcase HOST and USER names
18213 don't yell too loudly at non-sudoers if they do "sudo -l"
18224 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
18226 * parse.c, parse.yacc:
18227 added support for new `sudo -l' stuff
18231 now uses list_matches()
18235 added struct sudo_match
18239 now more -lgnumalloc
18242 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
18245 added more paths for chown and whoami
18248 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
18254 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
18257 fixed DUNIX check for shadow pw
18261 now only turn off echo if it is already on. this fixes a race when
18262 you use sudo in a pipelin
18270 changed "test -z $foo && do_this" to if; then construct
18273 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
18276 added missing defines of SHADOW_TYPE
18279 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
18282 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
18287 added AUTH_CRYPT_C1CRYPT support
18291 no longer return VALIDATE_NOT_OK if there was a runas that didn't
18292 match. Now we can have runas stuff on more than one line.
18295 * getspwuid.c, sudo.c, tgetpass.c:
18296 use SHADOW_TYPE instead of HAVE_C2_SECURITY
18300 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
18305 removed HAVE_C2_SECURITY added SPW_BSD
18309 use SHADOW_TYPE instead of HAVE_C2_SECURITY
18313 SHADOW_TYPE is always defined so just against its value
18317 added SUDO_CHECK_SHADOW_DUNIX
18320 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
18323 * -> ?* in one example added another instance of (runas) and one of
18327 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
18330 added back check for config.cache from other host type
18334 removed an instance of \"
18342 updated wrt new wildcard matching
18346 new check for shadow passwords if we don't know anything
18350 new SUDO_CHECK_SHADOW_GENERIC
18354 added back check for -lsocket (oops)
18358 better (working) check for shadow passwd type if we know to use C2.
18362 now uses AC_CANONICAL_HOST to figure out os type
18366 added config.{guess,sub}
18370 removed unused stuff to figure out os type
18386 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
18387 pathname. need to check against sudoers_args even if user_args is
18392 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
18393 pathname need to check against sudoers_args even if user_args is nil
18396 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
18399 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
18403 now takes command line args and uses cmnd_args
18407 fill_args was adding an extra leading space
18410 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
18413 fixed dummy command_matches()
18425 now uses flat args string
18428 * parse.c, parse.lex:
18429 now uses flat arg string
18433 added cmnd_args def
18437 now sets cmnd_args global
18441 cmnd_args is now exported from sudo.[ch]
18444 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
18447 can't rely on cmnd_matches as much as I thought -- added some $$
18448 stuff back in to prevent namespace pollution problems.
18452 Simplified parse rules wrt runas and NOPASSWD (more consistent).
18455 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
18458 NOPASSWD may now have blanks before the ':' '(' only starts a
18459 'runas' if in the initial state to avoid collision with command args
18463 added checks for specific shadow passwd schemes
18467 added routines to check for specific shadow passwd types
18470 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
18473 added support for ncr boxen
18477 added support for detecting ncr boxen
18480 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
18483 added sinix support
18486 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
18489 added info about "config.cache from other other" error.
18493 now makes sure you don't have a config.cache file from another OS
18497 now sets $LIBS when needed to configure links with libs when doing
18498 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
18499 bigcrypt(3) if SPW_SECUREWARE
18507 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
18515 no more SPW_HPUX10 added HAVE_BIGCRYPT
18519 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
18523 SPW_SECUREWARE now uses bigcrypt
18526 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
18529 fixed 2 syntax errors
18533 root may now run ALL as ALL
18536 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
18539 fixed a typo/thinko that broke BSD's with sa_len
18542 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
18544 * check.c, configure.in:
18545 updated AFS support
18549 added entry about /usr/ucb/cc
18553 prep no longer holds gcc binaries
18565 AFS allows long passwords
18569 fixed -u user support
18573 sudo -v now groks VALIDATE_OK_NOPASS
18577 fixed no_passwd vs. runas_matched
18581 took out stuff about NFS-mounting since it is no longer an issue
18585 added --with-libraries > --with-libpath --with-incpath
18589 was setting runas_matches to -1 in wrong place
18593 removed usersec.h which is not present in new AFS versions
18597 now deals with timeout <= 0
18605 BSD/OS >= 2.0 now uses shlicc instead of just gcc
18609 fixed backwards compatibility with sudo 1.4 sudoers mode for root
18610 readable/writable filesystems
18614 now gives INSTALL -c flag
18618 slightly simpler initialization of no_passwd and runas_matches
18622 added -u username support
18626 improved --with-libraries support
18629 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
18632 added --with-incpath, --with-libpath, --with-libraries
18636 now initializes some fields that weren't getting set to -1 pretty
18637 gross -- need a rewrite.
18640 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
18647 no longer add -lPW to *_LIBS since we include alloca.c
18651 added HAVE_ALLOCA_H
18666 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
18669 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
18670 not always set to a valid uid.
18674 fixed entry for SUDO_MODE
18678 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
18679 being set to -2. Now beat NFS to the punch and set uid to "nobody"
18680 ourselves, preserving group 0 to read sudoers.
18684 moved set_perms(PERM_ROOT) to be before yyparse()
18692 no longer need AC_PROG_INSTALL
18696 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
18700 make clean -> make distclean
18703 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
18706 removed some unnecsary if's
18709 * Makefile.in, version.h:
18713 * parse.c, testsudoers.c:
18714 now includes netgroup.h
18718 removed cats of ioctl to int since they didn't shut up -Wall
18722 explicately cast ioctl() to int since it it not always declared
18726 added declarations for yyparse() and yylex()
18730 fixed an occurence of '==' -> '='
18733 * config.h.in, configure.in:
18734 added check for netgroup.h
18738 fixed 2 compiler warnings
18742 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
18746 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
18752 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
18755 fixed a formatting thingie
18758 * parse.c, parse.yacc:
18759 fixed -u support with multiple user lists on a line
18763 unixware needs -lgen
18767 updated ftp location
18771 add net_addr/netmask support
18775 added net_addr/mask example
18778 * parse.c, parse.lex:
18779 added support for net_addr/netmask
18782 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
18788 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
18798 * BUGS, TODO, TROUBLESHOOTING:
18803 updated with examples of new stuff
18811 updated wrt -u and NOPASSWD
18815 updated wrt -u and CAVEATS
18818 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18825 now use :foo: character classes (makes no diff for generated lexer)
18828 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
18831 fixed LONG_SKEY_PROMPT stuff
18834 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
18841 make more like NetBSD one -- now compiles w/o warnings
18845 fixed decls of lsearch()
18848 * config.h.in, configure.in, getspwuid.c:
18853 hpux 10 uses bigcrypt() if C2
18856 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
18859 now always uses fnmatch to match args
18863 back to using stdio instead of raw i/o since that caused some
18867 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
18870 now give usage warning if use -l,-v,-k with args
18873 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
18876 NewArgc is now set to 1 for -l, -v, -k
18880 now sets sudoers to correct group if mode is 0400
18884 updated to version used by inn and bind
18888 now uses -lgnumalloc if it exists
18892 "make install" now sets uid/gid and mode on sudoers if it exists
18896 rmeoved debugging statements
18900 added a missing free()
18904 now uses user_gid instead of getegid (which was wrong anyway) to set
18905 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
18906 (logging.c depends on args being in the environment)
18910 now uses SUDO_COMMAND envariable to get command args rather than
18911 building it up again.
18919 fixed off by one error in allocation NewArgv
18923 in sudoers, 'command ""' now means command with no args
18927 added check for fnmatch(3) and fnmatch.h
18935 replaced wildcat.* with fnmatch.*
18942 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
18945 now uses fnmatch() instead of wildmat a trailing star (*) by itself
18946 now matches multiple args added support for wildcards in the
18947 pathname in sudoers
18950 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
18953 now includes compat.h and config.h
18957 added HAVE_FNMATCH_H
18961 now checks for alloca() (if needed by bison or dce) and links with
18962 -lPW if it contains alloca() and libv and compiler do not.
18965 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
18969 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
18972 now fixes mode on sudoers if set to 0400 to aid in upgrade
18975 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
18978 fixed pod2man usage
18981 * Makefile.in, configure.in, version.h:
18985 * testsudoers.c, visudo.c:
18986 runas_user is now initialized to "root"
18990 removed PERM_FULL_ROOT
18994 runas_user defaults to "root" so no more need to PERM_RUNAS
18998 will now only running commands as root if there was no runas list
18999 (or if root is in the runas list)
19007 runas_matches is now set to false if we get a negative match
19011 make #uid work + some minor cleanup
19015 added support for NOPASSWD and "runas" from garp@opustel.com /
19019 added support for "runas" from garp@opustel.com replaced
19020 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
19025 added support for "runas" from garp@opustel.com
19029 added support for NO_PASSWD and runas from garp@opustel.com replaced
19030 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
19035 added support for NO_PASSWD and runas from garp@opustel.com replaced
19036 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
19041 added support for NO_PASSWD and runas from garp@opustel.com
19044 * parse.c, parse.lex:
19045 added support for NO_PASSWD and runas from garp@opustel.com
19049 added support for SUDOERS_WRONG_MODE and "runas"
19053 added --with-CC only link with -lshadow on linux (with shadow pw) if
19054 libc lacks getspnam()
19057 * OPTIONS, options.h:
19058 removed NO_PASSWD since it is not possible to do this in the sudoers
19059 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
19060 SUDOERS_GID. Added SUDOERS_MODE.
19064 now uses SUDOERS_UID and SUDOERS_GID
19067 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
19073 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
19076 added double quote support
19080 documented double quoting
19083 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
19090 fixed some indentation
19098 added install-dirs .
19101 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
19104 new version from "Jeff A. Earickson" <jaearick@colby.edu>
19107 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
19110 $CSOPS -> $with_csops (whoops, missed one)
19118 FQHOST now has same constraints as non-FQHOST
19122 added note about OS's w/ shadow passwords turned on by default
19125 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
19132 added support for --without-THING sanitized shadow pw situtation by
19138 fixed a typo wrt placement of an end paren
19142 was closing an fd that may not have been opened
19145 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
19147 * OPTIONS, options.h, sudo.c:
19151 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
19154 now always use shadow pw on some arches
19157 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
19160 added pyramid support
19164 no longer check for C2 if alternate passwd method is used no longer
19165 check for some libs twice
19169 moved fqdn stuff into parse.lex (FQHOST)
19177 now define TCSASOFT in necesary
19181 now uses read/write instead of stdio string goop to avoid problems
19185 * OPTIONS, find_path.c, options.h:
19186 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
19189 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
19192 added note about no shadow auto-detect if using alternate auth
19197 don't check for C2 if AFS or DCE (unless they said --with-C2)
19204 * OPTIONS, find_path.c, options.h:
19208 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
19211 checkdot now works correctly
19214 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
19217 can't have DCE and C2 passwords both...
19220 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
19222 * parse.yacc, sudo.c, sudo.h, visudo.c:
19223 now uses shost even if not FQDN
19227 now looks for skey in /usr/lib and doesn't require libskey to be in
19228 /usr/local/lib just because skey.h is (for my netbsd box :-)
19231 * aclocal.m4, config.h.in, pathnames.h.in:
19232 _SUDO_PATH_ -> _CONFIG_PATH_
19235 * aclocal.m4, sudo.pod:
19236 /var/run/.odus -> /var/run/sudo
19240 now uses _SUDO_PATH_TIMEDIR
19247 * aclocal.m4, configure.in:
19252 added _SUDO_PATH_TIMEDIR
19256 updated wrt /var/run/sudo
19260 added support for shost if FQDN
19263 * parse.yacc, visudo.c:
19264 now uses shost if FQDN
19268 Now use skeylookup() instead off skeychallenge()
19271 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
19274 mail_argv should not contain ALERTMAIL as it includes "-t"
19277 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
19279 * INSTALL, Makefile.in, README, configure.in, version.h:
19284 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
19288 now includes limits.h moved _PASSWD_LEN -> compat.h
19291 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
19309 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
19316 done for 1.4.1 (I hope)
19320 added info on wildcards
19324 added wildcard example
19328 now uses *.pod to build *.man and *.cat & *.html
19332 addedSUDO_PROG_BSHELL !ll
19336 fixed up some formatting
19340 redid section describing sample sudoers stuff
19344 fixed some formatting
19348 now treats "" as bourne shell
19352 TESTOBJS nwo includes wildmat.o
19356 now works with NewArg[cv]
19360 removed an XXX (fixed it in getspwuid.c)
19364 added check for bourne shell
19372 added _SUDO_PATH_BSHELL
19375 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
19378 unixware vi returns 256 instead of 0
19386 fixed up some XXX's. file log format now looks a little more like
19387 real syslog(3) format.
19390 * README, TROUBLESHOOTING:
19391 updated wrt lex/flex
19395 commented out rule to build lex.yy.c from parse.lex since we ship
19396 with a pre-flex'd parser
19399 * parse.c, parse.yacc, visudo.c:
19400 path_matches -> command_matches
19404 eliminated some strcat()'s
19408 no longer checks for lex/flex (now assumes flex)
19412 now checks for $kerb_dir_candidate/krb.h instead of just
19416 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
19419 now use a 'hook' expression instead of an iffy one :-)
19422 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
19425 now works with new sudo arg stuff
19429 fixed dereferencing deadbeef
19433 changed an occurrence of Argv to NewArgv
19437 took out support for quoted commands since there is no need...
19441 fixed a typo in a for() loop
19445 protected against dereferencing rogue pointers
19449 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
19450 also allows us to eliminate some kludges in parse_args() and
19451 eliminate superfluous code.
19455 no longer uses cmnd_args, now uses NewArgv instead.
19459 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
19464 added wildmat.c to SRCS & SUDOBJS
19468 COMMAND is now a struct containing the path and args
19472 replaced append() with fill_cmnd() and fill_args. command args from
19473 a sudoers entry are now stored in an arrary for easy matching.
19477 command line args from sudoers file are now in an array like ones
19478 passed in from the command line
19481 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
19484 wildwat stuff now works
19487 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
19494 ++version added wildmat.*
19497 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
19500 added support for quoted commands (w/ or w/o args)
19503 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
19505 * sudo.pod, visudo.pod:
19506 cleaned up formatting
19509 * sudo.pod, visudo.pod:
19513 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
19516 looks reasonable, could be mroe readable
19523 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
19530 updated NO_ROOT_SUDO entry
19533 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
19536 *** empty log message ***
19537 [5b63de579ff7] [SUDO_1_4_0]
19548 AIX aixcrypt.exp now uses $(srcdir)
19552 added entry for anal ansi compilers
19555 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
19558 added info on libcrypt_i for SCO
19562 *** empty log message ***
19577 * INSTALL, OPTIONS, README, config.h.in, configure.in:
19582 ++version and fixed ISC
19585 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
19586 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
19587 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
19588 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
19594 added STUB_LOAD_INTERFACES ++version
19597 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
19603 added info about fd_set in tgetpass added info on interfaces.c
19606 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
19617 tgetpass.o is now only linked in with sudo (not visudo)
19620 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
19622 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
19628 added copyright notice
19631 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
19632 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
19633 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
19634 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
19635 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
19640 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
19644 ISC now gets -lcrypt now check for sys/bsdtypes.h
19648 added check for sys/bsdtypes.h
19651 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
19654 removed debugging stuff (setting freed ptr to NULL)
19666 added section on syslog
19670 added AC_ISC_POSIX for better ISC support
19678 added define for _POSIX_SOURCE
19681 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
19684 fixed check for lsearch()
19687 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
19690 fixed for AIX now deal if num_interfaces == 0 (should not happen)
19693 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
19696 now only define HAVE_LSEARCH if there is a corresponding search.h
19703 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
19706 now define HAVE_LSEARCH if we find lsearch() in libcompat
19710 char * -> const char *
19714 now looks in -lcompat for lsearch()
19718 remove sudo.core visudo.core for clan target
19722 added UID_MAX support in check for MAX_UID_T_LEN
19726 fixed another occurence of sudo_getpwuid.*
19729 * Makefile.in, getspwuid.c:
19730 sudo_getpwuid.c -> getspwuid.c
19737 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
19738 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
19739 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
19740 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
19741 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
19742 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
19743 version.h, visudo.c:
19748 added group support
19756 documented group support
19759 * parse.c, parse.lex, parse.yacc, visudo.c:
19760 added group support
19763 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
19766 tkfile was too short and overflowed the kerberos realm
19769 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
19772 now copy command args directly from Argv
19776 replaced code to copy cmnd_args so that is does not use realloc
19777 since most realloc()'s really stink
19780 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
19783 syslog() fixed in hpux 10.01
19786 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
19789 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
19793 better error if cannot find skey incs or libs
19797 now use a temp file for determining max len of uid_t in string form.
19798 the old hacky way broke on netbsd
19802 added set of parens and a space
19805 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
19808 fixes from Jeff Earickson <jaearick@colby.edu> ,
19816 fixed up testsudoers target
19820 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
19821 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
19825 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
19829 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
19832 fix for C2 on hpux 10 now uses -linet if it exists
19836 LONG_SKEY_PROMPT is less of a klusge /
19840 fixed typos w/ dce stuff
19847 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
19850 amended section on combining authentication mechanisms
19854 minor updates for 1.3.6
19858 added 2 more entries
19870 rewrote for sudo 1.3.6
19877 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
19879 * find_path.c, getspwuid.c, sudo.c:
19880 added explict casts for strdup since many includes don't prototype
19885 removed prototype for sudo_getpwuid() since convex C compiler choked
19890 added prototype for sudo_getpwuid()
19894 now compiles on strict ANSI compilers
19898 added LONG_SKEY_PROMPT support
19902 added extra $'s for make to eat up, yum.
19905 * OPTIONS, options.h:
19906 added LONG_SKEY_PROMPT
19909 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
19912 s/key support now works with normal s/key as well as logdaemon
19915 * OPTIONS, options.h:
19920 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
19924 added DCE note added more AIX notes
19928 now include pthread.h for DCE support
19932 dce_pwent() is ok after all .,
19936 now uses SYSLOG() macro that equates to either syslog() or
19941 minor formatting changes. renamed check() to somthing less generic
19944 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
19946 now uses user_pw_ent and simple macros to get at the contents
19949 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
19952 simpler dec unix C2 support
19956 now sets crypt_type for DEC unix C2
19959 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
19962 added csops paths for skey
19966 now includes string.h for strdup() prototype
19974 now includes skey.h
19982 moved a lot of the shadow passwd crap to sudo_getpwuid()
19986 now uses sudo_pw_ent
19990 now uses sudo_pw_ent
19994 now sets sudo_pw_ent
20002 moved dce stuff into compat.h
20005 * logging.c, sudo.h:
20006 now uses sudo_pw_ent
20010 added sudo_getpwuid.c
20018 now uses sudo_pw_ent
20021 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
20024 fixed exempt_group stuff for OS's that don't put base gid in group
20029 S/Key support now works with sunos4 shadow passwords
20036 * config.h.in, configure.in:
20045 first stab at dce support
20049 now smells like sudo
20057 skey'd sudo now works w/ normal password as well
20060 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
20062 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
20063 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
20064 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
20065 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
20066 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
20067 version.h, visudo.c:
20068 updated version number
20072 updated to reflect version change
20076 --with options now line up ++version
20080 removed unecesary S/Key stuff
20084 fixed S/Key support
20088 -I stuff now goes in CPPFLAGS
20100 fixed description of EXEMPTGROUP
20104 more people use _RLD_ than just alphas...
20108 replaced $man_prefix with $mandir
20116 now use more GNU'ish dir names
20120 now set *dir correctly (can override from command line)
20124 now deal with situations where we getwd() fails
20127 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
20130 added etc_dir, bin_dir, sbin_dir
20138 now ship a flex-generated lex.yy.c
20142 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
20146 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
20150 no more error for redefining SUDOERS_OWNER
20154 expanded SUDOERS_OWNER section
20157 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
20160 now warn if chown(2) failed
20164 better default warning for NO_SUDOERS_FILE
20168 added missing set_perms() no more cryptic message if the sudoers
20169 file is zero length, now just give a parse error
20173 better diagnostics if NO_SUDOERS_FILE
20177 check_sudoers() now catches sudoers files that are not readable (but
20181 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
20184 now add -D__STDC__ for convex cc (not gcc)
20188 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
20192 now uses exec_prefix & prefix from configure
20195 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
20196 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
20198 options.h is now <> instead of "" so shadow build trees can have a
20199 custom copy of options.h
20203 user_is_exempt() is no longer a hack, it now uses getgrnam()
20207 EXEMPTGROUP is now "sudo"
20211 MAN_POSTINSTALL now contains a leading space
20215 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
20216 testsudoers in clean:
20220 includes pwd.h to get _PASSWD_LEN definition
20223 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
20226 unset the KRB_CONF envariable if using kerberos so we don't get
20227 spoofed into using a bogus server
20230 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
20233 now explicately initialize match[] tp be FALSE
20236 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
20239 removed unused variable now passes -Wall
20243 yyerror and dumpaliases are now void's now passes -Wall
20247 added prototype for yyerror
20250 * check.c, logging.c, parse.c:
20255 rmeoved unused cruft now passes -Wall
20259 fixed headers that moved to emul dir
20263 fixed deref of nil pointer if no args
20266 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
20269 added a caveat to FQDN section
20272 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
20275 more $srcdir support for install targets
20278 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
20279 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
20280 don't include malloc.h if we include stdlib.h
20284 local search.h now lives in emul
20287 * check.c, utime.c:
20288 local utime.h now lives in emul dir
20292 local search.h now lives in emul
20296 added support for building in other than the sourcedir
20299 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
20302 annotated CSOPS_INSULTS option
20306 updated shadow passwords blurb
20310 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
20311 passes along foo as the arguments
20314 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
20317 collapsed pathname and dir sections into one -- its now less
20322 fixed spacing quoting [,:\\=] now works correctly append() and
20323 fill() now take args to make the above work
20327 fixed a typo that caused commands with no tty on fd 0 but a tty on
20328 fd 1 to erroneously have "none" as their tty
20331 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
20334 timestampfile is now a global static removed decl of timestampfile
20335 in remove_timestamp since we can just use the global one
20339 created touch() to update timestamps added USE_TTY_TICKETS support
20344 added _S_IFDIR and S_ISDIR
20347 * OPTIONS, options.h:
20348 added USE_TTY_TICKETS
20352 removed const from casts for lsearch() & lfind() to placate irix 4.x
20356 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
20359 now only strip '/dev/' off of a tty if it starts with '/dev/'
20367 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
20372 fixed incorrect #ifdef termio uses "unsigned short" not int for
20376 * parse.lex, parse.yacc:
20377 fixed a spelling error
20384 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
20391 added dotcat() to cat 2 strings w/ a dot effeciently now that we
20392 dynamically allocate strings they need to be free()'d
20396 dynamically allocates space for strings
20400 no more MAXCOMMANDLENGTH
20407 * logging.c, sudo.c:
20408 moved tty stuff into sudo.c
20411 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
20414 fixed a logic bug. Was denying a command if user gave command line
20415 args but there were none in the sudoers file which is wrong.
20419 MAXCOMMMANDLEN dropped down to 1K
20423 return foo; -> return(foo);
20427 fixed netgr_matches() prototype
20431 added support for escaping "termination" characters
20435 buf is now of size MAXPATHLEN+1 since it never holds command args
20443 fixed negation problem (doh!)
20447 fixed 2nd parameter to lfind()
20451 now do bounds checking in fill() and append()
20455 include netdb.h as we should added a missing void cast added
20456 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
20457 realloc actually moved the string instead of shrinking it
20461 updated with examples of new features
20465 now set errno to EACCES if not a regular file or not executable
20469 if given a fully-qualified or relative path we now check it with
20470 sudo_goodpath() and error out with the appropriate error message if
20471 the file does not exist or is not executable
20474 * emul/search.h, lsearch.c:
20475 now use correct args for lfind
20483 added in CSOps insults
20495 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
20499 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
20503 fixed -k load_interfaces() now gets called if FQDN is set
20504 -p now works with -s
20508 don't try to stat() "pseudo commands" like "validate"
20512 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
20516 added SecurID support added other insults to --with-csops
20524 added clobber target added ins_csops.h now gets CFLAGS from
20529 relaxed SUDO_FULL_VOID
20533 function comment blocks are now in same style as rest of code
20537 added support for command line args in /etc/sudoers
20541 updated to have command args in the sudoers file
20545 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
20548 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
20551 PATH renamed to COMMAND
20555 it is now a parse error for directories to have args attached to
20560 now say command args if telling user to buzz off
20564 -s no longer indicates end of args sped up loading on cmnd_args in
20569 removed an unreachable statement
20573 made more efficient by pulling out the terminators when in GOTCMND
20574 state and making them their own rule
20577 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
20580 removed MAXLOGLEN since it is no longer used
20584 now allows command args
20588 now groks command arguments
20592 now sets tty correctly when piped input
20596 fixed loading of cmnd_args (was including command name too)
20600 fixed a core dump due to incorrect if construct
20603 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
20606 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
20610 fixed check for ISC
20614 now sets cmnd_args used by log_error() and that will be used by the
20615 parse to check against command args
20623 now dynamically allocate logline since we can guess at its size
20626 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
20629 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
20630 "register" since the compiler knows more than I do now do a
20631 "basename" of the tty
20634 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
20641 added shell extern changed MODE_* to be bit masks to allow for
20642 several options together
20646 added -s (shell) option made MODE_* masks so we can do bitwise & and
20647 | to see if multiple flags are set.
20651 added securid support
20654 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
20657 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
20660 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
20662 * Makefile.in, version.h:
20666 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
20669 fixed free() of an uninitialized pointer (yuck)
20673 added netgr_matches
20677 cleaned up netgr_matches
20680 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
20686 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
20689 now installs sudoers.man -- really should clean this up though.
20693 added sudoers.cat and sudoers.man
20697 pulled out stuff on the sudoers file format into a separate man page
20705 fixed up my email address
20709 added checks for innetgr and getdomainname
20713 added dummy netgr_matches function
20717 added netgr_matches
20720 * parse.lex, parse.yacc:
20721 added NETGROUP support
20725 added HAVE_INNETGR & HAVE_GETDOMAINNAME
20728 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
20731 rewrote clean_env() that has rm_env() builtin
20734 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
20737 now cast uid to long in sprintf
20741 added _INSULTS suffix to HAL & GOONS end
20745 added _INSULTS suffix to HAL & GOONS
20748 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
20749 converted to new scheme of insult "unions" end
20753 now uses MAX_UID_T_LEN
20757 added SUDO_UID_T_LEN !l
20761 added MAX_UID_T_LEN
20765 now use MAX_UID_T_LEN
20769 added check for max len of uid_t fixed sco vs. isc check
20772 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
20783 hack to check for sco
20787 removed #include <net/route.h> since it was hosing some OS's
20790 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
20793 fixed prreadlink() prototype
20797 added parens in #if's
20805 moved SPW_* to config.h.in
20809 added a set of parens
20817 added SPW_* reordered error codes
20821 moved SPW_* to sudo.h
20824 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
20827 SPW_AUTH -> SPW_SECUREWARE
20831 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
20839 SPW_AUTH -> SPW_SECUREWARE
20843 now uses SHADOW_TYPE to make shadow pw support more readable and
20844 modular. It's a start...
20848 added autodetection of shadow passwords
20852 now uses SHADOW_TYPE define
20856 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
20860 added SUDO_CHECK_SHADOW
20863 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
20866 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
20867 memmove() since we dno longer use it...
20875 added BROKEN_SYSLOG support
20879 added BROKEN_SYSLOG
20883 now only bitch it timestamp > time_now + 2 * timeout to allow for a
20884 machine udpating its time from a server
20888 added 2 security notes updated Nieusma's email addr
20892 changed a memmove() to memcpy() since we don't have to worry about
20893 overlapping segments.
20896 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
20899 cleanup up the loop when interfaces are groped in so that it is
20903 * Makefile.in, version.h:
20907 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
20913 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
20916 fixed permissions check on /tmp/.odus
20919 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
20922 fixed some comments
20926 now checks owner & mode of timedir also checks for bogus dates on
20931 updated TIMEOUT info
20934 * logging.c, sudo.h:
20935 added BAD_STAMPDIR and BAD_STAMPFILE
20939 added definition of S_IRWXU
20946 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
20949 added #ifdef to make it compile on strange arches
20952 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
20955 fixed check for fulkl void impl.
20959 added mssing "static"
20963 replaced #elif with #else #if constructs for ancient C compilers
20967 updated irix c2 & kerb5 info
20971 added shadow pw support for irix
20974 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
20981 last changes for sudo 1.3.3
20985 now calls SUDO_SOCK_SA_LEN
20993 added SUDO_SOCK_SA_LEN
20997 now works with ip implementations that use sa_len in sockaddr
21001 added note about buggy AIX compiler
21005 now include sys/time.h for AIX
21008 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
21015 now works for ISC and others. yay.
21018 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
21020 * Makefile.in, version.h:
21024 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
21027 fixed test for full void impl
21031 now check to see that st_dev is non-zero before assuming that we are
21035 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
21037 * aclocal.m4, configure.in:
21038 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
21041 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
21044 fixed include file order for SUDO_FUNC_UTIME_POSIX
21048 added cast for ttyname()
21056 now deal correctly with all known variation of utime() -- yippe
21060 added SUDO_FUNC_UTIME_POSIX
21064 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
21068 added HAVE_UTIME_POSIX
21076 no longer assume !HAVE_UTIME_NULL means old BSD utime()
21080 fixed fascist C compiler warning
21084 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
21085 to 0 (just to be anal)
21088 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
21091 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
21099 reworked the ISC code
21102 * Makefile.in, version.h:
21107 now expect old-style utime(3) if utime() can't take NULL as an arg
21111 added check for utime.h
21119 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
21123 now search for kerb libs and includes
21127 added support for utime(2)'s that can't take a NULL parameter
21131 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
21135 added utime(s) stuff
21143 added HAVE_UTIME and HAVE_UTIME_NULL
21146 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
21149 now use HAVE_UTIME_NULL
21152 * emul/utime.h, utime.c:
21157 need to setuid(0) to make kerb4 stuff work.
21161 no more special case for kerberos
21165 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
21170 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
21175 now use private ticket file for kerberos support to avoid trouncing
21179 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
21182 added SPOOF_ATTEMPT & cmnd_st
21186 added anti-spoofing support
21190 now use global cmnd_st
21194 added SPOOF_ATTEMPT suypport
21197 * testsudoers.c, visudo.c:
21198 added void casts where appropriate
21202 fixed up spacing and added void casts where appropriate
21206 fixed problem with "-p prompt" but no args
21209 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
21212 added BUGS and annotated -l description
21216 validate() now takes a flag
21220 validate() now takes a flag added -l
21224 added support for -l
21228 validate() now takes a flag that says whether or not to check the
21232 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
21235 now deals with Argv == 1
21243 added prompt support reworked parse_args()
21255 now use BUFSIZ as length of kerb password added kpass so pass is
21256 always a char * now use prompt global when asking for a password
21260 now use BUFSIZ as _PASSWD_LEN if using kerberos
21267 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
21270 only look for -lufc or -lcrypt if crypt() not in libc
21274 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
21275 (unknown user) silently fail
21283 HAVE_KERBEROS -> HAVE_KERB4
21287 removed debugging printf
21291 KERBEROS -> KERB4 added checks for setreuid & setresuid
21295 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
21299 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
21300 with setresuid if applic
21304 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
21305 no setreuid() or a broken one
21308 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
21311 added kerberos support
21315 added HAVE_KERBEROS
21319 added KERBEROS support (long passwords)
21323 added kerberos support
21326 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
21329 added MODE_BACKGROUND
21333 escaped dashes added -b option
21341 added crypt() for osf/1 3.x enhanced secuiry
21345 now check for -lcrypt
21349 added ENXIO like EADDRNOTAVAIL
21352 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
21355 now emulate getwd(), not getcwd()
21359 getcwd() -> getwd()
21366 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
21368 * ins_2001.h, ins_classic.h, ins_goons.h:
21373 broke out insults into separate include files
21376 * OPTIONS, options.h:
21381 added ins_2001.h ins_classic.h ins_goons.h
21384 * Makefile.in, version.h:
21389 moved signal handler setup to setup_signals()
21393 added load_interfaces()
21397 moved load_interfaces to interfaces.c
21404 * OPTIONS, options.h:
21409 now uses clearaliases variable
21417 added interfaces.[co]
21421 now uses ip addrs and netmasks via load_interfaces()
21425 now remove IFS instead of setting to "sane" value
21428 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
21434 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
21437 sudo_goodpath.c-> goodpath.c
21441 added Andy's new ISC changes
21444 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
21447 added a sentence to SECURE_PATH info
21462 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
21468 * Makefile.in, version.h:
21473 sendmail is now looked for in
\17/usr/ucblib
21489 added unixware case
21493 user_is_exempt is no longer hidden
21501 isc and riscos changes
21505 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
21509 fixed a typo and added testsudoers stuff
21516 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
21519 applied fixed patch from Chris
21522 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
21529 added a set of braces for bison
21533 merged in Chris' changes to dekludge the parser.
21537 send_mail() was calling find_path() which is wrong since find_path()
21538 stores cmnd in a static var. Anyhow, it doesn't make much sense
21539 since MAILER should always be fully qualified
21542 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
21545 added User_Alias stuff
21549 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
21553 added DEC UNIX 3.0 w/ gcc
21557 Exit was being used in places where exit should be used
21561 added "User alias specification"
21565 fixed probs caused by making nslots and naliases a size_t
21569 added KSR, upped rev to 1.3.1b2
21572 * logging.c, parse.yacc:
21577 void * -> VOID * naliases and nslots are now size_t to appease
21578 lsearch on 64-bit machines
21581 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
21584 did a bunch of things and added a bunch :-)
21592 closer to BSD manpage style
21596 closer to standard BSD man format
21599 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
21600 pathnames.h.in, sudo.h, version.h:
21605 removed crufty #defines that are no longer used
21613 updated based on sudo changes
21617 now allow ALL keyword in User_Aliases now allow ALL keyword as well
21626 now sets SUDO_COMMAND and SUDO_GID envariables.
21630 fixed bug with full void impl check
21634 fixed User_Alias supoprt
21638 added stubs for User_Alias support
21642 now sets removes # bogus interfaces from num_interfaces
21646 added User_Alias support
21649 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
21652 removed extraneous TODO
21655 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
21658 ntwk_matches -> addr_matches
21662 ntwk_matches -> addr_matches
21666 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
21667 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
21672 took out debugging info
21676 OS was being set to unknown before non-uname based host checks.
21677 This caused no checks to happen since $OS was not zero-length.
21681 fixed loading of interfaces struct still has debugging info in
21689 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
21700 removed extraneous extern decl of "top
21708 removed parser_cleanup (no need for it now)
21712 now calls reset_aliases() directly
21715 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
21718 added a sentence to SECURE_PATH description
21722 fixed my stupid bug where I used NAMLEN on something I wanted to
21723 just get the name from. argh.
21726 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
21729 fixed argument order of memmove() that i hosed when converting from
21734 finally fixed DISTFILES line
21742 added missing files to DISTFILES
21746 SUPPORTED -> RUNSON
21749 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
21756 updated for pl5b1 release
21764 fixed bug where if you hit return at first sudo prompt it would
21765 still log as a failure
21773 better test for bogus void * implementation
21777 added PASSWORDS_NOT_CORRECT
21781 added PASSWORDS_NOT_CORRECT stuff]
21785 added PASSWORDS_NOT_CORRECT
21793 removed some unused vars and fixed up uid2str
21800 * getcwd.c, getwd.c:
21804 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
21807 fixed a typo I introduced in the last checkin :-(
21811 can't have #ifdef's where N is defined so just do this the broken
21816 better hack from Chris (but still a hack)
21820 stupid hack for broken aix lex
21824 now includes compat.h
\ 6
21828 now includes fcntl.h
21832 added FD_SET and FD_ZERO for 4.2BSD
21836 dirty hack to fix parser bug. i don't really like this but it works
21841 uid2str is now static like the prototype says
21844 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
21846 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
21855 check_sudoers now returns an error code and sudo calls inform_user
21856 and log_error based on the return value.
21859 * logging.c, sudo.h:
21860 added entries for new errors
21864 now set uid to that of SUDOERS_OWNER while parsing sudoers file
21868 took out testsudoers
\ 6
21872 now explicately checks that it is setuid root
21876 If a user has no passwd entry sudo would segv (writing to a garbage
21877 pointer). Now allocate space before writing :-)
21881 reordered AC_CHECK_FUNCS
21888 * tgetpass.c, visudo.c:
21893 bzero -> memset when a parse error is logged the line number of the
21894 error is now logged too
21898 added Sunos to blurb about c2 security
21902 added a SUN4 define for C2 security
21906 bcopy -> memmove bzero -> memset
21910 bcopy -> memmove char * -> VOID *
21914 added support for sunos with C2 security
21917 * OPTIONS, options.h:
21922 _PATH_SUDO_LOGFILE now set based on configure
21926 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
21930 added _SUDO_PATH_LOGFILE
21934 added SUDO_LOGFILE to find where to put sudo.log added
21935 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
21936 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
21939 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
21946 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
21947 to work around a problem is trusted hpux shadow passwords. yuck.
21951 backed out a change in malloc/realloc
21955 now include stdlib.h
21959 now do an freopen() of the stmp file so that yyin will always point
21960 to the same thing. This is important for flex since we are doing a
21965 replaced yywrap() with parser_cleanup() since yywrap() needs to be
21966 in parse.lex to be able to use YY_NEW_FILE. sigh.
21970 now have a rule that matches anything that doesn't match an
21971 explicite rule. well, you know what i mean (. matches anything not
21972 yet matched). However, this means that there is input still queued
21973 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
21974 into parse.lex and it calls parser_cleanup() which is most of the
21982 * getcwd.c, getwd.c:
21983 moved compat.h to be the last include file
21987 fixed type of aliascmp() args
21995 added casts to lfind and lsearch args for irix
21999 bsdinstall -> install-sh
22003 added info about make realclean
22007 updated VERSION added dependencies for visudo.cat
22019 now there is a real visudo.man and visudo.cat
22023 took out visudo stuff
22030 * parse.c, parse.lex, parse.yacc:
22039 updated Nieusma & Hieb email addresses
22043 updated to include options.h and OPTIONS
22051 eliminated bug #1 (yay)
22055 sunos no longer gets linked statically
22058 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
22061 prototype now uses __P()
22065 make fill() non-ansi
22069 made -v (validate) work
22077 don't check for execute/statable if fq or relative path given
22085 now include ctype.h for islower and tolower macros
22089 moved _S_IFMT & _S_ISREG to compat.h
22093 moved a set of parens
22097 now include compat.h
22105 now cast malloc & realloc return vals added search for HAVE_LSEARCH
22106 now use strcmp if no strcasecmp available
22114 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
22115 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
22119 added _S_IFMT, _S_IFREG, and S_ISREG
22123 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
22124 to most SUDO_* macros
22132 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
22133 AC_INSTALL_PROG instead of custom one added check for fully woorking
22134 void implementation
22138 added lsearch & search.h visudo links into $(LIBOBJS)
22142 partial 1.x to 2.x changes added SUDO_FULL_VOID
22146 whatnow_help was prototyped to be static be was not declared as
22151 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
22152 for dirent/dir/ndir.h
22156 now use groovy gnu autoconf macro AC_HEADER_DIRENT
22159 * getcwd.c, getwd.c:
22160 MAXPATHLEN -> MAXPATHLEN+1
22163 * emul/search.h, lsearch.c:
22167 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
22170 eliminated bison warnings
22178 now iincludes signal.h
22182 only clear data structures on a parse error
22186 whatnow() now gives help on invalid input
22190 added a whatnow() function (sort of like mh)
22194 kill_aliases -> reset_aliases yywrap() now cleans up by calling
22195 reset_aliases() and clearing top took reset stuff out of yyerror()
22196 since it doesn't beling there (and doesn't work anyway). errorlineno
22197 is now initially set to -1 so we can set it to the first error that
22198 occurrs (it was getting set to the last)
22206 rewrote from scratch based on 4.3BSD vipw.c
22209 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
22216 no more sudo_realpath() and find_path() changed params
22220 find_path() changed since no more realpath()
22224 on error, errorlineno is set to the line where the error occurred
22225 added kill_aliases() to free the aliases struct now clean up in
22226 yyerror() so we can reparse cleanly
22229 * options.h, parse.c:
22230 no more USE_REALPATH
22234 changed to use new find_path()
22238 removed all the realpath() stuff
22242 sudo_realpath.c -> sudo_goodpath.c
22246 now works correctly with utk parser
22254 eliminated a compiler warning
22258 elinated compiler warning
22262 added sudo_goodpath()
22266 added prototype for sudo_goodpath
22270 added support for /sys/dir.h
22274 USE_REALPATH turned off
22278 added calls to sudo_goodpath()
22282 added check for dirent.h
22286 added HAVE_DIRENT_H
22290 added in linux shadow pass stuff
\ 6
22293 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
22296 added back host, user, cmnd, parse_error
22300 added in utk changes plus some minor cosmetic changes
22303 * sudo.c, sudo_realpath.c:
22304 added void casts for printf's
22308 added a define of USE_REALPATH
22312 there is no more visudoers/Makefile
22316 added in utk changes (visudo is now built from the toplevel)
22320 added (void) casts to printf's
22323 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
22324 merged in utk changes
22327 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
22330 now check to see that what we are trying to run is a file (or a link
22331 to a file, we do a stat(2) so there is no diff)
22334 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
22341 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
22345 added myself as maintainer
22348 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
22351 changed setegid -> setgid
22354 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
22357 fixed the test for irix 5.x to skip bad libs
22361 now initialize OS and OSREV
22364 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
22371 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
22375 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
22378 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
22379 thing wrt yyrestart (grrrr)
22382 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22385 added visudoers/compat.h to DISTFILES
22393 added ocmnd declaration adjusted for find_path()'s new parameters
22397 added ocmnd extern adjusted find_path() prototype
22401 cmndcmp() now takes 3 arguments and checks against the qualified as
22402 well as the unqualified pathname. more code that should use
22403 cmndcmp() but did not, now does
22411 changed to use new find_path() parameter passing
22415 find_path() now takes 2 copyout parameters (one for the qualified
22416 pathname and one for the unqualified pathname). The third parameter
22421 no longer munge pathnames.h
22425 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
22426 as a result, pathnames.h does not need to be run through configure
22427 and the user can override the configured values easily.
22431 added _SUDO_PATH_* entries
22435 _PATH* -> _SUDO_PATH_*
22439 updated DISTFILES and HDRS .o's now depend on config.h
22442 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
22445 removed extraneous #endif
22453 added SUDO_PROG_MV added riscos and isc os types took out
22454 -DSHORT_MESSAGE from --with-csops since it is now the default
22458 move the include of id.h to compat.h now includes options.h
22462 moved compatibility #defines to compat.h
22470 move __P to compat.h
22473 * getcwd.c, getwd.c, putenv.c:
22474 now includes compat.h
22481 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
22484 pull user-configurable stuff out and put in options.h
22487 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
22489 * parse.lex, parse.yacc, visudo.c:
22490 now includes options.h
22493 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
22495 now includes options.h
22499 added visudoers/options.h
22502 * OPTIONS, options.h:
22507 added OPTIONS and options.h
22511 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
22515 changed PASSWORD_TIMEOUT to minutes
22518 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
22521 now only do Editor +line_num if line_num != 0
22524 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
22527 now use mv if rename(2) fails
22538 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
22541 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
22544 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
22547 added mips & isc support
22551 added support for non-root owned sudoers file
22555 added exempt group support
22559 added set_perms() support added SUDOERS_OWNER so can have non-root
22560 own sudoers file added exempt group support added isc support
22564 now copy sudoers to temp file via read/write (not stdio) now chown
22565 new sudoers file to SUDOERS_OWNER
22568 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
22579 fixed typo added set_perms support added skey support added
22580 seteuid()/setegid() emulation for AIX
22584 be_* -> setperms() now check to make sure sudoers file is owned by
22585 root nread/write by only root
22588 * logging.c, parse.c:
22593 be_* -> set_perms() added skey support
22596 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
22606 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
22616 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
22622 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
22637 now bail if ARgv[1] > MAXPATHLEN
22641 added function check for tcgetattr(3)
22645 only define HAVE_TERMIOS_H if you have tcgetattr(3)
22649 added check for tcgetattr
22652 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
22658 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
22661 now only include unistd.h for linux
22664 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
22667 added visudo.8 generation
22671 added -Wl,-bI:./aixcrypt.exp to aix flags
22674 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
22685 added mailing list info
22689 now use sudolineno instead of yylineno fixed bison warnings
22693 now use -no_library_replacement for osf don't make a static binary
22698 added string.h/strings.h inclusion
22706 added inclusion of string.h/strings.h
22710 fixed uname | sed (needed to quote the '[')
22714 replaced yylineno with sudolineno fixed bison syntax errors
22718 changed yylineno to sudolineno since yylineno cannot be counted
22727 added code to support command listings
22731 added code for -l flag
22735 fixed typo added info for -l flag
22739 AC_SSIZE_T -> SUDO_SSIZE_T
22754 * find_path.c, sudo_realpath.c:
22755 readlink() is now declared as returning ssize~_t
22759 added -laud for OSF c2
22762 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
22764 * Makefile.in, visudo.c:
22765 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
22768 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
22769 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
22772 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
22773 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
22774 sudo_setenv.c, tgetpass.c, version.h:
22775 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
22778 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
22789 added host to alertmail messages
22797 fixed logging problem where mail would not say which user it was
22801 added -laud for gcc if osf & c2
22805 moved set_auth_parameters to sudo.c
22809 added set_auth_parameters for osf
22813 cleaned up -static stuff
22825 changed setenv() to sudo_setenv()
22841 added osf auth support & removed some extra spaces
22844 * INSTALL, SUPPORTED:
22848 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
22851 added 2 suggestions
22855 removed README.v1.3.1 and added VERSION stuff
22862 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
22873 mention HISTPRY file
22877 use sizeof instead of a constant in 1 place
22896 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
22900 [7dfbb4a810bb] [SUDO_1_3_1]
22907 added unistd.h include
22910 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
22913 added sys/time.h for AIX
22916 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
22919 added check for -lsocket and sys/sockio.h
22923 took out libshadow check and added in sys/sockio.h check
22927 now include sockio.h instead of ioctl.h if it exists "sudo -" now
22928 gets a better error message
22932 now has a dir and subnet entry
22935 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
22946 added network and ip addresses to man page
22950 no error if can't get interfaces or netmask since networking may not
22955 nwo check for interfaces == NULL
22959 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
22960 the last entry in the spec failed (ie: it was only looking at the
22961 last entry). CLeaned things up by adding the cmndcmp() function--all
22969 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
22972 now do two passes to skip bogus interfaces (lo0, etc)
22975 * parse.lex, parse.yacc, visudo.c:
22976 added include of netinet/in.h
22979 * logging.c, sudo_realpath.c, sudo_setenv.c:
22980 added ninclude of netinet/in.h
22983 * check.c, find_path.c, getcwd.c, getwd.c:
22984 added include of netinet/in.h
22992 added interfaces global
22996 now uses new interfaces global
23000 now ip addresses are gleaned fw/o dns
23003 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
23006 added load_ip_addrs() to load the ip_addrs global var
23010 added hostcmp() to compare hostnames, ip addrs, and network addrs
23014 added ip_addrs def added load_ip_addrs prototype
23017 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
23024 removed multiple entries in DISTFILES
23028 ansified the !STDC_HEADERS decls
23031 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
23032 don't do malloc decl if gnuc
23036 can't use getopt(3) since it munges args to the command to be run as
23037 root don't do malloc decl if gnuc
23040 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
23041 sudo_realpath.c, sudo_setenv.c:
23042 ansi-fied !STDC_HEADER function prottypes
23045 * getcwd.c, getwd.c:
23046 added missing paren
23050 added putenv.c to DISTFILES
23054 added params to func decls when STDC_HEADERS is not defined now can
23055 count on putenv() being there
23059 took out errno decl since sudo.h does it for us fixed up a next cc
23060 warning added params to func decls when STDC_HEADERS is not defined
23064 took out environ extern added local declaratio of putenv() if local
23068 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
23069 added params to func decls when STDC_HEADERS is not defined
23073 added memcpy check check to see that ansi vs bsd macros are ntot
23074 already defiend before defining (ie: avoid redefinition)
23078 removed fluff setenv check plus check w/ replace for putenv if also
23086 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
23093 rm'd s realp[ath added sudo_realpath and sudo_setenv
23097 now use sudo_setenvc
23101 added puteenv and setenv, removed realpath
23105 added putenv & setenv
23116 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
23119 added MAN_POSTINSTALL and /usr/share/catman for irix
23123 added MAN_POSTINSTALL
23131 added SUDO_* plus new options
23139 took out shadow lib
23147 now use yyrestart() if flex now reset yylineno to 0
23151 support for installing a cat page instead of a man page if no nroff
23155 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
23156 to determine whether or not to install a cat or man page
23164 not set ret to MODE_RUN initially
23168 made command (and therefor cmnd dynamically allocated)
23180 changed bufs from MAXPATHLEN to MAXPATHLEN+1
23184 added MODE_ removed validate_only and added remove_timestamp()
23188 usage() now takes an int (exit value) added parse_args() to parse
23189 command line arguments moved call to find_path() from load_globals
23190 to new function load_cmnd() removed validate_only global -- now use
23191 the concept of "modes" added -h and -k options
23195 no longer use global validate_only now checks for command called
23196 "validate" removed check for non-fully qualified commands since that
23197 is done by find_path
23201 changed MAXPATHLEN r to MAXPATHLEN+1
23205 fixed off by one error with MAXPATHLEN and fixed a comment
23209 check_timestamp no longer runs reminder(), it is implied in the
23210 return val added remove_timestamp()
23217 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
23231 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
23234 moved send_mail to after syslog
23238 now set SUDO_ envariables
23241 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
23248 now print error if chdir fails
23255 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
23262 no more static binaries for aix
23265 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
23272 took out stuff not needed for sudo now does be_root/be_user itself
23273 now uses cwd global
23280 * logging.c, sudo.c:
23281 be_root/be_user is now down in sudo_realpath()
23284 * logging.c, sudo.h:
23285 now works with 4.2BSD syslog (blech)
23289 now use sudo_realpath()
23293 took out realpth() stuff since we now use sudo_realpath()
23297 ultrix enhanced sec
23301 added ultrix enhanced sec.
23309 ultrix enhanced security suport
23313 added sudo_realpath.c
23321 increased passwd len to 24 for c2 security
23328 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
23331 now use user global var
23338 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
23345 user is now a char * added epasswd
23349 added tzset() to load_globals added epasswd (encrypted password)
23350 global made user dynamically allocated
23362 cleaned up encrypted passwd grab somewhat
23378 can now log to both syslog & a file
23402 removed AFS stuff :-)
23406 include sys/select for AIX
23417 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
23419 * CHANGES, SUPPORTED:
23424 can now have MAILER undefined
23428 new sub-note about MAILER
23432 added blurb about password timeout
23440 took out duplicate define of _CONVEX_SOURCE
23452 added a goto if fgets fails
23456 use __hpux not hpux convex c2 stuff
23460 use __hpux not hpux
23468 define ansi-ish cpp os defines if non-ansi are defined for hpux &
23473 updated to say we support sonvex C2
23477 added convex c2 support
23480 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
23483 no more ioctl never returns NULL uses fgets() and select() to
23487 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
23490 things were testing -n "$GCC" instead of -z "$GCC"
23494 now works + uses fgets()
23497 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
23500 select doesn't seem to recognize a single '\n' as input waiting so
23501 we can;t use it, sigh.
23504 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
23507 updated tgetpass() blurb
23511 added --with-getpass
23515 added tgetpass stuff
23526 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
23533 added USE_GETPASS && HAVE_C2_SECURITY
23537 fixed a test aded --with-C2 and --with-tgetpass
23545 took out tgetpass.*
23552 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
23555 no termio(s) for ultrix since it is broken
23559 added a space (yeah, anal)
23562 * realpath.c, sudo_realpath.c:
23563 fixed it (duh, rtfm)
23566 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
23569 took out bsd signal stuff for irix
23577 don't define BSD signals for irix
23588 * realpath.c, sudo_realpath.c:
23589 took out unneeded code by changing where a strings was terminated
23592 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
23594 * realpath.c, sudo_realpath.c:
23595 fix bug where /dirname would return NULL
23599 move __P to config.h
23602 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
23603 added errno definition
23618 * realpath.c, sudo_realpath.c:
23619 now works if no fchdir
23623 define SA_RESETHAND to null if not defined
23627 added check & replace
23631 took out -static for nextstep -- it doesn't work
23634 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
23637 moved #endif to where it belongs
23645 now checks for strdup realpath getcwd bzero
23653 added posic signals
23661 added posix signals
23665 removed BROKEN_GETPASS added new srcs toreplace missing functions
23669 added posix signal stuff
23681 now uses posix signals
23685 updated sto reflect major changes
23693 uses sysconf() if available
23697 added PASSWORD_TIMEOUT + prototypes for new functions
23700 * realpath.c, sudo_realpath.c:
23701 for those w/o this in libc
23704 * getcwd.c, getwd.c:
23709 rewrote to use realpath(3) - nis now all my code
23713 added HAVE_REALPATH
23721 added LIBOBJS use tgetpass.c
23724 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
23738 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
23749 added check for getwd
23753 replace strdup & realpath & getcwd if missing
23761 added SUDO_PROG_PWD
23768 * realpath.c, sudo_realpath.c:
23772 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
23775 quoted quare brackets
23778 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
23781 no need to strdup() a constant
23796 * parse.c, sudo.c, sudo.h:
23797 added validate_only stuff
23800 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
23807 $OSREV is now an int
23810 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
23813 added mtxinu to caser
23821 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
23825 changed mail_argv[] def now use EXEC() macro
23829 took out crypt() definition
23837 always look for -lnsl
23845 SHORT_MESSAGE is now the default
23853 added missing AC_DEFINE(SVR4) for solaris
23857 documented the -v flag
23869 added LIBSHADOW undef
23873 nwo set OS to be lowercase
23876 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
23879 now use SUDO_OSTYPE to set $OS
23883 now use uname to determine os
23887 added prototypes & moved sig handler around
23894 * check.c, logging.c, sudo.c:
23903 nwo use _BSD_SIGNALS not _BSD_COMPAT
23914 * parse.lex, parse.yacc:
23915 moved config.h to top of includes
23918 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
23921 now don't bitch if get EACCESS (treat like EPERM)
23925 added -v flag and usage()
23933 cast Argv to a const for exec added -v flag
23937 mail_argv is now a const
23941 only set RETSIGTYPE if it is not set already
23945 now defines & STDC_HEADERS for Irix
23952 * insults.h, sudo.h:
23953 prevent multiple inclusion
23960 * parse.lex, parse.yacc:
23961 now includes config.h
23965 now talks about sunos 4.x
23969 calls to Exit now pass an arg
23972 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
23975 signal handler now takes an int argument
23983 ok, the getcwd() is now *really* done as the user
23987 changed AIX STATIC_FLAGS
23991 solaris now defines SVR4
23995 added cwd and fixed stupid core dump that makes no sense. sigh.
23999 moved getcwd stuff into load_globals
24003 took out externs that are in suod.h
24007 moved cwd into load_globals
24015 fixed make distclean & realclean
24023 added solaris changes
24027 added solaris changes, need to rework
24031 cleaned up for solaris
24035 reinstall reapchild signal handler for non-bsd signals
24039 took out getdtablesize() emulation for HP-UX (no longer needed)
24043 support for HAVE_SYSCONF
24047 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
24055 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
24058 now tells you what os you are running /.
24065 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
24080 uid seinitialized to -2
24083 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
24086 now removes LIBPATH for AIX
24089 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
24092 now uses ufc if it finds it
24095 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
24098 no longer define yyval & yylval since yacc does it
24102 now defines yylval as extenr
24106 BROKEN_GETPASS is now an OPTION
24110 took out BROKEN_GETPASS
24114 took out big comment
24122 took out README.beta
24130 now reference SUPPORTED .,
24134 now check for convex OR __convex__
24138 now check for convex or __convex__
24150 now use _S_* stat stuff to be ansi-like
24154 updated for configure directions
24158 distclean now removes config.h and pathnames.h
24177 * config.h.in, pathnames.h.in:
24178 added copyright header
24181 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
24182 parse.yacc, sudo.c, sudo.h:
24187 udpated to use configure + pathnames.h
24194 * Makefile.in, config.h.in, configure.in:
24199 now works with configure
24202 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
24203 updated to work with configure + pathnames.h
24210 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
24213 updated gnu general licence to versio 2
24216 * config.h.in, pathnames.h.in:
24221 changed to work with configure
24224 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
24226 * Makefile.in, aclocal.m4, configure.in:
24231 now uses defines used by configure
24234 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
24237 sudo won't bitch about EPERM now, for real
24240 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
24243 renamed exec_argv to eliminate a libc name clash with ksros
24250 * logging.c, sudo.c, sudo.h:
24267 added UMASK and mode_t declaration
24275 now opens log file with mode 077
24279 saved current umask ans restores it
24283 added MAXLOGFILELEN
24287 split long log lines. FOr syslog, split into multiple entries, for
24288 a log file, indent the extra for readability
24291 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
24298 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
24301 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
24304 added input from Brett M Hogden <hogden@rge.com>
24307 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
24310 added rmenv() to remove stuff from environ. can now uses execvp()
24311 OR execve() becuase of this.
24315 now uses execvp() OR execve()
24331 moved some func decls out of sudo.h and into sudo.c as statics /.
24342 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
24348 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
24363 added sample.sudoers note
24370 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
24377 took out SAVED_UID garbage
24378 [b7c2d3469661] [SUDO_1_3_0]
24397 more verbose error if mailer not found
24401 now do getpwent as root for soem shadow password systems (bsdi)
24404 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
24407 took out SAVED_UID garbade
24411 took out SAVED_UID garbage since it don't work
24414 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
24421 added a missing space :-)
24425 took out multimax cruft
24437 fixed a typo + indentation
24440 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
24443 took outumoved some defines to the config file ,. ,.
24455 added HAS_SAVED_UID
24462 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
24468 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
24474 * check.c, logging.c, parse.c, sudo.c, sudo.h:
24475 now is only root when abs necesary
24482 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
24497 now removed _RLD_* for alphas
24501 updated for new config scheme
24505 more verbose eror messages
24508 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
24515 define __svr4__ for SOLARIS
24519 added svr4 junk for shadow pws for solaris 2.x
24523 took out setuid(0) and setreuid(udi) garbage. Its not needed since
24524 we start out setuid with the correct perms.
24527 * check.c, sudo.c, sudo.h:
24531 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
24534 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
24539 now uses ENV_EDITOR if you want to use the EDITOR envar
24543 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
24546 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
24549 rewrote most of this
24553 minor update + spell fix
24557 added all options that are in the Makefile
24561 now use USE_TERMIO #define for sgi & hpux
24568 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
24570 * check.c, find_path.c:
24571 always include strings.h
24579 sgi has vi in /usr/bin too
24586 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
24589 sue /usr/bin/vi on some systems
24593 fixed warning (include strings.h)
24597 added John_Rouillard@dl5000.bc.edu's changes (new features)
24601 changes from John_Rouillard@dl5000.bc.edu
24608 * check.c, find_path.c, parse.c, sudo.c:
24609 added patches from John_Rouillard directory spec
24613 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
24616 added flush for hpux
24619 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
24622 no longer assume malloc returns a char *
24626 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
24627 gets removed correctly
24631 added STD_HEADERS macro
24635 now uses STD_HEADERS macor for ansi
24639 now uses STD_HEADERS macro
24643 niceties for C compiler bitches -- no real change
24646 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
24649 now doesn't fclose a file never opened.
24652 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
24659 added error stuff added me in there...
24667 added blurb about reading stuff
24675 corrected somments and removed newlines
24687 added dec syslog note
24691 added real stuff in there
24702 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
24709 updated with changes
24720 * CHANGES, COPYING, INSTALL, README, TODO:
24725 updated version number and took out jeff's old addr since it is no
24729 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
24731 updated version number and took out jeff's email (since it is
24735 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
24741 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
24744 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
24747 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
24754 now sudo.h gets included first
24757 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
24768 hpux 9 fix, removes SHLIB_PATH linux patch
24775 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
24778 stat now ignores EINVAL
24781 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
24783 * find_path.c, sudo.c:
24784 now declare strdup as extern
24787 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
24790 reformatted with indent + by hand
24793 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
24794 used indent to "fix" coding style
24798 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
24799 move the code that does this into the loop body. makes it messier
24803 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
24806 redid the fix for non-executable files in an easier to read way plus
24807 some minor aethetic changes
24811 fixed bug with non-executable tings of same name in path introduced
24812 by checkig errno after stat(2).
24815 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
24818 fixed off by one error
24822 now handles decending below '/' correctly
24826 now actually builds Envp instead of munging envp
24829 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
24832 now includes sys/param.h
24836 now includes sys/param.h
24840 fixed ifndef -> ifdef
24844 make more like find_path.c
24848 rewritten by millert
24852 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
24853 about new defines in the comment
24861 added delc for clean_envp() and Envp
24865 now rips LD_* env vars out of envp and passed sanitized Envp to exec
24873 ENOTDIR is ok now too (in case part of the path is bogus)
24877 now works correctly (ttaltotal rewrite)
24881 now includes sys/param.h didn't match trailing / -- fix from
24885 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
24888 moved around the #ifndef _AIX
24891 * check.c, logging.c, parse.c:
24895 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
24901 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
24904 now works if you do sudo bin/test
24911 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
24921 * parse.lex, parse.yacc:
24925 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
24932 now spews error if exec fails and exits with -1
24940 now only execs files with (an) executable bit set.
24947 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>