-2008-12-14 17:40 millert
+2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * TODO: sync
+ * sudo.pp:
+ update copyright year
+ [edf691539a65] [tip] <1.7>
-2008-12-09 18:48 millert
+ * toke.c, toke.l:
+ Treat a missing includedir like an empty one and do not return an
+ error.
+ [9c770ff2d0bc] <1.7>
- * auth/pam.c: Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user
- enters ^C at the password prompt.
+2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-12-09 16:13 millert
+ * pp:
+ Fix ARCH setting in cross-compile Solaris packages.
+ [057d743bd1a2] <1.7>
- * configure.in, configure: Don't try to build sudo_noexec.so on
- HP-UX with the bundled compiler as it cannot generate shared
- objects.
+ * sudo.pp:
+ Fix aix version setting.
+ [1a2621321f5c] <1.7>
-2008-12-09 15:55 millert
+ * ldap.c:
+ Remove extraneous parens in LDAP filter when sudoers_search_filter
+ is enabled that causes a search error. From Matthew Thomas.
+ [7a5a2d021d32] <1.7>
- * glob.c, lbuf.c, tgetpass.c, emul/charclass.h: K&R compilation
- fixes
+2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-12-09 08:49 millert
+ * .hgtags:
+ Added tag SUDO_1_7_6 for changeset fafbb7b0aea2
+ [6f5c74a8a6ac] <1.7>
- * parse.c: Use tq_foreach_fwd when checking pseudo-commands to make
- it clear that we are not short-circuiting on last match. When
- pwcheck is 'all', initialize nopass to TRUE and override it with
- the first non-TRUE entry.
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ regen for 1.7.6
+ [fafbb7b0aea2] [SUDO_1_7_6] <1.7>
-2008-12-08 10:02 millert
+ * sudo.cat, sudo.man.in:
+ regen man pages for 1.7.6
+ [94d851285f31] <1.7>
- * parse.c: Do not short circuit pseudo commands when we get a match
- since, depending on the settings, we may need to examine all
- commands for tags.
+2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-12-03 15:58 millert
+ * configure, configure.in:
+ Fix warnings when -without-skey, --without-opie, --without-kerb4,
+ --without-kerb5 or --without-SecurID were specified.
+ [83a99d369286] <1.7>
- * sudoers.cat, sudoers.man.in: regen
+2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-12-03 15:57 millert
+ * NEWS:
+ Mention %#gid support in User_List and Runas_List
+ [8ff14765d7df] <1.7>
- * sudoers.pod: hostnames may also contain wildcards
+ * sudoers.pod:
+ Merge SETENV and NOSETENV description from 1.8
+ [dd44e79b53a0] <1.7>
-2008-12-03 15:40 millert
+2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: remove stamp-* files and linux core files in clean
- target
+ * testsudoers.c:
+ In dump-only mode, use "root" as the default username instead of
+ "nobody" as the latter may not be available on all systems.
+ [8082b8a1374c] <1.7>
-2008-12-02 12:30 millert
+2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure, configure.in, auth/sudo_auth.h: Use
- HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
+ * testsudoers.c:
+ Fix setting of user_args
+ [0669612feeb1] <1.7>
-2008-11-26 15:10 millert
+ * toke.c, toke.l:
+ Add '!' token to lex tracing
+ [7738d002a8d0] <1.7>
- * configure, configure.in: correctly enable SIA on Digital UNIX
+ * toke.c, toke.l:
+ Avoid using pre or post increment in a parameter to a ctype(3)
+ function as it might be a macro that causes the increment to happen
+ more than once.
+ [2d23161e06dc] <1.7>
-2008-11-25 20:06 millert
+2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * TODO: checkpoint
+ * sudo.pp:
+ Strip off the beta or release candidate version when building AIX
+ packages.
+ [246ebb79e64f] <1.7>
-2008-11-25 20:05 millert
+ * aix.c:
+ getuserattr(user, ...) will fall back to the "default" entry
+ automatically, there's no need to check "default" manually.
+ [dd233ca1092a] <1.7>
- * ChangeLog: sync
+2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-25 12:01 millert
+ * UPGRADE:
+ Document parser changes.
+ [f767c045e6c0] <1.7>
- * check.c, sudo.h, tgetpass.c: Even if neither stdin nor stdout are
- ttys we may still have /dev/tty available to us.
+ * testsudoers.c:
+ Add runasgroup support to testsudoers
+ [23f060665d23] <1.7>
-2008-11-24 10:09 millert
+ * testsudoers.c:
+ More useful exit codes:
+ * 0 - parsed OK and command matched.
+ * 1 - parse error
+ * 2 - command not matched
+ * 3 - command denied
+ [bda610d9f6da] <1.7>
- * sudoers.cat, sudoers.man.in: regen
+ * Makefile.in:
+ If there is an existing sudoers file, only install if it passes a
+ syntax check.
+ [189eaeea562e] <1.7>
-2008-11-24 10:08 millert
+ * sudoers.pod:
+ Document %#gid, and %:#nonunix_gid syntax.
+ [59e7df4c91e4] <1.7>
- * sudoers.pod: fix typos; Markus Lude
+ * pwutil.c:
+ Add support to user_in_group() for treating group names that begin
+ with a '#' as gids.
+ [3926017fbf95] <1.7>
-2008-11-24 07:08 millert
+2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * ChangeLog: sync
+ * aclocal.m4:
+ Quote first argument to AC_DEFUN(); from Elan Ruusamae
+ [a245e4891bab] <1.7>
+
+2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Use bitwise AND instead of modulus to check for length being odd. A
+ newline in the middle of a string is an error unless a line
+ continuation character is used.
+ [37a7f1fc54b7] <1.7>
-2008-11-23 19:42 millert
+ * gram.c, toke.c:
+ Add missing include of config.h
+ [b13da7baee1e] <1.7>
- * toke.c: regen
+ * gram.c, gram.y, toke.c, toke.l:
+ Move lexer globals initialization into init_lexer.
+ [b7c124212d05] <1.7>
+
+ * toke.c, toke.l:
+ Fix a potential crash when a non-regular file is present in an
+ includedir. Fixes bz #452
+ [f1209a710607] <1.7>
+
+ * pp:
+ On some Linux systems, "uname -p" contains detailed processor info
+ so check "uname -m" first and then "uname -p" if needed. Recognize
+ PLD Linux.
+ [83af85a391df] <1.7>
+
+ * toke.c, toke.l:
+ Make an empty group or netgroup a syntax error.
+ [e88aa7b31a43] <1.7>
+
+ * toke.c, toke.l:
+ Allow a group ID in the User_Spec.
+ [3e58bc732e33] <1.7>
+
+ * toke.c, toke.l:
+ Return an error for the empty string when a word is expected. Allow
+ an ID for per-user or per-runas Defaults.
+ [83bb1a9c80ad] <1.7>
+
+2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * testsudoers.c:
+ Fix printing "User_Alias FOO = ALL"
+ [8e6e810e89ce] <1.7>
+
+2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse_args.c:
+ Better error message about invalid -C argument
+ [fc14f8dc03d2] <1.7>
+
+ * NEWS:
+ fix typo
+ [f789649fdeaf] <1.7>
+
+ * sudoers.pod:
+ Fix placement of equal size ('=') in user specification summary.
+ [51861d678ac1] <1.7>
+
+2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.l:
+ If we match a rule anchored to the beginning of a line after parsing
+ a line continuation character, return an ERROR token. It would be
+ nicer to use REJECT instead but that substantially slows down the
+ lexer.
+ [f31c6622aaf9] <1.7>
+
+ * toke.c, toke.l:
+ Allow whitespace after the modifier in a Defaults entry. E.g.
+ "Defaults: username set_home"
+ [57c09139d10c] <1.7>
+
+2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Don't set CC when cross-compiling. Use the Sun Studio C compiler on
+ Solaris if possible.
+ [b91feb0678c1] <1.7>
+
+ * NEWS:
+ Credit Matthew Thomas for the sudoers_search_filter changes.
+ [4b3f239e114d] <1.7>
+
+ * NEWS:
+ Update for sudo 1.7.6 beta
+ [26cdd6578c23] <1.7>
+
+ * exec_pty.c:
+ Save the controlling tty process group before suspending in pty
+ mode. Previously, we assumed that the child pgrp == child pid
+ (which is usually, but not always, the case).
+ [670657004784] <1.7>
+
+ * ldap.c, sudoers.ldap.pod:
+ Add support for sudoers_search_filter setting in ldap.conf. This
+ can be used to restrict the set of records returned by the LDAP
+ query.
+ [c941bb5f68f2] <1.7>
+
+2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Remove the hack to disable -g in CFLAGS unless --with-devel
+ [933300bf3848] <1.7>
+
+ * sudoers.pod:
+ The '@' character does not normally need to be quoted.
+ [7e96569aed54] <1.7>
+
+ * toke.c, toke.l:
+ We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
+ if that whitespace is followed by a comma, we want to treat it as
+ part of a list and not transition.
+ [6dd87c25c79c] <1.7>
+
+ * Makefile.in:
+ toke_util.c lives in $(srcdir) not $(devdir)
+ [b1b59d72f026] <1.7>
+
+ * toke.c, toke.l:
+ Fix parsing of double-quoted names in Defaults and Aliases which was
+ broken in c2b486b12951.
+ [30b2fdbafdc2] <1.7>
+
+2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Document major changes for sudo 1.7.6
+ [d474a2aeb411] <1.7>
+
+ * configure, configure.in:
+ Update version to 1.7.6
+ [c1c80b99ed82] <1.7>
+
+ * match.c:
+ Be careful not to deref user_stat if it is NULL. This cannot
+ currently happen in sudo but might in other programs using the
+ parser.
+ [0926b1653e20] <1.7>
+
+ * mkpkg:
+ configure will not add -O2 to CFLAGS if it is already defined to add
+ -O2 to the CFLAGS we pass in when PIE is being used.
+ [a4444e287bcb] <1.7>
+
+ * sudoers.pod:
+ Warn about the dangers of log_input and mention iolog_dir in the
+ log_input and log_output descriptions.
+ [68c3615f7487] <1.7>
+
+ * pp:
+ Back out 2b81d57de4a4 and sync with git version
+ [5a2443567b9c] <1.7>
+
+ * exec.c:
+ Save the controlling tty process group before suspending so we can
+ restore it when we resume. Fixes job control problems on Linux
+ caused by the previous attemp to fix resuming a shell when I/O
+ logging not enabled.
+ [3e4e26b79f59] <1.7>
+
+ * exec.c:
+ In handle_signals(), restart the read() on EINTR to make sure we
+ keep up with the signal pipe. Don't return -1 on EAGAIN, it just
+ means we have emptied the pipe.
+ [5bcfe5a061c2] <1.7>
+
+ * lbuf.c:
+ Fix printing of the remainder after a newline. Fixes "sudo -l"
+ output corruption that could occur in some cases.
+ [41e5595f0559] <1.7>
+
+2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Fix default setting of osversion variable.
+ [c67d9d3bfa2b] <1.7>
+
+2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Add --osversion flag to specify OS instead of running "pp
+ --probeonly"
+ [550104604d4b] <1.7>
+
+ * sudo.pp:
+ Fix expr usage w/ GNU expr
+ [c2161988dec9] <1.7>
+
+2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-23 19:41 millert
+ * sudo.pp:
+ Don't use the beta or release candidate version as the rpm release.
+ [56f8c0b1eb46] <1.7>
+
+2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.l: Fix matching of a line that only consists of a comment
- char
+ * .hgtags:
+ Added tag SUDO_1_7_5 for changeset 9314212577c3
+ [75f9d661ea03] <1.7>
-2008-11-22 13:17 millert
+ * configure, configure.in:
+ version 1.7.5
+ [9314212577c3] [SUDO_1_7_5] <1.7>
- * auth/pam.c: MacOS pam will retry conversation function if it
- fails so just treat ^C as an empty password.
+2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ 1.7.5rc1
+ [216ab95b5de0] <1.7>
-2008-11-22 10:12 millert
+ * parse_args.c, sudo.c, sudo.pod, sudo_usage.h.in, sudoreplay.c,
+ sudoreplay.pod, visudo.c, visudo.pod:
+ add help text to sudo, visudo and sudoreplay for the -h option
+ [141d348c660b] <1.7>
- * visudo.c: When checking for alias use, also check defaults
- bindings.
+2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-22 10:01 millert
+ * snprintf.c:
+ avoid using "howmany" for a parameter name since it is a select-
+ related macro
+ [6b6c2d504103] <1.7>
- * redblack.c: unused var
+ * Makefile.in:
+ add localstatedir; closes bug 471
+ [a4778228ae54] <1.7>
+
+ * config.h.in, configure, configure.in, exec.c, exec_pty.c,
+ sudoreplay.c:
+ The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
+ Bug 470
+ [be5dff63ff5d] <1.7>
+
+ * exec.c:
+ SVR5 systems return non-zero for success on socketpair(), check for
+ -1 instead. Closes Bug 469
+ [13ac9d0e0934] <1.7>
-2008-11-22 09:42 millert
+2011-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/afs.c:
+ Move afs includes to be before sudo ones
+ [fbe0bdcf5798] <1.7>
+
+ * config.h.in, configure, configure.in:
+ No longer use vhangup
+ [9fce94512df9] <1.7>
- * redblack.c: Replace my rbdelete with Emin's version (which
- actually works ;-)
+2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-19 12:01 millert
+ * sudo_nss.c:
+ Avoid printing empty "Runas and Command-specific defaults for user"
+ line.
+ [3df2925f9982] <1.7>
+
+ * lbuf.c:
+ Truncate the buffer at buf.len before printing in the non-wordwrap
+ case.
+ [23a31b8d95b8] <1.7>
- * testsudoers.c: malloc debugging
+ * lbuf.c:
+ Remove extra newline when the tty width is very small or unavailable
+ [32fa0b3ea47a] <1.7>
-2008-11-19 07:37 millert
+2011-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: malloc options in devel mode for visudo too
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ 1.7.5b5
+ [0937b9bff020] <1.7>
-2008-11-18 10:57 millert
+ * pp:
+ don't remap numeric uids/gids to names; if the user specified and id
+ instead of a name, they probably mean it
+ [2b81d57de4a4] <1.7>
- * sudo.c: fix compilation on non-C99; from Theo
+2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-18 10:50 millert
+ * alias.c:
+ Remove unneeded variable.
+ [23329353f964] <1.7>
- * visudo.c: fix check_aliases
+2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-18 08:29 millert
+ * configure, configure.in:
+ Prefer getutxid over getutid
+ [e89811f0e4da] <1.7>
- * alias.c: when destroying an alias, free the correct data pointer
+ * boottime.c:
+ Include utmp.h / utmpx.h before missing.h as apparently including it
+ afterwards causes a compilation problem on GNU Hurd.
+ [d62781e31b27] <1.7>
+
+2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ 1.7.5b4
+ [4b8a9632fe59] <1.7>
+
+ * exec.c, missing.h, sudo.c, toke.h:
+ fix K&R compilation
+ [23ebea9c2183] <1.7>
+
+ * mksiglist.c:
+ Fix typo
+ [1587615a186f] <1.7>
+
+ * Makefile.in, toke.h, toke.l, toke_util.c:
+ Split tokenizer utility functions out into toke_util.c
+ [88148d0b9338] <1.7>
+
+ * alloc.c, bsm_audit.c, check.c, closefrom.c, sudo_nss.c, visudo.c:
+ Cosmetic changes to make diffing against trunk easier.
+ [95bdfcc29a22] <1.7>
+
+ * exec.c, exec_pty.c, mon_systrace.c, sudo.h, sudo_exec.h,
+ sudoreplay.c, tgetpass.c:
+ Use RETSIGTYPE for signal handlers.
+ [5ea1f34d1aab] <1.7>
-2008-11-18 07:54 millert
+ * sudo_exec.h:
+ Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
+ SIGUSR2 to indicate whether the child should be continued in the
+ foreground or background.
+ [9fec5a258d57] <1.7>
+
+2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * getspwuid.c:
+ Merge trunk version
+ [cd44ef67e57d] <1.7>
- * auth/sudo_auth.h: add proto for aixauth_cleanup; from Dale King
+ * exec_pty.c:
+ Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
+ SIGUSR2 to indicate whether the child should be continued in the
+ foreground or background.
+ [6305babcf6bd] <1.7>
+
+ * exec.c:
+ If perform_io() fails, kill the child before exiting so it doesn't
+ complain about connection reset. We can get an I/O error if, for
+ example, and we get EIO reading from stdin.
+ [ca28e0a25698] <1.7>
-2008-11-15 13:34 millert
+2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * error.c, fileops.c, fnmatch.c, getcwd.c, getprogname.c, gettime.c,
+ glob.c, isblank.c, memrchr.c, mksiglist.c, mkstemps.c, nanosleep.c,
+ setsid.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c,
+ strlcat.c, strlcpy.c, strsignal.c, sudo_noexec.c, sudoreplay.c,
+ utimes.c, vasgroups.c, zero_bytes.c:
+ Make local includes consistent; use double quotes for local includes
+ [ec9d52fff4b3] <1.7>
+
+2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: regen
+ * error.c, getprogname.c, memrchr.c, sigaction.c, strcasecmp.c,
+ strerror.c, strlcat.c, strlcpy.c, strsignal.c, zero_bytes.c:
+ Must include config.h before any other headers.
+ [3c23ec625df0] <1.7>
+
+ * aclocal.m4, configure:
+ fix --with-iologdir=no
+ [ef60ca8b3789] <1.7>
+
+ * aclocal.m4, configure:
+ fix typo that broke --with-iologdir
+ [fca175fdfd81] <1.7>
-2008-11-15 13:34 millert
+2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ sync for 1.7.5b3
+ [744e2e78ef5a] <1.7>
+
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ 1.7.5b3
+ [7a24576e35ac] <1.7>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Attempt to clarify how users and groups interact in Runas_Specs
+ [9e8c2fb328d0] <1.7>
+
+ * exec.c, exec_pty.c:
+ Do not handle SIGARLM specially, just pass it through.
+ [944978b640b5] <1.7>
+
+ * exec.c, exec_pty.c:
+ Pass SIGUSR1/SIGUSR2 through to the child.
+ [774506c977df] <1.7>
+
+ * exec.c:
+ Made tcsetpgrp() bits conditional on HAVE_TCSETPGRP
+ [386f69132ad4] <1.7>
+
+ * exec.c:
+ Use pid_t not int and check the return value of kill()
+ [5f15c3304a1d] <1.7>
+
+2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * exec.c:
+ In non-pty mode before continuing the child, make it the foreground
+ pgrp if possible. Fixes resuming a shell.
+ [dfaadefcc6c6] <1.7>
+
+ * exec_pty.c:
+ If we get a signal other than SIGCHLD in the monitor, pass it
+ directly to the child.
+ [7e638105bfaf] <1.7>
+
+ * exec.c, exec_pty.c, sudo.h:
+ Save signal state before changing handlers and restore before we
+ execute the command.
+ [83278957e630] <1.7>
+
+2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod, sudoers.pod, visudo.pod: standardize on the term
- 'option' for command line options (not flag)
+ * toke.c, toke.l:
+ match quoted strings the same way whether in a Defaults line or as a
+ user/group/netgroup name. Fixes escaped double quotes in quoted
+ user/group/netgroup names.
+ [c2b486b12951] <1.7>
-2008-11-14 06:18 millert
+ * iolog.c:
+ Use a char array to map a number to a base36 digit.
+ [d626ded3312d] <1.7>
- * INSTALL: Add note on configuring HP-UX pam
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Be clear about what versions of sudo support new LDAP attributes.
+ Fix up some formatting of attribute names. Minor other tweaks.
+ [f7bd586ec755] <1.7>
+
+2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers2ldif:
+ Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
+ [05a0d25b0f8d] <1.7>
+
+2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * UPGRADE:
+ Mention LDAP attribute compatibility status.
+ [adb74ad2331b] <1.7>
+
+2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ Mention phpQLAdmin
+ [5d80d6291142] <1.7>
+
+ * INSTALL, NEWS, config.h.in, configure, configure.in, defaults.c,
+ sudoers.man.in, sudoers.pod:
+ Add --disable-env-reset configure option.
+ [803ce2f4d85c] <1.7>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Document that sudoers_locale also affects logging and email.
+ [080dd4338374] <1.7>
+
+ * NEWS, config.h.in, configure, configure.in, logging.c:
+ Do logging and email sending in the locale specified by the
+ "sudoers_locale" setting ("C" by default). Email send by sudo
+ includes MIME headers when the sudoers locale is not "C".
+ [592e5b2a3d10] <1.7>
+
+2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, sudo.c:
+ Perform command escaping for "sudo -s" and "sudo -i" after
+ validating sudoers so the sudoers entries don't need to have all the
+ backslashes.
+ [7d39ea9924e4] <1.7>
+
+2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Prepend "list " to the command logged when "sudo -l command" is used
+ to make it clear that the command was listed, not run.
+ [9bcd40c1bfe9] <1.7>
+
+ * parse.c:
+ cosmetic change
+ [8ce3d60d910d] <1.7>
+
+ * aix.c, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
+ auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
+ auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
+ auth/securid.c, auth/securid5.c, auth/sia.c, bsm_audit.c, check.c,
+ defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c,
+ fnmatch.c, get_pty.c, getcwd.c, getline.c, getprogname.c,
+ getspwuid.c, gettime.c, glob.c, goodpath.c, gram.c, gram.y, iolog.c,
+ isblank.c, lbuf.c, ldap.c, list.c, logging.c, match.c, memrchr.c,
+ mkstemps.c, mon_systrace.c, nanosleep.c, parse.c, parse_args.c,
+ pwutil.c, redblack.c, set_perms.c, sigaction.c, snprintf.c,
+ strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
+ sudo_noexec.c, sudo_nss.c, sudoreplay.c, term.c, testsudoers.c,
+ tgetpass.c, timestr.c, toke.c, toke.l, tsgetgrpw.c, utimes.c,
+ vasgroups.c, visudo.c:
+ standardize on "return foo;" rather than "return(foo);" or "return
+ (foo);"
+ [e05dd17dcec4] <1.7>
-2008-11-11 13:28 millert
+ * NEWS:
+ sync
+ [bedc1e1bc7f8] <1.7>
- * check.c, sudo.c: Move tty checks into check_user() so we only do
- them if we actually need a password.
+ * sudo.c:
+ Do not reject sudoers file just because it is root-writable.
+ [26634f322b04] <1.7>
-2008-11-11 12:34 millert
+2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Don't error out if no tty or askpass unless we actually
- need to authenticate.
+ * NEWS:
+ sync
+ [c69b7537a020] <1.7>
+
+ * defaults.c:
+ When setting default iolog_dir, dynamically allocate the string.
+ [7ad2c0cbe865] <1.7>
-2008-11-10 15:20 millert
+ * sudo_nss.c:
+ For "sudo -U user -l" if user is not authorized on the host, say so.
+ [9eb5673f2f22] <1.7>
+
+ * ldap.c:
+ In sudo_ldap_lookup(), always do the initial sudoers check as the
+ invoking user. If we are listing another user's privs we will do a
+ separate lookup using list_pw later.
+ [9b3ab41de717] <1.7>
+
+2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * ChangeLog: regen
+ * sudoreplay.c:
+ change an error() to errorx()
+ [5a0409f6c52b] <1.7>
+
+ * sudoers.ldap.man.in, sudoers.ldap.pod:
+ Update copyright year to 2011
+ [8959c05dc270] <1.7>
+
+ * LICENSE, Makefile.in, aclocal.m4, check.c, configure.in, ldap.c,
+ match.c, pwutil.c, sudo_nss.c, sudoers.man.in, sudoers.pod, term.c:
+ Update copyright year to 2011
+ [6367fb76120e] <1.7>
+
+ * ldap.c:
+ Stash pointer to user group vector in LDAP handle and only reuse the
+ query if it has not changed. We always allocate a new buffer when
+ we reset the group vector so a simple pointer check is sufficient.
+ [c129d1acf7d6] <1.7>
+
+ * sudo_nss.c:
+ When listing, use separate lbufs for the defaults and the privileges
+ and only print something if the number of privileges is non-zero.
+ Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
+ [66aaa54f2865] <1.7>
+
+ * sudo_nss.c:
+ Check initgroups() return value.
+ [973a67304e3b] <1.7>
+
+2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ sync
+ [deb822cce3dd] <1.7>
+
+2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * term.c:
+ Clear, don't set, OPOST in c_oflag as was intended in e26055d17b72.
+ [eacd774c37c0] <1.7>
-2008-11-10 08:07 millert
+2011-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * pathnames.h.in, sudo.c: s/overriden/overridden/; from Tobias
- Stoeckmann
+ * sudo.c:
+ delref list_pw before exit
+ [0df5a53f3484] <1.7>
+
+2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, sudo.pp:
+ Add Requires line for audit-libs >= 1.4 for RHEL5+
+ [a1b544018f5b] <1.7>
+
+ * pp:
+ sync with git version
+ [eb187023bb73] <1.7>
-2008-11-09 15:18 millert
+2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c, WHATSNEW: check sudoers owner and mode in strict mode
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ fix typo
+ [075e92a756a1] <1.7>
-2008-11-09 09:15 millert
+2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * gram.c, toke.c: regen
+ * NEWS:
+ Update for sudo 1.7.4p5
+ [11cb87598478] <1.7>
-2008-11-09 09:13 millert
+ * schema.OpenLDAP, schema.iPlanet:
+ Add sudoNotBefore and sudoNotAfter attributes as optional attributes
+ to the sudoRole object class. From Andreas Mueller
+ [73357eb1b269] <1.7>
- * alias.c, alloc.c, closefrom.c, compat.h, defaults.c, defaults.h,
- env.c, fileops.c, gettime.c, gram.y, ins_csops.h, insults.h,
- interfaces.c, interfaces.h, lbuf.c, license.pod, list.c,
- logging.c, logging.h, parse.c, parse.h, pwutil.c, redblack.c,
- redblack.h, snprintf.c, sudo.c, sudo.pod, sudo_edit.c,
- sudo_nss.h, testsudoers.c, toke.l, tsgetgrpw.c, utimes.c,
- version.h, visudo.c, zero_bytes.c, LICENSE, sudoers.pod,
- visudo.pod, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
- auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
- auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
- sudo.man.in, sudoers.man.in, visudo.man.in: Update copyright
- years.
+2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-09 08:48 millert
+ * NEWS:
+ Mention "sudo -g group" password check fix.
+ [8299a2d939e8] <1.7>
- * fnmatch.c, glob.c, emul/charclass.h: add my copyright
+ * check.c:
+ If the user is running sudo as himself but as a different group we
+ need to prompt for a password.
+ [fe8a94f96542] <1.7>
-2008-11-08 10:40 millert
+2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l: The loop in fill_cmnd() was going one byte too
- far past the end, resulting in a NUL being written immediately
- after the buffer end.
+ * NEWS, config.h.in, configure, configure.in, ldap.c,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
+ LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
+ derived LDAP SDKs but we can pass the timeout parameter to
+ ldap_search_ext_s() or ldap_search_st() when possible.
+ [8f9303326db7] <1.7>
-2008-11-08 10:31 millert
+ * sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in:
+ regen
+ [d56ad7169e67] <1.7>
- * UPGRADE, WHATSNEW: add sections on tgetpass changes
+ * NEWS, ldap.c, sudoers.ldap.pod:
+ Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
+ with OpenLDAP ldap.conf files.
+ [85e33e42c008] <1.7>
-2008-11-08 10:30 millert
+ * pwutil.c:
+ If user has no supplementary groups, fall back on checking the group
+ file explicitly.
+ [c536ddb16bb6] <1.7>
- * tgetpass.c: Treat EOF w/o newline as an error.
+2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-07 17:42 millert
+ * NEWS:
+ update
+ [9f6e0ec3142a] <1.7>
- * parse.c: Fix "sudo -v" when NOPASSWD is set.
+ * Makefile.in:
+ Use "mv -f" when regenerating ChangeLog
+ [b322b5995e7f] <1.7>
-2008-11-07 12:45 millert
+ * match.c:
+ Fix NULL dereference with "sudo -g group" when the sudoers rule has
+ no runas user or group listed. Fixes RedHat bug Bug 667103.
+ [c51e2be737b2] <1.7>
- * auth/: bsdauth.c, fwtk.c, pam.c, sudo_auth.c, sudo_auth.h: No
- longer treat an empty password at the prompt as special. To quit
- out of sudo you now need to hit ^C at the password prompt.
+2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-06 21:07 millert
+ * term.c:
+ Clear OPOST from c_oflag like we used to. Fixes screen-based
+ editors such as vi.
+ [e26055d17b72] <1.7>
- * sudoers.cat, sudoers.man.in: regen
+ * sudoers.pod:
+ Clarify umask option description. From Reuben Thomas.
+ [fb8bdcb54feb] <1.7>
-2008-11-06 21:06 millert
+2010-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: Sudo
- will now refuse to run if no tty is present unless the new
- visiblepw sudoers flag is set.
+ * ldap.c, sudoers.ldap.pod:
+ Pick last match in LDAP sudoers too
+ [607801b83e25] <1.7>
-2008-11-05 19:42 millert
+2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * aix.c: just use RLIM_INFINITY for RLIM_SAVED_MAX if
- RLIM_SAVED_MAX not defined
+ * aclocal.m4, configure, configure.in, def_data.c, def_data.h,
+ def_data.in, defaults.c, iolog.c, sudoers.pod:
+ Make the iolog dir configurable in sudoers
+ [2630b2dba1b5] <1.7>
-2008-11-05 19:40 millert
+2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * aix.c: fix fallback value for RLIM_SAVED_MAX
+ * pp:
+ Add missing '*' that prevented the generic ELF case from matching.
+ [b35bbb42736f] <1.7>
-2008-11-05 19:14 millert
+ * pp:
+ If file(1) can't identify the ELF binary type, try readelf(1).
+ [8a73092d8898] <1.7>
- * auth/: aix_auth.c, sudo_auth.h: Move clearing of AUTHSTATE into
- aixauth_cleanup.
+2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-05 19:08 millert
+ * auth/kerb4.c, check.c, env.c, pwutil.c, sudo.c:
+ Use %u to print uid/gid, not %lu and adjust casts to match.
+ [e4eb94705a54] <1.7>
- * env.c, auth/aix_auth.c: Unset AUTHSTATE after calling
- authenticate() as it may not be correct for the user we are
- running the command as.
+ * NEWS:
+ Update with latest changes
+ [2c4209b20e3d] <1.7>
-2008-11-05 19:05 millert
+ * sudoers.ldap.pod:
+ Clarify ordering of entries and attributes
+ [598748ec3804] <1.7>
- * isblank.c: Add isblank() function for systems without it. Needed
- for POSIX character class matching in fnmatch.c and glob.c.
+ * sudoers.ldap.pod:
+ Fix typo and editing goof.
+ [197a2fe65be5] <1.7>
-2008-11-05 11:02 millert
+ * ldap.c:
+ Make sure we don't dereference a NULL handle.
+ [b0026541de1e] <1.7>
- * TROUBLESHOOTING: expound on sudo and cd
+2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-04 15:52 millert
+ * pp:
+ Add support for RHEL 6 file modes that include a trailing dot on
+ files with an SELinux security context
+ [fcc1daaf4df0] <1.7>
- * ChangeLog: regen
+2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-04 15:46 millert
+ * sudoers.pod:
+ fix typo; from Michael T Hunter
+ [46e70e2063af] <1.7>
- * sudoers.cat, sudoers.man.in: regen
+ * match.c:
+ In sudoedit mode, assume command line arguments are paths and pass
+ FNM_PATHNAME to fnmatch().
+ [6087ba0064ff] <1.7>
-2008-11-04 15:45 millert
+2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: mention defauts parse order
+ * configure, configure.in:
+ Add workaround for an error in sys/types.h on HP-UX 11.23 when large
+ file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
+ broken bits of the header file.
+ [12da5b3249a3] <1.7>
-2008-11-03 13:19 millert
+ * aclocal.m4:
+ Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
+ [c0105d26574a] <1.7>
- * Makefile.in, aclocal.m4, compat.h, configure: Add isblank()
- function for systems without it. Needed for POSIX character
- class matching in fnmatch.c and glob.c.
+ * testsudoers.c, tsgetgrpw.c, tsgetgrpw.h:
+ Avoid conflicts with system definitions in grp.h and pwd.h
+ [a152522c9f13] <1.7>
-2008-11-03 12:54 millert
+ * sudo.pp:
+ For Tru64, strip off beta version.
+ [a16213ec9c27] <1.7>
- * Makefile.in: add emul/charclass.h to HDRS
+ * zlib/gzguts.h:
+ Include stdio.h after zlib.h, not before. We need the large file
+ defines to come first.
+ [389ea592d6c2] <1.7>
-2008-11-02 14:08 millert
+2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * TODO: checkpoint
+ * ldap.c:
+ Enlarge the array of entry wrappers int blocks of 100 entries to
+ save on allocation time. From Andreas Mueller
+ [db8da143e803] <1.7>
-2008-11-02 14:06 millert
+ * ldap.c:
+ Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
+ that was mistakenly dropped.
+ [f6f1103f9971] <1.7>
- * parse.c, defaults.c, testsudoers.c, visudo.c: Move
- update_defaults into defaults.c and call it properly from visudo
- and testsudoers.
+2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-02 09:51 millert
+ * TROUBLESHOOTING:
+ Mention that sudo needs "ar" to build.
+ [eef95d0abfbe] <1.7>
- * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c,
- tgetpass.c, tsgetgrpw.c: use zero_bytes() instead of memset() for
- consistency
+ * configure, configure.in:
+ Fail with a more useful error if "ar" is not found.
+ [1ef3c8501bf5] <1.7>
-2008-11-02 09:45 millert
+2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c,
- tgetpass.c, visudo.c: Zero out sigaction_t before use in case it
- has non-standard entries.
+ * ldap.c:
+ Reorder things to avoid most of the extra prototypes.
+ [0541a55deb86] <1.7>
-2008-11-02 09:35 millert
+ * ldap.c:
+ Inline sudo_ldap_result_get_entry(), it is always called in
+ situations where the bounds are already checked.
+ [fa65cf4eaf5e] <1.7>
- * match.c: quiet gcc
+ * ldap.c:
+ Add user_matches and host_matches to struct ldap_result and set them
+ in sudo_ldap_result_get() which is where the user and host checks
+ live. When iterating through the ordered results, take the first
+ match. Remove allowed flag from struct ldap_entry_wrapper, we just
+ use first match.
+ [9a008cd81685] <1.7>
-2008-11-02 09:28 millert
+2010-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: Short circuit glob() checks if basename(pattern) !=
- basename(command). Refactor code that checks for a command in a
- directory and use it in the glob case if the resolved pattern
- ends in a '/'.
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ Bump version and regen man pages
+ [918433185f26] <1.7>
-2008-11-01 09:20 millert
+ * ldap.c, schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet,
+ sudoers.ldap.pod:
+ Merge in ordered LDAP entry support from Andreas Mueller.
+ [21b8071c2f28] <1.7>
- * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c: Defer
- setting runas defaults until after runaspw/gr is setup.
+2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-10-29 13:26 millert
+ * ldap.c, schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet,
+ sudoers.ldap.pod:
+ Add timed entry support from Andreas Mueller.
+ [10b121c46a1c] <1.7>
- * match.c, sudo.c, testsudoers.c: Use MAXHOSTNAMELEN+1 when
- allocating host/domain name since some systems do not include
- space for the NUL in the size. Also manually NUL-terminate
- buffer from gethostname() since POSIX is wishy-washy on this.
+ * ldap.c:
+ Use efree() not free() and remove malloc.h include since we never
+ directly call malloc() or free().
+ [f2184b2a0646] <1.7>
-2008-10-26 17:13 millert
+2010-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c, sudoers.pod: When setting the umask, use the union of the
- user's umask and the default value set in sudoers so that we
- never lower the user's umask when running a command.
+ * Makefile.in, getdate.c, gram.c, toke.c:
+ Include config.h before any other includes to make sure we get the
+ right value for _FILE_OFFSET_BITS.
+ [5a8c12426942] <1.7>
-2008-10-26 16:43 millert
+2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Don't try to read from a zero-length sudoers file.
- Remove the bogus Solaris work-around for EAGAIN. Since we now
- use fgetc() it should not be a problem.
+ * sudo.pp:
+ set PSTAMP for Solaris and move the backend-specific bits to their
+ own %if [xxx] %endif blocks in %set.
+ [0d93cb5d009a] <1.7>
-2008-10-25 09:22 millert
+ * pp:
+ sync with git repo
+ [e052d78dde35] <1.7>
- * parse.c: In update_defaults() check the return value of
- user*_matches against ALLOW so we don't inadvertantly match on
- UNSPEC.
+2010-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-10-24 09:52 millert
+ * Makefile.in:
+ remove zlib/zconf.h for distclean
+ [5cf14594d014] <1.7>
* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
- sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
- regen man pages; no more hyphenation
-
-2008-10-24 09:49 millert
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen man pages for 1.7.5
+ [29253a721cfd] <1.7>
- * sudo.c: Don't error out on a zero-length sudoers file. With the
- advent of #include the user could create a situation where sudo
- is unusable.
+ * configure:
+ regen
+ [5b09c0dd9279] <1.7>
-2008-10-23 12:06 millert
+ * NEWS:
+ Update 1.7.5 entries.
+ [73a7b2c01db4] <1.7>
+
+2010-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Include zlib in the tar file.
+ [3b7900c3f2af] <1.7>
+
+2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Better --enable-zlib description
+ [0ca9936a7271] <1.7>
+
+ * mkpkg:
+ Use system zlib on Linux Let configure decide on Solaris For all
+ others, use builtin zlib
+ [58e1b4383b58] <1.7>
+
+ * LICENSE, Makefile.in, config.h.in, configure, configure.in,
+ license.pod, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
+ zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
+ zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
+ zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
+ zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
+ zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
+ zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
+ Add local copy of zlib for systems that lack it.
+ [060627a4a413] <1.7>
+
+2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Don't overwrite ChangeLog if we can't run hg
+ [8cad8bfce9ee] <1.7>
- * config.h.in, configure, configure.in, auth/kerb5.c: Newer heimdal
- has 2-argument krb5_get_init_creds_opt_free() like MIT krb5.
- Really old heimdal has no krb5_get_init_creds_opt_alloc() at all.
- Add configure tests to handle all the cases.
+ * configure, configure.in:
+ HP-UX 10.20 libc has an incompatible getline()
+ [6ae1631c6993] <1.7>
-2008-10-08 17:28 millert
+ * visudo.c:
+ Quiet an HP-UX compiler warning.
+ [b8eb3006d68b] <1.7>
- * sudo.pod: resort ENVIRONMENT
+2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-10-08 17:09 millert
+ * pp:
+ Don't use run_as_superuser=false on HP-UX
+ [2a9ec2750082] <1.7>
- * sudoers.pod: document sudoers_locale
+ * pp:
+ Update from git repo. Debian: version numbers now compliant with
+ policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
+ 10.20
+ [cfe38672e358] <1.7>
-2008-10-08 16:56 millert
+ * configure, configure.in:
+ Go back to checking whether the compiler is ANSI C when detecting
+ the HP-UX bundled C compiler.
+ [563ef7333662] <1.7>
- * sudo.pod, sudo_edit.c: add SUDO_EDITOR variable that sudoedit
- uses in preference to VISUAL or EDITOR
+ * configure, configure.in:
+ Fix syntax error
+ [96048f77d772] <1.7>
-2008-10-08 14:27 millert
+ * auth/pam.c:
+ If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
+ useful message and return AUTH_FATAL so sudo does not keep trying to
+ validate the user.
+ [fffa5e51ac47] <1.7>
- * toke.c, toke.l: In fill_cmnd(), collapse any escaped
- sudo-specific characters. Allows character classes to be used in
- pathnames.
+2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-10-03 16:02 millert
+ * exec_pty.c:
+ don't need ws_col here
+ [049b4ef9c9ce] <1.7>
- * lbuf.c: fix typo in non-C89 function declaration
+ * check.c:
+ Having a timestamp file defined is no longer indicative of tty
+ tickets being enabled. Check def_tty_tickets directly.
+ [6c3803c239d9] <1.7>
+
+ * exec_pty.c, lbuf.c:
+ Fix TCGETWINSZ compat.
+ [62233ba46ec7] <1.7>
+
+2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-10-03 15:56 millert
+ * exec_pty.c, lbuf.c:
+ Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
+ [0813e3030b1a] <1.7>
- * sudoers.pod: Mention POSIX characters classes now that out
- fnmatch() and glob() support them.
+2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-10-03 15:55 millert
+ * set_perms.c:
+ Sync set_project() with trunk.
+ [646fd9bc0537] <1.7>
- * sample.sudoers, sudoers.pod: Replace [A-z] (which won't match in
- UTF8) with [A-Za-z] which is locale agnostic.
+ * ldap.c:
+ When iterating over returned LDAP entries, keep looking at remaining
+ matches even if we have a positive match. This catches negative
+ matches that may exist in other entries and more closely match the
+ sudoers file behavior.
+ [8dce1dedb967] <1.7>
+
+ * pp:
+ Add support for multiple package instances on Solaris.
+ [5bcc048375db] <1.7>
+
+ * set_perms.c, sudo.c:
+ Move set_project() into runas_setup(). Fixes a NULL deref when
+ project support is enabled and sudo's -g flag is used without the
+ -u flag.
+ [6ffd892243ab] <1.7>
+
+ * exec.c:
+ Add missing signal_pipe[0] to fdsr for the non-pty case.
+ [3398af88db51] <1.7>
+
+ * mkpkg:
+ Add --with-project for Solaris
+ [25bd2aa83884] <1.7>
+
+ * README:
+ Need ar and ranlib too
+ [d09e632d0a93] <1.7>
-2008-10-03 10:02 millert
+2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.h: use __signed char if we are going to assign a negative
- value since on Power, char is unsigned by default
+ * env.c:
+ Preserve ODMDIR environment variable by default on AIX.
+ [75266d18e4a7] <1.7>
-2008-10-03 09:59 millert
+2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in, config.h.in: Add tests for __signed char
- and signed char.
+ * linux_audit.c:
+ Ignore ECONNREFUSED from audit_log_user_command() which will occur
+ if auditd is not running.
+ [a686884684ca] <1.7>
-2008-10-03 09:19 millert
+2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * aix.c: Fix AIX limit setting. getuserattr() returns values in
- disk blocks rather than bytes. The default hard stack size in
- newer AIX is RLIM_SAVED_MAX. From Dale King.
+ * pp:
+ Sync with git version
+ [9a328aa25c53] <1.7>
-2008-09-26 17:13 millert
+2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * fnmatch.c, glob.c, emul/charclass.h: Add character class support
- to included glob(3) and fnmatch(3).
+ * defaults.c, fileops.c:
+ Cast isblank argument to unsigned char.
+ [64b9f3bed954] <1.7>
-2008-09-16 08:28 millert
+2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * emul/fnmatch.h: Remove UCB advertising clause and some
- compatibility defines.
+ * INSTALL, config.h.in, configure, configure.in, defaults.c,
+ sudoers.cat, sudoers.man.in, sudoers.pod:
+ Implement --with-umask-override configure flag.
+ [5065008079df] <1.7>
-2008-09-14 16:07 millert
+ * env.c:
+ Take MODE_LOGIN_SHELL into account when initially setting reset_home
+ instead of special-casing it later.
+ [25e6b8419dea] <1.7>
- * sudo_edit.c: Check EDITOR/VISUAL to make sure sudoedit is not
- re-invoking itself or sudo. This allows one to set EDITOR to
- sudoedit without getting into an infinite loop of sudoedit
- running itself until the path gets too big.
+ * sudo.c:
+ In login mode, make a copy of the runas user's pw_shell for
+ NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
+ freed before exec.
+ [4a0851a7688a] <1.7>
-2008-09-13 20:45 millert
+ * env.c:
+ Reset HOME for "sudo -i" even if HOME was listed in env_keep.
+ [8dc31006a428] <1.7>
- * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c: Add
- sudoers_locale Defaults option to override the default sudoers
- locale of "C".
+ * sudo.c:
+ Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
+ [8751ef94b18d] <1.7>
-2008-09-13 14:09 millert
+ * sudo.c:
+ Reset signal mask at sudo startup time; we need to be able to rely
+ on normal signal delivery to control the child process.
+ [c986a4b6a942] <1.7>
- * sudo.c: Set locale to system default except for during sudoers
- parse.
+ * sigaction.c:
+ Fix SIG_UNBLOCK emulation
+ [f14264f8a0da] <1.7>
-2008-09-12 09:34 millert
+2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: Redo change in 1.34 to use pointer arithmetic.
+ * install-sh:
+ Use sed instead of expr to split a flag from its argument. Fixes a
+ problem with expr interpreting its arguments as a flag when they
+ start with a dash.
+ [16372da8a286] <1.7>
-2008-09-11 07:06 millert
+ * lbuf.c:
+ Back out rev e165f67d3127
+ [e9b70079698d] <1.7>
+
+ * lbuf.c:
+ Include sys/time.h for utimes() and struct timeval.
+ [e165f67d3127] <1.7>
- * match.c: Fix a dereference (read) of a freed pointer. Reported
- by Patrick Williams.
+ * snprintf.c:
+ Quiet bogus compiler warnings.
+ [176fceb8db3c] <1.7>
-2008-08-23 19:09 millert
+ * missing.h:
+ Declare innetgr() for HP-UX which is missing a declaration. Declare
+ domainname() for HP-UX and Solaris which are missing a declaration.
+ [0b4c1296d4da] <1.7>
- * sudo.c: Set locale to "C" to avoid interpretation issues with
- character ranges in sudoers. May want to make the locale a
- sudoers option in the future.
+ * bsm_audit.c:
+ Use __sun for consistency with the rest of the sources.
+ [8f0db6350b3a] <1.7>
-2008-08-20 07:45 millert
+ * pwutil.c:
+ Don't try to delref a NULL group.
+ [57e94fc5df3e] <1.7>
- * config.h.in: we no longer use setproctitle
+ * alloc.c, lbuf.c:
+ Include memory.h on systems that need it.
+ [e43d8d8a0008] <1.7>
-2008-08-20 07:41 millert
+2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.h: remove #if 1
+ * exec.c:
+ Quiet gcc warnings on glibc systems that use warn_unused_result for
+ write(2).
+ [f22696affc78] <1.7>
-2008-08-20 07:40 millert
+2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * LICENSE, mkstemp.c: Use my replacement mkstemp() from the mktemp
- package.
+ * NEWS, README, configure, configure.in:
+ Update for sudo 1.7.5
+ [62ed8c6cb7c2] <1.7>
-2008-07-12 08:53 millert
+ * exec.c, exec_pty.c, list.c, list.h, sudo_exec.h:
+ Instead of using a array to store received signals, open a pipe and
+ have the signal handler write the signal number to one end and
+ select() on the other end. This makes it possible to handle signals
+ similar to I/O without race conditions.
+ [2d9dd09a9fce] <1.7>
+
+ * INSTALL:
+ --with-iologdir not --enable-iologdir
+ [457471aaeda6] <1.7>
+
+2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c, visudo.pod:
+ Make "visudo -c -f -" check the standard input.
+ [8ed46ff3141a] <1.7>
+
+ * sudoers.pod:
+ set_home and always_set_home have an effect if HOME is present in
+ the env_keep list.
+ [a2b26d62176d] <1.7>
- * gram.c: regen with yacc skeleton bug fixed
+ * env.c:
+ Make -H flag work when HOME is listed in env_keep. Also makes
+ "set_home" and "always_set_home" override override HOME in env_keep.
+ [91d842b6adc6] <1.7>
-2008-07-12 08:48 millert
+2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * bsm_audit.c:
+ Solaris BSM audit return EINVAL when auditing is not enabled,
+ whereas OpenBSM returns ENOSYS.
+ [bb9c94a8fa7d] <1.7>
- * sudoers.pod: Remove duplicate "as root". From Martin Toft.
+2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-07-02 06:27 millert
+ * toke.c, toke.l:
+ Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
+ [0a5519756bf1] <1.7>
- * pwutil.c, sudo.c, testsudoers.c, sudo.h: Flesh out the fake
- passwd entry used for running commands as a uid not listed in the
- passwd database. Fixes an issue with some PAM modules.
+ * sudo.c:
+ Set NewArgv[0] to the name of the pseudo-command we are running.
+ Fixes a problem with "sudo -l" when auditing is enabled and the user
+ is not allowed to run any commands on the host. Adapted from a patch
+ from Daniel Kopecek.
+ [694ed1a75a4a] <1.7>
-2008-07-01 07:57 millert
+ * sudo.c:
+ Update comment to reality.
+ [de302f39566b] <1.7>
- * sudo.c: Error out in -i mode if the user has no shell. This can
- happen when running commands as a uid with no password entry.
+ * missing.h:
+ Need stdio.h for FILE *, not just NULL.
+ [77cf303f5696] <1.7>
-2008-06-26 07:49 millert
+2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l: Better fix for line continuation inside double
- quotes. Now accepts whitespace between the backslash and the
- newline like the main lexer.
+ * match.c:
+ When matching the runas user and runas group (-u and -g command line
+ options), keep track of runas group and runas user matches
+ separately. Only return a positive match if we have a match for
+ both runas user and runas group (if specified).
+ [68d30216c13a] <1.7>
-2008-06-25 14:31 millert
+2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l: Fix line continuation in strings. It was only
- being honored if preceded by whitespace.
+ * ldap.c, parse.c:
+ Do not return -1 on error from the display functions; the call
+ expects a return value >= 0.
+ [e50e6ae4d06d] <1.7>
-2008-06-22 16:19 millert
+ * ldap.c:
+ display_bound_defaults now returns a count so make the stub return
+ 0, not 1.
+ [97293ced4908] <1.7>
- * config.h.in, configure, configure.in, logging.c: Replace the
- double fork with a fork + daemonize.
+ * fnmatch.c:
+ Add #include of sys/types.h for .c files that include missing.h to
+ be sure that size_t and ssize_t are defined.
+ [a4f3070d0a2b] <1.7>
-2008-06-21 14:59 millert
+2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c, sudo.c: The -i flag should imply env_reset. This got
- broken in sudo 1.6.9.
+ * get_pty.c:
+ It looks like AIX doesn't need to push STREAMS modules for ptys.
+ [62c281fcd4ad] <1.7>
-2008-06-20 20:34 millert
+2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c, sudo.c, sudo_edit.c, visudo.c: Change how the mailer
- is waited for. Instead of having a SIGCHLD handler, use the
- double fork trick to orphan the child that opens the pipe to
- sendmail. Fixes a problem running su on some Linux distros.
+ * error.c, getprogname.c, isblank.c, missing.h, mksiglist.c,
+ sigaction.c, strerror.c, strsignal.c, sudo_noexec.c:
+ Add #include of sys/types.h for .c files that include missing.h to
+ be sure that size_t and ssize_t are defined.
+ [2ffbbb12f322] <1.7>
-2008-06-20 17:16 millert
+ * Makefile.in:
+ Install sudoers file from the build dir not hte src dir.
+ [a26afd8db531] <1.7>
- * configure, configure.in: Fix configure test for dirfd() on Linux
- where DIR is opaque.
+2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-06-17 17:42 millert
+ * set_perms.c:
+ If runas_pw changes, reset the stashed runas aux group vector.
+ Otherwise, if runas_default is set in a per-command Defaults
+ statement, the command runs with root's aux group vector (i.e. the
+ one that was used when locating the command).
+ [24a695707b67] <1.7>
- * tgetpass.c: Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If
- QNX still has this problem we'll need to revisit this again.
+ * Makefile.in:
+ Add target to generate sudoers file Remove generated sudoers file as
+ part of distclean
+ [448627fc35b6] <1.7>
-2008-06-10 21:13 millert
+2010-08-23 millert <millert@rh4-x86.home.courtesan.com>
- * logging.c: Ignore SIGPIPE instead of blocking it when piping to
- the mailer. If we only block the signal it may be delivered
- later when we unblock. Also, there is no need to block SIGCHLD
- since we no longer do the double fork. The normal SIGCHLD
- handler is sufficient.
+ * exec.c:
+ When not logging I/O install a handler for SIGCONT and deliver it to
+ the command upon resume. Fixes bugzilla #431
+ [e84690aa67bd] <1.7>
-2008-06-08 17:37 millert
+2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Add description for NO_PAM_SESSION, from
- a redhat patch.
+ * sudo.c, sudo.h:
+ g/c unused auth_pw global
+ [e30778d73c0b] <1.7>
-2008-06-06 09:36 millert
+ * check.c, sudo.c:
+ Move get_auth() into check.c where it is actually used.
+ [3130e37787af] <1.7>
+
+ * sudo.c:
+ Don't need to fork and wait when compiled with --disable-pam-session
+ [2ae1bbe4437a] <1.7>
- * sudo.cat, sudo.man.in, sudo.pod: Fix typos in -i usage
+2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lbuf.c:
+ Convert a remaining puts() and putchar() to use the output function.
+ [d68c213feb0f] <1.7>
+
+2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Replace sudoers with sudoers.in in DISTFILES
+ [616509f85d6c] <1.7>
-2008-05-18 13:54 millert
+ * env.c:
+ Set dupcheck to TRUE when setting new HOME value if !env_reset but
+ always_set_home is true. Prevents a duplicate HOME in the
+ environment (old value plus the new one) introduced in 9f97e4b43a4b.
+ [2672ae047984] <1.7>
- * configure, configure.in: Redo the test for dgettext() in a way
- that hopefully will work around the libintl_dgettext() undefined
- problem.
+ * configure, configure.in, sudoers, sudoers.in:
+ Substitute sysconfdir in the installed sudoers file to get the
+ correct path for sudoers.d.
+ [ab14a68e546f] <1.7>
-2008-05-11 09:21 millert
+2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * boottime.c, get_pty.c:
+ Fix typos that prevented compilation on Irix; Friedrich Haubensak
+ [a3e6c5a66890] <1.7>
- * schema.ActiveDirectory: change filename in comment
+2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, aix.c, audit.c, boottime.c, compat.h, error.c,
+ fnmatch.c, getcwd.c, getdate.c, getdate.y, getline.c, getprogname.c,
+ gettime.c, glob.c, isblank.c, linux_audit.c, memrchr.c, missing.h,
+ mksiglist.c, nanosleep.c, sesh.c, setsid.c, sigaction.c, snprintf.c,
+ strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.h,
+ sudo_noexec.c, sudoreplay.c, timestr.c, utimes.c, vasgroups.c,
+ zero_bytes.c:
+ Merge compat.h and missing.h into missing.h
+ [905905c7a8f0] <1.7>
-2008-05-10 09:18 millert
+2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ If the user hits ^C while a password is being read, error out before
+ reading any further passwords in the pam conversation function.
+ Otherwise, if multiple PAM auth methods are required, the user will
+ have to hit ^C for each one.
+ [c8f6bc58fd86] <1.7>
+
+2010-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * exec.c:
+ Fix waitpid() loop termination condition.
+ [97719b3259f2] <1.7>
+
+ * exec_pty.c:
+ Use sudo_waitpid() instead of bare waitpid()
+ [624a40269189] <1.7>
+
+2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Set pp_kit_version and strip off patchlevel
+ [814c87778567] <1.7>
+
+ * sudo.pp:
+ Better handling of versions with a patchlevel. For rpm and deb, use
+ the patchlevel+1 as the release. For AIX, use the patchlevel as the
+ 4th version number. For the rest, just leave the patchlevel in the
+ version string.
+ [d18ef30f0a72] <1.7>
+
+2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.c:
+ For non-standalone auth methods, stop reading the password if the
+ user enters ^C at the prompt.
+ [59d2b1328d1e] <1.7>
+
+ * configure, configure.in:
+ Don't print getspwuid as an auth method.
+ [d35cf4628d9a] <1.7>
+
+ * Makefile.in, auth/passwd.c, auth/secureware.c, auth/sudo_auth.c,
+ auth/sudo_auth.h, configure, configure.in, pwutil.c:
+ No need to look up shadow password unless we are doing password-
+ style authentication. This moves the shadow password lookup to the
+ auth functions that need it.
+ [10a85eebbf4c] <1.7>
+
+ * check.c:
+ When removing/resetting the timestamp file ignore the tty ticket
+ contents.
+ [8b285f601ec0] <1.7>
+
+2010-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ delref sudo_user.pw, runas_pw and runas_gr immediately before we
+ exec.
+ [220be2de2f31] <1.7>
+
+ * sudo.c:
+ Move calls to sudo_endgrent() and sudo_endpwent() to be after
+ set_perms(), which may do passwd or group lookups.
+ [883f0db94fd4] <1.7>
+
+2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ Make sure we don't try to delref NULL.
+ [19bc5a47db06] <1.7>
+
+ * pwutil.c:
+ Add missing delref in user_in_group()
+ [fafb278f47a6] <1.7>
+
+ * sudo.c:
+ delref the old runas group in set_runasgr()
+ [0a7dd113cb1f] <1.7>
+
+ * match.c:
+ Repair usergr_matches() return value broken in last checkin.
+ [460b7b6ca2ce] <1.7>
+
+ * check.c, get_pty.c, glob.c, ldap.c, match.c, pwutil.c, sudo.c,
+ sudo.h:
+ Reference count cached passwd and group structs. The cache holds
+ one reference itself and another is added by sudo_getgr{gid,nam} and
+ sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
+ group structs are persistent for now.
+ [e414c67e11fd] <1.7>
+
+ * UPGRADE:
+ Fix typo
+ [0f443aa22e96] <1.7>
+
+2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ Do not produce a warning for "sudo -k" if the ticket file does not
+ exist.
+ [eeaaa73d7f5b] <1.7>
+
+ * pwutil.c:
+ Instead of caching struct passwd and struct group in the red-black
+ tree, store a struct cache_item which includes both the key and
+ datum. This allows us to user the actual name that was looked up as
+ the key instead of the contents of struct passwd or struct group.
+ This matters because the name in the database may not match what we
+ looked up, due either to case folding or truncation (historically at
+ 8 characters). Also mark the disabled calls to sudo_freepwcache()
+ and sudo_freegrcache() as broken since we use cached data for things
+ like set_perms() and the logging functions. Fixing this would
+ require making a copy of the structs for user and runas or adding a
+ reference count (better).
+ [2c1d8ec4fa5f] <1.7>
+
+ * check.c, exec_pty.c, get_pty.c, logging.c, sudoreplay.c, tgetpass.c,
+ visudo.c:
+ Quiet gcc warnings on glibc systems that use warn_unused_result for
+ write(2) and others.
+ [5faf88695c66] <1.7>
+
+2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Add %option noinput
+ [8a5e05d6f71f] <1.7>
+
+ * aclocal.m4, configure:
+ Add cross-compile defaults for remaining AC_TRY_RUN usage.
+ [fb88d22eabc6] <1.7>
+
+2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, config.h.in, configure, configure.in, snprintf.c:
+ Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
+ and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
+ [5e7cc557a46e] <1.7>
+
+2010-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgtags:
+ Added tag SUDO_1_7_4 for changeset 2920a3b9d568
+ [e929004d5102] <1.7>
+
+ * pp:
+ Debian: Remove dots from decoded release number AIX: looser matching
+ of file command output for AIX 5.1
+ [2920a3b9d568] [SUDO_1_7_4] <1.7>
+
+ * .hgtags:
+ Added tag SUDO_1_7_4 for changeset 0d844aa34c1d
+ [cf65ddcec602] <1.7>
+
+2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * exec_pty.c:
+ exec_monitor is static
+ [0d844aa34c1d] <1.7>
+
+ * pp:
+ Update to latest version
+ [7b8a00defbd6] <1.7>
+
+2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Let pp determine pp_aix_version itself.
+ [c5ee7944af03] <1.7>
+
+ * INSTALL, config.h.in, configure, configure.in, mkpkg, sudo.c:
+ Add support for Ubuntu admin flag file and enable it when building
+ Ubuntu packages.
+ [2d97501cda0c] <1.7>
+
+ * sudo.pp, sudoers:
+ Add commented out SuSE-like targetpw settings
+ [f4ad331ace46] <1.7>
+
+ * configure, configure.in:
+ Only try to use +DAportable for non-GCC on hppa Check the value of
+ $pic_flag insteaf of whether the compiler is ANSI C when detecting
+ the HP-UX bundled C compiler.
+ [654da0091c16] <1.7>
+
+ * configure, configure.in:
+ Prevent configure from adding the -g flag unless in devel mode
+ [e3c11f228c56] <1.7>
+
+2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Go back to sudo-flavor to match existing packages and only use an
+ underscore for those that need it.
+ [1f78ecf3b990] <1.7>
+
+ * sudo.pp:
+ Use sudo_$flavor instead of sudo-$flavor since that causes the least
+ amount of trouble for the various package managers.
+ [7e1e07115788] <1.7>
+
+ * mkpkg:
+ Fix handling of the ldap flavor Remove destdir unless --debug was
+ specified Make distclean before running configure if there is a
+ Makefile present
+ [2bde3925346d] <1.7>
+
+ * configure, configure.in:
+ Back out version change in 5baf2187a138
+ [bbc3a81afbba] <1.7>
+
+ * mkpkg:
+ Pass extra args on to configure on HP-UX, if we don't have the HP C
+ compiler, disable zlib to prevent gcc from finding it in
+ /usr/local/lib.
+ [87201c7f1116] <1.7>
+
+ * configure, configure.in, mkpkg:
+ Use the HP ANSI C compiler on HP-UX if possible
+ [5baf2187a138] <1.7>
+
+ * sudoreplay.c:
+ Some getline() implementations (FreeBSD 8.0) do not ignore the
+ length pointer when the line pointer is NULL as they should.
+ [8652300785ed] <1.7>
+
+ * sudoreplay.c:
+ Don't need to check for *cp being non-zero, isdigit() will do that.
+ [107301a99b6a] <1.7>
+
+ * sudoreplay.c:
+ Add setlocale() so the command line arguments that use floating
+ point work in different locales. Since sudo now logs the timing
+ data in the C locale we must Parse the seconds in the timing file
+ manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
+ the number of seconds with the user's locale so if the decimal point
+ is not '.' try using the locale-specific version.
+ [2b8ed181e37c] <1.7>
+
+ * exec.c:
+ Do I/O logging in the C locale so the floating point numbers in the
+ timing file are not locale-dependent.
+ [18abbca14078] <1.7>
+
+ * sudoreplay.c:
+ Use errorx() not error() for thingsthat don't set errno.
+ [a2e7c6793d26] <1.7>
+
+2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Add Tru64 kit support
+ [40e2d21aa17f] <1.7>
+
+ * pp:
+ Better support for 1.2.3 style versions in Tru64 kits
+ [f7133199a711] <1.7>
+
+ * pp:
+ Remove apparently unnecessary use of sudo
+ [a667a69eeab0] <1.7>
+
+ * Makefile.in:
+ Create timedir as part of install-dirs target.
+ [a2e394d694dd] <1.7>
+
+ * exec_pty.c:
+ Handle ENXIO from read/write which can occur when reading/writing a
+ pty that has gone away. Fixes bugzilla 422
+ [142f4c2efa17] <1.7>
+
+ * pwutil.c:
+ sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
+ [82e5e46bf458] <1.7>
+
+ * mkpkg:
+ platform is a pp flag not a variable
+ [9d0ab9b9bf0c] <1.7>
+
+ * Makefile.in, mkpkg, sudo.pp:
+ Add simple arg parsing for mkpkg so we can set debug, flavor or
+ platform.
+ [8142ab01ccd9] <1.7>
+
+ * pp:
+ Make rpm backend work on AIX 5.x
+ [2467a79d0b4d] <1.7>
+
+2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers:
+ Add commented out Defaults entry for log_output
+ [b3fe97e59ae0] <1.7>
+
+2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Install binary files with -b~ to make a backup. Fixes "text file
+ busy" error on HP-UX during install.
+ [3563e3e0163a] <1.7>
+
+ * install-sh:
+ "mv -f" on HP-UX doesn't unlink the destination first so add an
+ explicit rm before moving the temporary into place.
+ [3994af813c88] <1.7>
+
+ * configure, configure.in:
+ Some more ${foo} -> $(foo) conversion for consistent Makefiles.
+ [c214d50c32ec] <1.7>
+
+2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pathnames.h.in:
+ Add missing include of maillock.h for Solaris
+ [343f04b7a581] <1.7>
+
+ * NEWS, TROUBLESHOOTING, UPGRADE, configure, configure.in,
+ sample.syslog.conf, sudoers.cat:
+ Change the default syslog facility from local2 to authpriv (or auth
+ if the operating system doesn't support authpriv).
+ [949f39cf4a59] <1.7>
+
+ * Makefile.in, configure, configure.in, sudo.pp:
+ Install sudoers as /etc/sudoers on RPM and debian systems where the
+ package manager will not replace a user-modified configuration file.
+ This fixes upgrades from the vendor sudo packages.
+ [74c7ff01e880] <1.7>
+
+ * pp:
+ RPM: use %config(noreplace) instead of %config for volatile This
+ results in the new file being installed with a .rpmnew suffix
+ instead of the file being replaced and the old one renamed with a
+ .rpmsave suffix.
+ [166133a4fb9e] <1.7>
+
+2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * boottime.c, mkstemps.c:
+ Include time.h for struct timeval.
+ [50446e0b8398] <1.7>
+
+ * exec_pty.c:
+ The return value of strsignal() may be const and should be treated
+ as const regardless.
+ [c035b17b50e3] <1.7>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Mention that 127.0.0.1 will not match, nor will localhost unless
+ that is the actual host name.
+ [e9977ec7ac4f] <1.7>
+
+ * Makefile.in:
+ fix typo
+ [f216d653404d] <1.7>
+
+ * Makefile.in, NEWS, README, UPGRADE, WHATSNEW:
+ Rename WHATSNEW -> NEWS
+ [f3ce0a462ca0] <1.7>
+
+ * pp:
+ Updated pp with latest patches
+ [cded68af5ba0] <1.7>
+
+ * WHATSNEW, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
+ If pam is in use, wait until the process has finished before calling
+ pam_close_session().
+ [fb3d7de50a05] <1.7>
+
+ * sudoers.cat, sudoers.man.in:
+ regen sudoers manual
+ [7498a058eeb1] <1.7>
+
+ * UPGRADE, sudoers, sudoers.pod:
+ Add commented out line to add HOME to env_keep and add a warning to
+ the note about the HOME change in UPGRADE.
+ [0f7e08f09b9f] <1.7>
+
+2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Add LINE_MAX define for those without it.
+ [6248dd44573c] <1.7>
+
+ * WHATSNEW:
+ Mention that tty_tickets is now the default.
+ [4cf26eaee5ba] <1.7>
+
+ * INSTALL, UPGRADE, config.h.in, configure, configure.in, defaults.c,
+ sudoers.cat, sudoers.man.in, sudoers.pod:
+ The tty_tickets option is now on by default.
+ [73dd2b82a3a9] <1.7>
+
+ * WHATSNEW:
+ Mention that AIX authdb support has been fixed.
+ [9331829dc276] <1.7>
+
+ * aix.c:
+ setauthdb() only sets the "old" registry if it was set by a previous
+ call to setauthdb(). To restore the original value, passing NULL
+ (or an empty string) to setauthdb() is sufficient.
+ [d956fd763521] <1.7>
+
+2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Mention new handling of HOME in always_set_home and set_home
+ descriptions.
+ [a69c9bed3164] <1.7>
+
+ * sudo.cat, sudo.man.in, sudo.pod:
+ fix typo
+ [9b90bb3e9187] <1.7>
+
+ * UPGRADE, WHATSNEW, env.c, sudo.cat, sudo.man.in, sudo.pod:
+ Reset HOME when env_reset is enabled unless it is in env_keep
+ [18223dfd1ac3] <1.7>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ The default for set_logname has been "true" for some time now.
+ [9f97e4b43a4b] <1.7>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Document that MAIL it set in env_reset mode.
+ [dcf9ad98079e] <1.7>
+
+ * boottime.c:
+ Add missing include of time.h
+ [57bee414982d] <1.7>
+
+ * defaults.c, sudo.c:
+ Check return value of setdefs() but don't stop setting defaults if
+ we hit an unknown one.
+ [a42cb2d6b7ed] <1.7>
- * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
- sudoers.ldap.pod: Reference schema.ActiveDirectory
+ * logging.c:
+ Fix check for dup2() return value.
+ [916cd7fdeba7] <1.7>
+
+ * visudo.c:
+ Treat an unknown defaults entry as a parse error.
+ [1f94675835d9] <1.7>
+
+ * env.c:
+ Check KEPT_MAIL not DID_MAIL when determining whether to set MAIL in
+ -i and env_reset mode.
+ [aa6657ccfe01] <1.7>
+
+ * env.c:
+ Add PYTHONUSERBASE to initial_badenv_table
+ [93058374f0d9] <1.7>
+
+ * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, env.c,
+ pathnames.h.in, sudo.cat, sudo.man.in, sudo.pod:
+ If env_reset is enabled, set the MAIL environment variable based on
+ the target user unless MAIL is explicitly preserved in sudoers.
+ [d903c904dcd4] <1.7>
+
+2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-05-09 14:49 millert
+ * pp:
+ decode debian code names
+ [2df0ecbc23b4] <1.7>
- * schema.OpenLDAP, schema.iPlanet: Mark sudoRunAs as deprecated.
+ * WHATSNEW:
+ fix typo
+ [b66a95fa1869] <1.7>
-2008-05-09 14:48 millert
+2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Add entry about SuSE bash script fix.
+ [04af78fa281c] <1.7>
+
+ * sudo.c:
+ Restore RLIMIT_NPROC after the uid switch if it appears that
+ runas_setup() did not do it for us. Fixes a bash script problem on
+ SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
+ [bb14802d48b1] <1.7>
+
+2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, pp, sudo.pp:
+ Restore the dot removal in the os version reported by polypkg. Adapt
+ mkpkg and sudo.pp to the change.
+ [83c7870130fe] <1.7>
+
+2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Mention polypkg
+ [c5f6e40bbb58] <1.7>
+
+ * README, WHATSNEW:
+ Update for sudo 1.7.4
+ [0c688f1f8160] <1.7>
+
+ * INSTALL:
+ document --with-pam-login
+ [33ca3f6308ae] <1.7>
- * schema.ActiveDirectory: add sudoRunAsUser and sudoRunAsGroup
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ The tag is NOSETENV, not UNSETENV. From Petr Uzel.
+ [95f37e63ca15] <1.7>
-2008-05-09 14:01 millert
+2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Include flavor in solaris package name
+ [b6d56ccf367e] <1.7>
+
+ * mkpkg:
+ Older shells don't support IFS= so set explictly to space, tab,
+ newline.
+ [336925525e17] <1.7>
+
+ * mkpkg:
+ Use '=' not '==' in test
+ [98c692271cfd] <1.7>
+
+ * mkpkg:
+ Fix typo that prevented debian from matching
+ [af4deec35e37] <1.7>
- * schema.ActiveDirectory: Active Directory schema by Chantal
- Paradis and Eric Paquet
+ * mkpkg:
+ Add missing prefix setting for debian
+ [d0c1941cb6ec] <1.7>
-2008-05-08 17:54 millert
+ * sudo.pp:
+ Use tab indents to reduce the chance of problem with <<- Uncomment
+ some env_keep lines for RHEL, SLES and Debian to more closely match
+ the vendor sudoers files.
+ [74ba26566cdc] <1.7>
- * parse.c: remove an XXX that was fixed
+ * sudo.pp:
+ Fix indentation Fix the debian %set section, pp does not set
+ pp_deb_distro Uncomment %sudo line in sudoers for debian Add pam.d
+ to %files for debian Remove the /etc/sudo-ldap.conf symlink on
+ debian for ldap flavor
+ [f15ff41b5afd] <1.7>
+
+ * sudoers:
+ Add commented out env_keep entries, sample Aliases and a %sudo line
+ for debian.
+ [8264e4ed42dc] <1.7>
-2008-05-08 12:53 millert
+ * configure, configure.in:
+ Remove check for egrep; configure has its own
+ [27b3d85ebf4f] <1.7>
- * ChangeLog: sync
+ * configure.in:
+ Use enable_zlib instead of enableval for consistency
+ [4a15cfd43d3e] <1.7>
+
+2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-05-08 12:49 millert
+ * mkpkg:
+ Enable zlib for linux distros
+ [fcab91448bb0] <1.7>
- * parse.c: Initialize tags to UNSPEC instead of def_* in "sudo -l"
- mode. This fixes a problem where the tag value printed was
- influenced by defaults set in the first pass through the parser.
+ * mkpkg:
+ Add ldap flavor to default build
+ [e35a577c8994] <1.7>
-2008-05-03 21:29 millert
+ * mkpkg, sudo.pp:
+ Simplify rpm linux distro settings
+ [f30547765636] <1.7>
+
+ * UPGRADE, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
+ sudoers.cat:
+ Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
+ [8c9440423d98] <1.7>
+
+ * Makefile.in, mkpkg, sudo.pp:
+ Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
+ environment variable.
+ [9f418defc08a] <1.7>
- * Makefile.in, sudo.psf: No point in packaging the TODO file
+ * sudo.pp:
+ Create sudo group on debian
+ [4b0cc7b8b0b5] <1.7>
+
+ * mkpkg, sudo.pp:
+ Add debian 4/5/6 and use the dot when doing version matches
+ [d5184f0a1efc] <1.7>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Remove spurious "and"; from debian
+ [8b9f2a5937bc] <1.7>
+
+ * aclocal.m4, configure:
+ Use a loop when searching for mv, sendmail and sh
+ [a1c7d19721a4] <1.7>
+
+ * aclocal.m4, configure, configure.in, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+ Substitute the value of EDITOR into the sudoers and visudo manuals.
+ [f00dc9343f94] <1.7>
+
+2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, pp, sudo.pp:
+ Initial debian 4.0 support
+ [6d73c000723f] <1.7>
+
+ * mkpkg:
+ Some platforms need -fPIE instead of -fpie
+ [8533a29633e8] <1.7>
+
+ * Makefile.in:
+ Add packaging bits to DISTFILES
+ [dea9f374f28b] <1.7>
+
+ * auth/pam.c:
+ Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
+ On Linux it causes a DNS lookup via libaudit.
+ [22e04d2f5f0f] <1.7>
+
+ * sudo.psf:
+ We now use pp to generate HP-UX packages
+ [6c9f8ae6bc11] <1.7>
+
+2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Fix indentation
+ [e52e9e6338d5] <1.7>
+
+ * INSTALL, Makefile.in:
+ isntall-man -> install-doc
+ [02cc8198ea7a] <1.7>
+
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ Bump version to 1.7.4
+ [df6ce4ea908a] <1.7>
+
+ * INSTALL.binary, Makefile.binary.in, Makefile.in:
+ Remove remaining bits of the old binary package
+ [8d4f82c23c22] <1.7>
+
+ * sudo.pp:
+ Use http://rc.quest.com/topics/polypkg/ for packaging
+ [d71793085629] <1.7>
+
+ * Makefile.in, mkpkg, pp:
+ Use http://rc.quest.com/topics/polypkg/ for packaging
+ [675e505758c5] <1.7>
+
+ * install-sh:
+ Just ignore the -c option, it is the default Add support for -d
+ option
+ [2adfb3a63231] <1.7>
+
+ * env.c, logging.c, pathnames.h.in:
+ Use _PATH_STDPATH instead of _PATH_DEFPATH
+ [2c22d54a1f02] <1.7>
+
+ * Makefile.in:
+ Do not strip binaries.
+ [bc84682b372c] <1.7>
+
+ * INSTALL, configure, configure.in:
+ Add --insults=disabled configure option to allow people to build in
+ insult support but have the insults disabled unless explicitly
+ enabled in sudoers.
+ [6d9f40db9cca] <1.7>
+
+2010-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudoreplay.c:
+ Fix K&R compilation
+ [e44d3be7ab85] <1.7>
+
+2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c, config.h.in, configure, configure.in, env.c, sudo.c,
+ sudo.h:
+ Add support for a sudo-i pam.d file to be used for "sudo -i".
+ Adapted from a RedHat patch.
+ [2984c3831d88] <1.7>
+
+ * Makefile.in:
+ Fix installation of sudo_noexec.so
+ [d1f7ca8331b6] <1.7>
+
+ * Makefile.in, config.h.in, configure, configure.in, missing.h,
+ mkstemp.c, mkstemps.c, sudo_edit.c:
+ Use mkstemps() instead of mkstemp() in sudoedit. This allows
+ sudoedit to preserve the file extension (if any) which may be used
+ by the editor (like emacs) to choose the editing mode.
+ [46399679d9ae] <1.7>
+
+2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
+ TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
+ code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
+ should avoid disabling TLS_CHECKPEER is possible.
+ [1d626a5cf8c0] <1.7>
+
+2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Add suport for negated user/host/command lists in a Defaults entry.
+ E.g. Defaults:!baduser noexec
+ [24f07a805dce] <1.7>
+
+2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.ldap.pod:
+ fix typo.
+ [d5f2922cecf2] <1.7>
+
+2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgtags:
+ Added tag SUDO_1_7_3 for changeset 72fd1f510a08
+ [cc8b2277e17e] <1.7>
+
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ Sudo 1.7.3 GA
+ [72fd1f510a08] [SUDO_1_7_3] <1.7>
+
+ * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+ auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, boottime.c, check.c,
+ defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c,
+ fnmatch.c, get_pty.c, getcwd.c, getdate.c, getdate.y, getline.c,
+ getspwuid.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c,
+ iolog.c, lbuf.c, ldap.c, logging.c, match.c, parse.c, parse_args.c,
+ pwutil.c, set_perms.c, snprintf.c, sudo.c, sudo_edit.c, sudo_nss.c,
+ sudoreplay.c, term.c, testsudoers.c, tgetpass.c, toke.c, toke.l,
+ tsgetgrpw.c, visudo.c:
+ Include strings.h even if string.h exists since they may define
+ different things. Fixes warnings on AIX and others.
+ [7c6de7fb5dba] <1.7>
+
+ * env.c:
+ Do not rely on env.env_len when unsetting a variable, just use the
+ NULL terminator.
+ [faf088613ce5] <1.7>
+
+ * env.c:
+ In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
+ [47f8dfcc7a48] <1.7>
+
+2010-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-05-03 21:24 millert
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Mention that multiple URI lines are merged into a single one.
+ [1dc0ac5929bf] <1.7>
+
+ * WHATSNEW:
+ Document AIX fixes
+ [be36e8a6dddd] <1.7>
+
+2010-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c, sudo.h:
+ For env_init() just use environ not the envp from main().
+ [d4f3e374caeb] <1.7>
+
+2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ Update version to 1.7.3rc1
+ [fe43fe79070d] <1.7>
+
+ * TODO:
+ fqdn issue is resolved
+ [f35cb63eb74b] <1.7>
+
+ * env.c:
+ In unsetenv(), assign ep in the for loop instead of doing it
+ earlier. This version of the code does not change env.envp in
+ between when ep is assigned and when it is used but older versions
+ (e.g. 1.7.2) do.
+ [a4cd29c862c9] <1.7>
+
+ * aix.c:
+ Use S_REGISTRY instead of S_AUTHSYSTEM as the argument to
+ getuserattr() when fetching the administrative domain to be used by
+ setauthdb(). This was suggested by AIX support and is consistent
+ with what OpenSSH does.
+ [d3109706ec85] <1.7>
+
+ * vasgroups.c:
+ Use warningx() instead of log_error() since the latter is not
+ available to visudo or testsudoers. This does mean that they don't
+ end up in syslog.
+ [0174e89f983b] <1.7>
+
+ * sudo.c:
+ Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
+ closed the sudoers sources. From Quest sudo.
+ [c1b33e3e0f9e] <1.7>
+
+ * pwutil.c:
+ Ignore case when matching user/group names in the cache. From Quest
+ sudo.
+ [72df368a8a0e] <1.7>
+
+2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, selinux.c:
+ Add check for setkeycreatecon() when --with-selinux is specified.
+ [24144c52c0cc] <1.7>
+
+ * configure, configure.in:
+ Bump version to 1.7.3b5 Error out if libaudit.h is missing or
+ ununable when --with-linux-audit was specified
+ [215c7653d9bc] <1.7>
+
+ * aix.c:
+ K&R function declaration for aix_setauthdb()
+ [82da12d222a6] <1.7>
+
+ * env.c, sudo.c, sudo.h:
+ If env_init() was called implicitly via getenv(), setenv() or
+ putenv() just use the specified envp instead of mallocing a new
+ copy. This prevents an infinite loop on OpenBSD which calls
+ getenv() from malloc() to get MALLOC_OPTIONS.
+ [8e82ce63f774] <1.7>
+
+ * ldap.c:
+ Add support for multiple URI lines by joining the contents and
+ passing the result to ldap_initialize.
+ [b4e10b2ffdb1] <1.7>
+
+2010-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c, set_perms.c, sudo_nss.c:
+ Bracket initgroups with calls to aix_setauthdb() and
+ aix_restoreauthdb()
+ [363dbe449f1c] <1.7>
+
+ * aix.c:
+ Include compat.h before alloc.h to get __P
+ [819a2667ffd7] <1.7>
+
+ * auth/aix_auth.c:
+ Include usersec.h for authenticate() prototype
+ [2b8dd2b67131] <1.7>
+
+ * aix.c:
+ Add missing includes Add missing trailing NUL in userinfo string
+ [8deaedf44943] <1.7>
+
+2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY, history.pod:
+ Mention when LDAP was incorporated.
+ [4e6c8ec4f67c] <1.7>
+
+2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
+ not covered by _ALL_SOURCE.
+ [3657f1b181b9] <1.7>
+
+ * pwutil.c:
+ Include usersec.h on AIX to get IDtouser() prototype.
+ [11483bbe15c7] <1.7>
+
+ * configure.in:
+ Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
+ not covered by _ALL_SOURCE.
+ [fd48e6e2136b] <1.7>
+
+2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * iolog.c:
+ Add a cast to quiet a compiler warning.
+ [51e9d419bd83] <1.7>
+
+ * boottime.c:
+ Use memset() instead of zero_bytes() since we don't include sudo.h
+ [f310b2123ba9] <1.7>
+
+ * Makefile.in:
+ getline.o is already in LIB_OBJS, do not need it in COMMON_OBJS
+ [c8750c2d75ab] <1.7>
+
+ * getdate.c, getdate.y:
+ Quiet a compiler warning.
+ [9f231be15958] <1.7>
+
+ * defaults.c, sudo.c:
+ Call set_fqdn() after sudoers has parsed instead of inline as a
+ callback.
+ [26d413ddb6dd] <1.7>
+
+ * WHATSNEW:
+ Do not call set_fqdn() until sudoers parses (where is gets run as a
+ callback).
+ [582453a993a1] <1.7>
+
+ * sudo.c:
+ Do not call set_fqdn() until sudoers parses (where is gets run as a
+ callback). Otherwise, if sudo is built --with-fqdn the fqdn will be
+ set even if !fqdn is set in sudoers.
+ [aa01e867d1bb] <1.7>
+
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ Bump version to 1.7.3b4
+ [c1c5a73766b6] <1.7>
+
+ * WHATSNEW:
+ mention the change in tty ticket behavior when there is no tty
+ [93ddde63e453] <1.7>
+
+ * TODO:
+ remove done items
+ [9601b2e8dcef] <1.7>
+
+ * aix.c:
+ Remove comment; NAME in usrinfo should be user name.
+ [eb46f1e8ea08] <1.7>
- * ChangeLog: sync
+ * check.c:
+ Do not update tty ticket if there is no tty.
+ [e64e8c8f2286] <1.7>
-2008-05-02 20:53 millert
+ * sudo.cat, sudo.man.in, sudo.pod:
+ No longer need to use -- with the -s flag
+ [e45c18dd79dc] <1.7>
+
+ * Makefile.in:
+ Add missing $(srcdir) to sudo.man.in target
+ [2bd89f6ca9f3] <1.7>
+
+ * Makefile.in:
+ Do not rely on BSD make's $>
+ [cb328b82cb92] <1.7>
+
+ * configure, configure.in:
+ Set timedir to /var/db/sudo for darwin to match Apple sudo's
+ location
+ [860c7f1b001f] <1.7>
+
+2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, configure, configure.in:
+ Move aix.o from SUDO_OBJS to COMMON_OBJS
+ [f8a9bdf346c1] <1.7>
+
+ * config.h.in, configure, configure.in, defaults.c, iolog.c,
+ sudoreplay.c:
+ Check for zlib.h in addition to libz.
+ [fb77e44d5196] <1.7>
+
+ * Makefile.in, exec.c, exec_pty.c, sudo.h, sudo_exec.h:
+ Move functions and symbols shared between exec.c and exec_pty.c into
+ sudo_exec.h.
+ [e798d945424e] <1.7>
+
+ * sudo.h:
+ Add missing prototypes for aix_setauthdb and aix_restoreauthdb
+ [8bc2af6d4e17] <1.7>
+
+ * Makefile.in:
+ Comment out rules to build .man.in and .cat files unless --with-
+ devel
+ [81d6726a19ab] <1.7>
+
+ * aix.c, pwutil.c, set_perms.c, sudo.h:
+ Fix AIX compilation problems.
+ [7d95f73eca42] <1.7>
+
+ * sudo.c:
+ Cast isalnum() arg to unsigned char.
+ [5fff9a81af00] <1.7>
+
+ * WHATSNEW:
+ Add Linux audit support.
+ [e59e0670ba79] <1.7>
+
+ * sudo.c:
+ Quote any non-alphanumeric characters other than '_' or '-' when
+ passing a command to be run via the shell for the -s and -i options.
+ [d35a3f4cb3c0] <1.7>
+
+ * sudo.c:
+ Add missing braces that broke -i mode.
+ [7fe124b078ec] <1.7>
+
+ * linux_audit.c:
+ Fix linux_audit_command() return value
+ [0c582476181c] <1.7>
+
+2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, linux_audit.c, linux_audit.h:
+ Add Linux audit support.
+ [b207dc9960de] <1.7>
+
+2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, audit.c, bsm_audit.c, config.h.in, configure, configure.in,
+ logging.h, selinux.c:
+ Add Linux audit support.
+ [26ae31d7ff93] <1.7>
+
+2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ Sync sudoreplay with trunk
+ [65b780cccfa5] <1.7>
+
+ * exec_pty.c:
+ Remove an XXX
+ [8304ac649241] <1.7>
+
+ * aix.c, configure, configure.in, pwutil.c, set_perms.c, sudo.h:
+ Set usrinfo for AIX Set adminstrative domain for the process when
+ looking up user's password info and when preparing for execve().
+ [52b48cbe97fd] <1.7>
+
+ * ldap.c, parse.c:
+ Better prefix determination now that we can't rely on len==0 to tell
+ the beginning on an entry.
+ [32f1875d9605] <1.7>
+
+ * WHATSNEW, ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in,
+ sudoers.ldap.pod:
+ Add support for multiple sudoers_base entries in ldap.conf. From
+ Joachim Henke
+ [3c0b59fce7b4] <1.7>
+
+ * configure, configure.in:
+ Remove duplicate setsid check
+ [7712d6d52da1] <1.7>
+
+ * Makefile.in, config.h.in, configure, configure.in, exec_pty.c,
+ logging.c, missing.h, setsid.c:
+ Move setsid emulation into setsid.c
+ [f24743c9e4e9] <1.7>
+
+ * exec_pty.c, logging.c, selinux.c, sudo.c, tgetpass.c:
+ Check for dup2() failure.
+ [b1b6ba761b61] <1.7>
+
+ * config.h.in, configure, configure.in:
+ Remove dup2 check, it is not optional.
+ [cfbe5f3b5956] <1.7>
+
+2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Add mbr_check_membership support and SELinux fixes
+ [af1936a7cf2f] <1.7>
+
+ * Makefile.in:
+ Sync SRCS and DISTFILES with reality
+ [0971b5dcb1be] <1.7>
+
+ * INSTALL:
+ Update OS specific notes. Delete some really ancient ones and move
+ older ones to the end of the list.
+ [872dd8b437a8] <1.7>
+
+ * README:
+ Bump for sudo 1.7.3 Merge some changes from trunk
+ [a3088c75bf22] <1.7>
+
+ * selinux.c, sudo.c:
+ Call selinux_restore_tty() as part of cleanup() so it gets called
+ from error()/errorx()
+ [0197c07d4c1e] <1.7>
+
+ * compat.h:
+ No longer use SA_NOCLDSTOP
+ [73ca654cd3f8] <1.7>
+
+ * interfaces.h, match.c:
+ Move union sudo_in_addr_un into interfaces.h
+ [c84bda7c332a] <1.7>
+
+ * pathnames.h.in:
+ Update copyright year
+ [94871f44206b] <1.7>
+
+ * HISTORY, LICENSE, aix.c, alias.c, alloc.h, boottime.c, bsm_audit.h,
+ compat.h, defaults.c, defaults.h, env.c, fileops.c, find_path.c,
+ gettime.c, gram.y, history.pod, lbuf.h, license.pod, logging.c,
+ match.c, missing.h, nanosleep.c, parse.h, set_perms.c,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
+ sudoreplay.c, term.c, tgetpass.c, toke.l, visudo.c, visudo.cat,
+ visudo.man.in, visudo.pod:
+ Update copyright year
+ [4cfb47c799b8] <1.7>
+
+ * Makefile.in:
+ Remove varsub as part of clean
+ [61f04a21b0bb] <1.7>
+
+ * match.c:
+ Quiet a compiler warning.
+ [06d8cfe916c8] <1.7>
+
+ * getdate.c, getdate.y:
+ Quiet a compiler warning.
+ [473d2b7d44a1] <1.7>
+
+ * ldap.c, sudo.h:
+ Make the remaining functions in ldap.c static
+ [ba555565b30a] <1.7>
+
+ * ldap.c:
+ Make private functions static. Diff from Joachim Henke
+ [1603035b1863] <1.7>
+
+ * schema.ActiveDirectory:
+ Updates from Alain Roy to provide better examples for importing the
+ schema and to fix problems caused by Windows validating attributes
+ which have not yet been added before committing the changes.
+ [83f11ae00f19] <1.7>
+
+2010-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, configure, configure.in, sudo.cat, sudoers.cat:
+ Generate .cat files directly from .man.in instead of .man using
+ default values in configure.in
+ [0a92b41c5ce5] <1.7>
+
+2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, sudo.c, sudo_usage.h.in:
+ Print configure args with verbose version information.
+ [ca4a5fcf0af8] <1.7>
+
+ * visudo.c:
+ Remove tfd from struct sudoersfile; it is not used. Add prev pointer
+ to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
+ Use tq_append to append sudoers entries to the tail queue.
+ [344c631d0d43] <1.7>
+
+2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Describe tty timestamp improvements
+ [136b0f832903] <1.7>
+
+ * toke.c, toke.l:
+ A comment character may not be part of a command line argument
+ unless it is quoted with a backslash. Fixes parsing of:
+ testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
+ [2a0c82ffedde] <1.7>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [c9fddd23c7e1] <1.7>
+
+ * sudoers.pod:
+ Make this read a little bit better when passwd_timeout is 0.
+ [51644950823f] <1.7>
+
+ * Makefile.in:
+ Use the --file argument to config.status instead of setting
+ CONFIG_FILES
+ [fc2b42c60b5d] <1.7>
+
+ * sudo.man.pl, sudo.pod:
+ Attempt to handle a default password prompt timeout of zero more
+ gracefully.
+ [478b8e720993] <1.7>
+
+ * toke.c, toke.l:
+ Do not override value of keepopen global, instead restore it to the
+ value we pushed onto the stack when popping.
+ [dc370d57a668] <1.7>
+
+ * exec.c, exec_pty.c, logging.c, mon_systrace.c, tgetpass.c:
+ Use SA_INTERRUPT in sa_flags
+ [3845c6637361] <1.7>
+
+ * getdate.c, getdate.y, ldap.c, sudoreplay.c:
+ Silence some compiler warnings
+ [112ac65afd0c] <1.7>
+
+2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * exec.c, exec_pty.c, sudo.c, sudo.h:
+ Implement background mode. If I/O logging we use pipes instead of a
+ pty.
+ [8d448eaf2aaa] <1.7>
+
+ * compat.h, exec.c, exec_pty.c, mksiglist.c, strsignal.c, tgetpass.c:
+ Move compat definition of NSIG to compat.h
+ [cae72a4c9dec] <1.7>
+
+ * tgetpass.c:
+ Ignore SIGPIPE for "sudo -S"
+ [c6595c8527c4] <1.7>
+
+ * tgetpass.c:
+ Properly handle TGP_ECHO again. Print a newline if the user
+ interrupted password input.
+ [15acbe4fb535] <1.7>
+
+ * exec_pty.c:
+ Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
+ [dd041fc9554c] <1.7>
+
+2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * exec.c, exec_pty.c, selinux.c, sudo.c, sudo.h:
+ Return an error from selinux_setup() instead of exiting. Call
+ selinux_setup() from exec_setup().
+ [b518225cafba] <1.7>
+
+ * compat.h:
+ Add definition of WCOREDUMP for systems without it. This is known
+ to work on AIX and SunOS 4, but may be incorrect on other systems
+ that lack WCOREDUMP.
+ [365e56db7cd5] <1.7>
+
+ * check.c, compat.h, config.h.in, configure, configure.in, iolog.c,
+ nanosleep.c, sudo_edit.c, visudo.c:
+ Replace timerfoo macros with timevalfoo since the timer macros are
+ known to be busted on some systems.
+ [4bb5228606c5] <1.7>
+
+ * toke.c, toke.l:
+ If a file in a #includedir has improper permissions or owner just
+ skip it. This prevents packages that incorrectly install a file
+ into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
+ #includedir files still result in a parse error (for now).
+ [b7fb75eddb77] <1.7>
+
+ * TODO, auth/pam.c, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
+ Defer call to pam_close_session() until after the command finishes
+ if there is a monitor process.
+ [0a39c8e6a81b] <1.7>
+
+ * WHATSNEW, def_data.c, def_data.h, def_data.in, exec.c, sudoers.cat,
+ sudoers.man.in, sudoers.pod:
+ Add use_pty sudoers option to force use of a pty even when not
+ logging I/O.
+ [aea971f1456a] <1.7>
+
+ * env.c, sudo.c, sudo.h:
+ Instead of trying to keep the global environment in sync with our
+ private copy, provide our own getenv() that returns values from the
+ private environment and use env_get() to pass the environment in to
+ run_command().
+ [58c85c5695dc] <1.7>
+
+ * set_perms.c:
+ Fix typo
+ [0f677fcdde04] <1.7>
+
+2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ Rename pty.c -> get_pty.c
+ [39137dcc4420] <1.7>
+
+ * iolog.c:
+ Add #define for maximum session id
+ [2a487437f013] <1.7>
+
+ * Makefile.in, configure, configure.in, exec.c, exec_pty.c, iolog.c,
+ selinux.c, sudo.c, sudo.h, sudo_edit.c:
+ Split exec.c into exec.c and exec_pty.c Pass a flag in to
+ sudo_execve to indicate whether we need to wait for the command
+ to finish (fork + execve vs. execve).
+ [b197515585db] <1.7>
+
+ * Makefile.in, configure, configure.in, get_pty.c, pty.c:
+ Rename pty.c -> get_pty.c
+ [c0e5270bb28a] <1.7>
+
+ * aclocal.m4, configure, configure.in:
+ Fix --without-iologdir
+ [dcd6c5907b10] <1.7>
+
+2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * iolog.c:
+ Only use I/O input log file if def_log_input is set and output file
+ if def_log_output is set.
+ [96cdd49be996] <1.7>
+
+2010-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse_args.c, sudo.c:
+ Include sudo_usage.h after sudo.h now that it has function
+ prototypes to guarantee that __P is defined.
+ [c67b77f8d6b1] <1.7>
+
+2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Do signal setup after turning off echo, not before. If we are using
+ a tty but are not the foreground pgrp this will generate SIGTTOU so
+ we want the default action to be taken (suspend process). Use an
+ array for signals received instead of a single variable so we don't
+ lose any when there are multiple different signals.
+ [de356064ea01] <1.7>
+
+ * defaults.h, lbuf.h, sudo.h:
+ Reorg function prototypes a bit
+ [5c40f58bb28e] <1.7>
+
+ * Makefile.in, parse_args.c, sudo.c, sudo.h, sudo_usage.h.in:
+ Move argument parsing into parse_args.c
+ [fad7b8737c12] <1.7>
+
+ * Makefile.in, config.h.in, configure, configure.in, missing.h,
+ mksiglist.c, mksiglist.h, siglist.in, strsignal.c:
+ Build our own sys_siglist for systems that lack it.
+ [3b5f671936dc] <1.7>
+
+ * exec.c, iolog.c, missing.h, sudo_edit.c:
+ K&R fixes
+ [dad62986f2fe] <1.7>
+
+ * exec.c, pty.c, sudo.c, sudo.h, sudo_edit.c:
+ Log sudoedit sessions as well; adapted from trunk
+ [2c5d9695022b] <1.7>
+
+ * configure:
+ regen
+ [9b319e89a6c4] <1.7>
+
+ * INSTALL, Makefile.in, WHATSNEW, aclocal.m4, configure, configure.in,
+ def_data.c, def_data.h, def_data.in, defaults.c, exec.c, gram.c,
+ gram.h, gram.y, iolog.c, parse.c, parse.h, pathnames.h.in, pty.c,
+ script.c, selinux.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in,
+ sudoers.pod, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
+ sudoreplay.pod, term.c:
+ Merge I/O logging changes from trunk. Disabling I/O log support at
+ compile time does not currently work. Sudoedit is not yet hooked up
+ to I/O logging.
+ [968c2c74c69b] <1.7>
+
+2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in:
+ Add --enable-warnings configure option
+ [19cf967c36d1] <1.7>
+
+ * check.c, lbuf.h, script.c, sudo.c, sudo_nss.c:
+ Fix K&R compilation issues on HP-UX.
+ [c01a547cdcf8] <1.7>
+
+ * lbuf.c, lbuf.h, ldap.c, parse.c, sudo.c, sudo_nss.c:
+ Pass in output function to lbuf_init() instead of writing to stdout.
+ A side effect is that the usage info can now go to stderr as it
+ should. Add support for embedded newlines in lbuf and use that
+ instead of multiple calls to lbuf_print.
+ [596a427ff873] <1.7>
+
+ * configure, configure.in, sudo.man.pl, sudoers.man.pl:
+ Use numeric registers to handle conditionals instead of trying to do
+ it all with text processing.
+ [31570c372e0e] <1.7>
+
+ * sudoers.pod:
+ Document per-command SELinux settings
+ [bbce5acad1be] <1.7>
+
+ * sudo.pod:
+ timestamp -> time stamp
+ [d7335ce6286f] <1.7>
+
+ * tsgetgrpw.c:
+ Set close on exec flag in private versions of setpwent() and
+ setgrent().
+ [954814bdbd56] <1.7>
+
+ * logging.c:
+ Make send_mail() take a printf-style argument list
+ [0783ad585062] <1.7>
+
+ * Makefile.binary.in, Makefile.in, aclocal.m4, acsite.m4,
+ config.guess, config.h.in, config.sub, configure, configure.in,
+ ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
+ m4/ltversion.m4, m4/lt~obsolete.m4:
+ Update to autoconf 2.65 and libtool 2.2.6b
+ [3544dd2f1a94] <1.7>
+
+ * boottime.c:
+ Don't use TRUE/FALSE which may not be defined.
+ [8649bf22b3b2] <1.7>
+
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Document new tty_ticket behavior
+ [0663e0390338] <1.7>
+
+ * find_path.c, sudo.c, sudo.h, visudo.c:
+ Make find_path() a little more generic by not checking def_foo
+ variables inside it. Instead, pass in ignore_dot as a function
+ argument.
+ [16c3f27cd9b9] <1.7>
+
+ * check.c:
+ Store info from stat(2)ing the tty in the tty ticket when tty
+ tickets are in use. If the tty lives on a devpts (Linux) or devices
+ (Solaris) filesystem, stash the ctime in the tty ticket file, as it
+ is not updated when the tty is written to. This helps us determine
+ when a tty has been reused without the user authenticating again
+ with sudo.
+ [f9aec9ab9054] <1.7>
+
+ * boottime.c, check.c, sudo.h:
+ get_boottime() now fills in a timeval struct
+ [dbd2003659c0] <1.7>
+
+2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, compat.h, config.h.in, configure, configure.in, fileops.c,
+ gettime.c, sudo.h, sudo_edit.c, visudo.c:
+ Use timeval directly instead of converting to timespec when dealing
+ with file times and time of day.
+ [c85bf3e41839] <1.7>
+
+ * auth/pam.c:
+ Fix OpenPAM detection for newer versions.
+ [67f29a0703d0] <1.7>
+
+ * vasgroups.c:
+ Sync with Quest sudo git repo
+ [2680ad9762c2] <1.7>
+
+ * aclocal.m4, configure, configure.in:
+ HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
+ libvas may need libdl for dlopen() Add missing template for
+ ENV_DEBUG Adapted from Quest sudo
+ [6c886eb9070a] <1.7>
+
+ * README.LDAP:
+ Fix typos; from Quest Sudo
+ [cf258fc69f1a] <1.7>
+
+ * Makefile.in, configure.in:
+ Use value of SHELL from configure in Makefile
+ [08aaf12221d6] <1.7>
+
+2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Handle duplicate variables in the environment. For unsetenv(), keep
+ looking even after remove the first instance. For sudo_putenv(),
+ check for and remove dupes after we replace an existing value.
+ [086c6397d8cd] <1.7>
+
+2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Fix a crash when checking a sudoers file that has aliases that
+ reference themselves. Based on a diff from David Wood.
+ [5efc702a3b35] <1.7>
+
+2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alias.c:
+ Fix use after free in error message when a duplicate alias exists.
+ [9eaac49bd22b] <1.7>
- * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
- sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod: Add env_file
- Defaults option that is similar to /etc/environment on some
- systems.
+2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-05-02 16:38 millert
+ * visudo.c:
+ Set errorfile to the sudoers path if we set parse_error manually.
+ This prevents a NULL dereference in printf() when checking a sudoers
+ file in strict mode when alias errors are present.
+ [b4eed2f0615d] <1.7>
- * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
- sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in,
- sudoers.man.in, version.h, visudo.cat, visudo.man.in: change
- version to 1.7.0
+2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-05-02 16:37 millert
+ * TODO, sudoers.cat, sudoers.man.in, sudoers.pod:
+ Fix typo
+ [57198cae9cf5] <1.7>
+
+2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ Qualify the command even if it is in the current working directory,
+ e.g. "./foo" instead of just returning "foo". This removes an
+ ambiguity between real commands and possible pseudo-commands in
+ command matching.
+ [fb4d571495fa] <1.7>
+
+2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Add a note about the security implications of the fast_glob option.
+ [84f8097553d9] <1.7>
+
+ * memrchr.c:
+ Remove duplicate includes
+ [3e8d90f4c30f] <1.7>
+
+2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix installation of sudoers.ldap in "make install" when --with-ldap
+ was specified without a directory. From Prof. Dr. Andreas Mueller
+ [5177a284b9ff] <1.7>
+
+2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ When doing a glob match, short circuit if gl.gl_pathc is 0. From
+ Mark Kettenis.
+ [549f8f7c2463] <1.7>
+
+2010-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Use parent process group id instead of parent process id when
+ checking foreground status and suspending parent. Fixes an issue
+ when running commands under /usr/bin/time and others.
+ [eac86126e335] <1.7>
+
+ * env.c:
+ In setenv(), if the var is empty, return 1 and set errno to EINVAL
+ instead of returning EINVAL directly.
+ [d202091ec15e] <1.7>
+
+2010-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Check for pseudo-command by looking at the first character of the
+ command in sudoers instead of checking the user-supplied command for
+ a slash.
+ [88f3181692fe] <1.7>
+
+2010-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.l:
+ Avoid a duplicate fclose() of the sudoers file.
+ [164d39108dde] <1.7>
+
+ * toke.l:
+ Fix size arg when realloc()ing include stack. From Daniel Kopecek
+ [8900bccef219] <1.7>
+
+2010-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aix.c, config.h.in, configure, configure.in:
+ Use setrlimit64(), if available, instead of setrlimit() when setting
+ AIX resource limits since rlim_t is 32bits.
+ [2cbb14d98fc1] <1.7>
+
+ * logging.c:
+ Fix use after free when sending error messages. From Timo Juhani
+ Lindfors
+ [caf183fd9d94] <1.7>
+
+2010-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog, Makefile.in:
+ Generate the ChangeLog as part of "make dist" instead of having it
+ in the repo.
+ [836c31615859] <1.7>
+
+2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Generate correct ChangeLog for 1.7 branch.
+ [586dd90b8878] <1.7>
+
+2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
+ auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
+ auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
+ closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
+ emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
+ fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
+ gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
+ isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
+ logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
+ mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
+ pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
+ sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
+ sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
+ strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
+ sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
+ sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
+ term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
+ utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
+ Remove CVS $Sudo$ tags.
+ [de683a8b31f5]
+
+2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_usage.h.in:
+ make this match sudoers SYNOPSIS
+ [c74ba66944c2]
+
+ * lbuf.c, parse.c:
+ Print a newline between Runas and Command-specific defaults in sudo
+ -l.
+ [b5bdfcc9ce4b]
+
+ * term.c:
+ Use SET and CLR macros in term_raw
+ [50ca42609d6c]
+
+ * sudoreplay.c:
+ Set stdin to non-blocking mode early instead of in check_input. Use
+ term_raw instead of term_cbreak since the data we get has already
+ been expanded via OPOST.
+ [51c47e803d62]
+
+2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c, term.c:
+ Enable/disable all postprocessing instead of just nl->crnl
+ processing since things like tab expansion matter too. However, if
+ stdout is a tty leave postprocessing on in the pty since we run into
+ problems doing it only on the real stdout with .e.g nvi.
+ [62666e309673]
+
+2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ If tty_tickets is enabled and there is no tty, prompt for a
+ password. Do not lecture user for "sudo -k command" if user has a
+ timestamp.
+ [5880200c5f6b]
+
+ * INSTALL:
+ Document missing options: --with-efence and --with-bsm-audit
+ [d83afcdf9ff3]
+
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
+ sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
+ visudo.man.in, visudo.pod:
+ username -> user name groupname -> group name hostname -> host name
+ [10c85646f45d]
+
+ * INSTALL, README.LDAP, sudoers.pod:
+ filename -> file name like the rest of the docs
+ [1ef8ab5a9018]
+
+2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Fix printing of entries with multiple host entries on a single line.
+ [226ceaf91d8d]
+
+2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Mention that targetpw affects the timestamp file name.
+ [a26e22e4f72e]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
+ sudoers.pod:
+ Add compress_transcript option.
+ [6e94f8cb9dfb]
+
+2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ bump to 1.7.3b2
+ [906d7e347d15]
+
+ * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
+ Better split of membership vs. traditional group check in
+ user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
+ [6ebc55d4716b]
+
+2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Fix pasto and add default return value.
+ [7973b5e4599c]
+
+ * check.c, match.c, pwutil.c, sudo.h:
+ refactor group member checking into user_in_group()
+ [48ca8c2eddf8]
- * UPGRADE: initial valgrind pass done
+ * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
+ sudo.h:
+ Add support for mbr_check_membership() as present in darwin.
+ [5501aed02b9f]
-2008-04-23 08:30 millert
+2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Fix typo/think in sudo_ldap_read_secret() when storing
- the secret.
+ * match.c:
+ Rename label to be accurate
+ [3af17dd960f7]
-2008-04-11 10:03 millert
+ * Makefile.in, boottime.c, check.c, config.h.in, configure,
+ configure.in, sudo.h:
+ Treat timestamp files from before we booted as old. Idea from and
+ Apple patch.
+ [5c96e484c05a]
+
+2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: define LDAPS_PORT if the system headers do not
+ * sudo.c, sudo.pod, sudo_usage.h.in:
+ Allow the -u flag to be used in conjunction with the -v flag as per
+ older versions of sudo.
+ [591e9fc13c1a]
-2008-04-10 14:54 millert
+ * logging.c:
+ fix typo in last commit
+ [4fd0c692dcf0]
- * gram.c, gram.y: Fix another memory leak in init_parser().
+2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-04-10 12:51 millert
+ * logging.c:
+ Convert fmt_first and fmt_confd into macros.
+ [32e870158b29]
- * configure, configure.in: There was a missing space before the
- ldap libs in SUDO_LIBS for some configurations.
+ * sudoers.pod:
+ timeouts can be floats now
+ [89de639a9679]
-2008-04-10 11:28 millert
+ * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
+ defaults.h, mkdefaults:
+ Add support for floating point timeout values (e.g. 2.5 minutes).
+ [210ffa291733]
- * alias.c, gram.c, gram.y, toke.c, toke.l: Clean up some memory
- leaks pointed out by valgrind.
+2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-04-07 14:39 millert
+ * sudo.pod:
+ The -L flag will be removed in sudo 1.7.4
+ [ffd026084333]
- * sudo.c: fix "sudo -s" broken by mode/flags breakout
+2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-04-07 14:26 millert
+ * sudoreplay.c:
+ Fix a bug due to order of operators.
+ [938d34464283]
- * configure, configure.in: remove duplicate check for dgettext
+2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-04-05 15:54 millert
+ * match.c:
+ cmnd_matches() already deals with negation so _cmndlist_matches()
+ does not need to do so itself. Fixes a bug with negated entries in
+ a Cmnd_List.
+ [71c845f6ce73]
- * aix.c: Fall back to default stanza if no user-specific limit is
- found.
+2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-04-02 15:56 millert
+ * sudo.c:
+ Don't exit() from open_sudoers, just return NULL for all errors.
+ [8cfa832f972a]
- * snprintf.c: include stdint.h if present
+ * script.c:
+ Can't rely on the shell sending us SIGCONT when transitioning from
+ backgroup to foreground process.
+ [3c6c5b6cb4b3]
-2008-04-02 15:28 millert
+ * toke.c, toke.l:
+ Add missing extern def for parse_error
+ [45b7b59d03b7]
- * snprintf.c: Use LLONG_MAX, not the old QUAD_MAX
+2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-04-01 19:18 millert
+ * toke.c, toke.l:
+ Avoid a parse error when #includedir doesn't find any files. Closes
+ bug #375
+ [1ce1b850e9e6]
- * sudoers.ldap.pod: fix cut and pasto
+ * Makefile.in:
+ Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
+ [6a22e32da108]
-2008-03-31 11:24 millert
+2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * pwutil.c: Add #ifdef PURITY
+ * script.c:
+ Start command out in foreground mode if stdout is a tty. Works
+ around issues with some curses-based programs that don't handle
+ tcsetattr getting interrupted by a signal. Still allows us to avoid
+ hogging the tty if the command is part of a pipeline.
+ [1c32f2b94769]
-2008-03-30 17:36 millert
+ * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
+ Use a socketpair to pass signals from parent to child. Child will
+ now pass command status change info back via the socketpair. This
+ allows the parent to distinguish between signals it has been sent
+ directly and signals the command has received. It also means the
+ parent can once again print the signal notifications to the tty so
+ all writes to the pty master occur in the parent. The command is
+ now always started in background mode with tty signals handled by
+ the parent.
+ [c6790b82986d]
- * auth/bsdauth.c: remove useless cast
+2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-27 19:07 millert
+ * configure, configure.in:
+ Fix a few typos in the descriptions; from Jeff Makey Only do the
+ check for krb5_get_init_creds_opt_free() taking two arguments if we
+ find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
+ positive when using our own krb5_get_init_creds_opt_free which takes
+ only a single argument.
+ [845a9ff6f93d]
- * ChangeLog: sync
+2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-27 19:04 millert
+ * configure, configure.in:
+ Remove a spurious comma in the kerb5 bits.
+ [3433eab083db]
- * TODO: sync
+ * auth/kerb5.c:
+ Call krb5_get_init_creds_opt_init() in our emulated
+ krb5_get_init_creds_opt_alloc() for MIT kerberos.
+ [7ffb40bf43e9]
+
+2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ Add HAVE_ZLIB
+ [9297bde61ecc]
+
+ * script.c:
+ Need to ignore SIGTT{IN,OU} in child when running the command in the
+ background. Also some minor cleanup.
+ [dc208d982319]
+
+2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-27 19:01 millert
+ * script.c:
+ Instead of calling sigsuspend when waiting for SIGUSR[12] from
+ parent, install the signal handlers w/o SA_RESTART and let them
+ interrupt waitpid().
+ [759c7d18203b]
+
+ * script.c:
+ Pass along SIGHUP and SIGTERM from parent to child.
+ [035b0e254568]
+
+ * script.c:
+ Close unused bits of script_fds in processes that don't need them.
+ Restore default SIGCONT handler in child.
+ [e037378ab0c1]
+
+ * script.c:
+ Update foreground/background status in SIGCONT handler in parent
+ process.
+ [3f7f91333264]
+
+2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Defer setting terminal into raw mode until just before we fork() and
+ only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
+ and sudo is already in the foreground be sure to set raw mode before
+ continuing the child.
+ [1102ef40832c]
+
+2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
+ give the command the controlling tty if the main sudo process is the
+ foreground process.
+ [cf3a91cb5682]
+
+ * script.c:
+ Don't bother with sudo_waitpid() here for now.
+ [9086de480c2d]
+
+ * script.c:
+ fix non-zlib case
+ [a258bff0f9a6]
+
+2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Remove non-wroking code that crept into rev 1.55
+ [2802dd55cff5]
+
+2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in, script.c, sudoreplay.c:
+ First pass at zlib support for transcript data files
+ [5d10260807da]
+
+ * Makefile.in:
+ remove vestiges of ZLDFLAGS
+ [1fa0caf1c0fb]
+
+ * script.c:
+ Add missing variable declaration for when TIOCSCTTY is not defined.
+ Need to include sys/termio.h for TIOCSCTTY on some systems.
+ [ee7f41ac2709]
- * sudo.h: Split MODE_* defines into primary and flags.
+ * script.c:
+ when resuming command, send SIGCONT to its pgrp not just pid
+ [5cd63c1d565b]
-2008-03-26 13:11 millert
+ * selinux.c:
+ remove unused variable
+ [df67df4be228]
- * aix.c: It turns out the logic for getting AIX limits is more
- convoluted than I realized and differs depending on whether the
- soft and/or hard limits are defined.
+ * script.c:
+ include selinux.h for is_selinux_enabled() proto
+ [85ebaa880cc1]
-2008-03-23 10:18 millert
+ * script.c:
+ Don't use log_error() in the child process.
+ [def65fe2a433]
- * Makefile.in, configure, configure.in: Back out AIX-specific
- change to set the sudo_noexec path to the .a file, we do really
- want to use the .so file. Since libtool doesn't do that
- correctly, just install the .so file ourselves in the Makefile.
+ * script.c:
+ Do I/O in parent instead of child since the parent can have both
+ /dev/tty as well as the pty fds open. The child just sets things up
+ and waits for its grandchild and writes the signal description to
+ the pty master if the command was killed by a signal.
+ [95e473208982]
+
+2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * missing.h, sudo.h:
+ Move two struct forward declarations from sudo.h to missing.h
+ [90ad28294a8c]
+
+ * script.c:
+ Make comment at the top of script_exec() match reality.
+ [c5042d27dbe0]
+
+ * sudo.c:
+ if neither stdin nor stdout is a tty, check stderr
+ [c532ff20c8d8]
+
+ * Makefile.in:
+ Add back dependecy of gram.h on gram.y
+ [c58382b7fcca]
+
+ * script.c:
+ Make transcript mode work as long as we can figure out our tty, even
+ if it is not stdin. We'd like to use /dev/tty but that won't be
+ valid after the setsid().
+ [7b8bba8d99e7]
+
+2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, pty.c:
+ Add support for IRIX-style dynamic ptys
+ [bedc9bac44c1]
+
+ * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
+ Move alloc.c protos into alloc.h
+ [b6a90649617d]
+
+ * missing.h:
+ Move prototypes for missing libc functions to missing.h
+ [dda9ae1ccaf8]
+
+ * Makefile.in, sudo.h, sudoreplay.c:
+ Move prototypes for missing libc functions to missing.h
+ [7483166b577b]
+
+2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ Disable transcript support if no tcsetpgrp until we support older
+ BSD-style job control.
+ [27ac1d8163df]
+
+ * configure, configure.in, pty.c, script.c:
+ Break out pty code into pty.c
+ [e85509b25d41]
+
+ * compat.h, config.h.in, configure, configure.in:
+ add killpg macro if no killpg function
+ [3a125f4a51f0]
+
+ * config.h.in, configure, configure.in, script.c:
+ Push ptem and ldterm for STERAMS-based systems when allocating a
+ pty.
+ [36bb39b30ff2]
+
+2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
+ [d94bd5c9bf4e]
+
+ * script.c:
+ Call tcgetpgrp() in the parent, not the child and have the child
+ spin until it is granted. Fixes a race on darwin.
+ [6e8d435339ce]
+
+ * script.c:
+ Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
+ reopen slave.
+ [0bdc63c019ca]
+
+2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ In script mode, if the command is killed by a signal, print the
+ signal description as well as a core dump notification like the
+ shell does.
+ [9df61738df07]
+
+ * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
+ sudo.h:
+ Add check for strsignal() and a simple implementation if it is not
+ there but sys_siglist is
+ [61421a188ef4]
+
+ * script.c:
+ Add missing WUNTRACED and store the signal that stopped the
+ grandchild in suspended, not signo.
+ [df65042b200e]
+
+ * script.c:
+ g/c unused code
+ [40d8cb5c9203]
+
+ * script.c:
+ Associate the grandchild's pgrp with the tty instead of the child's
+ and just get suspend notifications via SIGCHLD instead of directly.
+ This fixes a hang with programs that try to set terminal attributes
+ and is more consistent with how the shell handles things.
+ [6865abff7e94]
+
+2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Move setpgid() of child into the parent side of the fork() where it
+ belongs.
+ [3defa782777c]
+
+2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ fix typo
+ [b6a612b3622c]
+
+ * script.c:
+ Run command in its own pgrp (like the shell does) for easier
+ signalling. No need to relay SIGINT or SIGQUIT to parent, just send
+ to grandchild. Don't want grandchild stopped events in the child
+ (only termination). Flush output after suspending grandchild before
+ signalling parent.
+ [db556bf2176f]
+
+ * script.c:
+ Back out revision 1.34; the problem lies elsewhere.
+ [85f590a03275]
+
+ * script.c:
+ Don't set stdout to blocking mode when flushing remaining output.
+ It can cause us to hang when trying to exit. Need to investigate
+ why.
+ [6f803a3e33ca]
+
+ * script.c:
+ Handle SIGTTOU and remove some debugging.
+ [52d17279053e]
+
+ * term.c:
+ Back out revision 1.10 as the signal that interrupts us may be
+ SIGTTOU or SIGTTIN which the caller must handle.
+ [7e2fa9107975]
+
+ * script.c:
+ Apparently we need to send SIGSTOP to the command as well as ourself
+ when we get SIGTSTP, the kernel doesn't automatically stop the
+ process for us.
+ [1a936e9309c4]
+
+ * script.c:
+ Use an extra process to act as the glue bewteen the sessions
+ associated with the user's controlling tty (what the shell uses) and
+ the tty that sudo is using to do its logging. Basically, this means
+ that if we get, e.g. SIGTSTP from the process sudo is running, we
+ relay the signal to the parent so it's shell can do the job control.
+ [6dd296988060]
+
+ * term.c:
+ Handle getting/setting terminal attributes when the fd is in non-
+ blocking mode.
+ [ae5ae535ea7b]
+
+2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ Add support for pausing and changing the speed in interactive mode.
+ [72a2063780a7]
+
+ * script.c:
+ Already define O_NOCTTY in compat.h, don't need it here
+ [b5d80ed3e5ce]
+
+2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Add missing protos
+ [c4cb4e7f4d8a]
+
+2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Always update the stashed mtime of the temp file instead of using
+ what we have for the original because the time resolution of the
+ filesystem the temporary is on may not match that of the filesystem
+ that holds the original. Should fix bz #371 found by Philippe Levan.
+ [c86ca4bec60c]
+
+ * sudoreplay.c:
+ Use cbreak mode instead of raw mode and add signal handlers to
+ restore the tty on interrupt.
+ [84dd283da41c]
+
+ * script.c, sudo.h, term.c:
+ Retain NL to NLCR conversion on the real tty and skip it on the pty
+ we allocate. That way, if stdout is not a pty there are no extra
+ carriage returns.
+ [32e4f570414e]
+
+ * script.c:
+ Fix log_output(); just pass in a string and a length.
+ [ca980cc0a3fb]
+
+2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ do not use errno when complaining out lack of a tty
+ [8f9b8c55ab8e]
+
+2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, sudoreplay.c, term.c:
+ Instead of messing with line endings, just set terminal to raw mode
+ in sudoreplay.
+ [90943fa87acb]
+
+ * term.c:
+ When copying the terminal attributes to the pty, be sure not to set
+ ONLCR. This prevents extra carriage returns from ending up in the
+ script output file.
+ [e6b5475ac2aa]
+
+ * script.c:
+ Convert a do {} while into a while
+ [e461310d2c77]
+
+ * Makefile.in:
+ Use if then instead of test && when installing binaries that may not
+ exist.
+ [ad4f9490d971]
+
+ * script.c:
+ Add O_NOCTTY when opening a tty device. Explicitly disconnect from
+ old tty before associatng with new one.
+ [0e0ca634b80c]
+
+ * script.c, selinux.c, sudo.c, sudo.h:
+ First cut at refactoring some of the selinux code so it can be used
+ in conjunction with sudo's transcript support.
+ [779b0d8f9d29]
+
+2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in:
+ Fix default case of transcript_enabled being unset.
+ [f8aa96186e6b]
+
+ * script.c, sudoreplay.c:
+ Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
+ [2844a7a851fa]
+
+ * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
+ Hook up --disable-transcript and --enable-transcript=DIR
+ [b3fa7e6b2480]
+
+2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in, pathnames.h.in:
+ _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
+ transcript=DIR option to specify the directory
+ [b0bb76d43cda]
-2008-03-23 10:12 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [c7a8a0a9027c]
+
+ * configure, configure.in, sudoers.man.pl, sudoers.pod:
+ Substitute in default value for secure_path
+ [c8f9ac6dbf93]
+
+ * sudo.pod:
+ Mention that the password must be followed by a newline with the -S
+ option.
+ [2fc589a3ee7e]
+
+2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Go back to dropping out of the select() loop when the process dies;
+ Linux ptys apparently don't behave the same as BSD in regards to
+ select(). No need to flush remaining output to the transcript, only
+ to stdout. Add back code to check the master pty for additional data
+ when we exit the main select loop.
+ [abed9a9cbc6b]
+
+2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Add getline.o to COMMON_OBJS
+ [04ef7643cbc2]
+
+ * Makefile.in:
+ sudoreplay depends on libsudo.a
+ [142bd0472631]
+
+ * Makefile.in:
+ More pwutil.o into COMMON_OBJS
+ [4a016b933629]
- * install-sh: If the file given to install is a path, only use the
- basename of the file when building the destination path.
+ * pwutil.c, testsudoers.c, tsgetgrpw.c:
+ Remove my_* redirection in pwutil.c for testsudoers and just use the
+ normal libc get{pw,gr}* names.
+ [9b76d637d86b]
+
+ * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ More time and date examples
+ [c6ee0175ec56]
+
+ * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
+ Move nanosleep() emulation into its own file Check librt.a for
+ nanosleep if we don't find it in libc
+ [4da0cc26aad7]
+
+ * Makefile.in, configure, configure.in:
+ Build libsudo with the common bits and link things against that.
+ [2b53bc0b081a]
+
+ * script.c:
+ Fix final flush.
+ [6da287d833da]
+
+ * script.c:
+ Keep reading from the pty master -> log file until read returns <=
+ 0. Do our best to write everything to stdout when flushing any
+ remaining bits.
+ [2a45d4ae280c]
+
+ * sudoreplay.c:
+ Use unbuffered I/O when writing to stdout and make sure we write the
+ entire buffer.
+ [f39ef9844a47]
+
+2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Only use max_wait if it is non-zero
+ [f6c10604d2e8]
-2008-03-18 16:08 millert
+ * getdate.c, getdate.y, getline.c:
+ Need compat.h here
+ [5d6722e225a0]
- * sudo.c: parse_args() cleanup: Sort command line options in the
- getopt() switch The -U option requires a parameter Normalize a
- few ISSET calls Split mode into mode and flags and retire the
- now-obsolete excl variable
+ * sudoreplay.c:
+ Fix nanosleep emulation
+ [34e5e5d72a76]
-2008-03-18 16:04 millert
+ * script.c:
+ Fix comment after #endif
+ [bd1347718b25]
- * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
- sudo.pod, sudo_usage.h.in: Add -n (non-interactive) flag.
+ * sudoreplay.c:
+ Add protos for missing libc bits
+ [644f496427a2]
-2008-03-18 15:59 millert
+ * configure, configure.in:
+ add missing line continuation char
+ [db13c0d402cd]
+
+ * config.h.in, configure, configure.in, getline.c:
+ Implement getline() in terms of fgetln() if we have it.
+ [3ab786eaadc5]
- * sudo.c: Move version printing, etc. into a separate function.
+ * sudoreplay.c:
+ Print year when formatting log line
+ [90be669e3443]
-2008-03-18 15:57 millert
+ * sudoreplay.pod:
+ Document cwd, attempt to document time/date formats.
+ [6290fb9b65c6]
- * sudo.c: Don't try to cleanup nsswitch if it has not been
- initialized.
+ * sudoreplay.c:
+ Fix getline return value check.
+ [d696d6657261]
-2008-03-17 11:09 millert
+ * Makefile.in, config.h.in, configure, configure.in, getline.c,
+ sudoreplay.c:
+ Use getline() if the system has it, else use provide our own for
+ sudoreplay.
+ [afca1d6fbe5e]
- * logging.c: Block SIGPIPE in send_mail() so sudo is not killed by
- a problem executing the mailer.
+ * script.c:
+ Refactor code to update output and timing files.
+ [361491332b1a]
-2008-03-14 08:11 millert
+2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in, configure: AIX shared libs end in .a, not .so.
+ * sudoreplay.c:
+ Make sudo_getln() behave more like glibc getline.
+ [40c9f2ea29e6]
-2008-03-13 07:34 millert
+ * script.c:
+ When flushing remaining output, also update timing file.
+ [5a9a5a627549]
- * env.c: Preserve HOME by default too. Matches documentation and
- previous behavior.
+ * sudoreplay.c:
+ Use get_timestr() and make the -l output look like the regular sudo
+ log.
+ [452ba9d436c9]
-2008-03-12 19:42 millert
+ * logging.c, sudo.h, timestr.c:
+ Make get_timestr() take a time_t so we can use it properly in
+ sudoreplay.
+ [82e67cc53c9c]
- * sudo.c: Use getopt() to parse the command line. We need to be
- able to intersperse env variables and options yet still honor
- "--"" which complicates things slightly.
+ * script.c:
+ Create session dir earlier now that we update the seq number early.
+ [797fe8d6dc61]
-2008-03-06 14:46 millert
+2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * ChangeLog: sync
+ * sudoreplay.c:
+ Use fromdate and todate as the keywords instead of from and to; the
+ short forms will still be accepted.
+ [d14d9b116df4]
-2008-03-06 14:43 millert
+ * sudoreplay.c:
+ Fix reading long liensin sudo_getln()
+ [58dadd74118c]
- * acsite.m4, configure, ltmain.sh: update to libtool-1.5.26
+ * script.c, sudoreplay.c:
+ Log the cwd in the script log file. Add sudo_getln() to read
+ arbitrarily long lines.
+ [faceb802ab8f]
-2008-03-06 14:32 millert
+ * Makefile.in, logging.c, sudo.h, timestr.c:
+ Move get_timestr() into its own source file so sudoreplay can use
+ it.
+ [99b054bfa20a]
- * config.guess, config.sub: update from libtool-1.5.26 distribution
+2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-06 13:18 millert
+ * sudoreplay.c:
+ Add to and from perdicates (date ranges); needs documentation
+ [1d629174dcf4]
- * aix.c, sudo.h: attempt to fix compilation errors on AIX
+2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-06 13:08 millert
+ * Makefile.in, getdate.c, getdate.y:
+ Fix warning and add generated getdate.c
+ [b877a86b5a03]
- * Makefile.in: fix typo in last commit
+ * Makefile.in, getdate.y:
+ Add getdate.y to be used for sudoreplay date parsing.
+ [b8e26fbb7a40]
-2008-03-06 13:07 millert
+2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Add WHATSNEW file to the distribution
+ * sudoreplay.c:
+ Check more than just the first character of a predicate
+ [4fe53728adb1]
-2008-03-06 12:43 millert
+ * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ Add examples, sort predicates
+ [70f8075cbccc]
- * visudo.c: use warningx instead of fprintf(stderr, ...)
+ * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
+ sudoreplay.pod:
+ Implement search expressions in sudoreplay similar in concept to
+ what find or tcpdump uses. TODO: date ranges
+ [f7ce4fb4cf3a]
-2008-03-06 12:31 millert
+2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * list.c: add DEBUG to list2tq
+ * script.c:
+ Remove vhangup as it was hanging up the wrong tty. Should really
+ vhangup in the child after it as set its tty.
+ [2eed9df73010]
-2008-03-06 12:28 millert
+ * sudoers.pod:
+ Fix cut at documenting transcript support.
+ [e6c533a5568a]
- * ChangeLog, TODO: sync
+ * logging.c:
+ ID= -> TSID= for transcript ID
+ [1bf755a35333]
-2008-03-06 12:21 millert
+2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * WHATSNEW: mention mailfrom
+ * sudoers.pod:
+ Move fast_glob description to where it belongs in sorted order
+ [5901cfb0d25f]
-2008-03-06 12:19 millert
+ * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
+ parse.c, parse.h, sudo.c:
+ Rename script -> transcript
+ [e06cf823122c]
- * Makefile.in, config.h.in, configure, configure.in, set_perms.c,
- sudo.h, aix.c: Add aix_setlimits() to set resource limits on AIX
- using a combination of getuserattr() and setrlimit(). Currently
- untested.
+2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-05 16:52 millert
+ * compat.h:
+ Add timeradd and timersub for those without them
+ [929f8aa06c2b]
- * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
- sudoers.pod, sudoers.man.in: Add mailfrom Defaults option that
- sets the value of the From: field in the warning/error mail. If
- unset the login name of the invoking user is used.
+ * script.c:
+ Sanity check sessid before using it.
+ [aa8ca5211d43]
-2008-03-05 16:18 millert
+ * sudo.c:
+ Only set the session id if we are running a command or editing a
+ file.
+ [7205d717c098]
- * defaults.c: store a copy of _PATH_SUDO_ASKPASS in def_askpass
- that is freeable
+ * script.c:
+ Actually. qsort is fine since most versions fal back to a cheaper
+ sort when the number of elements to sort is small (like in our
+ case).
+ [d11c7cd352fe]
-2008-03-05 15:19 millert
+ * config.h.in, configure, configure.in, script.c:
+ Check for dup2 and use dup instead if we don't have it.
+ [98bd89830f8a]
- * gram.c, gram.y: When adding a default, only call list2tq() once
- to do the list to tq conversion. It is not legal to call list2tq
- multiple times on the same list since list2tq consumes and
- modifies the list argument.
+ * script.c, sudo.c, sudo.h:
+ Move the code to dup2 the script fds to low numbered descriptors
+ into script_duplow() and fix the fd sorting.
+ [9453fdc5fba6]
-2008-03-05 09:38 millert
+ * script.c, sudo.c, sudo.h:
+ Move script_setup() back to immediately before we drop privs and
+ call the new script_nextid() in its place, which will set
+ sudo_user.sessid for the logging functions.
+ [8434d0c8ff08]
- * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: comment
- out XXXs for now
+2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-05 09:36 millert
+ * Makefile.in:
+ Install sudoreplay
+ [6acf2cdb4d3f]
- * WHATSNEW: mention askpass
+ * sudoreplay.c:
+ remove unused variable
+ [2316360bb992]
-2008-03-04 17:20 millert
+2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Error out if both -A and -S are specified Error out if -A
- is specified but no askpass is configured
+ * logging.c, script.c, sudo.c, sudo.h:
+ Log the session ID, if there is one. Currently logs ID=XXXXXX,
+ perhaps should be SESSIONID or SESSID.
+ [53976905b0a6]
-2008-03-04 17:16 millert
+ * Makefile.in, configure, configure.in, sudoreplay.cat,
+ sudoreplay.man.in, sudoreplay.pod:
+ Add sudoreplay docs
+ [da4f14f0e64c]
- * configure, configure.in: we are not going to ship a sudo-specific
- askpass
+ * sudoreplay.c:
+ add -V (version) flag
+ [b5e743639ee3]
-2008-03-03 14:30 millert
+ * sudoreplay.c:
+ Hook up max_wait.
+ [2ec5697a92ba]
- * sudo.h: fix definition of TGP_ASKPASS
+ * script.c, sudoreplay.c:
+ Use base36 number for the ID and store script files with paths like
+ /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
+ (2,176,782,336) unique IDs.
+ [6aab019d07aa]
-2008-03-03 13:54 millert
+2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.c, def_data.in: make askpass boolean-capable
+ * config.h.in, configure.in:
+ Add check for regcomp
+ [44c3ebd7ff34]
-2008-03-03 13:53 millert
+ * sudoreplay.c:
+ Add support for selecting by pattern and tty when listing.
+ [66189f840c52]
- * INSTALL: document --with-askpass
+2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-02 19:27 millert
+ * sudoreplay.c:
+ The beginnings of a list mode.
+ [8d0150b4a52c]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
- sudoers.ldap.cat, visudo.cat: regen
+2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-02 17:31 millert
+ * Makefile.in:
+ fix pasto
+ [616b4640b8a8]
- * sudo.pod, sudo_usage.h.in, sudoers.pod: document -A and askpass
+ * Makefile.in, config.h.in, configure.in:
+ Add scaffolding for building sudoreplay
+ [a32958505dbe]
-2008-03-02 09:31 millert
+ * sudoreplay.c:
+ include error.h first arg to nanotime is const
+ [fe5a7bb31bc5]
- * check.c, configure, configure.in, def_data.c, def_data.h,
- def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
- sudo_usage.h.in, tgetpass.c, auth/sudo_auth.c: Add support for
- running a helper program to read the password when no tty is
- present (or when specified with the -A flag). TODO: docs.
+ * sudoreplay.c:
+ Initial cut at sudoreplay; replay a sudo session.
+ [f149fba372bd]
-2008-03-02 08:38 millert
+2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.c, def_data.in: add missing printf format to SELinux
- role and type strings
+ * script.c:
+ Fix wait() usage and use correct wait status.
+ [f4745ed7ad05]
-2008-02-27 09:26 millert
+ * sudo.c, sudo.h, tgetpass.c:
+ Add protos for term_* to sudo.h
+ [14fe1abd7e7b]
- * INSTALL, configure, configure.in: Disable use of
- gss_krb5_ccache_name() by default and add
- --enable-gss-krb5-ccache-name configure option to enable it. It
- seems that gss_krb5_ccache_name() doesn't work properly with some
- combinations of Heimdal and OpenLDAP.
+ * script.c:
+ Fix detection of the child process exiting. Since the child is in
+ its own session we should only ever get SIGCHLD for that process but
+ better safe than sorry.
+ [7edfdadd8505]
-2008-02-22 15:33 millert
+ * config.h.in:
+ Add UNIX98 pty support.
+ [82f4b53a0e8f]
- * selinux.c: Ignore setexeccon() failing in permissive mode. Also
- add a call to setkeycreatecon() (though this is probably
- insufficient). From Dan Walsh.
+ * configure, configure.in, script.c:
+ Add UNIX98 pty support.
+ [795b8bb0a3a1]
-2008-02-22 15:19 millert
+2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: Only set std_prompt for the PAM_PROMPT_* cases. The
- conversation function may be called for non-password reading
- purposes so we must be careful not to use def_prompt in cases
- where it may not be set.
+ * term.c:
+ For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
+ if it is defined.
+ [40f8b83baf69]
-2008-02-20 12:00 millert
+ * auth/pam.c:
+ Set PAM_RUSER and PAM_RHOST early so they can be used during
+ authentication. Based on a patch from Jamie Beverly.
+ [3d567b453a6a]
- * selinux.c: Don't free the new tty context, we need to keep it
- around when we restore the tty context after the command
- completes
+ * match.c:
+ Close dir before returning if strlcpy() reports overflow. From
+ Martynas Venckus.
+ [6a82f96473e5]
-2008-02-19 16:04 millert
+ * config.h.in, configure, configure.in, script.c:
+ On Linux, the openpty proto libes in pty.h
+ [98643a018d1c]
- * selinux.c: s/newrole/sudo/
+ * script.c:
+ Call vhangup on exit if the system has it Use setpgrp() if no
+ setsid()
+ [3a9e13149829]
-2008-02-19 13:21 millert
+2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.man.pl, sudo.pod: Only put login_cap(3) in SEE ALSO section
- if we have login.conf support
+ * config.h.in, configure, configure.in:
+ Add checks for revoke and vhangup if we don't have openpty
+ [fcb04572e994]
-2008-02-18 11:05 millert
+ * script.c:
+ Session logging guts that got forgotten in the previous commit.
+ [c2af08a63ea9]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
- sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
- regen
+ * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
+ configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
+ gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
+ tgetpass.c:
+ First cut at session logging for sudo. Still need to write
+ get_pty() for Unix 98 and old-style BSD ptys. Also needs
+ documentation and general cleanup.
+ [77e3f5e25738]
-2008-02-18 10:53 millert
+2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, configure, configure.in, sudo.man.pl, sudo.pod,
- sudoers.man.pl, sudoers.pod: Substitute in comment characters for
- lines partaining to login.conf, BSD auth and SELinux and only
- enable them if pertinent.
+ * sudo.c, sudo_edit.c:
+ Fix a bug introduced with def_closefrom. The value of def_closefrom
+ already includes the +1.
+ [7291c136300d]
-2008-02-18 10:42 millert
+2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
- Remove the =cut on the first line (above the copyright notice) to
- quiet pod2man. Also remove the hackery in the FILES section and
- just deal with the fact that there will a newline between each
- pathname.
+ * Makefile.in:
+ Generate sudo distributions with pax in ustar mode. No longer need
+ to use a temp file or have the source dir name match the version.
+ [9778177a8272]
-2008-02-17 08:19 millert
+2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: run sudo.man.pl when generating sudo.man.in
+ * toke.c, toke.l:
+ Fix expansion of %h in #include names. Fixes bugzilla 363
+ [6e346879ba24]
-2008-02-17 08:11 millert
+2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in, sudo.man.pl: comment out SELinux manual
- bits unless --with-selinux was specified
+ * mkdefaults:
+ If no arg assume def_data.in
+ [c1dd28c0e675]
-2008-02-17 08:04 millert
+ * README, WHATSNEW:
+ Update for 1.7.2
+ [f5ad45f69f05] [SUDO_1_7_2]
- * sudoers.pod: document role and type defaults for SELinux
+ * ChangeLog:
+ sync
+ [6283549396ff]
-2008-02-16 20:26 millert
+2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
- Document "sudo -ll" and make "sudo -l -l" be equivalent.
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Add missing single quotes around a colon in Runas_Spec definition.
+ From Elias Benali.
+ [ccc6ee4fca83]
-2008-02-15 15:23 millert
+2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in, configure: Treat k*bsd*-gnu like Linux, not BSD.
- Fixes compilation problems on Debian GNU/kFreeBSD.
+ * sudo.man.in, sudoers.man.in:
+ regen
+ [546e75304ebf]
-2008-02-13 17:17 millert
+ * redblack.c:
+ In rbrepair, re-color the root or the first non-block node we find
+ to be black. Re-coloring the root is probably not needed but won't
+ hurt.
+ [34d01ebe241b]
- * auth/kerb5.c: Avoid Heimdal'isms introduced in the rev 1.32
- rewrite of verify_krb_v5_tgt()
+ * sudo.cat, sudoers.cat:
+ regen
+ [bebf5a39f54f]
-2008-02-13 07:28 millert
+2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c, logging.h, sudo.c: Remove dependence on
- VALIDATE_NOT_OK in logging functions. Split log_auth() into
- log_allowed() and log_denial() Replace mail_auth() with
- should_mail() and a call to send_mail()
+ * redblack.c:
+ When repairing the tree, don't touch the root node.
+ [9841f0d5d789]
-2008-02-10 18:06 millert
+2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Add debugging so we can tell if the krb5 ccache is
- accessible
+ * set_perms.c:
+ Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
+ Reported by Josef Schmid.
+ [ed044b1eb879]
-2008-02-10 17:34 millert
+2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL: mention --with-selinux
+ * sudoers.pod:
+ Document that we accept env_pam-style environment files
+ [e3b545456352]
-2008-02-09 09:48 millert
+ * env.c:
+ Adapt to accept pam_env-style /etc/environment which allows shell-
+ style lines such as: export EDITOR="/usr/bin/vi"
+ [752eb75bf007]
- * configure: regen
+ * sudoers.pod:
+ Make it clear that env_delete only works when !env_reset. From Lo??c
+ Minier
+ [3bd3f8e351ba]
-2008-02-09 09:43 millert
+2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * selinux.c: add Sudo tag
+ * sudo.pod, sudoers.pod:
+ Add non-unix group bits, adapted from Quest
+ [8ce427de8dea]
-2008-02-09 09:30 millert
+ * Makefile.in:
+ build the .cat page in the current working dir, not the src dir
+ [00e87a307674]
- * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
- def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
- pathnames.h.in, selinux.c, sesh.c, sudo.c, sudo.cat, sudo.h,
- sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.ldap.cat,
- sudoers.ldap.man.in, sudoers.ldap.pod, testsudoers.c, toke.c,
- toke.l: Add support for SELinux RBAC. Sudoers entries may
- specify a role and type. There are also role and type defaults
- that may be used. To make sure a transition occurs, when using
- RBAC commands are executed via the new sesh binary. Based on
- initial changes from Dan Walsh.
+ * env.c:
+ Return EINVAL in setenv() if var is NULL or the empty string to
+ match glibc behavior.
+ [23fd7c247142]
-2008-02-08 08:18 millert
+2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c: Add long
- list (sudo -ll) support for printing verbose LDAP and sudoers
- file entries. Still need to update manual.
+ * configure, configure.in:
+ Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
+ [fedd4a3e2a85]
-2008-02-03 10:43 millert
+2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h: Unify the -l
- output for file and ldap based sudoers and use lbufs for both.
- The ldap output does not currently include options that cannot be
- represented as tags. This will be remedied in a long list output
- mode to come.
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [7b9f461a40b3]
-2008-01-27 16:37 millert
+2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c: Use a specific error message for errno == EAGAIN
- when setuid() et al fails. On Linux systems setuid() will fail
- with errno set to EAGAIN if changing to the new uid would result
- in a resource limit violation.
+ * INSTALL:
+ Document --with-libvas and --with-libvas-rpath
+ [a071e6d96c89]
-2008-01-27 16:34 millert
+2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Unlimit nproc on Linux systems where calling the setuid()
- family of syscalls causes the nroc resource limit to be checked.
- The limits will be reset by pam_limits.so when PAM is used. In
- the non-PAM case the nproc limit will remain unlimited but there
- doesn't seem to be a way around that other than having sudo parse
- /etc/security/limits.conf directly.
+ * ldap.c, sudoers.ldap.pod:
+ For netscape-derived LDAP SDKs the cert and key paths may be a
+ directory or a file. However, version 5.0 of the SDK only seems to
+ support using a directory. If ldapssl_clientauth_init fails and the
+ cert or key paths look like they could be files, strip off the last
+ path element and try again.
+ [ac4e49d83043]
-2008-01-27 16:31 millert
+ * Makefile.in:
+ Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
+ [4547cc1a335f]
- * env.c, sudo.c, sudo.pod: Only read /etc/environment on Linux and
- AIX
+2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-23 06:33 millert
+ * configure, configure.in, match.c, sudo.c, vasgroups.c:
+ Update non-Unix group support from Quest, as reworked by me.
+ [1abafce29dc6]
- * configure, configure.in: Use SUDO_DEFINE_UNQUOTED instead of
- AC_DEFINE_UNQUOTED to prevent ldap.conf and ldap.secret paths
- from going into config.h. Avoid single quotes in variable
- expansion when using SUDO_DEFINE_UNQUOTED since in some versions
- of bash they will end up literally in the resulting define.
+ * toke.c:
+ regen
+ [01bfca9148b7]
-2008-01-21 13:22 millert
+ * toke.l:
+ Add support for escaped hex chars in names, e.g. \x20 for space.
+ [3c7be8e58a39]
- * README.LDAP: mention --with-nsswitch=no
+2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-21 11:43 millert
+ * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
+ auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
+ fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
+ logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
+ set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
+ sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
+ tgetpass.c, toke.l, visudo.c:
+ Update copyright years.
+ [e615f676c764]
- * configure, configure.in: ldap_ssl.h depends on ldap.h being
- included first
+2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-21 11:07 millert
+ * interfaces.c, lbuf.c:
+ Minor fixes for Minix-3
+ [898c510d23f9]
- * configure, configure.in, ldap.c, config.h.in: Include ldap_ssl.h
- if we can find it. Needed for the ldapssl_set_strength defines
- on HP-UX at least.
+2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-21 10:02 millert
+ * set_perms.c:
+ Handle getgroups() returning 0. Also add missing check for
+ HAVE_GETGROUPS.
+ [d73b958f9ffd]
- * TODO, sudoers.ldap.pod: sync
+2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-21 10:01 millert
+ * Makefile.in, config.h.in, configure, configure.in, sudo.c,
+ version.h, visudo.c:
+ Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
+ [5050579a264d]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
- sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
- regen
+2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-21 10:00 millert
+ * set_perms.c:
+ Remove group setting code in setusercontext case, we will do it
+ ourselves later on in runas_setup. Set the gid after
+ initgroups/setgroups is called, since on Mac OS X it seems to change
+ the egid.
+ [09dc21d8b42d]
- * Makefile.in: Use 78n line length when formatting cat pages.
+2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-21 09:50 millert
+ * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
+ vasgroups.c:
+ Initial bits of non-unix group support using Quest Authentication
+ Services
+ [1eecab0ff27e]
- * README.LDAP: Remove redundant info that is now in
- sudoers.ldap.pod
+ * toke.c, toke.l:
+ Accept %:foo as a non-Unix group
+ [4c4b5dd899a6]
-2008-01-20 16:18 millert
+ * toke.c, toke.l:
+ Allow user/group to be double quoted in the case of non-Unix groups
+ which contain spaces.
+ [47a3d568b7e8]
- * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
- Reorganize the first section a bit. Substitute the proper path
- for /etc/sudoers.
+2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-20 10:17 millert
+ * match.c:
+ Don't allow the user to specify the default runas user if their
+ sudoers entry only allows them to run as a group.
+ [4d726177227c]
- * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
- Substitute values for ldap.conf, ldap.secret and nsswitch.conf
- Move schema into EXAMPLES
+2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-20 10:15 millert
+ * sudo.c:
+ Must call audit_success before we change uids.
+ [04a9e6ce6e55]
- * configure.in, configure: Substitute values for ldap.conf,
- ldap.secret and nsswitch.conf into sudoers.ldap.man.
+ * logging.c, set_perms.c, sudo.h, testsudoers.c:
+ Add option for set_perm to not exit on failure and use this in the
+ logging routines.
+ [833dce7b7f42]
-2008-01-19 20:35 millert
+ * parse.c:
+ In -l mode, if the user is only allowed to run as a group, display
+ the user's name, not root's before the allowed group.
+ [ef92ff99d265]
- * configure, configure.in: substitute for sudoers.ldap.man
+ * sudo.c:
+ Fix -g mode, broken by rev 1.503 which had the side effect of
+ setting the runas user to root unilaterally.
+ [50a2f7df4385]
-2008-01-19 20:34 millert
+2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Fix cut & pasto introduced when adding sudoers.ldap
- man page.
+ * fileops.c:
+ When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
+ [30fbe832dcf3]
-2008-01-19 20:25 millert
+ * pwutil.c:
+ Only cache by the method we fetched for pwd and grp lookups.
+ Previously we cached both by namd and id but this can cause problems
+ for entries that share the same id. Also add more info in the error
+ message in case the insert fails (which should now be impossible).
+ [ef95a4f0bab5]
- * sudoers.ldap.pod, sudoers.ldap.cat, sudoers.ldap.man.in: Fill in
- some of the missing pieces. Still needs some reorganization and
- editing.
+2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-19 15:06 millert
+ * sudoers.pod:
+ Add a clarification from Nick Sieger
+ [1eadad329561]
- * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
- sudoers.ldap.pod: Beginnings of a sudoers.ldap man page.
- Currently, much of the information is adapted from README.LDAP.
+2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-18 17:32 millert
+ * env.c:
+ Inline the setting of the environment string.
+ [9515d11c6295]
- * pwutil.c: When copying gr_mem we must guarantee that the storage
- space for gr_mem is properly aligned. The simplest way to do
- this is to simply store gr_mem directly after struct group. This
- is not a problem for gr_passwd or gr_name as they are simple
- strings.
+2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-18 16:47 millert
+ * env.c:
+ setenv(3) in Linux treats a NUL value as the empty string setenv(3)
+ in BSD doesn't return an error if the name has '=' in it, it just
+ treats the '=' as end of string.
+ [941260bf94d2]
- * ldap.c: Fix a typo/thinko in one of the calls to
- sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
+2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-17 15:44 millert
+ * toke.c, toke.l:
+ Not all systems have d_namlen
+ [e377b18d8e2d]
- * config.h.in, configure, configure.in, ldap.c: include
- <mps/ldap_ssl.h> in ldap.c if available
+2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-16 18:20 millert
+ * sudoers.pod:
+ Fix up some pod2html issues.
+ [823a1f10ab60]
- * gram.c, gram.y: Make sure we define SIZE_MAX for yacc's
- skeleton.c
+2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-16 13:03 millert
+ * interfaces.c:
+ Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
+ Quest Software.
+ [73de36653131]
- * tgetpass.c: Use TCSAFLUSH when restoring terminal settings (and
- echo) to guarantee that any pending output is discarded
+ * sudoers.pod:
+ Ignore files ending in '~' in sudo.d (emacs backup files)
+ [7871fad702db]
-2008-01-15 17:18 millert
+ * toke.c, toke.l:
+ Ignore files ending in '~' in sudo.d (emacs backup files)
+ [53fded2a469f]
- * sudoers: no longer need to specify SETENV when user has sudo ALL
+2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-15 09:40 millert
+ * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
+ For #includedir, ignore any file containing a dot
+ [a7daa1bce6c2]
- * testsudoers.c: sync user_args size calculation with sudo.c Add -g
- group option, renaming old -g to -G Add set_runasgr() and
- set_runaspw() and use them
+ * Makefile.in, version.h:
+ Bump version
+ [ef60f14ffc44]
-2008-01-15 09:23 millert
+ * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
+ sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
+ visudo.c:
+ Implement #includedir directive. Files in an includedir are not
+ edited by visudo unless they contain a syntax error.
+ [3923d85a6c79]
- * sudo.h, sudo.c: Make set_runaspw static void
+ * ChangeLog:
+ sync
+ [8741ed61a78b] [SUDO_1_7_1]
-2008-01-15 09:17 millert
+ * WHATSNEW:
+ Forgot umask_override
+ [7c86a21a5504]
- * testsudoers.c, visudo.c: g/c set_runaspw stub
+ * ChangeLog, TODO:
+ sync
+ [57339ca6bccf]
-2008-01-15 07:28 millert
+2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Don't add -llber twice.
+ * visudo.c:
+ Rewind stream if we fdopen sudoers since it may not be at the
+ beginning. Set the keepopen flag on already-open files too so the
+ lexer doesn't close them out from under us.
+ [61292d819aff]
-2008-01-14 06:40 millert
+ * visudo.c:
+ Print the proper file name when there is a parse error in an include
+ file.
+ [b0e85d4aedde]
- * ldap.c: fix typo
+2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-13 15:39 millert
+ * WHATSNEW:
+ Sync
+ [997e5d485ea3]
- * gram.c: regen
+2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-13 14:57 millert
+ * configure, configure.in:
+ Fix a warning when --without-ldap is specified.
+ [d91fd9481b30]
- * configure, configure.in: Fix check that determines whether -llber
- is required.
+2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-13 14:22 millert
+ * alias.c, parse.h, visudo.c:
+ Store aliases that we remove during check_aliases in a freelist and
+ free them at the end so we don't leak memory.
+ [805e2272f6a3]
- * config.h.in, configure, configure.in, README.LDAP, ldap.c: For
- netscape-based LDAP, use ldapssl_set_strength() to implement the
- checkpeer ldap.conf option.
+2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-13 09:49 millert
+ * visudo.c:
+ Check aliases in -c mode too.
+ [9199e188d9f2]
- * auth/kerb5.c: Delay krb5_cc_initialize() until we actually need
- to use the cred cache, which is what krb5_verify_user() does.
- Better cleanup on failure.
+ * alias.c, parse.h, visudo.c:
+ Make alias_remove return the alias struct instead of freeing it
+ directly. Fixes a use after free in alias_remove_recursive, the only
+ consumer.
+ [a04b61804800]
-2008-01-12 12:40 millert
+ * alias.c, match.c, parse.c, parse.h, visudo.c:
+ Rename find_alias -> alias_find for consistency.
+ [48b0a82924f3]
- * auth/kerb5.c: Rewrite verify_krb_v5_tgt() based on what heimdal's
- krb5_verify_user() does.
+2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-09 14:58 millert
+ * visudo.c:
+ When checking for unused aliases, recurse if the alias points to
+ another alias.
+ [2d4d1a7f3a41]
- * gram.c: The U suffix on constants is an ANSI feature
+2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-09 12:08 millert
+ * ldap.c:
+ Back out rev 1.105 for now. Real ldapux_client.conf support will be
+ done later after some refactoring.
+ [8ad72e69b277]
- * configure.in, configure: Add check for ber_set_option() in -llber
+2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-06 19:02 millert
+ * ldap.c:
+ Treat ldap_hostport the same as "host" for ldapux.
+ [3281dcc66da8]
- * README.LDAP: default if no nsswitch.conf is files only
+ * configure, configure.in:
+ Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
+ Fixes compilation with ldapux.
+ [ca1ed585ef0e]
-2008-01-06 17:28 millert
+2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * README.LDAP: don't tell people to mail aaron about LDAP stuff
+ * fileops.c:
+ fix char subscript
+ [41e51f080d00]
-2008-01-06 12:32 millert
+2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * README.LDAP: timelimit and bind_timelimit
+ * Makefile.in:
+ remove errant carriage returns
+ [e9e258a31c7b]
-2008-01-06 08:54 millert
+ * audit.c, env.c:
+ fix K&R compilation
+ [d182e8920f13]
- * ChangeLog: sync
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [791a5cbf04e5]
-2008-01-06 07:56 millert
+2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Move ldap.secret reading into a separate function.
+ * config.h.in:
+ Add missing HAVE_BSM_AUDIT
+ [49ad1bb96f04]
-2008-01-05 19:09 millert
+ * WHATSNEW:
+ Add 1.7.1 features
+ [f107f1604c61]
- * check.c: user_runas -> runas_pw
+ * INSTALL:
+ Mention --with-netsvc
+ [d1e90d147795]
-2008-01-05 18:59 millert
+ * sudoers.ldap.pod:
+ Document netsvc.conf support
+ [e78f8abce6af]
- * TODO: sync
+ * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
+ sudo_nss.h:
+ Add support for AIX netsvc.conf (like nsswitch.conf).
+ [1df56a84dee5]
-2008-01-05 18:59 millert
+2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c, sudo.pod, sudoers.pod: Add and document the %p escape in
- the password prompt. Based on a patch from Patrick Schoenfeld.
+ * config.h.in, configure, configure.in, env.c:
+ Add --enable-env-debug flag to enable environment sanity checks.
+ [128cdd8832e7]
-2008-01-05 18:25 millert
+ * sudoers.ldap.pod, sudoers.pod:
+ Work around some pod2html issue.
+ [e733b9609bd2]
- * ldap.c: Check strlcpy() return values.
+2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-05 18:12 millert
+ * env.c:
+ Only sync environ for putenv, setenv, and unsetenv. We need to make
+ sure that sudo_putenv and sudo_setenv only modify env.envp, not
+ environ.
+ [be3ac732243c]
- * ldap.c: refactor ldap binding code into sudo_ldap_bind_s()
+2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-05 16:35 millert
+ * env.c:
+ Really fix UNSETENV_VOID
+ [08ab7e882507]
- * README.LDAP: Make it clear that host and uri can take multiple
- parameters. URI is now supported for more than just openldap
- nsswitch.conf does't accept "compat"
+ * env.c:
+ Fix unsetenv when UNSETENV_VOID
+ [d3038b3f2f15]
-2008-01-05 16:27 millert
+ * aclocal.m4, configure:
+ Fix SUDO_FUNC_PUTENV_CONST
+ [de35569c572b]
- * sudo.c: comment cleanup and update (c) year
+ * ldap.c:
+ tivoli-based ldap does not have ldapssl_err2string
+ [c63fd90d5e99]
-2008-01-05 16:25 millert
+ * configure:
+ regen
+ [f38f1ee828ad]
- * parse.c, sudo_nss.c: Move display_privs() and display_cmnd() from
- parse.c to sudo_nss.c. This should make it possible to build an
- LDAP-only sudo binary.
+2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-05 13:27 millert
+ * config.h.in, configure, configure.in, ldap.c:
+ Add support for Tivoli-based LDAP start TLS as seen in AIX.
+ Untested.
+ [8f8771829f85]
- * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h: Improve chaining of
- multiple sudoers sources by passing in the previous return value
- to the next in the chain
+ * env.c:
+ Add sanity checks for setenv/unsetenv
+ [adbd1d95856b]
-2008-01-05 13:26 millert
+ * Makefile.in:
+ Include bsm_audit.h in the tarball
+ [4a4aa02b2c32]
- * gram.y: Free up parser data structures in sudo_file_close().
+ * Makefile.in, version.h:
+ bump version for sudo 1.7.1
+ [362c71d21595]
-2008-01-05 08:13 millert
+ * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
+ env.c, ldap.c, sudo.h:
+ Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
+ provide our own setenv/unsetenv/putenv that operates on own env
+ pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
+ [276edcd23032]
- * gram.c, parse.c: Free up parser data structures in
- sudo_file_close().
+2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-05 07:59 millert
+ * sudo.c:
+ Make "sudoedit -h" work as expected
+ [2bcbbb45d389]
- * ldap.c: Parse uri ourself if no ldap_initialize() is present Use
- ldap_create() instead of deprecated ldap_init() Use
- ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
+ * auth/pam.c:
+ Make sure def_prompt is always defined. This is a workaround for
+ pam configs that prompt for a password in the session but don't have
+ an auth line. A better fix is to expand the sudo prompt earlier and
+ set def_prompt to that when initializing.
+ [ee073c04aec3]
-2008-01-05 07:56 millert
+ * sudo.pod:
+ Mention that the helper for -A may be graphical.
+ [b64a940c4082]
- * config.h.in, configure, configure.in: Add check for
- ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from CFLAGS
+ * TROUBLESHOOTING:
+ Document what happens if there is no tty.
+ [313d58a856a5]
-2008-01-04 09:56 millert
+ * sudo.c:
+ cosmetic changes
+ [894f5e3b0c3e]
- * configure.in, configure, config.h.in: add check for ldap_create
+ * term.c:
+ Fix term_restore
+ [6c6315ff14bc]
-2008-01-03 16:11 millert
+ * sudo.c:
+ Fix "sudo -k" with no other args
+ [59e94dc419c6]
- * config.h.in, configure, configure.in, ldap.c: Add
- sudo_ldap_get_first_rdn() to return the first rdn of an entry's
- dn using the mechanism appropriate for the LDAP SDK in use. Use
- ldap_unbind_ext_s() instead of deprecated ldap_unbind_s().
- Emulate ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's
- without them.
+2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-03 16:02 millert
+ * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
+ Allow the -k flag to be specified in conjunction with a command or
+ another option that may require authentication.
+ [5960ff20355d]
- * lbuf.c: include unistd.h
+2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-03 11:05 millert
+ * configure, configure.in:
+ Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
+ [e86ab69c4a57]
- * config.h.in, configure.in: fix typo in mtim_getnsec
+ * Makefile.in:
+ Parallel make fix. From Diego E. 'Flameeyes'
+ [1289d7ee27db]
-2008-01-02 15:29 millert
+2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure.in, configure: add check for st__tim in
- struct stat as used by SCO
+ * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
+ Implement umask_override
+ [8b87a3f7c5aa]
-2008-01-02 11:05 millert
+ * toke.c:
+ regen
+ [79d7ca9ac873]
- * ldap.c: use ldap_search_ext_s instead of deprecated ldap_search_s
+ * sudoers.pod, toke.l, visudo.c:
+ Implement %h escape in sudoers include filenames.
+ [a7f288dd64f0]
-2008-01-02 10:09 millert
+ * audit.c:
+ Need to include compat.h
+ [c0dc07ce2f70]
- * Makefile.in, TODO, sudo.cat, sudo.man.in: add sudo_nss.h to HDRS
+ * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
+ Make audit_success and audit_failure generic functions in
+ preparation for integrating linux audit support.
+ [7df020a8fd6f]
-2008-01-01 19:04 millert
+ * term.c:
+ remove duplicate include
+ [1dfcd01a7e46]
- * ldap.c: Replace deprecated ldap_explode_dn() with calls to
- ldap_str2dn() and ldap_rdn2str().
+2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-01 18:37 millert
+ * bsm_audit.c:
+ Add missing include
+ [fb56e08c37ee]
- * ldap.c: Use ldap_get_values_len()/ldap_value_free_len() instead
- of the deprecated ldap_get_values()/ldap_value_free().
+ * sudo.c:
+ May need to update the runas user after parsing command-based
+ defaults.
+ [246f130d7802]
-2008-01-01 17:07 millert
+2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * TODO, ChangeLog: sync
+ * glob.c:
+ Add missing pair of braces introduced with character class support.
+ [0e2afa2e03e9]
-2008-01-01 17:06 millert
+2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * gettime.c, sudo.c: Remove some already fixed XXXs
+ * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
+ Rename pwstars to pwfeedback
+ [a9f85a57ebac]
-2008-01-01 17:03 millert
+2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Same return value as non-existent sudoers if LDAP was
- unable to connect.
+ * bsm_audit.c, bsm_audit.h:
+ Add const to make MacOS happy.
+ [4274432d6627]
-2008-01-01 16:52 millert
+ * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
+ configure.in, sudo.c:
+ Add bsm audit support from Christian S.J. Peron
+ [bef61cd8693d]
- * sudo.pod: mention /etc/environment
+ * term.c:
+ This is new code, no DARPA notice.
+ [ec6ad09b9c23]
-2008-01-01 16:42 millert
+2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * UPGRADE, WHATSNEW, README.LDAP: Update to reflect recent
- developments.
+ * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
+ Rename simple_glob -> fast_glob
+ [68d9ed803cc1]
-2008-01-01 16:42 millert
+ * match.c:
+ g/c unused var
+ [693fa0464eb6]
- * sudo.c: Print nsswitch.conf, ldap.conf and ldap.secret paths in
- -V output.
+ * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
+ Add simple_glob option to use fnmatch() instead of glob(). This is
+ useful when you need to specify patterns that reference network file
+ systems.
+ [77ba634f6949]
-2008-01-01 16:25 millert
+ * tgetpass.c:
+ add term_* proto
+ [520f5149d073]
- * ldap.c: When building up a query don't list groups in the aux
- group vector that are the same as the passwd file group. On most
- systems the first gid in the group vector is the same as the
- passwd entry gid.
+ * sudoers.pod:
+ mention glob()
+ [ddaab8e03c52]
-2008-01-01 14:01 millert
+2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c, ldap.c: Define LDAPNOINIT before calling ldap_init(), etc.
- to disable user ldaprc and system defaults that could affect how
- LDAP works.
+ * tgetpass.c:
+ Delete any pwstars we wrote after the user hits return. That way
+ there is no record on screen as to the user's password length.
+ [fae25cda762b]
-2008-01-01 13:21 millert
+2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
- sudo_nss.c, sudo_nss.h: Rename read_nss -> sudo_read_nss Add
- --with-nsswitch to allow users to specify nsswitch.conf path or
- disable it. If --with-nsswitch=no but --with-ldap, order is
- LDAP, then sudoers. Fix --with-ldap-conf-file and
- --with-ldap-secret-file
+ * term.c:
+ Move terminal setting bits from tgetpass.c to term.c
+ [03d43325ee99]
-2008-01-01 13:12 millert
+ * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
+ tgetpass.c:
+ Add pwstars sudoers option that causes sudo to print a star every
+ time the user presses a key.
+ [7aab417e184d]
- * parse.c: Honor def_ignore_local_sudoers
+2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-31 16:44 millert
+ * Makefile.in:
+ Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
+ [64f70e879816]
- * ldap.c: no longer need to check def_ignore_local_sudoers here
+2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-31 16:36 millert
+ * ldap.c:
+ For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
+ indicate no limit. From Mark Janssen.
+ [e2c5732d54f5]
- * parse.c: Refactor group vector resetting into a function and also
- call it from display_cmnd. Stop after the first sucessful match
- in display_cmnd. Print a newline between each display_privs
- method.
+2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-31 16:23 millert
+ * toke.c, toke.l:
+ Comments that begin with #- should not be parsed as uids.
+ [a72a50f12f41]
- * parse.c: fix double free introduced in rev 1.218
+2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-31 16:10 millert
+ * sudo.c:
+ Do not try to set the close on exec flag if we didn't actually open
+ sudoers.
+ [ece3ca256904]
- * ldap.c: belt and suspenders; zero out result after freeing it
+2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-31 15:04 millert
+ * ChangeLog:
+ regen
+ [e11f0e4c1bdd] [SUDO_1_7_0]
- * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c: Refactor line
- reading into a separate function, sudo_parseln(), which removes
- comments, leading/trailing whitespace and newlines. May want to
- rethink the use of sudo_parseln() for /etc/ldap.secret
+2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-31 14:26 millert
+ * TODO:
+ sync
+ [5b8954462bb3]
- * parse.c, sudo.c: Make the inability to read the sudoers file a
- non-fatal error if there are other sudoers sources available.
- sudoers_file_lookup now returns "not OK" if sudoers was not
- present
+2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-31 14:24 millert
+ * auth/pam.c:
+ Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
+ password prompt.
+ [8563601cb3de]
- * ldap.c: make it clear that the global options are from LDAP
+ * configure, configure.in:
+ Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
+ as it cannot generate shared objects.
+ [6d4262ef9669]
-2007-12-31 14:13 millert
+ * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
+ K&R compilation fixes
+ [77921678d17c]
- * logging.c: allocate proper amount of space for error string
+ * parse.c:
+ Use tq_foreach_fwd when checking pseudo-commands to make it clear
+ that we are not short-circuiting on last match. When pwcheck is
+ 'all', initialize nopass to TRUE and override it with the first non-
+ TRUE entry.
+ [96b209f4778f]
-2007-12-31 10:24 millert
+2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_nss.c, sudo_nss.h: actual sudo nss code
+ * parse.c:
+ Do not short circuit pseudo commands when we get a match since,
+ depending on the settings, we may need to examine all commands for
+ tags.
+ [fdbaf89d6f35]
-2007-12-31 10:08 millert
+2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c, parse.c, sudo.c, sudo.h: nss-ify display_privs and
- display_cmnd.
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [1ecce7c1b841]
-2007-12-31 07:54 millert
+ * sudoers.pod:
+ hostnames may also contain wildcards
+ [82b76695601c]
- * defaults.c, parse.c, testsudoers.c, visudo.c: move
- update_defaults() to parse.c
+ * Makefile.in:
+ remove stamp-* files and linux core files in clean target
+ [22003f091467]
-2007-12-31 07:39 millert
+2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
- Use nsswitch to hide some sudoers vs. ldap implementation details
- and reduce the number of #ifdef LDAP TODO: fix display routines
- and error handling
+ * auth/sudo_auth.h, config.h.in, configure, configure.in:
+ Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
+ [6905bede8410]
-2007-12-28 11:20 millert
+2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
- First cut at nsswitch.conf support. Further reorganizaton and
- related changes are forthcoming.
+ * configure, configure.in:
+ correctly enable SIA on Digital UNIX
+ [a51881d13995]
-2007-12-21 16:53 millert
+ * TODO:
+ checkpoint
+ [af0fe8d94d42]
- * env.c, pathnames.h.in, sudo.c, sudo.h: Add support for reading
- and /etc/environment file. Still needs to be documented and
- should probably only applies to OSes that have it (AIX and Linux,
- maybe others).
+ * ChangeLog:
+ sync
+ [831f623cf99c]
-2007-12-21 16:20 millert
+2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: include limits.h
+ * check.c, sudo.h, tgetpass.c:
+ Even if neither stdin nor stdout are ttys we may still have /dev/tty
+ available to us.
+ [20f306ba883b]
-2007-12-20 10:02 millert
+2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * WHATSNEW: reword LDAP SASL
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [76d97c4c318f]
-2007-12-19 16:40 millert
+ * sudoers.pod:
+ fix typos; Markus Lude
+ [bff8bc1e2066]
- * TODO: sync
+ * ChangeLog:
+ sync
+ [f108552531cd]
-2007-12-19 16:39 millert
+ * toke.c:
+ regen
+ [de828413c67e]
- * README.LDAP: Add an example sudoRole, clarify netscape vs.
- openldap a bit more
+ * toke.l:
+ Fix matching of a line that only consists of a comment char
+ [09c953d8d5ca]
-2007-12-19 14:42 millert
+2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * README.LDAP: Be clear on what is OpenLDAP vs. Netscape-derived
+ * auth/pam.c:
+ MacOS pam will retry conversation function if it fails so just treat
+ ^C as an empty password.
+ [d056058930bc]
-2007-12-19 14:28 millert
+ * visudo.c:
+ When checking for alias use, also check defaults bindings.
+ [2647f82c7dbd]
- * config.h.in, configure, configure.in, ldap.c: Use ldapssl_init()
- for ldaps support instead of trying to do it manually with
- ldap_init() + ldapssl_install_routines(). Use tls_cert and
- tls_key for cert7.db and key3.db respectively. Don't print
- debugging info for options that are not set. Add warning if
- start_tls specified when not supported.
+ * redblack.c:
+ unused var
+ [b7ff71c17c18]
-2007-12-19 14:25 millert
+ * redblack.c:
+ Replace my rbdelete with Emin's version (which actually works ;-)
+ [21b133dd0c72]
- * ldap.c: fix compilation on solaris
+2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-19 14:23 millert
+ * testsudoers.c:
+ malloc debugging
+ [0fb446fa3279]
- * Makefile.in: add missing .h and .c files for missing lib objs
+ * visudo.c:
+ malloc options in devel mode for visudo too
+ [98d06c6afeef]
-2007-12-18 09:54 millert
+2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: fix LDAP_OPT_NETWORK_TIMEOUT setting
+ * sudo.c:
+ fix compilation on non-C99; from Theo
+ [7c304e16c536]
-2007-12-17 20:10 millert
+ * visudo.c:
+ fix check_aliases
+ [83f30a3b1765]
- * ldap.c: fix compilation on Solaris
+ * alias.c:
+ when destroying an alias, free the correct data pointer
+ [6e1a8bd86c01]
-2007-12-17 10:14 millert
+ * auth/sudo_auth.h:
+ add proto for aixauth_cleanup; from Dale King
+ [eba94ffc8f63]
- * configure, configure.in: fix typo
+2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-17 08:08 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [409fa57fff83]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ standardize on the term 'option' for command line options (not flag)
+ [228caefc2e36]
+
+2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * README.LDAP: try to clear up which variables are for OpenLDAP and
- which are for netscape-derived SDKs
+ * INSTALL:
+ Add note on configuring HP-UX pam
+ [f7674a581baf]
-2007-12-17 07:31 millert
+2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, sudo.c:
+ Move tty checks into check_user() so we only do them if we actually
+ need a password.
+ [7d997d7106d6]
+
+ * sudo.c:
+ Don't error out if no tty or askpass unless we actually need to
+ authenticate.
+ [9f23b83ed66c]
+
+2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog:
+ regen
+ [23f9aef32da6]
+
+ * pathnames.h.in, sudo.c:
+ s/overriden/overridden/; from Tobias Stoeckmann
+ [9f7459a8fac5]
- * config.h.in, configure, configure.in, ldap.c: Add support for
- "ssl on" in both netscape and openldap flavors. Only the
- OpenLDAP flavor has been tested.
+2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-17 07:28 millert
+ * WHATSNEW, visudo.c:
+ check sudoers owner and mode in strict mode
+ [a3468c5ac1c4]
- * logging.c, sudo.c, sudo.h: Call cleanup() before exit in
- log_error() instead of calling sudo_ldap_close() directly.
- ldap_conn can now be static to sudo.c
+ * gram.c, toke.c:
+ regen
+ [7d6b515a5443]
-2007-12-16 20:02 millert
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ Update copyright years.
+ [52d340cb8cba]
- * sudo.c: ld -> ldap_conn
+ * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
+ auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
+ closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
+ gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
+ interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
+ parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
+ sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
+ testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
+ visudo.pod, zero_bytes.c:
+ Update copyright years.
+ [b4e6bf2beafa]
-2007-12-16 14:42 millert
+ * emul/charclass.h, fnmatch.c, glob.c:
+ add my copyright
+ [28681385014a]
- * logging.c, sudo.c, sudo.h: Better ldap cleanup.
+2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-16 14:08 millert
+ * toke.c, toke.l:
+ The loop in fill_cmnd() was going one byte too far past the end,
+ resulting in a NUL being written immediately after the buffer end.
+ [a5a49d603cd7]
- * ldap.c: Distinguish between LDAP conf settings that are
- connection-specific (which take an ld pointer) and those that are
- default settings (which do not).
+ * UPGRADE, WHATSNEW:
+ add sections on tgetpass changes
+ [2e6929b6a102]
-2007-12-14 16:46 millert
+ * tgetpass.c:
+ Treat EOF w/o newline as an error.
+ [aa02b1db9240]
- * ldap.c: Improved warnings on error.
+2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-14 15:59 millert
+ * parse.c:
+ Fix "sudo -v" when NOPASSWD is set.
+ [f4914711ea80]
+
+ * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
+ auth/sudo_auth.h:
+ No longer treat an empty password at the prompt as special. To quit
+ out of sudo you now need to hit ^C at the password prompt.
+ [980f760ad419]
- * ldap.c: Make ldap config table driven and set the config *after*
- we open the connection.
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [6ca21a2cd869]
-2007-12-13 16:41 millert
+ * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
+ Sudo will now refuse to run if no tty is present unless the new
+ visiblepw sudoers flag is set.
+ [0cc56943252e]
- * ldap.c: fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
+2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aix.c:
+ just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
+ defined
+ [24fc6f712d5c]
-2007-12-13 09:13 millert
+ * aix.c:
+ fix fallback value for RLIM_SAVED_MAX
+ [e09e04e1af89]
- * configure, configure.in: some operating systems need to link with
- -lkrb5support when using krb5
+ * auth/aix_auth.c, auth/sudo_auth.h:
+ Move clearing of AUTHSTATE into aixauth_cleanup.
+ [e14ae7bd259c]
+
+ * auth/aix_auth.c, env.c:
+ Unset AUTHSTATE after calling authenticate() as it may not be
+ correct for the user we are running the command as.
+ [d14f68f1b0ab]
+
+ * isblank.c:
+ Add isblank() function for systems without it. Needed for POSIX
+ character class matching in fnmatch.c and glob.c.
+ [16cba30b283f]
+
+2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ expound on sudo and cd
+ [8e0fa9033637]
+
+2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-10 17:12 millert
+ * ChangeLog:
+ regen
+ [40cf320a10fc]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [7cac761ae2c6]
+
+ * sudoers.pod:
+ mention defauts parse order
+ [4e2ce86d1394]
+
+2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, aclocal.m4, compat.h, configure:
+ Add isblank() function for systems without it. Needed for POSIX
+ character class matching in fnmatch.c and glob.c.
+ [a1ab55da8424]
- * WHATSNEW: minor update
+ * Makefile.in:
+ add emul/charclass.h to HDRS
+ [7e8a019dcaa4]
-2007-12-10 10:56 millert
+2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen
+ * TODO:
+ checkpoint
+ [afeb9bc1baed]
-2007-12-07 19:17 millert
+ * defaults.c, parse.c, testsudoers.c, visudo.c:
+ Move update_defaults into defaults.c and call it properly from
+ visudo and testsudoers.
+ [f4dbb369461f]
- * TODO, ChangeLog: sync
+ * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
+ tsgetgrpw.c:
+ use zero_bytes() instead of memset() for consistency
+ [4cee0465f4a8]
-2007-12-07 19:09 millert
+ * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
+ visudo.c:
+ Zero out sigaction_t before use in case it has non-standard entries.
+ [120092225459]
- * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif: add -g
- support for LDAP
+ * match.c:
+ quiet gcc
+ [098a1df49b23]
-2007-12-03 11:36 millert
+ * match.c:
+ Short circuit glob() checks if basename(pattern) !=
+ basename(command). Refactor code that checks for a command in a
+ directory and use it in the glob case if the resolved pattern ends
+ in a '/'.
+ [3c46fd317acb]
- * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in: The -i and -s flags
- can now take an optional command.
+2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-02 12:13 millert
+ * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
+ Defer setting runas defaults until after runaspw/gr is setup.
+ [12e75ee49c0c]
- * def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
- sudoers.pod, auth/pam.c: Add passprompt_override flag to sudoers
- that will cause the prompt to be overridden in all cases. This
- flag is also set when the user specifies the -p flag.
+2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-01 19:51 millert
+ * match.c, sudo.c, testsudoers.c:
+ Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
+ systems do not include space for the NUL in the size. Also manually
+ NUL-terminate buffer from gethostname() since POSIX is wishy-washy
+ on this.
+ [7266ab3296a3]
- * sudo.c: Move setting of login class until after sudoers has been
- parsed. Set NewArgv[0] for -i after runas_pw has been set.
+2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-01 19:34 millert
+ * sudo.c, sudoers.pod:
+ When setting the umask, use the union of the user's umask and the
+ default value set in sudoers so that we never lower the user's umask
+ when running a command.
+ [4e804b004e38]
- * configure, configure.in: Move the dgettext check.
+ * sudo.c:
+ Don't try to read from a zero-length sudoers file. Remove the bogus
+ Solaris work-around for EAGAIN. Since we now use fgetc() it should
+ not be a problem.
+ [bb8e5f68d944]
-2007-12-01 11:22 millert
+2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure, configure.in, auth/pam.c: Add basic
- support for looking up the string "Password: " in the PAM
- localized text db. This allows us to determine whether the PAM
- prompt is the default "Password: " one even if it has been
- localized.
+ * parse.c:
+ In update_defaults() check the return value of user*_matches against
+ ALLOW so we don't inadvertantly match on UNSPEC.
+ [4e422fa1527e]
- TODO: concatenate non-std PAM prompts and user-specified sudo
- prompts.
+2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-11-27 18:40 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen man pages; no more hyphenation
+ [15de4fe2fe01]
- * Makefile.in, config.h.in, configure.in, parse.c, set_perms.c,
- sudo.c, configure, sudo.h: Use AC_FUNC_GETGROUPS instead of a
- home-grown attempt that was insufficient.
+ * sudo.c:
+ Don't error out on a zero-length sudoers file. With the advent of
+ #include the user could create a situation where sudo is unusable.
+ [6eb461319fa5]
-2007-11-27 12:13 millert
+2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, acsite.m4, interfaces.c, memrchr.c: Fix typos;
- Martynas Venckus
+ * auth/kerb5.c, config.h.in, configure, configure.in:
+ Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
+ krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
+ all. Add configure tests to handle all the cases.
+ [4b554a98470d]
-2007-11-25 19:26 millert
+2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c: Don't assume runas_pw is set; it may not be in the
- -g case.
+ * sudo.pod:
+ resort ENVIRONMENT
+ [f4f20f40653e]
-2007-11-25 08:07 millert
+ * sudoers.pod:
+ document sudoers_locale
+ [0bffd2dbe806]
- * logging.c, set_perms.c: Set aux group vector for PERM_RUNAS and
- restore group vector for PERM_ROOT if we previously changed it.
- Stash the runas group vector so we don't have to call initgroups
- more than once. Also add no-op check to check_perms.
+ * sudo.pod, sudo_edit.c:
+ add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
+ or EDITOR
+ [0ef8cb248cee]
-2007-11-21 15:11 millert
+ * toke.c, toke.l:
+ In fill_cmnd(), collapse any escaped sudo-specific characters.
+ Allows character classes to be used in pathnames.
+ [5685244c8e44]
- * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h,
- gram.y, ldap.c, logging.c, match.c, mon_systrace.c, parse.c,
- parse.h, pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h,
- sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.cat,
- sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, visudo.c,
- visudo.cat, visudo.man.in: Add support for runas groups. This
- allows the user to run a command with a different effective
- group. If the -g option is specified without -u the command will
- be run as the current user (only the group will change). the -g
- and -u options may be used together. TODO: implement runas group
- for ldap improve runas group documentation add
- testsudoers support
+2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-11-21 15:02 millert
+ * lbuf.c:
+ fix typo in non-C89 function declaration
+ [99a7113b3a05]
- * configure, configure.in: fix setting of mandir
+ * sudoers.pod:
+ Mention POSIX characters classes now that out fnmatch() and glob()
+ support them.
+ [9c916f1230c3]
-2007-11-21 14:26 millert
+ * sample.sudoers, sudoers.pod:
+ Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
+ locale agnostic.
+ [a60a62bec244]
- * sudo.pod, sudoers.pod: document that ALL implies SETENV
+ * parse.h:
+ use __signed char if we are going to assign a negative value since
+ on Power, char is unsigned by default
+ [2877b319df17]
-2007-11-21 13:50 millert
+ * config.h.in, configure, configure.in:
+ Add tests for __signed char and signed char.
+ [5eb874fdf1d4]
- * ldap.c: s/setenv_ok/setenv_implied/g
+ * aix.c:
+ Fix AIX limit setting. getuserattr() returns values in disk blocks
+ rather than bytes. The default hard stack size in newer AIX is
+ RLIM_SAVED_MAX. From Dale King.
+ [3db67415ecc3]
-2007-11-21 13:44 millert
+2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: hostname_matches() returns TRUE on match in sudo 1.7.
+ * emul/charclass.h, fnmatch.c, glob.c:
+ Add character class support to included glob(3) and fnmatch(3).
+ [6b5b4ad77899]
-2007-11-21 13:26 millert
+2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: use strcmp, not strcasecmp when comparing ALL
+ * emul/fnmatch.h:
+ Remove UCB advertising clause and some compatibility defines.
+ [2ade7bee74e1]
-2007-11-21 11:41 millert
+2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Make sudo ALL imply setenv. Note that unlike with
- file-based sudoers this does affect all the commands in the
- sudoRole.
+ * sudo_edit.c:
+ Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
+ or sudo. This allows one to set EDITOR to sudoedit without getting
+ into an infinite loop of sudoedit running itself until the path gets
+ too big.
+ [aa49ab68f82d]
-2007-11-21 11:05 millert
+ * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
+ Add sudoers_locale Defaults option to override the default sudoers
+ locale of "C".
+ [0639886a35bf]
- * gram.c, gram.y, parse.c, parse.h: sudo "ALL" now implies the
- SETENV tag but, unlike an explicit tag, it is not passed on to
- other commands in the list.
+2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-11-21 11:02 millert
+ * sudo.c:
+ Set locale to system default except for during sudoers parse.
+ [016dd2736728]
- * visudo.c: Add missing sudo_setpwent() and sudo_setgrent() calls.
- Also use sudo_getpwuid() instead of getpwuid().
+2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-11-15 11:16 millert
+ * match.c:
+ Redo change in 1.34 to use pointer arithmetic.
+ [f9e7b63bb450]
- * sudoers: Expand on the dangers of not using visudo to edit
- sudoers.
+2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-11-08 07:24 millert
+ * match.c:
+ Fix a dereference (read) of a freed pointer. Reported by Patrick
+ Williams.
+ [69877b633753]
- * parse.c: Don't quote *?[]! on output since the lexer does not
- strip off the backslash when reading those in.
+2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-11-07 13:16 millert
+ * sudo.c:
+ Set locale to "C" to avoid interpretation issues with character
+ ranges in sudoers. May want to make the locale a sudoers option in
+ the future.
+ [098a95de1746]
- * glob.c: expand "u_foo" types to "unsigned foo" to avoid
- compatibility issues.
+2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-11-04 08:33 millert
+ * config.h.in:
+ we no longer use setproctitle
+ [c7f20fb747ea]
- * logging.c: Refactor log line generation in to new_logline().
+ * sudo.h:
+ remove #if 1
+ [a368ee6816c6]
-2007-10-25 09:23 millert
+ * LICENSE, mkstemp.c:
+ Use my replacement mkstemp() from the mktemp package.
+ [d07c2beb0f9e]
- * TROUBLESHOOTING: fix typo
+2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-10-24 12:41 millert
+ * gram.c:
+ regen with yacc skeleton bug fixed
+ [24784571cbb8]
- * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
- match.c: Add configure check for struct in6_addr instead of
- relying on AF_INET6 since some systems define AF_INET6 but do not
- include IPv6 support.
+ * sudoers.pod:
+ Remove duplicate "as root". From Martin Toft.
+ [97241acfee5e]
-2007-10-21 09:29 millert
+2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Fix block to add -lutil for FreeBSD and
- NetBSD when logincap is in use.
+ * pwutil.c, sudo.c, sudo.h, testsudoers.c:
+ Flesh out the fake passwd entry used for running commands as a uid
+ not listed in the passwd database. Fixes an issue with some PAM
+ modules.
+ [a6648227f3f2]
-2007-10-19 22:28 millert
+2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: POSIX states that struct timespec be
- declared in time.h so check there regardless of the value of
- TIME_WITH_SYS_TIME.
+ * sudo.c:
+ Error out in -i mode if the user has no shell. This can happen when
+ running commands as a uid with no password entry.
+ [0c174bef36ff]
-2007-10-17 11:37 millert
+2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * tgetpass.c: Instead of defining a macro to call the appropriate
- method for turning on/off echo, just define tc[gs]etattr() and
- the related defines that use the correct terminal ioctls if
- needed. Also go back to using TCSAFLUSH instead of TCSADRAIN on
- all but QNX.
+ * toke.c, toke.l:
+ Better fix for line continuation inside double quotes. Now accepts
+ whitespace between the backslash and the newline like the main
+ lexer.
+ [64efcdf86d31]
-2007-10-08 20:18 millert
+2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: g/c @ALLOCA@
+ * toke.c, toke.l:
+ Fix line continuation in strings. It was only being honored if
+ preceded by whitespace.
+ [96c21271a3e4]
-2007-10-08 20:07 millert
+2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * config.h.in, configure, configure.in, logging.c:
+ Replace the double fork with a fork + daemonize.
+ [328505441e67]
-2007-10-08 20:04 millert
+2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, config.h.in, configure.in, auth/pam.c: Add
- --disable-pam-session configure option to disable calling
- pam_{open,close}_session. May work around bugs in some PAM
- implementations.
+ * env.c, sudo.c:
+ The -i flag should imply env_reset. This got broken in sudo 1.6.9.
+ [3caedfeaec87]
-2007-10-08 12:00 millert
+ * logging.c, sudo.c, sudo_edit.c, visudo.c:
+ Change how the mailer is waited for. Instead of having a SIGCHLD
+ handler, use the double fork trick to orphan the child that opens
+ the pipe to sendmail. Fixes a problem running su on some Linux
+ distros.
+ [b59ce60a393d]
- * tgetpass.c: quiet gcc warnings
+2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-10-08 08:41 millert
+ * configure, configure.in:
+ Fix configure test for dirfd() on Linux where DIR is opaque.
+ [b8f729cdfecc]
- * tgetpass.c: Avoid printing the prompt if we are already
- backgrounded. E.g. if the user runs "sudo foo &" from the shell.
- In this case, the call to tcsetattr() will cause SIGTTOU to be
- delivered.
+2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-15 16:07 millert
+ * tgetpass.c:
+ Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
+ this problem we'll need to revisit this again.
+ [c17fee8ad530]
- * def_data.c, def_data.h, def_data.in: Reorder things such that the
- definition of env_reset come right before the env variable lists.
+2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-15 07:50 millert
+ * logging.c:
+ Ignore SIGPIPE instead of blocking it when piping to the mailer. If
+ we only block the signal it may be delivered later when we unblock.
+ Also, there is no need to block SIGCHLD since we no longer do the
+ double fork. The normal SIGCHLD handler is sufficient.
+ [e94a49e992e5]
- * parse.h: Shrink type and seqno in struct alias from int to
- u_short
+2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-15 07:24 millert
+ * configure, configure.in:
+ Add description for NO_PAM_SESSION, from a redhat patch.
+ [b9e4c939ec09]
- * alias.c, match.c, parse.c, parse.h: Add a sequence number in the
- aliases for loop detection. If we find an alias with the seqno
- already set to the current (global) value we know we've visited
- it before so ignore it.
+2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-13 19:05 millert
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Fix typos in -i usage
+ [2d7ce5de0235]
- * TODO, sudo.c, sudo.h, auth/pam.c: PAM wants the full tty path so
- add user_ttypath which holds the full path to the tty or is NULL
- if no tty was present.
+2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-13 18:42 millert
+ * configure, configure.in:
+ Redo the test for dgettext() in a way that hopefully will work
+ around the libintl_dgettext() undefined problem.
+ [d27beb0cf85e]
- * auth/pam.c: Set PAM_RHOST to work around a bug in Solaris 7 and
- lower that results in a segv.
+2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-11 15:43 millert
+ * schema.ActiveDirectory:
+ change filename in comment
+ [733da4ee9ac5]
- * gram.c: regen
+2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-11 15:42 millert
+ * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
+ sudoers.ldap.pod:
+ Reference schema.ActiveDirectory
+ [d6aec537800e]
- * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
- parse.h, testsudoers.c, visudo.c: rename lh_ -> tq_
+2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-10 17:33 millert
+ * schema.OpenLDAP, schema.iPlanet:
+ Mark sudoRunAs as deprecated.
+ [00c50df807af]
- * alloc.c: remove some useless casts
+ * schema.ActiveDirectory:
+ add sudoRunAsUser and sudoRunAsGroup
+ [19bcce6f72fb]
-2007-09-10 17:32 millert
+ * schema.ActiveDirectory:
+ Active Directory schema by Chantal Paradis and Eric Paquet
+ [06a09c92c6a5]
- * alloc.c: pull in inttypes.h for SIZE_MAX; we avoid stdint.h since
- inttypes.h predates the final C99 spec and the standard specifies
- that it shall include stdint.h anyway
+2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-06 12:39 millert
+ * parse.c:
+ remove an XXX that was fixed
+ [b88038062fa2]
- * Makefile.in, alloca.c, configure.in: Since we ship with a
- pre-generated parser there is no need to ship a bogus alloca
- implementation.
+ * ChangeLog:
+ sync
+ [8fc27c17270e]
-2007-09-06 12:22 millert
+ * parse.c:
+ Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
+ fixes a problem where the tag value printed was influenced by
+ defaults set in the first pass through the parser.
+ [588ccd630367]
- * configure: regen
+2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-06 12:19 millert
+ * Makefile.in, sudo.psf:
+ No point in packaging the TODO file
+ [9590248fffe1]
- * configure.in: remove initial setting of CHECKSIA, we require that
- it be unset if not used
+ * ChangeLog:
+ sync
+ [152acf4c6813]
-2007-09-06 11:55 millert
+2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: add list.c to SRCS
+ * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
+ sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
+ Add env_file Defaults option that is similar to /etc/environment on
+ some systems.
+ [1daf53d51e18]
-2007-09-06 07:18 millert
+2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
+ sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ version.h, visudo.cat, visudo.man.in:
+ change version to 1.7.0
+ [d41d126b9bd8]
-2007-09-06 07:17 millert
+ * UPGRADE:
+ initial valgrind pass done
+ [c59c3876d8ca]
- * configure.in: only do SIA checks on Digital Unix
+2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-05 18:50 millert
+ * ldap.c:
+ Fix typo/think in sudo_ldap_read_secret() when storing the secret.
+ [830d246c09b0]
- * sudoers.cat, sudoers.man.in: regen
+2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-05 18:48 millert
+ * ldap.c:
+ define LDAPS_PORT if the system headers do not
+ [247b12325701]
- * ChangeLog, TODO: sync
+2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-05 18:39 millert
+ * gram.c, gram.y:
+ Fix another memory leak in init_parser().
+ [7bba47deba11]
- * auth/kerb5.c: Remove call to krb5_cc_register() as it is not
- needed for modern kerb5.
+ * configure, configure.in:
+ There was a missing space before the ldap libs in SUDO_LIBS for some
+ configurations.
+ [7524cfc93759]
-2007-09-05 18:16 millert
+ * alias.c, gram.c, gram.y, toke.c, toke.l:
+ Clean up some memory leaks pointed out by valgrind.
+ [a965866ece1a]
- * configure: regen
+2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-05 18:16 millert
+ * sudo.c:
+ fix "sudo -s" broken by mode/flags breakout
+ [acffe984d408]
- * configure.in, aclocal.m4: New method for setting the default
- authentication type and avoiding conflicts in auth types.
+ * configure, configure.in:
+ remove duplicate check for dgettext
+ [58145529133c]
-2007-09-05 14:45 millert
+2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c, parse.c, testsudoers.c: Each entry in a cmndlist now has
- an associated runaslist so no need to keep track of the most
- recent non-NULL one.
+ * aix.c:
+ Fall back to default stanza if no user-specific limit is found.
+ [7b8cb29123ee]
-2007-09-04 18:51 millert
+2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: back out partial ldaps support mistakenly committed
+ * snprintf.c:
+ include stdint.h if present
+ [f0ec38529306]
-2007-09-04 10:57 millert
+ * snprintf.c:
+ Use LLONG_MAX, not the old QUAD_MAX
+ [01041ce508fb]
- * ldap.c: Add support for unix groups and netgroups in sudoRunas
+2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-03 16:28 millert
+ * sudoers.ldap.pod:
+ fix cut and pasto
+ [34240fdef5ab]
- * sudo_edit.c: Fix sudoedit of a non-existent file. From Tilo
- Stritzky.
+2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-02 17:05 millert
+ * pwutil.c:
+ Add #ifdef PURITY
+ [ce1b571ad526]
- * configure: regen
+2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-02 17:05 millert
+ * auth/bsdauth.c:
+ remove useless cast
+ [494f8a862e1d]
- * INSTALL: update --passprompt escape info
+2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-02 17:03 millert
+ * ChangeLog:
+ sync
+ [f5c97ffaabcc]
- * configure.in: remove now-bogus comment and update copyright date
+ * TODO:
+ sync
+ [96ff1c44c182]
-2007-09-02 16:35 millert
+ * sudo.h:
+ Split MODE_* defines into primary and flags.
+ [c02ee3027cb9]
- * configure.in: Fix up use of with_passwd
+2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-02 16:25 millert
+ * aix.c:
+ It turns out the logic for getting AIX limits is more convoluted
+ than I realized and differs depending on whether the soft and/or
+ hard limits are defined.
+ [cf8d3f85d395]
- * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
- Update to autoconf-2.61 andf libtool-1.5.24
+2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-02 16:17 millert
+ * Makefile.in, configure, configure.in:
+ Back out AIX-specific change to set the sudo_noexec path to the .a
+ file, we do really want to use the .so file. Since libtool doesn't
+ do that correctly, just install the .so file ourselves in the
+ Makefile.
+ [05c6f33177d9]
- * Makefile.in: "cmp -s" not just cmp Add @datarootdir@ to quiet
- autoconf-2.61
+ * install-sh:
+ If the file given to install is a path, only use the basename of the
+ file when building the destination path.
+ [695ba4e429ce]
-2007-09-01 17:39 millert
+2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * gram.c: regen
+ * sudo.c:
+ parse_args() cleanup: Sort command line options in the getopt()
+ switch The -U option requires a parameter Normalize a few ISSET
+ calls Split mode into mode and flags and retire the now-obsolete
+ excl variable
+ [0d156835f861]
-2007-09-01 17:39 millert
+ * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
+ sudo_usage.h.in:
+ Add -n (non-interactive) flag.
+ [e3e50400d32d]
- * gram.y: move tags and runaslist propagation to be earlier
+ * sudo.c:
+ Move version printing, etc. into a separate function.
+ [18c91b476e2c]
-2007-09-01 09:34 millert
+ * sudo.c:
+ Don't try to cleanup nsswitch if it has not been initialized.
+ [aeb1ca1b399d]
- * visudo.c: If -f flag given use the permissions of the original
- file as a template
+2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-01 08:45 millert
+ * logging.c:
+ Block SIGPIPE in send_mail() so sudo is not killed by a problem
+ executing the mailer.
+ [f130e7924cca]
- * gram.y: prevent a double free() when re-initing the parser
+2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-31 19:30 millert
+ * configure, configure.in:
+ AIX shared libs end in .a, not .so.
+ [a5deb07020d8]
- * configure: regen
+2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-31 19:30 millert
+ * env.c:
+ Preserve HOME by default too. Matches documentation and previous
+ behavior.
+ [c16f17f1047c]
- * aclocal.m4, alias.c, alloc.c, config.h.in, configure.in, env.c,
- ldap.c, list.c, list.h, memrchr.c, parse.c, parse.h, pwutil.c,
- redblack.c, redblack.h, snprintf.c, sudo.c, sudo.h,
- testsudoers.c, visudo.c, zero_bytes.c, auth/API, auth/afs.c,
- auth/bsdauth.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
- auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h:
- Remove support for compilers that don't support void *
+2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-31 19:14 millert
+ * sudo.c:
+ Use getopt() to parse the command line. We need to be able to
+ intersperse env variables and options yet still honor "--"" which
+ complicates things slightly.
+ [60f271ce5c16]
- * gram.c: regen
+2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-31 19:13 millert
+ * ChangeLog:
+ sync
+ [685e67964eda]
- * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h,
- match.c, parse.c, parse.h, testsudoers.c, visudo.c: Move list
- manipulation macros to list.h and create C versions of the more
- complex ones in list.c. The names have been down-cased so they
- appear more like normal functions.
+ * acsite.m4, configure, ltmain.sh:
+ update to libtool-1.5.26
+ [4c9a8c3d3b40]
-2007-08-31 17:21 millert
+ * config.guess, config.sub:
+ update from libtool-1.5.26 distribution
+ [c6641aef2527]
- * Makefile.in: Fix cmp command when regenerating parser. Make
- gram.o the first dependency for all programs so gram.h will be
- generated before anything that needs it.
+ * aix.c, sudo.h:
+ attempt to fix compilation errors on AIX
+ [edb13e5b2184]
-2007-08-31 13:56 millert
+ * Makefile.in:
+ fix typo in last commit
+ [25ba7f7ceae4]
- * parse.h, gram.y: Convert NEW_DEFAULT anf NEW_MEMBER into static
- functions.
+ * Makefile.in:
+ Add WHATSNEW file to the distribution
+ [213f4115de8f]
-2007-08-30 21:21 millert
+ * visudo.c:
+ use warningx instead of fprintf(stderr, ...)
+ [a3494b8ccb19]
- * match.c, parse.c, testsudoers.c: Use LH_FOREACH_REV when checking
- permission and short-circuit on the first non-UNSPEC hit we get
- for the command. This means that instead of cycling through the
- all the parsed sudoers entries we start at the end and work
- backwards and quit after the first positive or negative match.
+ * list.c:
+ add DEBUG to list2tq
+ [115d24a3000c]
-2007-08-30 21:13 millert
+ * ChangeLog, TODO:
+ sync
+ [60e6f4d1fac0]
- * gram.c: regen
+ * WHATSNEW:
+ mention mailfrom
+ [e2498f9e18d6]
-2007-08-30 21:12 millert
+ * Makefile.in, aix.c, config.h.in, configure, configure.in,
+ set_perms.c, sudo.h:
+ Add aix_setlimits() to set resource limits on AIX using a
+ combination of getuserattr() and setrlimit(). Currently untested.
+ [9b1441fd89ca]
- * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
- Change list head macros to take a pointer, not a struct.
+2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-30 20:46 millert
+ * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
+ sudoers.man.in, sudoers.pod:
+ Add mailfrom Defaults option that sets the value of the From: field
+ in the warning/error mail. If unset the login name of the invoking
+ user is used.
+ [029b9f05d3d9]
+
+ * defaults.c:
+ store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
+ [a90e407d5e00]
+
+ * gram.c, gram.y:
+ When adding a default, only call list2tq() once to do the list to tq
+ conversion. It is not legal to call list2tq multiple times on the
+ same list since list2tq consumes and modifies the list argument.
+ [fbc25d245c4a]
- * gram.c: regen
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ comment out XXXs for now
+ [595a1d43309d]
-2007-08-30 20:46 millert
+ * WHATSNEW:
+ mention askpass
+ [b993e0837c22]
- * gram.y: Propagate the runasspec from one command to the next in a
- cmndspec.
+2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-30 16:15 millert
+ * sudo.c:
+ Error out if both -A and -S are specified Error out if -A is
+ specified but no askpass is configured
+ [24f1df2638f6]
- * match.c: Replace has_meta() with a macro that calls strpbrk().
+ * configure, configure.in:
+ we are not going to ship a sudo-specific askpass
+ [61949e7a3943]
-2007-08-30 16:04 millert
+2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * gram.c: regen
+ * sudo.h:
+ fix definition of TGP_ASKPASS
+ [0447c57ba4c3]
-2007-08-30 13:26 millert
+ * def_data.c, def_data.in:
+ make askpass boolean-capable
+ [e0885893a325]
- * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
- testsudoers.c, visudo.c: Use a list head struct when storing the
- semi-circular lists and convert to tail queues in the process.
- This will allow us to reverse foreach loops more easily and it
- makes it clearer which functions expect a list as opposed to a
- single member.
+ * INSTALL:
+ document --with-askpass
+ [c76e15ba97cf]
- Add macros for manipulating lists. Some of these should become
- functions.
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.man.in, visudo.cat:
+ regen
+ [8d16242980b7]
- When freeing up a list, just pop off the last item in the queue
- instead of going from head to tail. This is simpler since we
- don't have to stash a pointer to the next member, we always just
- use the last one in the queue until the queue is empty.
+2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
- Rename match functions that take a list to have list in the name.
- Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
+ * sudo.pod, sudo_usage.h.in, sudoers.pod:
+ document -A and askpass
+ [02c07505a78c]
-2007-08-30 13:12 millert
+ * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
+ def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
+ sudo_usage.h.in, tgetpass.c:
+ Add support for running a helper program to read the password when
+ no tty is present (or when specified with the -A flag). TODO: docs.
+ [05780f5f71fd]
- * parse.c: Fix pasto, append "!" not negated (which is an int) for
- sudo -l output.
+ * def_data.c, def_data.in:
+ add missing printf format to SELinux role and type strings
+ [2b32774715e7]
-2007-08-30 12:45 millert
+2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Remove the dependency of gram .h on gram.y, the .c
- dependency is enough. Only move y.tab.h to gram.h if it is
- different; avoids needless rebuilding.
+ * INSTALL, configure, configure.in:
+ Disable use of gss_krb5_ccache_name() by default and add
+ --enable-gss-krb5-ccache-name configure option to enable it. It
+ seems that gss_krb5_ccache_name() doesn't work properly with some
+ combinations of Heimdal and OpenLDAP.
+ [f61ebd3b19bd]
-2007-08-27 15:51 millert
+2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Defaults lines may be associated with lists of
- users, hosts, commands and runas users, not just single entries.
+ * selinux.c:
+ Ignore setexeccon() failing in permissive mode. Also add a call to
+ setkeycreatecon() (though this is probably insufficient). From Dan
+ Walsh.
+ [52564fc1c069]
-2007-08-26 17:42 millert
+ * auth/pam.c:
+ Only set std_prompt for the PAM_PROMPT_* cases. The conversation
+ function may be called for non-password reading purposes so we must
+ be careful not to use def_prompt in cases where it may not be set.
+ [29d88ca575ba]
- * Makefile.in: Revert the "cmp" portion of the last diff, it
- doesn't make sense.
+2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-26 17:10 millert
+ * selinux.c:
+ Don't free the new tty context, we need to keep it around when we
+ restore the tty context after the command completes
+ [5b4bd39b6ea8]
- * Makefile.in: Remove *.lo for clean: When generating the parser,
- only move the generated files into place if they differ from the
- existing ones.
+2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-24 22:47 millert
+ * selinux.c:
+ s/newrole/sudo/
+ [21b8a96ff8df]
- * toke.c, toke.l: Replace IPV6 regexp with a much simpler
- (readable) one and add an extra check when it matches to make
- sure we have a valid address.
+ * sudo.man.pl, sudo.pod:
+ Only put login_cap(3) in SEE ALSO section if we have login.conf
+ support
+ [05250ddff2c0]
-2007-08-24 22:36 millert
+2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: Fix thinko introduced when merging IPV6 support.
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [301e5c5ccdbe]
+
+ * sudoers.pod:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [c1c98fa163ce]
+
+ * sudoers.man.pl:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [6c88f30b878a]
+
+ * sudo.pod:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [acdbdfd24e1d]
+
+ * sudo.man.pl:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [0c56d4750ac3]
+
+ * Makefile.in, configure, configure.in:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [9a02bd6a6658]
-2007-08-24 14:23 millert
+ * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
+ Remove the =cut on the first line (above the copyright notice) to
+ quiet pod2man. Also remove the hackery in the FILES section and
+ just deal with the fact that there will a newline between each
+ pathname.
+ [2ac1ab191835]
- * HISTORY, LICENSE: regen
+2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-24 14:23 millert
+ * Makefile.in:
+ run sudo.man.pl when generating sudo.man.in
+ [859727369168]
- * license.pod: add 2007
+ * configure, configure.in, sudo.man.pl:
+ comment out SELinux manual bits unless --with-selinux was specified
+ [97ff4212b649]
-2007-08-24 14:19 millert
+ * sudoers.pod:
+ document role and type defaults for SELinux
+ [870f303366b3]
- * UPGRADE: mention #uid vs. comment pitfall
+ * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
+ Document "sudo -ll" and make "sudo -l -l" be equivalent.
+ [3ce6dc429ea3]
+
+2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
+ Debian GNU/kFreeBSD.
+ [c4efa567a328]
+
+2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
+ verify_krb_v5_tgt()
+ [f80538e5a6fa]
+
+ * logging.c, logging.h, sudo.c:
+ Remove dependence on VALIDATE_NOT_OK in logging functions. Split
+ log_auth() into log_allowed() and log_denial() Replace mail_auth()
+ with should_mail() and a call to send_mail()
+ [58aac9997557]
+
+2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Add debugging so we can tell if the krb5 ccache is accessible
+ [c679322527bb]
+
+ * INSTALL:
+ mention --with-selinux
+ [9efbe0b52194]
+
+2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [467a834f867c]
+
+ * selinux.c:
+ add Sudo tag
+ [d004ee669bed]
+
+ * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
+ testsudoers.c, toke.c, toke.l:
+ Add support for SELinux RBAC. Sudoers entries may specify a role
+ and type. There are also role and type defaults that may be used.
+ To make sure a transition occurs, when using RBAC commands are
+ executed via the new sesh binary. Based on initial changes from Dan
+ Walsh.
+ [1d4abfe2c004]
+
+ * sesh.c:
+ Add support for SELinux RBAC. Sudoers entries may specify a role
+ and type. There are also role and type defaults that may be used.
+ To make sure a transition occurs, when using RBAC commands are
+ executed via the new sesh binary. Based on initial changes from Dan
+ Walsh.
+ [1e3b395ce049]
-2007-08-24 09:50 millert
+ * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
+ def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
+ pathnames.h.in, selinux.c:
+ Add support for SELinux RBAC. Sudoers entries may specify a role
+ and type. There are also role and type defaults that may be used.
+ To make sure a transition occurs, when using RBAC commands are
+ executed via the new sesh binary. Based on initial changes from Dan
+ Walsh.
+ [6b421948286e]
+
+2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
+ Add long list (sudo -ll) support for printing verbose LDAP and
+ sudoers file entries. Still need to update manual.
+ [2875be37935c]
+
+2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
+ Unify the -l output for file and ldap based sudoers and use lbufs
+ for both. The ldap output does not currently include options that
+ cannot be represented as tags. This will be remedied in a long list
+ output mode to come.
+ [b2e429456596]
+
+2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Use a specific error message for errno == EAGAIN when setuid() et al
+ fails. On Linux systems setuid() will fail with errno set to EAGAIN
+ if changing to the new uid would result in a resource limit
+ violation.
+ [08d0aecd9f03]
+
+ * sudo.c:
+ Unlimit nproc on Linux systems where calling the setuid() family of
+ syscalls causes the nroc resource limit to be checked. The limits
+ will be reset by pam_limits.so when PAM is used. In the non-PAM
+ case the nproc limit will remain unlimited but there doesn't seem to
+ be a way around that other than having sudo parse
+ /etc/security/limits.conf directly.
+ [df024b415a8d]
+
+ * env.c, sudo.c, sudo.pod:
+ Only read /etc/environment on Linux and AIX
+ [90669e2aefdb]
+
+2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
+ ldap.conf and ldap.secret paths from going into config.h. Avoid
+ single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
+ since in some versions of bash they will end up literally in the
+ resulting define.
+ [25390f3ef10a]
+
+2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ mention --with-nsswitch=no
+ [c509df927263]
+
+ * configure, configure.in:
+ ldap_ssl.h depends on ldap.h being included first
+ [d96d90e9b21f]
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Include ldap_ssl.h if we can find it. Needed for the
+ ldapssl_set_strength defines on HP-UX at least.
+ [9e530470948a]
+
+ * sudoers.ldap.pod:
+ sync
+ [b9d101f4673a]
+
+ * TODO:
+ sync
+ [2ce951b2ecd0]
- * acsite.m4: Merge in a patch from the libtool cvs that fixes a
- problem with the latest autoconf. From Stepan Kasal.
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [b61d793987e0]
-2007-08-23 20:28 millert
+ * Makefile.in:
+ Use 78n line length when formatting cat pages.
+ [761bee9d5759]
- * parse.h: Back out he XOR swap trick, it is slower than a temp
- variable on modern CPUs.
+ * README.LDAP:
+ Remove redundant info that is now in sudoers.ldap.pod
+ [01828dcce59e]
-2007-08-23 20:14 millert
+2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * gram.c: regen
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Reorganize the first section a bit. Substitute the proper path for
+ /etc/sudoers.
+ [11ae165e065d]
-2007-08-23 20:14 millert
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
+ schema into EXAMPLES
+ [ab6509d1dde7]
- * gram.y, parse.h: Convert the tail queue to a semi-circle queue
- and use the XOR swap trick to swap the prev pointers during
- append.
+ * configure, configure.in:
+ Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
+ sudoers.ldap.man.
+ [6e689972f465]
-2007-08-23 15:31 millert
+ * configure, configure.in:
+ substitute for sudoers.ldap.man
+ [5a4a25766dee]
- * parse.h: remove useless statement
+ * Makefile.in:
+ Fix cut & pasto introduced when adding sudoers.ldap man page.
+ [a7b069af8894]
-2007-08-23 07:47 millert
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Fill in some of the missing pieces. Still needs some reorganization
+ and editing.
+ [5e7331722166]
- * toke.c, toke.l: Refactor #include parsing into a separate
- function and return unparsed chars (such as newline or comment)
- back to the lexer.
+2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-22 18:56 millert
+ * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
+ sudoers.ldap.pod:
+ Beginnings of a sudoers.ldap man page. Currently, much of the
+ information is adapted from README.LDAP.
+ [aad28c8a922d]
- * WHATSNEW: mention better uid support
+2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-22 18:55 millert
+ * pwutil.c:
+ When copying gr_mem we must guarantee that the storage space for
+ gr_mem is properly aligned. The simplest way to do this is to
+ simply store gr_mem directly after struct group. This is not a
+ problem for gr_passwd or gr_name as they are simple strings.
+ [af58fc76f1ed]
- * sudoers.pod: Users may now consist of a uid.
+ * ldap.c:
+ Fix a typo/thinko in one of the calls to
+ sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
+ [70b2eb8097f5]
-2007-08-22 18:39 millert
+2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * gram.c, gram.h, toke.c: regen
+ * config.h.in, configure, configure.in, ldap.c:
+ include <mps/ldap_ssl.h> in ldap.c if available
+ [34346206ef16]
-2007-08-22 18:32 millert
+2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: Use lbuf_append_quoted() for sudo -l output to quote
- characters that would require quoting in sudoers.
+ * gram.c, gram.y:
+ Make sure we define SIZE_MAX for yacc's skeleton.c
+ [d8a45c7a3c42]
-2007-08-22 18:31 millert
+ * tgetpass.c:
+ Use TCSAFLUSH when restoring terminal settings (and echo) to
+ guarantee that any pending output is discarded
+ [549a184479e5]
- * lbuf.c, lbuf.h: Add lbuf_append_quoted() which takes a set of
- characters which should be quoted with a backslash when
- displayed.
+2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-22 18:28 millert
+ * sudoers:
+ no longer need to specify SETENV when user has sudo ALL
+ [3051b41f8032]
- * toke.l: Require that the first character after a comment not be a
- digit or a dash. This allows us to remove the GOTRUNAS state and
- treat uid/gids similar to other words. It also means that we can
- now specify uids in User_Lists and a User_Spec may now contain a
- uid.
+ * testsudoers.c:
+ sync user_args size calculation with sudo.c Add -g group option,
+ renaming old -g to -G Add set_runasgr() and set_runaspw() and use
+ them
+ [0850325180f0]
-2007-08-22 18:23 millert
+ * sudo.c, sudo.h:
+ Make set_runaspw static void
+ [5d44d7a340ce]
- * gram.y, toke.l: Replace RUNAS token with '(' and ')' tokens to
- make the runas portion of the grammar more natural.
+ * testsudoers.c, visudo.c:
+ g/c set_runaspw stub
+ [79ebb5e2cc38]
-2007-08-22 06:35 millert
+ * configure, configure.in:
+ Don't add -llber twice.
+ [4356d302eef4]
- * Makefile.in, README, BUGS: The BUGS file is history
+2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-21 09:19 millert
+ * ldap.c:
+ fix typo
+ [249cecc557e9]
- * toke.c, toke.l: Allow comments after a RunasAlias as long as the
- character after the pound sign isn't a digit or a dash.
+2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-20 20:43 millert
+ * gram.c:
+ regen
+ [2f94ea375b67]
- * WHATSNEW: Glob support was back-ported to 1.6.9
+ * configure, configure.in:
+ Fix check that determines whether -llber is required.
+ [6afa99523379]
-2007-08-20 19:59 millert
+ * README.LDAP, config.h.in, configure, configure.in, ldap.c:
+ For netscape-based LDAP, use ldapssl_set_strength() to implement the
+ checkpeer ldap.conf option.
+ [16ae24d73795]
- * Makefile.in: remove sudo_usage.h in distclean
+ * auth/kerb5.c:
+ Delay krb5_cc_initialize() until we actually need to use the cred
+ cache, which is what krb5_verify_user() does. Better cleanup on
+ failure.
+ [d12e5f1695b8]
-2007-08-20 19:24 millert
+2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: If a Defaults value contains a blank, double-quote the
- string.
+ * auth/kerb5.c:
+ Rewrite verify_krb_v5_tgt() based on what heimdal's
+ krb5_verify_user() does.
+ [05b5815f86c9]
-2007-08-20 19:19 millert
+2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l: Properly deal with Defaults double-quoted strings
- that span multiple lines using the line continuation char.
- Previously, the entire thing, including the continuation char,
- newline, and spaces was stored as-is.
+ * gram.c:
+ The U suffix on constants is an ANSI feature
+ [c6dfce3167f1]
-2007-08-20 10:46 millert
+ * configure, configure.in:
+ Add check for ber_set_option() in -llber
+ [43d0c0566074]
- * sudo.c: Be consistent when using single quotes and backticks.
+2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-19 16:48 millert
+ * README.LDAP:
+ default if no nsswitch.conf is files only
+ [c13001d9c998]
- * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
- sudo.c, sudo_usage.h.in: Add new linebuf code to do appends of
- dynamically allocated strings and word-wrapped output. Currently
- used for sudo's usage() and sudo -l output. Sudo usage strings
- are now in sudo_usage.h which is generated at configure time.
+2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-18 08:22 millert
+ * README.LDAP:
+ don't tell people to mail aaron about LDAP stuff
+ [8165ec1ef0c6]
- * sudo.h, parse.c, sudo.c: Fix line wrapping in usage() and use the
- actual tty width instead of assuming 80.
+ * README.LDAP:
+ timelimit and bind_timelimit
+ [44f74cbed167]
-2007-08-17 18:32 millert
+ * ChangeLog:
+ sync
+ [aba1a0ab02bd]
- * history.pod: some more info
+ * ldap.c:
+ Move ldap.secret reading into a separate function.
+ [1948acc9f7a4]
-2007-08-17 17:28 millert
+ * check.c:
+ user_runas -> runas_pw
+ [334490fc2bae]
- * history.pod: Mentioned Chris Jepeway's parser and also the new
- one that is in sudo 1.7.
+2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-16 09:38 millert
+ * TODO:
+ sync
+ [c7b165cc47c6]
- * sudo.pod, visudo.pod: For the options list, add flag args where
- appropriate and increase the indent level so there is room for
- them.
+ * check.c, sudo.pod, sudoers.pod:
+ Add and document the %p escape in the password prompt. Based on a
+ patch from Patrick Schoenfeld.
+ [3972d4f31ffa]
-2007-08-15 13:49 millert
+ * ldap.c:
+ Check strlcpy() return values.
+ [9b42f3ae8ff1]
- * parse.c: Fix some spacing in "sudo -l" and add a comment about
- some bogosity in the line wrapping.
+ * ldap.c:
+ refactor ldap binding code into sudo_ldap_bind_s()
+ [cb0c66a4d955]
-2007-08-15 11:21 millert
+ * README.LDAP:
+ Make it clear that host and uri can take multiple parameters. URI is
+ now supported for more than just openldap nsswitch.conf does't
+ accept "compat"
+ [f610dea656d6]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
- visudo.man.in, visudo.cat: regen
+ * sudo.c:
+ comment cleanup and update (c) year
+ [6cd69c810ca5]
-2007-08-15 11:20 millert
+ * parse.c, sudo_nss.c:
+ Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
+ This should make it possible to build an LDAP-only sudo binary.
+ [61c3f27066a0]
- * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
- def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
- parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
- testsudoers.c, toke.c, toke.l: Remove monitor support until there
- is a versino of systrace that uses a lookaside buffer (or we have
- a better mechanism to use).
+ * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
+ Improve chaining of multiple sudoers sources by passing in the
+ previous return value to the next in the chain
+ [2c0b722b1b2d]
-2007-08-15 09:22 millert
+ * gram.y:
+ Free up parser data structures in sudo_file_close().
+ [2251531d4519]
- * configure.in, configure, config.h.in, sudo.c: use getaddrinfo()
- instead of gethostbyname() if it is available
+ * gram.c, parse.c:
+ Free up parser data structures in sudo_file_close().
+ [8371f130f401]
-2007-08-14 15:27 millert
+ * ldap.c:
+ Parse uri ourself if no ldap_initialize() is present Use
+ ldap_create() instead of deprecated ldap_init() Use
+ ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
+ [85d3825b1953]
- * parse.c, sudo.c: Deal with OSes where sizeof(gid_t) <
- sizeof(int).
+ * config.h.in, configure, configure.in:
+ Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
+ CFLAGS
+ [240524512bc5]
-2007-08-14 11:19 millert
+2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * interfaces.c: repair non-getifaddrs() code after ipv6 integration
+ * config.h.in, configure, configure.in:
+ add check for ldap_create
+ [3089badd73b8]
-2007-08-14 10:04 millert
+2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: If we can open sudoers but fail to read the first byte,
- close the file stream before trying again.
+ * config.h.in, configure, configure.in, ldap.c:
+ Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
+ dn using the mechanism appropriate for the LDAP SDK in use. Use
+ ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
+ ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
+ [6deeca3d00cc]
-2007-08-13 12:34 millert
+ * lbuf.c:
+ include unistd.h
+ [8419ed0bae7f]
- * gram.c, toke.c: regen
+ * config.h.in, configure.in:
+ fix typo in mtim_getnsec
+ [2d5f21230a60]
+
+2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ add check for st__tim in struct stat as used by SCO
+ [587060ea2a89]
+
+ * ldap.c:
+ use ldap_search_ext_s instead of deprecated ldap_search_s
+ [5fc44fe3b44c]
+
+ * Makefile.in, TODO, sudo.cat, sudo.man.in:
+ add sudo_nss.h to HDRS
+ [86f01a70ff29]
+
+ * ldap.c:
+ Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
+ ldap_rdn2str().
+ [aa217002cfae]
+
+2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Use ldap_get_values_len()/ldap_value_free_len() instead of the
+ deprecated ldap_get_values()/ldap_value_free().
+ [e22dceb85e57]
+
+ * ChangeLog:
+ sync
+ [adad27b36107]
+
+ * TODO:
+ sync
+ [c449eb47e0ef]
+
+ * gettime.c, sudo.c:
+ Remove some already fixed XXXs
+ [532788d0e6da]
+
+ * ldap.c:
+ Same return value as non-existent sudoers if LDAP was unable to
+ connect.
+ [5819810e8e4e]
+
+ * sudo.pod:
+ mention /etc/environment
+ [ea8e6102f853]
+
+ * README.LDAP, UPGRADE, WHATSNEW:
+ Update to reflect recent developments.
+ [ed1fb026fe77]
+
+ * sudo.c:
+ Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
+ [55b68a58260d]
+
+ * ldap.c:
+ When building up a query don't list groups in the aux group vector
+ that are the same as the passwd file group. On most systems the
+ first gid in the group vector is the same as the passwd entry gid.
+ [4bb51e297e0d]
-2007-08-13 12:29 millert
+ * env.c, ldap.c:
+ Define LDAPNOINIT before calling ldap_init(), etc. to disable user
+ ldaprc and system defaults that could affect how LDAP works.
+ [ce5036440db2]
- * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
- Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
+ * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
+ sudo_nss.c, sudo_nss.h:
+ Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
+ to specify nsswitch.conf path or disable it. If --with-nsswitch=no
+ but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
+ file and --with-ldap-secret-file
+ [ea5d7704381f]
+
+ * parse.c:
+ Honor def_ignore_local_sudoers
+ [f38e1121fae1]
+
+2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ no longer need to check def_ignore_local_sudoers here
+ [fce2a72f96fb]
+
+ * parse.c:
+ Refactor group vector resetting into a function and also call it
+ from display_cmnd. Stop after the first sucessful match in
+ display_cmnd. Print a newline between each display_privs method.
+ [981b37b5adff]
+
+ * parse.c:
+ fix double free introduced in rev 1.218
+ [c574b02d8747]
+
+ * ldap.c:
+ belt and suspenders; zero out result after freeing it
+ [7732988d4620]
+
+ * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
+ Refactor line reading into a separate function, sudo_parseln(),
+ which removes comments, leading/trailing whitespace and newlines.
+ May want to rethink the use of sudo_parseln() for /etc/ldap.secret
+ [61d9068f0645]
+
+ * parse.c, sudo.c:
+ Make the inability to read the sudoers file a non-fatal error if
+ there are other sudoers sources available. sudoers_file_lookup now
+ returns "not OK" if sudoers was not present
+ [643babf597a8]
+
+ * ldap.c:
+ make it clear that the global options are from LDAP
+ [9ff950349463]
+
+ * logging.c:
+ allocate proper amount of space for error string
+ [8bebb7d46d19]
+
+ * sudo_nss.c, sudo_nss.h:
+ actual sudo nss code
+ [5bd7d52d7738]
+
+ * ldap.c, parse.c, sudo.c, sudo.h:
+ nss-ify display_privs and display_cmnd.
+ [cccfdd3253f2]
+
+ * defaults.c, parse.c, testsudoers.c, visudo.c:
+ move update_defaults() to parse.c
+ [ace144b958a9]
-2007-08-13 12:23 millert
+ * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
+ Use nsswitch to hide some sudoers vs. ldap implementation details
+ and reduce the number of #ifdef LDAP TODO: fix display routines and
+ error handling
+ [6225edde89a6]
- * sudo.pod, sudoers.pod, visudo.pod: Add some missing markup Update
- copyright
+2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-12 18:55 millert
+ * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
+ First cut at nsswitch.conf support. Further reorganizaton and
+ related changes are forthcoming.
+ [717f59d0790b]
- * configure, configure.in: fix sudo_noexec extension which got
- broken in the libtool update
+2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-10 10:41 millert
+ * env.c, pathnames.h.in, sudo.c, sudo.h:
+ Add support for reading and /etc/environment file. Still needs to
+ be documented and should probably only applies to OSes that have it
+ (AIX and Linux, maybe others).
+ [15d3edae27e4]
- * Makefile.in: explicitly specify -Tascii to nroff
+ * ldap.c:
+ include limits.h
+ [e19875ef0f82]
-2007-08-08 16:07 millert
+2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c: remove an ANSI-ism that crept in
+ * WHATSNEW:
+ reword LDAP SASL
+ [7ec3c4ec31b5]
-2007-08-06 20:37 millert
+2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod: Adjust list indents Prevent -- from being turned into
- an em dash Use a list for the environment instead of a literal
- paragraph
+ * TODO:
+ sync
+ [87c5a7aea7bf]
-2007-08-06 20:36 millert
+ * README.LDAP:
+ Add an example sudoRole, clarify netscape vs. openldap a bit more
+ [6f96c0ca8107]
- * visudo.pod: Use a list for the environment instead of an indented
- literal paragraph.
+ * README.LDAP:
+ Be clear on what is OpenLDAP vs. Netscape-derived
+ [a33c8314dec5]
-2007-08-06 20:33 millert
+ * config.h.in, configure, configure.in, ldap.c:
+ Use ldapssl_init() for ldaps support instead of trying to do it
+ manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
+ and tls_key for cert7.db and key3.db respectively. Don't print
+ debugging info for options that are not set. Add warning if
+ start_tls specified when not supported.
+ [abb62dc7e4a3]
- * sudoers.pod: Adjust list indentation
+ * ldap.c:
+ fix compilation on solaris
+ [03d449684e80]
-2007-08-06 20:31 millert
+ * Makefile.in:
+ add missing .h and .c files for missing lib objs
+ [8b37825bdfc7]
- * license.pod: add =head3
+2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-06 10:24 millert
+ * ldap.c:
+ fix LDAP_OPT_NETWORK_TIMEOUT setting
+ [226eba89c0ad]
- * sudo.pod: mention that when specifying a uid for the -u option
- the shell may require that the # be escaped
+ * ldap.c:
+ fix compilation on Solaris
+ [917d47639eb6]
-2007-08-01 22:08 millert
+2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: Fix off by one in group matching.
+ * configure, configure.in:
+ fix typo
+ [009d5c81b225]
-2007-07-31 14:04 millert
+ * README.LDAP:
+ try to clear up which variables are for OpenLDAP and which are for
+ netscape-derived SDKs
+ [f8d9823ee73c]
- * env.c: Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From
- David Krause.
+ * config.h.in, configure, configure.in, ldap.c:
+ Add support for "ssl on" in both netscape and openldap flavors. Only
+ the OpenLDAP flavor has been tested.
+ [952745829ec5]
-2007-07-30 10:45 millert
+ * logging.c, sudo.c, sudo.h:
+ Call cleanup() before exit in log_error() instead of calling
+ sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
+ [da02d1b67a2c]
- * configure, configure.in: Add missing define of
- HAVE_GSS_KRB5_CCACHE_NAME for the -lgssapi_krb5 case.
+ * sudo.c:
+ ld -> ldap_conn
+ [01afa6d927cc]
-2007-07-30 09:29 millert
+2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4, configure.in, configure: Fix link tests such that new
- gcc doesn't optimize away the test.
+ * logging.c, sudo.c, sudo.h:
+ Better ldap cleanup.
+ [25b9abe2d617]
-2007-07-29 19:21 millert
+ * ldap.c:
+ Distinguish between LDAP conf settings that are connection-specific
+ (which take an ld pointer) and those that are default settings
+ (which do not).
+ [d48dc6c9c3b4]
- * sudo.pod, sudoers.pod, visudo.pod: add missing over/back
+2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-29 19:09 millert
+ * ldap.c:
+ Improved warnings on error.
+ [c8dce7b4feb4]
- * sudo.pod, sudoers.pod, visudo.pod: Change FILES section to use
- =item
+ * ldap.c:
+ Make ldap config table driven and set the config *after* we open the
+ connection.
+ [d9698b5a2681]
-2007-07-29 18:32 millert
+2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Add back allocation of the env struct in rebuild_env but
- save a copy of the old pointer and free it before returning.
+ * ldap.c:
+ fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
+ [598c6df06660]
-2007-07-29 16:09 millert
+ * configure, configure.in:
+ some operating systems need to link with -lkrb5support when using
+ krb5
+ [8896365dde9e]
- * env.c: Don't init the private environment in rebuild_env() since
- it may have already been done implicitly
- sudo_setenv/sudo_unsetenv.
+2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
- Multiply length by sizeof(char *) in memcpy/memmove when copying
- the environment so we copy the full thing.
+ * WHATSNEW:
+ minor update
+ [acfeeb7f4886]
- Add missing set of parens so we deref the right pointer in
- sudo_unsetenv when searching for a matching variable.
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [a3c6699674f9]
-2007-07-26 16:35 millert
+2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog, TODO:
+ sync
+ [138e99b925ee]
+
+ * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
+ add -g support for LDAP
+ [8fc27dbe9287]
- * sudo.pod, sudoers.pod, visudo.pod: Use file markup for paths in
- the FILES section
+2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-26 10:04 millert
+ * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
+ The -i and -s flags can now take an optional command.
+ [6afec104ee77]
- * sudo.pod, sudoers.pod, visudo.pod: Don't capitalize sudo/visudo
+2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-26 07:28 millert
+ * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
+ sudoers.pod:
+ Add passprompt_override flag to sudoers that will cause the prompt
+ to be overridden in all cases. This flag is also set when the user
+ specifies the -p flag.
+ [e4c5402131a6]
- * sudoers.pod: Sort sudoers options; based on a diff from Igor
- Sobrado.
+ * sudo.c:
+ Move setting of login class until after sudoers has been parsed. Set
+ NewArgv[0] for -i after runas_pw has been set.
+ [62a48c8c56fa]
-2007-07-25 16:19 millert
+ * configure, configure.in:
+ Move the dgettext check.
+ [5fd8a4712d1c]
+
+2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod, sudoers.pod, visudo.pod: Use 8 and 5 instead of
- @mansectsu@ and @mansectform@ since the latter confuses pod2man.
- The Makefile rules for the .man.in file will add @mansectsu@ and
- @mansectform@ back in after pod2man is done anyway.
+ * auth/pam.c, config.h.in, configure, configure.in:
+ Add basic support for looking up the string "Password: " in the PAM
+ localized text db. This allows us to determine whether the PAM
+ prompt is the default "Password: " one even if it has been
+ localized.
-2007-07-22 19:09 millert
+ TODO: concatenate non-std PAM prompts and user-specified sudo
+ prompts.
+ [81c25a415d41]
- * LICENSE, Makefile.in, license.pod: Move license info to pod
- format
+2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-22 18:43 millert
+ * Makefile.in, config.h.in, configure, configure.in, parse.c,
+ set_perms.c, sudo.c, sudo.h:
+ Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
+ insufficient.
+ [1cce6ec1a91e]
- * configure, configure.in, sudoers.pod: Substitute value of
- path_info into sudoers man page.
+ * acsite.m4, configure, interfaces.c, memrchr.c:
+ Fix typos; Martynas Venckus
+ [be1233cca11a]
-2007-07-22 16:40 millert
+2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * WHATSNEW: remove features that were back-ported to 1.6.9
+ * set_perms.c:
+ Don't assume runas_pw is set; it may not be in the -g case.
+ [aa11bd2193ac]
-2007-07-22 15:20 millert
+2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c, sudo.pod, visudo.c, visudo.pod: Sort SYNOPSIS and sync
- usage. From Igor Sobrado.
+ * logging.c, set_perms.c:
+ Set aux group vector for PERM_RUNAS and restore group vector for
+ PERM_ROOT if we previously changed it. Stash the runas group vector
+ so we don't have to call initgroups more than once. Also add no-op
+ check to check_perms.
+ [53837fc755f7]
-2007-07-22 15:19 millert
+2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Only need sudo_setenv/sudo_unsetenv if we are going to use
- ldap_sasl_interactive_bind_s() but don't have
- gss_krb5_ccache_name().
+ * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
+ ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
+ pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
+ sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
+ testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
+ Add support for runas groups. This allows the user to run a command
+ with a different effective group. If the -g option is specified
+ without -u the command will be run as the current user (only the
+ group will change). the -g and -u options may be used together.
+ TODO: implement runas group for ldap improve runas group
+ documentation add testsudoers support
+ [9019309df6d0]
-2007-07-22 08:23 millert
+ * configure, configure.in:
+ fix setting of mandir
+ [2c60f269399f]
- * ChangeLog: rebuild without branch info
+ * sudo.pod, sudoers.pod:
+ document that ALL implies SETENV
+ [bcc8e5b703b9]
-2007-07-22 08:23 millert
+ * ldap.c:
+ s/setenv_ok/setenv_implied/g
+ [f005df2c2eea]
- * Makefile.in: Add ChangeLog target
+ * ldap.c:
+ hostname_matches() returns TRUE on match in sudo 1.7.
+ [c3d4377b6e8b]
-2007-07-22 08:14 millert
+ * ldap.c:
+ use strcmp, not strcasecmp when comparing ALL
+ [e486024574a1]
- * auth/pam.c: Run cleanup code if the user hits ^C at the password
- prompt.
+ * ldap.c:
+ Make sudo ALL imply setenv. Note that unlike with file-based
+ sudoers this does affect all the commands in the sudoRole.
+ [bc12f54321d1]
-2007-07-22 08:13 millert
+ * gram.c, gram.y, parse.c, parse.h:
+ sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
+ it is not passed on to other commands in the list.
+ [026e2cb40680]
- * auth/pam.c: Some versions of pam_lastlog have a bug that will
- cause a crash if PAM_TTY is not set so if there is no tty, set
- PAM_TTY to the empty string.
+ * visudo.c:
+ Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
+ sudo_getpwuid() instead of getpwuid().
+ [86f30a8fbd49]
-2007-07-20 09:32 millert
+2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: ChageLog not Changelog
+ * sudoers:
+ Expand on the dangers of not using visudo to edit sudoers.
+ [e434e8057d02]
-2007-07-20 09:31 millert
+2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * ChangeLog: sync
+ * parse.c:
+ Don't quote *?[]! on output since the lexer does not strip off the
+ backslash when reading those in.
+ [561da4a13afa]
-2007-07-20 09:29 millert
+2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: CHANGE -> Changelog
+ * glob.c:
+ expand "u_foo" types to "unsigned foo" to avoid compatibility
+ issues.
+ [b0d7c64d78c3]
-2007-07-19 20:23 millert
+2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * TODO: sync
+ * logging.c:
+ Refactor log line generation in to new_logline().
+ [6a9b9730615d]
-2007-07-19 19:53 millert
+2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure.in, configure, ldap.c: Add configure hooks
- for gss_krb5_ccache_name() and the gssapi headers.
+ * TROUBLESHOOTING:
+ fix typo
+ [9e19d4f86e47]
-2007-07-18 12:57 millert
+2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c, sudo.c: rebuild_env() and insert_env_vars() no longer
- return environment pointer, they set environ directly.
+ * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
+ match.c:
+ Add configure check for struct in6_addr instead of relying on
+ AF_INET6 since some systems define AF_INET6 but do not include IPv6
+ support.
+ [e24082c416bd]
- No longer need to pass around an envp pointer since we just
- operate on environ now.
+2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
- Add dosync argument to insert_env() that indicates whether it
- should reset environ when realloc()ing env.envp.
+ * configure, configure.in:
+ Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
+ use.
+ [76a9df4a63be]
- Use an initial size of 128 for the environment.
+2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-18 12:41 millert
+ * configure, configure.in:
+ POSIX states that struct timespec be declared in time.h so check
+ there regardless of the value of TIME_WITH_SYS_TIME.
+ [e42c55ec9daf]
- * env.c: Split sudo_setenv() into an external version and a version
- only for use by rebuild_env().
+2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-16 19:40 millert
+ * tgetpass.c:
+ Instead of defining a macro to call the appropriate method for
+ turning on/off echo, just define tc[gs]etattr() and the related
+ defines that use the correct terminal ioctls if needed. Also go back
+ to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
+ [5dfb2379d995]
- * ldap.c: Add support for using gss_krb5_ccache_name() instead of
- setting KRB5CCNAME. Also use sudo_unsetenv() in the
- non-gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
- original environment. TODO: configure setup for
- gss_krb5_ccache_name()
+2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-16 18:44 millert
+ * Makefile.in:
+ g/c @ALLOCA@
+ [e6946c2e3820]
- * README.LDAP: add krb5_ccname
+ * configure:
+ regen
+ [9bac7159a138]
-2007-07-16 18:44 millert
+ * INSTALL, auth/pam.c, config.h.in, configure.in:
+ Add --disable-pam-session configure option to disable calling
+ pam_{open,close}_session. May work around bugs in some PAM
+ implementations.
+ [273d0fdb4a9d]
- * README.LDAP, ldap.c: Add support for sasl_secprops in ldap.conf
+2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-16 18:39 millert
+ * tgetpass.c:
+ quiet gcc warnings
+ [325565c5a579]
- * env.c, sudo.h: Add sudo_unsetenv() and refactor private env
- syncing code into sync_env().
+ * tgetpass.c:
+ Avoid printing the prompt if we are already backgrounded. E.g. if
+ the user runs "sudo foo &" from the shell. In this case, the call
+ to tcsetattr() will cause SIGTTOU to be delivered.
+ [db2139a8d8b8]
-2007-07-16 07:27 millert
+2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * README.LDAP, ldap.c: The ldap.conf variable is sasl_auth_id not
- sasl_authid.
+ * def_data.c, def_data.h, def_data.in:
+ Reorder things such that the definition of env_reset come right
+ before the env variable lists.
+ [e0d8e22a581a]
-2007-07-15 15:44 millert
+ * parse.h:
+ Shrink type and seqno in struct alias from int to u_short
+ [9425263dd565]
- * ldap.c, sudo.c, sudo.h: Add support for krb5_ccname in ldap.conf.
- If specified, it will override the default value of KRB5CCNAME
- in the environment for the duration of the call to
- ldap_sasl_interactive_bind_s().
+ * alias.c, match.c, parse.c, parse.h:
+ Add a sequence number in the aliases for loop detection. If we find
+ an alias with the seqno already set to the current (global) value we
+ know we've visited it before so ignore it.
+ [301a0548ffff]
-2007-07-15 15:41 millert
+2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c, sudo.h: Remove format_env() Add sudo_setenv() to replace
- most format_env() + insert_env() combinations. insert_env() no
- longer takes a struct environment *
+ * TODO, auth/pam.c, sudo.c, sudo.h:
+ PAM wants the full tty path so add user_ttypath which holds the full
+ path to the tty or is NULL if no tty was present.
+ [c7c1dd4b36c8]
-2007-07-15 12:47 millert
+ * auth/pam.c:
+ Set PAM_RHOST to work around a bug in Solaris 7 and lower that
+ results in a segv.
+ [3a8865b3a357]
- * ldap.c: Fix use_sasl vs. rootuse_sasl logic.
+2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-15 09:23 millert
+ * gram.c:
+ regen
+ [5647be127950]
- * README.LDAP, config.h.in, configure, configure.in, ldap.c: Add
- support for SASL auth when connecting to an LDAP server. Adapted
- from a diff by Tom McLaughlin.
+ * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
+ parse.h, testsudoers.c, visudo.c:
+ rename lh_ -> tq_
+ [8f500c542c4a]
-2007-07-14 16:32 millert
+2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Only enable AIX or BSD auth if no other
- exclusive auth method has been chosen. Allows people to e.g.,
- use PAM on AIX without adding --without-aixauth. A better
- solution is needed to deal with default authentication since if a
- non-exclusive method is chosen we will still get an error.
+ * alloc.c:
+ remove some useless casts
+ [409a448b23f5]
-2007-07-11 11:23 millert
+ * alloc.c:
+ pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
+ predates the final C99 spec and the standard specifies that it shall
+ include stdint.h anyway
+ [ae478fdef61a]
- * HISTORY, Makefile.in, history.pod: Generate HISTORY from
- history.pod (which is also used for web pages)
+2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-09 19:40 millert
+ * Makefile.in, alloca.c, configure.in:
+ Since we ship with a pre-generated parser there is no need to ship a
+ bogus alloca implementation.
+ [3f611a7cc0e5]
- * sudo.man.in, sudoers.man.in: regen
+ * configure:
+ regen
+ [771eccf5269c]
-2007-07-09 19:25 millert
+ * configure.in:
+ remove initial setting of CHECKSIA, we require that it be unset if
+ not used
+ [a2e91adc5aa2]
- * sudo.pod: Better explanation of environment handling in the sudo
- man page.
+ * Makefile.in:
+ add list.c to SRCS
+ [7db0e56cf5b9]
-2007-07-09 15:13 millert
+ * configure:
+ regen
+ [3716ec30172e]
- * env.c, sudo.c: Defer setting user-specified env vars until after
- authentication.
+ * configure.in:
+ only do SIA checks on Digital Unix
+ [6a96e1af2597]
-2007-07-09 13:25 millert
+2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: honor def_default_path for PATH set on the command line
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [ac1dc29de72b]
-2007-07-09 13:22 millert
+ * ChangeLog, TODO:
+ sync
+ [781effce0a2d]
- * sudo.c, env.c, sudo.pod, sudoers.pod: Allow user to set
- environment variables on the command line as long as they are
- allowed by env_keep and env_check. Ie: apply the same
- restrictions as normal environment variables. TODO: deal with
- secure_path
+ * auth/kerb5.c:
+ Remove call to krb5_cc_register() as it is not needed for modern
+ kerb5.
+ [351b8b764f16]
-2007-07-08 14:44 millert
+ * configure:
+ regen
+ [ac21dbcc9c2c]
- * sudo.c, sudo_edit.c: Call rebuild_env() in call cases. Pass
- original envp to sudo_edit(). Don't allow -E or env var setting
- in sudoedit mode. More accurate usage() when called as sudoedit.
+ * aclocal.m4, configure.in:
+ New method for setting the default authentication type and avoiding
+ conflicts in auth types.
+ [5fb15be11f78]
-2007-07-08 14:41 millert
+ * match.c, parse.c, testsudoers.c:
+ Each entry in a cmndlist now has an associated runaslist so no need
+ to keep track of the most recent non-NULL one.
+ [582e015786b0]
- * ldap.c: warn -> warning
+2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-08 14:11 millert
+ * ldap.c:
+ back out partial ldaps support mistakenly committed
+ [357703e94b2d]
- * sudo.pod: add -c option to sudoedit synopsis
+ * ldap.c:
+ Add support for unix groups and netgroups in sudoRunas
+ [2f04eb91c6d0]
-2007-07-08 10:27 millert
+2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * TODO: udpate to reality
+ * sudo_edit.c:
+ Fix sudoedit of a non-existent file. From Tilo Stritzky.
+ [a5488a03bddd]
-2007-07-08 09:43 millert
+2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: Use ALLOW/DENY instead of TRUE/FALSE when dealing with
- the return value from {user,host,runas,cmnd}_matches(). Rename
- *matches variables -> *match. Purely cosmetic.
+ * configure:
+ regen
+ [541177376ee1]
-2007-07-08 09:30 millert
+ * INSTALL:
+ update --passprompt escape info
+ [6d57db4cd538]
- * parse.c: Move setting of FLAG_NO_CHECK into the if(pwflag) block.
- No change in behavior.
+ * configure.in:
+ remove now-bogus comment and update copyright date
+ [6a4af45fa331]
-2007-07-08 09:17 millert
+ * configure.in:
+ Fix up use of with_passwd
+ [7c79d8640f77]
- * sudoers: add SETENV tag
+ * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
+ Update to autoconf-2.61 andf libtool-1.5.24
+ [045259b0b439]
+
+ * Makefile.in:
+ "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
+ [f5b6a7afb817]
+
+2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c:
+ regen
+ [b5b78e71d2cb]
+
+ * gram.y:
+ move tags and runaslist propagation to be earlier
+ [94f7805f4489]
+
+ * visudo.c:
+ If -f flag given use the permissions of the original file as a
+ template
+ [9303d22bddb0]
+
+ * gram.y:
+ prevent a double free() when re-initing the parser
+ [5b3907c4de5a]
+
+2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [49a90b19a17d]
+
+ * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
+ auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
+ configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
+ parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
+ sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
+ Remove support for compilers that don't support void *
+ [35e1d01ae197]
+
+ * gram.c:
+ regen
+ [70ce412a458a]
+
+ * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
+ parse.c, parse.h, testsudoers.c, visudo.c:
+ Move list manipulation macros to list.h and create C versions of the
+ more complex ones in list.c. The names have been down-cased so they
+ appear more like normal functions.
+ [9cea0e281148]
+
+ * Makefile.in:
+ Fix cmp command when regenerating parser. Make gram.o the first
+ dependency for all programs so gram.h will be generated before
+ anything that needs it.
+ [429ea065abf1]
+
+ * gram.y, parse.h:
+ Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
+ [2f3433833589]
+
+ * match.c, parse.c, testsudoers.c:
+ Use LH_FOREACH_REV when checking permission and short-circuit on the
+ first non-UNSPEC hit we get for the command. This means that
+ instead of cycling through the all the parsed sudoers entries we
+ start at the end and work backwards and quit after the first
+ positive or negative match.
+ [881474532f3e]
+
+ * gram.c:
+ regen
+ [9152a19d4188]
-2007-07-06 15:51 millert
+ * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
+ Change list head macros to take a pointer, not a struct.
+ [054f1dcce4cc]
- * parse.c: Make pwcheck local to the pwflag block. Use pwcheck
- even if user didn't match since Defaults options may still apply.
+ * gram.c:
+ regen
+ [be154aae6235]
-2007-07-06 14:51 millert
+ * gram.y:
+ Propagate the runasspec from one command to the next in a cmndspec.
+ [4957b1cb03a3]
- * check.c, sudo.c: Do not update timestamp if user not validated by
- sudoers.
+2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-06 10:14 millert
+ * match.c:
+ Replace has_meta() with a macro that calls strpbrk().
+ [a2e58846a542]
- * set_perms.c: for PERM_RUNAS, set the egid to the runas user's gid
- and restore to the user's original in PERM_ROOT
+ * regen
+ [5a932a5c9451]
-2007-07-06 10:04 millert
+ * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
+ testsudoers.c, visudo.c:
+ Use a list head struct when storing the semi-circular lists and
+ convert to tail queues in the process. This will allow us to
+ reverse foreach loops more easily and it makes it clearer which
+ functions expect a list as opposed to a single member.
- * logging.c, mon_systrace.c, set_perms.c, sudo.h: PERM_FULL_ROOT is
- now no different than PERM_ROOT so remove PERM_FULL_ROOT
+ Add macros for manipulating lists. Some of these should become
+ functions.
-2007-07-06 09:49 millert
+ When freeing up a list, just pop off the last item in the queue
+ instead of going from head to tail. This is simpler since we don't
+ have to stash a pointer to the next member, we always just use the
+ last one in the queue until the queue is empty.
- * check.c: don't check timestamp mtime if we are just going to
- remove it
+ Rename match functions that take a list to have list in the name.
+ Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
+ [7c37b271607a]
-2007-07-06 09:33 millert
+ * parse.c:
+ Fix pasto, append "!" not negated (which is an int) for sudo -l
+ output.
+ [93a444c3997f]
- * sudoers.pod: Move sudoers defaults parameters into their own
- section.
+ * Makefile.in:
+ Remove the dependency of gram .h on gram.y, the .c dependency is
+ enough. Only move y.tab.h to gram.h if it is different; avoids
+ needless rebuilding.
+ [67bf4ea2a2e5]
+
+2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Defaults lines may be associated with lists of users, hosts,
+ commands and runas users, not just single entries.
+ [795effacb6be]
+
+2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Revert the "cmp" portion of the last diff, it doesn't make sense.
+ [26f34bf4e2e3]
+
+ * Makefile.in:
+ Remove *.lo for clean: When generating the parser, only move the
+ generated files into place if they differ from the existing ones.
+ [84673fea371b]
+
+2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Replace IPV6 regexp with a much simpler (readable) one and add an
+ extra check when it matches to make sure we have a valid address.
+ [592e9f690556]
+
+ * match.c:
+ Fix thinko introduced when merging IPV6 support.
+ [da38cd5eb8c7]
+
+2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY, LICENSE:
+ regen
+ [0d7b27b90634]
+
+ * license.pod:
+ add 2007
+ [510e5048ae1a]
+
+ * UPGRADE:
+ mention #uid vs. comment pitfall
+ [4d2861898bcc]
+
+ * acsite.m4:
+ Merge in a patch from the libtool cvs that fixes a problem with the
+ latest autoconf. From Stepan Kasal.
+ [0c279ae7df3e]
+
+ * parse.h:
+ Back out he XOR swap trick, it is slower than a temp variable on
+ modern CPUs.
+ [91c4b024e317]
+
+ * gram.c:
+ regen
+ [cb6d4106fb74]
+
+ * gram.y, parse.h:
+ Convert the tail queue to a semi-circle queue and use the XOR swap
+ trick to swap the prev pointers during append.
+ [8bf4d9fbee58]
+
+2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.h:
+ remove useless statement
+ [421ec1dd73e6]
+
+ * toke.c, toke.l:
+ Refactor #include parsing into a separate function and return
+ unparsed chars (such as newline or comment) back to the lexer.
+ [64166917aa3d]
-2007-07-05 20:21 millert
+2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * testsudoers.c: Reduce a level of indent by a few placed continue
- statements.
+ * WHATSNEW:
+ mention better uid support
+ [56f510e7f2ec]
-2007-07-05 20:20 millert
+ * sudoers.pod:
+ Users may now consist of a uid.
+ [5fd31b2c55ed]
- * parse.c: Make matching but negated commands/hosts/runas entries
- override a previous match as expected. Also reduce some levels
- of indent by a few placed continue statements.
+ * gram.c, gram.h, toke.c:
+ regen
+ [599e58af6dc1]
-2007-07-05 16:34 millert
+ * parse.c:
+ Use lbuf_append_quoted() for sudo -l output to quote characters that
+ would require quoting in sudoers.
+ [3132d05c990a]
- * parse.c: Print default runas in "sudo -l" if sudoers don't
- specify one.
+ * lbuf.c, lbuf.h:
+ Add lbuf_append_quoted() which takes a set of characters which
+ should be quoted with a backslash when displayed.
+ [ab09bebb1d65]
-2007-07-05 15:46 millert
+ * toke.l:
+ Require that the first character after a comment not be a digit or a
+ dash. This allows us to remove the GOTRUNAS state and treat
+ uid/gids similar to other words. It also means that we can now
+ specify uids in User_Lists and a User_Spec may now contain a uid.
+ [461fe01f8392]
- * match.c: Less hacky way of testing whether the domain was set.
+ * gram.y, toke.l:
+ Replace RUNAS token with '(' and ')' tokens to make the runas
+ portion of the grammar more natural.
+ [e0c383b4684d]
-2007-07-04 15:50 millert
+ * BUGS:
+ The BUGS file is history
+ [4d9a809585c7]
- * INSTALL: Mention pam-devel and openldap-devel for Linux
+ * Makefile.in, README:
+ The BUGS file is history
+ [d9500e261172]
-2007-07-03 19:38 millert
+2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * README.LDAP: or vs. are
+ * toke.c, toke.l:
+ Allow comments after a RunasAlias as long as the character after the
+ pound sign isn't a digit or a dash.
+ [d7f3bd94eeda]
-2007-07-01 16:55 millert
+ * WHATSNEW:
+ Glob support was back-ported to 1.6.9
+ [d1d5cfd46228]
- * sudo.c: fix typo in Solaris project support
+2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-01 09:40 millert
+ * Makefile.in:
+ remove sudo_usage.h in distclean
+ [df05ce9c4127]
- * HISTORY: update
+ * parse.c:
+ If a Defaults value contains a blank, double-quote the string.
+ [9057a910daad]
-2007-07-01 09:07 millert
+ * toke.c, toke.l:
+ Properly deal with Defaults double-quoted strings that span multiple
+ lines using the line continuation char. Previously, the entire
+ thing, including the continuation char, newline, and spaces was
+ stored as-is.
+ [4a4e8eacefe6]
- * sudo.c: Make -- on the command line match the manual page. The
- implied shell case has been simplified as a result.
+ * sudo.c:
+ Be consistent when using single quotes and backticks.
+ [d010b83a0fa1]
-2007-06-28 10:44 millert
+2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers2ldif: add simplistic support for sudoRunas; note that if
- a sudoers entry contains multiple Runas users, all will apply to
- the sudoRole
+ * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
+ sudo.c, sudo_usage.h.in:
+ Add new linebuf code to do appends of dynamically allocated strings
+ and word-wrapped output. Currently used for sudo's usage() and sudo
+ -l output. Sudo usage strings are now in sudo_usage.h which is
+ generated at configure time.
+ [4dfd0ee8d961]
-2007-06-28 10:42 millert
+2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers2ldif: honor SETENV and NOSETENV tags
+ * parse.c, sudo.c, sudo.h:
+ Fix line wrapping in usage() and use the actual tty width instead of
+ assuming 80.
+ [700eab37c5a6]
-2007-06-24 09:25 millert
+2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * mon_systrace.c: Redo setting of user_args. We now build up a
- private copy of argv first and then replace the NULs with spaces.
+ * history.pod:
+ some more info
+ [8140112a8ae1]
-2007-06-24 09:19 millert
+ * history.pod:
+ Mentioned Chris Jepeway's parser and also the new one that is in
+ sudo 1.7.
+ [2132d00f0597]
- * mon_systrace.c: getcwd() returns NULL on failure, not 0 on
- success
+2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-24 07:39 millert
+ * sudo.pod, visudo.pod:
+ For the options list, add flag args where appropriate and increase
+ the indent level so there is room for them.
+ [2b60fb572e12]
- * mon_systrace.c: allow chunksiz to reach 1 before erroring out
+2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-23 20:00 millert
+ * parse.c:
+ Fix some spacing in "sudo -l" and add a comment about some bogosity
+ in the line wrapping.
+ [b59b056f5ee2]
* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: regen
-
-2007-06-23 19:58 millert
-
- * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h,
- gram.y, logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod,
- sudoers.pod, toke.c, toke.l: Add support for setting environment
- variables on the command line. This is only allowed if the
- setenv sudoers options is enabled or if the command is prefixed
- with the SETENV tag.
-
-2007-06-23 19:57 millert
-
- * README.LDAP: replace Aaron's email address with the sudo-workers
- list
-
-2007-06-23 19:55 millert
-
- * configure: regen
-
-2007-06-21 20:35 millert
+ visudo.man.in:
+ regen
+ [5fb719f18ebc]
- * Makefile.in, README.LDAP, schema.OpenLDAP, schema.iPlanet: Break
- schema out into separate files.
+ * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
+ def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
+ parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
+ testsudoers.c, toke.c, toke.l:
+ Remove monitor support until there is a versino of systrace that
+ uses a lookaside buffer (or we have a better mechanism to use).
+ [61ff76878e4a]
-2007-06-21 18:28 millert
+ * config.h.in, configure, configure.in, sudo.c:
+ use getaddrinfo() instead of gethostbyname() if it is available
+ [cc33c136aa6a]
- * auth/aix_auth.c: free message if set by authenticate()
+2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-21 13:03 millert
+ * parse.c, sudo.c:
+ Deal with OSes where sizeof(gid_t) < sizeof(int).
+ [130a89cbdfba]
- * match.c: deal with NULL gr_mem
+ * interfaces.c:
+ repair non-getifaddrs() code after ipv6 integration
+ [7ae7a89e2236]
-2007-06-20 15:04 millert
+ * sudo.c:
+ If we can open sudoers but fail to read the first byte, close the
+ file stream before trying again.
+ [6f31272fae7b]
- * config.h.in: regen
+2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-20 15:04 millert
+ * toke.c:
+ regen
+ [4d7afe0aa6fa]
- * configure.in: add template for HAVE_PROJECT_H
+ * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
+ Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
+ [4e6ff2965a42]
-2007-06-20 07:06 millert
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Add some missing markup Update copyright
+ [7e6d3c686b5e]
- * closefrom.c: include fcntl.h
+2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-19 19:37 millert
+ * configure, configure.in:
+ fix sudo_noexec extension which got broken in the libtool update
+ [3a5b447df861]
- * INSTALL: mention --with-project
+2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-19 18:24 millert
+ * Makefile.in:
+ explicitly specify -Tascii to nroff
+ [45c8da4cbefe]
- * config.h.in, configure.in, sudo.c: Add Solaris 10 "project"
- support. From Michael Brantley.
+2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-19 17:27 millert
+ * logging.c:
+ remove an ANSI-ism that crept in
+ [29086f87b2ca]
- * sudoers.pod: fix typo
+2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-19 17:22 millert
+ * sudo.pod:
+ Adjust list indents Prevent -- from being turned into an em dash Use
+ a list for the environment instead of a literal paragraph
+ [c3abcd8f76f4]
- * configure: regen
+ * visudo.pod:
+ Use a list for the environment instead of an indented literal
+ paragraph.
+ [0ffcfcb7349f]
-2007-06-19 17:21 millert
+ * sudoers.pod:
+ Adjust list indentation
+ [615c89e3123a]
- * configure.in: Fix preservation of LDFLAGS in the LDAP case.
+ * license.pod:
+ add =head3
+ [8b2e0d38c0bd]
-2007-06-19 17:00 millert
+2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * memrchr.c: Remove dependecy on NULL
+ * sudo.pod:
+ mention that when specifying a uid for the -u option the shell may
+ require that the # be escaped
+ [3e3a17bff150]
-2007-06-19 15:37 millert
+2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * match.c:
+ Fix off by one in group matching.
+ [b529602b7fba]
-2007-06-19 15:37 millert
+2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4, configure.in: Can't use the regular autoconf
- fnmatch() check since we need FNM_CASEFOLD so go back to our
- custom one.
+ * env.c:
+ Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
+ [ffbf8907c6e7]
-2007-06-19 12:52 millert
+2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Fix preserving of variables in env_keep.
+ * configure, configure.in:
+ Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
+ -lgssapi_krb5 case.
+ [2b85a89c2252]
-2007-06-19 07:10 millert
+ * aclocal.m4, configure, configure.in:
+ Fix link tests such that new gcc doesn't optimize away the test.
+ [83484ec95cba]
- * env.c: add XAUTHORIZATION
+2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-18 20:41 millert
+ * sudo.pod, sudoers.pod, visudo.pod:
+ add missing over/back
+ [251a12c89b91]
- * UPGRADE: expand upon env resetting and mention that it began in
- 1.6.9 not 1.7.
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Change FILES section to use =item
+ [60b9efc3a0b2]
-2007-06-18 20:33 millert
+ * env.c:
+ Add back allocation of the env struct in rebuild_env but save a copy
+ of the old pointer and free it before returning.
+ [1100cd4fa997]
- * sudoers.pod: Update descriptions of env_keep and env_check to
- match current reality.
+ * env.c:
+ Don't init the private environment in rebuild_env() since it may
+ have already been done implicitly sudo_setenv/sudo_unsetenv.
-2007-06-18 17:33 millert
+ Multiply length by sizeof(char *) in memcpy/memmove when copying the
+ environment so we copy the full thing.
- * env.c: Add LINGUAS to initial_checkenv_table. Add COLORS,
- HOSTNAME, LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to
- intial_keepenv_table.
+ Add missing set of parens so we deref the right pointer in
+ sudo_unsetenv when searching for a matching variable.
+ [9086a8f756b1]
-2007-06-18 17:23 millert
+2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c, logging.c: Treat USERNAME environemnt variable like
- LOGNAME/USER
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Use file markup for paths in the FILES section
+ [940d99f731f2]
-2007-06-18 17:21 millert
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Don't capitalize sudo/visudo
+ [f067a455d44b]
- * env.c: Don't need to populate keepenv table with the contents of
- the checkenv table.
+ * sudoers.pod:
+ Sort sudoers options; based on a diff from Igor Sobrado.
+ [a9b9befe85ac]
-2007-06-18 08:57 millert
+2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Don't force sudo into the C locale.
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
+ latter confuses pod2man. The Makefile rules for the .man.in file
+ will add @mansectsu@ and @mansectform@ back in after pod2man is done
+ anyway.
+ [b50ea0db727c]
-2007-06-18 08:56 millert
+2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Make env_check apply when env_reset it true. Environment
- variables are passed through unless they contain '/' or '%'.
- There is no need to have a variable in both env_check and
- env_keep.
+ * LICENSE, Makefile.in, license.pod:
+ Move license info to pod format
+ [25bdd82e592b]
-2007-06-16 07:31 millert
+ * configure, configure.in, sudoers.pod:
+ Substitute value of path_info into sudoers man page.
+ [9ba661a82798]
- * visudo.c: Remove an duplicate lock_file() call and add a comment.
+ * WHATSNEW:
+ remove features that were back-ported to 1.6.9
+ [e76d756cbe65]
-2007-06-15 21:16 millert
+ * sudo.c, sudo.pod, visudo.c, visudo.pod:
+ Sort SYNOPSIS and sync usage. From Igor Sobrado.
+ [4970386c9e54]
- * UPGRADE: Add sudo 1.6.9 upgrade note.
+ * env.c:
+ Only need sudo_setenv/sudo_unsetenv if we are going to use
+ ldap_sasl_interactive_bind_s() but don't have
+ gss_krb5_ccache_name().
+ [f1a73d8b35c5]
-2007-06-14 12:23 millert
+ * ChangeLog:
+ rebuild without branch info
+ [5d5a33494677]
- * interfaces.c: Solaris will return EINVAL if the buffer used in
- SIOCGIFCONF is too small. From Klaus Wagner.
+ * Makefile.in:
+ Add ChangeLog target
+ [a702034fdd89]
-2007-06-14 12:03 millert
+ * auth/pam.c:
+ Run cleanup code if the user hits ^C at the password prompt.
+ [9cf87768e921]
- * Makefile.in, config.h.in, configure, configure.in, memrchr.c,
- logging.c, sudo.h: Redo the long syslog line splitting based on a
- patch from Eygene Ryabinkin. Include memrchr() for systems
- without it.
+ * auth/pam.c:
+ Some versions of pam_lastlog have a bug that will cause a crash if
+ PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
+ string.
+ [5b63f6c88866]
-2007-06-14 07:09 millert
+2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: Since we need to be able to convert timespec to
- timeval for utimes() the last 3 digits in the tv_nsec are not
- significant. This makes the sudoedit file date comparison work
- again.
+ * Makefile.in:
+ ChageLog not Changelog
+ [1243d8473ceb]
-2007-06-13 13:41 millert
+ * ChangeLog:
+ sync
+ [d887df98c6b0]
- * aclocal.m4, configure, configure.in: Add SUDO_ADD_AUTH macro to
- deal with adding things to AUTH_OBJS. This deals with exclusive
- authentication methods in a simple way.
+ * Makefile.in:
+ CHANGE -> Changelog
+ [917738df30dd]
-2007-06-12 13:08 millert
+ * TODO:
+ sync
+ [cd382f7d1948]
- * LICENSE: mkstemp.c is BSD code too.
+2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-12 09:21 millert
+ * config.h.in, configure, configure.in, ldap.c:
+ Add configure hooks for gss_krb5_ccache_name() and the gssapi
+ headers.
+ [139606209991]
- * sudo.pod, sudoers.pod, visudo.pod: No commercial support for now.
+2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-11 18:27 millert
+ * env.c, sudo.c:
+ rebuild_env() and insert_env_vars() no longer return environment
+ pointer, they set environ directly.
- * sudo.c: cleanenv() is no more.
+ No longer need to pass around an envp pointer since we just operate
+ on environ now.
-2007-06-10 18:37 millert
+ Add dosync argument to insert_env() that indicates whether it should
+ reset environ when realloc()ing env.envp.
- * ChangeLog: Display branch info in Changelog
+ Use an initial size of 128 for the environment.
+ [4735fd5fddb8]
-2007-06-10 18:18 millert
+ * env.c:
+ Split sudo_setenv() into an external version and a version only for
+ use by rebuild_env().
+ [fda7d655adb1]
- * utimes.c: Include config.h early so we have it for
- TIME_WITH_SYS_TIME
+2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Add support for using gss_krb5_ccache_name() instead of setting
+ KRB5CCNAME. Also use sudo_unsetenv() in the non-
+ gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
+ original environment. TODO: configure setup for
+ gss_krb5_ccache_name()
+ [fcafa5a49caf]
+
+ * README.LDAP:
+ add krb5_ccname
+ [fceb8f883886]
+
+ * README.LDAP, ldap.c:
+ Add support for sasl_secprops in ldap.conf
+ [1f06f4bf7347]
+
+ * env.c, sudo.h:
+ Add sudo_unsetenv() and refactor private env syncing code into
+ sync_env().
+ [045ecb3fd22b]
+
+ * README.LDAP, ldap.c:
+ The ldap.conf variable is sasl_auth_id not sasl_authid.
+ [a5f98491311b]
+
+2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, sudo.c, sudo.h:
+ Add support for krb5_ccname in ldap.conf. If specified, it will
+ override the default value of KRB5CCNAME in the environment for the
+ duration of the call to ldap_sasl_interactive_bind_s().
+ [b08a10c3045b]
+
+ * env.c, sudo.h:
+ Remove format_env() Add sudo_setenv() to replace most format_env() +
+ insert_env() combinations. insert_env() no longer takes a struct
+ environment *
+ [131da52f43f3]
+
+ * ldap.c:
+ Fix use_sasl vs. rootuse_sasl logic.
+ [0c0417b6918c]
+
+ * README.LDAP, config.h.in, configure, configure.in, ldap.c:
+ Add support for SASL auth when connecting to an LDAP server. Adapted
+ from a diff by Tom McLaughlin.
+ [a6285f1356ea]
+
+2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Only enable AIX or BSD auth if no other exclusive auth method has
+ been chosen. Allows people to e.g., use PAM on AIX without adding
+ --without-aixauth. A better solution is needed to deal with default
+ authentication since if a non-exclusive method is chosen we will
+ still get an error.
+ [83f7afdc0ec3]
+
+2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY, Makefile.in, history.pod:
+ Generate HISTORY from history.pod (which is also used for web pages)
+ [60bcd5164931]
+
+2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man.in, sudoers.man.in:
+ regen
+ [63956a366191]
+
+ * sudo.pod:
+ Better explanation of environment handling in the sudo man page.
+ [6c247742f7ee]
+
+ * env.c, sudo.c:
+ Defer setting user-specified env vars until after authentication.
+ [4750b79323ee]
+
+ * env.c:
+ honor def_default_path for PATH set on the command line
+ [6db31d9b6d65]
+
+ * env.c, sudo.c, sudo.pod, sudoers.pod:
+ Allow user to set environment variables on the command line as long
+ as they are allowed by env_keep and env_check. Ie: apply the same
+ restrictions as normal environment variables. TODO: deal with
+ secure_path
+ [26c0da3840cf]
+
+2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo_edit.c:
+ Call rebuild_env() in call cases. Pass original envp to sudo_edit().
+ Don't allow -E or env var setting in sudoedit mode. More accurate
+ usage() when called as sudoedit.
+ [a4af20658361]
+
+ * ldap.c:
+ warn -> warning
+ [d87d1192b048]
+
+ * sudo.pod:
+ add -c option to sudoedit synopsis
+ [15b596a7e2db]
+
+ * TODO:
+ udpate to reality
+ [e2f8fde89db1]
+
+ * parse.c:
+ Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
+ value from {user,host,runas,cmnd}_matches(). Rename *matches
+ variables -> *match. Purely cosmetic.
+ [e54a44c00a88]
-2007-06-10 18:00 millert
+ * parse.c:
+ Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
+ in behavior.
+ [c6272b4f2127]
- * ChangeLog: Fix Changelog generation and update.
+ * sudoers:
+ add SETENV tag
+ [3a3066bb6788]
-2007-06-09 07:26 millert
+2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * closefrom.c: Use /proc/self/fd instead of /proc/$$/fd
+ * parse.c:
+ Make pwcheck local to the pwflag block. Use pwcheck even if user
+ didn't match since Defaults options may still apply.
+ [45da9efbbafd]
- Move old-style fd closing into closefrom_fallback() and call that
- if /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
+ * check.c, sudo.c:
+ Do not update timestamp if user not validated by sudoers.
+ [a4a9d4364827]
-2007-06-09 07:24 millert
+ * set_perms.c:
+ for PERM_RUNAS, set the egid to the runas user's gid and restore to
+ the user's original in PERM_ROOT
+ [1514bfb32847]
- * config.h.in, configure.in, auth/kerb5.c: o use
- krb5_verify_user() if available instead of doing it by hand
- o use krb5_init_secure_context() if we have it
- o pass an encryption type of 0 to krb5_kt_read_service_key()
- instead of
- ENCTYPE_DES_CBC_MD5 to let kerberos choose.
+ * logging.c, mon_systrace.c, set_perms.c, sudo.h:
+ PERM_FULL_ROOT is now no different than PERM_ROOT so remove
+ PERM_FULL_ROOT
+ [b9d047a3178c]
-2007-06-09 07:20 millert
+ * check.c:
+ don't check timestamp mtime if we are just going to remove it
+ [5d2470bc6cbd]
- * env.c: Check TERM and COLORTERM for '%' and '/' characters. From
- Debian.
+ * sudoers.pod:
+ Move sudoers defaults parameters into their own section.
+ [54701fbc0ff3]
-2007-06-09 07:17 millert
+ * testsudoers.c:
+ Reduce a level of indent by a few placed continue statements.
+ [5d5a9838c8ef]
- * configure.in: Fix closefrom() substitution in the Makefile
+ * parse.c:
+ Make matching but negated commands/hosts/runas entries override a
+ previous match as expected. Also reduce some levels of indent by a
+ few placed continue statements.
+ [dd59fa4b91a1]
-2007-06-09 07:15 millert
+2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * TROUBLESHOOTING: Mention alternate sudo pronunciation.
+ * parse.c:
+ Print default runas in "sudo -l" if sudoers don't specify one.
+ [07d408c400bd]
-2007-06-07 07:52 millert
+ * match.c:
+ Less hacky way of testing whether the domain was set.
+ [a537059776e5]
- * env.c: Remove KRB5_KTNAME from environment. Allow COLORTERM.
+2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-07 07:22 millert
+ * INSTALL:
+ Mention pam-devel and openldap-devel for Linux
+ [9e708c54ecc3]
- * auth/kerb5.c: If we cannot get a valid service key using the
- default keytab it is a fatal error. Fixes a bug where sudo could
- be tricked into allowing access when it should not by a fake KDC.
- From Thor Lancelot Simon.
+2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-05-12 08:56 millert
+ * README.LDAP:
+ or vs. are
+ [abe8c0f3a410]
- * aclocal.m4, configure, configure.in: Update long long checks to
- use AC_CHECK_TYPES and to cache values.
+2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-05-12 08:07 millert
+ * sudo.c:
+ fix typo in Solaris project support
+ [2ffeb2d80959]
- * aclocal.m4, configure.in: Use AC_FUNC_FNMATCH instead of a
- homebrew fnmatch checker. We can't use AC_REPLACE_FNMATCH since
- that assumes replacing with GNU fnmatch.
+ * HISTORY:
+ update
+ [df162b36f120]
-2007-05-11 17:05 millert
+ * sudo.c:
+ Make -- on the command line match the manual page. The implied shell
+ case has been simplified as a result.
+ [cd217a1f6694]
- * configure, configure.in: Add closefrom() to LIB_OBJS not
- SUDO_OBJS if it is missing since we need it for visudo now too.
+2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-04-24 14:44 millert
+ * sudoers2ldif:
+ add simplistic support for sudoRunas; note that if a sudoers entry
+ contains multiple Runas users, all will apply to the sudoRole
+ [65b11421f5c8]
- * sudoers.pod: Attempt to clarify the bit talking about network
- numbers w/o netmasks.
+ * sudoers2ldif:
+ honor SETENV and NOSETENV tags
+ [2c0d5ba7a09b]
-2007-04-24 14:25 millert
+2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod: Clarify timestamp dir ownership sentence.
+ * mon_systrace.c:
+ Redo setting of user_args. We now build up a private copy of argv
+ first and then replace the NULs?with spaces.
+ [ccbba72ea112]
-2007-04-20 12:40 millert
+ * mon_systrace.c:
+ getcwd() returns NULL on failure, not 0 on success
+ [88cd9e66e530]
- * auth/pam.c: Linux PAM now defines __LINUX_PAM__, not
- __LIBPAM_VERSION. From Dmitry V. Levin.
+ * mon_systrace.c:
+ allow chunksiz to reach 1 before erroring out
+ [619d68f14964]
-2007-04-16 12:13 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [8db512d3caf0]
- * sudo.c: -i is also one of the mutually exclusive options to list
- it in the warning message. Noted by Chris Pepper.
+2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-04-12 11:18 millert
+ * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
+ logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
+ toke.c, toke.l:
+ Add support for setting environment variables on the command line.
+ This is only allowed if the setenv sudoers options is enabled or if
+ the command is prefixed with the SETENV tag.
+ [5744caebd969]
- * visudo.pod: The sudoers variable is env_editor, not enveditor.
- From Jean-Francois Saucier.
+ * README.LDAP:
+ replace Aaron's email address with the sudo-workers list
+ [2ffce5f9afc0]
-2007-03-29 13:30 millert
+ * configure:
+ regen
+ [8013dff82c0c]
- * redblack.c: I tracked down the original author so credit him and
- include his license info.
+2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-02-06 13:25 millert
+ * schema.OpenLDAP, schema.iPlanet:
+ Break schema out into separate files.
+ [15e598e4c60b]
- * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
- sudoers.pod: Fix typos; from Jason McIntyre.
+ * Makefile.in, README.LDAP:
+ Break schema out into separate files.
+ [1a53966ca1fa]
-2007-02-06 13:23 millert
+2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c: Restore signal mask before calling reapchild(). Fixes
- a possible race condition that could prevent sudo from properly
- waiting for the child.
+ * auth/aix_auth.c:
+ free message if set by authenticate()
+ [849c220c1236]
-2007-01-31 10:02 millert
+ * match.c:
+ deal with NULL gr_mem
+ [49e4d74f0bbe]
- * pwutil.c: Don't declare pw_free() if we are not going to use it.
+2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-01-31 10:00 millert
+ * config.h.in:
+ regen
+ [fead999ad3e9]
- * env.c: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD
- and LDR_PRELOAD64. The 64-bit version is not currently
- supported. Remove zero_env() prototype as it no longer exists.
+ * configure.in:
+ add template for HAVE_PROJECT_H
+ [e6c42c2eaad1]
-2006-12-11 13:21 millert
+ * closefrom.c:
+ include fcntl.h
+ [54d98b382f03]
- * logging.c: Add "Auto-Submitted: auto-generated" line to sudo mail
- for rfc 3834.
+2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2006-09-29 10:53 millert
+ * INSTALL:
+ mention --with-project
+ [d3ea3baad7c5]
- * auth/pam.c: If the user enters ^C at the password prompt, abort
- instead of trying to authenticate with an empty password (which
- causes an annoying delay).
+ * config.h.in, configure.in, sudo.c:
+ Add Solaris 10 "project" support. From Michael Brantley.
+ [f14f3c8c6554]
-2006-08-17 11:26 millert
+ * sudoers.pod:
+ fix typo
+ [50db81a19787]
- * closefrom.c, config.h.in, configure, configure.in: Add fcntl
- F_CLOSEM support to closefrom(); adapted from a diff by Darren
- Tucker.
+ * configure:
+ regen
+ [ea71afd3e564]
-2006-08-17 11:25 millert
+ * configure.in:
+ Fix preservation of LDFLAGS in the LDAP case.
+ [40a3a47e8059]
- * pwutil.c: pw_free() is only used by sudo_freepwcache() so ifdef
- it out too.
+ * memrchr.c:
+ Remove dependecy on NULL
+ [c957ae5e1733]
-2006-08-04 11:34 millert
+ * configure:
+ regen
+ [4955ce0c6912]
- * config.sub, config.guess: Update to latest versions from
- cvs.savannah.gnu.org
+ * aclocal.m4, configure.in:
+ Can't use the regular autoconf fnmatch() check since we need
+ FNM_CASEFOLD so go back to our custom one.
+ [f10d76237486]
-2006-07-31 13:51 millert
+ * env.c:
+ Fix preserving of variables in env_keep.
+ [d040049d6b84]
- * pwutil.c, sudo_edit.c: Move password/group cache cleaning out of
- sudo_end{pw,grp}ent() so we can close the passwd/group files
- early.
+ * env.c:
+ add XAUTHORIZATION
+ [0d589a5fe015]
-2006-07-31 13:50 millert
+ * UPGRADE:
+ expand upon env resetting and mention that it began in 1.6.9 not
+ 1.7.
+ [dba251655c76]
- * config.h.in, configure, configure.in, set_perms.c: Add seteuid()
- flavor of set_perms() for systems without setreuid() or
- setresuid() that have a working seteuid(). Tested on Darwin.
+ * sudoers.pod:
+ Update descriptions of env_keep and env_check to match current
+ reality.
+ [dba77357954b]
-2006-07-30 15:56 millert
+2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * mon_systrace.c: systrace_read() returns ssize_t
+ * env.c:
+ Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
+ LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
+ [eec4632bd190]
-2006-07-30 15:53 millert
+ * env.c, logging.c:
+ Treat USERNAME environemnt variable like LOGNAME/USER
+ [09f52dcfd70c]
- * configure, configure.in: Fix typo, -lldap vs. -ldap; from Tim
- Knox.
+ * env.c:
+ Don't need to populate keepenv table with the contents of the
+ checkenv table.
+ [527a14afd973]
-2006-07-28 13:12 millert
+ * sudo.c:
+ Don't force sudo into the C locale.
+ [8a5bd301ef96]
- * HISTORY: Fix typo; Matt Ackeret
+ * env.c:
+ Make env_check apply when env_reset it true. Environment variables
+ are passed through unless they contain '/' or '%'. There is no need
+ to have a variable in both env_check and env_keep.
+ [840c802721e4]
-2006-07-17 08:25 millert
+2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Print sudoers path in -V mode for root.
+ * visudo.c:
+ Remove an duplicate lock_file() call and add a comment.
+ [5af9dcdf0eb6]
-2006-06-15 14:44 millert
+ * UPGRADE:
+ Add sudo 1.6.9 upgrade note.
+ [1585149f2914]
- * ldap.c: Do a sub tree search instead of a base search (one level
- in the tree only) for sudo right objects. This allows system
- administrators to categorize the rights in a tree to make them
- easier to manage.
+2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-12-28 13:52 millert
+ * interfaces.c:
+ Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
+ small. From Klaus Wagner.
+ [d6899fc44f77]
- * sudo.pod: fix typo
+ * logging.c, sudo.h:
+ Redo the long syslog line splitting based on a patch from Eygene
+ Ryabinkin. Include memrchr() for systems without it.
+ [66a50e8d553a]
-2005-12-04 12:16 millert
+ * memrchr.c:
+ Redo the long syslog line splitting based on a patch from Eygene
+ Ryabinkin. Include memrchr() for systems without it.
+ [2f6702b7d41b]
- * ldap.c: Convert GET_OPT and GET_OPTI to use just 2 args. Add
- timelimit and bind_timelimit support; adapted from gentoo.
+ * Makefile.in, config.h.in, configure, configure.in:
+ Redo the long syslog line splitting based on a patch from Eygene
+ Ryabinkin. Include memrchr() for systems without it.
+ [407a46190921]
-2005-11-23 18:57 millert
+ * configure.in:
+ Since we need to be able to convert timespec to timeval for utimes()
+ the last 3 digits in the tv_nsec are not significant. This makes the
+ sudoedit file date comparison work again.
+ [9d0258849fa9]
- * ldap.c: Support comments that start in the middle of a line
+2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-11-23 18:56 millert
+ * aclocal.m4, configure, configure.in:
+ Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
+ This deals with exclusive authentication methods in a simple way.
+ [7d70072c0f35]
- * configure.in, configure: Define LDAP_DEPRECATED until we start
- using ldap_get_values_len()
+2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-11-18 09:55 millert
+ * LICENSE:
+ mkstemp.c is BSD code too.
+ [29e236d98162]
- * closefrom.c: Silence gcc -Wsign-compare; djm@openbsd.org
+ * sudo.pod, sudoers.pod, visudo.pod:
+ No commercial support for now.
+ [7c76b3e192dd]
-2005-11-17 20:39 millert
+2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c: cleanup() now
- takes an int as an arg so it can be used as a signal handler too.
+ * sudo.c:
+ cleanenv() is no more.
+ [518080514408]
-2005-11-17 20:38 millert
+2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Make a copy of the shell field in the passwd struct for
- NewArgv to avoid a use after free situation after sudo_endpwent()
- is called.
+ * ChangeLog:
+ Display branch info in Changelog
+ [44e3b27427c7]
-2005-11-16 20:36 millert
+ * utimes.c:
+ Include config.h early so we have it for TIME_WITH_SYS_TIME
+ [4bf1a00d0703]
- * Makefile.in, mkstemp.c, config.h.in, configure, configure.in: Add
- mkstemp() for those poor souls without it.
+ * ChangeLog:
+ Fix Changelog generation and update.
+ [6e960dbcbece]
-2005-11-15 09:25 millert
+2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Add PERL5DB to list of environment variables to remove.
+ * closefrom.c:
+ Use /proc/self/fd instead of /proc/$$/fd
-2005-11-13 15:49 millert
+ Move old-style fd closing into closefrom_fallback() and call that if
+ /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
+ [faa7e4810758]
- * mon_systrace.c, mon_systrace.h: Instead of calling the check
- function twice with a state cookie use separate check/log
- functions.
+ * auth/kerb5.c, config.h.in, configure.in:
+ o use krb5_verify_user() if available instead of doing it by hand o
+ use krb5_init_secure_context() if we have it o pass an encryption
+ type of 0 to krb5_kt_read_service_key() instead of
+ ENCTYPE_DES_CBC_MD5 to let kerberos choose.
+ [df7acf72bd7c]
- Check more ioctl() calls for failure.
+ * env.c:
+ Check TERM and COLORTERM for '%' and '/' characters. From Debian.
+ [f92d05197e40]
- systrace_{read,write} now return the number of bytes read/written
- or -1 on error.
+ * configure.in:
+ Fix closefrom() substitution in the Makefile
+ [b642b13fcc5c]
-2005-11-13 14:51 millert
+ * TROUBLESHOOTING:
+ Mention alternate sudo pronunciation.
+ [7c71dc73409f]
- * env.c: Add more environment variables to remove; from gentoo
- linux Add some comments about what bad env variables go to what
- (more to do)
+2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-11-11 17:23 millert
+ * env.c:
+ Remove KRB5_KTNAME from environment. Allow COLORTERM.
+ [70f35a79f780]
- * sudo.c, sudo_edit.c: Move sudo_end{gr,pw}ent() until just before
- the exec since they free up our cached copy of the passwd
- structs, including sudo_user and sudo_runas. Fixes a
- use-after-free bug.
+ * auth/kerb5.c:
+ If we cannot get a valid service key using the default keytab it is
+ a fatal error. Fixes a bug where sudo could be tricked into
+ allowing access when it should not by a fake KDC. From Thor Lancelot
+ Simon.
+ [a3ae6a47cb23]
-2005-11-11 17:19 millert
+2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: Close all fd's before executing editor.
+ * aclocal.m4, configure, configure.in:
+ Update long long checks to use AC_CHECK_TYPES and to cache values.
+ [047318eaaeb2]
-2005-11-11 17:17 millert
+ * aclocal.m4, configure.in:
+ Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
+ use AC_REPLACE_FNMATCH since that assumes replacing with GNU
+ fnmatch.
+ [80513a1003ea]
- * sudo.c: Enable malloc debugging on OpenBSD when SUDO_DEVEL is
- set.
+2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-11-11 11:22 millert
+ * configure, configure.in:
+ Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
+ need it for visudo now too.
+ [50837c7c2b5e]
- * check.c: Fix fd leak when lecture file option is enabled. From
- Jerry Brown
+2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-11-07 11:02 millert
+ * sudoers.pod:
+ Attempt to clarify the bit talking about network numbers w/o
+ netmasks.
+ [211e68c1d034]
- * env.c: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
- environment variables to remove. From Charles Morris
+ * sudo.pod:
+ Clarify timestamp dir ownership sentence.
+ [9178f132c7f7]
-2005-11-01 13:24 millert
+2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
+ * auth/pam.c:
+ Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
+ Dmitry V. Levin.
+ [81fce91667bc]
-2005-10-27 20:35 millert
+2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: add PS4 and SHELLOPTS to initial_badenv_table for bash
+ * sudo.c:
+ -i is also one of the mutually exclusive options to list it in the
+ warning message. Noted by Chris Pepper.
+ [7da73fb248e9]
-2005-08-14 20:32 millert
+2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Fix typo; Toby Peterson
+ * visudo.pod:
+ The sudoers variable is env_editor, not enveditor. From Jean-
+ Francois Saucier.
+ [2a86ec09a6db]
-2005-08-02 09:57 millert
+2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * tsgetgrpw.c: Make return buffers static so they don't get
- clobbered
+ * redblack.c:
+ I tracked down the original author so credit him and include his
+ license info.
+ [3733553a1bba]
-2005-07-27 21:14 millert
+2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/securid5.c: Fix securid5 authentication, was not checking
- for ACM_OK. Also add default cases for the two switch()es.
- Problem noted by ccon at worldbank
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+ sudoers.pod:
+ Fix typos; from Jason McIntyre.
+ [1ee4ce2512f2]
-2005-06-26 20:10 millert
+ * logging.c:
+ Restore signal mask before calling reapchild(). Fixes a possible
+ race condition that could prevent sudo from properly waiting for the
+ child.
+ [9ee4192385dc]
- * ldap.c: Remove ncat() in favor of just counting bytes and
- pre-allocating what is needed.
+2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-06-26 19:44 millert
+ * pwutil.c:
+ Don't declare pw_free() if we are not going to use it.
+ [adb79a4289ca]
- * ldap.c: Fix up some comments Add missing fclose() for the
- rootbinddn case
+ * env.c:
+ Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
+ LDR_PRELOAD64. The 64-bit version is not currently supported.
+ Remove zero_env() prototype as it no longer exists.
+ [b4fe65027fb6]
-2005-06-26 19:38 millert
+2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: align struct ldap_config
+ * logging.c:
+ Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
+ [78002ad90f7b]
-2005-06-26 19:37 millert
+2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: use LINE_MAX for max conf file line size
+ * auth/pam.c:
+ If the user enters ^C at the password prompt, abort instead of
+ trying to authenticate with an empty password (which causes an
+ annoying delay).
+ [da3f27b747c7]
-2005-06-26 18:36 millert
+2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * pathnames.h.in: add _PATH_LDAP_SECRET
+ * closefrom.c, config.h.in, configure, configure.in:
+ Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
+ Darren Tucker.
+ [0331b7780759]
-2005-06-26 18:36 millert
+ * pwutil.c:
+ pw_free() is only used by sudo_freepwcache() so ifdef it out too.
+ [0014c0d9eeba]
- * README.LDAP: Mention rootbinddn Give example ou=SUDOers container
+2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-06-25 18:03 millert
+ * config.guess, config.sub:
+ Update to latest versions from cvs.savannah.gnu.org
+ [aa0143101c20]
- * configure, INSTALL, configure.in, ldap.c: Support rootbinddn in
- ldap.conf
+2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-06-25 17:46 millert
+ * pwutil.c, sudo_edit.c:
+ Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
+ we can close the passwd/group files early.
+ [559074bd7eb7]
- * env.c, sudo.pod, sudoers.pod: Preserve DISPLAY environment
- variable by default.
+ * config.h.in, configure, configure.in, set_perms.c:
+ Add seteuid() flavor of set_perms() for systems without setreuid()
+ or setresuid() that have a working seteuid(). Tested on Darwin.
+ [508d8da99189]
-2005-06-25 16:39 millert
+2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * acsite.m4, configure: set need_lib_prefix=no for all cases; this
- is safe for LD_PRELOAD
+ * mon_systrace.c:
+ systrace_read() returns ssize_t
+ [9f97d1d1a59d]
-2005-06-25 16:15 millert
+ * configure, configure.in:
+ Fix typo, -lldap vs. -ldap; from Tim Knox.
+ [a8cc43c3bb2a]
- * acsite.m4, configure: set need_version=no for all cases; this is
- safe for LD_PRELOAD
+2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-06-25 14:45 millert
+ * HISTORY:
+ Fix typo; Matt Ackeret
+ [86964ee3dfbd]
- * aclocal.m4: typo
+2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-06-25 14:33 millert
+ * sudo.c:
+ Print sudoers path in -V mode for root.
+ [dc43f2d75bd9]
- * configure, configure.in: Add dragonfly
+2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-06-25 14:29 millert
+ * ldap.c:
+ Do a sub tree search instead of a base search (one level in the tree
+ only) for sudo right objects. This allows system administrators to
+ categorize the rights in a tree to make them easier to manage.
+ [6d2d9abf996e]
- * auth/pam.c: Fix call to pam_end() when pam_open_session() fails.
+2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-06-25 14:21 millert
+ * sudo.pod:
+ fix typo
+ [1473413bcbda]
- * configure: regen
+2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-06-25 14:20 millert
+ * ldap.c:
+ Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
+ bind_timelimit support; adapted from gentoo.
+ [afc816093026]
- * acsite.m4: rebuild acsite.m4 from libtool 1.9f libtool.m4
- ltoptions.m4 ltsugar.m4 ltversion.m4
+2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-06-25 14:08 millert
+ * ldap.c:
+ Support comments that start in the middle of a line
+ [c25df6ee3db8]
- * config.guess, config.sub, ltmain.sh: merge in local changes:
- config.guess: o better openbsd support config.sub: o hiuxmpp
- support ltmain.sh o remove requirement that libs must begin with
- "lib" o don't print a bunch of crap about library installs o
- don't run ldconfig
+ * configure, configure.in:
+ Define LDAP_DEPRECATED until we start using ldap_get_values_len()
+ [ee249bfe230a]
-2005-06-25 14:05 millert
+2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.guess, config.sub, ltmain.sh: libtool 1.9f
+ * closefrom.c:
+ Silence gcc -Wsign-compare; djm@openbsd.org
+ [28769ce6418d]
-2005-06-25 14:04 millert
+ * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ cleanup() now takes an int as an arg so it can be used as a signal
+ handler too.
+ [2bb0df34d09c]
- * configure.in: Update with autoupdate and make minor changes for
- libtool 1.9f
+ * sudo.c:
+ Make a copy of the shell field in the passwd struct for NewArgv to
+ avoid a use after free situation after sudo_endpwent() is called.
+ [5dcc9ffd362e]
-2005-06-22 23:19 millert
+2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: don't call sudo_ldap_display_cmnd if ldap not setup
+ * config.h.in, configure, configure.in:
+ Add mkstemp() for those poor souls without it.
+ [5fdd02e863e0]
-2005-06-22 23:04 millert
+ * mkstemp.c:
+ Add mkstemp() for those poor souls without it.
+ [c99401207860]
- * check.c, compat.h, fileops.c, gettime.c, sudo_edit.c, visudo.c,
- emul/timespec.h: Move declatation of struct timespec to its own
- include files for systems without it since it needs time_t
- defined.
+ * Makefile.in:
+ Add mkstemp() for those poor souls without it.
+ [9c1cf2678f24]
-2005-06-22 22:57 millert
+2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Don't set safe_cmnd for the "sudo ALL" case.
+ * env.c:
+ Add PERL5DB to list of environment variables to remove.
+ [7375c27ecf75]
-2005-05-27 01:59 millert
+2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: Call pam_open_session() and pam_close_session() to
- give pam_limits a chance to run. Idea from Karel Zak.
+ * mon_systrace.c, mon_systrace.h:
+ Instead of calling the check function twice with a state cookie use
+ separate check/log functions.
-2005-04-24 19:24 millert
+ Check more ioctl() calls for failure.
- * check.c, sudo.c: Add explicit cast from mode_t -> u_int in printf
- to silence warnings on Solaris
+ systrace_{read,write} now return the number of bytes read/written or
+ -1 on error.
+ [3dc8946d90e9]
-2005-04-24 19:22 millert
+ * env.c:
+ Add more environment variables to remove; from gentoo linux Add some
+ comments about what bad env variables go to what (more to do)
+ [6918110a6b82]
- * parse.c: include grp.h to silence a warning on Solaris
+2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-04-23 15:10 millert
+ * sudo.c, sudo_edit.c:
+ Move sudo_end{gr,pw}ent() until just before the exec since they free
+ up our cached copy of the passwd structs, including sudo_user and
+ sudo_runas. Fixes a use-after-free bug.
+ [54de3778bad0]
- * parse.c: Fix printing of += and -= defaults.
+ * visudo.c:
+ Close all fd's before executing editor.
+ [4fcc05e1bec8]
-2005-04-17 01:21 millert
+ * sudo.c:
+ Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
+ [ef0e8ffa5c9f]
- * mon_systrace.c: Sanity check number of syscall args with argsize.
- Not really needed but a little paranoia never hurts.
+ * check.c:
+ Fix fd leak when lecture file option is enabled. From Jerry Brown
+ [ce97f9207cd8]
-2005-04-17 01:18 millert
+2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * mon_systrace.c, mon_systrace.h: Don't do pointer arithmetic on
- void * Use int, not size_t/ssize_t for systrace lengths (since it
- uses int)
+ * env.c:
+ Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
+ environment variables to remove. From Charles Morris
+ [c96e1367d1c1]
-2005-04-16 03:14 millert
+2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * mon_systrace.c: Add some memsets for paranoia Fix namespace
- collsion w/ error Check rval of decode_args() and update_env()
- Remove improper setting of validated variable
+ * env.c:
+ add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
+ [72a6a1571226]
-2005-04-11 21:37 millert
+2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, sudo.c, sudo.h: In -l mode, only check local sudoers
- file if def_ignore_sudoers is not set and call LDAP versions from
- display_privs() and display_cmnd() instead of directly from
- main(). Because of this we need to defer closing the ldap
- connection until after -l processing has ocurred and we must pass
- in the ldap pointer to display_privs() and display_cmnd().
+ * env.c:
+ add PS4 and SHELLOPTS to initial_badenv_table for bash
+ [89dfb3f318f3]
-2005-04-11 21:33 millert
+2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Reorganize LDAP code to better match normal sudoers
- parsing. Instead of storing strings for later printing in -l
- mode we do another query since the authenticating user and the
- user being listed may not be the same (the new -U flag). Also
- add support for "sudo -l command".
+ * sudoers.pod:
+ Fix typo; Toby Peterson
+ [b7a3222b23f4]
- There is still a fair bit if duplicated code that can probably be
- refactored.
+2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-04-11 00:37 millert
+ * tsgetgrpw.c:
+ Make return buffers static so they don't get clobbered
+ [13323a39b9f5]
- * ldap.c: Replace pass variable with do_netgr for better
- readability.
+2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-04-10 23:49 millert
+ * auth/securid5.c:
+ Fix securid5 authentication, was not checking for ACM_OK. Also add
+ default cases for the two switch()es. Problem noted by ccon at
+ worldbank
+ [14091e418333]
- * ldap.c: use DPRINTF macro
+2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-04-10 23:18 millert
+ * ldap.c:
+ Remove ncat() in favor of just counting bytes and pre-allocating
+ what is needed.
+ [25b8712adb61]
- * ldap.c: estrdup, not strdup
+2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-04-10 17:44 millert
+ * ldap.c:
+ Fix up some comments Add missing fclose() for the rootbinddn case
+ [ae95c8a89711]
- * parse.c: Add macro to test if the tag changed to improve
- readability.
+ * ldap.c:
+ align struct ldap_config
+ [35d0d64c76f8]
-2005-04-10 17:40 millert
+ * ldap.c:
+ use LINE_MAX for max conf file line size
+ [da116cb8853d]
- * parse.c: Avoid printing defaults header if there are no defaults
- to print...
+ * pathnames.h.in:
+ add _PATH_LDAP_SECRET
+ [128b04ecfab7]
-2005-04-10 15:29 millert
+ * README.LDAP:
+ Mention rootbinddn Give example ou=SUDOers container
+ [852edc69bd1c]
- * glob.c: Fix a warning on systems without strlcpy().
+2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-04-10 13:32 millert
+ * INSTALL, configure, configure.in, ldap.c:
+ Support rootbinddn in ldap.conf
+ [1615c91522a1]
- * pwutil.c: Use macros where possible for sudo_grdup() like
- sudo_pwdup().
+ * env.c, sudo.pod, sudoers.pod:
+ Preserve DISPLAY environment variable by default.
+ [05f503d5f438]
-2005-04-08 17:04 millert
+ * acsite.m4, configure:
+ set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
+ [18a04dea8d05]
- * utimes.c: It is possible for tv_usec to hold >= 1000000 usecs so
- add in tv_usec / 1000000.
+ * acsite.m4, configure:
+ set need_version=no for all cases; this is safe for LD_PRELOAD
+ [b542560e1a73]
-2005-03-29 23:38 millert
+ * aclocal.m4:
+ typo
+ [c040df0fcd5a]
- * auth/kerb5.c: The component in krb5_principal_get_comp_string()
- should be 1, not 0 for Heimdal. From Alex Plotnick.
+ * configure, configure.in:
+ Add dragonfly
+ [f13794618636]
-2005-03-29 09:29 millert
+ * auth/pam.c:
+ Fix call to pam_end() when pam_open_session() fails.
+ [0be47cdfdef1]
- * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c,
- gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c,
- pwutil.c, redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
- Add efree() for consistency with emalloc() et al. Allows us to
- rely on C89 behavior (free(NULL) is valid) even on K&R.
+ * configure:
+ regen
+ [7f5c13b4b800]
-2005-03-28 22:33 millert
+ * acsite.m4:
+ rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
+ ltsugar.m4 ltversion.m4
+ [a7ba9fd1a2ab]
- * parse.c, sudo.c: Move initgroups() for -U option into
- display_privs() so group matching in sudoers works correctly.
+ * config.guess, config.sub, ltmain.sh:
+ merge in local changes: config.guess: o better openbsd support
+ config.sub: o hiuxmpp support ltmain.sh o remove requirement that
+ libs must begin with "lib" o don't print a bunch of crap about
+ library installs o don't run ldconfig
+ [f4149f2c720f]
-2005-03-26 21:34 millert
+ * config.guess, config.sub, ltmain.sh:
+ libtool 1.9f
+ [82a534e7121f]
- * ldap.c: Removed duplicate call to ldap_unbind_s introduced along
- with sudo_ldap_close.
+ * configure.in:
+ Update with autoupdate and make minor changes for libtool 1.9f
+ [11b5ae5c1428]
+
+2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-03-26 20:01 millert
+ * parse.c:
+ don't call sudo_ldap_display_cmnd if ldap not setup
+ [8bcf6c094ffe]
+
+ * sudo_edit.c, visudo.c:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [b95c333299a0]
- * parse.c: Add missing space in Defaults printing
+ * gettime.c:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [021b4569cc0c]
-2005-03-25 12:36 millert
+ * fileops.c:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [dd8573b2ee7d]
- * pwutil.c: Sync sudo_pwdup with OpenBSD changes: use macros for
- size computaton and string copies.
+ * emul/timespec.h:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [f95137771564]
-2005-03-18 22:08 millert
+ * check.c, compat.h:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [2ef2ace8fe85]
+
+ * ldap.c:
+ Don't set safe_cmnd for the "sudo ALL" case.
+ [ad7fa9e07da0]
- * pwutil.c: Zero old pw_passwd before replacing with version from
- shadow file.
+2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-03-18 22:07 millert
+ * auth/pam.c:
+ Call pam_open_session() and pam_close_session() to give pam_limits a
+ chance to run. Idea from Karel Zak.
+ [fed46d471350]
- * configure, configure.in: Only attempt shadow password detection
- if PAM is not being used Add shadow_* variables to make shadow
- password detection more generic.
+2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-03-18 21:46 millert
+ * check.c, sudo.c:
+ Add explicit cast from mode_t -> u_int in printf to silence warnings
+ on Solaris
+ [17bb961fe22d]
- * configure.in: Use OSDEFS for os-specific -D_FOO_BAR stuff rather
- than CPPFLAGS
+ * parse.c:
+ include grp.h to silence a warning on Solaris
+ [14386fbab640]
+
+2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Fix printing of += and -= defaults.
+ [a667604c56cd]
+
+2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Sanity check number of syscall args with argsize. Not really needed
+ but a little paranoia never hurts.
+ [6bb455a2c2d6]
+
+ * mon_systrace.c, mon_systrace.h:
+ Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
+ for systrace lengths (since it uses int)
+ [3cafccffcffd]
+
+2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Add some memsets for paranoia Fix namespace collsion w/ error Check
+ rval of decode_args() and update_env() Remove improper setting of
+ validated variable
+ [3d385158354d]
-2005-03-12 19:27 millert
+2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: use a non-breaking space to avoid a double space
- after e.g.
+ * parse.c, sudo.c, sudo.h:
+ In -l mode, only check local sudoers file if def_ignore_sudoers is
+ not set and call LDAP versions from display_privs() and
+ display_cmnd() instead of directly from main(). Because of this we
+ need to defer closing the ldap connection until after -l processing
+ has ocurred and we must pass in the ldap pointer to display_privs()
+ and display_cmnd().
+ [1dfc2e8c9f2b]
-2005-03-12 19:26 millert
+ * ldap.c:
+ Reorganize LDAP code to better match normal sudoers parsing.
+ Instead of storing strings for later printing in -l mode we do
+ another query since the authenticating user and the user being
+ listed may not be the same (the new -U flag). Also add support for
+ "sudo -l command".
- * sudo.pod: commna, not colon after e.g.
+ There is still a fair bit if duplicated code that can probably be
+ refactored.
+ [e9568f19bde5]
-2005-03-12 18:43 millert
+2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_noexec.c: Add __ variants of the exec functions. GNU libc
- at least uses __execve() internally.
+ * ldap.c:
+ Replace pass variable with do_netgr for better readability.
+ [1bba841b6e79]
-2005-03-12 12:29 millert
+ * ldap.c:
+ use DPRINTF macro
+ [02b159b66bb5]
- * indent.pro: Match reality a bit more.
+ * ldap.c:
+ estrdup, not strdup
+ [22cdee7973c1]
-2005-03-12 12:27 millert
+2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * pwutil.c: Missed piece from rev. 1.6, fix sudo_getpwnam() too.
+ * parse.c:
+ Add macro to test if the tag changed to improve readability.
+ [4e11b4819556]
-2005-03-11 23:42 millert
+ * parse.c:
+ Avoid printing defaults header if there are no defaults to print...
+ [41a28627df03]
- * pwutil.c: Store shadow password after making a local copy of
- struct passwd in case normal and shadow routines use the same
- internal buffer in libc.
+ * glob.c:
+ Fix a warning on systems without strlcpy().
+ [6814e0f0e4f4]
-2005-03-10 20:57 millert
+ * pwutil.c:
+ Use macros where possible for sudo_grdup() like sudo_pwdup().
+ [30f201ff35cd]
- * alloc.c, logging.c: Make varargs usage consistent with the rest
- of the code.
+2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-03-10 10:09 millert
+ * utimes.c:
+ It is possible for tv_usec to hold >= 1000000 usecs so add in
+ tv_usec / 1000000.
+ [794ac4d53a65]
- * sudo_noexec.c: Wrap more of the exec family since on Linux the
- others do not appear to go through the normal execve() path.
+2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-03-10 09:57 millert
+ * auth/kerb5.c:
+ The component in krb5_principal_get_comp_string() should be 1, not 0
+ for Heimdal. From Alex Plotnick.
+ [fefa351c5044]
- * visudo.c: make print_unused static like proto says
+2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-03-10 09:55 millert
+ * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
+ interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
+ redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
+ Add efree() for consistency with emalloc() et al. Allows us to rely
+ on C89 behavior (free(NULL) is valid) even on K&R.
+ [7876bb80d87c]
- * glob.c: silence a warning on K&R systems
+ * parse.c, sudo.c:
+ Move initgroups() for -U option into display_privs() so group
+ matching in sudoers works correctly.
+ [b074428ad2ca]
-2005-03-10 09:51 millert
+2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, alias.c, error.c: make this build in K&R land
+ * ldap.c:
+ Removed duplicate call to ldap_unbind_s introduced along with
+ sudo_ldap_close.
+ [19acc1c20f7c]
-2005-03-07 22:21 millert
+ * parse.c:
+ Add missing space in Defaults printing
+ [95d2935bf6d4]
- * toke.c: regen
+2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-03-05 22:46 millert
+ * pwutil.c:
+ Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
+ and string copies.
+ [6b6b241495e5]
- * ldap.c: return(foo) not return foo optimize _atobool() slightly
+2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-03-05 22:40 millert
+ * pwutil.c:
+ Zero old pw_passwd before replacing with version from shadow file.
+ [3251b349dfe1]
- * ldap.c: Use TRUE/FALSE
+ * configure, configure.in:
+ Only attempt shadow password detection if PAM is not being used Add
+ shadow_* variables to make shadow password detection more generic.
+ [d498a3423ac9]
-2005-03-05 22:31 millert
+ * configure.in:
+ Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
+ [04d55bbd5e35]
- * ldap.c: Reformat to match the rest of sudo's code.
+2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-03-05 19:33 millert
+ * sudoers.pod:
+ use a non-breaking space to avoid a double space after e.g.
+ [11cdb54bdf7b]
- * sudo.pod: I am the primary author
+ * sudo.pod:
+ commna, not colon after e.g.
+ [8d5875ff72e0]
-2005-02-22 22:28 millert
+2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * README, RUNSON, Makefile.in: The RUNSON file is toast--it
- confused too many people and really isn't needed in a
- configure-oriented world.
+ * sudo_noexec.c:
+ Add __ variants of the exec functions. GNU libc at least uses
+ __execve() internally.
+ [d1880473d790]
-2005-02-22 22:28 millert
+ * indent.pro:
+ Match reality a bit more.
+ [633e3fa875a7]
- * INSTALL: alternate -> alternative
+ * pwutil.c:
+ Missed piece from rev. 1.6, fix sudo_getpwnam() too.
+ [128f7b21c2ee]
-2005-02-22 22:26 millert
+ * pwutil.c:
+ Store shadow password after making a local copy of struct passwd in
+ case normal and shadow routines use the same internal buffer in
+ libc.
+ [f806052a6ffc]
- * tgetpass.c: Use TCSADRAIN instead of TCSAFLUSH since some OSes
- have issues with TCSAFLUSH.
+2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-02-22 22:16 millert
+ * alloc.c, logging.c:
+ Make varargs usage consistent with the rest of the code.
+ [3d45affc9851]
- * toke.l: Allow leading blanks before Defaults and Foo_Alias
- definitions
+2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-02-22 22:14 millert
+ * sudo_noexec.c:
+ Wrap more of the exec family since on Linux the others do not appear
+ to go through the normal execve() path.
+ [8167769b4e19]
- * Makefile.in: fix rules to build toke.o and gram.o in devel mode
+ * visudo.c:
+ make print_unused static like proto says
+ [ecf10e1bae55]
-2005-02-20 13:00 millert
+ * glob.c:
+ silence a warning on K&R systems
+ [2e00425f1a5c]
- * sudoers.pod: env_keep overrides set_logname
+ * alias.c, error.c:
+ make this build in K&R land
+ [156f65f8525a]
-2005-02-20 12:57 millert
+ * parse.c:
+ make this build in K&R land
+ [6fc9276889cb]
- * env.c: Fix disabling set_logname and make env_keep override
- set_logname.
+2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-02-20 12:28 millert
+ * toke.c:
+ regen
+ [3b349748cd21]
- * compat.h, config.h.in, configure, configure.in: No longer need
- memmove()
+2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-02-20 11:48 millert
+ * ldap.c:
+ return(foo) not return foo optimize _atobool() slightly
+ [11d09d154ed5]
- * env.c, sudo.c: Just clean the environment once. This assumes
- that any further setenv/putenv will be able to handle the fact
- that we replaced environ with our own malloc'd copy but all the
- implementations I've checked do.
+ * ldap.c:
+ Use TRUE/FALSE
+ [53999320d98f]
-2005-02-15 23:16 millert
+ * ldap.c:
+ Reformat to match the rest of sudo's code.
+ [1bd0f2afa0e7]
- * env.c, sudo.c: In -i mode, base the value of insert_env()'s
- dupcheck flag on DID_FOO flags. Move checks for $HOME resetting
- into rebuild_env()
+ * sudo.pod:
+ I am the primary author
+ [5d311ecd85c6]
-2005-02-13 00:33 millert
+2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c, sudo.c: Move setting of user_path, user_shell, user_prompt
- and prev_user into init_vars() since user_shell at least is
- needed there.
+ * Makefile.in, README, RUNSON:
+ The RUNSON file is toast--it confused too many people and really
+ isn't needed in a configure-oriented world.
+ [96a6ef7bbc08]
-2005-02-12 18:51 millert
+ * INSTALL:
+ alternate -> alternative
+ [b65015c5d0a2]
- * Makefile.in: fix devel builds
+ * tgetpass.c:
+ Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
+ TCSAFLUSH.
+ [c66b4763ffdc]
-2005-02-12 18:46 millert
+ * toke.l:
+ Allow leading blanks before Defaults and Foo_Alias definitions
+ [2add513d9277]
- * check.c, sudo.c: Fix some printf format mismatches on error.
+ * Makefile.in:
+ fix rules to build toke.o and gram.o in devel mode
+ [96cbb414ebd3]
-2005-02-12 18:33 millert
+2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, gram.c, toke.c: regen
+ * sudoers.pod:
+ env_keep overrides set_logname
+ [401877193a15]
+
+ * env.c:
+ Fix disabling set_logname and make env_keep override set_logname.
+ [0906e7a5ed93]
+
+ * compat.h, config.h.in, configure, configure.in:
+ No longer need memmove()
+ [43bdb6efe3f2]
+
+ * env.c, sudo.c:
+ Just clean the environment once. This assumes that any further
+ setenv/putenv will be able to handle the fact that we replaced
+ environ with our own malloc'd copy but all the implementations I've
+ checked do.
+ [11658fe92ba2]
-2005-02-12 17:56 millert
+2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * LICENSE, Makefile.binary.in, Makefile.in, aclocal.m4, alias.c,
- alloc.c, check.c, closefrom.c, compat.h, configure.in,
- defaults.c, defaults.h, env.c, error.c, fileops.c, find_path.c,
- getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.y,
- interfaces.c, interfaces.h, ldap.c, logging.c, logging.h,
- match.c, mon_systrace.c, parse.c, redblack.c, redblack.h,
- set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c,
- strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.pod, sudo_edit.c,
- sudo_noexec.c, sudoers.pod, testsudoers.c, tgetpass.c, toke.l,
- utimes.c, version.h, visudo.c, visudo.pod, zero_bytes.c,
- auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
- auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
- auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
- emul/utime.h: Update copyright years.
+ * env.c, sudo.c:
+ In -i mode, base the value of insert_env()'s dupcheck flag on
+ DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
+ [8365b0bd0c71]
-2005-02-12 16:46 millert
+2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ Move setting of user_path, user_shell, user_prompt and prev_user
+ into init_vars() since user_shell at least is needed there.
+ [37e22dce66e9]
+
+2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fix devel builds
+ [9fbb15ef164c]
+
+ * sudo.c:
+ Fix some printf format mismatches on error.
+ [ffc1c3f11740]
+
+ * check.c:
+ Fix some printf format mismatches on error.
+ [7b3b508adf50]
+
+ * configure, gram.c, toke.c:
+ regen
+ [aa76f9d8b02a]
+
+ * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
+ auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
+ auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
+ auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
+ closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
+ emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
+ getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
+ interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
+ parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
+ snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
+ sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
+ testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
+ visudo.pod, zero_bytes.c:
+ Update copyright years.
+ [0610c3654739]
+
+ * Makefile.binary.in:
+ Update copyright years.
+ [d78ffc9f2e2b]
+
+ * LICENSE:
+ Update copyright years.
+ [f60473bca4b1]
* BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
- version 1.7
-
-2005-02-12 16:16 millert
-
- * WHATSNEW: What's new in sudo 1.7, based on the 1.7 CHANGES
- entries.
-
-2005-02-11 18:06 millert
-
- * compat.h, logging.h, sudo.h: Add __printflike and use it with gcc
- to warn about printf-like format mismatches
-
-2005-02-10 00:16 millert
-
- * CHANGES, ChangeLog: Replaced CHANGES file with ChangeLog
- generated from cvs logs
-
-2005-02-10 00:03 millert
-
- * set_perms.c: Use warning/error instead of perror/fatal.
-
-2005-02-09 23:13 millert
-
- * config.guess: Update OpenBSD section
-
-2005-02-09 23:10 millert
-
- * UPGRADE: Add upgrading noted for 1.7
-
-2005-02-09 23:00 millert
-
- * env.c, sudo.c, sudoers.pod: Instead of zeroing out the
- environment, just prune out entries based on the env_delete and
- env_check lists. Base building up the new environment on the
- current environment and the variables we removed initially.
-
-2005-02-09 22:23 millert
-
- * configure, configure.in, sudo.c, config.h.in: Set locale to "C"
- if locales are supported, just to be safe.
-
-2005-02-09 22:19 millert
-
- * toke.c, toke.l: Cast argument to ctype functions to unsigned
- char.
-
-2005-02-07 22:56 millert
-
- * env.c: correct value for DID_USER
-
-2005-02-07 22:55 millert
-
- * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c: #include
- <compat.h> not "compat.h"
-
-2005-02-07 22:51 millert
-
- * defaults.c: Reset the environment by default.
-
-2005-02-07 22:50 millert
-
- * sudo.c: Alloc an extra slot in NewArgv. Removes the need to
- malloc an new vector if execve() fails.
-
-2005-02-06 23:16 millert
+ version 1.7
+ [aa977a544ca1]
- * INSTALL, config.h.in, configure, configure.in, sudo.c: Use
- execve(2) and wrap the command in sh if we get ENOEXEC.
+ * WHATSNEW:
+ What's new in sudo 1.7, based on the 1.7 CHANGES entries.
+ [ecfcf7269c14]
-2005-02-05 23:01 millert
+2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_noexec.c: Only include time.h on systems that lack struct
- timespec which gets defind in compat.h (using time_t).
+ * compat.h, logging.h, sudo.h:
+ Add __printflike and use it with gcc to warn about printf-like
+ format mismatches
+ [b192ad4a0548]
-2005-02-05 22:59 millert
+2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_noexec.c: Include time.h for time_t in compat.h for systems
- w/o struct timespec.
+ * CHANGES, ChangeLog:
+ Replaced CHANGES file with ChangeLog generated from cvs logs
+ [d9ace9dab98f]
-2005-02-05 22:56 millert
+ * set_perms.c:
+ Use warning/error instead of perror/fatal.
+ [e33259df7738]
- * configure, compat.h, config.h.in, configure.in: use bcopy on
- systems w/o memmove
+ * config.guess:
+ Update OpenBSD section
+ [9d2c23de6801]
-2005-02-05 22:31 millert
+ * UPGRADE:
+ Add upgrading noted for 1.7
+ [1fb6b6d6df07]
- * compat.h: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1
- so limit its use to gcc >= 2.8.
+ * env.c, sudo.c, sudoers.pod:
+ Instead of zeroing out the environment, just prune out entries based
+ on the env_delete and env_check lists. Base building up the new
+ environment on the current environment and the variables we removed
+ initially.
+ [fc192df8fd15]
-2005-02-05 21:21 millert
+ * config.h.in, configure, configure.in, sudo.c:
+ Set locale to "C" if locales are supported, just to be safe.
+ [91fbaa98f02e]
- * Makefile.in: Add explicit rule to build sudo_noexec.lo
+ * toke.c, toke.l:
+ Cast?argument to ctype functions to unsigned char.
+ [e096b4d65796]
+
+2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ correct value for DID_USER
+ [b5b05d36ec15]
+
+ * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
+ #include <compat.h> not "compat.h"
+ [7a0ad9a0ccd7]
+
+ * defaults.c:
+ Reset the environment by default.
+ [4ecc6423e0f0]
+
+ * sudo.c:
+ Alloc an extra slot in NewArgv. Removes the need to malloc an new
+ vector if execve() fails.
+ [83dfb6f584a7]
+
+2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, config.h.in, configure, configure.in, sudo.c:
+ Use execve(2) and wrap the command in sh if we get ENOEXEC.
+ [c0c6af4e2a21]
+
+2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_noexec.c:
+ Only include time.h on systems that lack struct timespec which gets
+ defind in compat.h (using time_t).
+ [e373e518b4cb]
+
+ * sudo_noexec.c:
+ Include time.h for time_t in compat.h for systems w/o struct
+ timespec.
+ [a34b5637e458]
+
+ * compat.h, config.h.in, configure, configure.in:
+ use bcopy on systems w/o memmove
+ [f835eafd78c6]
+
+ * compat.h:
+ __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
+ use to gcc >= 2.8.
+ [1cb9a4e58566]
+
+ * Makefile.in:
+ Add explicit rule to build sudo_noexec.lo
+ [df1dfcf8dd77]
-2005-02-05 17:56 millert
+2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL.configure, Makefile.in: No longer depend on VPATH;
- pointed out a bunch of missed dependencies.
+ * INSTALL.configure, Makefile.in:
+ No longer depend on VPATH; pointed out a bunch of missed
+ dependencies.
+ [601a45d4af6b]
+
+ * TROUBLESHOOTING:
+ Help for PAM when account section is missing
+ [9b8221256756]
-2005-02-05 13:18 millert
+ * auth/pam.c:
+ Give user a clue when there is a missing "account" section in the
+ PAM config.
+ [2529625c0495]
- * TROUBLESHOOTING: Help for PAM when account section is missing
+ * auth/pam.c:
+ Better error handling.
+ [518c9bda23d8]
+
+ * config.h.in, configure, configure.in:
+ Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
+ possible. Silences a warning about isblank() on linux.
+ [19c94d7ecdc8]
+
+ * auth/pam.c:
+ Fix typo (missing comma) that caused an incorrect number of args to
+ be passed to log_error().
+ [0099dfec560f]
+
+2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Don't try to destroy a tree we didn't create.
+ [d43c4fe03aa4]
+
+2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+ auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
+ compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
+ fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
+ goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
+ match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
+ sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
+ strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
+ tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
+ Add __unused to rcsids
+ [ad6b4ac45705]
+
+2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix error message when mixing invalid auth types
+ [68069b3ff5bc]
+
+ * INSTALL:
+ PAM, AIX auth, BSD auth and login_cap are now on by default if the
+ OS supports them.
+ [4e44e9098cf0]
+
+ * auth/sudo_auth.h, config.h.in:
+ s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
+ [2d569b43b23e]
+
+ * configure.in:
+ Better checking for conflicting authentication methods Display the
+ authentication methods used at the end of configure Rename --with-
+ authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
+ --with-pam, --with-logincap by default on systems that support them
+ unless disabled. Add OSMAJOR variable that replaces old OSREV; now
+ OSREV has full version number
+ [a21115b6fe9f]
+
+2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.in, sudo.c, sudoers.pod:
+ s/-O/-C/
+ [ee73f1b81923]
+
+2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Replace: test -n "$FOO" || FOO="bar"
+
+ With: : ${FOO='bar'}
+ [37552d9054fc]
+
+2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c, testsudoers.c, tsgetgrpw.c:
+ Use function pointers to only call private passwd/group routines
+ when using a nonstandard passwd/group file.
+ [215908681dfb]
+
+2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ sync
+ [2e55c03f5790]
+
+ * tsgetgrpw.c:
+ Can't use strtok() since it doesn't handle empty fields so add
+ getpwent()/getgrent() functions and call those.
+ [bdaa5b0db70e]
+
+2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Fix dummied out toke.c and gram.c dependencies.
+ [4b909c8b2ebe]
+
+ * Makefile.in:
+ Rename PARSESRCS -> GENERATED since it is only used in the clean
+ target Add devdir variable and use it to specify the path to parser
+ sources
+ [f27b3f41ca23]
+
+ * configure:
+ regen
+ [22c6435dbd46]
+
+ * configure.in:
+ Add a devdir variables that defaults to $(srcdir) and is set to . if
+ --devel was specified. Allows for proper dependecies building the
+ parser.
+ [a36d694c6d21]
+
+ * testsudoers.c:
+ Add support for custom passwd/group files.
+ [296549ff4b87]
+
+ * Makefile.in:
+ Build private copy of pwutil.o for testsudoers with MYPW defined so
+ it uses our own passwd/group routines.
+ [bafa54ec78ca]
+
+ * visudo.c:
+ Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
+ stubs instead. We can now just use the caching sudo_*{pw,gr}*
+ functions in pwutil.c Add comment about wanting to call
+ sudo_endpwent/sudo_endgrent in cleanup()
+ [7e59d6b5510d]
+
+ * tsgetgrpw.c:
+ Remove caching; we will just use what is in pwutil.c Use global
+ buffers for passwd/group structs Rename functions from sudo_* to
+ my_*
+ [8c1e068f574c]
+
+ * logging.c, sudo.c:
+ g/c pwcache_init/pwcache_destroy
+ [60a24909b947]
+
+ * sudo.h:
+ Undo last commit and add sudo_setspent and sudo_endspent instead.
+ [bac80db08296]
+
+ * getspwuid.c, pwutil.c:
+ Move all but the shadow stuff from getspwuid.c to pwutil.c and
+ pwcache_get and pwcache_put as they are no longer needed. Also add
+ preprocessor magic to use private versions of the passwd and group
+ routines if MYPW is defined (for use by testsudoers).
+ [a16b8678a426]
+
+ * tsgetgrpw.c:
+ zero out struct passwd/group before filling it in so if there are
+ fields we don't handle they end up as 0.
+ [274cb6a93301]
-2005-02-05 13:01 millert
+ * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ Adapt to pwutil.c
+ [43ebd04c8b82]
- * auth/pam.c: Give user a clue when there is a missing "account"
- section in the PAM config.
+ * Makefile.in:
+ Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
+ readability.
+ [7f88c6061e2d]
-2005-02-05 10:22 millert
+ * tsgetgrpw.c:
+ Passwd and group lookup routines for testsudoers that support
+ alternate passwd and group files.
+ [d7803101d34e]
+
+ * getspwuid.c, pwutil.c:
+ Split off pw/gr cache and dup code into its own file. This allows
+ visudo and testsudoers to use the pw/gr cache too.
+ [ef333d3ffedf]
+
+2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Print Defaults info in "sudo -l" output and wrap lines based on the
+ terminal width.
+ [e559eae4250e]
+
+2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c, testsudoers.c, visudo.c:
+ Only check group vector in usergr_matches() if we are matching the
+ invoking or list user. Always check the group members, even if
+ there was a group vector.
+ [d0c7ceb2a041]
+
+2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, Makefile.in, fnmatch.3:
+ No longer bundle fnmatch.3
+ [72db4a4ff4e1]
+
+ * CHANGES, TODO:
+ checkpoint
+ [e92781bfd99c]
+
+2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ sort usage
+ [15e3b876ec2c]
+
+ * sudo.pod:
+ Sort command line options
+ [c1fa56584bc4]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
+ sudo.pod, sudoers.pod:
+ Add closefrom sudoers option to start closing at a point other than
+ 3. Add closefrom_override sudoers option and -C sudo flag to allow
+ the user to specify a different closefrom starting point.
+ [370652b099d1]
+
+ * pathnames.h.in:
+ Add _PATH_DEVNULL for those without it.
+ [0c4c3e0ceb8b]
+
+ * LICENSE:
+ no more UCB strcasecmp
+ [397a6298e07f]
+
+ * strcasecmp.c:
+ replace BSD licensed one with version derived from pdksh
+ [d7cfda8c57a2]
- * auth/pam.c: Better error handling.
+2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Fix last commit.
+ [7afb9a180532]
-2005-02-05 09:57 millert
+ * sudo.c:
+ Make sure stdin, stdout and stderr are open and dup them to
+ /dev/null if not.
+ [590f387068bd]
- * configure, config.h.in, configure.in: Move _FOO_SOURCE to
- CPPFLAGS so it takes effect as early as possible. Silences a
- warning about isblank() on linux.
+2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-02-04 21:49 millert
+ * ldap.c, mon_systrace.c, sudo.c, sudo.h:
+ add sudo_ldap_close
+ [4273a36765a7]
- * auth/pam.c: Fix typo (missing comma) that caused an incorrect
- number of args to be passed to log_error().
-
-2005-01-31 23:03 millert
-
- * pwutil.c: Don't try to destroy a tree we didn't create.
-
-2005-01-27 10:42 millert
-
- * alias.c, alloc.c, check.c, closefrom.c, compat.h, defaults.c,
- env.c, error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c,
- getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.c,
- gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c,
- parse.c, pwutil.c, set_perms.c, sigaction.c, snprintf.c,
- strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
- sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c,
- toke.l, utimes.c, visudo.c, zero_bytes.c, auth/afs.c,
- auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
- auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
- auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/securid5.c, auth/sia.c, auth/sudo_auth.c: Add __unused to
- rcsids
-
-2005-01-21 10:34 millert
-
- * configure, configure.in: Fix error message when mixing invalid
- auth types
-
-2005-01-21 10:32 millert
-
- * INSTALL: PAM, AIX auth, BSD auth and login_cap are now on by
- default if the OS supports them.
-
-2005-01-21 10:29 millert
-
- * config.h.in, auth/sudo_auth.h: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
-
-2005-01-21 10:29 millert
-
- * configure.in: Better checking for conflicting authentication
- methods Display the authentication methods used at the end of
- configure Rename --with-authenticate -> --with-aixauth Use
- --with-aixauth, --with-bsdauth, --with-pam, --with-logincap by
- default on systems that support them unless disabled. Add
- OSMAJOR variable that replaces old OSREV; now OSREV has full
- version number
-
-2005-01-17 19:40 millert
-
- * def_data.c, def_data.in, sudo.c, sudoers.pod: s/-O/-C/
-
-2005-01-14 13:35 millert
-
- * configure.in: Replace: test -n "$FOO" || FOO="bar"
-
- With: : ${FOO='bar'}
+ * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
+ Use TIME_WITH_SYS_TIME
+ [c32b59bf15fb]
-2005-01-09 18:58 millert
+ * config.h.in, configure, configure.in:
+ Add TIME_WITH_SYS_TIME_H
+ [57cb146f451d]
- * pwutil.c, testsudoers.c, tsgetgrpw.c: Use function pointers to
- only call private passwd/group routines when using a nonstandard
- passwd/group file.
+2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-01-06 10:34 millert
+ * env.c:
+ Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
+ unconditionally on darwin. From Toby Peterson.
+ [d69959681c87]
- * CHANGES: sync
+ * getspwuid.c:
+ Check rbinsert() return value. In the case of faked up entries
+ there is usually a negative response cached that we need to
+ overwrite.
-2005-01-05 22:16 millert
+ In pwfree() don't try to zero out a NULL pw_passwd pointer.
+ [00b32d1a48c1]
- * tsgetgrpw.c: Can't use strtok() since it doesn't handle empty
- fields so add getpwent()/getgrent() functions and call those.
+ * mon_systrace.c:
+ Use the double fork trick to avoid the monitor process being waited
+ for by the main program run through sudo.
+ [e0ce556712ff]
-2005-01-05 17:29 millert
+2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Fix dummied out toke.c and gram.c dependencies.
+ * sudo.c:
+ Call initgroups() in -U mode so group matches work normally.
+ [2235bea15283]
-2005-01-05 17:18 millert
+ * def_data.h, mkdefaults:
+ Don't print a trailing comma for the last entry in enum def_tupple
+ [c43a96bb31df]
- * Makefile.in: Rename PARSESRCS -> GENERATED since it is only used
- in the clean target Add devdir variable and use it to specify the
- path to parser sources
+2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-01-05 17:17 millert
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Mention values when lecture, listpw and verifypw are used in boolean
+ context.
+ [a0b5c0abaccf]
- * configure: regen
+ * def_data.c, def_data.in:
+ verifypw when used in a boolean TRUE context should be "all", not
+ "any".
+ [2eb076ddd5e2]
-2005-01-05 17:17 millert
+2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: Add a devdir variables that defaults to $(srcdir)
- and is set to . if --devel was specified. Allows for proper
- dependecies building the parser.
+ * def_data.in, defaults.c:
+ Allow tuples that can be used as booleans to be used as boolean
+ TRUE. In this case the 2nd possible value of the tuple is used for
+ TRUE.
+ [bd99aa77e88b]
-2005-01-05 14:50 millert
+2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * testsudoers.c: Add support for custom passwd/group files.
+ * configure, configure.in:
+ Correct the test for 2-parameter timespecsub
+ [d41c9cb26b97]
-2005-01-05 14:47 millert
+ * sudo.h:
+ Add strub struct definitions for passwd, timeval and timespec
+ [c4ce5c43d8c5]
- * Makefile.in: Build private copy of pwutil.o for testsudoers with
- MYPW defined so it uses our own passwd/group routines.
+ * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
+ Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
+ and fix a typo in the gettimeofday check.
+ [8ac9893057ce]
-2005-01-05 14:46 millert
+2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: Remove sudo_*{pw,gr}* stubs and add
- sudo_setspent/sudo_endspent stubs instead. We can now just use
- the caching sudo_*{pw,gr}* functions in pwutil.c Add comment
- about wanting to call sudo_endpwent/sudo_endgrent in cleanup()
+ * match.c, testsudoers.c:
+ Deal with user_stat being NULL as it is for visudo and testsudoers.
+ [3605a6ff64d0]
-2005-01-05 14:44 millert
+ * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
+ Add -U option to use in conjunction with -l instead of -u. Add
+ support for "sudo -l command" to test a specific command.
+ [99638789d415]
- * tsgetgrpw.c: Remove caching; we will just use what is in pwutil.c
- Use global buffers for passwd/group structs Rename functions from
- sudo_* to my_*
+ * gram.c, gram.y, sudo.c:
+ Set safe_cmnd after sudoers_lookup() if it has not been set.
+ Previously it was set by sudo "ALL" in the parser but at that point
+ the fully-qualified pathname has not yet been found.
+ [ac30d98f8225]
-2005-01-05 14:43 millert
+2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c, sudo.c: g/c pwcache_init/pwcache_destroy
+ * parse.c, testsudoers.c:
+ Correctly handle multiple privileges per userspec and runas
+ inheritence.
+ [a98a965181af]
-2005-01-05 14:42 millert
+2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.h: Undo last commit and add sudo_setspent and sudo_endspent
- instead.
+ * defaults.c:
+ Zero out sd_un for each entry in sudo_defs_table in init_defaults.
+ [031d3cd4a848]
-2005-01-05 14:41 millert
+2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * getspwuid.c, pwutil.c: Move all but the shadow stuff from
- getspwuid.c to pwutil.c and pwcache_get and pwcache_put as they
- are no longer needed. Also add preprocessor magic to use private
- versions of the passwd and group routines if MYPW is defined (for
- use by testsudoers).
+ * toke.c, toke.l:
+ make per-command defaults work with sudoedit
+ [e56fe33db916]
-2005-01-04 22:40 millert
+ * ldap.c, parse.c, sudo.c, sudo.h:
+ Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
+ Instead, we just set the approriate defaults variable.
+ [756eeecc1d86]
- * tsgetgrpw.c: zero out struct passwd/group before filling it in so
- if there are fields we don't handle they end up as 0.
+ * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
+ Document per-command Defaults.
+ [92a0f84b91c1]
-2005-01-04 20:10 millert
+ * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
+ sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
+ Add support for command-specific Defaults entries. E.g.
+ Defaults!/usr/bin/vi noexec
+ [be3d52bf01cf]
+
+ * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
+ Change an occurence of user_matches() -> runas_matches() missed
+ previously runas_matches(), host_matches() and cmnd_matches() only
+ really need to pass in a list of members. user_matches() still
+ needs to pass in a passwd struct because of "sudo -l"
+ [833b22fc6fa0]
+
+ * parse.c:
+ Check def_authenticate, def_noexec and def_monitor when setting
+ return flags. XXX May be better to just set the defaults directly
+ and get rid of those flags.
+ [b6db22b59d69]
+
+ * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+ auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
+ defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
+ getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
+ gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
+ mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
+ strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
+ sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
+ visudo.c, zero_bytes.c:
+ Use: #include <config.h> Not: #include "config.h" That way we get
+ the correct config.h when build dir != src dir
+ [97e5670a442b]
+
+ * Makefile.in:
+ Back out part of rev 1.263; fix -I order
+ [197ea01cad5d]
+
+ * toke.c, toke.l:
+ More robust parsing if #include; could be much better still.
+ [31bc3cd8f045]
+
+ * sudo_edit.c, visudo.c:
+ Make arg splitting in visudo and sudoedit consistent.
+ [7bc74485f246]
+
+ * Makefile.in, alias.c, gram.c, gram.y, parse.h:
+ Split alias routines out into their own file.
+ [d90f633cf9ae]
+
+ * error.h:
+ __attribute__ is already defined in compat.h
+ [676ed3fe9203]
+
+ * visudo.c:
+ quit() should not be __noreturn__ as it is non-void on some
+ platforms.
+ [e528c2b6ba10]
+
+ * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
+ Add local error/warning functions like err/warn but that call an
+ additional cleanup routine in the error case. This means we no
+ longer need to compile a special version of alloc.o for visudo.
+ [e78e8aae882e]
+
+ * parse.h:
+ Clarify comments about the data structures
+ [ae894e266701]
+
+2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Add support for VISUAL and EDITOR containing command line args. If
+ env_editor is not set any args in VISUAL and EDITOR are ignored.
+ Arguments are also now supported in def_editor.
+ [ff7303b8e298]
+
+2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.h:
+ alias_matches() is no more
+ [b59825e28084]
+
+ * CHANGES, TODO:
+ sync
+ [2b8f5f63c1de]
+
+ * Makefile.in:
+ When regenerating the parser, don't replace gram.h unless it has
+ changed.
+ [819949668018]
+
+ * Makefile.in:
+ remove Makefile.binary for distclean
+ [351eec8d00b2]
+
+ * env.c:
+ Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
+ sure we can't overflow new_env.
+ [3284d17b9c6d]
+
+ * sudo_edit.c:
+ paranoia when stripping trailing slashes from tempdir.
+ [012f1aa2b81f]
+
+ * sudo.c:
+ Set user_ngroups to 0 if getgroups() returns an error.
+ [c46d43e9449a]
+
+2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, sudo.c:
+ Add configure check for getgroups()
+ [5d8a214e2cef]
+
+ * ldap.c:
+ Use supplementary group vector in struct sudo_user.
+ [3d0c463c034d]
+
+ * match.c:
+ Only do string comparisons on the group members if there is no
+ supplemental group list.
+ [be1c8362f7ef]
+
+ * CHANGES, TODO:
+ sync
+ [db188bc5b975]
+
+ * sudo_edit.c:
+ On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
+ chop off any trailing slashes we see and add an explicit one.
+ [e1b477dafee1]
- * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c: Adapt to
- pwutil.c
+ * match.c:
+ remove bogus XXX comment
+ [8aecb8a28d40]
-2005-01-04 20:09 millert
+ * match.c:
+ Get rid of alias_matches and correctly fall through to the non-alias
+ cases when there is no alias with the specified name.
+ [2cd555246f09]
- * Makefile.in: Add tsgetgrpw.c and pwutil.c Rename the *OBJ
- variables for better readability.
+ * getspwuid.c:
+ Cache non-existent passwd/group entries too.
+ [8de9a467d271]
-2005-01-04 20:08 millert
+ * gram.c:
+ regen
+ [9ece18c58f36]
- * tsgetgrpw.c: Passwd and group lookup routines for testsudoers
- that support alternate passwd and group files.
+ * getspwuid.c:
+ fix typo
+ [9a7ae371eac1]
-2005-01-04 20:07 millert
+ * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
+ mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ Implement group caching and use the passwd and group caches
+ throughout.
+ [f1d8c5015169]
+
+2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Properly negate the return value of alias_matches() when
+ appropriate.
+ [ce59c4ce77ad]
+
+ * match.c:
+ Make hostname_matches() return TRUE for a match, else FALSE like the
+ caller expects.
+ [1dc03902d3a2]
+
+ * Makefile.in:
+ Add missing dependencies on gram.h
+ [4f94bbb1d50c]
+
+ * match.c:
+ Use runas_matches in alias_matches() now that we have it.
+ [284d22e91178]
+
+ * parse.c, parse.h:
+ Expand aliases in "sudo -l" mode
+ [f67a38b79c44]
+
+ * gram.y, match.c:
+ Use ALIAS for the member type when storing an alias instead of
+ HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
+ more generic type. Expand runas_matches instead of calling
+ user_matches() inside of it since user_matches() looks up
+ USERALIASes, not RUNASALIASes.
+ [52004d75232b]
+
+ * CHANGES, getspwuid.c:
+ Paranoia; zero out pw_passwd before freeing passwd entry.
+ [bd1b22638f00]
- * getspwuid.c, pwutil.c: Split off pw/gr cache and dup code into
- its own file. This allows visudo and testsudoers to use the
- pw/gr cache too.
+ * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
+ configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
+ error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
+ sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
+ Add local error/warning functions like err/warn but that call an
+ additional cleanup routine in the error case. This means we no
+ longer need to compile a special version of alloc.o for visudo.
+ [25000b676cfe]
+
+ * match.c:
+ Use userpw_matches() to compare usernames, not strcmp(), since the
+ latter checks for "#uid".
+ [fcbe4b859f66]
+
+ * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
+ Cache passwd db entries in 2 reb-black trees; one indexed by uid,
+ the other by user name. The data returned from the cache should be
+ considered read-only and is destroyed by sudo_endpwent().
+ [ee2418ff3f86]
+
+ * match.c:
+ add cast to uid_t
+ [eb6415302d84]
+
+ * gram.y:
+ missing free in alias_destroy
+ [572ecb680ad8]
+
+ * redblack.c:
+ Can't use rbapply() for rbdestroy since the destructor is passed a
+ data pointer, not a node pointer.
+ [11ce713830c0]
+
+ * getspwuid.c, logging.c, sudo.c, sudo.h:
+ Create and use private versions of setpwent() and endpwent() that
+ set/end the shadow password file too.
+ [616bc76d23bf]
+
+ * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
+ Store aliases in a red-black tree.
+ [ce017d540416]
+
+ * Makefile.in, redblack.c, redblack.h:
+ red-black tree implementation
+ [cd5586e8f48b]
+
+ * visudo.c:
+ Edit all sudoers file if there were unused or undefined aliases and
+ we are in strict mode.
+ [b6d5f5bb7262]
+
+2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-01-01 19:31 millert
+ * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
+ find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
+ Bring back the "secure_path" Defaults option now that Defaults take
+ effect before the path is searched.
+ [2e52c0e27606]
+
+2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, parse.c:
+ A user can always list their own entries, even with -u. Better error
+ message when failing to list another user's entries.
+ [e2e24deb0071]
+
+ * parse.c, sudo.c, sudo.h:
+ The syntax to list another user's entries is now "-u otheruser -l".
+ Only root or users with sudo "ALL" may list other user's entries.
+ [3c0657e8f5fe]
+
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Update env variable info in SECURITY NOTES
+ [299716071024]
+
+ * env.c:
+ strip CDPATH too
+ [9b97643b26f9]
+
+ * env.c:
+ strip exported bash functions from the environment.
+ [9e5090c8284f]
+
+2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Only reset sudo_user.pw based on SUDO_USER environment variables for
+ real commands and sudoedit. This avoids a confusing message when a
+ user tries "sudo -l" or "sudo -v" and is denied.
+ [3ea6d0053274]
+
+ * gram.c, gram.y, parse.h:
+ Extend LIST_APPEND to deal with appending lists too
+ [d963e42f622f]
+
+2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Convert some bitwise AND to ISSET
+ [130dc40d268e]
+
+ * lex.yy.c, toke.c:
+ toke.c replaces lex.yy.c
+ [048858df79e7]
+
+ * CHANGES, TODO:
+ sync
+ [d19e7abf251c]
+
+ * BUGS:
+ new parser fixes most of the outstanding bugs
+ [0891f66e3758]
+
+ * configure:
+ regen
+ [1a3358cc7283]
+
+ * visudo.c:
+ Rework for the new parser. Now checks for unused aliases in sudoers.
+ [ad462ede3094]
+
+ * testsudoers.c:
+ Rewrite for the new parser. Now supports a -d flag (dump) and adds
+ a -h flag (host). It now defaults to the local hostname unless
+ otherwise specified.
+ [1b69685cc601]
+
+ * sudo.h:
+ Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
+ [2e4fb3abfef0]
+
+ * sudo.c:
+ Update for new parse. We now call find_path() *after* we have
+ updated the global defaults based on sudoers. Also adds support for
+ listing other user's privs if you are root.
+ [cf3db9fc3024]
+
+ * mon_systrace.c:
+ Working LDAP support; also remove a now-unneeded rewind().
+ [649ecf1baf6b]
+
+ * logging.c, logging.h:
+ Add NO_STDERR flag.
+ [6cb935af94e0]
+
+ * ldap.c:
+ Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
+ udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
+ connecto to LDAP, apply the default options, find the command in the
+ user's path, and then check whether the user is allowed to run it.
+ The important thing here is that the default runas user may be
+ specified as a default option and that needs to be set before we
+ search for the command.
+ [fc0426abc6f1]
+
+ * ldap.c:
+ Add casts to unsigned char for isspace() to quiet a gcc warning.
+ [e5358e3df439]
+
+ * defaults.h:
+ Add prototype for update_defaults()
+ [564dac3db74e]
+
+ * defaults.c:
+ Don't warn about line numbers now that we operate on a set of data
+ structures (or LDAP) and not a file.
+ [bcd9ffb9b67c]
+
+ * config.h.in:
+ No long use lsearch()
+ [9d048c587319]
+
+ * Makefile.in:
+ Update for new and changed file names.
+ [6f424a7c4515]
+
+ * LICENSE:
+ no more BSD lsearch.c
+ [463a96d89026]
+
+ * match.c:
+ foo_matches() routines now live in match.c Added user_matches(),
+ runas_matches(), host_matches(), cmnd_matches() and alias_matches()
+ that operate on the parsed sudoers file.
+ [b14da8a0567e]
+
+ * parse.lex, toke.l:
+ Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
+ WORD no longer needs to exclude '@' kill yywrap()
+ [a922294eb7b7]
+
+ * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
+ sudo.tab.h:
+ Rewritten parser that converts sudoers into a set of data
+ structures. This eliminates ordering issues and makes it possible to
+ apply sudoers Defaults entries before searching for the command.
+ [30d2ec4d203c]
+
+ * configure.in, emul/search.h, lsearch.c:
+ We won't be using lsearch() any longer.
+ [29c4d54bfac0]
+
+ * ldap.c:
+ sudo should not send mail if someone who runs 'sudo -l' has no
+ entry.
+ [6fc27a69fd9c]
- * parse.c: Print Defaults info in "sudo -l" output and wrap lines
- based on the terminal width.
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [8166347917f3]
-2005-01-01 12:41 millert
+ * visudo.pod:
+ Update warnings to match new visudo
+ [004c0766798f]
- * match.c, visudo.c, testsudoers.c: Only check group vector in
- usergr_matches() if we are matching the invoking or list user.
- Always check the group members, even if there was a group vector.
+ * sudoers.pod:
+ The new parser doesn't have the old ordering constraints.
+ [ffd43bd08661]
-2004-12-17 17:24 millert
+ * sudo.pod:
+ Document that -l now takes an optional username argument
+ [278f9557de8b]
- * LICENSE, Makefile.in, fnmatch.3: No longer bundle fnmatch.3
+2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-12-17 13:12 millert
+ * RUNSON:
+ AIX 5.2.0.0 works
+ [523acd29d858]
- * CHANGES, TODO: checkpoint
+ * ldap.c:
+ If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
+ a compilation problem with Solaris 9's native LDAP.
-2004-12-16 14:20 millert
+ Set FLAG_MONITOR when needed.
+ [35824ade672d]
- * sudo.c: sort usage
+2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-12-16 14:20 millert
+ * mon_systrace.c:
+ Call sudo_goodpath() *after* changing the cwd to match the traced
+ process. Fixes relative paths.
+ [12ee111d0ad7]
- * sudo.pod: Sort command line options
+2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-12-16 13:33 millert
+ * testsudoers.c:
+ Kill set_perms() stub--it is no longer needed.
+ [116ed702935d]
- * def_data.c, def_data.h, def_data.in, defaults.c, logging.c,
- sudo.c, sudo.pod, sudoers.pod: Add closefrom sudoers option to
- start closing at a point other than 3. Add closefrom_override
- sudoers option and -C sudo flag to allow the user to specify a
- different closefrom starting point.
+2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-12-16 13:25 millert
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ stay_setuid now requires set_reuid() or setresuid()
+ [8511f67e25d5]
- * pathnames.h.in: Add _PATH_DEVNULL for those without it.
+ * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
+ configure.in, set_perms.c, sudo.c, sudo.h:
+ Kill use of POSIX saved uids; they aren't worth bothering with.
+ [b3b1f19f18c1]
+
+2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * glob.c:
+ remove call to issetugid()
+ [63f2e492c08f]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Remove warning about wildcards. Now that we use glob() the bug is
+ fixed.
+ [b15729d32266]
+
+ * parse.c:
+ Use glob(3) instead of fnmatch(3) for matching pathnames and stat
+ each result that matches the basename of the user's command. This
+ makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
+ /usr/bin/blah. Fixes bug #143.
+ [e31eb6310340]
+
+ * config.h.in, configure, configure.in:
+ Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
+ GLOB_BRACE)
+ [677ed6661e17]
+
+ * config.h.in, configure, configure.in:
+ Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
+ [aaa2329dd266]
+
+ * LICENSE:
+ reference glob
+ [bedc9a923423]
+
+ * glob.c:
+ 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
+ removed.
+ [81799451473c]
+
+ * emul/glob.h:
+ 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
+ removed.
+ [0335cf31fb1e]
+
+2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
+ means we are out of space in the stack gap...
+ [5b02b702021e]
+
+ * CHANGES:
+ sync
+ [be3826273e56]
+
+ * mon_systrace.c:
+ Take a stab at ldap sudoers support here.
+ [9d023695b0de]
+
+ * mon_systrace.c, mon_systrace.h:
+ Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
+ doesn't cause reboot to inadvertanly kill itself.
+ [d4aab2365610]
+
+ * mon_systrace.c:
+ put "monitor" in the proctitle, not "systrace"
+ [9a9025767d86]
+
+ * mon_systrace.c:
+ When modifying the environment, don't replace envp when we can get
+ away with just rewriting pointers in the traced process.
+ [c03622f7a2e2]
+
+ * mon_systrace.c, mon_systrace.h:
+ Add environment updating via STRIOCINJECT (if available).
+ [037291016870]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [869acc511046]
+
+2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c:
+ regen
+ [4e61a9bd3c97]
+
+ * parse.lex:
+ Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
+ [b70d7bd6e147]
+
+ * mon_systrace.c:
+ Include file is now mon_systrace.h
+ [ead4e36d92ae]
-2004-12-15 22:55 millert
+ * Makefile.in, configure, configure.in, def_data.c, def_data.h,
+ def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
+ sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
+ No longer call it tracing, it is now "monitoring" which should be
+ more a obvious name to non-hackers.
+ [aa811ded0789]
- * LICENSE: no more UCB strcasecmp
+2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-12-15 22:54 millert
+ * mon_systrace.c, mon_systrace.h:
+ Fix some XXX
+ [a271072dacc6]
- * strcasecmp.c: replace BSD licensed one with version derived from
- pdksh
+ * mon_systrace.c, mon_systrace.h:
+ No need to include syscall.h, use 1024 as the max # of entries (the
+ max that systrace(4) allows).
-2004-12-09 21:07 millert
+ Only need to use SYSTR_POLICY_ASSIGN once
- * sudo.c: Fix last commit.
+ Change check_syscall() -> find_handler() and have it return the
+ handler instead of just running it. We need this since handler now
+ have two parts: one part that generates and answer and another that
+ gets called after the answer is accepted (to do logging).
-2004-12-09 19:26 millert
+ Add some missing check_exec for emul execv
+ [a89d243f0525]
- * sudo.c: Make sure stdin, stdout and stderr are open and dup them
- to /dev/null if not.
+ * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
+ Add $Sudo$ tags.
+ [6f3fedb0daba]
-2004-12-03 13:57 millert
+ * config.h.in:
+ Add missing HAVE_LINUX_SYSTRACE_H
+ [ff75ab7bfc53]
- * ldap.c, mon_systrace.c, sudo.c, sudo.h: add sudo_ldap_close
+ * Makefile.in:
+ add trace_systrace.o dependency
+ [88a408668ab2]
-2004-12-03 13:52 millert
+2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
- Use TIME_WITH_SYS_TIME
+ * configure, configure.in:
+ Also look for systrace.h in /usr/include/linux
+ [98b98b436cf3]
-2004-12-03 13:48 millert
+ * mon_systrace.c, mon_systrace.h:
+ Move all struct defs and prototypes into trace_systrace.h and mark
+ all but systace_attach() static.
+ [85511253b570]
- * configure, configure.in, config.h.in: Add TIME_WITH_SYS_TIME_H
+ * mon_systrace.c, mon_systrace.h:
+ Add support for tracing emulations. At the moment, all emulations
+ are compiled in. It might make sense to #ifdef them in the future,
+ though this impeeds readability.
+ [87bb50abf277]
-2004-12-02 11:18 millert
+ * Makefile.in, configure, configure.in:
+ rename systrace.c -> trace_systrace.c
+ [31cfa4407d93]
- * env.c: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE
- being set unconditionally on darwin. From Toby Peterson.
+ * parse.yacc, sudo.tab.c:
+ Allow this to build with a K&R compiler again
+ [32876af5bb98]
-2004-12-02 10:40 millert
+ * TODO:
+ sync
+ [46865bd70f7c]
- * getspwuid.c: Check rbinsert() return value. In the case of faked
- up entries there is usually a negative response cached that we
- need to overwrite.
+ * compat.h, sudo.c, visudo.c:
+ Use __attribute__((__noreturn__))
+ [65bbad71fe89]
- In pwfree() don't try to zero out a NULL pw_passwd pointer.
+ * visudo.c:
+ Exit() takes a negative value to indicate it was not called via
+ signal.
+ [b93032ed7b60]
-2004-12-02 09:53 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [45bcf4661558]
+
+ * Makefile.in, visudo.c:
+ Define Err() and Errx() that are like err() and errx() but call
+ Exit() instead of exit(). Build private copy of alloc.o for visudo
+ that calls Err() and Errx().
+ [c6d02bf42edd]
+
+2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [39de7e7c59da]
+
+ * CHANGES:
+ sync
+ [ba481d9ed1aa]
+
+ * visudo.c:
+ Overhaul visudo for editing multiple files: o visudo has been
+ broken out into functions (more work needed here) o each file is
+ now edited before sudoers is re-parsed o if a #include line is
+ added that file will be edited too
+
+ TODO: o cleanup temp files when exiting via err() or errx() o
+ continue breaking things out into separate functions
+ [80c35cf534eb]
+
+ * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ Add keepopen arg to open_sudoers that open_sudoers can use to
+ indicate to the caller that the fd should not be closed when it is
+ done with it. To be used by visudo to keep locked fds from being
+ closed prematurely (and thus losing the lock).
+ [f330fe632470]
+
+ * parse.yacc, sudo.c:
+ Add errorfile global that contains the name of the file that caused
+ the error.
+ [98079c7a37ed]
+
+ * parse.lex:
+ return COMMENT to yacc grammar for a #include line
+ [2024a8de4fa8]
+
+ * parse.lex:
+ Remove us of unput() in favor of yyless() which is cheaper.
+ [c61291902beb]
+
+ * parse.yacc:
+ Allow an empty sudoers file.
+ [62fb111db2e7]
+
+2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
+ [9e15869ef597]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [c29bdd43bfad]
+
+ * visudo.c:
+ Do signal setup before calling edit_sudoers(). Don't shadow the
+ "quiet" global.
+ [74252efd09ff]
+
+ * visudo.c:
+ If a sudoers file includes other files, edit those too. Does not yes
+ deal with creating the new includes files itself.
+ [06af7b9c173f]
+
+ * testsudoers.c:
+ init_parser now takes a path
+ [b5ee186eb192]
+
+ * parse.c, parse.h, parse.lex, parse.yacc:
+ More scaffolding for dealing with multiple sudoers files: o
+ init_parser() now takes a path used to populate the sudoers global
+ o the sudoers global is used to print the correct file in yyerror()
+ o when switching to a new sudoers file, perserve old file name and
+ line number
+ [d9be4970b8bd]
+
+ * Makefile.in, pathnames.h.in:
+ Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
+ multiple sudoers files.
+ [6ccc4e921c43]
+
+ * parse.c, sudo.c:
+ Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
+ we start at the right file position when reading include files.
+ [91fcb961e7a4]
+
+ * sudoers.pod:
+ document #include
+ [fbb92a25a726]
+
+ * lex.yy.c:
+ regen
+ [50cd7a4c9dff]
+
+ * parse.lex:
+ Add max depth of 128 for the include stack to avoid loops.
+
+ Since yyerror() doesn't stop parsing, pass return values back to
+ yylex and call yyterminate() on error.
+ [e79dbffb729d]
+
+2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ document tracing
+ [165a467eadd8]
+
+ * sudo.pod:
+ Mention PREVENTING SHELL ESCAPES section of sudoers man page
+ [3217ccecd834]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [fbd58d1d3a76]
- * mon_systrace.c: Use the double fork trick to avoid the monitor
- process being waited for by the main program run through sudo.
+ * parse.lex:
+ Add support for #include in sudoers (visudo support TBD)
+ [a78015ca81af]
-2004-11-29 12:52 millert
+ * parse.yacc:
+ make yyerror()'s argument const
+ [7d8e168c019a]
- * sudo.c: Call initgroups() in -U mode so group matches work
- normally.
+ * testsudoers.c, visudo.c:
+ Add open_sudoers() stubs.
+ [087466787198]
-2004-11-29 12:34 millert
+ * sudo.c, sudo.h:
+ Rename check_sudoers() open_sudoers() and make it return a FILE *
+ [142fc511fc65]
- * def_data.h, mkdefaults: Don't print a trailing comma for the last
- entry in enum def_tupple
+2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-28 16:08 millert
+ * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
+ version.h:
+ Crank version
+ [1adc3f839480]
+
+ * Makefile.in, sudo.psf:
+ Better HP-UX depot construction
+ [2d952b000e63]
+
+2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ o Made children global so check_exec() can lookup a child. o
+ Replaced uid in struct childinfo with struct passwd * (for runas) o
+ new_child() now takes a parent pid so the runas info can be
+ inherited o Added find_child() to lookup a child by its pid o
+ update_child() now fills in a struct passwd o Converted the big
+ if/else mess in set_policy to a switch o Syscalls that change uid
+ are now "ask" so we get SYSTR_MSG_UGID events
+ [29b9ea3f09a3]
+
+ * getspwuid.c:
+ Add flag to sudo_pwdup that indicates whether or not to lookup the
+ shadow password. Will be used to a struct passwd that has the
+ shadow password already filled in.
+ [e19d43dd7238]
+
+ * mon_systrace.c:
+ add missing increment of addr in read_string()
+ [f9eb0f060cb6]
+
+ * mon_systrace.c:
+ Remove bogus call to update_child() and some cosmetic fixes
+ [701ab0b97fef]
+
+ * mon_systrace.c:
+ Don't leak /dev/systrace fd to tracee Make initialized global for
+ simplicity If STRIOCATTACH returns EBUSY we are already being traced
+ Check for user_args == NULL in setproctitle() call Add missing calls
+ to STRIOCANSWER
+ [1956edf9bc3a]
+
+ * sudo.c:
+ g/c sudo_pwdup proto
+ [b7c4d6249ecb]
+
+ * Makefile.in, sudo.psf:
+ Add target for building a depot file
+ [357019efd99b]
+
+ * mon_systrace.c:
+ trim includes
+ [501534428471]
+
+2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c, sudo.tab.c, sudo.tab.h:
+ regen
+ [52fd250c6986]
+
+ * INSTALL:
+ document --with-systrace
+ [79623927c94e]
+
+ * config.h.in, configure, configure.in:
+ Add check for setproctitle
+ [1730cf1c26ed]
+
+ * mon_systrace.c:
+ pass struct str_msg_ask in to syscall checker so it can set the
+ error code
+ [1703fd2fdef6]
+
+ * mon_systrace.c:
+ systrace(4) support for sudo. On systems with the systrace(4)
+ kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
+ intercept exec calls and check the exec args against the sudoers
+ file. In other words, sudo can now control subcommands and shell
+ escapes.
+ [928c9217c386]
+
+ * sudo.c, sudo.h:
+ Call systrace_attach() if FLAG_TRACE is set.
+ [014ba9402fa5]
+
+ * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
+ Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
+ [a99904db5e56]
+
+ * parse.c, sudo.c:
+ Don't close sudoers_fp, keep it open and set close on exec flag
+ instead.
+ [43a9fec60bee]
+
+ * def_data.c, def_data.h, def_data.in:
+ Add trace option
+ [5b643b86730a]
+
+ * Makefile.in:
+ Add systrace
+ [47a0519c427c]
+
+ * INSTALL:
+ SunOS /bin/sh blows up with configure
+ [005a23cc5615]
+
+ * configure, configure.in:
+ Include sys/param.h before systrace.h
+ [9345bc8efecf]
+
+ * configure:
+ regen
+ [a8f53fcbb254]
+
+ * pathnames.h.in:
+ _PATH_DEV_SYSTRACE
+ [d2ad1e492a00]
+
+ * configure.in:
+ line up options in --help
+ [fa51f2821d09]
+
+ * config.h.in, configure.in:
+ Add --with-systrace
+ [a264d54bc413]
- * sudoers.cat, sudoers.man.in, sudoers.pod: Mention values when
- lecture, listpw and verifypw are used in boolean context.
+2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-28 16:05 millert
+ * configure:
+ regen
+ [a4dad0bcc523]
- * def_data.c, def_data.in: verifypw when used in a boolean TRUE
- context should be "all", not "any".
+ * aclocal.m4, configure.in:
+ make this work with autoconf-2.59
+ [c4a92b6a684a]
-2004-11-26 14:21 millert
+2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.in, defaults.c: Allow tuples that can be used as
- booleans to be used as boolean TRUE. In this case the 2nd
- possible value of the tuple is used for TRUE.
+ * sudo_edit.c:
+ Simplify logic around open & stat of files and do sanity on edited
+ file even if we lack fstat (still racable but worth doing).
+ [adda65ade70c]
-2004-11-25 12:23 millert
+2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Correct the test for 2-parameter
- timespecsub
+ * HISTORY:
+ Add support url
+ [bf6590fbde9f]
-2004-11-25 12:20 millert
+ * Makefile.in:
+ versino 1.6.8p1
+ [b84ebfaf1552] [SUDO_1_6_8p1]
- * sudo.h: Add strub struct definitions for passwd, timeval and
- timespec
+ * CHANGES:
+ more changes for 1.6.8p1
+ [e23a9c0393b6]
-2004-11-25 12:09 millert
+ * version.h:
+ 1.6.8p1
+ [872f14504b5f]
- * configure, configure.in, config.h.in, sudo_edit.c, visudo.c: Add
- check for 2-argument form of timespecsub (FreeBSD and BSD/OS) and
- fix a typo in the gettimeofday check.
+ * CHANGES, sudo_edit.c:
+ Add sanity check so we don't try to edit something other than a
+ regular file.
+ [350134ec6d4e]
-2004-11-24 16:44 millert
+2004-09-15 Aaron Spangler <aaron777@gmail.com>
- * match.c, testsudoers.c: Deal with user_stat being NULL as it is
- for visudo and testsudoers.
+ * CHANGES:
+ sync
+ [3091ca9eae00]
-2004-11-24 16:31 millert
+ * INSTALL:
+ document --with-ldap-conf-file
+ [0e2cd6b896f1]
- * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod: Add -U
- option to use in conjunction with -l instead of -u. Add support
- for "sudo -l command" to test a specific command.
+2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-24 16:28 millert
+ * CHANGES, ins_csops.h:
+ political correctness strikes again
+ [428e8bc77f55]
- * gram.c, gram.y, sudo.c: Set safe_cmnd after sudoers_lookup() if
- it has not been set. Previously it was set by sudo "ALL" in the
- parser but at that point the fully-qualified pathname has not yet
- been found.
+ * RUNSON:
+ sync
+ [27f44bd423dc]
-2004-11-23 18:18 millert
+2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, testsudoers.c: Correctly handle multiple privileges per
- userspec and runas inheritence.
+ * Makefile.binary.in, Makefile.in:
+ Install sudoedit man link
+ [19a55234fc1f]
-2004-11-21 14:09 millert
+ * INSTALL:
+ Update PAM note and mention where HP-UX users can download gcc
+ binaries.
+ [d37cdbbabfd4]
- * defaults.c: Zero out sd_un for each entry in sudo_defs_table in
- init_defaults.
+ * Makefile.in:
+ libtool wants to install stuff from .libs so fake one up for binary
+ installations.
+ [a681bc6fcfba]
-2004-11-19 18:04 millert
+ * Makefile.binary.in:
+ rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
+ [3e0c4b3372cc]
- * toke.c, toke.l: make per-command defaults work with sudoedit
+ * Makefile.in:
+ Deal with "uname -m" having slashes in it rm -f old sudoedit link
+ instead of using ln -f
+ [cff33fb97e5b]
-2004-11-19 18:00 millert
+ * Makefile.binary, Makefile.binary.in:
+ Makefile.binary -> Makefile.binary.in for config.status substitution
+ Add support for installing noexec bits
+ [37d8bb3483c6]
- * ldap.c, parse.c, sudo.c, sudo.h: Remove the FLAG_NOPASS,
- FLAG_NOEXEC and FLAG_MONITOR flags. Instead, we just set the
- approriate defaults variable.
+ * Makefile.in:
+ Copy noexec bits into binary dists too No longer use my old arch
+ script for making binary dists
+ [e7058bab9e33]
-2004-11-19 17:09 millert
+ * Makefile.binary:
+ Install sudoedit link.
+ [417d1e101711]
- * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
- Document per-command Defaults.
+2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-19 16:35 millert
+ * emul/utime.h:
+ avoid __P so there is no need for compat.h to be included
+ [6d8d1f1abf7d]
- * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
- sudo.c, testsudoers.c, toke.c, toke.l, visudo.c: Add support for
- command-specific Defaults entries. E.g.
- Defaults!/usr/bin/vi noexec
+ * utimes.c:
+ Don't use HAVE_UTIME_H before including config.h.
+ [013b7bb61181]
-2004-11-19 15:03 millert
+2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c, match.c, parse.c, parse.h, testsudoers.c: Change an
- occurence of user_matches() -> runas_matches() missed previously
- runas_matches(), host_matches() and cmnd_matches() only really
- need to pass in a list of members. user_matches() still needs to
- pass in a passwd struct because of "sudo -l"
+ * compat.h:
+ Fix Solatis futimes macro
+ [d4eda2ca0d29]
-2004-11-19 14:46 millert
+2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: Check def_authenticate, def_noexec and def_monitor when
- setting return flags. XXX May be better to just set the defaults
- directly and get rid of those flags.
+ * sudo_edit.c:
+ Rename ots -> omtim for improved readability.
+ [127ca5bb297c]
-2004-11-19 13:39 millert
+2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * alias.c, alloc.c, check.c, closefrom.c, defaults.c, env.c,
- error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c,
- getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
- gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
- mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
- strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
- sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c,
- toke.l, utimes.c, visudo.c, zero_bytes.c, auth/afs.c,
- auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
- auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
- auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/securid5.c, auth/sia.c, auth/sudo_auth.c: Use: #include
- <config.h> Not: #include "config.h" That way we get the correct
- config.h when build dir != src dir
+ * sudo_edit.c:
+ Redo changes in revision 1.7. Don't really need to keep the temp
+ file open; re-opening it with the invoking user's euid is
+ sufficient.
+ [55a883165a95]
-2004-11-19 13:30 millert
+ * CHANGES:
+ sync
+ [9015b291170d]
- * Makefile.in: Back out part of rev 1.263; fix -I order
+ * sudo.cat, sudo.man.in:
+ regen
+ [c0313f6ed783]
-2004-11-19 13:12 millert
+ * sudo.pod:
+ back out revision 1.70; it is no long applicable
+ [b641d503aff6]
- * toke.c, toke.l: More robust parsing if #include; could be much
- better still.
+ * env.c:
+ Let the loader initialize nep
+ [bec192139b02]
-2004-11-19 12:55 millert
+ * config.h.in, configure, configure.in:
+ Removed unneed check for fchown Add check for gettimeofday Move
+ autoheader template stuff into separate AH_TEMPLATE lines
+ [bfc0edbd43f2]
- * sudo_edit.c, visudo.c: Make arg splitting in visudo and sudoedit
- consistent.
+ * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
+ Use timespec throughout.
+ [1a178a23b69b]
-2004-11-19 12:35 millert
+ * Makefile.in:
+ gettime.[co]
+ [6aeb48a7ab7f]
- * Makefile.in, alias.c, gram.c, gram.y, parse.h: Split alias
- routines out into their own file.
+ * gettime.c:
+ function to return the current time in a struct timespec
+ [bf8eb12cb63f]
-2004-11-19 12:32 millert
+ * utimes.c:
+ Not a darpa-sponsored file.
+ [121ce5e2036c]
- * error.h: __attribute__ is already defined in compat.h
+2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-19 12:30 millert
+ * compat.h, config.h.in, configure, configure.in:
+ Add a check for struct timespec and provide it for those without.
+ [42124055030d]
- * visudo.c: quit() should not be __noreturn__ as it is non-void on
- some platforms.
+ * config.h.in, configure, configure.in, sudo_edit.c:
+ Add checks for st_mtim and st_mtimespec and add macros for pulling
+ the mtime sec and nsec out of struct stat. These are used in
+ sudo_edit() to better tell whether or not the file has changed.
+ [23debfbb3fab]
-2004-11-19 12:24 millert
+ * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
+ Add an extra param to touch() for nsec
+ [56f7a4ba8ddb]
- * auth/: fwtk.c, rfc1938.c, securid.c, securid5.c: Add local
- error/warning functions like err/warn but that call an additional
- cleanup routine in the error case. This means we no longer need
- to compile a special version of alloc.o for visudo.
+ * sudo_edit.c:
+ Call mkstemp() as the in invoking user so we don't have to chown the
+ file later. Only touch() the temp file if we can do it via the file
+ descriptor. Don't check for modification of the temp file if we lack
+ fstat(). Catch errors read()ing the temp file.
+ [665f52c70836]
-2004-11-19 11:54 millert
+ * fileops.c:
+ If path is NULL and fd == -1 return -1.
+ [757a518a824c]
- * parse.h: Clarify comments about the data structures
+ * sudo_edit.c:
+ closefrom() is overkill, the only extra fds are the ones we opened
+ so just close those in the child.
+ [f361c9d2a1f4]
-2004-11-18 15:28 millert
+ * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
+ configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
+ visudo.c:
+ Use utimes() and futimes() instead of utime() in touch(), emulating
+ as needed. Not all systems are able to support setting the times of
+ an fd so touch() takes both an fd and a file name as arguments.
+ [3d9276f29717]
- * visudo.c: Add support for VISUAL and EDITOR containing command
- line args. If env_editor is not set any args in VISUAL and
- EDITOR are ignored. Arguments are also now supported in
- def_editor.
+2004-09-07 Aaron Spangler <aaron777@gmail.com>
-2004-11-17 14:25 millert
+ * env.c:
+ Rare SEGV
+ [8995f828782d]
- * parse.h: alias_matches() is no more
+2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-17 14:09 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [b8e9406711c5]
- * CHANGES, TODO: sync
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Add SUPPORT section and re-order some of the sections to match the
+ order we use in OpenBSD.
+ [fa37bd917e2c]
-2004-11-17 13:19 millert
+2004-09-06 Aaron Spangler <aaron777@gmail.com>
- * Makefile.in: When regenerating the parser, don't replace gram.h
- unless it has changed.
+ * env.c:
+ Openldap ~/.ldaprc fix
+ [1a37afe6850f]
-2004-11-17 11:56 millert
+2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: remove Makefile.binary for distclean
+ * sudo.pod:
+ Talk about how the editor must write its changes to the original
+ file and not just use rename(2).
+ [c55ed91c5ee9]
-2004-11-17 11:18 millert
+ * CHANGES:
+ sync
+ [62af26bd37a2]
- * env.c: Preserve KRB5CCNAME in zero_env() and add a paranoia check
- to make sure we can't overflow new_env.
+ * sudo_edit.c:
+ Keep the temp file open instead of re-opening after the editor has
+ exited.
+ [de41eeb6dcf2]
-2004-11-17 10:33 millert
+ * sample.pam:
+ Update for current redhat/fedora core.
+ [8cf083077333]
- * sudo_edit.c: paranoia when stripping trailing slashes from
- tempdir.
+2004-09-03 Aaron Spangler <aaron777@gmail.com>
-2004-11-16 19:00 millert
+ * README.LDAP:
+ tls_ examples
+ [ba783d88a034]
- * sudo.c: Set user_ngroups to 0 if getgroups() returns an error.
+2004-09-02 Aaron Spangler <aaron777@gmail.com>
-2004-11-16 18:59 millert
+ * ldap.c:
+ config tls_* options
+ [0b0e0797b3b9]
- * configure, configure.in, config.h.in, sudo.c: Add configure check
- for getgroups()
+2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-16 18:55 millert
+ * configure, configure.in:
+ No need for -lcrypt when using pam.
+ [41fff3a53e68]
- * ldap.c: Use supplementary group vector in struct sudo_user.
+2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-16 18:40 millert
+ * configure:
+ regen
+ [75820aecce2c]
- * match.c: Only do string comparisons on the group members if there
- is no supplemental group list.
+2004-08-27 Aaron Spangler <aaron777@gmail.com>
-2004-11-16 16:10 millert
+ * configure.in, ldap.c, pathnames.h.in:
+ Allow --with-ldap-conf-file option to override LDAP_CONF
+ [c9909bc484a5]
- * CHANGES, TODO: sync
+ * ldap.c:
+ cleanup debug message
+ [1f6ca4824d8d]
-2004-11-16 15:54 millert
+2004-08-26 Aaron Spangler <aaron777@gmail.com>
- * sudo_edit.c: On Digital UNIX _PATH_VAR_TMP doesn't end with a
- trailing slash so chop off any trailing slashes we see and add an
- explicit one.
+ * README.LDAP:
+ more config info
+ [f2e7147fd507]
-2004-11-16 12:02 millert
+2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: remove bogus XXX comment
+ * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
+ Add cmnd_base to struct sudo_user and set it in init_vars(). Add
+ cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
+ longer use gross statics in command_matches(). Also rename some
+ variables for improved clarity.
+ [7169a6c7bea4]
-2004-11-16 11:10 millert
+2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: Get rid of alias_matches and correctly fall through to
- the non-alias cases when there is no alias with the specified
- name.
+ * INSTALL:
+ document HP's crippled compiler deficiency.
+ [c405ea5a8d4c]
-2004-11-16 10:47 millert
+ * INSTALL:
+ Fix some thinkos in --with-editor and --with-env-editor
+ descriptions. Noticed by Norihiko Murase.
+ [dd781de1c985]
- * getspwuid.c: Cache non-existent passwd/group entries too.
+ * configure, configure.in:
+ --with-noexec takes an optional PATH argument.
+ [8f6ab77f22cc]
-2004-11-16 10:45 millert
+ * INSTALL:
+ document --with-noexec
+ [50cb1fc627ce]
- * gram.c: regen
+2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-15 23:32 millert
+ * RUNSON, TODO:
+ sync
+ [f2503bd13373] [SUDO_1_6_8]
- * getspwuid.c: fix typo
+ * sudo_edit.c:
+ Better warning message when sudoedit is unable to write to the
+ destination file.
+ [f78c18f2ffa8]
-2004-11-15 23:24 millert
+ * sudo.cat, sudo.man.in:
+ regen
+ [7e2bf63d6d9a]
- * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
- mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
- Implement group caching and use the passwd and group caches
- throughout.
+ * sudo.pod:
+ Don't italicize the string "sudoedit"
+ [c691643bd269]
-2004-11-15 14:43 millert
+2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: Properly negate the return value of alias_matches() when
- appropriate.
+ * HISTORY:
+ Mention GratiSoft.
+ [dc53de581b2d]
-2004-11-15 14:38 millert
+2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: Make hostname_matches() return TRUE for a match, else
- FALSE like the caller expects.
+ * sudo.tab.c:
+ regen
+ [8ae0484dfc38]
-2004-11-15 13:24 millert
+ * parse.yacc:
+ Reset used_runas to FALSE when re-intializing the parser.
+ [b7403f353a02]
- * Makefile.in: Add missing dependencies on gram.h
+2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-15 13:06 millert
+ * config.guess:
+ Correct OpenBSD mips support
+ [314fc7afc165]
- * match.c: Use runas_matches in alias_matches() now that we have
- it.
+ * config.guess:
+ Add OpenBSD/mips
+ [ac87d0a773ef]
-2004-11-15 13:00 millert
+2004-08-07 Aaron Spangler <aaron777@gmail.com>
- * parse.c, parse.h: Expand aliases in "sudo -l" mode
+ * README.LDAP:
+ More behavior notes
+ [13be1d212b47]
-2004-11-15 12:33 millert
+ * README.LDAP:
+ Updates on current behavior
+ [d498a8866d6f]
- * gram.y, match.c: Use ALIAS for the member type when storing an
- alias instead of HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since
- match.c relies on the more generic type. Expand runas_matches
- instead of calling user_matches() inside of it since
- user_matches() looks up USERALIASes, not RUNASALIASes.
+2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-15 12:05 millert
+ * sudoers.pod:
+ =back does not take an indentlevel (makes no difference to formatted
+ files).
+ [9c8523bb382a]
- * CHANGES, getspwuid.c: Paranoia; zero out pw_passwd before freeing
- passwd entry.
+ * sudo.pod:
+ =back does not take an indentlevel (makes no difference to formatted
+ files).
+ [e5f479e24fa8]
-2004-11-15 10:53 millert
+ * CHANGES:
+ new
+ [2dbd9aba8b33]
- * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
- configure.in, err.c, error.c, error.h, defaults.c, env.c,
- find_path.c, interfaces.c, logging.c, mon_systrace.c, sudo.c,
- sudo.h, sudo_edit.c, testsudoers.c, visudo.c, emul/err.h: Add
- local error/warning functions like err/warn but that call an
- additional cleanup routine in the error case. This means we no
- longer need to compile a special version of alloc.o for visudo.
+ * sudo.c:
+ Consistency. Use same error for bad -u #uid when targetpw is set as
+ we do when a bad -u username is specified.
+ [922961c4a9d6]
-2004-11-15 09:59 millert
+ * TODO:
+ Add checksum idea from Steve Mancini
+ [e6ece1b766ba]
- * match.c: Use userpw_matches() to compare usernames, not strcmp(),
- since the latter checks for "#uid".
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [370d2317829f]
-2004-11-15 09:53 millert
+ * sudo.cat, sudo.man.in:
+ regen
+ [f93d41fc38b1]
- * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c: Cache passwd
- db entries in 2 reb-black trees; one indexed by uid, the other by
- user name. The data returned from the cache should be considered
- read-only and is destroyed by sudo_endpwent().
+ * sudo.pod, sudoers.pod:
+ Document the restriction on uids specified via -u when targetpw is
+ set.
+ [878fedb455db]
-2004-11-15 09:50 millert
+ * sudo.c:
+ Error out when targetpw is enabled and sudo is run with -u #uid but
+ #uid does not exist in the passwd database. We can't do target
+ authentication when the target is not in passwd!
+ [27c5888c86eb]
- * match.c: add cast to uid_t
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [ceb65711050c]
-2004-11-15 09:49 millert
+ * TODO:
+ Some more todo for the next release.
+ [7b7417be7601]
- * gram.y: missing free in alias_destroy
+ * INSTALL:
+ Make it clear that PAM should be used for DCE support when possible.
+ [7502029fd385]
-2004-11-15 09:49 millert
+ * sudoers.pod:
+ o Document problems with wildcards and relative paths. o Make the
+ order requirements more prominent. o Change a "set" to "reset" for
+ clarity.
+ [bacdd181b33f]
- * redblack.c: Can't use rbapply() for rbdestroy since the
- destructor is passed a data pointer, not a node pointer.
+2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-14 23:06 millert
+ * sudo.pod:
+ Mention --with-secure-path, not SECURE_PATH.
+ [41283ddde5e1]
- * getspwuid.c, logging.c, sudo.c, sudo.h: Create and use private
- versions of setpwent() and endpwent() that set/end the shadow
- password file too.
+2004-08-03 Aaron Spangler <aaron777@gmail.com>
-2004-11-14 22:55 millert
+ * ldap.c:
+ reflect changes to parse.c
+ [8880fe9b724d]
- * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c,
- visudo.c: Store aliases in a red-black tree.
+2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-14 22:52 millert
+ * sudo.tab.c:
+ regen
+ [a57658ca9177]
- * Makefile.in, redblack.c, redblack.h: red-black tree
- implementation
+ * parse.c, parse.h, testsudoers.c, visudo.c:
+ Don't pass user_cmnd and user_args to command_matches(), just use
+ the globals there. Since we keep state with statics anyway it is
+ misleading to pretend that passing in different cmnd and cmnd_args
+ will work.
+ [0a2544991fd6]
-2004-11-14 22:37 millert
+ * parse.yacc:
+ Don't pass user_cmnd and user_args to command_matches(), just use
+ the globals there. Since we keep state with statics anyway it is
+ misleading to pretend that passing in different cmnd and cmnd_args
+ will work.
+ [a4910bf6032b]
- * visudo.c: Edit all sudoers file if there were unused or undefined
- aliases and we are in strict mode.
+ * parse.c:
+ Fix a bug introduced in rev. 1.149. When checking for pseudo-
+ commands check for a '/' anywhere in cmnd, not just the first
+ character.
+ [ce98142f03ca]
-2004-11-12 11:19 millert
+2004-07-31 Aaron Spangler <aaron777@gmail.com>
- * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
- find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
- Bring back the "secure_path" Defaults option now that Defaults
- take effect before the path is searched.
+ * sudo.man.in, sudo.pod:
+ Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
+ [a91800e094b1]
-2004-11-11 12:22 millert
+ * sudoers.man.in, sudoers.pod:
+ Add ignore_local_sudoers
+ [741ddcbf7083]
- * logging.c, parse.c: A user can always list their own entries,
- even with -u. Better error message when failing to list another
- user's entries.
+ * README.LDAP:
+ Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
+ janth@moldung.no
+ [742c02e07cd9]
-2004-11-11 12:12 millert
+2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, sudo.c, sudo.h: The syntax to list another user's
- entries is now "-u otheruser -l". Only root or users with sudo
- "ALL" may list other user's entries.
+ * CHANGES:
+ typo
+ [e7cdefbd7a9a]
-2004-11-11 11:30 millert
+2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudo.man.in, sudo.pod: Update env variable info in
- SECURITY NOTES
+ * CHANGES:
+ sync
+ [734dafc4a85e]
-2004-11-11 11:25 millert
+ * parse.c:
+ Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
+ PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
+ [151b7f593568]
- * env.c: strip CDPATH too
+2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-11 11:20 millert
+ * CHANGES:
+ PAM change
+ [d8fb6d6a22d0]
- * env.c: strip exported bash functions from the environment.
+2004-07-08 Aaron Spangler <aaron777@gmail.com>
-2004-10-27 12:16 millert
+ * ldap.c:
+ Better debugging of ALL command
+ [9db3e84029dc]
- * sudo.c: Only reset sudo_user.pw based on SUDO_USER environment
- variables for real commands and sudoedit. This avoids a
- confusing message when a user tries "sudo -l" or "sudo -v" and is
- denied.
+2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-27 12:06 millert
+ * parse.c:
+ When matching for "sudoedit" in sudoers check both the command the
+ user typed *and* the command that is listed in the sudoers entry.
+ [f36ca1f94095]
- * gram.c, gram.y, parse.h: Extend LIST_APPEND to deal with
- appending lists too
+2004-07-04 Aaron Spangler <aaron777@gmail.com>
-2004-10-26 18:39 millert
+ * ldap.c:
+ Added !command feature
+ [ed539574611b]
- * logging.c: Convert some bitwise AND to ISSET
+2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-26 18:29 millert
+ * auth/pam.c:
+ Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
+ [2be8e0e8813a]
- * lex.yy.c, toke.c: toke.c replaces lex.yy.c
+2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-26 18:29 millert
+ * LICENSE:
+ License is ISC-style, not BSD-style
+ [ac0589e1dd5d]
- * CHANGES, TODO: sync
+ * CHANGES:
+ sync
+ [16058a30f404]
-2004-10-26 18:28 millert
+2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * BUGS: new parser fixes most of the outstanding bugs
+ * sudo.cat, sudo.man.in:
+ regen
+ [8820eb9c809b]
-2004-10-26 18:27 millert
+ * sudo.pod:
+ o Update some out of date bits to reality o Change the shell promt
+ in examples to bourne-shell style o Clarify some details o Add a
+ CAVEAT about "sudo cd /foo"
+ [b0af373214b6]
- * configure: regen
+ * check.c:
+ Don't ask for a password if invoking user == target user.
+ [dd5c96141132]
-2004-10-26 18:26 millert
+ * sudo.c:
+ typo in comment
+ [278d20f9b249]
- * visudo.c: Rework for the new parser. Now checks for unused
- aliases in sudoers.
+2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-26 18:25 millert
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [9036c6f39eff]
- * testsudoers.c: Rewrite for the new parser. Now supports a -d
- flag (dump) and adds a -h flag (host). It now defaults to the
- local hostname unless otherwise specified.
+ * sudoers.pod:
+ Expand on NOEXEC a little.
+ [9a13756aebe4]
-2004-10-26 18:23 millert
+ * TODO:
+ sync
+ [8d2c1af48de8]
- * sudo.h: Add new prototypes. Remove NOMATCH/UNSPEC (now in
- parse.h)
+ * visudo.cat, visudo.man.in:
+ regen
+ [3921f01607c8]
-2004-10-26 18:22 millert
+ * sudo.tab.c:
+ regen
+ [9338c3d68250]
- * sudo.c: Update for new parse. We now call find_path() *after* we
- have updated the global defaults based on sudoers. Also adds
- support for listing other user's privs if you are root.
+ * visudo.pod:
+ Add a check in visudo for runas_default being set after it has
+ already been used.
+ [6700358d7ad8]
-2004-10-26 18:21 millert
+ * CHANGES, parse.yacc, visudo.c:
+ Add a check in visudo for runas_default being set after it has
+ already been used.
+ [803560986a8a]
- * mon_systrace.c: Working LDAP support; also remove a now-unneeded
- rewind().
+ * sudo.tab.c:
+ regen
+ [b60636e2cf63]
-2004-10-26 18:20 millert
+ * parse.yacc:
+ Add a MATCHED macro for testing whether foo_matches has been set to
+ TRUE or FALSE. This is more readable than checking for >=0 or < 0.
+ Doesn't change the actual code generated.
+ [f376da8ccdc8]
- * logging.c, logging.h: Add NO_STDERR flag.
+2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-26 18:19 millert
+ * sudoers.cat:
+ regen
+ [6cceb6d6c9bd]
- * ldap.c: Split sudo_ldap_check() into three pieces:
- sudo_ldap_open(), udo_ldap_update_defaults() and
- sudo_ldap_check(). This allows us to connecto to LDAP, apply the
- default options, find the command in the user's path, and then
- check whether the user is allowed to run it. The important thing
- here is that the default runas user may be specified as a default
- option and that needs to be set before we search for the command.
+ * sudoers.man.in:
+ regen
+ [5acd12b730b3]
-2004-10-26 18:17 millert
+ * sudoers.pod:
+ Correct description of where Defaults specs should go.
+ [6b11ff53d7ad]
- * ldap.c: Add casts to unsigned char for isspace() to quiet a gcc
- warning.
+ * sudoers:
+ Correct description of where Defaults specs should go.
+ [868db857630d]
-2004-10-26 18:16 millert
+ * testsudoers.c, visudo.c:
+ update (c) year
+ [272c8a53604c]
- * defaults.h: Add prototype for update_defaults()
+ * logging.h:
+ update (c) year
+ [3cec76d400ce]
+
+ * ldap.c:
+ update (c) year
+ [f264632488a0]
+
+ * find_path.c:
+ update (c) year
+ [40c227af9227]
+
+ * auth/pam.c:
+ update (c) year
+ [87149e0eed50]
+
+ * auth/bsdauth.c, auth/kerb5.c:
+ update (c) year
+ [d72eb434c068]
+
+2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [83408d9e9d2e]
+
+ * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
+ Remove trailing spaces, no actual code changes.
+ [4c3bf2819293]
+
+ * tgetpass.c:
+ Remove trailing spaces, no actual code changes.
+ [96f6e0a24c26]
+
+ * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
+ Remove trailing spaces, no actual code changes.
+ [c7075d1cbed5]
+
+ * getcwd.c:
+ Remove trailing spaces, no actual code changes.
+ [776cc0374547]
+
+ * find_path.c:
+ Remove trailing spaces, no actual code changes.
+ [7ed7099f3c71]
+
+ * compat.h, defaults.c, env.c:
+ Remove trailing spaces, no actual code changes.
+ [893e83c33795]
+
+ * check.c:
+ Remove trailing spaces, no actual code changes.
+ [f77750f8803b]
+
+ * sudo.tab.c:
+ regen
+ [62e0ed883b31]
+
+ * parse.yacc:
+ Fix a >=0 that should be <0 that was improperly converted when
+ UNSPEC was added.
+ [ad1531a55a49]
+
+ * parse.yacc:
+ Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
+ NOMATCH when resetting it.
+ [ae017a12870a]
+
+ * parse.yacc:
+ Fix pastos introduced in SETNMATCH addition.
+ [6ea1c9d80681]
+
+2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ Update for configure changes
+ [637a635da287]
+
+ * sudo.tab.c:
+ regen
+ [4753c2788713]
+
+ * sudo.h:
+ Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
+ these in parse.yacc. Also in parse.yacc initialize the *_matches
+ vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
+ when setting *_matches to a value that may be
+ NOMATCH/UNSPEC/TRUE/FALSE.
+ [2ba622e15a4d]
+
+ * parse.yacc:
+ Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
+ these in parse.yacc. Also in parse.yacc initialize the *_matches
+ vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
+ when setting *_matches to a value that may be
+ NOMATCH/UNSPEC/TRUE/FALSE.
+ [746b519e41a6]
+
+ * parse.yacc:
+ Initialize runas to -2, not -1 since we need to be able to
+ distinguish between the initialized value and the value of a non-
+ match when passing along the runas value to multiple commands.
+
+ The result of this is that an unmatched runas is now set to -1, not
+ 0. This is required now that parse.c treats a FALSE value for runas
+ as being explicitly denied.
+ [7791ed3621f6]
+
+2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, visudo.c:
+ Error out if argc < 1.
+ [ce6b2a9eda3c]
+
+ * getprogname.c:
+ Error out if argc < 1.
+ [c566cce8dc78]
+
+ * configure, configure.in:
+ Add tests for what libs we need to link with for ldap and for
+ whether or not lber.h needs to be explicitly included.
+ [b2e9729cc4e7]
+
+2004-06-03 Aaron Spangler <aaron777@gmail.com>
+
+ * ldap.c:
+ Solaris native LDAP build fix
+ [39929e40eb11]
+
+2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
+ unset variable.
+ [6a4c20a66f98]
+
+ * sudo.h:
+ Add prototype for sudo_ldap_list_matches
+ [443b007a8dab]
+
+ * configure, configure.in:
+ Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+ version too. Added check for dd_fd in `DIR' if no dirfd is found;
+ this is now used to confitionally define the dirfd macro in
+ compat.h.
+ [567656978f7e]
+
+ * config.h.in:
+ Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+ version too. Added check for dd_fd in `DIR' if no dirfd is found;
+ this is now used to confitionally define the dirfd macro in
+ compat.h.
+ [34eace4faec8]
+
+ * compat.h:
+ Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+ version too. Added check for dd_fd in `DIR' if no dirfd is found;
+ this is now used to confitionally define the dirfd macro in
+ compat.h.
+ [8d50ff1bbf2a]
+
+ * closefrom.c:
+ Only check /proc/$$/fd if we have the dirfd function/macro.
+ [15e3ccce7553]
+
+ * compat.h, config.h.in, configure, configure.in:
+ Add a check for a dirfd() function (like Linux) and add a dirfd
+ macro in compat.h if there is no dirfd() function or macro.
+ [1e95756edb50]
+
+ * closefrom.c, getcwd.c:
+ dirfd() is now defined in compat.h as needed.
+ [bb1d79271188]
+
+ * CHANGES:
+ Clarify closefrom() note.
+ [f4e4a5508dda]
+
+ * parse.c:
+ When checking for a command in the directory, only copy the base dir
+ once.
+ [7a3276808b87]
+
+ * closefrom.c:
+ If there is a /proc/$$/fd directory, behave like the Solaris
+ closefrom() and only close the descriptors listed therein.
+ [19de23779e84]
+
+ * alloc.c:
+ compat.h guarantees INT_MAX is defined.
+ [1bf0c79d4606]
+
+ * compat.h:
+ Add definitions of OPEN_MAX and INT_MAX for those without it and
+ remove definition of RLIM_INFINITY (now unused).
+ [f827d1ebf96e]
+
+ * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
+ sudo.c, sudo.h, visudo.c:
+ Use PATH_MAX, not MAXPATHLEN since the former is standardized.
+ [59788f211c24]
+
+2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ sync
+ [d32fa124f1ad]
+
+ * RUNSON:
+ Add some entries that were mailed in a while ago
+ [ff8d5bfec54e]
+
+ * closefrom.c:
+ o sysconf returns a long, not an int. o check for negative return
+ value from sysconf/getdtablesize and use OPEN_MAX in this case. o
+ define OPEN_MAX to 256 for those without it (a fair guess...)
+ [ccf81ae6deb2]
-2004-10-26 18:16 millert
+2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * UPGRADE:
+ Mention change in parse order for RunAs entries.
+ [dc73b0bca617]
+
+ * configure:
+ regen
+ [07cce8e0534e]
+
+2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, README.LDAP, config.h.in, configure.in:
+ o --with-ldap now takes an optional dir as a parameter o added
+ check for ldap_initialize() and start_tls_s()
+ [2b846c7974c6]
+
+ * README.LDAP:
+ Fix some typos, word choice and formatting issues.
+ [00dc8ca84b10]
+
+2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
+ read/write as it is simpler.
+ [30f5446ee8b0]
- * defaults.c: Don't warn about line numbers now that we operate on
- a set of data structures (or LDAP) and not a file.
+ * configure, configure.in:
+ Remove hack overriding cross-compiler check. It should no longer be
+ needed.
+ [22a6cbd88608]
-2004-10-26 18:15 millert
+ * compat.h:
+ Remove select() compat bits since we no longer use select().
+ [d7bbf7cd36f5]
- * config.h.in: No long use lsearch()
+ * CHANGES, tgetpass.c:
+ Use alarm() instead of select() for the timeout for systems that
+ don't fully/properly implement select().
+ [d7cc60f15800]
-2004-10-26 18:14 millert
+2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Update for new and changed file names.
+ * CHANGES:
+ synbc
+ [132a39788e07]
-2004-10-26 18:14 millert
+ * RUNSON:
+ update
+ [61ef508380c6]
- * LICENSE: no more BSD lsearch.c
+ * set_perms.c:
+ Deal with systems that have no way of setting the effective uid such
+ as nsr-tandem-nsk.
+ [306e00e9b5a4]
-2004-10-26 18:14 millert
+ * configure, configure.in:
+ Define NO_SAVED_IDS if we don't find seteuid()
+ [8588f18345cf]
- * match.c: foo_matches() routines now live in match.c Added
- user_matches(), runas_matches(), host_matches(), cmnd_matches()
- and alias_matches() that operate on the parsed sudoers file.
+ * config.h.in, configure, configure.in:
+ Add back check for setreuid() since NSK doesn't have it.
+ [43127bd703d1]
-2004-10-26 18:12 millert
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [af4f4b20e422]
- * parse.lex, toke.l: Move parse.lex -> toke.l Rename buffer_frob()
- -> switch_buffer() WORD no longer needs to exclude '@' kill
- yywrap()
+ * CHANGES:
+ sync
+ [29ca3b699c24]
-2004-10-26 18:10 millert
+ * BUGS:
+ sync
+ [3593f17f72ed]
- * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.h:
- Rewritten parser that converts sudoers into a set of data
- structures. This eliminates ordering issues and makes it
- possible to apply sudoers Defaults entries before searching for
- the command.
+ * parse.c:
+ In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
+ explicitly denied and the command matched. This fixes a long-
+ standing bug and makes: foo machine = (ALL) /usr/bin/blah
+ foo machine = (!bar) /usr/bin/blah
-2004-10-26 18:09 millert
+ equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
+ [2f5ee244985a]
- * configure.in, lsearch.c, emul/search.h: We won't be using
- lsearch() any longer.
+ * sudoers.pod:
+ Clarify mail_noperm
+ [3238b2d41989]
-2004-10-26 18:07 millert
+2004-05-20 Aaron Spangler <aaron777@gmail.com>
- * ldap.c: sudo should not send mail if someone who runs 'sudo -l'
- has no entry.
+ * Makefile.in:
+ Missing DESTDIR in make install for sudo_noexec.la
+ [91431e821525]
-2004-10-26 16:09 millert
+2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: regen
-
-2004-10-26 16:09 millert
-
- * visudo.pod: Update warnings to match new visudo
-
-2004-10-26 16:08 millert
-
- * sudoers.pod: The new parser doesn't have the old ordering
- constraints.
+ visudo.man.in:
+ regen
+ [cdfde0dcb556]
+
+ * TODO:
+ sync
+ [4799b7d8b62c]
+
+ * sudoers.pod:
+ Remove fastboot/fasthalt (who still remembers these?) and add a
+ minimal sudoedit example.
+ [19d299f233cd]
+
+ * sample.sudoers:
+ Remove fastboot/fasthalt (who still remembers these?) and add a
+ minimal sudoedit example.
+ [b1bca73d6250]
+
+ * UPGRADE, sudo.c, visudo.c:
+ filesystem -> file system
+ [1e1afaf30469]
+
+ * TROUBLESHOOTING:
+ filesystem -> file system
+ [39fb594e9338]
+
+ * CHANGES, INSTALL:
+ filesystem -> file system
+ [85948b608ffe]
+
+ * sudo.pod, sudoers.pod:
+ Fix some minor typos and formatting goofs
+ [e94d243a0b90]
+
+ * lex.yy.c:
+ regen
+ [2eed0ab1f4c4]
+
+ * visudo.pod:
+ remove my email addr
+ [b63262c0389b]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Use @mansectform@ and @mansectsu@ everywhere Make man page
+ references links with L<>
+ [f459f4b9ddb9]
+
+ * parse.lex:
+ Accept quoted globbing characters and pass them verbatim for
+ fnmatch()
+ [8248b86e9380]
+
+ * UPGRADE:
+ Document that /tmp/.odus is gone.
+ [3667b66af5bb]
+
+ * pathnames.h.in:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [48d94c9f9ad4]
+
+ * configure:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [058d7b8cf07b]
+
+ * aclocal.m4:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [cf52c4c2803f]
-2004-10-26 16:08 millert
+ * CHANGES:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [6058c4cefcec]
+
+ * set_perms.c, sudo.c, tgetpass.c, visudo.c:
+ Preliminary changes to support nsr-tandem-nsk. Based on patches
+ from Tom Bates.
+ [2e5f81834383]
- * sudo.pod: Document that -l now takes an optional username
- argument
+ * logging.c:
+ Preliminary changes to support nsr-tandem-nsk. Based on patches
+ from Tom Bates.
+ [934bbe6872b6]
-2004-10-25 13:44 millert
+ * check.c, compat.h:
+ Preliminary changes to support nsr-tandem-nsk. Based on patches
+ from Tom Bates.
+ [390b698b5924]
- * RUNSON: AIX 5.2.0.0 works
+2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-25 13:38 millert
+ * CHANGES:
+ There was no 1.6.7p6.
+ [8013d2e6b062]
- * ldap.c: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS
- instead. Fixes a compilation problem with Solaris 9's native
- LDAP.
+ * BUGS, CHANGES:
+ sync
+ [c38b41f32857]
- Set FLAG_MONITOR when needed.
+ * Makefile.in:
+ add missing files to DISTFILES
+ [e6a80ad03039]
-2004-10-23 13:32 millert
-
- * mon_systrace.c: Call sudo_goodpath() *after* changing the cwd to
- match the traced process. Fixes relative paths.
-
-2004-10-21 12:31 millert
-
- * testsudoers.c: Kill set_perms() stub--it is no longer needed.
-
-2004-10-13 12:52 millert
-
- * sudoers.cat, sudoers.man.in, sudoers.pod: stay_setuid now
- requires set_reuid() or setresuid()
-
-2004-10-13 12:46 millert
-
- * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
- configure.in, set_perms.c, sudo.c, sudo.h: Kill use of POSIX
- saved uids; they aren't worth bothering with.
+ * sudo.cat, sudoers.cat, visudo.cat:
+ regen
+ [027bc9746dd5]
-2004-10-07 16:23 millert
+ * sudoers.man.in:
+ regen
+ [f5e85ef686cf]
- * glob.c: remove call to issetugid()
+ * Makefile.in:
+ Fix some line wrap and update (c) year
+ [bad1f46aa1ca]
-2004-10-07 14:57 millert
+2004-04-28 Aaron Spangler <aaron777@gmail.com>
- * sudoers.cat, sudoers.man.in, sudoers.pod: Remove warning about
- wildcards. Now that we use glob() the bug is fixed.
+ * README.LDAP:
+ Build Note
+ [7a061248249b]
-2004-10-07 14:52 millert
+2004-04-07 Aaron Spangler <aaron777@gmail.com>
- * parse.c: Use glob(3) instead of fnmatch(3) for matching pathnames
- and stat each result that matches the basename of the user's
- command. This makes "cd /usr/bin ; sudo ./blah" work when
- sudoers allows /usr/bin/blah. Fixes bug #143.
+ * Makefile.in:
+ Fix install-dirs
+ [be0726dd92e7]
-2004-10-07 14:27 millert
+2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in, config.h.in: Define HAVE_EXTENDED_GLOB
- for extended glob (GLOB_TILDE and GLOB_BRACE)
+ * sudo.tab.c:
+ regen
+ [3f4f0d1ab8b9]
-2004-10-07 12:59 millert
+ * visudo.c:
+ In Exit() when used as a signal handler, emsg is a pointer so
+ sizeof() is wrong so make it a #define instead. Also avoid using a
+ negative exit value. Found by Aaron Campbell
+ [78716a3a3fdc]
- * config.h.in, configure, configure.in: Check for a glob() that
- supports GLOB_BRACE and GLOB_TILDE
+2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-07 12:51 millert
+ * sudoers.pod:
+ Remove bogus sentence about uids in a User_List. Document usernames
+ vs. uid parsing in a Runas_List.
+ [7ca510b5031c]
- * LICENSE: reference glob
+ * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
+ If the user specified a uid with the -u flag and the uid exists in
+ the passwd file, set runas_user to the name, not the uid.
-2004-10-07 12:50 millert
+ When comparing usernames in sudoers, if a name is really a uid
+ (starts with '#') compare it numerically to pw_uid.
+ [8d6935d04673]
- * glob.c, emul/glob.h: 4.4BSD glob(3) with fixes from OpenBSD and
- some unneeded extensions removed.
+2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-05 17:26 millert
+ * auth/kerb5.c:
+ krb5_mcc_ops should be const; Johnny C. Lam
+ [aa8c753e426e]
- * mon_systrace.c: Just return if STRIOCINJECT or STRIOCREPLACE
- fail. It probably means we are out of space in the stack gap...
+2004-02-28 Aaron Spangler <aaron777@gmail.com>
-2004-10-05 17:20 millert
+ * CHANGES, config.h.in, ldap.c:
+ Added start_tls support
+ [7ef864c15b69]
- * CHANGES: sync
+2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-05 16:53 millert
+ * Makefile.in:
+ Clean up libtool stuff for 'make distclean' and add def_data.c,
+ def_data.h to PARSESRCS.
+ [bf9bb6bb06ab]
- * mon_systrace.c: Take a stab at ldap sudoers support here.
+2004-02-14 Aaron Spangler <aaron777@gmail.com>
-2004-10-05 15:13 millert
+ * strlcat.c, strlcpy.c:
+ Un-Fix last license munge
+ [42654b77ac71]
- * mon_systrace.c, mon_systrace.h: Detach from tracee on SIGHUP,
- SIGINT and SIGTERM. Now "sudo reboot" doesn't cause reboot to
- inadvertanly kill itself.
+2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-05 14:21 millert
+ * configure:
+ regen
+ [e4de6b23a4dc]
- * mon_systrace.c: put "monitor" in the proctitle, not "systrace"
+ * CHANGES, RUNSON, TODO:
+ checkpoint
+ [94e1ace84d5c]
-2004-10-05 14:15 millert
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [8ce784505643]
- * mon_systrace.c: When modifying the environment, don't replace
- envp when we can get away with just rewriting pointers in the
- traced process.
+ * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
+ emul/search.h, emul/utime.h:
+ More to a less restrictive, ISC-style license.
+ [a31b20e48003]
-2004-10-05 13:46 millert
+ * auth/kerb5.c, auth/pam.c:
+ More to a less restrictive, ISC-style license.
+ [e41f92b41216]
- * mon_systrace.c, mon_systrace.h: Add environment updating via
- STRIOCINJECT (if available).
+ * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
+ More to a less restrictive, ISC-style license.
+ [87534c164a52]
-2004-10-05 10:22 millert
+ * auth/bsdauth.c:
+ More to a less restrictive, ISC-style license.
+ [e21be6594b58]
- * sudoers.cat, sudoers.man.in: regen
+ * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
+ More to a less restrictive, ISC-style license.
+ [6d234be91c5e]
-2004-10-04 16:15 millert
+ * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
+ visudo.man.in, visudo.pod:
+ More to a less restrictive, ISC-style license.
+ [b02aea324fd6]
- * lex.yy.c: regen
+ * sudo_noexec.c:
+ More to a less restrictive, ISC-style license.
+ [a6da7631e0b2]
-2004-10-04 16:15 millert
+ * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudo_edit.c:
+ More to a less restrictive, ISC-style license.
+ [71cdcc241e94]
- * parse.lex: Fix bug introduced in unput() removal; want yyless(0)
- not yyless(1)
+ * sigaction.c, strerror.c:
+ More to a less restrictive, ISC-style license.
+ [4bccdedca58a]
-2004-10-04 12:09 millert
+ * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
+ set_perms.c:
+ More to a less restrictive, ISC-style license.
+ [64d772d70ab3]
- * mon_systrace.c: Include file is now mon_systrace.h
+ * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, interfaces.h:
+ More to a less restrictive, ISC-style license.
+ [520381c60a54]
-2004-10-04 12:07 millert
+ * find_path.c, getprogname.c:
+ More to a less restrictive, ISC-style license.
+ [f605d5eab6f1]
- * Makefile.in, configure, configure.in, def_data.c, def_data.h,
- def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
- sudo.c, sudo.h, sudo.tab.h, sudoers.pod: No longer call it
- tracing, it is now "monitoring" which should be more a obvious
- name to non-hackers.
+ * fileops.c:
+ More to a less restrictive, ISC-style license.
+ [4129a8b38a67]
-2004-10-01 15:06 millert
+ * env.c:
+ More to a less restrictive, ISC-style license.
+ [d5bd859757de]
- * mon_systrace.c, mon_systrace.h: Fix some XXX
+ * defaults.h:
+ More to a less restrictive, ISC-style license.
+ [008f5d5743f5]
-2004-10-01 14:30 millert
+ * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
+ defaults.c:
+ More to a less restrictive, ISC-style license.
+ [d8d7bfc8a18b]
- * mon_systrace.c, mon_systrace.h: No need to include syscall.h, use
- 1024 as the max # of entries (the max that systrace(4) allows).
+ * utime.c, version.h:
+ More to a less restrictive, ISC-style license.
+ [e2e038ad8209]
- Only need to use SYSTR_POLICY_ASSIGN once
+ * parse.lex, parse.yacc:
+ More to a less restrictive, ISC-style license.
+ [2f5942e847a1]
- Change check_syscall() -> find_handler() and have it return the
- handler instead of just running it. We need this since handler
- now have two parts: one part that generates and answer and
- another that gets called after the answer is accepted (to do
- logging).
+ * Makefile.binary:
+ More to a less restrictive, ISC-style license.
+ [1ed561734535]
- Add some missing check_exec for emul execv
+2004-02-13 Aaron Spangler <aaron777@gmail.com>
-2004-10-01 10:58 millert
+ * sudoers2ldif:
+ Merged in LDAP Support
+ [3994c4d05947]
- * sample.pam, sample.sudoers, sample.syslog.conf, sudoers: Add
- $Sudo: ChangeLog,v 1.19 2008/12/19 17:40:39 millert Exp $ tags.
+ * ldap.c, sudo.c, sudo.h:
+ Merged in LDAP Support
+ [547eaa346fcc]
-2004-10-01 10:47 millert
+ * def_data.c, def_data.h, def_data.in:
+ Merged in LDAP Support
+ [8fb255280e42]
- * config.h.in: Add missing HAVE_LINUX_SYSTRACE_H
+ * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
+ Merged in LDAP Support
+ [1038092a161e]
-2004-09-30 20:46 millert
+2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: add trace_systrace.o dependency
+ * sudo.h, sudo_noexec.c:
+ Only do "extern int errno" if errno is not a macro.
+ [b2e02a08be8b]
-2004-09-30 19:00 millert
+2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Also look for systrace.h in
- /usr/include/linux
+ * set_perms.c:
+ setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
+ euid first, then just call setuid(0) to set the real uid too.
+ [f08546e2e0ee]
-2004-09-30 18:27 millert
+ * set_perms.c:
+ Use setresuid() and setreuid() for PERM_RUNAS when appropriate
+ instead of seteuid() which may not exist.
+ [ba508581befb]
- * mon_systrace.c, mon_systrace.h: Move all struct defs and
- prototypes into trace_systrace.h and mark all but
- systace_attach() static.
+2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-30 18:14 millert
+ * LICENSE:
+ 2004
+ [37425513a342]
- * mon_systrace.c, mon_systrace.h: Add support for tracing
- emulations. At the moment, all emulations are compiled in. It
- might make sense to #ifdef them in the future, though this
- impeeds readability.
+ * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
+ Add --with-pc-insults configure option
+ [7daa5294c17b]
-2004-09-30 17:07 millert
+ * visudo.man.in:
+ Prefer VISUAL over EDITOR like old vipw did.
+ [996252a4ab65]
- * Makefile.in, configure.in, configure: rename systrace.c ->
- trace_systrace.c
+2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-30 15:58 millert
+ * sudo.man.in, sudoers.man.in:
+ regen
+ [a247f1c52eb9]
+
+ * sudoers.pod:
+ Add a note that noexec is not a cure-all.
+ [9e7fc535367d]
+
+ * sudoers.pod:
+ Mention that disabling "root_sudo" is pretty pointless.
+ [f38a415afba0]
+
+ * configure, configure.in:
+ Substitute for root_sudo in sudoers.pod
+ [ce483cfc86be]
+
+ * sudo.pod:
+ Add sudoedit to the NAME section
+ [51bc453ec2f6]
+
+ * sudoers.pod:
+ Document that fact that setting ignore_dot in sudoers has no effect
+ due to the fact that find_path() is called *before* sudoers is read.
+ [6808df7e417c]
+
+2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.yacc: Allow this to build with a K&R compiler again
+ * sudo_edit.c:
+ Do not require _PATH_USRTMP to be set.
+ [546f3270dd10]
-2004-09-30 13:58 millert
+ * BUGS, CHANGES, TODO:
+ sync
+ [4205ddeab781]
- * TODO: sync
+ * sudo.man.in:
+ regen
+ [e2143690a88a]
-2004-09-30 13:55 millert
+ * sudo.pod:
+ Clarify that when sudo is run by root with the SUDO_USER variable
+ set, the sudoers lookup happens for root and not the SUDO_USER user.
+ [47207bec1bdf]
+
+2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
+ set_perms.c, sigaction.c, sudo.c, tgetpass.c:
+ Use the SET, CLR and ISSET macros.
+ [a8b0d7f1e8fd]
+
+ * fnmatch.c:
+ Use the SET, CLR and ISSET macros.
+ [1afbcba22ba6]
+
+ * defaults.c, env.c:
+ Use the SET, CLR and ISSET macros.
+ [2f39431e0a49]
+
+ * interfaces.h:
+ MAIN was replaced with _SUDO_MAIN some time ago.
+ [ea1b38f2ac9d]
+
+ * sudo.c:
+ Don't look at prev_user until after we've parsed sudoers and done
+ the password check. That way, if sudo/sudoedit is run from a root
+ process that was invoked by sudo, we check sudoers for root, not the
+ previous user. This makes sudoedit much more useful and means that
+ for the sudo case, we get correct logging on who actually ran the
+ command.
+ [431dfbf20552]
+
+2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Add a comment describing why we need to be notified about our child
+ stopping.
+ [0bec3ce4b49d]
+
+2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.in:
+ Update the noexec variable descriptions
+ [9cb7f1aa0e57]
+
+ * sudoers.man.in, sudoers.pod:
+ noexec now replaces more than just execve()
+ [23cbdc0ee95c]
+
+ * sudo_noexec.c:
+ Alas, all the world does not go through execve(2). Many systems
+ still have an execv(2) system call, Linux 2.6 provides fexecve(2)
+ and it is not uncommon for libc to have underscore ('_') versions of
+ the functions to be used internally by the library. Instead of
+ stubbing all these out by hand, define a macro and let it do the
+ work. Extra exec functions pointed out by Reznic Valery.
+ [9fa0cd871b0c]
+
+ * sudo.c, sudo_edit.c:
+ Fix suspending the editor in -e mode. Because we do a fork() first
+ we need to be notified when the child has been stopped and then send
+ that same signal to ourself so the shell can do its job control
+ thing.
+ [773165eb6057]
+
+ * visudo.c:
+ Use WIFEXITED and WEXITSTATUS macros. If there are systems out
+ there that want to run sudo that still don't support these we can
+ try to deal with that later.
+ [6af68e4aff60]
+
+ * lex.yy.c:
+ regen
+ [403435317d5d]
+
+ * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
+ Document sudo -e / sudoedit
+ [a80f6ea910af]
+
+ * configure, configure.in:
+ fix typo
+ [5020fcdc27f4]
+
+ * config.h.in, configure.in:
+ Add SET/CLR/ISSET
+ [03ff57286e7e]
+
+2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Allow non-exclusive flags when invoked as sudoedit. Pretty print the
+ long usage() line to not wrap (assumes 80 char display)
+ [3941fa4004bb]
+
+ * Makefile.in, sudo.c:
+ If sudo is invoked as "sudoedit" the -e flag is implied and no other
+ flags are permitted.
+ [929670b01293]
+
+ * sudo.h:
+ Add a new flag, -e, that makes it possible to give users the ability
+ to edit files with the editor of their choice as the invoking user,
+ not the runas user. Temporary files are used for the actual edit
+ and the temp file is copied over the original after the editor is
+ done.
+ [c4051414c1f4]
+
+ * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
+ Add a new flag, -e, that makes it possible to give users the ability
+ to edit files with the editor of their choice as the invoking user,
+ not the runas user. Temporary files are used for the actual edit
+ and the temp file is copied over the original after the editor is
+ done.
+ [37ac05c8ac3c]
+
+ * env.c, sudo.c:
+ If real uid == 0 and the SUDO_USER environment variables is set, use
+ that to determine the invoking user's true identity. That way the
+ proper info gets logged by someone who has done "sudo su" but still
+ uses sudo to as root. We can't do this for non-root users since
+ that would open up a security hole, though perhaps it would be
+ acceptable to use getlogin(2) on OSes where this a system call (and
+ doesn't just look in the utmp file).
+ [c2f9198708a1]
+
+ * pathnames.h.in:
+ Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
+ [7d9e5768df93]
+
+ * config.h.in, configure, configure.in:
+ Add check for fchown(2)
+ [a85df18798ed]
+
+2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Back out portions of the -i commit that set NewArgv[0] in
+ set_runaspw. It is far to late to set NewArgv[0] there and will have
+ no effect anyway as cmnd and safe_cmnd have already been set.
+ [c2d343430c1c]
+
+ * visudo.c, visudo.pod:
+ Prefer VISUAL over EDITOR like old vipw did.
+ [ae32f477cea3]
+
+2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ In -i mode always set new environment based on the runas user's
+ passwd entry.
+ [fa653b7887a8]
+
+2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man.in, sudo.pod:
+ Document the new -i flag and sync SYNOPSIS section with usage() in
+ sudo.c. Also sort the flags in the OPTIONS section.
+ [6aabc0ffc47e]
+
+ * sudo.c, sudo.h:
+ o Add -i that acts similar to "su -", based on patches from David J.
+ MacKenzie o Sort the flags in the usage message
+ [c0fe7d6beffd]
+
+ * sudoers.man.in, sudoers.pod:
+ Add a missing @runas_default@ substitution.
+ [60516fe2d090]
+
+2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Change euid to runas user before calling find_path().
+ Unfortunately, though runas_user can be modified in sudoers we
+ haven't parsed sudoers yet.
+ [f469fdf2e313]
+
+ * sudoers.man.in, sudoers.pod:
+ Add missing defintion of Parameter_List and use single pipes in the
+ Defaults EBNF definition.
+ [f7bed6e909bf]
+
+ * sudo.c:
+ Fix a bug when set_runaspw() is used as a callback. We don't want
+ to reset the contents of runas_pw if the user specified a user via
+ the -u flag.
+
+ Avoid unnecessary passwd lookups in set_authpw(). In most cases we
+ already have the info in runas_pw.
+ [efc35623ba09]
+
+2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ Add Stan Lee / Uncle Ben quote to the lecture from RedHat
+ [ebd5a76ccd7e]
+
+ * sudo.h:
+ Update sudo_getepw() proto and add one for set_runaspw()
+ [6ed65795c17f]
+
+ * parse.c:
+ If we can't stat the command as root, try as the runas user instead.
+ [ae713fca0e15]
+
+ * testsudoers.c, visudo.c:
+ Add stub set_runaspw() function
+ [42aa37050053]
+
+ * sudo.c:
+ Add set_runaspw() function to fill in runas_pw. This will be used
+ as a callback to update runas_pw when the runas user changes.
+ [e570aa0088d0]
+
+ * env.c, sudo.c:
+ PERM_RUNAS -> PERM_FULL_RUNAS
+ [51eec6f9e89a]
+
+ * set_perms.c, sudo.h:
+ Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
+ changes the euid.
+ [877c6fe4d12c]
+
+ * getspwuid.c:
+ Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
+ one chunk for easy free()ing. Also change it from static to extern.
+ [ab503260a7ec]
+
+ * defaults.c, defaults.h:
+ Add callback support
+ [a61c4ca983fb]
+
+ * mkdefaults:
+ Add a callback field and use it for runas_default
+ [96b69c27df5e]
+
+ * def_data.c, def_data.in:
+ Add a callback field and use it for runas_default
+ [d3e9f06872b8]
+
+2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/fwtk.c:
+ Add support for chalnecho and display server responses used by fwtk
+ >= 2.0
+ [b1870f7aaf0d]
+
+2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.man.in, sudoers.pod:
+ ld.so is ld.so.1 on solaris
+ [2bf9a123fa4c]
+
+ * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
+ Use closefrom() instead of doing the equivalent inline.
+ [7e3ef6072884]
+
+ * closefrom.c:
+ closefrom(3) for systems w/o it
+ [35caf58bb636]
+
+2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.man.in:
+ Update from .pod file.
+ [d4c94fc0e0c9]
+
+ * configure, configure.in:
+ Substitute noexec_file for the sudoers man page
+ [203d3376a551]
+
+ * sudo.man.in, sudo.pod:
+ Mention noexec
+ [014375ddbb06]
+
+ * sudoers.man.in, sudoers.pod:
+ Document noexec
+ [49a65d06201f]
+
+ * auth/pam.c, config.h.in, configure.in:
+ Move PAM_CONST macro definition from config.h to pam.c where it
+ belongs. We can't have this in config.h since that gets included too
+ early.
+ [e64748071637]
+
+ * auth/pam.c, config.h.in, configure, configure.in:
+ Some PAM implementations put their headers in /usr/include/pam
+ instead of /usr/include/security.
+ [8cc749e9575c]
+
+ * configure.in:
+ I missed changing the EXEC macro -> EXECV here when I changed this
+ in config.h.in and sudo.c a while ago.
+ [6f5afac7789f]
+
+ * acsite.m4:
+ OpenBSD vax/m88k/hppa don't do shared libs
+ [e4901d958bb7]
+
+ * configure, configure.in:
+ o merge the hpux case entries into a single entry w/ its own sub-
+ case statement. o HP-UX >= 11 support getspnam(), use it in
+ preference to getprpwuid()
+ [0caad428894e]
+
+ * configure, configure.in:
+ eval $shrext so that it expands nicely on MacOS X
+ [40419343eef8]
+
+ * Makefile.in:
+ Don't lie about making a module, it does the wrong thing on mach
+ [7629b28f5688]
+
+ * ltmain.sh:
+ Remove requirement that libs must begin with "lib". They don't when
+ we point directly at the lib using LD_PRELOAD or its equivalent.
+ [d66f3de6ec85]
+
+ * acsite.m4:
+ Disable support for c++, f77 and java. We don't need it, it takes a
+ lot of time, and it hosed our check for shared lib support.
+ [4f5749c52ce4]
+
+ * configure:
+ regen
+ [160865e9d15f]
+
+ * configure.in:
+ Call AC_ENABLE_SHARED and check the status of enable_shared to know
+ when shared libs are available.
+ [42504c1668fc]
+
+ * acsite.m4:
+ Duh, OpenBSD suports shared libs too
+ [8e3cd9417475]
+
+ * config.h.in, configure.in:
+ Only OpenPAM and Linux PAM use const qualifiers.
+ [b2f76476e866]
+
+ * configure, configure.in:
+ o No need to check for sed, libtool config does that for us o move
+ check for --with-noexec until after libtool magic is run so we can
+ use $can_build_shared and $shrext
+ [668c656e89cc]
+
+ * ltmain.sh:
+ Don't print a bunch of crap about library installs since we are not
+ really installing a library.
+ [83fbcad29fe4]
+
+ * env.c:
+ Make format_env() varargs Add noexec support for Darwin, MacOS X,
+ Irix, and Tru64
+ [468885d75d10]
+
+ * acsite.m4, ltconfig, ltmain.sh:
+ Update to libtool 1.5 with local changes: o no ldconfig in the
+ finish step o assume no libprefix or version is needed
+ [4961cffc3797]
+
+ * sudo_noexec.c:
+ Fix compilation under K&R
+ [8b309bf0b1b2]
+
+2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint
+ [3c368badab32]
+
+ * sudo_noexec.c:
+ stub execve() that just returns EACCES; used for noexec
+ functionality
+ [1297acae283a]
+
+ * sudo.tab.h:
+ Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
+ generated code.
+ [dcab78c49273]
+
+ * sudo.tab.c:
+ Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
+ generated code.
+ [0a61c735eabe]
+
+2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in:
+ Move the environment defaults to the end and shorten a few of the
+ descriptions.
+ [66787b9c612c]
+
+ * configure, configure.in:
+ no shared libs on ultris or convexos
+ [2c5f3c456e32]
+
+ * Makefile.in, configure, configure.in:
+ Build sudo_noexec shared object using libtool; could use some
+ cleanup.
+ [373f483555dd]
+
+ * acsite.m4, ltconfig, ltmain.sh:
+ libtool scaffolding
+ [c903a42e3d90]
+
+ * parse.yacc, sudo.tab.c:
+ Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
+ important.
+ [c6e8a34639a4]
+
+ * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
+ parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
+ update copyright year
+ [a16372ae1711]
+
+ * configure, configure.in, defaults.c, env.c, pathnames.h.in:
+ Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
+ option. The default value of noexec_file is set to this.
+ [7d88e1d3c494]
- * sudo.c, compat.h, visudo.c: Use __attribute__((__noreturn__))
+ * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
+ parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
+ sudo.tab.h:
+ Add support for preloading a shared object containing a dummy
+ execve() function that just sets error and returns -1. This adds a
+ "noexec_file" option to load the filename as well as a "noexec" flag
+ to enable it unconditionally. There is also a NOEXEC tag that can
+ be attached to specific commands and an EXEC tag to disable it.
+ [c8b6712feb91]
+
+ * mkdefaults:
+ add missing newline to usage statement
+ [e84746618362]
+
+ * config.h.in, sudo.c:
+ Rename EXEC macro -> EXECV
+ [ddaa0c027299]
+
+ * logging.c:
+ Don't truncate usernames to 8 characters in the log message.
+ [f62a20f27075]
+
+ * check.c, sudoers.man.in, sudoers.pod:
+ Update copyright year
+ [ca9964054085]
-2004-09-30 13:44 millert
+ * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
+ sudoers.pod:
+ Add a new option, lecture_file, that can be used to point to a
+ custom sudo lecture.
+ [940133231216]
- * visudo.c: Exit() takes a negative value to indicate it was not
- called via signal.
+2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-30 13:25 millert
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c:
+ Add a zero_bytes() function to do the equivalent of bzero in such a
+ way that will heopfully not be optimized away by sneaky compilers.
+ [161b6d74bfb4]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: regen
+ * zero_bytes.c:
+ Add a zero_bytes() function to do the equivalent of bzero in such a
+ way that will heopfully not be optimized away by sneaky compilers.
+ [d035abf0af94]
-2004-09-30 13:22 millert
+ * Makefile.in, sudo.h:
+ Add a zero_bytes() function to do the equivalent of bzero in such a
+ way that will heopfully not be optimized away by sneaky compilers.
+ [ff136de3e255]
- * Makefile.in, visudo.c: Define Err() and Errx() that are like
- err() and errx() but call Exit() instead of exit(). Build
- private copy of alloc.o for visudo that calls Err() and Errx().
+ * err.c:
+ Use #ifdef __STDC__, not #if __STDC__.
+ [6889dd6bc51a]
-2004-09-29 15:22 millert
+2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * lex.yy.c: regen
+ * mkdefaults:
+ Always put at least one space between the def_* macro name and its
+ definition.
+ [6b3ad0e6619a]
-2004-09-29 15:22 millert
+ * configure, configure.in:
+ Adjust code for --without-lecture to match new values.
+ [062aa788a6b9]
- * CHANGES: sync
+ * visudo.man.in:
+ regen after pasto fix
+ [3deec16906c0]
-2004-09-29 14:41 millert
+ * sudoers.man.in, sudoers.pod:
+ Document that "lecture" has changed from a flag to a tuple.
+ [e2c03062b533]
- * visudo.c: Overhaul visudo for editing multiple files: o visudo
- has been broken out into functions (more work needed here) o
- each file is now edited before sudoers is re-parsed o if a
- #include line is added that file will be edited too
+ * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
+ defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
+ Add support for tuples in def_data.in; these are implemented as an
+ enum type. Currently there is only a single tuple enum but in the
+ future we may have one tuple enum per T_TUPLE entry in def_data.in.
+ Currently listpw, verifypw and lecture are tuples. This avoids the
+ need to have two entries (one ival, one str) for pwflags and syslog
+ values.
+
+ lecture is now a tuple with the following values: never, once,
+ always
+
+ We no longer use both an int and string entry for syslog facilities
+ and priorities. Instead, there are logfac2str() and logpri2str()
+ functions that get used when we need to print the string values.
+ [5293f946c836]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
+ check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
+ logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
+ sudo.tab.c, visudo.c:
+ Create def_* macros for each defaults value so we no longer need the
+ def_{flag,ival,str,list,mode} macros (which have been removed). This
+ is a step toward more flexible data types in def_data.in.
+ [009c02934106]
+
+ * TODO:
+ checkpoint
+ [0a99a4bb5d15]
- TODO: o cleanup temp files when exiting via err() or errx() o
- continue breaking things out into separate functions
+2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ If we are in -k/-K mode, just spew to stderr. It is not unusual for
+ users to place "sudo -k" in a .logout file which can cause sudo to
+ be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
+ Previously, this would result in useless mail and logging.
+ [d282e7ed63af]
-2004-09-29 14:36 millert
+2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c: Add keepopen
- arg to open_sudoers that open_sudoers can use to indicate to the
- caller that the fd should not be closed when it is done with it.
- To be used by visudo to keep locked fds from being closed
- prematurely (and thus losing the lock).
+ * visudo.pod:
+ fix pasto in VISUAL description
+ [1c6a6148b5f9]
-2004-09-29 14:33 millert
+2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.yacc, sudo.c: Add errorfile global that contains the name
- of the file that caused the error.
+ * configure:
+ regen
+ [f44312c63799]
-2004-09-29 14:30 millert
+ * CHANGES:
+ checkpoint
+ [0c42e38f78d5]
- * parse.lex: return COMMENT to yacc grammar for a #include line
+ * TROUBLESHOOTING:
+ Some OSes (like Solaris) allow export w/ nosuid too
+ [973ce85ffa12]
-2004-09-29 14:29 millert
+2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.lex: Remove us of unput() in favor of yyless() which is
- cheaper.
+ * compat.h:
+ We don't use FD_ZERO anymore so just define FD_SET (if not already
+ there).
+ [d1c8c11905cd]
-2004-09-29 14:28 millert
+2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.yacc: Allow an empty sudoers file.
+ * auth/pam.c:
+ Fix a core dump on Solaris by preserving the pam_handle_t we used
+ during authentication for pam_prep_user(). If we didn't
+ authenticate (ie: ticket still valid), we call pam_init() from
+ pam_prep_user(). This is something of a hack; it may be better to
+ change the auth API and add an auth_final() function that acts like
+ pam_prep_user().
+ [f787de49b175]
-2004-09-28 16:50 millert
+2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * mon_systrace.c: Rewind sudoers_fp now that sudoers_lookup()
- doesn't do it for us.
+ * set_perms.c:
+ Add explicit declaration of printerr variable in function header
+ (was defaulting to int which is OK but oh so K&R :-). From Theo.
+ [492c2358783f]
-2004-09-28 14:37 millert
+2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * lex.yy.c: regen
+ * config.h.in, configure.in:
+ s/HAVE_STOW/USE_STOW/
+ [4b99e1824ece]
-2004-09-28 14:36 millert
+ * logging.c:
+ Also exit waitpid() loop when pid == 0. Fixes a problem where the
+ sudo process would spin eating up CPU until sendmail finished when
+ it has to send mail.
+ [ec3d5792b9b4]
+
+2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: Do signal setup before calling edit_sudoers(). Don't
- shadow the "quiet" global.
+ * fnmatch.c:
+ Remove advertising clause, UCB has disavowed it
+ [43a26bbd6628]
-2004-09-28 14:33 millert
+ * fnmatch.3:
+ Remove advertising clause, UCB has disavowed it
+ [3ff24291bcfa]
- * visudo.c: If a sudoers file includes other files, edit those too.
- Does not yes deal with creating the new includes files itself.
+2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-28 14:31 millert
+ * parse.c:
+ Don't assume that getgrnam() calls don't modify contents of struct
+ passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
+ Based on a patch from Kirk Webb.
+ [5574c68f60f3]
- * testsudoers.c: init_parser now takes a path
+2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-28 14:31 millert
+ * configure.in:
+ missing ;;
+ [22378f2a9d31]
- * parse.c, parse.h, parse.lex, parse.yacc: More scaffolding for
- dealing with multiple sudoers files: o init_parser() now takes a
- path used to populate the sudoers global o the sudoers global is
- used to print the correct file in yyerror() o when switching to
- a new sudoers file, perserve old file name and line number
+ * configure.in:
+ darwin has a broken setreuid() in at least some versions
+ [d572aed930d2]
-2004-09-28 14:29 millert
+ * env.c:
+ Fix an off by one error when reallocating the environment; Kevin Pye
+ [3d98e7cf097a]
- * Makefile.in, pathnames.h.in: Kill _PATH_SUDOERS_TMP; it is not
- meaningful now that we can have multiple sudoers files.
+2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-28 13:52 millert
+ * sudoers.pod:
+ Fix User_Spec definition; SEKINE Tatsuo
+ [49b0da65e090]
- * parse.c, sudo.c: Rewind sudoers_fp in open_sudoers() instead of
- sudoers_lookup() so we start at the right file position when
- reading include files.
+2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-27 21:04 millert
+ * HISTORY:
+ More info on the early days from Coggs.
+ [9381ca10b06b]
- * sudoers.pod: document #include
+2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-27 20:47 millert
+ * auth/kerb5.c:
+ remove errant semicolon that prevented compilation under heimdal
+ [d2f2bb73a598]
- * lex.yy.c: regen
+2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-27 20:47 millert
+ * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
+ add DARPA credit on affected files
+ [7020785ee50d]
- * parse.lex: Add max depth of 128 for the include stack to avoid
- loops.
+ * sudoers.pod:
+ add DARPA credit on affected files
+ [83b46318750b]
- Since yyerror() doesn't stop parsing, pass return values back to
- yylex and call yyterminate() on error.
+ * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudoers.man.in:
+ add DARPA credit on affected files
+ [d8adf1c2ba22]
-2004-09-27 14:06 millert
+ * set_perms.c:
+ add DARPA credit on affected files
+ [3d79fdabb582]
- * sudoers.pod: document tracing
+ * pathnames.h.in:
+ add DARPA credit on affected files
+ [e334cdda422f]
-2004-09-27 14:05 millert
+ * logging.c, parse.c:
+ add DARPA credit on affected files
+ [8f75f822755b]
- * sudo.pod: Mention PREVENTING SHELL ESCAPES section of sudoers man
- page
+ * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
+ find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
+ interfaces.h:
+ add DARPA credit on affected files
+ [da66e28fb3f5]
-2004-09-27 12:08 millert
+ * auth/kerb5.c, auth/pam.c:
+ add DARPA credit on affected files
+ [15da3021b49c]
- * lex.yy.c: regen
+ * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
+ version.h:
+ add DARPA credit on affected files
+ [868d54cbddea]
-2004-09-27 12:03 millert
+ * env.c:
+ add DARPA credit on affected files
+ [90239f51ef0a]
- * parse.lex: Add support for #include in sudoers (visudo support
- TBD)
+ * defaults.c, defaults.h:
+ add DARPA credit on affected files
+ [6a64205fd1eb]
-2004-09-27 12:02 millert
+ * compat.h:
+ add DARPA credit on affected files
+ [316a735783c4]
- * parse.yacc: make yyerror()'s argument const
+ * Makefile.in, alloc.c, check.c:
+ add DARPA credit on affected files
+ [cd939e05c810]
-2004-09-27 12:02 millert
+ * LICENSE:
+ slightly different wording for the darpa credit
+ [e468909c4a21]
- * testsudoers.c, visudo.c: Add open_sudoers() stubs.
+2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-27 12:01 millert
+ * LICENSE:
+ Add DARPA credit
+ [8eb20e2cd63e]
- * sudo.c, sudo.h: Rename check_sudoers() open_sudoers() and make it
- return a FILE *
+2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-26 12:35 millert
+ * auth/kerb5.c:
+ Use krb5_princ_component() instead of krb5_princ_realm() for MIT
+ Kerberos like we did before I messed things up ;-)
- * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
- version.h: Crank version
+ Use krb5_principal_get_comp_string() to do the same thing w/
+ Heimdal. I'm not sure if the component should be 0 or 1 in this
+ case.
-2004-09-26 12:33 millert
+ #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
+ older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
+ should be a configure check for this I guess.
+ [74919a3933fe]
- * Makefile.in, sudo.psf: Better HP-UX depot construction
+2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-25 17:08 millert
+ * sample.sudoers:
+ builtin -> built-in; Jason McIntyre
+ [027f2187923e]
+
+ * TROUBLESHOOTING, config.h.in, configure, configure.in:
+ builtin -> built-in; Jason McIntyre
+ [70b81ac48943]
+
+ * sudoers.pod:
+ built in -> built-in; Jason McIntyre
+ [da658ef5138d]
+
+2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint for 1.6.7p3
+ [da85f989fadf]
+
+ * HISTORY:
+ Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
+ Amazingly, sudo source from 1985 is available via groups.google.com
+ [39e0fc85b89f]
+
+ * sudo.c:
+ Don't change rl.rlim_max for RLIMIT_CORE. We need only set
+ rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
+ RLIMIT_CORE restoration on some OSes.
+ [7e2c1a7adfd8]
+
+2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Make this compile on Heimdal and MIT Kerberos 5
+ [44c07d615868]
+
+ * config.h.in, configure, configure.in:
+ Check for heimdal even if we found krb5-config and define
+ HAVE_HEIMDAL.
+ [aba0126f0059]
- * mon_systrace.c: o Made children global so check_exec() can lookup
- a child. o Replaced uid in struct childinfo with struct passwd *
- (for runas) o new_child() now takes a parent pid so the runas
- info can be inherited o Added find_child() to lookup a child by
- its pid o update_child() now fills in a struct passwd o Converted
- the big if/else mess in set_policy to a switch o Syscalls that
- change uid are now "ask" so we get SYSTR_MSG_UGID events
+ * auth/kerb5.c:
+ Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
+ no longer defined by MIT kerb5 (though it used to be and indeed
+ remains so in Heimdal).
+ [e5a6c64d7cd5]
-2004-09-25 17:01 millert
+2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * getspwuid.c: Add flag to sudo_pwdup that indicates whether or not
- to lookup the shadow password. Will be used to a struct passwd
- that has the shadow password already filled in.
+ * mkinstalldirs:
+ Remove newer stuff that passes multiple (possibly duplicate)
+ directories to "mkdir -p" since that seems to break on Tru64 Unix at
+ least. This basically brings back what shipped with sudo 1.6.6.
+ [f2a1abd872b3]
-2004-09-25 16:58 millert
+2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * mon_systrace.c: add missing increment of addr in read_string()
+ * auth/kerb5.c:
+ Correct number of args to krb5_principal_get_realm() and fix an
+ unclosed comment that hid the bug.
+ [0b37f8ce7824]
-2004-09-25 16:15 millert
+ * configure:
+ regen
+ [1876cb840fe0]
- * mon_systrace.c: Remove bogus call to update_child() and some
- cosmetic fixes
+ * configure.in:
+ ++version
+ [480aff7c048e]
-2004-09-25 16:11 millert
+ * README:
+ ++version
+ [488e0bbff613]
- * mon_systrace.c: Don't leak /dev/systrace fd to tracee Make
- initialized global for simplicity If STRIOCATTACH returns EBUSY
- we are already being traced Check for user_args == NULL in
- setproctitle() call Add missing calls to STRIOCANSWER
+ * Makefile.in:
+ ++version
+ [97ef63cedc38]
-2004-09-25 13:15 millert
+ * INSTALL.binary:
+ ++version
+ [a506204e77d0]
- * sudo.c: g/c sudo_pwdup proto
+ * INSTALL:
+ ++version
+ [555aeba5c2bf]
-2004-09-24 20:21 millert
+ * CHANGES, version.h:
+ ++version
+ [f66985a64063]
- * Makefile.in, sudo.psf: Add target for building a depot file
+ * BUGS:
+ ++version
+ [ea3573432412]
-2004-09-24 20:07 millert
+ * configure.in:
+ use krb5-config to determine Kerberos V details if it exists
+ [7b46bbdaf774]
+
+ * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
+ find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
+ testsudoers.c, visudo.c:
+ Use warn/err and getprogname() throughout. The main exception is
+ openlog(). Since the admin may be filtering logs based on the
+ program name in the log files, hard code this to "sudo".
+ [9f180d015cfa]
+
+ * Makefile.in:
+ Add getprogname.c and err.c
+ [d411c54a07dc]
+
+ * configure:
+ regen
+ [6d585d391acc]
+
+ * config.h.in, configure.in:
+ Add checks for getprognam(), __progname and err.h
+ [bcbccf61d34a]
+
+ * emul/err.h:
+ For systems withour err/warn functions.
+ [1b33118884d9]
+
+ * err.c:
+ For systems withour err/warn functions.
+ [26721f6b041f]
+
+ * getprogname.c:
+ For systems neither getprogname() nor __progname; uses Argv[0].
+ [841cf42af1eb]
+
+2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint for 1.6.7p1
+ [5bfdaf441dce]
+
+ * sudo.c, testsudoers.c:
+ fix strlcpy() rval check (innocuous)
+ [e05ac7e0d1f3]
+
+ * check.c:
+ oflow detection in expand_prompt() was faulty (false positives). The
+ count was based on strlcat() return value which includes the length
+ of the entire string.
+ [086c5a0acb25]
+
+2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON, TODO:
+ checkpoint for the sudo 1.6.7 release
+ [096bab4da29a] [SUDO_1_6_7]
+
+ * CHANGES:
+ checkpoint for the sudo 1.6.7 release
+ [87322187ed78]
+
+2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ g/c unused variable
+ [c57cd4a17765]
+
+ * configure:
+ regen
+ [e7c1f581dfac]
+
+ * configure.in:
+ use man sections 8 and 5 for csops
+ [87de581bda88]
+
+2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [cb1433a9c7a1]
+
+ * configure.in:
+ Add -lskey or -lopie directly to SUDO_LIBS instead of having
+ AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
+ [ac5667978939]
+
+ * configure:
+ regen
+ [638459118a2a]
+
+ * configure.in:
+ Add --with-blibpath for AIX. An alternate libpath may be specified
+ or
+ -blibpath support can be disabled. Also change conifgure such that
+ -blibpath is not specified if no -L libpaths were added to
+ SUDO_LDFLAGS.
+ [c7d17b480cad]
+
+ * aclocal.m4:
+ Add --with-blibpath for AIX. An alternate libpath may be specified
+ or
+ -blibpath support can be disabled. Also change conifgure such that
+ -blibpath is not specified if no -L libpaths were added to
+ SUDO_LDFLAGS.
+ [37022e991575]
+
+ * INSTALL:
+ Add --with-blibpath for AIX. An alternate libpath may be specified
+ or
+ -blibpath support can be disabled. Also change conifgure such that
+ -blibpath is not specified if no -L libpaths were added to
+ SUDO_LDFLAGS.
+ [4b4bbe5bbe1b]
+
+ * configure.in:
+ add AIX blibpath support
+ [16ba788bf086]
+
+ * INSTALL, configure.in:
+ --with-skey and --with-opie now take an option directory argument
+ This obsoletes a --with-csops hack (/tools/cs/skey)
+
+ Also remove the remaining direct uses of "echo"
+ [5b4986a90c03]
+
+2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Detect KTH Kerberos IV and deal with it. Also make -lroken optional
+ for KTH Kerberos IV and V.
+ [119f97b48e18]
+
+ * aclocal.m4:
+ Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
+ -R/path/to/dir if $with_rpath) to the specified variable.
+ [e55e49d076ce]
+
+ * INSTALL, configure.in:
+ Add -R/path/to/libs for Solaris and SVR4. There is a new configure
+ option, --with-rpath to control this behavior.
+ [d4730c5399ab]
+
+ * configure.in:
+ for kerb4 put libdes after libkrb on the link line
+ [5c566100eab6]
+
+ * auth/kerb4.c:
+ typo
+ [6541b72b64a3]
+
+ * configure.in:
+ fix kerberos lib check when a path is specified
+ [ae833a914c6f]
+
+ * logging.c:
+ Fix boolean thinko in SIGCHLD reaper and call reapchild after
+ sending mail instead of doing a conditional sudo_waitpid.
+ [86fa9a35df5a]
+
+2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [e6275cf528ba]
+
+ * configure.in:
+ replace =DIR with [=DIR] where sensible
+ [c39a59173b38]
+
+ * configure.in:
+ o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
+ detection based on openssh's configure.in
+ [5b7a340912df]
+
+ * INSTALL:
+ --with-kerb4 and --with-kerb5 now take an optional argument.
+ [71ed87fc9c64]
+
+2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/securid.c:
+ Kill remaining strcpy(), the programmer's guide says username is 32
+ bytes.
+ [bdba70fcd08d]
+
+ * auth/kerb4.c:
+ trat uid_t as unsigned long for printf and use snprintf, not sprintf
+ [8072f5f8966d]
+
+ * auth/rfc1938.c:
+ use snprintf
+ [fc0c70c665fe]
+
+2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/sudo_auth.c:
+ update copyright year
+ [b0a10ccb1d0e]
+
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ update copyright year
+ [8fce0034eb51]
+
+ * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
+ configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
+ parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
+ sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
+ update copyright year
+ [d541e75fe520]
+
+ * check.c, env.c, sudo.c:
+ Cast [ug]ids to unsigned long and printf with %lu
+ [2ede64d3592b]
- * mon_systrace.c: trim includes
+ * configure:
+ regen
+ [c7c3245bdf3e]
-2004-09-24 14:11 millert
+ * configure.in:
+ correct error messages for --with-sudoers-{mode,uid,gid}
+ [77fc15b1c9db]
- * lex.yy.c, sudo.tab.h: regen
+ * alloc.c:
+ make the malloc(0) error specific to each function to aid tracking
+ down bugs.
+ [a58c34374b4b]
+
+ * alloc.c:
+ deal with platforms where size_t is signed and there is no SIZE_MAX
+ or SIZE_T_MAX
+ [7192abb4ab4e]
+
+ * auth/kerb5.c:
+ Make this compile w/ Heimdal and fix some gcc warnings.
+ [f52f026f31c2]
-2004-09-24 14:10 millert
+ * sudo.c:
+ Use stat_sudoers macro so --with-stow can work
+ [c3674735c139]
- * INSTALL: document --with-systrace
+ * INSTALL, config.h.in, configure, configure.in:
+ Add support for --with-stow based on patches from Robert Uhl
+ [b274cc1dd52c]
-2004-09-24 14:10 millert
+ * env.c:
+ fix indentation
+ [110d9f1721b1]
- * config.h.in, configure, configure.in: Add check for setproctitle
+ * configure.in:
+ back out rev 1.352
+ [1eee91c83f11]
-2004-09-24 14:09 millert
+ * lex.yy.c:
+ regen
+ [72fba1c9590b]
- * mon_systrace.c: pass struct str_msg_ask in to syscall checker so
- it can set the error code
+ * parse.lex:
+ use strlcpy, not strncpy
+ [4faccbaeccef]
-2004-09-24 13:30 millert
+ * set_perms.c:
+ Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
+ [33bf0d18fdc1]
- * mon_systrace.c: systrace(4) support for sudo. On systems with
- the systrace(4) kernel facility (OpenBSD, NetBSD, Linux w/
- patches) sudo can intercept exec calls and check the exec args
- against the sudoers file. In other words, sudo can now control
- subcommands and shell escapes.
+ * logging.c:
+ use pid_t
+ [3e0536993d2c]
-2004-09-24 13:17 millert
+2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c, sudo.h: Call systrace_attach() if FLAG_TRACE is set.
+ * strlcat.c, strlcpy.c:
+ Make gcc shutup about unused rcsid
+ [1669a0c74e9e]
-2004-09-24 13:15 millert
+ * interfaces.c:
+ Move the n == 0 check for the non-getifaddrs cas
+ [2460be061b2a]
- * parse.c, parse.h, parse.lex, parse.yacc, sudo.h: Add trace
- Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
+ * auth/rfc1938.c:
+ skeychallenge() on NetBSD take a size parameter
+ [05acc2012801]
-2004-09-24 13:13 millert
+ * configure:
+ regen
+ [24bccf4749e8]
- * parse.c, sudo.c: Don't close sudoers_fp, keep it open and set
- close on exec flag instead.
+ * configure.in:
+ put -ldl after -lpam, not before; fixes static linking on Linux
+ [7f06b7b2b4d8]
-2004-09-24 13:11 millert
+ * interfaces.c:
+ Avoid malloc(0) and fix the loop invariant for the getifaddrs()
+ case.
+ [239a55068646]
+
+ * sudo.cat, sudoers.cat, visudo.cat:
+ regen
+ [4a2eed3981ca]
- * def_data.c, def_data.h, def_data.in: Add trace option
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ regen
+ [2c96ea2cf930]
-2004-09-23 20:24 millert
+ * Makefile.in:
+ Preserve copyright notice from .pod file in .man.in file
+ [519fbd09aebc]
- * Makefile.in: Add systrace
+ * visudo.pod:
+ Add sudoers(5) to SEE ALSO
+ [77ecfe3aedf1]
-2004-09-23 20:23 millert
+2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL: SunOS /bin/sh blows up with configure
+ * lex.yy.c:
+ regen
+ [6f5751ce0b74]
-2004-09-23 20:23 millert
+ * parse.lex:
+ Don't assume libc can realloc() a NULL string. If malloc/realloc
+ fails, make sure we just return; yyerror() is not terminal.
+ [1b8618623708]
- * configure, configure.in: Include sys/param.h before systrace.h
+ * lex.yy.c:
+ regen
+ [5d31b46191c6]
-2004-09-23 20:15 millert
+ * parse.lex:
+ simplify fill_args a little and use strlcpy for paranoia
+ [0ea35a55542b]
- * configure: regen
+ * sudo.tab.c:
+ regen
+ [5a8d508d708b]
-2004-09-23 20:15 millert
+ * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
+ testsudoers.c:
+ Use strlc{at,py} for paranoia's sake and exit on overflow. In all
+ cases the strings were either pre-allocated to the correct size of
+ length checks were done before the copy but a little paranoia can go
+ a long way.
+ [e73d28f1d14e]
- * pathnames.h.in: _PATH_DEV_SYSTRACE
+ * sudo.h:
+ Add strlc{at,py} protos
+ [748ffc7fc7f4]
-2004-09-23 20:14 millert
+ * env.c, interfaces.c:
+ Use erealloc3()
+ [47f2cb46aba8]
- * configure.in: line up options in --help
+ * configure:
+ regen
+ [e7e2fb79f935]
-2004-09-23 20:11 millert
+ * alloc.c:
+ Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
+ memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
+ [7e0fa4d6fc1d]
- * config.h.in, configure.in: Add --with-systrace
+ * sudo.c:
+ snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
+ configure.
+ [09ea4d3959e9]
-2004-09-23 13:35 millert
+ * aclocal.m4:
+ In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
+ [31b4fdfdb8bf]
- * configure: regen
+2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-23 13:35 millert
+ * sudo.c:
+ Use snprintf() for paranoia
+ [a2659ceb46de]
- * aclocal.m4, configure.in: make this work with autoconf-2.59
+ * parse.yacc:
+ Use emalloc2 and erealloc3
+ [90a069842401]
-2004-09-16 12:58 millert
+ * Makefile.in:
+ strlc{at,py} for those w/o it
+ [bac82dc916ee]
- * sudo_edit.c: Simplify logic around open & stat of files and do
- sanity on edited file even if we lack fstat (still racable but
- worth doing).
+ * strlcat.c, strlcpy.c:
+ stlc{at,py} for those w/o it.
+ [ce7254f5db09]
-2004-09-15 18:47 millert
+ * config.h.in, configure, configure.in:
+ Add stlc{at,py} for those w/o it.
+ [00f08219657a]
- * HISTORY: Add support url
+ * alloc.c, sudo.h:
+ Add erealloc3(), a realloc() version of emalloc2().
+ [c96eaf08bbed]
-2004-09-15 16:11 millert
+ * interfaces.c, sudo.c:
+ Use emalloc2() to allocate N things of a certain size.
+ [1e0aba365555]
- * Makefile.in: versino 1.6.8p1
+ * alloc.c, sudo.h:
+ Add emalloc2() -- like calloc() but w/o the bzero and with
+ error/oflow checking.
+ [292150bc4153]
-2004-09-15 15:20 millert
+ * alloc.c:
+ Error out on malloc(0); suggested by theo
+ [995279e81326]
- * CHANGES: more changes for 1.6.8p1
+2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-15 15:18 millert
+ * configure, configure.in:
+ fix a typo; David Krause
+ [f161213a17ab]
- * version.h: 1.6.8p1
+2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-15 12:16 millert
+ * sudo.pod:
+ fix typo
+ [3ae5ad9a351a]
- * CHANGES, sudo_edit.c: Add sanity check so we don't try to edit
- something other than a regular file.
+2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-14 20:55 aaron
+ * env.c:
+ Remove DYLD_ from the environment for MacOS X; from bbraun
+ [38caad5a3935]
- * CHANGES: sync
+2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-14 20:21 aaron
+ * config.h.in, configure.in:
+ not not; Anil Madhavapeddy
+ [d4f4f0bfc66b]
- * INSTALL: document --with-ldap-conf-file
+2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-14 17:43 millert
+ * sudo.pod, sudoers.pod, visudo.pod:
+ typos; jmc@openbsd.org
+ [868c0f09bf9e]
- * CHANGES, ins_csops.h: political correctness strikes again
+2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-14 15:09 millert
+ * parse.yacc:
+ Add some missing ';' rule terminators that bison warns about.
+ [535b0b8dcce5]
- * RUNSON: sync
+ * config.sub:
+ fix typo I introduced in last merge
+ [81db4e4f43fe]
-2004-09-12 19:50 millert
+ * configure:
+ regenerate with autoconf 2.57
+ [ca0c1e9564f8]
- * Makefile.binary.in, Makefile.in: Install sudoedit man link
+ * config.h.in:
+ Add missing "$HOME"
+ [209186197ad1]
-2004-09-12 14:25 millert
+ * configure.in:
+ Add some more square backets to make autoconf 2.57 happy
+ [b5639c14faf7]
- * INSTALL: Update PAM note and mention where HP-UX users can
- download gcc binaries.
+ * config.sub, mkinstalldirs:
+ Updates from autoconf-2.57
+ [36be35eb331b]
-2004-09-12 12:08 millert
+ * config.guess:
+ Updates from autoconf-2.57
+ [ea0f8ca622af]
- * Makefile.in: libtool wants to install stuff from .libs so fake
- one up for binary installations.
+2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-12 11:53 millert
+ * sudo.tab.h:
+ regen
+ [13a65a421567]
- * Makefile.binary.in: rm -f old sudoedit link instead of using ln
- -f set LIBTOOL correctly
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [0b529db7cb6d]
-2004-09-12 11:53 millert
+ * parse.lex, parse.yacc, sudoers.pod:
+ Add support for Defaults>RunasUser
+ [20d726373175]
- * Makefile.in: Deal with "uname -m" having slashes in it rm -f old
- sudoedit link instead of using ln -f
+2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-12 10:22 millert
+ * visudo.c:
+ fclose() yyin after each yyparse() is done and use fopen() instead
+ of using freopen().
+ [587f8a2df857]
- * Makefile.binary, Makefile.binary.in: Makefile.binary ->
- Makefile.binary.in for config.status substitution Add support for
- installing noexec bits
+ * parse.lex:
+ Better fix for sudoers files w/o a newline before EOF. It looks
+ like the issue is that yyrestart() does not reset the start
+ condition to INITIAL which is an issue since we parse sudoers
+ multiple times.
+ [920f8326968a]
-2004-09-12 10:21 millert
+2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Copy noexec bits into binary dists too No longer use
- my old arch script for making binary dists
+ * parse.lex:
+ Work around what appears to be a flex bug when dealing with files
+ that lack a final newline before EOF. This adds a rule to match EOF
+ in the non-initial states which resets the state to INITIAL and
+ throws an error.
+ [b94943bb1f81]
-2004-09-12 09:36 millert
+ * visudo.c:
+ o The parser needs sudoers to end with a newline but some editors
+ (emacs) may not add one. Check for a missing newline at EOF and
+ add one if needed. o Set quiet flag during initial sudoers parse (to
+ get options) o Move yyrestart() call and always use freopen() to
+ open yyin after initial sudoers parse.
+ [12d12f9b07aa]
- * Makefile.binary: Install sudoedit link.
+2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-11 12:25 millert
+ * set_perms.c:
+ Fix pasto/thinko in setresgid()/setregid() usage. Want to set
+ effective gid, not real gid, when reading sudoers.
+ [c7d18b810fcd]
- * emul/utime.h: avoid __P so there is no need for compat.h to be
- included
+ * set_perms.c:
+ don't compile set_perms_posix if we have setreuid or setresuid
+ [b9cea7a81a29]
+
+2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod:
+ document new prompt escapes
+ [2f088076b640]
+
+ * check.c:
+ Add %U and %H escapes and redo prompt rewriting. "%%" now gets
+ collapsed to "%" as was originally intended. This also gets rid of
+ lastchar (does lookahead instead of lookback) which should simplify
+ the logic slightly.
+ [4b707b77b3c7]
+
+2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Write the prompt *after* turning off echo to avoid some password
+ characters being echoed on heavily-loaded machines with fast
+ typists.
+ [d38c57775915]
+
+ * config.sub:
+ Add support for mipseb; wiz@danbala.tuwien.ac.at
+ [cfdac87ed5c8]
+
+ * configure.in:
+ Fix IRIX fallout from name changes in man dir/sect Makefile
+ variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
+ [9a7618755c23]
+
+ * auth/pam.c:
+ Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
+ the global copy. Problem noted by Peter Pentchev.
+ [d0a3e189cb06]
+
+2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [23b931359087]
+
+ * parse.yacc:
+ Add missing yyerror() calls; YYERROR does not seem to call this for
+ us.
+ [0be7aeb3ac57]
+
+2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fix typo in comment; Pedro Bastos
+ [d7406c460e99]
+
+2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ document --disable-setresuid
+ [fbd03d03a027]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c:
+ Sprinkle some volatile qualifiers to prevent over-enthusiastic
+ optimizers from removing memset() calls.
+ [5370ac0e6129]
+
+ * logging.c, parse.yacc:
+ minor sign fixes pointed out by gcc -Wsign-compare
+ [db872438337f]
+
+ * set_perms.c, sudo.c, sudo.h:
+ Revamp set_perms. We now use a version based on setresuid() or
+ setreuid() when possible since that allows us to support the
+ stay_setuid option and we always know exactly what the semantics
+ will be (various Linux kernels have broken POSIX saved uid support).
+ [523bc212396c]
+
+ * config.h.in, configure:
+ regen from configure.in
+ [351877ea2624]
-2004-09-11 12:24 millert
+ * configure.in:
+ Add checks for setresuid() and a way to disable using it
+ [a5b21653d169]
- * utimes.c: Don't use HAVE_UTIME_H before including config.h.
+ * compat.h:
+ No long need to emulate set*[ug]id() via setres[ug]id() or
+ setre[ug]id(). The new set_perms stuff only uses things it knows are
+ there.
+ [47884bd5d1d9]
-2004-09-10 12:31 millert
+ * sudo.c:
+ Before exec, restore state of signal handlers to be the same as when
+ we were initialy invoked instead of just reseting to SIG_DFL. Fixes
+ a problem when using sudo with nohup. Based on a patch from Paul
+ Markham.
+ [f8f5a1484faa]
- * compat.h: Fix Solatis futimes macro
+ * sudo.c:
+ o timestamp_uid should be uid_t, not int o clarify error message
+ when sudo is run by root and no_root_sudo is set
+ [19dda0734264]
-2004-09-09 11:02 millert
+2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_edit.c: Rename ots -> omtim for improved readability.
+ * README:
+ update ftp link for bison
+ [98bc191016e3]
-2004-09-08 14:38 millert
+2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_edit.c: Redo changes in revision 1.7. Don't really need to
- keep the temp file open; re-opening it with the invoking user's
- euid is sufficient.
+ * set_perms.c:
+ Error out if setusercontext() fails and the runas user is not root.
+ [089f9ade4686]
-2004-09-08 14:36 millert
+2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: sync
+ * auth/securid5.c:
+ Fix rcsid
+ [07e9e85dcc2f]
-2004-09-08 14:35 millert
+ * configure.in:
+ Fix SecurID API test
+ [5ec201f454a5]
- * sudo.cat, sudo.man.in: regen
+2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-08 14:34 millert
+ * env.c:
+ typo in comment
+ [9d385c9ac533]
- * sudo.pod: back out revision 1.70; it is no long applicable
+ * configure.in:
+ securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
+ but I don't see a better way at the moment.
+ [f89e55cbb313]
-2004-09-08 11:57 millert
+ * Makefile.in, auth/securid5.c:
+ SecurID API version 5 support from Michael Stroucken
+ [68500ac7e531]
- * env.c: Let the loader initialize nep
+ * configure.in:
+ Add check for SecurID 5.0 API
+ [1ee242e6de6b]
-2004-09-08 11:49 millert
+2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in, config.h.in: Removed unneed check for
- fchown Add check for gettimeofday Move autoheader template stuff
- into separate AH_TEMPLATE lines
+ * strerror.c:
+ We actually do still need config.h to get the 'const' definition for
+ K&R C.
+ [d9c982032d85]
-2004-09-08 11:48 millert
+2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c: Use
- timespec throughout.
+ * configure:
+ regen with autoconf 2.5.3
+ [c71fc086eef5]
-2004-09-08 11:47 millert
+ * configure.in:
+ Don't set sysconfdir to '/etc' if the user has specified a --prefix.
+ [d90da1efafd9]
- * Makefile.in: gettime.[co]
+ * configure.in:
+ Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
+ LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
+ [dd67afefa90d]
-2004-09-08 11:47 millert
+ * env.c, sudo.c, sudo.h:
+ No need for dump_badenv() now that dump_defaults() knows how to dump
+ lists.
+ [6bcda468501d]
- * gettime.c: function to return the current time in a struct
- timespec
+ * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
+ version.h:
+ ++version
+ [44e3b8f95f0b]
-2004-09-08 10:51 millert
+ * sudoers.pod:
+ document timestampowner
+ [37ebd69e9dd1]
- * utimes.c: Not a darpa-sponsored file.
+ * check.c:
+ Don't call set_perms() when doing timestamp stuff unless
+ timestamp_uid != 0.
+ [63a63d41d18c]
-2004-09-07 16:36 millert
+ * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
+ sudo.h, testsudoers.c:
+ g/c second arg to set_perms--it is no longer used
+ [7ac4ce50c612]
- * compat.h, config.h.in, configure, configure.in: Add a check for
- struct timespec and provide it for those without.
+2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-07 15:56 millert
+ * check.c, set_perms.c, sudo.c, sudo.h:
+ Add support for non-root timestamp dirs. This allows the timestamp
+ dir to be shared via NFS (though this is not recommended).
+ [faa83dd2b7fb]
- * config.h.in, configure, configure.in, sudo_edit.c: Add checks for
- st_mtim and st_mtimespec and add macros for pulling the mtime sec
- and nsec out of struct stat. These are used in sudo_edit() to
- better tell whether or not the file has changed.
+ * def_data.c, def_data.h, def_data.in:
+ Add timestampowner, "Owner of the authentication timestamp dir"
+ [d47640d4c86a]
-2004-09-07 15:55 millert
+2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c: Add an extra
- param to touch() for nsec
+ * env.c:
+ Don't try to pre-compute the size of the new envp, just allocate
+ space up front and realloc as needed. Changes to the new env
+ pointer must all be made through insert_env() which now keeps track
+ of spaced used and allocates as needed.
+ [39bc934a9f2c]
-2004-09-07 14:06 millert
+2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_edit.c: Call mkstemp() as the in invoking user so we don't
- have to chown the file later. Only touch() the temp file if we
- can do it via the file descriptor. Don't check for modification
- of the temp file if we lack fstat(). Catch errors read()ing the
- temp file.
+ * configure:
+ regen
+ [0e12c09bb790]
-2004-09-07 14:04 millert
+ * configure.in:
+ Fix two typo/pastos; from jrj@purdue.edu
+ [b718a4bf1181]
- * fileops.c: If path is NULL and fd == -1 return -1.
+2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-07 13:31 millert
+ * INSTALL.binary, README:
+ ++version
+ [a1e33027278c] [SUDO_1_6_6]
- * sudo_edit.c: closefrom() is overkill, the only extra fds are the
- ones we opened so just close those in the child.
+ * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
+ visudo.cat, visudo.man.in:
+ regen
+ [19eb2be283ef]
-2004-09-07 13:14 millert
+ * CHANGES, RUNSON, TODO:
+ Sync with 1.6.6
+ [2ff9a9087f63]
- * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in,
- configure, configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c,
- utimes.c, visudo.c: Use utimes() and futimes() instead of utime()
- in touch(), emulating as needed. Not all systems are able to
- support setting the times of an fd so touch() takes both an fd
- and a file name as arguments.
+ * check.c:
+ The the loop used to expand %h and %u, the lastchar variable was not
+ being initialized. This means that if the last char in the prompt
+ is '%' and the first char is 'h' or 'u' a extra copy of the host or
+ user name would be copied, for which space had not been allocated.
+ [b2e27197857d]
-2004-09-06 21:12 aaron
+2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Rare SEGV
+ * BUGS, INSTALL, Makefile.in, configure.in, version.h:
+ crank version to 1.6.6
+ [cfd08689e597]
-2004-09-06 16:46 millert
+ * auth/afs.c:
+ #undef VOID to get rid of an AFS warning
+ [b40760564dc1]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: regen
+ * env.c:
+ Use easprintf instead of emalloc + sprintf for some things.
+ [e7bfe2e69a03]
-2004-09-06 16:45 millert
+2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod, sudoers.pod, visudo.pod: Add SUPPORT section and
- re-order some of the sections to match the order we use in
- OpenBSD.
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [35327104383d]
-2004-09-06 15:05 aaron
+ * parse.c, parse.lex, parse.yacc, testsudoers.c:
+ Remove Chris Jepeway's email address so people don't bug him ;-)
+ [c03410747a69]
- * env.c: Openldap ~/.ldaprc fix
+2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-06 12:18 millert
+ * sudo.c:
+ Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
+ endgrent() at the same time.
+ [28b6097d5d1a]
- * sudo.pod: Talk about how the editor must write its changes to the
- original file and not just use rename(2).
+2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-06 12:12 millert
+ * INSTALL:
+ Make it clear which configure options take arguments.
+ [38529e7efad0]
- * CHANGES: sync
+2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-06 12:11 millert
+ * compat.h:
+ HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
+ RLIM_INFINITY, just pretend it is -1. This works because we only
+ check for RLIM_INFINITY and do not set anything to that value.
+ [53173d34e6eb]
- * sudo_edit.c: Keep the temp file open instead of re-opening after
- the editor has exited.
+2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-06 12:10 millert
+ * auth/pam.c:
+ Zero and free allocated memory when there is a conversation error.
+ [e342133db579]
- * sample.pam: Update for current redhat/fedora core.
+ * auth/bsdauth.c:
+ Use sigaction() not signal()
+ [126c2790561f]
-2004-09-02 21:56 aaron
+ * INSTALL:
+ Mention that some linux kernels have broken POSIX saved ID support
+ [571ef1a893d3]
- * README.LDAP: tls_ examples
+ * CHANGES:
+ checkpoint for 1.6.5p2
+ [9e9e456f7f43]
-2004-09-02 00:03 aaron
+ * configure:
+ regen
+ [d53703a46708]
- * ldap.c: config tls_* options
+ * configure.in:
+ Add --disable-setreuid flag
+ [3b9f2679cb55]
-2004-08-29 11:39 millert
+ * INSTALL:
+ Document new --disable-setreuid option and change description for
+ --disable-saved-ids to match new error message.
+ [14fd3e5f60a5]
- * configure, configure.in: No need for -lcrypt when using pam.
+ * set_perms.c:
+ fatal() now takes an argument that determines whether or not to call
+ perror().
+ [d826b25e62ff]
-2004-08-26 23:57 millert
+ * TROUBLESHOOTING:
+ Update for new error messages from set_perms()
+ [78007c3f76a9]
- * configure: regen
+ * PORTING:
+ Update for new error messages from set_perms()
+ [60c545a6bcff]
-2004-08-26 23:44 aaron
+2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in, ldap.c, pathnames.h.in: Allow --with-ldap-conf-file
- option to override LDAP_CONF
+ * auth/pam.c:
+ Make this compile w/o warnings
+ [b90843a29af5]
-2004-08-26 22:08 aaron
+ * auth/pam.c:
+ Mention that we can't use pam_acct_mgmt()
+ [1dfc5a6e0479]
- * ldap.c: cleanup debug message
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
+ The user's password was not zeroed after use when AIX
+ authentication, BSD authentication, FWTK or PAM was in use.
+ [b18fff30b1e7]
-2004-08-26 19:29 aaron
+2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * README.LDAP: more config info
+ * auth/pam.c:
+ Avoid giving PAM a NULL password response, use the empty string
+ instead. This avoids a log warning when the user hits ^C at the
+ password prompt when PAM is in use.
+ [c3315805e4e4]
-2004-08-24 14:01 millert
+ * auth/pam.c:
+ Don't check the return value of pam_setcred(). In Linux-PAM 0.75
+ pam_setcred() returns the last saved return code, not the return
+ code for the setcred module. Because we haven't called
+ pam_authenticate(), this is not set and so pam_setcred() returns
+ PAM_PERM_DENIED.
+ [73db145fa179]
- * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
- Add cmnd_base to struct sudo_user and set it in init_vars(). Add
- cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
- longer use gross statics in command_matches(). Also rename some
- variables for improved clarity.
+ * Makefile.in:
+ Don't need a '/' between $(DESTDIR) and a directory.
+ [0901ca618176]
-2004-08-21 14:33 millert
+ * Makefile.binary:
+ Don't need a '/' between $(DESTDIR) and a directory.
+ [cd7eb6098b87]
- * INSTALL: document HP's crippled compiler deficiency.
+2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-21 14:25 millert
+ * configure:
+ regen
+ [41b12c039282]
- * INSTALL: Fix some thinkos in --with-editor and --with-env-editor
- descriptions. Noticed by Norihiko Murase.
+ * configure.in:
+ o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
+ setreuid() o new NetBSD has a real setreuid() o add check for
+ freeifaddrs() if getifaddrs() exists.
+ [a82ee3b01733]
+
+ * config.h.in, interfaces.c:
+ Older BSDi releases lack freeifaddrs() so add a test for that and if
+ it is not present just use free().
+ [6270671ea9d5]
-2004-08-21 14:20 millert
+2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: --with-noexec takes an optional PATH
- argument.
+ * CHANGES, RUNSON:
+ Checkpoint for 1.6.5p1
+ [26134ecf9b36]
-2004-08-21 14:20 millert
+ * auth/passwd.c:
+ Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
+ to normal passwords, not AUTH_FATAL (which just causes an exit).
+ [785e0f4bc0e2]
+
+ * visudo.c:
+ Don't use memory after it has been freed.
+ [c60492739fdb]
+
+ * auth/passwd.c:
+ skeyaccess() wants a struct passwd * not a char *; Patch from
+ Phillip E. Lobbes
+ [65a1d3806fcd] [SUDO_1_6_5]
- * INSTALL: document --with-noexec
+ * BUGS:
+ ++version
+ [b2e1825e692e]
-2004-08-17 16:21 millert
+ * CHANGES, RUNSON, TODO:
+ checkpoint for sudo 1.6.5
+ [d730945622e7]
- * RUNSON, TODO: sync
+2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-17 15:11 millert
+ * configure:
+ regen
+ [49744c403ac9]
- * sudo_edit.c: Better warning message when sudoedit is unable to
- write to the destination file.
+ * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
+ version 1.6.5
+ [ec30a5f7fc45]
-2004-08-17 14:53 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ sudo version 1.6.5
+ [458a3bed535d]
- * sudo.cat, sudo.man.in: regen
+ * logging.c:
+ o when invoking the mailer as root use a hard-coded environment that
+ doesn't include any info from the user's environment. Basically
+ paranoia.
-2004-08-17 14:53 millert
+ o Add support for the NO_ROOT_MAILER compile-time option and run the
+ mailer as the user and not root if NO_ROOT_MAILER is defined.
+ [4df351ec92ce]
- * sudo.pod: Don't italicize the string "sudoedit"
+ * set_perms.c, sudo.h:
+ Bring back PERM_FULL_USER
+ [edb6039bb284]
-2004-08-16 18:45 millert
+ * configure:
+ regen
+ [3eb2943afa03]
- * HISTORY: Mention GratiSoft.
+ * version.h:
+ version 1.6.5
+ [044fc9a0c72b]
-2004-08-11 14:29 millert
+ * INSTALL, config.h.in, configure.in:
+ Add --disable-root-mailer option to run the mailer as the user and
+ not root.
+ [e9f805397963]
- * parse.yacc: Reset used_runas to FALSE when re-intializing the
- parser.
+ * CHANGES:
+ checkpoint for 1.6.4p2
+ [b58aae5aa98a]
-2004-08-09 19:04 millert
+ * PORTING:
+ Mention the "seteuid(0): Operation not permitted" problem here too
+ just for good measure.
+ [90135b37a691]
- * config.guess: Correct OpenBSD mips support
+2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-09 17:28 millert
+ * env.c, getspwuid.c, sudo.c:
+ The SHELL environment variable was preserved from the user's
+ environment instead of being reset based on the passwd database when
+ the "env_reset" option was used. Now it is reset as it should be.
+ [300066ef3c71]
- * config.guess: Add OpenBSD/mips
+ * configure:
+ regen
+ [a47d779e6552]
-2004-08-06 23:43 aaron
+ * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
+ sudo.c:
+ Add a configure option to turn off use of POSIX saved IDs
+ [fb18cc8e94d0]
+
+ * configure:
+ regen
+ [d4f2f20025b6]
+
+ * configure.in:
+ add --with-efence option
+ [45c4f33a8e88]
+
+ * sudo.c:
+ Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
+ "sudo -l" would not work if always_set_home was set.
+ [c3a6de6c4800]
+
+ * lex.yy.c:
+ regen
+ [417424452998]
+
+ * parse.lex:
+ Quoted commas were not being treated correctly in command line
+ arguments.
+ [753415541b37]
+
+ * sudo.c:
+ o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
+ Otherwise, the set_home option has no effect.
+
+ o Fix use of freed memory when the "fqdn" flag is set. This was
+ introduced by the fix for the "segv when gethostbynam() fails" bug.
+ Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
+ there is no need to check the "fqdn" flag in set_fqdn() itself.
+ [4b6a4245c04e]
+
+ * env.c:
+ Add 'continue' statements to optimize the switch statement. From
+ Solar.
+ [a82c76975ae5]
+
+2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ Regen from new sudoers.pod
+ [6ecc07b3d0e1] [SUDO_1_6_4]
+
+ * sudoers.pod:
+ Add caveat about stay_setuid flag
+ [9d228a7bea1b]
+
+ * sudo.c:
+ If set_perms == set_perms_posix and the stay_setuid flag is not set,
+ set all uids to 0 and use set_perms_fallback().
+ [c4e54d1ec86f]
+
+ * set_perms.c, sudo.h:
+ Remove PERM_FULL_USER (which is no longer used) and add
+ PERM_FULL_ROOT (used when exec'ing the mailer).
+ [15406c522ea2]
+
+ * logging.c:
+ Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
+ never want to run the mailer setuid.
+ [2294853e0666]
+
+2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * README.LDAP: More behavior notes
+ * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
+ visudo.pod:
+ Use sudo.ws instead of courtesan.com in URLs
+ [55204002a308]
-2004-08-06 23:36 aaron
+ * Makefile.binary, Makefile.in:
+ Fix mansect substitution
+ [b7b5cbc3aa91]
- * README.LDAP: Updates on current behavior
+ * Makefile.in:
+ Substitute man sections in Makefile.binary
+ [040deb785e56]
-2004-08-06 19:56 millert
+ * Makefile.binary:
+ Sync install targets with Makefile.in and substitute in man
+ sections.
+ [77882a275281]
- * sudo.pod, sudoers.pod: =back does not take an indentlevel (makes
- no difference to formatted files).
+ * INSTALL, INSTALL.binary:
+ version is 1.6.4
+ [0f87aabbcb70]
-2004-08-06 19:48 millert
+ * Makefile.in:
+ Repair bindist target
+ [8d43bfe7e2d1]
- * CHANGES: new
+ * CHANGES:
+ sync for 1.6.4
+ [13ca3d4a0a72]
-2004-08-06 19:42 millert
+2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Consistency. Use same error for bad -u #uid when
- targetpw is set as we do when a bad -u username is specified.
+ * install-sh:
+ Fix case where neither whoami nor id are found
+ [424dd270bc47]
-2004-08-06 19:33 millert
+2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * TODO: Add checksum idea from Steve Mancini
+ * install-sh:
+ If neither whoami nor id exists, just assume we are root.
+ [2d2644e42c53]
-2004-08-06 19:32 millert
+ * alloc.c:
+ Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
+ on AIX which for some reason isn't pulling in the malloc prototype.
+ [231440d2ee3b]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen
+2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-06 19:31 millert
+ * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
+ (c) 2002
+ [700e3b41a68e]
- * sudo.pod, sudoers.pod: Document the restriction on uids specified
- via -u when targetpw is set.
+ * CHANGES:
+ checkpoint
+ [33e604bd8d5b]
-2004-08-06 19:24 millert
+ * sudo.c:
+ Defer assigning new environment until right before the exec.
+ [f13c49e75c1c]
- * sudo.c: Error out when targetpw is enabled and sudo is run with
- -u #uid but #uid does not exist in the passwd database. We can't
- do target authentication when the target is not in passwd!
+ * parse.c:
+ kill extra blank line
+ [12ef22e9dae3]
-2004-08-05 21:16 millert
+2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen
+ * configure:
+ regen
+ [a6cd2d788f74]
-2004-08-05 21:14 millert
+ * configure.in:
+ Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
+ compiler doesn't recognise -O2.
+ [5234aa543692]
- * TODO: Some more todo for the next release.
+ * HISTORY:
+ Clarify origins of Root Group sudo a bit based on info from
+ billp@rootgroup.com
+ [4deef01c4208]
-2004-08-05 21:13 millert
+2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL: Make it clear that PAM should be used for DCE support
- when possible.
+ * LICENSE:
+ 2002
+ [6c8e089dbd1a]
-2004-08-05 21:13 millert
+ * CHANGES:
+ checkpoint for 1.6.4rc1
+ [3349eb87a49f]
- * sudoers.pod: o Document problems with wildcards and relative
- paths. o Make the order requirements more prominent. o Change a
- "set" to "reset" for clarity.
+2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-05 14:29 millert
+ * config.h.in:
+ now generated via autoheader
+ [84657d303cb9]
- * sudo.pod: Mention --with-secure-path, not SECURE_PATH.
+ * configure:
+ regen
+ [207bfa6a13f6]
-2004-08-02 22:34 aaron
+ * compat.h:
+ Move in some stuff that was previously in config.h.
+ [e576d8b6480f]
- * ldap.c: reflect changes to parse.c
+ * aclocal.m4, configure.in:
+ Add info for autoheader.
+ [0549cd5da27c]
-2004-08-02 14:44 millert
+2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, parse.h, parse.yacc, testsudoers.c, visudo.c: Don't pass
- user_cmnd and user_args to command_matches(), just use the
- globals there. Since we keep state with statics anyway it is
- misleading to pretend that passing in different cmnd and
- cmnd_args will work.
+ * Makefile.in:
+ o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
+ -g to facilitate non-root installs
+ [619216038f56]
-2004-08-02 14:40 millert
+ * install-sh:
+ Add -M option (like -m but only for root) If we can't find "whoami",
+ use "id" w/ some sed.
+ [b39121c8b792]
- * parse.c: Fix a bug introduced in rev. 1.149. When checking for
- pseudo-commands check for a '/' anywhere in cmnd, not just the
- first character.
+ * configure:
+ regen
+ [b39b93ff9804]
-2004-07-30 23:07 aaron
+ * configure.in:
+ allow user to always override mansectsu and mansectform
+ [0fca5e63bd90]
- * sudo.man.in, sudo.pod: Clarification thanks to Olivier Blin
- <oblin@mandrakesoft.com>
+2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-07-30 22:41 aaron
+ * mkinstalldirs:
+ update from autoconf 2.52
+ [07bd75a508c3]
- * sudoers.man.in, sudoers.pod: Add ignore_local_sudoers
+ * config.guess, config.sub:
+ Update from autoconf 2.52
+ [857b90fe31b7]
-2004-07-30 22:06 aaron
+ * configure:
+ regen with autoconf 2.52
+ [08e7d1ea2aeb]
- * README.LDAP: Sun One schema definition by
- Andreas.Bussjaeger@t-systems.com and janth@moldung.no
+ * configure.in:
+ o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
+ mode o Remove compiler-specific checks for HP-UX now that we use
+ AC_PROG_CC_STDC
+ [d433a70b6208]
-2004-07-29 11:57 millert
+ * RUNSON:
+ Checkpoint
+ [babf6d2235d1]
- * CHANGES: typo
+ * auth/pam.c:
+ o Add pam_prep_user function to call pam_setcred() for the target
+ user; on Linux this often sets resource limits. o When calling
+ pam_end(), try to convert the auth->result to a PAM_FOO value.
+ This is a hack--we really need to stash the last PAM_FOO value
+ received and use that instead.
+ [6ad6f340dd2a]
-2004-07-23 16:44 millert
+ * set_perms.c, sudo.h:
+ o Add pam_prep_user function to call pam_setcred() for the target
+ user; on Linux this often sets resource limits.
+ [67795421ac82]
- * CHANGES: sync
+ * env.c:
+ Fix off by one error in number of bytes allocated via malloc (does
+ not affected any released version of sudo).
+ [5f5915360111]
-2004-07-23 16:43 millert
+2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: Parse sudoers file as PERM_RUNAS not PERM_ROOT and
- remove a useless PERM_SUDOERS. Restore to PERM_ROOT upon exit of
- the parse.
+ * lex.yy.c:
+ regen
+ [8208c0277775]
-2004-07-08 10:20 millert
+ * parse.lex:
+ Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
+ requiring that they be quoted.
+ [ae59bc8f68dd]
- * CHANGES: PAM change
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Mention that no double quotes are needed when
+ adding/deleting/assigning a single value to a list.
+ [25efc940a1f0]
-2004-07-07 21:04 aaron
+ * Makefile.in:
+ Don't rely on mkdefaults being executable, call perl explicitly.
+ [6edc97ba5f1d]
- * ldap.c: Better debugging of ALL command
+ * sudo.tab.c:
+ regen
+ [49130b2e7e4d]
+
+ * parse.yacc:
+ Remove some XXX that are no longer relevant.
+ [d460ac0d3767]
+
+ * defaults.c:
+ o Roll our own loop instead of using strpbrk() for better
+ grokability o When adding to a list we must malloc() and use
+ memcpy(), not strdup() since we must only copy len bytes from str.
+ [649bef08e1f0]
-2004-07-07 20:15 millert
+2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [f0bbf2c38c0e]
+
+ * parse.yacc:
+ typo in comment
+ [2563711ff593]
+
+2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint
+ [a6d8a29fb30e]
- * parse.c: When matching for "sudoedit" in sudoers check both the
- command the user typed *and* the command that is listed in the
- sudoers entry.
+ * configure:
+ regen
+ [bdfcaaf3bd13]
-2004-07-04 19:59 aaron
+ * configure.in:
+ avoid the -g flag unless --with-devel was specified
+ [a976707bef30]
- * ldap.c: Added !command feature
+ * Makefile.in:
+ mkdefaults, def_data.in and sigaction.c were missing from the
+ tarball
+ [6917ffbaa412]
+
+ * Makefile.in:
+ def_data.c was missing
+ [87c78b11453d]
+
+2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
+ allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
+ [fc8698e6a45e]
+
+ * TODO:
+ Another TODO item
+ [6f251d6cd466]
+
+ * sudoers:
+ Add comment for Default section so folks know where it should go.
+ [7edba626f392]
+
+2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Use TCSETAF, not TCSETA to set terminal in termio case
+ [fbd172f6c5d3]
-2004-06-28 10:51 millert
+ * sudoers.cat, sudoers.man.in:
+ regen from sudoers.pod
+ [64edd2de816e]
- * auth/pam.c: Use pam_acct_mgmt() to check for disabled accounts;
- Brian Farrell
+ * sudoers.pod:
+ o Typo, Runas_User_List should be Runas_List o a User_List can not
+ contain a uid o mention that the Defaults section should come after
+ Alias definitions but before the user specifications
+ [54070ba2092b]
-2004-06-10 23:11 millert
+2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * LICENSE: License is ISC-style, not BSD-style
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [e62d1d97693c]
+
+ * sudoers.pod:
+ Fix listpw and verifypw sections, they were not being formatted
+ properly.
+ [123868c2f3e9]
-2004-06-10 20:58 millert
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [f94841f8b374]
- * CHANGES: sync
+ * sudoers.pod:
+ fix typos
+ [f278f1c1184e]
-2004-06-10 16:54 millert
+ * configure:
+ regen
+ [d2270049ba9f]
- * sudo.man.in, sudo.cat: regen
+ * config.h.in, configure.in:
+ use AC_SYS_POSIX_TERMIOS instead of rolling our own
+ [c1a13f1354b9]
-2004-06-10 16:53 millert
+ * README:
+ Reference sudo.ws not courtesan.com
+ [ca13be67ebd7]
- * sudo.pod: o Update some out of date bits to reality o Change the
- shell promt in examples to bourne-shell style o Clarify some
- details o Add a CAVEAT about "sudo cd /foo"
+ * PORTING:
+ Add notes on shadow passwords
+ [aa13863f2314]
-2004-06-10 16:19 millert
+ * BUGS:
+ In list mode (sudo -l), characters escaped with a backslash are
+ shown verbatim with the backslash.
+ [1a75a2858be2]
- * check.c: Don't ask for a password if invoking user == target
- user.
+ * sudoers:
+ Add simple examples from OpenBSD (Marc Espie)
+ [3ae9a9ae4125]
-2004-06-10 12:32 millert
+ * tgetpass.c:
+ Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
+ [f8817699ee10]
- * sudo.c: typo in comment
+ * CHANGES:
+ minor prettyification
+ [f523587929b9]
-2004-06-08 19:20 millert
+ * CHANGES:
+ Updated change log
+ [39d9010ee7a8]
- * sudoers.man.in, sudoers.cat: regen
+ * testsudoers.c:
+ Fix CIDR handling here too.
+ [c91db8344c32]
-2004-06-08 19:19 millert
+ * auth/pam.c:
+ Apparently a NULL response is OK
+ [83bae61078d9]
- * sudoers.pod: Expand on NOEXEC a little.
+ * TODO:
+ Checkpoint for upcoming beta release
+ [efb95c09df2a]
-2004-06-08 16:20 millert
+ * TROUBLESHOOTING:
+ Many people believe that adding a runas spec should obviate the need
+ for the -u flag. It does not.
+ [c698bad85b0e]
+
+ * RUNSON:
+ checkpoint update for upcoming 1.6.4 beta
+ [009e465a0a45]
+
+ * config.h.in:
+ o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
+ if HAVE_STRING_H is defined -- this is safe now
+ [d27c035f4e14]
- * TODO: sync
+ * PORTING:
+ Add signals section
+ [2d24c13cb3c8]
-2004-06-08 15:58 millert
+ * configure:
+ regen
+ [2b80a939e2ed]
- * visudo.man.in, visudo.cat: regen
+ * configure.in:
+ Fix check for sigaction_t
+ [6fa41c89ab20]
-2004-06-08 15:55 millert
+ * sudo.c:
+ XXX - should call find_path() as runas user, not root. Can't do
+ that until the parser changes though.
+ [f0b4f85651bd]
- * CHANGES, parse.yacc, visudo.c, visudo.pod: Add a check in visudo
- for runas_default being set after it has already been used.
+ * sudo.c:
+ If find_path() fails as root, try again as the invoking user (useful
+ for NFS). Idea from Chip Capelik.
+ [e03fa7872692]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ Regenerate after pod file changes
+ [48e4bd75ec21]
-2004-06-08 13:53 millert
+ * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
+ sudo.pod, sudoers.pod:
+ Add new sudoers option "preserve_groups". Previously sudo would not
+ call initgroups() if the target user was root. Now it always calls
+ initgroups() unless the -P command line option or the
+ "preserve_groups" sudoers option is set. Idea from TJ Saunders.
+ [4f730359f101]
- * parse.yacc: Add a MATCHED macro for testing whether foo_matches
- has been set to TRUE or FALSE. This is more readable than
- checking for >=0 or < 0. Doesn't change the actual code
- generated.
+2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-06-06 20:11 millert
+ * compat.h, config.h.in:
+ Use new HAVE_SIGACTION_T define
+ [dfb25f3cae5b]
- * sudoers.man.in, sudoers.cat: regen
+ * logging.c:
+ Fix compilation on K&C
+ [7355e3275e34]
-2004-06-06 20:07 millert
+ * configure:
+ regen
+ [a710584f92f0]
- * sudoers, sudoers.pod: Correct description of where Defaults specs
- should go.
+ * configure.in:
+ Add check for sigaction_t -- IRIX already defines this so don't
+ redefine it.
+ [df9c5737f6da]
-2004-06-06 20:02 millert
+ * snprintf.c:
+ fix typo
+ [3d782b8134c8]
- * find_path.c, ldap.c, logging.h, testsudoers.c, visudo.c,
- auth/bsdauth.c, auth/kerb5.c, auth/pam.c: update (c) year
+ * interfaces.c:
+ need stdlib.h here too
+ [c789d8973ab2]
-2004-06-06 19:58 millert
+ * configure:
+ regen
+ [44822856bf46]
- * check.c, compat.h, defaults.c, env.c, find_path.c, getcwd.c,
- ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c,
- tgetpass.c, visudo.c, auth/bsdauth.c, auth/kerb5.c, auth/pam.c:
- Remove trailing spaces, no actual code changes.
+ * configure.in:
+ Remove redundant checks for string.h, strings.h and unistd.h
+ [933c94f8bbf4]
-2004-06-06 16:22 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ Regen from pod files
+ [ad18c590f638]
- * parse.yacc: Fix a >=0 that should be <0 that was improperly
- converted when UNSPEC was added.
+ * BUGS:
+ Update for 1.6.4
+ [26bc88b69d22]
-2004-06-06 15:54 millert
+ * configure, lex.yy.c, sudo.tab.c:
+ regen
+ [bef89fd6fa2d]
- * parse.yacc: Add do {} while(0) around pop macro Set cmnd_matches
- to UNSPEC, not NOMATCH when resetting it.
+ * strerror.c:
+ Return EINVAL if errnum > sys_nerr
+ [0512374e6661]
-2004-06-06 15:39 millert
+ * auth/sudo_auth.h:
+ o Update copyright year
+ [a877016db6e2]
- * parse.yacc: Fix pastos introduced in SETNMATCH addition.
+ * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
+ config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
+ sudo.pod:
+ o Update copyright year
+ [e15a1b39039f]
+
+ * configure.in:
+ o Don't define STDC_HEADERS unconditionally for IRIX o Update
+ copyright year
+ [82a8cb819e07]
+
+ * README:
+ update version
+ [d82e523a16b4]
+
+ * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
+ auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
+ set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
+ visudo.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [fe39f76b3795]
+
+ * lsearch.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [764ba3d4fa13]
+
+ * getspwuid.c, goodpath.c, interfaces.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [fb46d46140d4]
+
+ * getcwd.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [b199d70ac7ab]
-2004-06-05 13:55 millert
+ * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
+ fnmatch.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [dab8f192a3ed]
+
+ * configure:
+ regen
+ [156658f25cea]
+
+ * tgetpass.c:
+ flags set in signal handlers should be volatile sig_atomic_t
+ [c22931a5535e]
+
+ * config.h.in, configure.in:
+ Add checks for volatile and sig_atomic_t
+ [b03b3341381d]
+
+ * configure, lex.yy.c:
+ regen
+ [ed9daba88217]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
+ sudo.c, sudoers.pod:
+ Remove "secure_path" Defaults option since it cannot work with the
+ existing parser.
+ [c9e54a0f5971]
+
+ * find_path.c, sudo.c:
+ Unset "secure_path" if user_is_exempt()
+ [fb7544565ae8]
+
+ * env.c, pathnames.h.in:
+ o Remove assumption that PATH and TERM are not listed in env_keep o
+ If no PATH is in the environment use a default value o If TERM is
+ not set in the non-reset case also give it a default value.
+ [c987eb7df268]
- * README.LDAP: Update for configure changes
+ * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
+ _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
+ systems that define in paths.h
+ [51865b0cdebf]
+
+ * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
+ Add support for skeyaccess(3) if it is present in libskey.
+ [8add77c7d3e7]
+
+2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Only need to do 'lc = login_getclass(NULL)' if lc == NULL
+ [5a3d3cbf2c6d]
+
+ * parse.lex:
+ '\\' is a perfectly legal character to have in a command line
+ argument.
+ [c15a466ef00e]
+
+ * sudo.c:
+ o Defer call to set_fqdn() until it is safe to use log_error() o
+ Don't print errno string value if gethostbyname fails, it is not
+ relevant
+ [c0c6bcf08bcb]
+
+ * parse.c:
+ Fix CIDR -> in_addr_t conversion.
+ [2f307ebeb63f]
+
+2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Remove an extra "User_List" in the User_Spec definition From
+ ybertrand AT snoopymail.com
+ [97bde59ea280]
+
+ * parse.c:
+ Make 'listpw=never' work for users who are not explicitly mentioned
+ in sudoers.
+ [258f0f30a428]
+
+ * sudoers.pod:
+ Remove gratuitous '=' in EBNF grammar; era AT iki.fi
+ [4b0f03872ee1]
+
+ * sudoers.pod:
+ Document new list Defaults type and convert env_keep and env_delete
+ to lists. Document new env_check option.
+ [a07f1f079fe3]
+
+ * lex.yy.c, sudo.tab.c, sudo.tab.h:
+ regen parser
+ [e39ac6c6581b]
+
+ * parse.lex:
+ Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
+ to #[0-9-]+.
+ [69c5388908f3]
+
+ * configure:
+ regen
+ [0f1877b88cb3]
+
+ * aclocal.m4:
+ Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
+ [6545503ae361]
+
+ * config.h.in, configure.in:
+ Add check for skeyaccess(3)
+ [6caf69fe6359]
+
+ * visudo.pod:
+ Document new -c, -f, and -q options
+ [13d0203c21d3]
+
+ * visudo.c:
+ o Add -f option (alternate sudoers file) o Convert to use getopt(3)
+ [4c2b664d617d]
+
+ * configure:
+ regen
+ [6d5bd932e7b5]
+
+ * aclocal.m4, config.h.in, configure.in:
+ Add check for isblank and a replacement macro if it doesn't exist.
+ [b524f5e4f953]
+
+2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ In check-only mode, don't create sudoers if it does not already
+ exist.
+ [c748a2d5acad]
+
+ * parse.yacc:
+ o Add a new token, DEFVAR, to indicate a Defaults variable name o
+ Add support for "+=" and "-=" list operators o replace some 1 and 0
+ with TRUE and FALSE for greater legibility.
+ [554cb174b37e]
+
+ * parse.lex:
+ o Use exclusive start conditions to remove some ambiguity in the
+ lexer. Also reorder some things for clarity. o Add support for
+ "+=" and "-=" list operators. o Use the new DEFVAR token to denote
+ a Defaults variable name.
+ [3a2cf8323e26]
+
+ * sudo.h:
+ Prototype init_envtables()
+ [b74916469dab]
+
+ * env.c:
+ o Convert environment handling to use lists instead of strings.
+ This greatly simplifies routines that need to do "foreach" type
+ operations. o Add new init_envtables() function to set env_check
+ and env_delete defaults based on initial_badenv_table and
+ initial_checkenv_table (formerly sudo_badenv_table).
+ [0a8b404658b6]
+
+ * defaults.c, defaults.h:
+ o Add a new LIST type and functions to manipulate it. o This is for
+ use with environment handling variables. o Call new
+ init_envtables() routine inside init_defaults() to initialize the
+ environment lists.
+ [ae73e64f0902]
+
+ * def_data.c, def_data.h, def_data.in:
+ Convert environment options to use the new LIST type and add a new
+ one, env_check that only deletes if the sanity check fails.
+ [3019503936de]
+
+ * testsudoers.c:
+ Add dummy version of init_envtables()
+ [9d9e3ee609d9]
+
+ * parse.yacc:
+ honor quiet mode
+ [8330fba6167c]
+
+ * visudo.c:
+ Add check-only mode
+ [dab411bc8c35]
+
+ * mkdefaults:
+ Fix generation of entries with NULL descriptions.
+ [ea75b9fed02e]
+
+2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Use sigaction_t and quiet a gcc warning.
+ [6f67d719c452]
+
+ * sudo.c:
+ Must reset signal handlers before we exec
+ [300418120e1a]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c:
+ Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
+ version needs testing. Set SIGTSTP to SIG_DFL during password entry
+ so user can suspend us.
+ [00304aa58747]
+
+ * tgetpass.c:
+ Add support for interrupting/suspending tgetpass via keyboard input.
+ If you suspend sudo from the password prompt and resume it will re-
+ prompt you.
+ [4af2b5101d32]
+
+ * sudo.c:
+ Don't block keyboard interrupt signals, just set them to SIG_IGN.
+ [d46d7f67ef6b]
+
+2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ add back HAVE_SIGACTION
+ [c9c7702c603e]
+
+ * configure:
+ regen
+ [09fe669d337f]
+
+ * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
+ Kill POSIX_SIGNALS define and old signal support now that we emulate
+ POSIX ones Also be sure to correctly initialize struct sigaction.
+ [4bc2a6dbb2be]
+
+ * strerror.c:
+ Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
+ [1ad64a19f328]
+
+ * compat.h:
+ Add scaffolding for POSIX signal emulation
+ [945861d4c93b]
+
+ * sigaction.c:
+ o Add missing ';' so this compiles o Can't use NULL since we don't
+ include stdio.h
+ [04d0cac7438f]
+
+ * sigaction.c:
+ Emulate sigaction() using sigvec()
+ [d0b54a989875]
+
+2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Document new behavior of negative values of timestamp_timeout Fix a
+ typo
+ [4c0716570d01]
+
+ * sudo.pod:
+ Add security note about command not being logged after 'sudo su' and
+ friends.
+ [43294851a33c]
+
+ * sudo.pod:
+ Mention that -V prints default values when run as root, including
+ the list of environment variables to clear.
+ [d9e5e550a8c3]
+
+ * Makefile.in:
+ Run pod2man with --quotes=none to avoid stupid quoting of C<>
+ entries.
+ [997b23c35dbe]
+
+2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-06-05 13:42 millert
+ * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
+ Add mail_badpass option Also modify mail_always behavior to also
+ send mail when the password is wrong
+ [838d40ccafce]
- * parse.yacc, sudo.h: Add NOMATCH and UNSPEC defines (-1 and -2
- respectively) and use these in parse.yacc. Also in parse.yacc
- initialize the *_matches vars to UNSPEC and add two macros,
- SETMATCH and SETNMATCH for use when setting *_matches to a value
- that may be NOMATCH/UNSPEC/TRUE/FALSE.
+ * env.c, sudo.c, sudo.h:
+ Dump default bad env table when 'sudo -V' is run by root.
+ [f67f1b8048b0]
-2004-06-05 11:17 millert
+ * sudoers.pod:
+ document env_delete
+ [d74f893663a2]
- * parse.yacc: Initialize runas to -2, not -1 since we need to be
- able to distinguish between the initialized value and the value
- of a non-match when passing along the runas value to multiple
- commands.
+ * env.c:
+ Add support for '*' in env_keep when not resetting the environment
+ (ie: the normal case).
+ [fd4fb62ea8fd]
- The result of this is that an unmatched runas is now set to -1,
- not 0. This is required now that parse.c treats a FALSE value
- for runas as being explicitly denied.
+ * env.c:
+ Add env_delete variable that lets the user replace/add to the
+ bad_env_table. Allow '*' wildcard in env_keep entries.
+ [aa728bc35e29]
-2004-06-03 16:21 millert
+2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * getprogname.c, sudo.c, visudo.c: Error out if argc < 1.
+ * mkinstalldirs:
+ Force umask to 022 to guarantee sane directory permissions.
+ [9ab3cfe70569]
-2004-06-03 12:37 millert
+2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Add tests for what libs we need to link
- with for ldap and for whether or not lber.h needs to be
- explicitly included.
+ * Makefile.in:
+ add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
+ [671010465e6f]
-2004-06-02 20:30 aaron
+ * mkdefaults:
+ fix breakage in last commit
+ [8318f8851e56]
- * ldap.c: Solaris native LDAP build fix
+ * Makefile.in:
+ acsite.m4 -> aclocal.m4
+ [30c146873a01]
-2004-06-01 16:56 millert
+ * check.c:
+ fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
+ [4dc8b39954da]
- * ldap.c: Set edn to NULL is ldap_get_dn() fails to avoid potential
- use of an unset variable.
+ * def_data.c:
+ regenerated from def_data.in
+ [915ea16ce1eb]
-2004-06-01 16:56 millert
+ * check.c, defaults.c, defaults.h:
+ Add new T_UINT type that most things use instead of T_INT If
+ timestamp_timeout is < 0 then treat the ticket as never expiring (to
+ be expired manually by the user).
+ [3a3a636a2a5d]
- * sudo.h: Add prototype for sudo_ldap_list_matches
+ * def_data.in:
+ change most T_INT -> T_UINT
+ [a2228d2457af]
-2004-06-01 16:53 millert
+ * mkdefaults:
+ fix warning when no args
+ [ca70a5394af5]
- * compat.h, config.h.in, configure, configure.in: Better check for
- dirfd macro--we now set HAVE_DIRFD for the macro version too.
- Added check for dd_fd in `DIR' if no dirfd is found; this is now
- used to confitionally define the dirfd macro in compat.h.
+ * visudo.c:
+ Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
+ we are a signal handler. We no longer print the signal number but
+ the user can just check the exit value for that.
+ [dc424f631fef]
-2004-06-01 16:51 millert
+2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * closefrom.c: Only check /proc/$$/fd if we have the dirfd
- function/macro.
+ * logging.c:
+ when setting up pipes in child process check for case where stdin ==
+ pipe fd 0
+ [518112d76184]
-2004-06-01 15:13 millert
+2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * compat.h, config.h.in, configure, configure.in: Add a check for a
- dirfd() function (like Linux) and add a dirfd macro in compat.h
- if there is no dirfd() function or macro.
+ * visudo.c:
+ Ignore editor exit value since XPG4 says vi's exit value is the
+ count of editing errors made (failed searches, etc).
+ [b9d952284865]
-2004-06-01 14:59 millert
+2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * closefrom.c, getcwd.c: dirfd() is now defined in compat.h as
- needed.
+ * configure:
+ regen
+ [cb3aa586f03b]
-2004-06-01 14:30 millert
+ * configure.in:
+ sco now is identified by config.guess as *-sco-*
+ [46664bbdea61]
- * CHANGES: Clarify closefrom() note.
+ * configure.in:
+ Check for getspnam() in -lgen if not in -lc for UnixWare.
+ [0f152ad1ba93]
-2004-06-01 12:51 millert
+2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: When checking for a command in the directory, only copy
- the base dir once.
+ * sudoers.pod, visudo.pod:
+ "upper case" -> "uppercase"
+ [f9151f232326]
-2004-06-01 12:44 millert
+ * sudoers.pod:
+ fix typos and grammar; pjanzen@foatdi.harvard.edu
+ [2855d73d0237]
- * closefrom.c: If there is a /proc/$$/fd directory, behave like the
- Solaris closefrom() and only close the descriptors listed
- therein.
+2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-06-01 12:23 millert
+ * sudoers.pod:
+ Missing word (specify); krapht@secureops.com
+ [65523eb37a2c]
- * alloc.c: compat.h guarantees INT_MAX is defined.
+2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-06-01 12:23 millert
+ * sudo.c:
+ If we fail to lookup a login class, apply the default one.
+ [d4869faa6816]
- * compat.h: Add definitions of OPEN_MAX and INT_MAX for those
- without it and remove definition of RLIM_INFINITY (now unused).
+ * logging.c:
+ In log_error() free message, not logline unconditionally, then free
+ logline if it is not the same as message. No function change but
+ this mirrors how they are allocated.
+ [565e5f6cc643]
-2004-05-31 21:22 millert
+2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c,
- parse.c, sudo.c, sudo.h, visudo.c: Use PATH_MAX, not MAXPATHLEN
- since the former is standardized.
+ * configure:
+ regenerate
+ [834a48f548a2]
-2004-05-31 19:18 millert
+ * configure.in:
+ remove some backslash quotes that are unneeded
+ [50d401d6e2ca]
- * CHANGES: sync
+ * configure.in:
+ o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
+ instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
+ can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
+ to AC_DEFINE things manually.
+ [f502c5f15f92]
-2004-05-31 19:10 millert
+ * config.guess, config.sub:
+ Updated from autoconf-2.50
+ [6140205915ef]
- * RUNSON: Add some entries that were mailed in a while ago
+2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-31 14:16 millert
+ * README:
+ Update mailing list section. We use mailman now, not majordomo.
+ [b9a8ca45e6dc]
- * closefrom.c: o sysconf returns a long, not an int. o check for
- negative return value from sysconf/getdtablesize and use
- OPEN_MAX in this case. o define OPEN_MAX to 256 for those
- without it (a fair guess...)
+2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-30 12:25 millert
+ * getspwuid.c, logging.c, sudo.c:
+ Use setpwent()/endpwent() + all the shadow variants to make sure we
+ don't inadvertantly leak an fd to the child. Apparently Linux's
+ shadow routines leave the fd open even if you don't call setspent().
+ Reported by mike@gistnet.com; different patch used.
+ [d33792ef6c01]
- * UPGRADE: Mention change in parse order for RunAs entries.
+2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-30 12:15 millert
+ * sudoers.pod:
+ s/eg./e.g./
+ [bd32a0acaf93]
- * configure: regen
+ * tgetpass.c:
+ select() may return EAGAIN. If so, continue like we do for EINTR.
+ [5f202c943818]
-2004-05-29 18:29 millert
+ * logging.c:
+ Fix a non-exploitable buffer overflow in the word splitting code.
+ This should really be rewritten.
+ [4c724363863a]
- * config.h.in, configure.in, INSTALL, README.LDAP: o --with-ldap
- now takes an optional dir as a parameter
- o added check for ldap_initialize() and start_tls_s()
+ * Makefile.in:
+ FAQ link goes away
+ [1d26dd6c8972]
-2004-05-29 14:54 millert
+ * INSTALL:
+ Tell people to look in sample.syslog.conf for examples, not FAQ
+ [affcae3f43ca]
- * README.LDAP: Fix some typos, word choice and formatting issues.
+ * TROUBLESHOOTING:
+ Update list of env vars that are cleared
+ [234e56f1435a]
-2004-05-28 18:06 millert
+ * sudo.c:
+ remove struct env_table decl since that stuff has all moved to env.c
+ [5dd923148777]
- * tgetpass.c: Use SA_INTERRUPT so SunOS works correctly, avoid
- stdio and just use read/write as it is simpler.
+2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-28 16:27 millert
+ * fileops.c:
+ Fix a pasto in flock-style unlocking and include <sys/file.h> for
+ flock on older systems; twetzel@gwdg.de
+ [d5420d9d2861]
- * configure, configure.in: Remove hack overriding cross-compiler
- check. It should no longer be needed.
+ * configure:
+ regen to get NeXT lockf/flock fix
+ [d3ba6ed70e15]
-2004-05-28 16:26 millert
+ * configure.in:
+ force NeXT to use flock since lockf is broken
+ [bd5391dca1bb]
- * compat.h: Remove select() compat bits since we no longer use
- select().
+2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-28 16:24 millert
+ * check.c:
+ Use stashed user_gid when checking against exempt gid since sudo
+ sets its gid to a a value that makes sudoers readable. Previously
+ if you used gid 0 as the exempt group everyone would be exempt. From
+ Paul Kranenburg <pk@cs.few.eur.nl>
+ [0b140cc3a817]
- * CHANGES, tgetpass.c: Use alarm() instead of select() for the
- timeout for systems that don't fully/properly implement select().
+2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-27 19:14 millert
+ * configure:
+ regen
+ [cc455408f32b]
- * CHANGES: synbc
+ * aclocal.m4:
+ #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
+ some types (such as ssize_t) therein.
+ [b6aee85ca331]
-2004-05-27 19:12 millert
+2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * RUNSON: update
+ * defaults.c:
+ Fix negation of paths in a boolean context. Problem found by
+ apt@UH.EDU
+ [8aee217a7cdf]
-2004-05-27 19:12 millert
+2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c: Deal with systems that have no way of setting the
- effective uid such as nsr-tandem-nsk.
+ * visudo.c:
+ pasto
+ [ad32b277bf68]
-2004-05-27 19:01 millert
+2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Define NO_SAVED_IDS if we don't find
- seteuid()
+ * visudo.c:
+ SA_RESETHAND means the opposite of what I was thinking--oops To
+ block all signals in old-style signals use ~0, not 0xffffffff
+ [6ecdd793590a]
-2004-05-27 18:21 millert
+2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure, configure.in: Add back check for
- setreuid() since NSK doesn't have it.
+ * defaults.c:
+ coerce difference of pointers to int when used in a string length
+ printf format; deraadt@openbsd.org
+ [a9d10f07180d]
-2004-05-27 15:57 millert
+2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.cat, sudoers.man.in: regen
+ * visudo.c:
+ Block all signals in Exit() to avoid a signal race. There is still
+ a tiny window but I'm not going to worry about it.
+ [6661805c0458]
-2004-05-27 15:56 millert
+2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * BUGS, CHANGES: sync
+ * env.c:
+ glibc uses the LANGUAGE env var so clear that too; Solar Designer
+ [d4ba95628afb]
-2004-05-27 15:55 millert
+ * lex.yy.c:
+ Regenerate with a fix to flex.skl that preserves errno from
+ clobbering by isatty().
+ [607eec736e19]
- * parse.c: In sudoers_lookup() return VALIDATE_NOT_OK if the runas
- user was explicitly denied and the command matched. This fixes a
- long-standing bug and makes: foo machine = (ALL)
- /usr/bin/blah foo machine = (!bar) /usr/bin/blah
+2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
- equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sia.c, auth/sudo_auth.c:
+ Some defaults I_ defines got renamed.
+ [ec19b23caaf3]
-2004-05-27 15:52 millert
+ * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
+ defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
+ set_perms.c, sudo.c, sudo.tab.c:
+ Move defaults info into its own files from which we generate .h and
+ .c files. This makes adding or rearranging variables much simpler.
+ [e91b880b5043]
+
+2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ fix typo in last commit
+ [10a6ee2bae71]
+
+ * compat.h, config.h.in, configure, configure.in:
+ Add check + emulation for setegid (like seteuid).
+ [29492092bd2f]
+
+ * env.c:
+ Make env_keep override badenv_table as documented Fix traversal of
+ badenv_table (broken in last commit)
+ [37c9f0d22673]
+
+ * set_perms.c, sudo.c, sudo.h:
+ Don't try and build saved uid version of set_perms on systems w/o
+ them. Rename set_perms_saved_uid() -> set_perms_posix() Make
+ set_perms_setreuid simply be set_perms_fallback() and simply include
+ the appropriate function at compile time (setreuid() vs. setuid()).
+ [3107333c062c]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ PATH is also preserved when env_reset is in effect
+ [90e45c5711ff]
+
+ * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
+ configure.in, defaults.c, defaults.h, env.c, find_path.c,
+ getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
+ sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
+ visudo.c, visudo.cat, visudo.man.in:
+ New Defaults options: o stay_setuid - sudo will remain setuid if
+ system has saved uids or setreuid(2) o env_reset - reset the
+ environment to a sane default o env_keep - preserve environment
+ variables that would otherwise be cleared
+
+ No longer use getenv/putenv/setenv functions--do environment munging
+ by hand. Potentially dangerous environment variables can be cleared
+ only if they contain '/' pr '%' characters to protect buggy
+ programs. Moved environment routines into env.c (new file)
+ [c2f97651db4c]
+
+ * INSTALL:
+ Clear up --without-passwd description
+ [2f336dab6733]
+
+ * putenv.c, sudo_setenv.c:
+ We now build up a new environment from scratch and assign it to
+ "environ".
+ [6ae6152f2238]
+
+2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, visudo.pod:
+ Grammatical fixes from Paul Janzen
+ [e03ead2e56f8]
+
+2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ If there was a syntax error and the user just wants to quit, unlink
+ sudoers if it is zero length.
+ [74ba7921f520]
+
+ * visudo.c:
+ 'Q' means ignore parse error, not 'q'
+ [e8d0e4491fe6]
+
+ * visudo.c:
+ Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
+ <dim@xs4all.nl>
+ [b24990a72491]
- * sudoers.pod: Clarify mail_noperm
+2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
+ [41a8db10e076]
+
+2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess, config.sub:
+ Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
+ [6052da895d2e]
-2004-05-19 21:25 aaron
+2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, visudo.c:
+ Use exit(127), not exit(-1)
+ [9ff0c3eada34]
- * Makefile.in: Missing DESTDIR in make install for sudo_noexec.la
+ * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
+ Move set_perms() to its own file and use POSIX saved uid or
+ setreuid() if available.
-2004-05-17 18:32 millert
+ Added stay_setuid option for systems that have libraries that
+ perform extra paranoia checks in system libraries for setuid
+ programs (ie: anything with issetugid(2)).
+ [28960f842698]
- * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat,
- sudoers.cat, visudo.cat: regen
+ * sudo.c:
+ strip more bits from the environment and add a facility for
+ stripping things only if they contain '/' or '%' to address printf
+ format string vulnerabilities in other programs.
+ [b98d6375f299]
-2004-05-17 18:31 millert
+2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * TODO: sync
+ * configure:
+ regen
+ [7e74e5c91049]
-2004-05-17 18:31 millert
+ * configure.in:
+ For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
+ strcasecmp().
+ [a418e9e70442]
- * sample.sudoers, sudoers.pod: Remove fastboot/fasthalt (who still
- remembers these?) and add a minimal sudoedit example.
+ * configure:
+ regen
+ [bbff244a52bc]
-2004-05-17 18:21 millert
+ * configure.in:
+ Check for strcasecmp(3) in -lc89 for NCR Unix
+ [361c99576681]
- * CHANGES, INSTALL, TROUBLESHOOTING, UPGRADE, sudo.c, visudo.c:
- filesystem -> file system
+2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-17 18:19 millert
+ * config.h.in:
+ Define HAVE_INNETGR #ifdef HAVE__INNETGR
+ [473cdb92b6db]
- * sudo.pod, sudoers.pod: Fix some minor typos and formatting goofs
+ * configure:
+ regen
+ [4e6364a195e0]
-2004-05-17 18:10 millert
+ * compat.h, config.h.in, configure.in:
+ Add check for _innetgr(3) since NCR systems have that instead of
+ innetgr(3).
+ [25e6852e7494]
- * lex.yy.c: regen
+2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-17 17:57 millert
+ * auth/securid.c:
+ check return value of creadcfg() call sd_close() after sd_auth()
+ store username in sd->username so we don't rely on the USER env
+ variable
+ [d106b4f42722]
- * visudo.pod: remove my email addr
+2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-17 17:55 millert
+ * INSTALL:
+ document --with-bsdauth
+ [f1518ecc2ee9]
- * sudo.pod, sudoers.pod, visudo.pod: Use @mansectform@ and
- @mansectsu@ everywhere Make man page references links with L<>
+ * configure:
+ regen
+ [dceb35071ea8]
-2004-05-17 16:51 millert
+ * configure.in:
+ --with-bsdauth assumes --with-logincap
+ [4200778083fd]
- * parse.lex: Accept quoted globbing characters and pass them
- verbatim for fnmatch()
+ * auth/bsdauth.c, auth/fwtk.c:
+ When prompting for a response to a challenge, if the user just hits
+ return then reprompt with echo turned on.
+ [a539b6474a97]
-2004-05-17 16:50 millert
+2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * UPGRADE: Document that /tmp/.odus is gone.
+ * sudo.c:
+ Remove debugging code that should not have been committed, oops.
+ [9862607b77a7]
-2004-05-17 16:28 millert
+ * auth/bsdauth.c:
+ Use lower-level routines and get the password ourselves. Checks for
+ a challenge and if there is one echo is not turned off.
+ [2d8fcd166baa]
- * CHANGES, aclocal.m4, configure, pathnames.h.in: No longer use
- /tmp/.odus as a possible timestamp dir unless specifically
- configured to do so. Instead, if no /var/run exists, use
- /var/adm/sudo or /usr/adm/sudo.
+ * auth/pam.c, auth/sudo_auth.h:
+ minor housekeeping, no real code changes
+ [d0074a277fb4]
-2004-05-17 16:08 millert
+2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c, compat.h, logging.c, set_perms.c, sudo.c, tgetpass.c,
- visudo.c: Preliminary changes to support nsr-tandem-nsk. Based
- on patches from Tom Bates.
+ * sudo.c:
+ Fix a coredump in the logging functions if gethostname(2) fails by
+ deferring the call to log_error() until things are better setup.
-2004-05-16 18:47 millert
+ Fix return value of set_loginclass() in non-BSD-auth case.
- * CHANGES: There was no 1.6.7p6.
+ Hard-code 'sudo' in the usage message so we can fit more options on
+ a line
+ [d9d1b7579818]
-2004-05-16 16:38 millert
+ * logging.c:
+ Fix errant ';' (typo) that broken MSG_ONLY
+ [849b2276a470]
- * BUGS, CHANGES: sync
+2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-16 16:36 millert
+ * sudo.cat, sudo.man.in:
+ regen
+ [bb3c8c6704d1]
- * Makefile.in: add missing files to DISTFILES
+ * sudo.pod:
+ Document -a flag
+ [e18316cebaac]
-2004-05-16 16:23 millert
+ * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
+ configure, configure.in, getspwuid.c, sudo.c:
+ Add support for BSD authentication.
+ [f374cfd9ca0d]
- * sudoers.man.in, sudo.cat, sudoers.cat, visudo.cat: regen
+2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-16 16:20 millert
+ * sudoers.pod:
+ Fix typo; from sato@complex.eng.hokudai.ac.jp
+ [3085fee9766e]
- * Makefile.in: Fix some line wrap and update (c) year
+2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-04-28 15:05 aaron
+ * sudoers.pod:
+ Mention negating umask
+ [c9e410294dae]
- * README.LDAP: Build Note
+ * defaults.c:
+ Allow user to specify umask of 0777 (same as !umask)
+ [bb771daa96fe]
-2004-04-06 22:03 aaron
+2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Fix install-dirs
+ * sudo.pod, visudo.pod:
+ Fix a typo and give a URL for the sudo history.
+ [77f73199aedb]
-2004-04-04 20:27 millert
+2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: In Exit() when used as a signal handler, emsg is a
- pointer so sizeof() is wrong so make it a #define instead. Also
- avoid using a negative exit value. Found by Aaron Campbell
+ * defaults.c, sudo.pod:
+ fix typos; pepper@reppep.com
+ [5532c7421340]
-2004-03-24 18:23 millert
+2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Remove bogus sentence about uids in a User_List.
- Document usernames vs. uid parsing in a Runas_List.
+ * sudo.c, sudo.h, sudo_setenv.c:
+ sudo_setenv() now exits on memory alloc failure instead of returning
+ -1.
+ [71f1cf18f47b]
-2004-03-24 18:06 millert
+2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: If
- the user specified a uid with the -u flag and the uid exists in
- the passwd file, set runas_user to the name, not the uid.
+ * sudo.c:
+ Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
+ and possibly others.
+ [b69d985b0d22]
- When comparing usernames in sudoers, if a name is really a uid
- (starts with '#') compare it numerically to pw_uid.
+ * logging.c:
+ Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
+ that "%m" won't be expanded but we don't use that anyway since the
+ logging routines may splat to stderr as well.
+ [8d37a544d0c0]
-2004-03-22 13:35 millert
+ * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
+ sudoers.pod:
+ Add always_set_home variable
+ [dbcaff646e07]
- * auth/kerb5.c: krb5_mcc_ops should be const; Johnny C. Lam
+ * configure, configure.in:
+ Have to hard code default values in help since the defaults are set
+ _after_ the help stuff.
+ [7b5d6d72f55c]
-2004-02-28 18:54 aaron
+2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, config.h.in, ldap.c: Added start_tls support
+ * lex.yy.c, parse.lex:
+ Allow special characters (including '#') to be embedded in pathnames
+ if quoted by a '\\'. The quoted chars will be dealt with by
+ fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
+ [3ed33cf09977]
-2004-02-14 18:04 millert
+2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Clean up libtool stuff for 'make distclean' and add
- def_data.c, def_data.h to PARSESRCS.
+ * install-sh:
+ Better path searching for programs we need.
+ [60517cb1f0d6]
-2004-02-14 10:13 aaron
+ * TROUBLESHOOTING:
+ Add section on "C compiler cannot create executables" errors.
+ [e4ada6eaee59]
- * strlcat.c, strlcpy.c: Un-Fix last license munge
+ * Makefile.binary, Makefile.in, version.h:
+ Crank version
+ [93d1bd5b7f5e]
-2004-02-13 16:37 millert
+ * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
+ sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
+ visudo.man.in, visudo.pod:
+ Substitute values from configure into man pages.
+ [619854c356c1]
- * CHANGES, RUNSON, TODO: checkpoint
+2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-02-13 16:37 millert
+ * parse.c, sudo.c:
+ The listpw and verifypw sudoers options would not take effect
+ because the value of the default was checked *before* sudoers was
+ parsed. Instead of passing in the value of PWCHECK_* to
+ sudoers_lookup(), pass in the arg for def_ival() so the check can be
+ deferred until after sudoers is parsed.
+ [4f596e358f72]
- * lex.yy.c, configure: regen
+2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-02-13 16:36 millert
+ * tgetpass.c:
+ When writing prompt, no need to write the NUL as well;
+ hag@linnaean.org
+ [fbcdd7b431ee]
- * LICENSE, Makefile.binary, Makefile.in, alloc.c, check.c,
- closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
- find_path.c, getprogname.c, getspwuid.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- interfaces.h, ldap.c, logging.c, logging.h, parse.c, parse.h,
- parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c,
- strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in,
- sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.man.in,
- sudoers.pod, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c, visudo.man.in, visudo.pod, zero_bytes.c, auth/afs.c,
- auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
- auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
- auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
- emul/search.h, emul/utime.h: More to a less restrictive,
- ISC-style license.
+2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-02-12 21:08 aaron
+ * install-sh:
+ When looking for chown, check in /sbin too
+ [657ba6653f8c]
- * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in,
- def_data.c, def_data.h, def_data.in, ldap.c, sudo.c, sudo.h,
- sudoers2ldif: Merged in LDAP Support
+2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-02-08 15:53 millert
+ * visudo.c:
+ Remove extraneous call to init_defaults() and set runas_user to NULL
+ betweem parses so init_defaults will reset it each time, thus
+ avoiding a reference to free()d data.
+ [7421fcd692af]
- * sudo.h, sudo_noexec.c: Only do "extern int errno" if errno is not
- a macro.
+2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-02-06 18:08 millert
+ * config.h.in, interfaces.c, interfaces.h, sudo.c:
+ Add support for using getifaddrs() to get the list of ip addr /
+ netmask pairs. Currently IPv4-only.
+ [a35bc4f7306d]
- * set_perms.c: setreuid(0, 0) fails on QNX if the euid is not
- already 0 so set the euid first, then just call setuid(0) to set
- the real uid too.
+ * visudo.c:
+ Add a missing check for UserEditor == NULL Add missing '+' before
+ line number when invoking editor to fix a syntax error
+ [f0d4635f6082]
-2004-02-06 14:52 millert
+2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c: Use setresuid() and setreuid() for PERM_RUNAS when
- appropriate instead of seteuid() which may not exist.
+ * sudo.c:
+ Call clean_env very early in main() for paranoia's sake. Idea from
+ Marc Esipovich.
+ [f8d72ebd0115]
-2004-02-04 14:58 millert
+2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * LICENSE: 2004
+ * sudo.h:
+ Update proto for evasprintf and easprintf
+ [d147d6e58419]
-2004-02-03 23:38 millert
+ * alloc.c:
+ Make easprintf() and evasprintf() return an int.
+ [b2ca5d089667]
- * INSTALL, config.h.in, configure, configure.in, ins_classic.h: Add
- --with-pc-insults configure option
+ * check.c:
+ If the targetpw flag is set, use target username as part of the
+ timestamp path. If tty tickets are in effect cat the tty and the
+ target username with a ':' as the separator.
+ [de11abc693c2]
-2004-02-03 23:32 millert
+2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.man.in: Prefer VISUAL over EDITOR like old vipw did.
+ * auth/pam.c:
+ Backout part of last change; setting PAM_USER to the invoking user
+ breaks things like targetpw.
+ [427218a7387f]
-2004-02-01 15:45 millert
+ * auth/pam.c:
+ set tty and username via pam_set_item
+ [85d1922dbcc9]
- * sudo.man.in, sudoers.man.in: regen
+ * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
+ Fix root, runas, and target authentication for non-passwd file auth
+ methods.
+ [a14535e7b30c]
-2004-02-01 15:44 millert
+2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Add a note that noexec is not a cure-all.
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+ Use B<-Z> not C<-Z> for command line flags in all places. This is
+ more consistent and works around a bug in Pod::Man.
+ [64b5a05f30c5]
-2004-02-01 15:20 millert
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Fix an occurence of 'semicolon' that should be 'colon'
+ [4ea5aacae3fb]
- * sudoers.pod: Mention that disabling "root_sudo" is pretty
- pointless.
+2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-02-01 15:20 millert
+ * configure, configure.in:
+ Fix --with-badpri help line
+ [3cc40977c043]
- * configure, configure.in: Substitute for root_sudo in sudoers.pod
+2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-02-01 15:03 millert
+ * defaults.c, logging.c, sudo.c:
+ Bracket calls to syslog with an openlog() and closelog() since some
+ authentication methods (like PAM) may do their own logging via
+ syslog. Since we don't use syslog much (usually just once per
+ session) this doesn't really incur a performance penalty. It also
+ Fixes a SEGV with pam_kafs.
+ [fe1cc28529f6]
- * sudo.pod: Add sudoedit to the NAME section
+2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-02-01 15:00 millert
+ * sudo.c:
+ Fix -H flag. runas_homedir is only valid after
+ set_perms(PERM_RUNAS, mode)
+ [ce9b1c6f68a6]
- * sudoers.pod: Document that fact that setting ignore_dot in
- sudoers has no effect due to the fact that find_path() is called
- *before* sudoers is read.
+2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-29 19:50 millert
+ * INSTALL:
+ Clarify the fact that insults are not enabled just by including them
+ in the binary.
+ [d5a31d48320c]
- * sudo_edit.c: Do not require _PATH_USRTMP to be set.
+2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-29 19:42 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ Regenerated with perl 5.6.0 pod2man
+ [21751433768b]
- * BUGS, CHANGES, TODO: sync
+ * Makefile.in:
+ Give date string to pod2man since its default is ugly and it ain't
+ got no alibi.
+ [0080b2f6298f]
-2004-01-29 19:42 millert
+ * Makefile.in:
+ Do section substitution on the output of pod2man and remove hack
+ needed for old pod2man.
+ [1ef843d5c78b]
- * sudo.man.in: regen
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Put back real man sections, we will do the substitution later.
+ [f728c1abad7e]
-2004-01-29 19:41 millert
+2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod: Clarify that when sudo is run by root with the
- SUDO_USER variable set, the sudoers lookup happens for root and
- not the SUDO_USER user.
+ * configure, configure.in:
+ Don't bother checking for the path to vi if user specified --with-
+ editor
+ [bf698487e0d5]
-2004-01-29 17:33 millert
+2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c, env.c, fnmatch.c, interfaces.c, logging.c, parse.c,
- set_perms.c, sigaction.c, sudo.c, tgetpass.c, auth/pam.c,
- auth/sudo_auth.c: Use the SET, CLR and ISSET macros.
+ * CHANGES, visudo.c:
+ Visudo now does its own fork/exec instead of calling system(3).
+ [99bbcd88863b]
-2004-01-29 16:22 millert
+ * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.c:
+ Visudo now checks for the existence of an editor and gives a
+ sensible error if it does not exist.
- * interfaces.h: MAIN was replaced with _SUDO_MAIN some time ago.
+ The path to the editor for visudo is now a colon-separated list of
+ allowable editors. If the user has $EDITOR set and it matches one
+ of the allowed editors that editor will be used. If not, the first
+ editor in the list that actually exists is used.
+ [cc86eb9f5440]
-2004-01-29 16:15 millert
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Clear up confusion wrt sudo's return value.
+ [9385b12d8e79]
- * sudo.c: Don't look at prev_user until after we've parsed sudoers
- and done the password check. That way, if sudo/sudoedit is run
- from a root process that was invoked by sudo, we check sudoers
- for root, not the previous user. This makes sudoedit much more
- useful and means that for the sudo case, we get correct logging
- on who actually ran the command.
+2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-22 19:22 millert
+ * Makefile.in:
+ Strip sudo and visudo for bindist target
+ [a995ddd79177]
- * sudo_edit.c: Add a comment describing why we need to be notified
- about our child stopping.
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+ Use @mansectsu@ and @mansectform@ in the man page bodies as well.
+ [5eb9e60a726f] [SUDO_1_6_3]
+
+ * visudo.cat, visudo.man.in, visudo.pod:
+ Typo: @sysconf@ -> @sysconfdir@
+ [f07f52fcd099]
+
+ * Makefile.in:
+ 'make dist' should not cause any files to be modified so remove its
+ dependencies.
+ [7f44a2666a9c]
+
+ * CHANGES:
+ Whoops, forgot to add release marker
+ [16c0f16b35b8]
+
+2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ Final change for 1.6.3 (or so I hope)
+ [473c89da6123]
+
+ * sudo.cat, sudoers.cat, visudo.cat:
+ Use SYSV man sections since BSD systems will have nroff...
+ [0a6bd154324e]
+
+2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.tab.c:
+ When checking to see if the host/user matches in a defaults spec,
+ check against TRUE, not just non-zero since it might be -1.
+ [41f2b7ad3fdd]
+
+ * configure, configure.in:
+ OSF/1 puts file formats in section 4, not 5.
+ [d77c1301afa9]
+
+ * CHANGES, INSTALL, sudo.c:
+ Make login class support work on BSD/OS
+ [e9bbe3c08ade]
+
+ * RUNSON:
+ Update for 1.6.3
+ [c40ce1d76c4d]
+
+ * configure, configure.in:
+ If there is no inet_addr but there *is* an __inet_addr that's ok
+ since inet_addr is probably just a macro then. The better thing to
+ do would be to look for the macro, but this is fine for now.
+ [1b8865ae4d68]
+
+ * configure, configure.in:
+ Don't use shlicc for BSD/OS 4.x
+ [83fbf6dedd2c]
+
+ * Makefile.in, configure, configure.in:
+ *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
+ configure variable so we can deal with this. Also, only remove *.man
+ for 'distclean' not 'clean'.
+ [30d56e6de214]
+
+ * sudo.c:
+ set_loginclass() should be static like the proto says
+ [d570a2d55fb8]
+
+2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fnmatch.c:
+ Add #ifdef __STDC__ around the rangematch function header to avoid
+ promotion of test to int, thus violating the prototype. Gcc handles
+ this gracefully but more std ANSI compilers will complain.
+ [7d98c3e332b2]
+
+ * emul/fnmatch.h:
+ Pull in newer fnmatch(3) that supports FNM_CASEFOLD
+ [4e1320852f8b]
+
+ * aclocal.m4, configure, fnmatch.3, fnmatch.c:
+ Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
+ FNM_CASEFOLD in configure
+ [9ef952bf1896]
+
+ * CHANGES, TODO:
+ update for 1.6.3
+ [e4ba6368a0c5]
+
+ * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
+ Fully qualified hosts w/ wildcards were not matching the FQHOST
+ token type. There's really no need for a separate token for fully-
+ qualified vs. unqualified anymore so FQHOST is now history and
+ hostname_matches now decides which hostname (short or long) to check
+ based on whether or not the pattern contains a '.'.
+ [fbd2887d9811]
+
+ * parse.h:
+ Fully qualified hosts w/ wildcards were not matching the FQHOST
+ token type. There's really no need for a separate token for fully-
+ qualified vs. unqualified anymore so FQHOST is now history and
+ hostname_matches now decides which hostname (short or long) to check
+ based on whether or not the pattern contains a '.'.
+ [dd7bbe223461]
+
+ * lex.yy.c, parse.c, parse.lex, parse.yacc:
+ Fully qualified hosts w/ wildcards were not matching the FQHOST
+ token type. There's really no need for a separate token for fully-
+ qualified vs. unqualified anymore so FQHOST is now history and
+ hostname_matches now decides which hostname (short or long) to check
+ based on whether or not the pattern contains a '.'.
+ [630d9d205397]
+
+ * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
+ sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
+ Add support for wildcards in the hostname.
+ [d8d821ed4238]
+
+ * Makefile.in:
+ Add targets for *.man.in, using config.status to generate *.man from
+ *.man.in
+ [640e50ede485]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Document set_logname option and enbolden refs to sudo and visudo.
+ [9622b3a48707]
+
+ * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
+ sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
+ visudo.cat, visudo.man.in, visudo.pod:
+ Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
+ from Michael D. Marchionna. configure now does substitution on the
+ man pages, allowing us to fix up the paths and set the section
+ correctly. Based on an idea from Michael D. Marchionna.
+ [463e928a0a2f]
+
+ * auth/passwd.c:
+ Better fix for handling HP-UX aging info.
+ [3950f42d8549]
+
+ * sudo.c:
+ Add support for set_logname run-time default
+ [c6a7cc76b8b4]
+
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ configure does substitution on these to produce *.man
+ [b83fc3c1bfc9]
+
+ * sudo.man, sudoers.man, visudo.man:
+ These files now get generated from *.man.in at configure time.
+ [c499061f79e0]
+
+2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c, defaults.h:
+ Add set_logname option so users can turn off setting of LOGNAME/USER
+ environment variables.
+ [6316869180b8]
+
+ * lsearch.c, parse.c, testsudoers.c:
+ kill register
+ [6e104e653748]
+
+2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/passwd.c:
+ HP-UX adds extra info at the end for password aging so when
+ comparing the result of crypt to pw_passwd we only compare the first
+ len(epass) bytes *unless* the user entered an empty string for a
+ password.
+ [3d24d4e4e889]
+
+ * logging.c:
+ Get rid of grandchild hack, it was causing problems and there is
+ really no need for it. This fixes a bug where we spin eating up CPU
+ when the user runs a long-running process like a shell.
+ [5743b10b1e81]
+
+2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ User can always specify a login class if he/she is already root.
+ [710d160cef9f]
-2004-01-22 16:06 millert
+ * config.h.in, configure, configure.in, defaults.c, defaults.h,
+ sudo.c, sudo.h:
+ FreeBSD login class (login.conf) support.
+ [026b981d6328]
- * def_data.c, def_data.in: Update the noexec variable descriptions
+2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-22 14:18 millert
+ * auth/sudo_auth.c:
+ HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
+ [9cd4929f1a78]
- * sudoers.man.in, sudoers.pod: noexec now replaces more than just
- execve()
+2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-22 12:14 millert
+ * auth/passwd.c:
+ Truncate unencrypted password to 8 chars if encrypted password is
+ exactly 13 characters (indicateing standard a DES password). Many
+ versions of crypt() do this for you, but not all (like HP-UX's).
+ [a9d0259cb193]
- * sudo_noexec.c: Alas, all the world does not go through execve(2).
- Many systems still have an execv(2) system call, Linux 2.6
- provides fexecve(2) and it is not uncommon for libc to have
- underscore ('_') versions of the functions to be used internally
- by the library. Instead of stubbing all these out by hand,
- define a macro and let it do the work. Extra exec functions
- pointed out by Reznic Valery.
+2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-21 21:57 millert
+ * INSTALL, RUNSON:
+ Mention that gcc on dynix may have problems
+ [77b97fa5bf1b]
- * sudo.c, sudo_edit.c: Fix suspending the editor in -e mode.
- Because we do a fork() first we need to be notified when the
- child has been stopped and then send that same signal to ourself
- so the shell can do its job control thing.
+2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-21 21:44 millert
+ * Makefile.in:
+ Link visudo with NET_LIBS since we now call syslog via defaults.c
+ [9e3830b277cc]
- * visudo.c: Use WIFEXITED and WEXITSTATUS macros. If there are
- systems out there that want to run sudo that still don't support
- these we can try to deal with that later.
+ * defaults.c:
+ Use Argv[0] as the first arg to openlog() since visudo uses this
+ too.
+ [e61078f328ec]
-2004-01-21 20:03 millert
+2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * lex.yy.c: regen
+ * sudo.c:
+ Stash coredumpsize resource limit and retsore it before the exec()
+ Otherwise the child ends up with a coredumpsize of 0.
+ [f6a4783835a3]
-2004-01-21 20:00 millert
+2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod: Document sudo
- -e / sudoedit
+ * sudo.cat, sudo.man, sudo.pod:
+ document -S flag
+ [3ebd805b7142]
-2004-01-21 19:08 millert
+ * sudo.c:
+ fix usage string
+ [66b2dfa47fe8]
- * configure, configure.in: fix typo
+ * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
+ Added -S flag (read passwd from stdin) and tgetpass_flags global
+ that holds flags to be passed in to tgetpass(). Change echo_off
+ param to tgetpass() into a flags field. There are currently 2
+ possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
+ tgetpass(), abstract the echo set/clear via macros and if (flags &
+ TGP_ECHO) but echo is not set on the terminal, but sure to set it.
+ [a4fcbb712cd0]
-2004-01-21 19:02 millert
+ * tgetpass.c:
+ Fixed a bug that caused an infinite loop when the password timeout
+ was disabled.
+ [2be1ffc5a39f]
- * config.h.in, configure.in: Add SET/CLR/ISSET
+2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-21 18:55 millert
+ * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
+ sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
+ Add rootpw, runaspw, and targetpw options.
+ [2d4563e46df7]
- * sudo.c: Allow non-exclusive flags when invoked as sudoedit.
- Pretty print the long usage() line to not wrap (assumes 80 char
- display)
+ * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
+ visudo.c:
+ enveditor -> env_editor
+ [ddc5f856e583]
-2004-01-21 18:01 millert
+2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, sudo.c: If sudo is invoked as "sudoedit" the -e flag
- is implied and no other flags are permitted.
+ * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
+ sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
+ visudo.man:
+ crank versino to 1.6.3
+ [a5f7d3e74360]
-2004-01-21 18:00 millert
+ * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
+ sudoers.pod, visudo.c:
+ Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
+ them. This means that visudo will now parse the sudoers file
+ *before* it is edited so a bogus sudoers file will cause a warning
+ to go to stderr. Also, visudo checks the variables once--it does not
+ check them after each editor run since that could be confusing.
+ [9f5af18e9212]
- * sudo.h: Add a new flag, -e, that makes it possible to give users
- the ability to edit files with the editor of their choice as the
- invoking user, not the runas user. Temporary files are used for
- the actual edit and the temp file is copied over the original
- after the editor is done.
+2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-21 17:25 millert
+ * RUNSON:
+ 1.6.2 -> 1.6.2p1
+ [e25b74f1d1af]
- * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: Add a new
- flag, -e, that makes it possible to give users the ability to
- edit files with the editor of their choice as the invoking user,
- not the runas user. Temporary files are used for the actual edit
- and the temp file is copied over the original after the editor is
- done.
+ * check.c, sudo.c, sudo.h:
+ Move user_is_exempt prototype into sudo.h
+ [daf26a6ded8a]
-2004-01-21 17:06 millert
+2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c, env.c: If real uid == 0 and the SUDO_USER environment
- variables is set, use that to determine the invoking user's true
- identity. That way the proper info gets logged by someone who
- has done "sudo su" but still uses sudo to as root. We can't do
- this for non-root users since that would open up a security hole,
- though perhaps it would be acceptable to use getlogin(2) on OSes
- where this a system call (and doesn't just look in the utmp
- file).
+ * configure, configure.in:
+ Fix thinko, some && should have been || in the last commit
+ [4b9b2d487ded]
-2004-01-21 16:58 millert
+ * configure, configure.in:
+ Don't initialized Makefile variables to be NULL since the user may
+ want to import variables from their environment.
+ [7be019f4422c]
- * pathnames.h.in: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
+2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-21 16:57 millert
+ * configure, configure.in:
+ typo
+ [38f4d8971f0a]
- * configure, config.h.in, configure.in: Add check for fchown(2)
+2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-20 14:22 millert
+ * sudo.tab.c:
+ fix a yacc (skeleton.c) warning
+ [a2da228a937b]
- * sudo.c: Back out portions of the -i commit that set NewArgv[0] in
- set_runaspw. It is far to late to set NewArgv[0] there and will
- have no effect anyway as cmnd and safe_cmnd have already been
- set.
+2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-20 14:18 millert
+ * INSTALL, RUNSON, configure, configure.in:
+ Make pam work on HP-UX 11.0;jaearick@colby.edu
+ [b94de0ff6f42]
- * visudo.c, visudo.pod: Prefer VISUAL over EDITOR like old vipw
- did.
+ * CHANGES:
+ recent changes; prepare for 1.6.2p1
+ [b291635ea141]
-2004-01-18 20:17 millert
+ * find_path.c:
+ Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
+ [4306285c4f6e]
- * env.c, sudo.c: In -i mode always set new environment based on the
- runas user's passwd entry.
+2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-18 17:56 millert
+ * sudo.tab.c:
+ Regen with yacc that has a memory leak plugged.
+ [e26383a04eb7]
- * sudo.man.in, sudo.pod: Document the new -i flag and sync SYNOPSIS
- section with usage() in sudo.c. Also sort the flags in the
- OPTIONS section.
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ Expanded docs on sudoers 'defaults' options based on INSTALL file
+ info.
+ [54c3d62d6c74]
-2004-01-18 17:55 millert
+ * INSTALL:
+ Fix some while lies
+ [d15311782150]
- * sudo.c, sudo.h: o Add -i that acts similar to "su -", based on
- patches from David J. MacKenzie o Sort the flags in the usage
- message
+2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-18 17:22 millert
+ * Makefile.in:
+ When making a bindist, link FAQ to TROUBLESHOOTING instead of
+ copying.
+ [2d88a6ac88cf]
- * sudoers.man.in, sudoers.pod: Add a missing @runas_default@
- substitution.
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ Add netgroup caveat
+ [28d119f466e3] [SUDO_1_6_2]
-2004-01-17 16:34 millert
+ * RUNSON:
+ Last minute updates
+ [89fb4ed22d52]
- * sudo.c: Change euid to runas user before calling find_path().
- Unfortunately, though runas_user can be modified in sudoers we
- haven't parsed sudoers yet.
+ * TROUBLESHOOTING:
+ PAM entry
+ [a9fd59f39457]
-2004-01-17 16:25 millert
+ * auth/pam.c:
+ correct a comment
+ [a29627225ba9]
- * sudoers.man.in, sudoers.pod: Add missing defintion of
- Parameter_List and use single pipes in the Defaults EBNF
- definition.
+ * CHANGES, RUNSON:
+ update for 1.6.2
+ [b7f1c40ea732]
-2004-01-17 13:49 millert
+ * auth/pam.c:
+ Better detection of PAM errors and fix custom prompts with PAM.
+ Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
+ [ff69234b94a5]
- * sudo.c: Fix a bug when set_runaspw() is used as a callback. We
- don't want to reset the contents of runas_pw if the user
- specified a user via the -u flag.
+2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
- Avoid unnecessary passwd lookups in set_authpw(). In most cases
- we already have the info in runas_pw.
+ * snprintf.c:
+ Cast ULONG_MAX to unsigned long long when comparing to an unsigned
+ long long value.
+ [9d918c3a2ecd]
-2004-01-16 18:16 millert
+2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c: Add Stan Lee / Uncle Ben quote to the lecture from
- RedHat
+ * CHANGES, config.h.in, configure, configure.in, visudo.c:
+ Fix sudoers locking in visudo. We now lock the sudoers file itself,
+ not the temp file (since locking the temp file can foul up editors).
+ The previous locking scheme didn't work because the fd was closed
+ too early.
+ [de2011bb11ed]
-2004-01-16 18:12 millert
+ * config.h.in, configure, configure.in:
+ Don't need test for ftruncate() any more.
+ [e5f71c848104]
- * sudo.h: Update sudo_getepw() proto and add one for set_runaspw()
+ * configure, configure.in:
+ Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
+ the unbundled HP-UX cc.
+ [2c373612c644]
-2004-01-16 18:10 millert
+2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: If we can't stat the command as root, try as the runas
- user instead.
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
+ [05360d2c314e]
-2004-01-16 18:09 millert
+2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * testsudoers.c, visudo.c: Add stub set_runaspw() function
+ * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
+ parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
+ version.h, visudo.c:
+ update copyright year on changed files
+ [5792a2a28a4c]
-2004-01-16 18:09 millert
+ * RUNSON:
+ updates
+ [edf8f19aa403]
- * sudo.c: Add set_runaspw() function to fill in runas_pw. This
- will be used as a callback to update runas_pw when the runas user
- changes.
+ * CHANGES:
+ aix fix
+ [4d4a243b31e2]
-2004-01-16 18:07 millert
+ * INSTALL:
+ Crank version to 1.6.2
+ [bcb5cb411624]
- * env.c, sudo.c: PERM_RUNAS -> PERM_FULL_RUNAS
+ * configure:
+ Crank version to 1.6.2
+ [32a19f33427f]
-2004-01-16 18:05 millert
+ * sudo.c:
+ When using rlimit check for RLIM_INFINITY When computing the value
+ of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
+ [8c16166802e5]
- * set_perms.c, sudo.h: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add
- a PERM_RUNAS that just changes the euid.
+ * CHANGES:
+ recent changes
+ [09fc7112e44d]
-2004-01-16 18:04 millert
+ * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
+ sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
+ Crank version to 1.6.2
+ [055fa61a7c61]
+
+ * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
+ Add 'shell_noargs' runtime option back in. We have to defer
+ checking until after the sudoers file has been parsed but since
+ there are now other options that operate that way this one can too.
+ Based on a patch from bguillory@email.com.
+ [231db7a007a6]
+
+ * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
+ Add "listpw" and "verifypw" options.
+ [190683bac878]
+
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ o Fix some typos/omissions o Add section on verifypw and listpw o
+ Define how NOPASSWD interacts with the -v and -l flags
+ [6feb7350eb79]
+
+2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
+ -D_HPUX_SOURCE to CPPFLAGS.
+ [06cc35d89dc8]
+
+ * defaults.c, defaults.h:
+ In struct sudo_defs_types, move the union to the end and don't
+ initialize the union member since that only works with an ANSI
+ compiler. We set the value of the union by hand in init_defaults()
+ anyway. This allows sudo to compile on a K&R compiler again.
+ [623487e1fcfa]
+
+2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
+ netgr_matches needs to check shost as well as host since they may be
+ different.
+ [3f43ace23d3e]
+
+ * tgetpass.c:
+ End on \r as well as \n
+ [cb7c6e6f4202]
+
+2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
+ from 0400 to whatever SUDOERS_MODE is (converting from the old
+ sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
+ 0400 which should always be the case.
+ [34cd83d49d20]
+
+ * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
+ Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
+ w/o a passwd if there is *any* entry for the user on the host with a
+ NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
+ the user on the host w/ the specified runas user have the NOPASSWD
+ flag set.
+ [4b3b85697653]
+
+ * Makefile.in:
+ add check target
+ [3d24d34a76fd]
+
+1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Treat EOF at whatnow prompt like 'x' instead of looping.
+ [5deffc27114c]
+
+1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ recent changes
+ [5836a9452568] [SUDO_1_6_1]
+
+1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, sudo.c:
+ Add check for initgroups() since old SYSV lacks this.
+ [657a6005a569]
+
+ * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
+ parse.c, testsudoers.c:
+ o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
+ exists.
+ [17d081e917d6]
+
+1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.c:
+ Don't allow insults to be enabled if the insults[] array is empty.
+ Otherwise there would be division by zero.
+ [b20c14db6029]
+
+ * insults.h:
+ Don't allow insults to be enabled if the insults[] array is empty.
+ Otherwise there would be division by zero.
+ [028f130204b0]
+
+ * CHANGES, RUNSON:
+ Don't allow insults to be enabled if the insults[] array is empty.
+ Otherwise there would be division by zero.
+ [974f4780254b]
+
+ * insults.h:
+ Don't care about USE_INSULTS #define since the insult stuff may be
+ overridden at runtime.
+ [b873df8b299c]
+
+ * auth/sudo_auth.c:
+ Honor insults flag.
+ [756111640fdc]
+
+ * CHANGES, parse.c:
+ Don't ask the user for a password if the user is not allowed to run
+ the command and the authenticate flag (in sudoers) is false.
+ [cea9fdc09c76]
+
+ * CHANGES, RUNSON, lex.yy.c, parse.lex:
+ o Whenever we get a bare newline we change to the INITIAL state. o
+ Enter GOTRUNAS when we see Runas_Alias
+
+ This allows #uid to work in a RunasAlias.
+ [a475513e7c7a]
+
+1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, parse.yacc, sudo.tab.c:
+ fix parsing of runas lists: o oprunasuser and runaslist now return a
+ value o in a runasspec, if a runaslist does not return TRUE, set
+ runas_matches to FALSE. Normally, a runaslist only returns FALSE
+ for explicitly denied users. o since runaslist does not modify the
+ stack there is no need for a push/pop in runasalias.
+ [82b305b34a8c]
+
+ * check.c, sudo.c:
+ Don't kill the user's tickets until after sudoers has been parsed
+ since tty_tickets and ticket_dir could be set in sudoers.
+ [f43e25367f3a]
- * getspwuid.c: Make sudo_pwdup() act like OpenBSD pw_dup() and
- allocate memory in one chunk for easy free()ing. Also change it
- from static to extern.
+ * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
+ configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
+ sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
+ crank version to 1.6
+ [95f8bdcf9bb2]
-2004-01-16 18:03 millert
+ * testsudoers.c:
+ add set_fqdn() stub
+ [bbc81af5b41a]
- * defaults.c, defaults.h: Add callback support
+1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-16 18:02 millert
+ * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
+ sudoers.man, sudoers.pod, visudo.c:
+ o Kill shell_noargs option, it cannot work since the command needs
+ to be set before sudoers is parsed. o Fix the "set_home" sudoers
+ option (only worked at compile time). o Fix "fqdn" sudoers option.
+ We now set host/shost via set_fqdn which gets called when the
+ "fqdn" option is set in sudoers. o Move the openlog() to
+ store_syslogfac() so this gets overridden correctly from the
+ sudoers file.
+ [3dca861f0f5d]
- * def_data.c, def_data.in, mkdefaults: Add a callback field and use
- it for runas_default
+ * auth/securid.c:
+ SecurID support should compile now.
+ [a544e5c6ea34]
-2004-01-15 15:13 millert
+1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/fwtk.c: Add support for chalnecho and display server
- responses used by fwtk >= 2.0
+ * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
+ visudo.man, visudo.pod:
+ fix some syntactic goofs
+ [b3451f0d5239]
-2004-01-12 18:39 millert
+1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.man.in, sudoers.pod: ld.so is ld.so.1 on solaris
+ * Makefile.in, sudo.html, sudoers.html, visudo.html:
+ No longer need the .html files as they are generated automatically
+ on the web site.
+ [1b4aa4204584]
-2004-01-12 14:03 millert
+ * CHANGES, LICENSE:
+ kill characters that made wml unhappy
+ [b988fbc6da56]
- * Makefile.in, config.h.in, configure, configure.in, sudo.c,
- sudo.h: Use closefrom() instead of doing the equivalent inline.
+ * HISTORY:
+ typo
+ [a418963f7fce]
-2004-01-12 13:55 millert
+1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * closefrom.c: closefrom(3) for systems w/o it
+ * README:
+ majordomo@cs.colorado.edu -> majordomo@courtesan.com
+ [5d151e8ffd3b]
-2004-01-09 16:29 millert
+ * Makefile.in, configure:
+ Wrap script execution w/ /bin/sh for the benefit of ctm
+ [3a9c4766b2c3]
- * sudoers.man.in: Update from .pod file.
+1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-09 16:26 millert
+ * sudo.c:
+ Make the -s flag be exclusive too. Also reorder the flags in the
+ exclusive usage message so they are alphabetical.
+ [4c7af200db34]
- * configure, configure.in: Substitute noexec_file for the sudoers
- man page
+1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-09 16:24 millert
+ * auth/pam.c:
+ make pam errors other than PAM_PERM_DENIED fatal
+ [64bcb3fd2baf]
- * sudo.man.in, sudo.pod: Mention noexec
+ * auth/API:
+ fix typo
+ [f3134c88b12e]
-2004-01-09 16:16 millert
+ * INSTALL:
+ make it clear that /etc/pam.d/sudo is required on linux
+ [213cc3eaad82]
- * sudoers.man.in, sudoers.pod: Document noexec
+ * auth/pam.c:
+ fix a warning on redhat and spew an error if pam_authenticate()
+ returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
+ [7e46dd19da89]
-2004-01-09 14:38 millert
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Be very clear that the password required is the user's not root's
+ [a6da127347e5]
- * config.h.in, configure.in, auth/pam.c: Move PAM_CONST macro
- definition from config.h to pam.c where it belongs. We can't
- have this in config.h since that gets included too early.
+1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-09 14:35 millert
+ * Makefile.in:
+ add sample.syslog.conf to DISTFILES and BINFILES
+ [8661c27c007e]
- * config.h.in, configure, configure.in, auth/pam.c: Some PAM
- implementations put their headers in /usr/include/pam instead of
- /usr/include/security.
+1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-09 14:32 millert
+ * RUNSON:
+ updates from Brian Jackson + some formatting
+ [6d31c6fa63f8]
- * configure.in: I missed changing the EXEC macro -> EXECV here when
- I changed this in config.h.in and sudo.c a while ago.
+1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-09 13:15 millert
+ * INSTALL.binary, Makefile.binary, README, RUNSON:
+ o One RUNSon update o Changes for automating real binary releases
+ [dd9585f4406c]
- * acsite.m4: OpenBSD vax/m88k/hppa don't do shared libs
+ * Makefile.in:
+ Add bindist target
+ [546ed3fa94bb]
-2004-01-09 03:29 millert
+1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: o merge the hpux case entries into a
- single entry w/ its own sub-case statement. o HP-UX >= 11
- support getspnam(), use it in preference to getprpwuid()
+ * TROUBLESHOOTING:
+ talk about run-time options in addition to compile-time options
+ [1eb813ff0a9a] [SUDO_1_6_0]
-2004-01-09 02:58 millert
+ * CHANGES:
+ fix typos
+ [65e92bb70a7b]
- * configure, configure.in: eval $shrext so that it expands nicely
- on MacOS X
+ * sudo.c:
+ need sys/time.h if HAVE_SETRLIMIT
+ [ce31655a8a60]
-2004-01-09 02:50 millert
+ * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
+ sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
+ get rid of references to sudo-bugs. Now mention the web site or the
+ sudo@ alias
+ [a9db861fd8c6]
- * Makefile.in: Don't lie about making a module, it does the wrong
- thing on mach
+ * sudoers.html:
+ repair pod2html damage
+ [62ece4277f1f]
-2004-01-09 02:49 millert
+ * RUNSON, TODO:
+ Update for 1.6 release
+ [98569c57ba2a]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ Add warning about using ALL in a command context.
+ [6c77685ab280]
+
+1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Call yyrestart() on a parse error to reset the lexer state.
+ [1370a27acdb2]
- * ltmain.sh: Remove requirement that libs must begin with "lib".
- They don't when we point directly at the lib using LD_PRELOAD or
- its equivalent.
+ * lex.yy.c, parse.lex:
+ Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
+ since it might not get called in yywrap if we get a parse error
+ (and we only reread the file on error anyway).
+ [37f4b449e28e]
+
+ * lex.yy.c, parse.lex:
+ Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
+ might still exist. Call yyrestart() instead of using the deprecated
+ YY_NEW_FILE macro.
+ [7d0d873046c6]
-2004-01-09 02:01 millert
+ * lex.yy.c, parse.lex:
+ flex doesn't need %N table size declarations
+ [268b020fd60a]
- * acsite.m4: Disable support for c++, f77 and java. We don't need
- it, it takes a lot of time, and it hosed our check for shared lib
- support.
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ Mention what characters need to be escaped in names.
+ [72ccbb6b0f31]
-2004-01-09 02:00 millert
+1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * configure:
+ regen
+ [65827abb5c7b]
+
+ * INSTALL:
+ clarify Mac OS X entry
+ [8da1549a71f5]
-2004-01-09 02:00 millert
+ * RUNSON:
+ update
+ [0cff8df7459f]
- * configure.in: Call AC_ENABLE_SHARED and check the status of
- enable_shared to know when shared libs are available.
+ * configure.in:
+ o Use AC_MSG_ERROR throughout o Check syslog configure options for
+ danity
+ [4cb81e642e5c]
-2004-01-09 01:37 millert
+1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ Fix printing of type T_MODE in dump_defaults()
+ [a868bb6f5515]
- * acsite.m4: Duh, OpenBSD suports shared libs too
+ * strcasecmp.c:
+ missing sys/types.h
+ [ca694ca325b6]
-2004-01-09 01:18 millert
+ * INSTALL:
+ Break out options that may be overridden at run time into their own
+ section. Add a not about Max OS X and correct some lies.
+ [d8bcfd120593]
- * configure.in, config.h.in: Only OpenPAM and Linux PAM use const
- qualifiers.
+1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-09 01:15 millert
+ * CHANGES, config.h.in, configure, configure.in, sudo.c:
+ o Now use getrlimit to find the highest fd when closing all non-std
+ fd's o Turn off core dumps via setrlimit for the sake of paranoia
+ [dd9f651b6def]
- * configure, configure.in: o No need to check for sed, libtool
- config does that for us o move check for --with-noexec until
- after libtool magic is run so we can use $can_build_shared and
- $shrext
+ * RUNSON:
+ updates
+ [f581841fe615]
-2004-01-09 01:14 millert
+1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * ltmain.sh: Don't print a bunch of crap about library installs
- since we are not really installing a library.
+ * CHANGES:
+ updates
+ [553baa1d44c7]
-2004-01-09 00:38 millert
+ * tgetpass.c:
+ When read()'ing, do a single character at a time to be sure we don't
+ go oast the newline.
+ [907d33f55bb4]
- * env.c: Make format_env() varargs Add noexec support for Darwin,
- MacOS X, Irix, and Tru64
+ * sudo.c:
+ For the sudo_root option, check against user_uid, not getuid() since
+ at this point, ruid == euid == 0.
+ [92d5c51939b4]
-2004-01-09 00:32 millert
+ * RUNSON:
+ some updates
+ [e3ed0c1f312b]
- * acsite.m4, ltconfig, ltmain.sh: Update to libtool 1.5 with local
- changes: o no ldconfig in the finish step o assume no libprefix
- or version is needed
+ * logging.h:
+ Fix compilation problem when --with-logging=file was specified.
+ This means that syslog is now required to build sudo but that should
+ not be a problem. If it is it can be fixed trivially with a
+ configure check for syslog() or syslog.h.
+ [839a4b069190]
-2004-01-09 00:15 millert
+ * tgetpass.c:
+ Make this work again for things like "sudo echo hi | more" where the
+ tty gets put into character at a time mode. We read until we read
+ end of line or we run out of space (similar to fgets(3)).
+ [c8f746df2e63]
- * sudo_noexec.c: Fix compilation under K&R
+1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-06 09:31 millert
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ change ital to bold
+ [f860978e530a]
- * CHANGES: checkpoint
+ * RUNSON:
+ update
+ [9bcfbb405568]
-2004-01-06 09:28 millert
+1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_noexec.c: stub execve() that just returns EACCES; used for
- noexec functionality
+ * defaults.c:
+ Error out if syslog parameters are given without a value. For
+ Ultrix or 4.2BSD "syslog" is allowed without a value since there are
+ no facilities in the 4.2BSD syslog.
+ [69e7a686f5f0]
-2004-01-06 01:42 millert
+1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.tab.h: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2
- issue with generated code.
+ * defaults.c:
+ Ignore the syslog facility for systems w/ old syslog like Ultrix.
+ [5c250adbbb84]
-2004-01-05 16:10 millert
+ * TROUBLESHOOTING:
+ people with "." early in their path can have problems running sudo
+ from the build dir ;-)
+ [20a1744a24a4]
- * def_data.c, def_data.h, def_data.in: Move the environment
- defaults to the end and shorten a few of the descriptions.
+1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-05 15:05 millert
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Remove -r realm option
+ [127caa537f95]
- * configure.in, configure: no shared libs on ultris or convexos
+ * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
+ configure.in, sudo.c:
+ New krb5 code from Frank Cusack <fcusack@iconnet.net>.
+ [7177a3893a62]
-2004-01-05 15:03 millert
+ * CHANGES:
+ update to reality
+ [766cfbb512d6]
- * Makefile.in, configure, configure.in: Build sudo_noexec shared
- object using libtool; could use some cleanup.
+1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-05 14:59 millert
+ * auth/fwtk.c:
+ include <auth.h> to get function prototypes.
+ [d6c7c12d09fe]
- * acsite.m4, ltconfig, ltmain.sh: libtool scaffolding
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ document -L flag
+ [dc803e1ce0d7]
-2004-01-05 14:56 millert
+1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.yacc: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so
- that order is not important.
+ * sudo.c:
+ in set_perms(), always call setuid(0) before changing the ruid/euid
+ so we always know it will succeed.
+ [8cced1b862bf]
-2004-01-05 12:15 millert
+ * defaults.h:
+ #undef T_FOO to avoid conflicts with system defines (like on
+ ULTRIX).
+ [d9f0aac092b0]
- * defaults.c, env.c, parse.c, parse.h, parse.lex, parse.yacc,
- pathnames.h.in, sudo.c, sudo.h, lex.yy.c: update copyright year
+ * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
+ sudoers.pod:
+ Docuement "Defaults" lines in /etc/sudoers. Still needs some
+ fleshing out but this is a start.
+ [521a1e629bbc]
-2004-01-04 22:58 millert
+1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in, defaults.c, env.c, pathnames.h.in: Add
- _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
- option. The default value of noexec_file is set to this.
+ * use strtol, not strtoul since not everyone has not strtoul
+ [988462f093cc]
-2004-01-04 21:48 millert
+ * defaults.c:
+ use strtol, not strtoul since not everyone has not strtoul
+ [fce835ce62e3]
+
+ * lex.yy.c, parse.lex:
+ last {WORD} rule should only apply in the INITIAL state
+ [9b57570bfa83]
+
+ * lex.yy.c, parse.lex:
+ o Add support for escaped characters in the WORD macro o Modify
+ fill() to squash escape chars
+ [87572d59e4e0]
- * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
- parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.h: Add
- support for preloading a shared object containing a dummy
- execve() function that just sets error and returns -1. This adds
- a "noexec_file" option to load the filename as well as a "noexec"
- flag to enable it unconditionally. There is also a NOEXEC tag
- that can be attached to specific commands and an EXEC tag to
- disable it.
+ * defaults.c, defaults.h:
+ o Add T_PATH flag to allow simple sanity checks for default values
+ that are supposed to be pathnames. o Fix a duplicate free when
+ visudo finds an error.
+ [bdc6855a6c6d]
-2004-01-04 21:40 millert
+1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * mkdefaults: add missing newline to usage statement
+ * defaults.c, defaults.h, logging.c:
+ mail_if_foo -> mail_foo
+ [cbee9415875d]
-2004-01-04 20:39 millert
+1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, sudo.c: Rename EXEC macro -> EXECV
+ * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
+ o Add requiretty option o Move O_NOCTTY to compat.h
+ [65b8bf0e1795]
-2004-01-04 20:16 millert
+ * logging.c:
+ The exit() in log_error() was mistakenly removed in a previous
+ version. Put it back...
+ [9473449130a4]
- * logging.c: Don't truncate usernames to 8 characters in the log
- message.
+1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-04 20:13 millert
+ * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
+ auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
+ configure, configure.in, defaults.c, defaults.h, find_path.c,
+ getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
+ o Change defaults stuff to put the value right in the struct. o
+ Implement mailer_flags o Store syslog stuff both in int and string
+ form. Setting the string form magically updates the int version.
+ o Add boolean attribute to strings where it makes sense to say !foo
+ [4698953f9a36]
- * check.c, sudoers.man.in, sudoers.pod: Update copyright year
+ * tgetpass.c:
+ add O_NOCTTY when opening /dev/tty just in case
+ [4c6d1d1bb300]
-2004-01-04 20:12 millert
+1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
- sudoers.pod: Add a new option, lecture_file, that can be used to
- point to a custom sudo lecture.
+ * auth/API:
+ cleanup function no longer takes a status arg
+ [0819edbfe7f8]
-2003-12-31 17:46 millert
+ * INSTALL:
+ the the
+ [19aadb65ea28]
- * Makefile.in, sudo.h, zero_bytes.c, auth/aix_auth.c,
- auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Add a
- zero_bytes() function to do the equivalent of bzero in such a way
- that will heopfully not be optimized away by sneaky compilers.
+1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-12-31 13:35 millert
+ * TODO, config.h.in, configure, configure.in, logging.c:
+ Use strftime() instead of ctime() if it is available.
+ [fb60ea63b514]
- * err.c: Use #ifdef __STDC__, not #if __STDC__.
+1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-12-30 17:41 millert
+ * defaults.c:
+ fix copyright date
+ [4a53b54aa72f]
- * mkdefaults: Always put at least one space between the def_* macro
- name and its definition.
+ * RUNSON:
+ update ReliantUNIX entry
+ [de618a4f67d9]
-2003-12-30 17:34 millert
+ * defaults.c, defaults.h, logging.c:
+ add log_year option
+ [251a9e20568a]
- * configure, configure.in: Adjust code for --without-lecture to
- match new values.
+ * configure, configure.in:
+ add --without-sendmail to help output
+ [93162f199902]
-2003-12-30 17:33 millert
+ * configure, configure.in:
+ enforce an otctal arg for --with-suoders-mode
+ [45e1b04ccad3]
- * visudo.man.in: regen after pasto fix
+1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-12-30 17:31 millert
+ * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
+ auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
+ auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
+ defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
+ parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
+ testsudoers.c, version.c, visudo.c:
+ Add support for "Defaults" line in sudoers to make configuration
+ variables changable at runtime (and on a global, per-host and per-
+ user basis). Both the names and the internal representation are
+ still subject to change. It was necessary to make sudo_user.runas
+ but a char ** instead of a char * since this value can be changed by
+ a Defaults line. There is a similar (but more complicated) issue
+ with sudo_user.prompt but it is handled differently at the moment.
- * sudoers.man.in, sudoers.pod: Document that "lecture" has changed
- from a flag to a tuple.
+ Add a "-L" flag to list the name of options with their descriptions.
+ This may only be temporary.
-2003-12-30 17:31 millert
+ Move some prototypes to parse.h
- * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
- defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h: Add
- support for tuples in def_data.in; these are implemented as an
- enum type. Currently there is only a single tuple enum but in
- the future we may have one tuple enum per T_TUPLE entry in
- def_data.in. Currently listpw, verifypw and lecture are tuples.
- This avoids the need to have two entries (one ival, one str) for
- pwflags and syslog values.
+ Be much less restrictive on what is allowed for a username.
+ [f71abf7ba80c]
- lecture is now a tuple with the following values: never, once,
- always
+ * sample.syslog.conf:
+ Add more info
+ [e952e6f42d4d]
- We no longer use both an int and string entry for syslog
- facilities and priorities. Instead, there are logfac2str() and
- logpri2str() functions that get used when we need to print the
- string values.
+1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-12-30 17:20 millert
+ * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
+ strcasecmp.c:
+ UCB has dropped the advertising clause from their license.
+ [a5602b36a341]
- * check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
- logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
- visudo.c, auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c,
- auth/pam.c, auth/rfc1938.c, auth/securid5.c, auth/sia.c,
- auth/sudo_auth.c: Create def_* macros for each defaults value so
- we no longer need the def_{flag,ival,str,list,mode} macros (which
- have been removed). This is a step toward more flexible data
- types in def_data.in.
+1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-12-30 15:55 millert
+ * auth/sudo_auth.h:
+ move dce_verofy proto to correct section
+ [972c815af558]
- * TODO: checkpoint
+ * auth/dce.c:
+ remove XXX
+ [820631855be0]
-2003-12-22 21:18 millert
+1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * emul/fnmatch.h:
+ Add fnmatch() prototype
+ [79e84576d92a]
- * sudo.c: If we are in -k/-K mode, just spew to stderr. It is not
- unusual for users to place "sudo -k" in a .logout file which can
- cause sudo to be run during reboot after the YP/NIS/NIS+/LDAP/etc
- daemon has died. Previously, this would result in useless mail
- and logging.
+ * fnmatch.c, parse.c, testsudoers.c:
+ Move inclusion of emul/fnmatch.h to be after sudo.h for __P
+ [1182c89fa811]
-2003-12-16 13:51 millert
+ * sudo.h:
+ add strcasecmp proto
+ [512d1d8a6a0c]
- * visudo.pod: fix pasto in VISUAL description
+ * auth/sudo_auth.c:
+ add check for case where there are no auth methods
+ [e4af2b91b43e]
-2003-12-09 22:09 millert
+ * configure, configure.in:
+ Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
+ SunOS4 w/ gcc
+ [746ce8bcec23]
- * configure: regen
+ * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
+ include strings.h everywhere we include string.h
+ [6f7d5d437e7b]
-2003-12-09 22:08 millert
+ * version.c:
+ nicer output when showing auth methods
+ [0eac4b977f9d]
+
+ * version.c:
+ Add support for SEND_MAIL_WHEN_NO_HOST
+ [9f20a3a3fae6]
+
+ * config.h.in, configure, configure.in:
+ Add _GNU_SOURCE for Linux
+ [c7bd8c511847]
+
+ * lex.yy.c, parse.lex:
+ fix definition of OCTECT
+ [4af30e63244d]
+
+ * configure, configure.in:
+ aix_auth.o not authenticate.o
+ [fe95dfb08df4]
+
+1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
+ keyboard). Since we run with ruid/euid == 0 the user can't really
+ signal us in nasty ways.
+ [a7f6487c0f48]
+
+ * visudo.c:
+ Don't need to worry about catching too many signals since we do
+ locking on the tmp file. If a lockfile is really stale, it will be
+ detected and overwritten.
+ [28983db3e749]
+
+ * INSTALL, Makefile.in:
+ include auth/API in tarball
+ [014991600252]
+
+ * auth/sudo_auth.c:
+ move memset() of plaintext pw outside of verify loop and only do the
+ memset if we are *not* in standalone mode.
+ [66f8e87567e2]
- * CHANGES: checkpoint
+ * auth/sudo_auth.c, auth/sudo_auth.h:
+ DCE is not a standalone method
+ [34963e2d8a1b]
-2003-12-09 22:02 millert
+ * sudo.c:
+ fix --enable-noargs-shell
+ [4234062abbb0]
+
+ * snprintf.c:
+ "#ifdef __STDC__" not "#if __STDC__" (I missed one)
+ [c430b80454c6]
+
+ * auth/fwtk.c, auth/sia.c:
+ _cleanup() function returns an int.
+ [d1a1cc071ec1]
+
+ * auth/dce.c:
+ there were still some return(0)'s hanging around, make them
+ AUTH_FAILURE
+ [1002aa1962c3]
+
+ * parse.c:
+ typo in comment
+ [5abc410dbfd2]
+
+ * version.c:
+ add missing semicolon
+ [a262283b52a5]
+
+ * auth/sudo_auth.h:
+ missing backslash
+ [bf89f6bd2900]
+
+1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, config.h.in, configure, configure.in:
+ Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
+ [f1a9bca0cf67]
+
+ * Makefile.in:
+ add parse.h to HDRS
+ [a3d054987766]
+
+ * Makefile.in, configure, configure.in:
+ Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
+ LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
+ network libs like -lsocket, -lnsl go in NET_LIBS. This allows
+ testsudoers to build on Solaris and is a bit cleaner in general.
+ [4e6239e97002]
+
+ * UPGRADE:
+ mention ptmp -> sudoers.tmp
+ [ec3baa0fe8a1]
+
+ * config.h.in, configure, configure.in:
+ Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
+ [6f93dc7f39f5]
+
+ * RUNSON:
+ add 2 reports
+ [ce0fcc00ee4e]
+
+ * auth/kerb5.c:
+ Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
+ return a value more like a system function
+ [0dd56aa21424]
+
+ * auth/dce.c:
+ Add an XXX
+ [58fc8562c212]
+
+ * TODO:
+ more things todo!
+ [5a459d0cf339]
+
+ * sample.sudoers:
+ update based on what is in the man page
+ [1a0477db96fa]
+
+ * parse.yacc, sudo.tab.c:
+ minor change to first line printed in -l mode
+ [69eb57d96952]
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
+ standard and add "EXAMPLES" section
+ [7e543335ebe1]
+
+ * visudo.cat, visudo.html, visudo.man, visudo.pod:
+ rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
+ standard
+ [f82d87ed65c2]
+
+ * logging.c, parse.c, sudo.h:
+ add FLAG_NO_CHECK
+ [c7d69176a2d7]
+
+ * lex.yy.c, parse.lex:
+ make an OCTET really be limited to 0-255
+ [6ee568dd6a02]
+
+ * UPGRADE:
+ mention timestamp changes
+ [e44d5302bf60]
+
+ * PORTING:
+ cosmetic cleanup
+ [36fa3a2664dd]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ new sudoers(8) man page
+ [e674d06283d0]
+
+1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.c:
+ Update comments about syslog name tables
+ [63830a782dcb]
+
+ * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
+ strcasecmp.c, sudo.tab.c:
+ include strcasecmp() for those without it
+ [a0d8e2488bbc]
- * TROUBLESHOOTING: Some OSes (like Solaris) allow export w/ nosuid
- too
+ * sample.sudoers:
+ Use the : operator some more and fix a typo
+ [18804c70da86]
-2003-08-12 16:45 millert
+ * HISTORY:
+ update the history of sudo
+ [9d9b3d5279b3]
- * compat.h: We don't use FD_ZERO anymore so just define FD_SET (if
- not already there).
+ * parse.c, parse.lex, testsudoers.c:
+ CIDR-style netmask support
+ [768644467353]
+
+ * CHANGES:
+ recent changes
+ [a4319e9d07cb]
+
+ * sudo.tab.c, sudo.tab.h:
+ these should be generated with byacc, not bison
+ [f57b9489b752]
+
+ * lex.yy.c:
+ regen
+ [522461f95dfa]
-2003-06-28 21:31 millert
+ * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
+ In "sudo -l" mode, the type of the stored (expanded) alias was not
+ stored with the contents. This could lead to incorrect output if
+ the sudoers file had different alias types with the same name.
+ Normal parsing (ie: not in '-l' mode) is unaffected.
+ [823fe2bc4b79]
+
+1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: Fix a core dump on Solaris by preserving the
- pam_handle_t we used during authentication for pam_prep_user().
- If we didn't authenticate (ie: ticket still valid), we call
- pam_init() from pam_prep_user(). This is something of a hack; it
- may be better to change the auth API and add an auth_final()
- function that acts like pam_prep_user().
+ * configure, configure.in:
+ define _XOPEN_SOURCE to get at crypt() proto on some systems
+ [1b3769b86fb9]
-2003-06-21 12:50 millert
+1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * snprintf.c:
+ fix comment
+ [fc1264df00f7]
- * set_perms.c: Add explicit declaration of printerr variable in
- function header (was defaulting to int which is OK but oh so K&R
- :-). From Theo.
+ * tgetpass.c:
+ don't need limits.h
+ [f1631829af45]
-2003-06-09 19:00 millert
+ * snprintf.c:
+ kill bogus reference to vfprintf
+ [a0b99b25d389]
- * config.h.in, configure.in: s/HAVE_STOW/USE_STOW/
+ * sample.sudoers, sudoers:
+ better examples
+ [b4d87ea64cc8]
-2003-06-09 16:07 millert
+ * snprintf.c:
+ Add some const in the K&R defs. This is safe since we define const
+ away if the compiler doesn't grok it.
+ [614d6e83d45e]
- * logging.c: Also exit waitpid() loop when pid == 0. Fixes a
- problem where the sudo process would spin eating up CPU until
- sendmail finished when it has to send mail.
+ * aclocal.m4, configure:
+ Better test for working long long support. Ultrix compiler supports
+ basic long long but not all operations on them.
+ [5da1508710ed]
-2003-05-30 16:22 millert
+ * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
+ snprintf.c, sudo.c:
+ Add check for LONG_IS_QUAD #undef MAXINT before including
+ hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
+ in snprintf.c and use LONG_IS_QUAD
+ [a1f7993367fc]
- * fnmatch.3, fnmatch.c: Remove advertising clause, UCB has
- disavowed it
+1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-05-21 21:53 millert
+ * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
+ snprintf.c:
+ UCB-derived snprintf + asprintf support. Supports quads if the
+ compiler does. No floating point yet, perhaps later...
+ [0caf05aba945]
+
+1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
+ goodpath.c, logging.c, parse.c, sudo.c:
+ Run most of the code as root, not the invoking user. It doesn't
+ really gain us anything to run as the user since an attacker can
+ just have an setuid(0) in their egg. Running as root solves
+ potential problems wrt signalling.
+ [408e530dda01]
+
+ * sudo.tab.c:
+ regen
+ [f8cfb37e37de]
+
+1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, sudo.c:
+ Don't wait for child to finish in log_error(), let the signal
+ handler get it if we are still running, else let init reap it for
+ us. The extra time it takes to wait lets the user know that mail is
+ being sent.
+
+ Install SIGCHLD handler in main() and for POSIX signals, block
+ everything
+ *except* SIGCHLD.
+ [d2b6ab0ef3be]
+
+ * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
+ parse.yacc, sudo.c, sudo.h:
+ sudoers_lookup() now returns a bitmap instead of an int. This makes
+ it possible to express things like "failed to validate because user
+ not listed for this host". Some thigns that were previously
+ VALIDATE_FOO are now FLAG_FOO. This may change later on.
+
+ Reorganized code in log_auth() and sudo.c to deal with above
+ changes.
+
+ Safer versions of push/pushcp with in the do { ... } while (0) style
+
+ parse.yacc now saves info on the stack to allow parse.c to determine
+ if a user was listed, but not for the host he/she tried to run on.
+
+ Added --with-mail-if-no-host option
+ [63326cb01efc]
+
+1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
+ visudo.man, visudo.pod:
+ o NewArgv and NewArgc don't need to be externally visible. o If
+ pedantic > 1, it is a parse error. o Add -s (strict) option to
+ visudo which sets pedantic to 2.
+ [5d7d81b55cd5]
+
+ * HISTORY, INSTALL:
+ Just have sudo-bugs contact info in one place
+ [e7f6588ea683]
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Add BUGS section
+ [6607d96ea510]
+
+ * Makefile.in, configure, configure.in:
+ Add testsudoers to default build target if --with-devel Don't clean
+ generated parser files unless "distclean".
+ [5827b769dc57]
+
+ * parse.yacc, sudo.tab.c:
+ In pedantic mode we need to save *all* the aliases, not just those
+ that match, or we get spurious warnings.
+ [24f5b1f0e1de]
+
+ * TROUBLESHOOTING:
+ reference samples.sylog.conf
+ [11841668380a]
+
+1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.syslog.conf:
+ Sample entries for syslog.conf
+ [0f7697d878a1]
+
+ * CHANGES:
+ recent changes
+ [8bca8810c6bd]
+
+ * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
+ auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
+ auth/sudo_auth.c, auth/sudo_auth.h:
+ In struct sudo_auth, turn need_root and configured into flags and
+ add a flag to specify an auth method is running alone (the only
+ one). Pass auth methods their sudo_auth pointer, not the data
+ pointer. This allows us to get at the flags and tell if we are the
+ only auth method. That, in turn, allows the method to be able to
+ decide what should/should not be a fatal error. Currently only
+ rfc1938 uses it this way, which allows us to kill the OTP_ONLY
+ define and te hackery that went with it. With access to the
+ sudo_auth struct, methods can also get at a string holding their
+ cannonical name (useful in error messages).
+ [b7e320fc6511]
+
+ * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
+ getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
+ sudo.tab.h:
+ o --with-otp deprecated, use --without-passwd instead o real
+ dependencies in the Makefile o --with-devel option to enable yacc,
+ lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
+ back to being a token, not a string but don't leak memory o rename
+ hsotspec -> host in parse.yacc
+ [912c45226cb2]
+
+1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, CHANGES:
+ recent changes
+ [801fa6e55687]
+
+ * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
+ sudo.c, sudo.h:
+ o Digital UNIX needs to check for *snprintf() before -ldb is added
+ to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
+ for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
+ functions in snprintf.c to fix -Wall o Add missing includes to fix
+ more -Wall
+ [8d207203e126]
+
+ * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
+ configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
+ visudo.c:
+ o Add a "pedentic" flag to the parser. This makes sudo warn in
+ cases where an alias may be used before it is defined. Only turned
+ on for visudo and testsudoers. o Add --disable-authentication option
+ that makes sudo not require authentication by default. The PASSWD
+ tag can be used to require authentication for an entry. We no
+ longer overload --without-passwd.
+ [f307e09adf98]
+
+ * lex.yy.c, parse.lex:
+ Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
+ username can contain just about anything so be very permissive. Also
+ drop the unused \. punctuation.
+ [06a50614ff89]
+
+1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.tab.c:
+ o add a 'val' element to aliasinfo struct and move -> parse.h o
+ find_alias() now returns an aliasinfo * instead of boolean o
+ add_alias() now takes a value parameter to store in the
+ aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
+ return: 1) positive match 0) negative match (due to '!')
+ -1) no match This means setting $$ explicitly in all cases, which I
+ should have done in the first place. It also means that we always
+ store a value that is != -1 and when we see a '!' we can set
+ *_matches to !rv if rv != -1. The upshot of all of this is that '!'
+ now works the way it should in lists and some of the rules are more
+ uniform and sensible.
+ [ad8e73b5d581]
+
+ * Makefile.in:
+ add parse.h dependency
+ [4ccccd464d30]
+
+ * parse.h:
+ kill unused *_matched macros
+ [02cba6dcb732]
+
+ * parse.yacc:
+ Allow a list of users as the first thing in a user spec, not just a
+ single entry. This makes things more uniform, though it does allow
+ you to write user specs that are hard to read.
+ [3c4c91c508ca]
+
+ * sudo.tab.c:
+ parse.yacc
+ [feca81881bb6]
+
+ * configure:
+ regen
+ [6f247010bb3b]
+
+ * configure.in:
+ fix check for crypt() in libufc
+ [82770736f4b0]
+
+1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ sudo-users list now exists
+ [4716d2bb0bbf]
+
+ * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
+ Update to reality.
+ [1eda2d57e42a]
- * parse.c: Don't assume that getgrnam() calls don't modify contents
- of struct passwd returned by getpwnam(). On FreeBSD w/ NIS this
- can happen. Based on a patch from Kirk Webb.
+ * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
+ config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
+ version.c, visudo.c:
+ o Move lock_file() and touch() into fileops.c so visudo can use them
+ o Visudo now locks the sudoers temp file instead of bailing when the
+ temp file already exists. This fixes the problem of stale temp
+ files but it does *require* that you not try to put the temp file in
+ a world-writable directory. This shoud not be an issue as the temp
+ file should live in the same dir as sudoers. o Visudo now only
+ installs the temp file as sudoers if it changed.
+ [2517cd06c070]
+
+1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ add fcntl locking
+ [c304adeaf515]
+
+ * config.h.in, configure, configure.in, logging.c:
+ Lock the log file.
+ [d8652704fbdf]
-2003-05-06 11:25 millert
+ * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
+ visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
+ o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
+ temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
+ -> _PATH_SUDOERS_TMP
+ [68cad8975807]
+
+1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
+ o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
+ root sudo -V config reporting
+ [cdd2613a9dcf]
+
+ * configure, configure.in:
+ aix_auth.o not authenticate.o
+ [d972e35f6730]
+
+ * config.h.in:
+ Add --with-goodpri and --with-badpri configure options to specify
+ the syslog priority to use.
+ [2595ae50ab86]
+
+ * INSTALL, configure, configure.in, logging.h:
+ Add --with-goodpri and --with-badpri configure options to specify
+ the syslog priority to use.
+ [8276ee9b2b49]
+
+ * compat.h:
+ kill crufty AIX stuff
+ [a4f35ef9854e]
+
+ * Makefile.in:
+ Sigh, some versions of make (like Solaris's) don't deal with $< like
+ I would expect. Both GNU and BSD makes get this right but... So, we
+ just expand $< inline at the cost of some ugliness.
+ [b1b456f8801f]
+
+ * version.c:
+ If the invoking user is root, sudo will now print configure info in
+ -V mode. Currently just prints logging info, to be expanded later.
+ [392f7ed99267]
+
+ * logging.c, logging.h, sudo.c, sudo.h:
+ o new defines for syslog facility and priority o use new
+ print_version() functino for -V mode
+ [78abc5142985]
+
+ * check.c:
+ Don't need version.c
+ [db9a830ad893]
+
+ * aclocal.m4, config.h.in, configure, configure.in:
+ Add check for syslog facilities and priorities tables in syslog.h
+ [b86213e5fc5c]
+
+ * Makefile.in:
+ o authenticate -> aix_auth o add version.c
+ [44b6b9a8d0f5]
+
+ * auth/sudo_auth.c:
+ Missed a prompt -> user_prompt conversion
+ [e4c60b1f210c]
+
+1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ sudo should lock its logfile
+ [6d2830b28b07]
+
+ * parse.yacc, sudo.tab.c:
+ o Add '!' correctly when expanding Aliases. o Add shortcut macros
+ for append() to make things more readable. o The separator in
+ append() is now a string instead of a char. o In append(), only
+ prepend the separator if the last char is not a '!'. This is a
+ hack but it greatly simplifies '!' handling. o In -l mode, Runas
+ lists and NOPASSWD/PASSWD tags are now inherited across entries in
+ a list (matches current behavior). o Fix formatting in -l mode such
+ that items in a list are separated by a space. Greatlt improves
+ readability. o Space for name field in struct aliasinfo is now
+ allocated dyanically instead of using a (big) buffer. o In
+ add_alias(), only search the list once (lsearch instead of lfind +
+ lsearch)
+ [51f7e07addb9]
+
+ * lex.yy.c, sudo.tab.c, sudo.tab.h:
+ regen
+ [5c19bb05dc21]
+
+ * configure, configure.in:
+ Solais pam doesn't require anye xtra setup
+ [a25ba03d91d1]
+
+ * parse.yacc:
+ o Simpler '!' support now that the lexer deals with multiple !'s for
+ us. o In the case of opFOO, have FOO give a boolean return value and
+ set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
+ it gets fill()'d in parse.lex--fixes a small memory leak. In the
+ long run it may be better to just fix parse.lex and make ALL back
+ into a token. However, having it be a string is useful since it
+ can be easily passed back to the parent rule if we so desire.
+ [b3c64b443018]
+
+ * parse.lex:
+ o Remove some unnecessary backslashes o collapse multiple !'s by
+ using !+ and checking if yyleng is even or odd. this allows us to
+ simplify ! handling in parse.yacc
+ [76330e8da8e3]
+
+ * sudo.c:
+ -u flag was being ignored
+ [e30283207585]
+
+1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ correct fix
+ [a0e2377dec8f]
+
+ * Makefile.in:
+ work around pod2man stupididy
+ [7c755640b67f]
+
+ * Makefile.in:
+ correct dependencies for .cat
+ [5ed7b0653b68]
+
+ * sudo.cat, sudo.man, visudo.cat, visudo.man:
+ regen
+ [b74510dd6a0a]
+
+ * sudo.pod, visudo.pod:
+ Add copyright Update to reality
+ [188e9b046c15]
+
+ * parse.c, sudo.c, sudo.h:
+ rename validate() to the more descriptive sudoers_lookup()
+ [7a1cb652f379]
+
+ * auth/aix_auth.c:
+ use tgetpass
+ [b8ba5daec40a]
+
+1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updates
+ [e61460cdf4a0]
- * configure.in: missing ;;
+ * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
+ configure, configure.in, sudo.c:
+ Sudo, not CU Sudo
+ [9061b3573c0c]
+
+ * LICENSE:
+ add 4th term to license similar to term 5 in the apache license
+ [92712e895afb]
+
+ * emul/search.h, emul/utime.h:
+ add 4th term to license similar to term 5 in the apache license
+ [4f93a8b9396e]
+
+ * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
+ auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
+ auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
+ auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
+ logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ add 4th term to license similar to term 5 in the apache license
+ [afae9f2bf9ec]
+
+ * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
+ add 4th term to license similar to term 5 in the apache license
+ [c389d3fdafac]
+
+ * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
+ getspwuid.c, goodpath.c:
+ add 4th term to license similar to term 5 in the apache license
+ [969e63dbd38e]
+
+ * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
+ insults.h, logging.c, sudo.c, sudo.h:
+ there was a 1995 release too
+ [5963fd89457a]
+
+1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updates
+ [254b794f16ab]
+
+ * check.c:
+ Use dirs instead of files for timestamp. This allows tty and non-
+ tty schemes to coexist reasonably. Note, however, that when you
+ update a tty ticket, the mtime on the user dir gets updated as well.
+ [44bfac32f799]
+
+ * configure, configure.in:
+ Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
+ when linking test program, not just -lprot. Also add check for
+ getspnam(). The SCO docs indicate that /etc/shadow can be used but
+ this may be a lie.
+ [2ba21d36cc1e]
+
+1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/API:
+ first cut at auth API description
+ [3d10df021eb8]
+
+1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
+ auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
+ auth/sudo_auth.h:
+ auth API change. There is now an init method that gets run before
+ the main loop. This allows auth routines to differentiate between
+ initialization that happens once vs. setup that needs to run each
+ time through the loop.
+ [76df1c0d3478]
+
+ * auth/kerb5.c, logging.c:
+ use easprintf() and evasprintf()
+ [fd97d96dc12f]
+
+ * alloc.c, sudo.h:
+ add easprintf() and evasprintf(), error checking versions of
+ asprintf() and vasprintf()
+ [f54385de20b7]
+
+ * TODO:
+ remove 2 items. One done, one won't do.
+ [64513b47bc7a]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [4aa299de2752]
+
+ * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
+ visudo.html, visudo.man:
+ regen
+ [553c0d1209be]
+
+ * CHANGES:
+ new changes
+ [d7be00b7e36b]
+
+ * sudo.pod:
+ o Document -K flag and update meaning of -k flag. o BSD-style
+ copyright o Document clearing of BIND resolver environment variables
+ o Clarify bit about shared libs o suggest rc files create /tmp/.odus
+ if your OS gives away files
+ [4a4092be1455]
+
+ * visudo.pod:
+ BSD license
+ [ad0bfd0a4630]
+
+ * version.h:
+ BSD-style copyright
+ [ecc6479325be]
+
+ * tgetpass.c:
+ o BSD copyright o no need to block signals, we now do that in main()
+ o cosmetic changes
+ [61958beda7ab]
+
+ * testsudoers.c, visudo.c:
+ o BSD-style copyright o Use "struct sudo_user" instead of old
+ globals. o some cometic cleanup
+ [88c0c6924082]
+
+ * sudo_setenv.c:
+ BSD-style copyright
+ [df20290129a0]
+
+ * sudo.h:
+ o BSD copyright o logging and parser bits moved to their own .h
+ files o new "struct sudo_user" to encapsulate many of the old
+ globals.
+ [50fc86bf25cb]
+
+ * sudo.c:
+ o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
+ logging routines o simplified flow of control o BIND resolver
+ additions to badenv_table
+ [8c53f15bfcb0]
+
+ * strerror.c:
+ BSD-style copyright
+ [7c906c3a82ac]
+
+ * snprintf.c:
+ Now compiles on more K&R compilers
+ [07ab1d3231c7]
+
+ * putenv.c:
+ BSD-style copyright, cosmetic changes
+ [c42371295881]
+
+ * pathnames.h.in:
+ BSD-style copyright
+ [e5c34ebd4cf1]
+
+ * parse.c, parse.h, parse.lex, parse.yacc:
+ BSD-style copyright. Move parser-specific defines and structs into
+ parse.h + other cosmetic changes
+ [d3088efb6228]
+
+ * logging.h:
+ defines for logging routines
+ [13147941c02d]
+
+ * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
+ BSD-style copyright, cosmetic changes
+ [e8205e91a4fa]
-2003-05-06 00:53 millert
+ * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.h:
+ BSD-style copyright
+ [b9499da7cdce]
+
+ * configure.in:
+ o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
+ kill --disable-tgetpass o add --without-passwd o changes to fill in
+ AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
+ v?asprintf() o replace --with-AuthSRV with --with-fwtk
+ [9a3f39b9c128]
+
+ * config.h.in:
+ BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
+ HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
+ HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
+ [9a09054db53a]
+
+ * compat.h:
+ BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
+ [25509c566975]
+
+ * alloc.c:
+ BSD-style copyright
+ [4967be892363]
+
+ * TROUBLESHOOTING:
+ no more --with-getpass
+ [afd5b670c196]
+
+ * TODO:
+ Take out things I've done...
+ [375420c8270e]
+
+ * README:
+ Refer to LICENSE
+ [c486c8db30f6]
+
+ * PORTING:
+ --with-getpass no longer exists
+ [db48202df1bb]
+
+ * Makefile.in:
+ BSD-style copyright. Update to reflect reality wrt new files and
+ new auth modules.
+ [61a2ca7940fb]
+
+ * INSTALL:
+ Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
+ --without-passwd.
+ [64e8f9e1c05e]
+
+ * HISTORY:
+ Update history a bit
+ [df60c0a871b8]
+
+ * COPYING, LICENSE:
+ Now distributed under a BSD-style license
+ [d1a184ccabe1]
+
+ * auth/sudo_auth.c:
+ o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
+ options. o skey/opie replaced by rfc1938 code o new struct sudo_user
+ global
+ [891b57060868]
+
+ * auth/pam.c, auth/sia.c:
+ BSD-style copyright and use new log functions
+ [65c44445ea84]
+
+ * auth/kerb5.c:
+ o BSD-style copyright o Use new log functiongs o Use asprintf() and
+ snprintf() where sensible.
+ [1ff0feaacf95]
+
+ * check.c:
+ Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
+ done more reasonably--better sanity checks and tty-based stamps are
+ now done as files in a directory with the same name as the invoking
+ user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
+ to mix tty and non-tty based ticket schemes but this may change in
+ the future (it requires sudo to use a directory instead of a file in
+ the non-tty case). Also, ``sudo -k'' now sets the ticket back to
+ the epoch and ``sudo -K'' really deletes the file. That way you
+ don't get the lecture again just because you killed your ticket in
+ .logout. BSD-style copyright now.
+ [ec3460f85be8]
+
+ * logging.c:
+ o rewritten logging routines. log_error() now takes printf-style
+ varargs and log_auth() for the return value of validate(). o BSD-
+ style copyright
+ [438292025c4e]
+
+ * auth.c, check_sia.c, dce_pwent.c, secureware.c:
+ superceded by new auth API
+ [412060590da7]
+
+ * auth/kerb4.c:
+ BSD-style copyright
+ [cc4e800833c7]
+
+ * auth/fwtk.c:
+ Use snprintf() where it makes sense and add a BSD-style copyright
+ [1b7502388a74]
+
+ * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
+ BSD-style copyright
+ [42583bedae5c]
+
+ * emul/utime.h, utime.c:
+ BSD-style copyright
+ [3985c90aba47]
+
+ * emul/search.h:
+ this has been rewritten so use my BSD-style copyright
+ [176df1b0de6f]
+
+1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * snprintf.c:
+ include malloc.h if no stdlib.h
+ [7b123f1d1d03]
+
+ * snprintf.c:
+ KTH snprintf()/asprintf() for systems w/o them
+ [3ca9aefb9d01]
+
+ * strerror.c:
+ strerror() for systems w/o it
+ [7f0bd8a1c1b4]
+
+1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ stylistic changes
+ [6f99aceb7170]
+
+ * parse.c, parse.lex, parse.yacc:
+ Add contribution info in the main comment
+ [e50cec10acd6]
+
+1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ remove missed ref to PAM_nullpw
+ [a43e59692cdb]
+
+ * auth/sudo_auth.h:
+ pasto
+ [891ff138ab89]
+
+ * auth/kerb5.c:
+ more or less complete now--still untested
+ [21036732faa0]
+
+ * auth/afs.c, auth/pam.c:
+ don't use user_name macro, it will go away
+ [def7cf727349]
+
+ * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
+ combine skey/opie code into rfc1938.c
+ [44d88ca93d3e]
+
+ * auth/dce.c, auth/sudo_auth.h:
+ DCE authentication method; basically unchanged from dce_pwent.c
+ [4d468473dd6f]
+
+ * auth/aix_auth.c, auth/sudo_auth.h:
+ AIX authenticate() support. Could probably be much better
+ [000013321a33]
+
+ * auth/sia.c:
+ Fix an uninitialized variable and some cleanup. Now works (tested)
+ [fd6ad88ff055]
+
+ * auth/sia.c, auth/sudo_auth.h:
+ SIA support for digital unix
+ [5335f3e70eab]
+
+ * auth/pam.c:
+ don't use prompt global, it will go away
+ [fadd22dd6ce4]
- * configure.in: darwin has a broken setreuid() in at least some
- versions
+ * auth/secureware.c:
+ correct copyright years
+ [6aa07c49f51b]
-2003-05-06 00:31 millert
+ * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
+ auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
+ auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
+ New authentication API and methods
+ [9debe9b59c79]
- * env.c: Fix an off by one error when reallocating the environment;
- Kevin Pye
+1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-30 14:04 millert
+ * sudo.tab.c:
+ regen
+ [84578e82c1a6]
- * sudoers.pod: Fix User_Spec definition; SEKINE Tatsuo
+ * parse.yacc:
+ only save an entry if user_matches && host_matches, even if the
+ stack is empty (fix for previous commit)
+ [00984b078d8a]
-2003-04-28 19:30 millert
+ * sudo.tab.c:
+ regen
+ [66acf160b4b7]
- * HISTORY: More info on the early days from Coggs.
+ * parse.yacc:
+ 1) Always save an entry on the stack if it is empty. This fixes the
+ -l and -v flags that were broken by earlier parser changes.
-2003-04-21 14:47 millert
+ 2) In a Runas list, don't negate FALSE -> TRUE since that would make
+ !foo match any time the user specified a runas user (via -u) other
+ than foo.
+ [f322eb54b015]
- * auth/kerb5.c: remove errant semicolon that prevented compilation
- under heimdal
+ * testsudoers.c:
+ interfaces and num_interfaces are now auto, not extern
+ [113add5c6518]
-2003-04-15 20:42 millert
+1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, alloc.c, check.c, compat.h, defaults.c, defaults.h,
- env.c, fileops.c, find_path.c, getprogname.c, getspwuid.c,
- goodpath.c, interfaces.c, interfaces.h, logging.c, parse.c,
- parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c,
- strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
- sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, utime.c,
- version.h, visudo.c, visudo.man.in, visudo.pod, auth/afs.c,
- auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
- auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
- auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/securid5.c, auth/sia.c, auth/sudo_auth.c: add DARPA credit
- on affected files
+ * auth.c:
+ use a static global to keep stae about empty passwords
+ [bc02e30807d8]
-2003-04-15 20:25 millert
+ * check_sia.c:
+ make PASSWORD_NOT_CORRECT logging consistent with other modules
+ [21962549d5fd]
- * LICENSE: slightly different wording for the darpa credit
+1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-15 14:37 millert
+ * auth.c:
+ PAM prompt code was wrong, looks like we have to kludge it after
+ all.
+ [91f246155ead]
- * LICENSE: Add DARPA credit
+ * auth.c:
+ In the PAM code, when a user hits return at the first password
+ prompt, exit without a warning just like the normal auth code
+ [918f59bacdb7]
-2003-04-14 16:49 millert
+ * configure, configure.in:
+ kludge around cross-compiler false positives
+ [5e5fc8356400]
- * auth/kerb5.c: Use krb5_princ_component() instead of
- krb5_princ_realm() for MIT Kerberos like we did before I messed
- things up ;-)
+ * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
+ New (correct) PAM code Tgetpass now takes an echo flag for use with
+ PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
+ useless umask setting Change error from BAD_ALLOCATION ->
+ BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
+ for consistency
+ [e71397f09dd8]
- Use krb5_principal_get_comp_string() to do the same thing w/
- Heimdal. I'm not sure if the component should be 0 or 1 in this
- case.
+ * sudo.c:
+ Some -Wall and kill some trailing spaces
+ [8229b43d5c4e]
- #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
- older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
- should be a configure check for this I guess.
+ * configure.in:
+ define -D__EXTENSIONS__ for solaris so we get crypt() proto
+ [7533e4436cab]
-2003-04-13 15:48 millert
+1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * TROUBLESHOOTING, config.h.in, configure, configure.in,
- sample.sudoers: builtin -> built-in; Jason McIntyre
+ * RUNSON:
+ add Dynix 4.4.4
+ [b69f773efbce]
-2003-04-13 15:45 millert
+ * INSTALL, config.h.in, configure, configure.in:
+ for kerberos V < version, fall back on old kerb4 auth code
+ [d685ed3a1d8e]
- * sudoers.pod: built in -> built-in; Jason McIntyre
+ * INSTALL:
+ clarify some things
+ [2f5ba2e8e53a]
-2003-04-09 16:14 millert
+ * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
+ typos
+ [8925a109c093]
- * CHANGES: checkpoint for 1.6.7p3
+1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-09 16:14 millert
+ * sudo.c:
+ mention why DONT_LEAK_PATH_INFO is not the default
+ [0346260cb4ec]
- * HISTORY: Update info on the early years @ SUNY-Buffalo from Cliff
- Spencer. Amazingly, sudo source from 1985 is available via
- groups.google.com
+1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-09 16:13 millert
+ * tgetpass.c:
+ Fix open(2) return value checking, was NULL for fopen, should be -1
+ for open
+ [355878bf6d8a]
- * sudo.c: Don't change rl.rlim_max for RLIMIT_CORE. We need only
- set rl.rlim_cur to 0 to turn off core dumps. This may be needed
- for the RLIMIT_CORE restoration on some OSes.
+ * configure:
+ regen
+ [68bf82871862]
-2003-04-04 12:46 millert
+ * configure.in:
+ better wording for solaris pam notice
+ [04e88c7a6c42]
- * auth/kerb5.c: Make this compile on Heimdal and MIT Kerberos 5
+ * CHANGES:
+ document recent changes
+ [7c922c5622ef]
-2003-04-04 12:45 millert
+ * TROUBLESHOOTING:
+ Update shadow password section
+ [e8448bae7d66]
- * config.h.in, configure, configure.in: Check for heimdal even if
- we found krb5-config and define HAVE_HEIMDAL.
+ * auth.c:
+ move authentication code from check.c to auth.c
+ [e9f6ecae2399]
-2003-04-03 22:04 millert
+ * Makefile.in, check.c, sudo.h:
+ move authentication code to auth.c
+ [124cded85f46]
- * auth/kerb5.c: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5.
- The former is no longer defined by MIT kerb5 (though it used to
- be and indeed remains so in Heimdal).
+1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-03 10:16 millert
+ * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
+ getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
+ logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
+ sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
+ visudo.c:
+ Move interface-related defines to interfaces.h so we don't have to
+ include <netinet/in.h> everywhere.
+ [e7599d8ea0bf]
- * mkinstalldirs: Remove newer stuff that passes multiple (possibly
- duplicate) directories to "mkdir -p" since that seems to break on
- Tru64 Unix at least. This basically brings back what shipped
- with sudo 1.6.6.
+1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-02 13:57 millert
+ * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
+ parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
+ o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
+ turns out the old DES crypt does the right thing with passwords
+ longert than 8 characters. o Fix common typo (necesary ->
+ necessary) o Update TODO list
+ [ad75007a6f13]
- * auth/kerb5.c: Correct number of args to
- krb5_principal_get_realm() and fix an unclosed comment that hid
- the bug.
+1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-02 13:45 millert
+ * sudo.c:
+ set $LOGNAME when we set $USER
+ [391596210fd7]
- * configure: regen
+1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-02 13:45 millert
+ * INSTALL:
+ add comment about digital unix and interfaces.c warning with gcc
+ [e20f815901cc]
- * BUGS, CHANGES, INSTALL, INSTALL.binary, Makefile.in, README,
- configure.in, version.h: ++version
+1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-02 13:44 millert
+ * sample.sudoers:
+ use modern paths and give examples for some of the new parser
+ features
+ [e7b2e507c695]
- * configure.in: use krb5-config to determine Kerberos V details if
- it exists
+1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-02 13:25 millert
+ * parse.c:
+ fix comment
+ [5eb0d005a65f]
- * alloc.c, check.c, compat.h, defaults.c, env.c, find_path.c,
- interfaces.c, logging.c, parse.c, sudo.c, sudo.h, testsudoers.c,
- visudo.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
- auth/securid5.c, auth/sia.c: Use warn/err and getprogname()
- throughout. The main exception is openlog(). Since the admin
- may be filtering logs based on the program name in the log files,
- hard code this to "sudo".
+ * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
+ getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
+ parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ Function names should be flush with the start of the line so they
+ can be found trivially in an editor and with grep
+ [3c400abde574]
+
+ * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
+ sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
+ free(3) is already void, no need to cast it
+ [6981e1ebda0f]
+
+ * logging.c, sudo.c, sudo.h:
+ catch case where cmnd_safe is not set (this should not be possible)
+ [3e1e3038546c]
+
+ * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
+ testsudoers.c, visudo.c:
+ Stash the "safe" path (ie: the one listed in sudoers) to the command
+ instead of stashing the struct stat. Should be safer.
+ [aa2883fcf57e]
+
+1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, Makefile.in, UPGRADE:
+ notes on updating from an earlier release
+ [df9fffa4ab2c]
+
+ * CHANGES:
+ updated
+ [574f5065d15a]
+
+1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
+ sudoers.man, sudoers.pod:
+ You can now specifiy a host list instead of just a host or alias.
+ Ie: user = host1,host2,ALIAS,!host3 my_command now works.
+ [e3942bb78021]
+
+ * testsudoers.c:
+ Quiet -Wall
+ [a3edc8b08c3a]
+
+ * parse.yacc, sudo.tab.c:
+ Move the push from the beginning of cmndspec to the end. This means
+ we no longer have to do a push at the end of privilege, just reset
+ some values.
+ [8ea66e5860c6]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
+ use "!" most everywhere
+ [aadae4d1c9d5]
+
+1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ modernize paths and update su example based on sample.sudoers one
+ [3f6a37e16c83]
+
+ * sample.sudoers:
+ New runas semantics
+ [756ee92865b7]
+
+ * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
+ strdup.c, sudo.h:
+ In estrdup(), do the malloc ourselves so we don't need to rely on
+ the system strdup(3) which may or may not exist. There is now no
+ need to provide strdup() for those w/o it. Also, the prototype for
+ estrdup() was wrong, it returns char * and its param is const.
+ [5f1f984da8e3]
+
+ * getcwd.c:
+ $Sudo tag
+ [e4188a35e68c]
+
+ * check.c:
+ buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
+ [2aec87c86cde]
+
+ * CHANGES, TODO, parse.yacc, sudo.tab.c:
+ It is now possible to use the '!' operator in a runas list as well
+ as in a Cmnd_Alias, Host_Alias and User_Alias.
+ [a4fdaabda990]
+
+ * logging.c, sudo.h:
+ Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
+ [73d0376785ae]
+
+ * sudo.h:
+ Definitions of *_matched were wrong--user top, not top-2 as
+ subscript.
+ [5f8350a57362]
+
+ * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
+ Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
+ command but the NOPASSWD flag was set. Make runasspec, runaslist,
+ runasuser, and nopasswd typeless in parse.yacc Add support for '!'
+ in the runas list Fix double printing of '%' and '+' for groups and
+ netgroups respectively Add *_matched macros (no need for local stack
+ variable). Should only be used directly after a pop (since top must
+ be >= 2).
+ [392b1400c4e6]
+
+ * aclocal.m4, configure.in:
+ Add copyright, somewhat silly
+ [55c2cdd82dca]
+
+1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
+ compat.h, config.h.in, configure, configure.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
+ ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+ lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
+ putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
+ sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
+ visudo.man:
+ Crank version to 1.6 and combine copyright statements
+ [0e1c791658ae]
+
+ * sample.sudoers:
+ Use ! not ^ to do negation
+ [1480a0761730]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [89ca5a46684b]
+
+ * parse.lex, parse.yacc:
+ Make runas and NOPASSWD tags persistent across entris in a command
+ list. Add a PASSWD tag to reverse NOPASSWD. When you override a
+ runas or *PASSWD tag the value given becomes the new default for the
+ rest of the command list.
+ [f1bbb4066542]
+
+1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, RUNSON:
+ update for 1.5.9
+ [a1ae9d4a7d54] [SUDO_1_5_9]
+
+ * visudo.c:
+ Shift return value of system(3) by 8 to get real exit value and if
+ it is not 1 or 0 print the retval along with the error message.
+ [c1ff50d743fb]
+
+1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ testsudoers needs LIBOBJS too
+ [972571b4e4bf]
+
+ * parse.c, parse.yacc, sudo.tab.c:
+ Fix another parser bug. For a sudoers entry like this: millert
+ ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
+ as root.
+ [51968e1eb33d]
+
+ * CHANGES:
+ new change
+ [271c6110bb62]
+
+ * parse.yacc, sudo.tab.c:
+ Save entries that match a ! command on the matching stack too
+ [5afb5107116c]
+
+ * sudo.c:
+ Make sudo's usage info better when mutually exclusive args are given
+ and don't rely on argument order to detect this; nick@zeta.org.au
+ [2422753c88fd]
+
+1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, Makefile.in, RUNSON:
+ updates from CU
+ [b37381e3dafb]
+
+ * Makefile.in:
+ use gzip
+ [94a64e52a166]
+
+ * parse.yacc, sudo.tab.c:
+ Fix off by one error introduced in *alloc changes
+ [95ede581153a]
-2003-04-02 13:16 millert
+ * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
+ check_sia.c, compat.h, config.h.in, configure, configure.in,
+ dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
+ sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
+ sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
+ ++version
+ [c6d88f024e37]
- * Makefile.in: Add getprogname.c and err.c
+ * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
+ interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
+ putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
+ sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
+ Use emalloc/erealloc/estrdup
+ [44221d97361a]
-2003-04-02 13:15 millert
+ * alloc.c:
+ error checking memory allocation routines
+ [5f8c1e7bbc71]
- * configure: regen
+ * parse.yacc, sudo.tab.c:
+ Still not right, this fixes it for real
+ [ad553b6f5339]
-2003-04-02 13:15 millert
+ * parse.yacc, sudo.tab.c:
+ Fix for previous commit
+ [4d6f989f9bf2]
- * configure.in, config.h.in: Add checks for getprognam(),
- __progname and err.h
+ * CHANGES, INSTALL, parse.yacc:
+ Fix a parser bug that was exposed when mixing different runas specs
+ and ! commands. For example: millert ALL=(daemon)
+ /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
+ as well as daemon when it should just allow daemon. The problem was
+ that comma-separated commands in a list shared the same entry on the
+ matching stack. Now they get their own entry iff there is a full
+ match. It may be better to just make the runas spec persistent
+ across all commands in a list like the user and host entries of the
+ matching stack. However, since that is a fairly major change it
+ should gets its own minor rev increase.
+ [c4b939cdcc8e]
-2003-04-02 13:14 millert
+1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * err.c, emul/err.h: For systems withour err/warn functions.
+ * check.c, config.h.in:
+ Simplify PAM code and fix a PAM-related warning on Linux
+ [2468399523b6]
-2003-04-02 13:14 millert
+1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * getprogname.c: For systems neither getprogname() nor __progname;
- uses Argv[0].
+ * CHANGES:
+ updates
+ [29d4a997769c]
-2003-04-01 10:09 millert
+ * sample.sudoers:
+ better su entry
+ [76d8285a72ba]
- * CHANGES: checkpoint for 1.6.7p1
+ * configure:
+ regen
+ [b7450cc6975d]
-2003-04-01 10:02 millert
+ * check.c, configure.in:
+ new pam code that works on solaris, should work on linux too;
+ aelberg@home.com
+ [84c16c0ff259]
- * sudo.c, testsudoers.c: fix strlcpy() rval check (innocuous)
+1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-01 09:58 millert
+ * RUNSON:
+ more entries
+ [b6bef8660759]
- * check.c: oflow detection in expand_prompt() was faulty (false
- positives). The count was based on strlcat() return value which
- includes the length of the entire string.
+ * config.h.in:
+ only include strings.h if there is no string.h
+ [b66054a32b00]
-2003-03-30 19:02 millert
+1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, RUNSON, TODO: checkpoint for the sudo 1.6.7 release
+ * config.guess:
+ Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
+ [c086d2fe63af]
-2003-03-24 16:09 millert
+1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c: g/c unused variable
+ * sudo.c:
+ shost must be set before log functions are called #ifdef HOST_IN_LOG
+ [d49a7944358f]
-2003-03-24 11:06 millert
+1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * CHANGES, lex.yy.c, parse.lex:
+ Fix a bug wrt quoting characters in command args. Stop processing
+ an arg when you hit a backslash so the quoted-character detection
+ can catch it.
+ [2281438d7f41]
-2003-03-24 11:05 millert
+1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: use man sections 8 and 5 for csops
+ * interfaces.c:
+ include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
+ [31118a9e9916]
-2003-03-21 18:11 millert
+1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * configure, configure.in:
+ add missing case statement so --without-sendmail works
+ [ca25614f7dd9]
-2003-03-21 15:10 millert
+1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: Add -lskey or -lopie directly to SUDO_LIBS instead
- of having AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
+ * CHANGES:
+ more
+ [4d70e44f7f93]
-2003-03-21 14:02 millert
+1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * configure, configure.in:
+ only search for -lsun in irix <= 4.x
+ [e604238317b1]
-2003-03-21 14:01 millert
+ * configure, configure.in:
+ back out last configure.in change now that I've hacked autoconf to
+ fix the real problem and add a missing newline
+ [2dabf59a79b5]
- * INSTALL, aclocal.m4, configure.in: Add --with-blibpath for AIX.
- An alternate libpath may be specified or -blibpath support can be
- disabled. Also change conifgure such that -blibpath is not
- specified if no -L libpaths were added to SUDO_LDFLAGS.
+ * CHANGES:
+ updated
+ [bb35d526552f]
-2003-03-20 22:05 millert
+ * getcwd.c:
+ add def of dirfd() for those without it
+ [95f0173d8441]
- * configure.in: add AIX blibpath support
+ * configure, configure.in:
+ When falling back to checking for socket() when linking with
+ "-lsocket -lnsl" check for main() instead since autoconf has already
+ cached the results of checking for socket() in -lsocket. This is
+ really an autoconf bug as it should use the extra libs as part of
+ the cache variable name.
+ [a845f8b710ad]
-2003-03-20 20:28 millert
+ * configure.in:
+ typo
+ [a7d62f62a478]
- * INSTALL, configure.in: --with-skey and --with-opie now take an
- option directory argument This obsoletes a --with-csops hack
- (/tools/cs/skey)
+1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
- Also remove the remaining direct uses of "echo"
+ * configure.in:
+ fix occurrence of $with_timeout that should be
+ $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
+ bochum.de
+ [8c4da2cf73d1]
-2003-03-20 17:44 millert
+1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: Detect KTH Kerberos IV and deal with it. Also make
- -lroken optional for KTH Kerberos IV and V.
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ fix grammar; espie@openbsd.org
+ [7031d9dfbc3e] [SUDO_1_5_8]
-2003-03-20 14:42 millert
+1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4: Add SUDO_APPEND_LIBPATH function that add
- -L/path/to/dir (and -R/path/to/dir if $with_rpath) to the
- specified variable.
+ * parse.yacc, sudo.c, testsudoers.c:
+ add cast for strdup in places it does not have it
+ [7ce4478d3b0f]
-2003-03-20 14:40 millert
+1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, configure.in: Add -R/path/to/libs for Solaris and SVR4.
- There is a new configure option, --with-rpath to control this
- behavior.
+ * configure, configure.in:
+ define for_BSD_TYPES irix
+ [858337ff4af8]
-2003-03-19 23:50 millert
+1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: for kerb4 put libdes after libkrb on the link line
+ * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Make it clear that it is the user's password, not root's, that we
+ want.
+ [ae0f51b35ee4]
-2003-03-19 23:49 millert
+ * check.c, sudo.h:
+ If the user enters an empty password and really has no password,
+ accept the empty password they entered. Perviously, they could
+ enter anything
+ *but* an empty password. Also, add GETPASS macro that calls either
+ tgetpass() or getpass() depending on how sudo was configured.
+ Problem noted by jdg@maths.qmw.ac.uk
+ [2fde21ce94c1]
- * auth/kerb4.c: typo
+1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-19 23:33 millert
+ * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
+ dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ add explicate copyright
+ [d3b4449834a5]
- * configure.in: fix kerberos lib check when a path is specified
+ * CHANGES:
+ mention -lsocket, -lnsl configure changes
+ [9140af4ad8ae]
-2003-03-19 21:04 millert
+1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c: Fix boolean thinko in SIGCHLD reaper and call
- reapchild after sending mail instead of doing a conditional
- sudo_waitpid.
+ * sudo.c:
+ Don't clobber errno after calling check_sudoers().
+ [59bd581b2654]
-2003-03-19 16:20 millert
+1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * configure, configure.in:
+ When linking with both -lsocket and -lnsl be sure to do so in that
+ order. Also, when we can't find socket() or inet_addr() and have to
+ try linking with both libs, issue a warning.
+ [0ee547163067]
-2003-03-19 16:19 millert
+ * sudo.cat, sudo.man, sudo.pod:
+ clarify bad timestamp and fmt
+ [70e42cf56c75]
- * configure.in: replace =DIR with [=DIR] where sensible
+1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-19 16:16 millert
+ * INSTALL, RUNSON:
+ be clear that pam is linux-only and add a RUNSON entry
+ [7fdeab875e0d]
- * configure.in: o Use AC_MSG_* instead of "echo" o New Kerberos
- include/lib detection based on openssh's configure.in
+1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-19 15:58 millert
+ * CHANGES, INSTALL, configure, configure.in:
+ fix and correctly document --with-umask; problem noted by
+ adap@adap.org
+ [11cd0481d63a]
- * INSTALL: --with-kerb4 and --with-kerb5 now take an optional
- argument.
+1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-15 22:03 millert
+ * configure, configure.in:
+ only use /usr/{man,catman}/local to store man pages if suer didn't
+ override prefix or mandir
+ [781ad2cbe9be]
- * auth/securid.c: Kill remaining strcpy(), the programmer's guide
- says username is 32 bytes.
+ * INSTALL, configure, configure.in:
+ fix typo, make --with-SecurID take an arg
+ [026a9b4014fc]
-2003-03-15 21:18 millert
+1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/kerb4.c: trat uid_t as unsigned long for printf and use
- snprintf, not sprintf
+ * RUNSON:
+ updates from users
+ [2286982b31e6]
-2003-03-15 21:18 millert
+ * CHANGES, INSTALL, check.c, configure, configure.in:
+ FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
+ [23aa4e5c6b02]
- * auth/rfc1938.c: use snprintf
+ * configure, configure.in:
+ better fix for the problem of unresolved symbols in -lnsl or
+ -lsocket
+ [82fe70fc287f]
-2003-03-15 15:37 millert
+ * configure, configure.in:
+ when checking for functions in -lnsl and -lsocket link with both of
+ them to avoid unresolved symbols on some weirdo systems
+ [1734a591808e]
- * auth/: afs.c, aix_auth.c, bsdauth.c, dce.c, fwtk.c, kerb4.c,
- kerb5.c, pam.c, passwd.c, rfc1938.c, sudo_auth.c: update
- copyright year
+1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-15 15:31 millert
+ * BUGS, CHANGES, RUNSON, TODO:
+ old changes that didn't make it into RCS before the RCS->CVS switch
+ [846eb2b8f9aa]
- * LICENSE, alloc.c, check.c, configure.in, env.c, sudo.c,
- Makefile.in, aclocal.m4, compat.h, find_path.c, interfaces.c,
- logging.c, parse.c, parse.lex, parse.yacc, set_perms.c, sudo.h,
- sudo.pod, sudoers.pod, testsudoers.c, version.h, visudo.c,
- visudo.pod, sudo.man.in, sudoers.man.in, visudo.man.in: update
- copyright year
+1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-15 15:19 millert
+ * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
+ configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
+ getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
+ lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+ secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
+ sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
+ visudo.pod:
+ add sudo tags
+ [962f81eaa5ab]
+
+ * sudo.h:
+ testing Sudo tag
+ [e84cbc521129]
+
+ * version.h:
+ testing Sudo tag
+ [a8c3a3998b88]
+
+ * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
+ config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
+ find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
+ logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+ secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
+ sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
+ utime.c, version.h, visudo.c, visudo.cat, visudo.man:
+ crank version and regen files
+ [23eacf00a1a4]
+
+ * Makefile.in:
+ kill rcs goop in update_version and fix now that version is a const
+ [e6e50bd8d1e1]
+
+ * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
+ sudo.c, sudo.h, sudo.pod:
+ kerb5 support from fcusack@iconnet.net
+ [8134027986e2]
+
+ * realpath.c, sudo_realpath.c:
+ we no longer use realpath
+ [0f5f64abc646]
+
+ * qualify.c:
+ replaced by find_path.c
+ [9e32a87e09c4]
+
+ * options.h:
+ all options are now configure flags
+ [ee6bd9610102]
+
+ * lex.yy.c:
+ regen
+ [bdbf8a18161f]
+
+ * getwd.c:
+ superceded by getcwd.c
+ [1e54ee0990b4]
+
+ * getpass.c:
+ superceded by tgetpass.c
+ [4e0d1edc30e3]
+
+ * SUPPORTED:
+ superceded by RUNSON
+ [854c5a21cb53]
+
+ * OPTIONS:
+ No longer used now that we have configure options for everything.
+ [9b1ae1c89259]
+
+ * configure:
+ regen based on configure.in
+ [3a4d73936973]
+
+ * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
+ sudoers.man, visudo.cat, visudo.html, visudo.man:
+ regen based on sudo.pod, sudoers.pod, and visudo.pod
+ [c267beb90778]
+
+1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fix tty tickets in remove_timestamp (didn't use ':')
+ [fd964a74a32b]
+
+1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ close sock when we are done with it
+ [95de0380f8a4]
+
+1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ never say "error on line -1"
+ [361db1491121]
+
+1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ check for -lnsl before -lsocket
+ [8e966d6bbcb5]
- * check.c, env.c, sudo.c: Cast [ug]ids to unsigned long and printf
- with %lu
+ * configure.in:
+ quote '[', ']' used in ranges correctly
+ [fa4f9c6ff651]
-2003-03-15 15:17 millert
+1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * config.h.in:
+ add missing NO_ROOT_SUDO noted by drno@tsd.edu
+ [c969f25d1667]
-2003-03-15 15:16 millert
+1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: correct error messages for
- --with-sudoers-{mode,uid,gid}
+ * version.h:
+ 1.5.7
+ [7a22de0bc148]
-2003-03-15 15:10 millert
+ * INSTALL:
+ more info for 1.5.7
+ [30ad9e784799]
- * alloc.c: make the malloc(0) error specific to each function to
- aid tracking down bugs.
+ * README:
+ update for 1.5.7
+ [cd03a0a27cd2]
-2003-03-15 14:49 millert
+ * parse.yacc:
+ make increases of cm_list_size and ga_list_size be similar to
+ increases of stacksize (ie: >= not > in initial compare).
+ [6bd450a896c7]
- * alloc.c: deal with platforms where size_t is signed and there is
- no SIZE_MAX or SIZE_T_MAX
+ * parse.yacc:
+ when we get a syntax error, report it for the previous line since
+ that's generally where the error occurred.
+ [c4ac84058f0b]
-2003-03-15 14:10 millert
+1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/kerb5.c: Make this compile w/ Heimdal and fix some gcc
- warnings.
+ * config.h.in, configure.in, interfaces.c:
+ add back check for sys/sockio.h but only use it if SIOCGIFCONF is
+ not defined
+ [d197f31fd1e4] [SUDO_1_5_7]
-2003-03-15 13:02 millert
+ * config.h.in:
+ define BSD_COMP for svr4
+ [87ac1147ff79]
- * sudo.c: Use stat_sudoers macro so --with-stow can work
+ * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
+ goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
+ parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ more -Wall
+ [d98e2d32db2a]
-2003-03-15 13:01 millert
+ * configure.in:
+ kill check for sockio,h
+ [4399779014c1]
- * INSTALL, config.h.in, configure, configure.in: Add support for
- --with-stow based on patches from Robert Uhl
+ * config.h.in:
+ no more HAVE_SYS_SOCKIO_H
+ [67484528e347]
-2003-03-15 12:51 millert
+ * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
+ goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
+ parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ -Wall
+ [2b7e83976788]
- * env.c: fix indentation
+1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-15 00:21 millert
+ * sudo.c:
+ add missing inform_user()
+ [8689528c6d55]
- * configure.in: back out rev 1.352
+1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-14 20:11 millert
+ * find_path.c:
+ return NOT_FOUND if given fully qualified path and it does not exist
+ previously it would perror(ENOENT) which bypasses the option to not
+ leak path info
+ [ccbc3d0130ae]
- * lex.yy.c: regen
+ * configure.in:
+ for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
+ -ldes
+ [c77d3b484ece]
-2003-03-14 20:11 millert
+1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.lex: use strlcpy, not strncpy
+ * INSTALL:
+ tty tickets are user:tty now
+ [a53a303a614d]
-2003-03-14 19:48 millert
+ * check.c:
+ when using tty tickets make it user:tty not user.tty as a username
+ could have a '.' in it
+ [3160b3f5c890]
- * set_perms.c: Fix typo; check pw_uid, not pw_gid after
- setusercontext() failure.
+1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-14 19:43 millert
+ * sudo.c:
+ add "ignoring foo found in ." for auth successful case
+ [24257169e0bd]
- * logging.c: use pid_t
+1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-14 10:43 millert
+ * sudo.c:
+ add missing printf param
+ [8c905124f777]
- * strlcat.c, strlcpy.c: Make gcc shutup about unused rcsid
+1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-14 10:35 millert
+ * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
+ go back to printing "command not found" unless --disable-path-info
+ specified. Also, tell user when we ignore '.' in their path and it
+ would have been used but for --with-ignore-dot.
+ [066e118c11e4]
- * interfaces.c: Move the n == 0 check for the non-getifaddrs cas
+ * check.c, sudo.c:
+ Only one space after a colon, not two, in printf's
+ [38452f4c8007]
-2003-03-13 21:47 millert
+1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/rfc1938.c: skeychallenge() on NetBSD take a size parameter
+ * sudo.pod:
+ document setting $USER
+ [80557fe6aede]
-2003-03-13 21:38 millert
+ * check.c:
+ fix bugs with prompt expansion
+ [44c4fca5f009]
- * configure: regen
+ * sudo.c:
+ set $USER for root too
+ [4b525e1c6269]
-2003-03-13 21:38 millert
+1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: put -ldl after -lpam, not before; fixes static
- linking on Linux
+ * getspwuid.c:
+ typo
+ [5107446f43e0]
-2003-03-13 21:17 millert
+ * configure.in:
+ HP-UX's iscomsec is in -lsec, not libc
+ [03c9f700b795]
- * interfaces.c: Avoid malloc(0) and fix the loop invariant for the
- getifaddrs() case.
+ * configure.in:
+ remove some entries in the OS case statement that did nothing
+ [ea96e7e0f624]
-2003-03-13 20:24 millert
+ * TROUBLESHOOTING:
+ add "cd" section and flush out syslog section
+ [5107f7363b78]
- * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat,
- sudoers.cat, visudo.cat: regen
+ * Makefile.in:
+ no more sudo-lex.yy.c
+ [ed50826efbbc]
-2003-03-13 20:23 millert
+ * check_sia.c:
+ add custom prompt support
+ [6a285cea10b7]
- * Makefile.in: Preserve copyright notice from .pod file in .man.in
- file
+ * testsudoers.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity
+ [eee31052921e]
-2003-03-13 20:01 millert
+ * sudo.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity set $USER if -u specified
+ [9f3753461f8a]
- * visudo.pod: Add sudoers(5) to SEE ALSO
+ * parse.yacc:
+ kill perror("malloc") since we already have a good error messages
+ [849459088ac3]
-2003-03-13 15:27 millert
+ * parse.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity when checking if %group matches, look up
+ user in password file so that %groups works in a RunAs spec.
+ [0489b4ecc59a]
- * lex.yy.c: regen
+ * logging.c:
+ kill perror("malloc") since we already have a good error messages
+ [3191a18b3526]
-2003-03-13 15:27 millert
+ * check.c, getspwuid.c, interfaces.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity
+ [7193fdb38cf9]
- * parse.lex: Don't assume libc can realloc() a NULL string. If
- malloc/realloc fails, make sure we just return; yyerror() is not
- terminal.
+1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-13 15:17 millert
+ * tgetpass.c:
+ the prompt is expanded before tgetpass is called
+ [0f408f508041]
- * lex.yy.c: regen
+ * sudo.h:
+ tgetpass now has the same args as getpass again
+ [b6778cd9d79f]
-2003-03-13 15:17 millert
+ * getspwuid.c:
+ add iscomsec, issecure support
+ [007be7ec7ae7]
- * parse.lex: simplify fill_args a little and use strlcpy for
- paranoia
+ * check.c:
+ we now expand any %h or %u in the prompt before passing to tgetpass
+ [f3db8c9ee387]
-2003-03-13 15:00 millert
+ * configure.in:
+ add check for syslog(3) in -lsocket, -lnsl, -linet
+ [5a96f902ce00]
- * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
- testsudoers.c: Use strlc{at,py} for paranoia's sake and exit on
- overflow. In all cases the strings were either pre-allocated to
- the correct size of length checks were done before the copy but a
- little paranoia can go a long way.
+ * config.h.in:
+ add HAVE_ISCOMSEC and HAVE_ISSECURE
+ [f640b0d4cf05]
-2003-03-13 12:54 millert
+ * configure.in:
+ add check for iscomsec in HP-UX
+ [b28b249040f0]
- * sudo.h: Add strlc{at,py} protos
+ * configure.in:
+ check for issecure if we have getpwanam on SunOS some options are
+ incompatible with DUNIX SIA check for dispcrypt on DUNIX
+ [a49d05d9c913]
-2003-03-13 12:03 millert
+1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c, interfaces.c: Use erealloc3()
+ * config.h.in:
+ add HAVE_DISPCRYPT
+ [7376d543d8d6]
-2003-03-13 12:00 millert
+ * secureware.c:
+ add back support for non-dispcrypt based checking for older DUNIX
+ [977b98e936be]
- * configure: regen
+ * INSTALL:
+ sia changes
+ [c5387c06e30f]
-2003-03-13 12:00 millert
+ * configure.in:
+ SIA becomes the default on Digital UNIX now havbe --disable-sia to
+ turn it off...
+ [3b647558ea13]
- * alloc.c: Oflow test of nmemb > SIZE_MAX / size is fine (don't
- need >=). Use memcpy() instead of strcpy() in estrdup() so this
- is strcpy()-free.
+ * check.c:
+ move local includes after system ones
+ [b2abad4c4aef]
-2003-03-13 11:58 millert
+1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: snprintf() a uid as %lu, not %ld to match the
- MAX_UID_T_LEN test in configure.
+ * check.c, check_sia.c, sudo.h:
+ add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
+ stderr
+ [547cbf299661]
-2003-03-13 11:56 millert
+ * check_sia.c:
+ fix while loop in sia_attempt_auth() that checks the password. Only
+ the first iteration was working.
+ [1886fd1ac831]
- * aclocal.m4: In MAX_UID_T_LEN test cast uid_t to unsigned long,
- just unsigned.
+1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-12 18:46 millert
+ * aclocal.m4:
+ don't trust UID_MAX or MAXUID
+ [2aeddb1654d8]
- * sudo.c: Use snprintf() for paranoia
+ * configure.in:
+ fix two pastos
+ [c18f0a10b75d]
-2003-03-12 17:16 millert
+ * configure.in:
+ fix typo
+ [1eb3190ef12d]
- * parse.yacc: Use emalloc2 and erealloc3
+ * getspwuid.c, secureware.c:
+ init crypt_type to INT_MAX since it is legal to be negative in DUNX
+ 5.0
+ [cefbde04822d]
-2003-03-12 17:08 millert
+ * configure.in:
+ for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
+ -ldb since DUNX < 4.0 lacks it
+ [e6b11d971068]
- * Makefile.in: strlc{at,py} for those w/o it
+1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-12 17:07 millert
+ * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
+ secureware.c, sudo.c, tgetpass.c:
+ getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
+ minutes if the shadow files don't exist).
+ [2f297d095004]
- * strlcat.c, strlcpy.c: stlc{at,py} for those w/o it.
+1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-12 17:07 millert
+ * INSTALL:
+ updated --with-editor blurb
+ [77d8a3ea7328]
- * config.h.in, configure, configure.in: Add stlc{at,py} for those
- w/o it.
+ * TROUBLESHOOTING:
+ tell how to put sudoers in a different dir
+ [456cd20eb1d0]
-2003-03-12 16:51 millert
+ * configure.in:
+ add missing quotes around $with_editor
+ [22881748ab1b]
- * alloc.c, sudo.h: Add erealloc3(), a realloc() version of
- emalloc2().
+ * configure.in:
+ typo in --with-editor bits
+ [ab6964580681]
-2003-03-12 16:45 millert
+ * INSTALL:
+ I don't expect it to work on Solaris
+ [1c2fceaaf56e]
- * interfaces.c, sudo.c: Use emalloc2() to allocate N things of a
- certain size.
+ * check.c:
+ add back security/pam_misc.h
+ [6ffd30033c1e]
-2003-03-12 16:41 millert
+1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * alloc.c, sudo.h: Add emalloc2() -- like calloc() but w/o the
- bzero and with error/oflow checking.
+ * INSTALL:
+ remove dunix note since configure checks for this now
+ [e9904512b8e8]
-2003-03-12 16:23 millert
+ * configure.in:
+ add check for broken dunix prot.h (4.0 < 4.0D is bad)
+ [8a4c1e6aef3b]
- * alloc.c: Error out on malloc(0); suggested by theo
+ * getspwuid.c, secureware.c, tgetpass.c:
+ new dunix shadow code, use dispcrypt(3)
+ [1b936bc7268c]
-2003-03-09 19:34 millert
+ * config.h.in:
+ add HAVE_INITPRIVS
+ [4369f4c4f914]
- * configure, configure.in: fix a typo; David Krause
+ * sudo.c:
+ call initprivs() if we have it for getprpwuid later on
+ [11cf5915d826]
-2003-03-07 10:46 millert
+ * Makefile.in:
+ clean pathnames.h too
+ [5f1df3262613]
- * sudo.pod: fix typo
+ * configure.in:
+ quote "Sorry, try again." with [] since it has a comma in it set
+ LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
+ getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
+ initprivs later.
+ [e226b0a3f250]
+
+ * INSTALL:
+ update Digital UNIX note about acl.h
+ [80132b71d73a]
+
+ * INSTALL:
+ add --with-sia
+ --without-root-sudo -> --disable-root-sudo some reordering
+ [198386358818]
-2003-03-03 21:47 millert
+ * secureware.c:
+ add whitespace
+ [4aadaf1a54b0]
- * env.c: Remove DYLD_ from the environment for MacOS X; from bbraun
+ * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
+ add SIA support
+ [fa3ddbb9cc51]
-2003-03-01 13:20 millert
+ * check_sia.c:
+ Initial revision
+ [2968551d40e4]
- * configure.in, config.h.in: not not; Anil Madhavapeddy
+1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-01-23 03:03 millert
+ * configure.in:
+ when checking for -lsocket, -lnsl, and -linet, check for the
+ specific functions we need from them.
+ [8d33e64362a3]
- * sudo.pod, sudoers.pod, visudo.pod: typos; jmc@openbsd.org
+ * config.h.in, sudo.h:
+ move Syslog_* defs into sudo.h
+ [03d1774f25c7]
-2003-01-20 16:13 millert
+ * Makefile.in, sudo.h:
+ added check_secureware
+ [e46e3cbb9a97]
- * parse.yacc: Add some missing ';' rule terminators that bison
- warns about.
+ * configure.in:
+ finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
+ [dbefe1856503]
-2003-01-20 16:07 millert
+ * insults.h:
+ don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
+ defined. configure now does that for us
+ [e4520ea0581f]
- * config.sub: fix typo I introduced in last merge
+ * configure.in:
+ move some --with options around change a bunch of echo's to
+ AC_MSG_CHECKING, AC_MSG_RESULT pairs
+ [ffdf6869fdd7]
-2003-01-20 15:59 millert
+ * configure.in:
+ change $with_foo-bar -> $with_foo_bar kill extra " that caused a
+ syntax error add some echo verbage
+ [3278c49bf74b]
- * configure: regenerate with autoconf 2.57
+1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-01-20 15:58 millert
+ * check.c:
+ moved SecureWare stuff into secureware.c
+ [42d3d3ac35dc]
- * config.h.in: Add missing "$HOME"
+ * secureware.c:
+ Initial revision
+ [aa7f72a249cf]
-2003-01-20 15:57 millert
+ * INSTALL:
+ update url to solaris gcc bins
+ [36a3eb668777]
- * configure.in: Add some more square backets to make autoconf 2.57
- happy
+ * INSTALL:
+ change option formatter and flesh out someentries
+ [6fbd1db4a8ad]
-2003-01-20 14:39 millert
+ * TROUBLESHOOTING, sudo.pod, visudo.pod:
+ environmental variable -> environment variable
+ [6f14d708e32d]
- * config.guess, config.sub, mkinstalldirs: Updates from
- autoconf-2.57
+ * BUGS:
+ everything is now done via configure
+ [c217858f58ab]
-2003-01-17 18:10 millert
+ * README:
+ prev rev was 1.5.6
+ [7b4177103c35]
- * lex.yy.c, sudo.tab.h: regen
+ * Makefile.in:
+ passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
+ [31c6b0a5e0e2]
-2003-01-17 18:09 millert
+ * config.h.in:
+ SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
+ [d406a1ef6d25]
- * parse.lex, parse.yacc, sudoers.pod: Add support for
- Defaults>RunasUser
+ * Makefile.in:
+ merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
+ sudoers_mode from configure
+ [1c509500655a]
-2003-01-06 19:10 millert
+ * configure.in:
+ SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
+ the Makefile, not config.h
+ [d4482f1492fe]
- * visudo.c: fclose() yyin after each yyparse() is done and use
- fopen() instead of using freopen().
+ * INSTALL:
+ document all --with/--enable options
+ [22d81b312d7f]
-2003-01-06 19:02 millert
+1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.lex: Better fix for sudoers files w/o a newline before EOF.
- It looks like the issue is that yyrestart() does not reset the
- start condition to INITIAL which is an issue since we parse
- sudoers multiple times.
+ * insults.h:
+ options.h is no more
+ [560946a33f7f]
-2003-01-06 18:47 millert
+ * config.h.in:
+ assimilated options.h
+ [dd8ce74613c1]
- * parse.lex: Work around what appears to be a flex bug when dealing
- with files that lack a final newline before EOF. This adds a
- rule to match EOF in the non-initial states which resets the
- state to INITIAL and throws an error.
+ * configure.in:
+ moved options from options.h to configure
+ [d39662f71b4e]
-2003-01-06 15:06 millert
+ * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
+ logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
+ sudo_setenv.c, visudo.c:
+ no more options.h
+ [43924bf0858d]
- * visudo.c: o The parser needs sudoers to end with a newline but
- some editors (emacs) may not add one. Check for a missing
- newline at EOF and add one if needed. o Set quiet flag during
- initial sudoers parse (to get options) o Move yyrestart() call
- and always use freopen() to open yyin after initial sudoers
- parse.
+ * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
+ remove references to options.h
+ [ef3474295395]
-2002-12-15 11:24 millert
+ * dce_pwent.c, interfaces.c, sudo.c:
+ kill sys/time.h
+ [4d833f0034e4]
- * set_perms.c: Fix pasto/thinko in setresgid()/setregid() usage.
- Want to set effective gid, not real gid, when reading sudoers.
+ * tgetpass.c:
+ if select return < -1 still prompt for pw
+ [e0009e5c93a2]
-2002-12-15 11:08 millert
+ * options.h:
+ convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
+ configure options
+ [e60a1e546516]
- * set_perms.c: don't compile set_perms_posix if we have setreuid or
- setresuid
+ * parse.c:
+ FAST_MATCH is no longer an optino
+ [c448dbb3464b]
-2002-12-14 14:21 millert
+ * check.c:
+ remove_timestamp() if timestamp is preposterous
+ [70d9a86c6ecd]
- * sudo.pod, sudoers.pod: document new prompt escapes
+ * options.h:
+ convert more options to --with/--enable
+ [34646d9b09dc]
-2002-12-14 14:15 millert
+ * INSTALL, aclocal.m4:
+ logfile -> logpath
+ [42de502bc637]
- * check.c: Add %U and %H escapes and redo prompt rewriting. "%%"
- now gets collapsed to "%" as was originally intended. This also
- gets rid of lastchar (does lookahead instead of lookback) which
- should simplify the logic slightly.
+ * configure.in:
+ convert more options into --with and --enable
+ [92d0898c9844]
-2002-12-13 13:20 millert
+ * tgetpass.c:
+ catch EINTR in select and restart
+ [f045d2f234d7]
- * tgetpass.c: Write the prompt *after* turning off echo to avoid
- some password characters being echoed on heavily-loaded machines
- with fast typists.
+ * logging.c:
+ sys/errno -> errno
+ [7f0c5beab6f2]
-2002-12-13 13:09 millert
+1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.sub: Add support for mipseb; wiz@danbala.tuwien.ac.at
+ * sudo.c:
+ UMASK -> SUDO_UMASK.
+ [48f308661514]
-2002-12-13 12:48 millert
+ * check.c, logging.c:
+ time.h, not sys/time.h
+ [91de049c79e4]
- * configure.in: Fix IRIX fallout from name changes in man dir/sect
- Makefile variables. Patch from erici AT motown DOT cc DOT utexas
- DOT edu
+1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-12-13 11:33 millert
+ * logging.c:
+ MAILER -> _PATH_SENDMAIL
+ [df65d6896639]
- * auth/pam.c: Keep a local copy of tgetpass_flags so we don't add
- in TGP_ECHO to the global copy. Problem noted by Peter Pentchev.
+ * INSTALL, configure.in:
+ no more --with-C2, now it is --disable-shadow
+ [18bfcab3b9ab]
-2002-11-28 18:43 millert
+ * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
+ getspwuid.c, sudo.c, tgetpass.c:
+ new shadow password scheme. Always include shadow support if the
+ platform supports it and the user did not disable it via configure
+ [2135d93bb4a9]
- * parse.yacc: Add missing yyerror() calls; YYERROR does not seem to
- call this for us.
+1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-11-26 12:09 millert
+ * configure.in:
+ --with-getpass -> --{enable,disable}-tgetpass
+ [451b33fdd4c7]
- * sudo.c: fix typo in comment; Pedro Bastos
+ * Makefile.in:
+ pathnames.h -> pathnames.h.in
+ [b109022eca69]
-2002-11-22 14:41 millert
+ * check.c:
+ fix version string
+ [761b25c314ea]
- * INSTALL: document --disable-setresuid
+ * check.c:
+ move pam_conv to be static to auth function remove pam_misc.h
+ (solaris doesn't have one)
+ [a682e4da987a]
-2002-11-22 14:41 millert
+ * aclocal.m4:
+ _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
+ [e6005d0599b5]
- * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sudo_auth.c:
- Sprinkle some volatile qualifiers to prevent over-enthusiastic
- optimizers from removing memset() calls.
+ * configure.in:
+ munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
+ [24c0ac2155ef]
-2002-11-22 14:11 millert
+ * pathnames.h.in:
+ convert to pathnames.h.in
+ [013bddf7f684]
- * logging.c, parse.yacc: minor sign fixes pointed out by gcc
- -Wsign-compare
+1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-11-22 14:09 millert
+ * configure.in:
+ fix typo in sysv4 matching case /.
+ [2994c4f88cf5]
- * set_perms.c, sudo.c, sudo.h: Revamp set_perms. We now use a
- version based on setresuid() or setreuid() when possible since
- that allows us to support the stay_setuid option and we always
- know exactly what the semantics will be (various Linux kernels
- have broken POSIX saved uid support).
+1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-11-22 14:08 millert
+ * check.c:
+ pam stuff needs to run as root, not user, for shadow passwords
+ [d94ff75de503]
- * config.h.in, configure: regen from configure.in
+1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-11-22 14:07 millert
+ * BUGS, INSTALL, README, configure.in:
+ updated version
+ [775adc7de7ac]
- * configure.in: Add checks for setresuid() and a way to disable
- using it
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
+ ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+ logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [5ca599fb6b93]
-2002-11-22 14:05 millert
+ * check.c:
+ user version.h for long message
+ [47a52ac7e542]
- * compat.h: No long need to emulate set*[ug]id() via setres[ug]id()
- or setre[ug]id(). The new set_perms stuff only uses things it
- knows are there.
+ * check.c:
+ this is version 1.5.6
+ [8451ac79eee2]
-2002-11-22 13:33 millert
+1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Before exec, restore state of signal handlers to be the
- same as when we were initialy invoked instead of just reseting to
- SIG_DFL. Fixes a problem when using sudo with nohup. Based on a
- patch from Paul Markham.
+ * Makefile.in:
+ remove errant backslash
+ [0222a8a650ff]
-2002-11-22 13:23 millert
+1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: o timestamp_uid should be uid_t, not int o clarify error
- message when sudo is run by root and no_root_sudo is set
+ * options.h, parse.yacc, pathnames.h.in:
+ fix version string
+ [fdee73255d64] [SUDO_1_5_6]
-2002-09-19 17:27 millert
+ * BUGS, CHANGES, TODO:
+ updtaed for 1.5.6
+ [752443bf7f26]
- * README: update ftp link for bison
+ * RUNSON:
+ updated for 1.5.6
+ [0f878123fe6a]
-2002-07-20 08:30 millert
+1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c: Error out if setusercontext() fails and the runas
- user is not root.
+ * interfaces.c:
+ kill unused localhost_mask var copy if name to ifr_tmp after we zero
+ it
+ [8e89c364cef2]
-2002-05-20 16:51 millert
+1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/securid5.c: Fix rcsid
+ * INSTALL:
+ Better description of new vs. old sudoers modes fix some typos
+ better description of /usr/ucb/cc gotchas on slowaris
+ [c00b2a6fc1e8]
-2002-05-20 16:50 millert
+ * Makefile.in:
+ add sample.pam
+ [ec7f6cc19b00]
- * configure.in: Fix SecurID API test
+ * sudo.c:
+ set NewArgv[0] to user_shell, not basename(user_shell)
+ [1e907cbc9f7b]
-2002-05-17 13:20 millert
+1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: typo in comment
+ * README:
+ mention TROUBLESHOOTING more fix some typos
+ [2c2e6907d4a4]
-2002-05-17 13:20 millert
+ * configure.in:
+ move --enable/--disable to be after --with
+ [9b30097f76c1]
- * configure.in: securid5 stuff needs pthreads. Just adding
- -lpthread is suboptimal but I don't see a better way at the
- moment.
+ * INSTALL:
+ document --enable/--disable
+ [c522362e38a8]
-2002-05-17 13:04 millert
+ * INSTALL:
+ document --with-pam
+ [7e38932c78ac]
- * Makefile.in, auth/securid5.c: SecurID API version 5 support from
- Michael Stroucken
+1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-05-17 13:02 millert
+ * configure.in:
+ Add message for pam users
+ [d224f277e3cd]
- * configure.in: Add check for SecurID 5.0 API
+ * sample.pam:
+ Initial revision
+ [3a84d7045f54]
-2002-05-08 16:46 millert
+ * config.h.in:
+ fix HAVE_PAM
+ [2f0f303ebd88]
- * strerror.c: We actually do still need config.h to get the 'const'
- definition for K&R C.
+ * check.c, config.h.in, configure.in:
+ pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
+ [ea3e0a72d707]
-2002-05-05 16:43 millert
+1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen with autoconf 2.5.3
+ * config.h.in:
+ add HOST_IN_LOG and WRAP_LOG
+ [822c36eeb6a8]
-2002-05-05 16:25 millert
+ * logging.c:
+ add WRAP_LOG and HOST_IN_LOG
+ [3cf6052bd27e]
- * configure.in: Don't set sysconfdir to '/etc' if the user has
- specified a --prefix.
+ * configure.in:
+ add --enable-log-host and --enable-log-wrap
+ [c968cc12b353]
-2002-05-05 16:14 millert
+ * aclocal.m4:
+ use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
+ [915fef7e11a1]
- * configure.in: Some fixes for autoconf 2.53 from Robert Uhl o
- don't AC_SUBST LIBOBJS o force a 4th arg for AC_CHECK_HEADER()
- to workaround a bug
+1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-05-05 15:58 millert
+ * compat.h:
+ add howmany macro
+ [9107a057a7c8]
- * env.c, sudo.c, sudo.h: No need for dump_badenv() now that
- dump_defaults() knows how to dump lists.
+ * tgetpass.c:
+ include sys/param.h to get howmany macro
+ [7e908b5e1f32]
-2002-05-04 21:31 millert
+1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * BUGS, INSTALL, Makefile.in, configure.in, version.h,
- INSTALL.binary, README: ++version
+ * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
+ add RUNAS_DEFAULT
+ [1e76398ea3fd]
-2002-05-04 20:57 millert
+1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fnmatch.c:
+ bring in stdio.h for NULL
+ [69c016610cbb]
+
+ * aclocal.m4:
+ allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
+ [15ab2972f8d0]
+
+ * sudo.c:
+ use HAVE_SET_AUTH_PARAMETERS
+ [8abfdc8c80f7]
+
+ * config.h.in:
+ add HAVE_SET_AUTH_PARAMETERS
+ [673a5ebd5539]
+
+ * configure.in:
+ add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
+ [a401f5a7469a]
- * sudoers.pod: document timestampowner
+ * config.sub:
+ add support for HI-UX/MPP SR220001 02-03 0 SR2201
+ [cb657b7acaae]
-2002-05-04 20:45 millert
+ * interfaces.c:
+ initialize previfname
+ [26a1902f56dc]
- * check.c: Don't call set_perms() when doing timestamp stuff unless
- timestamp_uid != 0.
+ * interfaces.c:
+ Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
+ it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
+ kludging it
+ [fa5c890c313b]
-2002-05-04 20:43 millert
+ * configure.in:
+ typo
+ [bff579fbe95c]
- * check.c, logging.c, parse.c, set_perms.c, sudo.c, sudo.h,
- testsudoers.c, auth/sudo_auth.c: g/c second arg to set_perms--it
- is no longer used
+ * Makefile.in:
+ don't need special build line for sudo.tab.o
+ [10c0a0a912e4]
-2002-05-03 18:48 millert
+ * Makefile.in:
+ don't clean sudo.tab.[ch]
+ [c40d5968efbb]
- * check.c, set_perms.c, sudo.c, sudo.h: Add support for non-root
- timestamp dirs. This allows the timestamp dir to be shared via
- NFS (though this is not recommended).
+ * sudo.c:
+ Sudo should prompt for a password before telling the user that a
+ command could not be found.
+ [d718c85a0047]
-2002-05-03 18:47 millert
+ * BUGS:
+ for 1.5.6
+ [0cc1fe5b9129]
- * def_data.c, def_data.h, def_data.in: Add timestampowner, "Owner
- of the authentication timestamp dir"
+ * INSTALL, README:
+ no longer require yacc
+ [d9096fc5b8b6]
-2002-05-02 15:40 millert
+ * Makefile.in:
+ typo
+ [70feb1aefbd5]
- * env.c: Don't try to pre-compute the size of the new envp, just
- allocate space up front and realloc as needed. Changes to the
- new env pointer must all be made through insert_env() which now
- keeps track of spaced used and allocates as needed.
+ * Makefile.in:
+ y.tab -> sudo.tab include pre-yacc'd parse.yacc
+ [cc802025fd44]
-2002-04-26 15:12 millert
+ * parse.lex:
+ include sudo.tab.h, not y.tab.h don't break out of command args if
+ you get a '='
+ [728ad26dbda5]
- * configure: regen
+ * insults.h:
+ fix version ,
+ [242bbce1b2d4]
-2002-04-26 15:12 millert
+ * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
+ fix version
+ [2bb9086fea1e]
- * configure.in: Fix two typo/pastos; from jrj@purdue.edu
+ * compat.h:
+ fix version
+ [7e634d498ce6]
-2002-04-25 11:36 millert
+ * getcwd.c:
+ getcwd(3) from OpenBSD for those without it.
+ [6c68d0df8f6c]
- * INSTALL.binary, README: ++version
+ * sudo.h:
+ HAVE_GETWD -> HAVE_GETCWD
+ [2ad1e64d60c0]
-2002-04-25 11:35 millert
+ * configure.in:
+ pretend sunos doesn't have getcwd(3) since it opens a pipe to
+ getpwd!
+ [677992ba5a6a]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in, configure: regen
+ * parse.c:
+ use NAMLEN() macro
+ [8f5685aa3165]
-2002-04-25 11:31 millert
+ * fnmatch.c:
+ remove duplicate include of string.h
+ [6024f3051ac3]
- * CHANGES, RUNSON, TODO: Sync with 1.6.6
+ * configure.in:
+ call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
+ [3d82a9c22cc2]
-2002-04-25 11:30 millert
+ * aclocal.m4:
+ add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
+ [53fbc47282f9]
- * check.c: The the loop used to expand %h and %u, the lastchar
- variable was not being initialized. This means that if the last
- char in the prompt is '%' and the first char is 'h' or 'u' a
- extra copy of the host or user name would be copied, for which
- space had not been allocated.
+ * config.h.in:
+ add dev_t and ino_t
+ [5929bb0c7e1a]
-2002-04-18 11:41 millert
+1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * BUGS, INSTALL, Makefile.in, configure.in, version.h: crank
- version to 1.6.6
+ * check.c:
+ fix OTP_ONLY for opie
+ [7edcfa78f2ec]
-2002-04-18 11:39 millert
+1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/afs.c: #undef VOID to get rid of an AFS warning
+ * testsudoers.c, tgetpass.c:
+ include stdlib.h for malloc proto
+ [c9f4b99a2fe9]
-2002-04-18 11:38 millert
+1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Use easprintf instead of emalloc + sprintf for some
- things.
+ * Makefile.in:
+ make update_version saner
+ [d522f93ee04a]
-2002-03-15 19:45 millert
+ * config.h.in:
+ add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
+ [c9a2d21dc608]
- * lex.yy.c: regen
+ * configure.in:
+ check for waitpid and wait3 or no waitpid
+ [1f18c3224184]
-2002-03-15 19:44 millert
+ * logging.c:
+ used waitpid or wait3 if we have 'em
+ [391c3279ee65]
- * parse.c, parse.lex, parse.yacc, testsudoers.c: Remove Chris
- Jepeway's email address so people don't bug him ;-)
+1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-03-11 22:19 millert
+ * visudo.c:
+ fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
+ [fbf53b18178f]
- * sudo.c: Move endpwent() to be after set_perms(PERM_RUNAS, ...)
- and also call endgrent() at the same time.
+1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-02-21 22:23 millert
+ * configure.in:
+ don't need to explicately mention -lsocket -lnsl for sequent
+ [1898dc055352]
- * INSTALL: Make it clear which configure options take arguments.
+1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-25 13:38 millert
+ * configure.in:
+ dynix should not link with -linet
+ [278a4b9cfe2a]
- * compat.h: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there
- is no RLIM_INFINITY, just pretend it is -1. This works because
- we only check for RLIM_INFINITY and do not set anything to that
- value.
+1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-22 11:43 millert
+ * INSTALL:
+ mention that HP-UX doesn't ship with yacc
+ [bde5147198c0]
- * auth/pam.c: Zero and free allocated memory when there is a
- conversation error.
+1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-21 22:37 millert
+ * check.c:
+ ignore kerberos if we can't get the local realm
+ [1e311a091a27]
- * auth/bsdauth.c: Use sigaction() not signal()
+1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-21 22:26 millert
+ * BUGS, INSTALL, README, configure.in:
+ ++version
+ [499ffc746018]
- * INSTALL: Mention that some linux kernels have broken POSIX saved
- ID support
+ * version.h:
+ ++
+ [35ba1ee01bd3]
-2002-01-21 21:03 millert
+ * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
+ find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
+ logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [b4990a513f31]
- * CHANGES: checkpoint for 1.6.5p2
+ * check.c, sudo.h:
+ fix version
+ [5710795834e8]
-2002-01-21 21:01 millert
+ * getcwd.c:
+ don't use popen/pclose. Do it inline.
+ [29e57b0646a4]
- * configure: regen
+ * lsearch.c:
+ add rcsid
+ [b2b55c39858d]
-2002-01-21 21:01 millert
+ * sudo.c:
+ typo
+ [d381ac39ed0f]
- * configure.in: Add --disable-setreuid flag
+ * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
+ sudo.h:
+ updated version
+ [462d6e1a2d75]
-2002-01-21 21:00 millert
+ * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
+ MAX* + 1 -> MAX*
+ [2c2eeb78d34f]
- * INSTALL: Document new --disable-setreuid option and change
- description for --disable-saved-ids to match new error message.
+ * Makefile.in:
+ getwd.c -> getcwd.c
+ [7d718c32fc02]
-2002-01-21 21:00 millert
+ * config.h.in:
+ kill HAVE_GETWD
+ [6ad3d702343f]
- * set_perms.c: fatal() now takes an argument that determines
- whether or not to call perror().
+ * configure.in:
+ getcwd, not getwd
+ [33e5b9841f58]
-2002-01-21 20:58 millert
+ * getcwd.c:
+ use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
+ purpose
+ [24e58d340161]
- * PORTING, TROUBLESHOOTING: Update for new error messages from
- set_perms()
+1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-21 17:46 millert
+ * OPTIONS, options.h:
+ add STUB_LOAD_INTERFACES
+ [d747cb23ca83]
- * auth/pam.c: Make this compile w/o warnings
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [0798229312cc]
-2002-01-21 17:36 millert
+ * configure.in:
+ support *-ccur-sysv4 and fix two typos
+ [24a823ad7cc9]
- * auth/pam.c: Mention that we can't use pam_acct_mgmt()
+1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-21 17:25 millert
+ * configure.in:
+ don't echo about with_logfile and with_timedir
+ [31e4a1e2d9ad]
- * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c: The user's password
- was not zeroed after use when AIX authentication, BSD
- authentication, FWTK or PAM was in use.
+ * INSTALL:
+ document --with-logfile and --with-timedir
+ [674f811a40e0]
-2002-01-20 14:21 millert
+ * aclocal.m4:
+ support --with-logfile and --with-timedir
+ [2fc36b35db12]
- * auth/pam.c: Avoid giving PAM a NULL password response, use the
- empty string instead. This avoids a log warning when the user
- hits ^C at the password prompt when PAM is in use.
+ * configure.in:
+ Add --with-logfile and --with-timedir
+ [09045bf07e29]
-2002-01-19 19:46 millert
+ * sudo.c:
+ change size computation of NewArgv for UNICOS
+ [b50df07da3a1]
- * auth/pam.c: Don't check the return value of pam_setcred(). In
- Linux-PAM 0.75 pam_setcred() returns the last saved return code,
- not the return code for the setcred module. Because we haven't
- called pam_authenticate(), this is not set and so pam_setcred()
- returns PAM_PERM_DENIED.
+1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-19 19:43 millert
+ * configure.in:
+ treate -*-sysv4* like *-*-svr4
+ [471b7ef4dbf2]
- * Makefile.binary, Makefile.in: Don't need a '/' between $(DESTDIR)
- and a directory.
+1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-18 14:18 millert
+ * configure.in:
+ fix spacing for --with-authenticate help
+ [8321cb37c410]
- * configure: regen
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [dc1ab97312eb]
-2002-01-18 14:18 millert
+ * parse.yacc:
+ fix off by one error in push macro
+ [bece59c8c3a9]
- * configure.in: o BSDi also has a bogus setreuid() o Old FreeBSD
- has a bogus setreuid() o new NetBSD has a real setreuid() o add
- check for freeifaddrs() if getifaddrs() exists.
+1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-18 14:17 millert
+ * configure.in:
+ removed bogus alloca hack
+ [a68dd720462d]
- * config.h.in, interfaces.c: Older BSDi releases lack freeifaddrs()
- so add a test for that and if it is not present just use free().
+ * check.c:
+ added AIX 4.x authenticate() support
+ [12985eb448a0]
-2002-01-17 11:30 millert
+ * parse.yacc:
+ include alloca.h if using bison and not gcc and it exists. fixes an
+ alloca problem on hpux 10.x
+ [e3b5c4f26072]
- * CHANGES, RUNSON: Checkpoint for 1.6.5p1
+ * INSTALL:
+ mention --with-authenticate
+ [78a1c96820e7]
-2002-01-17 10:56 millert
+ * configure.in:
+ added AIX authenticate() support
+ [c983193ec252]
- * auth/passwd.c: Return AUTH_FAILURE in passwd_init() if
- skeyaccess() denies access to normal passwords, not AUTH_FATAL
- (which just causes an exit).
+ * config.h.in:
+ add HAVE_AUTHENTICATE
+ [7b0e5f5db5d9]
-2002-01-17 10:35 millert
+ * interfaces.c:
+ dynamically size ifconf buffer
+ [10afb0e9b2f9]
- * visudo.c: Don't use memory after it has been freed.
+ * configure.in:
+ quote '[' and ']'
+ [8fc38a4defad]
-2002-01-17 00:24 millert
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [5f66de71ec61]
- * auth/passwd.c: skeyaccess() wants a struct passwd * not a char *;
- Patch from Phillip E. Lobbes
+ * visudo.pod:
+ add ERRORS section
+ [3df3edb73cf6]
-2002-01-16 20:00 millert
+1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * BUGS: ++version
+ * TROUBLESHOOTING:
+ add busy stmp file explanation
+ [6c555d469b6f]
-2002-01-16 19:53 millert
+1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, RUNSON, TODO: checkpoint for sudo 1.6.5
+ * configure.in:
+ the name of the cached var that signals whether or not you are cross
+ compiling changed. It is now ac_cv_prog_cc_cross
+ [123911c0658c]
-2002-01-16 18:37 millert
+1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * INSTALL:
+ mention glibc 2.07 is fixed wrt lsearch()\.
+ [ded758524582]
-2002-01-16 18:37 millert
+1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
- version 1.6.5
+ * sample.sudoers, sudoers.pod:
+ better example of su but not root su
+ [b3199610be21]
-2002-01-16 18:37 millert
+1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: sudo version 1.6.5
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [46922b84e86b]
-2002-01-16 16:28 millert
+ * Makefile.in:
+ correct regexp for updating version
+ [8032728b2a8a]
- * logging.c: o when invoking the mailer as root use a hard-coded
- environment that doesn't include any info from the user's
- environment. Basically paranoia.
+ * tgetpass.c:
+ remove bogus flush of stderr spew prompt before turning off echo.
+ Seems to fix a weird problem where if sudo complained about a bogus
+ stamp file the user would sometimes not have a chance to enter a
+ password
+ [7aa1493cc141]
- o Add support for the NO_ROOT_MAILER compile-time option and run
- the mailer as the user and not root if NO_ROOT_MAILER is
- defined.
+ * check.c:
+ fix bogus flush of stderr
+ [6d047871c5e8]
-2002-01-16 16:27 millert
+ * sudo.c:
+ close fd's <=2 not <=3 and move that chunk of code up
+ [553e4faac195]
- * set_perms.c, sudo.h: Bring back PERM_FULL_USER
+ * configure.in:
+ support hpux1[0-9] not just hpux10
+ [5a34a000ff8a]
-2002-01-16 16:26 millert
+1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * parse.c:
+ set sudoers_fp to nil after closing
+ [221a8b4bbf34]
-2002-01-16 16:26 millert
+1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * version.h: version 1.6.5
+ * config.guess, config.sub:
+ updated from autoconf 2.12
+ [6fc86a0fc61b]
-2002-01-16 16:26 millert
+ * configure.in:
+ add *-*-svr4 rule
+ [38f0427f7c9d]
- * INSTALL, config.h.in, configure.in: Add --disable-root-mailer
- option to run the mailer as the user and not root.
+1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-16 12:44 millert
+ * tgetpass.c:
+ fix select usage for high fd's (dynamically allocate readfds)
+ [c2d1f76e0321]
- * CHANGES: checkpoint for 1.6.4p2
+ * check.c:
+ kill extra whitespace
+ [d784b6c9c514]
-2002-01-15 19:22 millert
+ * sudo.c:
+ do an initgroups() before running a command, unless the target user
+ is root.
+ [4ca561287480]
- * PORTING: Mention the "seteuid(0): Operation not permitted"
- problem here too just for good measure.
+1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-15 18:43 millert
+ * TROUBLESHOOTING:
+ tell people to use tabs, not spaces, in syslog.conf
+ [8ae90a205134]
- * env.c, getspwuid.c, sudo.c: The SHELL environment variable was
- preserved from the user's environment instead of being reset
- based on the passwd database when the "env_reset" option was
- used. Now it is reset as it should be.
+1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-15 17:47 millert
+ * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
+ parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
+ updated version
+ [4d855ff5de26]
- * configure: regen
+ * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
+ logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
+ updated version
+ [8e007e178b33]
+
+ * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
+ updated version
+ [9ddea5c8814d]
+
+ * Makefile.in:
+ more tweaks to update_version
+ [047698752855]
+
+ * Makefile.in:
+ fixed up update_version rule
+ [47b6fa34b77f]
+
+ * configure.in:
+ ++version
+ [c1ca664e30b7]
+
+ * Makefile.in:
+ removed supe of check.c
+ [8f340a05296a]
+
+ * INSTALL:
+ ++version I missed
+ [a298e6c17491]
+
+ * RUNSON:
+ updated
+ [a14f6057bc15]
+
+ * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+ dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
+ goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
+ parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ updated version
+ [02231b1a3ab3]
+
+ * CHANGES:
+ updated for 1.5.5
+ [634e5fcaf40b]
+
+ * Makefile.in:
+ add rules to update version stuff in files so I don't need to do it
+ by hand
+ [3620ad60485a]
+
+ * sudo.h:
+ sudoers_fp is now extern
+ [88c6e9b9ea84]
+
+ * sudo.c:
+ in check_sudoers, cache the sudoers file handle in sudoers_fp so we
+ don't have to open it again in the parse. This may help with weird
+ solaris problems where EAGAIN sometime occurrs.
+ [d3c26451ed1d]
+
+ * parse.c:
+ sudoers file open is now done only in check_sudoers() so we just do
+ a rewind() instead of an open. May help people on solaris who were
+ getting EAGAIN.
+ [c8b8c7722fa5]
+
+1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention that newer glibc is fixed
+ [20f06f5d3ef3]
+
+1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
+ _RLD* instead of _RLD_*
+ [1e22c588d602]
+
+ * parse.c:
+ typo
+ [d0b7cb85f08a]
+
+ * parse.c:
+ fix that bug for real
+ [5a6eeca6d04b]
+
+ * INSTALL:
+ document Linux's libc6 brokenness.
+ [0246c1aa64ee]
+
+ * parse.yacc:
+ -Wall
+ [d0e452fb1e2d]
+
+ * RUNSON:
+ updated
+ [4949a1bbd0a9] [SUDO_1_5_4]
+
+ * TROUBLESHOOTING:
+ remind people to HUP syslogd
+ [590962faa4f0]
+
+ * Makefile.in:
+ add -O flag to tar
+ [622d02de339d]
+
+ * RUNSON:
+ updated
+ [a72930d6e615]
+
+ * TODO:
+ updated
+ [4a51bd458390]
+
+ * sudo.pod:
+ remove author's email addr. people should mail sudo-bugs
+ [9b6bbdb3a6d9]
+
+ * INSTALL:
+ fix version
+ [246274c6c8af]
+
+ * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
+ find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
+ ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+ logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+ ++version
+ [f532ff4ee766]
+
+ * RUNSON:
+ updated
+ [62d5c71358b5]
-2002-01-15 17:47 millert
+ * INSTALL, Makefile.in:
+ ++version
+ [1a7c7628edfc]
- * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
- sudo.c: Add a configure option to turn off use of POSIX saved IDs
+ * CHANGES:
+ updated fort 1.5.4
+ [7e4873508c99]
-2002-01-15 15:48 millert
+ * check.c:
+ exit(1) if user enters no passwd
+ [f382c0e35e4e]
- * configure: regen
+ * BUGS:
+ ++version
+ [fab6a867ab67]
-2002-01-15 15:48 millert
+ * parse.c:
+ commands can start with ./* not just /* -- fixes a serious security
+ hole.
+ [244d2fe35ee3]
- * configure.in: add --with-efence option
+1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-15 15:39 millert
+ * sudo.c:
+ Don't set the tty variable to NULL when we lack a tty, leave it as
+ "unknown".
+ [193b26daba03]
- * sudo.c: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a
- problem where "sudo -l" would not work if always_set_home was
- set.
+1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-15 13:16 millert
+ * sample.sudoers:
+ fix usage of (username) in conjunction with , and !
+ [7ae68607f68f]
- * lex.yy.c: regen
+ * visudo.c:
+ catch the case where the user is not in the passwd file
+ [31650258deb0]
-2002-01-15 13:16 millert
+ * tgetpass.c:
+ use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
+ select(2)
+ [60ab2d9a9ee8]
- * parse.lex: Quoted commas were not being treated correctly in
- command line arguments.
+ * sudo.c:
+ define tty global to an initial value to avoid dumping core in
+ logging functions when passwd file is unavailable.
+ [77056c7bc908]
-2002-01-14 20:53 millert
+ * sudo.c:
+ do the set_perms(PERM_USER, sudo_mode) after we have gotten the
+ passwd entry
+ [1fdb8e579a5a]
- * sudo.c: o Move the call to rebuild_env() until after
- MODE_RESET_HOME is set. Otherwise, the set_home option has no
- effect.
+ * sudo.pod:
+ talk about problem of ALL
+ [1cd1905c9f6f]
- o Fix use of freed memory when the "fqdn" flag is set. This was
- introduced by the fix for the "segv when gethostbynam() fails"
- bug. Also, we no longer call set_fqdn() if the "fqdn" flag is
- not set so there is no need to check the "fqdn" flag in
- set_fqdn() itself.
+1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-14 20:45 millert
+ * README:
+ new web location
+ [d24dc26f6da5]
- * env.c: Add 'continue' statements to optimize the switch
- statement. From Solar.
+ * INSTALL:
+ fdesc bug is fixed in Open/Net BSD
+ [7d4d81b08ac3]
-2002-01-13 13:42 millert
+ * HISTORY:
+ updates from Nieusma
+ [3a43769a1b78]
- * sudoers.cat, sudoers.man.in: Regen from new sudoers.pod
+1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-13 13:36 millert
+ * dce_pwent.c:
+ move compat.h after the system includes
+ [5ea43a5968ac]
- * sudoers.pod: Add caveat about stay_setuid flag
+1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-13 13:29 millert
+ * logging.c:
+ save errno from being clobbered by wait(). From Theo
+ [f2d1c48cd592]
- * sudo.c: If set_perms == set_perms_posix and the stay_setuid flag
- is not set, set all uids to 0 and use set_perms_fallback().
+1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-13 13:28 millert
+ * compat.h:
+ fix an occurence of setresuid -> setreuid (typo)
+ [394de35c9b1c]
- * set_perms.c, sudo.h: Remove PERM_FULL_USER (which is no longer
- used) and add PERM_FULL_ROOT (used when exec'ing the mailer).
+1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-13 13:27 millert
+ * install-sh:
+ check for path to strip
+ [2b7ef824bd55]
- * logging.c: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the
- mailer since we never want to run the mailer setuid.
+1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-12 17:55 millert
+ * logging.c:
+ deal with maxfilelen < 0 case
+ [f0af095178d7]
- * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
- visudo.pod: Use sudo.ws instead of courtesan.com in URLs
+ * OPTIONS:
+ fixed descriptin
+ [629f60bd4b5f]
-2002-01-12 14:00 millert
+1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, Makefile.binary: Fix mansect substitution
+ * sudo.c:
+ correct error message if mode/owner wrong and not statable by owner
+ but is statable by root.
+ [cb631ce2e85e]
-2002-01-12 13:15 millert
+1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Substitute man sections in Makefile.binary
+ * config.guess, config.sub:
+ autoconf 2.11
+ [f3cbe59e0756]
-2002-01-12 13:15 millert
+1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.binary: Sync install targets with Makefile.in and
- substitute in man sections.
+ * CHANGES, RUNSON, TODO:
+ sudo 1.5.3.
+ [2be3229b8626]
-2002-01-12 13:09 millert
+1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, INSTALL.binary: version is 1.6.4
+ * parse.yacc, sudo.h:
+ command_alias -> generic_alias
+ [c404ca8c510d] [SUDO_1_5_3]
-2002-01-12 12:59 millert
+ * sample.sudoers:
+ added Runas_Alias example and fixed syntax errors
+ [c304053f4a8a]
- * Makefile.in: Repair bindist target
+ * OPTIONS, options.h:
+ updated MAILSUBJECT
+ [18d1573fcd2a]
-2002-01-12 11:43 millert
+ * logging.c:
+ added %h expansion
+ [a4bff9b284fd]
- * CHANGES: sync for 1.6.4
+ * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+ configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
+ goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
+ parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ ++version
+ [211ff20f956f]
-2002-01-10 13:00 millert
+ * BUGS, emul/utime.h:
+ ++version
+ [cde5376579e3]
- * install-sh: Fix case where neither whoami nor id are found
+ * sudoers.pod:
+ document Runas_Alias
+ [b1a58f28fb2c]
-2002-01-09 12:35 millert
+ * visudo.pod:
+ q (uid) -> Q
+ [d256649a0e6b]
- * install-sh: If neither whoami nor id exists, just assume we are
- root.
+ * visudo.c:
+ buffer oflow checking q (uit) -> Q if yyparse() fails drop into
+ whatnow
+ [1cb183d15626]
-2002-01-09 11:56 millert
+ * parse.yacc:
+ add size params to sprintf
+ [9228f698921f]
- * alloc.c: Add explicit cast to (VOID *) on malloc/realloc. Seems
- to be needed on AIX which for some reason isn't pulling in the
- malloc prototype.
+ * parse.lex:
+ allow trailing space after '\\' but before '\n'
+ [f51dbbf69fdf]
-2002-01-08 10:00 millert
+ * find_path.c:
+ off by one error in path size check
+ [a6d75ccd7632]
- * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c: (c) 2002
+ * check.c:
+ sprintf paranoia
+ [3ffb12d198dd]
-2002-01-08 09:21 millert
+1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: checkpoint
+ * parse.yacc:
+ fixed more_aliases
+ [aab12f2a50af]
-2002-01-08 09:20 millert
+ * visudo.c:
+ now warns if killed by signal ./
+ [310c186a0fd7]
- * sudo.c: Defer assigning new environment until right before the
- exec.
+1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-08 09:08 millert
+ * parse.yacc:
+ fix Runas_Alias stuff Alias's in runas list now get expanded (but it
+ is gross)
+ [45590b83120f]
- * parse.c: kill extra blank line
+ * sudo.c:
+ Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
+ [d53e01c14c58]
-2002-01-07 13:59 millert
+ * parse.yacc:
+ add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
+ [7a4a040aae2d]
- * configure: regen
+ * parse.lex:
+ Add Runas_Alias and simplify a rule.
+ [6f794a769a37]
-2002-01-07 13:59 millert
+ * parse.yacc:
+ always store User_Alias's since they can be used inside of a runas
+ list. Sigh. Really need a Runas_Alias instead.
+ [3bab058a873e]
- * configure.in: Use -O not -O2 for m88k-motorola-sysv* since
- motorola gcc-derived compiler doesn't recognise -O2.
+1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-06 23:02 millert
+ * visudo.c:
+ deal with case where there is no sudoers file
+ [fa38b3bb244d]
- * HISTORY: Clarify origins of Root Group sudo a bit based on info
- from billp@rootgroup.com
+1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-02 22:41 millert
+ * TROUBLESHOOTING:
+ added one
+ [e61346d06725]
- * LICENSE: 2002
+1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-02 22:26 millert
+ * HISTORY, testsudoers.c:
+ developement -> development
+ [4df55e293941]
- * CHANGES: checkpoint for 1.6.4rc1
+ * INSTALL:
+ added a note
+ [3845fb83dbc0]
-2002-01-02 17:40 millert
+ * RUNSON:
+ for 1.5.2
+ [5489b7298942]
- * config.h.in: now generated via autoheader
+ * CHANGES:
+ updated
+ [0741834929e6]
-2002-01-02 17:40 millert
+1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * PORTING:
+ removed seteuid() notes
+ [1010a60f281d] [SUDO_1_5_2]
-2002-01-02 17:37 millert
+1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * compat.h: Move in some stuff that was previously in config.h.
+ * compat.h:
+ better seteuid() emulatino
+ [e807623b662c]
-2002-01-02 17:36 millert
+ * configure.in:
+ added check for seteuid
+ [8cf9fabc6f4f]
- * configure.in, aclocal.m4: Add info for autoheader.
+ * config.h.in:
+ added HAVE_SETEUID
+ [596db46aa828]
-2002-01-01 16:53 millert
+1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: o Add DESTDIR support
- o Use -M, -O, and -G instead of -m, -o, and -g to facilitate
- non-root installs
+ * configure.in:
+ first stab at sequent support
+ [b85a7bfcac76]
-2002-01-01 16:48 millert
+ * config.h.in:
+ added HAVE_SYS_SELECT_H
+ [93ecdd042463]
- * install-sh: Add -M option (like -m but only for root) If we can't
- find "whoami", use "id" w/ some sed.
+ * compat.h:
+ sequent -> _SEQUENT_
+ [63a38b6da98c]
-2002-01-01 14:01 millert
+ * compat.h:
+ added seteuid() macro for DYNIX
+ [695bd63c5ea6]
- * configure: regen
+ * tgetpass.c:
+ _AIX -> HAVE_SYS_SELECT_H
+ [b31221211bc2]
-2002-01-01 14:00 millert
+1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: allow user to always override mansectsu and
- mansectform
+ * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
+ parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ ++version
+ [8052992fd453]
-2001-12-31 17:05 millert
+ * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
+ getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
+ pathnames.h.in, version.h:
+ ++version
+ [f7ad15e1598a]
- * mkinstalldirs: update from autoconf 2.52
+ * sudo.pod:
+ added -H and SUDO_PS1
+ [bb965241e30c]
-2001-12-31 17:03 millert
+ * configure.in:
+ use SUDO_FUNC_FNMATCH
+ [6a8350d85fb2]
- * config.guess, config.sub: Update from autoconf 2.52
+ * aclocal.m4:
+ added SUDO_FUNC_FNMATCH
+ [45b32c91c4ba]
-2001-12-31 16:57 millert
+ * sudo.c:
+ added -H flag
+ [11ebc6872fd6]
- * configure: regen with autoconf 2.52
+ * sudo.h:
+ added MODE_RESET_HOME /
+ [67a7f8bcbbd6]
-2001-12-31 16:57 millert
+1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: o Call AC_PROG_CC_STDC to find out how to run the
- compiler in ANSI mode
- o Remove compiler-specific checks for HP-UX now that we use
- AC_PROG_CC_STDC
+ * INSTALL:
+ mention OPIE
+ [5723515d5bbd]
-2001-12-31 12:19 millert
+ * options.h:
+ SKEY -> OTP
+ [c1d268130bc4]
- * RUNSON: Checkpoint
+ * configure.in:
+ added opie support
+ [123872b41b20]
-2001-12-31 12:18 millert
+ * compat.h, config.h.in:
+ added HAVE_OPIE
+ [528c71afc1e5]
- * auth/pam.c: o Add pam_prep_user function to call pam_setcred()
- for the target user; on Linux this often sets resource limits.
- o When calling pam_end(), try to convert the auth->result to a
- PAM_FOO value. This is a hack--we really need to stash the
- last PAM_FOO value received and use that instead.
+ * check.c:
+ added HAVE_OPIE and changed to *_OTP_*
+ [4c62f5db872a]
-2001-12-31 12:18 millert
+ * OPTIONS:
+ SKEY -> OTP
+ [bd858e5e9652]
- * set_perms.c, sudo.h: o Add pam_prep_user function to call
- pam_setcred() for the target user; on Linux this often sets
- resource limits.
+1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-31 00:53 millert
+ * check.c:
+ moved fclose() in skey stuff.
+ [11f7dc8431a6]
- * env.c: Fix off by one error in number of bytes allocated via
- malloc (does not affected any released version of sudo).
+1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-30 17:12 millert
+ * putenv.c:
+ index -> strchr remove unnecesary stuff
+ [af2d05238062]
- * lex.yy.c: regen
+ * check.c:
+ now call skeychallenge() to get challenge instead of making one up
+ ourselves. this way, we get extra goodies in the prompt.
+ [49b770d98d3a]
-2001-12-30 17:12 millert
+1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.lex: Allow '@', '(', ')', ':' in arguments to a defaults
- variable w/o requiring that they be quoted.
+ * CHANGES:
+ added one
+ [3f5149357e2a] [SUDO_1_5_1]
-2001-12-30 14:26 millert
+ * parse.lex:
+ allow logins to start with a number (YUCK!)
+ [7ed7ef324741]
- * sudoers.cat, sudoers.man.in, sudoers.pod: Mention that no double
- quotes are needed when adding/deleting/assigning a single value
- to a list.
+1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-30 13:58 millert
+ * TROUBLESHOOTING:
+ added soalris 2.5 vs 2.4 note
+ [16160a251aae]
- * Makefile.in: Don't rely on mkdefaults being executable, call perl
- explicitly.
+ * configure.in:
+ DUNIX doesn't need -lnsl
+ [be924cc322c3]
-2001-12-30 13:41 millert
+ * CHANGES:
+ *** empty log message ***
+ [1b2937521981]
- * parse.yacc: Remove some XXX that are no longer relevant.
+ * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
+ getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
+ options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+ strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
+ utime.c, version.h, visudo.c:
+ courtesan
+ [5f203589bbfe]
-2001-12-30 13:40 millert
+ * PORTING, README, RUNSON:
+ courtesan
+ [d72517f4937e]
- * defaults.c: o Roll our own loop instead of using strpbrk() for
- better grokability o When adding to a list we must malloc() and
- use memcpy(), not strdup() since we must only copy len bytes
- from str.
+ * INSTALL, Makefile.in, TROUBLESHOOTING:
+ courtesan
+ [5c007e3c7a71]
-2001-12-21 16:49 millert
+ * visudo.pod:
+ *** empty log message ***
+ [37ebe85bd4e1]
- * parse.yacc: typo in comment
+ * sudo.pod, visudo.pod:
+ courtesan
+ [37f02e2130ea]
-2001-12-19 11:50 millert
+1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: checkpoint
+ * HISTORY:
+ added courtesan ./
+ [b01435226276]
-2001-12-19 10:56 millert
+1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * sudo.c:
+ added $SUDO_PROMPT support
+ [cb1fa72c093d]
-2001-12-19 10:56 millert
+1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: avoid the -g flag unless --with-devel was specified
+ * check.c:
+ print long skey challemged to stderr, not stdout
+ [750fc775b3b2]
-2001-12-19 10:04 millert
+1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: mkdefaults, def_data.in and sigaction.c were missing
- from the tarball
+ * CHANGES:
+ updated for 1.5.1
+ [9b615f393057]
-2001-12-19 09:46 millert
+ * emul/utime.h:
+ ++version
+ [a94de18deafb]
- * Makefile.in: def_data.c was missing
+1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-18 12:42 millert
+ * RUNSON:
+ updated for 1.5.1
+ [4092f20ab634]
- * env.c: Fix setting of $USER and $LOGNAME in the non-reset_env
- case. Also allow HOME, SHELL, LOGNAME, and USER to be specified
- in keep_env
+1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-17 20:48 millert
+ * check.c:
+ use shost, not host for tgetpass
+ [6061c49ff9be]
- * TODO: Another TODO item
+ * sudo.pod:
+ documented %u and %h
+ [6d2922d29897]
-2001-12-17 19:50 millert
+ * OPTIONS:
+ documented %u and %h
+ [1a71da13a864]
- * sudoers: Add comment for Default section so folks know where it
- should go.
+ * configure.in:
+ fixed typo
+ [1230dec2b062]
-2001-12-17 18:56 millert
+ * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+ dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+ ++version
+ [65ce8eabf77a]
- * tgetpass.c: Use TCSETAF, not TCSETA to set terminal in termio
- case
+ * BUGS:
+ ++version
+ [afecab53aab7]
-2001-12-17 18:35 millert
+1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.man.in, sudoers.cat: regen from sudoers.pod
+ * Makefile.in, configure.in, version.h:
+ ++version
+ [fb3ff940d672]
-2001-12-17 18:33 millert
+ * sudo.h:
+ new tgetpass() params
+ [9eccc5b0f8ae]
- * sudoers.pod: o Typo, Runas_User_List should be Runas_List
- o a User_List can not contain a uid
- o mention that the Defaults section should come after Alias
- definitions but before the user specifications
+ * check.c:
+ pass use and host to tgetpass
+ [c56d9d13c401]
-2001-12-15 11:51 millert
+ * tgetpass.c:
+ added %u and %h escapes
+ [04ae775d3e5d]
- * sudoers.cat, sudoers.man.in: regen
+ * OPTIONS, check.c, options.h:
+ added NO_MESSAGE
+ [3927dad19057]
-2001-12-15 11:51 millert
+ * configure.in:
+ added cray (unicos) support
+ [1122210c5fb1]
- * sudoers.pod: Fix listpw and verifypw sections, they were not
- being formatted properly.
+1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-15 11:39 millert
+ * OPTIONS, options.h, sudo.c:
+ added SHELL_SETS_HOME
+ [0b26909b0929]
- * sudoers.cat, sudoers.man.in: regen
+1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-15 11:38 millert
+ * INSTALL:
+ added note about "make install"
+ [7e56ea76d4b4]
- * sudoers.pod: fix typos
+ * parse.yacc:
+ changed length/size params from int to size_t
+ [5654e5ceb1b3]
-2001-12-15 10:57 millert
+ * OPTIONS:
+ now get CSOPS insults as well by default
+ [297323d0179a]
- * configure: regen
+ * insults.h:
+ use csops insults too by default
+ [07fafc136169]
-2001-12-15 10:57 millert
+ * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
+ version = 1.5
+ [4b8772b11e3b]
- * configure.in, config.h.in: use AC_SYS_POSIX_TERMIOS instead of
- rolling our own
+ * sudo.c:
+ added runas_homedir
+ [b0e0d4417a15]
-2001-12-15 10:33 millert
+ * TODO:
+ updated for 1.5
+ [66259df825d5]
- * README: Reference sudo.ws not courtesan.com
+ * RUNSON:
+ updated for 1.5
+ [e08bc9ebfe95]
-2001-12-15 10:29 millert
+ * CHANGES:
+ 1.5 release
+ [8c16942fea41]
- * PORTING: Add notes on shadow passwords
+ * INSTALL:
+ added "upgrading" notes
+ [210d968964ff]
-2001-12-15 00:48 millert
+1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * BUGS: In list mode (sudo -l), characters escaped with a backslash
- are shown verbatim with the backslash.
+ * visudo.c:
+ now do chmod and chown after edit of temp file and before rename
+ [de174e34faa7] [SUDO_1_5_0]
-2001-12-15 00:44 millert
+1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers: Add simple examples from OpenBSD (Marc Espie)
+ * Makefile.in:
+ ++version added INSTALL.configure
+ [c9e9214f52ae]
-2001-12-15 00:40 millert
+ * configure.in, version.h:
+ ++version
+ [5985abed3eb2]
- * tgetpass.c: Catch SIGTTIN and SIGTTOU too and treat them like
- SIGTSTP.
+ * TROUBLESHOOTING:
+ *** empty log message ***
+ [d65c540ec52e]
-2001-12-14 21:53 millert
+ * parse.yacc:
+ added missing cast
+ [e7247319a7d5]
- * CHANGES: minor prettyification
+ * sudo.c:
+ sets $HOME to pw_dir of runas user
+ [d3f7f4d05752]
-2001-12-14 21:43 millert
+ * sudo.pod:
+ document $HOME change
+ [854454d458c4]
- * CHANGES: Updated change log
+1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-14 21:27 millert
+ * sudo.pod:
+ fixed up some wording
+ [b0c8582f2c97]
- * testsudoers.c: Fix CIDR handling here too.
+ * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
+ strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ visudo.c:
+ ++version
+ [748be723fd8b]
-2001-12-14 21:21 millert
+ * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, options.h, pathnames.h.in, sudo.h:
+ ++version
+ [acdf8b1b2a1b]
- * auth/pam.c: Apparently a NULL response is OK
+ * emul/utime.h:
+ ++version
+ [b3f35298ab8d]
-2001-12-14 21:19 millert
+ * sudo.h:
+ name nad type changes
+ [db24ab3da141]
- * TODO: Checkpoint for upcoming beta release
+ * testsudoers.c:
+ now works with new sudo
+ [379346c42cc2]
-2001-12-14 21:17 millert
+ * parse.yacc:
+ fixed some XXX
+ [f5fe4c990052]
- * TROUBLESHOOTING: Many people believe that adding a runas spec
- should obviate the need for the -u flag. It does not.
+ * parse.yacc:
+ some variable name changes + comment headers for functions.
+ [3dc3bd9aa73d]
-2001-12-14 21:11 millert
+ * tgetpass.c:
+ added extra paren's to make compilers happy
+ [9e4968a34d56]
- * RUNSON: checkpoint update for upcoming 1.6.4 beta
+ * sudo.c:
+ *** empty log message ***
+ [70c924c1ed69]
-2001-12-14 20:44 millert
+ * parse.c:
+ now uses init_parser() if not in sudoers and tries "list" or
+ "validate" scold but don't be nasty.
+ [c0d8fb3f8c9e]
- * config.h.in: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define
- HAVE_STRINGS_H even if HAVE_STRING_H is defined -- this is safe
- now
+ * TROUBLESHOOTING:
+ now can use upper case login names
+ [c772fffcefe5]
-2001-12-14 20:07 millert
+ * visudo.c:
+ now uses init_parser()
+ [b9efae7243fd]
- * PORTING: Add signals section
+ * INSTALL, README:
+ updated
+ [27dc8283fdc8]
-2001-12-14 20:00 millert
+ * PORTING:
+ added info about PASSWORD_TIMEOUT
+ [980e15d892f8]
- * configure: regen
+ * INSTALL.configure:
+ Initial revision
+ [8292e89a08d3]
-2001-12-14 20:00 millert
+ * BUGS:
+ fixed a bug ,
+ [c6e46f5624f9]
- * configure.in: Fix check for sigaction_t
+ * parse.yacc:
+ now dynamically allocates memory for the stacks -- no more
+ overflows!
+ [8615c35b6ad3]
-2001-12-14 19:45 millert
+ * sudo.pod:
+ -l now explands command aliases
+ [39f45605935d]
- * sudo.c: XXX - should call find_path() as runas user, not root.
- Can't do that until the parser changes though.
+ * parse.yacc:
+ hacks to expand command aliases for `sudo -l'
+ [e4eb752608f9]
-2001-12-14 19:38 millert
+ * sudo.c:
+ remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
+ [01327ca5084b]
- * sudo.c: If find_path() fails as root, try again as the invoking
- user (useful for NFS). Idea from Chip Capelik.
+ * sudo.h:
+ added struct command_alias
+ [dd2f32764082]
-2001-12-14 19:28 millert
+ * sudo.pod:
+ fixed a bug
+ [e708ff08d2eb]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: Regenerate
- after pod file changes
+ * lsearch.c:
+ in compar() key should be first arg
+ [fc14c3fa62ee]
-2001-12-14 19:24 millert
+1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
- sudo.pod, sudoers.pod: Add new sudoers option "preserve_groups".
- Previously sudo would not call initgroups() if the target user
- was root. Now it always calls initgroups() unless the -P command
- line option or the "preserve_groups" sudoers option is set. Idea
- from TJ Saunders.
+ * BUGS:
+ fixed some bugs
+ [639dfe425bd5]
-2001-12-14 18:38 millert
+ * parse.yacc:
+ can now deal with upcase HOST and USER names
+ [c6aa7bcfb00d]
- * compat.h, config.h.in: Use new HAVE_SIGACTION_T define
+ * sudo.c:
+ don't yell too loudly at non-sudoers if they do "sudo -l"
+ [4ef146128d89]
-2001-12-14 18:33 millert
+ * sudo.pod:
+ fixed thinko
+ [830f2f0f22e7]
- * logging.c: Fix compilation on K&C
+ * parse.c:
+ fix comment
+ [d20ce9e17ddc]
-2001-12-14 18:14 millert
+1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * parse.c, parse.yacc:
+ added support for new `sudo -l' stuff
+ [7dceaef3c733]
-2001-12-14 18:14 millert
+ * sudo.c:
+ now uses list_matches()
+ [293364821b61]
- * configure.in: Add check for sigaction_t -- IRIX already defines
- this so don't redefine it.
+ * sudo.h:
+ added struct sudo_match
+ [b2684179d179]
-2001-12-14 17:15 millert
+ * configure.in:
+ now more -lgnumalloc
+ [4f8ae42617d8]
- * snprintf.c: fix typo
+1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-14 17:12 millert
+ * install-sh:
+ added more paths for chown and whoami
+ [6e685a19426c]
- * interfaces.c: need stdlib.h here too
+1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-14 15:31 millert
+ * check.c:
+ typo
+ [3adfa01c04bc]
- * configure: regen
+1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-14 15:31 millert
+ * aclocal.m4:
+ fixed DUNIX check for shadow pw
+ [c25324bcd27b]
- * configure.in: Remove redundant checks for string.h, strings.h and
- unistd.h
+ * tgetpass.c:
+ now only turn off echo if it is already on. this fixes a race when
+ you use sudo in a pipelin
+ [28388c2de21c]
-2001-12-14 15:29 millert
+ * INSTALL:
+ updated
+ [b45ac9366b7e]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: Regen from pod files
+ * configure.in:
+ changed "test -z $foo && do_this" to if; then construct
+ [2183c4426bca]
-2001-12-14 15:03 millert
+1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * BUGS: Update for 1.6.4
+ * configure.in:
+ added missing defines of SHADOW_TYPE
+ [be89ea68a7f3]
-2001-12-14 14:59 millert
+1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, lex.yy.c: regen
+ * check.c:
+ protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
+ only in dunix 4.x
+ [1e7c1c677263]
-2001-12-14 14:56 millert
+ * getspwuid.c:
+ added AUTH_CRYPT_C1CRYPT support
+ [88d6b0058b20]
- * strerror.c: Return EINVAL if errnum > sys_nerr
+ * parse.c:
+ no longer return VALIDATE_NOT_OK if there was a runas that didn't
+ match. Now we can have runas stuff on more than one line.
+ [52b68920d7b7]
-2001-12-14 14:54 millert
+ * getspwuid.c, sudo.c, tgetpass.c:
+ use SHADOW_TYPE instead of HAVE_C2_SECURITY
+ [cf401dfcbc06]
- * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
- config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
- sudo.pod, auth/sudo_auth.h: o Update copyright year
+ * configure.in:
+ got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
+ something
+ [c7a233c4dd93]
-2001-12-14 14:54 millert
+ * config.h.in:
+ removed HAVE_C2_SECURITY added SPW_BSD
+ [8314405e9754]
- * configure.in: o Don't define STDC_HEADERS unconditionally for
- IRIX o Update copyright year
+ * compat.h:
+ use SHADOW_TYPE instead of HAVE_C2_SECURITY
+ [6f94870df17f]
-2001-12-14 14:53 millert
+ * check.c:
+ SHADOW_TYPE is always defined so just against its value
+ [72c69a55d02f]
- * README: update version
+ * aclocal.m4:
+ added SUDO_CHECK_SHADOW_DUNIX
+ [ef025ae9d496]
-2001-12-14 14:52 millert
+1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
- fnmatch.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
- logging.c, lsearch.c, parse.c, parse.lex, parse.yacc,
- set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c,
- utime.c, visudo.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
- auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
- auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/sia.c, auth/sudo_auth.c: o Reorder some headers and use
- STDC_HEADERS define properly o Update copyright year
+ * sudoers.pod:
+ * -> ?* in one example added another instance of (runas) and one of
+ NOPASSWD:
+ [d74fe1dcbe7d]
-2001-12-14 01:53 millert
+1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * configure.in:
+ added back check for config.cache from other host type
+ [0ba87871f585]
-2001-12-14 01:53 millert
+ * parse.lex:
+ removed an instance of \"
+ [1e008d3709f6]
- * tgetpass.c: flags set in signal handlers should be volatile
- sig_atomic_t
+ * sample.sudoers:
+ added an example
+ [dbfcf68ee330]
-2001-12-14 01:52 millert
+ * sudoers.pod:
+ updated wrt new wildcard matching
+ [193fa44a475b]
- * config.h.in, configure.in: Add checks for volatile and
- sig_atomic_t
+ * configure.in:
+ new check for shadow passwords if we don't know anything
+ [67465df7dc9a]
-2001-12-14 01:42 millert
+ * aclocal.m4:
+ new SUDO_CHECK_SHADOW_GENERIC
+ [3563b16a41b8]
- * lex.yy.c, configure: regen
+ * configure.in:
+ added back check for -lsocket (oops)
+ [a80882ee1cb6]
-2001-12-14 01:40 millert
+ * configure.in:
+ better (working) check for shadow passwd type if we know to use C2.
+ [3cdd2a59a641]
- * def_data.c, def_data.h, def_data.in, defaults.c, env.c,
- find_path.c, sudo.c, sudoers.pod: Remove "secure_path" Defaults
- option since it cannot work with the existing parser.
+ * configure.in:
+ now uses AC_CANONICAL_HOST to figure out os type
+ [80db7fe6e704]
-2001-12-14 01:26 millert
+ * Makefile.in:
+ added config.{guess,sub}
+ [c6be7e3ca384]
- * find_path.c, sudo.c: Unset "secure_path" if user_is_exempt()
+ * aclocal.m4:
+ removed unused stuff to figure out os type
+ [c9a0f3b57123]
-2001-12-14 01:24 millert
+ * config.sub:
+ added openbsd
+ [bfc6bfec3668]
- * env.c, pathnames.h.in: o Remove assumption that PATH and TERM are
- not listed in env_keep o If no PATH is in the environment use a
- default value o If TERM is not set in the non-reset case also
- give it a default value.
+ * config.sub:
+ Initial revision
+ [e6e06ce0d17d]
-2001-12-14 01:17 millert
+ * config.guess:
+ Initial revision
+ [99dd06f79199]
- * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
- _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works
- on systems that define in paths.h
+ * testsudoers.c:
+ don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
+ pathname. need to check against sudoers_args even if user_args is
+ nil
+ [66e6cf77f5d6]
-2001-12-14 01:15 millert
+ * parse.c:
+ don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
+ pathname need to check against sudoers_args even if user_args is nil
+ [74374df17311]
- * auth/: passwd.c, sudo_auth.c, sudo_auth.h: Add support for
- skeyaccess(3) if it is present in libskey.
+1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-12 21:42 millert
+ * check.c:
+ added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
+ [cbb00261c415]
- * sudo.c: Only need to do 'lc = login_getclass(NULL)' if lc == NULL
+ * testsudoers.c:
+ now takes command line args and uses cmnd_args
+ [f0c2fd35a527]
-2001-12-12 21:24 millert
+ * parse.lex:
+ fill_args was adding an extra leading space
+ [692fc999b2e8]
- * parse.lex: '\\' is a perfectly legal character to have in a
- command line argument.
+1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-12 20:24 millert
+ * visudo.c:
+ fixed dummy command_matches()
+ [93d9543db6e2]
- * sudo.c: o Defer call to set_fqdn() until it is safe to use
- log_error() o Don't print errno string value if gethostbyname
- fails, it is not relevant
+ * parse.yacc:
+ fixed prototype
+ [7b0addfbd429]
-2001-12-12 20:07 millert
+ * sudo.h:
+ added cmnd_args
+ [8f47c4ae65ef]
- * parse.c: Fix CIDR -> in_addr_t conversion.
+ * parse.yacc:
+ now uses flat args string
+ [016e65877da3]
-2001-12-12 16:21 millert
+ * parse.c, parse.lex:
+ now uses flat arg string
+ [5b5f2e3f4c09]
- * sudoers.pod: Remove an extra "User_List" in the User_Spec
- definition From ybertrand AT snoopymail.com
+ * visudo.c:
+ added cmnd_args def
+ [876867134775]
-2001-12-12 16:00 millert
+ * sudo.c:
+ now sets cmnd_args global
+ [e6fee70cb59b]
- * parse.c: Make 'listpw=never' work for users who are not
- explicitly mentioned in sudoers.
+ * logging.c:
+ cmnd_args is now exported from sudo.[ch]
+ [7a9cd36e356f]
-2001-12-12 15:40 millert
+1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Remove gratuitous '=' in EBNF grammar; era AT iki.fi
+ * parse.yacc:
+ can't rely on cmnd_matches as much as I thought -- added some $$
+ stuff back in to prevent namespace pollution problems.
+ [3c45fedb5af3]
-2001-12-12 15:34 millert
+ * parse.yacc:
+ Simplified parse rules wrt runas and NOPASSWD (more consistent).
+ [e6d838c8a4c7]
- * sudoers.pod: Document new list Defaults type and convert env_keep
- and env_delete to lists. Document new env_check option.
+1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-12 15:11 millert
+ * parse.lex:
+ NOPASSWD may now have blanks before the ':' '(' only starts a
+ 'runas' if in the initial state to avoid collision with command args
+ [c5c01172f499]
- * lex.yy.c, sudo.tab.h: regen parser
+ * configure.in:
+ added checks for specific shadow passwd schemes
+ [b7e3d1f7b84f]
-2001-12-12 14:56 millert
+ * aclocal.m4:
+ added routines to check for specific shadow passwd types
+ [e5e1d19960a6]
- * parse.lex: Don't let '#' appear in a {WORD} and restrict #foo in
- a Runas spec to #[0-9-]+.
+1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-12 14:55 millert
+ * configure.in:
+ added support for ncr boxen
+ [bea9dc5aae7f]
- * configure: regen
+ * aclocal.m4:
+ added support for detecting ncr boxen
+ [8653a158a924]
-2001-12-12 14:55 millert
+1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
+ * configure.in:
+ added sinix support
+ [5de2b2173ee1]
-2001-12-12 14:43 millert
+1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure.in: Add check for skeyaccess(3)
+ * TROUBLESHOOTING:
+ added info about "config.cache from other other" error.
+ [845b10198e0b]
-2001-12-11 19:47 millert
+ * aclocal.m4:
+ now makes sure you don't have a config.cache file from another OS
+ [4fe32571c021]
- * visudo.pod: Document new -c, -f, and -q options
+ * configure.in:
+ now sets $LIBS when needed to configure links with libs when doing
+ tests hpux10 now uses SPW_SECUREWARE for C2 added check for
+ bigcrypt(3) if SPW_SECUREWARE
+ [2df6b8ca538f]
-2001-12-11 19:41 millert
+ * getspwuid.c:
+ fixed typo
+ [fe1cb1d792d6]
- * visudo.c: o Add -f option (alternate sudoers file) o Convert to
- use getopt(3)
+ * tgetpass.c:
+ now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
+ [f71138372c07]
-2001-12-11 19:31 millert
+ * getspwuid.c:
+ no more SPW_HPUX10
+ [cfdeb18bc16b]
- * configure: regen
+ * config.h.in:
+ no more SPW_HPUX10 added HAVE_BIGCRYPT
+ [00d296479a61]
-2001-12-11 19:31 millert
+ * compat.h:
+ now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
+ [6c6d9e680417]
- * aclocal.m4, config.h.in, configure.in: Add check for isblank and
- a replacement macro if it doesn't exist.
+ * check.c:
+ SPW_SECUREWARE now uses bigcrypt
+ [be71fc66690f]
-2001-12-11 18:22 millert
+1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: In check-only mode, don't create sudoers if it does not
- already exist.
+ * sample.sudoers:
+ fixed 2 syntax errors
+ [45eee19ef4ac]
-2001-12-11 18:06 millert
+ * sudoers:
+ root may now run ALL as ALL
+ [1b54c6b9b212]
- * parse.yacc: o Add a new token, DEFVAR, to indicate a Defaults
- variable name
- o Add support for "+=" and "-=" list operators
- o replace some 1 and 0 with TRUE and FALSE for greater
- legibility.
+1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-11 18:05 millert
+ * interfaces.c:
+ fixed a typo/thinko that broke BSD's with sa_len
+ [603438360126]
- * parse.lex: o Use exclusive start conditions to remove some
- ambiguity in the
- lexer. Also reorder some things for clarity.
- o Add support for "+=" and "-=" list operators.
- o Use the new DEFVAR token to denote a Defaults variable name.
+1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-11 18:03 millert
+ * check.c, configure.in:
+ updated AFS support
+ [e572eb8d177a]
- * sudo.h: Prototype init_envtables()
+ * TROUBLESHOOTING:
+ added entry about /usr/ucb/cc
+ [025b353aa9d3]
-2001-12-11 18:02 millert
+ * INSTALL:
+ prep no longer holds gcc binaries
+ [8b0942958049]
- * env.c: o Convert environment handling to use lists instead of
- strings.
- This greatly simplifies routines that need to do "foreach"
- type
- operations.
- o Add new init_envtables() function to set env_check and
- env_delete
- defaults based on initial_badenv_table and
- initial_checkenv_table
- (formerly sudo_badenv_table).
+ * INSTALL:
+ updated AFS note
+ [7af6efd5abe4]
-2001-12-11 18:00 millert
+ * Makefile.in:
+ added @AFS_LIBS@
+ [97b6fe6ad7d6]
- * defaults.c, defaults.h: o Add a new LIST type and functions to
- manipulate it.
- o This is for use with environment handling variables.
- o Call new init_envtables() routine inside init_defaults() to
- initialize the environment lists.
+ * compat.h:
+ AFS allows long passwords
+ [5fb17122c302]
-2001-12-11 17:57 millert
+ * testsudoers.c:
+ fixed -u user support
+ [b1a0c1648639]
- * def_data.c, def_data.h, def_data.in: Convert environment options
- to use the new LIST type and add a new one, env_check that only
- deletes if the sanity check fails.
+ * parse.c:
+ sudo -v now groks VALIDATE_OK_NOPASS
+ [74fc03fffe7e]
-2001-12-11 17:55 millert
+ * parse.yacc:
+ fixed no_passwd vs. runas_matched
+ [549a9b791a6a]
- * testsudoers.c: Add dummy version of init_envtables()
+ * TROUBLESHOOTING:
+ took out stuff about NFS-mounting since it is no longer an issue
+ [d95ab7fbbc61]
-2001-12-11 17:53 millert
+ * INSTALL:
+ added --with-libraries > --with-libpath --with-incpath
+ [d5d15a7a0f4c]
- * parse.yacc: honor quiet mode
+ * parse.yacc:
+ was setting runas_matches to -1 in wrong place
+ [db2b1deb8d33]
-2001-12-11 17:51 millert
+ * check.c:
+ removed usersec.h which is not present in new AFS versions
+ [618b016dd17f]
- * visudo.c: Add check-only mode
+ * tgetpass.c:
+ now deals with timeout <= 0
+ [ba53a1257255]
-2001-12-10 20:27 millert
+ * OPTIONS:
+ updated
+ [75093bd8fdca]
- * mkdefaults: Fix generation of entries with NULL descriptions.
+ * configure.in:
+ BSD/OS >= 2.0 now uses shlicc instead of just gcc
+ [ff6dbf7825c2]
-2001-12-09 00:27 millert
+ * sudo.c:
+ fixed backwards compatibility with sudo 1.4 sudoers mode for root
+ readable/writable filesystems
+ [2694ed627221]
- * tgetpass.c: Use sigaction_t and quiet a gcc warning.
+ * Makefile.in:
+ now gives INSTALL -c flag
+ [63db055a2fd1]
-2001-12-09 00:20 millert
+ * parse.yacc:
+ slightly simpler initialization of no_passwd and runas_matches
+ [463a1b5fa323]
- * sudo.c: Must reset signal handlers before we exec
+ * testsudoers.c:
+ added -u username support
+ [38b072fcd6b3]
-2001-12-09 00:16 millert
+ * configure.in:
+ improved --with-libraries support
+ [047dbc5f0af2]
- * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sudo_auth.c: Be
- carefule now that tgetpass() can return NULL (user hit ^C). PAM
- version needs testing. Set SIGTSTP to SIG_DFL during password
- entry so user can suspend us.
+1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-09 00:14 millert
+ * configure.in:
+ added --with-incpath, --with-libpath, --with-libraries
+ [20f20d6c718c]
- * tgetpass.c: Add support for interrupting/suspending tgetpass via
- keyboard input. If you suspend sudo from the password prompt and
- resume it will re-prompt you.
+ * parse.yacc:
+ now initializes some fields that weren't getting set to -1 pretty
+ gross -- need a rewrite.
+ [021c160390c6]
-2001-12-09 00:09 millert
+1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Don't block keyboard interrupt signals, just set them to
- SIG_IGN.
+ * alloca.c:
+ removed emacs'isms
+ [9d4ec2efe057]
-2001-12-08 14:48 millert
+ * configure.in:
+ no longer add -lPW to *_LIBS since we include alloca.c
+ [a626d1bbea80]
- * config.h.in: add back HAVE_SIGACTION
+ * config.h.in:
+ added HAVE_ALLOCA_H
+ [15491e2a6cff]
-2001-12-08 14:44 millert
+ * Makefile.in:
+ added alloca.c
+ [0400f25e1fe4]
- * configure: regen
+ * alloca.c:
+ Initial revision
+ [06d033aa4882]
-2001-12-08 14:44 millert
+ * configure.in:
+ ++version
+ [f52c0fb98f90]
- * config.h.in, configure.in, logging.c, sudo.c, visudo.c: Kill
- POSIX_SIGNALS define and old signal support now that we emulate
- POSIX ones Also be sure to correctly initialize struct sigaction.
+1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-08 14:42 millert
+ * sudo.c:
+ now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
+ not always set to a valid uid.
+ [c2669f77704d]
- * strerror.c: Don't need config.h or "#ifndef HAVE_STRERROR"
- wrapper.
+ * OPTIONS:
+ fixed entry for SUDO_MODE
+ [d7272f6035b8]
-2001-12-08 14:39 millert
+ * sudo.c:
+ Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
+ being set to -2. Now beat NFS to the punch and set uid to "nobody"
+ ourselves, preserving group 0 to read sudoers.
+ [b1fbc5dd1e34]
- * compat.h: Add scaffolding for POSIX signal emulation
+ * parse.c:
+ moved set_perms(PERM_ROOT) to be before yyparse()
+ [7619d8080735]
-2001-12-08 14:36 millert
+ * logging.c:
+ fixed a typo
+ [318acc48cde0]
- * sigaction.c: o Add missing ';' so this compiles o Can't use NULL
- since we don't include stdio.h
+ * configure.in:
+ no longer need AC_PROG_INSTALL
+ [de01b1336dc8]
-2001-12-08 14:23 millert
+ * Makefile.in:
+ always use install-sh to avoid install(1)'s that use get{pw,gr}nam
+ [ea2351986406]
- * sigaction.c: Emulate sigaction() using sigvec()
+ * INSTALL:
+ make clean -> make distclean
+ [704a98e8ba10]
-2001-11-12 19:32 millert
+1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Document new behavior of negative values of
- timestamp_timeout Fix a typo
+ * parse.yacc:
+ removed some unnecsary if's
+ [f00db6508132]
-2001-11-12 19:31 millert
+ * Makefile.in, version.h:
+ ++version
+ [bdb6740b24c8]
- * sudo.pod: Add security note about command not being logged after
- 'sudo su' and friends.
+ * parse.c, testsudoers.c:
+ now includes netgroup.h
+ [93f5a06352bc]
-2001-11-12 19:19 millert
+ * interfaces.c:
+ removed cats of ioctl to int since they didn't shut up -Wall
+ [83e9f912cd7a]
- * sudo.pod: Mention that -V prints default values when run as root,
- including the list of environment variables to clear.
+ * interfaces.c:
+ explicately cast ioctl() to int since it it not always declared
+ [2ff9294e469e]
-2001-11-12 19:14 millert
+ * sudo.h:
+ added declarations for yyparse() and yylex()
+ [6071321ab771]
- * Makefile.in: Run pod2man with --quotes=none to avoid stupid
- quoting of C<> entries.
+ * parse.yacc:
+ fixed an occurence of '==' -> '='
+ [2c46d2e11d57]
-2001-11-12 13:12 millert
+ * config.h.in, configure.in:
+ added check for netgroup.h
+ [73403050f4e3]
- * def_data.c, def_data.h, def_data.in, sudoers.pod,
- auth/sudo_auth.c: Add mail_badpass option Also modify mail_always
- behavior to also send mail when the password is wrong
+ * sudo.c:
+ fixed 2 compiler warnings
+ [680929b0bd97]
-2001-11-12 13:08 millert
+ * sudo.c:
+ SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
+ initialized
+ [18707ecd07c2]
- * env.c, sudo.c, sudo.h: Dump default bad env table when 'sudo -V'
- is run by root.
+1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-11-11 23:52 millert
+ * sudo.pod:
+ fixed a typo
+ [e4b5c12aa130]
- * sudoers.pod: document env_delete
+1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-11-11 23:51 millert
+ * parse.yacc:
+ fixed a formatting thingie
+ [c79327b6f19b]
- * env.c: Add support for '*' in env_keep when not resetting the
- environment (ie: the normal case).
+ * parse.c, parse.yacc:
+ fixed -u support with multiple user lists on a line
+ [e4d1066adca2]
-2001-11-11 23:47 millert
+ * configure.in:
+ unixware needs -lgen
+ [b5bf9bca63cc]
- * env.c: Add env_delete variable that lets the user replace/add to
- the bad_env_table. Allow '*' wildcard in env_keep entries.
+ * README:
+ updated ftp location
+ [b25a033f7921]
-2001-11-06 13:59 millert
+ * sudoers.pod:
+ add net_addr/netmask support
+ [674e83516d1e]
- * mkinstalldirs: Force umask to 022 to guarantee sane directory
- permissions.
+ * sample.sudoers:
+ added net_addr/mask example
+ [774878e89b28]
-2001-11-02 18:09 millert
+ * parse.c, parse.lex:
+ added support for net_addr/netmask
+ [e33de27325d8]
- * Makefile.in: add sudo.tab.h and sudo.tab.c to sudo.tab.o
- dependency
+1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-11-02 17:25 millert
+ * sudoers.pod:
+ ^ -> !
+ [1a084950d6ef]
- * mkdefaults: fix breakage in last commit
+1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-11-02 17:18 millert
+ * RUNSON:
+ updated for 1.4.3
+ [c82019025d09]
- * Makefile.in: acsite.m4 -> aclocal.m4
+ * CHANGES:
+ udpated for 1.4.3
+ [ceaa81adb8f0]
-2001-11-02 15:59 millert
+ * BUGS, TODO, TROUBLESHOOTING:
+ updated
+ [ff94fae4b853]
- * check.c: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in
- previous commit
+ * sample.sudoers:
+ updated with examples of new stuff
+ [99d0b4cb4c9c]
-2001-11-02 15:57 millert
+ * INSTALL, README:
+ ++version
+ [b763b80fe836]
- * def_data.c: regenerated from def_data.in
+ * sudoers.pod:
+ updated wrt -u and NOPASSWD
+ [0b5b722ea0f4]
-2001-11-02 15:56 millert
+ * sudo.pod:
+ updated wrt -u and CAVEATS
+ [71d5d53b5d18]
- * check.c, defaults.c, defaults.h: Add new T_UINT type that most
- things use instead of T_INT If timestamp_timeout is < 0 then
- treat the ticket as never expiring (to be expired manually by the
- user).
+1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-11-02 15:51 millert
+ * sudo.c:
+ fixed usage()
+ [114c7d09b550]
- * def_data.in: change most T_INT -> T_UINT
+ * parse.lex:
+ now use :foo: character classes (makes no diff for generated lexer)
+ [7b0aeb737a02]
-2001-11-02 15:51 millert
+1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * mkdefaults: fix warning when no args
+ * check.c:
+ fixed LONG_SKEY_PROMPT stuff
+ [0efe78b4bdda]
-2001-11-02 12:52 millert
+1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: Change 2 Exit() -> exit() Avoid stdio in Exit() and
- call _exit() if we are a signal handler. We no longer print the
- signal number but the user can just check the exit value for
- that.
+ * visudo.c:
+ fixed a comment
+ [3d289017104b]
-2001-10-16 01:35 millert
+ * lsearch.c:
+ make more like NetBSD one -- now compiles w/o warnings
+ [932206296a54]
- * logging.c: when setting up pipes in child process check for case
- where stdin == pipe fd 0
+ * emul/search.h:
+ fixed decls of lsearch()
+ [c58cf4584c45]
-2001-10-11 13:20 millert
+ * config.h.in, configure.in, getspwuid.c:
+ added SPW_HPUX10
+ [d74e5eaa5f17]
- * visudo.c: Ignore editor exit value since XPG4 says vi's exit
- value is the count of editing errors made (failed searches, etc).
+ * check.c:
+ hpux 10 uses bigcrypt() if C2
+ [359eb63f4021]
-2001-10-05 16:39 millert
+1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * parse.c:
+ now always uses fnmatch to match args
+ [a9d91f35256a]
-2001-10-05 16:39 millert
+ * tgetpass.c:
+ back to using stdio instead of raw i/o since that caused some
+ problems
+ [e7ce2bc92974]
- * configure.in: sco now is identified by config.guess as *-sco-*
+1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-10-05 16:24 millert
+ * sudo.c:
+ now give usage warning if use -l,-v,-k with args
+ [6b48180c4fea]
- * configure.in: Check for getspnam() in -lgen if not in -lc for
- UnixWare.
+1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-09-17 21:48 millert
+ * sudo.c:
+ NewArgc is now set to 1 for -l, -v, -k
+ [7497cb1416a8]
- * sudoers.pod, visudo.pod: "upper case" -> "uppercase"
+ * sudo.c:
+ now sets sudoers to correct group if mode is 0400
+ [484c43d99718]
-2001-09-17 21:32 millert
+ * install-sh:
+ updated to version used by inn and bind
+ [28683ad8725a]
- * sudoers.pod: fix typos and grammar; pjanzen@foatdi.harvard.edu
+ * configure.in:
+ now uses -lgnumalloc if it exists
+ [3651ca4415a2]
-2001-08-28 10:26 millert
+ * Makefile.in:
+ "make install" now sets uid/gid and mode on sudoers if it exists
+ [1f5216191ae9]
- * sudoers.pod: Missing word (specify); krapht@secureops.com
+ * sudo.c:
+ rmeoved debugging statements
+ [aeda278e2c26]
-2001-08-23 17:43 millert
+ * parse.yacc:
+ added a missing free()
+ [592c9482a159]
- * sudo.c: If we fail to lookup a login class, apply the default
- one.
+ * sudo.c:
+ now uses user_gid instead of getegid (which was wrong anyway) to set
+ SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
+ (logging.c depends on args being in the environment)
+ [9f5328a3b942]
-2001-08-23 17:42 millert
+ * logging.c:
+ now uses SUDO_COMMAND envariable to get command args rather than
+ building it up again.
+ [7f8edc5bccb7]
- * logging.c: In log_error() free message, not logline
- unconditionally, then free logline if it is not the same as
- message. No function change but this mirrors how they are
- allocated.
+ * parse.c:
+ now uses user_gid
+ [4b9303ae45fe]
-2001-07-16 23:33 millert
+ * sudo.c:
+ fixed off by one error in allocation NewArgv
+ [921ea1a4e7c6]
- * configure: regenerate
+ * parse.c:
+ in sudoers, 'command ""' now means command with no args
+ [a5273648ace2]
-2001-07-16 23:33 millert
+ * configure.in:
+ added check for fnmatch(3) and fnmatch.h
+ [258916a7866f]
- * configure.in: remove some backslash quotes that are unneeded
+ * config.h.in:
+ added HAVE_FNMATCH
+ [b9860d361e93]
-2001-07-16 23:30 millert
+ * Makefile.in:
+ replaced wildcat.* with fnmatch.*
+ [03ad9ee21a1c]
- * configure.in: o Tweaks to make this work with autoconf-2.50 o Use
- AC_LIBOBJ instead of changing LIBOBJS directly o Use
- AC_REPLACE_FUNCS where we can o Use AC_CHECK_FUNCS instead of
- AC_CHECK_FUNC so we don't have to AC_DEFINE things manually.
+ * testsudoers.c:
+ now uses fnmatch()
+ [5a7f7de987a9]
-2001-07-16 23:28 millert
+1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.guess, config.sub: Updated from autoconf-2.50
+ * parse.c:
+ now uses fnmatch() instead of wildmat a trailing star (*) by itself
+ now matches multiple args added support for wildcards in the
+ pathname in sudoers
+ [1f7fb950b868]
-2001-05-22 19:11 millert
+1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * README: Update mailing list section. We use mailman now, not
- majordomo.
+ * fnmatch.c:
+ now includes compat.h and config.h
+ [090206b95cf8]
-2001-05-10 14:55 millert
+ * config.h.in:
+ added HAVE_FNMATCH_H
+ [90eb42150173]
+
+ * configure.in:
+ now checks for alloca() (if needed by bison or dce) and links with
+ -lPW if it contains alloca() and libv and compiler do not.
+ [cfa2b3cef49a]
+
+ * emul/fnmatch.h, fnmatch.3, fnmatch.c:
+ Initial revision
+ [20b1f762a32a]
- * getspwuid.c, logging.c, sudo.c: Use setpwent()/endpwent() + all
- the shadow variants to make sure we don't inadvertantly leak an
- fd to the child. Apparently Linux's shadow routines leave the fd
- open even if you don't call setspent(). Reported by
- mike@gistnet.com; different patch used.
+1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now fixes mode on sudoers if set to 0400 to aid in upgrade
+ [d4bdfd521820]
-2001-04-12 21:43 millert
+1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fixed pod2man usage
+ [5adf2ec77b27]
+
+ * Makefile.in, configure.in, version.h:
+ ++version
+ [b4029de876d0]
- * sudoers.pod: s/eg./e.g./
+ * testsudoers.c, visudo.c:
+ runas_user is now initialized to "root"
+ [8537d97bff39]
-2001-04-12 21:42 millert
+ * sudo.h:
+ removed PERM_FULL_ROOT
+ [241f8bbf647f]
- * tgetpass.c: select() may return EAGAIN. If so, continue like we
- do for EINTR.
+ * sudo.c:
+ runas_user defaults to "root" so no more need to PERM_RUNAS
+ [fc0c0dfc72ba]
-2001-04-12 21:41 millert
+ * parse.c:
+ will now only running commands as root if there was no runas list
+ (or if root is in the runas list)
+ [40c587666c81]
- * logging.c: Fix a non-exploitable buffer overflow in the word
- splitting code. This should really be rewritten.
+ * logging.c:
+ now logs "USER=%s"
+ [b733504c87fd]
-2001-04-12 21:41 millert
+ * parse.yacc:
+ runas_matches is now set to false if we get a negative match
+ [5495b150b300]
- * Makefile.in: FAQ link goes away
+ * parse.lex:
+ make #uid work + some minor cleanup
+ [07851bbce03a]
-2001-04-12 21:40 millert
+ * sample.sudoers:
+ added support for NOPASSWD and "runas" from garp@opustel.com /
+ [7a9c67b51fa5]
- * INSTALL: Tell people to look in sample.syslog.conf for examples,
- not FAQ
+ * visudo.c:
+ added support for "runas" from garp@opustel.com replaced
+ SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
+ SUDOERS_MODE
+ [e714209b9885]
-2001-04-12 21:40 millert
+ * testsudoers.c:
+ added support for "runas" from garp@opustel.com
+ [b837f856da10]
- * TROUBLESHOOTING: Update list of env vars that are cleared
+ * sudo.h:
+ added support for NO_PASSWD and runas from garp@opustel.com replaced
+ SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
+ fro SUDOERS_MODE
+ [cea6f26679b7]
-2001-04-12 21:36 millert
+ * sudo.c:
+ added support for NO_PASSWD and runas from garp@opustel.com replaced
+ SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
+ SUDOERS_MODE
+ [61b5434237c5]
- * sudo.c: remove struct env_table decl since that stuff has all
- moved to env.c
+ * parse.yacc:
+ added support for NO_PASSWD and runas from garp@opustel.com
+ [72ebd3056f22]
-2001-04-04 13:17 millert
+ * parse.c, parse.lex:
+ added support for NO_PASSWD and runas from garp@opustel.com
+ [fef6dbdd114d]
- * fileops.c: Fix a pasto in flock-style unlocking and include
- <sys/file.h> for flock on older systems; twetzel@gwdg.de
+ * logging.c:
+ added support for SUDOERS_WRONG_MODE and "runas"
+ [e794efc2b443]
-2001-04-04 13:14 millert
+ * configure.in:
+ added --with-CC only link with -lshadow on linux (with shadow pw) if
+ libc lacks getspnam()
+ [3ecf4ae21002]
- * configure: regen to get NeXT lockf/flock fix
+ * OPTIONS, options.h:
+ removed NO_PASSWD since it is not possible to do this in the sudoers
+ file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
+ SUDOERS_GID. Added SUDOERS_MODE.
+ [2eaa4891ef48]
-2001-04-04 13:14 millert
+ * Makefile.in:
+ now uses SUDOERS_UID and SUDOERS_GID
+ [8d615f0fdb2a]
- * configure.in: force NeXT to use flock since lockf is broken
+1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-03-30 08:54 millert
+ * INSTALL:
+ added --with-CC
+ [a1b8286a81b8]
- * check.c: Use stashed user_gid when checking against exempt gid
- since sudo sets its gid to a a value that makes sudoers readable.
- Previously if you used gid 0 as the exempt group everyone would
- be exempt. From Paul Kranenburg <pk@cs.few.eur.nl>
+1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-03-29 13:14 millert
+ * parse.lex:
+ added double quote support
+ [a5e4fc7e3a2b]
- * configure: regen
+ * sudoers.pod:
+ documented double quoting
+ [c6ea47969a44]
-2001-03-29 13:08 millert
+1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6
- aparently defines some types (such as ssize_t) therein.
+ * mkinstalldirs:
+ Initial revision
+ [dcb86d65ad8f]
-2001-03-02 09:09 millert
+ * check.c:
+ fixed some indentation
+ [4d1c5ab8072b]
- * defaults.c: Fix negation of paths in a boolean context. Problem
- found by apt@UH.EDU
+ * Makefile.in:
+ fixed a typo
+ [0d27eebc7227]
-2001-02-23 13:03 millert
+ * Makefile.in:
+ added install-dirs .
+ [f499b99b8be7]
- * visudo.c: pasto
+1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-02-17 16:11 millert
+ * dce_pwent.c:
+ new version from "Jeff A. Earickson" <jaearick@colby.edu>
+ [422481be5fbd]
- * visudo.c: SA_RESETHAND means the opposite of what I was
- thinking--oops To block all signals in old-style signals use ~0,
- not 0xffffffff
+1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-02-04 11:16 millert
+ * configure.in:
+ $CSOPS -> $with_csops (whoops, missed one)
+ [b04c6948130e]
- * defaults.c: coerce difference of pointers to int when used in a
- string length printf format; deraadt@openbsd.org
+ * BUGS:
+ updated
+ [c4d5713e227d]
-2001-01-17 11:34 millert
+ * parse.lex:
+ FQHOST now has same constraints as non-FQHOST
+ [e1c3bf2381d1]
- * visudo.c: Block all signals in Exit() to avoid a signal race.
- There is still a tiny window but I'm not going to worry about it.
+ * INSTALL:
+ added note about OS's w/ shadow passwords turned on by default
+ [166257f43be4]
-2001-01-07 13:57 millert
+1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: glibc uses the LANGUAGE env var so clear that too; Solar
- Designer
+ * configure.in:
+ fixed a typo
+ [e5c3e2e9a359]
-2001-01-07 13:55 millert
+ * configure.in:
+ added support for --without-THING sanitized shadow pw situtation by
+ adding support for
+ --without-C2
+ [65dc6bf64cce]
- * lex.yy.c: Regenerate with a fix to flex.skl that preserves errno
- from clobbering by isatty().
+ * tgetpass.c:
+ fixed a typo wrt placement of an end paren
+ [a8780f818231]
-2000-12-30 20:39 millert
+ * check.c:
+ was closing an fd that may not have been opened
+ [760271c7bdc9]
- * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sia.c, sudo_auth.c:
- Some defaults I_ defines got renamed.
+1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-12-30 20:38 millert
+ * OPTIONS, options.h, sudo.c:
+ added NO_PASSWD
+ [28ff1dc93d7a]
- * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
- defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
- set_perms.c, sudo.c: Move defaults info into its own files from
- which we generate .h and .c files. This makes adding or
- rearranging variables much simpler.
+1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-12-30 16:58 millert
+ * configure.in:
+ now always use shadow pw on some arches
+ [069161ccffda]
- * configure, configure.in: fix typo in last commit
+1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-12-30 16:55 millert
+ * configure.in:
+ added pyramid support
+ [a0eb57a3a531]
- * compat.h, config.h.in, configure, configure.in: Add check +
- emulation for setegid (like seteuid).
+ * configure.in:
+ no longer check for C2 if alternate passwd method is used no longer
+ check for some libs twice
+ [2d0c3c902b40]
-2000-12-30 16:22 millert
+ * parse.yacc:
+ moved fqdn stuff into parse.lex (FQHOST)
+ [d9c9abd481d8]
- * env.c: Make env_keep override badenv_table as documented Fix
- traversal of badenv_table (broken in last commit)
+ * parse.lex:
+ added FQHOST rules
+ [4a1695acff6d]
-2000-12-29 22:59 millert
+ * tgetpass.c:
+ now define TCSASOFT in necesary
+ [3fac2e21c9ab]
- * set_perms.c, sudo.c, sudo.h: Don't try and build saved uid
- version of set_perms on systems w/o them. Rename
- set_perms_saved_uid() -> set_perms_posix() Make
- set_perms_setreuid simply be set_perms_fallback() and simply
- include the appropriate function at compile time (setreuid()
- vs. setuid()).
+ * tgetpass.c:
+ now uses read/write instead of stdio string goop to avoid problems
+ with select(2)
+ [67fd174e518c]
-2000-12-29 22:45 millert
+ * OPTIONS, find_path.c, options.h:
+ -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
+ [d05ba5100d28]
- * sudoers.pod, sudoers.cat, sudoers.man.in: PATH is also preserved
- when env_reset is in effect
+1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-12-29 22:29 millert
+ * INSTALL:
+ added note about no shadow auto-detect if using alternate auth
+ schemes
+ [b425592232a3]
- * CHANGES, env.c, Makefile.in, check.c, compat.h, config.h.in,
- configure, configure.in, defaults.c, defaults.h, find_path.c,
- getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
- sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
- testsudoers.c, visudo.c, visudo.cat, visudo.man.in: New Defaults
- options: o stay_setuid - sudo will remain setuid if system has
- saved uids or setreuid(2) o env_reset - reset the environment to
- a sane default o env_keep - preserve environment variables that
- would otherwise be cleared
+ * configure.in:
+ don't check for C2 if AFS or DCE (unless they said --with-C2)
+ [61342962171a]
- No longer use getenv/putenv/setenv functions--do environment
- munging by hand. Potentially dangerous environment variables can
- be cleared only if they contain '/' pr '%' characters to protect
- buggy programs. Moved environment routines into env.c (new file)
+ * testsudoers.c:
+ now groks shost
+ [85dda17303f6]
-2000-12-29 22:17 millert
+ * OPTIONS, find_path.c, options.h:
+ added NO_DOT_PATH
+ [c261ca1fb196]
- * INSTALL: Clear up --without-passwd description
+1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-12-29 19:39 millert
+ * find_path.c:
+ checkdot now works correctly
+ [3bc4835bb3e9]
- * sudo_setenv.c, putenv.c: We now build up a new environment from
- scratch and assign it to "environ".
+1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-12-18 22:35 millert
+ * configure.in:
+ can't have DCE and C2 passwords both...
+ [fb9a8ab7ca66]
- * sudo.pod, visudo.pod: Grammatical fixes from Paul Janzen
+1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-12-14 23:19 millert
+ * parse.yacc, sudo.c, sudo.h, visudo.c:
+ now uses shost even if not FQDN
+ [87f7498b3a1f]
- * visudo.c: If there was a syntax error and the user just wants to
- quit, unlink sudoers if it is zero length.
+ * configure.in:
+ now looks for skey in /usr/lib and doesn't require libskey to be in
+ /usr/local/lib just because skey.h is (for my netbsd box :-)
+ [ceb1763e37d2]
-2000-12-14 23:10 millert
+ * aclocal.m4, config.h.in, pathnames.h.in:
+ _SUDO_PATH_ -> _CONFIG_PATH_
+ [84d97ad13d75]
- * visudo.c: 'Q' means ignore parse error, not 'q'
+ * aclocal.m4, sudo.pod:
+ /var/run/.odus -> /var/run/sudo
+ [922da220b8f5]
-2000-12-14 22:57 millert
+ * pathnames.h.in:
+ now uses _SUDO_PATH_TIMEDIR
+ [5ecab0155fdf]
- * visudo.c: Open sudoers for writing with mode SUDOERS_MODE From
- Dimitry Andric <dim@xs4all.nl>
+ * OPTIONS:
+ udpated FQDN
+ [361b6f7440c0]
-2000-12-13 12:23 millert
+ * aclocal.m4, configure.in:
+ added SUDO_TIMEDIR
+ [368c95c8c950]
- * set_perms.c: Add missing #ifdef HAVE_LOGIN_CAP_H;
- ayamura@ayamura.org
+ * config.h.in:
+ added _SUDO_PATH_TIMEDIR
+ [3879864d808c]
-2000-12-09 11:46 millert
+ * sudo.pod:
+ updated wrt /var/run/sudo
+ [9e14f2a429d3]
- * config.guess, config.sub: Darwin / Mac OS X support from Wilfredo
- Sanchez <wsanchez@apple.com>
+ * sudo.c, sudo.h:
+ added support for shost if FQDN
+ [51a3f51a09a1]
-2000-11-03 09:36 millert
+ * parse.yacc, visudo.c:
+ now uses shost if FQDN
+ [d19da2e92b42]
- * sudo.c, visudo.c: Use exit(127), not exit(-1)
+ * check.c:
+ Now use skeylookup() instead off skeychallenge()
+ [4c7438bb2ae0]
-2000-11-03 00:37 millert
+1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.h, set_perms.c, sudo.c, Makefile.in, defaults.c: Move
- set_perms() to its own file and use POSIX saved uid or setreuid()
- if available.
+ * logging.c:
+ mail_argv should not contain ALERTMAIL as it includes "-t"
+ [67ffaaa8f843]
- Added stay_setuid option for systems that have libraries that
- perform extra paranoia checks in system libraries for setuid
- programs (ie: anything with issetugid(2)).
+1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-11-02 20:28 millert
+ * INSTALL, Makefile.in, README, configure.in, version.h:
+ ++version
+ [e08fd4a809fc]
- * sudo.c: strip more bits from the environment and add a facility
- for stripping things only if they contain '/' or '%' to address
- printf format string vulnerabilities in other programs.
+ * compat.h:
+ added more _PASSWD_LEN stuff -- now uses PASS_MAX too
+ [2f20c3153689]
-2000-11-02 12:55 millert
+ * tgetpass.c:
+ now includes limits.h moved _PASSWD_LEN -> compat.h
+ [b1ca3cafdacc]
- * configure: regen
+1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-11-02 12:55 millert
+ * INSTALL, README:
+ ++version
+ [3eacf32803f5]
- * configure.in: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache
- the existence of strcasecmp().
+ * Makefile.in:
+ ++versoin
+ [3b91c317630a]
-2000-11-02 12:46 millert
+ * Makefile.in:
+ fixed a typo
+ [3661ac4a7803]
- * configure: regen
+ * configure.in:
+ ++version
+ [60e842973745]
-2000-11-02 12:46 millert
+1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: Check for strcasecmp(3) in -lc89 for NCR Unix
+ * RUNSON:
+ updated
+ [def2c3c24195]
-2000-11-01 10:22 millert
+ * CHANGES:
+ done for 1.4.1 (I hope)
+ [2ab543769a40]
- * config.h.in: Define HAVE_INNETGR #ifdef HAVE__INNETGR
+ * sudoers.pod:
+ added info on wildcards
+ [ce3bd41bc063]
-2000-11-01 10:17 millert
+ * sample.sudoers:
+ added wildcard example
+ [762feb0577bd]
- * configure: regen
+ * Makefile.in:
+ now uses *.pod to build *.man and *.cat & *.html
+ [3ec14962028b]
-2000-11-01 10:17 millert
+ * configure.in:
+ addedSUDO_PROG_BSHELL !ll
+ [3c80b320bf16]
- * compat.h, config.h.in, configure.in: Add check for _innetgr(3)
- since NCR systems have that instead of innetgr(3).
+ * visudo.pod:
+ fixed up some formatting
+ [12166c434526]
-2000-10-31 14:16 millert
+ * sudoers.pod:
+ redid section describing sample sudoers stuff
+ [b8065cceec71]
- * auth/securid.c: check return value of creadcfg() call sd_close()
- after sd_auth() store username in sd->username so we don't rely
- on the USER env variable
+ * sudo.pod:
+ fixed some formatting
+ [aa9a681add0f]
-2000-10-29 23:00 millert
+ * getspwuid.c:
+ now treats "" as bourne shell
+ [30194a72ad56]
- * INSTALL: document --with-bsdauth
+ * Makefile.in:
+ TESTOBJS nwo includes wildmat.o
+ [86cc6500f84d]
-2000-10-29 22:57 millert
+ * testsudoers.c:
+ now works with NewArg[cv]
+ [2f72674ce942]
- * configure: regen
+ * sudo.c:
+ removed an XXX (fixed it in getspwuid.c)
+ [e791ee0d1a68]
-2000-10-29 22:56 millert
+ * aclocal.m4:
+ added check for bourne shell
+ [a2fd51676b8a]
- * configure.in: --with-bsdauth assumes --with-logincap
+ * pathnames.h.in:
+ added _PATH_BSHELL
+ [e7c10011d47b]
-2000-10-29 22:45 millert
+ * config.h.in:
+ added _SUDO_PATH_BSHELL
+ [6a1182898de9]
- * auth/: bsdauth.c, fwtk.c: When prompting for a response to a
- challenge, if the user just hits return then reprompt with echo
- turned on.
+1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-10-29 17:31 millert
+ * visudo.c:
+ unixware vi returns 256 instead of 0
+ [234ffc7c6786]
- * sudo.c: Remove debugging code that should not have been
- committed, oops.
+ * INSTALL:
+ added Linux note
+ [5f85efcd2b58]
-2000-10-29 17:31 millert
+ * logging.c:
+ fixed up some XXX's. file log format now looks a little more like
+ real syslog(3) format.
+ [6df55707bfc3]
- * auth/bsdauth.c: Use lower-level routines and get the password
- ourselves. Checks for a challenge and if there is one echo is
- not turned off.
+ * README, TROUBLESHOOTING:
+ updated wrt lex/flex
+ [eb787d69156b]
-2000-10-29 17:30 millert
+ * Makefile.in:
+ commented out rule to build lex.yy.c from parse.lex since we ship
+ with a pre-flex'd parser
+ [7507e2ce4a95]
- * auth/: pam.c, sudo_auth.h: minor housekeeping, no real code
- changes
+ * parse.c, parse.yacc, visudo.c:
+ path_matches -> command_matches
+ [0bd469424f86]
-2000-10-27 18:41 millert
+ * logging.c:
+ eliminated some strcat()'s
+ [9878a79bc374]
- * sudo.c: Fix a coredump in the logging functions if gethostname(2)
- fails by deferring the call to log_error() until things are
- better setup.
+ * configure.in:
+ no longer checks for lex/flex (now assumes flex)
+ [a086ccc73798]
- Fix return value of set_loginclass() in non-BSD-auth case.
+ * configure.in:
+ now checks for $kerb_dir_candidate/krb.h instead of just
+ kerb_dir_candidate
+ [9133bc3c5208]
- Hard-code 'sudo' in the usage message so we can fit more options
- on a line
+1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-10-27 18:35 millert
+ * parse.yacc:
+ now use a 'hook' expression instead of an iffy one :-)
+ [9560df01b8c0]
- * logging.c: Fix errant ';' (typo) that broken MSG_ONLY
+1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-10-26 13:03 millert
+ * visudo.c:
+ now works with new sudo arg stuff
+ [310a0d43ddad]
- * sudo.cat, sudo.man.in: regen
+ * parse.yacc:
+ fixed dereferencing deadbeef
+ [474ef8a8006b]
-2000-10-26 13:01 millert
+ * sudo.c:
+ changed an occurrence of Argv to NewArgv
+ [205b012b7691]
- * sudo.pod: Document -a flag
+ * parse.lex:
+ took out support for quoted commands since there is no need...
+ [5c5036d353b1]
-2000-10-26 12:42 millert
+ * parse.c:
+ fixed a typo in a for() loop
+ [7e8d5283c43b]
- * Makefile.in, config.h.in, configure, configure.in, getspwuid.c,
- sudo.c, auth/sudo_auth.h, auth/bsdauth.c: Add support for BSD
- authentication.
+ * logging.c:
+ protected against dereferencing rogue pointers
+ [56debd517717]
-2000-10-19 10:09 millert
+ * sudo.c:
+ now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
+ also allows us to eliminate some kludges in parse_args() and
+ eliminate superfluous code.
+ [5122f66ad150]
- * sudoers.pod: Fix typo; from sato@complex.eng.hokudai.ac.jp
+ * logging.c:
+ no longer uses cmnd_args, now uses NewArgv instead.
+ [abddd23cf068]
-2000-10-12 09:49 millert
+ * sudo.h:
+ added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
+ (no longer used)
+ [78410984fb05]
- * sudoers.pod: Mention negating umask
+ * Makefile.in:
+ added wildmat.c to SRCS & SUDOBJS
+ [3800efb41794]
-2000-10-12 01:30 millert
+ * parse.yacc:
+ COMMAND is now a struct containing the path and args
+ [5c32822c5b94]
- * defaults.c: Allow user to specify umask of 0777 (same as !umask)
+ * parse.lex:
+ replaced append() with fill_cmnd() and fill_args. command args from
+ a sudoers entry are now stored in an arrary for easy matching.
+ [a981d7f4eb0d]
-2000-10-08 21:46 millert
+ * parse.c:
+ command line args from sudoers file are now in an array like ones
+ passed in from the command line
+ [1d9e37e84519]
- * sudo.pod, visudo.pod: Fix a typo and give a URL for the sudo
- history.
+1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-10-08 12:25 millert
+ * parse.c:
+ wildwat stuff now works
+ [49d16488531f]
- * defaults.c, sudo.pod: fix typos; pepper@reppep.com
+1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-09-14 16:48 millert
+ * version.h:
+ ++version
+ [53e55463ef89]
- * sudo.c, sudo.h, sudo_setenv.c: sudo_setenv() now exits on memory
- alloc failure instead of returning -1.
+ * Makefile.in:
+ ++version added wildmat.*
+ [0508297a4711]
-2000-09-07 17:41 millert
+1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Strip out NLSPATH and PATH_LOCALE from the environment
- for FreeBSD and possibly others.
+ * parse.lex:
+ added support for quoted commands (w/ or w/o args)
+ [b9a637155673]
-2000-09-07 10:43 millert
+1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c: Don't use vsyslog(3) since HP-UX (and others?) lack
- it. This means that "%m" won't be expanded but we don't use that
- anyway since the logging routines may splat to stderr as well.
+ * sudo.pod, visudo.pod:
+ cleaned up formatting
+ [4591d4195437]
-2000-09-06 21:35 millert
+ * sudo.pod, visudo.pod:
+ Initial revision
+ [7564a8242750]
- * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
- sudoers.pod: Add always_set_home variable
+1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-09-06 21:24 millert
+ * sudoers.pod:
+ looks reasonable, could be mroe readable
+ [a5be2d19d9e0]
- * configure, configure.in: Have to hard code default values in help
- since the defaults are set _after_ the help stuff.
+ * sudoers.pod:
+ Initial revision
+ [957888be31a6]
-2000-08-31 13:08 millert
+1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * lex.yy.c, parse.lex: Allow special characters (including '#') to
- be embedded in pathnames if quoted by a '\\'. The quoted chars
- will be dealt with by fnmatch(). Unfortunately, 'sudo -l' still
- prints the '\\'.
+ * RUNSON:
+ updated
+ [633743aa924b]
-2000-08-13 17:10 millert
+ * OPTIONS:
+ updated NO_ROOT_SUDO entry
+ [f1c15b1dec9e]
- * install-sh: Better path searching for programs we need.
+1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-08-13 17:10 millert
+ * RUNSON:
+ *** empty log message ***
+ [5b63de579ff7] [SUDO_1_4_0]
- * TROUBLESHOOTING: Add section on "C compiler cannot create
- executables" errors.
+ * sudo.c:
+ fixed SECURE_PATH
+ [6002889f606d]
-2000-08-13 17:10 millert
+ * RUNSON:
+ udpa`ted for 1.4
+ [6014a8592815]
- * Makefile.binary, Makefile.in, version.h: Crank version
+ * configure.in:
+ AIX aixcrypt.exp now uses $(srcdir)
+ [b0d57674fef4]
-2000-08-13 17:09 millert
+ * TROUBLESHOOTING:
+ added entry for anal ansi compilers
+ [4193cec1c6b1]
- * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
- sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
- visudo.man.in, visudo.pod: Substitute values from configure into
- man pages.
+1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-08-12 16:48 millert
+ * INSTALL:
+ added info on libcrypt_i for SCO
+ [575497d56698]
- * parse.c, sudo.c: The listpw and verifypw sudoers options would
- not take effect because the value of the default was checked
- *before* sudoers was parsed. Instead of passing in the value of
- PWCHECK_* to sudoers_lookup(), pass in the arg for def_ival() so
- the check can be deferred until after sudoers is parsed.
+ * TODO:
+ *** empty log message ***
+ [d0aaf67b9913]
-2000-08-11 15:41 millert
+ * sample.sudoers:
+ added comments
+ [a7773f7eda8d]
- * tgetpass.c: When writing prompt, no need to write the NUL as
- well; hag@linnaean.org
+ * TODO:
+ 1.4 release
+ [1dade29e9fd9]
-2000-06-09 12:25 millert
+ * CHANGES:
+ ++version
+ [67241be40780]
- * install-sh: When looking for chown, check in /sbin too
+ * INSTALL, OPTIONS, README, config.h.in, configure.in:
+ ++version
+ [2e0a37897f68]
-2000-06-04 22:57 millert
+ * BUGS:
+ ++version and fixed ISC
+ [78963f01a0e3]
- * visudo.c: Remove extraneous call to init_defaults() and set
- runas_user to NULL betweem parses so init_defaults will reset it
- each time, thus avoiding a reference to free()d data.
+ * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
+ goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
+ sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ visudo.c:
+ ++version
+ [b6227f29b3d9]
-2000-06-04 19:57 millert
+ * interfaces.c:
+ added STUB_LOAD_INTERFACES ++version
+ [d8150a3fd577]
- * config.h.in, interfaces.c, interfaces.h, sudo.c: Add support for
- using getifaddrs() to get the list of ip addr / netmask pairs.
- Currently IPv4-only.
+ * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
+ version.h:
+ ++version
+ [da9e90e69bdc]
-2000-06-04 19:51 millert
+ * PORTING:
+ added info about fd_set in tgetpass added info on interfaces.c
+ [a39902febd17]
- * visudo.c: Add a missing check for UserEditor == NULL Add missing
- '+' before line number when invoking editor to fix a syntax error
+1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-05-12 16:55 millert
+ * dce_pwent.c:
+ added sudo header
+ [fc0f2c48682e]
- * sudo.c: Call clean_env very early in main() for paranoia's sake.
- Idea from Marc Esipovich.
+ * tgetpass.c:
+ fixed a typo
+ [43d40b72ee8f]
-2000-05-10 01:11 millert
+ * Makefile.in:
+ tgetpass.o is now only linked in with sudo (not visudo)
+ [7407c5ff11f8]
- * sudo.h: Update proto for evasprintf and easprintf
+1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-05-10 01:10 millert
+ * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
+ configure.in:
+ ++version
+ [9b82ad805d6b]
- * alloc.c: Make easprintf() and evasprintf() return an int.
+ * emul/utime.h:
+ added copyright notice
+ [4380f16cd075]
-2000-05-10 00:56 millert
+ * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+ ++version
+ [32717fdb5d05]
- * check.c: If the targetpw flag is set, use target username as part
- of the timestamp path. If tty tickets are in effect cat the tty
- and the target username with a ':' as the separator.
+ * tgetpass.c:
+ minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
+ [326864428da2]
-2000-05-09 12:05 millert
+ * configure.in:
+ ISC now gets -lcrypt now check for sys/bsdtypes.h
+ [e064799c054b]
- * auth/pam.c: Backout part of last change; setting PAM_USER to the
- invoking user breaks things like targetpw.
+ * config.h.in:
+ added check for sys/bsdtypes.h
+ [9adb9533c363]
-2000-05-09 11:52 millert
+1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: set tty and username via pam_set_item
+ * parse.yacc:
+ removed debugging stuff (setting freed ptr to NULL)
+ [02fe8eec63a0]
-2000-05-09 11:42 millert
+ * TROUBLESHOOTING:
+ added 2 entries
+ [02884e2733e2]
- * check.c, getspwuid.c, sudo.c, sudo.h, auth/sudo_auth.c: Fix root,
- runas, and target authentication for non-passwd file auth
- methods.
+ * Makefile.in:
+ added FAQ
+ [074d8dfcf28d]
-2000-04-22 14:15 millert
+ * TROUBLESHOOTING:
+ added section on syslog
+ [e6bc02a22b86]
- * sudo.pod, sudo.man.in, sudoers.man.in, sudoers.pod, visudo.pod,
- sudo.cat, sudoers.cat, visudo.man.in, visudo.cat: Use B<-Z> not
- C<-Z> for command line flags in all places. This is more
- consistent and works around a bug in Pod::Man.
+ * configure.in:
+ added AC_ISC_POSIX for better ISC support
+ [8436b3e12af2]
-2000-04-22 13:59 millert
+ * config.h.in:
+ fixed typo
+ [f1b3922babf4]
- * sudoers.cat, sudoers.man.in, sudoers.pod: Fix an occurence of
- 'semicolon' that should be 'colon'
+ * config.h.in:
+ added define for _POSIX_SOURCE
+ [ded6d92b34f9]
-2000-04-19 15:30 millert
+1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Fix --with-badpri help line
+ * configure.in:
+ fixed check for lsearch()
+ [75baa5bc28a3]
-2000-04-17 14:01 millert
+1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c, logging.c, sudo.c: Bracket calls to syslog with an
- openlog() and closelog() since some authentication methods (like
- PAM) may do their own logging via syslog. Since we don't use
- syslog much (usually just once per session) this doesn't really
- incur a performance penalty. It also Fixes a SEGV with pam_kafs.
+ * interfaces.c:
+ fixed for AIX now deal if num_interfaces == 0 (should not happen)
+ [ae450e859227]
-2000-04-15 16:32 millert
+1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Fix -H flag. runas_homedir is only valid after
- set_perms(PERM_RUNAS, mode)
+ * configure.in:
+ now only define HAVE_LSEARCH if there is a corresponding search.h
+ [8ce645c5d17f]
-2000-04-12 18:56 millert
+ * interfaces.c:
+ works on ISC again
+ [ccac920d424c]
- * INSTALL: Clarify the fact that insults are not enabled just by
- including them in the binary.
+1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-04-07 10:39 millert
+ * configure.in:
+ now define HAVE_LSEARCH if we find lsearch() in libcompat
+ [7343e4313a87]
- * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat,
- sudoers.cat, visudo.cat: Regenerated with perl 5.6.0 pod2man
+ * lsearch.c:
+ char * -> const char *
+ [1c0b11c2300a]
-2000-04-07 10:38 millert
+ * configure.in:
+ now looks in -lcompat for lsearch()
+ [a1cc1d6fcd09]
- * Makefile.in: Give date string to pod2man since its default is
- ugly and it ain't got no alibi.
+ * Makefile.in:
+ remove sudo.core visudo.core for clan target
+ [b523456a85df]
-2000-04-07 10:27 millert
+ * aclocal.m4:
+ added UID_MAX support in check for MAX_UID_T_LEN
+ [7ab262b1173f]
- * Makefile.in: Do section substitution on the output of pod2man and
- remove hack needed for old pod2man.
+ * Makefile.in:
+ fixed another occurence of sudo_getpwuid.*
+ [fb5809c07da2]
-2000-04-07 10:26 millert
+ * Makefile.in, getspwuid.c:
+ sudo_getpwuid.c -> getspwuid.c
+ [875f2ef808b4]
- * sudo.pod, sudoers.pod, visudo.pod: Put back real man sections, we
- will do the substitution later.
+ * configure.in:
+ moved the "echo"
+ [ad7b8f966076]
-2000-04-02 11:44 millert
+ * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
+ compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
+ getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
+ parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
+ sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ version.h, visudo.c:
+ ++version
+ [ee57c6410ffa]
- * configure, configure.in: Don't bother checking for the path to vi
- if user specified --with-editor
+ * testsudoers.c:
+ added group support
+ [54d8097df8bd]
-2000-04-01 17:25 millert
+ * sample.sudoers:
+ added group entry
+ [50994d31fd49]
- * CHANGES, visudo.c: Visudo now does its own fork/exec instead of
- calling system(3).
+ * sudoers.man:
+ documented group support
+ [0a16707f8fed]
-2000-04-01 16:23 millert
+ * parse.c, parse.lex, parse.yacc, visudo.c:
+ added group support
+ [427218c879c8]
- * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
- sudoers.pod, visudo.c: Visudo now checks for the existence of an
- editor and gives a sensible error if it does not exist.
+1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
- The path to the editor for visudo is now a colon-separated list
- of allowable editors. If the user has $EDITOR set and it matches
- one of the allowed editors that editor will be used. If not, the
- first editor in the list that actually exists is used.
+ * check.c:
+ tkfile was too short and overflowed the kerberos realm
+ [53823a1ff5af]
-2000-04-01 16:22 millert
+1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod, sudo.cat, sudo.man.in: Clear up confusion wrt sudo's
- return value.
+ * sudo.c:
+ now copy command args directly from Argv
+ [77408278b6fd]
-2000-03-27 12:08 millert
+ * sudo.c:
+ replaced code to copy cmnd_args so that is does not use realloc
+ since most realloc()'s really stink
+ [b29a0ff73fb6]
- * Makefile.in: Strip sudo and visudo for bindist target
+1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-03-26 22:26 millert
+ * configure.in:
+ syslog() fixed in hpux 10.01
+ [2648e6f0cdb0]
- * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
- sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Use
- @mansectsu@ and @mansectform@ in the man page bodies as well.
+1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-03-26 22:07 millert
+ * configure.in:
+ AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
+ [8f108b8d8711]
- * visudo.cat, visudo.man.in, visudo.pod: Typo: @sysconf@ ->
- @sysconfdir@
+ * configure.in:
+ better error if cannot find skey incs or libs
+ [5887662ee9d3]
-2000-03-26 21:57 millert
+ * aclocal.m4:
+ now use a temp file for determining max len of uid_t in string form.
+ the old hacky way broke on netbsd
+ [b68f470fa9f8]
- * Makefile.in: 'make dist' should not cause any files to be
- modified so remove its dependencies.
+ * sudo.c:
+ added set of parens and a space
+ [8a3d4826d022]
-2000-03-26 21:43 millert
+1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: Whoops, forgot to add release marker
+ * dce_pwent.c:
+ fixes from Jeff Earickson <jaearick@colby.edu> ,
+ [bde0f0b756ec]
-2000-03-26 11:57 millert
+ * check.c:
+ modified a comment
+ [e2a97f1afbbe]
- * CHANGES: Final change for 1.6.3 (or so I hope)
+ * Makefile.in:
+ fixed up testsudoers target
+ [d39c4e7bb609]
-2000-03-26 11:57 millert
+ * configure.in:
+ DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
+ SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
+ [da7a1c433828]
- * sudo.cat, sudoers.cat, visudo.cat: Use SYSV man sections since
- BSD systems will have nroff...
+ * Makefile.in:
+ LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
+ VISUDO_LDFLAGS
+ [4b69503e8487]
-2000-03-24 18:58 millert
+1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.yacc: When checking to see if the host/user matches in a
- defaults spec, check against TRUE, not just non-zero since it
- might be -1.
+ * configure.in:
+ fix for C2 on hpux 10 now uses -linet if it exists
+ [8d300112263d]
-2000-03-24 15:14 millert
+ * check.c:
+ LONG_SKEY_PROMPT is less of a klusge /
+ [dcc144abaac3]
- * configure.in, configure: OSF/1 puts file formats in section 4,
- not 5.
+ * configure.in:
+ fixed typos w/ dce stuff
+ [f7dfd6d4e149]
-2000-03-24 15:13 millert
+ * Makefile.in:
+ added dce_pwent.c
+ [79047acdc516]
- * CHANGES, INSTALL, sudo.c: Make login class support work on BSD/OS
+1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-03-23 20:24 millert
+ * INSTALL:
+ amended section on combining authentication mechanisms
+ [dc5138c7c716]
- * RUNSON: Update for 1.6.3
+ * PORTING:
+ minor updates for 1.3.6
+ [fe80c13bd994]
-2000-03-23 20:23 millert
+ * TROUBLESHOOTING:
+ added 2 more entries
+ [c7201439a0f5]
- * configure, configure.in: If there is no inet_addr but there *is*
- an __inet_addr that's ok since inet_addr is probably just a macro
- then. The better thing to do would be to look for the macro, but
- this is fine for now.
+ * BUGS:
+ updated for 1.3.6
+ [979b414d2a2d]
-2000-03-23 19:50 millert
+ * README:
+ overhauled
+ [3af8b60eb594]
- * configure, configure.in: Don't use shlicc for BSD/OS 4.x
+ * INSTALL:
+ rewrote for sudo 1.3.6
+ [b16027b9c726]
-2000-03-23 19:40 millert
+ * TROUBLESHOOTING:
+ added 3 entries
+ [934c9ee3f153]
- * Makefile.in, configure, configure.in: *.man lives in cwd, *.cat
- lives in $(srcdir), add a @mansrcdir@ configure variable so we
- can deal with this. Also, only remove *.man for 'distclean' not
- 'clean'.
+1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-03-23 19:16 millert
+ * find_path.c, getspwuid.c, sudo.c:
+ added explict casts for strdup since many includes don't prototype
+ it. gag me.
+ [3e19a11f2fcc]
- * sudo.c: set_loginclass() should be static like the proto says
+ * sudo.h:
+ removed prototype for sudo_getpwuid() since convex C compiler choked
+ on it.
+ [c3ea74ca67b0]
-2000-03-23 14:14 millert
+ * sudo.c:
+ added prototype for sudo_getpwuid()
+ [4a8e3cdc2b98]
- * fnmatch.c: Add #ifdef __STDC__ around the rangematch function
- header to avoid promotion of test to int, thus violating the
- prototype. Gcc handles this gracefully but more std ANSI
- compilers will complain.
+ * lsearch.c:
+ now compiles on strict ANSI compilers
+ [3ce5d72d0b08]
-2000-03-23 10:11 millert
+ * check.c:
+ added LONG_SKEY_PROMPT support
+ [48a18b8a2332]
- * emul/fnmatch.h: Pull in newer fnmatch(3) that supports
- FNM_CASEFOLD
+ * Makefile.in:
+ added extra $'s for make to eat up, yum.
+ [2995b214e12b]
-2000-03-23 10:11 millert
+ * OPTIONS, options.h:
+ added LONG_SKEY_PROMPT
+ [f23ae799b5a4]
- * aclocal.m4, configure, fnmatch.3, fnmatch.c: Pull in newer
- fnmatch(3) that supports FNM_CASEFOLD Check for FNM_CASEFOLD in
- configure
+1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-03-22 23:41 millert
+ * check.c:
+ s/key support now works with normal s/key as well as logdaemon
+ [d67573f523bf]
- * CHANGES, TODO: update for 1.6.3
+ * OPTIONS, options.h:
+ added SKEY_ONLY
+ [bbf07654e0de]
-2000-03-22 23:38 millert
+ * compat.h:
+ set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
+ [205895b96a36]
- * lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, sudo.tab.h,
- testsudoers.c, visudo.c: Fully qualified hosts w/ wildcards were
- not matching the FQHOST token type. There's really no need for a
- separate token for fully-qualified vs. unqualified anymore so
- FQHOST is now history and hostname_matches now decides which
- hostname (short or long) to check based on whether or not the
- pattern contains a '.'.
+ * INSTALL:
+ added DCE note added more AIX notes
+ [6345403b3522]
-2000-03-22 23:09 millert
+ * sudo.c:
+ now include pthread.h for DCE support
+ [6fe02865f679]
- * parse.c, parse.h, parse.yacc, sudoers.pod, testsudoers.c,
- visudo.c, sudoers.cat, sudoers.man.in: Add support for wildcards
- in the hostname.
+ * check.c:
+ dce_pwent() is ok after all .,
+ [d26a8746a55d]
-2000-03-22 22:50 millert
+ * logging.c:
+ now uses SYSLOG() macro that equates to either syslog() or
+ syslog_wrapper
+ [42ac4cff8045]
- * Makefile.in: Add targets for *.man.in, using config.status to
- generate *.man from *.man.in
+ * dce_pwent.c:
+ minor formatting changes. renamed check() to somthing less generic
+ [71859f217be1]
-2000-03-22 22:20 millert
+ * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
+ visudo.c:
+ now uses user_pw_ent and simple macros to get at the contents
+ [f4cbf3e7145a]
- * sudoers.cat, sudoers.man.in, sudoers.pod: Document set_logname
- option and enbolden refs to sudo and visudo.
+1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-03-22 19:35 millert
+ * check.c:
+ simpler dec unix C2 support
+ [86bc8f75250e]
- * INSTALL, Makefile.in, aclocal.m4, configure, configure.in,
- sudo.cat, sudo.pod, sudo.man.in, sudoers.cat, sudoers.pod,
- visudo.cat, visudo.pod, sudoers.man.in, visudo.man.in: Add
- FreeBSD login.conf support (untested on BSD/OS) based on a patch
- from Michael D. Marchionna. configure now does substitution on
- the man pages, allowing us to fix up the paths and set the
- section correctly. Based on an idea from Michael D. Marchionna.
+ * getspwuid.c:
+ now sets crypt_type for DEC unix C2
+ [99aeadd18266]
-2000-03-22 19:27 millert
+1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/passwd.c: Better fix for handling HP-UX aging info.
+ * configure.in:
+ added csops paths for skey
+ [b8ca672e2117]
-2000-03-22 19:20 millert
+ * getspwuid.c:
+ now includes string.h for strdup() prototype
+ [3605259c3620]
- * sudo.c: Add support for set_logname run-time default
+ * getspwuid.c:
+ fixed a few typos
+ [46c97e4ea417]
-2000-03-22 19:17 millert
+ * check.c:
+ now includes skey.h
+ [11e611ce1b61]
- * sudo.man.in, sudoers.man.in, visudo.man.in: configure does
- substitution on these to produce *.man
+ * getspwuid.c:
+ fixed up comments
+ [223dac56f0c8]
-2000-03-22 19:16 millert
+ * check.c:
+ moved a lot of the shadow passwd crap to sudo_getpwuid()
+ [97d8887fb7d3]
- * sudo.man, sudoers.man, visudo.man: These files now get generated
- from *.man.in at configure time.
+ * sudo.c:
+ now uses sudo_pw_ent
+ [d014dadbef48]
-2000-03-22 18:40 millert
+ * testsudoers.c:
+ now uses sudo_pw_ent
+ [d92936ed7e34]
- * defaults.c, defaults.h: Add set_logname option so users can turn
- off setting of LOGNAME/USER environment variables.
+ * visudo.c:
+ now sets sudo_pw_ent
+ [ff75cdfcf8b3]
-2000-03-22 10:53 millert
+ * getspwuid.c:
+ Initial revision
+ [6deb6df9d7bc]
- * testsudoers.c, lsearch.c, parse.c: kill register
+ * tgetpass.c:
+ moved dce stuff into compat.h
+ [1124284396e7]
-2000-03-13 15:52 millert
+ * logging.c, sudo.h:
+ now uses sudo_pw_ent
+ [404ff20a5067]
- * auth/passwd.c: HP-UX adds extra info at the end for password
- aging so when comparing the result of crypt to pw_passwd we only
- compare the first len(epass) bytes *unless* the user entered an
- empty string for a password.
+ * Makefile.in:
+ added sudo_getpwuid.c
+ [6666d0644512]
-2000-03-13 11:05 millert
+ * compat.h:
+ added dce support
+ [3c3b36a7ce0e]
- * logging.c: Get rid of grandchild hack, it was causing problems
- and there is really no need for it. This fixes a bug where we
- spin eating up CPU when the user runs a long-running process like
- a shell.
+ * parse.yacc:
+ now uses sudo_pw_ent
+ [9f5e8d11bd68]
-2000-03-07 14:26 millert
+1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: User can always specify a login class if he/she is
- already root.
+ * check.c:
+ fixed exempt_group stuff for OS's that don't put base gid in group
+ vector
+ [003f153bd396]
-2000-03-06 23:29 millert
+ * check.c:
+ S/Key support now works with sunos4 shadow passwords
+ [1eb64a5efff1]
- * config.h.in, configure, configure.in, defaults.c, defaults.h,
- sudo.c, sudo.h: FreeBSD login class (login.conf) support.
+ * Makefile.in:
+ fixed clean rule
+ [5695a2c62816]
-2000-03-06 14:42 millert
+ * config.h.in, configure.in:
+ added DCE support
+ [f53c766c1947]
- * auth/sudo_auth.c: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes
- secureware support
+ * tgetpass.c:
+ DCE & KERB support
+ [904cf436506a]
-2000-03-03 18:04 millert
+ * check.c:
+ first stab at dce support
+ [aea5ca07b1e3]
- * auth/passwd.c: Truncate unencrypted password to 8 chars if
- encrypted password is exactly 13 characters (indicateing standard
- a DES password). Many versions of crypt() do this for you, but
- not all (like HP-UX's).
+ * dce_pwent.c:
+ now smells like sudo
+ [8b3d609b49cd]
-2000-03-01 21:01 millert
+ * dce_pwent.c:
+ Initial revision
+ [b573555f2399]
- * INSTALL, RUNSON: Mention that gcc on dynix may have problems
+ * check.c:
+ skey'd sudo now works w/ normal password as well
+ [8d038f9f6e94]
-2000-02-29 17:46 millert
+1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Link visudo with NET_LIBS since we now call syslog
- via defaults.c
+ * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
+ getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
+ parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
+ sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ version.h, visudo.c:
+ updated version number
+ [ba7e346d7904]
-2000-02-29 17:41 millert
+ * README:
+ updated to reflect version change
+ [1d15cf1d8cc8]
- * defaults.c: Use Argv[0] as the first arg to openlog() since
- visudo uses this too.
+ * configure.in:
+ --with options now line up ++version
+ [08ebf625fbca]
-2000-02-28 18:58 millert
+ * sudo.h:
+ removed unecesary S/Key stuff
+ [68188cba90af]
- * sudo.c: Stash coredumpsize resource limit and retsore it before
- the exec() Otherwise the child ends up with a coredumpsize of 0.
+ * configure.in:
+ fixed S/Key support
+ [f6d9cbc36618]
-2000-02-26 22:56 millert
+ * Makefile.in:
+ -I stuff now goes in CPPFLAGS
+ [7b8e53c5b046]
- * sudo.cat, sudo.man, sudo.pod: document -S flag
+ * check.c:
+ fixed SKey support
+ [52c1a5cf4435]
-2000-02-26 22:54 millert
+ * README:
+ updated version
+ [bed6498a10bb]
- * sudo.c: fix usage string
+ * OPTIONS:
+ fixed description of EXEMPTGROUP
+ [cfeead55edc2]
-2000-02-26 22:48 millert
+ * sudo.c:
+ more people use _RLD_ than just alphas...
+ [6a3c7090a6f6]
- * CHANGES, RUNSON, TODO, sudo.c, sudo.h, tgetpass.c,
- auth/aix_auth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Added
- -S flag (read passwd from stdin) and tgetpass_flags global that
- holds flags to be passed in to tgetpass(). Change echo_off param
- to tgetpass() into a flags field. There are currently 2 possible
- flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(),
- abstract the echo set/clear via macros and if (flags & TGP_ECHO)
- but echo is not set on the terminal, but sure to set it.
+ * Makefile.in:
+ replaced $man_prefix with $mandir
+ [dc4b36a550e2]
-2000-02-26 22:11 millert
+ * configure.in:
+ fixed a typo
+ [a38a4acddcaf]
- * tgetpass.c: Fixed a bug that caused an infinite loop when the
- password timeout was disabled.
+ * Makefile.in:
+ now use more GNU'ish dir names
+ [c5498391a520]
-2000-02-18 12:56 millert
+ * configure.in:
+ now set *dir correctly (can override from command line)
+ [523ff98fd438]
- * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
- sudoers.cat, sudoers.man, sudoers.pod, visudo.c: Add rootpw,
- runaspw, and targetpw options.
+ * sudo.c:
+ now deal with situations where we getwd() fails
+ [88a9e61dccbb]
-2000-02-18 12:11 millert
+1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ added etc_dir, bin_dir, sbin_dir
+ [75fd08d92842]
- * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
- visudo.c: enveditor -> env_editor
+ * configure.in:
+ added sbin_dir
+ [3cb318c0d8d1]
-2000-02-15 19:07 millert
+ * Makefile.in:
+ now ship a flex-generated lex.yy.c
+ [4d083ed70dce]
- * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
- sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h,
- visudo.cat, visudo.man: crank versino to 1.6.3
+ * Makefile.in:
+ now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
+ [4d51dc9c3780]
-2000-02-15 19:03 millert
+ * pathnames.h.in:
+ _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
+ [773fd163d52f]
- * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
- sudoers.pod, visudo.c: Add 'editor' and 'enveditor' sudoers
- defaults and make visudo honor them. This means that visudo will
- now parse the sudoers file *before* it is edited so a bogus
- sudoers file will cause a warning to go to stderr. Also, visudo
- checks the variables once--it does not check them after each
- editor run since that could be confusing.
+ * options.h:
+ no more error for redefining SUDOERS_OWNER
+ [4ba336644c6a]
-2000-02-15 18:49 millert
+ * OPTIONS:
+ expanded SUDOERS_OWNER section
+ [12fae405759e]
- * RUNSON: 1.6.2 -> 1.6.2p1
+1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-02-15 18:36 millert
+ * visudo.c:
+ now warn if chown(2) failed
+ [d0d1db6e3a1f]
- * check.c, sudo.c, sudo.h: Move user_is_exempt prototype into
- sudo.h
+ * logging.c:
+ better default warning for NO_SUDOERS_FILE
+ [5260b458ac64]
-2000-02-13 13:38 millert
+ * sudo.c:
+ added missing set_perms() no more cryptic message if the sudoers
+ file is zero length, now just give a parse error
+ [b81ea724838a]
- * configure, configure.in: Fix thinko, some && should have been ||
- in the last commit
+ * logging.c:
+ better diagnostics if NO_SUDOERS_FILE
+ [877e878663c5]
-2000-02-13 13:28 millert
+ * sudo.c:
+ check_sudoers() now catches sudoers files that are not readable (but
+ are stat'able).
+ [fea05663b3de]
- * configure, configure.in: Don't initialized Makefile variables to
- be NULL since the user may want to import variables from their
- environment.
+1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-02-03 21:09 millert
+ * configure.in:
+ now add -D__STDC__ for convex cc (not gcc)
+ [c80fc53ff51b]
- * configure, configure.in: typo
+ * configure.in:
+ MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
+ [fe238226a057]
-2000-01-27 15:01 millert
+ * Makefile.in:
+ now uses exec_prefix & prefix from configure
+ [f62fca5f56bd]
- * INSTALL, RUNSON, configure, configure.in: Make pam work on HP-UX
- 11.0;jaearick@colby.edu
+ * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
+ parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
+ utime.c, visudo.c:
+ options.h is now <> instead of "" so shadow build trees can have a
+ custom copy of options.h
+ [e6782676099c]
-2000-01-27 15:01 millert
+ * check.c:
+ user_is_exempt() is no longer a hack, it now uses getgrnam()
+ [287f8d5356f7]
- * CHANGES: recent changes; prepare for 1.6.2p1
+ * options.h:
+ EXEMPTGROUP is now "sudo"
+ [61487304dbe1]
-2000-01-26 23:31 millert
+ * configure.in:
+ MAN_POSTINSTALL now contains a leading space
+ [eaad4ac34012]
- * find_path.c: Don't apply SECURE_PATH if user is example;
- jmknoble@pobox.com
+ * Makefile.in:
+ removed leading tab if @MAN_POSTINSTALL@ not defined now removes
+ testsudoers in clean:
+ [e01711baceb8]
-2000-01-26 16:21 millert
+ * tgetpass.c:
+ includes pwd.h to get _PASSWD_LEN definition
+ [8ec174f263f1]
- * sudoers.cat, sudoers.man, sudoers.pod: Expanded docs on sudoers
- 'defaults' options based on INSTALL file info.
+1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-01-26 16:21 millert
+ * sudo.c:
+ unset the KRB_CONF envariable if using kerberos so we don't get
+ spoofed into using a bogus server
+ [2561a0274fca]
- * INSTALL: Fix some while lies
+1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-01-24 10:48 millert
+ * parse.yacc:
+ now explicately initialize match[] tp be FALSE
+ [0e45e5c47766]
- * Makefile.in: When making a bindist, link FAQ to TROUBLESHOOTING
- instead of copying.
+1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-01-23 22:57 millert
+ * sudo.c:
+ removed unused variable now passes -Wall
+ [3452508bc16d]
- * sudoers.cat, sudoers.man, sudoers.pod: Add netgroup caveat
+ * parse.yacc:
+ yyerror and dumpaliases are now void's now passes -Wall
+ [2769dfb51993]
-2000-01-23 22:42 millert
+ * parse.lex:
+ added prototype for yyerror
+ [1f3f0c1b4ab4]
- * RUNSON: Last minute updates
+ * check.c, logging.c, parse.c:
+ now passes -Wall
+ [eab57e5e81d2]
-2000-01-23 22:26 millert
+ * interfaces.c:
+ rmeoved unused cruft now passes -Wall
+ [7a47e1866f4b]
- * TROUBLESHOOTING: PAM entry
+ * Makefile.in:
+ fixed headers that moved to emul dir
+ [e680c1e5049b]
-2000-01-23 22:23 millert
+ * logging.c:
+ fixed deref of nil pointer if no args
+ [973b9bea432f]
- * auth/pam.c: correct a comment
+1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-01-23 22:03 millert
+ * OPTIONS:
+ added a caveat to FQDN section
+ [dcf6e2a5fff4]
- * CHANGES, RUNSON: update for 1.6.2
+1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-01-23 21:59 millert
+ * Makefile.in:
+ more $srcdir support for install targets
+ [f6eac78436dd]
- * auth/pam.c: Better detection of PAM errors and fix custom prompts
- with PAM. Based on patches from "Cloyce D. Spradling"
- <cloyce@headgear.org>
+ * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
+ strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
+ don't include malloc.h if we include stdlib.h
+ [fca2ff307cd8]
-2000-01-20 11:15 millert
+ * parse.yacc:
+ local search.h now lives in emul
+ [51c458904424]
- * snprintf.c: Cast ULONG_MAX to unsigned long long when comparing
- to an unsigned long long value.
+ * check.c, utime.c:
+ local utime.h now lives in emul dir
+ [f92fc9e8c8de]
-2000-01-19 14:07 millert
+ * lsearch.c:
+ local search.h now lives in emul
+ [579efc407439]
- * CHANGES, config.h.in, configure, configure.in, visudo.c: Fix
- sudoers locking in visudo. We now lock the sudoers file itself,
- not the temp file (since locking the temp file can foul up
- editors). The previous locking scheme didn't work because the fd
- was closed too early.
+ * Makefile.in:
+ added support for building in other than the sourcedir
+ [2ab53a43f7d4]
-2000-01-19 13:37 millert
+1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, config.h.in, configure.in: Don't need test for
- ftruncate() any more.
+ * OPTIONS:
+ annotated CSOPS_INSULTS option
+ [9e57d45a0afa]
-2000-01-18 21:23 millert
+ * TROUBLESHOOTING:
+ updated shadow passwords blurb
+ [39b785bc7253]
- * configure, configure.in: Add a test for the -Aa flag w/ HP-UX's
- cc. Fixes compilation with the unbundled HP-UX cc.
+ * sudo.c:
+ if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
+ passes along foo as the arguments
+ [a91077aa8fc5]
-2000-01-18 17:00 millert
+1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.cat, sudoers.man, sudoers.pod: "a a" -> "a"; Aaron
- Campbell <aaron@cs.dal.ca>
+ * parse.lex:
+ collapsed pathname and dir sections into one -- its now less
+ expensive
+ [89caa03bec25]
-2000-01-17 18:46 millert
+ * parse.lex:
+ fixed spacing quoting [,:\\=] now works correctly append() and
+ fill() now take args to make the above work
+ [09d023d9ef3a]
- * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
- parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c,
- tgetpass.c, version.h, visudo.c: update copyright year on changed
- files
+ * sudo.c:
+ fixed a typo that caused commands with no tty on fd 0 but a tty on
+ fd 1 to erroneously have "none" as their tty
+ [07d2c0e7977c]
-2000-01-17 18:45 millert
+1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * RUNSON: updates
+ * check.c:
+ timestampfile is now a global static removed decl of timestampfile
+ in remove_timestamp since we can just use the global one
+ [f0cbdc6aab1c]
-2000-01-17 18:45 millert
+ * check.c:
+ created touch() to update timestamps added USE_TTY_TICKETS support
+ (bit of a kludge)
+ [cee1dd0318f8]
- * CHANGES: aix fix
+ * compat.h:
+ added _S_IFDIR and S_ISDIR
+ [b4a51cc9628e]
-2000-01-17 18:42 millert
+ * OPTIONS, options.h:
+ added USE_TTY_TICKETS
+ [b4e22f81f25e]
- * INSTALL: Crank version to 1.6.2
+ * parse.yacc:
+ removed const from casts for lsearch() & lfind() to placate irix 4.x
+ C compiler
+ [5003081f76ea]
-2000-01-17 18:11 millert
+1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: Crank version to 1.6.2
+ * sudo.c:
+ now only strip '/dev/' off of a tty if it starts with '/dev/'
+ [7f62bcd24039]
-2000-01-17 17:46 millert
+ * pathnames.h.in:
+ added _PATH_DEV
+ [6375f44d1910]
- * sudo.c: When using rlimit check for RLIM_INFINITY When computing
- the value of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
+ * configure.in:
+ AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
+ have termios.h
+ [9c60391235fd]
-2000-01-17 12:32 millert
+ * tgetpass.c:
+ fixed incorrect #ifdef termio uses "unsigned short" not int for
+ c_?flag
+ [d032e6a29845]
+
+ * parse.lex, parse.yacc:
+ fixed a spelling error
+ [cad6a944c7b1]
+
+ * Makefile.in:
+ fixed typo
+ [204a65403e7c]
+
+1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: recent changes
+ * Makefile.in:
+ fixed a comment
+ [268f760e57ad]
-2000-01-17 12:28 millert
+ * parse.yacc:
+ added dotcat() to cat 2 strings w/ a dot effeciently now that we
+ dynamically allocate strings they need to be free()'d
+ [ec2e2152f415]
- * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
- sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
- Crank version to 1.6.2
+ * parse.lex:
+ dynamically allocates space for strings
+ [d10ac3533d66]
-2000-01-17 12:25 millert
+ * sudo.h:
+ no more MAXCOMMANDLENGTH
+ [e2e1219bff8a]
+
+ * sudo.h:
+ added decl of tty
+ [c8ae81303ee5]
+
+ * logging.c, sudo.c:
+ moved tty stuff into sudo.c
+ [e028abefeb07]
+
+1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ fixed a logic bug. Was denying a command if user gave command line
+ args but there were none in the sudoers file which is wrong.
+ [7489a99b8e8a]
+
+ * sudo.h:
+ MAXCOMMMANDLEN dropped down to 1K
+ [38ef54ba290b]
+
+ * parse.lex:
+ return foo; -> return(foo);
+ [0e8be1b57001]
+
+ * parse.yacc:
+ fixed netgr_matches() prototype
+ [e69f15910464]
+
+ * parse.lex:
+ added support for escaping "termination" characters
+ [8bd4ef50f35c]
+
+ * parse.c:
+ buf is now of size MAXPATHLEN+1 since it never holds command args
+ [2ce4b763058c]
+
+ * sudo.c:
+ fixed comments
+ [0c74a3d2ebb0]
+
+ * goodpath.c:
+ fixed negation problem (doh!)
+ [782814e3a2d1]
+
+ * parse.yacc:
+ fixed 2nd parameter to lfind()
+ [63d7b1623c08]
- * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: Add
- 'shell_noargs' runtime option back in. We have to defer checking
- until after the sudoers file has been parsed but since there are
- now other options that operate that way this one can too. Based
- on a patch from bguillory@email.com.
+ * parse.lex:
+ now do bounds checking in fill() and append()
+ [54381b563251]
-2000-01-16 23:05 millert
+ * sudo.c:
+ include netdb.h as we should added a missing void cast added
+ SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
+ realloc actually moved the string instead of shrinking it
+ [897ccdec9c06]
+
+ * sample.sudoers:
+ updated with examples of new features
+ [9b3ed00e8aa6]
+
+ * goodpath.c:
+ now set errno to EACCES if not a regular file or not executable
+ [2d069548a5ea]
+
+ * find_path.c:
+ if given a fully-qualified or relative path we now check it with
+ sudo_goodpath() and error out with the appropriate error message if
+ the file does not exist or is not executable
+ [590f89dd8dec]
+
+ * emul/search.h, lsearch.c:
+ now use correct args for lfind
+ [fccdcdbf020e]
+
+ * logging.c:
+ added a comment
+ [fab9f49708ea]
+
+ * insults.h:
+ added in CSOps insults
+ [ad8eb1862adc]
+
+ * ins_csops.h:
+ Initial revision
+ [de5a475ec018]
+
+ * tgetpass.c:
+ added RCS id
+ [c3ffd550a482]
+
+ * sudo.h:
+ increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
+ [aba25c90d08a]
+
+ * OPTIONS:
+ added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
+ [e27bd62e9ccf]
+
+ * sudo.c:
+ fixed -k load_interfaces() now gets called if FQDN is set
+ -p now works with -s
+ [07ca2a34bae8]
- * defaults.c, defaults.h, parse.c, sudo.c, sudo.h: Add "listpw" and
- "verifypw" options.
+ * parse.c:
+ don't try to stat() "pseudo commands" like "validate"
+ [75527045984b]
-2000-01-16 22:57 millert
+ * options.h:
+ added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
+ [07b157a0eafd]
+
+ * configure.in:
+ added SecurID support added other insults to --with-csops
+ [6c992ceb244c]
+
+ * config.h.in:
+ added HAVE_SECURID
+ [e734ff617fe8]
+
+ * Makefile.in:
+ added clobber target added ins_csops.h now gets CFLAGS from
+ configure
+ [d1e29c7cec25]
- * sudoers.cat, sudoers.man, sudoers.pod: o Fix some typos/omissions
- o Add section on verifypw and listpw o Define how NOPASSWD
- interacts with the -v and -l flags
+ * aclocal.m4:
+ relaxed SUDO_FULL_VOID
+ [fb4084f27406]
+
+ * visudo.c:
+ function comment blocks are now in same style as rest of code
+ [04a2931354c5]
-2000-01-14 12:39 millert
+ * testsudoers.c:
+ added support for command line args in /etc/sudoers
+ [bfe4e1bcc655]
- * configure, configure.in: For HP-UX cc, add -Aa to CPPFLAGS. For
- HP-UX always add -D_HPUX_SOURCE to CPPFLAGS.
+ * sudoers.man:
+ updated to have command args in the sudoers file
+ [1cd34355e9ea]
+
+ * sudo.man:
+ added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
+ [930b48023b68]
+
+1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-01-14 12:29 millert
+ * parse.yacc:
+ PATH renamed to COMMAND
+ [4e109a6de3cd]
- * defaults.c, defaults.h: In struct sudo_defs_types, move the union
- to the end and don't initialize the union member since that only
- works with an ANSI compiler. We set the value of the union by
- hand in init_defaults() anyway. This allows sudo to compile on a
- K&R compiler again.
+ * parse.lex:
+ it is now a parse error for directories to have args attached to
+ them
+ [2ab10a146b54]
-2000-01-11 13:20 millert
+ * logging.c:
+ now say command args if telling user to buzz off
+ [933de26ded8b]
- * parse.c, parse.h, parse.yacc, testsudoers.c, visudo.c:
- netgr_matches needs to check shost as well as host since they may
- be different.
+ * sudo.c:
+ -s no longer indicates end of args sped up loading on cmnd_args in
+ load_cmnd()
+ [eac99a4da862]
-2000-01-11 13:17 millert
+ * parse.c:
+ removed an unreachable statement
+ [634302623c49]
- * tgetpass.c: End on \r as well as \n
+ * parse.lex:
+ made more efficient by pulling out the terminators when in GOTCMND
+ state and making them their own rule
+ [80798f1e1166]
-2000-01-02 23:53 millert
+1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Update statbuf.st_mode based on SUDOERS_MODE when we are
- chaning from 0400 to whatever SUDOERS_MODE is (converting from
- the old sudoers mode). Assumes that SUDOERS_MODE is less
- restrictive than 0400 which should always be the case.
+ * sudo.h:
+ removed MAXLOGLEN since it is no longer used
+ [102824196b71]
-2000-01-02 23:43 millert
+ * parse.lex:
+ now allows command args
+ [d29dfa1e5254]
- * parse.c, parse.yacc, sudo.c, sudo.h: Make treatment of -l and -v
- sane wrt NOPASSWD flags. Now allow -l w/o a passwd if there is
- *any* entry for the user on the host with a NOPASSWD flag. For
- -v, only allow w/o a passwd if *all* entries for the user on the
- host w/ the specified runas user have the NOPASSWD flag set.
+ * parse.c:
+ now groks command arguments
+ [6c414cb7f105]
-2000-01-02 23:26 millert
+ * logging.c:
+ now sets tty correctly when piped input
+ [de46a30c0406]
- * Makefile.in: add check target
+ * sudo.c:
+ fixed loading of cmnd_args (was including command name too)
+ [15319a425ea6]
-1999-12-16 13:02 millert
+ * logging.c:
+ fixed a core dump due to incorrect if construct
+ [582363c7d7fa]
- * visudo.c: Treat EOF at whatnow prompt like 'x' instead of
- looping.
+1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-12-10 00:09 millert
+ * configure.in:
+ only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
+ [da591fe9b931]
- * CHANGES: recent changes
+ * aclocal.m4:
+ fixed check for ISC
+ [52e59f2082a7]
-1999-12-08 23:04 millert
+ * sudo.c:
+ now sets cmnd_args used by log_error() and that will be used by the
+ parse to check against command args
+ [c6804389723b]
- * config.h.in, configure, configure.in, sudo.c: Add check for
- initgroups() since old SYSV lacks this.
+ * sudo.h:
+ added cmnd_args
+ [4d00446b4a8d]
-1999-12-08 22:54 millert
+ * logging.c:
+ now dynamically allocate logline since we can guess at its size
+ [4bed8c8446aa]
- * CHANGES, RUNSON, aclocal.m4, config.h.in, configure,
- configure.in, parse.c, testsudoers.c: o Kill HAVE_FNMATCH_H o
- Only define HAVE_FNMATCH if <fnmatch.h> exists.
+1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-12-06 01:47 millert
+ * logging.c:
+ cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
+ "register" since the compiler knows more than I do now do a
+ "basename" of the tty
+ [3b1bbf0b3da1]
- * CHANGES, RUNSON, insults.h, auth/sudo_auth.c: Don't allow insults
- to be enabled if the insults[] array is empty. Otherwise there
- would be division by zero.
+1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-12-06 01:25 millert
+ * configure.in:
+ ++version
+ [5ce552f9a5f1]
- * insults.h: Don't care about USE_INSULTS #define since the insult
- stuff may be overridden at runtime.
+ * sudo.h:
+ added shell extern changed MODE_* to be bit masks to allow for
+ several options together
+ [06f9dc4f400c]
-1999-12-06 01:23 millert
+ * sudo.c:
+ added -s (shell) option made MODE_* masks so we can do bitwise & and
+ | to see if multiple flags are set.
+ [01f8143010ad]
- * auth/sudo_auth.c: Honor insults flag.
+ * check.c:
+ added securid support
+ [909e078005fe]
-1999-12-05 19:14 millert
+1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, parse.c: Don't ask the user for a password if the user
- is not allowed to run the command and the authenticate flag (in
- sudoers) is false.
+ * logging.c:
+ removed a bunch of unnecesary strncpy()'s and replaced with strcat()
+ [644506b57d61]
-1999-12-05 19:05 millert
+1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, RUNSON, lex.yy.c, parse.lex: o Whenever we get a bare
- newline we change to the INITIAL state. o Enter GOTRUNAS when we
- see Runas_Alias
+ * Makefile.in, version.h:
+ ++version
+ [3cd6f1fbc3d9]
- This allows #uid to work in a RunasAlias.
+1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-12-05 14:06 millert
+ * parse.yacc:
+ fixed free() of an uninitialized pointer (yuck)
+ [8c404ee502ee]
- * CHANGES, parse.yacc: fix parsing of runas lists: o oprunasuser
- and runaslist now return a value o in a runasspec, if a runaslist
- does not return TRUE, set runas_matches to FALSE. Normally, a
- runaslist only returns FALSE for explicitly denied users. o
- since runaslist does not modify the stack there is no need for a
- push/pop in runasalias.
+ * testsudoers.c:
+ added netgr_matches
+ [e7c9fa2f774c]
-1999-12-04 21:54 millert
+ * parse.c:
+ cleaned up netgr_matches
+ [8108f00b810e]
- * check.c, sudo.c: Don't kill the user's tickets until after
- sudoers has been parsed since tty_tickets and ticket_dir could be
- set in sudoers.
+1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-12-04 21:18 millert
+ * RUNSON:
+ updated for 1.3.4
+ [4741704310a1]
- * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
- configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
- sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man: crank
- version to 1.6
+1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-12-04 21:18 millert
+ * Makefile.in:
+ now installs sudoers.man -- really should clean this up though.
+ [455631d45a1d]
- * testsudoers.c: add set_fqdn() stub
+ * Makefile.in:
+ added sudoers.cat and sudoers.man
+ [0bdedd6c7363]
-1999-12-02 15:31 millert
+ * sudo.man:
+ pulled out stuff on the sudoers file format into a separate man page
+ [de215d999cb9]
- * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
- sudoers.man, sudoers.pod, visudo.c: o Kill shell_noargs option,
- it cannot work since the command needs to be set before sudoers
- is parsed. o Fix the "set_home" sudoers option (only worked at
- compile time). o Fix "fqdn" sudoers option. We now set
- host/shost via set_fqdn which gets called when the "fqdn"
- option is set in sudoers. o Move the openlog() to
- store_syslogfac() so this gets overridden correctly from the
- sudoers file.
+ * sudoers.man:
+ Initial revision
+ [f25eafbb7095]
-1999-12-02 15:21 millert
+ * HISTORY:
+ fixed up my email address
+ [254fbf80be74]
- * auth/securid.c: SecurID support should compile now.
+ * configure.in:
+ added checks for innetgr and getdomainname
+ [24a99cb7e97e]
-1999-11-28 20:56 millert
+ * visudo.c:
+ added dummy netgr_matches function
+ [1841ff2c01da]
- * sudo.pod, visudo.pod, sudo.cat, sudo.man, sudoers.man,
- visudo.man, sudoers.cat, visudo.cat: fix some syntactic goofs
+ * parse.c:
+ added netgr_matches
+ [ec90db6a97b8]
-1999-11-28 18:51 millert
+ * parse.lex, parse.yacc:
+ added NETGROUP support
+ [c9dd93e3bc4b]
- * sudo.html, sudoers.html, Makefile.in, visudo.html: No longer need
- the .html files as they are generated automatically on the web
- site.
+ * config.h.in:
+ added HAVE_INNETGR & HAVE_GETDOMAINNAME
+ [14abd494d875]
-1999-11-28 18:49 millert
+1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, LICENSE: kill characters that made wml unhappy
+ * sudo.c:
+ rewrote clean_env() that has rm_env() builtin
+ [55cb43818a95]
-1999-11-28 18:34 millert
+1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * HISTORY: typo
+ * check.c:
+ now cast uid to long in sprintf
+ [b549eea40aeb]
-1999-11-25 12:05 millert
+ * OPTIONS:
+ added _INSULTS suffix to HAL & GOONS end
+ [ed620d0aad30]
- * README: majordomo@cs.colorado.edu -> majordomo@courtesan.com
+ * options.h:
+ added _INSULTS suffix to HAL & GOONS
+ [9f72e9b83afd]
-1999-11-24 19:43 millert
+ * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
+ converted to new scheme of insult "unions" end
+ [2f6d2b412132]
- * Makefile.in, configure: Wrap script execution w/ /bin/sh for the
- benefit of ctm
+ * sudo.c:
+ now uses MAX_UID_T_LEN
+ [c1df79e0f389]
-1999-11-23 22:52 millert
+ * configure.in:
+ added SUDO_UID_T_LEN !l
+ [195f0b9f5f84]
- * sudo.c: Make the -s flag be exclusive too. Also reorder the
- flags in the exclusive usage message so they are alphabetical.
+ * config.h.in:
+ added MAX_UID_T_LEN
+ [73f42ae4f14d]
-1999-11-23 13:27 millert
+ * check.c:
+ now use MAX_UID_T_LEN
+ [df9c063234cb]
- * auth/pam.c: make pam errors other than PAM_PERM_DENIED fatal
+ * aclocal.m4:
+ added check for max len of uid_t fixed sco vs. isc check
+ [d558f36d2223]
-1999-11-23 13:07 millert
+1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/API: fix typo
+ * configure.in:
+ corrected version
+ [828dd1571e86]
-1999-11-23 13:07 millert
+ * configure.in:
+ added sco support
+ [af1e2f616638]
- * INSTALL: make it clear that /etc/pam.d/sudo is required on linux
+ * aclocal.m4:
+ hack to check for sco
+ [549ab99a9a43]
-1999-11-23 13:06 millert
+ * interfaces.c:
+ removed #include <net/route.h> since it was hosing some OS's
+ [ac78a7c04005]
- * auth/pam.c: fix a warning on redhat and spew an error if
- pam_authenticate() returns an error other than AUTH_SUCCESS or
- PAM_PERM_DENIED
+1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-11-23 00:43 millert
+ * find_path.c:
+ fixed prreadlink() prototype
+ [b380fe1f2b11]
- * sudo.cat, sudo.html, sudo.man, sudo.pod: Be very clear that the
- password required is the user's not root's
+ * check.c:
+ added parens in #if's
+ [e96ade691b82]
-1999-11-19 21:04 millert
+ * configure.in:
+ added SPW_ prefix
+ [a302683a1483]
- * Makefile.in: add sample.syslog.conf to DISTFILES and BINFILES
+ * sudo.h:
+ moved SPW_* to config.h.in
+ [6b3be70e34cf]
-1999-11-18 19:13 millert
+ * sudo.c:
+ added a set of parens
+ [8188d735d695]
- * RUNSON: updates from Brian Jackson + some formatting
+ * config.h.in:
+ added SPW_*
+ [5ead6371cf60]
-1999-11-17 21:39 millert
+ * sudo.h:
+ added SPW_* reordered error codes
+ [dead25b4ed0a]
- * INSTALL.binary, Makefile.binary, README, RUNSON: o One RUNSon
- update o Changes for automating real binary releases
+ * check.c:
+ moved SPW_* to sudo.h
+ [ca51fb04caf4]
-1999-11-17 21:38 millert
+1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Add bindist target
+ * sudo.c:
+ SPW_AUTH -> SPW_SECUREWARE
+ [6b512b2bc5dc]
-1999-11-16 16:26 millert
+ * logging.c:
+ GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
+ [defdd0944e2f]
- * TROUBLESHOOTING: talk about run-time options in addition to
- compile-time options
+ * configure.in:
+ AUTH -> SECUREWARE
+ [d1f8a17001dd]
-1999-11-16 01:16 millert
+ * check.c:
+ SPW_AUTH -> SPW_SECUREWARE
+ [af0e8d8b89b2]
- * CHANGES: fix typos
+ * check.c:
+ now uses SHADOW_TYPE to make shadow pw support more readable and
+ modular. It's a start...
+ [8c2a59667014]
-1999-11-16 01:09 millert
+ * configure.in:
+ added autodetection of shadow passwords
+ [85f81fa54b1b]
- * sudo.c: need sys/time.h if HAVE_SETRLIMIT
+ * sudo.c:
+ now uses SHADOW_TYPE define
+ [355e5dc09b07]
-1999-11-16 00:42 millert
+ * config.h.in:
+ added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
+ [c0c06e83e483]
- * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
- sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod: get
- rid of references to sudo-bugs. Now mention the web site or the
- sudo@ alias
+ * aclocal.m4:
+ added SUDO_CHECK_SHADOW
+ [464301301639]
-1999-11-16 00:35 millert
+1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.html: repair pod2html damage
+ * configure.in:
+ define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
+ memmove() since we dno longer use it...
+ [8aefa87d7d31]
-1999-11-16 00:28 millert
+ * CHANGES:
+ updated
+ [ce97b3fd7182]
- * RUNSON, TODO: Update for 1.6 release
+ * logging.c:
+ added BROKEN_SYSLOG support
+ [a45c3bca36f6]
-1999-11-16 00:23 millert
+ * config.h.in:
+ added BROKEN_SYSLOG
+ [6f6abf0a6268]
- * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Add warning
- about using ALL in a command context.
+ * check.c:
+ now only bitch it timestamp > time_now + 2 * timeout to allow for a
+ machine udpating its time from a server
+ [546bc8d35325]
-1999-11-09 15:12 millert
+ * sudo.man:
+ added 2 security notes updated Nieusma's email addr
+ [616756c56977]
- * visudo.c: Call yyrestart() on a parse error to reset the lexer
- state.
+ * lsearch.c:
+ changed a memmove() to memcpy() since we don't have to worry about
+ overlapping segments.
+ [30baa478526b]
-1999-11-09 15:06 millert
+1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.lex, lex.yy.c: Don't need YY_FLUSH_BUFFER after all Move
- yyrestart() into visudo.c since it might not get called in yywrap
- if we get a parse error (and we only reread the file on error
- anyway).
+ * interfaces.c:
+ cleanup up the loop when interfaces are groped in so that it is
+ readable
+ [1fa39446bd69]
-1999-11-09 14:32 millert
+ * Makefile.in, version.h:
+ ++version
+ [b46bd2b1770f]
- * parse.lex, lex.yy.c: Call YY_FLUSH_BUFFER macro in yywrap() to
- clean up any buffers that might still exist. Call yyrestart()
- instead of using the deprecated YY_NEW_FILE macro.
+1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-11-09 12:13 millert
+ * CHANGES:
+ annotated 124-126
+ [b82a2b3ec7ce]
- * lex.yy.c, parse.lex: flex doesn't need %N table size declarations
+1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-11-08 19:00 millert
+ * check.c:
+ fixed permissions check on /tmp/.odus
+ [cc2431a65468]
- * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Mention what
- characters need to be escaped in names.
+1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-11-08 18:59 millert
+ * check.c:
+ fixed some comments
+ [8896d09b4fda]
- * configure: regen
+ * check.c:
+ now checks owner & mode of timedir also checks for bogus dates on
+ timestamp file
+ [a0fad5df5b0a]
-1999-11-08 18:59 millert
+ * OPTIONS:
+ updated TIMEOUT info
+ [033cc22d9e04]
- * INSTALL: clarify Mac OS X entry
+ * logging.c, sudo.h:
+ added BAD_STAMPDIR and BAD_STAMPFILE
+ [31d9ce691101]
-1999-11-08 18:59 millert
+ * compat.h:
+ added definition of S_IRWXU
+ [ff2dab091a9b]
- * RUNSON: update
+ * CHANGES:
+ updated
+ [a40df90284f1]
-1999-11-08 17:45 millert
+1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: o Use AC_MSG_ERROR throughout o Check syslog
- configure options for danity
+ * interfaces.c:
+ added #ifdef to make it compile on strange arches
+ [4a127f12afce]
-1999-11-05 17:11 millert
+1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c: Fix printing of type T_MODE in dump_defaults()
+ * aclocal.m4:
+ fixed check for fulkl void impl.
+ [b6f2a4a361d8]
-1999-11-05 12:00 millert
+ * check.c:
+ added mssing "static"
+ [520552f2772b]
- * strcasecmp.c: missing sys/types.h
+ * insults.h:
+ replaced #elif with #else #if constructs for ancient C compilers
+ [39ab2d365b57]
-1999-11-05 00:42 millert
+ * INSTALL:
+ updated irix c2 & kerb5 info
+ [ae79b99b4905]
- * INSTALL: Break out options that may be overridden at run time
- into their own section. Add a not about Max OS X and correct
- some lies.
+ * configure.in:
+ added shadow pw support for irix
+ [632469d9c528]
-1999-11-04 14:01 millert
+1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, config.h.in, configure, configure.in, sudo.c: o Now use
- getrlimit to find the highest fd when closing all non-std fd's o
- Turn off core dumps via setrlimit for the sake of paranoia
+ * BUGS, TODO:
+ updated
+ [2a96bb18ac30]
-1999-11-04 13:57 millert
+ * CHANGES:
+ last changes for sudo 1.3.3
+ [c1c0cd1034b8]
- * RUNSON: updates
+ * configure.in:
+ now calls SUDO_SOCK_SA_LEN
+ [14ea78159d45]
-1999-11-01 10:59 millert
+ * config.h.in:
+ added HAVE_SA_LEN
+ [cc2a346aa905]
- * CHANGES: updates
+ * aclocal.m4:
+ added SUDO_SOCK_SA_LEN
+ [456a2025644a]
-1999-11-01 10:58 millert
+ * interfaces.c:
+ now works with ip implementations that use sa_len in sockaddr
+ [90be6e028077]
- * tgetpass.c: When read()'ing, do a single character at a time to
- be sure we don't go oast the newline.
+ * INSTALL:
+ added note about buggy AIX compiler
+ [c0f6d427e4e4]
-1999-11-01 10:43 millert
+ * interfaces.c:
+ now include sys/time.h for AIX
+ [2510858ab38b]
- * sudo.c: For the sudo_root option, check against user_uid, not
- getuid() since at this point, ruid == euid == 0.
+1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-10-31 23:14 millert
+ * Makefile.in:
+ getcwd -> getwd
+ [66085ebca98e]
- * RUNSON: some updates
+ * interfaces.c:
+ now works for ISC and others. yay.
+ [f336d4ffc927]
-1999-10-31 23:14 millert
+1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.h: Fix compilation problem when --with-logging=file was
- specified. This means that syslog is now required to build sudo
- but that should not be a problem. If it is it can be fixed
- trivially with a configure check for syslog() or syslog.h.
+ * Makefile.in, version.h:
+ version++
+ [836cffc2078d]
-1999-10-31 23:00 millert
+1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * tgetpass.c: Make this work again for things like "sudo echo hi |
- more" where the tty gets put into character at a time mode. We
- read until we read end of line or we run out of space (similar to
- fgets(3)).
+ * aclocal.m4:
+ fixed test for full void impl
+ [fb004107e7b9]
-1999-10-20 11:23 millert
+ * sudo.c:
+ now check to see that st_dev is non-zero before assuming that we are
+ being spoofed
+ [1b0e1c30c506]
- * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: change ital
- to bold
+1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-10-20 11:23 millert
+ * aclocal.m4, configure.in:
+ SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
+ [4953379bfb01]
- * RUNSON: update
+1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-10-16 13:56 millert
+ * aclocal.m4:
+ fixed include file order for SUDO_FUNC_UTIME_POSIX
+ [ff64ab7df44f]
- * defaults.c: Error out if syslog parameters are given without a
- value. For Ultrix or 4.2BSD "syslog" is allowed without a value
- since there are no facilities in the 4.2BSD syslog.
+ * logging.c:
+ added cast for ttyname()
+ [444f05f56758]
-1999-10-15 16:37 millert
+ * configure.in:
+ fixed typo
+ [de068e748431]
- * defaults.c: Ignore the syslog facility for systems w/ old syslog
- like Ultrix.
+ * check.c:
+ now deal correctly with all known variation of utime() -- yippe
+ [b778a4195a89]
-1999-10-15 12:51 millert
+ * configure.in:
+ added SUDO_FUNC_UTIME_POSIX
+ [cf635f2269d6]
- * TROUBLESHOOTING: people with "." early in their path can have
- problems running sudo from the build dir ;-)
+ * aclocal.m4:
+ added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
+ [d79593be4b73]
-1999-10-13 00:18 millert
+ * config.h.in:
+ added HAVE_UTIME_POSIX
+ [c67b4ac0dca5]
- * sudo.man, sudo.pod, sudo.cat, sudo.html: Remove -r realm option
+ * check.c:
+ fixed a typo
+ [b14df5680f59]
-1999-10-12 22:34 millert
+ * check.c:
+ no longer assume !HAVE_UTIME_NULL means old BSD utime()
+ [0aeaf4b2f38b]
- * configure, configure.in, sudo.c, auth/kerb5.c, auth/sudo_auth.c,
- auth/sudo_auth.h: New krb5 code from Frank Cusack
- <fcusack@iconnet.net>.
+ * check.c:
+ fixed fascist C compiler warning
+ [c61ddf2f1f93]
-1999-10-12 22:33 millert
+ * interfaces.c:
+ now set strioctl.ic_timout in STRSET() now initialize num_interfaces
+ to 0 (just to be anal)
+ [c54cc2ba0052]
- * CHANGES: update to reality
+1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-10-11 20:53 millert
+ * sudo.h:
+ increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
+ [74cf585a54fb]
- * auth/fwtk.c: include <auth.h> to get function prototypes.
+ * logging.c:
+ added tty logging
+ [e27d8dcfbd78]
-1999-10-11 20:05 millert
+ * interfaces.c:
+ reworked the ISC code
+ [bcf57ce8ae69]
- * sudo.cat, sudo.html, sudo.man, sudo.pod: document -L flag
+ * Makefile.in, version.h:
+ updated version
+ [032941c9b94d]
-1999-10-11 19:42 millert
+ * check.c:
+ now expect old-style utime(3) if utime() can't take NULL as an arg
+ [018dd4a73030]
- * sudo.c: in set_perms(), always call setuid(0) before changing the
- ruid/euid so we always know it will succeed.
+ * configure.in:
+ added check for utime.h
+ [0b76e8feb618]
-1999-10-11 12:24 millert
+ * config.h.in:
+ added HAVE_UTIME_H
+ [62ee42feda46]
- * defaults.h: #undef T_FOO to avoid conflicts with system defines
- (like on ULTRIX).
+ * Makefile.in:
+ added CPPFLAGS STATIC_FLAGS -> LDFLAGS
+ [fa3201d294e1]
-1999-10-11 11:55 millert
+ * configure.in:
+ now search for kerb libs and includes
+ [cc332401e571]
- * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
- sudoers.pod: Docuement "Defaults" lines in /etc/sudoers. Still
- needs some fleshing out but this is a start.
+ * check.c:
+ added support for utime(2)'s that can't take a NULL parameter
+ [98797fedf69f]
-1999-10-10 17:21 millert
+ * utime.c:
+ moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
+ [6ce6d825fb44]
- * defaults.c: use strtol, not strtoul since not everyone has not
- strtoul
+ * configure.in:
+ added utime(s) stuff
+ [a2afb744403e]
-1999-10-10 15:01 millert
+ * check.c:
+ now use utime()
+ [48902240a51e]
- * lex.yy.c, parse.lex: last {WORD} rule should only apply in the
- INITIAL state
+ * config.h.in:
+ added HAVE_UTIME and HAVE_UTIME_NULL
+ [9a56ab65d4f4]
-1999-10-10 14:38 millert
+1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * lex.yy.c, parse.lex: o Add support for escaped characters in the
- WORD macro o Modify fill() to squash escape chars
+ * utime.c:
+ now use HAVE_UTIME_NULL
+ [e3944de09a92]
-1999-10-10 13:56 millert
+ * emul/utime.h, utime.c:
+ Initial revision
+ [a2cbf2ef3427]
- * defaults.c, defaults.h: o Add T_PATH flag to allow simple sanity
- checks for default values that are supposed to be pathnames. o
- Fix a duplicate free when visudo finds an error.
+ * check.c:
+ need to setuid(0) to make kerb4 stuff work.
+ [c6cfda4039d7]
-1999-10-09 01:01 millert
+ * tgetpass.c:
+ no more special case for kerberos
+ [4a5c33145be9]
- * defaults.c, defaults.h, logging.c: mail_if_foo -> mail_foo
+ * config.h.in:
+ took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
+ emulation)
+ [a607ee43e650]
-1999-10-07 21:12 millert
+ * compat.h:
+ no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
+ kerberos
+ [02fb274cc136]
- * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c: o Add
- requiretty option o Move O_NOCTTY to compat.h
+ * check.c:
+ now use private ticket file for kerberos support to avoid trouncing
+ on system one
+ [28d8b6b812c7]
-1999-10-07 21:12 millert
+1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c: The exit() in log_error() was mistakenly removed in a
- previous version. Put it back...
+ * sudo.h:
+ added SPOOF_ATTEMPT & cmnd_st
+ [d3b42a1f4d0d]
-1999-10-07 17:20 millert
+ * sudo.c:
+ added anti-spoofing support
+ [ab1e2aa44a57]
- * INSTALL, TODO, check.c, config.h.in, configure, configure.in,
- defaults.c, defaults.h, find_path.c, getspwuid.c, lex.yy.c,
- logging.c, parse.yacc, sudo.c, auth/aix_auth.c, auth/fwtk.c,
- auth/pam.c, auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c: o
- Change defaults stuff to put the value right in the struct. o
- Implement mailer_flags o Store syslog stuff both in int and
- string form. Setting the string form magically updates the int
- version. o Add boolean attribute to strings where it makes sense
- to say !foo
+ * parse.c:
+ now use global cmnd_st
+ [47018265a1a6]
-1999-10-07 17:13 millert
+ * logging.c:
+ added SPOOF_ATTEMPT suypport
+ [7bbe9dd2a021]
- * tgetpass.c: add O_NOCTTY when opening /dev/tty just in case
+ * testsudoers.c, visudo.c:
+ added void casts where appropriate
+ [f191441ba333]
-1999-10-06 00:48 millert
+ * parse.yacc:
+ fixed up spacing and added void casts where appropriate
+ [15d886fc809c]
- * auth/API: cleanup function no longer takes a status arg
+ * sudo.c:
+ fixed problem with "-p prompt" but no args
+ [6fc048261a3e]
-1999-10-06 00:48 millert
+1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL: the the
+ * sudo.man:
+ added BUGS and annotated -l description
+ [e5c506de2603]
-1999-09-15 05:15 millert
+ * sudo.h:
+ validate() now takes a flag
+ [26627becc60a]
- * TODO, config.h.in, configure, configure.in, logging.c: Use
- strftime() instead of ctime() if it is available.
+ * sudo.c:
+ validate() now takes a flag added -l
+ [a4f7bb97fe54]
-1999-09-14 12:58 millert
+ * parse.yacc:
+ added support for -l
+ [e7a9b10b0ad3]
- * defaults.c: fix copyright date
+ * parse.c:
+ validate() now takes a flag that says whether or not to check the
+ command
+ [9e1e67f4e281]
-1999-09-14 12:57 millert
+1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * RUNSON: update ReliantUNIX entry
+ * logging.c:
+ now deals with Argv == 1
+ [0acb637ab635]
-1999-09-14 12:56 millert
+ * sudo.man:
+ added -p option
+ [e60382fc0561]
- * defaults.c, defaults.h, logging.c: add log_year option
+ * sudo.c:
+ added prompt support reworked parse_args()
+ [2f605267ed4a]
-1999-09-14 04:01 millert
+ * sudo.h:
+ added prompt
+ [5ab021bdb419]
- * configure, configure.in: add --without-sendmail to help output
+ * options.h:
+ added PASSPROMPT
+ [614727ff44a2]
-1999-09-14 03:42 millert
+ * check.c:
+ now use BUFSIZ as length of kerb password added kpass so pass is
+ always a char * now use prompt global when asking for a password
+ [76be09af784f]
- * configure, configure.in: enforce an otctal arg for
- --with-suoders-mode
+ * tgetpass.c:
+ now use BUFSIZ as _PASSWD_LEN if using kerberos
+ [1e907eed312b]
-1999-09-08 04:06 millert
+ * OPTIONS:
+ added PASSPROMPT
+ [ddb2f405ce40]
- * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, check.c,
- config.h.in, configure, configure.in, defaults.c, defaults.h,
- find_path.c, lex.yy.c, logging.c, parse.h, parse.lex, parse.yacc,
- sudo.c, sudo.h, sudo.tab.h, testsudoers.c, version.c, visudo.c,
- auth/aix_auth.c, auth/fwtk.c, auth/kerb5.c, auth/pam.c,
- auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c: Add support for
- "Defaults" line in sudoers to make configuration variables
- changable at runtime (and on a global, per-host and per-user
- basis). Both the names and the internal representation are still
- subject to change. It was necessary to make sudo_user.runas but
- a char ** instead of a char * since this value can be changed by
- a Defaults line. There is a similar (but more complicated) issue
- with sudo_user.prompt but it is handled differently at the
- moment.
+1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
- Add a "-L" flag to list the name of options with their
- descriptions. This may only be temporary.
+ * configure.in:
+ only look for -lufc or -lcrypt if crypt() not in libc
+ [9717d315661f]
- Move some prototypes to parse.h
+ * check.c:
+ don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
+ (unknown user) silently fail
+ [2b48693d4ee9]
- Be much less restrictive on what is allowed for a username.
+ * INSTALL:
+ added kerb4 note
+ [986e393f740c]
-1999-09-08 04:01 millert
+ * tgetpass.c:
+ HAVE_KERBEROS -> HAVE_KERB4
+ [e438bfb5e6aa]
- * sample.syslog.conf: Add more info
+ * check.c:
+ removed debugging printf
+ [1cf9f5cbffa5]
-1999-09-04 03:09 millert
+ * configure.in:
+ KERBEROS -> KERB4 added checks for setreuid & setresuid
+ [01e9945beb1e]
- * fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
- strcasecmp.c, LICENSE: UCB has dropped the advertising clause
- from their license.
+ * config.h.in:
+ HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
+ [0e0bb5b8ac3e]
-1999-08-31 05:39 millert
+ * compat.h:
+ added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
+ with setresuid if applic
+ [9dae24c47696]
- * auth/sudo_auth.h: move dce_verofy proto to correct section
+ * check.c:
+ HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
+ no setreuid() or a broken one
+ [1fca642bdb8e]
-1999-08-31 05:39 millert
+1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/dce.c: remove XXX
+ * configure.in:
+ added kerberos support
+ [da5639b9b8e7]
-1999-08-28 06:00 millert
+ * config.h.in:
+ added HAVE_KERBEROS
+ [fcc5be550e65]
- * emul/fnmatch.h: Add fnmatch() prototype
+ * tgetpass.c:
+ added KERBEROS support (long passwords)
+ [303ba6924dd2]
-1999-08-28 06:00 millert
+ * check.c:
+ added kerberos support
+ [e40afe98fc1d]
- * fnmatch.c, parse.c, testsudoers.c: Move inclusion of
- emul/fnmatch.h to be after sudo.h for __P
+1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-28 05:59 millert
+ * sudo.h:
+ added MODE_BACKGROUND
+ [9b483c932016]
- * sudo.h: add strcasecmp proto
+ * sudo.man:
+ escaped dashes added -b option
+ [62e84f1a7714]
-1999-08-28 05:50 millert
+ * sudo.c:
+ added -b option
+ [7e78aaefeb95]
- * auth/sudo_auth.c: add check for case where there are no auth
- methods
+ * check.c:
+ added crypt() for osf/1 3.x enhanced secuiry
+ [e9aa5abdb7d5]
-1999-08-28 05:36 millert
+ * configure.in:
+ now check for -lcrypt
+ [5cb9c67e9fa2]
- * configure, configure.in: Define _XOPEN_EXTENDED_SOURCE on AIX and
- __USE_FIXED_PROTOTYPES__ on SunOS4 w/ gcc
+ * interfaces.c:
+ added ENXIO like EADDRNOTAVAIL
+ [74223bb1ba75]
-1999-08-28 05:24 millert
+1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * getspwuid.c, lex.yy.c, parse.lex, parse.yacc: include strings.h
- everywhere we include string.h
+ * configure.in:
+ now emulate getwd(), not getcwd()
+ [3e5439d9a5f4]
-1999-08-28 05:22 millert
+ * sudo.c:
+ getcwd() -> getwd()
+ [6392a96a658e]
- * version.c: nicer output when showing auth methods
+ * getwd.c:
+ getcwd -> getwd
+ [1b0ab9bae11e]
-1999-08-28 05:00 millert
+1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * version.c: Add support for SEND_MAIL_WHEN_NO_HOST
+ * ins_2001.h, ins_classic.h, ins_goons.h:
+ Initial revision
+ [86db60d8cf00]
-1999-08-28 04:49 millert
+ * insults.h:
+ broke out insults into separate include files
+ [0a01993bd38a]
- * config.h.in, configure.in, configure: Add _GNU_SOURCE for Linux
+ * OPTIONS, options.h:
+ added GOONS
+ [e283203c6515]
-1999-08-28 04:22 millert
+ * Makefile.in:
+ added ins_2001.h ins_classic.h ins_goons.h
+ [2a39cd6a4cd2]
- * parse.lex, lex.yy.c: fix definition of OCTECT
+ * Makefile.in, version.h:
+ ++version
+ [05ebf4f5e41a]
-1999-08-28 04:10 millert
+ * visudo.c:
+ moved signal handler setup to setup_signals()
+ [3dd976c04540]
- * configure, configure.in: aix_auth.o not authenticate.o
+ * sudo.h:
+ added load_interfaces()
+ [af2d473b09e2]
-1999-08-27 17:02 millert
+ * sudo.c:
+ moved load_interfaces to interfaces.c
+ [5c8c138e5d4c]
- * sudo.c: Only block SIGINT, SIGQUIT, SIGTSTP (which can be
- generated from the keyboard). Since we run with ruid/euid == 0
- the user can't really signal us in nasty ways.
+ * parse.yacc:
+ added clearaliases
+ [aeb4ff301daa]
-1999-08-27 17:01 millert
+ * OPTIONS, options.h:
+ added FAST_MATCH
+ [f49ea3d1b525]
- * visudo.c: Don't need to worry about catching too many signals
- since we do locking on the tmp file. If a lockfile is really
- stale, it will be detected and overwritten.
+ * parse.lex:
+ now uses clearaliases variable
+ [a2dda415bf61]
-1999-08-27 16:09 millert
+ * interfaces.c:
+ Initial revision
+ [a1990e3f5c69]
- * INSTALL, Makefile.in: include auth/API in tarball
+ * Makefile.in:
+ added interfaces.[co]
+ [1e8e5984de97]
-1999-08-27 16:09 millert
+ * testsudoers.c:
+ now uses ip addrs and netmasks via load_interfaces()
+ [54b8f7a6835e]
- * auth/sudo_auth.c: move memset() of plaintext pw outside of verify
- loop and only do the memset if we are *not* in standalone mode.
+ * sudo.c:
+ now remove IFS instead of setting to "sane" value
+ [ce7eec9f115e]
-1999-08-27 13:46 millert
+1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/: sudo_auth.c, sudo_auth.h: DCE is not a standalone method
+ * parse.c:
+ added FAST_MATCH
+ [816d4f5fe81a]
-1999-08-27 11:53 millert
+1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: fix --enable-noargs-shell
+ * Makefile.in:
+ sudo_goodpath.c-> goodpath.c
+ [a5072c4e1de2]
-1999-08-27 11:06 millert
+ * sudo.c:
+ added Andy's new ISC changes
+ [caa6bbee358e]
- * snprintf.c: "#ifdef __STDC__" not "#if __STDC__" (I missed one)
+1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-27 10:54 millert
+ * OPTIONS:
+ added a sentence to SECURE_PATH info
+ [cad6e1569d15]
- * auth/: fwtk.c, sia.c: _cleanup() function returns an int.
+ * BUGS:
+ added one
+ [4b35cf699a83]
-1999-08-27 10:50 millert
+ * CHANGES:
+ updated
+ [5fded9dc62f0]
- * auth/dce.c: there were still some return(0)'s hanging around,
- make them AUTH_FAILURE
+ * RUNSON:
+ updated
+ [33cb993cfd39]
-1999-08-27 10:39 millert
+1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: typo in comment
+ * RUNSON:
+ updated for beta3
+ [a05dc6a91995]
-1999-08-27 10:03 millert
+ * Makefile.in, version.h:
+ ++version
+ [54aaf3fadc75]
- * version.c: add missing semicolon
+ * aclocal.m4:
+ sendmail is now looked for in \17/usr/ucblib
+ [231ac1a4662f]
-1999-08-27 08:31 millert
+ * sudo.c:
+ fixed indentation
+ [fb137400c8c2]
- * auth/sudo_auth.h: missing backslash
+ * aclocal.m4:
+ fixed a typo
+ [e03f1acc468b]
-1999-08-26 17:24 millert
+ * sudo.c:
+ updated ISC mods
+ [070290d4754b]
- * CHANGES, config.h.in, configure, configure.in: Kill
- _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
+ * configure.in:
+ added unixware case
+ [e90250bae0d9]
-1999-08-26 09:21 millert
+ * check.c:
+ user_is_exempt is no longer hidden
+ [1a341765b8af]
- * Makefile.in: add parse.h to HDRS
+ * RUNSON:
+ updated
+ [a9c4898b26dd]
-1999-08-26 09:16 millert
+ * aclocal.m4:
+ isc and riscos changes
+ [98b5d86585d1]
- * Makefile.in, configure, configure.in: Kill VISUDO_LIBS and
- VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and LDFLAGS. Common libs go
- in LIBS, commong ld flags go in LDFLAGS and network libs like
- -lsocket, -lnsl go in NET_LIBS. This allows testsudoers to build
- on Solaris and is a bit cleaner in general.
+ * OPTIONS:
+ added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
+ [e1ecc464ce4b]
-1999-08-26 06:56 millert
+ * Makefile.in:
+ fixed a typo and added testsudoers stuff
+ [435d60e163dc]
- * UPGRADE: mention ptmp -> sudoers.tmp
+ * testsudoers.c:
+ Initial revision
+ [6ce14a448662]
-1999-08-26 06:12 millert
+1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in, configure, config.h.in: Define
- _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
+ * parse.yacc:
+ applied fixed patch from Chris
+ [cd6144203d13]
-1999-08-26 05:37 millert
+1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * RUNSON: add 2 reports
+ * Makefile.in:
+ fixed a typo
+ [34f8a54ba041]
-1999-08-26 05:20 millert
+ * parse.yacc:
+ added a set of braces for bison
+ [f0e43b938914]
- * auth/kerb5.c: Minor changes, mostly cosmetic.
- verify_krb_v5_tgt() changed to return a value more like a system
- function
+ * parse.yacc:
+ merged in Chris' changes to dekludge the parser.
+ [82d6e373ab1c]
-1999-08-26 05:19 millert
+ * logging.c:
+ send_mail() was calling find_path() which is wrong since find_path()
+ stores cmnd in a static var. Anyhow, it doesn't make much sense
+ since MAILER should always be fully qualified
+ [6eae6a0b8098]
- * auth/dce.c: Add an XXX
+1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-26 05:19 millert
+ * sample.sudoers:
+ added User_Alias stuff
+ [aaba8c8e918d]
- * TODO: more things todo!
+ * aclocal.m4:
+ SUDO_NEXT now looks for /usr/lib/NextStep/software_version
+ [52bd81f34b32]
-1999-08-26 05:18 millert
+ * RUNSON:
+ added DEC UNIX 3.0 w/ gcc
+ [7daf570775b5]
- * sample.sudoers: update based on what is in the man page
+ * visudo.c:
+ Exit was being used in places where exit should be used
+ [6026a89c07ed]
-1999-08-26 05:10 millert
+ * sudoers:
+ added "User alias specification"
+ [a487b6e234f8]
- * parse.yacc: minor change to first line printed in -l mode
+ * parse.yacc:
+ fixed probs caused by making nslots and naliases a size_t
+ [0be919384f3f]
-1999-08-26 05:10 millert
+ * RUNSON:
+ added KSR, upped rev to 1.3.1b2
+ [ce04ee6faadf]
- * sudo.cat, sudo.html, sudo.man, sudo.pod: rename "ENVIRONMENT
- VARIABLES" section to "ENVIRONMENT" to be more standard and add
- "EXAMPLES" section
+ * logging.c, parse.yacc:
+ 1024 -> BUFSIZ
+ [cd6dda45fa11]
-1999-08-26 05:08 millert
+ * parse.yacc:
+ void * -> VOID * naliases and nslots are now size_t to appease
+ lsearch on 64-bit machines
+ [bf2f807c0dc1]
- * visudo.cat, visudo.html, visudo.man, visudo.pod: rename
- "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
- standard
+1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-26 05:06 millert
+ * TODO:
+ did a bunch of things and added a bunch :-)
+ [42afd957b829]
- * logging.c, parse.c, sudo.h: add FLAG_NO_CHECK
+ * PORTING:
+ updated
+ [972f95c85776]
-1999-08-26 05:05 millert
+ * visudo.man:
+ closer to BSD manpage style
+ [07ae88f50325]
- * parse.lex, lex.yy.c: make an OCTET really be limited to 0-255
+ * sudo.man:
+ closer to standard BSD man format
+ [372c28dcc135]
-1999-08-26 05:04 millert
+ * compat.h, config.h.in, emul/search.h, insults.h, options.h,
+ pathnames.h.in, sudo.h, version.h:
+ added RCS id
+ [c0ec90b81002]
- * UPGRADE: mention timestamp changes
+ * sudo.h:
+ removed crufty #defines that are no longer used
+ [35e2b4b477f0]
-1999-08-26 05:04 millert
+ * BUGS:
+ fixed a bug
+ [5bb3e1bee85e]
- * PORTING: cosmetic cleanup
+ * sudo.man:
+ updated based on sudo changes
+ [e65de1cae438]
-1999-08-26 05:00 millert
+ * parse.yacc:
+ now allow ALL keyword in User_Aliases now allow ALL keyword as well
+ as a NAME or ALIAS
+ [1fb31404dd0f]
- * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: new
- sudoers(8) man page
+ * CHANGES:
+ updated
+ [b24018ac610b]
-1999-08-24 13:45 millert
+ * sudo.c:
+ now sets SUDO_COMMAND and SUDO_GID envariables.
+ [e9d791557fb7]
- * version.c: Update comments about syslog name tables
+ * aclocal.m4:
+ fixed bug with full void impl check
+ [35715301023c]
-1999-08-24 13:37 millert
+ * parse.yacc:
+ fixed User_Alias supoprt
+ [4c30dfbaaa07]
- * CHANGES, LICENSE, Makefile.in, configure, strcasecmp.c,
- configure.in, parse.yacc: include strcasecmp() for those without
- it
+ * parse.yacc:
+ added stubs for User_Alias support
+ [f4afbd247edf]
-1999-08-24 12:43 millert
+ * sudo.c:
+ now sets removes # bogus interfaces from num_interfaces
+ [6f077fac9ab1]
- * sample.sudoers: Use the : operator some more and fix a typo
+ * parse.lex:
+ added User_Alias support
+ [bc7997e5df85]
-1999-08-24 12:43 millert
+1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * HISTORY: update the history of sudo
+ * Makefile.in:
+ removed extraneous TODO
+ [bc87a3b14d6d]
-1999-08-24 12:42 millert
+1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, parse.lex, testsudoers.c: CIDR-style netmask support
+ * visudo.c:
+ ntwk_matches -> addr_matches
+ [475044e288b8]
-1999-08-24 12:41 millert
+ * parse.yacc:
+ ntwk_matches -> addr_matches
+ [dd1f4093fd2d]
- * CHANGES: recent changes
+ * parse.c:
+ ntwk_matches -> addr_matches now use inet_addr() not inet_network()
+ (which expects octet boundaries) fixes for OSF (sizeof(int) !=
+ sizeof(long))
+ [acd2f556940f]
-1999-08-24 12:40 millert
+ * sudo.c:
+ took out debugging info
+ [044023063eca]
- * sudo.tab.h: these should be generated with byacc, not bison
+ * aclocal.m4:
+ OS was being set to unknown before non-uname based host checks.
+ This caused no checks to happen since $OS was not zero-length.
+ [335a7267479d]
-1999-08-24 12:40 millert
+ * sudo.c:
+ fixed loading of interfaces struct still has debugging info in
+ though
+ [2d1a18998c1e]
- * lex.yy.c: regen
+ * parse.c:
+ fixed typo
+ [175674a3a9fa]
-1999-08-24 11:58 millert
+1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.h, parse.yacc, sudo.tab.h: In "sudo -l" mode, the type of
- the stored (expanded) alias was not stored with the contents.
- This could lead to incorrect output if the sudoers file had
- different alias types with the same name. Normal parsing (ie:
- not in '-l' mode) is unaffected.
+ * Makefile.in:
+ ++version
+ [55d191b5daa3]
-1999-08-23 12:47 millert
+ * version.h:
+ ++
+ [d7d1f115696a]
- * configure, configure.in: define _XOPEN_SOURCE to get at crypt()
- proto on some systems
+ * visudo.c:
+ removed extraneous extern decl of "top
+ [50355621047d]
-1999-08-22 13:10 millert
+ * visudo.c:
+ now zeros "top"
+ [4e683210345b]
- * snprintf.c: fix comment
+ * parse.yacc:
+ removed parser_cleanup (no need for it now)
+ [afa59f222b6c]
-1999-08-22 13:09 millert
+ * parse.lex:
+ now calls reset_aliases() directly
+ [3a23cbd60fc0]
- * tgetpass.c: don't need limits.h
+1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-22 07:36 millert
+ * OPTIONS:
+ added a sentence to SECURE_PATH description
+ [c5bf75b85af0]
- * snprintf.c: kill bogus reference to vfprintf
+ * parse.c:
+ fixed my stupid bug where I used NAMLEN on something I wanted to
+ just get the name from. argh.
+ [111f460f6540]
-1999-08-22 07:26 millert
+1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * sample.sudoers, sudoers: better examples
+ * lsearch.c:
+ fixed argument order of memmove() that i hosed when converting from
+ bcopy(). arghh.
+ [2f5336045c8b]
-1999-08-22 07:23 millert
+ * Makefile.in:
+ finally fixed DISTFILES line
+ [a1b419e73a63]
- * snprintf.c: Add some const in the K&R defs. This is safe since
- we define const away if the compiler doesn't grok it.
+ * Makefile.in:
+ tabs -> spaces
+ [280fb03e5764]
-1999-08-22 07:22 millert
+ * Makefile.in:
+ added missing files to DISTFILES
+ [991fc1cd2263]
- * aclocal.m4, configure: Better test for working long long support.
- Ultrix compiler supports basic long long but not all operations
- on them.
+ * Makefile.in:
+ SUPPORTED -> RUNSON
+ [7580e65b05fb]
-1999-08-22 05:59 millert
+1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4, config.h.in, configure, getspwuid.c, snprintf.c,
- sudo.c, auth/secureware.c: Add check for LONG_IS_QUAD #undef
- MAXINT before including hpsecurity.h to silence an HP-UX warning
- Check for U?LONG_LONG_MAX in snprintf.c and use LONG_IS_QUAD
+ * TODO:
+ updated
+ [fe764a29c1cc]
-1999-08-21 15:00 millert
+ * RUNSON:
+ updated for pl5b1 release
+ [aefc35bd2291]
- * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
- snprintf.c: UCB-derived snprintf + asprintf support. Supports
- quads if the compiler does. No floating point yet, perhaps
- later...
+ * BUGS, TODO:
+ updated
+ [8f0ea249b687]
-1999-08-20 16:37 millert
+ * check.c:
+ fixed bug where if you hit return at first sudo prompt it would
+ still log as a failure
+ [24539c854692]
- * check.c, find_path.c, goodpath.c, logging.c, parse.c, sudo.c,
- auth/API, auth/sudo_auth.c, auth/sudo_auth.h: Run most of the
- code as root, not the invoking user. It doesn't really gain us
- anything to run as the user since an attacker can just have an
- setuid(0) in their egg. Running as root solves potential
- problems wrt signalling.
+ * CHANGES:
+ updated
+ [251cc7b3ede4]
-1999-08-19 13:45 millert
+ * aclocal.m4:
+ better test for bogus void * implementation
+ [efe23180cb88]
- * logging.c, sudo.c: Don't wait for child to finish in log_error(),
- let the signal handler get it if we are still running, else let
- init reap it for us. The extra time it takes to wait lets the
- user know that mail is being sent.
+ * logging.c:
+ added PASSWORDS_NOT_CORRECT
+ [bd12c73f83f7]
- Install SIGCHLD handler in main() and for POSIX signals, block
- everything *except* SIGCHLD.
+ * check.c:
+ added PASSWORDS_NOT_CORRECT stuff]
+ [90de391a979f]
-1999-08-19 12:30 millert
+ * sudo.h:
+ added PASSWORDS_NOT_CORRECT
+ [727fbeb76fc5]
- * logging.c, parse.c, parse.yacc, sudo.c, configure, sudo.h,
- INSTALL, config.h.in, configure.in: sudoers_lookup() now returns
- a bitmap instead of an int. This makes it possible to express
- things like "failed to validate because user not listed for this
- host". Some thigns that were previously VALIDATE_FOO are now
- FLAG_FOO. This may change later on.
+ * tgetpass.c:
+ moved pathnames.h
+ [4f910e5a8df7]
- Reorganized code in log_auth() and sudo.c to deal with above
- changes.
+ * sudo.c:
+ removed some unused vars and fixed up uid2str
+ [70e92c7f9076]
- Safer versions of push/pushcp with in the do { ... } while (0)
- style
+ * putenv.c:
+ moved compat.h
+ [b271091586f6]
- parse.yacc now saves info on the stack to allow parse.c to
- determine if a user was listed, but not for the host he/she tried
- to run on.
+ * getcwd.c, getwd.c:
+ added pathnames.h
+ [6f25218f133f]
- Added --with-mail-if-no-host option
+1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-17 11:29 millert
+ * parse.yacc:
+ fixed a typo I introduced in the last checkin :-(
+ [62c3af75c4fe]
- * parse.yacc, sudo.h, visudo.c, visudo.cat, visudo.html,
- visudo.man, visudo.pod: o NewArgv and NewArgc don't need to be
- externally visible. o If pedantic > 1, it is a parse error. o
- Add -s (strict) option to visudo which sets pedantic to 2.
+ * parse.lex:
+ can't have #ifdef's where N is defined so just do this the broken
+ way for AIX
+ [c5648a5594e4]
-1999-08-17 11:26 millert
+ * parse.yacc:
+ better hack from Chris (but still a hack)
+ [6b6d8aed93f3]
- * HISTORY, INSTALL: Just have sudo-bugs contact info in one place
+ * parse.lex:
+ stupid hack for broken aix lex
+ [efc3f9e5280e]
-1999-08-17 11:20 millert
+ * tgetpass.c:
+ now includes compat.h \ 6
+ [401822173f77]
- * sudo.cat, sudo.html, sudo.man, sudo.pod: Add BUGS section
+ * visudo.c:
+ now includes fcntl.h
+ [63865c2f8ac6]
-1999-08-17 10:29 millert
+ * compat.h:
+ added FD_SET and FD_ZERO for 4.2BSD
+ [00c5597c0bb0]
- * configure, configure.in, Makefile.in: Add testsudoers to default
- build target if --with-devel Don't clean generated parser files
- unless "distclean".
+ * parse.yacc:
+ dirty hack to fix parser bug. i don't really like this but it works
+ for now...
+ [5b8bbdc81569]
-1999-08-17 08:47 millert
+ * sudo.c:
+ uid2str is now static like the prototype says
+ [f2a97b5cb870]
- * parse.yacc: In pedantic mode we need to save *all* the aliases,
- not just those that match, or we get spurious warnings.
+1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-17 05:32 millert
+ * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
+ updated
+ [6f79c3e92716]
- * TROUBLESHOOTING: reference samples.sylog.conf
+ * RUNSON:
+ Initial revision
+ [12a09ef9e884]
-1999-08-14 11:50 millert
+ * sudo.c:
+ check_sudoers now returns an error code and sudo calls inform_user
+ and log_error based on the return value.
+ [340eca188d9a]
- * sample.syslog.conf: Sample entries for syslog.conf
+ * logging.c, sudo.h:
+ added entries for new errors
+ [6050d8542e1f]
+
+ * parse.c:
+ now set uid to that of SUDOERS_OWNER while parsing sudoers file
+ [3683c42bc9b0]
+
+ * Makefile.in:
+ took out testsudoers \ 6
+ [65317d49db48]
+
+ * sudo.c:
+ now explicately checks that it is setuid root
+ [2fe1be60ef6a]
+
+ * sudo.c:
+ If a user has no passwd entry sudo would segv (writing to a garbage
+ pointer). Now allocate space before writing :-)
+ [d08e7eb5e5ef]
+
+ * configure.in:
+ reordered AC_CHECK_FUNCS
+ [4c82e56c6f4f]
+
+ * config.h.in:
+ fixed memset macro
+ [77ede6b714ab]
+
+ * tgetpass.c, visudo.c:
+ bzero -> memset
+ [1a005bb322c8]
+
+ * logging.c:
+ bzero -> memset when a parse error is logged the line number of the
+ error is now logged too
+ [a42d68047723]
+
+ * INSTALL:
+ added Sunos to blurb about c2 security
+ [af750a1d131e]
+
+ * configure.in:
+ added a SUN4 define for C2 security
+ [6ad5b23a3eb0]
+
+ * config.h.in:
+ bcopy -> memmove bzero -> memset
+ [5494460c8464]
+
+ * lsearch.c:
+ bcopy -> memmove char * -> VOID *
+ [a15f5c316e16]
+
+ * check.c:
+ added support for sunos with C2 security
+ [03fea5bb21e6]
+
+ * OPTIONS, options.h:
+ reordered
+ [1686265af3e1]
+
+ * pathnames.h.in:
+ _PATH_SUDO_LOGFILE now set based on configure
+ [5867b58e4a04]
+
+ * configure.in:
+ added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
+ [1984d9fd1b5c]
+
+ * config.h.in:
+ added _SUDO_PATH_LOGFILE
+ [dd3eebe62580]
+
+ * aclocal.m4:
+ added SUDO_LOGFILE to find where to put sudo.log added
+ SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
+ SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
+ [c589a515a99a]
+
+1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ Initial revision
+ [f42f1baba3a8]
+
+ * sudo.c:
+ now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
+ to work around a problem is trusted hpux shadow passwords. yuck.
+ [ae1f13b54687]
+
+ * parse.yacc:
+ backed out a change in malloc/realloc
+ [ab868db0ad69]
+
+ * parse.yacc:
+ now include stdlib.h
+ [957eef0631eb]
+
+ * visudo.c:
+ now do an freopen() of the stmp file so that yyin will always point
+ to the same thing. This is important for flex since we are doing a
+ YY_NEWFILE
+ [44558922fd3e]
+
+ * parse.yacc:
+ replaced yywrap() with parser_cleanup() since yywrap() needs to be
+ in parse.lex to be able to use YY_NEW_FILE. sigh.
+ [12dd09921074]
+
+ * parse.lex:
+ now have a rule that matches anything that doesn't match an
+ explicite rule. well, you know what i mean (. matches anything not
+ yet matched). However, this means that there is input still queued
+ up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
+ into parse.lex and it calls parser_cleanup() which is most of the
+ old yywrap() sigh.
+ [7f4042bc48d6]
+
+ * SUPPORTED:
+ no longer used
+ [8f220be4da94]
+
+ * getcwd.c, getwd.c:
+ moved compat.h to be the last include file
+ [9f3a65e2d485]
+
+ * parse.yacc:
+ fixed type of aliascmp() args
+ [1c27eb989bdf]
+
+ * find_path.c:
+ NULL -> '\0'
+ [5c8d8cf1692e]
+
+ * parse.yacc:
+ added casts to lfind and lsearch args for irix
+ [61027ddeecf8]
+
+ * Makefile.in:
+ bsdinstall -> install-sh
+ [61de6612c5a5]
+
+ * INSTALL:
+ added info about make realclean
+ [29c6324d727f]
+
+ * Makefile.in:
+ updated VERSION added dependencies for visudo.cat
+ [09077d7229d4]
+
+ * version.h:
+ -> pl5b1
+ [5d21c7ad1a41]
+
+ * sudo.c:
+ took out -l
+ [fc1478d81b38]
+
+ * Makefile.in:
+ now there is a real visudo.man and visudo.cat
+ [58aeac43a6dd]
+
+ * sudo.man:
+ took out visudo stuff
+ [4a6ac4393343]
+
+ * visudo.man:
+ Initial revision
+ [cba348843db8]
+
+ * parse.c, parse.lex, parse.yacc:
+ updated copyright
+ [ffa16b70944a]
+
+ * README:
+ updated for pl5
+ [a26e423e9e5f]
+
+ * sudo.man:
+ updated Nieusma & Hieb email addresses
+ [f0083e71989d]
+
+ * INSTALL:
+ updated to include options.h and OPTIONS
+ [ee59e2b76c94]
+
+ * CHANGES, TODO:
+ updated
+ [51e011ad5220]
+
+ * BUGS:
+ eliminated bug #1 (yay)
+ [e7e88515494e]
+
+ * configure.in:
+ sunos no longer gets linked statically
+ [2e5b3ff3108f]
+
+1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ prototype now uses __P()
+ [68ecdcab4c70]
+
+ * parse.lex:
+ make fill() non-ansi
+ [d6509972260b]
+
+ * parse.c:
+ made -v (validate) work
+ [13c9d520638c]
+
+ * logging.c:
+ now gives host
+ [f04859cdba5a]
+
+ * find_path.c:
+ don't check for execute/statable if fq or relative path given
+ [4bbe851f3973]
+
+ * parse.c:
+ added a cast
+ [345c308f72f3]
+
+ * visudo.c:
+ now include ctype.h for islower and tolower macros
+ [582c0aa332d5]
+
+ * goodpath.c:
+ moved _S_IFMT & _S_ISREG to compat.h
+ [828e4ca4e7b4]
+
+ * sudo.c:
+ moved a set of parens
+ [5783474ecf37]
+
+ * strdup.c:
+ now include compat.h
+ [75e2036b94af]
+
+ * emul/search.h:
+ void * -> VOID *
+ [cedcfaf04161]
+
+ * parse.yacc:
+ now cast malloc & realloc return vals added search for HAVE_LSEARCH
+ now use strcmp if no strcasecmp available
+ [d6a42bc3d4ae]
+
+ * lsearch.c:
+ void * -> VOID *
+ [886adc44f607]
+
+ * config.h.in:
+ removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
+ HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
+ [3b50d7fb4349]
+
+ * compat.h:
+ added _S_IFMT, _S_IFREG, and S_ISREG
+ [73d506c7d53c]
+
+ * aclocal.m4:
+ took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
+ to most SUDO_* macros
+ [8442155f5936]
+
+ * Makefile.in:
+ no more -I.
+ [63462f195bd4]
+
+ * configure.in:
+ various 1.x ro 2.x autoconf changes now check for strcasecmp now use
+ AC_INSTALL_PROG instead of custom one added check for fully woorking
+ void implementation
+ [5ac6b6e6230f]
+
+ * Makefile.in:
+ added lsearch & search.h visudo links into $(LIBOBJS)
+ [bc119cda4598]
+
+ * aclocal.m4:
+ partial 1.x to 2.x changes added SUDO_FULL_VOID
+ [1194d01fa5c5]
+
+ * visudo.c:
+ whatnow_help was prototyped to be static be was not declared as
+ such
+ [0f85489dd426]
+
+ * configure.in:
+ autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
+ for dirent/dir/ndir.h
+ [7408f3854948]
+
+ * parse.c:
+ now use groovy gnu autoconf macro AC_HEADER_DIRENT
+ [e465db9f5dfa]
+
+ * getcwd.c, getwd.c:
+ MAXPATHLEN -> MAXPATHLEN+1
+ [714d87424e21]
+
+ * emul/search.h, lsearch.c:
+ Initial revision
+ [55d79482c535]
+
+1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ eliminated bison warnings
+ [61ca0a96da22]
+
+ * parse.lex:
+ added missing case
+ [6be0f849747c]
+
+ * visudo.c:
+ now iincludes signal.h
+ [221e0fcc144f]
+
+ * parse.yacc:
+ only clear data structures on a parse error
+ [7b1c0f1a4527]
+
+ * visudo.c:
+ whatnow() now gives help on invalid input
+ [e5a4cd88c587]
+
+ * visudo.c:
+ added a whatnow() function (sort of like mh)
+ [932d9b145f1c]
+
+ * parse.yacc:
+ kill_aliases -> reset_aliases yywrap() now cleans up by calling
+ reset_aliases() and clearing top took reset stuff out of yyerror()
+ since it doesn't beling there (and doesn't work anyway). errorlineno
+ is now initially set to -1 so we can set it to the first error that
+ occurrs (it was getting set to the last)
+ [2f71f95a974c]
+
+ * parse.lex:
+ added a void cast
+ [18ae6042dce4]
+
+ * visudo.c:
+ rewrote from scratch based on 4.3BSD vipw.c
+ [2f6814f18576]
+
+1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo.h:
+ removed ocmnd
+ [a31735f41ad4]
+
+ * sudo.h:
+ no more sudo_realpath() and find_path() changed params
+ [8e85c3b39159]
+
+ * sudo.c:
+ find_path() changed since no more realpath()
+ [b25366c7f2ee]
+
+ * parse.yacc:
+ on error, errorlineno is set to the line where the error occurred
+ added kill_aliases() to free the aliases struct now clean up in
+ yyerror() so we can reparse cleanly
+ [2342f578c27a]
-1999-08-14 11:40 millert
+ * options.h, parse.c:
+ no more USE_REALPATH
+ [cfc59babeaff]
+
+ * logging.c:
+ changed to use new find_path()
+ [91c7a38e7751]
- * CHANGES: recent changes
+ * find_path.c:
+ removed all the realpath() stuff
+ [cc21a43a8562]
-1999-08-14 11:36 millert
+ * Makefile.in:
+ sudo_realpath.c -> sudo_goodpath.c
+ [03a9b1ddec2f]
- * auth/: API, afs.c, aix_auth.c, dce.c, fwtk.c, kerb4.c, kerb5.c,
- pam.c, passwd.c, rfc1938.c, secureware.c, securid.c, sia.c,
- sudo_auth.c, sudo_auth.h: In struct sudo_auth, turn need_root and
- configured into flags and add a flag to specify an auth method is
- running alone (the only one). Pass auth methods their sudo_auth
- pointer, not the data pointer. This allows us to get at the
- flags and tell if we are the only auth method. That, in turn,
- allows the method to be able to decide what should/should not be
- a fatal error. Currently only rfc1938 uses it this way, which
- allows us to kill the OTP_ONLY define and te hackery that went
- with it. With access to the sudo_auth struct, methods can also
- get at a string holding their cannonical name (useful in error
- messages).
+ * visudo.c:
+ now works correctly with utk parser
+ [08aa554a0ce8]
-1999-08-14 11:34 millert
+ * goodpath.c:
+ Initial revision
+ [1ea607e1ffb2]
- * Makefile.in, INSTALL, README, config.h.in, configure,
- configure.in, getspwuid.c, lex.yy.c, parse.lex, parse.yacc,
- sudo.tab.h: o --with-otp deprecated, use --without-passwd instead
- o real dependencies in the Makefile o --with-devel option to
- enable yacc, lex, and -Wall o style -- "foo -> bar" becomes
- "foo->bar" o ALL goes back to being a token, not a string but
- don't leak memory o rename hsotspec -> host in parse.yacc
+ * sudo_realpath.c:
+ eliminated a compiler warning
+ [198bcccc55b6]
-1999-08-12 12:26 millert
+ * sudo.c:
+ elinated compiler warning
+ [e2384f9a878b]
- * BUGS, CHANGES: recent changes
+ * sudo_realpath.c:
+ added sudo_goodpath()
+ [43878c4cc540]
-1999-08-12 12:24 millert
+ * sudo.h:
+ added prototype for sudo_goodpath
+ [23e8627a2265]
- * configure, configure.in, interfaces.c, snprintf.c, sudo.c,
- sudo.h, auth/sudo_auth.c: o Digital UNIX needs to check for
- *snprintf() before -ldb is added to LIBS since -ldb includes a
- bogus snprintf(). o Add forward refs for struct mbuf and struct
- rtentry for Digital UNIX. o Reorder some functions in snprintf.c
- to fix -Wall o Add missing includes to fix more -Wall
+ * parse.c:
+ added support for /sys/dir.h
+ [eca897087741]
-1999-08-12 10:37 millert
+ * options.h:
+ USE_REALPATH turned off
+ [620ac8b63d85]
- * INSTALL, check.c, config.h.in, configure, configure.in,
- parse.yacc, testsudoers.c, version.c, visudo.c, auth/sudo_auth.c:
- o Add a "pedentic" flag to the parser. This makes sudo warn in
- cases where an alias may be used before it is defined. Only
- turned on for visudo and testsudoers. o Add
- --disable-authentication option that makes sudo not require
- authentication by default. The PASSWD tag can be used to require
- authentication for an entry. We no longer overload
- --without-passwd.
+ * find_path.c:
+ added calls to sudo_goodpath()
+ [ad170904fbcd]
-1999-08-12 10:29 millert
+ * configure.in:
+ added check for dirent.h
+ [7964a8c26855]
- * lex.yy.c, parse.lex: Break 'WORD' regexp def into HOSTNAME and
- USERNAME. These days a username can contain just about anything
- so be very permissive. Also drop the unused \. punctuation.
+ * config.h.in:
+ added HAVE_DIRENT_H
+ [1f785fec7e19]
-1999-08-09 18:25 millert
+ * configure.in:
+ added in linux shadow pass stuff \ 6
+ [e585a5785f50]
- * parse.yacc: o add a 'val' element to aliasinfo struct and move ->
- parse.h o find_alias() now returns an aliasinfo * instead of
- boolean o add_alias() now takes a value parameter to store in the
- aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
- return: 1) positive match 0) negative match (due to '!') -1) no
- match This means setting $$ explicitly in all cases, which I
- should have done in the first place. It also means that we
- always store a value that is != -1 and when we see a '!' we can
- set *_matches to !rv if rv != -1. The upshot of all of this is
- that '!' now works the way it should in lists and some of the
- rules are more uniform and sensible.
+1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-09 18:17 millert
+ * visudo.c:
+ added back host, user, cmnd, parse_error
+ [0ec19f3d64f4]
- * Makefile.in: add parse.h dependency
+ * visudo.c:
+ added in utk changes plus some minor cosmetic changes
+ [c5c1921c8a58]
-1999-08-09 18:17 millert
+ * sudo.c, sudo_realpath.c:
+ added void casts for printf's
+ [9c6ff11c0082]
- * parse.h: kill unused *_matched macros
+ * options.h:
+ added a define of USE_REALPATH
+ [db3711c9efc5]
-1999-08-09 10:35 millert
+ * configure.in:
+ there is no more visudoers/Makefile
+ [36e1bc1f78d0]
- * parse.yacc: Allow a list of users as the first thing in a user
- spec, not just a single entry. This makes things more uniform,
- though it does allow you to write user specs that are hard to
- read.
+ * Makefile.in:
+ added in utk changes (visudo is now built from the toplevel)
+ [76203d4b345d]
-1999-08-09 10:08 millert
+ * find_path.c:
+ added (void) casts to printf's
+ [dd5cb1e060ac]
- * configure: regen
+ * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
+ merged in utk changes
+ [35563307fd8e]
-1999-08-09 10:08 millert
+1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: fix check for crypt() in libufc
+ * find_path.c:
+ now check to see that what we are trying to run is a file (or a link
+ to a file, we do a stat(2) so there is no diff)
+ [05889c4bcace]
-1999-08-07 14:03 millert
+1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * README: sudo-users list now exists
+ * CHANGES:
+ updated
+ [3e8047bb26fb]
-1999-08-07 07:46 millert
+ * Makefile.in:
+ aclocal.m4 -> acsite.m4 make realclean updated for new autoconf \ 6
+ [0bdbaa7c4c7d]
- * INSTALL, PORTING, README, TODO, TROUBLESHOOTING: Update to
- reality.
+ * sudo.man:
+ added myself as maintainer
+ [77a9d75aab84]
-1999-08-07 05:59 millert
+1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
- config.h.in, configure.in, logging.c, sudo.h, version.c,
- visudo.c, configure, fileops.c: o Move lock_file() and touch()
- into fileops.c so visudo can use them o Visudo now locks the
- sudoers temp file instead of bailing when the temp file already
- exists. This fixes the problem of stale temp files but it does
- *require* that you not try to put the temp file in a
- world-writable directory. This shoud not be an issue as the temp
- file should live in the same dir as sudoers. o Visudo now only
- installs the temp file as sudoers if it changed.
+ * sudo.c:
+ changed setegid -> setgid
+ [7f4788d73b6f]
-1999-08-06 09:49 millert
+1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c: add fcntl locking
+ * configure.in:
+ fixed the test for irix 5.x to skip bad libs
+ [bfef896de013]
-1999-08-06 09:33 millert
+ * aclocal.m4:
+ now initialize OS and OSREV
+ [cc302756e440]
- * configure, config.h.in, configure.in, logging.c: Lock the log
- file.
+1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-06 05:36 millert
+ * configure.in:
+ irix5 changes
+ [ac985b23f5f2]
- * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
- visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: o
- /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
- temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and
- _PATH_SUDO_STMP -> _PATH_SUDOERS_TMP
+ * configure.in:
+ AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
+ compatibility
+ [0cf8c92a06d7]
-1999-08-05 17:38 millert
+1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, check.c, config.h.in, configure, configure.in,
- version.c: o Kill *_MESSAGE and replace with NO_LECTURE o Add
- more things to root sudo -V config reporting
+ * visudo.c:
+ use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
+ thing wrt yyrestart (grrrr)
+ [18e8eabfbb82]
-1999-08-05 10:56 millert
+1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: aix_auth.o not authenticate.o
+ * Makefile.in:
+ added visudoers/compat.h to DISTFILES
+ [db23b574b034]
-1999-08-05 10:48 millert
+ * configure.in:
+ fixed an echo
+ [7cbc0462b89d]
- * config.h.in: Add --with-goodpri and --with-badpri configure
- options to specify the syslog priority to use.
+ * sudo.c:
+ added ocmnd declaration adjusted for find_path()'s new parameters
+ [d929cd156474]
-1999-08-05 10:30 millert
+ * sudo.h:
+ added ocmnd extern adjusted find_path() prototype
+ [e0004daf5d3c]
- * INSTALL, configure.in, logging.h, configure: Add --with-goodpri
- and --with-badpri configure options to specify the syslog
- priority to use.
+ * parse.c:
+ cmndcmp() now takes 3 arguments and checks against the qualified as
+ well as the unqualified pathname. more code that should use
+ cmndcmp() but did not, now does
+ [6f70a8c17bee]
-1999-08-05 10:25 millert
+ * options.h:
+ added to a comment
+ [7a78680426b2]
- * compat.h: kill crufty AIX stuff
+ * logging.c:
+ changed to use new find_path() parameter passing
+ [840981d30db4]
-1999-08-05 06:55 millert
+ * find_path.c:
+ find_path() now takes 2 copyout parameters (one for the qualified
+ pathname and one for the unqualified pathname). The third parameter
+ may be NULL.
+ [851503b005e9]
- * Makefile.in: Sigh, some versions of make (like Solaris's) don't
- deal with $< like I would expect. Both GNU and BSD makes get
- this right but... So, we just expand $< inline at the cost of
- some ugliness.
+ * configure.in:
+ no longer munge pathnames.h
+ [427d8796c5a9]
-1999-08-05 06:52 millert
+ * pathnames.h.in:
+ changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
+ as a result, pathnames.h does not need to be run through configure
+ and the user can override the configured values easily.
+ [2e378f2ebe88]
- * version.c: If the invoking user is root, sudo will now print
- configure info in -V mode. Currently just prints logging info,
- to be expanded later.
+ * config.h.in:
+ added _SUDO_PATH_* entries
+ [0857de7cebab]
-1999-08-05 06:51 millert
+ * aclocal.m4:
+ _PATH* -> _SUDO_PATH_*
+ [7601193f56cc]
- * logging.c, logging.h, sudo.c, sudo.h: o new defines for syslog
- facility and priority o use new print_version() functino for -V
- mode
+ * Makefile.in:
+ updated DISTFILES and HDRS .o's now depend on config.h
+ [39d8601965cf]
-1999-08-05 06:49 millert
+1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c: Don't need version.c
+ * compat.h:
+ removed extraneous #endif
+ [27d4c5f2ce7e]
-1999-08-05 06:21 millert
+ * aclocal.m4:
+ added SUDO_PROG_MV
+ [76dda3bdd816]
- * configure, configure.in, aclocal.m4, config.h.in: Add check for
- syslog facilities and priorities tables in syslog.h
+ * configure.in:
+ added SUDO_PROG_MV added riscos and isc os types took out
+ -DSHORT_MESSAGE from --with-csops since it is now the default
+ [68c206ad976e]
-1999-08-05 05:23 millert
+ * sudo.c:
+ move the include of id.h to compat.h now includes options.h
+ [45a1eaafb3a8]
- * Makefile.in: o authenticate -> aix_auth o add version.c
+ * sudo.h:
+ moved compatibility #defines to compat.h
+ [0eee27057698]
-1999-08-05 05:21 millert
+ * pathnames.h.in:
+ added _PATH_MV
+ [e830797ab320]
- * auth/sudo_auth.c: Missed a prompt -> user_prompt conversion
+ * config.h.in:
+ move __P to compat.h
+ [188e12e0ba93]
-1999-08-04 13:32 millert
+ * getcwd.c, getwd.c, putenv.c:
+ now includes compat.h
+ [c72cb6d73981]
- * TODO: sudo should lock its logfile
+ * compat.h:
+ Initial revision
+ [d4d2f359ae03]
-1999-08-04 13:28 millert
+1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.yacc: o Add '!' correctly when expanding Aliases. o Add
- shortcut macros for append() to make things more readable. o The
- separator in append() is now a string instead of a char. o In
- append(), only prepend the separator if the last char is not a
- '!'. This is a hack but it greatly simplifies '!' handling. o
- In -l mode, Runas lists and NOPASSWD/PASSWD tags are now
- inherited across entries in a list (matches current behavior).
- o Fix formatting in -l mode such that items in a list are
- separated by a space. Greatlt improves readability. o Space
- for name field in struct aliasinfo is now allocated dyanically
- instead of using a (big) buffer. o In add_alias(), only search
- the list once (lsearch instead of lfind + lsearch)
+ * sudo.h:
+ pull user-configurable stuff out and put in options.h
+ [ef929467b070]
-1999-08-04 11:31 millert
+1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * lex.yy.c, sudo.tab.h: regen
+ * parse.lex, parse.yacc, visudo.c:
+ now includes options.h
+ [e36d7c82add1]
-1999-08-04 10:54 millert
+ * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
+ sudo_setenv.c:
+ now includes options.h
+ [f186ba03de07]
- * configure, configure.in: Solais pam doesn't require anye xtra
- setup
+ * Makefile.in:
+ added visudoers/options.h
+ [e5350c476494]
-1999-08-04 05:35 millert
+ * OPTIONS, options.h:
+ Initial revision
+ [9b6b5001e318]
- * parse.yacc: o Simpler '!' support now that the lexer deals with
- multiple !'s for us. o In the case of opFOO, have FOO give a
- boolean return value and set foo_matches in opFOO, not FOO. o
- Treat 'ALL' as a string since it gets fill()'d in
- parse.lex--fixes a small memory leak. In the long run it may
- be better to just fix parse.lex and make ALL back into a token.
- However, having it be a string is useful since it can be
- easily passed back to the parent rule if we so desire.
+ * Makefile.in:
+ added OPTIONS and options.h
+ [25448341e16a]
-1999-08-04 03:54 millert
+ * logging.c:
+ changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
+ [5dd6385dd1d3]
- * parse.lex: o Remove some unnecessary backslashes o collapse
- multiple !'s by using !+ and checking if yyleng is even or odd.
- this allows us to simplify ! handling in parse.yacc
+ * check.c, sudo.h:
+ changed PASSWORD_TIMEOUT to minutes
+ [0ec6aab98738]
-1999-08-04 03:53 millert
+1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: -u flag was being ignored
+ * visudo.c:
+ now only do Editor +line_num if line_num != 0
+ [b69f04b5e3c7]
-1999-08-01 13:04 millert
+1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: correct fix
+ * visudo.c:
+ now use mv if rename(2) fails
+ [83210dca1bab]
-1999-08-01 12:37 millert
+ * BUGS:
+ added a visudo bug
+ [d61a806f9aa7]
- * Makefile.in: work around pod2man stupididy
+ * check.c:
+ expanded comment
+ [641f2cba94cb]
-1999-08-01 12:35 millert
+1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: correct dependencies for .cat
+ * check.c:
+ fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
+ [7a11135039a8]
-1999-08-01 12:26 millert
+1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudo.man, visudo.cat, visudo.man: regen
+ * sudo.c:
+ added mips & isc support
+ [e258dc053119]
-1999-08-01 12:25 millert
+ * parse.c:
+ added support for non-root owned sudoers file
+ [fea07e65a0fc]
- * sudo.pod, visudo.pod: Add copyright Update to reality
+ * check.c:
+ added exempt group support
+ [928fb4bd9ad5]
-1999-08-01 11:42 millert
+ * sudo.h:
+ added set_perms() support added SUDOERS_OWNER so can have non-root
+ own sudoers file added exempt group support added isc support
+ [61c578d31fc1]
- * parse.c, sudo.c, sudo.h: rename validate() to the more
- descriptive sudoers_lookup()
+ * visudo.c:
+ now copy sudoers to temp file via read/write (not stdio) now chown
+ new sudoers file to SUDOERS_OWNER
+ [a5176c59df70]
-1999-08-01 06:49 millert
+1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/aix_auth.c: use tgetpass
+ * configure.in:
+ added skey support
+ [35a8d2fabdb7]
-1999-07-31 12:32 millert
+ * sudo_realpath.c:
+ be_* -> setperms()
+ [a1631d686e1c]
- * CHANGES: updates
+ * sudo.h:
+ fixed typo added set_perms support added skey support added
+ seteuid()/setegid() emulation for AIX
+ [c0c8d6771406]
-1999-07-31 12:31 millert
+ * sudo.c:
+ be_* -> setperms() now check to make sure sudoers file is owned by
+ root nread/write by only root
+ [13ab1e261f1a]
- * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
- configure, configure.in, sudo.c: Sudo, not CU Sudo
+ * logging.c, parse.c:
+ be_* -> setperms()
+ [21499d845c8f]
-1999-07-31 12:19 millert
+ * check.c:
+ be_* -> set_perms() added skey support
+ [df51b56871c1]
- * Makefile.in, alloc.c, check.c, compat.h, config.h.in,
- find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
- ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
- lex.yy.c, logging.c, logging.h, parse.c, parse.h, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
- auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
- auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
- auth/sudo_auth.c, auth/sudo_auth.h, emul/search.h, emul/utime.h,
- LICENSE: add 4th term to license similar to term 5 in the apache
- license
+1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-31 12:02 millert
+ * Makefile.in:
+ ++version
+ [3c1abbe4e43c]
- * LICENSE, aclocal.m4, check.c, configure.in, insults.h, logging.c,
- sudo.c, sudo.h, auth/rfc1938.c: there was a 1995 release too
+ * version.h:
+ ++
+ [1d2f9b540a95]
-1999-07-28 05:24 millert
+1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: updates
+ * sudo.c:
+ now sets IFS
+ [eabbb41b9f08]
-1999-07-28 05:21 millert
+ * insults.h:
+ fixed typo
+ [c7997f19216e]
- * check.c: Use dirs instead of files for timestamp. This allows
- tty and non-tty schemes to coexist reasonably. Note, however,
- that when you update a tty ticket, the mtime on the user dir gets
- updated as well.
+1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-28 05:17 millert
+ * config.h.in:
+ added HAVE_SKEY
+ [da948ec4186b]
- * configure.in, configure: Fix getprpwnam() checking on SCO. Need
- to link with "-lprot -lx" when linking test program, not just
- -lprot. Also add check for getspnam(). The SCO docs indicate
- that /etc/shadow can be used but this may be a lie.
+1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-24 03:35 millert
+ * CHANGES:
+ updated
+ [f4b55ab007ea]
- * auth/API: first cut at auth API description
+ * Makefile.in:
+ ++version
+ [0489068b8c95]
-1999-07-22 15:48 millert
+ * version.h:
+ ++
+ [d189faedf423]
- * auth/: fwtk.c, kerb4.c, kerb5.c, pam.c, rfc1938.c, secureware.c,
- securid.c, sudo_auth.c, sudo_auth.h: auth API change. There is
- now an init method that gets run before the main loop. This
- allows auth routines to differentiate between initialization that
- happens once vs. setup that needs to run each time through the
- loop.
+ * sudo.c:
+ now bail if ARgv[1] > MAXPATHLEN
+ [0cea8ecc9dc2]
-1999-07-22 12:23 millert
+ * configure.in:
+ added function check for tcgetattr(3)
+ [e03289b22c2f]
- * logging.c, auth/kerb5.c: use easprintf() and evasprintf()
+ * config.h.in:
+ only define HAVE_TERMIOS_H if you have tcgetattr(3)
+ [757eab83d1a2]
-1999-07-22 12:22 millert
+ * config.h.in:
+ added check for tcgetattr
+ [c5ae92715930]
- * alloc.c, sudo.h: add easprintf() and evasprintf(), error checking
- versions of asprintf() and vasprintf()
+1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-22 09:14 millert
+ * CHANGES:
+ updated
+ [cbc419883108]
- * TODO: remove 2 items. One done, one won't do.
+1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-22 09:10 millert
+ * parse.lex:
+ now only include unistd.h for linux
+ [e9adeab95ef0]
- * sudo.man, visudo.man, sudo.cat, sudo.html, sudoers.html,
- visudo.cat, visudo.html, configure, lex.yy.c: regen
+1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-22 09:06 millert
+ * Makefile.in:
+ added visudo.8 generation
+ [d6a3f0f887f8]
- * CHANGES: new changes
+ * configure.in:
+ added -Wl,-bI:./aixcrypt.exp to aix flags
+ [72594a21edcf]
-1999-07-22 09:01 millert
+1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod: o Document -K flag and update meaning of -k flag. o
- BSD-style copyright o Document clearing of BIND resolver
- environment variables o Clarify bit about shared libs o suggest
- rc files create /tmp/.odus if your OS gives away files
+ * BUGS:
+ added one
+ [9993a349e096]
-1999-07-22 08:59 millert
+ * CHANGES:
+ updated
+ [297b31ec4cdd]
- * visudo.pod: BSD license
+ * README:
+ added mailing list info
+ [10372f94a2b2]
-1999-07-22 08:58 millert
+ * parse.yacc:
+ now use sudolineno instead of yylineno fixed bison warnings
+ [25a83e62057b]
- * tgetpass.c: o BSD copyright o no need to block signals, we now do
- that in main() o cosmetic changes
+ * configure.in:
+ now use -no_library_replacement for osf don't make a static binary
+ for hpux >= 9.0
+ [1fa7b892f1a3]
-1999-07-22 08:57 millert
+ * tgetpass.c:
+ added string.h/strings.h inclusion
+ [71faa98fc0a1]
- * testsudoers.c, visudo.c: o BSD-style copyright o Use "struct
- sudo_user" instead of old globals. o some cometic cleanup
+ * config.h.in:
+ added ssize_t def
+ [406284bd1ac0]
-1999-07-22 08:56 millert
+ * parse.lex:
+ added inclusion of string.h/strings.h
+ [6985b1df5d09]
- * sudo_setenv.c, version.h: BSD-style copyright
+ * aclocal.m4:
+ fixed uname | sed (needed to quote the '[')
+ [4cd2d3415c1a]
-1999-07-22 08:56 millert
+ * parse.lex:
+ replaced yylineno with sudolineno fixed bison syntax errors
+ [0bd31a5fab26]
- * sudo.h: o BSD copyright o logging and parser bits moved to their
- own .h files o new "struct sudo_user" to encapsulate many of the
- old globals.
+ * visudo.c:
+ changed yylineno to sudolineno since yylineno cannot be counted
+ upon.
+ [38c30104d0ae]
-1999-07-22 08:55 millert
+ * TODO:
+ updated
+ [5d4746f1a752]
- * sudo.c: o no longer contains sudo 1.1/1.2 code o BSD copyright o
- use new logging routines o simplified flow of control o BIND
- resolver additions to badenv_table
+ * parse.c:
+ added code to support command listings
+ [030172e133fd]
-1999-07-22 08:53 millert
+ * sudo.c:
+ added code for -l flag
+ [801dbbc82778]
- * strerror.c: BSD-style copyright
+ * sudo.man:
+ fixed typo added info for -l flag
+ [8916ca945d65]
-1999-07-22 08:53 millert
+ * configure.in:
+ AC_SSIZE_T -> SUDO_SSIZE_T
+ [c61f7f47013f]
- * snprintf.c: Now compiles on more K&R compilers
+ * aclocal.m4:
+ added SUDO_SSIZE_T
+ [0ccdb77be84d]
-1999-07-22 08:52 millert
+ * sudo.h:
+ added MODE_LIST
+ [9b2bd844c76c]
- * putenv.c: BSD-style copyright, cosmetic changes
+ * configure.in:
+ added AC_SSIZE_T
+ [35cca208f9b5]
-1999-07-22 08:51 millert
+ * find_path.c, sudo_realpath.c:
+ readlink() is now declared as returning ssize~_t
+ [0640a08d1407]
- * parse.c, parse.yacc, parse.h, parse.lex: BSD-style copyright.
- Move parser-specific defines and structs into parse.h + other
- cosmetic changes
+ * configure.in:
+ added -laud for OSF c2
+ [b7539c905efc]
-1999-07-22 08:51 millert
+1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.h: defines for logging routines
+ * Makefile.in, visudo.c:
+ changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
+ [067fd9bcb5e1]
-1999-07-22 08:49 millert
+ * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
+ changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
+ [fc46e7c7110a]
- * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.h, pathnames.h.in: BSD-style copyright
+ * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
+ parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
+ sudo_setenv.c, tgetpass.c, version.h:
+ changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
+ [d1d4fbc53a98]
-1999-07-22 08:48 millert
+1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * find_path.c, getspwuid.c, goodpath.c, interfaces.c: BSD-style
- copyright, cosmetic changes
+ * Makefile.in:
+ ++version
+ [b7066d97633f]
-1999-07-22 08:46 millert
+ * version.h:
+ ++
+ [65ec69d88110]
- * configure.in: o tgetpass.c is no longer optional o kill DCE_OBJS,
- add AUTH_OBJS o kill --disable-tgetpass o add --without-passwd o
- changes to fill in AUTH_OBJS for new auth api o check for
- strerror(), v?snprintf() and v?asprintf() o replace
- --with-AuthSRV with --with-fwtk
+ * logging.c:
+ added host to alertmail messages
+ [d973c19ce777]
-1999-07-22 08:43 millert
+ * CHANGES, TODO:
+ udpated
+ [5a65eb16faeb]
- * config.h.in: BSD-style copyright. Remove USE_GETPASS and
- HAVE_UTIME_NULL. Add HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF,
- HAVE_VSNPRINTF, HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and
- NO_PASSWD
+ * logging.c:
+ fixed logging problem where mail would not say which user it was
+ [35723edcc5d2]
-1999-07-22 08:42 millert
+ * configure.in:
+ added -laud for gcc if osf & c2
+ [18f1e0ae5548]
- * compat.h: BSD-style copyright; Add S_IFLNK and MIN/MAX id they
- are missing.
+ * check.c:
+ moved set_auth_parameters to sudo.c
+ [d23112fe01db]
-1999-07-22 08:39 millert
+ * sudo.c:
+ added set_auth_parameters for osf
+ [eb70f65214ac]
- * alloc.c: BSD-style copyright
+ * configure.in:
+ cleaned up -static stuff
+ [01e9575f0422]
-1999-07-22 08:38 millert
+ * Makefile.in:
+ ++version
+ [7ac3bff5c770]
- * TROUBLESHOOTING: no more --with-getpass
+ * version.h:
+ ++
+ [10a4ff478469]
-1999-07-22 08:34 millert
+ * sudo.c:
+ changed setenv() to sudo_setenv()
+ [40a78abb9946]
- * TODO: Take out things I've done...
+ * check.c:
+ fixed osf problem
+ [3d69b118efb8]
-1999-07-22 08:34 millert
+ * configure.in:
+ added OSF C2 stuff
+ [38cff3ad4093]
- * README: Refer to LICENSE
+ * CHANGES:
+ updated
+ [cd341dd0581a]
-1999-07-22 08:34 millert
+ * check.c:
+ added osf auth support & removed some extra spaces
+ [a448cdd81514]
- * PORTING: --with-getpass no longer exists
+ * INSTALL, SUPPORTED:
+ added osf C2 stuff
+ [f70484796146]
-1999-07-22 08:33 millert
+1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: BSD-style copyright. Update to reflect reality wrt
- new files and new auth modules.
+ * TODO:
+ added 2 suggestions
+ [695fbdbd86e6]
-1999-07-22 08:32 millert
+ * Makefile.in:
+ removed README.v1.3.1 and added VERSION stuff
+ [f69403eb04c6]
- * INSTALL: Remove --with-AuthSRV and --disable-tgetpass. Add
- --with-fwtk and --without-passwd.
+ * version.h:
+ pl1
+ [21580c0f8cb1]
-1999-07-22 08:31 millert
+1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * HISTORY: Update history a bit
+ * version.h:
+ 1.3.1final
+ [630114970298]
-1999-07-22 08:29 millert
+ * Makefile.in:
+ added HISTORY
+ [901bff251614]
- * COPYING, LICENSE: Now distributed under a BSD-style license
+ * sudo.man:
+ mention HISTPRY file
+ [86dbcfd4326e]
-1999-07-22 08:28 millert
+ * sudo.c:
+ use sizeof instead of a constant in 1 place
+ [d819604c68ca]
- * auth/sudo_auth.c: o BSD-style copyright o Add support for
- NO_PASSWD/WITHOUT_PASSWD options. o skey/opie replaced by
- rfc1938 code o new struct sudo_user global
+ * parse.yacc:
+ added unistd.h
+ [6f9500f9fe7e]
-1999-07-22 08:25 millert
+ * parse.lex:
+ added unistd.h
+ [468b81a276eb]
- * auth/: pam.c, sia.c: BSD-style copyright and use new log
- functions
+ * README:
+ udpated
+ [7e275618923a]
-1999-07-22 08:24 millert
+ * HISTORY:
+ Initial revision
+ [5db1b0a3939b]
- * auth/kerb5.c: o BSD-style copyright o Use new log functiongs o
- Use asprintf() and snprintf() where sensible.
+1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-22 08:19 millert
+ * version.h:
+ ++
+ [7dfbb4a810bb] [SUDO_1_3_1]
- * check.c: Rewrote all the old sudo 1.1/1.2 code. Timestamp
- handling is now done more reasonably--better sanity checks and
- tty-based stamps are now done as files in a directory with the
- same name as the invoking user, eg. /var/run/sudo/millert/ttyp1.
- It is not currently possible to mix tty and non-tty based ticket
- schemes but this may change in the future (it requires sudo to
- use a directory instead of a file in the non-tty case). Also,
- ``sudo -k'' now sets the ticket back to the epoch and ``sudo -K''
- really deletes the file. That way you don't get the lecture
- again just because you killed your ticket in .logout. BSD-style
- copyright now.
+ * CHANGES:
+ updated
+ [7820ee610bf8]
-1999-07-22 08:13 millert
+ * sudo_setenv.c:
+ added unistd.h include
+ [30cf2b654525]
- * logging.c: o rewritten logging routines. log_error() now takes
- printf-style varargs and log_auth() for the return value of
- validate(). o BSD-style copyright
+1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-22 07:04 millert
+ * sudo.c:
+ added sys/time.h for AIX
+ [199fc8caf3a3]
- * auth.c, check_sia.c, dce_pwent.c, secureware.c: superceded by new
- auth API
+1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-22 07:02 millert
+ * configure.in:
+ added check for -lsocket and sys/sockio.h
+ [f9abfbb31031]
- * auth/fwtk.c: Use snprintf() where it makes sense and add a
- BSD-style copyright
+ * config.h.in:
+ took out libshadow check and added in sys/sockio.h check
+ [0c4b0393ac80]
-1999-07-22 07:00 millert
+ * sudo.c:
+ now include sockio.h instead of ioctl.h if it exists "sudo -" now
+ gets a better error message
+ [53041bea5483]
- * auth/: afs.c, aix_auth.c, dce.c, passwd.c, rfc1938.c,
- secureware.c, securid.c, sudo_auth.h, kerb4.c: BSD-style
- copyright
+ * sample.sudoers:
+ now has a dir and subnet entry
+ [56b820f65438]
-1999-07-22 06:57 millert
+1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * emul/utime.h, utime.c: BSD-style copyright
+ * sudo.c:
+ removed if_ether.h
+ [b4f64507493e]
-1999-07-22 06:57 millert
+ * TODO:
+ added an item
+ [ea2a1bb6922a]
- * emul/search.h: this has been rewritten so use my BSD-style
- copyright
+ * sudo.man:
+ added network and ip addresses to man page
+ [01c85016511f]
-1999-07-15 11:21 millert
+ * sudo.c:
+ no error if can't get interfaces or netmask since networking may not
+ be in the kernel.
+ [50b8890e2134]
- * snprintf.c: include malloc.h if no stdlib.h
+ * parse.c:
+ nwo check for interfaces == NULL
+ [dc1b3eef0db2]
-1999-07-15 10:21 millert
+ * parse.c:
+ fixed a bug that caused directory specs in a Cmnd_Alias to fail if
+ the last entry in the spec failed (ie: it was only looking at the
+ last entry). CLeaned things up by adding the cmndcmp() function--all
+ neat & tidy
+ [007e93578e5e]
- * snprintf.c: KTH snprintf()/asprintf() for systems w/o them
+ * CHANGES:
+ added one
+ [40e8a2cef497]
-1999-07-15 10:20 millert
+1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * strerror.c: strerror() for systems w/o it
+ * sudo.c:
+ now do two passes to skip bogus interfaces (lo0, etc)
+ [465e30aecaf7]
-1999-07-12 06:53 millert
+ * parse.lex, parse.yacc, visudo.c:
+ added include of netinet/in.h
+ [11e3816ed362]
- * visudo.c: stylistic changes
+ * logging.c, sudo_realpath.c, sudo_setenv.c:
+ added ninclude of netinet/in.h
+ [daccfa40fe1e]
-1999-07-12 06:25 millert
+ * check.c, find_path.c, getcwd.c, getwd.c:
+ added include of netinet/in.h
+ [0222f95e06ad]
- * parse.c, parse.lex, parse.yacc: Add contribution info in the main
- comment
+ * version.h:
+ ++
+ [d6b0cfa35a38]
-1999-07-11 16:10 millert
+ * sudo.h:
+ added interfaces global
+ [ba52fa8ad75e]
- * auth/pam.c: remove missed ref to PAM_nullpw
+ * parse.c:
+ now uses new interfaces global
+ [17473ad5ecba]
-1999-07-11 16:10 millert
+ * sudo.c:
+ now ip addresses are gleaned fw/o dns
+ [8828bb2007e0]
- * auth/sudo_auth.h: pasto
+1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-11 15:19 millert
+ * sudo.c:
+ added load_ip_addrs() to load the ip_addrs global var
+ [60c825f04238]
- * auth/kerb5.c: more or less complete now--still untested
+ * parse.c:
+ added hostcmp() to compare hostnames, ip addrs, and network addrs
+ [ab0e40e37537]
-1999-07-11 15:09 millert
+ * sudo.h:
+ added ip_addrs def added load_ip_addrs prototype
+ [c41c565d0777]
- * auth/: afs.c, pam.c: don't use user_name macro, it will go away
+1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-11 14:42 millert
+ * CHANGES:
+ updated
+ [2a128dbe9bcb]
- * auth/: opie.c, rfc1938.c, sudo_auth.h, skey.c: combine skey/opie
- code into rfc1938.c
+ * Makefile.in:
+ removed multiple entries in DISTFILES
+ [2490f4f371e6]
-1999-07-11 07:22 millert
+ * visudo.c:
+ ansified the !STDC_HEADERS decls
+ [646ba06d17ae]
- * auth/: dce.c, sudo_auth.h: DCE authentication method; basically
- unchanged from dce_pwent.c
+ * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
+ don't do malloc decl if gnuc
+ [f1bad1925f98]
-1999-07-11 06:44 millert
+ * sudo.c:
+ can't use getopt(3) since it munges args to the command to be run as
+ root don't do malloc decl if gnuc
+ [38e78f6da14e]
- * auth/: aix_auth.c, sudo_auth.h: AIX authenticate() support.
- Could probably be much better
+ * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
+ sudo_realpath.c, sudo_setenv.c:
+ ansi-fied !STDC_HEADER function prottypes
+ [51d8cad89976]
+
+ * getcwd.c, getwd.c:
+ added missing paren
+ [6a1fae70e27e]
+
+ * Makefile.in:
+ added putenv.c to DISTFILES
+ [a5e4523eabbb]
+
+ * sudo_setenv.c:
+ added params to func decls when STDC_HEADERS is not defined now can
+ count on putenv() being there
+ [fd587796189b]
+
+ * sudo_realpath.c:
+ took out errno decl since sudo.h does it for us fixed up a next cc
+ warning added params to func decls when STDC_HEADERS is not defined
+ [70fa5152ace6]
-1999-07-11 06:43 millert
+ * sudo.h:
+ took out environ extern added local declaratio of putenv() if local
+ version is needed
+ [a84bae6c020d]
- * auth/sia.c: Fix an uninitialized variable and some cleanup. Now
- works (tested)
+ * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
+ added params to func decls when STDC_HEADERS is not defined
+ [f406f0e47ac0]
-1999-07-11 05:37 millert
+ * config.h.in:
+ added memcpy check check to see that ansi vs bsd macros are ntot
+ already defiend before defining (ie: avoid redefinition)
+ [879ae026e19f]
+
+ * configure.in:
+ removed fluff setenv check plus check w/ replace for putenv if also
+ no setenv
+ [e3c03814ad4b]
+
+ * putenv.c:
+ Initial revision
+ [3cff63e2dc1b]
+
+1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/: sia.c, sudo_auth.h: SIA support for digital unix
+ * sudo_setenv.c:
+ Initial revision
+ [4d637631fa6b]
+
+ * sudo.h:
+ rm'd s realp[ath added sudo_realpath and sudo_setenv
+ [07ba001ff57e]
+
+ * sudo.c:
+ now use sudo_setenvc
+ [fd81e04d5ef0]
+
+ * configure.in:
+ added puteenv and setenv, removed realpath
+ [27bfacfb513b]
+
+ * config.h.in:
+ added putenv & setenv
+ [515f14eaf6e4]
+
+ * Makefile.in:
+ added sudo_setenv
+ [217731a717c5]
+
+ * version.h:
+ ++
+ [eadb346d7129]
+
+1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added MAN_POSTINSTALL and /usr/share/catman for irix
+ [2a9496c1bdba]
+
+ * Makefile.in:
+ added MAN_POSTINSTALL
+ [89b0d4695529]
+
+ * CHANGES:
+ added
+ [48c021ba8a70]
+
+ * sudo.man:
+ added SUDO_* plus new options
+ [c0759cff5683]
+
+ * CHANGES:
+ added one
+ [7d44a3922d56]
+
+ * configure.in:
+ took out shadow lib
+ [07cf3de18701]
+
+ * TODO:
+ adde done
+ [a27a578e8afe]
+
+ * visudo.c:
+ now use yyrestart() if flex now reset yylineno to 0
+ [77d67ce0b677]
+
+ * Makefile.in:
+ support for installing a cat page instead of a man page if no nroff
+ [44671c0fc0fa]
+
+ * configure.in:
+ now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
+ to determine whether or not to install a cat or man page
+ [0562d069c135]
-1999-07-11 05:33 millert
+ * config.h.in:
+ added HAVE_FLEX
+ [c5490bae39d3]
- * auth/pam.c: don't use prompt global, it will go away
+ * sudo.c:
+ not set ret to MODE_RUN initially
+ [88b4983c195b]
-1999-07-11 05:32 millert
+ * find_path.c:
+ made command (and therefor cmnd dynamically allocated)
+ [95b82e32b6de]
- * auth/secureware.c: correct copyright years
+ * TODO:
+ did #8
+ [fb6f41308cdf]
-1999-07-10 20:32 millert
+ * version.h:
+ ++
+ [14112ecab5ae]
- * auth/: afs.c, fwtk.c, kerb4.c, sudo_auth.h, kerb5.c, opie.c,
- pam.c, passwd.c, secureware.c, securid.c, skey.c, sudo_auth.c:
- New authentication API and methods
+ * sudo_realpath.c:
+ changed bufs from MAXPATHLEN to MAXPATHLEN+1
+ [0ad4f34e55c0]
-1999-07-08 06:46 millert
+ * sudo.h:
+ added MODE_ removed validate_only and added remove_timestamp()
+ [dd5f99c57728]
- * parse.yacc: only save an entry if user_matches && host_matches,
- even if the stack is empty (fix for previous commit)
+ * sudo.c:
+ usage() now takes an int (exit value) added parse_args() to parse
+ command line arguments moved call to find_path() from load_globals
+ to new function load_cmnd() removed validate_only global -- now use
+ the concept of "modes" added -h and -k options
+ [c3887090b28a]
-1999-07-08 06:35 millert
+ * parse.c:
+ no longer use global validate_only now checks for command called
+ "validate" removed check for non-fully qualified commands since that
+ is done by find_path
+ [7d56fbd26369]
- * parse.yacc: 1) Always save an entry on the stack if it is empty.
- This fixes the -l and -v flags that were broken by earlier parser
- changes.
+ * find_path.c:
+ changed MAXPATHLEN r to MAXPATHLEN+1
+ [a86e8664d971]
- 2) In a Runas list, don't negate FALSE -> TRUE since that would
- make !foo match any time the user specified a runas user (via -u)
- other than foo.
+ * find_path.c:
+ fixed off by one error with MAXPATHLEN and fixed a comment
+ [58adcef8c981]
-1999-07-08 05:45 millert
+ * check.c:
+ check_timestamp no longer runs reminder(), it is implied in the
+ return val added remove_timestamp()
+ [42ab5a77066f]
- * testsudoers.c: interfaces and num_interfaces are now auto, not
- extern
+ * CHANGES:
+ updated
+ [8e69b31df024]
-1999-07-07 14:09 millert
+1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth.c: use a static global to keep stae about empty passwords
+ * BUGS:
+ fixed on
+ [bc34f1ac4280]
-1999-07-07 14:08 millert
+ * sudo_realpath.c:
+ took out old_errno
+ [a168d00a0768]
- * check_sia.c: make PASSWORD_NOT_CORRECT logging consistent with
- other modules
+ * CHANGES:
+ updated
+ [04ba80922df7]
-1999-07-05 16:53 millert
+1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth.c: PAM prompt code was wrong, looks like we have to kludge
- it after all.
+ * logging.c:
+ moved send_mail to after syslog
+ [4d4188087834]
-1999-07-05 16:35 millert
+ * sudo.c:
+ now set SUDO_ envariables
+ [e5963f1bd3bb]
- * auth.c: In the PAM code, when a user hits return at the first
- password prompt, exit without a warning just like the normal auth
- code
+1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-05 16:15 millert
+ * version.h:
+ ++
+ [2a4534845d8c]
- * configure, configure.in: kludge around cross-compiler false
- positives
+ * sudo_realpath.c:
+ now print error if chdir fails
+ [0d75c8973d49]
-1999-07-05 16:14 millert
+ * find_path.c:
+ removed an XXX
+ [e2077bcb35aa]
- * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c: New
- (correct) PAM code Tgetpass now takes an echo flag for use with
- PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
- useless umask setting Change error from BAD_ALLOCATION ->
- BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to
- auth.c for consistency
+1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-05 16:11 millert
+ * CHANGES:
+ updated
+ [e30a2b39b41a]
- * sudo.c: Some -Wall and kill some trailing spaces
+ * configure.in:
+ no more static binaries for aix
+ [77a0beb6bd80]
-1999-07-05 16:10 millert
+1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: define -D__EXTENSIONS__ for solaris so we get
- crypt() proto
+ * INSTALL:
+ fixed typo
+ [ba5e0d391bc4]
-1999-06-22 09:42 millert
+ * sudo_realpath.c:
+ took out stuff not needed for sudo now does be_root/be_user itself
+ now uses cwd global
+ [4f6d4641d793]
- * RUNSON: add Dynix 4.4.4
+ * version.h:
+ +=2
+ [97da927b297c]
-1999-06-22 09:30 millert
+ * logging.c, sudo.c:
+ be_root/be_user is now down in sudo_realpath()
+ [f331662fa50f]
- * INSTALL, config.h.in, configure.in, configure: for kerberos V <
- version, fall back on old kerb4 auth code
+ * logging.c, sudo.h:
+ now works with 4.2BSD syslog (blech)
+ [98e39d89dd36]
-1999-06-22 06:41 millert
+ * find_path.c:
+ now use sudo_realpath()
+ [ab436a8ebd02]
- * INSTALL: clarify some things
+ * config.h.in:
+ took out realpth() stuff since we now use sudo_realpath()
+ [8de5ef9f6044]
-1999-06-22 06:38 millert
+ * configure.in:
+ ultrix enhanced sec
+ [815fb7fffcc0]
- * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod: typos
+ * SUPPORTED:
+ added ultrix enhanced sec.
+ [6466766c8062]
-1999-06-14 19:47 millert
+ * INSTALL:
+ updated
+ [d681a634297a]
- * sudo.c: mention why DONT_LEAK_PATH_INFO is not the default
+ * check.c:
+ ultrix enhanced security suport
+ [f10c8decbcc2]
-1999-06-03 12:34 millert
+ * Makefile.in:
+ added sudo_realpath.c
+ [6b9bcd3be022]
- * tgetpass.c: Fix open(2) return value checking, was NULL for
- fopen, should be -1 for open
+ * CHANGES:
+ updated
+ [2fa8084c1b53]
-1999-06-03 12:06 millert
+ * tgetpass.c:
+ increased passwd len to 24 for c2 security
+ [ec64838be62d]
- * configure: regen
+ * BUGS:
+ updated BUGS
+ [ca00d8fec2ce]
-1999-06-03 12:06 millert
+1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: better wording for solaris pam notice
+ * check.c:
+ now use user global var
+ [568769719013]
-1999-06-03 11:52 millert
+ * configure.in:
+ took out -ls
+ [490a44180d5f]
- * CHANGES: document recent changes
+1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-06-03 11:52 millert
+ * configure.in:
+ added AFS libs
+ [4fb40c8c01ba]
- * TROUBLESHOOTING: Update shadow password section
+ * sudo.h:
+ user is now a char * added epasswd
+ [27a919fafdfb]
-1999-06-03 11:51 millert
+ * sudo.c:
+ added tzset() to load_globals added epasswd (encrypted password)
+ global made user dynamically allocated
+ [b99ef9bdbfce]
- * auth.c: move authentication code from check.c to auth.c
+ * configure.in:
+ added tzset test
+ [27592dd1214b]
-1999-06-03 11:51 millert
+ * config.h.in:
+ added HAVE_TZSET
+ [b13f4213f3d0]
- * Makefile.in, check.c, sudo.h: move authentication code to auth.c
+ * check.c:
+ cleaned up encrypted passwd grab somewhat
+ [c8ba9a4db38a]
-1999-05-16 21:36 millert
+ * configure.in:
+ fixed AFS typo
+ [2bfcbce237b6]
- * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
- getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
- logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
- sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, visudo.c: Move
- interface-related defines to interfaces.h so we don't have to
- include <netinet/in.h> everywhere.
+ * INSTALL:
+ added AFS not
+ [80c67329393c]
-1999-05-14 12:30 millert
+ * CHANGES:
+ udpated
+ [2f09ecdd5d31]
- * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c,
- logging.c, parse.yacc, sudo.c, tgetpass.c: o Replace _PASSWD_LEN
- braindeath with our own SUDO_MAX_PASS.
- It turns out the old DES crypt does the right thing with
- passwords
- longert than 8 characters.
- o Fix common typo (necesary -> necessary)
- o Update TODO list
+ * logging.c:
+ can now log to both syslog & a file
+ [4d5c0932bc01]
-1999-05-03 12:00 millert
+ * sudo.h:
+ added BOTH_LOGS
+ [623c539be824]
- * sudo.c: set $LOGNAME when we set $USER
+ * CHANGES:
+ updated
+ [a1c7f5ef3616]
-1999-04-27 00:00 millert
+ * configure.in:
+ --with-AFS
+ [28718d8f5daf]
- * INSTALL: add comment about digital unix and interfaces.c warning
- with gcc
+ * config.h.in:
+ added HAVE_AFS
+ [2e32bb4e63e4]
-1999-04-15 01:12 millert
+ * check.c:
+ added afs changes
+ [fe4d0ff320a2]
- * sample.sudoers: use modern paths and give examples for some of
- the new parser features
+ * sudo.h:
+ removed AFS stuff :-)
+ [a40387e6fa27]
-1999-04-10 13:03 millert
+ * tgetpass.c:
+ include sys/select for AIX
+ [f32c5a8f2c84]
- * parse.c: fix comment
+ * sudo.h:
+ added AFS
+ [da2ab3dd0348]
-1999-04-10 00:49 millert
+ * version.h:
+ ++
+ [452d4dfe25af]
- * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
- getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c,
- parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
- Function names should be flush with the start of the line so they
- can be found trivially in an editor and with grep
+1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-04-10 00:40 millert
+ * CHANGES, SUPPORTED:
+ updated
+ [e7dfe6f23a37]
- * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex,
- parse.yacc, sudo.c, testsudoers.c, tgetpass.c, visudo.c: free(3)
- is already void, no need to cast it
+ * logging.c:
+ can now have MAILER undefined
+ [1d33b98b35e1]
-1999-04-10 00:37 millert
+ * INSTALL:
+ new sub-note about MAILER
+ [d35c636a0574]
- * logging.c, sudo.c, sudo.h: catch case where cmnd_safe is not set
- (this should not be possible)
+ * sudo.man:
+ added blurb about password timeout
+ [70c2ee50de20]
-1999-04-10 00:10 millert
+ * configure.in:
+ convex c2 changes
+ [367138a6232e]
- * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h,
- testsudoers.c, visudo.c: Stash the "safe" path (ie: the one
- listed in sudoers) to the command instead of stashing the struct
- stat. Should be safer.
+ * aclocal.m4:
+ took out duplicate define of _CONVEX_SOURCE
+ [647182138450]
-1999-04-08 19:56 millert
+ * Makefile.in:
+ added OSDEFS
+ [7fdcd50602d1]
- * INSTALL, Makefile.in, UPGRADE: notes on updating from an earlier
- release
+ * config.h.in:
+ added spaces
+ [f2b8a05e48f3]
-1999-04-07 20:20 millert
+ * tgetpass.c:
+ added a goto if fgets fails
+ [68a6586d9c45]
- * CHANGES: updated
+ * sudo.h:
+ use __hpux not hpux convex c2 stuff
+ [5c377a8d5f34]
-1999-04-07 19:18 millert
+ * sudo.c:
+ use __hpux not hpux
+ [9363bc0f9f9e]
- * parse.yacc, sudo.tab.h, sudoers.cat, sudoers.html, sudoers.man,
- sudoers.pod: You can now specifiy a host list instead of just a
- host or alias. Ie: user = host1,host2,ALIAS,!host3 my_command
- now works.
+ * logging.c:
+ convex c2 stuff
+ [ea5630975ac4]
-1999-04-07 02:59 millert
+ * config.h.in:
+ define ansi-ish cpp os defines if non-ansi are defined for hpux &
+ convex
+ [664f53a5e786]
- * testsudoers.c: Quiet -Wall
+ * INSTALL:
+ updated to say we support sonvex C2
+ [5f2f8b87013e]
-1999-04-07 02:50 millert
+ * check.c:
+ added convex c2 support
+ [9a665d4918fa]
- * parse.yacc: Move the push from the beginning of cmndspec to the
- end. This means we no longer have to do a push at the end of
- privilege, just reset some values.
+1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-04-06 20:24 millert
+ * tgetpass.c:
+ no more ioctl never returns NULL uses fgets() and select() to
+ timeout
+ [b333e6d63e97]
- * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: runas-lists
- and NOPASSWD/PASSWD modifiers are now sticky and you can use "!"
- most everywhere
+1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-04-06 14:12 millert
+ * configure.in:
+ things were testing -n "$GCC" instead of -z "$GCC"
+ [059a9b15ede2]
- * sudoers.pod: modernize paths and update su example based on
- sample.sudoers one
+ * tgetpass.c:
+ now works + uses fgets()
+ [353d7ebcb7bb]
-1999-04-06 14:06 millert
+1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * sample.sudoers: New runas semantics
+ * tgetpass.c:
+ select doesn't seem to recognize a single '\n' as input waiting so
+ we can;t use it, sigh.
+ [f76e3218b835]
-1999-04-06 13:54 millert
+1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, Makefile.in, alloc.c, config.h.in, configure,
- configure.in, strdup.c, sudo.h: In estrdup(), do the malloc
- ourselves so we don't need to rely on the system strdup(3) which
- may or may not exist. There is now no need to provide strdup()
- for those w/o it. Also, the prototype for estrdup() was wrong,
- it returns char * and its param is const.
+ * PORTING:
+ updated tgetpass() blurb
+ [95baac736b49]
-1999-04-06 13:40 millert
+ * configure.in:
+ added --with-getpass
+ [42ac0bdf58ed]
- * getcwd.c: $Sudo tag
+ * Makefile.in:
+ added tgetpass stuff
+ [e2b38c635663]
-1999-04-06 13:20 millert
+ * tgetpass.c:
+ now uses stdio
+ [36af8ff66e35]
- * check.c: buf should be prompt; Michael Robokoff
- <mrobo@networkcs.com>
+ * version.h:
+ ++
+ [4e81c9db19bd]
-1999-04-06 01:40 millert
+1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, TODO, parse.yacc: It is now possible to use the '!'
- operator in a runas list as well as in a Cmnd_Alias, Host_Alias
- and User_Alias.
+ * PORTING:
+ updated ,.
+ [54f523770a05]
-1999-04-06 01:38 millert
+ * config.h.in:
+ added USE_GETPASS && HAVE_C2_SECURITY
+ [86b355cb2953]
- * logging.c, sudo.h: Kill GLOBAL_NO_SPW_ENT (not used) and crank
- GLOBAL_PROBLEM
+ * configure.in:
+ fixed a test aded --with-C2 and --with-tgetpass
+ [abf6181588ef]
-1999-04-06 01:08 millert
+ * check.c:
+ added hpux C2 shit
+ [20d4177ffa88]
- * sudo.h: Definitions of *_matched were wrong--user top, not top-2
- as subscript.
+ * Makefile.in:
+ took out tgetpass.*
+ [cc82fd9984b4]
-1999-04-06 01:00 millert
+ * INSTALL:
+ added C2 blurb
+ [1d2bfc35e4b6]
- * logging.c, parse.c, parse.yacc, sudo.c, sudo.h: Add
- VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
- command but the NOPASSWD flag was set. Make runasspec,
- runaslist, runasuser, and nopasswd typeless in parse.yacc Add
- support for '!' in the runas list Fix double printing of '%' and
- '+' for groups and netgroups respectively Add *_matched macros
- (no need for local stack variable). Should only be used directly
- after a pop (since top must be >= 2).
+1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-04-05 23:25 millert
+ * configure.in:
+ no termio(s) for ultrix since it is broken
+ [d3e82e835350]
- * aclocal.m4, configure.in: Add copyright, somewhat silly
+ * check.c:
+ added a space (yeah, anal)
+ [05e4b31ca68c]
-1999-04-05 16:57 millert
+ * realpath.c, sudo_realpath.c:
+ fixed it (duh, rtfm)
+ [f13097cb8cb6]
- * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c,
- check_sia.c, compat.h, config.h.in, configure, configure.in,
- dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
- pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c,
- sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat,
- sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c, visudo.cat, visudo.man, emul/utime.h: Crank version to
- 1.6 and combine copyright statements
+1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-04-05 16:30 millert
+ * config.h.in:
+ took out bsd signal stuff for irix
+ [e179cdafc97a]
- * sample.sudoers: Use ! not ^ to do negation
+ * visudo.c:
+ comments in #endif
+ [e3a629190f5e]
-1999-04-05 16:29 millert
+ * configure.in:
+ don't define BSD signals for irix
+ [3ce57bffb7f0]
- * lex.yy.c: regen
+ * TODO:
+ did some...
+ [274241cd0f74]
-1999-04-05 16:28 millert
+ * CHANGES:
+ updated
+ [8f29fc755faf]
- * parse.yacc, parse.lex: Make runas and NOPASSWD tags persistent
- across entris in a command list. Add a PASSWD tag to reverse
- NOPASSWD. When you override a runas or *PASSWD tag the value
- given becomes the new default for the rest of the command list.
+ * realpath.c, sudo_realpath.c:
+ took out unneeded code by changing where a strings was terminated
+ [b5564d62d30e]
-1999-04-02 16:03 millert
+1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, RUNSON: update for 1.5.9
+ * realpath.c, sudo_realpath.c:
+ fix bug where /dirname would return NULL
+ [b85f470daf26]
-1999-04-02 16:02 millert
+ * sudo.h:
+ move __P to config.h
+ [7763c0ff3f28]
- * visudo.c: Shift return value of system(3) by 8 to get real exit
- value and if it is not 1 or 0 print the retval along with the
- error message.
+ * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
+ added errno definition
+ [4cc9d2d9782a]
-1999-03-30 16:45 millert
+ * config.h.in:
+ added __P
+ [ca06f5aa58f3]
- * Makefile.in: testsudoers needs LIBOBJS too
+ * config.h.in:
+ added HAVE_FCHDIR
+ [206d714641e0]
-1999-03-30 12:17 millert
+ * strdup.c:
+ now include stdio
+ [0d8458da0e1d]
- * parse.c, parse.yacc: Fix another parser bug. For a sudoers entry
- like this: millert ALL=/bin/ls,(daemon) !/bin/ls sudo
- would not allow millert to run ls as root.
+ * realpath.c, sudo_realpath.c:
+ now works if no fchdir
+ [e035911b6722]
-1999-03-30 01:08 millert
+ * visudo.c:
+ define SA_RESETHAND to null if not defined
+ [afec03e84342]
- * CHANGES: new change
+ * configure.in:
+ added check & replace
+ [c1a65481441c]
-1999-03-30 01:03 millert
+ * configure.in:
+ took out -static for nextstep -- it doesn't work
+ [fa1a1a611743]
- * parse.yacc: Save entries that match a ! command on the matching
- stack too
+1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-03-30 01:01 millert
+ * logging.c:
+ moved #endif to where it belongs
+ [07d3a8972097]
- * sudo.c: Make sudo's usage info better when mutually exclusive
- args are given and don't rely on argument order to detect this;
- nick@zeta.org.au
+ * SUPPORTED:
+ correction
+ [0c1ecba3e5a3]
-1999-03-29 15:03 millert
+ * configure.in:
+ now checks for strdup realpath getcwd bzero
+ [f029a1917515]
- * CHANGES, Makefile.in, RUNSON: updates from CU
+ * config.h.in:
+ emulate bzero
+ [d792352e44a3]
-1999-03-28 23:38 millert
+ * visudo.c:
+ added posic signals
+ [2ed0005f90fc]
- * Makefile.in: use gzip
+ * tgetpass.c:
+ bzero cast
+ [6d91b1a1526f]
-1999-03-28 23:31 millert
+ * logging.c:
+ added posix signals
+ [67ede9c22a05]
- * parse.yacc: Fix off by one error introduced in *alloc changes
+ * configure.in:
+ removed BROKEN_GETPASS added new srcs toreplace missing functions
+ [cf44274bb1c8]
-1999-03-28 23:05 millert
+ * config.h.in:
+ added posix signal stuff
+ [a3c1c98fe8ef]
- * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
- check_sia.c, compat.h, config.h.in, configure, configure.in,
- dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
- pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c,
- sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat,
- sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod,
- emul/utime.h: ++version
-
-1999-03-28 21:59 millert
+ * Makefile.in:
+ added new srcs
+ [b6a079afee47]
- * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
- interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex,
- parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, utime.c, visudo.c: Use
- emalloc/erealloc/estrdup
+ * visudo.c:
+ updated useag
+ [589ed091c44f]
-1999-03-28 20:29 millert
+ * tgetpass.c:
+ now uses posix signals
+ [30f74964074f]
- * alloc.c: error checking memory allocation routines
+ * PORTING:
+ updated sto reflect major changes
+ [bcfc309e017b]
-1999-03-28 19:23 millert
+ * CHANGES, TODO:
+ updated
+ [23aacbd54278]
- * parse.yacc: Still not right, this fixes it for real
+ * tgetpass.c:
+ uses sysconf() if available
+ [a27431c90bab]
-1999-03-28 19:08 millert
+ * sudo.h:
+ added PASSWORD_TIMEOUT + prototypes for new functions
+ [d7473c2f77c4]
- * parse.yacc: Fix for previous commit
+ * realpath.c, sudo_realpath.c:
+ for those w/o this in libc
+ [1e47aa7a9d46]
-1999-03-28 19:05 millert
+ * getcwd.c, getwd.c:
+ Initial revision
+ [c90dea57a84f]
- * CHANGES, INSTALL, parse.yacc: Fix a parser bug that was exposed
- when mixing different runas specs and ! commands. For example:
- millert ALL=(daemon) /usr/bin/whoami,!/bin/ls would
- allow millert to run whoami as root as well as daemon when it
- should just allow daemon. The problem was that comma-separated
- commands in a list shared the same entry on the matching stack.
- Now they get their own entry iff there is a full match. It may
- be better to just make the runas spec persistent across all
- commands in a list like the user and host entries of the matching
- stack. However, since that is a fairly major change it should
- gets its own minor rev increase.
+ * find_path.c:
+ rewrote to use realpath(3) - nis now all my code
+ [d2c3bb8fb37d]
-1999-03-28 13:50 millert
+ * config.h.in:
+ added HAVE_REALPATH
+ [02c10352a8c7]
- * check.c, config.h.in: Simplify PAM code and fix a PAM-related
- warning on Linux
+ * check.c:
+ now use tgetpass
+ [b5c021fc179f]
-1999-03-26 13:17 millert
+ * Makefile.in:
+ added LIBOBJS use tgetpass.c
+ [230a7b3eeaa3]
- * CHANGES: updates
+1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-03-26 13:12 millert
+ * tgetpass.c:
+ works now :-)
+ [025e7a3875ba]
- * sample.sudoers: better su entry
+ * tgetpass.c:
+ Initial revision
+ [3316ab33b230]
-1999-03-26 13:10 millert
+ * pathnames.h.in:
+ added /dev/tty
+ [29242585e53f]
- * configure: regen
+1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-03-26 13:09 millert
+ * version.h:
+ incremented
+ [f2e54b48280f]
- * check.c, configure.in: new pam code that works on solaris, should
- work on linux too; aelberg@home.com
+ * sudo.c:
+ always use getcwd
+ [c6068e8a4029]
-1999-03-19 14:44 millert
+ * config.h.in:
+ added check for getwd
+ [ab1e102ad673]
- * RUNSON: more entries
+ * configure.in:
+ replace strdup & realpath & getcwd if missing
+ [b0eb14f2a1c3]
-1999-03-19 14:43 millert
+ * pathnames.h.in:
+ added _PATH_PWD
+ [309d2388f69a]
- * config.h.in: only include strings.h if there is no string.h
+ * aclocal.m4:
+ added SUDO_PROG_PWD
+ [e16e85deb96c]
-1999-03-17 15:25 millert
+ * strdup.c:
+ Initial revision
+ [810efdc15007]
- * config.guess: Sinix is now being called ReliantUNIX;
- bjjackso@us.oracle.com
+ * realpath.c, sudo_realpath.c:
+ Initial revision
+ [d85eee438e09]
-1999-03-13 13:37 millert
+1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: shost must be set before log functions are called #ifdef
- HOST_IN_LOG
+ * configure.in:
+ quoted quare brackets
+ [d0e7ca111d98]
-1999-03-07 18:34 millert
+1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, lex.yy.c, parse.lex: Fix a bug wrt quoting characters in
- command args. Stop processing an arg when you hit a backslash so
- the quoted-character detection can catch it.
+ * sudo.c:
+ no need to strdup() a constant
+ [a8c44712df9a]
-1999-02-26 01:19 millert
+ * CHANGES:
+ updated
+ [71364129cca0]
- * interfaces.c: include sys/time.h; aparently AIX needs it.
- ppz@cdu.elektra.ru
+ * sudo.man:
+ added validate
+ [0bb198095a26]
-1999-02-23 19:43 millert
+ * sudo.c:
+ added -v to usage
+ [31ea71f11dbb]
- * configure, configure.in: add missing case statement so
- --without-sendmail works
+ * parse.c, sudo.c, sudo.h:
+ added validate_only stuff
+ [9bcd853d3c90]
-1999-02-22 21:51 millert
+1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: more
+ * configure.in:
+ now finds sed
+ [6374bb0d3f28]
-1999-02-22 15:10 millert
+ * aclocal.m4:
+ $OSREV is now an int
+ [ace0666d66cf]
- * configure, configure.in: only search for -lsun in irix <= 4.x
+1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-02-22 15:01 millert
+ * configure.in:
+ added mtxinu to caser
+ [73a776887b16]
- * configure, configure.in: back out last configure.in change now
- that I've hacked autoconf to fix the real problem and add a
- missing newline
+ * sudo.h:
+ added EXEC macro
+ [2e8eb28b710a]
-1999-02-22 14:32 millert
+ * sudo.c:
+ now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
+ [56afb4f658d5]
- * CHANGES: updated
+ * logging.c:
+ changed mail_argv[] def now use EXEC() macro
+ [ddcabd28edb1]
-1999-02-22 14:05 millert
+ * check.c:
+ took out crypt() definition
+ [0e657724cf5f]
- * getcwd.c: add def of dirfd() for those without it
+ * version.h:
+ upped the version
+ [62c5d66119fc]
-1999-02-22 10:58 millert
+ * configure.in:
+ always look for -lnsl
+ [d7b594f0313b]
- * configure.in, configure: When falling back to checking for
- socket() when linking with "-lsocket -lnsl" check for main()
- instead since autoconf has already cached the results of checking
- for socket() in -lsocket. This is really an autoconf bug as it
- should use the extra libs as part of the cache variable name.
+ * aclocal.m4:
+ added an echo
+ [1caae3491dc5]
-1999-02-22 10:47 millert
+ * sudo.h:
+ SHORT_MESSAGE is now the default
+ [cfce35c3119a]
- * configure.in: typo
+ * config.h.in:
+ fixed typo
+ [6499a564bf75]
-1999-02-21 15:18 millert
+ * configure.in:
+ added missing AC_DEFINE(SVR4) for solaris
+ [feef0b17b94f]
- * configure.in: fix occurrence of $with_timeout that should be
- $with_password_timeout;
- Michael.Neef@neuroinformatik.ruhr-uni-bochum.de
+ * sudo.man:
+ documented the -v flag
+ [a6429f2bc2cf]
-1999-02-17 11:40 millert
+ * SUPPORTED:
+ updated
+ [088886e79540]
- * sudo.cat, sudo.html, sudo.man, sudo.pod: fix grammar;
- espie@openbsd.org
+ * check.c:
+ proto-ized crypt()
+ [801e4ff5b121]
-1999-02-11 01:41 millert
+ * config.h.in:
+ added LIBSHADOW undef
+ [8df588e9ee2b]
- * parse.yacc, sudo.c, testsudoers.c: add cast for strdup in places
- it does not have it
+ * configure.in:
+ nwo set OS to be lowercase
+ [561ebed833e4]
-1999-02-09 13:11 millert
+1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: define for_BSD_TYPES irix
+ * configure.in:
+ now use SUDO_OSTYPE to set $OS
+ [0e60aee23098]
-1999-02-06 19:47 millert
+ * aclocal.m4:
+ now use uname to determine os
+ [99705e58d400]
- * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod: Make it
- clear that it is the user's password, not root's, that we want.
+ * visudo.c:
+ added prototypes & moved sig handler around
+ [1f0bc8d23b51]
-1999-02-06 19:43 millert
+ * sudo.h:
+ added prototyppes
+ [be3935a2b163]
- * check.c, sudo.h: If the user enters an empty password and really
- has no password, accept the empty password they entered.
- Perviously, they could enter anything *but* an empty password.
- Also, add GETPASS macro that calls either tgetpass() or getpass()
- depending on how sudo was configured. Problem noted by
- jdg@maths.qmw.ac.uk
+ * check.c, logging.c, sudo.c:
+ added prototypes
+ [2079b4605ab8]
-1999-02-02 23:32 millert
+ * parse.c:
+ added comment
+ [a34d147d8399]
- * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
- putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
- testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c,
- emul/utime.h: add explicate copyright
+ * config.h.in:
+ nwo use _BSD_SIGNALS not _BSD_COMPAT
+ [63663195f047]
-1999-02-02 23:16 millert
+ * aixcrypt.exp:
+ Initial revision
+ [890aed08357e]
- * CHANGES: mention -lsocket, -lnsl configure changes
+ * Makefile.in:
+ added aixcrypt.exp
+ [1005a183105f]
-1999-02-02 17:54 millert
+ * parse.lex, parse.yacc:
+ moved config.h to top of includes
+ [9569c49aa5f3]
- * sudo.c: Don't clobber errno after calling check_sudoers().
+1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-01-31 19:46 millert
+ * find_path.c:
+ now don't bitch if get EACCESS (treat like EPERM)
+ [dbeffb638de4]
- * configure.in, configure: When linking with both -lsocket and
- -lnsl be sure to do so in that order. Also, when we can't find
- socket() or inet_addr() and have to try linking with both libs,
- issue a warning.
+ * visudo.c:
+ added -v flag and usage()
+ [4d44ed60ed75]
-1999-01-31 19:45 millert
+ * version.h:
+ fixed a typo
+ [cf3f9347ae41]
- * sudo.cat, sudo.man, sudo.pod: clarify bad timestamp and fmt
+ * sudo.c:
+ cast Argv to a const for exec added -v flag
+ [d11b6efc0e45]
-1999-01-23 12:18 millert
+ * logging.c:
+ mail_argv is now a const
+ [93bb5d90bb6f]
- * INSTALL, RUNSON: be clear that pam is linux-only and add a RUNSON
- entry
+ * configure.in:
+ only set RETSIGTYPE if it is not set already
+ [c97aac260b77]
-1999-01-22 13:13 millert
+ * aclocal.m4:
+ now defines & STDC_HEADERS for Irix
+ [9c2b24ad1fc5]
- * configure, CHANGES, INSTALL, configure.in: fix and correctly
- document --with-umask; problem noted by adap@adap.org
+ * Makefile.in:
+ added version.h
+ [9f79e880229a]
-1999-01-19 20:38 millert
+ * insults.h, sudo.h:
+ prevent multiple inclusion
+ [d68c8a9243ce]
- * configure.in, configure: only use /usr/{man,catman}/local to
- store man pages if suer didn't override prefix or mandir
+ * version.h:
+ Initial revision
+ [dbb39c5ef8d9]
-1999-01-19 20:24 millert
+ * parse.lex, parse.yacc:
+ now includes config.h
+ [f117e036a56b]
- * configure, INSTALL, configure.in: fix typo, make --with-SecurID
- take an arg
+ * aclocal.m4:
+ now talks about sunos 4.x
+ [c9054aa92d4e]
-1999-01-18 21:53 millert
+ * visudo.c:
+ calls to Exit now pass an arg
+ [a92104670551]
- * RUNSON: updates from users
+1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-01-18 21:04 millert
+ * visudo.c:
+ signal handler now takes an int argument
+ [26f480c41523]
- * CHANGES, INSTALL, check.c, configure, configure.in: FWTK
- 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
+ * CHANGES:
+ updated
+ [8c166a9d796b]
-1999-01-18 20:00 millert
+ * sudo.c:
+ ok, the getcwd() is now *really* done as the user
+ [ab86cf85134a]
- * configure, configure.in: better fix for the problem of unresolved
- symbols in -lnsl or -lsocket
+ * configure.in:
+ changed AIX STATIC_FLAGS
+ [b9c0a3ba5663]
-1999-01-18 19:39 millert
+ * aclocal.m4:
+ solaris now defines SVR4
+ [c3e20cac96f5]
- * configure, configure.in: when checking for functions in -lnsl and
- -lsocket link with both of them to avoid unresolved symbols on
- some weirdo systems
+ * sudo.h:
+ added cwd and fixed stupid core dump that makes no sense. sigh.
+ [7a9755436dbb]
-1999-01-17 20:49 millert
+ * sudo.c:
+ moved getcwd stuff into load_globals
+ [ec2bc90df1f3]
- * BUGS, CHANGES, RUNSON, TODO: old changes that didn't make it into
- RCS before the RCS->CVS switch
+ * parse.c:
+ took out externs that are in suod.h
+ [93c4b3f856d7]
-1999-01-17 18:16 millert
+ * logging.c:
+ moved cwd into load_globals
+ [050de754d228]
- * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
- configure.in, dce_pwent.c, find_path.c, getspwuid.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, lex.yy.c, logging.c, lsearch.c, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c,
- sudo.c, sudo.pod, sudo_setenv.c, sudoers.pod, testsudoers.c,
- tgetpass.c, utime.c, visudo.c, visudo.pod, emul/search.h,
- emul/utime.h: add sudo tags
+ * find_path.c:
+ moved cwd stuff
+ [22f3f3b4c34d]
-1999-01-17 17:53 millert
+ * Makefile.in:
+ fixed make distclean & realclean
+ [c9964d89bcef]
- * version.h, sudo.h: testing Sudo tag
+ * TODO:
+ updated .,
+ [e513581ef0e3]
-1999-01-17 17:40 millert
+ * CHANGES:
+ added solaris changes
+ [505d930daf27]
- * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c,
- compat.h, config.h.in, configure, configure.in, dce_pwent.c,
- find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
- ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
- logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
- putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
- sudo.man, sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c,
- tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, visudo.man,
- emul/utime.h: crank version and regen files
+ * aclocal.m4:
+ added solaris changes, need to rework
+ [33f20fb16c49]
-1999-01-17 17:27 millert
+ * configure.in:
+ cleaned up for solaris
+ [2fb8cfa05d0f]
- * Makefile.in: kill rcs goop in update_version and fix now that
- version is a const
+ * logging.c:
+ reinstall reapchild signal handler for non-bsd signals
+ [3d1dc545113d]
-1999-01-17 17:08 millert
+ * sudo.h:
+ took out getdtablesize() emulation for HP-UX (no longer needed)
+ [1fc83d170f34]
- * INSTALL, check.c, config.h.in, configure, configure.in,
- logging.c, sudo.c, sudo.h, sudo.pod: kerb5 support from
- fcusack@iconnet.net
+ * sudo.c:
+ support for HAVE_SYSCONF
+ [50ca2a7a224a]
-1999-01-17 16:45 millert
+ * visudo.c:
+ added <fcntl.h> for solaris & reorg'd the includes + minor prettying
+ up /
+ [0a570e826dd4]
- * realpath.c, sudo_realpath.c: we no longer use realpath
+ * config.h.in:
+ added HAVE_SYSCONF
+ [2b9a9f3a4e94]
-1999-01-17 16:44 millert
+1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * qualify.c: replaced by find_path.c
+ * configure.in:
+ now tells you what os you are running /.
+ [06c6332a895b]
-1999-01-17 16:43 millert
+ * aclocal.m4:
+ took out extra ','
+ [e8c75ce59f4a]
- * options.h: all options are now configure flags
+1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-01-17 16:42 millert
+ * config.h.in:
+ added _BSD_COMPAT
+ [73c5099806c2]
- * lex.yy.c: regen
+ * aclocal.m4:
+ fixed for irix5
+ [1047d1f6c0eb]
-1999-01-17 16:41 millert
+ * CHANGES:
+ updated
+ [1bc4969fee96]
- * getwd.c: superceded by getcwd.c
+ * sudo.c:
+ uid seinitialized to -2
+ [8d7812b1878b]
-1999-01-17 16:36 millert
+1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * getpass.c: superceded by tgetpass.c
+ * sudo.c:
+ now removes LIBPATH for AIX
+ [075392eb1dd9]
-1999-01-17 16:36 millert
+1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * SUPPORTED: superceded by RUNSON
+ * configure.in:
+ now uses ufc if it finds it
+ [ab6ce30a5958]
-1999-01-17 16:33 millert
+1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * OPTIONS: No longer used now that we have configure options for
- everything.
+ * sudo.h:
+ no longer define yyval & yylval since yacc does it
+ [09d250aea50a]
-1999-01-17 16:32 millert
+ * parse.lex:
+ now defines yylval as extenr
+ [8ec2b88952bc]
- * configure: regen based on configure.in
+ * configure.in:
+ BROKEN_GETPASS is now an OPTION
+ [3714f4bb8312]
-1999-01-17 16:31 millert
+ * config.h.in:
+ took out BROKEN_GETPASS
+ [9c4f6aa50137]
- * sudo.man, sudoers.man, visudo.man, sudo.cat, sudo.html,
- sudoers.cat, visudo.cat, sudoers.html, visudo.html: regen based
- on sudo.pod, sudoers.pod, and visudo.pod
+ * Makefile.in:
+ took out big comment
+ [4c13cff0e556]
-1998-12-11 12:16 millert
+ * README:
+ updated
+ [b8b9902b620d]
- * check.c: fix tty tickets in remove_timestamp (didn't use ':')
+ * Makefile.in:
+ took out README.beta
+ [ed2cd861e82b]
-1998-12-07 16:16 millert
+ * SUPPORTED:
+ Initial revision
+ [2fffc51e6606]
- * interfaces.c: close sock when we are done with it
+ * INSTALL:
+ now reference SUPPORTED .,
+ [d112c30be1f2]
-1998-11-27 19:37 millert
+ * config.h.in:
+ now check for convex OR __convex__
+ [a0e5701a3069]
- * parse.yacc: never say "error on line -1"
+ * aclocal.m4:
+ now check for convex or __convex__
+ [5dae2bfbe3bc]
-1998-11-23 23:38 millert
+ * Makefile.in:
+ added dist target
+ [400a54de57db]
- * configure.in: check for -lnsl before -lsocket
+ * aclocal.m4:
+ use __convex__
+ [58a19470ed0b]
-1998-11-23 23:29 millert
+ * find_path.c:
+ now use _S_* stat stuff to be ansi-like
+ [28cce560e048]
- * configure.in: quote '[', ']' used in ranges correctly
+ * INSTALL:
+ updated for configure directions
+ [a034ccc7c30a]
-1998-11-21 17:54 millert
+ * Makefile.in:
+ distclean now removes config.h and pathnames.h
+ [300f2349b4ab]
- * config.h.in: add missing NO_ROOT_SUDO noted by drno@tsd.edu
+ * CHANGES:
+ updated
+ [646f7e9430c1]
-1998-11-20 18:33 millert
+ * TODO:
+ fixed typoe
+ [70fd6361b2bc]
- * version.h: 1.5.7
+ * visudo.c:
+ updated version
+ [cf13d87d789f]
-1998-11-20 18:33 millert
+ * Makefile.in:
+ updated version
+ [8c5dacc27a7a]
- * INSTALL: more info for 1.5.7
+ * config.h.in, pathnames.h.in:
+ added copyright header
+ [747ce3d3d6b7]
-1998-11-20 18:30 millert
+ * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
+ parse.yacc, sudo.c, sudo.h:
+ udpated version
+ [4751c39bad18]
- * README: update for 1.5.7
+ * visudo.c:
+ udpated to use configure + pathnames.h
+ [d45dff76a1cd]
-1998-11-20 14:26 millert
+ * aclocal.m4:
+ updated
+ [f05a367a55be]
- * parse.yacc: make increases of cm_list_size and ga_list_size be
- similar to increases of stacksize (ie: >= not > in initial
- compare).
+ * Makefile.in, config.h.in, configure.in:
+ updated
+ [524778598879]
-1998-11-20 14:22 millert
-
- * parse.yacc: when we get a syntax error, report it for the
- previous line since that's generally where the error occurred.
-
-1998-11-18 15:31 millert
-
- * config.h.in, configure.in, interfaces.c: add back check for
- sys/sockio.h but only use it if SIOCGIFCONF is not defined
-
-1998-11-18 15:25 millert
-
- * config.h.in: define BSD_COMP for svr4
-
-1998-11-17 23:16 millert
-
- * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
- goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c,
- parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: more
- -Wall
-
-1998-11-17 23:10 millert
-
- * configure.in: kill check for sockio,h
-
-1998-11-17 23:10 millert
-
- * config.h.in: no more HAVE_SYS_SOCKIO_H
-
-1998-11-17 22:51 millert
-
- * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
- goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c,
- parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
- -Wall
-
-1998-11-16 17:38 millert
-
- * sudo.c: add missing inform_user()
-
-1998-11-13 19:21 millert
-
- * find_path.c: return NOT_FOUND if given fully qualified path and
- it does not exist previously it would perror(ENOENT) which
- bypasses the option to not leak path info
-
-1998-11-13 19:20 millert
-
- * configure.in: for kerb5, check for -lkerb4, fall back on -lkrb
- for kerb, check for -ldes
-
-1998-11-13 14:19 millert
-
- * INSTALL: tty tickets are user:tty now
-
-1998-11-13 14:10 millert
-
- * check.c: when using tty tickets make it user:tty not user.tty as
- a username could have a '.' in it
-
-1998-11-09 19:15 millert
-
- * sudo.c: add "ignoring foo found in ." for auth successful case
-
-1998-11-09 17:57 millert
-
- * sudo.c: add missing printf param
-
-1998-11-08 15:56 millert
-
- * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
- go back to printing "command not found" unless
- --disable-path-info specified. Also, tell user when we ignore
- '.' in their path and it would have been used but for
- --with-ignore-dot.
-
-1998-11-08 13:51 millert
-
- * check.c, sudo.c: Only one space after a colon, not two, in
- printf's
-
-1998-11-05 12:59 millert
-
- * sudo.pod: document setting $USER
-
-1998-11-04 22:24 millert
-
- * check.c: fix bugs with prompt expansion
-
-1998-11-04 21:21 millert
-
- * sudo.c: set $USER for root too
-
-1998-11-04 17:13 millert
-
- * getspwuid.c: typo
-
-1998-11-04 17:07 millert
-
- * configure.in: HP-UX's iscomsec is in -lsec, not libc
-
-1998-11-03 22:24 millert
-
- * configure.in: remove some entries in the OS case statement that
- did nothing
-
-1998-11-03 22:19 millert
-
- * TROUBLESHOOTING: add "cd" section and flush out syslog section
-
-1998-11-03 20:51 millert
-
- * Makefile.in: no more sudo-lex.yy.c
-
-1998-11-03 20:50 millert
-
- * check_sia.c: add custom prompt support
-
-1998-11-03 20:40 millert
-
- * sudo.c: kill perror("malloc") since we already have a good error
- messages pw_ent -> pw for brevity set $USER if -u specified
-
-1998-11-03 20:39 millert
-
- * parse.c: kill perror("malloc") since we already have a good error
- messages pw_ent -> pw for brevity when checking if %group
- matches, look up user in password file so that %groups works in a
- RunAs spec.
-
-1998-11-03 20:39 millert
-
- * logging.c, parse.yacc: kill perror("malloc") since we already
- have a good error messages
-
-1998-11-03 20:38 millert
-
- * check.c, getspwuid.c, interfaces.c, testsudoers.c: kill
- perror("malloc") since we already have a good error messages
- pw_ent -> pw for brevity
-
-1998-11-03 15:03 millert
-
- * tgetpass.c: the prompt is expanded before tgetpass is called
-
-1998-11-03 15:03 millert
-
- * sudo.h: tgetpass now has the same args as getpass again
-
-1998-11-03 15:02 millert
-
- * getspwuid.c: add iscomsec, issecure support
-
-1998-11-03 15:02 millert
-
- * check.c: we now expand any %h or %u in the prompt before passing
- to tgetpass
-
-1998-11-03 14:58 millert
-
- * configure.in: add check for syslog(3) in -lsocket, -lnsl, -linet
-
-1998-11-03 14:56 millert
-
- * config.h.in: add HAVE_ISCOMSEC and HAVE_ISSECURE
-
-1998-11-03 14:55 millert
-
- * configure.in: add check for iscomsec in HP-UX
-
-1998-11-03 14:51 millert
-
- * configure.in: check for issecure if we have getpwanam on SunOS
- some options are incompatible with DUNIX SIA check for dispcrypt
- on DUNIX
-
-1998-10-25 15:21 millert
-
- * config.h.in: add HAVE_DISPCRYPT
-
-1998-10-25 15:21 millert
-
- * secureware.c: add back support for non-dispcrypt based checking
- for older DUNIX
-
-1998-10-25 00:51 millert
-
- * INSTALL: sia changes
-
-1998-10-25 00:48 millert
-
- * configure.in: SIA becomes the default on Digital UNIX now havbe
- --disable-sia to turn it off...
-
-1998-10-24 23:52 millert
-
- * check.c: move local includes after system ones
-
-1998-10-24 19:28 millert
-
- * check.c, check_sia.c, sudo.h: add pass_warn() which prints out
- INCORRECT_PASSWORD or an insult to stderr
-
-1998-10-24 19:07 millert
-
- * check_sia.c: fix while loop in sia_attempt_auth() that checks the
- password. Only the first iteration was working.
-
-1998-10-21 21:00 millert
-
- * aclocal.m4: don't trust UID_MAX or MAXUID
-
-1998-10-21 20:35 millert
-
- * configure.in: fix two pastos
-
-1998-10-21 20:30 millert
-
- * configure.in: fix typo
-
-1998-10-21 20:19 millert
-
- * getspwuid.c, secureware.c: init crypt_type to INT_MAX since it is
- legal to be negative in DUNX 5.0
-
-1998-10-21 20:15 millert
-
- * configure.in: for secureware on dunix, use -lsecurity -ldb -laud
- -lm but check for -ldb since DUNX < 4.0 lacks it
-
-1998-10-21 19:50 millert
-
- * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
- secureware.c, sudo.c, tgetpass.c: getprpwuid is broken in HP-UX
- 10.20 at least (it sleeps for 2 minutes if the shadow files don't
- exist).
-
-1998-10-20 17:22 millert
-
- * INSTALL: updated --with-editor blurb
-
-1998-10-20 17:21 millert
-
- * TROUBLESHOOTING: tell how to put sudoers in a different dir
-
-1998-10-20 16:22 millert
-
- * configure.in: add missing quotes around $with_editor
-
-1998-10-20 14:00 millert
-
- * configure.in: typo in --with-editor bits
-
-1998-10-20 01:24 millert
-
- * INSTALL: I don't expect it to work on Solaris
-
-1998-10-20 01:24 millert
-
- * check.c: add back security/pam_misc.h
-
-1998-10-19 17:13 millert
-
- * INSTALL: remove dunix note since configure checks for this now
-
-1998-10-19 16:30 millert
-
- * configure.in: add check for broken dunix prot.h (4.0 < 4.0D is
- bad)
-
-1998-10-19 14:32 millert
-
- * getspwuid.c, secureware.c, tgetpass.c: new dunix shadow code, use
- dispcrypt(3)
-
-1998-10-19 14:32 millert
-
- * config.h.in: add HAVE_INITPRIVS
-
-1998-10-19 14:31 millert
-
- * sudo.c: call initprivs() if we have it for getprpwuid later on
-
-1998-10-19 14:30 millert
-
- * Makefile.in: clean pathnames.h too
-
-1998-10-19 14:28 millert
-
- * configure.in: quote "Sorry, try again." with [] since it has a
- comma in it set LIBS when we add stuff to SUDO_LIBS set
- SECUREWARE when we find getprpwuid() so we can check for
- bigcrypt, set_auth_parameters, and initprivs later.
-
-1998-10-19 13:48 millert
-
- * INSTALL: update Digital UNIX note about acl.h
-
-1998-10-18 20:26 millert
-
- * INSTALL: add --with-sia --without-root-sudo ->
- --disable-root-sudo some reordering
-
-1998-10-18 20:22 millert
-
- * secureware.c: add whitespace
-
-1998-10-18 20:22 millert
-
- * Makefile.in, check.c, config.h.in, configure.in, logging.c,
- sudo.h: add SIA support
-
-1998-10-18 20:21 millert
-
- * check_sia.c: Initial revision
-
-1998-10-18 19:42 millert
-
- * configure.in: when checking for -lsocket, -lnsl, and -linet,
- check for the specific functions we need from them.
-
-1998-10-18 19:10 millert
-
- * config.h.in, sudo.h: move Syslog_* defs into sudo.h
-
-1998-10-18 18:15 millert
-
- * sudo.h, Makefile.in: added check_secureware
-
-1998-10-18 18:12 millert
-
- * configure.in: finished adding AC_MSG_CHECKING and AC_MSG_RESULT
- bits
-
-1998-10-18 18:00 millert
-
- * insults.h: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no
- other sets defined. configure now does that for us
-
-1998-10-18 17:45 millert
-
- * configure.in: move some --with options around change a bunch of
- echo's to AC_MSG_CHECKING, AC_MSG_RESULT pairs
-
-1998-10-18 01:09 millert
-
- * configure.in: change $with_foo-bar -> $with_foo_bar kill extra "
- that caused a syntax error add some echo verbage
-
-1998-10-17 18:08 millert
-
- * check.c: moved SecureWare stuff into secureware.c
-
-1998-10-17 18:07 millert
-
- * secureware.c: Initial revision
-
-1998-10-17 17:02 millert
-
- * INSTALL: update url to solaris gcc bins
-
-1998-10-17 16:39 millert
-
- * INSTALL: change option formatter and flesh out someentries
-
-1998-10-17 16:18 millert
-
- * sudo.pod, visudo.pod, TROUBLESHOOTING: environmental variable ->
- environment variable
-
-1998-10-17 16:01 millert
-
- * BUGS: everything is now done via configure
-
-1998-10-17 16:00 millert
-
- * README: prev rev was 1.5.6
-
-1998-10-17 00:33 millert
-
- * Makefile.in: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID
- correctly
-
-1998-10-17 00:32 millert
-
- * config.h.in: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from
- the Makefile
-
-1998-10-17 00:31 millert
-
- * Makefile.in: merge OSDEFS and OPTIONS into DEFS get sudoers_uid,
- sudoers_gid, sudoers_mode from configure
-
-1998-10-17 00:30 millert
-
- * configure.in: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get
- substituted into the Makefile, not config.h
-
-1998-10-17 00:30 millert
-
- * INSTALL: document all --with/--enable options
-
-1998-10-15 02:25 millert
-
- * insults.h: options.h is no more
-
-1998-10-15 02:25 millert
-
- * config.h.in: assimilated options.h
-
-1998-10-15 02:24 millert
-
- * configure.in: moved options from options.h to configure
-
-1998-10-15 01:41 millert
-
- * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
- logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
- sudo_setenv.c, visudo.c: no more options.h
-
-1998-10-15 01:39 millert
-
- * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING: remove references
- to options.h
-
-1998-10-15 01:32 millert
-
- * interfaces.c, dce_pwent.c, sudo.c: kill sys/time.h
-
-1998-10-15 00:10 millert
-
- * tgetpass.c: if select return < -1 still prompt for pw
-
-1998-10-15 00:03 millert
-
- * options.h: convert LOGGING, LOGFAC, MAXLOGFILELEN,
- IGNORE_DOT_PATH into configure options
-
-1998-10-14 23:57 millert
-
- * parse.c: FAST_MATCH is no longer an optino
-
-1998-10-14 23:52 millert
-
- * check.c: remove_timestamp() if timestamp is preposterous
-
-1998-10-14 23:36 millert
-
- * options.h: convert more options to --with/--enable
-
-1998-10-14 23:36 millert
-
- * INSTALL, aclocal.m4: logfile -> logpath
-
-1998-10-14 23:31 millert
-
- * configure.in: convert more options into --with and --enable
-
-1998-10-14 23:28 millert
-
- * tgetpass.c: catch EINTR in select and restart
-
-1998-10-14 23:15 millert
-
- * logging.c: sys/errno -> errno
-
-1998-09-24 11:40 millert
-
- * sudo.c: UMASK -> SUDO_UMASK.
-
-1998-09-24 11:36 millert
-
- * check.c, logging.c: time.h, not sys/time.h
-
-1998-09-21 19:52 millert
-
- * logging.c: MAILER -> _PATH_SENDMAIL
-
-1998-09-21 00:06 millert
-
- * INSTALL, configure.in: no more --with-C2, now it is
- --disable-shadow
-
-1998-09-21 00:00 millert
-
- * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
- getspwuid.c, sudo.c, tgetpass.c: new shadow password scheme.
- Always include shadow support if the platform supports it and the
- user did not disable it via configure
-
-1998-09-20 19:48 millert
-
- * configure.in: --with-getpass -> --{enable,disable}-tgetpass
-
-1998-09-20 19:16 millert
-
- * Makefile.in: pathnames.h -> pathnames.h.in
-
-1998-09-20 19:14 millert
-
- * check.c: fix version string
-
-1998-09-20 19:12 millert
-
- * check.c: move pam_conv to be static to auth function remove
- pam_misc.h (solaris doesn't have one)
-
-1998-09-20 19:10 millert
-
- * aclocal.m4: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill
- SUDO_PROG_PWD
-
-1998-09-20 19:10 millert
-
- * configure.in: munge pathnames.h.in -> pathnames.h kill
- SUDO_PROG_PWD
-
-1998-09-20 19:10 millert
-
- * pathnames.h.in: convert to pathnames.h.in
-
-1998-09-18 20:20 millert
-
- * configure.in: fix typo in sysv4 matching case /.
-
-1998-09-18 01:29 millert
-
- * check.c: pam stuff needs to run as root, not user, for shadow
- passwords
-
-1998-09-17 12:26 millert
-
- * Makefile.in, emul/utime.h, check.c, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- logging.c, options.h, parse.c, parse.lex, parse.yacc,
- pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c,
- BUGS, INSTALL, README, configure.in: updated version
-
-1998-09-17 12:13 millert
-
- * check.c: user version.h for long message
-
-1998-09-17 11:53 millert
-
- * check.c: this is version 1.5.6
-
-1998-09-16 13:42 millert
-
- * Makefile.in: remove errant backslash
-
-1998-09-14 22:25 millert
-
- * options.h, parse.yacc, pathnames.h.in: fix version string
-
-1998-09-14 22:02 millert
-
- * BUGS, CHANGES, TODO: updtaed for 1.5.6
-
-1998-09-14 22:02 millert
-
- * RUNSON: updated for 1.5.6
-
-1998-09-14 11:48 millert
-
- * interfaces.c: kill unused localhost_mask var copy if name to
- ifr_tmp after we zero it
-
-1998-09-13 15:50 millert
-
- * INSTALL: Better description of new vs. old sudoers modes fix some
- typos better description of /usr/ucb/cc gotchas on slowaris
-
-1998-09-13 15:49 millert
-
- * Makefile.in: add sample.pam
-
-1998-09-13 15:32 millert
-
- * sudo.c: set NewArgv[0] to user_shell, not basename(user_shell)
-
-1998-09-12 11:10 millert
-
- * README: mention TROUBLESHOOTING more fix some typos
-
-1998-09-11 20:30 millert
-
- * configure.in: move --enable/--disable to be after --with
-
-1998-09-11 20:30 millert
-
- * INSTALL: document --enable/--disable
-
-1998-09-11 20:26 millert
-
- * INSTALL: document --with-pam
-
-1998-09-11 19:47 millert
-
- * configure.in: Add message for pam users
-
-1998-09-11 19:27 millert
-
- * sample.pam: Initial revision
-
-1998-09-11 19:23 millert
-
- * config.h.in: fix HAVE_PAM
-
-1998-09-11 19:19 millert
-
- * check.c, config.h.in, configure.in: pam support, from Gary Calvin
- <GCalvin@kenwoodusa.com>
-
-1998-09-10 18:51 millert
-
- * config.h.in: add HOST_IN_LOG and WRAP_LOG
-
-1998-09-10 18:51 millert
-
- * logging.c: add WRAP_LOG and HOST_IN_LOG
-
-1998-09-10 18:37 millert
-
- * configure.in: add --enable-log-host and --enable-log-wrap
-
-1998-09-10 18:32 millert
-
- * aclocal.m4: use AC_DEFINE_UNQUOTED for --with-logfile and
- --with-timedir
-
-1998-09-08 20:45 millert
-
- * compat.h: add howmany macro
-
-1998-09-08 20:43 millert
-
- * tgetpass.c: include sys/param.h to get howmany macro
-
-1998-09-07 20:42 millert
-
- * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
- add RUNAS_DEFAULT
-
-1998-09-07 12:51 millert
-
- * fnmatch.c: bring in stdio.h for NULL
-
-1998-09-07 12:50 millert
-
- * aclocal.m4: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
-
-1998-09-07 12:43 millert
-
- * sudo.c: use HAVE_SET_AUTH_PARAMETERS
-
-1998-09-07 12:42 millert
-
- * config.h.in: add HAVE_SET_AUTH_PARAMETERS
-
-1998-09-07 12:41 millert
-
- * configure.in: add *-*-hiuxmpp* add test for set_auth_parameters()
- if secureware
-
-1998-09-07 12:39 millert
-
- * config.sub: add support for HI-UX/MPP SR220001 02-03 0 SR2201
-
-1998-09-07 12:06 millert
-
- * interfaces.c: initialize previfname
-
-1998-09-07 11:51 millert
-
- * interfaces.c: Don't use SIOCGIFADDR, we don't need it Use
- SIOCGIFFLAGS if we have it check ifr_flags against IFF_UP and
- IFF_LOOPBACK instead of kludging it
-
-1998-09-07 11:49 millert
-
- * configure.in: typo
-
-1998-09-07 00:01 millert
-
- * Makefile.in: don't need special build line for sudo.tab.o
-
-1998-09-06 23:58 millert
-
- * Makefile.in: don't clean sudo.tab.[ch]
-
-1998-09-06 23:48 millert
-
- * sudo.c: Sudo should prompt for a password before telling the user
- that a command could not be found.
-
-1998-09-06 23:47 millert
-
- * BUGS: for 1.5.6
-
-1998-09-06 23:25 millert
-
- * INSTALL, README: no longer require yacc
-
-1998-09-06 23:19 millert
-
- * Makefile.in: typo
-
-1998-09-06 23:18 millert
-
- * Makefile.in: y.tab -> sudo.tab include pre-yacc'd parse.yacc
-
-1998-09-06 23:09 millert
-
- * parse.lex: include sudo.tab.h, not y.tab.h don't break out of
- command args if you get a '='
-
-1998-09-06 22:59 millert
-
- * insults.h: fix version ,
-
-1998-09-06 22:57 millert
-
- * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
- fix version
-
-1998-09-06 22:55 millert
-
- * getcwd.c: getcwd(3) from OpenBSD for those without it.
-
-1998-09-06 22:51 millert
-
- * sudo.h: HAVE_GETWD -> HAVE_GETCWD
-
-1998-09-06 22:49 millert
-
- * configure.in: pretend sunos doesn't have getcwd(3) since it opens
- a pipe to getpwd!
-
-1998-09-06 22:41 millert
-
- * parse.c: use NAMLEN() macro
-
-1998-09-06 22:34 millert
-
- * fnmatch.c: remove duplicate include of string.h
-
-1998-09-06 22:28 millert
-
- * configure.in: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
-
-1998-09-06 22:28 millert
-
- * aclocal.m4: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
-
-1998-09-06 22:28 millert
-
- * config.h.in: add dev_t and ino_t
-
-1998-07-28 12:44 millert
-
- * check.c: fix OTP_ONLY for opie
-
-1998-06-24 12:22 millert
-
- * testsudoers.c, tgetpass.c: include stdlib.h for malloc proto
-
-1998-05-19 00:10 millert
-
- * Makefile.in: make update_version saner
-
-1998-05-18 23:32 millert
-
- * config.h.in: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
-
-1998-05-18 23:32 millert
-
- * configure.in: check for waitpid and wait3 or no waitpid
-
-1998-05-18 23:31 millert
-
- * logging.c: used waitpid or wait3 if we have 'em
-
-1998-05-02 14:16 millert
-
- * visudo.c: fix some fprintf args, ariel@oz.engr.sgi.com (Ariel
- Faigon)
-
-1998-04-27 20:09 millert
-
- * configure.in: don't need to explicately mention -lsocket -lnsl
- for sequent
-
-1998-04-25 01:56 millert
-
- * configure.in: dynix should not link with -linet
-
-1998-04-10 15:32 millert
-
- * INSTALL: mention that HP-UX doesn't ship with yacc
-
-1998-04-06 22:35 millert
-
- * check.c: ignore kerberos if we can't get the local realm
-
-1998-04-05 23:37 millert
-
- * configure.in, BUGS, INSTALL, README: ++version
-
-1998-04-05 23:36 millert
-
- * version.h: ++
-
-1998-04-05 23:35 millert
-
- * Makefile.in, emul/utime.h, check.c, config.h.in, dce_pwent.c,
- find_path.c, getspwuid.c, getcwd.c, goodpath.c, interfaces.c,
- logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c,
- sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
- visudo.c: updated version
-
-1998-04-05 23:34 millert
-
- * check.c, sudo.h: fix version
-
-1998-04-05 23:33 millert
-
- * getcwd.c: don't use popen/pclose. Do it inline.
-
-1998-04-05 23:25 millert
-
- * lsearch.c: add rcsid
-
-1998-04-05 23:21 millert
-
- * sudo.c: typo
-
-1998-04-05 23:17 millert
-
- * sudo.h, pathnames.h.in, compat.h, options.h, ins_2001.h,
- insults.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc,
- check.c: updated version
-
-1998-04-05 23:15 millert
-
- * check.c, find_path.c, parse.c, sudo.c, testsudoers.c: MAX* + 1 ->
- MAX*
-
-1998-04-05 23:14 millert
-
- * Makefile.in: getwd.c -> getcwd.c
-
-1998-04-05 22:49 millert
-
- * config.h.in: kill HAVE_GETWD
-
-1998-04-05 22:49 millert
-
- * configure.in: getcwd, not getwd
-
-1998-04-05 22:48 millert
-
- * getcwd.c: use MAX* not MAX* + 1 always run pwd as using getwd()
- defeats the purpose
-
-1998-03-31 00:15 millert
-
- * OPTIONS, options.h: add STUB_LOAD_INTERFACES
-
-1998-03-31 00:05 millert
-
- * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, logging.c, options.h, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
- updated version
-
-1998-03-30 23:54 millert
-
- * configure.in: support *-ccur-sysv4 and fix two typos
-
-1998-03-27 19:52 millert
-
- * configure.in: don't echo about with_logfile and with_timedir
-
-1998-03-27 19:49 millert
-
- * INSTALL: document --with-logfile and --with-timedir
-
-1998-03-27 19:46 millert
-
- * aclocal.m4: support --with-logfile and --with-timedir
-
-1998-03-27 19:46 millert
-
- * configure.in: Add --with-logfile and --with-timedir
-
-1998-03-27 19:27 millert
-
- * sudo.c: change size computation of NewArgv for UNICOS
-
-1998-02-18 20:10 millert
-
- * configure.in: treate -*-sysv4* like *-*-svr4
-
-1998-02-18 18:19 millert
-
- * configure.in: fix spacing for --with-authenticate help
-
-1998-02-18 16:39 millert
-
- * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, logging.c, options.h, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
- updated version
-
-1998-02-18 16:23 millert
-
- * parse.yacc: fix off by one error in push macro
-
-1998-02-17 01:15 millert
-
- * configure.in: removed bogus alloca hack
-
-1998-02-17 01:15 millert
-
- * check.c: added AIX 4.x authenticate() support
-
-1998-02-17 01:11 millert
-
- * parse.yacc: include alloca.h if using bison and not gcc and it
- exists. fixes an alloca problem on hpux 10.x
-
-1998-02-17 00:39 millert
-
- * INSTALL: mention --with-authenticate
-
-1998-02-17 00:37 millert
-
- * configure.in: added AIX authenticate() support
-
-1998-02-17 00:22 millert
-
- * config.h.in: add HAVE_AUTHENTICATE
-
-1998-02-16 23:58 millert
-
- * interfaces.c: dynamically size ifconf buffer
-
-1998-02-16 23:56 millert
-
- * configure.in: quote '[' and ']'
-
-1998-02-16 21:42 millert
-
- * Makefile.in, emul/utime.h, check.c, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- logging.c, options.h, parse.c, parse.lex, parse.yacc,
- pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
- updated version
-
-1998-02-16 19:06 millert
-
- * visudo.pod: add ERRORS section
-
-1998-02-16 18:57 millert
-
- * TROUBLESHOOTING: add busy stmp file explanation
-
-1998-02-15 18:49 millert
-
- * configure.in: the name of the cached var that signals whether or
- not you are cross compiling changed. It is now
- ac_cv_prog_cc_cross
-
-1998-02-11 16:26 millert
-
- * INSTALL: mention glibc 2.07 is fixed wrt lsearch()\.
-
-1998-02-06 21:55 millert
-
- * sample.sudoers, sudoers.pod: better example of su but not root su
-
-1998-02-06 15:49 millert
-
- * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, logging.c, options.h, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
- updated version
-
-1998-02-06 15:48 millert
-
- * Makefile.in: correct regexp for updating version
-
-1998-02-06 14:05 millert
-
- * tgetpass.c: remove bogus flush of stderr spew prompt before
- turning off echo. Seems to fix a weird problem where if sudo
- complained about a bogus stamp file the user would sometimes not
- have a chance to enter a password
-
-1998-02-06 14:05 millert
-
- * check.c: fix bogus flush of stderr
-
-1998-02-05 19:19 millert
-
- * sudo.c: close fd's <=2 not <=3 and move that chunk of code up
-
-1998-02-05 19:18 millert
-
- * configure.in: support hpux1[0-9] not just hpux10
-
-1998-01-30 14:59 millert
-
- * parse.c: set sudoers_fp to nil after closing
-
-1998-01-24 01:05 millert
-
- * config.guess, config.sub: updated from autoconf 2.12
-
-1998-01-24 00:50 millert
-
- * configure.in: add *-*-svr4 rule
-
-1998-01-22 22:53 millert
-
- * tgetpass.c: fix select usage for high fd's (dynamically allocate
- readfds)
-
-1998-01-22 22:49 millert
-
- * check.c: kill extra whitespace
-
-1998-01-22 19:28 millert
-
- * sudo.c: do an initgroups() before running a command, unless the
- target user is root.
-
-1998-01-22 12:22 millert
-
- * TROUBLESHOOTING: tell people to use tabs, not spaces, in
- syslog.conf
-
-1998-01-21 01:56 millert
-
- * parse.lex, Makefile.in, config.h.in, getwd.c, strdup.c, putenv.c,
- emul/utime.h, testsudoers.c, utime.c, dce_pwent.c: updated
- version
-
-1998-01-21 01:32 millert
-
- * goodpath.c, sudo_setenv.c, interfaces.c, tgetpass.c, visudo.c:
- updated version
-
-1998-01-21 01:29 millert
-
- * sudo.h, pathnames.h.in, options.h, compat.h, insults.h,
- ins_2001.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc,
- check.c, getspwuid.c, find_path.c, logging.c, parse.c, sudo.c:
- updated version
-
-1998-01-21 01:20 millert
-
- * Makefile.in: more tweaks to update_version
-
-1998-01-21 01:19 millert
-
- * Makefile.in: fixed up update_version rule
-
-1998-01-21 00:55 millert
-
- * configure.in: ++version
-
-1998-01-21 00:53 millert
-
- * Makefile.in: removed supe of check.c
-
-1998-01-21 00:51 millert
-
- * INSTALL: ++version I missed
-
-1998-01-21 00:51 millert
-
- * RUNSON: updated
-
-1998-01-21 00:48 millert
-
- * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
- find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- logging.c, options.h, parse.c, parse.lex, parse.yacc,
- pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c, emul/utime.h, BUGS, INSTALL, README: updated version
-
-1998-01-21 00:47 millert
-
- * CHANGES: updated for 1.5.5
-
-1998-01-21 00:35 millert
-
- * Makefile.in: add rules to update version stuff in files so I
- don't need to do it by hand
-
-1998-01-21 00:04 millert
-
- * sudo.h: sudoers_fp is now extern
-
-1998-01-21 00:03 millert
-
- * sudo.c: in check_sudoers, cache the sudoers file handle in
- sudoers_fp so we don't have to open it again in the parse. This
- may help with weird solaris problems where EAGAIN sometime
- occurrs.
-
-1998-01-21 00:02 millert
-
- * parse.c: sudoers file open is now done only in check_sudoers() so
- we just do a rewind() instead of an open. May help people on
- solaris who were getting EAGAIN.
-
-1998-01-16 11:43 millert
-
- * INSTALL: mention that newer glibc is fixed
-
-1998-01-13 12:58 millert
-
- * sudo.c: newer irix uses _RLDN32_* envariables for 32-bit binaries
- so ignore _RLD* instead of _RLD_*
-
-1998-01-13 10:32 millert
-
- * parse.c: typo
-
-1998-01-13 10:19 millert
-
- * parse.c: fix that bug for real
-
-1998-01-13 02:39 millert
-
- * INSTALL: document Linux's libc6 brokenness.
-
-1998-01-13 02:00 millert
-
- * parse.yacc: -Wall
-
-1998-01-13 01:22 millert
-
- * RUNSON: updated
-
-1998-01-13 00:50 millert
-
- * TROUBLESHOOTING: remind people to HUP syslogd
-
-1998-01-13 00:05 millert
-
- * Makefile.in: add -O flag to tar
-
-1998-01-13 00:00 millert
-
- * TODO, RUNSON: updated
-
-1998-01-12 23:59 millert
-
- * sudo.pod: remove author's email addr. people should mail
- sudo-bugs
-
-1998-01-12 23:49 millert
-
- * INSTALL: fix version
-
-1998-01-12 23:48 millert
-
- * README, check.c, compat.h, config.h.in, configure.in,
- dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, logging.c, options.h, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c: ++version
-
-1998-01-12 23:44 millert
-
- * RUNSON: updated
-
-1998-01-12 23:42 millert
-
- * INSTALL, Makefile.in: ++version
-
-1998-01-12 23:41 millert
-
- * CHANGES: updated fort 1.5.4
-
-1998-01-12 23:41 millert
-
- * check.c: exit(1) if user enters no passwd
-
-1998-01-12 23:37 millert
-
- * BUGS: ++version
-
-1998-01-12 23:10 millert
-
- * parse.c: commands can start with ./* not just /* -- fixes a
- serious security hole.
-
-1997-12-21 18:17 millert
-
- * sudo.c: Don't set the tty variable to NULL when we lack a tty,
- leave it as "unknown".
-
-1997-11-23 13:29 millert
-
- * sample.sudoers: fix usage of (username) in conjunction with , and
- !
-
-1997-11-23 13:28 millert
-
- * visudo.c: catch the case where the user is not in the passwd file
-
-1997-11-23 13:24 millert
-
- * tgetpass.c: use fileno(input) + 1 instead of getdtablesize() as
- the nfds arg to select(2)
-
-1997-11-23 01:53 millert
-
- * sudo.c: define tty global to an initial value to avoid dumping
- core in logging functions when passwd file is unavailable.
-
-1997-11-23 01:51 millert
-
- * sudo.c: do the set_perms(PERM_USER, sudo_mode) after we have
- gotten the passwd entry
-
-1997-11-23 00:21 millert
-
- * sudo.pod: talk about problem of ALL
-
-1997-10-10 00:54 millert
-
- * README: new web location
-
-1997-10-10 00:54 millert
-
- * INSTALL: fdesc bug is fixed in Open/Net BSD
-
-1997-10-10 00:52 millert
-
- * HISTORY: updates from Nieusma
-
-1997-10-09 18:37 millert
-
- * dce_pwent.c: move compat.h after the system includes
-
-1997-08-06 14:58 millert
-
- * logging.c: save errno from being clobbered by wait(). From Theo
-
-1997-05-21 11:57 millert
-
- * compat.h: fix an occurence of setresuid -> setreuid (typo)
-
-1997-03-19 17:45 millert
-
- * install-sh: check for path to strip
-
-1997-01-15 19:05 millert
-
- * logging.c: deal with maxfilelen < 0 case
-
-1997-01-15 19:05 millert
-
- * OPTIONS: fixed descriptin
-
-1996-12-11 23:10 millert
-
- * sudo.c: correct error message if mode/owner wrong and not
- statable by owner but is statable by root.
-
-1996-11-23 02:18 millert
-
- * config.guess, config.sub: autoconf 2.11
-
-1996-11-16 14:42 millert
-
- * CHANGES, RUNSON, TODO: sudo 1.5.3.
-
-1996-11-14 15:08 millert
-
- * sudo.h, parse.yacc: command_alias -> generic_alias
-
-1996-11-13 22:50 millert
-
- * sample.sudoers: added Runas_Alias example and fixed syntax errors
-
-1996-11-13 22:50 millert
-
- * OPTIONS, options.h: updated MAILSUBJECT
-
-1996-11-13 22:49 millert
-
- * logging.c: added %h expansion
-
-1996-11-13 21:37 millert
-
- * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
- find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- logging.c, options.h, parse.c, parse.lex, parse.yacc,
- pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c, INSTALL, README, configure.in: ++version
-
-1996-11-13 20:01 millert
-
- * emul/utime.h, BUGS: ++version
-
-1996-11-13 19:45 millert
-
- * sudoers.pod: document Runas_Alias
-
-1996-11-13 19:22 millert
-
- * visudo.pod: q (uid) -> Q
-
-1996-11-13 19:21 millert
-
- * visudo.c: buffer oflow checking q (uit) -> Q if yyparse() fails
- drop into whatnow
-
-1996-11-13 19:05 millert
-
- * parse.yacc: add size params to sprintf
-
-1996-11-13 19:04 millert
-
- * parse.lex: allow trailing space after '\\' but before '\n'
-
-1996-11-13 19:04 millert
-
- * find_path.c: off by one error in path size check
-
-1996-11-13 19:03 millert
-
- * check.c: sprintf paranoia
-
-1996-11-12 11:59 millert
-
- * parse.yacc: fixed more_aliases
-
-1996-11-12 11:58 millert
-
- * visudo.c: now warns if killed by signal ./
-
-1996-11-11 10:49 millert
-
- * parse.yacc: fix Runas_Alias stuff Alias's in runas list now get
- expanded (but it is gross)
-
-1996-11-10 20:32 millert
-
- * sudo.c: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE ==
- 0400
-
-1996-11-10 20:08 millert
-
- * parse.yacc: add Runas_Alias support change FOO to FOO_ALIAS (ie:
- USER_ALIAS)
-
-1996-11-10 20:02 millert
-
- * parse.lex: Add Runas_Alias and simplify a rule.
-
-1996-11-10 19:15 millert
-
- * parse.yacc: always store User_Alias's since they can be used
- inside of a runas list. Sigh. Really need a Runas_Alias
- instead.
-
-1996-10-30 18:04 millert
-
- * visudo.c: deal with case where there is no sudoers file
-
-1996-10-11 23:01 millert
-
- * TROUBLESHOOTING: added one
-
-1996-10-10 22:11 millert
-
- * HISTORY, testsudoers.c: developement -> development
-
-1996-10-10 22:08 millert
-
- * INSTALL: added a note
-
-1996-10-10 20:36 millert
-
- * RUNSON: for 1.5.2
-
-1996-10-10 20:36 millert
-
- * CHANGES: updated
-
-1996-10-10 00:56 millert
-
- * PORTING: removed seteuid() notes
-
-1996-10-09 13:37 millert
-
- * compat.h: better seteuid() emulatino
-
-1996-10-09 13:36 millert
-
- * configure.in: added check for seteuid
-
-1996-10-09 13:36 millert
-
- * config.h.in: added HAVE_SETEUID
-
-1996-10-08 19:22 millert
-
- * configure.in: first stab at sequent support
-
-1996-10-08 19:21 millert
-
- * config.h.in: added HAVE_SYS_SELECT_H
-
-1996-10-08 19:21 millert
-
- * compat.h: sequent -> _SEQUENT_
-
-1996-10-08 19:11 millert
-
- * compat.h: added seteuid() macro for DYNIX
-
-1996-10-08 18:54 millert
-
- * tgetpass.c: _AIX -> HAVE_SYS_SELECT_H
-
-1996-10-07 01:05 millert
-
- * emul/utime.h, check.c, compat.h, dce_pwent.c, find_path.c,
- getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
- ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
- pathnames.h.in, version.h, BUGS, INSTALL, Makefile.in, OPTIONS,
- README, config.h.in, logging.c, parse.c, parse.lex, parse.yacc,
- putenv.c, strdup.c, sudo_setenv.c, testsudoers.c, utime.c,
- visudo.c, tgetpass.c: ++version
-
-1996-10-07 00:59 millert
-
- * sudo.pod: added -H and SUDO_PS1
-
-1996-10-07 00:55 millert
-
- * configure.in: use SUDO_FUNC_FNMATCH
-
-1996-10-07 00:54 millert
-
- * aclocal.m4: added SUDO_FUNC_FNMATCH
-
-1996-10-07 00:53 millert
-
- * sudo.c: added -H flag
-
-1996-10-07 00:53 millert
-
- * sudo.h: added MODE_RESET_HOME /
-
-1996-10-05 00:00 millert
-
- * INSTALL: mention OPIE
-
-1996-10-04 23:59 millert
-
- * configure.in: added opie support
-
-1996-10-04 23:59 millert
-
- * check.c: added HAVE_OPIE and changed to *_OTP_*
-
-1996-10-04 23:58 millert
-
- * compat.h, config.h.in: added HAVE_OPIE
-
-1996-10-04 23:58 millert
-
- * OPTIONS, options.h: SKEY -> OTP
-
-1996-10-03 23:27 millert
-
- * check.c: moved fclose() in skey stuff.
-
-1996-10-03 19:53 millert
-
- * putenv.c: index -> strchr remove unnecesary stuff
-
-1996-10-03 19:43 millert
-
- * check.c: now call skeychallenge() to get challenge instead of
- making one up ourselves. this way, we get extra goodies in the
- prompt.
-
-1996-09-10 00:32 millert
-
- * CHANGES: added one
-
-1996-09-10 00:18 millert
-
- * parse.lex: allow logins to start with a number (YUCK!)
-
-1996-09-08 15:18 millert
-
- * TROUBLESHOOTING: added soalris 2.5 vs 2.4 note
-
-1996-09-08 15:15 millert
-
- * configure.in: DUNIX doesn't need -lnsl
-
-1996-09-07 20:22 millert
-
- * CHANGES: [no log message]
-
-1996-09-07 20:21 millert
-
- * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
- getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
- ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
- options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in,
- putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c,
- tgetpass.c, utime.c, version.h, visudo.c: courtesan
-
-1996-09-07 20:13 millert
-
- * TROUBLESHOOTING, INSTALL, Makefile.in, PORTING, RUNSON, README:
- courtesan
-
-1996-09-07 20:12 millert
-
- * visudo.pod: [no log message]
-
-1996-09-07 20:00 millert
-
- * sudo.pod, visudo.pod: courtesan
-
-1996-09-07 19:45 millert
-
- * HISTORY: added courtesan ./
-
-1996-09-06 00:12 millert
-
- * sudo.c: added $SUDO_PROMPT support
-
-1996-09-04 17:19 millert
-
- * check.c: print long skey challemged to stderr, not stdout
-
-1996-08-31 23:10 millert
-
- * CHANGES: updated for 1.5.1
-
-1996-08-31 23:07 millert
-
- * emul/utime.h: ++version
-
-1996-08-31 12:34 millert
-
- * RUNSON: updated for 1.5.1
-
-1996-08-30 10:49 millert
-
- * check.c: use shost, not host for tgetpass
-
-1996-08-30 00:21 millert
-
- * OPTIONS, sudo.pod: documented %u and %h
-
-1996-08-29 20:40 millert
-
- * configure.in: fixed typo
-
-1996-08-29 20:37 millert
-
- * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, logging.c, options.h, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c: ++version
-
-1996-08-29 20:30 millert
-
- * BUGS: ++version
-
-1996-08-29 18:32 millert
-
- * configure.in, Makefile.in, version.h: ++version
-
-1996-08-29 17:58 millert
-
- * sudo.h: new tgetpass() params
-
-1996-08-29 17:58 millert
-
- * check.c: pass use and host to tgetpass
-
-1996-08-29 17:57 millert
-
- * tgetpass.c: added %u and %h escapes
-
-1996-08-29 16:56 millert
-
- * OPTIONS, options.h, check.c: added NO_MESSAGE
-
-1996-08-29 16:23 millert
-
- * configure.in: added cray (unicos) support
-
-1996-08-27 11:36 millert
-
- * OPTIONS, options.h, sudo.c: added SHELL_SETS_HOME
-
-1996-08-25 17:56 millert
-
- * INSTALL: added note about "make install"
-
-1996-08-25 17:50 millert
-
- * parse.yacc: changed length/size params from int to size_t
-
-1996-08-25 13:35 millert
-
- * OPTIONS: now get CSOPS insults as well by default
-
-1996-08-25 13:33 millert
-
- * insults.h: use csops insults too by default
-
-1996-08-25 13:31 millert
-
- * INSTALL, Makefile.in, README, config.h.in, configure.in,
- version.h: version = 1.5
-
-1996-08-25 13:27 millert
-
- * sudo.c: added runas_homedir
-
-1996-08-25 13:27 millert
-
- * TODO: updated for 1.5
-
-1996-08-25 13:23 millert
-
- * RUNSON: updated for 1.5
-
-1996-08-25 13:19 millert
-
- * CHANGES: 1.5 release
-
-1996-08-25 13:17 millert
-
- * INSTALL: added "upgrading" notes
-
-1996-08-22 14:00 millert
-
- * visudo.c: now do chmod and chown after edit of temp file and
- before rename
-
-1996-08-18 12:52 millert
-
- * Makefile.in: ++version added INSTALL.configure
-
-1996-08-18 12:52 millert
-
- * version.h, configure.in: ++version
-
-1996-08-18 12:51 millert
-
- * TROUBLESHOOTING: [no log message]
-
-1996-08-18 12:50 millert
-
- * parse.yacc: added missing cast
-
-1996-08-17 20:37 millert
-
- * sudo.c: sets $HOME to pw_dir of runas user
-
-1996-08-17 20:02 millert
-
- * sudo.pod: document $HOME change
-
-1996-08-17 19:43 millert
-
- * sudo.pod: fixed up some wording
-
-1996-08-17 19:25 millert
-
- * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
- goodpath.c, interfaces.c, logging.c, parse.c, parse.lex,
- parse.yacc, putenv.c, strdup.c, sudo.c, sudo_setenv.c,
- testsudoers.c, tgetpass.c, utime.c, visudo.c: ++version
-
-1996-08-17 19:19 millert
-
- * emul/utime.h, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
- ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h:
- ++version
-
-1996-08-17 19:18 millert
-
- * sudo.h: name nad type changes
-
-1996-08-17 19:17 millert
-
- * testsudoers.c: now works with new sudo
-
-1996-08-17 19:07 millert
-
- * parse.yacc: fixed some XXX
-
-1996-08-17 18:52 millert
-
- * parse.yacc: some variable name changes + comment headers for
- functions.
-
-1996-08-17 18:41 millert
-
- * tgetpass.c: added extra paren's to make compilers happy
-
-1996-08-17 18:34 millert
-
- * sudo.c: [no log message]
-
-1996-08-17 18:30 millert
-
- * parse.c: now uses init_parser() if not in sudoers and tries
- "list" or "validate" scold but don't be nasty.
-
-1996-08-17 18:29 millert
-
- * TROUBLESHOOTING: now can use upper case login names
-
-1996-08-17 18:29 millert
-
- * visudo.c: now uses init_parser()
-
-1996-08-17 18:28 millert
-
- * PORTING: added info about PASSWORD_TIMEOUT
-
-1996-08-17 18:28 millert
-
- * INSTALL, README: updated
-
-1996-08-17 18:28 millert
-
- * INSTALL.configure: Initial revision
-
-1996-08-17 18:27 millert
-
- * BUGS: fixed a bug ,
-
-1996-08-17 18:27 millert
-
- * parse.yacc: now dynamically allocates memory for the stacks -- no
- more overflows!
-
-1996-08-17 18:26 millert
-
- * sudo.pod: -l now explands command aliases
-
-1996-08-17 13:22 millert
-
- * parse.yacc: hacks to expand command aliases for `sudo -l'
-
-1996-08-17 13:22 millert
-
- * sudo.c: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh,
- and bash)
-
-1996-08-17 13:22 millert
-
- * sudo.h: added struct command_alias
-
-1996-08-17 13:20 millert
-
- * sudo.pod: fixed a bug
-
-1996-08-17 13:15 millert
-
- * lsearch.c: in compar() key should be first arg
-
-1996-08-15 15:48 millert
-
- * BUGS: fixed some bugs
-
-1996-08-15 15:47 millert
-
- * parse.yacc: can now deal with upcase HOST and USER names
-
-1996-08-15 15:47 millert
-
- * sudo.c: don't yell too loudly at non-sudoers if they do "sudo -l"
-
-1996-08-15 15:46 millert
-
- * sudo.pod: fixed thinko
-
-1996-08-15 15:46 millert
-
- * parse.c: fix comment
-
-1996-08-09 18:07 millert
-
- * parse.c, parse.yacc: added support for new `sudo -l' stuff
-
-1996-08-09 18:06 millert
-
- * sudo.c: now uses list_matches()
-
-1996-08-09 18:06 millert
-
- * sudo.h: added struct sudo_match
-
-1996-08-09 17:37 millert
-
- * configure.in: now more -lgnumalloc
-
-1996-08-01 13:12 millert
-
- * install-sh: added more paths for chown and whoami
-
-1996-07-31 10:41 millert
-
- * check.c: typo
-
-1996-07-30 13:45 millert
-
- * aclocal.m4: fixed DUNIX check for shadow pw
-
-1996-07-30 13:41 millert
-
- * tgetpass.c: now only turn off echo if it is already on. this
- fixes a race when you use sudo in a pipelin
-
-1996-07-30 12:53 millert
-
- * INSTALL: updated
-
-1996-07-29 22:29 millert
-
- * configure.in: changed "test -z $foo && do_this" to if; then
- construct
-
-1996-07-28 22:47 millert
-
- * configure.in: added missing defines of SHADOW_TYPE
-
-1996-07-26 14:10 millert
-
- * check.c: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since
- they are only in dunix 4.x
-
-1996-07-26 14:09 millert
-
- * getspwuid.c: added AUTH_CRYPT_C1CRYPT support
-
-1996-07-26 13:23 millert
-
- * parse.c: no longer return VALIDATE_NOT_OK if there was a runas
- that didn't match. Now we can have runas stuff on more than one
- line.
-
-1996-07-25 23:45 millert
-
- * configure.in: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always
- defined to something
-
-1996-07-25 23:45 millert
-
- * config.h.in: removed HAVE_C2_SECURITY added SPW_BSD
-
-1996-07-25 23:44 millert
-
- * compat.h, getspwuid.c, sudo.c, tgetpass.c: use SHADOW_TYPE
- instead of HAVE_C2_SECURITY
-
-1996-07-25 23:44 millert
-
- * check.c: SHADOW_TYPE is always defined so just against its value
-
-1996-07-25 23:44 millert
-
- * aclocal.m4: added SUDO_CHECK_SHADOW_DUNIX
-
-1996-07-25 18:47 millert
-
- * sudoers.pod: * -> ?* in one example added another instance of
- (runas) and one of NOPASSWD:
-
-1996-07-24 13:02 millert
-
- * configure.in: added back check for config.cache from other host
- type
-
-1996-07-24 12:49 millert
-
- * parse.lex: removed an instance of \"
-
-1996-07-24 12:49 millert
-
- * sample.sudoers: added an example
-
-1996-07-24 12:44 millert
-
- * sudoers.pod: updated wrt new wildcard matching
-
-1996-07-24 10:28 millert
-
- * configure.in: new check for shadow passwords if we don't know
- anything
-
-1996-07-24 10:28 millert
-
- * aclocal.m4: new SUDO_CHECK_SHADOW_GENERIC
-
-1996-07-24 02:19 millert
-
- * configure.in: added back check for -lsocket (oops)
-
-1996-07-24 02:16 millert
-
- * configure.in: better (working) check for shadow passwd type if we
- know to use C2.
-
-1996-07-24 01:59 millert
-
- * configure.in: now uses AC_CANONICAL_HOST to figure out os type
-
-1996-07-24 01:59 millert
-
- * Makefile.in: added config.{guess,sub}
-
-1996-07-24 01:58 millert
-
- * aclocal.m4: removed unused stuff to figure out os type
-
-1996-07-23 22:58 millert
-
- * config.sub: added openbsd
-
-1996-07-23 22:54 millert
-
- * config.sub: Initial revision
-
-1996-07-23 22:40 millert
-
- * config.guess: Initial revision
-
-1996-07-23 21:18 millert
-
- * testsudoers.c: don't call fnmatch() with FNM_PATHNAME flag unless
- it can only be a pathname. need to check against sudoers_args
- even if user_args is nil
-
-1996-07-23 21:18 millert
-
- * parse.c: don't call fnmatch() with FNM_PATHNAME flag unless it
- can only be a pathname need to check against sudoers_args even if
- user_args is nil
-
-1996-07-23 18:52 millert
-
- * check.c: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
-
-1996-07-23 01:18 millert
-
- * testsudoers.c: now takes command line args and uses cmnd_args
-
-1996-07-23 01:10 millert
-
- * parse.lex: fill_args was adding an extra leading space
-
-1996-07-22 15:50 millert
-
- * visudo.c: fixed dummy command_matches()
-
-1996-07-22 15:50 millert
-
- * parse.yacc: fixed prototype
-
-1996-07-22 15:31 millert
-
- * sudo.h: added cmnd_args
-
-1996-07-22 15:31 millert
-
- * parse.yacc: now uses flat args string
-
-1996-07-22 15:30 millert
-
- * parse.c, parse.lex: now uses flat arg string
-
-1996-07-22 15:29 millert
-
- * visudo.c: added cmnd_args def
-
-1996-07-22 14:30 millert
-
- * sudo.c: now sets cmnd_args global
-
-1996-07-22 14:30 millert
-
- * logging.c: cmnd_args is now exported from sudo.[ch]
-
-1996-07-21 18:41 millert
-
- * parse.yacc: can't rely on cmnd_matches as much as I thought --
- added some $$ stuff back in to prevent namespace pollution
- problems.
-
-1996-07-21 18:01 millert
-
- * parse.yacc: Simplified parse rules wrt runas and NOPASSWD (more
- consistent).
-
-1996-07-20 00:45 millert
-
- * parse.lex: NOPASSWD may now have blanks before the ':' '(' only
- starts a 'runas' if in the initial state to avoid collision with
- command args
-
-1996-07-20 00:23 millert
-
- * configure.in: added checks for specific shadow passwd schemes
-
-1996-07-20 00:18 millert
-
- * aclocal.m4: added routines to check for specific shadow passwd
- types
-
-1996-07-18 18:27 millert
-
- * configure.in: added support for ncr boxen
-
-1996-07-18 18:26 millert
-
- * aclocal.m4: added support for detecting ncr boxen
-
-1996-07-16 14:57 millert
-
- * configure.in: added sinix support
-
-1996-07-13 22:29 millert
-
- * TROUBLESHOOTING: added info about "config.cache from other other"
- error.
-
-1996-07-13 22:22 millert
-
- * aclocal.m4: now makes sure you don't have a config.cache file
- from another OS
-
-1996-07-13 21:36 millert
-
- * configure.in: now sets $LIBS when needed to configure links with
- libs when doing tests hpux10 now uses SPW_SECUREWARE for C2 added
- check for bigcrypt(3) if SPW_SECUREWARE
-
-1996-07-13 21:30 millert
-
- * getspwuid.c: fixed typo
-
-1996-07-13 21:05 millert
-
- * tgetpass.c: now include stuff for SPW_SECUREWARE to get
- AUTH_MAX_PASSWD_LENGTH
-
-1996-07-13 21:05 millert
-
- * getspwuid.c: no more SPW_HPUX10
-
-1996-07-13 21:04 millert
-
- * config.h.in: no more SPW_HPUX10 added HAVE_BIGCRYPT
-
-1996-07-13 21:04 millert
-
- * compat.h: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
-
-1996-07-13 21:04 millert
-
- * check.c: SPW_SECUREWARE now uses bigcrypt
-
-1996-07-13 18:24 millert
-
- * sample.sudoers: fixed 2 syntax errors
-
-1996-07-13 18:24 millert
-
- * sudoers: root may now run ALL as ALL
-
-1996-07-11 20:59 millert
-
- * interfaces.c: fixed a typo/thinko that broke BSD's with sa_len
-
-1996-07-08 16:08 millert
-
- * check.c, configure.in: updated AFS support
-
-1996-07-08 16:07 millert
-
- * TROUBLESHOOTING: added entry about /usr/ucb/cc
-
-1996-07-08 16:06 millert
-
- * INSTALL: prep no longer holds gcc binaries
-
-1996-07-08 15:48 millert
-
- * INSTALL: updated AFS note
-
-1996-07-08 15:43 millert
-
- * Makefile.in: added @AFS_LIBS@
-
-1996-07-08 15:33 millert
-
- * compat.h: AFS allows long passwords
-
-1996-07-08 14:16 millert
-
- * testsudoers.c: fixed -u user support
-
-1996-07-08 14:16 millert
-
- * parse.c: sudo -v now groks VALIDATE_OK_NOPASS
-
-1996-07-08 13:30 millert
-
- * parse.yacc: fixed no_passwd vs. runas_matched
-
-1996-07-08 10:30 millert
-
- * TROUBLESHOOTING: took out stuff about NFS-mounting since it is no
- longer an issue
-
-1996-07-08 10:30 millert
-
- * INSTALL: added --with-libraries > --with-libpath --with-incpath
-
-1996-07-08 10:21 millert
-
- * parse.yacc: was setting runas_matches to -1 in wrong place
-
-1996-07-08 09:58 millert
-
- * check.c: removed usersec.h which is not present in new AFS
- versions
-
-1996-07-08 09:55 millert
-
- * tgetpass.c: now deals with timeout <= 0
-
-1996-07-08 09:51 millert
-
- * OPTIONS: updated
-
-1996-07-08 00:04 millert
-
- * configure.in: BSD/OS >= 2.0 now uses shlicc instead of just gcc
-
-1996-07-07 22:30 millert
-
- * sudo.c: fixed backwards compatibility with sudo 1.4 sudoers mode
- for root readable/writable filesystems
-
-1996-07-07 20:49 millert
-
- * Makefile.in: now gives INSTALL -c flag
-
-1996-07-07 20:34 millert
-
- * parse.yacc: slightly simpler initialization of no_passwd and
- runas_matches
-
-1996-07-07 20:33 millert
-
- * testsudoers.c: added -u username support
-
-1996-07-07 20:32 millert
-
- * configure.in: improved --with-libraries support
-
-1996-07-07 16:27 millert
-
- * configure.in: added --with-incpath, --with-libpath,
- --with-libraries
-
-1996-07-07 16:01 millert
-
- * parse.yacc: now initializes some fields that weren't getting set
- to -1 pretty gross -- need a rewrite.
-
-1996-06-25 23:19 millert
-
- * alloca.c: removed emacs'isms
-
-1996-06-25 22:29 millert
-
- * configure.in: no longer add -lPW to *_LIBS since we include
- alloca.c
-
-1996-06-25 22:29 millert
-
- * config.h.in: added HAVE_ALLOCA_H
-
-1996-06-25 22:28 millert
-
- * Makefile.in: added alloca.c
-
-1996-06-25 22:18 millert
-
- * alloca.c: Initial revision
-
-1996-06-25 21:58 millert
-
- * configure.in: ++version
-
-1996-06-25 19:32 millert
-
- * sudo.c: now set uid to 1 instead of nobody for PERM_SUDOERS since
- nobody is not always set to a valid uid.
-
-1996-06-25 19:31 millert
-
- * OPTIONS: fixed entry for SUDO_MODE
-
-1996-06-25 18:02 millert
-
- * sudo.c: Fixed NFS-mounted sudoers file under solaris both uid
- *and* gid were being set to -2. Now beat NFS to the punch and
- set uid to "nobody" ourselves, preserving group 0 to read
- sudoers.
-
-1996-06-25 18:02 millert
-
- * parse.c: moved set_perms(PERM_ROOT) to be before yyparse()
-
-1996-06-25 18:00 millert
-
- * logging.c: fixed a typo
-
-1996-06-25 18:00 millert
-
- * configure.in: no longer need AC_PROG_INSTALL
-
-1996-06-25 17:59 millert
-
- * Makefile.in: always use install-sh to avoid install(1)'s that use
- get{pw,gr}nam
-
-1996-06-25 16:07 millert
-
- * INSTALL: make clean -> make distclean
-
-1996-06-20 01:17 millert
-
- * parse.yacc: removed some unnecsary if's
-
-1996-06-20 01:16 millert
-
- * Makefile.in, version.h: ++version
-
-1996-06-20 01:16 millert
-
- * parse.c, testsudoers.c: now includes netgroup.h
-
-1996-06-20 00:45 millert
-
- * interfaces.c: removed cats of ioctl to int since they didn't shut
- up -Wall
-
-1996-06-20 00:43 millert
-
- * interfaces.c: explicately cast ioctl() to int since it it not
- always declared
-
-1996-06-20 00:41 millert
-
- * sudo.h: added declarations for yyparse() and yylex()
-
-1996-06-20 00:27 millert
-
- * parse.yacc: fixed an occurence of '==' -> '='
-
-1996-06-20 00:22 millert
-
- * config.h.in, configure.in: added check for netgroup.h
-
-1996-06-20 00:20 millert
-
- * sudo.c: fixed 2 compiler warnings
-
-1996-06-20 00:08 millert
-
- * sudo.c: SHELL_IF_NO_ARGS caused core dump since NewArg[cv]
- weren't being initialized
-
-1996-06-19 13:53 millert
-
- * sudo.pod: fixed a typo
-
-1996-06-17 12:19 millert
-
- * parse.yacc: fixed a formatting thingie
-
-1996-06-17 12:16 millert
-
- * parse.c, parse.yacc: fixed -u support with multiple user lists on
- a line
-
-1996-06-17 10:23 millert
-
- * configure.in: unixware needs -lgen
-
-1996-06-17 10:23 millert
-
- * README: updated ftp location
-
-1996-06-17 00:08 millert
-
- * sudoers.pod: add net_addr/netmask support
-
-1996-06-17 00:07 millert
-
- * sample.sudoers: added net_addr/mask example
-
-1996-06-17 00:02 millert
-
- * parse.lex, parse.c: added support for net_addr/netmask
-
-1996-06-15 20:13 millert
-
- * sudoers.pod: ^ -> !
-
-1996-06-15 18:12 millert
-
- * RUNSON: updated for 1.4.3
-
-1996-06-15 18:12 millert
-
- * CHANGES: udpated for 1.4.3
-
-1996-06-15 18:11 millert
-
- * TROUBLESHOOTING, TODO, BUGS: updated
-
-1996-06-15 18:11 millert
-
- * sample.sudoers: updated with examples of new stuff
-
-1996-06-15 18:10 millert
-
- * INSTALL, README: ++version
-
-1996-06-15 18:01 millert
-
- * sudoers.pod: updated wrt -u and NOPASSWD
-
-1996-06-15 17:58 millert
-
- * sudo.pod: updated wrt -u and CAVEATS
-
-1996-06-08 23:15 millert
-
- * sudo.c: fixed usage()
-
-1996-06-08 22:57 millert
-
- * parse.lex: now use :foo: character classes (makes no diff for
- generated lexer)
-
-1996-06-07 14:33 millert
-
- * check.c: fixed LONG_SKEY_PROMPT stuff
-
-1996-06-06 15:35 millert
-
- * visudo.c: fixed a comment
-
-1996-06-06 15:03 millert
-
- * lsearch.c: make more like NetBSD one -- now compiles w/o warnings
-
-1996-06-06 15:02 millert
-
- * emul/search.h: fixed decls of lsearch()
-
-1996-06-05 22:20 millert
-
- * config.h.in, configure.in, getspwuid.c: added SPW_HPUX10
-
-1996-06-05 22:20 millert
-
- * check.c: hpux 10 uses bigcrypt() if C2
-
-1996-06-04 19:57 millert
-
- * parse.c: now always uses fnmatch to match args
-
-1996-06-04 19:40 millert
-
- * tgetpass.c: back to using stdio instead of raw i/o since that
- caused some problems
-
-1996-05-28 22:14 millert
-
- * sudo.c: now give usage warning if use -l,-v,-k with args
-
-1996-05-28 18:22 millert
-
- * sudo.c: NewArgc is now set to 1 for -l, -v, -k
-
-1996-05-28 12:50 millert
-
- * sudo.c: now sets sudoers to correct group if mode is 0400
-
-1996-05-28 12:02 millert
-
- * install-sh: updated to version used by inn and bind
-
-1996-05-28 00:08 millert
-
- * configure.in: now uses -lgnumalloc if it exists
-
-1996-05-28 00:02 millert
-
- * Makefile.in: "make install" now sets uid/gid and mode on sudoers
- if it exists
-
-1996-05-28 00:01 millert
-
- * sudo.c: rmeoved debugging statements
-
-1996-05-28 00:00 millert
-
- * parse.yacc: added a missing free()
-
-1996-05-27 23:58 millert
-
- * sudo.c: now uses user_gid instead of getegid (which was wrong
- anyway) to set SUDO_GID Now sets command line args in
- SUDO_COMMAND envariabled (logging.c depends on args being in the
- environment)
-
-1996-05-27 23:57 millert
-
- * logging.c: now uses SUDO_COMMAND envariable to get command args
- rather than building it up again.
-
-1996-05-27 22:42 millert
-
- * parse.c: now uses user_gid
-
-1996-05-27 20:02 millert
-
- * sudo.c: fixed off by one error in allocation NewArgv
-
-1996-05-27 20:01 millert
-
- * parse.c: in sudoers, 'command ""' now means command with no args
-
-1996-05-27 20:01 millert
-
- * configure.in: added check for fnmatch(3) and fnmatch.h
-
-1996-05-27 20:01 millert
-
- * config.h.in: added HAVE_FNMATCH
-
-1996-05-27 20:00 millert
-
- * Makefile.in: replaced wildcat.* with fnmatch.*
-
-1996-05-27 20:00 millert
-
- * testsudoers.c: now uses fnmatch()
-
-1996-05-27 19:38 millert
-
- * parse.c: now uses fnmatch() instead of wildmat a trailing star
- (*) by itself now matches multiple args added support for
- wildcards in the pathname in sudoers
-
-1996-05-25 19:23 millert
-
- * fnmatch.c: now includes compat.h and config.h
-
-1996-05-25 18:09 millert
-
- * config.h.in: added HAVE_FNMATCH_H
-
-1996-05-25 18:07 millert
-
- * configure.in: now checks for alloca() (if needed by bison or dce)
- and links with -lPW if it contains alloca() and libv and compiler
- do not.
-
-1996-05-25 18:03 millert
-
- * fnmatch.3, fnmatch.c, emul/fnmatch.h: Initial revision
-
-1996-04-28 22:38 millert
-
- * sudo.c: now fixes mode on sudoers if set to 0400 to aid in
- upgrade
-
-1996-04-28 17:44 millert
-
- * Makefile.in: fixed pod2man usage
-
-1996-04-28 17:40 millert
-
- * configure.in, Makefile.in, version.h: ++version
-
-1996-04-28 17:20 millert
-
- * testsudoers.c, visudo.c: runas_user is now initialized to "root"
-
-1996-04-28 17:20 millert
-
- * sudo.h: removed PERM_FULL_ROOT
-
-1996-04-28 17:18 millert
-
- * sudo.c: runas_user defaults to "root" so no more need to
- PERM_RUNAS
-
-1996-04-28 17:16 millert
-
- * parse.c: will now only running commands as root if there was no
- runas list (or if root is in the runas list)
-
-1996-04-28 17:15 millert
-
- * logging.c: now logs "USER=%s"
-
-1996-04-28 17:12 millert
-
- * parse.yacc: runas_matches is now set to false if we get a
- negative match
-
-1996-04-28 15:01 millert
-
- * parse.lex: make #uid work + some minor cleanup
-
-1996-04-27 21:04 millert
-
- * sample.sudoers: added support for NOPASSWD and "runas" from
- garp@opustel.com /
-
-1996-04-27 21:03 millert
-
- * visudo.c: added support for "runas" from garp@opustel.com
- replaced SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added
- support for SUDOERS_MODE
-
-1996-04-27 21:03 millert
-
- * testsudoers.c: added support for "runas" from garp@opustel.com
-
-1996-04-27 21:02 millert
-
- * sudo.h: added support for NO_PASSWD and runas from
- garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and
- SUDOERS_GID and added support fro SUDOERS_MODE
-
-1996-04-27 21:00 millert
-
- * sudo.c: added support for NO_PASSWD and runas from
- garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and
- SUDOERS_GID and added support fro SUDOERS_MODE
-
-1996-04-27 21:00 millert
-
- * parse.yacc: added support for NO_PASSWD and runas from
- garp@opustel.com
-
-1996-04-27 20:58 millert
-
- * parse.c, parse.lex: added support for NO_PASSWD and runas from
- garp@opustel.com
-
-1996-04-27 20:56 millert
-
- * logging.c: added support for SUDOERS_WRONG_MODE and "runas"
-
-1996-04-27 20:40 millert
-
- * configure.in: added --with-CC only link with -lshadow on linux
- (with shadow pw) if libc lacks getspnam()
-
-1996-04-27 20:39 millert
-
- * OPTIONS, options.h: removed NO_PASSWD since it is not possible to
- do this in the sudoers file itself. Replaced SUDOERS_OWNER with
- SUDOERS_UID and SUDOERS_GID. Added SUDOERS_MODE.
-
-1996-04-27 20:26 millert
-
- * Makefile.in: now uses SUDOERS_UID and SUDOERS_GID
-
-1996-04-27 11:20 millert
-
- * INSTALL: added --with-CC
-
-1996-04-06 16:31 millert
-
- * parse.lex: added double quote support
-
-1996-04-06 16:29 millert
-
- * sudoers.pod: documented double quoting
-
-1996-04-05 16:53 millert
-
- * mkinstalldirs: Initial revision
-
-1996-04-05 16:53 millert
-
- * check.c: fixed some indentation
-
-1996-04-05 16:48 millert
-
- * Makefile.in: fixed a typo
-
-1996-04-04 19:39 millert
-
- * Makefile.in: added install-dirs .
-
-1996-04-04 14:16 millert
-
- * dce_pwent.c: new version from "Jeff A. Earickson"
- <jaearick@colby.edu>
-
-1996-04-03 13:40 millert
-
- * configure.in: $CSOPS -> $with_csops (whoops, missed one)
-
-1996-04-03 13:40 millert
-
- * BUGS: updated
-
-1996-04-03 13:36 millert
-
- * parse.lex: FQHOST now has same constraints as non-FQHOST
-
-1996-04-02 19:00 millert
-
- * INSTALL: added note about OS's w/ shadow passwords turned on by
- default
-
-1996-04-02 18:58 millert
-
- * configure.in: fixed a typo
-
-1996-04-02 18:48 millert
-
- * configure.in: added support for --without-THING sanitized shadow
- pw situtation by adding support for --without-C2
-
-1996-04-02 16:42 millert
-
- * tgetpass.c: fixed a typo wrt placement of an end paren
-
-1996-04-02 14:57 millert
-
- * check.c: was closing an fd that may not have been opened
-
-1996-03-21 19:55 millert
-
- * sudo.c, OPTIONS, options.h: added NO_PASSWD
-
-1996-03-19 19:40 millert
-
- * configure.in: now always use shadow pw on some arches
-
-1996-03-19 17:07 millert
-
- * configure.in: added pyramid support
-
-1996-03-19 17:04 millert
-
- * configure.in: no longer check for C2 if alternate passwd method
- is used no longer check for some libs twice
-
-1996-03-19 17:00 millert
-
- * parse.yacc: moved fqdn stuff into parse.lex (FQHOST)
-
-1996-03-19 17:00 millert
-
- * parse.lex: added FQHOST rules
-
-1996-03-18 20:57 millert
-
- * tgetpass.c: now define TCSASOFT in necesary
-
-1996-03-18 20:31 millert
-
- * tgetpass.c: now uses read/write instead of stdio string goop to
- avoid problems with select(2)
-
-1996-03-18 19:37 millert
-
- * OPTIONS, find_path.c, options.h: -DNO_DOT_PATH ->
- -DIGNORE_DOT_PATH
-
-1996-03-17 16:18 millert
-
- * INSTALL: added note about no shadow auto-detect if using
- alternate auth schemes
-
-1996-03-17 15:33 millert
-
- * configure.in: don't check for C2 if AFS or DCE (unless they said
- --with-C2)
-
-1996-03-17 15:08 millert
-
- * testsudoers.c: now groks shost
-
-1996-03-17 15:01 millert
-
- * options.h, OPTIONS, find_path.c: added NO_DOT_PATH
-
-1996-03-16 14:43 millert
-
- * find_path.c: checkdot now works correctly
-
-1996-03-12 18:01 millert
-
- * configure.in: can't have DCE and C2 passwords both...
-
-1996-03-11 14:05 millert
-
- * parse.yacc, sudo.c, sudo.h, visudo.c: now uses shost even if not
- FQDN
-
-1996-03-11 14:04 millert
-
- * configure.in: now looks for skey in /usr/lib and doesn't require
- libskey to be in /usr/local/lib just because skey.h is (for my
- netbsd box :-)
-
-1996-03-11 02:00 millert
-
- * aclocal.m4, config.h.in, pathnames.h.in: _SUDO_PATH_ ->
- _CONFIG_PATH_
-
-1996-03-10 21:01 millert
-
- * aclocal.m4, sudo.pod: /var/run/.odus -> /var/run/sudo
-
-1996-03-10 20:59 millert
-
- * pathnames.h.in: now uses _SUDO_PATH_TIMEDIR
-
-1996-03-10 20:59 millert
-
- * OPTIONS: udpated FQDN
-
-1996-03-10 20:58 millert
-
- * config.h.in: added _SUDO_PATH_TIMEDIR
-
-1996-03-10 20:58 millert
-
- * aclocal.m4, configure.in: added SUDO_TIMEDIR
-
-1996-03-10 20:58 millert
-
- * sudo.pod: updated wrt /var/run/sudo
-
-1996-03-10 20:16 millert
-
- * sudo.c, sudo.h: added support for shost if FQDN
-
-1996-03-10 20:14 millert
-
- * parse.yacc, visudo.c: now uses shost if FQDN
-
-1996-03-10 20:12 millert
-
- * check.c: Now use skeylookup() instead off skeychallenge()
-
-1996-02-27 20:41 millert
-
- * logging.c: mail_argv should not contain ALERTMAIL as it includes
- "-t"
-
-1996-02-22 17:06 millert
-
- * INSTALL, Makefile.in, README, version.h, configure.in: ++version
-
-1996-02-22 16:27 millert
-
- * compat.h: added more _PASSWD_LEN stuff -- now uses PASS_MAX too
-
-1996-02-22 16:27 millert
-
- * tgetpass.c: now includes limits.h moved _PASSWD_LEN -> compat.h
-
-1996-02-05 19:20 millert
-
- * README, INSTALL: ++version
-
-1996-02-05 19:20 millert
-
- * Makefile.in: ++versoin
-
-1996-02-05 19:16 millert
-
- * Makefile.in: fixed a typo
-
-1996-02-05 19:16 millert
-
- * configure.in: ++version
-
-1996-02-05 18:53 millert
-
- * RUNSON: updated
-
-1996-02-05 18:47 millert
-
- * CHANGES: done for 1.4.1 (I hope)
-
-1996-02-05 18:45 millert
-
- * sudoers.pod: added info on wildcards
-
-1996-02-05 18:39 millert
-
- * sample.sudoers: added wildcard example
-
-1996-02-05 17:03 millert
-
- * Makefile.in: now uses *.pod to build *.man and *.cat & *.html
-
-1996-02-05 17:03 millert
-
- * configure.in: addedSUDO_PROG_BSHELL !ll
-
-1996-02-05 16:10 millert
-
- * visudo.pod: fixed up some formatting
-
-1996-02-05 16:10 millert
-
- * sudoers.pod: redid section describing sample sudoers stuff
-
-1996-02-05 16:10 millert
-
- * sudo.pod: fixed some formatting
-
-1996-02-04 22:50 millert
-
- * getspwuid.c: now treats "" as bourne shell
-
-1996-02-04 22:49 millert
-
- * Makefile.in: TESTOBJS nwo includes wildmat.o
-
-1996-02-04 22:48 millert
-
- * testsudoers.c: now works with NewArg[cv]
-
-1996-02-04 21:59 millert
-
- * sudo.c: removed an XXX (fixed it in getspwuid.c)
-
-1996-02-04 21:58 millert
-
- * aclocal.m4: added check for bourne shell
-
-1996-02-04 21:58 millert
-
- * pathnames.h.in: added _PATH_BSHELL
-
-1996-02-04 21:58 millert
-
- * config.h.in: added _SUDO_PATH_BSHELL
-
-1996-02-04 16:36 millert
-
- * visudo.c: unixware vi returns 256 instead of 0
-
-1996-02-04 16:24 millert
-
- * INSTALL: added Linux note
-
-1996-02-04 16:13 millert
-
- * logging.c: fixed up some XXX's. file log format now looks a
- little more like real syslog(3) format.
-
-1996-02-04 16:13 millert
-
- * README, TROUBLESHOOTING: updated wrt lex/flex
-
-1996-02-04 16:11 millert
-
- * Makefile.in: commented out rule to build lex.yy.c from parse.lex
- since we ship with a pre-flex'd parser
-
-1996-02-04 16:09 millert
-
- * parse.c, parse.yacc, visudo.c: path_matches -> command_matches
-
-1996-02-04 02:28 millert
-
- * logging.c: eliminated some strcat()'s
-
-1996-02-04 02:10 millert
-
- * configure.in: no longer checks for lex/flex (now assumes flex)
-
-1996-02-04 02:08 millert
-
- * configure.in: now checks for $kerb_dir_candidate/krb.h instead of
- just kerb_dir_candidate
-
-1996-02-02 20:48 millert
-
- * parse.yacc: now use a 'hook' expression instead of an iffy one
- :-)
-
-1996-02-02 01:14 millert
-
- * visudo.c: now works with new sudo arg stuff
-
-1996-02-02 01:14 millert
-
- * parse.yacc: fixed dereferencing deadbeef
-
-1996-02-01 23:53 millert
-
- * sudo.c: changed an occurrence of Argv to NewArgv
-
-1996-02-01 23:53 millert
-
- * parse.lex: took out support for quoted commands since there is no
- need...
-
-1996-02-01 23:52 millert
-
- * parse.c: fixed a typo in a for() loop
-
-1996-02-01 23:52 millert
-
- * logging.c: protected against dereferencing rogue pointers
-
-1996-02-01 22:34 millert
-
- * sudo.c: now uses NewArgv amd NewArgc so cmnd_aegs is no longer
- needed this also allows us to eliminate some kludges in
- parse_args() and eliminate superfluous code.
-
-1996-02-01 22:34 millert
-
- * logging.c: no longer uses cmnd_args, now uses NewArgv instead.
-
-1996-02-01 22:32 millert
-
- * sudo.h: added struct sudo_command, NewArgc, and NewArgv removed
- cmnd_args (no longer used)
-
-1996-02-01 22:31 millert
-
- * Makefile.in: added wildmat.c to SRCS & SUDOBJS
-
-1996-02-01 22:30 millert
-
- * parse.yacc: COMMAND is now a struct containing the path and args
-
-1996-02-01 22:30 millert
-
- * parse.lex: replaced append() with fill_cmnd() and fill_args.
- command args from a sudoers entry are now stored in an arrary for
- easy matching.
-
-1996-02-01 22:28 millert
-
- * parse.c: command line args from sudoers file are now in an array
- like ones passed in from the command line
-
-1996-01-31 20:59 millert
-
- * parse.c: wildwat stuff now works
-
-1996-01-29 00:44 millert
-
- * version.h: ++version
-
-1996-01-29 00:44 millert
-
- * Makefile.in: ++version added wildmat.*
-
-1996-01-28 17:55 millert
-
- * parse.lex: added support for quoted commands (w/ or w/o args)
-
-1996-01-22 01:55 millert
-
- * sudo.pod, visudo.pod: cleaned up formatting
-
-1996-01-21 20:53 millert
-
- * sudo.pod, visudo.pod: Initial revision
-
-1996-01-21 02:07 millert
-
- * sudoers.pod: looks reasonable, could be mroe readable
-
-1996-01-20 23:47 millert
-
- * sudoers.pod: Initial revision
-
-1996-01-16 14:38 millert
-
- * RUNSON: updated
-
-1996-01-16 14:37 millert
-
- * OPTIONS: updated NO_ROOT_SUDO entry
-
-1996-01-15 11:37 millert
-
- * RUNSON: [no log message]
-
-1996-01-15 11:34 millert
-
- * sudo.c: fixed SECURE_PATH
-
-1996-01-14 20:55 millert
-
- * RUNSON: udpa`ted for 1.4
-
-1996-01-14 20:52 millert
-
- * configure.in: AIX aixcrypt.exp now uses $(srcdir)
-
-1996-01-14 20:32 millert
-
- * TROUBLESHOOTING: added entry for anal ansi compilers
-
-1996-01-14 16:13 millert
-
- * INSTALL: added info on libcrypt_i for SCO
-
-1996-01-14 16:05 millert
-
- * TODO: [no log message]
-
-1996-01-14 15:39 millert
-
- * sample.sudoers: added comments
-
-1996-01-14 15:25 millert
-
- * TODO: 1.4 release
-
-1996-01-14 15:22 millert
-
- * README, config.h.in, configure.in, CHANGES: ++version
-
-1996-01-14 15:21 millert
-
- * BUGS: ++version and fixed ISC
-
-1996-01-14 15:19 millert
-
- * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c,
- getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
- ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h,
- logging.c, putenv.c, strdup.c, sudo.c, sudo_setenv.c,
- testsudoers.c, tgetpass.c, utime.c, visudo.c, INSTALL, OPTIONS:
- ++version
-
-1996-01-14 15:16 millert
-
- * interfaces.c: added STUB_LOAD_INTERFACES ++version
-
-1996-01-14 15:14 millert
-
- * Makefile.in, version.h, parse.c, parse.lex, parse.yacc,
- emul/utime.h: ++version
-
-1996-01-14 15:13 millert
-
- * PORTING: added info about fd_set in tgetpass added info on
- interfaces.c
-
-1996-01-11 13:22 millert
-
- * dce_pwent.c: added sudo header
-
-1996-01-11 13:04 millert
-
- * tgetpass.c: fixed a typo
-
-1996-01-11 13:01 millert
-
- * Makefile.in: tgetpass.o is now only linked in with sudo (not
- visudo)
-
-1996-01-09 12:56 millert
-
- * BUGS, INSTALL, OPTIONS, README, Makefile.in, config.h.in,
- configure.in: ++version
-
-1996-01-09 12:54 millert
-
- * emul/utime.h: added copyright notice
-
-1996-01-09 12:52 millert
-
- * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, logging.c, options.h, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c: ++version
-
-1996-01-09 12:46 millert
-
- * tgetpass.c: minor cleanup and now includes sys/bsdtypes for
- svr4'ish boxen
-
-1996-01-09 12:42 millert
-
- * configure.in: ISC now gets -lcrypt now check for sys/bsdtypes.h
-
-1996-01-09 12:41 millert
-
- * config.h.in: added check for sys/bsdtypes.h
-
-1996-01-07 16:00 millert
-
- * parse.yacc: removed debugging stuff (setting freed ptr to NULL)
-
-1996-01-07 15:55 millert
-
- * TROUBLESHOOTING: added 2 entries
-
-1996-01-07 15:55 millert
-
- * Makefile.in: added FAQ
-
-1996-01-07 14:26 millert
-
- * TROUBLESHOOTING: added section on syslog
-
-1996-01-07 14:25 millert
-
- * configure.in: added AC_ISC_POSIX for better ISC support
-
-1996-01-07 14:25 millert
-
- * config.h.in: fixed typo
-
-1996-01-07 14:25 millert
-
- * config.h.in: added define for _POSIX_SOURCE
-
-1996-01-04 00:41 millert
-
- * configure.in: fixed check for lsearch()
-
-1995-12-21 21:53 millert
-
- * interfaces.c: fixed for AIX now deal if num_interfaces == 0
- (should not happen)
-
-1995-12-20 17:02 millert
-
- * configure.in: now only define HAVE_LSEARCH if there is a
- corresponding search.h
-
-1995-12-20 15:52 millert
-
- * interfaces.c: works on ISC again
-
-1995-12-18 17:36 millert
-
- * configure.in: now define HAVE_LSEARCH if we find lsearch() in
- libcompat
-
-1995-12-18 17:32 millert
-
- * lsearch.c: char * -> const char *
-
-1995-12-18 17:29 millert
-
- * configure.in: now looks in -lcompat for lsearch()
-
-1995-12-18 17:23 millert
-
- * Makefile.in: remove sudo.core visudo.core for clan target
-
-1995-12-17 22:53 millert
-
- * aclocal.m4: added UID_MAX support in check for MAX_UID_T_LEN
-
-1995-12-17 22:36 millert
-
- * Makefile.in: fixed another occurence of sudo_getpwuid.*
-
-1995-12-17 22:30 millert
-
- * getspwuid.c, Makefile.in: sudo_getpwuid.c -> getspwuid.c
-
-1995-12-17 22:22 millert
-
- * configure.in: moved the "echo"
-
-1995-12-17 22:09 millert
-
- * CHANGES, BUGS, INSTALL, Makefile.in, OPTIONS, README, check.c,
- compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
- getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
- ins_goons.h, insults.h, interfaces.c, logging.c, options.h,
- parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
- strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c,
- tgetpass.c, utime.c, version.h, visudo.c: ++version
-
-1995-12-17 22:04 millert
-
- * testsudoers.c: added group support
-
-1995-12-17 22:00 millert
-
- * sample.sudoers: added group entry
-
-1995-12-17 21:59 millert
-
- * sudoers.man: documented group support
-
-1995-12-17 21:50 millert
-
- * parse.c, parse.lex, visudo.c, parse.yacc: added group support
-
-1995-12-15 17:45 millert
-
- * check.c: tkfile was too short and overflowed the kerberos realm
-
-1995-12-11 17:09 millert
-
- * sudo.c: now copy command args directly from Argv
-
-1995-12-11 15:55 millert
-
- * sudo.c: replaced code to copy cmnd_args so that is does not use
- realloc since most realloc()'s really stink
-
-1995-12-08 14:11 millert
-
- * configure.in: syslog() fixed in hpux 10.01
-
-1995-12-06 17:45 millert
-
- * configure.in: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS
- if appropriate)
-
-1995-12-06 17:30 millert
-
- * configure.in: better error if cannot find skey incs or libs
-
-1995-12-06 17:26 millert
-
- * aclocal.m4: now use a temp file for determining max len of uid_t
- in string form. the old hacky way broke on netbsd
-
-1995-12-05 19:02 millert
-
- * sudo.c: added set of parens and a space
-
-1995-12-05 18:58 millert
-
- * dce_pwent.c: fixes from Jeff Earickson <jaearick@colby.edu> ,
-
-1995-12-05 18:58 millert
-
- * check.c: modified a comment
-
-1995-12-05 18:57 millert
-
- * Makefile.in: fixed up testsudoers target
-
-1995-12-05 18:56 millert
-
- * configure.in: DCE changes from Jeff Earickson
- <jaearick@colby.edu> LIBS -> SUDO_LIBS and VISUDO_LIBS LDFLAGS ->
- SUDO_FDFLAGS and VISUDO_LDFLAGS
-
-1995-12-05 18:17 millert
-
- * Makefile.in: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS ->
- SUDO_LDFLAGS, VISUDO_LDFLAGS
-
-1995-11-27 23:32 millert
-
- * configure.in: fix for C2 on hpux 10 now uses -linet if it exists
-
-1995-11-27 23:17 millert
-
- * check.c: LONG_SKEY_PROMPT is less of a klusge /
-
-1995-11-27 23:17 millert
-
- * configure.in: fixed typos w/ dce stuff
-
-1995-11-27 23:14 millert
-
- * Makefile.in: added dce_pwent.c
-
-1995-11-26 13:48 millert
-
- * INSTALL: amended section on combining authentication mechanisms
-
-1995-11-26 13:48 millert
-
- * PORTING: minor updates for 1.3.6
-
-1995-11-26 13:47 millert
-
- * TROUBLESHOOTING: added 2 more entries
-
-1995-11-26 13:39 millert
-
- * BUGS: updated for 1.3.6
-
-1995-11-26 13:39 millert
-
- * README: overhauled
-
-1995-11-25 21:23 millert
-
- * INSTALL: rewrote for sudo 1.3.6
-
-1995-11-25 21:23 millert
-
- * TROUBLESHOOTING: added 3 entries
-
-1995-11-25 13:53 millert
-
- * find_path.c, getspwuid.c, sudo.c: added explict casts for strdup
- since many includes don't prototype it. gag me.
-
-1995-11-25 13:23 millert
-
- * sudo.h: removed prototype for sudo_getpwuid() since convex C
- compiler choked on it.
-
-1995-11-25 13:23 millert
-
- * sudo.c: added prototype for sudo_getpwuid()
-
-1995-11-25 13:23 millert
-
- * lsearch.c: now compiles on strict ANSI compilers
-
-1995-11-24 23:56 millert
-
- * check.c: added LONG_SKEY_PROMPT support
-
-1995-11-24 23:55 millert
-
- * Makefile.in: added extra $'s for make to eat up, yum.
-
-1995-11-24 23:38 millert
-
- * OPTIONS, options.h: added LONG_SKEY_PROMPT
-
-1995-11-24 18:48 millert
-
- * check.c: s/key support now works with normal s/key as well as
- logdaemon
-
-1995-11-24 18:46 millert
-
- * options.h, OPTIONS: added SKEY_ONLY
-
-1995-11-24 18:46 millert
-
- * compat.h: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
-
-1995-11-24 00:42 millert
-
- * INSTALL: added DCE note added more AIX notes
-
-1995-11-24 00:39 millert
-
- * sudo.c: now include pthread.h for DCE support
-
-1995-11-23 22:22 millert
-
- * check.c: dce_pwent() is ok after all .,
-
-1995-11-23 22:21 millert
-
- * logging.c: now uses SYSLOG() macro that equates to either
- syslog() or syslog_wrapper
-
-1995-11-23 21:44 millert
-
- * dce_pwent.c: minor formatting changes. renamed check() to
- somthing less generic
-
-1995-11-23 21:27 millert
-
- * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
- visudo.c: now uses user_pw_ent and simple macros to get at the
- contents
-
-1995-11-22 20:35 millert
-
- * check.c: simpler dec unix C2 support
-
-1995-11-22 20:35 millert
-
- * getspwuid.c: now sets crypt_type for DEC unix C2
-
-1995-11-21 18:00 millert
-
- * configure.in: added csops paths for skey
-
-1995-11-21 16:27 millert
-
- * getspwuid.c: now includes string.h for strdup() prototype
-
-1995-11-21 01:47 millert
-
- * getspwuid.c: fixed a few typos
-
-1995-11-20 22:59 millert
-
- * check.c: now includes skey.h
-
-1995-11-20 22:10 millert
-
- * getspwuid.c: fixed up comments
-
-1995-11-20 22:04 millert
-
- * check.c: moved a lot of the shadow passwd crap to sudo_getpwuid()
-
-1995-11-20 22:01 millert
-
- * sudo.c: now uses sudo_pw_ent
-
-1995-11-20 21:50 millert
-
- * testsudoers.c: now uses sudo_pw_ent
-
-1995-11-20 21:40 millert
-
- * visudo.c: now sets sudo_pw_ent
-
-1995-11-20 21:28 millert
-
- * getspwuid.c: Initial revision
-
-1995-11-20 21:28 millert
-
- * tgetpass.c: moved dce stuff into compat.h
-
-1995-11-20 21:27 millert
-
- * sudo.h, logging.c: now uses sudo_pw_ent
-
-1995-11-20 21:27 millert
-
- * Makefile.in: added sudo_getpwuid.c
-
-1995-11-20 21:25 millert
-
- * compat.h: added dce support
-
-1995-11-20 21:13 millert
-
- * parse.yacc: now uses sudo_pw_ent
-
-1995-11-20 14:40 millert
-
- * check.c: fixed exempt_group stuff for OS's that don't put base
- gid in group vector
-
-1995-11-20 01:39 millert
-
- * check.c: S/Key support now works with sunos4 shadow passwords
-
-1995-11-19 22:31 millert
-
- * Makefile.in: fixed clean rule
-
-1995-11-19 22:31 millert
-
- * config.h.in, configure.in: added DCE support
-
-1995-11-19 22:30 millert
-
- * tgetpass.c: DCE & KERB support
-
-1995-11-19 22:30 millert
-
- * check.c: first stab at dce support
-
-1995-11-19 22:24 millert
-
- * dce_pwent.c: now smells like sudo
-
-1995-11-19 22:11 millert
-
- * dce_pwent.c: Initial revision
-
-1995-11-19 21:36 millert
-
- * check.c: skey'd sudo now works w/ normal password as well
-
-1995-11-19 18:37 millert
-
- * Makefile.in, OPTIONS, check.c, compat.h, config.h.in,
- find_path.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
- ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
- options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in,
- putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c,
- tgetpass.c, utime.c, version.h, visudo.c: updated version number
-
-1995-11-19 18:32 millert
-
- * README: updated to reflect version change
-
-1995-11-19 18:27 millert
-
- * configure.in: --with options now line up ++version
-
-1995-11-19 18:26 millert
-
- * sudo.h: removed unecesary S/Key stuff
-
-1995-11-19 18:25 millert
-
- * configure.in: fixed S/Key support
-
-1995-11-19 18:24 millert
-
- * Makefile.in: -I stuff now goes in CPPFLAGS
-
-1995-11-19 18:23 millert
-
- * check.c: fixed SKey support
-
-1995-11-19 15:23 millert
-
- * README: updated version
-
-1995-11-19 13:59 millert
-
- * OPTIONS: fixed description of EXEMPTGROUP
-
-1995-11-19 10:47 millert
-
- * sudo.c: more people use _RLD_ than just alphas...
-
-1995-11-18 21:35 millert
-
- * Makefile.in: replaced $man_prefix with $mandir
-
-1995-11-18 21:30 millert
-
- * configure.in: fixed a typo
-
-1995-11-18 21:28 millert
-
- * Makefile.in: now use more GNU'ish dir names
-
-1995-11-18 21:27 millert
-
- * configure.in: now set *dir correctly (can override from command
- line)
-
-1995-11-18 19:17 millert
-
- * sudo.c: now deal with situations where we getwd() fails
-
-1995-11-17 00:37 millert
-
- * Makefile.in: added etc_dir, bin_dir, sbin_dir
-
-1995-11-17 00:37 millert
-
- * configure.in: added sbin_dir
-
-1995-11-16 21:28 millert
-
- * Makefile.in: now ship a flex-generated lex.yy.c
-
-1995-11-16 21:09 millert
-
- * Makefile.in: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP,
- SUDOERS_OWNER
-
-1995-11-16 21:06 millert
-
- * pathnames.h.in: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now
- overridden via Makefile
-
-1995-11-16 21:05 millert
-
- * options.h: no more error for redefining SUDOERS_OWNER
-
-1995-11-16 21:05 millert
-
- * OPTIONS: expanded SUDOERS_OWNER section
-
-1995-11-16 03:05 millert
-
- * visudo.c: now warn if chown(2) failed
-
-1995-11-16 02:55 millert
-
- * logging.c: better default warning for NO_SUDOERS_FILE
-
-1995-11-16 02:54 millert
-
- * sudo.c: added missing set_perms() no more cryptic message if the
- sudoers file is zero length, now just give a parse error
-
-1995-11-16 02:42 millert
-
- * logging.c: better diagnostics if NO_SUDOERS_FILE
-
-1995-11-16 02:41 millert
-
- * sudo.c: check_sudoers() now catches sudoers files that are not
- readable (but are stat'able).
-
-1995-11-13 01:12 millert
-
- * configure.in: now add -D__STDC__ for convex cc (not gcc)
-
-1995-11-13 00:52 millert
-
- * configure.in: MAN_PREFIX -> man_prefix now sets prefix and
- exec_prefix
-
-1995-11-13 00:52 millert
-
- * Makefile.in: now uses exec_prefix & prefix from configure
-
-1995-11-13 00:16 millert
-
- * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c,
- parse.c, parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c,
- tgetpass.c, utime.c, visudo.c: options.h is now <> instead of ""
- so shadow build trees can have a custom copy of options.h
-
-1995-11-13 00:15 millert
-
- * check.c: user_is_exempt() is no longer a hack, it now uses
- getgrnam()
-
-1995-11-12 23:56 millert
-
- * options.h: EXEMPTGROUP is now "sudo"
-
-1995-11-12 22:25 millert
-
- * configure.in: MAN_POSTINSTALL now contains a leading space
-
-1995-11-12 22:25 millert
-
- * Makefile.in: removed leading tab if @MAN_POSTINSTALL@ not defined
- now removes testsudoers in clean:
-
-1995-11-12 22:24 millert
-
- * tgetpass.c: includes pwd.h to get _PASSWD_LEN definition
-
-1995-10-30 15:51 millert
-
- * sudo.c: unset the KRB_CONF envariable if using kerberos so we
- don't get spoofed into using a bogus server
-
-1995-09-29 17:50 millert
-
- * parse.yacc: now explicately initialize match[] tp be FALSE
-
-1995-09-23 16:48 millert
-
- * sudo.c: removed unused variable now passes -Wall
-
-1995-09-23 16:48 millert
-
- * parse.yacc: yyerror and dumpaliases are now void's now passes
- -Wall
-
-1995-09-23 16:48 millert
-
- * parse.lex: added prototype for yyerror
-
-1995-09-23 16:47 millert
-
- * interfaces.c: rmeoved unused cruft now passes -Wall
-
-1995-09-23 16:47 millert
-
- * check.c, logging.c, parse.c: now passes -Wall
-
-1995-09-23 16:46 millert
-
- * Makefile.in: fixed headers that moved to emul dir
-
-1995-09-23 12:05 millert
-
- * logging.c: fixed deref of nil pointer if no args
-
-1995-09-15 19:18 millert
-
- * OPTIONS: added a caveat to FQDN section
-
-1995-09-13 19:48 millert
-
- * Makefile.in: more $srcdir support for install targets
-
-1995-09-13 17:17 millert
-
- * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc,
- putenv.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c,
- visudo.c: don't include malloc.h if we include stdlib.h
-
-1995-09-12 21:44 millert
-
- * parse.yacc: local search.h now lives in emul
-
-1995-09-12 21:41 millert
-
- * lsearch.c: local search.h now lives in emul
-
-1995-09-12 21:41 millert
-
- * check.c, utime.c: local utime.h now lives in emul dir
-
-1995-09-12 21:38 millert
-
- * Makefile.in: added support for building in other than the
- sourcedir
-
-1995-09-10 14:01 millert
-
- * OPTIONS: annotated CSOPS_INSULTS option
-
-1995-09-10 13:56 millert
-
- * TROUBLESHOOTING: updated shadow passwords blurb
-
-1995-09-09 21:00 millert
-
- * sudo.c: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a
- shell and passes along foo as the arguments
-
-1995-09-09 18:52 millert
-
- * parse.lex: collapsed pathname and dir sections into one -- its
- now less expensive
-
-1995-09-09 18:34 millert
-
- * parse.lex: fixed spacing quoting [,:\\=] now works correctly
- append() and fill() now take args to make the above work
-
-1995-09-08 20:51 millert
-
- * sudo.c: fixed a typo that caused commands with no tty on fd 0 but
- a tty on fd 1 to erroneously have "none" as their tty
-
-1995-09-04 15:35 millert
-
- * check.c: timestampfile is now a global static removed decl of
- timestampfile in remove_timestamp since we can just use the
- global one
-
-1995-09-04 15:28 millert
-
- * check.c: created touch() to update timestamps added
- USE_TTY_TICKETS support (bit of a kludge)
-
-1995-09-04 15:28 millert
-
- * compat.h: added _S_IFDIR and S_ISDIR
-
-1995-09-04 15:22 millert
-
- * OPTIONS, options.h: added USE_TTY_TICKETS
-
-1995-09-04 00:38 millert
-
- * parse.yacc: removed const from casts for lsearch() & lfind() to
- placate irix 4.x C compiler
-
-1995-09-03 14:12 millert
-
- * sudo.c: now only strip '/dev/' off of a tty if it starts with
- '/dev/'
-
-1995-09-03 14:12 millert
-
- * pathnames.h.in: added _PATH_DEV
-
-1995-09-03 14:11 millert
-
- * configure.in: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for
- tcgetattr only if have termios.h
-
-1995-09-03 14:09 millert
-
- * tgetpass.c: fixed incorrect #ifdef termio uses "unsigned short"
- not int for c_?flag
-
-1995-09-03 13:19 millert
-
- * parse.lex, parse.yacc: fixed a spelling error
-
-1995-09-03 13:17 millert
-
- * Makefile.in: fixed typo
-
-1995-09-02 12:55 millert
-
- * Makefile.in: fixed a comment
-
-1995-09-02 12:54 millert
-
- * parse.yacc: added dotcat() to cat 2 strings w/ a dot effeciently
- now that we dynamically allocate strings they need to be free()'d
-
-1995-09-02 12:46 millert
-
- * parse.lex: dynamically allocates space for strings
-
-1995-09-02 12:34 millert
-
- * sudo.h: no more MAXCOMMANDLENGTH
-
-1995-09-01 22:25 millert
-
- * sudo.h: added decl of tty
-
-1995-09-01 22:25 millert
-
- * logging.c, sudo.c: moved tty stuff into sudo.c
-
-1995-09-01 14:18 millert
-
- * parse.c: fixed a logic bug. Was denying a command if user gave
- command line args but there were none in the sudoers file which
- is wrong.
-
-1995-09-01 01:18 millert
-
- * sudo.h: MAXCOMMMANDLEN dropped down to 1K
-
-1995-09-01 01:13 millert
-
- * parse.lex: return foo; -> return(foo);
-
-1995-09-01 01:03 millert
-
- * parse.yacc: fixed netgr_matches() prototype
-
-1995-09-01 01:02 millert
-
- * parse.lex: added support for escaping "termination" characters
-
-1995-09-01 00:55 millert
-
- * parse.c: buf is now of size MAXPATHLEN+1 since it never holds
- command args
-
-1995-09-01 00:50 millert
-
- * sudo.c: fixed comments
-
-1995-09-01 00:49 millert
-
- * goodpath.c: fixed negation problem (doh!)
-
-1995-09-01 00:25 millert
-
- * parse.yacc: fixed 2nd parameter to lfind()
-
-1995-09-01 00:24 millert
-
- * parse.lex: now do bounds checking in fill() and append()
-
-1995-09-01 00:23 millert
-
- * sudo.c: include netdb.h as we should added a missing void cast
- added SHELL_IF_NO_ARGS support now use realloc() properly. would
- fail if realloc actually moved the string instead of shrinking it
-
-1995-09-01 00:17 millert
-
- * sample.sudoers: updated with examples of new features
-
-1995-09-01 00:05 millert
-
- * goodpath.c: now set errno to EACCES if not a regular file or not
- executable
-
-1995-09-01 00:04 millert
-
- * find_path.c: if given a fully-qualified or relative path we now
- check it with sudo_goodpath() and error out with the appropriate
- error message if the file does not exist or is not executable
-
-1995-09-01 00:03 millert
-
- * lsearch.c, emul/search.h: now use correct args for lfind
-
-1995-09-01 00:03 millert
-
- * logging.c: added a comment
-
-1995-08-31 23:52 millert
-
- * insults.h: added in CSOps insults
-
-1995-08-31 23:51 millert
-
- * ins_csops.h: Initial revision
-
-1995-08-31 23:35 millert
-
- * tgetpass.c: added RCS id
-
-1995-08-31 22:56 millert
-
- * sudo.h: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD ->
- HAVE_GETWD
-
-1995-08-31 22:55 millert
-
- * OPTIONS: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
-
-1995-08-31 22:54 millert
-
- * sudo.c: fixed -k load_interfaces() now gets called if FQDN is set
- -p now works with -s
-
-1995-08-31 22:54 millert
-
- * parse.c: don't try to stat() "pseudo commands" like "validate"
-
-1995-08-31 22:53 millert
-
- * options.h: added CLASSIC_INSULTS added CSOPS_INSULTS added
- SHELL_IF_NO_ARGS
-
-1995-08-31 22:53 millert
-
- * configure.in: added SecurID support added other insults to
- --with-csops
-
-1995-08-31 22:52 millert
-
- * config.h.in: added HAVE_SECURID
-
-1995-08-31 22:52 millert
-
- * Makefile.in: added clobber target added ins_csops.h now gets
- CFLAGS from configure
-
-1995-08-31 22:46 millert
-
- * aclocal.m4: relaxed SUDO_FULL_VOID
-
-1995-08-31 22:44 millert
-
- * visudo.c: function comment blocks are now in same style as rest
- of code
-
-1995-08-31 22:44 millert
-
- * testsudoers.c: added support for command line args in
- /etc/sudoers
-
-1995-08-31 22:43 millert
-
- * sudoers.man: updated to have command args in the sudoers file
-
-1995-08-31 22:42 millert
-
- * sudo.man: added -s and -- flags added SHELL to ENVIRONMENT
- VARIABLES section
-
-1995-08-19 19:32 millert
-
- * parse.yacc: PATH renamed to COMMAND
-
-1995-08-19 19:31 millert
-
- * parse.lex: it is now a parse error for directories to have args
- attached to them
-
-1995-08-19 19:30 millert
-
- * logging.c: now say command args if telling user to buzz off
-
-1995-08-19 19:30 millert
-
- * sudo.c: -s no longer indicates end of args sped up loading on
- cmnd_args in load_cmnd()
-
-1995-08-19 19:29 millert
-
- * parse.c: removed an unreachable statement
-
-1995-08-19 17:53 millert
-
- * parse.lex: made more efficient by pulling out the terminators
- when in GOTCMND state and making them their own rule
-
-1995-08-14 00:07 millert
-
- * sudo.h: removed MAXLOGLEN since it is no longer used
-
-1995-08-14 00:07 millert
-
- * parse.lex: now allows command args
-
-1995-08-14 00:06 millert
-
- * parse.c: now groks command arguments
-
-1995-08-13 23:39 millert
-
- * logging.c: now sets tty correctly when piped input
-
-1995-08-13 23:35 millert
-
- * sudo.c: fixed loading of cmnd_args (was including command name
- too)
-
-1995-08-13 23:34 millert
-
- * logging.c: fixed a core dump due to incorrect if construct
-
-1995-08-13 00:33 millert
-
- * configure.in: only add -lsun is irix < 5 don't look for -lnsl or
- -lsocket if irix
-
-1995-08-13 00:33 millert
-
- * aclocal.m4: fixed check for ISC
-
-1995-08-13 00:32 millert
-
- * sudo.c: now sets cmnd_args used by log_error() and that will be
- used by the parse to check against command args
-
-1995-08-13 00:32 millert
-
- * sudo.h: added cmnd_args
-
-1995-08-13 00:31 millert
-
- * logging.c: now dynamically allocate logline since we can guess at
- its size
-
-1995-08-05 13:52 millert
-
- * logging.c: cleaned up a bunch of unnecesary #ifdef's eliminated a
- buffer remove "register" since the compiler knows more than I do
- now do a "basename" of the tty
-
-1995-07-31 18:20 millert
-
- * configure.in: ++version
-
-1995-07-30 22:37 millert
-
- * sudo.h: added shell extern changed MODE_* to be bit masks to
- allow for several options together
-
-1995-07-30 22:36 millert
-
- * sudo.c: added -s (shell) option made MODE_* masks so we can do
- bitwise & and | to see if multiple flags are set.
-
-1995-07-30 22:01 millert
-
- * check.c: added securid support
-
-1995-07-30 14:38 millert
-
- * logging.c: removed a bunch of unnecesary strncpy()'s and replaced
- with strcat()
-
-1995-07-29 17:17 millert
-
- * Makefile.in, version.h: ++version
-
-1995-07-27 06:52 millert
-
- * parse.yacc: fixed free() of an uninitialized pointer (yuck)
-
-1995-07-26 22:00 millert
-
- * testsudoers.c: added netgr_matches
-
-1995-07-26 21:29 millert
-
- * parse.c: cleaned up netgr_matches
-
-1995-07-26 00:26 millert
-
- * RUNSON: updated for 1.3.4
-
-1995-07-24 21:51 millert
-
- * Makefile.in: now installs sudoers.man -- really should clean this
- up though.
-
-1995-07-24 21:18 millert
-
- * Makefile.in: added sudoers.cat and sudoers.man
-
-1995-07-24 21:15 millert
-
- * sudo.man: pulled out stuff on the sudoers file format into a
- separate man page
-
-1995-07-24 21:14 millert
-
- * sudoers.man: Initial revision
-
-1995-07-24 21:04 millert
-
- * HISTORY: fixed up my email address
-
-1995-07-24 20:03 millert
-
- * configure.in: added checks for innetgr and getdomainname
-
-1995-07-24 20:02 millert
-
- * visudo.c: added dummy netgr_matches function
-
-1995-07-24 20:01 millert
-
- * parse.c: added netgr_matches
-
-1995-07-24 20:01 millert
-
- * parse.lex, parse.yacc: added NETGROUP support
-
-1995-07-24 20:01 millert
-
- * config.h.in: added HAVE_INNETGR & HAVE_GETDOMAINNAME
-
-1995-07-24 18:07 millert
-
- * sudo.c: rewrote clean_env() that has rm_env() builtin
-
-1995-07-23 19:58 millert
-
- * check.c: now cast uid to long in sprintf
-
-1995-07-23 19:58 millert
-
- * OPTIONS: added _INSULTS suffix to HAL & GOONS end
-
-1995-07-23 19:57 millert
-
- * options.h: added _INSULTS suffix to HAL & GOONS
-
-1995-07-23 19:35 millert
-
- * ins_2001.h, ins_classic.h, ins_goons.h, insults.h: converted to
- new scheme of insult "unions" end
-
-1995-07-23 17:48 millert
-
- * sudo.c: now uses MAX_UID_T_LEN
-
-1995-07-23 17:48 millert
-
- * configure.in: added SUDO_UID_T_LEN !l
-
-1995-07-23 17:48 millert
-
- * config.h.in: added MAX_UID_T_LEN
-
-1995-07-23 17:47 millert
-
- * check.c: now use MAX_UID_T_LEN
-
-1995-07-23 17:47 millert
-
- * aclocal.m4: added check for max len of uid_t fixed sco vs. isc
- check
-
-1995-07-19 19:05 millert
-
- * configure.in: corrected version
-
-1995-07-19 17:29 millert
-
- * configure.in: added sco support
-
-1995-07-19 17:29 millert
-
- * aclocal.m4: hack to check for sco
-
-1995-07-18 21:27 millert
-
- * interfaces.c: removed #include <net/route.h> since it was hosing
- some OS's
-
-1995-07-18 13:35 millert
-
- * find_path.c: fixed prreadlink() prototype
-
-1995-07-17 23:54 millert
-
- * check.c: added parens in #if's
-
-1995-07-17 23:53 millert
-
- * configure.in: added SPW_ prefix
-
-1995-07-17 23:20 millert
-
- * sudo.h: moved SPW_* to config.h.in
-
-1995-07-17 23:19 millert
-
- * sudo.c: added a set of parens
-
-1995-07-17 23:19 millert
-
- * config.h.in: added SPW_*
-
-1995-07-17 22:50 millert
-
- * sudo.h: added SPW_* reordered error codes
-
-1995-07-17 22:49 millert
-
- * check.c: moved SPW_* to sudo.h
-
-1995-07-17 14:29 millert
-
- * logging.c: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
-
-1995-07-17 14:29 millert
-
- * configure.in: AUTH -> SECUREWARE
-
-1995-07-17 14:29 millert
-
- * check.c, sudo.c: SPW_AUTH -> SPW_SECUREWARE
-
-1995-07-17 00:22 millert
-
- * check.c: now uses SHADOW_TYPE to make shadow pw support more
- readable and modular. It's a start...
-
-1995-07-17 00:21 millert
-
- * configure.in: added autodetection of shadow passwords
-
-1995-07-17 00:20 millert
-
- * sudo.c: now uses SHADOW_TYPE define
-
-1995-07-17 00:19 millert
-
- * config.h.in: added SHADOW_TYPE which replaces SUNOS4 & __svr4__
- defines
-
-1995-07-17 00:19 millert
-
- * aclocal.m4: added SUDO_CHECK_SHADOW
-
-1995-07-12 17:09 millert
-
- * configure.in: define SVR4 for ISC define BROKEN_SYSLOG for hpux
- took out test for memmove() since we dno longer use it...
-
-1995-07-12 17:08 millert
-
- * CHANGES: updated
-
-1995-07-12 17:05 millert
-
- * logging.c: added BROKEN_SYSLOG support
-
-1995-07-12 17:05 millert
-
- * config.h.in: added BROKEN_SYSLOG
-
-1995-07-12 17:04 millert
-
- * check.c: now only bitch it timestamp > time_now + 2 * timeout to
- allow for a machine udpating its time from a server
-
-1995-07-12 17:04 millert
-
- * sudo.man: added 2 security notes updated Nieusma's email addr
-
-1995-07-12 14:18 millert
-
- * lsearch.c: changed a memmove() to memcpy() since we don't have to
- worry about overlapping segments.
-
-1995-07-11 15:41 millert
-
- * interfaces.c: cleanup up the loop when interfaces are groped in
- so that it is readable
-
-1995-07-11 14:52 millert
-
- * Makefile.in, version.h: ++version
-
-1995-07-09 18:17 millert
-
- * CHANGES: annotated 124-126
-
-1995-07-07 16:06 millert
-
- * check.c: fixed permissions check on /tmp/.odus
-
-1995-07-06 19:35 millert
-
- * check.c: fixed some comments
-
-1995-07-06 14:49 millert
-
- * check.c: now checks owner & mode of timedir also checks for bogus
- dates on timestamp file
-
-1995-07-06 14:49 millert
-
- * OPTIONS: updated TIMEOUT info
-
-1995-07-06 14:48 millert
-
- * logging.c, sudo.h: added BAD_STAMPDIR and BAD_STAMPFILE
-
-1995-07-06 14:47 millert
-
- * compat.h: added definition of S_IRWXU
-
-1995-07-06 14:47 millert
-
- * CHANGES: updated
-
-1995-07-03 14:16 millert
-
- * interfaces.c: added #ifdef to make it compile on strange arches
-
-1995-07-02 18:13 millert
-
- * aclocal.m4: fixed check for fulkl void impl.
-
-1995-07-02 09:56 millert
-
- * check.c: added mssing "static"
-
-1995-07-01 20:41 millert
-
- * insults.h: replaced #elif with #else #if constructs for ancient C
- compilers
-
-1995-07-01 20:18 millert
-
- * INSTALL: updated irix c2 & kerb5 info
-
-1995-07-01 20:15 millert
-
- * configure.in: added shadow pw support for irix
-
-1995-07-01 16:07 millert
-
- * CHANGES: last changes for sudo 1.3.3
-
-1995-07-01 16:07 millert
-
- * TODO, BUGS: updated
-
-1995-07-01 16:04 millert
-
- * configure.in: now calls SUDO_SOCK_SA_LEN
-
-1995-07-01 16:04 millert
-
- * config.h.in: added HAVE_SA_LEN
-
-1995-07-01 16:04 millert
-
- * aclocal.m4: added SUDO_SOCK_SA_LEN
-
-1995-07-01 15:49 millert
-
- * interfaces.c: now works with ip implementations that use sa_len
- in sockaddr
-
-1995-07-01 14:26 millert
-
- * INSTALL: added note about buggy AIX compiler
-
-1995-07-01 14:24 millert
-
- * interfaces.c: now include sys/time.h for AIX
-
-1995-06-27 22:35 millert
-
- * Makefile.in: getcwd -> getwd
-
-1995-06-27 21:28 millert
-
- * interfaces.c: now works for ISC and others. yay.
-
-1995-06-26 14:24 millert
-
- * Makefile.in, version.h: version++
-
-1995-06-22 20:26 millert
-
- * aclocal.m4: fixed test for full void impl
-
-1995-06-22 20:25 millert
-
- * sudo.c: now check to see that st_dev is non-zero before assuming
- that we are being spoofed
-
-1995-06-20 16:56 millert
-
- * aclocal.m4, configure.in: SUDO_FUNC_UTIME_NULL ->
- AC_FUNC_UTIME_NULL
-
-1995-06-19 16:32 millert
-
- * aclocal.m4: fixed include file order for SUDO_FUNC_UTIME_POSIX
-
-1995-06-19 16:10 millert
-
- * logging.c: added cast for ttyname()
-
-1995-06-19 15:23 millert
-
- * configure.in: fixed typo
-
-1995-06-19 15:19 millert
-
- * check.c: now deal correctly with all known variation of utime()
- -- yippe
-
-1995-06-19 15:19 millert
-
- * configure.in: added SUDO_FUNC_UTIME_POSIX
-
-1995-06-19 15:19 millert
-
- * aclocal.m4: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
-
-1995-06-19 15:14 millert
-
- * config.h.in: added HAVE_UTIME_POSIX
-
-1995-06-19 13:38 millert
-
- * check.c: fixed a typo
-
-1995-06-19 13:29 millert
-
- * check.c: no longer assume !HAVE_UTIME_NULL means old BSD utime()
-
-1995-06-19 13:20 millert
-
- * check.c: fixed fascist C compiler warning
-
-1995-06-18 23:14 millert
-
- * interfaces.c: now set strioctl.ic_timout in STRSET() now
- initialize num_interfaces to 0 (just to be anal)
-
-1995-06-18 18:06 millert
-
- * sudo.h: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
-
-1995-06-18 18:05 millert
-
- * logging.c: added tty logging
-
-1995-06-18 16:04 millert
-
- * interfaces.c: reworked the ISC code
-
-1995-06-18 15:27 millert
-
- * Makefile.in, version.h: updated version
-
-1995-06-18 15:24 millert
-
- * check.c: now expect old-style utime(3) if utime() can't take NULL
- as an arg
-
-1995-06-18 15:08 millert
-
- * configure.in: added check for utime.h
-
-1995-06-18 15:08 millert
-
- * config.h.in: added HAVE_UTIME_H
-
-1995-06-18 14:48 millert
-
- * Makefile.in: added CPPFLAGS STATIC_FLAGS -> LDFLAGS
-
-1995-06-18 13:58 millert
-
- * configure.in: now search for kerb libs and includes
-
-1995-06-18 13:03 millert
-
- * check.c: added support for utime(2)'s that can't take a NULL
- parameter
-
-1995-06-18 13:03 millert
-
- * utime.c: moved HAVE_UTIME_NULL stuff to update_timestamp() where
- t belongs
-
-1995-06-17 20:46 millert
-
- * configure.in: added utime(s) stuff
-
-1995-06-17 20:46 millert
-
- * check.c: now use utime()
-
-1995-06-17 20:46 millert
-
- * config.h.in: added HAVE_UTIME and HAVE_UTIME_NULL
-
-1995-06-17 19:12 millert
-
- * utime.c: now use HAVE_UTIME_NULL
-
-1995-06-17 19:02 millert
-
- * utime.c, emul/utime.h: Initial revision
-
-1995-06-17 18:24 millert
-
- * check.c: need to setuid(0) to make kerb4 stuff work.
-
-1995-06-17 18:14 millert
-
- * tgetpass.c: no more special case for kerberos
-
-1995-06-17 18:13 millert
-
- * config.h.in: took out setreuid and setresuid stuff added kerb5
- stuff (use kerb4 emulation)
-
-1995-06-17 18:13 millert
-
- * compat.h: no longer need setreuid() emulation now set _PASSWD_LEN
- to 128 if kerberos
-
-1995-06-17 18:12 millert
-
- * check.c: now use private ticket file for kerberos support to
- avoid trouncing on system one
-
-1995-06-15 00:48 millert
-
- * sudo.h: added SPOOF_ATTEMPT & cmnd_st
-
-1995-06-15 00:47 millert
-
- * sudo.c: added anti-spoofing support
-
-1995-06-15 00:47 millert
-
- * parse.c: now use global cmnd_st
-
-1995-06-15 00:47 millert
-
- * logging.c: added SPOOF_ATTEMPT suypport
-
-1995-06-14 23:41 millert
-
- * testsudoers.c, visudo.c: added void casts where appropriate
-
-1995-06-14 23:40 millert
-
- * parse.yacc: fixed up spacing and added void casts where
- appropriate
-
-1995-06-14 23:27 millert
-
- * sudo.c: fixed problem with "-p prompt" but no args
-
-1995-06-14 04:43 millert
-
- * sudo.man: added BUGS and annotated -l description
-
-1995-06-14 04:43 millert
-
- * sudo.h: validate() now takes a flag
-
-1995-06-14 04:43 millert
-
- * sudo.c: validate() now takes a flag added -l
-
-1995-06-14 04:42 millert
-
- * parse.yacc: added support for -l
-
-1995-06-14 04:41 millert
-
- * parse.c: validate() now takes a flag that says whether or not to
- check the command
-
-1995-06-07 21:36 millert
-
- * logging.c: now deals with Argv == 1
-
-1995-06-07 21:34 millert
-
- * sudo.man: added -p option
-
-1995-06-07 21:27 millert
-
- * sudo.c: added prompt support reworked parse_args()
-
-1995-06-07 20:49 millert
-
- * sudo.h: added prompt
-
-1995-06-07 20:49 millert
-
- * options.h: added PASSPROMPT
-
-1995-06-07 20:48 millert
-
- * check.c: now use BUFSIZ as length of kerb password added kpass so
- pass is always a char * now use prompt global when asking for a
- password
-
-1995-06-07 20:47 millert
-
- * tgetpass.c: now use BUFSIZ as _PASSWD_LEN if using kerberos
-
-1995-06-07 20:43 millert
-
- * OPTIONS: added PASSPROMPT
-
-1995-06-07 01:44 millert
-
- * configure.in: only look for -lufc or -lcrypt if crypt() not in
- libc
-
-1995-06-07 01:43 millert
-
- * check.c: don't exit on kerb error, just warn if k_errno ==
- KDC_PR_UNKNOWN (unknown user) silently fail
-
-1995-06-06 22:44 millert
-
- * INSTALL: added kerb4 note
-
-1995-06-06 22:43 millert
-
- * tgetpass.c: HAVE_KERBEROS -> HAVE_KERB4
-
-1995-06-06 22:41 millert
-
- * check.c: removed debugging printf
-
-1995-06-06 22:33 millert
-
- * configure.in: KERBEROS -> KERB4 added checks for setreuid &
- setresuid
-
-1995-06-06 22:32 millert
-
- * config.h.in: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and
- HAVE_SETRESUID
-
-1995-06-06 22:32 millert
-
- * compat.h: added deif of UID_NO_CHANGE & GID_NO_CHANGE added
- setreuid emulation with setresuid if applic
-
-1995-06-06 22:31 millert
-
- * check.c: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid
- chown() hack if no setreuid() or a broken one
-
-1995-06-05 23:44 millert
-
- * config.h.in: added HAVE_KERBEROS
-
-1995-06-05 23:43 millert
-
- * tgetpass.c: added KERBEROS support (long passwords)
-
-1995-06-05 23:42 millert
-
- * check.c, configure.in: added kerberos support
-
-1995-06-03 19:36 millert
-
- * sudo.h: added MODE_BACKGROUND
-
-1995-06-03 19:36 millert
-
- * sudo.man: escaped dashes added -b option
-
-1995-06-03 19:34 millert
-
- * sudo.c: added -b option
-
-1995-06-03 18:52 millert
-
- * check.c: added crypt() for osf/1 3.x enhanced secuiry
-
-1995-06-03 18:18 millert
-
- * configure.in: now check for -lcrypt
-
-1995-06-03 18:00 millert
-
- * interfaces.c: added ENXIO like EADDRNOTAVAIL
-
-1995-05-07 23:14 millert
-
- * configure.in: now emulate getwd(), not getcwd()
-
-1995-05-07 23:13 millert
-
- * sudo.c: getcwd() -> getwd()
-
-1995-05-07 23:12 millert
-
- * getwd.c: getcwd -> getwd
-
-1995-05-02 01:34 millert
-
- * ins_2001.h, ins_classic.h, ins_goons.h: Initial revision
-
-1995-05-02 01:34 millert
-
- * insults.h: broke out insults into separate include files
-
-1995-05-02 01:32 millert
-
- * options.h, OPTIONS: added GOONS
-
-1995-05-02 01:32 millert
-
- * Makefile.in: added ins_2001.h ins_classic.h ins_goons.h
-
-1995-05-01 23:34 millert
-
- * Makefile.in, version.h: ++version
-
-1995-05-01 23:34 millert
-
- * visudo.c: moved signal handler setup to setup_signals()
-
-1995-05-01 23:33 millert
-
- * sudo.h: added load_interfaces()
-
-1995-05-01 23:33 millert
-
- * sudo.c: moved load_interfaces to interfaces.c
-
-1995-05-01 23:33 millert
-
- * parse.yacc: added clearaliases
-
-1995-05-01 23:33 millert
-
- * OPTIONS, options.h: added FAST_MATCH
-
-1995-05-01 23:32 millert
-
- * parse.lex: now uses clearaliases variable
-
-1995-05-01 23:31 millert
-
- * interfaces.c: Initial revision
-
-1995-05-01 23:31 millert
-
- * Makefile.in: added interfaces.[co]
-
-1995-05-01 23:30 millert
-
- * testsudoers.c: now uses ip addrs and netmasks via
- load_interfaces()
-
-1995-05-01 22:47 millert
-
- * sudo.c: now remove IFS instead of setting to "sane" value
-
-1995-05-01 16:30 millert
-
- * parse.c: added FAST_MATCH
-
-1995-04-29 20:19 millert
-
- * Makefile.in: sudo_goodpath.c-> goodpath.c
-
-1995-04-29 20:15 millert
-
- * sudo.c: added Andy's new ISC changes
-
-1995-04-14 14:06 millert
-
- * OPTIONS: added a sentence to SECURE_PATH info
-
-1995-04-14 13:57 millert
-
- * BUGS: added one
-
-1995-04-14 13:54 millert
-
- * RUNSON, CHANGES: updated
-
-1995-04-13 17:04 millert
-
- * RUNSON: updated for beta3
-
-1995-04-13 14:32 millert
-
- * Makefile.in, version.h: ++version
-
-1995-04-13 13:56 millert
-
- * aclocal.m4: sendmail is now looked for in \17/usr/ucblib
-
-1995-04-13 13:54 millert
-
- * sudo.c: fixed indentation
-
-1995-04-13 13:35 millert
-
- * aclocal.m4: fixed a typo
-
-1995-04-13 13:19 millert
-
- * sudo.c: updated ISC mods
-
-1995-04-13 13:19 millert
-
- * configure.in: added unixware case
-
-1995-04-13 13:19 millert
-
- * check.c: user_is_exempt is no longer hidden
-
-1995-04-13 13:19 millert
-
- * RUNSON: updated
-
-1995-04-13 13:19 millert
-
- * aclocal.m4: isc and riscos changes
-
-1995-04-13 13:18 millert
-
- * OPTIONS: added NOTE about new interaction of EXEMPTGROUP and
- SECURE_PATH
-
-1995-04-13 13:18 millert
-
- * Makefile.in: fixed a typo and added testsudoers stuff
-
-1995-04-13 12:34 millert
-
- * testsudoers.c: Initial revision
-
-1995-04-12 19:31 millert
-
- * parse.yacc: applied fixed patch from Chris
-
-1995-04-11 14:30 millert
-
- * Makefile.in: fixed a typo
-
-1995-04-11 14:14 millert
-
- * parse.yacc: added a set of braces for bison
-
-1995-04-11 14:01 millert
-
- * parse.yacc: merged in Chris' changes to dekludge the parser.
-
-1995-04-11 00:38 millert
-
- * logging.c: send_mail() was calling find_path() which is wrong
- since find_path() stores cmnd in a static var. Anyhow, it
- doesn't make much sense since MAILER should always be fully
- qualified
-
-1995-04-10 19:51 millert
-
- * sample.sudoers: added User_Alias stuff
-
-1995-04-10 19:50 millert
-
- * aclocal.m4: SUDO_NEXT now looks for
- /usr/lib/NextStep/software_version
-
-1995-04-10 19:50 millert
-
- * RUNSON: added DEC UNIX 3.0 w/ gcc
-
-1995-04-10 19:49 millert
-
- * visudo.c: Exit was being used in places where exit should be used
-
-1995-04-10 19:44 millert
-
- * sudoers: added "User alias specification"
-
-1995-04-10 18:04 millert
-
- * parse.yacc: fixed probs caused by making nslots and naliases a
- size_t
-
-1995-04-10 15:09 millert
-
- * RUNSON: added KSR, upped rev to 1.3.1b2
-
-1995-04-10 15:07 millert
-
- * logging.c, parse.yacc: 1024 -> BUFSIZ
-
-1995-04-10 15:05 millert
-
- * parse.yacc: void * -> VOID * naliases and nslots are now size_t
- to appease lsearch on 64-bit machines
-
-1995-04-09 19:30 millert
-
- * TODO: did a bunch of things and added a bunch :-)
-
-1995-04-09 19:30 millert
-
- * PORTING: updated
-
-1995-04-09 19:24 millert
-
- * visudo.man: closer to BSD manpage style
-
-1995-04-09 19:15 millert
-
- * sudo.man: closer to standard BSD man format
-
-1995-04-09 18:58 millert
-
- * compat.h, config.h.in, insults.h, options.h, pathnames.h.in,
- sudo.h, version.h, emul/search.h: added RCS id
-
-1995-04-09 17:35 millert
-
- * sudo.h: removed crufty #defines that are no longer used
-
-1995-04-09 17:13 millert
-
- * BUGS: fixed a bug
-
-1995-04-09 17:12 millert
-
- * sudo.man: updated based on sudo changes
-
-1995-04-09 17:11 millert
-
- * parse.yacc: now allow ALL keyword in User_Aliases now allow ALL
- keyword as well as a NAME or ALIAS
-
-1995-04-09 17:11 millert
-
- * CHANGES: updated
-
-1995-04-09 17:04 millert
-
- * sudo.c: now sets SUDO_COMMAND and SUDO_GID envariables.
-
-1995-04-09 15:24 millert
-
- * aclocal.m4: fixed bug with full void impl check
-
-1995-04-08 23:11 millert
-
- * parse.yacc: fixed User_Alias supoprt
-
-1995-04-08 22:27 millert
-
- * parse.yacc: added stubs for User_Alias support
-
-1995-04-08 22:27 millert
-
- * sudo.c: now sets removes # bogus interfaces from num_interfaces
-
-1995-04-08 22:26 millert
-
- * parse.lex: added User_Alias support
-
-1995-04-07 21:10 millert
-
- * Makefile.in: removed extraneous TODO
-
-1995-04-07 19:48 millert
-
- * visudo.c: ntwk_matches -> addr_matches
-
-1995-04-07 15:38 millert
-
- * parse.yacc: ntwk_matches -> addr_matches
-
-1995-04-07 15:37 millert
-
- * parse.c: ntwk_matches -> addr_matches now use inet_addr() not
- inet_network() (which expects octet boundaries) fixes for OSF
- (sizeof(int) != sizeof(long))
-
-1995-04-07 15:08 millert
-
- * sudo.c: took out debugging info
-
-1995-04-06 23:45 millert
-
- * aclocal.m4: OS was being set to unknown before non-uname based
- host checks. This caused no checks to happen since $OS was not
- zero-length.
-
-1995-04-06 23:30 millert
-
- * sudo.c: fixed loading of interfaces struct still has debugging
- info in though
-
-1995-04-06 22:23 millert
-
- * parse.c: fixed typo
-
-1995-04-06 16:17 millert
-
- * Makefile.in: ++version
-
-1995-04-06 16:16 millert
-
- * version.h: ++
-
-1995-04-06 16:16 millert
-
- * visudo.c: removed extraneous extern decl of "top
-
-1995-04-06 16:14 millert
-
- * visudo.c: now zeros "top"
-
-1995-04-06 16:13 millert
-
- * parse.yacc: removed parser_cleanup (no need for it now)
-
-1995-04-06 16:13 millert
-
- * parse.lex: now calls reset_aliases() directly
-
-1995-04-04 18:21 millert
-
- * OPTIONS: added a sentence to SECURE_PATH description
-
-1995-04-04 18:17 millert
-
- * parse.c: fixed my stupid bug where I used NAMLEN on something I
- wanted to just get the name from. argh.
-
-1995-04-03 16:58 millert
-
- * lsearch.c: fixed argument order of memmove() that i hosed when
- converting from bcopy(). arghh.
-
-1995-04-03 15:33 millert
-
- * Makefile.in: finally fixed DISTFILES line
-
-1995-04-03 15:21 millert
-
- * Makefile.in: tabs -> spaces
-
-1995-04-03 15:15 millert
-
- * Makefile.in: added missing files to DISTFILES
-
-1995-04-03 14:50 millert
-
- * Makefile.in: SUPPORTED -> RUNSON
-
-1995-04-01 03:12 millert
-
- * TODO: updated
-
-1995-04-01 01:54 millert
-
- * RUNSON: updated for pl5b1 release
-
-1995-04-01 01:53 millert
-
- * BUGS, TODO: updated
-
-1995-04-01 01:52 millert
-
- * check.c: fixed bug where if you hit return at first sudo prompt
- it would still log as a failure
-
-1995-04-01 01:29 millert
-
- * CHANGES: updated
-
-1995-04-01 01:25 millert
-
- * aclocal.m4: better test for bogus void * implementation
-
-1995-03-31 20:33 millert
-
- * logging.c: added PASSWORDS_NOT_CORRECT
-
-1995-03-31 20:32 millert
-
- * check.c: added PASSWORDS_NOT_CORRECT stuff]
-
-1995-03-31 20:30 millert
-
- * sudo.h: added PASSWORDS_NOT_CORRECT
-
-1995-03-31 19:16 millert
-
- * tgetpass.c: moved pathnames.h
-
-1995-03-31 19:16 millert
-
- * sudo.c: removed some unused vars and fixed up uid2str
-
-1995-03-31 19:15 millert
-
- * putenv.c: moved compat.h
-
-1995-03-31 19:14 millert
-
- * getcwd.c, getwd.c: added pathnames.h
-
-1995-03-31 18:18 millert
-
- * parse.yacc: fixed a typo I introduced in the last checkin :-(
-
-1995-03-31 18:11 millert
-
- * parse.lex: can't have #ifdef's where N is defined so just do this
- the broken way for AIX
-
-1995-03-31 18:08 millert
-
- * parse.yacc: better hack from Chris (but still a hack)
-
-1995-03-31 18:05 millert
-
- * parse.lex: stupid hack for broken aix lex
-
-1995-03-31 17:47 millert
-
- * tgetpass.c: now includes compat.h \ 6
-
-1995-03-31 17:27 millert
-
- * visudo.c: now includes fcntl.h
-
-1995-03-31 17:27 millert
-
- * compat.h: added FD_SET and FD_ZERO for 4.2BSD
-
-1995-03-31 16:12 millert
-
- * parse.yacc: dirty hack to fix parser bug. i don't really like
- this but it works for now...
-
-1995-03-31 16:12 millert
-
- * sudo.c: uid2str is now static like the prototype says
-
-1995-03-29 23:48 millert
-
- * RUNSON: Initial revision
-
-1995-03-29 23:47 millert
-
- * TODO, CHANGES, SUPPORTED, TROUBLESHOOTING: updated
-
-1995-03-29 23:46 millert
-
- * sudo.c: check_sudoers now returns an error code and sudo calls
- inform_user and log_error based on the return value.
-
-1995-03-29 23:45 millert
-
- * logging.c, sudo.h: added entries for new errors
-
-1995-03-29 23:03 millert
-
- * parse.c: now set uid to that of SUDOERS_OWNER while parsing
- sudoers file
-
-1995-03-29 22:52 millert
-
- * Makefile.in: took out testsudoers \ 6
-
-1995-03-29 22:36 millert
-
- * sudo.c: now explicately checks that it is setuid root
-
-1995-03-29 22:28 millert
-
- * sudo.c: If a user has no passwd entry sudo would segv (writing to
- a garbage pointer). Now allocate space before writing :-)
-
-1995-03-29 22:06 millert
-
- * configure.in: reordered AC_CHECK_FUNCS
-
-1995-03-29 22:06 millert
-
- * config.h.in: fixed memset macro
-
-1995-03-29 21:47 millert
-
- * logging.c: bzero -> memset when a parse error is logged the line
- number of the error is now logged too
-
-1995-03-29 21:46 millert
-
- * tgetpass.c, visudo.c: bzero -> memset
-
-1995-03-29 21:46 millert
-
- * INSTALL: added Sunos to blurb about c2 security
-
-1995-03-29 21:45 millert
-
- * configure.in: added a SUN4 define for C2 security
-
-1995-03-29 21:44 millert
-
- * config.h.in: bcopy -> memmove bzero -> memset
-
-1995-03-29 21:43 millert
-
- * lsearch.c: bcopy -> memmove char * -> VOID *
-
-1995-03-29 21:30 millert
-
- * check.c: added support for sunos with C2 security
-
-1995-03-29 21:12 millert
-
- * OPTIONS, options.h: reordered
-
-1995-03-29 21:12 millert
-
- * pathnames.h.in: _PATH_SUDO_LOGFILE now set based on configure
-
-1995-03-29 21:12 millert
-
- * configure.in: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
-
-1995-03-29 21:12 millert
-
- * config.h.in: added _SUDO_PATH_LOGFILE
-
-1995-03-29 21:11 millert
-
- * aclocal.m4: added SUDO_LOGFILE to find where to put sudo.log
- added SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h
- too) added SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
-
-1995-03-29 18:17 millert
-
- * TROUBLESHOOTING: Initial revision
-
-1995-03-29 17:59 millert
-
- * sudo.c: now do set_perms(PERM_ROOT) before the getpwuid() in
- load_global() to work around a problem is trusted hpux shadow
- passwords. yuck.
-
-1995-03-29 17:41 millert
-
- * parse.yacc: backed out a change in malloc/realloc
-
-1995-03-29 17:38 millert
-
- * parse.yacc: now include stdlib.h
-
-1995-03-29 17:22 millert
-
- * visudo.c: now do an freopen() of the stmp file so that yyin will
- always point to the same thing. This is important for flex since
- we are doing a YY_NEWFILE
-
-1995-03-29 17:20 millert
-
- * parse.yacc: replaced yywrap() with parser_cleanup() since
- yywrap() needs to be in parse.lex to be able to use YY_NEW_FILE.
- sigh.
-
-1995-03-29 17:18 millert
-
- * parse.lex: now have a rule that matches anything that doesn't
- match an explicite rule. well, you know what i mean (. matches
- anything not yet matched). However, this means that there is
- input still queued up so we need to do a YY_NEW_FILE; in yywrap.
- So, yywrap has moved into parse.lex and it calls parser_cleanup()
- which is most of the old yywrap() sigh.
-
-1995-03-29 17:17 millert
-
- * SUPPORTED: no longer used
-
-1995-03-29 16:13 millert
-
- * getcwd.c, getwd.c: moved compat.h to be the last include file
-
-1995-03-29 16:11 millert
-
- * parse.yacc: fixed type of aliascmp() args
-
-1995-03-29 15:58 millert
-
- * find_path.c: NULL -> '\0'
-
-1995-03-29 15:42 millert
-
- * parse.yacc: added casts to lfind and lsearch args for irix
-
-1995-03-29 08:20 millert
-
- * Makefile.in: bsdinstall -> install-sh
-
-1995-03-29 08:20 millert
-
- * INSTALL: added info about make realclean
-
-1995-03-29 08:17 millert
-
- * Makefile.in: updated VERSION added dependencies for visudo.cat
-
-1995-03-29 08:17 millert
-
- * version.h: -> pl5b1
-
-1995-03-29 08:16 millert
-
- * sudo.c: took out -l
-
-1995-03-29 00:03 millert
-
- * Makefile.in: now there is a real visudo.man and visudo.cat
-
-1995-03-28 23:54 millert
-
- * sudo.man: took out visudo stuff
-
-1995-03-28 23:54 millert
-
- * visudo.man: Initial revision
-
-1995-03-28 23:12 millert
-
- * parse.c, parse.lex, parse.yacc: updated copyright
-
-1995-03-28 23:05 millert
-
- * README: updated for pl5
-
-1995-03-28 20:02 millert
-
- * sudo.man: updated Nieusma & Hieb email addresses
-
-1995-03-28 19:57 millert
-
- * INSTALL: updated to include options.h and OPTIONS
-
-1995-03-28 19:35 millert
-
- * CHANGES, TODO: updated
-
-1995-03-28 19:35 millert
-
- * BUGS: eliminated bug #1 (yay)
-
-1995-03-28 19:31 millert
-
- * configure.in: sunos no longer gets linked statically
-
-1995-03-28 18:58 millert
-
- * parse.lex: prototype now uses __P()
-
-1995-03-28 18:49 millert
-
- * parse.lex: make fill() non-ansi
-
-1995-03-28 15:26 millert
-
- * parse.c: made -v (validate) work
-
-1995-03-28 15:26 millert
-
- * logging.c: now gives host
-
-1995-03-28 10:34 millert
-
- * find_path.c: don't check for execute/statable if fq or relative
- path given
-
-1995-03-28 01:07 millert
-
- * parse.c: added a cast
-
-1995-03-28 00:49 millert
-
- * visudo.c: now include ctype.h for islower and tolower macros
-
-1995-03-28 00:48 millert
-
- * goodpath.c: moved _S_IFMT & _S_ISREG to compat.h
-
-1995-03-28 00:48 millert
-
- * sudo.c: moved a set of parens
-
-1995-03-28 00:48 millert
-
- * strdup.c: now include compat.h
-
-1995-03-28 00:47 millert
-
- * parse.yacc: now cast malloc & realloc return vals added search
- for HAVE_LSEARCH now use strcmp if no strcasecmp available
-
-1995-03-28 00:46 millert
-
- * lsearch.c, emul/search.h: void * -> VOID *
-
-1995-03-28 00:45 millert
-
- * config.h.in: removed HAVE_FLEX added VOID added HAVE_DIRENT_H,
- HAVE_SYS_NDIR_H, HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
-
-1995-03-28 00:44 millert
-
- * compat.h: added _S_IFMT, _S_IFREG, and S_ISREG
-
-1995-03-28 00:44 millert
-
- * aclocal.m4: took out SUDO_PROG_INSTALL 1.x to 2.x changes added
- echo and results to most SUDO_* macros
-
-1995-03-28 00:43 millert
-
- * Makefile.in: no more -I.
-
-1995-03-28 00:22 millert
-
- * configure.in: various 1.x ro 2.x autoconf changes now check for
- strcasecmp now use AC_INSTALL_PROG instead of custom one added
- check for fully woorking void implementation
-
-1995-03-28 00:02 millert
-
- * Makefile.in: added lsearch & search.h visudo links into
- $(LIBOBJS)
-
-1995-03-27 23:43 millert
-
- * aclocal.m4: partial 1.x to 2.x changes added SUDO_FULL_VOID
-
-1995-03-27 23:40 millert
-
- * visudo.c: whatnow_help was prototyped to be static be was not
- declared as such
-
-1995-03-27 21:15 millert
-
- * configure.in: autoconf 2.x changes took out HAVE_FLEX (no longer
- used) added check for dirent/dir/ndir.h
-
-1995-03-27 21:09 millert
-
- * parse.c: now use groovy gnu autoconf macro AC_HEADER_DIRENT
-
-1995-03-27 20:38 millert
-
- * getcwd.c, getwd.c: MAXPATHLEN -> MAXPATHLEN+1
-
-1995-03-27 20:23 millert
-
- * emul/search.h, lsearch.c: Initial revision
-
-1995-03-27 18:26 millert
-
- * parse.yacc: eliminated bison warnings
-
-1995-03-27 17:10 millert
-
- * parse.lex: added missing case
-
-1995-03-27 17:04 millert
-
- * visudo.c: now iincludes signal.h
-
-1995-03-27 15:16 millert
-
- * parse.yacc: only clear data structures on a parse error
-
-1995-03-27 15:01 millert
-
- * visudo.c: whatnow() now gives help on invalid input
-
-1995-03-27 14:54 millert
-
- * visudo.c: added a whatnow() function (sort of like mh)
-
-1995-03-27 14:53 millert
-
- * parse.yacc: kill_aliases -> reset_aliases yywrap() now cleans up
- by calling reset_aliases() and clearing top took reset stuff out
- of yyerror() since it doesn't beling there (and doesn't work
- anyway). errorlineno is now initially set to -1 so we can set it
- to the first error that occurrs (it was getting set to the last)
-
-1995-03-27 14:53 millert
-
- * parse.lex: added a void cast
-
-1995-03-27 13:26 millert
-
- * visudo.c: rewrote from scratch based on 4.3BSD vipw.c
-
-1995-03-26 01:33 millert
-
- * sudo.c, sudo.h: removed ocmnd
-
-1995-03-26 01:19 millert
-
- * sudo.h: no more sudo_realpath() and find_path() changed params
-
-1995-03-26 01:19 millert
-
- * sudo.c: find_path() changed since no more realpath()
-
-1995-03-26 01:18 millert
-
- * parse.yacc: on error, errorlineno is set to the line where the
- error occurred added kill_aliases() to free the aliases struct
- now clean up in yyerror() so we can reparse cleanly
-
-1995-03-26 01:17 millert
-
- * logging.c: changed to use new find_path()
-
-1995-03-26 01:17 millert
-
- * options.h, parse.c: no more USE_REALPATH
-
-1995-03-26 01:16 millert
-
- * find_path.c: removed all the realpath() stuff
-
-1995-03-26 01:16 millert
-
- * Makefile.in: sudo_realpath.c -> sudo_goodpath.c
-
-1995-03-26 01:12 millert
-
- * visudo.c: now works correctly with utk parser
-
-1995-03-26 00:04 millert
-
- * goodpath.c: Initial revision
-
-1995-03-25 23:23 millert
-
- * sudo_realpath.c: eliminated a compiler warning
-
-1995-03-25 21:56 millert
-
- * sudo.c: elinated compiler warning
-
-1995-03-25 20:40 millert
-
- * sudo_realpath.c: added sudo_goodpath()
-
-1995-03-25 20:40 millert
-
- * sudo.h: added prototype for sudo_goodpath
-
-1995-03-25 20:39 millert
-
- * parse.c: added support for /sys/dir.h
-
-1995-03-25 20:39 millert
-
- * options.h: USE_REALPATH turned off
-
-1995-03-25 20:39 millert
-
- * find_path.c: added calls to sudo_goodpath()
-
-1995-03-25 20:39 millert
-
- * configure.in: added check for dirent.h
-
-1995-03-25 20:38 millert
-
- * config.h.in: added HAVE_DIRENT_H
-
-1995-03-25 19:27 millert
-
- * configure.in: added in linux shadow pass stuff \ 6
-
-1995-03-24 14:43 millert
-
- * visudo.c: added back host, user, cmnd, parse_error
-
-1995-03-24 14:19 millert
-
- * visudo.c: added in utk changes plus some minor cosmetic changes
-
-1995-03-24 14:17 millert
-
- * sudo.c, sudo_realpath.c: added void casts for printf's
-
-1995-03-24 14:17 millert
-
- * options.h: added a define of USE_REALPATH
-
-1995-03-24 14:17 millert
-
- * configure.in: there is no more visudoers/Makefile
-
-1995-03-24 14:16 millert
-
- * Makefile.in: added in utk changes (visudo is now built from the
- toplevel)
-
-1995-03-24 14:15 millert
-
- * find_path.c: added (void) casts to printf's
-
-1995-03-23 22:32 millert
-
- * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c: merged
- in utk changes
-
-1995-03-22 23:13 millert
-
- * find_path.c: now check to see that what we are trying to run is a
- file (or a link to a file, we do a stat(2) so there is no diff)
-
-1995-03-13 15:56 millert
-
- * CHANGES: updated
-
-1995-03-13 15:56 millert
-
- * Makefile.in: aclocal.m4 -> acsite.m4 make realclean updated for
- new autoconf \ 6
-
-1995-03-13 15:11 millert
-
- * sudo.man: added myself as maintainer
-
-1995-02-16 23:31 millert
-
- * sudo.c: changed setegid -> setgid
-
-1995-02-06 17:43 millert
-
- * configure.in: fixed the test for irix 5.x to skip bad libs
-
-1995-02-06 17:43 millert
-
- * aclocal.m4: now initialize OS and OSREV
-
-1995-01-26 20:52 millert
-
- * configure.in: irix5 changes
-
-1995-01-26 20:28 millert
-
- * configure.in: AC_WITH -> AC_ARG_WITH changes other misc changes
- for autoconf 2.1 compatibility
-
-1995-01-18 19:49 millert
-
- * visudo.c: use YY_NEW_FILE, not yyrestart since OSF flex doesn't
- do the righ thing wrt yyrestart (grrrr)
-
-1995-01-16 18:44 millert
-
- * Makefile.in: added visudoers/compat.h to DISTFILES
-
-1995-01-16 17:01 millert
-
- * configure.in: fixed an echo
-
-1995-01-16 16:36 millert
-
- * sudo.c: added ocmnd declaration adjusted for find_path()'s new
- parameters
-
-1995-01-16 16:35 millert
-
- * sudo.h: added ocmnd extern adjusted find_path() prototype
-
-1995-01-16 16:34 millert
-
- * parse.c: cmndcmp() now takes 3 arguments and checks against the
- qualified as well as the unqualified pathname. more code that
- should use cmndcmp() but did not, now does
-
-1995-01-16 16:34 millert
-
- * options.h: added to a comment
-
-1995-01-16 16:33 millert
-
- * logging.c: changed to use new find_path() parameter passing
-
-1995-01-16 16:32 millert
-
- * find_path.c: find_path() now takes 2 copyout parameters (one for
- the qualified pathname and one for the unqualified pathname).
- The third parameter may be NULL.
-
-1995-01-16 16:31 millert
-
- * configure.in: no longer munge pathnames.h
-
-1995-01-16 16:30 millert
-
- * pathnames.h.in: changed _PATH_* to use _SUDO_PATH_* (which are
- defined in config.h) as a result, pathnames.h does not need to be
- run through configure and the user can override the configured
- values easily.
-
-1995-01-16 16:30 millert
-
- * config.h.in: added _SUDO_PATH_* entries
-
-1995-01-16 16:30 millert
-
- * aclocal.m4: _PATH* -> _SUDO_PATH_*
-
-1995-01-16 16:28 millert
-
- * Makefile.in: updated DISTFILES and HDRS .o's now depend on
- config.h
-
-1995-01-13 12:52 millert
-
- * compat.h: removed extraneous #endif
-
-1995-01-13 12:48 millert
-
- * aclocal.m4: added SUDO_PROG_MV
-
-1995-01-13 12:47 millert
-
- * configure.in: added SUDO_PROG_MV added riscos and isc os types
- took out -DSHORT_MESSAGE from --with-csops since it is now the
- default
-
-1995-01-13 12:46 millert
-
- * sudo.c: move the include of id.h to compat.h now includes
- options.h
-
-1995-01-13 12:45 millert
-
- * sudo.h: moved compatibility #defines to compat.h
-
-1995-01-13 12:45 millert
-
- * pathnames.h.in: added _PATH_MV
-
-1995-01-13 12:43 millert
-
- * config.h.in: move __P to compat.h
-
-1995-01-13 12:39 millert
-
- * getcwd.c, getwd.c, putenv.c: now includes compat.h
-
-1995-01-13 12:39 millert
-
- * compat.h: Initial revision
-
-1995-01-11 19:11 millert
-
- * sudo.h: pull user-configurable stuff out and put in options.h
-
-1995-01-11 18:43 millert
-
- * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
- sudo_setenv.c, parse.lex, parse.yacc, visudo.c: now includes
- options.h
-
-1995-01-11 18:41 millert
-
- * Makefile.in: added visudoers/options.h
-
-1995-01-11 18:40 millert
-
- * options.h, OPTIONS: Initial revision
-
-1995-01-11 18:39 millert
-
- * Makefile.in: added OPTIONS and options.h
-
-1995-01-11 18:36 millert
-
- * logging.c: changed #ifdef's to use LOGGING and
- SLOG_SYSLOG/SLOG_FILE
-
-1995-01-11 11:02 millert
-
- * check.c, sudo.h: changed PASSWORD_TIMEOUT to minutes
-
-1994-12-17 18:18 millert
-
- * visudo.c: now only do Editor +line_num if line_num != 0
-
-1994-12-15 21:06 millert
-
- * visudo.c: now use mv if rename(2) fails
-
-1994-12-15 20:32 millert
-
- * BUGS: added a visudo bug
-
-1994-12-15 19:46 millert
-
- * check.c: expanded comment
-
-1994-11-12 18:33 millert
-
- * check.c: fixed user_is_exempt to return 0 if EXEMPTGROUP is not
- set
-
-1994-11-09 19:49 millert
-
- * sudo.c: added mips & isc support
-
-1994-11-09 19:49 millert
-
- * parse.c: added support for non-root owned sudoers file
-
-1994-11-09 19:48 millert
-
- * check.c: added exempt group support
-
-1994-11-09 19:47 millert
-
- * sudo.h: added set_perms() support added SUDOERS_OWNER so can have
- non-root own sudoers file added exempt group support added isc
- support
-
-1994-11-09 19:46 millert
-
- * visudo.c: now copy sudoers to temp file via read/write (not
- stdio) now chown new sudoers file to SUDOERS_OWNER
-
-1994-11-07 20:40 millert
-
- * configure.in: added skey support
-
-1994-11-07 20:39 millert
-
- * sudo.h: fixed typo added set_perms support added skey support
- added seteuid()/setegid() emulation for AIX
-
-1994-11-07 20:38 millert
-
- * sudo.c: be_* -> setperms() now check to make sure sudoers file is
- owned by root nread/write by only root
-
-1994-11-07 20:38 millert
-
- * logging.c, parse.c, sudo_realpath.c: be_* -> setperms()
-
-1994-11-07 20:38 millert
-
- * check.c: be_* -> set_perms() added skey support
-
-1994-11-06 18:59 millert
-
- * Makefile.in: ++version
-
-1994-11-06 18:59 millert
-
- * version.h: ++
-
-1994-10-21 13:16 millert
-
- * sudo.c: now sets IFS
-
-1994-10-21 12:02 millert
-
- * insults.h: fixed typo
-
-1994-10-15 15:48 millert
-
- * config.h.in: added HAVE_SKEY
-
-1994-10-04 13:00 millert
-
- * CHANGES: updated
-
-1994-10-04 12:57 millert
-
- * Makefile.in: ++version
-
-1994-10-04 12:57 millert
-
- * version.h: ++
-
-1994-10-04 12:56 millert
-
- * sudo.c: now bail if ARgv[1] > MAXPATHLEN
-
-1994-10-04 12:56 millert
-
- * configure.in: added function check for tcgetattr(3)
-
-1994-10-04 12:55 millert
-
- * config.h.in: only define HAVE_TERMIOS_H if you have tcgetattr(3)
-
-1994-10-04 12:53 millert
-
- * config.h.in: added check for tcgetattr
-
-1994-09-26 17:38 millert
-
- * CHANGES: updated
-
-1994-09-22 13:30 millert
-
- * parse.lex: now only include unistd.h for linux
-
-1994-09-21 14:29 millert
-
- * Makefile.in: added visudo.8 generation
-
-1994-09-21 14:07 millert
-
- * configure.in: added -Wl,-bI:./aixcrypt.exp to aix flags
-
-1994-09-20 19:39 millert
-
- * BUGS: added one
-
-1994-09-20 19:39 millert
-
- * CHANGES: updated
-
-1994-09-20 19:38 millert
-
- * README: added mailing list info
-
-1994-09-20 19:37 millert
-
- * parse.yacc: now use sudolineno instead of yylineno fixed bison
- warnings
-
-1994-09-20 19:37 millert
-
- * configure.in: now use -no_library_replacement for osf don't make
- a static binary for hpux >= 9.0
-
-1994-09-20 19:21 millert
-
- * tgetpass.c: added string.h/strings.h inclusion
-
-1994-09-20 19:21 millert
-
- * config.h.in: added ssize_t def
-
-1994-09-20 19:18 millert
-
- * parse.lex: added inclusion of string.h/strings.h
-
-1994-09-20 18:48 millert
-
- * aclocal.m4: fixed uname | sed (needed to quote the '[')
-
-1994-09-20 18:42 millert
-
- * parse.lex: replaced yylineno with sudolineno fixed bison syntax
- errors
-
-1994-09-20 18:13 millert
-
- * visudo.c: changed yylineno to sudolineno since yylineno cannot be
- counted upon.
-
-1994-09-20 18:10 millert
-
- * TODO: updated
-
-1994-09-20 17:52 millert
-
- * parse.c: added code to support command listings
-
-1994-09-20 17:36 millert
-
- * sudo.c: added code for -l flag
-
-1994-09-20 17:35 millert
-
- * sudo.man: fixed typo added info for -l flag
-
-1994-09-20 14:45 millert
-
- * configure.in: AC_SSIZE_T -> SUDO_SSIZE_T
-
-1994-09-20 14:45 millert
-
- * aclocal.m4: added SUDO_SSIZE_T
-
-1994-09-20 14:44 millert
-
- * sudo.h: added MODE_LIST
-
-1994-09-20 14:43 millert
-
- * configure.in: added AC_SSIZE_T
-
-1994-09-19 20:53 millert
-
- * find_path.c, sudo_realpath.c: readlink() is now declared as
- returning ssize~_t
-
-1994-09-19 20:44 millert
-
- * configure.in: added -laud for OSF c2
-
-1994-09-02 15:55 millert
-
- * config.h.in, parse.lex, parse.yacc, pathnames.h.in, visudo.c,
- Makefile.in: changed sudo-bugs.cs.colorado.edu ->
- sudo-bugs@cs.colorado.edu
-
-1994-09-02 15:54 millert
-
- * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
- parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
- sudo_setenv.c, tgetpass.c, version.h: changed
- sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
-
-1994-09-01 15:56 millert
-
- * Makefile.in: ++version
-
-1994-09-01 15:55 millert
-
- * version.h: ++
-
-1994-09-01 15:55 millert
-
- * logging.c: added host to alertmail messages
-
-1994-09-01 15:55 millert
-
- * CHANGES, TODO: udpated
-
-1994-09-01 15:26 millert
-
- * logging.c: fixed logging problem where mail would not say which
- user it was
-
-1994-09-01 13:45 millert
-
- * configure.in: added -laud for gcc if osf & c2
-
-1994-09-01 13:39 millert
-
- * check.c: moved set_auth_parameters to sudo.c
-
-1994-09-01 13:38 millert
-
- * sudo.c: added set_auth_parameters for osf
-
-1994-09-01 13:22 millert
-
- * configure.in: cleaned up -static stuff
-
-1994-09-01 13:15 millert
-
- * Makefile.in: ++version
-
-1994-09-01 13:15 millert
-
- * version.h: ++
-
-1994-09-01 13:15 millert
-
- * sudo.c: changed setenv() to sudo_setenv()
-
-1994-09-01 13:12 millert
-
- * check.c: fixed osf problem
-
-1994-08-31 22:17 millert
-
- * configure.in: added OSF C2 stuff
-
-1994-08-31 22:00 millert
-
- * CHANGES: updated
-
-1994-08-31 21:56 millert
-
- * check.c: added osf auth support & removed some extra spaces
-
-1994-08-31 21:52 millert
-
- * INSTALL, SUPPORTED: added osf C2 stuff
-
-1994-08-31 19:52 millert
-
- * TODO: added 2 suggestions
-
-1994-08-31 19:33 millert
-
- * Makefile.in: removed README.v1.3.1 and added VERSION stuff
-
-1994-08-31 18:48 millert
-
- * version.h: pl1
-
-1994-08-30 18:31 millert
-
- * version.h: 1.3.1final
-
-1994-08-30 18:30 millert
-
- * Makefile.in: added HISTORY
-
-1994-08-30 18:30 millert
-
- * sudo.man: mention HISTPRY file
-
-1994-08-30 18:30 millert
-
- * sudo.c: use sizeof instead of a constant in 1 place
-
-1994-08-30 18:30 millert
-
- * parse.yacc: added unistd.h
-
-1994-08-30 18:29 millert
-
- * parse.lex: added unistd.h
-
-1994-08-30 18:27 millert
-
- * README: udpated
-
-1994-08-30 18:15 millert
-
- * HISTORY: Initial revision
-
-1994-08-17 12:45 millert
-
- * version.h: ++
-
-1994-08-17 12:39 millert
-
- * CHANGES: updated
-
-1994-08-17 12:36 millert
-
- * sudo_setenv.c: added unistd.h include
-
-1994-08-16 15:46 millert
-
- * sudo.c: added sys/time.h for AIX
-
-1994-08-14 21:22 millert
-
- * configure.in: added check for -lsocket and sys/sockio.h
-
-1994-08-14 21:21 millert
-
- * config.h.in: took out libshadow check and added in sys/sockio.h
- check
-
-1994-08-14 21:21 millert
-
- * sudo.c: now include sockio.h instead of ioctl.h if it exists
- "sudo -" now gets a better error message
-
-1994-08-14 20:47 millert
-
- * sample.sudoers: now has a dir and subnet entry
-
-1994-08-13 18:15 millert
-
- * sudo.c: removed if_ether.h
-
-1994-08-13 17:16 millert
-
- * TODO: added an item
-
-1994-08-13 17:15 millert
-
- * sudo.man: added network and ip addresses to man page
-
-1994-08-13 17:09 millert
-
- * sudo.c: no error if can't get interfaces or netmask since
- networking may not be in the kernel.
-
-1994-08-13 17:08 millert
-
- * parse.c: nwo check for interfaces == NULL
-
-1994-08-12 21:22 millert
-
- * parse.c: fixed a bug that caused directory specs in a Cmnd_Alias
- to fail if the last entry in the spec failed (ie: it was only
- looking at the last entry). CLeaned things up by adding the
- cmndcmp() function--all neat & tidy
-
-1994-08-12 21:21 millert
-
- * CHANGES: added one
-
-1994-08-11 23:42 millert
-
- * sudo.c: now do two passes to skip bogus interfaces (lo0, etc)
-
-1994-08-11 21:58 millert
-
- * logging.c, sudo_realpath.c, sudo_setenv.c: added ninclude of
- netinet/in.h
-
-1994-08-11 21:58 millert
-
- * check.c, find_path.c, getcwd.c, getwd.c, parse.lex, parse.yacc,
- visudo.c: added include of netinet/in.h
-
-1994-08-11 21:57 millert
-
- * version.h: ++
-
-1994-08-11 21:57 millert
-
- * sudo.h: added interfaces global
-
-1994-08-11 21:56 millert
-
- * parse.c: now uses new interfaces global
-
-1994-08-11 21:56 millert
-
- * sudo.c: now ip addresses are gleaned fw/o dns
-
-1994-08-10 19:21 millert
-
- * sudo.c: added load_ip_addrs() to load the ip_addrs global var
-
-1994-08-10 19:21 millert
-
- * parse.c: added hostcmp() to compare hostnames, ip addrs, and
- network addrs
-
-1994-08-10 19:20 millert
-
- * sudo.h: added ip_addrs def added load_ip_addrs prototype
-
-1994-08-08 16:03 millert
-
- * CHANGES: updated
-
-1994-08-08 15:57 millert
-
- * Makefile.in: removed multiple entries in DISTFILES
-
-1994-08-08 13:05 millert
-
- * visudo.c: ansified the !STDC_HEADERS decls
-
-1994-08-08 13:05 millert
-
- * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c: don't do
- malloc decl if gnuc
-
-1994-08-08 13:04 millert
-
- * sudo.c: can't use getopt(3) since it munges args to the command
- to be run as root don't do malloc decl if gnuc
-
-1994-08-08 00:41 millert
-
- * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
- sudo_realpath.c, sudo_setenv.c: ansi-fied !STDC_HEADER function
- prottypes
-
-1994-08-08 00:27 millert
-
- * getcwd.c, getwd.c: added missing paren
-
-1994-08-08 00:23 millert
-
- * Makefile.in: added putenv.c to DISTFILES
-
-1994-08-08 00:08 millert
-
- * sudo_setenv.c: added params to func decls when STDC_HEADERS is
- not defined now can count on putenv() being there
-
-1994-08-08 00:08 millert
-
- * sudo_realpath.c: took out errno decl since sudo.h does it for us
- fixed up a next cc warning added params to func decls when
- STDC_HEADERS is not defined
-
-1994-08-08 00:07 millert
-
- * sudo.h: took out environ extern added local declaratio of
- putenv() if local version is needed
-
-1994-08-08 00:05 millert
-
- * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c: added params to
- func decls when STDC_HEADERS is not defined
-
-1994-08-08 00:04 millert
-
- * config.h.in: added memcpy check check to see that ansi vs bsd
- macros are ntot already defiend before defining (ie: avoid
- redefinition)
-
-1994-08-08 00:03 millert
-
- * configure.in: removed fluff setenv check plus check w/ replace
- for putenv if also no setenv
-
-1994-08-08 00:01 millert
-
- * putenv.c: Initial revision
-
-1994-08-06 19:19 millert
-
- * sudo_setenv.c: Initial revision
-
-1994-08-06 19:19 millert
-
- * sudo.h: rm'd s realp[ath added sudo_realpath and sudo_setenv
-
-1994-08-06 19:19 millert
-
- * sudo.c: now use sudo_setenvc
-
-1994-08-06 19:18 millert
-
- * configure.in: added puteenv and setenv, removed realpath
-
-1994-08-06 19:18 millert
-
- * config.h.in: added putenv & setenv
-
-1994-08-06 19:18 millert
-
- * Makefile.in: added sudo_setenv
-
-1994-08-06 19:16 millert
-
- * version.h: ++
-
-1994-08-05 19:43 millert
-
- * configure.in: added MAN_POSTINSTALL and /usr/share/catman for
- irix
-
-1994-08-05 19:43 millert
-
- * Makefile.in: added MAN_POSTINSTALL
-
-1994-08-05 19:43 millert
-
- * CHANGES: added
-
-1994-08-05 19:10 millert
-
- * sudo.man: added SUDO_* plus new options
-
-1994-08-05 19:10 millert
-
- * CHANGES: added one
-
-1994-08-05 19:07 millert
-
- * configure.in: took out shadow lib
-
-1994-08-05 18:35 millert
-
- * TODO: adde done
-
-1994-08-05 17:52 millert
-
- * visudo.c: now use yyrestart() if flex now reset yylineno to 0
-
-1994-08-05 17:49 millert
-
- * Makefile.in: support for installing a cat page instead of a man
- page if no nroff
-
-1994-08-05 17:48 millert
-
- * configure.in: now defines HAVE_FLEX fixed up man stuff so that it
- looks for nroff to determine whether or not to install a cat or
- man page
-
-1994-08-05 17:48 millert
-
- * config.h.in: added HAVE_FLEX
-
-1994-08-05 16:14 millert
-
- * sudo.c: not set ret to MODE_RUN initially
-
-1994-08-05 16:12 millert
-
- * find_path.c: made command (and therefor cmnd dynamically
- allocated)
-
-1994-08-04 20:25 millert
-
- * TODO: did #8
-
-1994-08-04 20:24 millert
-
- * version.h: ++
-
-1994-08-04 20:24 millert
-
- * sudo_realpath.c: changed bufs from MAXPATHLEN to MAXPATHLEN+1
-
-1994-08-04 20:24 millert
-
- * sudo.h: added MODE_ removed validate_only and added
- remove_timestamp()
-
-1994-08-04 20:22 millert
-
- * sudo.c: usage() now takes an int (exit value) added parse_args()
- to parse command line arguments moved call to find_path() from
- load_globals to new function load_cmnd() removed validate_only
- global -- now use the concept of "modes" added -h and -k options
-
-1994-08-04 20:21 millert
-
- * parse.c: no longer use global validate_only now checks for
- command called "validate" removed check for non-fully qualified
- commands since that is done by find_path
-
-1994-08-04 20:20 millert
-
- * find_path.c: changed MAXPATHLEN r to MAXPATHLEN+1
-
-1994-08-04 20:17 millert
-
- * find_path.c: fixed off by one error with MAXPATHLEN and fixed a
- comment
-
-1994-08-04 20:17 millert
-
- * check.c: check_timestamp no longer runs reminder(), it is implied
- in the return val added remove_timestamp()
-
-1994-08-04 20:16 millert
-
- * CHANGES: updated
-
-1994-08-04 16:38 millert
-
- * BUGS: fixed on
-
-1994-08-04 16:38 millert
-
- * sudo_realpath.c: took out old_errno
-
-1994-08-04 16:37 millert
-
- * CHANGES: updated
-
-1994-08-03 12:08 millert
-
- * logging.c: moved send_mail to after syslog
-
-1994-08-02 22:41 millert
-
- * sudo.c: now set SUDO_ envariables
-
-1994-08-01 13:40 millert
-
- * version.h: ++
-
-1994-08-01 13:39 millert
-
- * sudo_realpath.c: now print error if chdir fails
-
-1994-08-01 13:39 millert
-
- * find_path.c: removed an XXX
-
-1994-07-25 20:40 millert
-
- * CHANGES: updated
-
-1994-07-25 20:36 millert
-
- * configure.in: no more static binaries for aix
-
-1994-07-25 18:37 millert
-
- * INSTALL: fixed typo
-
-1994-07-25 18:33 millert
-
- * sudo_realpath.c: took out stuff not needed for sudo now does
- be_root/be_user itself now uses cwd global
-
-1994-07-25 18:32 millert
-
- * version.h: +=2
-
-1994-07-25 18:31 millert
-
- * logging.c, sudo.c: be_root/be_user is now down in sudo_realpath()
-
-1994-07-25 18:26 millert
-
- * logging.c, sudo.h: now works with 4.2BSD syslog (blech)
-
-1994-07-25 18:25 millert
-
- * find_path.c: now use sudo_realpath()
-
-1994-07-25 18:25 millert
-
- * config.h.in: took out realpth() stuff since we now use
- sudo_realpath()
-
-1994-07-25 18:25 millert
-
- * configure.in: ultrix enhanced sec
-
-1994-07-25 18:25 millert
-
- * SUPPORTED: added ultrix enhanced sec.
-
-1994-07-25 18:24 millert
-
- * INSTALL: updated
-
-1994-07-25 18:21 millert
-
- * check.c: ultrix enhanced security suport
-
-1994-07-25 18:20 millert
-
- * Makefile.in: added sudo_realpath.c
-
-1994-07-25 18:18 millert
-
- * CHANGES: updated
-
-1994-07-25 14:28 millert
-
- * tgetpass.c: increased passwd len to 24 for c2 security
-
-1994-07-25 13:17 millert
-
- * BUGS: updated BUGS
-
-1994-07-15 11:49 millert
-
- * check.c: now use user global var
-
-1994-07-15 11:48 millert
-
- * configure.in: took out -ls
-
-1994-07-14 19:11 millert
-
- * configure.in: added AFS libs
-
-1994-07-14 17:45 millert
-
- * sudo.h: user is now a char * added epasswd
-
-1994-07-14 17:43 millert
-
- * sudo.c: added tzset() to load_globals added epasswd (encrypted
- password) global made user dynamically allocated
-
-1994-07-14 17:43 millert
-
- * configure.in: added tzset test
-
-1994-07-14 17:43 millert
-
- * config.h.in: added HAVE_TZSET
-
-1994-07-14 17:42 millert
-
- * check.c: cleaned up encrypted passwd grab somewhat
-
-1994-07-14 12:34 millert
-
- * configure.in: fixed AFS typo
-
-1994-07-14 12:34 millert
-
- * INSTALL: added AFS not
-
-1994-07-14 12:34 millert
-
- * CHANGES: udpated
-
-1994-07-14 12:33 millert
-
- * logging.c: can now log to both syslog & a file
-
-1994-07-14 12:12 millert
-
- * sudo.h: added BOTH_LOGS
-
-1994-07-14 11:34 millert
-
- * CHANGES: updated
-
-1994-07-14 11:32 millert
-
- * configure.in: --with-AFS
-
-1994-07-14 11:32 millert
-
- * config.h.in: added HAVE_AFS
-
-1994-07-14 11:31 millert
-
- * check.c: added afs changes
-
-1994-07-14 11:21 millert
-
- * sudo.h: removed AFS stuff :-)
-
-1994-07-14 11:19 millert
-
- * tgetpass.c: include sys/select for AIX
-
-1994-07-14 11:17 millert
-
- * sudo.h: added AFS
-
-1994-07-14 11:16 millert
-
- * version.h: ++
-
-1994-07-07 14:45 millert
-
- * SUPPORTED, CHANGES: updated
-
-1994-07-07 14:44 millert
-
- * logging.c: can now have MAILER undefined
-
-1994-07-07 14:37 millert
-
- * INSTALL: new sub-note about MAILER
-
-1994-07-06 23:11 millert
-
- * sudo.man: added blurb about password timeout
-
-1994-07-06 20:52 millert
-
- * configure.in: convex c2 changes
-
-1994-07-06 20:52 millert
-
- * aclocal.m4: took out duplicate define of _CONVEX_SOURCE
-
-1994-07-06 20:51 millert
-
- * Makefile.in: added OSDEFS
-
-1994-07-06 20:46 millert
-
- * config.h.in: added spaces
-
-1994-07-06 20:08 millert
-
- * tgetpass.c: added a goto if fgets fails
-
-1994-07-06 20:08 millert
-
- * sudo.h: use __hpux not hpux convex c2 stuff
-
-1994-07-06 20:08 millert
-
- * sudo.c: use __hpux not hpux
-
-1994-07-06 20:08 millert
-
- * logging.c: convex c2 stuff
-
-1994-07-06 20:07 millert
-
- * config.h.in: define ansi-ish cpp os defines if non-ansi are
- defined for hpux & convex
-
-1994-07-06 20:07 millert
-
- * INSTALL: updated to say we support sonvex C2
-
-1994-07-06 20:05 millert
-
- * check.c: added convex c2 support
-
-1994-07-01 12:06 millert
-
- * tgetpass.c: no more ioctl never returns NULL uses fgets() and
- select() to timeout
-
-1994-06-29 17:04 millert
-
- * configure.in: things were testing -n "$GCC" instead of -z "$GCC"
-
-1994-06-29 16:39 millert
-
- * tgetpass.c: now works + uses fgets()
-
-1994-06-28 18:25 millert
-
- * tgetpass.c: select doesn't seem to recognize a single '\n' as
- input waiting so we can;t use it, sigh.
-
-1994-06-26 16:38 millert
-
- * PORTING: updated tgetpass() blurb
-
-1994-06-26 16:35 millert
-
- * configure.in: added --with-getpass
-
-1994-06-26 16:35 millert
-
- * Makefile.in: added tgetpass stuff
-
-1994-06-26 15:25 millert
-
- * tgetpass.c: now uses stdio
-
-1994-06-26 15:17 millert
-
- * version.h: ++
-
-1994-06-24 19:48 millert
-
- * PORTING: updated ,.
-
-1994-06-24 19:46 millert
-
- * config.h.in: added USE_GETPASS && HAVE_C2_SECURITY
-
-1994-06-24 19:45 millert
-
- * configure.in: fixed a test aded --with-C2 and --with-tgetpass
-
-1994-06-24 19:45 millert
-
- * check.c: added hpux C2 shit
-
-1994-06-24 19:45 millert
-
- * Makefile.in: took out tgetpass.*
-
-1994-06-24 19:45 millert
-
- * INSTALL: added C2 blurb
-
-1994-06-13 15:54 millert
-
- * configure.in: no termio(s) for ultrix since it is broken
-
-1994-06-13 15:41 millert
-
- * check.c: added a space (yeah, anal)
-
-1994-06-13 15:17 millert
-
- * realpath.c, sudo_realpath.c: fixed it (duh, rtfm)
-
-1994-06-08 14:34 millert
-
- * config.h.in: took out bsd signal stuff for irix
-
-1994-06-08 14:26 millert
-
- * visudo.c: comments in #endif
-
-1994-06-08 14:09 millert
-
- * configure.in: don't define BSD signals for irix
-
-1994-06-08 12:57 millert
-
- * TODO: did some...
-
-1994-06-08 12:57 millert
-
- * CHANGES: updated
-
-1994-06-08 12:56 millert
-
- * realpath.c, sudo_realpath.c: took out unneeded code by changing
- where a strings was terminated
-
-1994-06-07 19:21 millert
-
- * realpath.c, sudo_realpath.c: fix bug where /dirname would return
- NULL
-
-1994-06-07 17:40 millert
-
- * sudo.h: move __P to config.h
-
-1994-06-07 17:40 millert
-
- * getcwd.c, getwd.c, realpath.c, sudo_realpath.c: added errno
- definition
-
-1994-06-07 17:40 millert
-
- * config.h.in: added __P
-
-1994-06-07 17:21 millert
-
- * config.h.in: added HAVE_FCHDIR
-
-1994-06-07 17:18 millert
-
- * strdup.c: now include stdio
-
-1994-06-07 14:55 millert
-
- * realpath.c, sudo_realpath.c: now works if no fchdir
-
-1994-06-07 14:55 millert
-
- * visudo.c: define SA_RESETHAND to null if not defined
-
-1994-06-07 14:54 millert
-
- * configure.in: added check & replace
-
-1994-06-06 20:05 millert
-
- * configure.in: took out -static for nextstep -- it doesn't work
-
-1994-06-06 19:59 millert
-
- * logging.c: moved #endif to where it belongs
-
-1994-06-06 19:54 millert
-
- * SUPPORTED: correction
-
-1994-06-06 19:42 millert
-
- * configure.in: now checks for strdup realpath getcwd bzero
-
-1994-06-06 19:31 millert
-
- * config.h.in: emulate bzero
-
-1994-06-06 16:57 millert
-
- * visudo.c: added posic signals
-
-1994-06-06 16:57 millert
-
- * tgetpass.c: bzero cast
-
-1994-06-06 16:57 millert
-
- * logging.c: added posix signals
-
-1994-06-06 16:56 millert
-
- * configure.in: removed BROKEN_GETPASS added new srcs toreplace
- missing functions
-
-1994-06-06 16:56 millert
-
- * config.h.in: added posix signal stuff
-
-1994-06-06 16:56 millert
-
- * Makefile.in: added new srcs
-
-1994-06-06 12:53 millert
-
- * visudo.c: updated useag
-
-1994-06-06 12:39 millert
-
- * tgetpass.c: now uses posix signals
-
-1994-06-05 20:17 millert
-
- * PORTING: updated sto reflect major changes
-
-1994-06-05 20:05 millert
-
- * TODO, CHANGES: updated
-
-1994-06-05 20:04 millert
-
- * tgetpass.c: uses sysconf() if available
-
-1994-06-05 20:04 millert
-
- * sudo.h: added PASSWORD_TIMEOUT + prototypes for new functions
-
-1994-06-05 20:04 millert
-
- * realpath.c, sudo_realpath.c: for those w/o this in libc
-
-1994-06-05 20:03 millert
-
- * getcwd.c, getwd.c: Initial revision
-
-1994-06-05 20:03 millert
-
- * find_path.c: rewrote to use realpath(3) - nis now all my code
-
-1994-06-05 20:02 millert
-
- * config.h.in: added HAVE_REALPATH
-
-1994-06-05 20:02 millert
-
- * check.c: now use tgetpass
-
-1994-06-05 20:02 millert
-
- * Makefile.in: added LIBOBJS use tgetpass.c
-
-1994-06-05 18:55 millert
-
- * tgetpass.c: works now :-)
-
-1994-06-05 18:27 millert
-
- * tgetpass.c: Initial revision
-
-1994-06-05 17:17 millert
-
- * pathnames.h.in: added /dev/tty
-
-1994-06-04 17:12 millert
-
- * version.h: incremented
-
-1994-06-04 15:29 millert
-
- * sudo.c: always use getcwd
-
-1994-06-04 14:49 millert
-
- * config.h.in: added check for getwd
-
-1994-06-04 14:48 millert
-
- * configure.in: replace strdup & realpath & getcwd if missing
-
-1994-06-04 14:47 millert
-
- * pathnames.h.in: added _PATH_PWD
-
-1994-06-04 14:46 millert
-
- * aclocal.m4: added SUDO_PROG_PWD
-
-1994-06-04 14:37 millert
-
- * realpath.c, sudo_realpath.c, strdup.c: Initial revision
-
-1994-06-03 11:31 millert
-
- * configure.in: quoted quare brackets
-
-1994-06-02 17:49 millert
-
- * sudo.c: no need to strdup() a constant
-
-1994-06-02 15:45 millert
-
- * CHANGES: updated
-
-1994-06-02 15:44 millert
-
- * sudo.man: added validate
-
-1994-06-02 15:42 millert
-
- * sudo.c: added -v to usage
-
-1994-06-02 15:41 millert
-
- * parse.c, sudo.c, sudo.h: added validate_only stuff
-
-1994-05-29 21:29 millert
-
- * configure.in: now finds sed
-
-1994-05-29 21:28 millert
-
- * aclocal.m4: $OSREV is now an int
-
-1994-05-29 19:13 millert
-
- * configure.in: added mtxinu to caser
-
-1994-05-29 18:37 millert
-
- * sudo.h: added EXEC macro
-
-1994-05-29 18:36 millert
-
- * sudo.c: now use the EXEC nmacro now only do a gethostbyname() if
- FQDN is set
-
-1994-05-29 18:36 millert
-
- * logging.c: changed mail_argv[] def now use EXEC() macro
-
-1994-05-29 18:35 millert
-
- * check.c: took out crypt() definition
-
-1994-05-29 17:23 millert
-
- * version.h: upped the version
-
-1994-05-29 15:52 millert
-
- * configure.in: always look for -lnsl
-
-1994-05-29 15:29 millert
-
- * aclocal.m4: added an echo
-
-1994-05-29 15:25 millert
-
- * sudo.h: SHORT_MESSAGE is now the default
-
-1994-05-29 15:18 millert
-
- * config.h.in: fixed typo
-
-1994-05-29 01:29 millert
-
- * configure.in: added missing AC_DEFINE(SVR4) for solaris
-
-1994-05-28 20:42 millert
-
- * sudo.man: documented the -v flag
-
-1994-05-28 20:34 millert
-
- * SUPPORTED: updated
-
-1994-05-28 20:31 millert
-
- * check.c: proto-ized crypt()
-
-1994-05-28 20:28 millert
-
- * config.h.in: added LIBSHADOW undef
-
-1994-05-28 20:18 millert
-
- * configure.in: nwo set OS to be lowercase
-
-1994-05-28 19:36 millert
-
- * configure.in: now use SUDO_OSTYPE to set $OS
-
-1994-05-28 19:36 millert
-
- * aclocal.m4: now use uname to determine os
-
-1994-05-28 16:23 millert
-
- * visudo.c: added prototypes & moved sig handler around
-
-1994-05-28 15:13 millert
-
- * sudo.h: added prototyppes
-
-1994-05-28 15:13 millert
-
- * parse.c: added comment
-
-1994-05-28 15:12 millert
-
- * config.h.in: nwo use _BSD_SIGNALS not _BSD_COMPAT
-
-1994-05-28 15:11 millert
-
- * check.c, logging.c, sudo.c: added prototypes
-
-1994-05-28 15:11 millert
-
- * aixcrypt.exp: Initial revision
-
-1994-05-28 15:11 millert
-
- * Makefile.in: added aixcrypt.exp
-
-1994-05-28 13:21 millert
-
- * parse.lex, parse.yacc: moved config.h to top of includes
-
-1994-05-25 15:48 millert
-
- * find_path.c: now don't bitch if get EACCESS (treat like EPERM)
-
-1994-05-24 23:08 millert
-
- * visudo.c: added -v flag and usage()
-
-1994-05-24 23:08 millert
-
- * version.h: fixed a typo
-
-1994-05-24 23:08 millert
-
- * sudo.c: cast Argv to a const for exec added -v flag
-
-1994-05-24 23:07 millert
-
- * logging.c: mail_argv is now a const
-
-1994-05-24 23:07 millert
-
- * configure.in: only set RETSIGTYPE if it is not set already
-
-1994-05-24 23:07 millert
-
- * aclocal.m4: now defines & STDC_HEADERS for Irix
-
-1994-05-24 23:07 millert
-
- * Makefile.in: added version.h
-
-1994-05-24 21:25 millert
-
- * insults.h, sudo.h: prevent multiple inclusion
-
-1994-05-24 21:20 millert
-
- * version.h: Initial revision
-
-1994-05-24 21:09 millert
-
- * parse.lex, parse.yacc: now includes config.h
-
-1994-05-24 20:54 millert
-
- * aclocal.m4: now talks about sunos 4.x
-
-1994-05-24 20:23 millert
-
- * visudo.c: calls to Exit now pass an arg
-
-1994-05-24 18:00 millert
-
- * visudo.c: signal handler now takes an int argument
-
-1994-05-24 18:00 millert
-
- * CHANGES: updated
-
-1994-05-24 17:44 millert
-
- * sudo.c: ok, the getcwd() is now *really* done as the user
-
-1994-05-24 17:44 millert
-
- * configure.in: changed AIX STATIC_FLAGS
-
-1994-05-24 16:27 millert
-
- * aclocal.m4: solaris now defines SVR4
-
-1994-05-24 16:18 millert
-
- * sudo.h: added cwd and fixed stupid core dump that makes no sense.
- sigh.
-
-1994-05-24 16:18 millert
-
- * sudo.c: moved getcwd stuff into load_globals
-
-1994-05-24 16:18 millert
-
- * parse.c: took out externs that are in suod.h
-
-1994-05-24 16:18 millert
-
- * logging.c: moved cwd into load_globals
-
-1994-05-24 16:17 millert
-
- * find_path.c: moved cwd stuff
-
-1994-05-24 15:55 millert
-
- * Makefile.in: fixed make distclean & realclean
-
-1994-05-24 12:51 millert
-
- * TODO: updated .,
-
-1994-05-24 12:51 millert
-
- * CHANGES: added solaris changes
-
-1994-05-24 12:51 millert
-
- * aclocal.m4: added solaris changes, need to rework
-
-1994-05-24 12:50 millert
-
- * configure.in: cleaned up for solaris
-
-1994-05-24 12:13 millert
-
- * logging.c: reinstall reapchild signal handler for non-bsd signals
-
-1994-05-24 12:03 millert
-
- * sudo.h: took out getdtablesize() emulation for HP-UX (no longer
- needed)
-
-1994-05-24 12:03 millert
-
- * sudo.c: support for HAVE_SYSCONF
-
-1994-05-24 12:02 millert
-
- * visudo.c: added <fcntl.h> for solaris & reorg'd the includes +
- minor prettying up /
-
-1994-05-23 20:26 millert
-
- * config.h.in: added HAVE_SYSCONF
-
-1994-05-16 18:57 millert
-
- * configure.in: now tells you what os you are running /.
-
-1994-05-16 18:56 millert
-
- * aclocal.m4: took out extra ','
-
-1994-05-14 17:56 millert
-
- * config.h.in: added _BSD_COMPAT
-
-1994-05-14 17:56 millert
-
- * aclocal.m4: fixed for irix5
-
-1994-05-14 17:55 millert
-
- * CHANGES: updated
-
-1994-05-14 17:27 millert
-
- * sudo.c: uid seinitialized to -2
-
-1994-04-28 12:36 millert
-
- * sudo.c: now removes LIBPATH for AIX
-
-1994-03-12 20:41 millert
-
- * configure.in: now uses ufc if it finds it
-
-1994-03-12 17:42 millert
-
- * sudo.h: no longer define yyval & yylval since yacc does it
-
-1994-03-12 17:42 millert
-
- * parse.lex: now defines yylval as extenr
-
-1994-03-12 17:41 millert
-
- * configure.in: BROKEN_GETPASS is now an OPTION
-
-1994-03-12 17:41 millert
-
- * config.h.in: took out BROKEN_GETPASS
-
-1994-03-12 17:20 millert
-
- * Makefile.in: took out big comment
-
-1994-03-12 16:24 millert
-
- * README: updated
-
-1994-03-12 16:20 millert
-
- * Makefile.in: took out README.beta
-
-1994-03-12 16:19 millert
-
- * SUPPORTED: Initial revision
-
-1994-03-12 16:19 millert
-
- * INSTALL: now reference SUPPORTED .,
-
-1994-03-12 16:17 millert
-
- * config.h.in: now check for convex OR __convex__
-
-1994-03-12 16:16 millert
-
- * aclocal.m4: now check for convex or __convex__
-
-1994-03-12 16:15 millert
-
- * Makefile.in: added dist target
-
-1994-03-12 15:19 millert
-
- * aclocal.m4: use __convex__
-
-1994-03-12 14:33 millert
-
- * find_path.c: now use _S_* stat stuff to be ansi-like
-
-1994-03-12 14:11 millert
-
- * INSTALL: updated for configure directions
-
-1994-03-12 14:05 millert
-
- * Makefile.in: distclean now removes config.h and pathnames.h
-
-1994-03-12 14:03 millert
-
- * CHANGES: updated
-
-1994-03-12 14:00 millert
-
- * TODO: fixed typoe
-
-1994-03-12 13:57 millert
-
- * Makefile.in, visudo.c: updated version
-
-1994-03-12 13:57 millert
-
- * config.h.in, pathnames.h.in: added copyright header
-
-1994-03-12 13:55 millert
-
- * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
- parse.yacc, sudo.c, sudo.h: udpated version
-
-1994-03-12 13:39 millert
-
- * visudo.c: udpated to use configure + pathnames.h
-
-1994-03-12 13:37 millert
-
- * Makefile.in, config.h.in, configure.in, aclocal.m4: updated
-
-1994-03-12 13:37 millert
-
- * sudo.h: now works with configure
-
-1994-03-12 13:36 millert
+ * sudo.h:
+ now works with configure
+ [83fc40e533f4]
* check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
- updated to work with configure + pathnames.h
-
-1994-03-12 10:40 millert
-
- * Makefile.in: added LEXLIB
-
-1994-03-10 03:18 millert
-
- * COPYING: updated gnu general licence to versio 2
-
-1994-03-10 02:44 millert
-
- * pathnames.h.in, config.h.in: Initial revision
-
-1994-03-10 01:43 millert
-
- * sudo.h: changed to work with configure
-
-1994-03-09 18:51 millert
-
- * Makefile.in, aclocal.m4, configure.in: Initial revision
-
-1994-03-09 17:36 millert
-
- * visudo.c: now uses defines used by configure
-
-1994-03-01 16:31 millert
-
- * find_path.c: sudo won't bitch about EPERM now, for real
-
-1994-02-28 00:36 millert
-
- * logging.c: renamed exec_argv to eliminate a libc name clash with
- ksros
-
-1994-02-28 00:28 millert
-
- * CHANGES: corrected
-
-1994-02-28 00:27 millert
-
- * logging.c, sudo.c, sudo.h: execve -> execv
-
-1994-02-27 23:27 millert
-
- * TODO: upated
-
-1994-02-27 23:19 millert
-
- * PORTING: added 2 mroe items
-
-1994-02-27 23:12 millert
-
- * CHANGES: updated
-
-1994-02-27 23:11 millert
-
- * sudo.h: added UMASK and mode_t declaration
-
-1994-02-27 23:11 millert
-
- * sudo.c: added UMASK
-
-1994-02-27 20:55 millert
-
- * logging.c: now opens log file with mode 077
-
-1994-02-27 20:55 millert
-
- * check.c: saved current umask ans restores it
-
-1994-02-27 20:36 millert
-
- * sudo.h: added MAXLOGFILELEN
-
-1994-02-27 20:35 millert
-
- * logging.c: split long log lines. FOr syslog, split into multiple
- entries, for a log file, indent the extra for readability
-
-1994-02-27 17:22 millert
-
- * CHANGES: added changes
-
-1994-02-27 17:18 millert
-
- * sudo.h: MAXLOGLEN & MAXSYSLOGLEN are now different (as they
- should be)
-
-1994-02-25 16:04 millert
-
- * TODO: added input from Brett M Hogden <hogden@rge.com>
-
-1994-02-16 13:35 millert
-
- * sudo.c: added rmenv() to remove stuff from environ. can now uses
- execvp() OR execve() becuase of this.
-
-1994-02-16 13:35 millert
-
- * logging.c: now uses execvp() OR execve()
-
-1994-02-16 13:31 millert
-
- * sudo.h: added USE_EXECVE
-
-1994-02-16 13:27 millert
-
- * sudo.h: added environ
-
-1994-02-16 12:53 millert
-
- * find_path.c: now ignore EPERM
-
-1994-02-15 23:52 millert
-
- * sudo.h: moved some func decls out of sudo.h and into sudo.c as
- statics /.
-
-1994-02-15 23:52 millert
-
- * CHANGES: updated
-
-1994-02-15 23:40 millert
-
- * sudo.h: took out Envp
-
-1994-02-14 12:28 millert
-
- * BUGS: Initial revision
-
-1994-02-10 14:29 millert
-
- * sudo.c, sudo.h, CHANGES: added SECURE_PATH
-
-1994-02-10 14:05 millert
-
- * sudo.h: added SECURE_PATH
-
-1994-02-10 13:50 millert
-
- * INSTALL: added sample.sudoers note
-
-1994-02-10 13:47 millert
-
- * sudoers: Initial revision
-
-1994-02-09 14:54 millert
-
- * find_path.c: fixed typo
-
-1994-02-08 23:06 millert
-
- * PORTING: took out SAVED_UID garbage
-
-1994-02-08 22:55 millert
-
- * INSTALL: mentioned HAL
-
-1994-02-08 22:50 millert
-
- * sudo.h: added HAL line
-
-1994-02-08 22:48 millert
-
- * insults.h: added HAL insults
-
-1994-02-08 22:48 millert
-
- * TODO: updated
-
-1994-02-08 22:02 millert
-
- * logging.c: more verbose error if mailer not found
-
-1994-02-08 22:02 millert
-
- * check.c: now do getpwent as root for soem shadow password systems
- (bsdi)
-
-1994-02-08 13:22 millert
-
- * sudo.h: took out SAVED_UID garbade
-
-1994-02-08 13:21 millert
-
- * sudo.c: took out SAVED_UID garbage since it don't work
-
-1994-02-06 17:43 millert
-
- * README: updated
-
-1994-02-06 17:40 millert
-
- * insults.h: added a missing space :-)
-
-1994-02-05 19:48 millert
-
- * sudo.c, sudo.h: took out multimax cruft
-
-1994-02-05 19:30 millert
-
- * INSTALL: minor update
-
-1994-02-05 19:30 millert
-
- * PORTING: finished
-
-1994-02-05 19:19 millert
-
- * sudo.c: fixed a typo + indentation
-
-1994-02-05 18:43 millert
-
- * sudo.h: took outumoved some defines to the config file ,. ,.
-
-1994-02-05 15:17 millert
-
- * PORTING: Initial revision
-
-1994-02-05 15:17 millert
-
- * TODO: did #6
-
-1994-02-05 15:16 millert
-
- * sudo.h: added HAS_SAVED_UID
-
-1994-02-05 15:16 millert
-
- * sudo.c: put back AIX cruft
-
-1994-02-03 00:44 millert
-
- * sudo.c: aix changes
-
-1994-02-02 01:31 millert
-
- * CHANGES: updated
+ updated to work with configure + pathnames.h
+ [cb67fa6ab52d]
-1994-02-02 01:30 millert
+ * Makefile.in:
+ added LEXLIB
+ [f43cad4ab0a2]
- * check.c, logging.c, parse.c, sudo.c, sudo.h: now is only root
- when abs necesary
+1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
-1994-02-01 22:21 millert
+ * COPYING:
+ updated gnu general licence to versio 2
+ [2b0b56112ddc]
- * check.c: added missing %s\n
+ * config.h.in, pathnames.h.in:
+ Initial revision
+ [4b586f39ec2d]
-1994-01-31 02:06 millert
+ * sudo.h:
+ changed to work with configure
+ [13f3506ddf16]
- * install-sh: Initial revision
+1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
-1994-01-31 01:58 millert
+ * Makefile.in, aclocal.m4, configure.in:
+ Initial revision
+ [a8636ae77371]
- * CHANGES, TODO: updated
+ * visudo.c:
+ now uses defines used by configure
+ [de438d118993]
-1994-01-31 01:56 millert
+1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: now removed _RLD_* for alphas
+ * find_path.c:
+ sudo won't bitch about EPERM now, for real
+ [ce26d9ef7e3f]
-1994-01-31 01:50 millert
+1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL: updated for new config scheme
+ * logging.c:
+ renamed exec_argv to eliminate a libc name clash with ksros
+ [bcb4350d8411]
-1994-01-30 19:42 millert
+ * CHANGES:
+ corrected
+ [dae68d422efd]
- * find_path.c: more verbose eror messages
+ * logging.c, sudo.c, sudo.h:
+ execve -> execv
+ [40cc2c4bdb15]
-1994-01-27 14:08 millert
+ * TODO:
+ upated
+ [9275a8b8fc45]
- * TODO: now have solaris
+ * PORTING:
+ added 2 mroe items
+ [6cbb5c56993c]
-1994-01-27 14:07 millert
+ * CHANGES:
+ updated
+ [73f34f8e571a]
- * sudo.h: define __svr4__ for SOLARIS
+ * sudo.h:
+ added UMASK and mode_t declaration
+ [7c2015e1d171]
-1994-01-27 14:07 millert
+ * sudo.c:
+ added UMASK
+ [d37be7523680]
- * check.c: added svr4 junk for shadow pws for solaris 2.x
+ * logging.c:
+ now opens log file with mode 077
+ [0825cc3ee841]
-1994-01-27 13:19 millert
+ * check.c:
+ saved current umask ans restores it
+ [659c1aaae8e8]
- * check.c, sudo.c: took out setuid(0) and setreuid(udi) garbage.
- Its not needed since we start out setuid with the correct perms.
+ * sudo.h:
+ added MAXLOGFILELEN
+ [34331c7dee90]
-1994-01-26 19:51 millert
+ * logging.c:
+ split long log lines. FOr syslog, split into multiple entries, for
+ a log file, indent the extra for readability
+ [72c9e4cdba6e]
- * check.c, sudo.c, sudo.h: now use setreuid()
+1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
-1994-01-26 18:58 millert
+ * CHANGES:
+ added changes
+ [81196833673d]
- * sudo.man: revised AUTHORS secrtion & added ENV_EDITOR stuff to
- VARIABLES sectoin
+ * sudo.h:
+ MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
+ [1aa69e903840]
-1994-01-26 18:52 millert
+1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: now uses ENV_EDITOR if you want to use the EDITOR envar
+ * TODO:
+ added input from Brett M Hogden <hogden@rge.com>
+ [80f01fc88ce9]
-1994-01-26 18:52 millert
+1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.h: now uses ENV_EDITOR if you want to use the EDITOR envar
- >> .
+ * sudo.c:
+ added rmenv() to remove stuff from environ. can now uses execvp()
+ OR execve() becuase of this.
+ [e7fc2535bd67]
-1993-12-07 01:33 millert
+ * logging.c:
+ now uses execvp() OR execve()
+ [56391aa1f99d]
- * README: minor update + spell fix
+ * sudo.h:
+ added USE_EXECVE
+ [f21f38050b95]
-1993-12-07 01:33 millert
+ * sudo.h:
+ added environ
+ [6b805e23c6f6]
- * INSTALL: rewrote most of this
+ * find_path.c:
+ now ignore EPERM
+ [c8fd7117a1d7]
-1993-12-07 01:13 millert
+ * sudo.h:
+ moved some func decls out of sudo.h and into sudo.c as statics /.
+ [5f555c267d27]
- * sudo.h: added all options that are in the Makefile
+ * CHANGES:
+ updated
+ [431f478af320]
-1993-12-07 00:23 millert
+ * sudo.h:
+ took out Envp
+ [6f722be7793d]
- * getpass.c: now use USE_TERMIO #define for sgi & hpux
+1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-12-06 23:19 millert
+ * BUGS:
+ Initial revision
+ [4a8ecf0da95c]
- * TODO: todo: posix sigs
+1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-12-06 01:12 millert
+ * CHANGES:
+ added SECURE_PATH
+ [1c72cb222609]
- * check.c, find_path.c: always include strings.h
+ * sudo.c, sudo.h:
+ added SECURE_PATH
+ [5bf5357a63c5]
-1993-12-05 20:34 millert
+ * sudo.h:
+ added SECURE_PATH
+ [3976a74405ac]
- * visudo.c: added STATICEDITOR
+ * INSTALL:
+ added sample.sudoers note
+ [1b395d29aaeb]
-1993-12-05 20:30 millert
+ * sudoers:
+ Initial revision
+ [485888d07477]
- * sudo.h: sgi has vi in /usr/bin too
+1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-12-05 20:23 millert
+ * find_path.c:
+ fixed typo
+ [bfc3cc4d41ca]
- * sudo.man: added VISUAL
+ * PORTING:
+ took out SAVED_UID garbage
+ [b7c2d3469661] [SUDO_1_3_0]
-1993-12-02 22:20 millert
+ * INSTALL:
+ mentioned HAL
+ [253d6695df90]
- * sudo.h: sue /usr/bin/vi on some systems
+ * sudo.h:
+ added HAL line
+ [29ec1a4ac6de]
-1993-12-02 22:19 millert
+ * insults.h:
+ added HAL insults
+ [7d7c96d77c74]
- * sudo.c: fixed warning (include strings.h)
+ * TODO:
+ updated
+ [aa2ed9790586]
-1993-12-02 22:06 millert
+ * logging.c:
+ more verbose error if mailer not found
+ [fca47fd00cb6]
- * sudo.man: added John_Rouillard@dl5000.bc.edu's changes (new
- features)
+ * check.c:
+ now do getpwent as root for soem shadow password systems (bsdi)
+ [e0339e110d46]
-1993-12-02 21:38 millert
+1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: changes from John_Rouillard@dl5000.bc.edu
+ * sudo.h:
+ took out SAVED_UID garbade
+ [fcb0e81dcdb5]
-1993-12-02 21:35 millert
+ * sudo.c:
+ took out SAVED_UID garbage since it don't work
+ [507e9513e9c2]
- * visudo.c: added EDITOR envar
+1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-12-02 21:34 millert
+ * README:
+ updated
+ [d2b6b253dae5]
- * check.c, find_path.c, parse.c, sudo.c: added patches from
- John_Rouillard directory spec uses EDITOR
+ * insults.h:
+ added a missing space :-)
+ [8940ea991f87]
-1993-12-01 19:32 millert
+ * sudo.c, sudo.h:
+ took out multimax cruft
+ [c2606b365181]
- * getpass.c: added flush for hpux
+ * INSTALL:
+ minor update
+ [05fb6ee73131]
-1993-11-30 13:37 millert
+ * PORTING:
+ finished
+ [c4ac47c84dc5]
- * sudo.c: no longer assume malloc returns a char *
+ * sudo.c:
+ fixed a typo + indentation
+ [7eab40aae8fa]
-1993-11-29 20:35 millert
+1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: alpha change to remove LD_-like thing fixed SHLIB_PATH
- stuff -- now gets removed correctly
+ * sudo.h:
+ took outumoved some defines to the config file ,. ,.
+ [defff05beb52]
-1993-11-29 19:31 millert
+ * PORTING:
+ Initial revision
+ [c803e9127959]
- * sudo.h: added STD_HEADERS macro
+ * TODO:
+ did #6
+ [c6fa1c946c31]
-1993-11-29 19:14 millert
+ * sudo.h:
+ added HAS_SAVED_UID
+ [6a88a39c0a07]
- * sudo.c: now uses STD_HEADERS macor for ansi
+ * sudo.c:
+ put back AIX cruft
+ [a24d2507ddd4]
-1993-11-29 19:14 millert
+1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * find_path.c: now uses STD_HEADERS macro
+ * sudo.c:
+ aix changes
+ [1663915f754a]
-1993-11-29 19:13 millert
+1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c: niceties for C compiler bitches -- no real change
+ * CHANGES:
+ updated
+ [a8cc73747cae]
-1993-11-29 13:04 millert
+ * check.c, logging.c, parse.c, sudo.c, sudo.h:
+ now is only root when abs necesary
+ [3c9d12c5cdfe]
- * visudo.c: now doesn't fclose a file never opened.
+ * check.c:
+ added missing %s\n
+ [609320b72d89]
-1993-11-28 16:35 millert
+1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.man: added visudo line
+ * install-sh:
+ Initial revision
+ [b5bba140a175]
-1993-11-28 16:31 millert
+ * TODO:
+ updated
+ [c9d2eba602af]
- * sudo.man: added error stuff added me in there...
+ * CHANGES:
+ updated
+ [932f1fc3bb14]
-1993-11-28 03:12 millert
+ * sudo.c:
+ now removed _RLD_* for alphas
+ [54a36e648158]
- * CHANGES: noted insults
+ * INSTALL:
+ updated for new config scheme
+ [61c8ae800444]
-1993-11-28 03:01 millert
+ * find_path.c:
+ more verbose eror messages
+ [b4fd123db42d]
- * INSTALL: added blurb about reading stuff
+1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-11-28 03:00 millert
+ * TODO:
+ now have solaris
+ [371002fbf266]
- * sudo.h: added insults
+ * sudo.h:
+ define __svr4__ for SOLARIS
+ [0b5cf5ed936d]
-1993-11-28 03:00 millert
+ * check.c:
+ added svr4 junk for shadow pws for solaris 2.x
+ [91ed58f21618]
- * insults.h: corrected somments and removed newlines
+ * check.c, sudo.c:
+ took out setuid(0) and setreuid(udi) garbage. Its not needed since
+ we start out setuid with the correct perms.
+ [07689e782b0b]
-1993-11-28 03:00 millert
+ * check.c, sudo.c, sudo.h:
+ now use setreuid()
+ [7d64d685d78e]
- * check.c: now uses insults
+1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-11-28 02:45 millert
+ * sudo.man:
+ revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
+ sectoin
+ [b26967b1e19b]
- * insults.h: Initial revision
+ * visudo.c:
+ now uses ENV_EDITOR if you want to use the EDITOR envar
+ [a4f8fcb9bd1d]
-1993-11-27 19:46 millert
+ * sudo.h:
+ now uses ENV_EDITOR if you want to use the EDITOR envar >> .
+ [028cc55c4328]
- * INSTALL: added dec syslog note
+1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-11-27 19:25 millert
+ * INSTALL:
+ rewrote most of this
+ [a6750923f9c9]
- * sample.sudoers: added real stuff in there
+ * README:
+ minor update + spell fix
+ [a411717a7249]
-1993-11-27 19:24 millert
+ * sudo.h:
+ added all options that are in the Makefile
+ [6db3b3b841b3]
- * TODO: added a todo
+ * getpass.c:
+ now use USE_TERMIO #define for sgi & hpux
+ [b91f89ae6be1]
-1993-11-27 19:10 millert
+ * TODO:
+ todo: posix sigs
+ [4548a56eb2ef]
- * TODO: added one
+1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-11-27 18:59 millert
+ * check.c, find_path.c:
+ always include strings.h
+ [1fc20bda92c0]
- * sample.sudoers: Initial revision
+ * visudo.c:
+ added STATICEDITOR
+ [0596f820716e]
-1993-11-27 18:59 millert
+ * sudo.h:
+ sgi has vi in /usr/bin too
+ [94203b62bfd9]
- * sudo.man: updated with changes
+ * sudo.man:
+ added VISUAL
+ [87c2844c4cac]
-1993-11-27 18:52 millert
+1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.man: Initial revision
+ * sudo.h:
+ sue /usr/bin/vi on some systems
+ [e3ad9190f35e]
-1993-11-27 18:48 millert
+ * sudo.c:
+ fixed warning (include strings.h)
+ [0b896de4d8a0]
- * CHANGES, COPYING, INSTALL, README, TODO, indent.pro: Initial
- revision
+ * sudo.man:
+ added John_Rouillard@dl5000.bc.edu's changes (new features)
+ [f41b4205a8cf]
-1993-11-27 18:46 millert
+ * CHANGES:
+ changes from John_Rouillard@dl5000.bc.edu
+ [6bdef8e948d5]
- * visudo.c: updated version number and took out jeff's old addr
- since it is no good
+ * visudo.c:
+ added EDITOR envar
+ [5c4bf716de21]
-1993-11-27 18:42 millert
+ * check.c, find_path.c, parse.c, sudo.c:
+ added patches from John_Rouillard directory spec
+ uses EDITOR
+ [f62a435f8c41]
- * sudo.h, check.c, find_path.c, logging.c, parse.c, parse.lex,
- parse.yacc, sudo.c: updated version number and took out jeff's
- email (since it is invalid)
+1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-10-28 09:36 millert
+ * getpass.c:
+ added flush for hpux
+ [07cfdd6a7b55]
- * check.c: added fflush()
+1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-10-22 20:46 millert
+ * sudo.c:
+ no longer assume malloc returns a char *
+ [7480bd2756f3]
- * find_path.c: now return NULL instead pf\b\bof exiting for
- nopn\b\bn-fatal errors
+ * sudo.c:
+ alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
+ gets removed correctly
+ [8587166c6ac8]
-1993-10-21 16:57 millert
+ * sudo.h:
+ added STD_HEADERS macro
+ [480f5a9a516c]
- * check.c: new banner
+ * sudo.c:
+ now uses STD_HEADERS macor for ansi
+ [c5018806fd59]
-1993-10-21 16:42 millert
+ * find_path.c:
+ now uses STD_HEADERS macro
+ [ad821e0788ea]
- * parse.lex: now sudo.h gets included first
+ * check.c:
+ niceties for C compiler bitches -- no real change
+ [0fc0b1a5fb64]
-1993-10-17 20:31 millert
+1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.lex: now can use flex
+ * visudo.c:
+ now doesn't fclose a file never opened.
+ [ee888ec9427d]
-1993-10-17 20:31 millert
+1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.h: linux patch
+ * sudo.man:
+ added visudo line
+ [698d51c66407]
-1993-10-17 20:30 millert
+ * sudo.man:
+ added error stuff added me in there...
+ [d202fd34b906]
- * sudo.c: hpux 9 fix, removes SHLIB_PATH linux patch
+ * CHANGES:
+ noted insults
+ [998a22c2230c]
-1993-10-17 20:30 millert
+ * INSTALL:
+ added blurb about reading stuff
+ [e71db100798f]
- * check.c: linux diff
+ * sudo.h:
+ added insults
+ [c110431cec56]
-1993-10-15 16:03 millert
+ * insults.h:
+ corrected somments and removed newlines
+ [493706fd488c]
- * find_path.c: stat now ignores EINVAL
+ * check.c:
+ now uses insults
+ [6d23cf06a0ef]
-1993-10-05 21:48 millert
+ * insults.h:
+ Initial revision
+ [83153c26b4a3]
- * find_path.c, sudo.c: now declare strdup as extern
+ * INSTALL:
+ added dec syslog note
+ [555437273237]
-1993-10-04 15:23 millert
+ * sample.sudoers:
+ added real stuff in there
+ [53442a7fba78]
- * visudo.c: reformatted with indent + by hand
+ * TODO:
+ added a todo
+ [c630472bd4dc]
-1993-10-04 15:10 millert
+ * TODO:
+ added one
+ [806464453284]
- * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c,
- sudo.h: used indent to "fix" coding style
+1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-10-03 20:12 millert
+ * sample.sudoers:
+ Initial revision
+ [7db0a9f1ca8f]
- * find_path.c: now checks '.' or '.' or '' in PATH -- but does it
- LAST should maybe move the code that does this into the loop
- body. makes it messier tho. hmmm.
+ * sudo.man:
+ updated with changes
+ [d9bf254c6c08]
-1993-09-08 11:53 millert
+ * sudo.man:
+ Initial revision
+ [dd6f11174ac6]
- * find_path.c: redid the fix for non-executable files in an easier
- to read way plus some minor aethetic changes
+ * indent.pro:
+ Initial revision
+ [dbfbb494fad9]
-1993-09-08 11:39 millert
+ * CHANGES, COPYING, INSTALL, README, TODO:
+ Initial revision
+ [6d98f489a079]
- * find_path.c: fixed bug with non-executable tings of same name in
- path introduced by checkig errno after stat(2).
+ * visudo.c:
+ updated version number and took out jeff's old addr since it is no
+ good
+ [ee47c24818cb]
-1993-09-05 10:02 millert
+ * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
+ sudo.c, sudo.h:
+ updated version number and took out jeff's email (since it is
+ invalid)
+ [54616458a52e]
- * sudo.c: fixed off by one error
+1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-05 09:55 millert
+ * check.c:
+ added fflush()
+ [145c881f4fb4]
- * find_path.c: now handles decending below '/' correctly
+1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-05 08:35 millert
+ * find_path.c:
+ now return NULL instead pf\b\bof exiting for nopn\b\bn-fatal errors
+ [8bc74f8cb1ae]
- * sudo.c: now actually builds Envp instead of munging envp
+1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-04 15:42 millert
+ * check.c:
+ new banner
+ [5387ab2af516]
- * parse.yacc: now includes sys/param.h
+ * parse.lex:
+ now sudo.h gets included first
+ [2acb01c18e18]
-1993-09-04 15:41 millert
+1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: now includes sys/param.h
+ * parse.lex:
+ now can use flex
+ [164d3839adf0]
-1993-09-04 15:30 millert
+ * sudo.h:
+ linux patch
+ [f1b6b1b1a2ca]
- * sudo.h: fixed ifndef -> ifdef
+ * sudo.c:
+ hpux 9 fix, removes SHLIB_PATH linux patch
+ [67611dc1737f]
-1993-09-04 15:19 millert
+ * check.c:
+ linux diff
+ [c24536682397]
- * qualify.c: make more like find_path.c
+1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-04 15:18 millert
+ * find_path.c:
+ stat now ignores EINVAL
+ [c7761a5dc642]
- * find_path.c: rewritten by millert
+1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-04 15:17 millert
+ * find_path.c, sudo.c:
+ now declare strdup as extern
+ [6b7d6f8784b5]
- * sudo.h: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP
- added info about new defines in the comment
+1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-04 15:15 millert
+ * visudo.c:
+ reformatted with indent + by hand
+ [9d43084e4990]
- * logging.c: now uses USE_CWD
+ * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
+ used indent to "fix" coding style
+ [489ffacbdc70]
-1993-09-04 14:10 millert
+ * find_path.c:
+ now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
+ move the code that does this into the loop body. makes it messier
+ tho. hmmm.
+ [c4d22b48da9a]
- * sudo.h: added delc for clean_envp() and Envp
+1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-04 14:09 millert
+ * find_path.c:
+ redid the fix for non-executable files in an easier to read way plus
+ some minor aethetic changes
+ [84fe337f1426]
- * sudo.c: now rips LD_* env vars out of envp and passed sanitized
- Envp to exec
+ * find_path.c:
+ fixed bug with non-executable tings of same name in path introduced
+ by checkig errno after stat(2).
+ [c2a812cfcbc1]
-1993-09-04 14:09 millert
+1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c: now uses execve()
+ * sudo.c:
+ fixed off by one error
+ [fabb7cee0041]
-1993-09-04 14:08 millert
+ * find_path.c:
+ now handles decending below '/' correctly
+ [5d2ddfc0b220]
- * find_path.c: ENOTDIR is ok now too (in case part of the path is
- bogus)
+ * sudo.c:
+ now actually builds Envp instead of munging envp
+ [bdc4b08f6898]
-1993-09-04 08:17 millert
+1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * qualify.c: now works correctly (ttaltotal rewrite)
+ * parse.yacc:
+ now includes sys/param.h
+ [efbb494ab4de]
-1993-09-04 07:59 millert
+ * visudo.c:
+ now includes sys/param.h
+ [ad6c91d59958]
- * parse.lex: now includes sys/param.h didn't match trailing / --
- fix from rouilj@cs.umb.edu
+ * sudo.h:
+ fixed ifndef -> ifdef
+ [7aebe822d863]
-1993-06-11 18:04 millert
+ * qualify.c:
+ make more like find_path.c
+ [853b2dab2e03]
- * sudo.c: moved around the #ifndef _AIX
+ * find_path.c:
+ rewritten by millert
+ [c6a043cc11b3]
-1993-06-11 18:03 millert
+ * sudo.h:
+ fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
+ about new defines in the comment
+ [39ffefce3aec]
- * check.c, logging.c, parse.c: Initial revision
+ * logging.c:
+ now uses USE_CWD
+ [fa0f3b118bb3]
-1993-03-20 07:57 millert
+ * sudo.h:
+ added delc for clean_envp() and Envp
+ [a12034e300c2]
- * qualify.c: Initial revision
+ * sudo.c:
+ now rips LD_* env vars out of envp and passed sanitized Envp to exec
+ [d201a218e056]
-1993-03-13 15:09 millert
+ * logging.c:
+ now uses execve()
+ [f3e01032cd33]
- * find_path.c: now works if you do sudo bin/test
+ * find_path.c:
+ ENOTDIR is ok now too (in case part of the path is bogus)
+ [b5cbbb201bb5]
-1993-03-13 14:20 millert
+ * qualify.c:
+ now works correctly (ttaltotal rewrite)
+ [0c25d64a5c68]
- * find_path.c: works
+ * parse.lex:
+ now includes sys/param.h didn't match trailing / -- fix from
+ rouilj@cs.umb.edu
+ [b6363ba110af]
-1993-03-02 18:28 millert
+1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.h: Initial revision
+ * sudo.c:
+ moved around the #ifndef _AIX
+ [7d4330950c20]
-1993-03-02 11:35 millert
+ * check.c, logging.c, parse.c:
+ Initial revision
+ [c101e9572d7f]
- * visudo.c: Initial revision
+1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-03-02 11:32 millert
+ * qualify.c:
+ Initial revision
+ [5a5f21d0e0bf]
- * parse.lex, parse.yacc: Initial revision
+1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-02-16 13:24 millert
+ * find_path.c:
+ now works if you do sudo bin/test
+ [07835120ce43]
- * sudo.c: took out errno.h
+ * find_path.c:
+ works
+ [c3da8b5efa20]
-1993-02-16 13:22 millert
+1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: now spews error if exec fails and exits with -1
+ * sudo.h:
+ Initial revision
+ [28a1caa38b72]
-1993-02-16 12:07 millert
+ * visudo.c:
+ Initial revision
+ [0e5cd7c3cdbe]
- * sudo.c: Initial revision
+ * parse.lex, parse.yacc:
+ Initial revision
+ [5f2d0cccb06b]
-1993-02-15 22:27 millert
+1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * find_path.c: now only execs files with (an) executable bit set.
+ * sudo.c:
+ took out errno.h
+ [7466431a2655]
-1993-02-15 22:01 millert
+ * sudo.c:
+ now spews error if exec fails and exits with -1
+ [e5c41ea725c1]
- * find_path.c: Initial revision
+ * sudo.c:
+ Initial revision
+ [8aeabe39a0c2]
-1993-02-15 14:32 millert
+ * find_path.c:
+ now only execs files with (an) executable bit set.
+ [0a451f9c0e58]
- * getpass.c: added nice comment
+ * find_path.c:
+ Initial revision
+ [02a534891a35]
-1993-02-15 14:19 millert
+1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * getpass.c: now works on sgi's
+ * getpass.c:
+ added nice comment
+ [ea8b2aaa9389]
-1993-02-15 13:57 millert
+ * getpass.c:
+ now works on sgi's
+ [bf2b7c6d0960]
- * getpass.c: Initial revision
+ * getpass.c:
+ Initial revision
+ [9f4de251c1b5]