-2009-11-23 10:56 millert
+2013-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: cmnd_matches() already deals with negation so
- _cmndlist_matches() does not need to do so itself. Fixes a bug
- with negated entries in a Cmnd_List.
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Fix typo; bug 605
+ [41f7b46a6e51]
-2009-11-22 11:12 millert
+2013-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Don't exit() from open_sudoers, just return NULL for all
- errors.
+ * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo,
+ src/po/tr.mo:
+ Regen .mo files that were out of date.
+ [9e25a254f9db]
-2009-11-22 09:54 millert
+2013-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l: Add missing extern def for parse_error
+ * NEWS, configure, configure.in:
+ On Solaris 11 and higher, tag binaries for ASLR if supported by the
+ linker.
+ [a2a6cafa3e60]
-2009-11-20 19:11 millert
+ * mkpkg:
+ No longer need to disable PIE on Solaris.
+ [cf90019ae67e]
- * toke.c, toke.l: Avoid a parse error when #includedir doesn't find
- any files. Closes bug #375
+2013-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-11-20 19:03 millert
+ * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING:
+ Restrict default creation of PIE binaries (-fPIE and -pie) to Linux.
+ OpenBSD also supports PIE but enables it by default so we don't need
+ to do anything. This fixes problems on systems with a version of
+ GNU ld that accepts -pie but where the run-time linker doesn't
+ actually support PIE. Also verify that a trivial PIE binary works
+ unless PIE is explicitly enabled.
+ [3c5f125efeb1]
- * Makefile.in: Include sudo.man.pl and sudoers.man.pl in the
- distribution tarball.
+2013-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-11-04 09:42 millert
+ * aclocal.m4, configure, configure.in:
+ Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld
+ where we can end up crashing due to malloc() failures. Sems OK when
+ Using Sun as and ld.
+ [b8ba412102ab]
- * configure, configure.in: Fix a few typos in the descriptions;
- from Jeff Makey Only do the check for
- krb5_get_init_creds_opt_free() taking two arguments if we find
- krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
- positive when using our own krb5_get_init_creds_opt_free which
- takes only a single argument.
+ * NEWS:
+ Update with final changes.
+ [78ff6d2ed47a]
-2009-11-03 09:58 millert
+2013-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Remove a spurious comma in the kerb5
- bits.
+ * configure, configure.in:
+ Add -fPIE to PIE_LDFLAGS as per gcc manual.
+ [fe900cbb0780]
-2009-11-03 09:51 millert
+2013-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/kerb5.c: Call krb5_get_init_creds_opt_init() in our emulated
- krb5_get_init_creds_opt_alloc() for MIT kerberos.
+ * common/Makefile.in, compat/Makefile.in:
+ Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs
+ [f84bc7482b78]
-2009-09-30 09:50 millert
+ * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/visudo/test4.out.ok,
+ plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c:
+ Replace sequence number-based cycle detection in visudo with a
+ "used" flag in struct alias. The caller is required to call
+ alias_put() when it is done with the alias. Inspired by a patch
+ from Daniel Kopecek.
+ [0bdbac1b3b39]
+
+2013-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Eliminate a few relocations related to sudoers_io.
+ [18e9e2cc3367]
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po:
+ Sync with translationproject.org
+ [f38cc128a2ad]
+
+2013-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Clarify a comment.
+ [7a045ee06e95]
+
+2013-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Handle d_type == DT_UNKNOWN when resolving the device to a name and
+ sprinkle some more debugging.
+ [8774133747d9]
+
+2013-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Add message about disabling PIE if sudo gets SIGSEGV.
+ [c786af2a6751]
+
+ * plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
+ No longer store the ctime of a devpts tty. The handling of ctime on
+ devpts in Linux has been changed to conform to POSIX. As a result
+ we can no longer assume that the ctime will stay unchanged
+ throughout the life of the session. We store the session ID in the
+ time stamp file so there is a much smaller chance of the time stamp
+ file being reused by a new login. While here, store the uid/gid in
+ the timestamp file too for good measure.
+ [7028b21f7a9b]
+
+ * configure, configure.in:
+ PIE is broken on FreeBSD/arm
+ [f232c60d6229]
+
+ * mkpkg:
+ Add explicit sendmail path for Linux since we may not have sendmail
+ installed in the build chroot.
+ [1ba2f84f4ff0]
+
+2013-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c:
+ Quiet a few -Wunused-result compiler warnings.
+ [ef12afb61423]
+
+2013-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Mention what SHA-2 formats are supported.
+ [bf298d0fdf8a]
+
+ * doc/CONTRIBUTORS:
+ List code and translations separately.
+ [826547bc1295]
+
+2013-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
+ Sync with translationproject.org
+ [9499a6f438b8]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [cce449e284a6]
+
+ * Makefile.in:
+ Fix c-format for fatal/fatalx
+ [4ad81d3faaeb]
+
+2013-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h:
+ Change some error/errorx -> fatal/fatalx in comments and xgettext
+ flags.
+ [9d9b64fa2ec9]
+
+ * NEWS:
+ There is now a Turkish translation of sudoers.
+ [701c5af6aa76]
+
+ * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
+ Updated translations from translationproject.org including new
+ Turkish translation.
+ [9cedbb50d90f]
+
+2013-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document that sudoers will re-use existing I/O log paths unless they
+ are mktemp-style with trailing X's.
+ [4f43bd13d9e7]
+
+ * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
+ Allow ldap_conf and ldap_secret to be specified as plugin arguments
+ in sudo.conf
+ [37c6c425b565]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ sudoers_debug is now deprecated in favor of the sudo debugging
+ framework.
+ [1195be1ec254]
+
+ * plugins/sudoers/ldap.c:
+ Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use
+ SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the
+ debug file with the ldap subsystem. The sudoers_debug setting in
+ ldap.conf is still honored for now but will be removed in a future
+ release.
+ [cfa42b4b913e]
+
+2013-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers2ldif:
+ Add support for converting sudoers files with SHA-2 command digests.
+ [dc0d03485946]
+
+ * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg,
+ plugins/sudoers/sudoers2ldif:
+ Add copyright notice to scripts
+ [5e8bd4e6083f]
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test14.in,
+ plugins/sudoers/regress/sudoers/test14.out.ok,
+ plugins/sudoers/regress/sudoers/test14.toke.ok:
+ Add regress for SHA-2 digests.
+ [0b258c2a2a95]
+
+ * compat/getgrouplist.c:
+ Solaris maps negative gids to GID_NOBODY.
+ [57050e5c750f]
+
+ * plugins/sudoers/visudo.c:
+ Clear up an llvm checker warning which appears to be a false
+ positive and fix an old XXX while I'm at it.
+ [9ee13133e596]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
+ Correct last change date
+ [3bc1fa5b0f76]
+
+ * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c:
+ No need to translate this error message.
+ [4d9941970a26]
+
+ * doc/UPGRADE:
+ Mention .sl vs. .so extension handling on HP-UX Mention group
+ membership changes Fix typos
+ [40ac0efbdb2b]
+
+ * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c,
+ common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c,
+ common/setgroups.c, common/term.c, common/ttysize.c,
+ compat/Makefile.in, compat/dlopen.c, compat/endian.h,
+ compat/getline.c, compat/getprogname.c, compat/isblank.c,
+ compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c,
+ compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
+ compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
+ compat/strsignal.c, compat/utimes.c, doc/Makefile.in,
+ include/Makefile.in, include/alloc.h, include/fileops.h,
+ include/gettext.h, include/lbuf.h, include/missing.h,
+ include/sudo_plugin.h, pathnames.h.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/alias.c, plugins/sudoers/audit.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.h, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c,
+ plugins/sudoers/redblack.h,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.h, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/visudo.c, plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.c, src/Makefile.in,
+ src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c,
+ src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c,
+ src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h,
+ src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c,
+ src/utmp.c:
+ Update copyright years.
+ [5c6d72661bad]
+
+ * plugins/sudoers/mon_systrace.h:
+ Systrace support was removed long ago.
+ [10a038a2da77]
+
+2013-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok,
+ plugins/sudoers/regress/sudoers/test9.toke.out.ok:
+ Remove some files that were mistakenly added.
+ [833502da26de]
+
+ * common/sudo_debug.c, config.h.in, configure, configure.in,
+ plugins/sudoers/boottime.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c:
+ Use time(&now) instead of now = time(NULL) when storing the current
+ time in a time_t (better compiler error checking). Better parsing
+ and printing of 64-bit time_t on 32-bit platforms.
+ [c227dc72c04e]
+
+2013-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Don't check the tty of the parent process. Now that we get the
+ controlling tty device number from the kernel there is no need. If
+ the process has really disassociated from the tty then reporting
+ "unknown" is appropriate.
+ [62fb66e565db]
+
+2013-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/error.c:
+ Use EXIT_FAILURE instead of 1 as the fatal() exit value.
+ [ed94c2c5e88a]
+
+ * src/sesh.c:
+ Change remaining errorx -> fatalx
+ [3f6d70e19303]
+
+2013-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an
+ error if the entry already exists in the cache.
+ [94d45970400a]
+
+ * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot:
+ Change "foo: failed" to just "foo" since we print the string form of
+ errno. Gets rids of some useless translations.
+ [476f37349dbc]
+
+2013-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ Fix pasto in debug_decl
+ [08650186a239]
+
+ * plugins/sudoers/Makefile.in:
+ regen
+ [acf4c34fba2c]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/parse.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
+ Rename log_error() -> log_warning() for consistency with
+ warning()/fatal()
+ [474ed5a0e335]
+
+ * plugins/sudoers/auth/API:
+ The NO_EXIT flag was removed a while ago.
+ [e0a4be270226]
+
+ * common/aix.c, common/alloc.c, common/error.c, include/error.h,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c,
+ src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
+ src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
+ src/utmp.c:
+ Rename error/errorx -> fatal/fatalx and remove the exit value as it
+ was always 1.
+ [ea66f58c4da5]
+
+ * NEWS:
+ digests are supported in sudoers ldap too
+ [77d6c25f7653]
+
+ * plugins/sudoers/regress/check_symbols/check_symbols.c:
+ Print test failures to stdout like the final count so the outputis
+ not displayed out of order.
+ [f541b78ecb93]
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo,
+ plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo,
+ src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po,
+ src/po/it.po, src/po/tr.po:
+ Sync with translationproject.org
+ [cbd70678b99f]
+
+ * Makefile.in:
+ Check for any uncommitted changes in dist target and add force-dist
+ target that omit check-dist.
+ [78dc3f41e37e]
+
+2013-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/regress/ttyname/check_ttyname.c:
+ Fix logic bug when checking tty via ttyname().
+ [279aee076194]
+
+ * compat/endian.h:
+ Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and
+ __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX)
+ [fe35e0b04502]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [0ddebccd3045]
+
+ * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document digest support.
+ [d794c7b9a7bc]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/parser/check_base64.c:
+ Simple bas64 decode unit test.
+ [344b0df0fe50]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.h:
+ Move base64_decode into its own source file.
+ [30497e7f88bc]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Only check year against 2038 if time_t is 32-bit.
+ [9c1f2e3fc3ba]
+
+2013-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.h,
+ plugins/sudoers/sssd.c:
+ Add digest support for sudoers in ldap and sss.
+ [314937b5e59e]
+
+ * INSTALL, configure, configure.in:
+ Error out in configure if the compiler doesn't support "long long".
+ [d3645c1d50d1]
+
+ * plugins/sudoers/match.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Include stdint.h or inttypes.h before sha2.h
+ [20ad1c20313d]
+
+ * common/lbuf.c:
+ Simplify lbuf append functions by moving the realloc code into
+ lbuf_expand(). We now expand as needed each time bytes need to be
+ written to the lbuf. Also handle a NULL pointer being passed in for
+ paranoia's sake.
+ [6283ee562ef4]
+
+ * plugins/sudoers/iolog.c:
+ Zero out struct iolog_details early to avoid a potential (though
+ unlikely) dereference of stack garbage if we hit a fatal error
+ before iolog_deserialize_info() is called.
+ [2eeca8be05fb]
+
+2013-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Update copyright year.
+ [b843c6a43238]
+
+ * plugins/sudoers/sudoers_version.h:
+ Bump SUDOERS_GRAMMAR_VERSION for new digest support.
+ [188556fb8156]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/match.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Sanity check digest in parser so visudo can catch errors. Add base64
+ support
+ [b8586d5cc7ed]
+
+ * MANIFEST, compat/endian.h, config.h.in, configure, configure.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c:
+ For big endian architectures just use memcpy() instead of BE macros
+ in a loop.
+ [c71a0f4a8a8e]
+
+2013-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, config.h.in, configure, configure.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_digest.out.ok,
+ plugins/sudoers/sha2.h, plugins/sudoers/sssd.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c:
+ Initial implementation of checksum support in sudoers. Currently
+ supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format
+ validation in parser and base64 support. checksum support for
+ ldap sudoers
+ [b8f196346eca]
+
+2013-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h:
+ SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public
+ domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai
+ respectively.
+ [7511d07c0a83]
+
+2013-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Add sudo 1.8.6p8
+ [0666fd0321ae]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot:
+ Add missing "not" in error message when mixing standalone and non-
+ standalone authentication methods.
+ [7eba4439db73]
+
+ * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
+ Check for crypt() returning NULL. Traditionally, crypt() never
+ returned NULL but newer versions of eglibc have a crypt() that does.
+ Bug #598
+ [887b9df243df]
+
+ * plugins/sudoers/auth/pam.c:
+ Better PAM error messages
+ [fd7eda53cdd7]
+
+ * plugins/sudoers/auth/kerb5.c:
+ Better error messages
+ [98142874a2f4]
+
+ * plugins/sudoers/bsm_audit.c:
+ Use same error message for getauid() failure.
+ [07f0d88cb1df]
+
+ * plugins/sudoers/sssd.c:
+ Start warning with a lower case letter for consistency and to match
+ existing translated strings.
+ [b719ac52c9e3]
+
+2013-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Disable PIE on Solaris where it is not really supported.
+ [c36c84cdcc7a]
+
+ * src/ttyname.c:
+ AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
+ before we try to match it against st_rdev.
+ [5dab449fb962]
+
+ * src/ttyname.c:
+ Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
+ a problem finding the tty name when it is not in /dev/pts.
+ [6c205d087fa0]
+
+ * compat/snprintf.c:
+ Support %lld and %llu
+ [feabfa06c954]
+
+ * .hgignore, MANIFEST, src/Makefile.in,
+ src/regress/ttyname/check_ttyname.c:
+ Add ttyname test.
+ [e987038f8c07]
+
+2013-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po,
+ src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
+ src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po,
+ src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
+ Sync with translationproject.org
+ [4d7b73b22079]
+
+ * plugins/sudoers/timestamp.c:
+ Log timestampfile to debug file.
+ [e997281146c0]
+
+ * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot:
+ Don't add the "Password: " string we look up in the PAM text domain
+ to the sudoers.pot file.
+ [771b52244abf]
+
+2013-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot:
+ Synce with regcomp() error message change.
+ [fc6d3dfb8eb8]
+
+ * plugins/sudoers/sudoreplay.c:
+ Be consistent with error message when regcomp() fails.
+ [de6c69ba04e4]
+
+2013-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/testsudoers/test5.out.ok,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ Use group -1 instead of 1 as the invalid group since the running
+ user might have group 1 as their default group.
+ [71404a9fa75d]
+
+ * plugins/sudoers/Makefile.in:
+ PWD may be a shell builtin, use CWD instead.
+ [c443105c5091]
+
+2013-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Split up check_user().
+ [ce7cc0767589]
+
+2013-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in:
+ Cosmetic fixes in the comments.
+ [640abee43c14]
+
+2013-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status
+ message for visibility checks when the test fails.
+ [99665477ee55]
+
+ * config.h.in:
+ regen
+ [00c22606719a]
+
+ * configure, configure.in:
+ We no longer use mbr_check_membership() and setrlimit64() is AIX-
+ specific.
+ [43caf685a1f1]
+
+ * Makefile.in:
+ The first (all) target must be by itself or some makes will choose
+ the run the entire target list.
+ [16cf3def49f5]
+
+ * configure, configure.in:
+ Do exec_prefix expansion when enable_shared even if noexec is not
+ enabled.
+ [7ed28cb32d8d]
+
+ * compat/getgrouplist.c:
+ Use free() not efree() since we don't include alloc.h here
+ [1a008737be24]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [b939f941346f]
+
+ * plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ Pass in expected gid to testsudoers in addition to the uid that
+ matches the test sudoers files.
+ [6a1710e8cac1]
+
+2013-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Tru64 5.x does declare innetgr() and getdomainname().
+ [c75598e69c7e]
+
+ * plugins/sudoers/match.c:
+ Fix compilation when getdomainame() is not present.
+ [e831b017a962]
+
+ * config.h.in, configure.in, include/missing.h:
+ Move SET/CLR/ISSET from config.h.in to missing.h
+ [3a3dd29fd7f0]
+
+ * configure, configure.in:
+ Fix getgrouplist() check.
+ [12a2adf60e98]
+
+ * MANIFEST:
+ No more timestamp.h
+ [5677e26afc0f]
+
+ * plugins/sudoers/check.c:
+ Neded sys/time.h for struct timeval in struct sudo_tty_info.
+ [aceaadd8c400]
+
+ * plugins/sudoers/Makefile.in:
+ regen depends
+ [21675a8b67e5]
+
+ * NEWS:
+ Mention libibmldap on HP-UX
+ [75b4e4b22950]
+
+ * NEWS, plugins/sudoers/match.c:
+ Instead of checking the domain name explicitly for "(none)", just
+ check for illegal characters.
+ [ce35dda811db]
+
+ * plugins/sudoers/visudo.c:
+ Only warn once when we are unable to open the sudoers file.
+ [9e27e3aa5b10]
+
+ * plugins/sudoers/sudoers.c:
+ Fall back to opening /dev/tty to determine whether there is a tty if
+ the system doesn't have kernel support for determing the tty.
+ [2775bcf9a9b5]
+
+ * compat/getprogname.c:
+ Update guard to take __progname into account
+ [60eae3f20232]
+
+ * compat/snprintf.c:
+ Some older systems have inttypes.h but not stdint.h
+ [ed1ef160015f]
+
+ * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c,
+ compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c,
+ compat/getline.c, compat/getprogname.c, compat/glob.c,
+ compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
+ compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
+ compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
+ compat/strsignal.c, compat/utimes.c:
+ Add guards in compat source files. Not really needed since we only
+ include them in the Makefile if they are needed but should not hurt
+ either.
+ [8cbd3b4595b9]
+
+2013-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Don't include gram.h in gram.y, its contents are already included.
+ Move sudoerserror to the end of gram.y so COMMENT is declared when
+ we need to use it.
+ [7d72ebdd7222]
+
+2013-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in:
+ Remove some pre-ANSI cruft.
+ [6a95704b2116]
+
+ * plugins/sudoers/match.c:
+ Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h
+ when it is set.
+ [da40c550ffed]
+
+ * NEWS, plugins/sudoers/iolog_path.c:
+ We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but
+ just leave it as-is.
+ [9a22de140d28]
+
+2013-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Add missing semicolon in rule.
+ [817d3f1b2a21]
+
+ * plugins/sudoers/sudoers.c:
+ Now that we can determine the terminal even when file descriptors
+ are redirected we can check user_ttypath rather than opening
+ /dev/tty when enforcing requiretty.
+ [56a28bc09041]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Stash umask in struct sudo_user so we don't need to look it up
+ later.
+ [9f85749199dc]
+
+ * plugins/sudoers/sudoers.c:
+ Minor cosmetic change
+ [c373e106ed49]
+
+ * plugins/sudoers/regress/parser/check_addr.c:
+ No longer need to declare interfaces
+ [d7ff7e579557]
+
+ * plugins/sudoers/logging.c:
+ Fix compilation in SUDOERS_NO_SEQ case
+ [9a6db9247534]
+
+ * plugins/sudoers/regress/parser/check_addr.c:
+ No longer need to define sudo_printf
+ [578ad13c3546]
+
+ * plugins/sudoers/check.c, plugins/sudoers/check.h,
+ plugins/sudoers/timestamp.c:
+ Pass auth_pw to the timestamp functions.
+ [f603649177d6]
+
+ * plugins/sudoers/iolog_path.c:
+ Fix SUDOERS_NO_SEQ
+ [17881f9bcd68]
+
+ * plugins/sudoers/locale.c:
+ Don't need all of sudoers.h in here
+ [c518150c6483]
+
+ * plugins/sudoers/sudoers.c:
+ Don't need to include sudoers_version.h here.
+ [8abb31102119]
+
+2013-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ DEFAULT_LECTURE is no longer used.
+ [f565c00a68c1]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
+ Move sudo_conv into policy.c
+ [f699aee7136b]
+
+ * plugins/sudoers/pwutil.c:
+ cosmetic fixes
+ [930e60389ca8]
+
+ * plugins/sudoers/match.c:
+ RHEL (and perhaps other Linux distros) use the string "(none)"
+ instead of an empty string when there is no actual NIS-style domain
+ name. Bug #596
+ [11aec11489ac]
+
+ * plugins/sudoers/match.c:
+ Fix return values when NAME_MATCH is defined.
+ [ce030be9ccef]
+
+2013-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h:
+ Update copyright year.
+ [7e4b8d49addd]
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h:
+ Add sudo_set_grlist(), currently unused by the back end.
+ [b37ac1d0e8fc]
+
+ * plugins/sudoers/pwutil.c:
+ Remove unused macros, fix a debug_decl
+ [6136fb4a0d3b]
+
+ * include/missing.h:
+ Tru64 Unix doesn't prototype innetgr() or getdomainname().
+ [585ac1874dfe]
+
+ * include/missing.h:
+ Whitespace fixes
+ [0bb28cd91d97]
+
+ * common/error.c:
+ Don't need to include setjmp.h here, error.h already includes it.
+ [fd05ab00e186]
+
+2013-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/Makefile.in, plugins/sudoers/Makefile.in:
+ regen depends
+ [57991f5e16b4]
+
+ * plugins/sudoers/check.h:
+ Rename guard define.
+ [ccf4dba241d6]
+
+ * plugins/sudoers/check.c, plugins/sudoers/check.h,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
+ Move contents of timestamp.h into check.h.
+ [c139757a9283]
+
+ * plugins/sudoers/sudoers.h:
+ expand_prompt() is now in prompt.c sudo_printf extern is now in
+ error.h
+ [219bd74ca62b]
+
+ * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h,
+ plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h,
+ plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h,
+ plugins/sudoers/insults.h, plugins/sudoers/interfaces.h,
+ plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.h,
+ plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h,
+ plugins/sudoers/toke.h:
+ Change multiple inclusion guards to be _SUDOERS_FOO_H
+ [faace6d55e78]
+
+2013-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
+ src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po:
+ New Dutch translation for sudo and sudoers New Turkish translation
+ for sudo From translationproject.org
+ [bc918b7b23a4]
+
+2013-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ Fix a typo in a comment and make sure we don't mistakenly include
+ _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in
+ [694d12ac70ec]
+
+2013-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Don't build check_symbols if we are linking sudoers in statically.
+ [f6602723bab7]
+
+ * configure, configure.in:
+ Use $host_os not $host when we only care about the os name and
+ version.
+ [05e4f4fcba06]
+
+ * aclocal.m4, configure, configure.in:
+ Suppress duplicate -L and -I flags.
+ [228f2f581aed]
+
+ * common/Makefile.in, compat/regress/fnmatch/fnm_test.c:
+ Fix regress tests on non-OpenBSD platforms.
+ [9d91bc859c50]
+
+ * configure, configure.in:
+ If we find sasl/sasl.h there's no need to check for sasl.h too
+ [889efaa86012]
+
+ * aclocal.m4, configure, configure.in:
+ Add -R flags at the very end after configure link tests are done
+ since we can only count on libtool to accept -R, the compiler front
+ end may not. Also unify the libldap and libibmldap tests using
+ AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by
+ libibmldap (but is not an explicit dependency).
+ [ab1451894351]
+
+2013-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Back out changes that broke detection of skey, opie and ldap
+ libraries.
+ [ffa82b8f8641]
+
+ * plugins/sudoers/regress/testsudoers/test1.sh,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/testsudoers/test4.sh,
+ plugins/sudoers/regress/testsudoers/test5.sh,
+ plugins/sudoers/regress/visudo/test1.sh,
+ plugins/sudoers/regress/visudo/test2.sh,
+ plugins/sudoers/regress/visudo/test3.sh:
+ Add explicit "exit 0" to prevent the check target from ending
+ prematurely.
+ [cca411b492bd]
+
+ * plugins/sudoers/Makefile.in:
+ Fix exit values in check target so we don't have to ignore errors.
+ [cbc429c409e9]
+
+ * plugins/sudoers/Makefile.in:
+ Fail a test if there is unexpected stderr output.
+ [4fc24d536bec]
+
+ * MANIFEST:
+ Fix path to sudo.conf manuals; remove non-existant test2.err.ok
+ [6b8bcd60dd85]
+
+ * src/load_plugins.c:
+ Fix compilation in dynamic mode.
+ [679856fa0774]
+
+ * configure, configure.in:
+ On HP-UX, libibmldap has a hidden dependency on libCsup
+ [22994709d77c]
+
+ * compat/dlopen.c:
+ Pass BIND_VERBOSE to shl_load()
+ [0060b9cfa9ab]
+
+ * configure, configure.in:
+ Only create static helper libs when --disable-shared is specified.
+ [1fcdb1a437e0]
+
+ * src/load_plugins.c:
+ Ubreak static build.
+ [4ac9f96be285]
+
+ * INSTALL, aclocal.m4, configure, configure.in:
+ Replace --with-rpath and --with-blibpath with --disable-rpath. Now
+ that we use libtool for linking we can just use the -R flag and have
+ libtool translate it to the proper linker flag.
+ [09798fad6888]
+
+2013-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Bump I/O buffer size 32K
+ [4ef793225309]
+
+2013-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in:
+ Document sesh Path setting.
+ [34b0b903b4f8]
+
+ * src/exec.c, src/exec_common.c:
+ Move exec_cmnd to exec.c to fix a compilation issue with sesh.c
+ [06aa1956f38d]
+
+ * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h,
+ src/selinux.c:
+ Make sesh path configurable in sudo.conf
+ [91d331f273b7]
+
+ * configure, configure.in:
+ Use -fno-pie and -nopie if supported when --disable-pie is
+ specified.
+ [777138c04dcc]
+
+2013-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Document direct execution of the command if the policy plugin has no
+ close function.
+ [6a14145c6e80]
+
+2013-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Only delete creds if we actually established them. Print an error if
+ pam_setcred() fails and we actually authenticated.
+ [1e015314903b]
+
+ * common/Makefile.in, plugins/group_file/Makefile.in:
+ regen
+ [dd8cee2a5e1b]
+
+ * common/alloc.c, include/alloc.h:
+ Convert efree() to a macro that just casts to void * and does
+ free(). If the system free() can't handle free(NULL) this may crash
+ but C89 was a long time ago.
+ [efd0ff9270fb]
+
+ * configure, configure.in:
+ Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS.
+ Fixes a problem with errno sometimes not being set on error on HP-
+ UX.
+ [54b419d58320]
+
+ * common/sudo_debug.c:
+ Fix debug logging from the plugin when there is no error number.
+ This was broken in the big debugging reorg for 1.8.7.
+ [2ea7e145e928]
+
+2013-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/load_plugins.c:
+ Always install plugins with a .so extension regardless of what
+ extension the system uses for shared libraries. That way the
+ group_plugin sudoers setting can be shared between heterogenous
+ systems.
+ [a7e6ecff6fdf]
+
+ * plugins/sudoers/match.c:
+ Mac OS X has netgroup functions in netdb.h.
+ [243881a974aa]
+
+ * plugins/sudoers/parse.h:
+ Tags in struct cmndtag can be set to IMPLIED as well.
+ [cb6926988cc8]
+
+ * plugins/sudoers/parse.c:
+ Quiet a compiler warning.
+ [14e608c2001d]
+
+ * plugins/sudoers/testsudoers.c:
+ Quiet an llvm checker warning.
+ [2eeb9f3d08f3]
+
+ * plugins/sudoers/parse.c:
+ Quiet gcc -Wuninitialized false positive
+ [643ad987503d]
+
+2013-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in:
+ Document group_file and system_group plugins.
+ [b56511e79230]
+
+ * NEWS:
+ Sudo 1.8.7
+ [e95183b8fa27]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Try to clarify that sudoedit in sudoers should not include a leading
+ pathname.
+ [7b2beac92a9c]
+
+ * plugins/sudoers/pwutil_impl.c:
+ Make sure groupname_len is at least 32 just to be on the safe side.
+ It is better to allocate a little extra and not need it than to have
+ to reallocate and start over.
+ [6d3e1ba47de9]
+
+ * include/alloc.h, include/missing.h:
+ Add __malloc_like macro to apply __malloc__ attribute to emalloc,
+ ecalloc and estrdup. It cannot be applied to realloc since that may
+ return the same pointer.
+ [8d70cb81d1f1]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix potential double free in an error path.
+ [657573feb6a4]
+
+ * src/exec_pty.c:
+ When running the command in a pty, defer the call to exec_setup()
+ until just before we exec the command. This is consistent with the
+ non-pty path. As a side effect, the monitor process runs as root
+ and not the runas user.
+ [e2a7f8c7ee4c]
+
+2013-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/closefrom.c:
+ Update copyright year.
+ [9b652af4dfc0]
+
+2013-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/closefrom.c:
+ Use pst_highestfd from pstat_getproc() on HP-UX.
+ [09f3fea46a3d]
+
+2013-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, common/Makefile.in, doc/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Clean up generated test files and other minor housekeeping.
+ [f5f4fdd908e1]
+
+ * plugins/sudoers/iolog.c:
+ Add back gettimeofday() call inadvertantly removed in e1abb9810a83
+ [675cce8401ae]
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Use pstat() on HP-UX to determine the tty device.
+ [2884af22a9df]
+
+ * plugins/sudoers/auth/pam.c:
+ Fix PAM compilation: def_pam_session, not just pam_session.
+ [5417d7acc6ea]
+
+ * doc/fixmdoc.sh:
+ Don't remove the -S option description when trimming out selinux.
+ Bug #592
+ [8a94f2cfa0a0]
+
+2013-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for Sudo 1.8.6p7
+ [0858a73e9c40]
+
+2013-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Document when sudo may exec the command directly instead of forking.
+ [da41951edc28]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Document that close and version be NULL for plugin API >= 1.3 and
+ that sudo may execute the command directly if there is no close, or
+ pty or timeout needed.
+ [e5f929ddeaf8]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Fix debug_decl for sudo_auth_begin_session and
+ sudo_auth_end_session.
+ [58243392c0df]
+
+ * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
+ Add pam_session sudoers option.
+ [d994465db9f1]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h:
+ Dummy out close function if there is no end_session for the auth
+ method and the front-end can handle a NULL close function. Avoids
+ the extra sudo process when we don't actually need it.
+ [74886d5b0fb6]
+
+2013-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, aclocal.m4:
+ Add m4/ to paths m4_include parameters so we don't need to use
+ autoconf's -I flag.
+ [4fd86e7a84f3]
+
+ * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h,
+ src/sudo_plugin_int.h:
+ If the policy plugin does not provide a close function, there is no
+ command timeout and no pty is required, skip the event loop and just
+ exec the command directly.
+ [ad532f107170]
+
+ * src/sudo.c:
+ Do not crash if the plugin close and version functions are not
+ defined. If there is no policy close function, simply print a
+ warning that the command was not found.
+ [c789a9dd54e8]
+
+2013-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c:
+ Fix typos in selinux/solaris privs specific code.
+ [9af3999361b4]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, src/parse_args.c:
+ Pass the default plugin directory to the plugin via the settings
+ list. Could be used by a stacking plugin.
+ [688e771fc145]
+
+ * plugins/sudoers/timestamp.c:
+ Completely ignore time stamp file if it is set to the epoch,
+ regardless of what gettimeofday() returns.
+ [df58842af660]
+
+ * doc/CONTRIBUTORS:
+ Add Nikolai Kondrashov
+ [df59791438f9]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Use userpw_matches() for username matching so #uid works for
+ sudoRunAsUser.
+ [a124062334df]
+
+ * plugins/sudoers/sssd.c:
+ Avoid calling realloc3() with a zero size parameter when all
+ retrieved sssd rules fail. Otherwise we'll get a run-time error due
+ to malloc(0) checking.
+ [84dfcb73ebd7]
+
+ * plugins/sudoers/sssd.c:
+ Do not send error mail if a user is not found in SSSD. Local users
+ can run sudo too. From Nikolai Kondrashov
+ [3d2ae99ee468]
+
+2013-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/regress/sudo_conf/test4.in,
+ common/regress/sudo_conf/test4.out.ok:
+ Test setting disable_coredump to illegal value.
+ [3c71c6c49027]
+
+ * common/sudo_conf.c:
+ Fix atobool() usage.
+ [d40c9f4d06b0]
+
+ * common/regress/sudo_conf/conf_test.c:
+ Remove unused variable.
+ [328b524b365b]
+
+ * plugins/sudoers/sudoers.c:
+ Make "sudo -l non_existent_command" warn that non_existent_command
+ doesn't exist, not the "list" pseudo-command.
+ [9dc0388fc4f3]
+
+ * plugins/sudoers/parse.c:
+ Make sudoers file long list output better match the format used by
+ ldap sudoers. Tags are now converted to options and there is a
+ single command per line.
+ [6e6dc3f20d84]
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
+ doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Use the correct the sudoers policy symbol names and undo an editor
+ goof committed when adding max_groups to sudo.conf.
+ [2a6f7ddf5cc3]
+
+ * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
+ For "sudo -l" start a new line if the runas list changes to make the
+ output easier to read.
+ [7dc3d724c924]
+
+2013-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
+ For "sudo -l" and "sudo -ll" only print the runas info for
+ subsequent commands in a list if the runas info has changed. If we
+ have new runas info, print out the tags again so as to be less
+ confusing to the user. For "sudo -ll" set the line continuation
+ indent to 8.
+ [b5ec02fe7fc1]
+
+2013-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
+ plugins/group_file/group_file.c, plugins/group_file/group_file.exp,
+ plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in,
+ plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
+ plugins/sample_group/sample_group.c,
+ plugins/sample_group/sample_group.exp:
+ Rename sample_group plugin to group_file. Install group_file and
+ system_group plugins by default.
+ [951b3e446fae]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/iolog.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add maxseq sudoers option to limit the max number of I/O log files.
+ [e1abb9810a83]
+
+2013-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Log lines and columns in the iolog file.
+ [03adb6230e05]
+
+2013-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c,
+ common/regress/sudo_conf/test1.in,
+ common/regress/sudo_conf/test1.out.ok,
+ common/regress/sudo_conf/test2.in,
+ common/regress/sudo_conf/test2.out.ok,
+ common/regress/sudo_conf/test3.in,
+ common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c,
+ include/sudo_conf.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c,
+ src/sudo.c:
+ Add simple regress tests for sudo.conf parsing.
+ [3c36b61bf61c]
+
+ * src/sudo.c:
+ Always display the I/O plugin version as long as its open functions
+ doesn't return an error. Previously it was only displayed if the
+ plugin open returned 1.
+ [4b0277db3f8c]
+
+ * plugins/sudoers/pwutil_impl.c:
+ Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead
+ of poking around in struct utmpx.
+ [2c0cc5c42958]
+
+ * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c:
+ #include "sudo_usage.h" not <sudo_usage.h> so we get the one in the
+ build directory and not the src dir when using a separate build
+ directory.
+ [1fcb7ba13018]
+
+2013-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/fileops.c:
+ If a line was longer that 0x80000000 the bit hack to round to the
+ next power of two would roll over to zero.
+ [f4f729cf6f0f]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/sudoers.h, src/sudo.c:
+ Use max_groups in front-end and plugin.
+ [bf1e74166831]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, src/parse_args.c:
+ Pass max_groups to plugin in settings list.
+ [d7d76e8651f4]
+
+ * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, include/sudo_conf.h:
+ Add max_groups setting to sudo.conf (currently unused) and remove
+ unused return value from setters.
+ [f6494f71e1f0]
+
+2013-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Reorganize configure options
+ [23475de8039f]
+
+2013-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Add Sudo 1.8.6p7
+ [5192fc511cbe]
+
+2013-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL.configure:
+ Sync with autoconf 2.68
+ [985e5c8efa4e]
+
+ * INSTALL, README:
+ Remove obsolete OS notes and move build requirements to INSTALL.
+ [bf0dd53ca164]
+
+2013-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Sort elements of the settings, user_info and command_info lists.
+ [663062ada5b7]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Remove trailing white space
+ [027916a6c8e7]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
+ Store the session ID in the tty ticket file too. A tty may only be
+ in one session at a time so if the session ID doesn't match we
+ ignore the ticket.
+ [4eb2cb8df48b]
+
+2013-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Move tzset() call from sudoers plugin to sudo front end.
+ [3c058dad8772]
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Mention line continuation
+ [399873f8c805]
+
+ * MANIFEST, common/Makefile.in, common/fileops.c,
+ common/regress/sudo_parseln/parseln_test.c,
+ common/regress/sudo_parseln/test1.in,
+ common/regress/sudo_parseln/test1.out.ok,
+ common/regress/sudo_parseln/test2.in,
+ common/regress/sudo_parseln/test2.out.ok,
+ common/regress/sudo_parseln/test3.in,
+ common/regress/sudo_parseln/test3.out.ok,
+ common/regress/sudo_parseln/test4.in,
+ common/regress/sudo_parseln/test4.out.ok,
+ common/regress/sudo_parseln/test5.in,
+ common/regress/sudo_parseln/test5.out.ok,
+ common/regress/sudo_parseln/test6.in,
+ common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c,
+ include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/sudo_nss.c:
+ Add line continuation support to sudo_parseln() and make it use
+ getline() instead of fgets() internally.
+ [d02bf3973fc5]
+
+2013-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample/sample_plugin.c:
+ Fix memory leak in error path; found by llvm checker
+ [d090c26a5b00]
+
+ * plugins/sudoers/sudoreplay.c:
+ Remove useless store detected by llvm checker.
+ [12a4db91651a]
+
+ * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in,
+ src/load_plugins.c, sudo.pp:
+ Sudo now stores its libexec files in a "sudo" subdirectory instead
+ of in libexec itself. For backwards compatibility, if the plugin is
+ not found in the default plugin directory, sudo will check the
+ parent directory default directory ends in "/sudo".
+ [5de67de76489]
+
+ * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c,
+ plugins/system_group/system_group.c:
+ Add missing __dso_public to plugin structs so they are exported.
+ [dde703577621]
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ Mention that sudoers has its own plugins too.
+ [0a6c6203b512]
+
+2013-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Correct last change date.
+ [45894291d792]
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in:
+ Remove duplicated sudo.conf info in the sudo, sudoers and
+ sudo_plugin manuals and cross-reference the new sudo.conf manual.
+ [b808ba29cf3a]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
+ Fix typos
+ [0e70964150c6]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Fix some typos.
+ [94ae045cfbc6]
+
+ * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in:
+ Add standalone sudo.conf manual page.
+ [d64d949b700c]
+
+ * doc/sample.sudo.conf:
+ add group_source example
+ [118c1ba1c014]
+
+ * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in,
+ doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf.
+ [f5bd6006dc1c]
+
+ * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo,
+ src/po/it.po:
+ Sync with translationproject.org
+ [a6f2b9aac371]
+
+2013-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo,
+ src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo,
+ src/po/vi.po:
+ Sync with translationproject.org
+ [ba546666969d]
+
+2013-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo,
+ plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po,
+ src/po/es.po, src/po/gl.po:
+ Sync with translationproject.org
+ [cdc454e34c03]
+
+2013-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Clarify ttyname changes.
+ [cbf2f80fe582]
+
+ * NEWS:
+ Add 1.8.6p6
+ [3aa591e98b3b]
+
+ * src/ttyname.c:
+ Remove ttyname() fall back code on systems where we can query the
+ kernel for the tty device via /proc or sysctl(). If there is no
+ controlling tty, it is better to just treat the tty as unknown
+ rather than to blindly use what is hooked up to std{in,out,err}.
+ [b2bd3005d2e4]
+
+2013-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c:
+ Add group_source setting in sudo.conf to allow the admin to specify
+ how a user's groups are looked up. Legal values are static (just
+ the kernel list from getgroups), dynamic (whatever the group
+ database includes) and adaptive (only use group db if kernel group
+ list is full).
+ [87a5b02e22ad]
+
+ * plugins/sudoers/policy.c:
+ Pass back exec_background to front end if it is enabled in sudoers.
+ [8230e1cd0bbd]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Mention that exec_background is for 1.8.7 and higher only.
+ [fdf0d5a3e182]
+
+2013-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ Add missing test files.
+ [1165389aa5e6]
+
+ * plugins/sudoers/regress/visudo/test3.err.ok,
+ plugins/sudoers/regress/visudo/test3.out.ok,
+ plugins/sudoers/regress/visudo/test3.sh:
+ Add regress test for bug 361
+ [54c7fb61b82d]
+
+ * plugins/sudoers/iolog.c:
+ Add __dso_public to extern declaration of declaration to match
+ actual definition.
+ [4695ded501e6]
+
+ * NEWS:
+ Add 1.8.6p5
+ [b07b28c5c4d7]
+
+2013-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok,
+ plugins/sudoers/regress/visudo/test2.out.ok,
+ plugins/sudoers/regress/visudo/test2.sh:
+ Add test for visudo cycle check core dump; test case from Daniel
+ Kopecek
+ [41074541147a]
+
+ * plugins/sudoers/visudo.c:
+ Fix potential stack overflow due to infinite recursion in alias
+ cycle detection. From Daniel Kopecek.
+ [d7e018a87434]
+
+ * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c:
+ Ignore duplicate entries in sudo.conf and report the line number
+ when there is an error. Warn, don't abort if there is more than one
+ policy plugin.
+ [dfcb5a698f0a]
+
+ * plugins/sudoers/tsgetgrpw.c:
+ Use strtoul() not atoi().
+ [58a52cf9b6b8]
+
+2013-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/Makefile.in:
+ regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo
+ [9b44e9d26d16]
+
+ * compat/nss_dbdefs.h:
+ Fix typo that breaks the build on HP-UX.
+ [b9ab6ba23485]
+
+ * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in,
+ configure, configure.in:
+ Use nss_search() to implement getgrouplist() where available.
+ Tested on Solaris and HP-UX. We need to include a compatibility
+ header for HP-UX which uses the Solaris nsswitch implementation but
+ doesn't ship nss_dbdefs.h.
+ [d29dbc4dc06d]
+
+2013-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h:
+ Remove extra flag to sudo_sigaction(). We want to trap the signal
+ regardless of whether or not it is ignored by the underlying command
+ since there's no way to know what signal handlers the command will
+ install. Now we just use sudo_sigaction() to set a flag in
+ saved_signals[] to indicate whether a signal needs to be restored
+ before exec.
+ [c042d52c7192]
+
+2013-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/getgrouplist.c, config.h.in, configure, configure.in:
+ Use _getgroupsbymember() on Solaris to get the groups list. Fixes
+ performance problems with the getgroupslist() compat on Solaris
+ systems with network-based group databases.
+ [287d3ae2ce8d]
+
+2013-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Document signal handler behavior in plugin API 1.3
+ [20dc9d1c105f]
+
+ * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c,
+ src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h:
+ Move signal code into its own source file and add sudo_sigaction()
+ wrapper that has an extra flag to check the saved_signals list to
+ only install the handler if the signal is not already ignored. Bump
+ plugin API version for the new front-end signal behavior.
+ [5d2f27a1b404]
+
+ * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h,
+ src/sudo_exec.h:
+ Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute
+ the command. If we get SIGINT or SIGQUIT, call the plugin close()
+ functions as if the command was interrupted. If we get SIGTSTP,
+ uninstall the handler and deliver SIGTSTP to ourselves.
+ [332baf3a81b7]
+
+ * src/exec.c, src/exec_pty.c:
+ Rename handle_signals() to dispatch_signals(). Block other signals
+ in handler() so we don't have to worry about the write() being
+ interrupted.
+ [666e95c9a0f1]
+
+2013-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/tgetpass.c:
+ Rename signal handler to avoid name clash with one in exec.c
+ [8913101a29b6]
+
+2013-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ Add missing call to save_signals().
+ [47d075d7326b]
+
+2013-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Fill in the comment block at the top of the .pot files and preserve
+ it when regenerating them.
+ [6449497b76db]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
+ Add exec_background option in plugin command info and a sudoers
+ option to match. When set, commands are started in the background
+ and automatically foregrounded as needed. There are issues with
+ some ill-mannered programs (like Linux su) so this is not the
+ default.
+ [c0b32b0938f2]
+
+ * common/Makefile.in:
+ regen
+ [2b2b220e7aea]
+
+ * src/Makefile.in:
+ Add SESH_OBJS variable for sesh object files.
+ [d3e04ae8fd1f]
+
+ * configure.in, doc/LICENSE, plugins/sudoers/redblack.c:
+ Update copyright year.
+ [61a0f0cedb13]
+
+ * src/exec_pty.c:
+ Always resume the command in the foreground if sudo itself is the
+ foreground process. This helps work around poorly behaved programs
+ that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At
+ worst, sudo will go into the background but upon resume the command
+ will be runnable. Otherwise, we can get into a situation where the
+ command will immediately suspend itself.
+ [c368ac3eb2e4]
+
+ * configure, configure.in:
+ Use -fstack-protector-all in preference to -fstack-protector where
+ supported.
+ [f930c95ceb51]
+
+2013-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Only test for -fstack-protector and -fvisibility=hidden on GNU
+ compatible compilers.
+ [796f4696d863]
+
+2013-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Add Sudo 1.8.6p4
+ [8a928de8e717]
+
+ * common/Makefile.in, compat/Makefile.in, configure, configure.in,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Break out stack smashing protector options into SSP_CFLAGS and
+ SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
+ [01be114fc9fb]
+
+2013-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
+ In rbrepair(), make sure we never try to change the color of the
+ sentinel node, which is the first entry, not the root. From Michael
+ King
+ [3fc4dc4004ec]
+
+2012-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ No need to restore default signal handler for SIGSTOP as it is not
+ catchable. Attempting to do so is harmless but sigaction() will
+ fail and set errno to EINVAL which makes it looks like there is an
+ error.
+ [be7c0b759e9a]
+
+ * src/exec.c:
+ Print SIGCONT_FG and SIGCONT_BG properly in debug output.
+ [93e59e301c8f]
+
+2012-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
+ [9ed48f696595]
+
+2012-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Add howmany() macro since some systems have this in sys/param.h
+ which we no longer include.
+ [2c5efaa16c45]
+
+2012-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/sudoers/test11.toke.out.ok:
+ Remove errant file.
+ [a91699beffc6]
+
+2012-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Remove obsolete sudoers_cleanup() stubs.
+ [89153025a2ae]
+
+ * common/alloc.c, common/atobool.c, common/fileops.c,
+ common/fmt_string.c, common/lbuf.c, common/secure_path.c,
+ common/sudo_conf.c, common/sudo_debug.c, common/term.c,
+ compat/closefrom.c, compat/getcwd.c, compat/glob.c,
+ compat/snprintf.c, include/missing.h,
+ plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
+ plugins/sample_group/plugin_test.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/env.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/redblack.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ plugins/system_group/system_group.c, src/conversation.c, src/exec.c,
+ src/exec_common.c, src/exec_pty.c, src/get_pty.c,
+ src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c,
+ src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c:
+ Don't include <sys/param.h>. We only needed it for MAXPATHLEN,
+ MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
+ HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
+ MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
+ [f4807d46f504]
+
+ * include/missing.h, plugins/sudoers/match.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
+ Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN
+ (sys/param.h or netdb.h).
+ [2544f5e306dd]
+
+2012-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ Move debug_decl() in log_failure() to be after the variable
+ declarations for C89.
+ [f48d2035ab44]
+
+2012-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/error.c, include/error.h, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Cannot wrap sigsetjmp() or we end up returning to the wrong place.
+ Use a macro instead.
+ [749ee6acdad8]
+
+2012-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/policy.c:
+ Fix return in sudoers_policy_open that should be debug_return.
+ [a78b795b6846]
+
+2012-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case
+ too.
+ [acfa891c229e]
+
+ * src/solaris.c:
+ Quiet a gcc warning and add comment about needing to keep the handle
+ open.
+ [f954f228960f]
+
+2012-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention --disable-shared
+ [6954d39e2d0f]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Add missing command_info argument in I/O plugin open() prototype.
+ Bug #579
+ [72beb07aba0e]
+
+2012-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c:
+ Regen for proper line numbers.
+ [6cf6e132e764]
+
+ * configure, configure.in:
+ Add locale_stub.o to SUDO_OBJS, not locale_stub.lo.
+ [d604dc8ca38a]
+
+ * common/sudo_printf.c:
+ Include missing.h for __printflike.
+ [a33640600faf]
+
+ * plugins/sudoers/iolog.c:
+ Saner loop invariant in io_mkdirs (cosmetic only).
+ [dc30274afe38]
+
+ * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c,
+ configure, configure.in, include/error.h, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c,
+ src/sesh.c:
+ Move warn/error into common and make static builds work.
+ [4d3f374f4e4c]
+
+ * MANIFEST, common/Makefile.in, common/sudo_debug.c,
+ common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/conversation.c, src/sesh.c:
+ Move _sudo_printf from src/conversation.c to common/sudo_printf.c.
+ Add sudo_printf function pointer that is initialized to
+ _sudo_printf() instead of requiring a sudo_conv function pointer
+ everywhere. The plugin will reset sudo_printf to point to the
+ version passed in via the plugin open function. Now plugin_error.c
+ can just call sudo_printf in all cases. The sudoers binaries no
+ longer need their own version of sudo_printf.
+ [9b09d3f63790]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't
+ need error_jmp to be extern. Also add plugin_clearjmp() that clears
+ a flag so error()/errorx() knows when to call exit() vs. longjmp().
+ [5a4617148e70]
+
+ * plugins/sudoers/set_perms.c:
+ Let warning() call gettext() for us.
+ [ab8d502ba4ac]
+
+ * include/error.h, plugins/sudoers/plugin_error.c, src/error.c:
+ Do locale swapping in the warning()/error() macros themselves
+ instead of in the underlying functions.
+ [4cd205540e17]
+
+ * common/alloc.c, common/list.c, include/error.h,
+ plugins/sudoers/env.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
+ src/hooks.c:
+ Rename warning2()/error2() -> warning_nodebug()/error_nodebug().
+ [48346393634d]
+
+ * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c,
+ src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
+ src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
+ src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
+ Call gettext() on parameters for warning()/warningx() instead of
+ having warning() do it for us.
+ [c71088bc9d3e]
+
+ * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
+ Call gettext() in sudoerserror() in the user's locale and pass the
+ untranslated string to it.
+ [cdbfc231b848]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Allow sudoers programs (visudo, sudoreplay, visudo) to use
+ plugin_error.c instead of the error.c from the front-end. This
+ means sudoers_setlocale() needs to be independent of the sudo_user
+ struct and the defaults table. The sudoers locale is now updated
+ via a callback.
+ [e356f5f8cd6a]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c
+ Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers
+ warning/error functions work when sudo_conv is NULL
+ [7365ee24a779]
+
+ * src/error.c:
+ No need to change locale in front-end warning()/error().
+ [23dc1df7f93b]
+
+ * plugins/sudoers/tsgetgrpw.c:
+ Ignore bad lines in passwd/group file instead if stopping processing
+ when we hit one.
+ [79b790559075]
+
+ * plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ Bash doesn't let you set UID to use MYUID instead.
+ [5be56335f059]
+
+ * plugins/sudoers/visudo.c:
+ Avoid NULL deref for unknown Defaults in strict mode.
+ [545c21c1e7d6]
+
+ * common/sudo_conf.c, common/sudo_debug.c:
+ See DEFAULT_TEXT_DOMAIN
+ [3d723e1d27db]
+
+2012-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgignore:
+ Add signame.c and mksigname.
+ [d59bbf423f00]
+
+ * plugins/sudoers/Makefile.in:
+ Fold preinstall into install-plugin and pass the path to the plugin
+ binary to the preinstall command.
+ [2c2205af8bb7]
+
+ * pp:
+ sync with upstream
+ [a4b7336b3256]
+
+ * src/sudo.h:
+ repair spacing
+ [f5c1255ce514]
+
+2012-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c:
+ Set group on sudo_debug when creating it to gid 0 so systems without
+ BSD group semantics don't get the invoking user's group.
+ [7dda01196554]
+
+ * plugins/sudoers/iolog.c:
+ Rename mkdir_parents() io_mkdirs() and add a flag to specify whether
+ path is a temporary, in which case the final component is created
+ via mkdtemp() instead of mkdir().
+ [79c0c4e7ed58]
+
+ * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h:
+ For PERM_ROOT set egid to 0 so log files are not created with the
+ gid of the user.
+ [5b964ea43474]
+
+ * plugins/sudoers/logging.c:
+ Add calls to set_perms(PERM_ROOT) becore logging to a file. We
+ should already be root but since we cache the current permission
+ status it is basically free. That way, if more of sudoers runs as
+ non-root in the future logging will still work correctly.
+ [c591d4973f41]
+
+ * common/sudo_conf.c, config.h.in, configure, configure.in,
+ include/gettext.h, plugins/sudoers/locale.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/error.c, src/exec.c, src/sesh.c, src/sudo.c:
+ #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it.
+ [41f6bb4926f4]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Mention that sudo.conf is parsed in the C locale.
+ [f711c416e30c]
+
+ * common/sudo_conf.c:
+ Parse sudo.conf in the "C" locale.
+ [776658f651ea]
+
+ * plugins/sudoers/locale.c, plugins/sudoers/logging.h,
+ plugins/sudoers/sudoers.h:
+ Fix compilation on systems w/o setlocale()
+ [6940d1c1c1ce]
+
+ * doc/TROUBLESHOOTING:
+ Sudo now includes a workaround for the Solaris 11 locale issue.
+ [ab93787a552c]
+
+2012-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/gettext.h, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/locale.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h:
+ Always include locale.h from gettext.h so we no longer need to
+ include locale.h from the .c files.
+ [93d39182ccfa]
+
+ * MANIFEST, config.h.in, configure, configure.in, mkdep.pl,
+ plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c,
+ src/solaris.c, src/sudo.c, src/sudo.h:
+ Add os-specific initialization functions for solaris (workaround
+ setuid locale problem in Solaris 11) and openbsd (set malloc_options
+ if SUDO_DEVEL). Also move set_project() to solaris.c.
+ [1d6581afbaf4]
+
+2012-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
+ Avoid strerror() when possible and just rely on warning/error to
+ handle errno in the proper locale.
+ [bf612caae97c]
+
+ * plugins/sudoers/logging.c:
+ Set sudoers locale in log_allowed()
+ [2dd0ac704cae]
+
+ * plugins/sudoers/check.c:
+ Make the sudo lecture translatable.
+ [3cdfc183d72d]
+
+ * Makefile.in:
+ Add the values of badpass_message, passprompt and mailsub to
+ sudoers.pot so they can be translated.
+ [51cbe8adcb94]
+
+ * plugins/sudoers/logging.c:
+ Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked
+ up by xgettext.
+ [c5b74115caf0]
+
+2012-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/sudoers.h:
+ Make expand_prompt() args const and free the prompt when we are done
+ with it.
+ [995ef8519fe6]
+
+ * plugins/sudoers/policy.c:
+ Fix cut and pasto
+ [e002921c1d15]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/logging.c:
+ Expand def_mailsub in the sudoers locale, not the user's.
+ [a4775f2fb385]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/parse.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/timestamp.c:
+ Call gettext inside log_error et al instead of having the caller do
+ it. This way we can display any messages to the user in their own
+ locale but log in the sudoers local.
+ [286e0444f785]
+
+ * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/visudo.c, src/error.c, src/exec.c,
+ src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
+ src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
+ src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
+ Display warning/error messages in the user's locale.
+ [00a04165c0cf]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
+ audit_failure() now calls gettext itself using the sudoers locale.
+ [d77f1d78799a]
+
+ * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c:
+ Convert setlocale() to sudoers_setlocale() in the sudoers module.
+ This only converts existing uses, there are more places where we
+ need to sprinkle sudoers_setlocale() calls.
+ [8ee0cbf0d0a9]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Add simple locale switching to make it easy to switch from the
+ user's locale to the sudoers locale without making excessive
+ setlocale() calls when we don't need to.
+ [5c61582fdeee]
+
+ * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
+ plugins/sudoers/plugin_error.c, src/error.c:
+ Add variants of warn/error and sudo_debug_printf that take a va_list
+ instead of a variable number of args.
+ [00392bdc063c]
+
+ * INSTALL, doc/TROUBLESHOOTING:
+ Document Solaris 11 locale issues and workarounds.
+ [05f7d34af3ae]
+
+ * Makefile.in, configure, configure.in:
+ Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8
+ locales. Make links from localdir/lang -> localdir/lang.UTF-8
+ [5ca9326480e2]
+
+2012-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
+ Do not inform the user that the command was not permitted by the
+ policy if they do not successfully authenticate. This is a
+ regression introduced in sudo 1.8.6.
+ [c1279df08bfb]
+
+ * plugins/sudoers/Makefile.in:
+ Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
+ the rpath in HP-UX SOM shared libraries for the LDAP libs.
+ [b07185657b42]
+
+ * src/parse_args.c:
+ The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
+ [22c73cbe3ff9]
+
+2012-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in:
+ Allow the user to specify and alternate libtool
+ [c9d6fc9521fd]
+
+2012-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
+ Allow sudo to be build with sss support without also including ldap
+ support. From Stephane Graber.
+ [b992a80ebea1]
+
+2012-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Refactor policy plugin interface code from sudoers.c into policy.c
+ [393e62910b8a]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Refactor command_info setting into its own function.
+ [a952b948324c]
+
+ * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
+ plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Make interfaces pointer private to interfaces.c and add
+ get_interfaces() accessor.
+ [b69b9334ed3c]
+
+2012-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.h:
+ Make user_cwd const since it is either a string literal or passed in
+ from the front-end.
+ [90751b81e8bc]
+
+ * configure, configure.in:
+ sudo 1.8.7
+ [bf727adb8af0]
+
+ * plugins/sudoers/sudoers.c:
+ Avoid nested strtok() calls.
+ [9d9f22ab52a9]
+
+2012-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h:
+ Move expand_prompt() into its own source file for easier unit
+ testing.
+ [b419b48a436f]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
+ plugins/sudoers/check.h, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
+ Make check.c independent of the underlying timestamp implementation.
+ [895071bd6065]
+
+ * plugins/sudoers/iolog_path.c:
+ Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled.
+ [8ac38f02dd6d]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Use a list for the possible values of Tag_Spec with a minimal indent
+ to improve readability. In the pod version, these were =head3. Also
+ use .St -p1003.1 instead of just POSIX when talking about glob() and
+ fnmatch().
+ [361a6f7a5c44]
+
+2012-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ sudo_ttyname_dev() is unused if there is no /proc or sysctl().
+ [6598dbf81e16]
+
+ * compat/mksiglist.c, compat/mksigname.c,
+ compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c,
+ plugins/sample_group/plugin_test.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c:
+ Explicitly mark main() as public in executables to avoid an HP-UX ld
+ warning.
+ [72a40ce218be]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Remove grep from SEE ALSO section.
+ [c7cafee1621f]
+
+ * common/alloc.c:
+ If vasprintf() fails, just use the errno it sets instead of assuming
+ ENOMEM.
+ [1be5bfdc0cab]
+
+2012-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Mention HP-UX pam.conf settings.
+ [8b8e745b49fd]
+
+2012-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/timestamp.h:
+ Split off timestamp functions into their own source file.
+ [d5833332511d]
+
+2012-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Mention how !foo is not the same as ALL,!foo
+ [51f8e470757d]
+
+2012-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Start commands in the background when I/O logging is enabled. We
+ can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2)
+ which returns EINTR on signal instead of restarting automatically.
+ [83b1d59146f7]
+
+ * src/exec_pty.c:
+ Handle SIGCONT_FG and SIGCONT_BG when converting signal number to
+ string in deliver_signal().
+ [2cefea7a976e]
+
+2012-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Fix running commands that need the terminal in the background when
+ I/O logging is enabled. E.g. "sudo vi &". When the command is
+ foregrounded, it will now resume properly.
+ [0bc13a253429]
+
+ * plugins/sudoers/match.c:
+ Add rudimentary support for name-based matching as a compile-time
+ option. This unsafe when used in conjunction with the '!' operator.
+ [f93bc8e6db15]
+
+2012-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c:
+ Split out implementation-specific back end code out of pwutil.c into
+ pwutil_impl.c. This will allow the main pwutil code to be used for
+ lookup methods other than getpw* and getgr*.
+ [999c2dde60e4]
+
+2012-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.in:
+ sudo 1.8.6p3
+ [97fef3d9ed65]
+
+2012-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/fixman.sh:
+ Don't use embedded newline when matching, use \n. This got expanded
+ at some point. Bug #573
+ [6652f834b8f5]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Rename yyerror() to sudoerserror() to match yacc prefix changes. Not
+ really needed due to the #defines that yacc makes but it is less
+ confusing this way as the lexer calls sudoerserror().
+ [a0577be6527d]
+
+ * common/alloc.c, plugins/sample_group/plugin_test.c,
+ plugins/sudoers/env.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ src/exec_common.c, src/parse_args.c, src/sudo.c:
+ No need to translate "unable to allocate memory" when we can just
+ use the system translation via strerror().
+ [377499e5827c]
+
+ * plugins/sudoers/sudoreplay.c:
+ Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
+ all file systems support d_type. Bug #572
+ [8b861c62945f]
+
+ * plugins/sudoers/sudoreplay.c:
+ Avoid calling fclose(NULL) in the error path when we cannot open an
+ I/O log file.
+ [9401d5c4bb05]
+
+2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.in:
+ Sudo 1.8.6p2
+ [6e32496280f2]
+
+ * src/exec.c:
+ When setting the signal handler for SIGTSTP to the default value in
+ non-I/O log mode, store the old handler value for when we restore it
+ after resume.
+ [242628694e42]
+
+ * plugins/sudoers/env.c:
+ Replace the guts of sudo_setenv_nodebug() with our old setenv.c
+ which supports non-standard BSD and glibc semantics. sudo_setenv()
+ now simply calls sudo_setenv2().
+ [57ffb6c9efaa]
+
+2012-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document non-Unix group support in LDAP sudoers.
+ [33c89f3aeee6]
+
+ * plugins/sudoers/ldap.c:
+ Enable non-Unix group support for LDAP sudoers. We now check for
+ non-Unix groups and netgroups with the same query in the second
+ pass. Bug #571
+ [eb98fdff54d9]
+
+2012-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/parse.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/visudo.c:
+ Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers.
+ [cb6c0d93215e]
+
+2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention support for SUCCESS=return in /etc/nsswitch.conf
+ [ef1f35aa0863]
+
+ * NEWS, configure, configure.in:
+ sudo 1.8.6p1
+ [73a5e1f004b3]
+
+2012-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c:
+ Avoid setting LOGNAME, USER and USERNAME variables twice when
+ set_logname is enabled.
+ [0de4f5fbd1d4]
+
+ * plugins/sudoers/env.c:
+ Fix duplicate detection in sudo_putenv(), do not prune out the
+ variable we just set when overwriting an existing instance. Fixes
+ bug #570
+ [854ee714c831]
+
+ * plugins/sudoers/env.c:
+ Add some debuggging
+ [a25cd3305823]
+
+2012-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudo_nss.c:
+ Disable word wrap in list mode when stdout is a pipe to make "sudo
+ -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek.
+ [65ade04511fd]
+
+ * common/lbuf.c:
+ Print a trailing newline in lbuf_print() when there is not enough
+ space to do word wrapping and the lbuf does not end with a newline.
+ [c0200e19cd09]
+
+ * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
+ Add support for [SUCCESS=return] in nsswitch.conf; from Daniel
+ Kopecek
+ [5c480316e3ce]
+
+ * MANIFEST:
+ Add sssd.c
+ [9cadd014ef97]
+
+2012-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo,
+ plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo,
+ src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo:
+ regen .po files
+ [62423d4d143d]
+
+ * MANIFEST, plugins/sudoers/po/vi.mo:
+ Add Vietnamese sudoers translation from translationproject.org
+ [33666a605525]
+
+ * NEWS:
+ mention PIE
+ [05032e5304c6]
+
+ * MANIFEST, plugins/sudoers/po/vi.po:
+ Add Vietnamese sudoers translation from translationproject.org
+ [015c2204bae2]
+
+2012-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, compat/Makefile.in, mkdep.pl:
+ Add missing signame dependency
+ [e493bfb01929]
+
+ * src/exec.c, src/ttyname.c:
+ Silence compiler warnings.
+ [1c5374b66d9b]
+
+ * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c,
+ config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
+ src/exec.c, src/exec_pty.c:
+ Replace strsigname() with sig2str(), emulating it as needed.
+ [1e348cca1fa6]
+
+ * config.h.in, configure, configure.in, src/utmp.c:
+ Use fseeko() for legacy utmp handling if available.
+ [b4bbd8d2c0e9]
+
+2012-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/strsigname.c, config.h.in, configure, configure.in:
+ Detect sys_sigabbrev[] and use it in place of sys_signame[] if
+ present. For some reason glibc does not declare sys_sigabbrev so we
+ must add an extern definition of our own.
+ [b38f3fbd7078]
+
+ * compat/strsignal.c, compat/strsigname.c:
+ Handle NULL entries in sys_siglist and sys_signame.
+ [a388959d9654]
+
+ * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c,
+ compat/mksigname.h, compat/strsignal.c, compat/strsigname.c:
+ Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name}
+ [711e41aba59a]
+
+2012-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ sync
+ [5a2522488754]
+
+ * src/exec.c:
+ Pass on SIGTSTP to the command if it was sent by a user process (not
+ the kernel or the terminal) when we are not I/O logging and set the
+ default SIGTSTP handler when we re-send the signal to ourself,
+ restoring our handler after we resume.
+ [4259c47e31c0]
+
+ * src/exec.c:
+ Shells typically change their process group when they start up so
+ that they can implement job control. Most well-behaved shells
+ change the pgrp back to its original value before suspending so we
+ must not try to restore in that case, lest we race with the child
+ upon resume, potentially stopping sudo with SIGTTOU while the
+ command continues to run. Some shells, such as pdksh, just suspend
+ the shell by sending SIGSTOP to themselves without restoring the
+ pgrp. In this case we need to change the pgrp back for them. Should
+ fix bug #568
+ [6ac6751ffd17]
+
+2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, compat/Makefile.in, compat/mksigname.c,
+ compat/mksigname.h, compat/strsignal.c, compat/strsigname.c,
+ config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
+ src/exec.c, src/exec_pty.c:
+ Use strsigname() to print signal names in the debug output. If the
+ system has no strsigname(), use our own.
+ [0735f18906b9]
+
+2012-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/testsudoers/test5.inc,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ Remove generated file and change path for temporary include file.
+ [4e9fa830c6b5]
+
+ * plugins/sudoers/Makefile.in:
+ When running regress tests, list pass/fail rate for each dir
+ (testsudoers and visudo) instead of the total. Also prevent the
+ result files from clobbering each other by keeping them in the
+ relevant directories.
+ [6aac53baff7d]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Don't print an error message in yyerror() if open_sudoers() fails,
+ we've already printed an error message. Also restore the check for
+ sudoers_warnings in yyerror().
+ [aa6036df5fb2]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Avoid printing the >>> parse error <<< message for testsudoers when
+ the -t flag is specified.
+ [76f3433c8992]
+
+2012-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c:
+ Fix NULL deref when an entry has no Runas_Entry
+ [4b14983ff6e7]
+
+ * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po,
+ src/po/zh_CN.mo, src/po/zh_CN.po:
+ sync with translationproject.org
+ [440e9c9b37de]
+
+ * NEWS:
+ sync
+ [3142ba2dce60]
+
+ * plugins/sudoers/check.c:
+ Correct the check_user() comment header.
+ [73da30308fff]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Change a log_fatal() into log_error() when no auth methods are
+ configured. The caller already checks the return value.
+ [05f5c39793a7]
+
+ * plugins/sudoers/logging.c:
+ Add missing debug_return
+ [3a76bb7c2fe7]
+
+2012-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Make the capitalization consistent for .Ss and .Sx
+ [5c5735ee4b2f]
+
+ * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat,
+ doc/sudo.man.in, doc/sudo.mdoc.in:
+ Add COMMAND EXECUTION section that describes how sudo runs the
+ command, the extra sudo processes and signal handling.
+ [dff2d88e984e]
+
+2012-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Happy Easter
+ [4b9d697c6b83]
+
+2012-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/Makefile.in:
+ Don't echo the awk command when building siglist.in
+ [21daa72921e6]
+
+ * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Cosmetic changes.
+ [19259528e9ad]
+
+ * doc/Makefile.in:
+ The HISTORY, LICENSE and CONTRIBUTORS files are not longer
+ generated.
+ [ea6ac9e981e6]
+
+ * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo,
+ plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po,
+ plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po,
+ src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po,
+ src/po/uk.po, src/po/vi.po:
+ Sync with translationproject.org and add Italian sudoers
+ translation.
+ [9276740aea59]
+
+2012-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Expand description of fqdn to talk about systems where the hosts
+ file is searched before DNS.
+ [4ee812ca6116]
+
+2012-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/Makefile.in:
+ For cat pages there is nothing to make unless DEVEL is set.
+ [fab4a5b68708]
+
+ * configure, configure.in, doc/Makefile.in:
+ Always use mandoc to format cat pages and remove now-extraneous
+ nroff configure tests.
+ [5747f4ed5762]
+
+ * pp:
+ sync polypkg from git
+ [89ddf6ea3e3f]
+
+ * plugins/sudoers/sudoers.c:
+ Use AI_FQDN instead of AI_CANONNAME if available since "canonical"
+ is not always the same as "fully qualified".
+ [7c1d9c098386]
+
+2012-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.mdoc.in:
+ Fix some typos. Describe error messages not related to policy
+ permissions.
+ [f5ebf9030d85]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/visudo.c:
+ Add new check_defaults() function to check (but not update) the
+ Defaults entries. Visudo can now use this instead of
+ update_defaults to check all the defaults regardless instead of just
+ the global Defaults entries.
+ [3fa879ce1b65]
+
+2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document sudoers log format.
+ [08998a7061ab]
+
+ * NEWS:
+ Update for sudo 1.8.5p3
+ [6e102a5d4e8d]
+
+ * src/load_plugins.c:
+ Add missing check for I/O plugin API version when checking for the
+ presence of I/O plugin hooks.
+ [ef05c7eeaf81]
+
+ * src/hooks.c:
+ Can't call debug code in the process_hooks_xxx functions() since
+ ctime() may look up the timezone via the TZ environment variable.
+ [2179fb26bd8e]
+
+2012-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_common.c, src/sesh.c, src/utmp.c:
+ Include signal.h before sudo_exec.h since it uses sigset_t * in the
+ fork_pty prototype.
+ [94fc0d859600]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.mdoc.in:
+ Remove OPTIONS section; options now go inside DESCRIPTION
+ [a619fc58a746]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [44719d80bc06]
+
+ * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po,
+ src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po:
+ Sync with translationproject.org and add new Slovenian translation.
+ [34b4b966bbac]
+
+ * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c:
+ Reduce the number of "internal error, foo overflow" messages that
+ need to be translated.
+ [93ffa2b3d53f]
+
+ * NEWS:
+ Mention HP-UX reboot fix.
+ [1e39b5aa32ac]
+
+ * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in,
+ doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
+ Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers
+ data source. From Daniel Kopecek and Pavel Brezina.
+ [3f85e95d6928]
+
+2012-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_conf.c, src/load_plugins.c:
+ If sudo.conf contains an I/O plugin but no policy plugin, use
+ sudoers for the policy plugin. If a policy plugin is specified
+ without an I/O plugin, only the policy plugin will be loaded.
+ [ea192df2439d]
+
+ * doc/Makefile.in, doc/sudoers.man.in:
+ Do not modify the .Os section when building the .man.in file from
+ .mdoc.in.
+ [a9f9628e147f]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Add a note about wildcards matching multiple words and include an
+ example. Also mention that for sudoedit, a wildcard in command line
+ args does not match a slash.
+ [fcb9fbac14e0]
+
+2012-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c, src/sudo_exec.h:
+ Fix a comment, update a variable name in a prototype; all cosmetic.
+ [e89f10cbd6e1]
+
+ * plugins/sudoers/iolog.c:
+ Cast 2nd argument of lseek() to off_t if it is a constant for
+ systems with 64-bit off_t but without a proper lseek() prototype.
+ [d8779da135d0]
+
+ * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/visudo.c:
+ Fix some warnings from clang checker-267
+ [1e44ef7860b5]
+
+ * plugins/sample/sample_plugin.c:
+ Fix memory leak found by clang checker-267
+ [f8a43617fdfb]
+
+2012-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
+ If we receive a signal from the command we executed, do not forward
+ it back to the command. This fixes a problem with BSD-derived
+ versions of the reboot command which send SIGTERM to all other
+ processes, including the sudo process. Sudo would then deliver
+ SIGTERM to reboot which would die before calling the reboot() system
+ call, effectively leaving the system in single user mode.
+ [4ffab9ab9e98]
+
+2012-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/fixman.sh, doc/fixmdoc.sh:
+ Remove section about Solaris 10 on other systems. Add missing
+ sudoers.man.in bit to fixman.sh.
+ [176559199ba7]
+
+2012-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Expand section on Solaris privileges.
+ [3a1bfa2f1743]
+
+ * NEWS:
+ Expand a bit on the Solaris priv set changes.
+ [bffb78b4a520]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ The second argument to init_parser() is now bool.
+ [fb727a4fb651]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Fix printing of parse error message to stderr.
+ [dea6b420b84f]
+
+ * plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
+ If a command matches using an empty Runas_List (i.e. Runas_List is
+ present but empty) and the -u option was not specified, set runas_pw
+ to user_pw instead of using runas_default. This is intended to be
+ used in conjunction with the Solaris Privilege Set support for rules
+ that grant privileges without changing the user.
+ [e84a081f3c11]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h:
+ Add support for parsing an empty Runas_List, which only allows the
+ command to be run as the invoking user. This can be used in
+ conjunction with the Solaris Privilege Set support to grant
+ privileges without changing the user.
+ [dc34373792fc]
+
+2012-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/fixman.sh:
+ Fix HP-UX, just use ".TH name section" like the vendor manuals.
+ [559738237c92]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix compilation on Solaris
+ [2d310302207c]
+
+ * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
+ doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh,
+ doc/sudoers.mdoc.sh:
+ Generate a sed script file when munging *.mdoc or *.man instead of
+ passing sed expressions on the command line. Older seds do not
+ support \n in a replacement so generate and run a sed script
+ instead.
+ [0bcce3f1ca18]
+
+ * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in,
+ doc/visudo.man.in:
+ Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION"
+ [fe0f10b63776]
+
+2012-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ When checking whether a signal is user-generated, compare si_code
+ against SI_USER instead of <= 0 since on HP-UX, terminal-related
+ signals get a code of 0.
+ [4e9021243343]
+
+ * src/sudo.c:
+ SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
+ interchangably. This causes problems when setting RLIMIT_NPROC to
+ RLIM_INFINITY due to a bug in bash where bash tries to honor the
+ value of _SC_CHILD_MAX but treats a value of -1 as an error, and
+ uses a default value of 32 instead.
+
+ Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
+ restored the previous value of RLIMIT_NPROC. However, that makes it
+ impossible to set nproc to unlimited. We now only restore the nproc
+ resource limit if sysconf(_SC_CHILD_MAX) is negative. In most
+ cases, pam_limits will set RLIMIT_NPROC for us.
+ [cb71cc8d0b08]
+
+2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Active Directory apparently requires that tenths of a second be
+ present in a date so append .0 to the "now" value in the time
+ filter. Also remove space for the global AND from TIMEFILTER_LENGTH
+ since it was not being used consistently. Buffers of
+ TIMEFILTER_LENGTH now need to account for the terminating NUL byte.
+ [d28619ff6e45]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix SELinux build
+ [cc0d1f4e851b]
+
+2012-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
+ were not being kept in sync.
+ [fc3ad1847cb1]
+
+ * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod,
+ doc/license.pod:
+ Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
+ were not being kept in sync.
+ [950363dffe3a]
+
+2012-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ Fix printing of the permission denied message to standard error when
+ a user is not allowed to run a command. This got broken by the
+ recent logging changes.
+ [b7af63da3ca1]
+
+ * plugins/sudoers/sudoers_version.h:
+ Bump grammar version for Solaris privs.
+ [2a2baf024477]
+
+ * doc/schema.ActiveDirectory:
+ Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder
+ were added. From David Hicks.
+ [3fc432a8edb4]
+
+2012-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Remove lex.yy.c when building toke.c
+ [72bb9e62b289]
+
+ * doc/Makefile.in:
+ Fix building docs in a build dir.
+ [7a6f435af022]
+
+ * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod,
+ doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod,
+ doc/sudoreplay.pod, doc/visudo.pod:
+ Remove pod versions of the manual; we now use mdoc.
+ [5c967d2dd5db]
+
+ * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh,
+ doc/sudoers.man.sh, doc/sudoers.mdoc.sh:
+ Add post-processing scripts to strip out login class, BSD auth,
+ SELinux and privilege set bits when they are not supported.
+ [d0d51f72f597]
+
+ * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in,
+ doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, src/sudo.c, src/sudo.h:
+ Merge in Solaris privilege support by Darren Moffat and John
+ Zolnowsky
+ [3aa0a64f2f5c]
+
+2012-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/contributors.pod:
+ Sync with CONTRIBUTORS file
+ [9a0852306ad9]
+
+ * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
+ doc/sudoers.man.in, doc/sudoreplay.man.in:
+ Regen .man.in files with my private mandoc.
+ [dc3c9fc449eb]
+
+ * doc/Makefile.in:
+ add MANDOC variable
+ [35527e66afc5]
+
+2012-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
+ doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in:
+ Regen .man.in files with hacked mandoc to avoid issues with historic
+ nroff.
+ [d45cfa7d665f]
+
+2012-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
+ Fix groff warnings.
+ [111d522ca807]
+
+ * doc/Makefile.in:
+ Fix dependencies for .man.in files.
+ [aefeffe1af2b]
+
+ * .hgignore:
+ Add doc/*.mdoc to ignore file
+ [1e4de6ef2ad8]
+
+ * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in,
+ doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.mdoc.in:
+ Build .man.in and .cat files from .mdoc.in files. Add new --with-man
+ and --with-mdoc configure options.
+ [c963fd7e8f80]
+
+2012-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
+ Sudo manuals formatted in mdoc, to replace the pod versions.
+ [e6dca4030451]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
+ doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod:
+ More minor costmetic fixes.
+ [a7287a68385a]
+
+2012-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
+ Minor cosmetic fixes.
+ [9c48bdaf3946]
+
+2012-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot:
+ Use "a password is required" instead of "password required" when the
+ -n flag is used and we need to read a password.
+ [a3c30fc41648]
+
+2012-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention logging changes.
+ [8238fd6e02e8]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [e2cf634ba63b]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Document that other mail_* flags have precedence over mail_badpass.
+ [9f4cc9188f40]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Move log_denial() calls and logic to log_failure(). Move
+ authentication failure logging to log_auth_failure(). Both of these
+ call audit_failure() for us.
+
+ This subtly changes logging for commands that are denied by sudoers
+ but where the user failed to enter the correct password.
+ Previously, these would be logged as "N incorrect password attempts"
+ but now are logged as "command not allowed". Fixes bug #563
+ [cad35f0b3ad7]
+
+2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/aix.c:
+ Do not set a resource limit to zero when we are unable to fetch a
+ value from /etc/security/limits.
+ [62bfb0a7895e]
+
+2012-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Add "Provides: sudo" to debian sudo-ldap package
+ [beb8afa0beb2]
+
+2012-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, zlib/Makefile.in:
+ Define NO_VIZ for zlib when gcc doesn't support symbol visibility
+ attributes.
+ [9fdcbf526386]
+
+ * configure, configure.in:
+ Use the autoconf cache when checking for symbol export control
+ support.
+ [03c2cce8711f]
+
+ * INSTALL, common/Makefile.in, compat/Makefile.in, configure,
+ configure.in, mkpkg, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Add configure check for building PIE executables instead of doing it
+ in mkpkg.
+ [02b5b78ef258]
+
+ * sudo.pp:
+ MacOS pp backend doesn't like modes longer than 4 characters.
+ [01b49022bf01]
+
+2012-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding
+ -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool
+ will strip -fstack-protector from the linker flags and we always
+ link with libtool.
+ [0a0a0250ac2b]
+
+2012-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ Regen for sudo 1.8.6
+ [1657ee28b496]
+
+ * NEWS, doc/sudoers.ldap.pod:
+ Document improved Tivoli Directory Server support.
+ [fb411edf4687]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/ldap.c:
+ Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf
+ option to specify Tivoli key db password. Allow TLS ciphers to be
+ configured for Tivoli.
+ [737e17c91e60]
+
+2012-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Tivoli Directory Server 6.3 libs always return a (bogus) error when
+ setting LDAP_OPT_CONNECT_TIMEOUT.
+ [504406637c38]
+
+ * NEWS:
+ Update
+ [687a755604e8]
+
+ * plugins/sudoers/ldap.c:
+ Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the
+ same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a
+ set an ldap option fatal.
+ [17cf93ae3304]
+
+2012-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Zero pointers in sudo_user struct after freeing, just in case.
+ [8eff1f80b943]
+
+ * plugins/sudoers/sudoers.c:
+ Free user_gids in close function if it has not already been freed.
+ [cbce28877f37]
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Defer group ID to name resolution until we actually need it.
+ [463e75b81e89]
+
+ * src/sudo.c:
+ It is safe to read in sudo.conf before calling user_info().
+ [3290b6434e3c]
+
+ * plugins/sudoers/env.c, plugins/sudoers/ldap.c:
+ Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to
+ prevent potential truncation. Bug #562.
+ [29d9fc4e0c4e]
+
+2012-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ If installing with installp, error out if there is already an
+ instance of the rpm package installed.
+ [ec24c6faba22]
+
+ * mkpkg:
+ Add --disable-nls for AIX
+ [192ac2f7d65e]
+
+2012-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Debian sudo-ldap packages should now depend on libldap-2.4-2, not
+ libldap2.
+ [cbcec71e6b58]
+
+2012-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Add Homepage and Bugs to debian control file.
+ [0f19d7d14e66]
+
+2012-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ fix typo when setting aix_freeware
+ [2fd6feb50195]
+
+ * common/Makefile.in, compat/Makefile.in, configure, configure.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in:
+ Don't run regress tests or sudoers sanity check (using the newly-
+ built visudo) when cross compiling. Bug #560
+ [0c4e3f68b2f5]
+
+ * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map,
+ plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in,
+ plugins/sample_group/sample_group.exp,
+ plugins/sample_group/sample_group.map,
+ plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
+ plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map,
+ plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.exp,
+ plugins/system_group/system_group.map,
+ plugins/system_group/system_group.sym:
+ Rename foo.sym -> foo.exp Remove foo.map from the repo and generate
+ it on demand Use a loader option file for HP-UX ld to explicitly
+ export symbols
+ [2402ff5302ab]
+
+ * src/Makefile.in:
+ Remove extraneous backslash
+ [8ca054de138c]
+
+ * plugins/sudoers/regress/check_symbols/check_symbols.c:
+ Don't check for errorx as an exported symbols as it is now a macro.
+ Check for user_in_group() instead.
+ [7b02c8ecd3ea]
+
+2012-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Adjust ld map file support to use an anonymous scope to match the
+ updated .map files.
+ [49be44282d9e]
+
+2012-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, include/gettext.h:
+ Older versions of Solaris lack ngettext()
+ [028af10dfa5f]
+
+ * configure, configure.in:
+ Move the check for -static-libgcc until after AC_LANG_WERROR has
+ been called and use AX_CHECK_COMPILE_FLAG().
+ [a7b09120e7ff]
+
+ * include/gettext.h:
+ Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H
+ [3aa2780d4a4e]
+
+ * include/error.h, include/sudo_debug.h:
+ Fix gcc 2.x variant macro support.
+ [8e71c2370997]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c:
+ Fix compilation on gcc 2.95 and other compilers that only allow
+ variable declarations at the beginning of a block.
+ [9d80c802bb46]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in:
+ Link check_symbols with SUDO_LIBS to make sure we link with the
+ requisite libraries to successfully dlopen sudoers.so. This is
+ needed on HP-UX where a program dlopen()ing a shared object that
+ uses pthreads must also be linked with pthreads (and HP-UX LDAP uses
+ pthreads).
+ [b8961cd82337]
+
+ * plugins/sudoers/regress/check_symbols/check_symbols.c:
+ Add check for exported local symbols. This will cause a "make
+ check" failure on systems where we don't support symbol hiding.
+ [8aa549389bb1]
+
+ * configure, configure.in:
+ Additional ${foo} -> $(foo) Makefile tweaks.
+ [046bbde18f52]
+
+ * plugins/sample/sample_plugin.map,
+ plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map,
+ plugins/system_group/system_group.map:
+ No need to provide a name for the scope in the map file since we
+ don't use the it for versioning.
+ [5ed4b997560d]
+
+2012-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/check_symbols/check_symbols.c:
+ Add regress test for symbol visibility.
+ [9adddd4e0518]
+
+2012-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.in:
+ sudo 1.8.6
+ [57008a7afb77]
+
+ * configure, configure.in, include/missing.h:
+ Add support for controlling symbol visibility using the HP and
+ Solaris C compilers.
+ [46d5b468979e]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/sudoers.h:
+ Use the expanded io log dir when updating the sequence number.
+ Includes a workaround for older versions of sudo where the sequence
+ number was stored in the unexpanded io log dir.
+ [210797dab9a8]
+
+2012-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/parse_args.c:
+ Simplify "sudo -s" argv rewriting.
+ [7be143dae7c5]
+
+ * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in,
+ src/sudo_noexec.map:
+ Don't use a map file for sudo_noexec.so since Solaris ld doesn't
+ allow '*' in the global section. The libtool export flag is now
+ added to LT_LDFLAGS instead of commenting/uncommenting lines.
+ [38fc37a66b04]
+
+2012-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, include/missing.h:
+ The visibility attribute was actually added in gcc 3.3.x, not 4.0.
+ Just assume that if -fvisibility=hidden works that the attribute is
+ usable.
+ [d3904d6faf14]
+
+ * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map,
+ plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c,
+ plugins/system_group/system_group.c:
+ Export group cache from sudoers.so for system_group.so to use.
+ [16695d207fc5]
+
+ * MANIFEST, configure, configure.in, include/missing.h,
+ plugins/sample/Makefile.in, plugins/sample/sample_plugin.map,
+ plugins/sample_group/Makefile.in,
+ plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in,
+ plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.map, src/sudo_noexec.c,
+ src/sudo_noexec.map:
+ Use gcc's visibility attribute to specify when symbols are visible
+ or hidden, if available. If not available, use an ELF version
+ script if it is supported. If all else fails, fall back to using
+ libtool's -export-symbols.
+ [64e889921727]
+
+2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Add mode for installed locale files but leave the directories with
+ default mode and owner.
+ [142237dbb31f]
+
+2012-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, sudo.pp:
+ Install AIX packages under /opt/freeware with links in /usr/bin and
+ /usr/sbin. This matches the layout of the sudo package from AIX
+ freeware.
+ [0b79d47bbe01]
+
+ * Makefile.in, configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp:
+ Install shared objects with mode 0644 except on HP-UX which needs
+ the executable bit set.
+ [ae416af0ba6c]
+
+ * Makefile.in, doc/Makefile.in, include/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Make installed file modes consistent with the file modes in the sudo
+ package.
+ [307386373289]
+
+2012-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod:
+ Add "%:" prefix when talking about QAS non-Unix group support.
+ [7cb25f6861f8]
+
+ * pp, sudo.pp:
+ Fix packaging of symbolic links on HP-UX when the link source
+ already exists in the filesystem.
+ [c9bb48031596]
+
+ * mkpkg:
+ Only specify prefix if we are overriding the default value. Fixes
+ the man dir (/usr/local/man vs. /usr/local/share/man).
+ [65351b6c1697]
+
+ * sudo.pp:
+ Fix setting of sudoedit_man variable.
+ [9beed9ae5bba]
+
+ * doc/Makefile.in:
+ Echo the command when linking the sudoedit manual.
+ [6c83b5657b55]
+
+2012-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, sudo.pp:
+ Build .deb packages with selinux support.
+ [3fd9cb1b4526]
+
+2012-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Don't list paths for unstripped binaries in the lintial overrides.
+ [4c8e16f1773b]
+
+ * pp:
+ Add support for Installed-Size header in control file, required by
+ newer debian versions.
+ [e97d76234bee]
+
+ * pp:
+ Fix extended description in .deb files.
+ [d35e27ace146]
+
+ * sudo.pp:
+ Add Depends, Replaces and Conflicts headers for .deb packages.
+ [76eb6c4b3278]
+
+2012-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudo_nss.c:
+ If there are no privs to print, write the message to the lbuf
+ instead of printing it directly.
+ [ecd56226abb7]
+
+2012-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Set -e in %pos and %preun for debian to quiet a lintian warning.
+ [8bb908514df9]
+
+ * doc/Makefile.in, src/Makefile.in, sudo.pp:
+ Install sudoedit and the sudoedit manual as symbolic links, not hard
+ links and package them as such.
+ [f317ff3cf3e7]
+
+ * sudo.pp:
+ Make sudo binary permissions 755 instead of 111 Add lintian
+ overrides file for .deb files.
+ [991cd7d7f0e1]
+
+ * configure, configure.in, doc/Makefile.in, mkpkg:
+ Replace out of date MAN_POSTINSTALL with MANCOMPRESS and
+ MANCOMPRESSEXT which can be used to compress the installed manual
+ pages. Compress the man pages for .deb files to appease lintian.
+ [4e34083b41d2]
+
+ * sudo.pp:
+ Debian fixes:
+ * fix modes to be more in line with what Debian expects
+ * add section
+ * install LICENSE as copyright and ChangeLog as changelog
+ * create stub changelog.debian
+ [7f6c5647f588]
+
+ * pp:
+ Fix find command to properly skip files in the DEBIAN dir when
+ building md5sums.
+ [8918bde941fa]
+
+ * pp, sudo.pp:
+ Use a debian-compliant package maintainer field.
+ [fc51a94170eb]
+
+2012-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ No need to loop over atomic_writev(), it guarantees to write all
+ data or return an error.
+
+ Fix handling of stdout/stderr that contains "\r\n" and handle a
+ "\r\n" pair that spans a buffer.
+ [8aaf02d90c45]
+
+2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for sudo 1.8.5p2
+ [d369d4d40a19]
+
+ * plugins/sudoers/sudoreplay.c:
+ Instead of doing extra write()s when replaying stdout, build up a
+ vector for writev() instead. This results in far fewer system
+ calls.
+ [303d866c025c]
+
+2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/env_hooks.c, src/sudo.h, src/tgetpass.c:
+ Provide unhooked version of getenv() and use it when looking up
+ DISPLAY and SUDO_ASKPASS in the environment.
+ [04dbdccf4a14]
+
+2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ When replaying a log of stdout or stderr, do newline to carriage
+ return + linefeed conversion. We cannot have termios do this for us
+ since we've disabled output postprocessing (POST) when setting raw
+ mode.
+ [61352a7d996f]
+
+2012-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ When checking for -fstack-protector, treat warnings as fatal errors.
+ [4124cd12d511]
+
+2012-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix test for -z relro
+ [548bdb6f5c4a]
+
+ * MANIFEST:
+ Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4
+ [ed063264a2a1]
+
+ * INSTALL, aclocal.m4, configure, configure.in,
+ m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4:
+ Build with -fstack-protector and link with -zrelo where supported.
+ Added --disable-hardening option to disable hardening options.
+ [0b6c1a1ceb03]
+
+2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/testsudoers/test1.sh,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/testsudoers/test4.out.ok,
+ plugins/sudoers/regress/testsudoers/test4.sh,
+ plugins/sudoers/regress/testsudoers/test5.inc,
+ plugins/sudoers/regress/testsudoers/test5.out.ok,
+ plugins/sudoers/regress/testsudoers/test5.sh,
+ plugins/sudoers/testsudoers.c:
+ Add tests for sudoers mode, owner and group checks.
+ [a7607443aba0]
+
+ * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
+ If sudoers_mode is group-readable but the actual sudoers file is
+ not, open the file as uid 0, not uid 1. This fixes a problem when
+ sudoers has a more restrictive mode than what sudo expects to find.
+ In older versions, sudo would silently chmod the file to add the
+ group-readable bit.
+ [c056b6003e6f]
+
+ * INSTALL, common/secure_path.c, config.h.in, configure, configure.in:
+ No longer throw an error if sudoers is a symbolic link. Deprecated
+ the --with-stow option as that is now (effectively) the default.
+ [8ce783e54886]
+
+2012-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/testsudoers/test2.inc,
+ plugins/sudoers/regress/testsudoers/test2.out.ok,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.d/root,
+ plugins/sudoers/regress/testsudoers/test3.out.ok,
+ plugins/sudoers/regress/testsudoers/test3.sh:
+ Add basic tests for #include and #includedir
+ [b303e4218951]
+
+ * plugins/sudoers/testsudoers.c:
+ Add -U sudoers_uid option to testsudoers.
+ [3f8ed13501ba]
+
+2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.in:
+ Update for 1.8.5p1
+ [c33c49bf5b4b]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix #includedir; from Mike Frysinger
+ [d4833d4e39a0]
+
+ * plugins/sudoers/check.c:
+ Don't prompt for a password if the user is in the exempt group, is
+ root, or is running the command as themselves even if the -k option
+ was specified. This makes "sudo -k command" consistent with the
+ behavior one would get if the user ran "sudo -k" immediately before
+ running the command.
+ [632b3961df00]
+
+2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Fix capitalization
+ [7258aa977caf]
+
+ * mkpkg:
+ Build PIE executable on Mac OS X 10.5 and above.
+ [2a5c7ef92182]
+
+2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for sudo 1.8.4p5
+ [21164f508b68]
+
+ * plugins/sudoers/match_addr.c:
+ Add missing break between AF_INET and AF_INET6 in
+ addr_matches_if_netmask()
+ [672a4793931a]
+
+ * plugins/sudoers/mon_systrace.c:
+ Move systrace monitor code to the attic
+ [d6faf4754e9c]
+
+2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ The pointer to the siginfo_t struct in a signal handler may be NULL.
+ [41a4ee934b53]
+
+2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c:
+ Fix an alignment problem on NetBSD systems with a 64-bit time_t and
+ strict alignment. Based on a patch from Martin Husemann.
+ [1e5ba3c18f17]
+
+ * include/missing.h:
+ Add offsetof macro for those without it.
+ [e44cb51d2587]
+
+ * MANIFEST:
+ add system_group plugin
+ [6169793b510c]
+
+2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/dlopen.c:
+ Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
+ [85bd03bc5d94]
+
+2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention system_group plugin
+ [05393dd4bdb8]
+
+ * Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in:
+ update depends
+ [6feb0b824fc4]
+
+ * plugins/system_group/system_group.c:
+ Only call gr_delref() when use sudo's password caching functions.
+ [1103442e21fa]
+
+ * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
+ Add missing dependency on libreplace.la
+ [05bfd9d4657f]
+
+ * compat/dlopen.c:
+ Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
+ PROG_HANDLE.
+ [2382d0693acc]
+
+ * Makefile.in, configure, configure.in,
+ plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.c,
+ plugins/system_group/system_group.sym:
+ Add group plugin that does lookups by name using the system group
+ database.
+ [2ddbb604112f]
+
+ * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
+ src/po/pl.po:
+ sync with translationproject.org
+ [4ef05df4226d]
+
+2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
+ src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
+ src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
+ src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
+ src/po/zh_CN.mo, src/po/zh_CN.po:
+ sync with translationproject.org
+ [115c3f828fc5]
+
+2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Add mode for docdir and use '-' (default) for localedir mode. Fixes
+ a problem on Linux when building in a directory with the setgid bit
+ set.
+ [582279c8bcb1]
+
+2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Match CentOS 6.0
+ [1e99ef210f98]
+
+2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update with recent changes
+ [c5fc220ba696]
+
+ * pp:
+ Fix version check on AIX
+ [d272e39112f4]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [72b23509465a]
+
+ * plugins/sudoers/ldap.c:
+ Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
+ SDK.
+ [87b685e70b9a]
+
+ * plugins/sudoers/ldap.c:
+ Fix printing of invalid uri
+ [645aa53acdde]
+
+ * plugins/sudoers/auth/pam.c:
+ Pass PAM_SILENT when deleting creds to remove an annoying warning
+ message on Solaris.
+ [1dd0301ef293]
+
+2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/utmp.c:
+ Fix the setutxent and endutxent compatibility defines (this time
+ correctly) when only setutent and endutent are available.
+ [d136d2867db9]
+
+ * plugins/sudoers/ldap.c:
+ sudo_ldap_set_options_global() should not take an LDAP handle as an
+ argument since the options affect the global settings.
+ [1dc39b9d20f2]
+
+ * mkpkg:
+ Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
+ [c7716291a856]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
+ src/sudo.h:
+ Call the policy's init_session() function before we fork the child.
+ That way, the session is created and destroyed in the same process,
+ which is needed by some modules, such as pam_mount.
+ [ece552ba002e]
+
+ * doc/TROUBLESHOOTING:
+ Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
+ not specified.
+ [bd293e100b28]
+
+ * plugins/sudoers/auth/pam.c:
+ Delete creds after closing the PAM session.
+ [5158d726d6a5]
+
+ * plugins/sudoers/ldap.c:
+ Provide a more useful error message if using a Mozilla-style LDAP
+ SDK and you forgot to specify TLS_CERT in ldap.conf.
+ [7cb78feb899c]
+
+ * src/exec_pty.c:
+ Add missing initialization of a sigaction structure when I/O
+ logging. Fixes a potential problem when suspending the command.
+ [f4480f2ba816]
+
+ * plugins/sudoers/ldap.c:
+ Split global and per-connection LDAP options into separate arrays.
+ Set global LDAP options before calling ldap_initialize() or
+ ldap_init(). After we have an LDAP handle, set the per-connection
+ options. Fixes a problem with OpenLDAP using the nss crypto backend;
+ bug #342
+ [265c9d2dc12b]
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
+ src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
+ sync with translationproject.org
+ [6d7fe44be21e]
+
+2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c, src/sudo.h:
+ Move struct passwd pointer into struct command details.
+ [d6fb1eff2065]
+
+2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Sync with upstream for Mac OS X (and other) fixes.
+ [c2f4998d01b0]
+
+ * mkpkg:
+ Only built Mac intel universal binary on an intel machine.
+ [0009e0b7e5a8]
+
+ * src/Makefile.in:
+ Do not pass libtool the -static-libtool-libs option when building
+ sudo and sesh. Otherwise, libtool may prefer a static version of an
+ installed library over a dynamic one when linking.
+ [6fbac9adc885]
+
+2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
+ plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
+ Add German translation for sudo Add Croatian translation for sudoers
+ [fa4da1a6530c]
+
+ * plugins/sudoers/iolog.c:
+ typo fix in comment
+ [abd721d1288e]
+
+2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update with recent changes
+ [6fa11e8448b9]
+
+ * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Sort xgettext output by file name.
+ [f650841810f0]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
+ Clarify what "sudoreplay -l" displays and mention that it is sorted.
+ [84031c117bd6]
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Use AC_HEADER_MAJOR to determine where major/minor are defined.
+ [3c949650a223]
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Include sys/mkdev.h if present instead of sys/sysmacros.h for
+ minor(). This is needed on Solaris (at least) where the makedev
+ macros in sysmacros.h are obsolete and library functions should be
+ used instead.
+ [343928acf81e]
+
+ * mkpkg:
+ When building on Mac OS X, only set SDK_FLAGS if specified osversion
+ doesn't match host.
+ [d84c6efac872]
+
+2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Add back buf and tty variables for _ttyname() case that were
+ inadvertantly removed.
+ [a4a820b22a44]
+
+2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [5446b12c1250]
+
+ * configure, configure.in:
+ Remove b8 from version number.
+ [5adc4dcec061]
+
+ * src/ttyname.c:
+ remove some XXX
+ [187579a5f593]
+
+ * src/ttyname.c:
+ When looking for a device match, do a breadth-first search instead
+ of depth-first. We already special case /dev/pts/ so chances are
+ good that if it is not a pseudo-tty it is in the base of /dev/. Also
+ avoid a stat(2) when possible if struct dirent has d_type.
+ [0183f8a1b278]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ src/sudo.c, src/sudo.h:
+ Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
+ [f0574d878491]
+
+ * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
+ src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
+ src/po/vi.mo:
+ sync with translationproject.org
+ [4527ea78fbd5]
+
+ * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
+ src/po/hr.mo, src/po/hr.po:
+ New Croatian and Galician translations from translationproject.org
+ [ad4bd924b4de]
+
+ * src/ttyname.c:
+ Add depth-first traversal of /dev/ for the /proc case when not
+ /dev/pts/N
+ [499bd3456774]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
+ If struct dirent has d_type, use it to avoid an extra stat().
+ [741dabbe4bcd]
+
+ * plugins/sudoers/sudoreplay.c:
+ Sort output of "sudoreplay -l"
+ [c0615795bd4b]
+
+2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix duplicate free introduced in last rev
+ [efdaabe69d75]
+
+2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Instead of treating ^C from tgetpass() specially, always return
+ AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
+ like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
+ [a3b17298d4d0]
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Rototill code to determine the tty. For Linux, we now look up the
+ tty device in /proc/pid/stat instead of trying to open
+ /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
+ device number to a string. On BSD, we can use devname(). On
+ Solaris, _ttyname_dev() does what we want. TODO: write /dev/
+ traversal code for the generic sudo_ttyname_dev().
+ [6b22be4d09f0]
+
+2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Define PRNODEV for those w/o it.
+ [f17290e64559]
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Check for SVR4-style struct psinfo.pr_ttydev and use that to
+ determine the tty if std{in,out,err} are not ttys.
+ [76ad33a91f4b]
+
+ * src/ttyname.c:
+ Better support for SVR4-style /proc entries where we can't use
+ ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
+ attempt to map the device number back to the correct pseudo-tty
+ slave device.
+ [4f9f48cc79eb]
+
+ * src/ttyname.c:
+ When trying to determine the tty name, check parent's stderr in
+ addition to its stdin and stdout.
+ [604644056c7d]
+
+ * src/exec_pty.c:
+ Treat a tty read failure like EOF as it usually means the pty has
+ gone away. Handle write() on the tty returning EIO.
+ [16957f4a706f]
+
+ * src/exec.c, src/exec_pty.c:
+ Linux select() may return ENOMEM if there is a kernel resource
+ shortage. Older Solaris select() may return EIO instead of EBADF
+ when the tty goes away. If we get an unhandled select() failure,
+ kill the child and exit cleanly.
+ [d93940a311ab]
+
+ * src/ttyname.c:
+ Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
+ block in open.
+ [a9f809d09d52]
+
+2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Fix restoration of AIX permissions.
+ [30c717115988]
+
+ * src/parse_args.c:
+ Allow the -k flag to be used along with the -i and -s flags.
+ [0653b17c97f1]
+
+ * plugins/sudoers/sudoreplay.c:
+ Plug memory leak in parse_logfile() in the error path.
+ [9cce86fa833b]
+
+ * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
+ src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
+ src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
+ src/po/zh_CN.mo, src/po/zh_CN.po:
+ sync with translationproject.org
+ [14af43d0b170]
+
+2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/regress/glob/globtest.c, config.h.in, configure,
+ configure.in, plugins/sudoers/match.c:
+ Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
+ glob() and fnmatch() results to be consistent.
+ [4226750d73c2]
+
+2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
+ src/ttysize.c:
+ Move ttysize.c to common so sudoreplay can use it.
+ [b4a0aa514cd4]
+
+ * plugins/sudoers/sudoreplay.c:
+ If I/O log file includes rows + cols, warn if the user's tty is not
+ big enough.
+ [b980ef89efff]
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix printing of TSID in "sudoreplay -l"
+ [4221e3e108b4]
+
+ * common/sudo_debug.c, include/sudo_debug.h,
+ plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
+ src/exec_pty.c:
+ Log the process id in the debug file output. Since we don't want to
+ keep calling getpid(), stash the value at init time and when we
+ fork().
+ [2782d30c024d]
+
+ * src/exec_pty.c:
+ Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
+ is better to receive EIO from read()/write() than to be suspended
+ when we don't expect it. Fixes a problem when our terminal is
+ revoked which can happen when, e.g. our sshd is killed
+ unceremoniously. Also, only change the value of "alive" from true to
+ false, never from false to true. It is possible for us to receive
+ notification of the child having stopped after it is already dead.
+ This does not mean it has risen from the grave.
+ [26c9fe8ce0f9]
+
+ * src/exec_pty.c:
+ Distinguish between signals we received from the parent vs. those
+ delivered explicitly to the monitor process in debugging info.
+ [40716cb180e5]
+
+2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
+ Update tty_is_devpts() to match so we can determine when the tty has
+ been reused.
+ [2689665df027]
+
+ * common/sudo_debug.c, include/error.h, include/sudo_debug.h:
+ Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
+ and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
+ This allows consumers of sudo_debug_printf() to log that data
+ without having to specify it manually.
+ [7c94c4879208]
+
+ * src/exec_pty.c:
+ Make this compile after last change.
+ [ee09034f3266]
+
+ * src/exec_pty.c:
+ Don't try to restore the terminal if we are not the foreground
+ process. Otherwise, we may be stopped by SIGTTOU when we try to
+ update the terminal settings when cleaning up.
+ [c48b24335456]
+
+ * src/exec.c:
+ If select() return EBADF in the main event loop, one of the ttys
+ must have gone away so perform any I/O we can and close the bad fds.
+ [3bc8678c03ce]
+
+ * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
+ function, file and line number in the debug log for warning() and
+ error().
+ [894cd131f11d]
+
+2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
+ src/conversation.c:
+ Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
+ Use this flag when wrapping error() and warning() so the debug
+ output includes the error string.
+ [1e2c67adaf1f]
+
+2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for sudo 1.8.5
+ [7d2b62b823fe]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [718ad9de92cd]
+
+ * doc/CONTRIBUTORS:
+ sync
+ [f48013aea641]
+
+ * plugins/sudoers/pwutil.c:
+ Use ecalloc()
+ [fabd23c1f271]
+
+ * src/exec_pty.c:
+ Don't need zero_bytes() after ecalloc()
+ [1a9d95cd10ef]
+
+ * config.h.in, configure, configure.in, src/sudo_noexec.c:
+ Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
+ sudo_noexec.c.
+ [cbaa1d4b0f8a]
+
+ * src/utmp.c:
+ Fix compat setutxent and endutxent macros for systems with
+ setutent() but not setutxent(). From Gustavo Zacarias
+ [d7ce622fc5f2]
+
+2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Add ignore_result definition to AH_BOTTOM
+ [8d4096838a98]
+
+ * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
+ src/exec.c, src/exec_pty.c, src/tgetpass.c:
+ Fix compiler warnings on some platforms and provide a better method
+ of defeating gcc's warn_unused_result attribute.
+ [9a8f804fcc75]
+
+ * configure, configure.in:
+ Fix building the builtin zlib from a build dir. When a zlib dir was
+ specified, prepend its include path instead of appending so we get
+ the right zlib headers.
+ [5f61d591b186]
+
+ * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
+ zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
+ zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
+ zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
+ zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
+ Update zlib to version 1.2.6
+ [173c4bc4d4fc]
+
+2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ g/c __unused which is no longer used
+ [7ef3f23edcd6]
+
+ * src/env_hooks.c:
+ Fix compilation if RTLD_NEXT is not defined.
+ [d5605f468b71]
+
+ * src/po/sr.mo, src/po/sr.po:
+ sync with translationproject.org
+ [27d559f7985d]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.man.in:
+ regen
+ [f9f63ce478b6]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [59035d82d15a]
+
+ * Makefile.in:
+ Ignore Project-Id-Version when comparing pot files.
+ [22feb9ede46b]
+
+ * plugins/sudoers/bsm_audit.c:
+ Use error() instead of log_fatal()
+ [54130bda4b50]
+
+ * plugins/sudoers/env.c:
+ Fix signedness of didvar in env_update_didvar()
+ [77048a80b3e4]
+
+ * plugins/sudoers/iolog.c:
+ Quiet a compiler warning on some platforms.
+ [8fdcaece0400]
+
+ * compat/fnmatch.c:
+ cast ctype(3) function/macro arguments from char to unsigned char to
+ avoid potential negative subscripting.
+ [bdcf7eef21ef]
+
+ * common/setgroups.c:
+ Quiet a warning on systems where the gids array in setgroups() is
+ not prototyped as being const, even though it really is.
+ [fdd758c6302d]
+
+ * src/env_hooks.c:
+ Quiet a compiler warning on systems where the argument to putenv(3)
+ is const.
+ [51bae2193b53]
+
+ * plugins/sudoers/sudoreplay.c:
+ Undo an incorrect int -> bool conversion.
+ [b9a4ce320f14]
+
+ * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ src/po/sv.mo, src/po/sv.po:
+ Add Swedish sudo and sudoers translations from
+ translationproject.org
+ [f7ce1de9073f]
+
+ * plugins/sudoers/env.c:
+ No need to preserve ODMDIR on AIX now that we always read
+ /etc/environment.
+ [4aa04b2f0125]
+
+2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod, plugins/sudoers/env.c:
+ When initializing the environment for env_reset, start out with the
+ contents of /etc/environment on AIX and login.conf on BSD.
+ [5717bdc321e2]
+
+ * doc/TROUBLESHOOTING, src/sudo.c:
+ If we are not running with an effective uid of 0, try to give the
+ user enough information to debug the problem.
+ [fa4894896d8a]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
+ Quiet a clang-analyzer false positive.
+ [c4c0c1b9c8b0]
+
+ * src/tgetpass.c:
+ If there is nothing to read from the askpass program, set errno to
+ EINTR. This makes the cancel button behave like the user entered ^C
+ at the password prompt when PAM is used.
+ [594302cb9caf]
+
+ * src/sudo.h, src/tgetpass.c:
+ Fetch the value of "askpass" from the sudo conf struct.
+ [4593ee8f1bd3]
+
+ * common/sudo_conf.c:
+ Fix matching of "Path askpass" and "Path noexec"
+ [4df28d62afb9]
+
+2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Quiet a clang-analyzer dead store warning.
+ [dd90bf385a3f]
+
+ * plugins/sudoers/sudoers.c:
+ If the "timestampowner" user cannot be resolved, use ROOT_UID
+ instead of exiting with a fatal error.
+ [8d62aae99715]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/parse.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
+ Remove the NO_EXIT flag to log_error() and add a log_fatal()
+ function that exits and is marked no_return. Fixes false positives
+ from static analyzers and is easier for humans to read too.
+ [a0fe785c2a3d]
+
+2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
+ src/po/eo.po:
+ sync with translationproject.org
+ [df5e8777de13]
+
+2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/po/da.mo, src/po/da.po:
+ sync with translationproject.org
+ [629d99548b78]
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
+ sync with translationproject.org
+ [9d122a2860d6]
+
+2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/po/it.mo, src/po/it.po:
+ sync with translationproject.org
+ [6397593b15cf]
+
+ * common/sudo_conf.c, plugins/sudoers/alias.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/env.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
+ src/load_plugins.c:
+ Use ecalloc() when allocating structs.
+ [8b5888868db2]
+
+ * common/alloc.c, include/alloc.h:
+ Add ecalloc() and commented out recalloc(). Use inline strnlen()
+ instead of strlen() in estrndup().
+ [7fb9aa46c1e0]
+
+2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
+ src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
+ src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
+ src/po/zh_CN.mo, src/po/zh_CN.po:
+ sync with translationproject.org
+ [45a032c37334]
+
+2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Remove unused label
+ [2660bb0c1313]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document what changed in each plugin API revision
+ [59b30a6fc4d1]
+
+ * plugins/sudoers/set_perms.c:
+ Remove bogus optimization that could lead to a double free of the
+ group list.
+ [b0bfbd2a83a8]
+
+2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Expand AIX /etc/security/privcmds entry.
+ [9f3f072e034e]
+
+ * NEWS:
+ Update for sudo 1.8.5
+ [086049011f25]
+
+ * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
+ doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
+ include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
+ src/sudo_plugin_int.h:
+ Rename plugin "args" to "options"
+ [f25624951bd2]
+
+ * doc/CONTRIBUTORS:
+ Add Lithuanian and Vietnamese translators
+ [2b4c075b69e3]
+
+ * Makefile.in:
+ Ignore comments when comparing new and old pot files.
+ [f872999347b3]
+
+ * src/Makefile.in:
+ regen
+ [c8193b1b11c7]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
+ regen
+ [15e3c17e8a3a]
+
+ * doc/sudo_plugin.pod, include/sudo_plugin.h,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
+ src/sudo.c, src/sudo.h:
+ Pass a pointer to user_env in to the init_session policy plugin
+ function so session setup can modify the user environment as needed.
+ For PAM authentication, merge the PAM environment with the user
+ environment at init_session time. We no longer need to swap in the
+ user_env for environ during session init, nor do we need to disable
+ the env hooks at init_session time.
+ [3f5277b359d8]
+
+ * plugins/sample/sample_plugin.c:
+ Add explicit NULL entries for init_session, register_hooks and
+ deregister_hooks with appropriate comments.
+ [727a57978b40]
+
+ * compat/pw_dup.c:
+ Quiet a gcc "used uninitialized in this function" false positive.
+ [f14b68379ce9]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ We should always call warning() with a format string or a string
+ literal. In this case, the argument (path) is not user-controlled.
+ [e9ef51224024]
+
+2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/selinux.c:
+ Include sudo_exec.h for the sudo_execve() prototype.
+ [769e58065edc]
+
+ * config.h.in, configure, configure.in:
+ Add check for pam_getenvlist()
+ [36bde3f26c60]
+
+ * common/sudo_conf.c:
+ Set args to NULL in default plugin info struct when there is no
+ Plugin line in sudo.conf.
+ [93ec67708f01]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [a9287677795c]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ regen
+ [a242769d7962]
+
+ * configure, configure.in:
+ Bump version to 1.8.5
+ [e8618f0c2505]
+
+ * doc/sudo_plugin.pod:
+ Document hooks API
+ [e6ad07d27958]
+
+2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
+ [fd72340042d3]
+
+ * include/sudo_plugin.h:
+ Use sudo_hook_fn_t in struct sudo_hook.
+ [938f93112d6e]
+
+ * doc/TROUBLESHOOTING:
+ If cross compiling, --host must include the OS in the tuple. E.g.
+ --host powerpc-unknown-linux
+ [b8c010070c1e]
+
+2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c:
+ Fix bogus int -> bool conversion; tags can have a value of -1.
+ [e63d6434a303]
+
+ * plugins/sudoers/env.c:
+ Add env_should_keep() and env_should_delete() wrapper functions to
+ simplify things a bit and hide the fact that matches_env_check() is
+ not bool.
+ [7a03d7a12b50]
+
+ * sudo.pp:
+ Fix application of debian-specific sudoers mods when building
+ packages as non-root.
+ [34bf4c52c425]
+
+ * plugins/sudoers/env.c:
+ matches_env_check() returns int, not boolean
+ [0ad915b8d5cb]
+
+ * src/sudo_edit.c:
+ Fix compilation when seteuid() is not available.
+ [8a722f998000]
+
+ * src/ttyname.c:
+ Simply move the free of ki_proc outside the realloc() loop.
+ [217b786da760]
+
+ * src/ttyname.c:
+ Bring back the erealloc() for the ENOMEM loop and just zero the
+ pointer after we free it.
+ [29a016e45127]
+
+ * src/ttyname.c:
+ Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
+ [266e08844065]
+
+2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Use normal error path if unable to set sudoers gid.
+ [01c816918c99]
+
+ * plugins/sudoers/set_perms.c:
+ Make this work again on systems w/o seteuid().
+ [2e67f7421e97]
+
+2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Fix compilation if no seteuid/setreuid/setresuid available.
+ [d0b3c1f88eb4]
+
+ * plugins/sudoers/set_perms.c:
+ Better error messages, and added debugging throughout. Fixed
+ seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
+ AIX version of restore_perms(). Added checks to avoid changing
+ uid/gid when we don't have to. Never set gid/uid state to -1, use
+ the old value instead.
+ [29188d469b5c]
+
+ * src/exec_pty.c, src/ttyname.c:
+ Fix format string warning on Solaris with gcc 3.4.3.
+ [d1eeb6e1dd0f]
+
+ * src/sudo.c:
+ Always declare environ now that we swap it around unilaterally.
+ [aaa3e92e7d0d]
+
+ * src/Makefile.in:
+ Honor LDFLAGS when linking sesh; from Vita Cizek
+ [498b41438f6e]
+
+ * src/sesh.c:
+ Include alloc.h for estrdup() prototype; from Vita Cizek
+ [93203655a320]
+
+2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Don't read /etc/environment on Linux when using PAM, PAM should set
+ the environment variables as needed via pam_env.
+ [b1ef62cb2d40]
+
+ * INSTALL:
+ Fix editor goof.
+ [0c3dd3bb8b57]
+
+ * src/hooks.c, src/sudo.c, src/sudo.h:
+ Disable environment hooks after we get user_env back to make sure a
+ plugin can't to modify user_env after we "own" it. This is kind of
+ a hack but we don't want the init_session plugin function to modify
+ user_env.
+ [8e6d119452a5]
+
+ * src/hooks.c, src/sudo.c:
+ Add support for deregistering hooks. If an I/O log plugin fails to
+ initialize, deregister its hooks (if any).
+ [ac00c93900c5]
+
+2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
+ setenv.
+ [e75469dd9908]
+
+ * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
+ compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
+ configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
+ src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
+ src/sudo_plugin_int.h:
+ Initial cut at a hooks implementation. The plugin can register
+ hooks for getenv, putenv, setenv and unsetenv. This makes it
+ possible for the plugin to trap changes to the environment made by
+ authentication methods such as PAM or BSD auth so that such changes
+ are reflected in the environment passed back to sudo for execve().
+ [61cffa06f863]
+
+2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, src/po/vi.mo, src/po/vi.po:
+ Add Vietnamese sudo translation from translationproject.org
+ [96df426790d5]
+
+2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
+ doc/sudoers.pod:
+ List sudo_noexec.so not noexec.so in the sample sudo.conf
+ [53844e190ec5]
+
+ * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
+ doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
+ include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
+ src/sudo_plugin_int.h:
+ Add support for plugin args at the end of a Plugin line in
+ sudo.conf. Bump the minor number accordingly and update the
+ documentation. A plugin must check the sudo front end's version
+ before using the plugin_args parameter since it is only supported
+ for API version 1.2 and higher.
+ [587f1f819536]
+
+2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ update depends
+ [6d2da44e11e5]
+
+ * MANIFEST:
+ secure_path.c is in common, not compat
+ [619c4a663dde]
+
+ * configure, configure.in:
+ Add check for variadic macro support in cpp.
+ [756854caf675]
+
+2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add type param to sudo_secure_path() and add sudo_secure_file() and
+ sudo_secure_dir() wrappers which get by #includedir in sudoers.
+ [2ec2d3d8df04]
+
+2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.pod, plugins/sudoers/visudo.c:
+ Check the owner and mode in -c (check) mode unless the -f option is
+ specified. Previously, the owner and mode were checked on the main
+ sudoers file when the -s (strict) option was given, but this was not
+ documented.
+ [b2d6ee1e547a]
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some
+ versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
+ [159f6a50456a]
+
+2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS:
+ Add Eric Lakin for patch in bug #538
+ [490c29c234c6]
+
+ * src/exec_pty.c:
+ Fix typo in safe_close() made while converting to debug framework
+ that prevented it from actually closing anything.
+ [a66422a62afd]
+
+ * src/exec_pty.c:
+ Add some more debugging.
+ [b5667947dda9]
+
+ * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
+ include/Makefile.in:
+ We need sysconfdir in compat/Makfile to get the proper sudo.conf
+ path. Add standard prefix and foodir expansion in all Makefiles to
+ avoid this problem in the future.
+ [62b6ce4ecae9]
+
+2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
+ New Lithuanian sudoers translation from translationproject.org
+ [10436b649035]
+
+ * plugins/sudoers/po/ja.po:
+ Update from translationproject.org
+ [acb8db5f8ef1]
+
+2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ When adding gids to the LDAP filter, only add the primary gid once.
+ This is consistent with the space computation/allocation. From Eric
+ Lakin
+ [35d9d99c92c6]
+
+ * doc/TROUBLESHOOTING:
+ Add entry for AIX enhanced RBAC config.
+ [5e10b6f8def7]
+
+ * mkpkg:
+ Target Mac OS X 10.5 when building packages.
+ [06fce9bbebee]
+
+2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/secure_path.c,
+ common/sudo_conf.c, include/secure_path.h,
+ plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
+ Relax the user/group/mode checks on sudoers files. As long as the
+ file is owned by the right user, not world-writable and not writable
+ by a group other than the one specified at configure time (gid 0 by
+ default), the file is considered OK. Note that visudo will still
+ set the mode to the value specified at configure time.
+ [241174babfcc]
+
+2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Add AIX-specific version of permission setting code to make sure
+ that the saved uid gets restored properly.
+ [9a6f5d22c301]
+
+ * config.h.in, configure, configure.in, src/exec_common.c:
+ Check for LD_PRELOAD variants in configure instead of checkign cpp
+ symbols. In disable_execute(), compute the length of the new envp
+ and allocate it once instead of reallocating on demand. Also append
+ old value of LD_PRELOAD (if any) to the new value.
+ [680266346917]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
+ Fix the description of noexec.
+ [6a6d142f3c80]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
+ The "op" parameter to set_default() must be int, not bool since it
+ is set to '+' or '-' for list add and subtract.
+ [8da5b137bea2]
+
+ * sudo.pp:
+ Make sure sudoers is writable before calling ed script.
+ [95352ab6336b]
+
+2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, doc/contributors.pod:
+ Update contributors. Now includes translators and authors of compat
+ code.
+ [4fb5b616b50a]
+
+2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/po/sudo.pot:
+ regen
+ [2c86e2c328fe]
+
+ * pp, sudo.pp:
+ Build flat packages, not package bundles, on Mac OS X.
+ [57bda3cd5520]
+
+2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Move macos section to be with the other OS-specific sections.
+ [51423bb2973a]
+
+ * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
+ Sync with translationproject.org
+ [8ce41cbb8da0]
+
+ * configure, configure.in:
+ Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
+ [fa979aa6fe7d]
+
+ * sudo.pp:
+ Add Mac OS X support, printing the latest chunk of the NEWS file and
+ the license text in the installer.
+ [ffeab72387c0]
+
+ * sudo.pp:
+ Add explicit file modes that match those used by "make install"
+ [7eb37242c920]
+
+ * pp:
+ Sync with upstream for Mac OS X fixes.
+ [97cba179041e]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Got back to using "install-sh -M" for files installed as non-
+ readable by owner. This fixes "make install" as non-root for
+ package building.
+ [967804ee77d6]
+
+2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
+ Sync with translationproject.org
+ [0e53db12039a]
+
+ * Makefile.in, doc/Makefile.in, include/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Use -m not -M for install-sh for everything except setuid. Install
+ locale .mo files mode 0444, not 0644. If timedir parent doesn't
+ exist, use default dir mode, not 0700.
+ [8b6f64c92090]
+
+2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Re-sync with upstream; no longer need a local patch.
+ [97a2c7be5e59]
+
+ * mkpkg:
+ Add support for building Mac OS X packages.
+ [94d49ac223a4]
+
+ * pp:
+ Sync with upstream
+ [1c97654fc841]
+
+ * src/Makefile.in:
+ No longer need to define _PATH_SUDO_CONF here.
+ [2560905b7482]
+
+ * src/exec_common.c:
+ Fix noexec for Mac OS X.
+ [b7a744bca2c0]
+
+2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/Makefile.in:
+ Move _PATH_SUDO_CONF override to common to match sudo_debug.c
+ [f0788972a63a]
+
+ * plugins/sudoers/set_perms.c:
+ More complete fix for LDR_PRELOAD on AIX. The addition of
+ set_perm(PERM_ROOT) before calling the nss open functions (needed to
+ avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
+ and then real uid to 0 for PERM_ROOT works around the issue.
+ [5888eda051af]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [997fe403e219]
+
+ * src/sudo.c:
+ Set real uid to root before calling sudo_edit() or run_command() so
+ that the monitor process is owned by root and not by the user.
+ Otherwise, on AIX at least, the monitor process shows up in ps as
+ belonging to the user (and can be killed by the user).
+ [d4772d7d2fc5]
+
+ * plugins/sudoers/set_perms.c:
+ For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
+ the call to setuid(0) if the current euid is non-zero. This
+ effectively restores the state of things prior to rev 7bfeb629fccb.
+ Fixes a problem on AIX where LDR_PRELOAD was not being honored for
+ the command being executed.
+ [b9b40325b4dc]
+
+ * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
+ include/missing.h, src/sudo.c:
+ Make a copy of the struct passwd in exec_setup() to make sure
+ nothing in the policy init modifies it.
+ [b721261c921f]
+
+2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod:
+ update copyright
+ [f9d229d1f65e]
+
+ * common/sudo_debug.c, include/sudo_debug.h:
+ g/c now-unused debug subsystems
+ [8f21726e698f]
+
+ * doc/sudo.pod, doc/sudoers.pod:
+ Enumerate the debug subsystems used by sudo and sudoers.
+ [ac4f84293d14]
+
+2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
+ include/sudo_conf.h, src/sudo.c:
+ Normally, sudo disables core dumps while it is running. This
+ behavior can now be modified at run time with a line in sudo.conf
+ like "Set disable_coredumps false"
+ [ad14e0508b0d]
+
+ * NEWS:
+ Mention Spanish translation
+ [600f3205bd6e]
+
+ * common/sudo_debug.c:
+ Make sure we don't try to fall back to using the conversation
+ function for debugging in the main sudo process if we are unable to
+ open the debug file.
+ [ffa329aa908c]
+
+ * MANIFEST, src/po/es.mo, src/po/es.po:
+ Add sudo Spanish translation from translationproject.org
+ [c1906654e740]
+
+2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Better debug subsystem usage
+ [1a31f115743c]
+
+ * src/sudo.c:
+ Remove duplicate function prototypes
+ [ae04b00532eb]
+
+2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Error out if user specified --with-pam but we can't find the headers
+ or library. Also throw an error if the headers are present but the
+ library is not and vice versa.
+ [d6bf3e3d0aae]
+
+2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Fix the sudoers permission check when the expected sudoers mode is
+ owner-writable.
+ [8b0b7e770a22]
+
+2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Verify that we can link executables built with -D_FORTIFY_SOURCE
+ before using it.
+ [7578215d1a95]
+
+ * src/exec_common.c:
+ Fix potential off-by-one when making a copy of the environment for
+ LD_PRELOAD insertion. Fixes bug #534
+ [cc699cd551b6]
+
+ * configure, configure.in:
+ Add rudimentary check for _FORTIFY_SOURCE support by checking for
+ __sprintf_chk, one of the functions used by gcc to support it.
+ [a992673d2ef8]
+
+ * compat/stdbool.h, config.h.in, configure, configure.in:
+ Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
+ [8ba1370884b3]
+
+2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [1e0b38397705]
+
+2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/sudo.c:
+ The change in 818e82ecbbfc that caused to exit when the monitor dies
+ created a race condition between the monitor exiting and the status
+ being read. All we really want to do is make sure that select()
+ notifies us that there is a status change when the monitor dies
+ unexpectedly so shutdown the socketpair connected to the monitor for
+ writing when it dies. That way we can still read the status that is
+ pending on the socket and select() on Linux will tell us that the fd
+ is ready.
+ [7fb5b30ea48d]
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
+ src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
+ src/sudo_exec.h:
+ Refactor disable_execute() and my_execve() into exec_common.c for
+ use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
+ disabling exec in exec_setup(), disable it immediately before
+ executing the command. Adapted from a diff by Arno Schuring.
+ [ec4d8b53db6b]
+
+2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in:
+ Add custom version of AC_CHECK_LIB that uses the extra libs in the
+ cache value name. With this we no longer need to rely on a modified
+ version of autoconf.
+ [1c3b1d482d6c]
+
+2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Better handling of network functions that need -lsocket -lnsl
+ [cc386342ec2b]
+
+ * src/sudo.c:
+ When setting up the execution environment, set groups before
+ gid/egid like sudo 1.7 did.
+ [928e1c5fa6c1]
+
+ * configure, configure.in:
+ Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
+ [84b23cdf138f]
+
+ * plugins/sudoers/sudoers.c:
+ For "sudo -g" prepend the specified group ID to the beginning of the
+ groups list. This matches BSD convention where the effective gid is
+ the first entry in the group list. This is required on newer
+ FreeBSD where the effective gid is not tracked separately and thus
+ setgroups() changes the egid if this convention is not followed.
+ Fixes bug #532
+ [782d6909108b]
+
+2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix sh warning; use "test" instead of "["
+ [c6ee3407f65e]
+
+ * src/exec.c:
+ When not logging I/O, use a signal handler that only forwards
+ SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
+ Fixes a race in the non-I/O logging path where the command may
+ receive two keyboard-generated signals; one from the kernel and one
+ from the sudo process.
+ [9638684e786a]
+
+ * src/exec.c:
+ Back out change that put the command in its own pgrp when not
+ logging I/O. It causes problems with pipelines.
+ [4fc9c6e1e770]
+
+2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/Makefile.in, configure, configure.in:
+ Only run compat regress tests on compat objects we actually build.
+ Fixes "make check" in the compat dir for systems that don't
+ implement character classes in fnmatch() or glob(). Bug #531
+ [a7addc305e83]
+
+2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
+ Update po files from translationproject.org
+ [5ea066af1356]
+
+2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Include parent directories in case they don't already exist. This
+ fixes a directory permissions problem with the AIX package when the
+ /usr/local directories don't already exist.
+ [a14f783dc827]
+
+ * pp:
+ sync with git version
+ [2f79d0543661]
+
+ * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
+ regen dependencies
+ [24c92ca6c64d]
+
+ * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
+ Move tty name lookup code to its own file.
+ [58faf072cbf4]
+
+2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update with latest sudo 1.8.4 changes.
+ [a4ffe4f42528]
+
+ * config.h.in, configure, configure.in:
+ Remove obsolete template for HAVE_TIMESPEC
+ [75709007c906]
+
+ * src/sudo.c:
+ Add a check for devname() returning a fully-qualified pathname. None
+ of the devname() implementations do this today but you never know
+ when this might change.
+ [16813ace38f9]
+
+2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ For "visudo -c" also list include files that were checked when
+ everything is OK.
+ [ad6f85b35c9c]
+
+ * src/sudo.c:
+ The device name returned by devname() does not include the /dev/
+ prefix so we need to add it ourselves.
+ [b55285abb7ed]
+
+ * src/sudo.c:
+ Add debug warning if KERN_PROC sysctl fails or devname() can't
+ resolve the tty device to a name.
+ [b5a23916ba3a]
+
+ * common/sudo_debug.c:
+ The result of writev() is never checked so just cast to NULL.
+ [4be4e9b58d5b]
+
+ * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
+ Update Esperanto, Finnish, Polish and Ukrainian translations from
+ translationproject.org.
+ [bb91bc6ad7e9]
+
+2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_edit.c: Always update the stashed mtime of the temp file
- instead of using what we have for the original because the time
- resolution of the filesystem the temporary is on may not match
- that of the filesystem that holds the original. Should fix bz
- #371 found by Philippe Levan.
+ * config.h.in, configure, configure.in, src/sudo.c:
+ Add support for determining tty via sysctl on other BSD variants.
+ [fd15f63f719a]
+
+ * configure, configure.in:
+ Only check for struct kinfo_proc.ki_tdev on systems that support
+ sysctl.
+ [109b3f07a39d]
+
+ * src/sudo.c:
+ For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
+ ttyname() of std{in,out,err}.
+ [95969b70bd68]
-2009-09-24 21:11 millert
+2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, src/sudo.c:
+ On newer FreeBSD we can get the parent's tty name via sysctl().
+ [3207290501ee]
+
+ * plugins/sudoers/testsudoers.c:
+ Include locale.h
+ [a602cd0b8c2d]
+
+ * src/sudo.c:
+ Silence a gcc warning.
+ [8c6d0e3cd534]
+
+ * plugins/sudoers/bsm_audit.c:
+ Need to include gettext.h and sudo_debug.h; from John Hein
+ [447912aa7300]
+
+ * plugins/sudoers/iolog.c:
+ Initialize the debug framework from the I/O plugin too.
+ [ce1bf44d96d2]
+
+2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/testsudoers.c:
+ Enable debugging via sudo.conf.
+ [d85669c749d0]
+
+2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Use SUDO_DEBUG_ALIAS for alias checking functions.
+ [fb84af30dc76]
+
+ * configure, configure.in:
+ More complete test for getaddrinfo() that doesn't rely on the
+ network libraries already being added to LIBS.
+ [cbaf2369f4f0]
+
+2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/aix.c:
+ Add debug support.
+ [def1bdf24485]
+
+ * configure, configure.in:
+ Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
+ [a2ea1c2eac61]
+
+ * compat/getaddrinfo.c:
+ Include errno.h and missing.h
+ [7d15e17cc2f2]
+
+ * .hgignore:
+ ignore doc/varsub
+ [417f9fc3231b]
+
+ * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
+ plugins/sudoers/gram.y, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
+ src/parse_args.c, src/sudo.c, src/sudo.h:
+ Update copyright year.
+ [5d0ffc7dd567]
+
+ * NEWS:
+ Update for sudo 1.8.4
+ [841e3eff9844]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen pot files
+ [c509cb45b66a]
+
+ * plugins/sudoers/sudoreplay.c:
+ Enable debugging via sudo.conf.
+ [5087aaee8484]
+
+ * plugins/sudoers/visudo.c:
+ Enable debugging via sudo.conf.
+ [04b067c16ed3]
+
+ * plugins/sudoers/visudo.c:
+ Allow "visudo -c" to work when we only have read-only access to the
+ sudoers include files.
+ [d8c6713fe5c1]
+
+ * doc/sudo.pod, doc/visudo.pod:
+ Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
+ HISTORY section in sudo that points to HISTORY file.
+ [d1f1bcb051c5]
+
+ * doc/sudo.pod, doc/sudo_plugin.pod:
+ Document Debug setting in sudo.conf and debug_flags in plugin.
+ [acfc505aa4a9]
+
+2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
+ bug where a pattern like "/usr/*" include /usr/bin/ in the results,
+ which would be incorrectly be interpreted as if the sudoers file had
+ specified a directory. From Vitezslav Cizek.
+ [0cdb6252188c]
+
+ * INSTALL, config.h.in, configure, configure.in,
+ plugins/sudoers/auth/kerb5.c:
+ Add --enable-kerb5-instance configure option to allow people using
+ Kerberos V authentication to use a custom instance. Adapted from a
+ diff by Michael E Burr.
+ [e83af8bb7aa7]
+
+ * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
+ Remove -D debug_level option.
+ [cbcd05094347]
+
+ * doc/LICENSE:
+ Update copyright year.
+ [9f43dd7aa852]
+
+2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ parse_error is now bool, not int
+ [5ea7fb6fda38]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c:
+ Print a more sensible error if yyparse() returns non-zero but
+ yyerror() was not called.
+ [d44ec88f1183]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
+ plugins/sudoers/gram.c:
+ Replace y.tab.c with the correct filename in #line directives.
+ [3c84fcb7e959]
+
+2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
+ if the main process's fds 0-2 are not hooked up to a tty. Adapted
+ from a diff by Zdenek Behan.
+ [b9dfce12af85]
+
+ * src/exec.c:
+ When not logging I/O, put command in its own pgrp and make that the
+ controlling pgrp if the command is in the foreground. Fixes a race
+ in the non-I/O logging path where the command may receive two
+ keyboard-generated signals; one from the kernel and one from the
+ sudo process.
+ [d0e263ce496c]
+
+2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ Quiet a bogus gcc warning.
+ [2009669e0608]
+
+ * src/parse_args.c, src/sudo.h:
+ Fix warnings related to sudo.conf accessors.
+ [08ddc29ba50b]
+
+ * common/sudo_conf.c, include/sudo_conf.h:
+ Separate sudo.conf parsing from plugin loading and move the parse
+ functions into the common lib so that visudo, etc. can use them.
+ [f1fc659a8079]
+
+ * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
+ src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
+ Separate sudo.conf parsing from plugin loading and move the parse
+ functions into the common lib so that visudo, etc. can use them.
+ [e1f2cf6bd57a]
+
+ * doc/sudoers.pod, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/sudoers.c, src/sudo.c:
+ Remove support for noexec_file in sudoers and the plugin API
+ [3e2fd58879b5]
+
+ * plugins/sudoers/sudoers.c:
+ Don't dump interfaces if there are none.
+ [9081bb4d3e9e]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
+ Add missing %s printf escape to the group_plugin, iolog_dir and
+ iolog_file descriptions.
+ [7db03f2b737e]
+
+2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
+ Fix typo in visiblepw description; from Joel Pickett
+ [2fb4b26d5c2c]
+
+2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, configure, configure.in, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/sudo.c:
+ When running a login shell with a login_class specified, use
+ LOGIN_SETENV instead of rolling our own login.conf setenv support
+ since FreeBSD's login.conf has more than just setenv capabilities.
+ This requires us to swap the plugin-provided envp for the global
+ environ before calling setusercontext() and then stash the resulting
+ environ pointer back into the command details, which is kind of a
+ hack.
+ [ad4f1190143b]
+
+ * plugins/sudoers/Makefile.in:
+ If srcdir is "." just use the basename of the yacc/lex file when
+ generating the C version. This matches the generated files
+ currently in the repo.
+ [0b11c3df87a8]
+
+ * doc/Makefile.in, plugins/sudoers/Makefile.in:
+ Clean up the DEVEL noise
+ [9de2afe457fd]
+
+ * src/exec.c:
+ Handle different Unix domain socket (actually socketpair) semantics
+ in BSD vs. Linux. In BSD if one end of the socketpair goes away
+ select() returns the fd as readable and the read will fail with
+ ECONNRESET. This doesn't appear to happen on Linux so if we notice
+ that the monitor process has died when I/O logging is enabled,
+ behave like the command has exited. This means we log the wait
+ status of the monitor, not the command, but there is nothing else we
+ can do at that point. This should only be an issue if SIGKILL is
+ sent to the monitor process.
+ [818e82ecbbfc]
+
+ * src/exec_pty.c:
+ Catch common signals in the monitor process so they get passed to
+ the command. Fixes a problem when the entire login session is
+ killed when ssh is disconnected or the terminal window is closed.
+ Previously, the monitor would exit and plugin's close method would
+ not be called.
+ [0e4658263138]
+
+ * INSTALL, configure, configure.in:
+ Mention how to configure pam_hpsec on HP-UX to play nicely with
+ sudo.
+ [a7294cd8ce98]
+
+2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Escape values in the search expression as per RFC 4515.
+ [c2adbc5db92b]
+
+ * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ No need for install target to depend explicitly on install-dirs, the
+ install-foo targets all depend on it.
+ [62a36ed98279]
+
+2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgignore:
+ ignore src/sesh
+ [463d492f6782]
+
+ * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/Makefile.in:
+ Add support for setenv entries in login.conf. We can't use
+ LOGIN_SETENV since the plugin sets up the envp the command is
+ executed with. Also regen the Makefile.in files while here. Fixes
+ bug #527
+ [088d507926e2]
+
+2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
+ config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
+ src/net_ifs.c:
+ Add getaddrinfo() for those without it, written by Russ Allbery
+ [4cf9ac831222]
+
+ * doc/Makefile.in:
+ Restore PACKAGE_TARNAME, it is used in docdir
+ [9d65e893edb1]
+
+ * MANIFEST, compat/stdbool.h:
+ SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
+ the MANIFEST
+ [e67700dc5621]
+
+ * common/atobool.c, common/term.c, src/exec.c:
+ Remove duplicate return statements.
+ [48a20d5215fd]
+
+ * plugins/sudoers/auth/bsdauth.c:
+ Remove inaccurate comment
+ [e7f0265cf657]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
+ Fetch the login class for the user we authenticate specifically when
+ using BSD authentication. That user may have a different login
+ class than what we will use to run the command. When setting the
+ login class for the command, use the target user's struct passwd,
+ not the invoking user's. Fixes bug 526
+ [21bf0af892f7]
+
+ * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
+ [8ee6e0891f27]
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Fix "make check" fallout from the sudo_conv changes in sudo_debug.
+ [b0aaa63c9081]
+
+ * common/fileops.c, common/sudo_debug.c, configure, configure.in,
+ include/fileops.h, plugins/sample/Makefile.in,
+ plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
+ plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/env.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
+ src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
+ src/sudo_plugin_int.h, src/utmp.c:
+ Use stdbool.h instead of rolling our own TRUE/FALSE macros.
+ [dcb0bbc42fc9]
+
+2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/stdbool.h, config.h.in, configure, configure.in:
+ Add stdbool.h for systems without it.
+ [18bd9dda1dcd]
+
+ * aclocal.m4, config.h.in, configure, configure.in:
+ No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
+ includes have unistd.h in them. Add check for socklen_t for
+ upcoming getaddrinfo compat.
+ [d705465bef69]
+
+ * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
+ configure.in, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
+ plugins/sudoers/sudoreplay.c, src/net_ifs.c:
+ Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
+ HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
+ [fa187c9bd2be]
+
+ * src/sudo_noexec.c:
+ No longer need to include time.h here as missing.h does not use
+ time_t.
+ [fa3a089bf5b1]
+
+2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Fix mode on sudoers as needed when the -f option is not specified.
+ [7a1c40b0dc03]
+
+ * MANIFEST, src/po/sr.mo, src/po/sr.po:
+ Add Serbian translation for sudo from translationproject.org
+ [9a0c25e25cba]
+
+ * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
+ src/parse_args.c:
+ No longer pass debug_file to plugin, plugins must now use
+ CONV_DEBUG_MSG
+ [810cda1abb0b]
+
+ * mkpkg:
+ Build PIE executables for newer Debian and Ubuntu
+ [1c5f25f8904a]
+
+ * common/sudo_debug.c:
+ Include time.h for ctime() prototype.
+ [10090cf3bca1]
+
+2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
+ src/exec_pty.c:
+ Do not close error pipe or debug fd via closefrom() as we need them
+ to report an exec error should one occur.
+ [732f6587fafa]
+
+ * doc/sudoers.ldap.pod:
+ Document that a sudoUser may now be a group ID.
+ [2fef46b9d3d3]
+
+ * plugins/sudoers/ldap.c:
+ Add support for permitting access by group ID in addition to group
+ name.
+ [b9450fdf1f69]
+
+ * plugins/sudoers/ldap.c:
+ Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
+ [d62a1e7cff4f]
+
+ * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
+ Replace UCB fnmatch.c with a non-recursive version written by
+ William A. Rowe Jr.
+ [354d3384adb8]
+
+ * plugins/sudoers/auth/pam.c:
+ Fix typo, return_debug vs. debug_return
+ [1b522efcbb0d]
+
+2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
+ Update Japanese sudoers translation from translationproject.org
+ [ec0f2beaad36]
+
+ * doc/sudoers.pod:
+ Make the env_reset descriptions consistent.
+ [41c056f02688]
+
+2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Do multiple expansion when expanding paths to the noexec file, sesh
+ and the plugin directory. Adapted from a diff by Mike Frysinger
+ [d7e16c876c66]
+
+ * common/Makefile.in:
+ regen
+ [9d729e09c186]
+
+2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgignore:
+ Add ignore file; from Mike Frysinger
+ [1fa8d52425f8]
+
+ * mkdep.pl:
+ no longer save old Makefile.in to .old
+ [378dd2395545]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ regen
+ [769faf517720]
+
+ * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
+ m4/ltoptions.m4, m4/ltversion.m4:
+ Update to libtool 2.4.2
+ [9dac78d84b4f]
+
+2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers_version.h:
+ Bump grammar version for #include and #includedir relative path
+ support.
+ [82a4f7cd8f71]
+
+2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add support for relative paths in #include and #includedir
+ [4d6e3bd0c24f]
+
+ * plugins/sudoers/Makefile.in:
+ Fix install-plugin when shared objects are unsupported or disabled.
+ [cbdd770a7a1b]
+
+ * plugins/sudoers/goodpath.c:
+ Don't write to sbp if it is NULL
+ [fc438f8e8570]
+
+2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
+ only install matching .mo files
+ [c1dc30ab4ebc]
+
+2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, src/conversation.c:
+ Fix non-dynamic (no dlopen) sudo build.
+ [b0bd3fa925a3]
+
+ * configure, configure.in:
+ Don't error out if the user specified --disable-shared
+ [cf035dd1e5cc]
+
+ * common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/conversation.c:
+ Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
+ the debug file.
+ [640c62f83251]
+
+ * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/sudoers.h:
+ Make sudo_goodpath() return value bolean
+ [fea2d59a6e55]
+
+ * INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
+ Remove obsolete securid auth method.
+ [4e54f860214b]
+
+ * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h:
+ Prefix authentication functions with a "sudo_" prefix to avoid
+ namespace problems.
+ [581d74063ea1]
+
+ * INSTALL, MANIFEST, config.h.in, configure, configure.in,
+ doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
+ Remove the old Kerberos IV support
+ [2e4b4a44209d]
+
+2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Don't print garbage at the end of the custom lecture.
+ [44bb788fafaa]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add lexer tracing as debug@parser
+ [d850f3f9d414]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/visudo.c:
+ Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
+ <def_data.h> and not "def_data.h" when generating the parser in a
+ build dir.
+ [7da701def753]
+
+2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkdep.pl, plugins/sudoers/Makefile.in:
+ Better devdir support in mkdep.pl
+ [7dcec57bd155]
+
+ * plugins/sudoers/Makefile.in:
+ Add devdir before srcdir in include path and fix up dependecies
+ accordingly.
+ [6e9958eca485]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
+ #include "gram.h" not <gram.h> and "def_data.h" and not
+ <def_data.h>.
+ [003bdb078a15]
+
+ * sudo.pp:
+ Mark libexec files as optional. If we build without shared object
+ support, libexec is not used.
+ [4bffcf482219]
+
+ * src/load_plugins.c:
+ Change Debug sudo.conf setting to take a program name as the first
+ argument. In the future, this will allow visudo and sudoreplay to
+ use their own Debug entries.
+ [cfb8f7e4867c]
+
+ * src/sudo.c:
+ fix sudo_debug_printf priority
+ [dcb67e965609]
+
+ * plugins/sudoers/sudoers.c:
+ add missing debug_return_int
+ [d88ec450c592]
+
+2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
+ plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
+ Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
+ [dcee8efc294f]
+
+ * doc/UPGRADE:
+ Add missing word in HOME security note.
+ [fd844fdcc1ac]
+
+ * plugins/sudoers/testsudoers.c:
+ Prevent "testsudoers -d username" from trying to malloc(0).
+ [839126e56e8c]
+
+2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/sudoers/test10.in,
+ plugins/sudoers/regress/sudoers/test10.out.ok,
+ plugins/sudoers/regress/sudoers/test10.toke.ok,
+ plugins/sudoers/regress/sudoers/test10.toke.out.ok,
+ plugins/sudoers/regress/sudoers/test11.in,
+ plugins/sudoers/regress/sudoers/test11.out.ok,
+ plugins/sudoers/regress/sudoers/test11.toke.ok,
+ plugins/sudoers/regress/sudoers/test11.toke.out.ok,
+ plugins/sudoers/regress/sudoers/test12.in,
+ plugins/sudoers/regress/sudoers/test12.out.ok,
+ plugins/sudoers/regress/sudoers/test12.toke.ok,
+ plugins/sudoers/regress/sudoers/test13.in,
+ plugins/sudoers/regress/sudoers/test13.out.ok,
+ plugins/sudoers/regress/sudoers/test13.toke.ok,
+ plugins/sudoers/regress/sudoers/test9.in,
+ plugins/sudoers/regress/sudoers/test9.out.ok,
+ plugins/sudoers/regress/sudoers/test9.toke.ok,
+ plugins/sudoers/regress/sudoers/test9.toke.out.ok:
+ Tests for empty sudoers (should parse OK) and syntax errors within a
+ line (should report correct line number) both with and without the
+ trailing newline.
+ [d57c879c4718]
+
+ * plugins/sudoers/regress/sudoers/test4.out.ok,
+ plugins/sudoers/regress/sudoers/test5.out.ok,
+ plugins/sudoers/regress/sudoers/test7.out.ok,
+ plugins/sudoers/regress/sudoers/test8.out.ok,
+ plugins/sudoers/testsudoers.c:
+ Print line number when there is a parser error.
+ [5444ef6ac6dc]
+
+2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Keep track of the last token returned. On error, if the last token
+ was COMMENT, decrement sudolineno since the error most likely
+ occurred on the preceding line. Previously we always uses
+ sudolineno-1 which will give the wrong line number for errors within
+ a line.
+ [d661a03a64da]
+
+2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ update with sudo 1.8.3p1 info
+ [0f79ff31f602]
+
+ * plugins/sudoers/sudoers.c:
+ Fix crash when "sudo -g group -i" is run. Fixes bug 521
+ [a3087ae337c4]
+
+2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Make alias_remove_recursive() return TRUE/FALSE as its callers
+ expect and remove two unused arguments. Fixes bug 519.
+ [2ee3b2882844]
+
+ * plugins/sudoers/regress/visudo/test1.out.ok,
+ plugins/sudoers/regress/visudo/test1.sh:
+ Add regress test for bugzilla 519
+ [48000ebedf97]
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Disable warning/error wrapping in regress tests.
+ [373c589ba561]
+
+2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Do compile-po as part of sync-po so that the .mo files get rebuild
+ automatically when we sync with translationproject.org
+ [83f3cbfc2f33]
+
+ * plugins/sudoers/Makefile.in:
+ check_addr needs to link with the network libraries on Solaris
+ [322bd70e316e]
+
+ * plugins/sudoers/match.c:
+ When matching a RunasAlias for a runas group, pass the alias in as
+ the group_list, not the user_list. From Daniel Kopecek.
+ [766545edf141]
+
+ * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
+ We need to init the auth system regardless of whether we need a
+ password since we will be closing the PAM session in the monitor
+ process. Fixes a crash in the monitor on Solaris; bugzilla #518
+ [e82809f86fb3]
+
+2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Get rid of done: label. If the child exits we still need to close
+ the pty, update utmp and restore the SELinux tty context.
+ [cc127bf48405]
+
+2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/Makefile.in, common/atobool.c, common/fileops.c,
+ common/fmt_string.c, common/lbuf.c, common/list.c,
+ common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/alias.c, plugins/sudoers/audit.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
+ src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
+ src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
+ src/tgetpass.c, src/ttysize.c, src/utmp.c:
+ Add debug_decl/debug_return (almost) everywhere. Remove old
+ sudo_debug() and convert users to sudo_debug_printf().
+ [8f3bbf907b67]
+
+ * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/error.c:
+ Wrap error/errorx and warning/warningx functions with debug
+ statements. Disable wrapping for standalone sudoers programs as well
+ as memory allocation functions (to avoid infinite recursion).
+ [562ed7b5ae8d]
+
+ * README, config.h.in, configure, configure.in:
+ Add checks for __func__ and __FUNCTION__ and mention that we now
+ require a cpp that supports variadic macros.
+ [314cfe4c5d23]
+
+ * MANIFEST, common/Makefile.in, common/sudo_debug.c,
+ include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
+ src/load_plugins.c, src/parse_args.c, src/sudo.c,
+ src/sudo_plugin_int.h:
+ New debug framework for sudo and plugins using /etc/sudo.conf that
+ also supports function call tracing.
+ [cded741e9f10]
+
+2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
+ Update Japanese sudoers translation from translationproject.org
+ [c24725775e32]
+
+2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Override and ignore the --disable-static option. Sudo already runs
+ libtool with -tag=disable-static where applicable and we need non-
+ PIC objects to build the executables.
+ [aff1227b853a]
+
+2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Add sudoedit fix
+ [74655c7ccad1]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen pot files
+ [28d89a831ed3]
+
+ * plugins/sudoers/env.c:
+ Ignore set_logname (which is now the default) for sudoedit since we
+ want the LOGNAME, USER and USERNAME environment variables to refer
+ to the calling user since that is who the editor runs as. This
+ allows the editor to find the user's startup files. Fixes bugzilla
+ #515
+ [6c5dddf5ff05]
+
+ * plugins/sudoers/pwutil.c:
+ Instead of trying to grow the buffer in make_grlist_item(), simply
+ increase the total length, free the old buffer and allocate a new
+ one. This is less error prone and saves us from having to adjust
+ all the pointers in the buffer. This code path is only taken when
+ there are groups longer than the length of the user field in struct
+ utmp or utmpx, which should be quite rare.
+ [5587dc8cffaf]
+
+ * src/po/it.mo:
+ Add Italian translation for sudo from translationproject.org
+ [1b3dd886e7e3]
+
+ * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ src/po/ja.mo, src/po/ja.po:
+ Japanese translation for sudo and sudoers from
+ translationproject.org
+ [c06dd866be6e]
+
+2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ sudoreplay depends on timestr.lo too; from Mike Frysinger
+ [b9e73214b2f1]
+
+2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot:
+ Regen sudoers pot file.
+ [019588bafdb3]
+
+ * NEWS:
+ Update with latest sudo 1.8.3 news
+ [6868042a88e9]
+
+ * plugins/sudoers/sudoers.c:
+ It appears that LDAP or NSS may modify the euid so we need to be
+ root for the open(). We restore the old perms at the end of
+ sudoers_policy_open().
+ [2da67a5497ef]
+
+ * plugins/sudoers/set_perms.c:
+ Better warning message on setuid() failure for the setreuid()
+ version of set_perms().
+ [07abcfe7bd9a]
+
+2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Delref auth_pw at the end of check_user() instead of getting a ref
+ twice.
+ [cb665f55e6a5]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
+ Make sudo_auth_{init,cleanup} return TRUE on success and check for
+ sudo_auth_init() return value in check_user().
+ [92631c919356]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Do not return without restoring permissions.
+ [59ef40b6696a]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen pot files
+ [9f320a340b7c]
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Modify the authentication API such that the init and cleanup
+ functions are always called, regardless of whether or not we are
+ going to verify a password. This is needed for proper PAM session
+ support.
+ [19a53f3fb596]
+
+ * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
+ Add missing dependency for getspwuid.lo and regen other depends.
+ [f7f70eae819a]
+
+ * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
+ Fix a PAM_USER mismatch in session open/close. We update PAM_USER
+ to the target user immediately before setting resource limits, which
+ is after the monitor process has forked (so it has the old value).
+ Also, if the user did not authenticate, there is no pamh in the
+ monitor so we need to init pam here too. This means we end up
+ calling pam_start() twice, which should be fixed, but at least the
+ session is always properly closed now.
+ [fbc063a2a872]
+
+ * src/utmp.c:
+ Add check for old being NULL in utmp_setid(); from Steven McDonald
+ [e87126442f2e]
+
+2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ If the invoking user cannot be resolved by uid fake the struct
+ passwd and store it in the cache so we can delref it on exit.
+ [a27e2f8b9f5e]
+
+2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Don't error out if the group plugin cannot be loaded, just warn.
+ [0fbfcd381e33]
+
+2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Quiet a false positive found by several static analysis tools. These
+ tools don't know that log_error() does not return (it longjmps to
+ error_jmp which returns to the sudo front-end).
+ [33d0469df21b]
+
+2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
+ Add Italian translation for sudo from translationproject.org Regen
+ .mo files
+ [c3c888a82be6]
+
+2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Update to current reality and add bit about ssh auth
+ [184a1e7c2eeb]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Make "verbose" static; fixes a namespace clash with
+ pam_ssh_agent_auth (and it doesn't need to be extern these days).
+ [cc38d2eb2f4c]
+
+ * config.h.in, configure, configure.in, src/get_pty.c:
+ FreeBSD has libutil.h not util.h
+ [dab4c94b6d4f]
+
+ * configure, configure.in:
+ Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
+ [41c362f0a92a]
+
+2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
+ Update po files from translationproject.org
+ [1e99e147c7fa]
+
+2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add support for DEREF in ldap.conf.
+ [3c1937a98547]
+
+ * Makefile.in:
+ install target should depend on ChangeLog too, not just install-doc
+ [1a7c83941175]
+
+ * doc/sudoers.pod:
+ Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
+ [0eca47d60a2c]
+
+ * NEWS:
+ Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
+ [0501415cc5ff]
+
+ * doc/UPGRADE:
+ Document group lookup change and possible side effects.
+ [585743e1ebf7]
+
+ * configure, configure.in:
+ Fix some square brackets in case statements that needed to be
+ doubled up. While here, use $OSMAJOR when it makes sense.
+ [8973343f4696]
+
+ * plugins/sudoers/pwutil.c:
+ Fix a crash in make_grlist_item() on 64-bit machines with strict
+ alignment.
+ [c89508c73c46]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
+ Remove list_options() function that is no longer used now that "sudo
+ -L" is gone.
+ [fcc6a776c135]
- * configure, configure.in, sudoers.man.pl, sudoers.pod: Substitute
- in default value for secure_path
+ * configure, configure.in:
+ Error message if user tries --with-CC
+ [ec5b478f813a]
-2009-09-24 20:31 millert
+ * configure, configure.in:
+ Check for -libmldap too when looking for ldap libs, which is the
+ Tivoli Directory Server client library.
+ [bb3007a97206]
- * sudo.pod: Mention that the password must be followed by a newline
- with the -S option.
+2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-08-07 10:21 millert
+ * plugins/sudoers/parse.c:
+ Honor NOPASSWD tag for denied commands too.
+ [8dd92656db92]
- * auth/pam.c: Set PAM_RUSER and PAM_RHOST early so they can be used
- during authentication. Based on a patch from Jamie Beverly.
+2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-08-07 09:25 millert
+ * INSTALL, configure, configure.in:
+ Remove --with-CC option; it doesn't work correctly now that we use
+ libtool. Users can get the same effect by setting the CC
+ environment variable when running configure.
+ [ec22bd1a55e0]
- * match.c: Close dir before returning if strlcpy() reports
- overflow. From Martynas Venckus.
+2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-07-18 09:55 millert
+ * config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
+ src/sudo_edit.c:
+ Assume all modern systems support fstat(2).
+ [6a5a8985f6a0]
- * toke.c, toke.l: Fix expansion of %h in #include names. Fixes
- bugzilla 363
+2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-07-12 17:17 millert
+ * compat/regress/glob/globtest.c, config.h.in, configure,
+ configure.in, include/missing.h, plugins/sudoers/sudoers.h,
+ src/sudo.h, src/sudo_noexec.c:
+ Add configure test for missing errno declaration and only declare it
+ ourselves if it is missing.
+ [456e76c809a2]
- * mkdefaults: If no arg assume def_data.in
+ * plugins/sudoers/alias.c:
+ Include errno.h before sudo.h to avoid conflicting with the system
+ definition of errno.
+ [d0b97e392512]
-2009-07-11 21:27 millert
+2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * README, WHATSNEW: Update for 1.7.2
+ * plugins/sudoers/regress/parser/check_addr.c:
+ Only print individual check status when there is a failure.
+ [2ac704c91441]
-2009-07-11 21:12 millert
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c:
+ Add calls to setprogname() for test programs.
+ [a8d9b420e826]
- * ChangeLog: sync
+ * configure, configure.in:
+ Add -Wall and -Werror after all tests so they don't cause failures.
+ [2661188ff3fa]
-2009-06-30 08:41 millert
+ * plugins/sudoers/Makefile.in:
+ Actually run check_addr in the check target
+ [0b2778bc86bf]
- * sudoers.cat, sudoers.man.in, sudoers.pod: Add missing single
- quotes around a colon in Runas_Spec definition. From Elias
- Benali.
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_addr.in:
+ Split out address matching into its own file and add regression
+ tests for it.
+ [12b9a2bf8dba]
-2009-06-29 09:36 millert
+2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * redblack.c: In rbrepair, re-color the root or the first non-block
- node we find to be black. Re-coloring the root is probably not
- needed but won't hurt.
+ * plugins/sudoers/match.c:
+ When matching an address with a netmask in sudoers, AND the mask and
+ addr before checking against the local addresses.
+ [9747bb6d7b1c]
-2009-06-29 09:35 millert
+2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudoers.cat, sudo.man.in, sudoers.man.in: regen
+ * plugins/sudoers/match.c:
+ Fix netmask matching.
+ [a3c8f8cc1464]
-2009-06-26 16:40 millert
+ * plugins/sudoers/visudo.c:
+ Don't assume all editors support the +linenumber command line
+ argument, use a whitelist of known good editors.
+ [21d43a91fd10]
- * redblack.c: When repairing the tree, don't touch the root node.
+2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-06-25 08:44 millert
+ * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
+ src/exec_pty.c, src/sudo.c:
+ Silence compiler warnings on Solaris with gcc 3.4.3
+ [da620bae6fdb]
- * set_perms.c: Protect call to setegid in runas_setup with #ifdef
- HAVE_SETEUID. Reported by Josef Schmid.
+ * mkpkg:
+ Fix building on RHEL 3
+ [f3227fb2a252]
-2009-06-23 14:29 millert
+ * INSTALL, configure, configure.in:
+ Add --enable-werror configure option.
+ [fec2cdb95543]
- * sudoers.pod: Document that we accept env_pam-style environment
- files
+ * common/setgroups.c:
+ setgroups() proto lives in grp.h on RHEL4, perhaps others.
+ [de91c0de5a98]
-2009-06-23 14:24 millert
+ * configure, configure.in:
+ Use PAM by default on AIX 6 and higher.
+ [e16493208e5f]
- * env.c: Adapt to accept pam_env-style /etc/environment which
- allows shell-style lines such as: export EDITOR="/usr/bin/vi"
+2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-06-23 12:22 millert
+ * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ src/po/eo.mo, src/po/eo.po:
+ Add new Esperanto translation from translationproject.org
+ [0d9a59e04c64]
- * sudoers.pod: Make it clear that env_delete only works when
- !env_reset. From Loïc Minier
+2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-06-15 17:19 millert
+ * plugins/sudoers/iolog_path.c:
+ Quiet an innocuous valgrind warning.
+ [0582b6027161]
- * sudo.pod, sudoers.pod: Add non-unix group bits, adapted from
- Quest
+2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-06-15 17:18 millert
+ * plugins/sudoers/iolog_path.c,
+ plugins/sudoers/regress/iolog_path/data:
+ Fix expansion of strftime() escapes in log_dir and add a regress
+ test that exhibited the problem.
+ [a5c7c1c4c589]
- * Makefile.in: build the .cat page in the current working dir, not
- the src dir
+ * plugins/sudoers/Makefile.in:
+ Fix "make check" return value.
+ [33b58e175230]
-2009-06-15 09:10 millert
+2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Return EINVAL in setenv() if var is NULL or the empty
- string to match glibc behavior.
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Regen pot files
+ [063841aac19b]
-2009-06-13 16:52 millert
+ * Makefile.in:
+ Fix logic inversion in pot file up to date check.
+ [f6a8ca8654df]
- * configure, configure.in: Use AS_HELP_STRING for AC_ARG_WITH and
- AC_ARG_ENABLE
+2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-06-11 16:29 millert
+ * configure, configure.in:
+ Add caching for gettext() checks.
+ [01b7200f6105]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
- sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
- regen
-
-2009-06-09 10:08 millert
-
- * INSTALL: Document --with-libvas and --with-libvas-rpath
-
-2009-05-29 09:43 millert
-
- * ldap.c, sudoers.ldap.pod: For netscape-derived LDAP SDKs the cert
- and key paths may be a directory or a file. However, version 5.0
- of the SDK only seems to support using a directory. If
- ldapssl_clientauth_init fails and the cert or key paths look like
- they could be files, strip off the last path element and try
- again.
-
-2009-05-29 09:40 millert
-
- * Makefile.in: Add non-Unix group .o to COMMON_OBJS and substitute
- in path to flex.
-
-2009-05-26 20:49 millert
-
- * configure, configure.in, match.c, sudo.c, vasgroups.c: Update
- non-Unix group support from Quest, as reworked by me.
-
-2009-05-26 20:47 millert
-
- * toke.c: regen
-
-2009-05-26 20:46 millert
-
- * toke.l: Add support for escaped hex chars in names, e.g. \x20 for
- space.
-
-2009-05-25 08:02 millert
-
- * LICENSE, Makefile.in, aclocal.m4, alias.c, check.c, env.c,
- fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c,
- logging.c, logging.h, match.c, parse.c, parse.h, pathnames.h.in,
- pwutil.c, set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c,
- sudo_nss.h, sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod,
- testsudoers.c, tgetpass.c, toke.l, visudo.c, auth/aix_auth.c,
- auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h: Update copyright
- years.
-
-2009-05-24 08:33 millert
+ * configure, configure.in:
+ Better handling of libintl header and library mismatch.
+ [9a49b1d4db69]
- * interfaces.c, lbuf.c: Minor fixes for Minix-3
+2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-05-22 06:37 millert
+ * plugins/sudoers/sudoers.c:
+ Also check sudoers gid if sudoers is group writable.
+ [23ef96ca0d33]
- * set_perms.c: Handle getgroups() returning 0. Also add missing
- check for HAVE_GETGROUPS.
+2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-05-19 17:24 millert
+ * configure, configure.in:
+ If dlopen is present but libtool doesn't find it, error out since it
+ probably means that libtool doesn't support the system.
+ [a9da0a5f7941]
- * Makefile.in, config.h.in, configure, configure.in, sudo.c,
- version.h, visudo.c: Replace version.h with PACKAGE_VERSION set
- via AC_INIT in configure.
-
-2009-05-18 06:33 millert
-
- * set_perms.c: Remove group setting code in setusercontext case, we
- will do it ourselves later on in runas_setup. Set the gid after
- initgroups/setgroups is called, since on Mac OS X it seems to
- change the egid.
-
-2009-05-17 18:19 millert
-
- * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
- vasgroups.c: Initial bits of non-unix group support using Quest
- Authentication Services
-
-2009-05-17 16:52 millert
-
- * toke.c, toke.l: Accept %:foo as a non-Unix group
+ * mkpkg:
+ configure args on the command line should override builtin defaults.
+ Disable NLS for non-Linux/Solaris unless explicitly enabled.
+ [b2fb05614504]
-2009-05-17 16:22 millert
+ * plugins/sudoers/auth/aix_auth.c:
+ Fix loop that calls authenticate(). If there was an error message
+ from authenticate(), display it.
+ [063a0c4f0b9a]
- * toke.c, toke.l: Allow user/group to be double quoted in the case
- of non-Unix groups which contain spaces.
+2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-05-11 12:47 millert
+ * m4/libtool.m4, m4/ltversion.m4:
+ Update to autoconf 2.68 and libtool 2.4
+ [5a912a6eb67b]
- * match.c: Don't allow the user to specify the default runas user
- if their sudoers entry only allows them to run as a group.
+ * config.guess, config.sub, configure, configure.in, ltmain.sh:
+ Update to autoconf 2.68 and libtool 2.4
+ [931ab56aecf6]
-2009-05-10 07:59 millert
+ * doc/sudoers.pod:
+ Fix typo; OPT should be OTP
+ [e97bd2e46544]
- * sudo.c: Must call audit_success before we change uids.
+ * plugins/sudoers/Makefile.in:
+ Rename libsudoers convenience library to libparsesudoers to avoid
+ libtool confusion.
+ [2a89a613f537]
-2009-05-10 07:52 millert
+2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c, set_perms.c, sudo.h, testsudoers.c: Add option for
- set_perm to not exit on failure and use this in the logging
- routines.
+ * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
+ Add Danish sudoers translation from translationproject.org
+ [27b96e85eb13]
-2009-05-10 07:33 millert
+ * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
+ Add dedicated callback function for runas_default sudoers setting
+ that only sets runas_pw if no runas user or group was specified by
+ the user.
+ [b8382d8eea34]
- * parse.c: In -l mode, if the user is only allowed to run as a
- group, display the user's name, not root's before the allowed
- group.
+2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-05-09 21:00 millert
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
+ src/po/ru.po:
+ Update Finish, Polish, Russian and Ukrainian translations from
+ translationproject.org.
+ [f9339aff664e]
+
+ * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c:
+ Go back to using a callback for runas_default to keep runas_pw in
+ sync. This is needed to make per-entry runas_default settings work
+ with LDAP-based sudoers. Instead of declaring it a callback in
+ def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
+ bit naughty, but avoids requiring stub functions in visudo and the
+ tests.
+ [9aaefb908415]
+
+2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Add check for out of date message catalogs when doing "make dist".
+ [e45a29b612f4]
+
+2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [d6f9ad26774a]
+
+ * configure.in:
+ Make sure compiler supports static-libgcc before using it.
+ [b01bd9566e50]
+
+2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/Makefile.in:
+ Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
+ [c99c7ab3edef]
+
+2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
+ plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
+ plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
+ src/po/zh_CN.mo:
+ Add new Russian sudo translation from translationproject.org and
+ rebuild the other translation files.
+ [e20015459056]
+
+2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
+ Update Finish and Polish translations from translationproject.org
+ [4e3dbba4a1de]
+
+ * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
+ Go back to escaping the command args for "sudo -i" and "sudo -s"
+ before calling the plugin. Otherwise, spaces in the command args
+ are not treated properly. The sudoers plugin will unescape non-
+ spaces to make matching easier.
+ [dfa2c4636f33]
+
+2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Fix some potential problems found by the clang static analyzer, none
+ serious.
+ [ff64aa74aae6]
+
+ * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
+ src/po/zh_CN.po:
+ Updated Ukranian and Chinese (simplified) po files from
+ translationproject.org
+ [ec792becb48e]
+
+2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/pl.po:
+ Updated Polish translation from translationproject.org
+ [a3af53cb649c]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Rebuild pot files
+ [c650524c0f0a]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
+ Don't try to audit failure if the runas user does not exist. We
+ don't have the user's command at this point so there is nothing to
+ audit. Add a NULL check in audit_success() and audit_failure() just
+ to be on the safe side.
+ [2a0007c2022f]
+
+ * mkpkg:
+ Add -g to CFLAG for PIE builds.
+ [32a0a9693c9c]
+
+2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/sudo.c:
+ Remove fallback to per-group lookup when matching groups in sudoers.
+ The sudo front-end will now use getgrouplist() to get the user's
+ list of groups if getgroups() fails or returns zero groups so we
+ always have a list of the user's groups. For systems with
+ mbr_check_membership() which support more that NGROUPS_MAX groups
+ (Mac OS X), skip the call to getgroups() and use getgrouplist() so
+ we get all the groups.
+ [51b3ed8c600b]
+
+2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/setgroups.c:
+ Fix setgroups() fallback code on EINVAL.
+ [2b6faecd56a4]
+
+ * plugins/sudoers/set_perms.c:
+ Fix two PERM_INITIAL cases that were still using user_gids.
+ [9680bab0acc6]
+
+ * MANIFEST:
+ Add Polish sudo message catalog
+ [8bb40c3ba576]
+
+ * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ user_group is no longer used, remove it
+ [9acede0fe6c5]
+
+2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
+ Add Polish translation from translationproject.org
+ [afac5c638573]
+
+ * MANIFEST, common/Makefile.in, common/setgroups.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c:
+ Add a wrapper for setgroups() that trims off extra groups and
+ retries if setgroups() fails. Also add some missing addrefs for
+ PERM_USER and PERM_FULL_USER.
+ [224dfd8aae5c]
+
+ * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
+ configure, configure.in, include/missing.h, mkdep.pl,
+ plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
+ Instead of keeping separate groups and gids arrays, create struct
+ group_info and use it to store both, along with a count for each.
+ Cache group info on a per-user basis using getgrouplist() to get the
+ groups. We no longer need special to special case the user or list
+ user for user_in_group() and thus no longer need to reset the groups
+ list when listing another user.
+ [0ad849a8b2d5]
+
+ * src/preload.c:
+ Don't rely on NULL since we don't include a header for it.
+ [b40937f1890c]
+
+2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod:
+ Fix typo
+ [c1035360e169]
+
+2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Do not shadow global sudo_mode with a local variable in set_cmnd()
+ [0c72969503ad]
+
+2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ bash 2.x doesd not support the -l flag and exits with an error if it
+ is specified so use --login instead. This causes an error with bash
+ 1.x (which uses -login instead) but this version is hopefully less
+ used than 2.x.
+ [5c4c296e30e6]
+
+ * src/po/pl.mo, src/po/pl.po:
+ Add Polish translation from translationproject.org
+ [48592dd6edcf]
+
+2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Make error strings translatable.
+ [414c5c484768]
+
+ * mkpkg:
+ Only run configure with --with-pam-login for RHEL 5 and above.
+ [6c16e4de4026]
+
+ * sudo.pp:
+ Fix typo in summary
+ [9ac618c9a749]
+
+2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logwrap.c:
+ Add missing logwrap.c
+ [c12a413ecc1d]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/logging/check_wrap.in,
+ plugins/sudoers/regress/logging/check_wrap.out.ok:
+ Split out log file word wrap code into its own file and add unit
+ tests. Fixes an off-by one in the word wrap when the log line
+ length matches loglinelen.
+ [52ed277f6690]
+
+2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ For SuSE, only use /usr/lib64 as libexec if generating 64-bit
+ binaries.
+ [645ab903cf77]
+
+ * src/load_plugins.c, src/sudo.c:
+ Fix build error when --without-noexec configure option is used.
+ [b994f7b0d8b4]
+
+ * configure, configure.in:
+ Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
+ 5.3 and above.
+ [c2a6f9b472f3]
+
+2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Resolve the list of gids passed in from the sudo frontend (the
+ result of getgroups()) to names and store both the group names and
+ ids in the sudo_user struct. When matching groups in the sudoers
+ file, match based on the names in the groups list first and only do
+ a gid-based match when we absolutely have to. By matching on the
+ group name (as it is listed in sudoers) instead of id (which we
+ would have to resolve) we save a lot of group lookups for sudoers
+ files with a lot of groups in them.
+ [8dc19353f148]
+
+2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Workaround for "sudo -i command" and newer versions of bash which
+ don't go into login mode when -c is specified unless -l is too.
+ [9393762b80f3]
- * sudo.c: Fix -g mode, broken by rev 1.503 which had the side
- effect of setting the runas user to root unilaterally.
+2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-05-08 16:19 millert
+ * plugins/sudoers/logging.c:
+ Rewrite logfile word wrapping code to be more straight-forward and
+ actually wrap at the correct place.
+ [f712a0c90f55]
- * fileops.c: When unlocking a file with fcntl, use F_SETLK, not
- F_SETLKW.
+2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-05-08 13:07 millert
+ * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
+ Set use_pty=true in command details when use_pty is set in sudoers.
+ From Ludwig Nussel
+ [8d95a163dfc1]
- * pwutil.c: Only cache by the method we fetched for pwd and grp
- lookups. Previously we cached both by namd and id but this can
- cause problems for entries that share the same id. Also add more
- info in the error message in case the insert fails (which should
- now be impossible).
+2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/zh_CN.mo, src/po/zh_CN.po:
+ Sync Chinese (simplified) PO files from translationproject.org
+ [acce8eb7be18]
+
+2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
+ plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
+ Add Danish translation from translationproject.org and add missing
+ Basque mo files.
+ [0c22bb21b9c4]
+
+ * Makefile.in, configure, configure.in:
+ No longer need to specify LINGUAS in configure, "make install-nls"
+ now just installs all the .mo files it finds.
+ [fcd45cf04885]
+
+2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
+ Build CONTRIBUTORS from newly-added contributors.pod
+ [8b192f2720f4]
+
+ * doc/CONTRIBUTORS:
+ Rework the wording in the leading paragraph
+ [312044145cdd]
+
+2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, doc/CONTRIBUTORS:
+ Add a CONTRIBUTORS file with the names of folks who have contributed
+ code or patches to sudo since I started maintaining it (plus the
+ original authors).
+ [b8bdd8b59528]
+
+2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c:
+ Preserve SHELL variable for "sudo -s". Otherwise we can end up with
+ a situation where the SHELL variable and the actual shell being run
+ do not match.
+ [b8b3974aee3e]
+
+2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-04-30 15:04 millert
+ * configure, configure.in:
+ Only enable Solaris project support when setproject() is present in
+ libproject.
+ [49ad7857ab89]
+
+ * sudo.pp:
+ Explicitly set mode and owner of /etc/sudoers instead of relying on
+ "cp -p" to work in the postinstall script. On AIX 6.1 at least the
+ postinstall script runs before the final file permissions are set.
+ [e41ffc0212b2]
- * sudoers.pod: Add a clarification from Nick Sieger
+2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-04-25 12:49 millert
+ * doc/sudo.pod, doc/sudoers.pod:
+ Refer the user to the "Command Environment" section in description
+ of sudo's -i option.
+ [263cc3be7eef]
- * env.c: Inline the setting of the environment string.
+ * doc/sudo.pod:
+ Fix typo
+ [35dfac450f4d]
+
+2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-04-24 14:53 millert
+ * mkdep.pl:
+ If there is no old dependency for an object file, use the MANIFEST
+ to find its source.
+ [d15e3b9899f9]
- * env.c: setenv(3) in Linux treats a NUL value as the empty string
- setenv(3) in BSD doesn't return an error if the name has '=' in
- it, it just treats the '=' as end of string.
+ * compat/Makefile.in:
+ Remove dependency for getgrouplist.lo as we don't ship that source
+ file.
+ [312a6d5fe6b0]
-2009-04-22 16:32 millert
+2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l: Not all systems have d_namlen
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Do not declare yyparse() static as the actual function generated by
+ yacc is extern.
+ [9017b79dcf55]
-2009-04-20 13:53 millert
+2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Fix up some pod2html issues.
+ * Makefile.in:
+ Remove locale files in "make uninstall"
+ [201ff261ecbe]
-2009-04-19 14:09 millert
+ * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/uk.po, src/po/eu.po:
+ Add Basque translation and sync Finish and Ukranian translations.
+ [66d2c78c8a13]
- * interfaces.c: Check for NULL ifa_addr and ifa_netmask. Adapted
- from a diff from Quest Software.
+ * configure, configure.in:
+ FreeBSD no longer needs the main sudo binary to link with -lpam now
+ that plug-ins are loaded with RTLD_GLOBAL.
+ [96c710df2457]
-2009-04-19 09:01 millert
+ * plugins/sudoers/group_plugin.c, src/load_plugins.c:
+ Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
+ problems with pam modules not having access to symbols provided by
+ libpam on some platforms. Affects FreeBSD and SLES 10 at least.
+ [0d016983ec84]
- * sudoers.pod: Ignore files ending in '~' in sudo.d (emacs backup
- files)
+ * Makefile.in:
+ Move xgettext invocation out of update-po target into update-pot
+ [19a73c6d017c]
-2009-04-19 08:56 millert
+2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l: Ignore files ending in '~' in sudo.d (emacs
- backup files)
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Regenerate .pot files for 1.8.2rc2
+ [c3037f591dd8]
-2009-04-18 19:37 millert
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Move nls targets to the top level Makefile so the paths in the pot
+ file are saner
+ [65b9285cd8d9]
- * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l: For
- #includedir, ignore any file containing a dot
+ * src/po/fi.mo:
+ Add compiled version of sudo Finish translation
+ [8f2405384ea3]
-2009-04-18 19:25 millert
+ * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
+ Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
+ files
+ [a165e70fa9ec]
- * Makefile.in, version.h: Bump version
+ * configure, configure.in, plugins/sudoers/po/fi.po:
+ Add Finish translation from translationproject.org
+ [4466f8a96ceb]
-2009-04-18 19:25 millert
+2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
- sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
- visudo.c: Implement #includedir directive. Files in an
- includedir are not edited by visudo unless they contain a syntax
- error.
-
-2009-04-18 12:06 millert
-
- * ChangeLog: sync
-
-2009-04-18 10:27 millert
+ * doc/sudoers.pod:
+ The group named by exempt_group should not have a % prefix.
+ [df084d6b32c8]
- * WHATSNEW: Forgot umask_override
+2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-04-18 09:25 millert
+ * doc/sudoers.pod:
+ Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
+ [5113699a3f8b]
+
+2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * ChangeLog, TODO: sync
+ * src/exec.c, src/exec_pty.c:
+ Fix compressed io log corruption in background mode by using _exit()
+ instead of exit() to avoid flushing buffers twice.
+
+ Improved background mode support. When not allocating a pty, the
+ command is run in its own process group. This prevents write access
+ to the tty. When running in a pty, stdin is not hooked up and we
+ never read from /dev/tty, which results in similar behavior.
+ [87c15149894c]
-2009-04-16 08:22 millert
+ * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
+ Clean up regress files Generate proper dependencies for regress objs
+ in compat
+ [88bfc728c1e7]
+
+ * plugins/sudoers/Makefile.in:
+ Add missing dependency for check_fill.o.
+ [0bd6362e3e17]
+
+2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: Rewind stream if we fdopen sudoers since it may not be
- at the beginning. Set the keepopen flag on already-open files
- too so the lexer doesn't close them out from under us.
+ * INSTALL, configure, configure.in:
+ Add support for --enable-nls[=location]
+ [b90db44a050f]
-2009-04-16 08:18 millert
+2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/linux_audit.c:
+ Include gettext.h
+ [7f909a6e48cb]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
+ Quiet gcc warnings.
+ [b41a6cdca583]
+
+ * configure, configure.in:
+ Don't install .mo files if gettext was not found.
+ [1397b34cc165]
+
+2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Always allocate a pty when running a command in the background but
+ call setsid() after forking to make sure we don't end up with a
+ controlling tty.
+ [b6454ba172e8]
+
+ * plugins/sudoers/iolog.c:
+ Add missing space between command name and the first command line
+ argument.
+ [fe217f0a36d4]
+
+ * plugins/sudoers/sudoreplay.c:
+ Quiet a compiler warning on some platforms.
+ [de9f2849f236]
+
+ * plugins/sudoers/po/README, src/po/README:
+ README file that directs people to translationproject.org
+ [30c0fc323281]
+
+ * plugins/sudoers/po/uk.po, src/po/fi.po:
+ Sync translations with TP
+ [1d7d64559cba]
+
+ * Makefile.in:
+ Add 'sync-po' target to top-level Makefile to rsync the po files
+ from translationproject.org.
+ [20508211aaa3]
+
+ * plugins/sudoers/Makefile.in:
+ install nls files from install target
+ [5fc07b6cab38]
+
+ * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
+ Include .mo files in sudo binary packags.
+ [278d4821a916]
+
+ * configure, configure.in, plugins/sudoers/po/zh_CN.mo,
+ plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
+ Add simplified chinese translation
+ [2b33ffc755b9]
+
+2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, plugins/sudoers/po/uk.mo,
+ plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
+ Add ukranian translation
+ [2d8102688e93]
+
+ * compat/Makefile.in:
+ refer to siglist.c, not ./siglist.c since not all makes will treat
+ foo and ./foo the same.
+ [6639d293ffba]
+
+ * plugins/sudoers/sudoers.c:
+ Set def_preserve_groups before searching for the command when the -P
+ flag is specified.
+ [0edc7942f875]
+
+ * Makefile.in, compat/Makefile.in, mkdep.pl,
+ plugins/sudoers/Makefile.in:
+ Add dependency for siglist.lo in compat. This is a generated file
+ so "make depend" needs to depend on it.
+ [28d0932f8b50]
+
+ * compat/Makefile.in:
+ More dependency fixes.
+ [aad0d05cd020]
+
+ * compat/Makefile.in:
+ Fix a few dependencies.
+ [eb21aa35a032]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Place compiled mo files in the src dir, not the build dir. When
+ installing compiled mo files, display a status message.
+ [e15634c29cd3]
+
+2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Tivoli Directory Server requires that seconds be present in a
+ timestamp, even though RFC 4517 states that they are optional.
+ [55fe23dd4ef9]
+
+ * plugins/sudoers/sudo_nss.h:
+ Add missing bit of copyright
+ [d2eba3c364ca]
+
+ * doc/visudo.pod:
+ Mention cycle detection warnings
+ [a76bef15ab67]
+
+ * plugins/sudoers/visudo.c:
+ When checking aliases, also check the contents of the alias in case
+ there are problems with an alias that is referenced inside another.
+ Replace the self reference check with real alias cycle detection.
+ [a66c904cf53b]
+
+ * plugins/sudoers/alias.c:
+ Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
+ ENOENT in alias_find() and alias_remove() if the entry could not be
+ found.
+ [b4f0b89e433c]
+
+ * plugins/sudoers/visudo.c:
+ Increment alias_seqno before calls to alias_remove_recursive() to
+ avoid false positives with the alias loop detection. Fixes spurious
+ warnings about unused aliases when they are nested.
+ [a344483b8193]
+
+ * MANIFEST:
+ add mkdep.pl
+ [86b7ed33eab2]
+
+ * plugins/sudoers/Makefile.in:
+ Add dependency on convenience libs to binaries
+ [cd3078b3c997]
+
+ * Makefile.in:
+ mkdep.pl only works when run from the src dir
+ [f35a5e47c944]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
+ Auto-generate Makefile dependencies with a perl script.
+ [a3e4afcd7975]
+
+2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ If the user specifies a runas group via sudo's -g option that
+ matches the runas user's group in the passwd database and that group
+ is not denied in the Runas_Spec, allow it. Thus, if user root's gid
+ in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
+ no groups are present in the Runas_Spec.
+ [e3f9732dc564]
+
+2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Add dependencies on gettext.h
+ [a3a9dc51f78b]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Fix install-nls target with HP-UX sh when gettext is not present.
+ [0c6b9655cd41]
+
+2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
+ src/Makefile.in, src/po/sudo.pot:
+ regenerate .pot files for lbuf changes
+ [918ded125a0b]
+
+ * configure, configure.in:
+ Add missing "checking" message for gettext when using the cache.
+ [9c21187ad1d2]
+
+ * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
+ plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
+ src/parse_args.c:
+ Add primitive format string support to the lbuf code to make
+ translations simpler.
+ [ee71c7ef5299]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
+ Add message catalog template files for sudo and the sudoers module.
+ [f3f8acb1f014]
+
+ * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
+ config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
+ plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
+ src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
+ Add gettext.h convenience header. This is similar to but distinct
+ from the one included with the gettext package.
+ [930a0591f73c]
+
+2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add checks for nroff -c and -Tascii flags
+ [19ca990b3149]
+
+ * configure, configure.in:
+ Add check for HP bundled C Compiler (which cannot create shared
+ libs)
+ [517716a7072d]
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix C format warnings.
+ [6514326013fa]
+
+ * include/error.h:
+ Add __printflike
+ [e1749a30a406]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c, src/parse_args.c:
+ Translate help / usage strings.
+ [ee1cc9b1a8bd]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Set --msgid-bugs-address to the bugzilla url
+ [5a0aa250ca21]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
+ configure.in, doc/Makefile.in, include/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
+ Add scaffolding to update .po files and install .mo files.
+ [f05f4eed1fe1]
+
+ * doc/license.pod:
+ update copyright year
+ [fa0c62523875]
+
+ * INSTALL, README:
+ No need to include version number at the top of these files.
+ [9f2981325351]
+
+2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c:
+ Minor warning/error cleanup
+ [9236dc85aeab]
+
+ * config.h.in, configure.in:
+ Emulate ngettext for the non-nls case
+ [13571d63fa36]
+
+ * plugins/sudoers/ldap.c:
+ Do not mark untranslatable strings for translation
+ [735f5d4413fe]
+
+ * plugins/sudoers/check.c:
+ Use ROOT_UID not 0.
+ [09a268db8da4]
+
+ * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
+ src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
+ Minor warning/error message cleanup
+ [3c7b1a7939b5]
+
+ * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
+ src/exec_pty.c, src/net_ifs.c, src/selinux.c:
+ cannot -> "unable to" in warning/error messages
+ [31c3897649e9]
+
+ * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
+ src/sudo.c, src/utmp.c:
+ can't -> "unable to" in warning/error messages
+ [127b75f15291]
+
+ * configure, configure.in:
+ FreeBSD needs the main sudo executable to link with -lpam when
+ loading dynaic pam modules for some reason.
+ [944522cc9bef]
+
+2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
+ We don't want to translate debugging messages.
+ [56a1a365815a]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/sesh.c, src/sudo.c:
+ Add calls to bindtextdomain() and textdomain() Currently there are
+ two domains, one for the sudo front-end and one for the sudoers
+ plugin and its associated utilities.
+ [0426138f789e]
+
+ * configure, configure.in:
+ Fix caching of libc gettext check.
+ [942142d2c43a]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/mkdefaults:
+ Mark defaults descriptions for translation
+ [5b27f018e6cf]
+
+ * NEWS:
+ Update for sudo 1.8.1p2
+ [747c4dee2ca7]
+
+2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Quiet compiler warning when SELinux is enabled.
+ [1fbf77dda240]
+
+ * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
+ src/error.c, src/net_ifs.c, src/sesh.c:
+ Add missing includes of libintl.h.
+ [bc1d66316082]
+
+ * plugins/sudoers/auth/pam.c:
+ Fix gettext marker.
+ [a5cf4ed66c66]
+
+ * common/aix.c, common/alloc.c, compat/strsignal.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
+ Include libint.h where needed.
+ [2b0e5a663c7b]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
+ Prepare sudoers module messages for translation.
+ [7212ae1909c5]
+
+ * plugins/sudoers/sudoers.c:
+ Only check gid of sudoers file if it is group-readable.
+ [50e3bc0cb242]
+
+ * plugins/sudoers/auth/aix_auth.c:
+ For AIX, keep calling authenticate() until reenter reaches 0.
+ [e240815b74b1]
+
+2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Cache the status of the initial gettext() check.
+ [32751ebe1704]
+
+ * INSTALL, configure, configure.in:
+ Add --disable-nls flag and improve checks for gettext.
+ [c7e6b17052de]
+
+ * configure, configure.in:
+ When building with gcc on HP-UX, use -march=1.1 to produce portable
+ binaries on a pa-risc2 host. Previously, the +Dportable option was
+ used for the HP-UX C compiler but gcc always produced native
+ binaries.
+ [8f4c749324d7]
+
+2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
+ src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
+ src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
+ src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
+ Prepare sudo front end messages for translation.
+ [2fc2fabceccb]
+
+2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
+ Add initial scaffolding to support localization via gettext()
+ [7d47b59fcf95]
+
+ * compat/fnmatch.h, compat/glob.h:
+ Don't let the fnmatch/glob macros expand the function prototype.
+ [a9014aa0288e]
+
+2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
+ Resolve namespace collisions on HP-UX ia64 and possibly others by
+ adding a rpl_ prefix to our fnmatch and glob replacements and
+ #defining rpl_foo to foo in the header files.
+ [caa9b690a15d]
+
+2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Split ALL, ROLE and TYPE into their own actions. Since you can only
+ have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
+ the non-SELinux case. This is safe because the actions are in one
+ big switch() statement.
+ [7473fc2cfa2c]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
+ [9be3480c2865]
+
+2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/UPGRADE, doc/sudoers.pod:
+ askpass moved from sudoers to sudo.conf in sudo 1.8.0
+ [b2c2956cec4e]
+
+ * doc/sudoers.pod:
+ Remove obsolete warning about runas_default and ordering. Move
+ syslog facility and priority lists into the section where the
+ relevant options are described.
+ [e57b8dc3f779]
+
+2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sia.c:
+ Fix SIA support; we no longer have access to the real argc and argv
+ so allocate space for a fake one and use the argv passed to the
+ plugin with "sudo" for argv[0].
+ [1c0552772ad2]
+
+2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/net_ifs.c:
+ Remove useless realloc when trying to get the buffer size right.
+ [792225380a62]
+
+ * plugins/sudoers/set_perms.c:
+ Be explicit when setting euid to 0 before call to setreuid(0, 0)
+ [7bfeb629fccb]
+
+2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Need to do checks for krb5_verify_user, krb5_init_secure_context and
+ krb5_get_init_creds_opt_alloc regardless of whether or not
+ krb5-config is present.
+ [9d1b98ece1d3]
- * visudo.c: Print the proper file name when there is a parse error
- in an include file.
+2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Work around weird AIX saved uid semantics on setuid() and
+ setreuid(). On AIX, setuid() will only set the saved uid if the euid
+ is already 0.
+ [069fc08150ca]
+
+2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ update copyright year
+ [1c42d579ba6e]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Treat a missing includedir like an empty one and do not return an
+ error.
+ [92f71d8cbfd4]
+
+2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Fix ARCH setting in cross-compile Solaris packages.
+ [b0de281cc889]
+
+ * sudo.pp:
+ Fix aix version setting.
+ [98437dbfb085]
+
+ * plugins/sudoers/ldap.c:
+ Remove extraneous parens in LDAP filter when sudoers_search_filter
+ is enabled that causes a search error. From Matthew Thomas.
+ [1d75bf1fc8d9]
+
+2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
+ Correct sizeof() to fix test failure.
+ [fd2f7c0c0572]
+
+ * plugins/sudoers/Makefile.in:
+ "install" target should depend on "install-dirs". Fixes "make -j"
+ problem and closes bz #487. From Chris Coleman.
+ [083902d38edb]
+
+2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ Add HAVE_RFC1938_SKEYCHALLENGE
+ [a94cb33758a8]
+
+2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention plugin loading and libgcc changes
+ [e11b30b5026a]
+
+ * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
+ Load plugins after parsing arguments and potentially printing the
+ version. That way, an error loading or initializing a plugin
+ doesn't break "sudo -h" or "sudo -V".
+ [1b76f2b096a2]
+
+ * Makefile.in:
+ When using a sub-shell to invoke the sub-make, exec make instead of
+ running it inside the shell to avoid an extra process.
+ [fd2c04a71fbf]
+
+ * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
+ Stop testing unspecified behavior in fnmatch Make glob test more
+ portable
+ [229803093725]
+
+ * compat/Makefile.in:
+ No need to add current dir to include path and having it breaks the
+ test programs that expect to get the system glob.h and fnmatch.h
+ [68085f624be4]
+
+ * INSTALL, configure, configure.in:
+ Fix and document --with-plugindir; partially from Diego Elio Petteno
+ [07edc52ea89e]
+
+ * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
+ compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
+ compat/regress/glob/globtest.in:
+ Fix fnmatch and glob tests to not use hard-coded flag values in the
+ input file. Link test programs with libreplace so we get our
+ replacement verions as needed.
+ [c2cca448f660]
+
+ * Makefile.in:
+ If make in a subdir fails, fail the target in the upper level
+ Makefile too. Adapted from a patch from Diego Elio Petteno
+ [76fc9a0d96fd]
+
+ * configure, configure.in, plugins/sudoers/auth/rfc1938.c:
+ Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
+ has this. Adapted from a patch from Diego Elio Petteno
+ [a97279a59b93]
+
+ * plugins/sudoers/Makefile.in:
+ Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
+ directly.
+ [47b884029b3b]
+
+ * configure, configure.in:
+ Fix warnings when -without-skey, --without-opie, --without-kerb4,
+ --without-kerb5 or --without-SecurID were specified.
+ [71ad150f4d24]
+
+ * MANIFEST:
+ Add plugins/sudoers/sudoers_version.h
+ [7423966de440]
+
+ * configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
+ Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
+ now include LDFLAGS in the sudoers Makefile.in. Add missing settng
+ of @LDFLAGS@ in plugin Makefile.in files.
+ [b835826f889c]
+
+2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention %#gid support in User_List and Runas_List
+ [5a983dff017a]
+
+ * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
+ plugins/sudoers/visudo.c:
+ Keep track of sudoers grammar version and report it in the -V
+ output.
+ [52901a3c0296]
+
+ * plugins/sudoers/sudo_nss.h:
+ Add multiple inclusion guard
+ [50853aed046e]
+
+ * configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
+ The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
+ LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
+ set it to -Wc,-static-libgcc if not using GNU ld so we don't
+ have a dependency on the shared libgcc in sudoers.so.
+ [66ad8bc5e32d]
+
+ * doc/sudoers.pod:
+ Fix typo; from Petr Uzel
+ [f9a7afd80892]
+
+2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/testsudoers.c:
+ In dump-only mode, use "root" as the default username instead of
+ "nobody" as the latter may not be available on all systems.
+ [0c48e6414337]
+
+2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/testsudoers.c:
+ Remove NewArgv/NewArgc, they are no longer needed.
+ [16e18f734c7e]
+
+ * plugins/sudoers/testsudoers.c:
+ Fix setting of user_args
+ [aa29e0d0a54a]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add '!' token to lex tracing
+ [5227ad266235]
+
+ * plugins/sudoers/regress/testsudoers/test1.sh:
+ Use group bin in test, not wheel as most systems have the bin group
+ but the same is no longer true of wheel.
+ [718802b3b45e]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Avoid using pre or post increment in a parameter to a ctype(3)
+ function as it might be a macro that causes the increment to happen
+ more than once.
+ [78e281152c3a]
+
+2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Strip off the beta or release candidate version when building AIX
+ packages.
+ [28fe31668559]
+
+ * configure, configure.in:
+ We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
+ structure checks for glibc which only has __e_termination visible
+ when _GNU_SOURCE is *not* defined.
+ [59ae1698911f]
+
+ * common/aix.c:
+ getuserattr(user, ...) will fall back to the "default" entry
+ automatically, there's no need to check "default" manually.
+ [3c7a47a61fdb]
+
+2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/UPGRADE:
+ Document parser changes.
+ [ec415503308d]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ If there is an existing sudoers file, only install if it passes a
+ syntax check.
+ [37427c73e8cb]
+
+ * plugins/sudoers/regress/sudoers/test6.out.ok,
+ plugins/sudoers/testsudoers.c:
+ Add runasgroup support to testsudoers
+ [047ea5571f33]
+
+ * plugins/sudoers/Makefile.in:
+ For "make check", keep going even if a test fails.
+ [ce6a0a73c372]
+
+ * plugins/sudoers/testsudoers.c:
+ More useful exit codes:
+ * 0 - parsed OK and command matched.
+ * 1 - parse error
+ * 2 - command not matched
+ * 3 - command denied
+ [1d2ce1361903]
+
+ * doc/sudoers.pod:
+ Document %#gid, and %:#nonunix_gid syntax.
+ [492d4f9696c4]
+
+ * plugins/sudoers/pwutil.c:
+ Add support to user_in_group() for treating group names that begin
+ with a '#' as gids.
+ [20240c94a134]
+
+ * config.h.in, configure, configure.in, src/utmp.c:
+ Add explicit check for struct utmpx.ut_exit.e_termination and struct
+ utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
+ ut_exit if we detect one or the other.
+ [b4e8cab777e6]
+
+2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c:
+ Add back missing #include of config.h
+ [9ab3897a1b2e]
+
+ * plugins/sudoers/iolog_path.c,
+ plugins/sudoers/regress/iolog_path/data:
+ Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
+ strftime() does.
+ [93395762cdcd]
+
+ * aclocal.m4:
+ Quote first argument to AC_DEFUN(); from Elan Ruusamae
+ [97f53ad31d77]
+
+2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ add new sudoers tests
+ [476af91b3da3]
+
+ * plugins/sudoers/regress/sudoers/test8.in,
+ plugins/sudoers/regress/sudoers/test8.out.ok,
+ plugins/sudoers/regress/sudoers/test8.toke.ok:
+ Add test for a newline in the middle of a string when no line
+ continuation character is used.
+ [de2394bc86ab]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Use bitwise AND instead of modulus to check for length being odd. A
+ newline in the middle of a string is an error unless a line
+ continuation character is used.
+ [bdb1d762a1d5]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Move lexer globals initialization into init_lexer.
+ [1ce62211aadb]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix a potential crash when a non-regular file is present in an
+ includedir. Fixes bz #452
+ [1586760c3525]
+
+ * pp:
+ On some Linux systems, "uname -p" contains detailed processor info
+ so check "uname -m" first and then "uname -p" if needed. Recognize
+ PLD Linux.
+ [b8535cb9012e]
+
+2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/redblack.c:
+ Don't need all sudoers.h here.
+ [8c0929f42dab]
+
+ * src/sudo.c:
+ Print sudo version early, in case policy plugin init fails.
+ [47cddc4358bc]
+
+2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/sudoers/test4.toke.ok:
+ Update to match change in input.
+ [4a3af8e68790]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Make an empty group or netgroup a syntax error.
+ [66f51ddc2ff6]
+
+ * plugins/sudoers/regress/sudoers/test7.in,
+ plugins/sudoers/regress/sudoers/test7.out.ok,
+ plugins/sudoers/regress/sudoers/test7.toke.ok:
+ An empty group or netgroup should be a syntax error.
+ [bd5bf1e2edce]
+
+ * plugins/sudoers/regress/sudoers/test6.in,
+ plugins/sudoers/regress/sudoers/test6.out.ok,
+ plugins/sudoers/regress/sudoers/test6.toke.ok:
+ Check that uids work in per-user and per-runas Defaults Check that
+ uids and gids work in a Command_Spec
+ [c5e848e6082b]
+
+ * plugins/sudoers/regress/sudoers/test5.in,
+ plugins/sudoers/regress/sudoers/test5.out.ok,
+ plugins/sudoers/regress/sudoers/test5.toke.ok:
+ Test empty string in User_Alias and Command_Spec
+ [3a084d777e03]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Allow a group ID in the User_Spec.
+ [bc2859eb71dc]
+
+2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Return an error for the empty string when a word is expected. Allow
+ an ID for per-user or per-runas Defaults.
+ [915c259b00ff]
+
+ * plugins/sudoers/testsudoers.c:
+ Fix printing "User_Alias FOO = ALL"
+ [ba58c3d548b3]
+
+2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/parse_args.c:
+ Better error message about invalid -C argument
+ [c9a8d15bbf5d]
+
+ * NEWS:
+ fix typo
+ [cdcfbafed013]
+
+ * doc/sudoers.pod:
+ Fix placement of equal size ('=') in user specification summary.
+ [5ad7178b230d]
+
+2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ update to match sudoers regress
+ [e04db0648717]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Restore ability to define TRACELEXER and have trace output go to
+ stderr.
+ [d9531e4d1b20]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Restore old behavior of setting sawspace = TRUE for command line
+ args when a line continuation character is hit to avoid causing
+ problems for existing sudoers files.
+ [fd930ad25550]
+
+ * plugins/sudoers/regress/sudoers/test4.in,
+ plugins/sudoers/regress/sudoers/test4.out.ok,
+ plugins/sudoers/regress/sudoers/test4.toke.ok:
+ Add test for line continuation and aliases
+ [29ab538ca6bb]
+
+ * plugins/sudoers/Makefile.in:
+ Make test output line up nicely for parse vs. toke
+ [257ef82c1434]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/sudoers/test1.in,
+ plugins/sudoers/regress/sudoers/test1.out.ok,
+ plugins/sudoers/regress/sudoers/test1.toke.ok,
+ plugins/sudoers/regress/sudoers/test2.in,
+ plugins/sudoers/regress/sudoers/test2.out.ok,
+ plugins/sudoers/regress/sudoers/test2.toke.ok,
+ plugins/sudoers/regress/sudoers/test3.in,
+ plugins/sudoers/regress/sudoers/test3.out.ok,
+ plugins/sudoers/regress/sudoers/test3.toke.ok,
+ plugins/sudoers/regress/testsudoers/test1.ok,
+ plugins/sudoers/regress/testsudoers/test1.out.ok,
+ plugins/sudoers/regress/testsudoers/test1.sh,
+ plugins/sudoers/regress/testsudoers/test2.out,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.ok,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/visudo/test1.ok,
+ plugins/sudoers/regress/visudo/test1.sh:
+ Move parser tests to sudoers directory and test the tokenizer output
+ too.
+ [44f529b3cdb6]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ If we match a rule anchored to the beginning of a line after parsing
+ a line continuation character, return an ERROR token. It would be
+ nicer to use REJECT instead but that substantially slows down the
+ lexer.
+ [355478293f8c]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Move LEXTRACE macro to toke.h so we can use it in yyerror().
+ [72ee7a06d3ca]
+
+2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Make lex tracing settable at run-time in testsudoers via the -t
+ flag. Trace output goes to stderr. Will be used by regress tests
+ to check lexer.
+ [93bd53c413c8]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Allow whitespace after the modifier in a Defaults entry. E.g.
+ "Defaults: username set_home"
+ [9dfcf8dd8a3a]
+
+2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Don't set CC when cross-compiling.
+ [4b95b0c04e1c]
+
+ * NEWS:
+ Credit Matthew Thomas for the sudoers_search_filter changes.
+ [a65998ab09f7]
+
+ * MANIFEST:
+ Add the .sym files to the MANIFEST
+ [f599225cc861]
+
+ * NEWS:
+ Update for sudo 1.8.1 beta
+ [71021e854c49]
+
+ * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
+ user_shell -> run_shell to avoid confusion with the user's SHELL
+ variable.
+ [dc0ac6dafc21]
+
+ * src/exec_pty.c:
+ Save the controlling tty process group before suspending in pty
+ mode. Previously, we assumed that the child pgrp == child pid
+ (which is usually, but not always, the case).
+ [10b2883b7875]
+
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add support for sudoers_search_filter setting in ldap.conf. This
+ can be used to restrict the set of records returned by the LDAP
+ query.
+ [b0f1b721d102]
+
+2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Remove the hack to disable -g in CFLAGS unless --with-devel
+ [89822cf84ef4]
+
+ * doc/sudoers.pod:
+ The '@' character does not normally need to be quoted.
+ [7823f5ed829a]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
+ if that whitespace is followed by a comma, we want to treat it as
+ part of a list and not transition.
+ [1ca6943e1824]
+
+ * plugins/sudoers/regress/testsudoers/test3.ok,
+ plugins/sudoers/regress/testsudoers/test3.sh:
+ Add check for whitespace when a User_List is used for a per-user
+ Defaults entry.
+ [91f75e6dd19a]
+
+ * plugins/sudoers/regress/testsudoers/test2.out,
+ plugins/sudoers/regress/testsudoers/test2.sh:
+ Expand quoted name checks to cover recent fixes.
+ [ce4f76bca146]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix parsing of double-quoted names in Defaultd and Aliases which was
+ broken in 601d97ea8792.
+ [424b0d6c1dc4]
+
+ * plugins/sudoers/Makefile.in:
+ toke_util.c lives in $(srcdir) not $(devdir)
+ [94866bebee83]
+
+2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Change trunk version to 1.8.x to distinguish from real 1.8.0.
+ [a9781e61d064]
+
+ * NEWS, doc/UPGRADE:
+ Document major changes in 1.8.1 and add upgrade notes.
+ [f2cf51b0d9ce]
+
+ * plugins/sudoers/match.c:
+ Be careful not to deref user_stat if it is NULL. This cannot
+ currently happen in sudo but might in other programs using the
+ parser.
+ [06a2334dd674]
+
+ * mkpkg:
+ configure will not add -O2 to CFLAGS if it is already defined to add
+ -O2 to the CFLAGS we pass in when PIE is being used.
+ [1ce6481ece59]
+
+ * doc/sudoers.pod:
+ Warn about the dangers of log_input and mention iolog_file and
+ iolog_dir in the log_input and log_output descriptions.
+ [ae854ffb0768]
+
+ * pp:
+ sync with git version
+ [a993e39ce3cb]
+
+ * doc/sudoers.pod:
+ It seems that h comes after i
+ [0f621109220d]
+
+ * doc/sudoers.pod:
+ Move log_input and log_output to their proper, sorted, location.
+ Document set_utmp and utmp_runas.
+ [273b234b9c34]
+
+ * src/exec.c:
+ Save the controlling tty process group before suspending so we can
+ restore it when we resume. Fixes job control problems on Linux
+ caused by the previous attemp to fix resuming a shell when I/O
+ logging not enabled.
+ [f03a660315ee]
+
+ * common/lbuf.c:
+ Fix printing of the remainder after a newline. Fixes "sudo -l"
+ output corruption that could occur in some cases.
+ [25d83fb501fc]
+
+2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, src/exec_pty.c,
+ src/sudo_exec.h, src/utmp.c:
+ Add support for ut_exit
+ [b574c13f1bba]
+
+ * doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
+ src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
+ Add support for controlling whether utmp is updated and which user
+ is listed in the entry.
+ [44a81632133f]
+
+ * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
+ plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
+ plugins/sudoers/parse.c:
+ Fix typo; tupple vs. tuple
+ [697744acb710]
+
+ * src/utmp.c:
+ For legacy utmp, strip the /dev/ prefix before trying to determine
+ slot since the ttys file does not include the /dev/ prefix.
+ [7ad5b81ff90c]
+
+ * aclocal.m4, configure, configure.in, pathnames.h.in:
+ Add check for _PATH_UTMP
+ [21e638029bfd]
+
+2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
+ Adapt check_iolog_path to sessid changes
+ [728b5fe2be6f]
+
+ * config.h.in, configure, configure.in, src/Makefile.in,
+ src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
+ Redo utmp handling. If no getutent()/getutxent() is available,
+ assume a ttyslot-based utmp. If getttyent() is available, use that
+ directly instead of ttyslot() so we don't have to do the stdin dup2
+ dance.
+ [18aa455cd140]
+
+2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
+ src/utmp.c:
+ Move utmp handling into utmp.c
+ [f6eae6c8e012]
+
+ * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
+ common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
+ compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
+ compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
+ compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
+ include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/logging.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
+ src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
+ src/sudo_plugin_int.h, src/tgetpass.c:
+ Update copyright years.
+ [16aa39f9060a]
+
+ * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/parse_args.c:
+ Add "user_shell" boolean as a way to indicate to the plugin that the
+ -s flag was given.
+ [fb1ef0897b32]
+
+ * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.h:
+ Move sessid out of sudo_user.
+ [ba298ddb57f4]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Log the TSID even if it is not a simple session ID.
+ [d7cc1b9c513c]
+
+ * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
+ Document noexec in sample.sudo.conf and add back noexec_file section
+ in sudoers with a note that it is deprecated.
+ [4a6e961e494d]
+
+ * plugins/sudoers/set_perms.c:
+ Fix running commands as non-root on systems where setreuid() changes
+ the saved uid based on the effective uid we are changing to.
+ [df0769b71b34]
+
+2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
+ src/sudo.h:
+ Move noexec path into sudo.conf now that sudo itself handles noexec.
+ Currently can be configured in sudoers too but is now undocumented
+ and will be removed in a future release.
+ [6fa8befdc110]
+
+ * doc/sudo.pod, doc/sudoers.pod:
+ Document "Path noexec ..." in sudo.conf. No longer document
+ noexec_file in sudoers, it will be removed in a future release.
+ [24eee3a0b3e5]
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
+ Move noexec handling to sudo front-end where it is documented as
+ being.
+ [3ed4f10d7052]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
+ src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
+ src/sudo_exec.h:
+ Add support for disabling exec via solaris privileges. Includes
+ preparation for moving noexec support out of sudoers and into front
+ end as documented.
+ [dec843ed553e]
+
+ * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
+ plugins/sample_group/Makefile.in,
+ plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
+ plugins/sudoers/sudoers.sym:
+ Only export the symbols corresponding to the plugin structs.
+ [8d8d03b0ca54]
+
+ * configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
+ Install plugins manually instead of using libtool. This works
+ around a problem on AIX where libtool will install a .a file
+ containing the .so file instead of the .so file itself.
+ [796971cfbddb]
+
+ * Makefile.in:
+ Move check into its own rule since some versions of make will run
+ both targets as the default rule.
+ [34d759979176]
+
+ * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
+ m4/ltversion.m4, m4/lt~obsolete.m4:
+ Update to libtool 2.2.10
+ [34c130de6af7]
+
+2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ In handle_signals(), restart the read() on EINTR to make sure we
+ keep up with the signal pipe. Don't return -1 on EAGAIN, it just
+ means we have emptied the pipe.
+ [d5b9c8eb9000]
+
+ * compat/mktemp.c:
+ Reorder functions to quiet a compiler warning.
+ [c9e9a23729f0]
+
+ * mkpkg:
+ Use the Sun Studio C compiler on Solaris if possible
+ [11a86e27891e]
+
+2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Fix default setting of osversion variable.
+ [52e49ca1cedd]
+
+ * doc/sudo_plugin.pod:
+ Make two login_class entris consistent.
+ [18ff1fa94a91]
+
+ * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
+ src/sudo_exec.h:
+ Add support for adding a utmp entry when allocating a new pty.
+ Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
+ Currently only creates a new entry if the existing tty has a utmp
+ entry.
+ [32db72b81d80]
+
+ * plugins/sudoers/boottime.c:
+ Avoid pulling in headers we don't need on Linux For getutx?id(),
+ call setutx?ent() first and always call endutx?ent().
+ [5dad21e1ee1b]
+
+ * configure, configure.in:
+ Add some more libs to SUDOERS_LIBS instead of relying on them to be
+ pulled in by SUDO_LIBS.
+ [18a7c21c09a7]
+
+ * plugins/sudoers/sudoers.c:
+ Fix return value of "sudo -l command" when command is not allowed,
+ broken in [c7097ea22111]. The default return value is now TRUE and
+ a bad: label is used when permission is denied. Also fixed missing
+ permissions restoration on certain errors. On error()/errorx(), the
+ password and group files are now closed before returning.
+ [4f2d0e869ae5]
+
+2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
+ Fix passing of login class back to sudo front end.
+ [6f70a784ce48]
+
+ * mkpkg:
+ Add --osversion flag to specify OS instead of running "pp
+ --probeonly"
+ [a8efdccb7bc1]
+
+ * sudo.pp:
+ Fix expr usage w/ GNU expr
+ [48895599ee63]
+
+2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Fix exit value for validate and list mode.
+ [c7097ea22111]
+
+ * plugins/sudoers/sudoers.c:
+ Fix non-interactive mode with sudoers plugin.
+ [172f29597bd2]
+
+2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoreplay.pod:
+ sudoreplay can now find IDs other than %{seq} and display the
+ session.
+ [fc3dd3be67e9]
+
+2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ Add support for replaying sessions when iolog_file is set to
+ something other than %{seq}.
+ [ca3131243874]
+
+ * plugins/sudoers/visudo.c:
+ If we are killed by a signal, display the name of the signal that
+ got us.
+ [994bb76a990e]
+
+ * configure, configure.in:
+ Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
+ where they belong.
+ [40f94b936fa4]
+
+ * configure.in:
+ Fix bug in skey/opie check that could cause a shell warning.
+ [83c043072be5]
+
+ * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ No longer need sudo_getepw() stubs.
+ [bbee15c36912]
+
+2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudo_nss.c:
+ Fix exit value of "sudo -l command" in sudoers module.
+ [a6541867521b]
+
+2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/regress/glob/globtest.c:
+ Use fgets() not fgetln() for portability.
+ [df1bb67fb168]
+
+ * sudo.pp:
+ Don't use the beta or release candidate version as the rpm release.
+ [d661ef78021a]
+
+2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ version 1.8.0
+ [f6530d56f6ae] [SUDO_1_8_0]
+
+ * NEWS:
+ update sudo 1.8 section
+ [f2ee2cf95d18]
+
+2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/testsudoers/test2.sh:
+ fix test description
+ [cd5730fa9f09]
+
+ * plugins/sudoers/regress/testsudoers/test2.out,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/visudo/test2.out,
+ plugins/sudoers/regress/visudo/test2.sh:
+ convert test2 to use testsudoers
+ [b5ec3f0b69f1]
+
+ * include/sudo_plugin.h, src/sudo_plugin_int.h:
+ Move struct generic_plugin to sudo_plugin_int.h
+ [6f7bc629329c]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Allow sudoers file name, mode, uid and gid to be specified in the
+ settings list. The sudo front end does not currently set these but
+ may in the future.
+ [22f38a0fda2a]
+
+2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in:
+ 1.8.0rc1
+ [5d4588b9c057]
+
+ * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
+ src/parse_args.c, src/sudo.h:
+ add help text to sudo, visudo and sudoreplay for the -h option
+ [52e7378d8476]
+
+2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/snprintf.c:
+ avoid using "howmany" for a parameter name since it is a select-
+ related macro
+ [a14d565401a1]
+
+ * doc/sudoers.pod:
+ mention group_plugin when describing nonunix_group
+ [e0d1d0034b17]
+
+ * doc/sudo_plugin.pod:
+ Add missing period at end of sentence
+ [6744d7e9056d]
+
+ * Makefile.in, doc/Makefile.in, include/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ add localstatedir; closes bug 471
+ [7aefcab85088]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
+ src/exec.c, src/exec_pty.c:
+ The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
+ Bug 470
+ [927ed6740f32]
-2009-04-11 07:45 millert
+ * configure.in:
+ add missing AH_TEMPLATE for ENV_RESET
+ [16300010c986]
- * WHATSNEW: Sync
+ * src/exec.c:
+ SVR5 systems return non-zero for success on socketpair(), check for
+ -1 instead. Closes Bug 469
+ [4d276494bf8e]
-2009-04-10 16:59 millert
+2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Fix a warning when --without-ldap is
- specified.
+ * configure, configure.in:
+ 1.8.0b5
+ [d611cd5d73d3]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ regen
+ [85e96eeaed82]
+
+ * doc/sudo.pod:
+ Document that a sudo.conf file with no Pligin lines uses the default
+ sudoers plugins.
+ [88bd52da977f]
+
+ * src/load_plugins.c:
+ If sudo.conf contains no Plugin lines, use the default sudoers
+ policy and I/O plugins.
+ [fd8f4cb811ab]
+
+2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudo_nss.c:
+ Avoid printing empty "Runas and Command-specific defaults for user"
+ line.
+ [2dd330fe4f8b]
+
+ * common/lbuf.c:
+ Truncate the buffer at buf.len before printing in the non-wordwrap
+ case.
+ [901e9833f80d]
+
+ * common/lbuf.c:
+ Remove extra newline when the tty width is very small or unavailable
+ [245c05506c0e]
+
+2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/alias.c:
+ Remove unneeded variable.
+ [2c086d30b796]
+
+2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Prefer getutxid over getutid
+ [3f3322e9c93e]
+
+ * plugins/sudoers/boottime.c:
+ Include utmp.h / utmpx.h before missing.h as apparently including it
+ afterwards causes a compilation problem on GNU Hurd.
+ [a528029ae962]
+
+2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-04-05 12:25 millert
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
+ #include "foo.h", not <foo.h> for local includes.
+ [f65ec693998e]
- * alias.c, parse.h, visudo.c: Store aliases that we remove during
- check_aliases in a freelist and free them at the end so we don't
- leak memory.
+ * src/parse_args.c:
+ remove bogus XXX
+ [9136c17d53ce]
-2009-03-28 09:30 millert
+ * compat/mksiglist.c:
+ Fix typo
+ [1a3bb7b455c9]
- * visudo.c: Check aliases in -c mode too.
+ * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match.c:
+ return foo not return(foo)
+ [5c9e0647359a]
-2009-03-28 09:09 millert
+2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Remove duplicate FD_SET of signal_pipe[0]
+ [3096527d2215]
+
+2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * alias.c, parse.h, visudo.c: Make alias_remove return the alias
- struct instead of freeing it directly. Fixes a use after free in
- alias_remove_recursive, the only consumer.
+ * compat/mksiglist.c:
+ Use "missing.h" not <missing.h> in generated code.
+ [d8e09cffbe09]
-2009-03-28 09:07 millert
+2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * alias.c, match.c, parse.c, parse.h, visudo.c: Rename find_alias
- -> alias_find for consistency.
+ * aclocal.m4, configure:
+ fix --with-iologdir=no
+ [a89699cb5f5f]
-2009-03-27 19:29 millert
+ * aclocal.m4, configure:
+ fix typo that broke --with-iologdir
+ [91b54eb22403]
- * visudo.c: When checking for unused aliases, recurse if the alias
- points to another alias.
+2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-03-16 12:11 millert
+ * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in:
+ Bump version to 1.8.0b4
+ [e2b7f2cdc02e]
- * ldap.c: Back out rev 1.105 for now. Real ldapux_client.conf
- support will be done later after some refactoring.
+ * NEWS:
+ sync
+ [decf5a0a8a33]
-2009-03-14 12:02 millert
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Attempt to clarify how users and groups interact in Runas_Specs
+ [e6fb3a2dbd77]
- * ldap.c: Treat ldap_hostport the same as "host" for ldapux.
+ * plugins/sudoers/regress/visudo/test2.out,
+ plugins/sudoers/regress/visudo/test2.sh:
+ Add test for quoted group that contains escaped double quotes
+ [44596c48c629]
-2009-03-13 21:04 millert
+ * src/exec.c, src/exec_pty.c:
+ Pass SIGUSR1/SIGUSR2 through to the child.
+ [c3108a827b01]
- * configure, configure.in: Only check for
- ldap_sasl_interactive_bind_s if we can find sasl.h. Fixes
- compilation with ldapux.
+ * src/exec_pty.c, src/sudo_exec.h:
+ Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
+ SIGUSR2 to indicate whether the child should be continued in the
+ foreground or background.
+ [35ca47cc6785]
-2009-03-11 20:03 millert
+ * src/exec.c:
+ Use pid_t not int and check the return value of kill()
+ [36ae7d37d7f9]
- * fileops.c: fix char subscript
+2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-03-11 19:19 millert
+ * src/exec_pty.c:
+ Remove obsolete comment
+ [baebef4919f6]
- * Makefile.in: remove errant carriage returns
+ * src/exec.c:
+ In non-pty mode before continuing the child, make it the foreground
+ pgrp if possible. Fixes resuming a shell.
+ [fef5b1d02ddb]
-2009-03-11 19:01 millert
+ * src/exec_pty.c:
+ If we get a signal other than SIGCHLD in the monitor, pass it
+ directly to the child.
+ [b3ecb28163a0]
+
+ * src/exec.c, src/exec_pty.c, src/sudo.h:
+ Save signal state before changing handlers and restore before we
+ execute the command.
+ [faf7475dc4bf]
+
+2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Use a char array to map a number to a base36 digit.
+ [257576c51f8b]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
+ Be clear about what versions of sudo support new LDAP attributes.
+ Fix up some formatting of attribute names. Minor other tweaks.
+ [39f65df71f65]
+
+2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ match quoted strings the same way whether in a Defaults line or as a
+ user/group/netgroup name. Fixes escaped double quotes in quoted
+ user/group/netgroup names.
+ [601d97ea8792]
+
+ * plugins/sudoers/Makefile.in:
+ 'make check' depends on visudo and testsudoers
+ [127c5a24df8f]
+
+ * plugins/sudoers/sudoers2ldif:
+ Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
+ [9029163a58c3]
+
+2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/UPGRADE:
+ Mention LDAP attribute compatibility status.
+ [2c3595aaec63]
+
+2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ Mention phpQLAdmin
+ [9304c9064fbe]
+
+ * INSTALL, NEWS, config.h.in, configure, configure.in,
+ doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
+ Add --disable-env-reset configure option.
+ [8a753aa13a46]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Document that sudoers_locale also affects logging and email.
+ [998d6ac11277]
+
+ * NEWS, config.h.in, configure, configure.in,
+ plugins/sudoers/logging.c:
+ Do logging and email sending in the locale specified by the
+ "sudoers_locale" setting ("C" by default). Email send by sudo
+ includes MIME headers when the sudoers locale is not "C".
+ [cb7e55408400]
+
+2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Fix indentation
+ [65ae7e92b9e4]
+
+2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, src/parse_args.c, src/sudo.c:
+ Perform command escaping for "sudo -s" and "sudo -i" after
+ validating sudoers so the sudoers entries don't need to have all the
+ backslashes.
+ [4e168c103f4b]
+
+2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ Prepend "list " to the command logged when "sudo -l command" is used
+ to make it clear that the command was listed, not run.
+ [f392a6056cd6]
+
+ * plugins/sudoers/parse.c:
+ cosmetic change
+ [7c0951dbc2dd]
+
+ * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
+ common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
+ compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
+ compat/nanosleep.c, compat/regress/glob/globtest.c,
+ compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
+ compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
+ plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
+ plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
+ src/sudo_noexec.c, src/tgetpass.c:
+ standardize on "return foo;" rather than "return(foo);" or "return
+ (foo);"
+ [32d76c5aaf8c]
+
+ * plugins/sudoers/sudoers.c:
+ Do not reject sudoers file just because it is root-writable.
+ [0febc579185b]
+
+2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ sync
+ [1ab03f8278ff]
+
+ * plugins/sudoers/sudo_nss.c:
+ For "sudo -U user -l" if user is not authorized on the host, say so.
+ [289afe6dd15c]
+
+ * plugins/sudoers/ldap.c:
+ In sudo_ldap_lookup(), always do the initial sudoers check as the
+ invoking user. If we are listing another user's privs we will do a
+ separate lookup using list_pw later.
+ [e52bc15de76d]
+
+2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ add parser fill tests
+ [4f65140d3515]
+
+ * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
+ Don't test features not supported by the bundled glob()
+ [8ec7ace11949]
+
+ * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
+ compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
+ doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/match.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
+ Update copyright year to 2011
+ [ac1b45cb1809]
+
+ * plugins/sudoers/sudo_nss.c:
+ When listing, use separate lbufs for the defaults and the privileges
+ and only print something if the number of privileges is non-zero.
+ Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
+ [d0854d39f8ef]
+
+ * plugins/sudoers/ldap.c:
+ Stash pointer to user group vector in LDAP handle and only reuse the
+ query if it has not changed. We always allocate a new buffer when
+ we reset the group vector so a simple pointer check is sufficient.
+ [88861d4eba69]
+
+ * plugins/sudoers/sudo_nss.c:
+ Check initgroups() return value.
+ [3bdaf58408a7]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Add tests for the fill functions in toke_util.c
+ [bca587ab4956]
+
+2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
+ fix copyright year
+ [e2038cdaf055]
+
+ * NEWS:
+ sync
+ [56ca5d5eaebe]
+
+2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/term.c:
+ Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
+ [b91f266624ec]
+
+2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, sudo.pp:
+ Add Requires line for audit-libs >= 1.4 for RHEL5+
+ [6c02f976171b]
+
+ * pp:
+ sync with git version
+ [d301c32d5865]
+
+2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ fix typo
+ [39353f92976f]
+
+2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for sudo 1.7.4p5
+ [b444da76901f]
+
+ * doc/schema.OpenLDAP, doc/schema.iPlanet:
+ Add sudoNotBefore and sudoNotAfter attributes as optional attributes
+ to the sudoRole object class. From Andreas Mueller
+ [dacfad7e7a95]
+
+2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention "sudo -g group" password check fix.
+ [1eb8fb14e53b]
+
+ * plugins/sudoers/sudoers.c:
+ Fix "sudo -g" support in the sudoers module.
+ [07d1b0ce530e]
+
+ * plugins/sudoers/check.c:
+ If the user is running sudo as himself but as a different group we
+ need to prompt for a password.
+ [caf1fcc9a117]
+
+2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
+ plugins/sudoers/ldap.c:
+ Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
+ LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
+ derived LDAP SDKs but we can pass the timeout parameter to
+ ldap_search_ext_s() or ldap_search_st() when possible.
+ [5537049991f7]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
+ regen
+ [5b361c3c4324]
+
+ * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
+ with OpenLDAP ldap.conf files.
+ [e97843bd16fb]
+
+ * plugins/sudoers/pwutil.c:
+ If user has no supplementary groups, fall back on checking the group
+ file expliticly.
+ [5223ad4eb690]
+
+2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
+ constify
+ [6e132a4cca61]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Move fill macro to toke.h
+ [623d430798cf]
- * audit.c, env.c: fix K&R compilation
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.h, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c:
+ Split tokenizer utility functions out into toke_util.c
+ [89a97bd51618]
-2009-03-11 12:12 millert
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ ANSIfy
+ [ca0eba1dfaa9]
+
+2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ sync
+ [a43f94064bb3]
+
+ * plugins/sudoers/Makefile.in:
+ Add visudo tests to check target
+ [8c82fb4ed40f]
+
+ * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
+ compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
+ compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
+ Add my regress tests for fnmatch() and glob() from OpenBSD.
+ [6e8c1f211723]
+
+ * plugins/sudoers/regress/testsudoers/test1.sh,
+ plugins/sudoers/regress/visudo/test1.ok,
+ plugins/sudoers/regress/visudo/test1.sh:
+ Add regress test for command tags using visudo -c
+ [18b0ef207c0f]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/testsudoers/test1.ok,
+ plugins/sudoers/regress/testsudoers/test1.sh:
+ Add support for regress tests using testsudoers
+ [1fa94bd2671b]
+
+ * plugins/sudoers/testsudoers.c:
+ Need to set user_name explicitly due to internal changes made when
+ converting sudoers to a plugin.
+ [1fa54e86a364]
+
+2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
+ zlib/Makefile.in:
+ Add regression tests for iolog_path()
+ [afa4b416e559]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Add support for "make Makefile" to regenerate Makefile from
+ Makefile.in
+ [98bd2dda3294]
+
+ * plugins/sudoers/iolog_path.c:
+ Quiest a bogus compiler warning.
+ [5ff932a7ad67]
+
+2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c:
+ Protect call to setlocale() with HAVE_SETLOCALE
+ [2c29ee3ccc81]
+
+2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ mkstemps.c was renamed mktemp.c
+ [ae299c3b1827]
+
+ * NEWS:
+ Update from 1.7 branch
+ [20817d79717b]
+
+ * Makefile.in:
+ Use "mv -f" when regenerating ChangeLog
+ [c163635206c6]
+
+ * plugins/sudoers/match.c:
+ Fix NULL dereference with "sudo -g group" when the sudoers rule has
+ no runas user or group listed. Fixes RedHat bug Bug 667103.
+ [41a6a1243d9e]
+
+2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Correct the default sudo.conf example
+ [4e791698cad1]
+
+2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c:
+ Reset slashp if we allocate a new buffer for strftime()
+ [e491daa4203b]
+
+ * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add extra out parameter to expand_iolog_path() to allow the caller
+ to split the path into dir and file components if needed.
+ [88346bc5ae39]
+
+2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ mkdir_iopath() returns size_t now that it uses strlcpy() and not
+ snprintf()
+ [3c4c64d265eb]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
+ Trim leading slashes from iolog_file and trailing slashes from
+ iolog_dir
+ [a803b51f8948]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Pass a single I/O log file name in command_details instead of
+ separate dir + file parameters.
+ [d672a3e46e80]
+
+ * plugins/sudoers/sudoreplay.c:
+ change an error() to errorx()
+ [8013dcfdd69d]
+
+ * plugins/sudoers/iolog.c:
+ Add missing cwd line to I/O log info file that got dropped when
+ iolog_deserialize_info() was added
+ [7cf84f208423]
+
+2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Avoid relying on globals filled in by the sudoers policy module for
+ the sudoers I/O log module. The I/O log open function now pulls the
+ bits it needs out of user_info and command_info.
+ [c02f6951b0cc]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ If no iolog file is specified by the policy plugin, use io_nextid()
+ to determine the next file in the sequence.
+ [faa1130b1020]
+
+2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document iolog_compress in command_info
+ [58895c7d12f5]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Add support for the iolog_compress variable in command_info.
+ [36f13a2fd1c1]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Add sigsetjmp() calls to all plugin entry points just to be safe.
+ [3fa482355bc4]
+
+ * src/sudo.c, src/sudo.h:
+ Don't need iolog variables in struct command_details, they are for
+ the I/O log plugins to handle.
+ [5111579ffd9d]
+
+2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Document use of mkdtemp() for iolog path teplates
+ [5db6101408a9]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ regen
+ [1ee11fd6d4eb]
+
+ * doc/sudo_plugin.pod, doc/sudoers.pod:
+ Document iolog_file and supported escape sequences for sudoers.
+ Clarify that iolog_file can contain directories.
+ [da611dedcbdb]
+
+ * compat/Makefile.in, configure, configure.in:
+ Fix building of mkstemps/mkdtemp replacements.
+ [793a5e303122]
+
+ * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
+ configure.in, include/missing.h:
+ Provide mkdtemp() for systems without it.
+ [b0527dfa965c]
+
+ * plugins/sudoers/iolog_path.c:
+ Fix typo
+ [277f6c514cba]
+
+ * plugins/sudoers/iolog.c:
+ Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
+ glibc mkdtemp() returns EINVAL.
+ [2e7323b05579]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Allow sudoers to specify the iolog file in addition to the iolog
+ dir. Add escape sequence support to iolog file and dir: sequence
+ number, user, group, runas_user, runas_group, hostname and
+ command in addition to any escape sequence recognized by
+ strftime(3).
+ [75cd32ee0435]
+
+ * plugins/sudoers/iolog.c:
+ Add missing sigsetjmp() call in I/O plugin open function. Fixes a
+ crash when the I/O plugin calls error(), errorx() or log_error().
+ [1a6718bd817d]
+
+2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
+ plugins/sudoers/sudoers.c:
+ Give the policy module fine-grained control over what the I/O plugin
+ logs.
+ [d29784fd2a66]
+
+ * common/term.c:
+ Clear OPOST from c_oflag like we used to. Fixes screen-based
+ editors such as vi.
+ [506ad5ae9b4e]
+
+ * doc/sudoers.pod:
+ Clarify umask option description. From Reuben Thomas.
+ [1294ac84222b]
+
+2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Pick last match in LDAP sudoers too
+ [fbfd8e85703b]
+
+ * doc/sudo_plugin.pod:
+ Document iolog_file, iolog_dir and use_pty
+ [26120a59c20e]
+
+ * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/sudoers.c:
+ Adapt plugins to version I/O logging ABI 1.1
+ [880dd64bc1e8]
+
+ * src/exec.c, src/sudo.h:
+ Add use_pty command_info flag for policies to indicate that a pty
+ should be allocated even if no I/O logging is performed.
+ [e7b167f8a6e5]
+
+ * src/sudo.c:
+ Add remaining plugin convenience functions
+ [ffeaf96da031]
+
+ * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
+ src/sudo_plugin_int.h:
+ Change I/O log API to pass in command info to the I/O log open
+ function. Add iolog_file and iolog_dir parameters to command info.
+ This allows the policy plugin to specify the I/O log pathname. Add
+ convenience functions for calling plugin functions that handle ABI
+ backwards compatibility.
+ [9b81dce76ce5]
+
+ * compat/dlopen.c:
+ Remove useless cast
+ [7cecce969739]
+
+2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Bump version to 1.8.0b3
+ [1dc9f040aae0]
+
+2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Remove extraneous newline
+ [71c94551eea5]
+
+2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
+ Make I/O log dir configurable.
+ [99b576667a38]
+
+ * aclocal.m4, configure, configure.in, doc/sudoers.pod:
+ Rename io_logdir to iolog_dir
+ [0731662acc8d]
+
+2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Add missing '*' that prevented the generic ELF case from matching.
+ [be77ca26bfb2]
+
+ * pp:
+ If file(1) can't identify the ELF binary type, try readelf(1).
+ [38a18d32a9e3]
+
+2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/sudoers.c, src/sudo.c:
+ Use %u to print uid/gid, not %lu and adjust casts to match.
+ [03c43b8749cf]
- * sudo.man.in, sudo.cat, sudoers.cat, sudoers.ldap.cat,
- sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
- regen
+ * doc/sudoers.ldap.pod:
+ Clarify ordering of entries and attributes.
+ [924e2a6bb603]
-2009-03-10 17:34 millert
+ * doc/sudoers.ldap.pod:
+ Fix typo and editing goof.
+ [79dc7ccd85a8]
- * config.h.in: Add missing HAVE_BSM_AUDIT
+ * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
+ doc/sudoers.ldap.pod:
+ Merge in ordered LDAP entry support from Andreas Mueller.
+ [ea5885989bad]
-2009-03-10 17:21 millert
+ * plugins/sudoers/ldap.c:
+ Make sure we don't dereference a NULL handle.
+ [1a9f9ee15371]
- * WHATSNEW: Add 1.7.1 features
+2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-03-10 17:10 millert
+ * pp:
+ Add support for RHEL 6 file modes that include a trailing dot on
+ files with an SELinux security context
+ [dc09be959547]
- * INSTALL: Mention --with-netsvc
+2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-03-10 17:08 millert
+ * src/sudo.c:
+ exec_setup() does not need to setuid(0), the Ubuntu issue was in the
+ sudoers module.
+ [d6dd99fc6062]
- * sudoers.ldap.pod: Document netsvc.conf support
+ * plugins/sudoers/sudoers.c:
+ create_admin_success_flag() should use restore_perms() rather than
+ set_perms() to restore the uid.
+ [eba7a91c1f57]
-2009-03-10 16:44 millert
+ * src/sudo.c:
+ In exec_setup() call setuid(0) to make certain the subsequent uid
+ and gid changes will succeed. Fixes a problem on Ubuntu.
+ [c5d32abf0645]
- * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
- sudo_nss.h: Add support for AIX netsvc.conf (like nsswitch.conf).
+ * src/sudo_edit.c:
+ Error out if we cannot change to root's uid so we catch the failure
+ early.
+ [7a2e7f8f2c80]
-2009-03-08 16:57 millert
+2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, config.h.in, configure.in, env.c: Add
- --enable-env-debug flag to enable environment sanity checks.
+ * doc/sudoers.pod:
+ fix typo; from Michael T Hunter
+ [a574a9d0db5b]
-2009-03-08 11:51 millert
+ * plugins/sudoers/match.c:
+ In sudoedit mode, assume command line arguments are paths and pass
+ FNM_PATHNAME to fnmatch().
+ [ce0abff8ce9f]
- * sudoers.ldap.pod, sudoers.pod: Work around some pod2html issue.
+2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-03-07 17:10 millert
+ * configure, configure.in:
+ Add workaround for an error in sys/types.h on HP-UX 11.23 when large
+ file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
+ broken bits of the header file.
+ [e337217f097a]
- * env.c: Only sync environ for putenv, setenv, and unsetenv. We
- need to make sure that sudo_putenv and sudo_setenv only modify
- env.envp, not environ.
+ * aclocal.m4:
+ Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
+ [fbbcee28961f]
-2009-03-02 14:19 millert
+ * sudo.pp:
+ For Tru64, strip off beta version.
+ [eeccd762df5e]
- * env.c: Really fix UNSETENV_VOID
+ * MANIFEST, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
+ Avoid conflicts with system definitions in grp.h and pwd.h
+ [b219ffe1da09]
-2009-03-02 14:18 millert
+ * zlib/gzguts.h:
+ Include stdio.h after zlib.h, not before. We need the large file
+ defines to come first.
+ [21d6df39790f]
- * env.c: Fix unsetenv when UNSETENV_VOID
+2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-03-02 08:00 millert
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
+ regen
+ [3ff8750d0aac]
- * aclocal.m4, configure: Fix SUDO_FUNC_PUTENV_CONST
+ * Makefile.in:
+ Don't clean ChangeLog
+ [ab0d30d289d4]
-2009-03-02 07:36 millert
+ * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Add prototype for cleanup()
+ [75626fd3769a]
- * ldap.c: tivoli-based ldap does not have ldapssl_err2string
+2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-03-02 07:30 millert
+ * plugins/sudoers/group_plugin.c:
+ Avoid deferencing group_plugin if it is NULL in
+ group_plugin_query(). This should not happen.
+ [4f2933c8da7e]
- * configure: regen
+ * plugins/sudoers/group_plugin.c:
+ group plugin init function return TRUE when successful
+ [198024477030]
-2009-03-01 16:20 millert
+2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure, configure.in, ldap.c: Add support for
- Tivoli-based LDAP start TLS as seen in AIX. Untested.
+ * plugins/sudoers/ldap.c:
+ Enlarge the array of entry wrappers int blocks of 100 entries to
+ save on allocation time. From Andreas Mueller
+ [375c916bb03b]
-2009-03-01 08:52 millert
+ * plugins/sudoers/ldap.c:
+ Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
+ that was mistakenly dropped.
+ [1555f5bc132d]
- * env.c: Add sanity checks for setenv/unsetenv
+2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-02-28 20:17 millert
+ * doc/TROUBLESHOOTING:
+ Mention that sudo needs "ar" to build.
+ [65582ace2d09]
- * Makefile.in: Include bsm_audit.h in the tarball
+ * configure, configure.in:
+ Fail with a more useful error if "ar" is not found.
+ [d1cb83719c17]
-2009-02-28 20:00 millert
+2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, version.h: bump version for sudo 1.7.1
+ * plugins/sudoers/ldap.c:
+ Merge in ordered LDAP entry support from Andreas Mueller and add
+ local changes from the 1.7 branch.
+ [bca29e461618]
-2009-02-28 19:58 millert
+2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4, config.h.in, configure, configure.in, env.c, ldap.c,
- sudo.h, auth/aix_auth.c: Replace sudo_setenv/sudo_unsetenv with
- calls to setenv/unsetenv and provide our own
- setenv/unsetenv/putenv that operates on own env pointer. Make
- sync_env() inline in setenv/unsetenv/putenv functions.
+ * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
+ doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add timed entry support from Andreas Mueller.
+ [e18d1df46a8d]
-2009-02-25 07:33 millert
+ * plugins/sudoers/group_plugin.c:
+ Don't try to unload if group_plugin is NULL. Don't call dlclose() if
+ group_handle is NULL
+ [de2273da37d5]
+
+ * plugins/sudoers/sudoers.h:
+ It is now plugin_cleanup(), not cleanup()
+ [da62a4e1a78c]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
+ Call plugin_cleanup(), not cleanup()
+ [e800ad8b33ad]
- * sudo.c: Make "sudoedit -h" work as expected
+2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Use efree() not free() and remove malloc.h include since we never
+ directly call malloc() or free().
+ [107fffd134bb]
+
+2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ set PSTAMP for Solaris and move the backend-specific bits to their
+ own %if [xxx] %endif blocks in %set.
+ [a94ebe8920c1]
+
+ * pp:
+ sync with git repo
+ [75ff509696b4]
+
+ * configure, configure.in:
+ Only substitute file zlib files when using the builtin zlib
+ [6c8145b2deb4]
+
+ * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Give up on using VPATH to find sources as it is implemented
+ inconsistenly in different versions of make.
+ [60517c69aaee]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
+ plugins/sudoers/gram.c, plugins/sudoers/toke.c:
+ Include config.h before any other includes to make sure we get the
+ right value for _FILE_OFFSET_BITS.
+ [8fb007ca832e]
+
+ * MANIFEST:
+ Add zlib
+ [04a3e23dfaa9]
+
+ * zlib/Makefile.in:
+ Add missing targets
+ [40e45a177168]
+
+ * src/Makefile.in:
+ g/c unused $(GENERATED)
+ [c8758068c1bc]
+
+2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/group_plugin.c:
+ Zero out group_plugin on unload just to be safe.
+ [0b10f4d101ca]
+
+ * plugins/sudoers/group_plugin.c:
+ Unload group plugin if its init function fails.
+ [6552cdac4b7c]
+
+ * src/sudo.c:
+ Only chdir to cwd if it is different from the current cwd or there
+ is a new root (chroot).
+ [b8203e875e84]
+
+ * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
+ Bump version to 1.8.0b2
+ [6dadeb75a878]
+
+2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Better --enable-zlib description
+ [e0da54fa59a6]
+
+ * mkpkg:
+ Use system zlib on Linux Let configure decide on Solaris For all
+ others, use builtin zlib
+ [3d52eddb523c]
+
+ * zlib/zconf.h.in:
+ Add large file support.
+ [bec01215270d]
+
+ * config.h.in:
+ Add large file support.
+ [244e95b034ec]
+
+ * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
+ zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
+ zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
+ zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
+ zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
+ zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
+ zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
+ zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
+ Add local copy of zlib for systems that lack it.
+ [7542ca465c5a]
+
+2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ If perform_io() fails, kill the child before exiting so it doesn't
+ complain about connection reset. We can get an I/O error if, for
+ example, and we get EIO reading from stdin.
+ [e59a05fa729f]
+
+2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Fix complilation on systems with set_auth_parameters() Sprinkle
+ volatile to quiet warnings from gcc 2.8.0
+ [a34c2b924ba7]
+
+ * compat/dlfcn.h, compat/dlopen.c:
+ Avoid potential namespace issues with dlopen() emulation.
+ [aedfababd6ca]
+
+ * MANIFEST:
+ sync
+ [6afb97e6d308]
+
+ * plugins/sudoers/interfaces.c:
+ Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
+ exist).
+ [ddfca5af1a36]
+
+ * Makefile.in:
+ Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
+ [e9d04bfa4505]
+
+ * configure, configure.in:
+ HP-UX 10.20 libc has an incompatible getline
+ [2e7bc202e78d]
+
+ * plugins/sudoers/visudo.c:
+ Quiet an HP-UX compiler warning.
+ [55b9d587ac8c]
+
+ * configure, configure.in:
+ Check for vi even with --with-editor specified; the sample plugin
+ needs it.
+ [94dfc3643f76]
+
+2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/dlopen.c:
+ Fix remaining syntax errors.
+ [9d729b5b577e]
+
+ * src/Makefile.in:
+ sudo binary depends on the libtool-generated libs
+ [9e6148406adb]
+
+ * plugins/sudoers/group_plugin.c, src/load_plugins.c:
+ Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
+ include the local or system dlfcn.h
+ [68cfe4c1089b]
+
+ * pp:
+ Don't use run_as_superuser=false on HP-UX
+ [532242370b09]
+
+ * src/net_ifs.c:
+ Use memset() instead of zero_bytes() since we don't include
+ sudoers.h
+ [a187c18c2472]
+
+ * plugins/sudoers/interfaces.c:
+ Fix pasto; AF_INET not AF_INET6
+ [2d2e9d7dc6f9]
+
+ * compat/dlopen.c:
+ Actually call shl_load()
+ [ed8153b8a3cd]
+
+ * pp:
+ Update from git repo. Debian: version numbers now compliant with
+ policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
+ 10.20
+ [ecf2692bceeb]
+
+ * configure, configure.in:
+ Fix dlopen() detection for systems where dlopen() is in a separate
+ library.
+ [fa6b175582b6]
+
+ * plugins/sudoers/auth/pam.c:
+ If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
+ useful message and return AUTH_FATAL so sudo does not keep trying to
+ validate the user.
+ [1be8857e5291]
+
+ * src/preload.c:
+ sudo_preload_table is an array
+ [b7704e72a9da]
+
+ * compat/dlopen.c:
+ Quiet a compiler warning and fix sudo_preload_table external
+ definition.
+ [8234987664cc]
+
+ * compat/dlfcn.h:
+ Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
+ [8bab6a4053cc]
-2009-02-25 07:21 millert
+ * plugins/sudoers/group_plugin.c:
+ Make this compile correctly when no dlopen is available.
+ [57643879bd2b]
+
+2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Having a timestamp file defined is no longer indicative of tty
+ tickets being enabled. Check def_tty_tickets directly.
+ [efcc11ad157f]
+
+ * src/exec_pty.c, src/sudo.h, src/ttysize.c:
+ Fix TCGETWINSZ compat.
+ [da3a8b17cf7a]
+
+2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c, src/ttysize.c:
+ Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
+ [926492dd10a6]
+
+2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Move set_project() from sudoers module into sudo proper.
+ [beabafac03b4]
+
+ * configure, configure.in:
+ Fix typo and regenerate
+ [4a3caf4234f3]
+
+ * plugins/sudoers/ldap.c:
+ When iterating over returned LDAP entries, keep looking at remaining
+ matches even if we have a positive match. This catches negative
+ matches that may exist in other entries and more closely match the
+ sudoers file behavior.
+ [f47db6e609b0]
+
+ * pp:
+ Add support for multiple package instances on Solaris.
+ [7f2a8b942545]
+
+ * src/exec.c:
+ Add missing signal_pipe[0] to fdsr for the non-pty case.
+ [79d01e11b19c]
+
+ * mkpkg:
+ Add --with-project for Solaris
+ [ffa4c2bb93f7]
+
+ * README:
+ Need ar and ranlib too
+ [5c2f679172ef]
+
+2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c:
+ Preserve ODMDIR environment variable by default on AIX.
+ [bd47cb1e804f]
+
+2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
+ config.h.in, configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
+ src/preload.c:
+ Add dlopen() emulation for systems without it. For HP-UX 10, emulate
+ using shl_load(). For others, link sudoers plugin statically and use
+ a lookup table to emulate dlsym().
+ [e92edfb3c642]
+
+2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: Make sure def_prompt is always defined. This is a
- workaround for pam configs that prompt for a password in the
- session but don't have an auth line. A better fix is to expand
- the sudo prompt earlier and set def_prompt to that when
- initializing.
+ * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
+ compat/nanosleep.c, compat/utimes.c:
+ When including compat headers, use the compat dir as part of the
+ path so we are sure to get the correct header.
+ [6c2a45da6af5]
-2009-02-25 06:17 millert
+2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/linux_audit.c:
+ Ignore ECONNREFUSED from audit_log_user_command() which will occur
+ if auditd is not running.
+ [d314fe4c8d03]
- * sudo.pod: Mention that the helper for -A may be graphical.
+2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-02-25 06:16 millert
+ * pp:
+ Sync with git version
+ [1c0357744222]
- * TROUBLESHOOTING: Document what happens if there is no tty.
+2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-02-25 06:05 millert
+ * common/fileops.c, plugins/sudoers/defaults.c:
+ Cast isblank argument to unsigned char.
+ [c822dbb3ca54]
- * sudo.c: cosmetic changes
+2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-02-25 05:47 millert
+ * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
+ Implement --with-umask-override configure flag.
+ [863e3047df22]
- * term.c: Fix term_restore
+ * plugins/sudoers/env.c:
+ Take MODE_LOGIN_SHELL into account when initially setting reset_home
+ instead of special-casing it later.
+ [5d6b16480fd6]
-2009-02-24 20:23 millert
+ * plugins/sudoers/sudoers.c:
+ In login mode, make a copy of the runas user's pw_shell for
+ NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
+ freed before exec.
+ [1d1ccb568dfa]
+
+ * plugins/sudoers/env.c:
+ Reset HOME for "sudo -i" even if HOME was listed in env_keep.
+ [c1c1c65a2d63]
+
+ * src/sudo.c:
+ Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
+ [7443454e5f88]
+
+ * src/sudo.c:
+ Reset signal mask at sudo startup time; we need to be able to rely
+ on normal signal delivery to control the child process.
+ [95800163ff94]
+
+2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ Use sed instead of expr to split a flag from its argument. Fixes a
+ problem with expr interpreting its arguments as a flag when they
+ start with a dash.
+ [736065e14301]
+
+ * common/lbuf.c:
+ Do not need sys/time.h after all
+ [91f6f668ccda]
+
+ * common/lbuf.c:
+ Include sys/time.h for utimes() and struct timeval. No longer need
+ ioctl.h or termios.h
+ [2d75273d3213]
+
+ * compat/snprintf.c:
+ Quiet bogus compiler warnings.
+ [fe252e1968f5]
+
+ * include/missing.h:
+ Declare innetgr() for HP-UX which is missing a declaration. Declare
+ domainname() for HP-UX and Solaris which are missing a declaration.
+ [b37c50751138]
+
+ * plugins/sudoers/bsm_audit.c:
+ Use __sun for consistency with the rest of the sources.
+ [6b086b61ccb6]
+
+ * plugins/sudoers/group_plugin.c:
+ Quiet a bogus compiler warning.
+ [ebc069842c4a]
+
+ * plugins/sudoers/pwutil.c:
+ Don't try to delref a NULL group.
+ [f6ff0838be21]
+
+ * common/alloc.c, common/lbuf.c:
+ Include memory.h on systems that need it.
+ [4e676da81c6f]
+
+2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Quiet gcc warnings on glibc systems that use warn_unused_result for
+ write(2).
+ [0532da0b7cf7]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ sudo_plugin is in section 8; from Ted Percival
+ [b4506a0de87e]
+
+ * plugins/sudoers/Makefile.in:
+ testsudoers depends on libsudoers.la, not sudoreplay
+ [cdb1cc3bf06a]
+
+2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Read as many signals on the signal pipe as we can before returning.
+ [b181671da047]
+
+ * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
+ Instead of using a array to store received signals, open a pipe and
+ have the signal handler write the signal number to one end and
+ select() on the other end. This makes it possible to handle signals
+ similar to I/O without race conditions.
+ [ee84d65c16b6]
+
+2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.pod, plugins/sudoers/visudo.c:
+ Make "visudo -c -f -" check the standard input.
+ [195a3d2a9a26]
+
+ * doc/sudoers.pod:
+ set_home and always_set_home have an effect if HOME is present in
+ the env_keep list.
+ [159d0b9dc5c8]
+
+ * plugins/sudoers/env.c:
+ Make -H flag work when HOME is listed in env_keep. Also makes
+ "set_home" and "always_set_home" override override HOME in env_keep.
+ [a3e5b966193f]
+
+2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/net_ifs.c:
+ Convert sudoers plugin to use interface list passed in settings.
+ [87d9b5f4f586]
+
+ * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
+ src/parse_args.c, src/sudo.h:
+ Query local network interfaces in the main sudo driver and pass to
+ the plugin as "network_addrs" in the settings list.
+ [7f35bcfe77a7]
+
+ * plugins/sudoers/bsm_audit.c:
+ Solaris BSM audit return EINVAL when auditing is not enabled,
+ whereas OpenBSM returns ENOSYS.
+ [411b980ec58b]
+
+2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/fnmatch.c:
+ missing.h should come before most local includes
+ [53921a7b8b5b]
+
+ * plugins/sudoers/sudoreplay.c:
+ missing.h should come before most local includes
+ [e9abb0db1aac]
+
+ * plugins/sudoers/sudoers.h:
+ Make local includes consistent; use double quotes for local includes
+ except for generated ones where we use angle brackets.
+ [09de4faa9547]
+
+ * plugins/sudoers/sudoers.c:
+ Always fill in NewArgv for audit code.
+ [7c3aca60519f]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
+ [007cf6560f92]
+
+ * common/alloc.c, common/atobool.c, common/fileops.c,
+ common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
+ common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
+ compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
+ compat/getprogname.c, compat/glob.c, compat/isblank.c,
+ compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
+ compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
+ compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
+ compat/unsetenv.c, compat/utimes.c, include/compat.h,
+ plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
+ plugins/sample_group/plugin_test.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
+ plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
+ src/sudo_noexec.c, src/ttysize.c:
+ Make local includes consistent; use double quotes for local includes
+ except for generated ones where we use angle brackets. Also g/c
+ unused compat.h.
+ [e57070dc8f04]
+
+2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ When matching the runas user and runas group (-u and -g command line
+ options), keep track of runas group and runas user matches
+ separately. Only return a positive match if we have a match for
+ both runas user and runas group (if specified).
+ [815219e04cc8]
+
+2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add support for multiple URI lines by joining the contents and
+ passing the result to ldap_initialize.
+ [a47cae3b72e8]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
+ Do not return -1 on error from the display functions; the caller
+ expects a return value >= 0.
+ [101456a7dd00]
+
+ * plugins/sudoers/sudoers.c:
+ Do not set both MODE_EDIT and MODE_RUN
+ [8faa36694d54]
+
+2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Move includes to the top of the file.
+ [a51436798e8c]
+
+2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Add missing definition of timedir
+ [458a749c2c5e]
+
+ * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
+ compat/mksiglist.c, compat/strsignal.c,
+ plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
+ Add #include of sys/types.h for .c files that include missing.h to
+ be sure that size_t and ssize_t are defined.
+ [08e3132dbf4f]
+
+ * plugins/sudoers/Makefile.in:
+ Install sudoers file from the build dir not hte src dir.
+ [ca89e962dbf4]
+
+2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ If runas_pw changes, reset the stashed runas aux group vector.
+ Otherwise, if runas_default is set in a per-command Defaults
+ statement, the command runs with root's aux group vector (i.e. the
+ one that was used when locating the command).
+ [24f9107cedd2]
+
+ * plugins/sudoers/Makefile.in:
+ Add target to generate sudoers file Remove generated sudoers file as
+ part of distclean
+ [fb7422e90f03]
+
+2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ When not logging I/O install a handler for SIGCONT and deliver it to
+ the command upon resume. Fixes bugzilla #431
+ [495dce52a5aa]
+
+2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.h:
+ g/c unused auth_pw extern definition
+ [40eb7477ba17]
+
+ * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
+ Move get_auth() into check.c where it is actually used.
+ [e31db0ce3a61]
+
+2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/lbuf.c:
+ Convert a remaining puts() and putchar() to use the output function.
+ [d69e363a506b]
+
+ * plugins/sudoers/plugin_error.c:
+ Plug memory leak
+ [68895469ea8d]
+
+2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c:
+ Set dupcheck to TRUE when setting new HOME value if !env_reset but
+ always_set_home is true. Prevents a duplicate HOME in the
+ environment (old value plus the new one) introduced in f421f8827340.
+ [9ca19183794f]
+
+ * configure, configure.in, plugins/sudoers/sudoers,
+ plugins/sudoers/sudoers.in:
+ Substitute sysconfdir in the installed sudoers file to get the
+ correct path for sudoers.d.
+ [86072b6cd55d]
+
+2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/get_pty.c:
+ Fix typo that prevented compilation on Irix; Friedrich Haubensak
+ [b48be51b65fc]
+
+2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
+ common/atobool.c, common/fileops.c, common/fmt_string.c,
+ common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
+ compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
+ compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
+ compat/getprogname.c, compat/glob.c, compat/isblank.c,
+ compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
+ compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
+ compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
+ compat/unsetenv.c, compat/utimes.c, include/compat.h,
+ include/missing.h, plugins/sample/sample_plugin.c,
+ plugins/sample_group/getgrent.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
+ src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
+ Merge compat.h and missing.h into missing.h
+ [572909ae9716]
+
+2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ If the user hits ^C while a password is being read, error out before
+ reading any further passwords in the pam conversation function.
+ Otherwise, if multiple PAM auth methods are required, the user will
+ have to hit ^C for each one.
+ [23782631748c]
+
+2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Update comment
+ [a5296cb3a20a]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document sudo_conv_t function and sudo_printf_t return values.
+ [745c0017814c]
+
+ * src/conversation.c:
+ Make _sudo_printf return the number of characters printed on success
+ like printf(3).
+ [8eeefe8d7e77]
+
+2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ sudoers.h includes sudo_plugin.h for us
+ [cabe68e07807]
+
+ * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
+ src/sudo_edit.c:
+ Use gettimeofday() directly instead of via the gettime() wrapper.
+ [7490426c99ae]
+
+ * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
+ compat/strerror.c, config.h.in, configure, configure.in,
+ include/compat.h, include/missing.h, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
+ Remove some obsolete configure tests, ancient Unix systems are no
+ longer supported.
+ [2be6218c3a36]
+
+2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Set pp_kit_version and strip off patch level
+ [aacfda1b676d]
+
+ * sudo.pp:
+ Better handling of versions with a patchlevel. For rpm and deb, use
+ the patchlevel+1 as the release. For AIX, use the patchlevel as the
+ 4th version number. For the rest, just leave the patchlevel in the
+ version string.
+ [638bd35f2346]
+
+2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ For non-standalone auth methods, stop reading the password if the
+ user enters ^C at the prompt.
+ [82c2911bb264]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/pwutil.c:
+ No need to look up shadow password unless we are doing password-
+ style authentication. This moves the shadow password lookup to the
+ auth functions that need it.
+ [ba9e3eba2b72]
+
+ * plugins/sudoers/sudoers.c:
+ Retain final passwd/group refs until the policy close() function.
+ Note that this doesn't get called in all cases so putting this in a
+ cleanup function is probably better.
+ [bbe214cb4119]
+
+ * plugins/sudoers/check.c:
+ Fix mismerge
+ [395115f89dd6]
+
+ * plugins/sudoers/check.c:
+ When removing/resetting the timestamp file ignore the tty ticket
+ contents.
+ [b709f5667a0b]
+
+ * plugins/sudoers/sudoers.c:
+ delref sudo_user.pw, runas_pw and runas_gr immediately before we
+ return.
+ [4d67d15dfd3b]
+
+2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Reference count cached passwd and group structs. The cache holds
+ one reference itself and another is added by sudo_getgr{gid,nam} and
+ sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
+ group structs are persistent for now.
+ [e544685523c3]
+
+ * doc/UPGRADE:
+ fix typo
+ [e32f2d35e6c9]
+
+2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Do not produce a warning for "sudo -k" if the ticket file does not
+ exist.
+ [1598f6061b75]
+
+ * plugins/sudoers/pwutil.c:
+ Instead of caching struct passwd and struct group in the red-black
+ tree, store a struct cache_item which includes both the key and
+ datum. This allows us to user the actual name that was looked up as
+ the key instead of the contents of struct passwd or struct group.
+ This matters because the name in the database may not match what we
+ looked up, due either to case folding or truncation (historically at
+ 8 characters). Also mark the disabled calls to sudo_freepwcache()
+ and sudo_freegrcache() as broken since we use cached data for things
+ like set_perms() and the logging functions. Fixing this would
+ require making a copy of the structs for user and runas or adding a
+ reference count (better).
+ [225d4a22f60e]
+
+ * plugins/sudoers/Makefile.in:
+ Fix path to mkinstalldirs
+ [b4968379b12d]
+
+ * plugins/sudoers/check.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
+ src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
+ Quiet gcc warnings on glibc systems that use warn_unused_result for
+ write(2) and others.
+ [c99f138960e0]
+
+2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add %option noinput
+ [72b9cd49b4f1]
+
+ * aclocal.m4, configure, configure.in:
+ Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
+ back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
+ cross-compiling.
+ [e385c176d0ee]
+
+2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
+ Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
+ and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
+ [cf3e60d9c440]
+
+2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Update to latest version
+ [32f93be33961]
+
+2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Let pp determine pp_aix_version itself.
+ [7cf0245d84ed]
+
+ * INSTALL, config.h.in, configure, configure.in, mkpkg,
+ plugins/sudoers/sudoers.c:
+ Add support for Ubuntu admin flag file and enable it when building
+ Ubuntu packages.
+ [00e27cff2dfb]
+
+ * plugins/sudoers/sudoers, sudo.pp:
+ Add commented out SuSE-like targetpw settings
+ [4605d47b7413]
+
+ * configure, configure.in:
+ Only try to use +DAportable for non-GCC on hppa
+ [75d0f284ccf7]
+
+ * configure, configure.in:
+ Prevent configure from adding the -g flag unless in devel mode
+ [b1fd3f8d45c0]
+
+2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Go back to sudo-flavor to match existing packages and only use an
+ underscore for those that need it.
+ [d737069d1e1c]
+
+ * sudo.pp:
+ Use sudo_$flavor instead of sudo-$flavor since that causes the least
+ amount of trouble for the various package managers.
+ [71f547af35fc]
+
+ * mkpkg:
+ Fix handling of the ldap flavor Remove destdir unless --debug was
+ specified Make distclean before running configure if there is a
+ Makefile present
+ [6316f08de7d3]
+
+ * sudo.pp:
+ Add back include file.
+ [195627bf68b8]
+
+ * mkpkg:
+ Pass extra args on to configure on HP-UX, if we don't have the HP C
+ compiler, disable zlib to prevent gcc from finding it in
+ /usr/local/lib.
+ [473efa0e2bac]
+
+ * mkpkg:
+ Use the HP ANSI C compiler on HP-UX if possible
+ [fb249b6b175d]
+
+ * plugins/sudoers/sudoreplay.c:
+ Some getline() implementations (FreeBSD 8.0) do not ignore the
+ length pointer when the line pointer is NULL as they should.
+ [2410a1a3543c]
+
+ * plugins/sudoers/sudoreplay.c:
+ Don't need to check for *cp being non-zero, isdigit() will do that.
+ [7df11ea8a487]
+
+ * plugins/sudoers/sudoreplay.c:
+ Add setlocale() so the command line arguments that use floating
+ point work in different locales. Since sudo now logs the timing
+ data in the C locale we must Parse the seconds in the timing file
+ manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
+ the number of seconds with the user's locale so if the decimal point
+ is not '.' try using the locale-specific version.
+ [4d385765f23b]
- * sudo.c: Fix "sudo -k" with no other args
+ * src/exec.c:
+ Do I/O logging in the C locale so the floating point numbers in the
+ timing file are not locale-dependent.
+ [5961cec044ec]
+
+ * plugins/sudoers/sudoreplay.c:
+ Use errorx() not error() for thingsthat don't set errno.
+ [0fe5e692af84]
+
+2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Better support for 1.2.3 style versions in Tru64 kits
+ [997c549bb777]
+
+ * sudo.pp:
+ Add Tru64 kit support
+ [e273a954f981]
+
+ * pp:
+ Remove apparently unnecessary use of sudo
+ [be8840d85125]
+
+ * Makefile.in, plugins/sudoers/Makefile.in:
+ Create timedir as part of install-dirs target.
+ [c736bc2fb14f]
+
+ * src/exec_pty.c:
+ Handle ENXIO from read/write which can occur when reading/writing a
+ pty that has gone away.
+ [fa2e8059879f]
+
+ * plugins/sudoers/pwutil.c:
+ sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
+ [3a045475d5ee]
+
+ * mkpkg:
+ platform is a pp flag not a variable
+ [12eba39a47c1]
+
+ * Makefile.in, mkpkg, sudo.pp:
+ Add simple arg parsing for mkpkg so we can set debug, flavor or
+ platform.
+ [ada839fe252d]
+
+ * pp:
+ Make rpm backend work on AIX 5.x
+ [549a76d11393]
+
+2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers:
+ Add commented out Defaults entry for log_output
+ [7e67d7588900]
+
+2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/Makefile.in:
+ Remove sudo docdir completely
+ [dce8e82878ef]
+
+ * doc/sample.sudo.conf:
+ Add sample sudo.conf
+ [aafdba3fc411]
+
+2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Add PACKAGE_TARNAME for docdir
+ [930c92b8f8f0]
+
+2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/Makefile.in:
+ Pass install-sh -b~ here too.
+ [c3f5eb446c38]
+
+ * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Install binary files with -b~ to make a backup. Fixes "text file
+ busy" error on HP-UX during install.
+ [81f306f54f8c]
+
+ * install-sh:
+ "mv -f" on HP-UX doesn't unlink the destination first so add an
+ explicit rm before moving the temporary into place.
+ [fb719a79582d]
+
+ * configure, configure.in:
+ Some more ${foo} -> $(foo) conversion for consistent Makefiles.
+ [0aa098770074]
+
+ * doc/Makefile.in, plugins/sudoers/Makefile.in:
+ Install sudoers2ldif in the doc dir
+ [33ac3b53d7f5]
+
+2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pathnames.h.in:
+ Add missing include of maillock.h for Solaris
+ [5a58883be23a]
+
+ * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
+ doc/sample.syslog.conf, doc/sudoers.cat:
+ Change the default syslog facility from local2 to authpriv (or auth
+ if the operating system doesn't support authpriv).
+ [3b70ba514f49]
+
+ * Makefile.in, sudo.pp:
+ Install sudoers as /etc/sudoers on RPM and debian systems where the
+ package manager will not replace a user-modified configuration file.
+ This fixes upgrades from the vendor sudo packages.
+ [d886b6d60b5b]
+
+ * pp:
+ RPM: use %config(noreplace) instead of %config for volatile This
+ results in the new file being installed with a .rpmnew suffix
+ instead of the file being replaced and the old one renamed with a
+ .rpmsave suffix.
+ [58be2119f8e8]
+
+2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/mkstemps.c, plugins/sudoers/boottime.c:
+ Include time.h for struct timeval
+ [ddf8b04f0276]
+
+ * src/exec_pty.c:
+ The return value of strsignal() may be const and should be treated
+ as const regardless.
+ [620074ae1e77]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Mention that 127.0.0.1 will not match, nor will localhost unless
+ that is the actual host name.
+ [8b574122eb8f]
+
+ * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
+ Rename WHATSNEW -> NEWS
+ [d1a2c8c47d89]
+
+ * pp:
+ Updated pp with latest patches
+ [98e16b9b8f62]
+
+ * WHATSNEW:
+ Sync with 1.7.4
+ [65ac4dafeef7]
-2009-02-24 08:04 millert
+ * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ plugins/sudoers/sudoers:
+ Add commented out line to add HOME to env_keep and add a warning to
+ the note about the HOME change in UPGRADE.
+ [0d6a775bb6c8]
+
+2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ Add LINE_MAX define for those without it.
+ [446d9dbe7859]
+
+ * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
+ doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ plugins/sudoers/defaults.c:
+ The tty_tickets option is now on by default.
+ [a01c48206d80]
+
+ * WHATSNEW:
+ Mention that AIX authdb support has been fixed.
+ [87bd7f4eba6a]
+
+ * common/aix.c:
+ setauthdb() only sets the "old" registry if it was set by a previous
+ call to setauthdb(). To restore the original value, passing NULL
+ (or an empty string) to setauthdb() is sufficient.
+ [470da190a254]
+
+2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
+ doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ plugins/sudoers/env.c:
+ Reset HOME when env_reset is enabled unless it is in env_keep
+ [f421f8827340]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ The default for set_logname has been "true" for some time now.
+ [f489da5674c3]
+
+ * plugins/sudoers/boottime.c:
+ Add missing include of time.h
+ [624d7014932f]
+
+ * plugins/sudoers/logging.c:
+ Fix check for dup2() return value.
+ [140ea2d50d20]
+
+ * plugins/sudoers/env.c:
+ Add PYTHONUSERBASE to initial_badenv_table
+ [3149aae5b12c]
+
+ * plugins/sudoers/visudo.c:
+ Treat an unknown defaults entry as a parse error.
+ [b3ebad73efb2]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
+ Check return value of setdefs() but don't stop setting defaults if
+ we hit an unknown one.
+ [945e752239ab]
+
+ * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
+ doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
+ plugins/sudoers/env.c:
+ If env_reset is enabled, set the MAIL environment variable based on
+ the target user unless MAIL is explicitly preserved in sudoers.
+ [a1b03e2e0e96]
+
+2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ decode debian code names
+ [8741280d9960]
+
+ * WHATSNEW:
+ fix typo
+ [a8a19451110b]
+
+2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Merge with 1.7.4
+ [9348fa7e15b8]
+
+ * src/sudo.c:
+ Restore RLIMIT_NPROC after the uid switch if it appears that
+ runas_setup() did not do it for us. Fixes a bash script problem on
+ SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
+ [786fb272e5fd]
+
+2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, pp, sudo.pp:
+ Restore the dot removal in the os version reported by polypkg. Adapt
+ mkpkg and sudo.pp to the change.
+ [dcafdd53b88f]
+
+2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ document --with-pam-login
+ [ea93e4c6873c]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ The tag is NOSETENV, not UNSETENV. From Petr Uzel.
+ [2ac90d8de36e]
+
+2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Include flavor in solaris package name
+ [e605f6364c9f]
+
+ * mkpkg:
+ Older shells don't support IFS= so set explictly to space, tab,
+ newline.
+ [7773960bc8a0]
+
+ * mkpkg:
+ Use '=' not '==' in test
+ [c99d42bc48e6]
+
+ * mkpkg:
+ Fix typo that prevented debian from matching
+ [84421078fcb7]
+
+ * mkpkg:
+ Add missing prefix setting for debian
+ [6466f23de4aa]
+
+ * sudo.pp:
+ Use tab indents to reduce the chance of problem with <<- Fix the
+ debian %set section, pp does not set pp_deb_distro Uncomment %sudo
+ line in sudoers for debian Uncomment some env_keep lines for RHEL,
+ SLES and debian to more closely match the vendor sudoers files.
+ Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
+ debian for ldap flavor
+ [c5b49feb1a0c]
+
+ * plugins/sudoers/sudoers:
+ Add commented out env_keep entries, sample Aliases and a %sudo line
+ for debian.
+ [387719e52d0f]
+
+ * configure, configure.in:
+ Move zlib check later on in the script to avoid a strange shell
+ problem on SLES11.
+ [1a3153bb1291]
+
+ * configure.in:
+ Remove check for egrep; configure has its own
+ [a3b9d98cb5d2]
+
+2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Enable zlib for linux distros
+ [8fa51a1405a4]
+
+ * mkpkg:
+ Add ldap flavor to default build
+ [97644f5a555f]
+
+ * mkpkg, sudo.pp:
+ Simplify rpm linux distro settings
+ [b9dcf10cdf20]
+
+ * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
+ Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
+ [2c549c1acde9]
+
+ * Makefile.in:
+ Fix ChangeLog creation from build dir
+ [3d0c7904f173]
+
+ * plugins/sudoers/sudoers.c:
+ Handle getcwd() failure.
+ [aef7bef87394]
+
+ * doc/Makefile.in, mkpkg, sudo.pp:
+ Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
+ environment variable.
+ [be6ed611b7a8]
+
+ * sudo.pp:
+ Create sudo group on debian
+ [6ed6c032042e]
+
+ * mkpkg, sudo.pp:
+ Add debian 4/5/6 and use the dot when doing version matches
+ [6bcb664d1f4f]
+
+ * aclocal.m4, configure:
+ Use a loop when searching for mv, sendmail and sh
+ [d5e9369f8d13]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Remove spurious "and"; from debian
+ [a21e6f7c5b99]
+
+ * aclocal.m4, configure, configure.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.pod:
+ Substitute the value of EDITOR into the sudoers and visudo manuals.
+ [cd79e587dd7f]
+
+2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, pp, sudo.pp:
+ Initial support for debian 4.0
+ [ac6707915fa8]
+
+ * mkpkg:
+ Some platforms need -fPIE instead of -fpie
+ [fd6be19e5bc2]
+
+ * plugins/sudoers/auth/pam.c:
+ Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
+ On Linux it causes a DNS lookup via libaudit.
+ [1e10105ade5b]
+
+ * MANIFEST:
+ Update MANIFEST to match packaging changes
+ [ef86ee557b5b]
+
+ * sudo.psf:
+ We now use pp to generate HP-UX packages
+ [f7aa8da7844e]
+
+ * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
+ Remove vestiges of old binary package bits.
+ [afffd005452f]
+
+ * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ install-man -> install-doc
+ [99b5fa05567c]
+
+ * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
+ plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
+ Use http://rc.quest.com/topics/polypkg/ for packaging
+ [5ca8eb75b223]
+
+ * install-sh:
+ Just ignore the -c option, it is the default Add support for -d
+ option
+ [a8b6b0a131e8]
+
+2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
+ Use _PATH_STDPATH instead of _PATH_DEFPATH
+ [137fa911908e]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Do not strip binaries.
+ [20166e287176]
+
+ * INSTALL, configure, configure.in:
+ Add --insults=disabled configure option to allow people to build in
+ insult support but have the insults disabled unless explicitly
+ enabled in sudoers.
+ [523b8c552e90]
+
+ * compat/mkstemps.c:
+ Add prototype for gettime()
+ [275eee40473b]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add support for a sudo-i pam.d file to be used for "sudo -i".
+ Adapted from a RedHat patch.
+ [06d34f16520b]
+
+2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Fix mkstemps() prototype
+ [2421841e815b]
+
+ * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
+ config.h.in, configure, configure.in, include/missing.h,
+ src/sudo_edit.c:
+ Use mkstemps() instead of mkstemp() in sudoedit. This allows
+ sudoedit to preserve the file extension (if any) which may be used
+ by the editor (like emacs) to choose the editing mode.
+ [d33172d2c086]
+
+2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
+ plugins/sudoers/ldap.c:
+ TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
+ TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
+ code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
+ should avoid disabling TLS_CHECKPEER is possible.
+ [196622436212]
+
+2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Make sudo_plugin format a bit more like a man page
+ [048d596e32da]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add suport for negated user/host/command lists in a Defaults entry.
+ E.g. Defaults:!baduser noexec
+ [d41112cf0342]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Add uninstall target
+ [fea66ebf136a]
+
+ * common/Makefile.in, compat/Makefile.in:
+ Remove unused AR, SED and RANLIB variables
+ [2ff9928bfdb3]
+
+ * Makefile.in:
+ Do not install sample plugins
+ [5443b87bd1c3]
+
+2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
+ configure.in, plugins/sudoers/env.c:
+ Now that sudoers is a dynamically loaded module we cannot override
+ the libc environment functions because the symbols may already have
+ been resolved via libc. Remove getenv/putenv/setenv/unsetenv
+ replacements from sudoers and add replacements for setenv/unsetenv
+ for systems that lack them.
+ [3f2b43cb8851]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in:
+ Link testsudoers with -ldl when needed
+ [f79606f9fcd7]
+
+ * plugins/sample_group/plugin_test.c:
+ Remove unused time.h and add limits.h for PATH_MAX
+ [3f5d0074d621]
+
+ * doc/sudoers.ldap.pod:
+ Fix typo.
+ [bc855fd57397]
+
+2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample_group/plugin_test.c:
+ Do not depend on strlcpy/strlcat
+ [6e7e2b5af051]
+
+ * plugins/sample_group/plugin_test.c:
+ Standalone test driver for sudoers group plugin.
+ [eb1235fc3b8e]
+
+2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/group_plugin.c, src/load_plugins.c:
+ Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
+ aid.
+ [2a34e616229b]
+
+ * plugins/sample_group/sample_group.c:
+ Fix style nit in function declarations
+ [ab87c7c76bf9]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Document group_plugin syntax.
+ [ed1faf72ddcb]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document the sudoers group plugin.
+ [f19a62dc8cfc]
+
+ * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
+ configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
+ plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
+ Replace built-in non-unix group support with a sudoers group plugin.
+ Include a sample plugin that can read Unix-format group files.
+ [8fc58ce0b1a8]
+
+ * configure, configure.in, src/load_plugins.c:
+ Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
+ [5c491dddb8ef]
+
+2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod:
+ Move sudoers-specific bits out of sudo(8) and into sudoers(5)
+ [e8a5a5830cfe]
+
+ * aclocal.m4, configure, configure.in:
+ Substitute @io_logdir@ for the sudoers I/O log directory.
+ [21a75ca7b0ab]
+
+2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
+ common/atobool.c, common/fileops.c, common/fmt_string.c,
+ common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
+ compat/getgrouplist.c, compat/getline.c, compat/glob.c,
+ compat/snprintf.c, config.h.in, configure, configure.in,
+ include/fileops.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
+ src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
+ src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
+ Set usrinfo for AIX Set adminstrative domain for the process when
+ looking up user's password or group info and when preparing for
+ execve(). Include strings.h even if string.h exists since they may
+ define different things. Fixes warnings on AIX and others.
+ [cf8b93e872c9]
+
+ * Makefile.in:
+ Add a separate all target for AIX make which was using the entire
+ LHS (not just the first entry) of the first target as the implicit
+ target.
+ [a45b980a01ef]
+
+ * plugins/sudoers/env.c:
+ Do not rely on env.env_len when unsetting a variable, just use the
+ NULL terminator.
+ [ca6eb239c829]
+
+ * plugins/sudoers/env.c:
+ In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
+ [7046ba7caa4e]
+
+2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/vasgroups.c:
+ Use warningx() instead of log_error() since the latter is not
+ available to visudo or testsudoers. This does mean that they don't
+ end up in syslog.
+ [152b7c50f426]
+
+ * plugins/sudoers/sudoers.c:
+ Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
+ closed the sudoers sources. From Quest sudo.
+ [c1cd573bab94]
+
+ * plugins/sudoers/pwutil.c:
+ Ignore case when matching user/group names in the cache. From Quest
+ sudo.
+ [2aa4ecc7d7f5]
+
+2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, src/selinux.c:
+ Add check for setkeycreatecon() when --with-selinux is specified.
+ [affae247b4e0]
+
+ * configure, configure.in:
+ Error out if libaudit.h is missing or ununable when --with-linux-
+ audit was specified
+ [d82e743fac04]
+
+ * doc/HISTORY, doc/history.pod:
+ Add =head3 entries, mostly for the html version
+ [ee93112d0308]
+
+2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/HISTORY, doc/history.pod:
+ Mention when LDAP was incorporate.
+ [2923dc17f79c]
+
+2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
+ not covered by _ALL_SOURCE.
+ [c92fd69809d0]
+
+2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Add a cast to quiet a compiler warning.
+ [a200e07ee1bc]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Quiet a compiler warning.
+ [c9acfc927cea]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
+ Call set_fqdn() after sudoers has parsed instead of inline as a
+ callback.
+ [5f4e5d075f2d]
+
+ * WHATSNEW, plugins/sudoers/sudoers.c:
+ Do not call set_fqdn() until sudoers parses (where is gets run as a
+ callback).
+ [09040fca6d40]
+
+ * WHATSNEW:
+ mention the change in tty ticket behavior when there is no tty
+ [575a1fd98f05]
+
+ * plugins/sudoers/check.c:
+ Do not update tty ticket if there is no tty.
+ [63f9c33ce6a7]
+
+ * doc/LICENSE, doc/license.pod:
+ Update copyright year
+ [0722ab5d404b]
+
+ * doc/Makefile.in:
+ Do not rely on BSD make's $>
+ [936a86398bd9]
+
+ * configure, configure.in:
+ Set timedir to /var/db/sudo for darwin to match Apple sudo's
+ location
+ [d5b9b03096f1]
+
+2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.h:
+ Add stub declarations for struct stat and struct timeval
+ [f6d90551a4fd]
+
+ * MANIFEST:
+ Remove compat/sigaction.c
+ [d0ed6d9a770e]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
+ Check for zlib.h in addition to libz.
+ [6e191b4a6065]
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
+ src/sudo_exec.h:
+ Move functions and symbols shared between exec.c and exec_pty.c into
+ sudo_exec.h.
+ [14ae63403544]
+
+ * doc/Makefile.in:
+ Comment out rules to build .man.in and .cat files unless --with-
+ devel
+ [3cf7e5606a85]
+
+ * doc/Makefile.in:
+ Comment out rules to build .man.in and .cat files unless --with-
+ devel
+ [d30495b0e29e]
+
+ * src/parse_args.c:
+ Quote any non-alphanumeric characters other than '_' or '-' when
+ passing a command to be run via the shell for the -s and -i options.
+ [d633f74fe2d9]
+
+ * doc/Makefile.in:
+ Add back .man suffix
+ [6e63b60a2739]
+
+ * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
+ src/selinux.c:
+ Add Linux audit support.
+ [5a2f445e0bd4]
+
+2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Remove an XXX
+ [a170cbe651d1]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
+ plugins/sudoers/sudoreplay.c:
+ Add -f (filter) option to sudoreplay to allow certain streams to be
+ replayed and others ignored.
+ [62e51b432ea1]
+
+ * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
+ src/tgetpass.c:
+ Fix -A flag when askpass is specified in sudo.conf or if sudo
+ doesn't need to read a password.
+ [2e401e4a00e3]
+
+ * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
+ Clean up some XXXs
+ [689f0b002d3d]
+
+ * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add support for multiple sudoers_base entries in ldap.conf. From
+ Joachim Henke
+ [e3e4a3c2bd5b]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
+ src/exec_pty.c:
+ remove setsid check, we require a POSIX system
+ [cc73cb9e22c0]
+
+ * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
+ src/sudo.c, src/tgetpass.c:
+ Check for dup2() failure.
+ [5d46d66794f5]
+
+ * config.h.in, configure, configure.in:
+ Remove dup2() check, it is not optional.
+ [5f1d56de4384]
+
+2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ sync with sudo 1.7.3
+ [88e5c0bd6d59]
+
+ * INSTALL:
+ SunOS does not ship with an ANSI compiler
+ [f13c85c67069]
+
+ * INSTALL:
+ Update OS specific notes. Delete some really ancient ones and move
+ older ones to the end of the list.
+ [59ce592c4c52]
+
+ * README:
+ Sudo can be downloaded from the web site too Mention "OS dependent
+ notes" section in INSTALL
+ [191871538984]
+
+ * src/exec_pty.c, src/selinux.c:
+ Call selinux_restore_tty() as part of cleanup() so it gets called
+ from error()/errorx()
+ [bb017da6b6da]
+
+ * MANIFEST, doc/PORTING:
+ Remove obsolete porting guide
+ [321e35591344]
+
+ * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
+ Move union sudo_in_addr_un into interfaces.h
+ [b2c8b19ee094]
+
+ * doc/Makefile.in:
+ Remove useless circular dependencies
+ [5682181b59cf]
+
+ * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
+ Convert to ANSI C function declarations
+ [a4f76927d034]
+
+ * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
+ common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
+ compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
+ compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
+ compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
+ compat/strlcpy.c, compat/timespec.h, compat/utime.h,
+ compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
+ include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
+ include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
+ plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/match.c,
+ plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
+ plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
+ src/conversation.c, src/error.c, src/load_plugins.c,
+ src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
+ src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
+ Update copyright year
+ [26ac7991f7d8]
+
+ * doc/Makefile.in:
+ Fix commented DEVDOCS when not in devel mode.
+ [e0a97eaf3793]
+
+ * plugins/sudoers/match.c:
+ Quiet a compiler warning.
+ [b2a17ebd5d38]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Quiet a compiler warning.
+ [687843bc593d]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
+ Make all functions in ldap.c static
+ [b2111e89eeba]
+
+ * doc/schema.ActiveDirectory:
+ Updates from Alain Roy to provide better examples for importing the
+ schema and to fix problems caused by Windows validating attributes
+ which have not yet been added before committing the changes.
+ [69f4c5ccaf89]
+
+2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
+ doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
+ doc/visudo.cat, doc/visudo.man.in:
+ Leave rules to build .man.in and .cat files uncommented but only
+ make them part of the "all" rule in devel mode. Generate .cat files
+ directly from .man.in instead of .man using default values in
+ configure.in
+ [c3054a44f6a5]
+
+ * configure, configure.in:
+ Bump sudo version to 1.8.0b1
+ [8f79c85135e1]
+
+ * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
+ Print configure args with verbose version information.
+ [1ce690660ed2]
+
+ * TODO, plugins/sudoers/visudo.c:
+ Remove tfd from struct sudoersfile; it is not used. Add prev pointer
+ to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
+ Use tq_append to append sudoers entries to the tail queue.
+ [1743f9a286e4]
+
+2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Describe tty timestamp improvements
+ [e214e863a313]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ A comment character may not be part of a command line argument
+ unless it is quoted with a backslash. Fixes parsing of:
+ testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
+ [ea2e990f85ed]
+
+ * doc/sudoers.pod:
+ Make this read a little bit better when passwd_timeout is 0.
+ [39d362757f31]
+
+ * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
+ Attempt to handle a default password prompt timeout of zero more
+ gracefully.
+ [ea47d43acf5b]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Do not override value of keepopen global, instead restore it to the
+ value we pushed onto the stack when popping.
+ [fe282e5a3402]
+
+ * plugins/sudoers/Makefile.in:
+ Add dependency for utility programs on libreplace and libcommon
+ [2339aba64928]
+
+ * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
+ plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
+ src/exec.c, src/exec_pty.c, src/tgetpass.c:
+ Remove sigaction emulation Use SA_INTERRUPT in sa_flags
+ [7dd61f1bd8d2]
+
+ * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
+ We don't use getgrouplist() at the moment so there's no need to
+ provide a compat version.
+ [1597536fbada]
+
+ * TODO:
+ sync with reality
+ [9e1a874e7885]
+
+ * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
+ src/conversation.c, src/sudo.h, src/tgetpass.c:
+ Fix visiblepw sudoers option; the plugin API portion still needs
+ documenting
+ [60b6933ef5e0]
+
+ * src/sudo.c:
+ Print sudo version as well.
+ [987ed459b459]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Use sudo_printf for I/O log version Clarify policy plugin version
+ string
+ [5a58b7e8c80b]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
+ Silence some compiler warnings
+ [afb1eba90915]
+
+ * src/load_plugins.c, src/tgetpass.c:
+ Store askpass path in a global instead of uses setenv() which many
+ systems lack.
+ [b440bcc0e660]
+
+2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/check.c, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
+ src/tgetpass.c:
+ Move askpass path specification from sudoers to sudo.conf.
+ [5507ab867c26]
+
+ * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
+ Use a flag bit in struct command_details for selinux instead of a
+ separate field.
+ [c59ca4acded9]
+
+ * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
+ Implement background mode. If I/O logging we use pipes instead of a
+ pty.
+ [c07a4b356cbd]
+
+ * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
+ src/exec.c, src/exec_pty.c, src/tgetpass.c:
+ Move compat definition of NSIG to compat.h
+ [ab0385467f25]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Mention plugins in the sudo manual and add some missing path
+ substitution in the sudo_plugin manual.
+ [570f831f47a3]
+
+ * src/Makefile.in:
+ Set _PATH_SUDO_CONF based on $(sysconfdir)
+ [fde51869cf07]
+
+ * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
+ src/exec.c, src/exec_pty.c, src/ttysize.c:
+ Require POSIX termios to build sudo
+ [9ec6b41f3f95]
+
+ * src/tgetpass.c:
+ Ignore SIGPIPE for "sudo -S"
+ [7ad27fde0c06]
+
+ * src/tgetpass.c:
+ Fix uninitialized variable in TGP_ECHO case and print a newline if
+ the user interrupted password input.
+ [ce19204d8dd4]
+
+ * src/tgetpass.c:
+ Make TGP_ECHO override TGP_MASK and don't try to restore the
+ terminal if we didn't modify it.
+ [a7e11abfe7e4]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
+ src/conversation.c, src/sudo.h, src/tgetpass.c:
+ Add SUDO_CONV_PROMPT_MASK define which corresponds to the
+ "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
+ set.
+ [e0550590cabe]
+
+ * src/exec_pty.c:
+ Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
+ [762448182fe3]
+
+2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
+ Add selinux_enabled flag into struct command_details and set it in
+ command_info_to_details(). Return an error from selinux_setup()
+ instead of exiting. Call selinux_setup() from exec_setup().
+ [011bea23a5a0]
+
+2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Remove commented out copy of old sudo_execve() function.
+ [9c5e21380472]
+
+2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Fix setting selinux type on command line.
+ [814b20a0b3be]
+
+ * plugins/sudoers/iolog.c:
+ In sudoers_io_close(), skip NULL io_fds[] elements.
+ [4011ff7d4daf]
+
+ * include/compat.h:
+ No longer need NGROUPS_MAX define
+ [cae4c49d7077]
+
+ * compat/nanosleep.c, config.h.in, configure, configure.in,
+ include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/visudo.c, src/sudo_edit.c:
+ Replace timerfoo macros with timevalfoo since the timer macros are
+ known to be busted on some systems.
+ [4f97d79f2d41]
+
+ * src/exec_pty.c:
+ Remove duplicate call to selinux_setup().
+ [82bd52764e21]
+
+ * plugins/sudoers/auth/pam.c:
+ If pam_open_session() fails, pass its status to pam_end.
+ [1d8de4cf8ff3]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ If a file in a #includedir has improper permissions or owner just
+ skip it. This prevents packages that incorrectly install a file
+ into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
+ #includedir files still result in a parse error (for now).
+ [ade99a4549a4]
+
+ * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
+ Add use_pty sudoers option to force use of a pty even when not
+ logging I/O.
+ [b280a8972a79]
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
+ Make env_init() void as it never fails.
+ [d3890e55daa7]
+
+ * plugins/sudoers/env.c:
+ No longer use _NSGetEnviron so don't need crt_externs.h
+ [9b4e0e139881]
+
+ * plugins/sudoers/env.c:
+ Remove unused VNULL define
+ [a42cacb263e3]
+
+2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Add #define for maximum session id
+ [9e18c17a28c2]
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
+ Split exec.c into exec.c and exec_pty.c
+ [d52376327332]
+
+ * MANIFEST:
+ Sync with source file moves.
+ [4a62c6c9e846]
+
+ * src/Makefile.in, src/get_pty.c, src/pty.c:
+ Rename pty.c -> get_pty.c
+ [5696a12bd29b]
+
+2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Only use I/O input log file if def_log_input is set and output file
+ if def_log_output is set.
+ [d866992f1681]
- * check.c, sudo.c, sudo.pod, sudo_usage.h.in: Allow the -k flag to
- be specified in conjunction with a command or another option that
- may require authentication.
+2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-02-23 09:18 millert
+ * compat/strsignal.c:
+ Update copyright year
+ [a96f2593fd4e]
- * configure, configure.in: Remove unneeded AC_CANONICAL_TARGET;
- from Diego E. 'Flameeyes'
+ * src/pty.c:
+ uid -> ttyuid
+ [c3454d74ebcb]
+
+ * plugins/sudoers/sudoers.c:
+ For sudoedit, make a local copy of editor string si become part of
+ argv. If no editor environment variable, split def_editor on ':'
+ since it may be a colon-delimited path.
+ [2ee298506a6e]
+
+ * src/sudo_edit.c:
+ Remove unneeded endpwent()/endgrent()
+ [623f6743d101]
-2009-02-23 09:15 millert
+ * doc/Makefile.in:
+ Use value of nroff from configure
+ [b2ce649125ab]
+
+ * src/exec.c:
+ Add missing const to I/O log action function
+ [d764a3955e04]
+
+ * plugins/sudoers/check.c:
+ Update copyright year and fix whitespace
+ [e648c35b16be]
+
+ * configure, configure.in:
+ Fix typo
+ [8e0bdfc47da4]
+
+ * plugins/sudoers/iolog.c:
+ Remove redundant tty signal blocking in log function.
+ [f17f575dabd4]
+
+2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Place static keyword where it belongs
+ [b01aec7c86b4]
+
+ * plugins/sudoers/logging.c:
+ Always use a printf format string for send_mail()
+ [13b1ada644c9]
+
+ * common/atobool.c, plugins/sudoers/ldap.c:
+ Extend atobool() so we can use it in the LDAP code.
+ [73f8e6807044]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
+ Sudo now stashes tty ctime for tty_tickets on Solaris too.
+ [e82df13ad3fd]
+
+ * plugins/sudoers/boottime.c:
+ Fix dummy version of get_boottime()
+ [01d69c06013b]
- * Makefile.in: Parallel make fix. From Diego E. 'Flameeyes'
+2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Enable tty_is_devpts() support for Solaris with the "devices"
+ filesystem.
+ [237c6b25fa84]
+
+ * src/exec.c:
+ Unbreak the non-io logging case.
+ [4822b9f709fb]
+
+ * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
+ Fix symbol name conflict with sudo_printf.
+ [0d44eab0a8f6]
+
+ * plugins/sudoers/auth/pam.c:
+ Fix OpenPAM detection for newer versions.
+ [1b2abed232d8]
+
+ * plugins/sudoers/vasgroups.c:
+ Sync with Quest sudo git repo
+ [f1d98b3cba02]
+
+ * aclocal.m4, configure, configure.in:
+ HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
+ Add missing template for ENV_DEBUG Adapted from Quest sudo
+ [695dbd7b28f4]
+
+ * README.LDAP:
+ Fix typos; from Quest Sudo
+ [4eba9da33b8e]
+
+2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Add back -I$(top_srcdir); we need it for including compat/foo.h
+ since we cannot rely on "foo.h" being found relative to the source
+ file when the cwd is different.
+ [bbf24695f325]
+
+ * src/exec.c:
+ Fix a bug where we could treat EAGAIN as a permanent error. Also set
+ cstat if perform_io() returns an error.
+ [200475c4326f]
+
+ * common/alloc.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/sudoers.c:
+ Add casts to quiet compiler warnings.
+ [85eb1c336697]
+
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Fix typo in ternary operator usage.
+ [6492ac1450e2]
+
+2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in:
+ Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
+ [92121d693b30]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
+ Update docs to match sudoers I/O logging changes
+ [18d651989e49]
+
+ * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
+ pathnames.h.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c:
+ Break sudoers transcript feature up into log_input and log_output.
+ [db3c1248d2ad]
+
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Use setprogname() as needed.
+ [6beee63a4553]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
+ Adapt sudoreplay to iolog changes.
+ [581f52c05f0f]
+
+2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Log all input and output into separate files and store a number on
+ each timing file line to indicate which file the data is in.
+ [fb460c5273dd]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Make sudoers_io functions static to iolog.c
+ [b2df3cc3eecb]
+
+2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
+ src/sudo_usage.h.in:
+ Completely remove the -L flag from the sudo front end.
+ [3d220030b720]
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix EAGAIN handling when writing to stdout.
+ [4766d77cea49]
+
+ * plugins/sudoers/sudoers.c:
+ Eliminate unused variables
+ [83bd711e79c4]
+
+ * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
+ Re-enable cleanup functions in sudoers plugin and sudo driver for
+ error()/errorx().
+ [43093f937dd8]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Use sudo_printf to display verbose version information.
+ [435cc9f8d4a2]
+
+ * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Minor Makefile cleanup: fix a typo, change the removal order in the
+ clean targets, and remove a superfluous include path for the sudoers
+ plugin.
+ [6e3b2d6b4437]
+
+ * plugins/sudoers/env.c:
+ Handle duplicate variables in the environment. For unsetenv(), keep
+ looking even after remove the first instance. For sudo_putenv(),
+ check for and remove dupes after we replace an existing value.
+ [c1bbb88d0435]
+
+2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Use explicit path to source file instead of $< for files that live
+ in devdir and top_srcdir.
+ [358ab7f6cc64]
+
+ * plugins/sudoers/Makefile.in:
+ Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
+ ending LIBSUDOERS_OBJS with a backslash
+ [481a5c96d47e]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Link libcommon before libreplace since libcommon may use functions
+ only present in libreplace.
+ [1847c496ff5b]
+
+ * common/Makefile.in:
+ Move code common to sudo and the sudoers plugin to a convenience
+ library, libcommon. Removes the need to make links in the sudoers
+ plugin dir and reduces re-compilation of duplicate object files.
+ [4c8986352937]
+
+ * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
+ common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
+ common/term.c, common/zero_bytes.c, configure, configure.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
+ src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
+ src/zero_bytes.c:
+ Move code common to sudo and the sudoers plugin to a convenience
+ library, libcommon. Removes the need to make links in the sudoers
+ plugin dir and reduces re-compilation of duplicate object files.
+ [1d1d98bd55b9]
+
+ * src/exec.c, src/sudo.c, src/sudo.h:
+ Rename script_execve to sudo_execve and rename script_foo in exec.c
+ [a35ec80de96a]
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
+ rename script.c exec.c and fix up the MANIFEST file
+ [36bc3bff9578]
+
+ * src/script.c, src/sudo.c, src/sudo.h:
+ Rename script_setup() to pty_setup() and call from script_execve()
+ directly.
+ [899b0fb2a14d]
+
+ * configure, configure.in:
+ bump version to 1.8.0a2
+ [0b1c1ca9d4e5]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document init_session
+ [b5324785a406]
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h:
+ Clean up the sudoers auth API a bit and update the docs.
+ [c40fd4cb6e68]
+
+ * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
+ Add init_session function to struct policy_plugin that gets called
+ before the uid/gid/etc changes. A struct passwd pointer is passed
+ in,which may be NULL if the user does not exist in the passwd
+ database.The sudoers module uses init_session to open the pam
+ session as needed.
+ [d71723320ee8]
+
+2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Add open/close session to sudo auth, only used by PAM. This allows
+ us to open (and close) the PAM session from sudoers.
+ [2665e2920d0d]
+
+ * plugins/sudoers/Makefile.in:
+ Add explicit rule to build getdate.o for HP-UX make.
+ [7f049e989956]
+
+ * plugins/sudoers/Makefile.in:
+ Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
+ rules as an alternate way to prevent HP-UX make (and others) from
+ trying to rebuild the parser in non-dev mode.
+ [f84badad98c5]
+
+ * plugins/sudoers/sudoers.c:
+ Re-enable PATH_MAX check for command
+ [40d8a50da136]
+
+ * Makefile.in:
+ For distclean, clean the main directory last since the subdirs need
+ to be able to run libtool to clean things.
+ [8949a9861634]
+
+ * compat/Makefile.in:
+ Fix generation of mksiglist.h
+ [b7cdc9b36650]
+
+ * src/script.c:
+ Now that we defer sending cstat until the end of script_child() we
+ cannot reuse cstat when reading command status from parent.
+ [25c882643466]
+
+2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ Use numeric registers to handle conditionals instead of trying to do
+ it all with text processing.
+ [478079c3fd4b]
+
+ * doc/sudoers.pod:
+ Document per-command SELinux settings
+ [13840d566805]
+
+ * plugins/sudoers/sudoers.c:
+ Repair "sudo -l -U username"
+ [10a0dcdf2ddf]
+
+ * plugins/sudoers/sudoers.c:
+ Set selinux role and type in command details.
+ [8ae6d35a126d]
+
+ * src/script.c, src/selinux.c, src/sudo.h:
+ Rework SELinux support.
+ [83279cc94bf2]
+
+2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c, src/selinux.c, src/sudo.h:
+ Make SELinux support compile again. Needs more work to be complete.
+ [3d3addebcf82]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
+ src/sudo.h:
+ Bring back closefrom settings.
+ [b1c6257d4bbb]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ If running a command or sudoedit in transcript mode, call
+ io_nextid() before log_allowed() so the session id is logged.
+ [c42f3ae40150]
+
+ * configure, configure.in:
+ Use mandoc(1) if nroff(1) is not present.
+ [daad4bbd04af]
+
+ * doc/Makefile.in:
+ Use the --file argument to config.status instead of setting
+ CONFIG_FILES in the environment.
+ [c89411a8bf70]
+
+ * plugins/sudoers/Makefile.in:
+ We cannot conditionally update gram.h or the dependency ordering
+ gets messed up in devel mode.
+ [c938953231d9]
+
+2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, compat/Makefile.in, configure, configure.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Substitute @SHELL@ into Makefiles
+ [36aa6a095335]
+
+ * config.sub:
+ Fix typo
+ [16d294d26b58]
+
+ * config.guess, config.sub, configure, configure.in:
+ Update to autoconf 2.65
+ [4fa6ea8caea3]
+
+ * Makefile.in:
+ Fix libtool target (space vs. tabs)
+ [755cf3892618]
+
+ * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
+ Remove use of RETSIGTYPE; all modern systems have signal handlers
+ that return void.
+ [42b4e3aee668]
+
+ * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
+ ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
+ m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Update to libtool-2.2.6b. I haven't made any local modifications
+ this time, which should be OK since we install sudo_noexec.so by
+ hand now.
+ [6f79ced593bb]
+
+ * compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Use libtool to clean objects
+ [1581057d6472]
+
+ * include/Makefile.in:
+ Install sudo_plugin.h as part of "make install" and make other
+ install targets callable from the top-level Makefile
+ [aaaeb027d774]
+
+ * configure, configure.in:
+ regen with autoupdate to eliminate AC_TRY_LINK
+ [5d5541c230f5]
+
+ * Makefile.in, compat/Makefile.in, configure, configure.in,
+ doc/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Install sudo_plugin.h as part of "make install" and make other
+ install targets callable from the top-level Makefile
+ [b258b8401b1c]
+
+ * plugins/sample/sample_plugin.c:
+ The sample plugin doesn't support being run with no args so return a
+ usage error in this case.
+ [473b3cf965be]
+
+ * plugins/sudoers/iolog.c:
+ Set close on exec flag for descriptors used for I/O logging so they
+ are not present in the command being run.
+ [2c7e8708df76]
+
+ * plugins/sudoers/tsgetgrpw.c:
+ Set close on exec flag in private versions of setpwent() and
+ setgrent().
+ [64fef78cb833]
+
+ * src/script.c:
+ Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
+ Fixes extra fds being present in the command when it is part of a
+ pipeline.
+ [060451617713]
+
+ * plugins/sudoers/sudoers.c:
+ Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
+ is used when logging). Note that user_ttypath will still be NULL if
+ there is no tty.
+ [31b69a6ecda7]
+
+ * src/script.c, src/sudo.h:
+ Cosmetic changes: add comments, remove orphaned prototype and
+ make a global static.
+ [f7851af0143e]
+
+2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Move check for maxfd == -1 to flush_output where it belongs.
+ [b826a95b4491]
+
+ * src/script.c:
+ Break out of select loop if all the fds we want to select on are -1.
+ [f5b387024238]
+
+ * src/sudo.c:
+ Avoid possible malloc(0) if plugin returns an empty groups list.
+ [9765a8fe5ce7]
+
+ * src/sudo.c:
+ Add debugging info when calling plugin close function
+ [95a273c7ff66]
+
+ * src/script.c:
+ Avoid closing stdin/stdout/stderr when we are piping output.
+ [330e76423caf]
+
+ * src/script.c:
+ When execve() of the command fails, it is possible to receive
+ SIGCHLD before we've read the error status from the pipe. Re-order
+ things such that we send the final status at the very end and prefer
+ error status over wait status.
+ [b0dcf825244f]
+
+2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Fix compilation for non PAM/BSD auth/AIX auth
+ [e382b39d2e4f]
+
+2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Additional checks to make sure we don't close /dev/tty by mistake.
+ When flushing, sleep in select as long as we have buffers that need
+ to be written out.
+ [8139cbd3dd54]
+
+ * src/script.c:
+ Now that we can use pipes for stdin/stdout/stderr there is no longer
+ a need to error out when there is no tty. We just need to make sure
+ we don't try to use the tty fd if it is -1.
+ [666621635d26]
+
+2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
+ Add argc and argv to I/O logger open function.
+ [0d7faa007d27]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
+ plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
+ src/parse_args.c, src/sudo.c, src/sudo_edit.c:
+ Remove check_sudoedit function pointer in struct sudo_policy.
+ Instead, sudo will set sudoedit=true in the settings array. The
+ plugin should check for this and modify argv_out as appropriate in
+ check_policy.
+ [c0328e3276b8]
+
+2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
+ src/sudo_edit.c:
+ If plugin sets "sudoedit=true" in the command info, enable sudoedit
+ mode even if not invoked as sudoedit. This allows a plugin to
+ enable sudoedit when the user runs an editor.
+ [96d67b99e42e]
+
+2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ gram.h must not depend on gram.y if we want to avoid unnecessary
+ rebuilding of targets dependent on gram.h when gram.y changes.
+ [9db4b767fdca]
+
+ * plugins/sample/sample_plugin.c:
+ Refactor common bits of check_policy and check_edit
+ [ac4d366a04cf]
+
+ * plugins/sample/sample_plugin.c:
+ Add sudoedit support
+ [a1a6cc4c0cef]
+
+2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Rely more on VPATH; fixes a dependency issue with the parser.
+ [45e406ebdea2]
+
+ * include/compat.h:
+ Fix typo introduced in last commit
+ [3ccb0f853d11]
+
+ * include/compat.h:
+ Emulate seteuid using setreuid() or setresuid() as needed. There are
+ still a few places that call seteuid() directly.
+ [36e8efa3a99d]
+
+ * src/parse_args.c, src/sudo_edit.c:
+ Attempt to fix building on systems that only have setuid.
+ [8e9ba4083318]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Clarify sudoedit a tad.
+ [d39dfaa14ade]
+
+2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ Fix compilation on HP-UX
+ [f6e47843d139]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document sudoedit
+ [4cbf5196d993]
+
+ * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
+ Change how we handle the sudoedit argv. We now require that there
+ be a "--" in argv to separate the editor and any command line
+ arguments from the files to be edited.
+ [20623d549a3c]
+
+ * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c:
+ Work in progress support for sudoedit. The actual interface used by
+ the plugin for sudoedit is likely to change.
+ [c31262a31997]
+
+ * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
+ Make find_path() a little more generic by not checking def_foo
+ variables inside it. Instead, pass in ignore_dot as a function
+ argument.
+ [9c23101a094d]
+
+ * plugins/sudoers/env.c:
+ Add version of getenv(3) that uses our own environ pointer.
+ [0e3783e63534]
+
+2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Avoid a potential race condition if SIGCHLD is received immediately
+ before we call select().
+ [99adc5ea7f0a]
+
+ * plugins/sudoers/sudoers.c:
+ Call env_init() before we open the sudoers sources as those may call
+ our setenv() replacement.
+ [5f82601f5ab0]
+
+ * plugins/sudoers/env.c:
+ Initialize env_len in env_init()
+ [7ae02b3029b5]
+
+2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
+ Document time stamp shortcomings under SECURITY NOTES Use "time
+ stamp" instead of timestamp.
+ [2b86120815b2]
+
+ * doc/Makefile.in:
+ Make sed substitution of mansectsu and mansectform global.
+ [94588632dba0]
+
+ * plugins/sudoers/check.c:
+ If the tty lives on a devpts filesystem, stash the ctime in the tty
+ ticket file, as it is not updated when the tty is written to. This
+ helps us determine when a tty has been reused without the user
+ authenticating again with sudo.
+ [0e62a31bceb0]
+
+ * src/tgetpass.c:
+ Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
+ is what our compat checks set.
+ [df50f0a040c9]
+
+ * configure, configure.in:
+ Add check for whether sudo need to link with -ldl to get dlopen().
+ This is a bit of a hack that will get reworked when libtool is
+ updated.
+ [63bdcf579533]
+
+ * plugins/sudoers/check.c:
+ Fix timestamp removal with -k/-K
+ [6b4639fef973]
+
+ * plugins/sudoers/Makefile.in:
+ audit.c is now private to the sudoers plugin
+ [1974f342ae0b]
+
+ * configure, configure.in:
+ Link with -lpthread on HP-UX since a plugin may be linked with
+ -lpthread and dlopen() will fail if the shared object has a
+ dependency on -lpthread but the main program is not linked with it.
+ [d42139391263]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
+ Add separate test for getresuid() since HP-UX has setresuid() but no
+ getresuid().
+ [910fe727a374]
+
+ * doc/Makefile.in:
+ Remove errant backslash
+ [dd5464257c69]
+
+ * src/script.c:
+ Fix SIGPIPE handling. Now that we use may use pipes for
+ stdin/stdout we need to pass any SIGPIPE we receive to the running
+ command.
+ [3f6b1991f4fd]
+
+ * src/script.c:
+ Also start the command in the background if stdin is not a tty.
+ [d93bc33a3740]
+
+2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
+ No need to use pseudo-cbreak mode now that we use pipes when stdout
+ is not a tty. Instead, check whether stdin is a tty and if not,
+ delay setting the tty to raw mode until the command tries to access
+ it itself (and receives SIGTTIN or SIGTTOU).
+ [e68315cf8c6b]
+
+ * src/tgetpass.c:
+ Use an array for signals received instead of a single variable so we
+ don't lose any when there are multiple different signals.
+ [2ac726dac864]
+
+ * src/tgetpass.c:
+ Do signal setup after turning off echo, not before. If we are using
+ a tty but are not the foreground pgrp this will generate SIGTTOU so
+ we want the default action to be taken (suspend process).
+ [bebb6209c795]
+
+2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Flush the iobufs on suspend or child exit using the same logic as
+ the main event loop.
+ [c627feee1035]
+
+ * src/script.c:
+ Free memory after we are done with it.
+ [8db9b611b45a]
+
+2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/HISTORY:
+ Quest now sponsors Sudo development
+ [6cc490083bc7]
+
+2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/Makefile.in:
+ Install sudo_plugin man page.
+ [c253729790b2]
+
+ * src/script.c:
+ Go back to reseting io_buffer offset and length (and now also the
+ EOF handling) in the loop we do the FD_SET, not after we drain the
+ buffer after write() since we don't know what order reads and writes
+ will occur in.
+ [5f38bfa8497f]
+
+ * MANIFEST:
+ audit files moved to sudoers plugin directory
+ [b1ead182428e]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document plugin_printf and new logging functions.
+ [fe9430b60ab5]
+
+ * src/script.c:
+ Add support for logging stdin when it is not a tty. There is still a
+ bug where "cat | sudo cat" has problems because both cat and sudo
+ are trying to read from the tty.
+ [04c9c59fcfba]
+
+ * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/sudoers.c, src/script.c:
+ Add separate I/O logging functions for tty in/out and
+ stdin/stdout/stderr. NOTE: stdin logging does not currently work and
+ is disabled for now.
+ [a36dfd4ca935]
+
+2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
+ Add pointer to a printf like function to plugin open functon. This
+ can be used instead of the conversation function to display info and
+ error messages.
+ [98734eea8ef1]
+
+ * Makefile.in:
+ Stop if make in a subdir fails
+ [228bb3ad2dbc]
+
+ * src/script.c:
+ Only set user's tty to blocking mode when doing the final flush.
+ Flush pipes as well as pty master when the process is done.
+ [20ff67218666]
+
+2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Use print_error() when displaying ldap config info in debugging
+ mode.
+ [d142e0cacb22]
+
+ * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
+ No longer need strdup() or strndup() replacements.
+ [df53697174ec]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.h:
+ Add print_error() function that uses the conversation function to
+ print a variable number of error strings and use it in log_error().
+ [b1fa2861b575]
+
+ * src/script.c, src/sudo.h, src/term.c:
+ Do not need the opost flag to term_copy() now that we use pipes for
+ stdout/stderr when they are not a tty.
+ [f42811f70a19]
+
+ * src/script.c:
+ Use pipes to the sudo process if stdout or stderr is not a tty.
+ Still needs some polishing and a decision as to whether it is
+ desirable to add additonal entry points for logging
+ stdout/stderr/stdin when they are not ttys. That would allow a
+ replay program to keep things separate and to know whether the
+ terminal needs to be in raw mode at replay time.
+ [1a945e0ab2da]
+
+2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
+ src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
+ Move audit sources into the sudoers plugin dir; the driver does not
+ use them.
+ [50ec36422cd0]
+
+ * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
+ compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
+ src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
+ src/term.c, src/ttysize.c:
+ Use angle brackets when including headers that can only be found
+ when an -I flag is specified. The files in the compat dir could get
+ away with double quotes here but I've converted all the source files
+ to use angle brackets for consistency.
+ [9e30a8fc6d4b]
+
+ * plugins/sudoers/Makefile.in:
+ Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
+ dir can be found when building outside the source tree.
+ [1150934b79dd]
+
+ * plugins/sudoers/Makefile.in:
+ Clean up links in distclean
+ [78595028be8b]
+
+ * plugins/sudoers/Makefile.in:
+ Hack around VPATH semantic differences by symlinking files we need
+ from ../../src into the current directory and build those. A better
+ fix would be to either make a .a or .la file with those files in it
+ or simply use a single, flat, Makefile instead of per-subdirs
+ Makefiles.
+ [892c332d3f05]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
+ fmt_string is used by the sudoers plugin too so do not include
+ sudo.h (which is not really needed here anyway)
+ [231c35e3941f]
+
+ * compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Fix building with non-BSD versions of make such as GNU make.
+ Requires VPATH support, which should be in any non-neolithic make.
+ [dc174f135919]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
+ src/Makefile.in:
+ Re-enable bsm audit. Currently auditing is done within the sudoers
+ plugin itself. If possible, this should really be done in the main
+ driver but we don't presently have the needed data to do that. This
+ will be re-evaluated when Linux audit support is added.
+ [1d05a3236bfe]
+
+ * compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
+ of explicit rules in the dependency.
+ [88f80efd25f0]
+
+ * plugins/sudoers/visudo.c:
+ Fix mismerge; alias_remove_recursive() now returns int
+ [6257a4849641]
+
+2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Fix a crash when checking a sudoers file that has aliases that
+ reference themselves. Based on a diff from David Wood.
+ [545d194484a7]
+
+ * src/script.c:
+ Print signal info after restoring the tty mode, not before.
+ [a68618e67435]
+
+ * src/script.c:
+ Defer call to alarm() until after we fork the child. Pass correct
+ pid to terminate_child() If the command exits due to signal, set
+ alive to false like we do when it exits normally. Add missing
+ check for errpipe[0] != -1 before using it in FD_ISSET
+ [22f0a1549391]
+
+2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/boottime.c:
+ Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
+ [0e627170c6e8]
+
+2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/Makefile.in:
+ Simplify dependencies by using .c.o and .c.lo rules.
+ [6abcaef5d1ac]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Substitute in @PROGS@ into src/Makefile to add sesh
+ [cc46d3b6208f]
+
+2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Add back calls to log_denial() if sudoers does not allow the
+ command.
+ [9783316207f0]
+
+ * plugins/sudoers/sudoers.c:
+ Pass in correct pwflag for list and validate.
+ [973dd56d4b81]
+
+ * plugins/sudoers/env.c:
+ Add missing check for NULL in validate_env_vars
+ [1d6eb6957824]
+
+ * src/Makefile.in:
+ Add sudo_noexec.la to "all" target, otherwise it only gets built at
+ install time.
+ [644a9694d2ef]
+
+ * plugins/sudoers/sudoers.c:
+ Only set sudo_user.env_vars if the env_add list is empty.
+ [fccdf6f0e0e2]
+
+ * plugins/sudoers/sudoers.c:
+ Set sudo_user.env_vars so that environment variables specified on
+ the command line get logged correctly.
+ [9b51012c491e]
+
+ * plugins/sudoers/env.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Re-enable environment files and setting environment variables on the
+ command line.
+ [5662d5645dbd]
+
+2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
+ a pointer to time_t as tv_sec in struct timeval may be long.
+ [4de0c46e788e]
+
+ * plugins/sudoers/check.c:
+ Don't stash ctime in on-disk tty ticket info for now; on many
+ (most?) systems the ctime is updated when the tty is written to.
+ Once I have a better idea of what systems do not update ctime on
+ ttys (and have a way to test for this) the ctime stash will be
+ conditionally re-enabled.
+ [a90eeec0f648]
+
+2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, Makefile.in:
+ Add back "dist" target, this time using a MANIFEST file
+ [29277c05499f]
+
+ * Makefile.in:
+ Remove Makefile in distclean target
+ [83d695f4f450]
+
+ * Makefile.in, src/Makefile.in:
+ Update clean and cleandir targets
+ [ad7b2afeb9c1]
+
+ * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
+ src/sudo.h:
+ Move fileops.c defines and prototypes to filesops.h
+ [4545e9b6892d]
+
+ * plugins/sudoers/check.c:
+ Lock the tty timestamp when writing. We shouldn't have to lock when
+ reading since the file is updated via a single write system call.
+ [0c7276f02696]
+
+2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/alias.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
+ Convert to ANSI C function declarations
+ [9c45def57cf7]
+
+ * plugins/sudoers/sudoers.h:
+ Remove extraneous bits and classify by source file.
+ [e8ea9f109ebb]
+
+ * include/compat.h:
+ Add timercmp macro for systems without it
+ [d3bf87b1d08e]
+
+ * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/sudoers.h:
+ get_boottime() now fills in a timeval struct
+ [3573c3f44e11]
+
+ * plugins/sudoers/check.c:
+ Store info from stat(2)ing the tty in the tty ticket when tty
+ tickets are in use. On most systems, this closes the loophole
+ whereby a user can log out of a tty, log back in and still have the
+ timestamp be valid.
+ [53380f9f5242]
+
+ * config.h.in, configure.in:
+ Add timespec2timeval and use it when getting ctime/mtime
+ [4cb7f7caec2c]
+
+2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c:
+ Convert perm setting to push/pop model; still needs some work Use
+ the stashed runas groups instead of using getgrouplist() Reset perms
+ to the initial value on error
+ [09c072ebde8b]
+
+ * config.h.in, configure.in:
+ fix ctim_get and mtim_get macros
+ [58773dc1e360]
+
+ * config.h.in, configure, configure.in, include/compat.h,
+ plugins/sudoers/check.c, plugins/sudoers/gettime.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
+ Use timeval directly instead of converting to timespec when dealing
+ with file times and time of day.
+ [a0ce1ae00a67]
+
+ * plugins/sudoers/Makefile.in:
+ Don't like sudoreplay with libsudoers.la due to a yacc symbol
+ conflict.
+ [f1a59cc63a15]
+
+2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Darwin >= 9.x has real setreuid(2)
+ [7ec942a64275]
+
+2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
+ Ansify env.c
+ [f58551bad10a]
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Remove remaining references to the environ pointer.
+ [96faa530816a]
+
+2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, plugins/sudoers/env.c:
+ Don't change the environ directly in the sudoers plugin
+ [6db48ed3f7e0]
+
+2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Fix typo
+ [4aa452b07f8f]
+
+ * plugins/sudoers/alias.c:
+ Fix use after free in error message when a duplicate alias exists.
+ [ce1d2812ee34]
+
+2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ src/parse_args.c:
+ Add a "noninteractive" boolean to the settings passed in to the
+ plugin's open function that is set when the user specifies the -n
+ flag.
+ [68f8d9d6d4d0]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/env.c:
+ Add workaround for the lack of the environ pointer on Mac OS X in
+ dlopen()ed modules. Use of environ in the sudoers plugin should
+ ultimately be removed but this will do for the moment.
+ [80c61647434f]
+
+ * plugins/sudoers/visudo.c:
+ Set errorfile to the sudoers path if we set parse_error manually.
+ This prevents a NULL dereference in printf() when checking a sudoers
+ file in strict mode when alias errors are present.
+ [45e249ca99f7]
+
+ * plugins/sudoers/sudoers.c:
+ Main sudo no longer print "unable to execute" on exec failure so do
+ it here.
+ [50aaf62b43b5]
+
+2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Use a pipe to pass back errno to the parent if execve() fails. If we
+ get an error in script_child(), kill the command and exit.
+ [dc3bf870f91b]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ src/parse_args.c, src/sudo.c:
+ Handle plugin's open function returning -2 (usage error).
+ [aadf900c1de8]
+
+ * src/script.c:
+ If execve() fails, leave it to the plugin to print an error string.
+ [e25748f2d5b9]
+
+ * src/script.c:
+ If execve fails in logging mode, pass the errno directly to the
+ grandparent on the backchannel and exit. The immediate parent will
+ get SIGCHLD and try to report that status but its parent will no
+ longer be listening. It would probably be cleaner to pass this over
+ a pipe in script_child().
+ [cb122acc81a8]
+
+ * plugins/sudoers/sudoers.c:
+ Don't override rval with results of check_user() unless it failed.
+ [46fb7e87ac7d]
+
+2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Fix typo
+ [ccd0b693f3da]
-2009-02-21 17:03 millert
+ * src/parse_args.c:
+ NULL-terminate env_add
+ [2c534368a0c3]
- * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
- Implement umask_override
+2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-02-21 16:51 millert
+ * src/sudo.c:
+ Call the I/O log open function before the I/O version function.
+ [e88bf898990b]
+
+ * plugins/sudoers/iolog.c:
+ Remove io_conv and just use sudo_conv
+ [a280052468eb]
+
+ * plugins/sudoers/set_perms.c:
+ Fix set/restore perms for systems w/o setresuid
+ [4160517f6666]
- * toke.c: regen
+2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/logging.c,
+ plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Primitive set/restore permissions. Will be replaced by a push/pop
+ model.
+ [aae102290866]
+
+ * src/script.c:
+ Only need to take action on SIGCHLD in parent if no I/O logger. If
+ there is an I/O logger we will receive ECONNRESET or EPIPE when we
+ try to read from the socketpair.
+ [e1e4560401f6]
+
+2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.pod, plugins/sudoers/find_path.c:
+ Merge fb4d571495fa from the 1.7 branch to trunk.
+ [c8fb424ad4d2]
-2009-02-21 16:49 millert
+2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Don't set SA_RESTART when registering SIGALRM handler. Do set
+ SA_RESTART when registering SIGWINCH handler.
+ [173472b76525]
+
+ * doc/Makefile.in:
+ Add dev targets for *.man.in and *.cat that don't specfify the
+ $(srcdir) prefix.
+ [b62f425da2e4]
+
+ * src/script.c:
+ If log_input or log_output returns false, terminate the command.
+ [074f4c0c34a0]
+
+ * src/script.c:
+ Better signal handling. Instead of using a single variable to store
+ the received signal, use an array so we can't lose a signal when
+ multiple are sent. Fix process termination by SIGALRM in non-I/O
+ logger mode. Fix relaying terminal signals to the child in non-I/O
+ logger mode.
+ [7a4723aca99d]
- * sudoers.pod, toke.l, visudo.c: Implement %h escape in sudoers
- include filenames.
+ * src/script.c:
+ Fix a race between when we get the child pid in the parent and when
+ the child process exits. The problem exhibited as a hang after a
+ short-lived process, e.g. "sudo id" when no IO logger was enabled.
+ [80bcc0aca70b]
+
+2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-02-21 08:43 millert
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Add a note about the security implications of the fast_glob option.
+ [c37a92ab7c93]
- * audit.c: Need to include compat.h
+2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-02-21 08:37 millert
+ * config.h.in, configure, configure.in:
+ Fix up some AC_DEFINE descriptions and regen config.h.in
+ [f4655adc0db3]
- * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h,
- sudo.c: Make audit_success and audit_failure generic functions in
- preparation for integrating linux audit support.
+2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ No longer check for strdup or strndup for LIBOBJ replacement.
+ [fdc764ee8109]
-2009-02-21 08:06 millert
+ * src/script.c:
+ Avoid installing signal handlers that are io-logger specific. Fixes
+ job control when no io logger is enabled.
+ [0853dd0906d4]
- * term.c: remove duplicate include
+ * doc/Makefile.in:
+ Only regen man pages from pod when configured with --with-devel
+ [ab1995f8103d]
+
+2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-02-20 16:13 millert
+ * Makefile, Makefile.in, configure, configure.in:
+ Top-level Makefile.in. Nothing is currently substituted but this is
+ needed for separate build dirs.
+ [e80873cbd201]
- * bsm_audit.c: Add missing include
+ * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Fix out-of-tree builds
+ [59a35bef07b8]
-2009-02-20 15:55 millert
+ * Merge
+ [386b848047e9]
- * sudo.c: May need to update the runas user after parsing
- command-based defaults.
+ * doc/Makefile.in:
+ We always install sudoreplay in 1.8
+ [ce52ba6617c9]
-2009-02-18 10:53 millert
+2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * glob.c: Add missing pair of braces introduced with character
- class support.
+ * compat/siglist.in:
+ SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
+ [6d69e1b05faf]
+
+2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ No need to provide strdup() or strndup(), sudo uses estrdup() and
+ estrndup()
+ [57ec23b72958]
-2009-02-15 15:53 millert
+2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
- Rename pwstars to pwfeedback
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Free str after using it in the version method. Use sudo_conv, not
+ io_conv since we don't have the IO conversation function pointer in
+ the I/O version method anymore now that io_open is delayed.
+ [f2ed132adeb0]
-2009-02-10 20:25 millert
+2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * bsm_audit.c, bsm_audit.h: Add const to make MacOS happy.
+ * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
+ compat/siglist.in:
+ Add license to mksiglist.c and note that the bits from pdksh are
+ public domain
+ [d8121a2467e8]
-2009-02-10 20:18 millert
+ * compat/Makefile.in:
+ Fix LIBOBJDIR vs. srcdir wrt the siglist bits
+ [164160148421]
- * Makefile.in, bsm_audit.c, bsm_audit.h, configure, configure.in,
- sudo.c, auth/sudo_auth.c: Add bsm audit support from Christian
- S.J. Peron
+ * plugins/sudoers/Makefile.in:
+ Add sudoreplay testsudoers and visudo to clean target
+ [138a17e51c0c]
-2009-02-10 19:58 millert
+ * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
+ compat/siglist.in, compat/strsignal.c, configure, configure.in,
+ include/missing.h, src/script.c:
+ Create our own sys_siglist for systems without it for use by
+ strsignal()
+ [2e5da011ebc3]
- * term.c: This is new code, no DARPA notice.
+ * compat/Makefile.in:
+ Remove duplicate $(LIBOBJDIR)
+ [adf9abc9432f]
-2009-02-10 14:04 millert
+2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: Rename
- simple_glob -> fast_glob
+ * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
+ Main sudo should not block signals; the plugin should do this in
+ check_policy.
+ [3f3736a7c5ed]
-2009-02-10 09:39 millert
+2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: g/c unused var
+ * src/script.c:
+ Fix a sizeof(ptr) vs. sizeof(*ptr)
+ [aa1bcf5afcce]
-2009-02-10 08:09 millert
+ * src/script.c:
+ Unlike most operating systems, HP-UX select() is not interrupted by
+ SIGCHLD when the signal is registered with SA_RESTART. If we clear
+ SA_RESTART when calling sigaction() for SIGCHLD we get the expected
+ behavior and the code in the select() loops already handles EINTR
+ correctly.
+ [9eba0115e35a]
- * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: Add
- simple_glob option to use fnmatch() instead of glob(). This is
- useful when you need to specify patterns that reference network
- file systems.
+ * compat/getprogname.c:
+ progname should be const
+ [130228f062b7]
+
+ * plugins/sudoers/Makefile.in:
+ Move --tag=disable-static to when we link sudoers.la, not when we
+ install.
+ [ceb5e6c3b78b]
-2009-02-10 07:58 millert
+ * src/load_plugins.c:
+ Load the sudoers I/O plugin by default too now that it is hooked up.
+ [ea38befd0742]
+
+2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/pty.c:
+ It looks like AIX doesn't need to push STREAMS modules for ptys.
+ [22da618ba0a1]
+
+2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/parse_args.c, src/sudo.c:
+ Delay calling the I/O plugin open function until the policy plugin
+ returns success.
+ [f3297c325b48]
+
+2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add back io logging (transcript) support. Currently, the open
+ function runs too early and it is not possible to use the io module
+ independently of the policy module.
+ [9bd932f66226]
+
+ * plugins/sudoers/set_perms.c:
+ Comment out dead code; will be removed when set_perms is rewritten.
+ [af7a995284f8]
+
+2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Fix off by one error when allocating user_groups.
+ [6281fcf9c3bb]
+
+2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, plugins/sudoers/Makefile.in:
+ Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
+ [fbce3e9eda3a]
+
+ * plugins/sudoers/sudoers.c:
+ Fix typo in preserve groups case
+ [1fd72024fb5a]
+
+ * plugins/sudoers/sudoers.c:
+ In command_info it is "runas_groups" not "groups".
+ [5c64dce4f285]
+
+ * src/sudo.c:
+ Fix iteration over runas_groups list.
+ [b3c45a0cd643]
+
+ * configure, configure.in, plugins/sudoers/env.c,
+ plugins/sudoers/match.c, src/script.c:
+ Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
+ [a8108a0776c2]
+
+ * compat/getgrouplist.c:
+ getgrouplist(3) for those without it
+ [4ab4d21e3b16]
+
+ * plugins/sudoers/sudoers.c:
+ Set preserve_groups or groups list in command_info
+ [1266119ad654]
+
+ * src/sudo.c:
+ Fix setting of groups list
+ [e75315e40bd4]
+
+ * config.h.in, configure, configure.in, include/compat.h,
+ include/missing.h:
+ Add checks for getgrset and getgrouplist and use replacement
+ getgrouplist if the system doesn't support it.
+ [a62b8ba50863]
+
+ * src/parse_args.c:
+ Pass in preserve_groups when the -P flag is specified as per the
+ design
+ [7420c5d15474]
+
+ * plugins/sudoers/sudoers.c:
+ Check preserve_groups and ignore_ticket args with atobool instead of
+ assuming they are true if present.
+ [71c905702697]
+
+2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
+ plugins/sudoers/plugin_error.c:
+ Rename plugin-specific error.c to plugin_error.c Wire up visudo,
+ sudoreplay and testsudoers in the build
+ [9d581d5fa4d4]
+
+ * src/Makefile.in, src/term.c:
+ term.c does not needto include sudo.h
+ [f6683cdcd2dd]
+
+ * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.pod:
+ Document the -2 return in the check_policy section too
+ [e9cb4c34bbcf]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ src/parse_args.c, src/sudo.c, src/sudo.h:
+ Fix the -s and -i flags and add support for the "implied_shell"
+ option. If the user does not specify a command, sudo will now pass
+ in the path to the user's shell and set impied_shell=true. The
+ plugin can them either check the command normally or return -2 to
+ cause sudo to print a usage message and exit.
+ [bf889c38f229]
+
+2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, src/load_plugins.c:
+ Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
+ Darwin where libraries end in .dylib but modules end in .so
+ [2c56aaa38e21]
+
+ * plugins/sudoers/parse.c:
+ Better prefix determination now that we can't rely on len==0 to tell
+ the beginning on an entry.
+ [622bf18179e9]
+
+ * plugins/sudoers/ldap.c:
+ display_bound_defaults() stub should return 0, not 1 since it is a
+ count, not a boolean.
+ [0327a6c3d55d]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document progname in settings
+ [42031d56a2e3]
+
+ * compat/getprogname.c, include/compat.h,
+ plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
+ src/parse_args.c, src/sudo.c:
+ Rewrite compat/getprogname.c and add setprogname(). The progname is
+ now passed to the plugin via the settings array.
+ [25d8663e6006]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in:
+ Fix --with-ldap
+ [b64b633f426d]
+
+ * plugins/sudoers/sudo_nss.c:
+ Add missing whitespace for Runas and Command-specific defaults
+ [65f4ddf5545e]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sudo_nss.c:
+ Use embedded newlines in lbuf instead of multiple calls to
+ lbuf_print.
+ [eed3af9cc3e1]
+
+ * src/lbuf.c:
+ Add support for embedded newlines.
+ [e11f79b18deb]
+
+2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/getprogname.c:
+ If system doesn't support getprogname or __programe and we are
+ building a shared object don't bother with Argc/Argv, just return
+ "sudo"
+ [aebde9062be7]
+
+ * config.h.in, configure, configure.in, src/load_plugins.c:
+ Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
+ appears to always install a shared object with the .so suffix.
+ [f9bbd0c0e9d3]
+
+ * compat/Makefile.in, configure, configure.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Play more nicely with libtool and let it build libreplace (was
+ libmissing) for us.
+ [a4c6ebb2495c]
+
+ * include/missing.h:
+ Include stdarg.h for va_list rather than requiring all consumers of
+ missing.h to include stdarg.h themselves.
+ [37382df948de]
+
+ * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
+ src/parse_args.c:
+ Pass in output function to lbuf_init() instead of writing to stdout.
+ A side effect is that the usage info can now go to stderr as it
+ should.
+ [6d261261a072]
+
+2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/lbuf.h, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
+ src/parse_args.c, src/sudo.c:
+ Use number of tty columns that is passed in user_info instead of
+ getting it directly in the lbuf code.
+ [8a16635c2638]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/env.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/match.c,
+ plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/visudo.c:
+ Kill __P in sudoers
+ [63601e6cb171]
+
+ * config.h.in, configure, configure.in, src/load_plugins.c:
+ Set the sudoers plugin name in configure so we get the extension
+ right.
+ [edad89924cd1]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document lines/cols in user_info
+ [a808872394f3]
+
+ * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
+ Add tty size to user info
+ [23f3d27e77a7]
+
+ * src/script.c:
+ Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
+ [a2208dd09051]
+
+2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
+ out if we fail to lookup the user's name that is passed in
+ [e4e3728ed482]
+
+ * plugins/sudoers/error.c:
+ Pass the error value back via siglongjmp.
+ [667b8ad575ce]
+
+ * plugins/sudoers/check.c:
+ Use conversation function for lecture.
+ [1ab4719f509b]
+
+ * plugins/sudoers/check.c:
+ Don't update ticket file if verify_user returns FALSE.
+ [2bbc46a39a2b]
+
+2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Wire up invalidate and validate methods for sudoers
+ [c0630c7bca47]
+
+ * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add support for -k flag with a command.
+ [edad239b098b]
+
+ * src/parse_args.c:
+ Allow -k to be specified with a command.
+ [43a45add9974]
+
+ * plugins/sudoers/sudoers.c:
+ Wire up policy_list
+ [27cc35699eca]
+
+ * plugins/sudoers/error.c:
+ Add newline at the end of message and space after the colon in
+ warning message
+ [5a591aa8e744]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Add missing newline after pass password warning
+ [337dba3870a7]
+
+ * plugins/sudoers/sudoers.c:
+ Set user_groups and user_ngroups based on user_info
+ [61bee85128c8]
+
+ * plugins/sudoers/error.c:
+ Make this compile
+ [7041c441e1c8]
+
+ * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
+ Make _warning in error.c use the conversation function and remove
+ commented out warning/warningx in sudoers.c.
+ [7c9b09024b63]
+
+ * plugins/sudoers/logging.c:
+ Use siglongjmp() in log_error for fatal errors
+ [b50e26f1c73f]
+
+ * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
+ Quiet a libtool warning
+ [b2331fb006bc]
+
+ * Makefile:
+ Build sudoers plugin
+ [5cdf06e66978]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Use warningx in yyerror() so the conversation function gets used
+ when built as part of sudoers.
+ [85f964215eef]
+
+2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Rename sudo_conv to conversation to avoid a namespace conflict.
+ [1ad359d36be9]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/env.c, plugins/sudoers/error.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
+ plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
+ Initial bits of sudoers plugin; still needs work.
+ [af2a2c59a952]
+
+ * config.h.in:
+ Add HAVE_STRDUP and HAVE_STRNDUP
+ [50a3c0dd510f]
+
+ * compat/Makefile.in, configure, configure.in:
+ Build libmissing in two flavors (one PIC one non-PIC) and link with
+ the appropriate one.
+ [b62f411a4c18]
+
+ * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
+ compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
+ Build libmissing in two flavors (one PIC one non-PIC) and link with
+ the appropriate one.
+ [e1e04972b5fe]
+
+2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Add strdup and strndup and fix strsignal
+ [c159babe2896]
+
+2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/strdup.c, compat/strndup.c, configure, configure.in,
+ plugins/sample/Makefile.in, src/Makefile.in:
+ Add strdup and strndup to compat
+ [25c9fd399a4d]
+
+ * plugins/sample/sample_plugin.c:
+ Need to include compat.h before missing.h
+ [c94f7aad380f]
+
+ * compat/strsignal.c:
+ Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
+ it doesn't exist configure will set it to 0.
+ [384580566389]
+
+ * compat/glob.c:
+ Fix botched ANSI C coversion of globexp2()
+ [4a344b8cbe49]
+
+ * configure, configure.in:
+ Remove redundant getgroups check
+ [0b16ec210c81]
+
+ * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
+ Require either termios or termio, no more sgtty.
+ [9b2fa2f17a1c]
+
+ * compat/strsignal.c, config.h.in, configure, configure.in:
+ Change the sys_siglist check to use AC_CHECK_DECLS and also check
+ for _sys_siglist and__sys_siglist
+ [2e078fed2408]
+
+2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, src/Makefile.in:
+ Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
+ use SUDO_OBJS for the main driver as part of OBJS.
+ [9ae4a80a5ade]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Mention in the conversation function section that a newline is not
+ implicit.
+ [04a233b6c491]
+
+ * include/compat.h:
+ Add definition of WCOREDUMP for systems without it. This is known
+ to work on AIX and SunOS 4, but may be incorrect on other systems
+ that lack WCOREDUMP.
+ [c85b3ce6b77d]
+
+2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample/sample_plugin.c, src/conversation.c:
+ conversation function no longer puts a newline at the end of info or
+ error messages.
+ [c534cae1ac4a]
+
+2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Use parent process group id instead of parent process id when
+ checking foreground status and suspending parent. Fixes an issue
+ when running commands under /usr/bin/time and others.
+ [564f528c3bb7]
+
+2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4:
+ transcript option is now --with not --enable
+ [0646fac4cf93]
+
+ * plugins/sample/sample_plugin.c:
+ Add support to -u and -g flags Check fmt_string retval Add timeout
+ for debugging purposes
+ [cfefa4fa60b5]
- * tgetpass.c: add term_* proto
+ * src/script.c, src/sudo.c:
+ Wire up SIGALRM handler Set close on exec flag for child side of the
+ socketpair Fix signal handling when not doing I/O logging
+ [379581ec7272]
-2009-02-10 07:51 millert
+ * src/sudo.c:
+ g/c unused SIGCHLD handler
+ [0afa03912dce]
- * sudoers.pod: mention glob()
+ * src/fmt_string.c, src/parse_args.c, src/sudo.c:
+ Don't use emalloc() in fmt_string(); we want to be able to use it
+ from a plugin.
+ [ade64d368147]
-2009-02-09 07:59 millert
+ * include/list.h:
+ tq_remove not list_remove
+ [0e0e1fd5c31c]
- * tgetpass.c: Delete any pwstars we wrote after the user hits
- return. That way there is no record on screen as to the user's
- password length.
+ * configure, configure.in:
+ AUTH_OBJS should contain .lo files not .o files.
+ [c64c82c9d5a2]
+
+2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/parse_args.c:
+ Simplify conversion of command line args to name=value pairs.
+ [75ab127c6a94]
+
+ * plugins/sample/sample_plugin.c:
+ Handle NULL reply from conversation function
+ [6ce09b6cb204]
+
+ * compat/getline.c:
+ Don't depend on emalloc/erealloc
+ [73df09e2109f]
+
+ * plugins/sample/Makefile.in:
+ Use $(OBJS) instead of sample_plugin.lo
+ [2d995db9aa99]
+
+ * plugins/sample/sample_plugin.c:
+ runas_user is in settings not user_info
+ [7ee12068bc57]
+
+ * src/parse_args.c:
+ Fix a mismatch between sudo_settings and settings_pairs that causes
+ some settings to get the wrong values.
+ [b1bc6d81a65f]
+
+2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
+ src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
+ src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
+ Convert to ANSI C
+ [d03b6e4a3b75]
+
+ * src/load_plugins.c:
+ Fix strlcpy() return value check.
+ [7cd66999a374]
+
+ * INSTALL, configure, configure.in:
+ No longer need to substitute in script.o and pty.o; I/O logging
+ support is always built.
+ [45250024c5dc]
+
+2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Add fallback to /bin/sh when execve() fails with ENOEXEC.
+ [7684a15a1352]
+
+ * include/alloc.h, src/alloc.c:
+ Add estrndup()
+ [47621c83bed9]
+
+2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c, src/sudo.c:
+ Refactor script_execve() a bit so that it can be used in non-script
+ mode. Needs more cleanup.
+ [f09e022d547c]
+
+ * src/sudo.c:
+ Ignore empty entries in command_info list
+ [1eea9a8de21c]
+
+ * include/list.h, src/list.c:
+ Add tq_remove
+ [40908a617cb2]
+
+ * src/conversation.c:
+ Pass timeout to tgetpass()
+ [9e66c918b771]
+
+ * Makefile:
+ Add ChangeLog target
+ [da4a39150838]
+
+ * README, WHATSNEW:
+ Bump version and update things slightly for sudo 1.8.0
+ [4b73cc45e2d4]
+
+ * configure, configure.in:
+ Sudo now requires an ANSI/ISO C compiler
+ [1e51f72e6964]
+
+ * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
+ src/sudo_noexec.c:
+ Convert to ANSI C
+ [5cbd315dbde8]
+
+ * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
+ include/list.h, include/missing.h:
+ Convert to ANSI C
+ [3f5016ff64f4]
+
+ * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
+ compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
+ compat/getprogname.c, compat/glob.c, compat/glob.h,
+ compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
+ compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
+ compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
+ compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
+ compat/utimes.c:
+ Convert to ANSI C
+ [0d635c85461c]
+
+2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c, src/tgetpass.c:
+ Make user_details extern so tgetpass can get at the uid and gid. Set
+ uid/gid to user before executing askpass program. Check environment
+ for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
+ set the askpass program itself
+ [d33606396176]
+
+ * src/sudo.c:
+ No longer need sudo_usage.h in sudo.c
+ [063e2946c382]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
+ src/sudo_usage.h.in:
+ Document -D level command line flag which maps to the debug_level
+ setting.
+ [61f1e2ab3ac1]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document debug_level in plugin doc. Still need to document the -D
+ flag in sudo itself.
+ [8c62daea3e9b]
+
+2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample/sample_plugin.c:
+ include missing,h for vasprintf
+ [92503de49b39]
+
+ * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
+ [14cfb4775238]
+
+ * plugins/sample/sample_plugin.c:
+ Need to include limits.h
+ [bda7f74343d2]
+
+ * compat/glob.c:
+ No more sudo_getpw*
+ [232e52907634]
+
+ * plugins/sample/Makefile.in, src/Makefile.in:
+ Add missing compat bits
+ [4843dd000e08]
+
+ * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
+ compat files should not include sudo.h wire up compat in sample
+ plugin
+ [a175b8185e0f]
+
+ * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
+ Fix up compat dependencies. Fix distclean target in doc/Makefile.in
+ [57e49bc20857]
+
+ * configure, configure.in:
+ Fix typo
+ [333655e3d5fe]
+
+ * plugins/sample/sample_plugin.c:
+ Log input and output to temp files for proof of concept.
+ [ae1dfc34f7d6]
+
+ * Makefile, configure, configure.in, doc/Makefile.in:
+ Add doc Makefile.in and wire it up
+ [6a310443c87d]
+
+ * src/script.c:
+ Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
+ suspending a shell with the "suspend" builtint.
+ [3d65f182819a]
+
+ * src/script.c:
+ In child, handle parent side of the pipe going away.
+ [a29c14d78cd9]
+
+ * src/script.c:
+ No longer need to check for explicit death of the child (process #2)
+ since if it dies we will get EPIPE from the socketpair. Fix a
+ sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
+ sudo_debug.
+ [24c55dd4ff60]
+
+ * src/sudo.c:
+ Make sudo_debug do a single vfprintf() which will result in a single
+ write call on most systems. Avoids problems with interleaved debug
+ printf from different processes. Also remove an extraneous error
+ case since recv() can't return a short read and add some more XXX.
+ [b37a8533ef1e]
+
+2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Fix uninitialized variable.
+ [e012a0a30890]
+
+ * src/Makefile.in:
+ Fix sudo install target
+ [1417fa4b4ab9]
+
+ * src/parse_args.c, src/sudo.c, src/sudo.h:
+ Wire up debug_level
+ [144fab289c73]
+
+ * src/Makefile.in:
+ Fix dependencies
+ [5170940af2ce]
+
+ * configure, configure.in:
+ Fix setting of plugin dir
+ [144eda170a72]
+
+ * Makefile:
+ add clean targets
+ [d53f6f6f5c3a]
+
+ * src/atobool.c:
+ Add missing source for sudo front end
+ [42487de9c489]
+
+ * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
+ Sample plugin demonstrating the sudo plugin API
+ [f1fd62d7644f]
+
+ * Makefile, configure, configure.in, install-sh, pathnames.h.in,
+ plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
+ src/fileops.c, src/fmt_string.c, src/load_plugins.c,
+ src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
+ src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
+ sudo_usage.h.in:
+ Modular sudo front-end which loads policy and I/O plugins that do
+ most the actual work. Currently relies on dynamic loading using
+ dlopen(). See doc/plugin.pod for the plugin API.
+ [924f6eb2fbba]
+
+ * doc/plugin.pod, include/sudo_plugin.h:
+ Sudo plugin API
+ [374ccbbd24ae]
+
+ * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
+ compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
+ plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/fileops.c, src/sudo_edit.c:
+ Replace emul/include.h with compat/include.h to match new source
+ tree layout.
+ [7eccd10449a1]
+
+ * src/lbuf.c:
+ Include missing.h for memrchr() proto
+ [03abd63a8a33]
+
+ * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
+ TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
+ alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
+ auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
+ auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
+ auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
+ auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
+ closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
+ compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
+ compat/getline.c, compat/getprogname.c, compat/glob.c,
+ compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
+ compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
+ compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
+ compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
+ compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
+ def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
+ doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
+ doc/license.pod, doc/sample.pam, doc/sample.sudoers,
+ doc/sample.syslog.conf, doc/schema.ActiveDirectory,
+ doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
+ doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
+ doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
+ doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
+ emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
+ error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
+ getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
+ gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
+ include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
+ include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
+ interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
+ list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
+ mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
+ nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/API,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
+ plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
+ plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
+ plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
+ plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
+ plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
+ plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
+ sample.pam, sample.sudoers, sample.syslog.conf,
+ schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
+ selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
+ src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
+ src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
+ src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
+ src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
+ strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
+ sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
+ sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
+ sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
+ sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
+ term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
+ tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
+ visudo.man.in, visudo.pod, zero_bytes.c:
+ Rework source layout in preparation for modular sudo.
+ [7fc1978c6ad5]
+
+2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Avoid a duplicate fclose() of the sudoers file.
+ [5dba851088c1]
+
+ * Fix size arg when realloc()ing include stack. From Daniel Kopecek
+ [0a2935061e33]
+
+ * Use setrlimit64(), if available, instead of setrlimit() when setting
+ AIX resource limits since rlim_t is 32bits.
+ [353db89bac61]
+
+ * Fix use after free when sending error messages. From Timo Juhani
+ Lindfors
+ [e50dbd902382]
+
+ * ChangeLog, Makefile.in:
+ Generate the ChangeLog as part of "make dist" instead of having it
+ in the repo.
+ [251b70964673]
+
+2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
+ auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
+ auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
+ closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
+ emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
+ fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
+ gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
+ isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
+ logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
+ mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
+ pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
+ sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
+ sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
+ strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
+ sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
+ sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
+ term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
+ utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
+ Remove CVS $Sudo$ tags.
+ [de683a8b31f5]
+
+2010-01-18 convert-repo <convert-repo>
+
+ * .hgtags:
+ update tags
+ [9b7aa44ae436]
+
+2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_usage.h.in:
+ make this match sudoers SYNOPSIS
+ [c74ba66944c2]
+
+ * lbuf.c, parse.c:
+ Print a newline between Runas and Command-specific defaults in sudo
+ -l.
+ [b5bdfcc9ce4b]
+
+ * term.c:
+ Use SET and CLR macros in term_raw
+ [50ca42609d6c]
+
+ * sudoreplay.c:
+ Set stdin to non-blocking mode early instead of in check_input. Use
+ term_raw instead of term_cbreak since the data we get has already
+ been expanded via OPOST.
+ [51c47e803d62]
+
+2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c, term.c:
+ Enable/disable all postprocessing instead of just nl->crnl
+ processing since things like tab expansion matter too. However, if
+ stdout is a tty leave postprocessing on in the pty since we run into
+ problems doing it only on the real stdout with .e.g nvi.
+ [62666e309673]
+
+2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ If tty_tickets is enabled and there is no tty, prompt for a
+ password. Do not lecture user for "sudo -k command" if user has a
+ timestamp.
+ [5880200c5f6b]
+
+ * INSTALL:
+ Document missing options: --with-efence and --with-bsm-audit
+ [d83afcdf9ff3]
+
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
+ sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
+ visudo.man.in, visudo.pod:
+ username -> user name groupname -> group name hostname -> host name
+ [10c85646f45d]
+
+ * INSTALL, README.LDAP, sudoers.pod:
+ filename -> file name like the rest of the docs
+ [1ef8ab5a9018]
+
+2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Fix printing of entries with multiple host entries on a single line.
+ [226ceaf91d8d]
+
+2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Mention that targetpw affects the timestamp file name.
+ [a26e22e4f72e]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
+ sudoers.pod:
+ Add compress_transcript option.
+ [6e94f8cb9dfb]
+
+2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ bump to 1.7.3b2
+ [906d7e347d15]
+
+ * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
+ Better split of membership vs. traditional group check in
+ user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
+ [6ebc55d4716b]
-2009-02-08 10:27 millert
+2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * term.c: Move terminal setting bits from tgetpass.c to term.c
+ * pwutil.c:
+ Fix pasto and add default return value.
+ [7973b5e4599c]
-2009-02-07 19:50 millert
+ * check.c, match.c, pwutil.c, sudo.h:
+ refactor group member checking into user_in_group()
+ [48ca8c2eddf8]
- * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
- tgetpass.c: Add pwstars sudoers option that causes sudo to print
- a star every time the user presses a key.
+ * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
+ sudo.h:
+ Add support for mbr_check_membership() as present in darwin.
+ [5501aed02b9f]
-2009-02-03 10:10 millert
+2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Fix up F<> brokenness for visudo.man.in and
- sudoers.ldap.man.in.
+ * match.c:
+ Rename label to be accurate
+ [3af17dd960f7]
-2009-01-27 11:54 millert
+ * Makefile.in, boottime.c, check.c, config.h.in, configure,
+ configure.in, sudo.h:
+ Treat timestamp files from before we booted as old. Idea from and
+ Apple patch.
+ [5c96e484c05a]
+
+2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: For ldap_search_ext_s() the sizelimit param should be 0,
- not -1, to indicate no limit. From Mark Janssen.
+ * sudo.c, sudo.pod, sudo_usage.h.in:
+ Allow the -u flag to be used in conjunction with the -v flag as per
+ older versions of sudo.
+ [591e9fc13c1a]
-2009-01-17 17:36 millert
+ * logging.c:
+ fix typo in last commit
+ [4fd0c692dcf0]
- * toke.c, toke.l: Comments that begin with #- should not be parsed
- as uids.
+2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2009-01-08 19:13 millert
+ * logging.c:
+ Convert fmt_first and fmt_confd into macros.
+ [32e870158b29]
- * sudo.c: Do not try to set the close on exec flag if we didn't
- actually open sudoers.
+ * sudoers.pod:
+ timeouts can be floats now
+ [89de639a9679]
-2008-12-19 12:40 millert
+ * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
+ defaults.h, mkdefaults:
+ Add support for floating point timeout values (e.g. 2.5 minutes).
+ [210ffa291733]
- * ChangeLog: regen
+2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-12-14 17:40 millert
+ * sudo.pod:
+ The -L flag will be removed in sudo 1.7.4
+ [ffd026084333]
- * TODO: sync
+2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-12-09 18:48 millert
+ * sudoreplay.c:
+ Fix a bug due to order of operators.
+ [938d34464283]
- * auth/pam.c: Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user
- enters ^C at the password prompt.
+2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-12-09 16:13 millert
+ * match.c:
+ cmnd_matches() already deals with negation so _cmndlist_matches()
+ does not need to do so itself. Fixes a bug with negated entries in
+ a Cmnd_List.
+ [71c845f6ce73]
- * configure.in, configure: Don't try to build sudo_noexec.so on
- HP-UX with the bundled compiler as it cannot generate shared
- objects.
+2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-12-09 15:55 millert
+ * sudo.c:
+ Don't exit() from open_sudoers, just return NULL for all errors.
+ [8cfa832f972a]
- * glob.c, lbuf.c, tgetpass.c, emul/charclass.h: K&R compilation
- fixes
+ * script.c:
+ Can't rely on the shell sending us SIGCONT when transitioning from
+ backgroup to foreground process.
+ [3c6c5b6cb4b3]
-2008-12-09 08:49 millert
+ * toke.c, toke.l:
+ Add missing extern def for parse_error
+ [45b7b59d03b7]
- * parse.c: Use tq_foreach_fwd when checking pseudo-commands to make
- it clear that we are not short-circuiting on last match. When
- pwcheck is 'all', initialize nopass to TRUE and override it with
- the first non-TRUE entry.
+2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-12-08 10:02 millert
+ * toke.c, toke.l:
+ Avoid a parse error when #includedir doesn't find any files. Closes
+ bug #375
+ [1ce1b850e9e6]
- * parse.c: Do not short circuit pseudo commands when we get a match
- since, depending on the settings, we may need to examine all
- commands for tags.
+ * Makefile.in:
+ Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
+ [6a22e32da108]
-2008-12-03 15:58 millert
+2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.cat, sudoers.man.in: regen
+ * script.c:
+ Start command out in foreground mode if stdout is a tty. Works
+ around issues with some curses-based programs that don't handle
+ tcsetattr getting interrupted by a signal. Still allows us to avoid
+ hogging the tty if the command is part of a pipeline.
+ [1c32f2b94769]
-2008-12-03 15:57 millert
+ * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
+ Use a socketpair to pass signals from parent to child. Child will
+ now pass command status change info back via the socketpair. This
+ allows the parent to distinguish between signals it has been sent
+ directly and signals the command has received. It also means the
+ parent can once again print the signal notifications to the tty so
+ all writes to the pty master occur in the parent. The command is
+ now always started in background mode with tty signals handled by
+ the parent.
+ [c6790b82986d]
- * sudoers.pod: hostnames may also contain wildcards
+2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-12-03 15:40 millert
+ * configure, configure.in:
+ Fix a few typos in the descriptions; from Jeff Makey Only do the
+ check for krb5_get_init_creds_opt_free() taking two arguments if we
+ find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
+ positive when using our own krb5_get_init_creds_opt_free which takes
+ only a single argument.
+ [845a9ff6f93d]
- * Makefile.in: remove stamp-* files and linux core files in clean
- target
+2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-12-02 12:30 millert
+ * configure, configure.in:
+ Remove a spurious comma in the kerb5 bits.
+ [3433eab083db]
- * config.h.in, configure, configure.in, auth/sudo_auth.h: Use
- HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
+ * auth/kerb5.c:
+ Call krb5_get_init_creds_opt_init() in our emulated
+ krb5_get_init_creds_opt_alloc() for MIT kerberos.
+ [7ffb40bf43e9]
+
+2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ Add HAVE_ZLIB
+ [9297bde61ecc]
+
+ * script.c:
+ Need to ignore SIGTT{IN,OU} in child when running the command in the
+ background. Also some minor cleanup.
+ [dc208d982319]
+
+2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-26 15:10 millert
+ * script.c:
+ Instead of calling sigsuspend when waiting for SIGUSR[12] from
+ parent, install the signal handlers w/o SA_RESTART and let them
+ interrupt waitpid().
+ [759c7d18203b]
+
+ * script.c:
+ Pass along SIGHUP and SIGTERM from parent to child.
+ [035b0e254568]
+
+ * script.c:
+ Close unused bits of script_fds in processes that don't need them.
+ Restore default SIGCONT handler in child.
+ [e037378ab0c1]
+
+ * script.c:
+ Update foreground/background status in SIGCONT handler in parent
+ process.
+ [3f7f91333264]
+
+2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Defer setting terminal into raw mode until just before we fork() and
+ only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
+ and sudo is already in the foreground be sure to set raw mode before
+ continuing the child.
+ [1102ef40832c]
+
+2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
+ give the command the controlling tty if the main sudo process is the
+ foreground process.
+ [cf3a91cb5682]
+
+ * script.c:
+ Don't bother with sudo_waitpid() here for now.
+ [9086de480c2d]
+
+ * script.c:
+ fix non-zlib case
+ [a258bff0f9a6]
+
+2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Remove non-wroking code that crept into rev 1.55
+ [2802dd55cff5]
+
+2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in, script.c, sudoreplay.c:
+ First pass at zlib support for transcript data files
+ [5d10260807da]
+
+ * Makefile.in:
+ remove vestiges of ZLDFLAGS
+ [1fa0caf1c0fb]
+
+ * script.c:
+ Add missing variable declaration for when TIOCSCTTY is not defined.
+ Need to include sys/termio.h for TIOCSCTTY on some systems.
+ [ee7f41ac2709]
- * configure, configure.in: correctly enable SIA on Digital UNIX
+ * script.c:
+ when resuming command, send SIGCONT to its pgrp not just pid
+ [5cd63c1d565b]
-2008-11-25 20:06 millert
+ * selinux.c:
+ remove unused variable
+ [df67df4be228]
- * TODO: checkpoint
+ * script.c:
+ include selinux.h for is_selinux_enabled() proto
+ [85ebaa880cc1]
-2008-11-25 20:05 millert
+ * script.c:
+ Don't use log_error() in the child process.
+ [def65fe2a433]
- * ChangeLog: sync
+ * script.c:
+ Do I/O in parent instead of child since the parent can have both
+ /dev/tty as well as the pty fds open. The child just sets things up
+ and waits for its grandchild and writes the signal description to
+ the pty master if the command was killed by a signal.
+ [95e473208982]
+
+2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * missing.h, sudo.h:
+ Move two struct forward declarations from sudo.h to missing.h
+ [90ad28294a8c]
+
+ * script.c:
+ Make comment at the top of script_exec() match reality.
+ [c5042d27dbe0]
+
+ * sudo.c:
+ if neither stdin nor stdout is a tty, check stderr
+ [c532ff20c8d8]
+
+ * Makefile.in:
+ Add back dependecy of gram.h on gram.y
+ [c58382b7fcca]
+
+ * script.c:
+ Make transcript mode work as long as we can figure out our tty, even
+ if it is not stdin. We'd like to use /dev/tty but that won't be
+ valid after the setsid().
+ [7b8bba8d99e7]
+
+2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, pty.c:
+ Add support for IRIX-style dynamic ptys
+ [bedc9bac44c1]
+
+ * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
+ Move alloc.c protos into alloc.h
+ [b6a90649617d]
+
+ * missing.h:
+ Move prototypes for missing libc functions to missing.h
+ [dda9ae1ccaf8]
+
+ * Makefile.in, sudo.h, sudoreplay.c:
+ Move prototypes for missing libc functions to missing.h
+ [7483166b577b]
+
+2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ Disable transcript support if no tcsetpgrp until we support older
+ BSD-style job control.
+ [27ac1d8163df]
+
+ * configure, configure.in, pty.c, script.c:
+ Break out pty code into pty.c
+ [e85509b25d41]
+
+ * compat.h, config.h.in, configure, configure.in:
+ add killpg macro if no killpg function
+ [3a125f4a51f0]
+
+ * config.h.in, configure, configure.in, script.c:
+ Push ptem and ldterm for STERAMS-based systems when allocating a
+ pty.
+ [36bb39b30ff2]
+
+2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
+ [d94bd5c9bf4e]
+
+ * script.c:
+ Call tcgetpgrp() in the parent, not the child and have the child
+ spin until it is granted. Fixes a race on darwin.
+ [6e8d435339ce]
+
+ * script.c:
+ Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
+ reopen slave.
+ [0bdc63c019ca]
+
+2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ In script mode, if the command is killed by a signal, print the
+ signal description as well as a core dump notification like the
+ shell does.
+ [9df61738df07]
+
+ * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
+ sudo.h:
+ Add check for strsignal() and a simple implementation if it is not
+ there but sys_siglist is
+ [61421a188ef4]
+
+ * script.c:
+ Add missing WUNTRACED and store the signal that stopped the
+ grandchild in suspended, not signo.
+ [df65042b200e]
+
+ * script.c:
+ g/c unused code
+ [40d8cb5c9203]
+
+ * script.c:
+ Associate the grandchild's pgrp with the tty instead of the child's
+ and just get suspend notifications via SIGCHLD instead of directly.
+ This fixes a hang with programs that try to set terminal attributes
+ and is more consistent with how the shell handles things.
+ [6865abff7e94]
+
+2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Move setpgid() of child into the parent side of the fork() where it
+ belongs.
+ [3defa782777c]
+
+2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ fix typo
+ [b6a612b3622c]
+
+ * script.c:
+ Run command in its own pgrp (like the shell does) for easier
+ signalling. No need to relay SIGINT or SIGQUIT to parent, just send
+ to grandchild. Don't want grandchild stopped events in the child
+ (only termination). Flush output after suspending grandchild before
+ signalling parent.
+ [db556bf2176f]
+
+ * script.c:
+ Back out revision 1.34; the problem lies elsewhere.
+ [85f590a03275]
+
+ * script.c:
+ Don't set stdout to blocking mode when flushing remaining output.
+ It can cause us to hang when trying to exit. Need to investigate
+ why.
+ [6f803a3e33ca]
+
+ * script.c:
+ Handle SIGTTOU and remove some debugging.
+ [52d17279053e]
+
+ * term.c:
+ Back out revision 1.10 as the signal that interrupts us may be
+ SIGTTOU or SIGTTIN which the caller must handle.
+ [7e2fa9107975]
+
+ * script.c:
+ Apparently we need to send SIGSTOP to the command as well as ourself
+ when we get SIGTSTP, the kernel doesn't automatically stop the
+ process for us.
+ [1a936e9309c4]
+
+ * script.c:
+ Use an extra process to act as the glue bewteen the sessions
+ associated with the user's controlling tty (what the shell uses) and
+ the tty that sudo is using to do its logging. Basically, this means
+ that if we get, e.g. SIGTSTP from the process sudo is running, we
+ relay the signal to the parent so it's shell can do the job control.
+ [6dd296988060]
+
+ * term.c:
+ Handle getting/setting terminal attributes when the fd is in non-
+ blocking mode.
+ [ae5ae535ea7b]
+
+2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ Add support for pausing and changing the speed in interactive mode.
+ [72a2063780a7]
+
+ * script.c:
+ Already define O_NOCTTY in compat.h, don't need it here
+ [b5d80ed3e5ce]
+
+2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Add missing protos
+ [c4cb4e7f4d8a]
+
+2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Always update the stashed mtime of the temp file instead of using
+ what we have for the original because the time resolution of the
+ filesystem the temporary is on may not match that of the filesystem
+ that holds the original. Should fix bz #371 found by Philippe Levan.
+ [c86ca4bec60c]
+
+ * sudoreplay.c:
+ Use cbreak mode instead of raw mode and add signal handlers to
+ restore the tty on interrupt.
+ [84dd283da41c]
+
+ * script.c, sudo.h, term.c:
+ Retain NL to NLCR conversion on the real tty and skip it on the pty
+ we allocate. That way, if stdout is not a pty there are no extra
+ carriage returns.
+ [32e4f570414e]
+
+ * script.c:
+ Fix log_output(); just pass in a string and a length.
+ [ca980cc0a3fb]
+
+2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ do not use errno when complaining out lack of a tty
+ [8f9b8c55ab8e]
+
+2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, sudoreplay.c, term.c:
+ Instead of messing with line endings, just set terminal to raw mode
+ in sudoreplay.
+ [90943fa87acb]
+
+ * term.c:
+ When copying the terminal attributes to the pty, be sure not to set
+ ONLCR. This prevents extra carriage returns from ending up in the
+ script output file.
+ [e6b5475ac2aa]
+
+ * script.c:
+ Convert a do {} while into a while
+ [e461310d2c77]
+
+ * Makefile.in:
+ Use if then instead of test && when installing binaries that may not
+ exist.
+ [ad4f9490d971]
+
+ * script.c:
+ Add O_NOCTTY when opening a tty device. Explicitly disconnect from
+ old tty before associatng with new one.
+ [0e0ca634b80c]
+
+ * script.c, selinux.c, sudo.c, sudo.h:
+ First cut at refactoring some of the selinux code so it can be used
+ in conjunction with sudo's transcript support.
+ [779b0d8f9d29]
+
+2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in:
+ Fix default case of transcript_enabled being unset.
+ [f8aa96186e6b]
+
+ * script.c, sudoreplay.c:
+ Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
+ [2844a7a851fa]
+
+ * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
+ Hook up --disable-transcript and --enable-transcript=DIR
+ [b3fa7e6b2480]
+
+2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in, pathnames.h.in:
+ _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
+ transcript=DIR option to specify the directory
+ [b0bb76d43cda]
-2008-11-25 12:01 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [c7a8a0a9027c]
+
+ * configure, configure.in, sudoers.man.pl, sudoers.pod:
+ Substitute in default value for secure_path
+ [c8f9ac6dbf93]
+
+ * sudo.pod:
+ Mention that the password must be followed by a newline with the -S
+ option.
+ [2fc589a3ee7e]
+
+2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Go back to dropping out of the select() loop when the process dies;
+ Linux ptys apparently don't behave the same as BSD in regards to
+ select(). No need to flush remaining output to the transcript, only
+ to stdout. Add back code to check the master pty for additional data
+ when we exit the main select loop.
+ [abed9a9cbc6b]
+
+2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Add getline.o to COMMON_OBJS
+ [04ef7643cbc2]
+
+ * Makefile.in:
+ sudoreplay depends on libsudo.a
+ [142bd0472631]
+
+ * Makefile.in:
+ More pwutil.o into COMMON_OBJS
+ [4a016b933629]
- * check.c, sudo.h, tgetpass.c: Even if neither stdin nor stdout are
- ttys we may still have /dev/tty available to us.
+ * pwutil.c, testsudoers.c, tsgetgrpw.c:
+ Remove my_* redirection in pwutil.c for testsudoers and just use the
+ normal libc get{pw,gr}* names.
+ [9b76d637d86b]
+
+ * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ More time and date examples
+ [c6ee0175ec56]
+
+ * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
+ Move nanosleep() emulation into its own file Check librt.a for
+ nanosleep if we don't find it in libc
+ [4da0cc26aad7]
+
+ * Makefile.in, configure, configure.in:
+ Build libsudo with the common bits and link things against that.
+ [2b53bc0b081a]
+
+ * script.c:
+ Fix final flush.
+ [6da287d833da]
+
+ * script.c:
+ Keep reading from the pty master -> log file until read returns <=
+ 0. Do our best to write everything to stdout when flushing any
+ remaining bits.
+ [2a45d4ae280c]
+
+ * sudoreplay.c:
+ Use unbuffered I/O when writing to stdout and make sure we write the
+ entire buffer.
+ [f39ef9844a47]
+
+2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Only use max_wait if it is non-zero
+ [f6c10604d2e8]
-2008-11-24 10:09 millert
+ * getdate.c, getdate.y, getline.c:
+ Need compat.h here
+ [5d6722e225a0]
- * sudoers.cat, sudoers.man.in: regen
+ * sudoreplay.c:
+ Fix nanosleep emulation
+ [34e5e5d72a76]
-2008-11-24 10:08 millert
+ * script.c:
+ Fix comment after #endif
+ [bd1347718b25]
- * sudoers.pod: fix typos; Markus Lude
+ * sudoreplay.c:
+ Add protos for missing libc bits
+ [644f496427a2]
-2008-11-24 07:08 millert
+ * configure, configure.in:
+ add missing line continuation char
+ [db13c0d402cd]
+
+ * config.h.in, configure, configure.in, getline.c:
+ Implement getline() in terms of fgetln() if we have it.
+ [3ab786eaadc5]
- * ChangeLog: sync
+ * sudoreplay.c:
+ Print year when formatting log line
+ [90be669e3443]
-2008-11-23 19:42 millert
+ * sudoreplay.pod:
+ Document cwd, attempt to document time/date formats.
+ [6290fb9b65c6]
- * toke.c: regen
+ * sudoreplay.c:
+ Fix getline return value check.
+ [d696d6657261]
-2008-11-23 19:41 millert
+ * Makefile.in, config.h.in, configure, configure.in, getline.c,
+ sudoreplay.c:
+ Use getline() if the system has it, else use provide our own for
+ sudoreplay.
+ [afca1d6fbe5e]
- * toke.l: Fix matching of a line that only consists of a comment
- char
+ * script.c:
+ Refactor code to update output and timing files.
+ [361491332b1a]
-2008-11-22 13:17 millert
+2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: MacOS pam will retry conversation function if it
- fails so just treat ^C as an empty password.
+ * sudoreplay.c:
+ Make sudo_getln() behave more like glibc getline.
+ [40c9f2ea29e6]
-2008-11-22 10:12 millert
+ * script.c:
+ When flushing remaining output, also update timing file.
+ [5a9a5a627549]
- * visudo.c: When checking for alias use, also check defaults
- bindings.
+ * sudoreplay.c:
+ Use get_timestr() and make the -l output look like the regular sudo
+ log.
+ [452ba9d436c9]
-2008-11-22 10:01 millert
+ * logging.c, sudo.h, timestr.c:
+ Make get_timestr() take a time_t so we can use it properly in
+ sudoreplay.
+ [82e67cc53c9c]
- * redblack.c: unused var
+ * script.c:
+ Create session dir earlier now that we update the seq number early.
+ [797fe8d6dc61]
-2008-11-22 09:42 millert
+2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * redblack.c: Replace my rbdelete with Emin's version (which
- actually works ;-)
+ * sudoreplay.c:
+ Use fromdate and todate as the keywords instead of from and to; the
+ short forms will still be accepted.
+ [d14d9b116df4]
-2008-11-19 12:01 millert
+ * sudoreplay.c:
+ Fix reading long liensin sudo_getln()
+ [58dadd74118c]
- * testsudoers.c: malloc debugging
+ * script.c, sudoreplay.c:
+ Log the cwd in the script log file. Add sudo_getln() to read
+ arbitrarily long lines.
+ [faceb802ab8f]
-2008-11-19 07:37 millert
+ * Makefile.in, logging.c, sudo.h, timestr.c:
+ Move get_timestr() into its own source file so sudoreplay can use
+ it.
+ [99b054bfa20a]
- * visudo.c: malloc options in devel mode for visudo too
+2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-18 10:57 millert
+ * sudoreplay.c:
+ Add to and from perdicates (date ranges); needs documentation
+ [1d629174dcf4]
- * sudo.c: fix compilation on non-C99; from Theo
+2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-18 10:50 millert
+ * Makefile.in, getdate.c, getdate.y:
+ Fix warning and add generated getdate.c
+ [b877a86b5a03]
- * visudo.c: fix check_aliases
+ * Makefile.in, getdate.y:
+ Add getdate.y to be used for sudoreplay date parsing.
+ [b8e26fbb7a40]
-2008-11-18 08:29 millert
+2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * alias.c: when destroying an alias, free the correct data pointer
+ * sudoreplay.c:
+ Check more than just the first character of a predicate
+ [4fe53728adb1]
-2008-11-18 07:54 millert
+ * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ Add examples, sort predicates
+ [70f8075cbccc]
- * auth/sudo_auth.h: add proto for aixauth_cleanup; from Dale King
+ * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
+ sudoreplay.pod:
+ Implement search expressions in sudoreplay similar in concept to
+ what find or tcpdump uses. TODO: date ranges
+ [f7ce4fb4cf3a]
-2008-11-15 13:34 millert
+2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: regen
+ * script.c:
+ Remove vhangup as it was hanging up the wrong tty. Should really
+ vhangup in the child after it as set its tty.
+ [2eed9df73010]
-2008-11-15 13:34 millert
+ * sudoers.pod:
+ Fix cut at documenting transcript support.
+ [e6c533a5568a]
- * sudo.pod, sudoers.pod, visudo.pod: standardize on the term
- 'option' for command line options (not flag)
+ * logging.c:
+ ID= -> TSID= for transcript ID
+ [1bf755a35333]
-2008-11-14 06:18 millert
+2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL: Add note on configuring HP-UX pam
+ * sudoers.pod:
+ Move fast_glob description to where it belongs in sorted order
+ [5901cfb0d25f]
-2008-11-11 13:28 millert
+ * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
+ parse.c, parse.h, sudo.c:
+ Rename script -> transcript
+ [e06cf823122c]
- * check.c, sudo.c: Move tty checks into check_user() so we only do
- them if we actually need a password.
+2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-11 12:34 millert
+ * compat.h:
+ Add timeradd and timersub for those without them
+ [929f8aa06c2b]
- * sudo.c: Don't error out if no tty or askpass unless we actually
- need to authenticate.
+ * script.c:
+ Sanity check sessid before using it.
+ [aa8ca5211d43]
-2008-11-10 15:20 millert
+ * sudo.c:
+ Only set the session id if we are running a command or editing a
+ file.
+ [7205d717c098]
- * ChangeLog: regen
+ * script.c:
+ Actually. qsort is fine since most versions fal back to a cheaper
+ sort when the number of elements to sort is small (like in our
+ case).
+ [d11c7cd352fe]
-2008-11-10 08:07 millert
+ * config.h.in, configure, configure.in, script.c:
+ Check for dup2 and use dup instead if we don't have it.
+ [98bd89830f8a]
- * pathnames.h.in, sudo.c: s/overriden/overridden/; from Tobias
- Stoeckmann
+ * script.c, sudo.c, sudo.h:
+ Move the code to dup2 the script fds to low numbered descriptors
+ into script_duplow() and fix the fd sorting.
+ [9453fdc5fba6]
-2008-11-09 15:18 millert
+ * script.c, sudo.c, sudo.h:
+ Move script_setup() back to immediately before we drop privs and
+ call the new script_nextid() in its place, which will set
+ sudo_user.sessid for the logging functions.
+ [8434d0c8ff08]
- * visudo.c, WHATSNEW: check sudoers owner and mode in strict mode
+2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-09 09:15 millert
+ * Makefile.in:
+ Install sudoreplay
+ [6acf2cdb4d3f]
- * gram.c, toke.c: regen
+ * sudoreplay.c:
+ remove unused variable
+ [2316360bb992]
-2008-11-09 09:13 millert
+2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * alias.c, alloc.c, closefrom.c, compat.h, defaults.c, defaults.h,
- env.c, fileops.c, gettime.c, gram.y, ins_csops.h, insults.h,
- interfaces.c, interfaces.h, lbuf.c, license.pod, list.c,
- logging.c, logging.h, parse.c, parse.h, pwutil.c, redblack.c,
- redblack.h, snprintf.c, sudo.c, sudo.pod, sudo_edit.c,
- sudo_nss.h, testsudoers.c, toke.l, tsgetgrpw.c, utimes.c,
- version.h, visudo.c, zero_bytes.c, LICENSE, sudoers.pod,
- visudo.pod, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
- auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
- auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
- sudo.man.in, sudoers.man.in, visudo.man.in: Update copyright
- years.
+ * logging.c, script.c, sudo.c, sudo.h:
+ Log the session ID, if there is one. Currently logs ID=XXXXXX,
+ perhaps should be SESSIONID or SESSID.
+ [53976905b0a6]
-2008-11-09 08:48 millert
+ * Makefile.in, configure, configure.in, sudoreplay.cat,
+ sudoreplay.man.in, sudoreplay.pod:
+ Add sudoreplay docs
+ [da4f14f0e64c]
- * fnmatch.c, glob.c, emul/charclass.h: add my copyright
+ * sudoreplay.c:
+ add -V (version) flag
+ [b5e743639ee3]
-2008-11-08 10:40 millert
+ * sudoreplay.c:
+ Hook up max_wait.
+ [2ec5697a92ba]
- * toke.c, toke.l: The loop in fill_cmnd() was going one byte too
- far past the end, resulting in a NUL being written immediately
- after the buffer end.
+ * script.c, sudoreplay.c:
+ Use base36 number for the ID and store script files with paths like
+ /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
+ (2,176,782,336) unique IDs.
+ [6aab019d07aa]
-2008-11-08 10:31 millert
+2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * UPGRADE, WHATSNEW: add sections on tgetpass changes
+ * config.h.in, configure.in:
+ Add check for regcomp
+ [44c3ebd7ff34]
-2008-11-08 10:30 millert
+ * sudoreplay.c:
+ Add support for selecting by pattern and tty when listing.
+ [66189f840c52]
- * tgetpass.c: Treat EOF w/o newline as an error.
+2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-07 17:42 millert
+ * sudoreplay.c:
+ The beginnings of a list mode.
+ [8d0150b4a52c]
- * parse.c: Fix "sudo -v" when NOPASSWD is set.
+2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-11-07 12:45 millert
+ * Makefile.in:
+ fix pasto
+ [616b4640b8a8]
- * auth/: bsdauth.c, fwtk.c, pam.c, sudo_auth.c, sudo_auth.h: No
- longer treat an empty password at the prompt as special. To quit
- out of sudo you now need to hit ^C at the password prompt.
+ * Makefile.in, config.h.in, configure.in:
+ Add scaffolding for building sudoreplay
+ [a32958505dbe]
-2008-11-06 21:07 millert
+ * sudoreplay.c:
+ include error.h first arg to nanotime is const
+ [fe5a7bb31bc5]
- * sudoers.cat, sudoers.man.in: regen
+ * sudoreplay.c:
+ Initial cut at sudoreplay; replay a sudo session.
+ [f149fba372bd]
-2008-11-06 21:06 millert
+2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: Sudo
- will now refuse to run if no tty is present unless the new
- visiblepw sudoers flag is set.
+ * script.c:
+ Fix wait() usage and use correct wait status.
+ [f4745ed7ad05]
-2008-11-05 19:42 millert
+ * sudo.c, sudo.h, tgetpass.c:
+ Add protos for term_* to sudo.h
+ [14fe1abd7e7b]
- * aix.c: just use RLIM_INFINITY for RLIM_SAVED_MAX if
- RLIM_SAVED_MAX not defined
+ * script.c:
+ Fix detection of the child process exiting. Since the child is in
+ its own session we should only ever get SIGCHLD for that process but
+ better safe than sorry.
+ [7edfdadd8505]
-2008-11-05 19:40 millert
+ * config.h.in:
+ Add UNIX98 pty support.
+ [82f4b53a0e8f]
- * aix.c: fix fallback value for RLIM_SAVED_MAX
+ * configure, configure.in, script.c:
+ Add UNIX98 pty support.
+ [795b8bb0a3a1]
-2008-11-05 19:14 millert
+2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/: aix_auth.c, sudo_auth.h: Move clearing of AUTHSTATE into
- aixauth_cleanup.
+ * term.c:
+ For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
+ if it is defined.
+ [40f8b83baf69]
-2008-11-05 19:08 millert
+ * auth/pam.c:
+ Set PAM_RUSER and PAM_RHOST early so they can be used during
+ authentication. Based on a patch from Jamie Beverly.
+ [3d567b453a6a]
- * env.c, auth/aix_auth.c: Unset AUTHSTATE after calling
- authenticate() as it may not be correct for the user we are
- running the command as.
+ * match.c:
+ Close dir before returning if strlcpy() reports overflow. From
+ Martynas Venckus.
+ [6a82f96473e5]
-2008-11-05 19:05 millert
+ * config.h.in, configure, configure.in, script.c:
+ On Linux, the openpty proto libes in pty.h
+ [98643a018d1c]
- * isblank.c: Add isblank() function for systems without it. Needed
- for POSIX character class matching in fnmatch.c and glob.c.
+ * script.c:
+ Call vhangup on exit if the system has it Use setpgrp() if no
+ setsid()
+ [3a9e13149829]
-2008-11-05 11:02 millert
+2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * TROUBLESHOOTING: expound on sudo and cd
+ * config.h.in, configure, configure.in:
+ Add checks for revoke and vhangup if we don't have openpty
+ [fcb04572e994]
-2008-11-04 15:52 millert
+ * script.c:
+ Session logging guts that got forgotten in the previous commit.
+ [c2af08a63ea9]
- * ChangeLog: regen
+ * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
+ configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
+ gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
+ tgetpass.c:
+ First cut at session logging for sudo. Still need to write
+ get_pty() for Unix 98 and old-style BSD ptys. Also needs
+ documentation and general cleanup.
+ [77e3f5e25738]
-2008-11-04 15:46 millert
+2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.cat, sudoers.man.in: regen
+ * sudo.c, sudo_edit.c:
+ Fix a bug introduced with def_closefrom. The value of def_closefrom
+ already includes the +1.
+ [7291c136300d]
-2008-11-04 15:45 millert
+2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: mention defauts parse order
+ * Makefile.in:
+ Generate sudo distributions with pax in ustar mode. No longer need
+ to use a temp file or have the source dir name match the version.
+ [9778177a8272]
-2008-11-03 13:19 millert
+2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, aclocal.m4, compat.h, configure: Add isblank()
- function for systems without it. Needed for POSIX character
- class matching in fnmatch.c and glob.c.
+ * toke.c, toke.l:
+ Fix expansion of %h in #include names. Fixes bugzilla 363
+ [6e346879ba24]
-2008-11-03 12:54 millert
+2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: add emul/charclass.h to HDRS
+ * mkdefaults:
+ If no arg assume def_data.in
+ [c1dd28c0e675]
-2008-11-02 14:08 millert
+ * README, WHATSNEW:
+ Update for 1.7.2
+ [f5ad45f69f05] [SUDO_1_7_2]
- * TODO: checkpoint
+ * ChangeLog:
+ sync
+ [6283549396ff]
-2008-11-02 14:06 millert
+2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, defaults.c, testsudoers.c, visudo.c: Move
- update_defaults into defaults.c and call it properly from visudo
- and testsudoers.
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Add missing single quotes around a colon in Runas_Spec definition.
+ From Elias Benali.
+ [ccc6ee4fca83]
-2008-11-02 09:51 millert
+2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c,
- tgetpass.c, tsgetgrpw.c: use zero_bytes() instead of memset() for
- consistency
+ * sudo.man.in, sudoers.man.in:
+ regen
+ [546e75304ebf]
-2008-11-02 09:45 millert
+ * redblack.c:
+ In rbrepair, re-color the root or the first non-block node we find
+ to be black. Re-coloring the root is probably not needed but won't
+ hurt.
+ [34d01ebe241b]
- * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c,
- tgetpass.c, visudo.c: Zero out sigaction_t before use in case it
- has non-standard entries.
+ * sudo.cat, sudoers.cat:
+ regen
+ [bebf5a39f54f]
-2008-11-02 09:35 millert
+2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: quiet gcc
+ * redblack.c:
+ When repairing the tree, don't touch the root node.
+ [9841f0d5d789]
-2008-11-02 09:28 millert
+2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: Short circuit glob() checks if basename(pattern) !=
- basename(command). Refactor code that checks for a command in a
- directory and use it in the glob case if the resolved pattern
- ends in a '/'.
+ * set_perms.c:
+ Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
+ Reported by Josef Schmid.
+ [ed044b1eb879]
-2008-11-01 09:20 millert
+2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c: Defer
- setting runas defaults until after runaspw/gr is setup.
+ * sudoers.pod:
+ Document that we accept env_pam-style environment files
+ [e3b545456352]
-2008-10-29 13:26 millert
+ * env.c:
+ Adapt to accept pam_env-style /etc/environment which allows shell-
+ style lines such as: export EDITOR="/usr/bin/vi"
+ [752eb75bf007]
- * match.c, sudo.c, testsudoers.c: Use MAXHOSTNAMELEN+1 when
- allocating host/domain name since some systems do not include
- space for the NUL in the size. Also manually NUL-terminate
- buffer from gethostname() since POSIX is wishy-washy on this.
+ * sudoers.pod:
+ Make it clear that env_delete only works when !env_reset. From Lo??c
+ Minier
+ [3bd3f8e351ba]
-2008-10-26 17:13 millert
+2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c, sudoers.pod: When setting the umask, use the union of the
- user's umask and the default value set in sudoers so that we
- never lower the user's umask when running a command.
+ * sudo.pod, sudoers.pod:
+ Add non-unix group bits, adapted from Quest
+ [8ce427de8dea]
-2008-10-26 16:43 millert
+ * Makefile.in:
+ build the .cat page in the current working dir, not the src dir
+ [00e87a307674]
- * sudo.c: Don't try to read from a zero-length sudoers file.
- Remove the bogus Solaris work-around for EAGAIN. Since we now
- use fgetc() it should not be a problem.
+ * env.c:
+ Return EINVAL in setenv() if var is NULL or the empty string to
+ match glibc behavior.
+ [23fd7c247142]
-2008-10-25 09:22 millert
+2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: In update_defaults() check the return value of
- user*_matches against ALLOW so we don't inadvertantly match on
- UNSPEC.
+ * configure, configure.in:
+ Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
+ [fedd4a3e2a85]
-2008-10-24 09:52 millert
+2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
- sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
- regen man pages; no more hyphenation
-
-2008-10-24 09:49 millert
-
- * sudo.c: Don't error out on a zero-length sudoers file. With the
- advent of #include the user could create a situation where sudo
- is unusable.
-
-2008-10-23 12:06 millert
-
- * config.h.in, configure, configure.in, auth/kerb5.c: Newer heimdal
- has 2-argument krb5_get_init_creds_opt_free() like MIT krb5.
- Really old heimdal has no krb5_get_init_creds_opt_alloc() at all.
- Add configure tests to handle all the cases.
-
-2008-10-08 17:28 millert
-
- * sudo.pod: resort ENVIRONMENT
-
-2008-10-08 17:09 millert
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [7b9f461a40b3]
- * sudoers.pod: document sudoers_locale
+2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-10-08 16:56 millert
+ * INSTALL:
+ Document --with-libvas and --with-libvas-rpath
+ [a071e6d96c89]
- * sudo.pod, sudo_edit.c: add SUDO_EDITOR variable that sudoedit
- uses in preference to VISUAL or EDITOR
+2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-10-08 14:27 millert
+ * ldap.c, sudoers.ldap.pod:
+ For netscape-derived LDAP SDKs the cert and key paths may be a
+ directory or a file. However, version 5.0 of the SDK only seems to
+ support using a directory. If ldapssl_clientauth_init fails and the
+ cert or key paths look like they could be files, strip off the last
+ path element and try again.
+ [ac4e49d83043]
- * toke.c, toke.l: In fill_cmnd(), collapse any escaped
- sudo-specific characters. Allows character classes to be used in
- pathnames.
+ * Makefile.in:
+ Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
+ [4547cc1a335f]
-2008-10-03 16:02 millert
+2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * lbuf.c: fix typo in non-C89 function declaration
+ * configure, configure.in, match.c, sudo.c, vasgroups.c:
+ Update non-Unix group support from Quest, as reworked by me.
+ [1abafce29dc6]
-2008-10-03 15:56 millert
+ * toke.c:
+ regen
+ [01bfca9148b7]
- * sudoers.pod: Mention POSIX characters classes now that out
- fnmatch() and glob() support them.
+ * toke.l:
+ Add support for escaped hex chars in names, e.g. \x20 for space.
+ [3c7be8e58a39]
-2008-10-03 15:55 millert
+2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * sample.sudoers, sudoers.pod: Replace [A-z] (which won't match in
- UTF8) with [A-Za-z] which is locale agnostic.
+ * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
+ auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
+ fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
+ logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
+ set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
+ sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
+ tgetpass.c, toke.l, visudo.c:
+ Update copyright years.
+ [e615f676c764]
-2008-10-03 10:02 millert
+2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.h: use __signed char if we are going to assign a negative
- value since on Power, char is unsigned by default
+ * interfaces.c, lbuf.c:
+ Minor fixes for Minix-3
+ [898c510d23f9]
-2008-10-03 09:59 millert
+2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in, config.h.in: Add tests for __signed char
- and signed char.
+ * set_perms.c:
+ Handle getgroups() returning 0. Also add missing check for
+ HAVE_GETGROUPS.
+ [d73b958f9ffd]
-2008-10-03 09:19 millert
+2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * aix.c: Fix AIX limit setting. getuserattr() returns values in
- disk blocks rather than bytes. The default hard stack size in
- newer AIX is RLIM_SAVED_MAX. From Dale King.
+ * Makefile.in, config.h.in, configure, configure.in, sudo.c,
+ version.h, visudo.c:
+ Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
+ [5050579a264d]
-2008-09-26 17:13 millert
+2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * fnmatch.c, glob.c, emul/charclass.h: Add character class support
- to included glob(3) and fnmatch(3).
+ * set_perms.c:
+ Remove group setting code in setusercontext case, we will do it
+ ourselves later on in runas_setup. Set the gid after
+ initgroups/setgroups is called, since on Mac OS X it seems to change
+ the egid.
+ [09dc21d8b42d]
-2008-09-16 08:28 millert
+2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * emul/fnmatch.h: Remove UCB advertising clause and some
- compatibility defines.
+ * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
+ vasgroups.c:
+ Initial bits of non-unix group support using Quest Authentication
+ Services
+ [1eecab0ff27e]
-2008-09-14 16:07 millert
+ * toke.c, toke.l:
+ Accept %:foo as a non-Unix group
+ [4c4b5dd899a6]
- * sudo_edit.c: Check EDITOR/VISUAL to make sure sudoedit is not
- re-invoking itself or sudo. This allows one to set EDITOR to
- sudoedit without getting into an infinite loop of sudoedit
- running itself until the path gets too big.
+ * toke.c, toke.l:
+ Allow user/group to be double quoted in the case of non-Unix groups
+ which contain spaces.
+ [47a3d568b7e8]
-2008-09-13 20:45 millert
+2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c: Add
- sudoers_locale Defaults option to override the default sudoers
- locale of "C".
+ * match.c:
+ Don't allow the user to specify the default runas user if their
+ sudoers entry only allows them to run as a group.
+ [4d726177227c]
-2008-09-13 14:09 millert
+2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Set locale to system default except for during sudoers
- parse.
+ * sudo.c:
+ Must call audit_success before we change uids.
+ [04a9e6ce6e55]
-2008-09-12 09:34 millert
+ * logging.c, set_perms.c, sudo.h, testsudoers.c:
+ Add option for set_perm to not exit on failure and use this in the
+ logging routines.
+ [833dce7b7f42]
- * match.c: Redo change in 1.34 to use pointer arithmetic.
+ * parse.c:
+ In -l mode, if the user is only allowed to run as a group, display
+ the user's name, not root's before the allowed group.
+ [ef92ff99d265]
-2008-09-11 07:06 millert
+ * sudo.c:
+ Fix -g mode, broken by rev 1.503 which had the side effect of
+ setting the runas user to root unilaterally.
+ [50a2f7df4385]
- * match.c: Fix a dereference (read) of a freed pointer. Reported
- by Patrick Williams.
+2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-08-23 19:09 millert
+ * fileops.c:
+ When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
+ [30fbe832dcf3]
- * sudo.c: Set locale to "C" to avoid interpretation issues with
- character ranges in sudoers. May want to make the locale a
- sudoers option in the future.
+ * pwutil.c:
+ Only cache by the method we fetched for pwd and grp lookups.
+ Previously we cached both by namd and id but this can cause problems
+ for entries that share the same id. Also add more info in the error
+ message in case the insert fails (which should now be impossible).
+ [ef95a4f0bab5]
-2008-08-20 07:45 millert
+2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in: we no longer use setproctitle
+ * sudoers.pod:
+ Add a clarification from Nick Sieger
+ [1eadad329561]
-2008-08-20 07:41 millert
+2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.h: remove #if 1
+ * env.c:
+ Inline the setting of the environment string.
+ [9515d11c6295]
-2008-08-20 07:40 millert
+2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * LICENSE, mkstemp.c: Use my replacement mkstemp() from the mktemp
- package.
+ * env.c:
+ setenv(3) in Linux treats a NUL value as the empty string setenv(3)
+ in BSD doesn't return an error if the name has '=' in it, it just
+ treats the '=' as end of string.
+ [941260bf94d2]
-2008-07-12 08:53 millert
+2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * gram.c: regen with yacc skeleton bug fixed
+ * toke.c, toke.l:
+ Not all systems have d_namlen
+ [e377b18d8e2d]
-2008-07-12 08:48 millert
+2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Remove duplicate "as root". From Martin Toft.
+ * sudoers.pod:
+ Fix up some pod2html issues.
+ [823a1f10ab60]
-2008-07-02 06:27 millert
+2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * pwutil.c, sudo.c, testsudoers.c, sudo.h: Flesh out the fake
- passwd entry used for running commands as a uid not listed in the
- passwd database. Fixes an issue with some PAM modules.
+ * interfaces.c:
+ Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
+ Quest Software.
+ [73de36653131]
-2008-07-01 07:57 millert
+ * sudoers.pod:
+ Ignore files ending in '~' in sudo.d (emacs backup files)
+ [7871fad702db]
- * sudo.c: Error out in -i mode if the user has no shell. This can
- happen when running commands as a uid with no password entry.
+ * toke.c, toke.l:
+ Ignore files ending in '~' in sudo.d (emacs backup files)
+ [53fded2a469f]
-2008-06-26 07:49 millert
+2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l: Better fix for line continuation inside double
- quotes. Now accepts whitespace between the backslash and the
- newline like the main lexer.
+ * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
+ For #includedir, ignore any file containing a dot
+ [a7daa1bce6c2]
-2008-06-25 14:31 millert
+ * Makefile.in, version.h:
+ Bump version
+ [ef60f14ffc44]
- * toke.c, toke.l: Fix line continuation in strings. It was only
- being honored if preceded by whitespace.
+ * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
+ sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
+ visudo.c:
+ Implement #includedir directive. Files in an includedir are not
+ edited by visudo unless they contain a syntax error.
+ [3923d85a6c79]
-2008-06-22 16:19 millert
+ * ChangeLog:
+ sync
+ [8741ed61a78b] [SUDO_1_7_1]
- * config.h.in, configure, configure.in, logging.c: Replace the
- double fork with a fork + daemonize.
+ * WHATSNEW:
+ Forgot umask_override
+ [7c86a21a5504]
-2008-06-21 14:59 millert
+ * ChangeLog, TODO:
+ sync
+ [57339ca6bccf]
- * env.c, sudo.c: The -i flag should imply env_reset. This got
- broken in sudo 1.6.9.
+2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-06-20 20:34 millert
+ * visudo.c:
+ Rewind stream if we fdopen sudoers since it may not be at the
+ beginning. Set the keepopen flag on already-open files too so the
+ lexer doesn't close them out from under us.
+ [61292d819aff]
- * logging.c, sudo.c, sudo_edit.c, visudo.c: Change how the mailer
- is waited for. Instead of having a SIGCHLD handler, use the
- double fork trick to orphan the child that opens the pipe to
- sendmail. Fixes a problem running su on some Linux distros.
+ * visudo.c:
+ Print the proper file name when there is a parse error in an include
+ file.
+ [b0e85d4aedde]
-2008-06-20 17:16 millert
+2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Fix configure test for dirfd() on Linux
- where DIR is opaque.
+ * WHATSNEW:
+ Sync
+ [997e5d485ea3]
-2008-06-17 17:42 millert
+2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * tgetpass.c: Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If
- QNX still has this problem we'll need to revisit this again.
+ * configure, configure.in:
+ Fix a warning when --without-ldap is specified.
+ [d91fd9481b30]
-2008-06-10 21:13 millert
+2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c: Ignore SIGPIPE instead of blocking it when piping to
- the mailer. If we only block the signal it may be delivered
- later when we unblock. Also, there is no need to block SIGCHLD
- since we no longer do the double fork. The normal SIGCHLD
- handler is sufficient.
+ * alias.c, parse.h, visudo.c:
+ Store aliases that we remove during check_aliases in a freelist and
+ free them at the end so we don't leak memory.
+ [805e2272f6a3]
-2008-06-08 17:37 millert
+2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Add description for NO_PAM_SESSION, from
- a redhat patch.
+ * visudo.c:
+ Check aliases in -c mode too.
+ [9199e188d9f2]
-2008-06-06 09:36 millert
+ * alias.c, parse.h, visudo.c:
+ Make alias_remove return the alias struct instead of freeing it
+ directly. Fixes a use after free in alias_remove_recursive, the only
+ consumer.
+ [a04b61804800]
- * sudo.cat, sudo.man.in, sudo.pod: Fix typos in -i usage
+ * alias.c, match.c, parse.c, parse.h, visudo.c:
+ Rename find_alias -> alias_find for consistency.
+ [48b0a82924f3]
-2008-05-18 13:54 millert
+2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Redo the test for dgettext() in a way
- that hopefully will work around the libintl_dgettext() undefined
- problem.
+ * visudo.c:
+ When checking for unused aliases, recurse if the alias points to
+ another alias.
+ [2d4d1a7f3a41]
-2008-05-11 09:21 millert
+2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * schema.ActiveDirectory: change filename in comment
+ * ldap.c:
+ Back out rev 1.105 for now. Real ldapux_client.conf support will be
+ done later after some refactoring.
+ [8ad72e69b277]
-2008-05-10 09:18 millert
+2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
- sudoers.ldap.pod: Reference schema.ActiveDirectory
+ * ldap.c:
+ Treat ldap_hostport the same as "host" for ldapux.
+ [3281dcc66da8]
-2008-05-09 14:49 millert
+ * configure, configure.in:
+ Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
+ Fixes compilation with ldapux.
+ [ca1ed585ef0e]
- * schema.OpenLDAP, schema.iPlanet: Mark sudoRunAs as deprecated.
+2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-05-09 14:48 millert
+ * fileops.c:
+ fix char subscript
+ [41e51f080d00]
- * schema.ActiveDirectory: add sudoRunAsUser and sudoRunAsGroup
+2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-05-09 14:01 millert
+ * Makefile.in:
+ remove errant carriage returns
+ [e9e258a31c7b]
- * schema.ActiveDirectory: Active Directory schema by Chantal
- Paradis and Eric Paquet
+ * audit.c, env.c:
+ fix K&R compilation
+ [d182e8920f13]
-2008-05-08 17:54 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [791a5cbf04e5]
- * parse.c: remove an XXX that was fixed
+2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-05-08 12:53 millert
+ * config.h.in:
+ Add missing HAVE_BSM_AUDIT
+ [49ad1bb96f04]
- * ChangeLog: sync
+ * WHATSNEW:
+ Add 1.7.1 features
+ [f107f1604c61]
-2008-05-08 12:49 millert
+ * INSTALL:
+ Mention --with-netsvc
+ [d1e90d147795]
- * parse.c: Initialize tags to UNSPEC instead of def_* in "sudo -l"
- mode. This fixes a problem where the tag value printed was
- influenced by defaults set in the first pass through the parser.
+ * sudoers.ldap.pod:
+ Document netsvc.conf support
+ [e78f8abce6af]
-2008-05-03 21:29 millert
+ * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
+ sudo_nss.h:
+ Add support for AIX netsvc.conf (like nsswitch.conf).
+ [1df56a84dee5]
- * Makefile.in, sudo.psf: No point in packaging the TODO file
+2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-05-03 21:24 millert
+ * config.h.in, configure, configure.in, env.c:
+ Add --enable-env-debug flag to enable environment sanity checks.
+ [128cdd8832e7]
- * ChangeLog: sync
+ * sudoers.ldap.pod, sudoers.pod:
+ Work around some pod2html issue.
+ [e733b9609bd2]
-2008-05-02 20:53 millert
+2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
- sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod: Add env_file
- Defaults option that is similar to /etc/environment on some
- systems.
+ * env.c:
+ Only sync environ for putenv, setenv, and unsetenv. We need to make
+ sure that sudo_putenv and sudo_setenv only modify env.envp, not
+ environ.
+ [be3ac732243c]
-2008-05-02 16:38 millert
+2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
- sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in,
- sudoers.man.in, version.h, visudo.cat, visudo.man.in: change
- version to 1.7.0
+ * env.c:
+ Really fix UNSETENV_VOID
+ [08ab7e882507]
-2008-05-02 16:37 millert
+ * env.c:
+ Fix unsetenv when UNSETENV_VOID
+ [d3038b3f2f15]
- * UPGRADE: initial valgrind pass done
+ * aclocal.m4, configure:
+ Fix SUDO_FUNC_PUTENV_CONST
+ [de35569c572b]
-2008-04-23 08:30 millert
+ * ldap.c:
+ tivoli-based ldap does not have ldapssl_err2string
+ [c63fd90d5e99]
- * ldap.c: Fix typo/think in sudo_ldap_read_secret() when storing
- the secret.
+ * configure:
+ regen
+ [f38f1ee828ad]
-2008-04-11 10:03 millert
+2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: define LDAPS_PORT if the system headers do not
+ * config.h.in, configure, configure.in, ldap.c:
+ Add support for Tivoli-based LDAP start TLS as seen in AIX.
+ Untested.
+ [8f8771829f85]
-2008-04-10 14:54 millert
+ * env.c:
+ Add sanity checks for setenv/unsetenv
+ [adbd1d95856b]
- * gram.c, gram.y: Fix another memory leak in init_parser().
+ * Makefile.in:
+ Include bsm_audit.h in the tarball
+ [4a4aa02b2c32]
-2008-04-10 12:51 millert
+ * Makefile.in, version.h:
+ bump version for sudo 1.7.1
+ [362c71d21595]
- * configure, configure.in: There was a missing space before the
- ldap libs in SUDO_LIBS for some configurations.
+ * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
+ env.c, ldap.c, sudo.h:
+ Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
+ provide our own setenv/unsetenv/putenv that operates on own env
+ pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
+ [276edcd23032]
-2008-04-10 11:28 millert
+2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * alias.c, gram.c, gram.y, toke.c, toke.l: Clean up some memory
- leaks pointed out by valgrind.
+ * sudo.c:
+ Make "sudoedit -h" work as expected
+ [2bcbbb45d389]
-2008-04-07 14:39 millert
+ * auth/pam.c:
+ Make sure def_prompt is always defined. This is a workaround for
+ pam configs that prompt for a password in the session but don't have
+ an auth line. A better fix is to expand the sudo prompt earlier and
+ set def_prompt to that when initializing.
+ [ee073c04aec3]
- * sudo.c: fix "sudo -s" broken by mode/flags breakout
+ * sudo.pod:
+ Mention that the helper for -A may be graphical.
+ [b64a940c4082]
-2008-04-07 14:26 millert
+ * TROUBLESHOOTING:
+ Document what happens if there is no tty.
+ [313d58a856a5]
- * configure, configure.in: remove duplicate check for dgettext
+ * sudo.c:
+ cosmetic changes
+ [894f5e3b0c3e]
-2008-04-05 15:54 millert
+ * term.c:
+ Fix term_restore
+ [6c6315ff14bc]
- * aix.c: Fall back to default stanza if no user-specific limit is
- found.
+ * sudo.c:
+ Fix "sudo -k" with no other args
+ [59e94dc419c6]
-2008-04-02 15:56 millert
+2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * snprintf.c: include stdint.h if present
+ * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
+ Allow the -k flag to be specified in conjunction with a command or
+ another option that may require authentication.
+ [5960ff20355d]
-2008-04-02 15:28 millert
+2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * snprintf.c: Use LLONG_MAX, not the old QUAD_MAX
+ * configure, configure.in:
+ Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
+ [e86ab69c4a57]
-2008-04-01 19:18 millert
+ * Makefile.in:
+ Parallel make fix. From Diego E. 'Flameeyes'
+ [1289d7ee27db]
- * sudoers.ldap.pod: fix cut and pasto
+2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-31 11:24 millert
+ * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
+ Implement umask_override
+ [8b87a3f7c5aa]
- * pwutil.c: Add #ifdef PURITY
+ * toke.c:
+ regen
+ [79d7ca9ac873]
-2008-03-30 17:36 millert
+ * sudoers.pod, toke.l, visudo.c:
+ Implement %h escape in sudoers include filenames.
+ [a7f288dd64f0]
- * auth/bsdauth.c: remove useless cast
+ * audit.c:
+ Need to include compat.h
+ [c0dc07ce2f70]
-2008-03-27 19:07 millert
+ * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
+ Make audit_success and audit_failure generic functions in
+ preparation for integrating linux audit support.
+ [7df020a8fd6f]
- * ChangeLog: sync
+ * term.c:
+ remove duplicate include
+ [1dfcd01a7e46]
-2008-03-27 19:04 millert
+2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * TODO: sync
+ * bsm_audit.c:
+ Add missing include
+ [fb56e08c37ee]
-2008-03-27 19:01 millert
+ * sudo.c:
+ May need to update the runas user after parsing command-based
+ defaults.
+ [246f130d7802]
- * sudo.h: Split MODE_* defines into primary and flags.
+2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-26 13:11 millert
+ * glob.c:
+ Add missing pair of braces introduced with character class support.
+ [0e2afa2e03e9]
- * aix.c: It turns out the logic for getting AIX limits is more
- convoluted than I realized and differs depending on whether the
- soft and/or hard limits are defined.
+2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-23 10:18 millert
+ * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
+ Rename pwstars to pwfeedback
+ [a9f85a57ebac]
- * Makefile.in, configure, configure.in: Back out AIX-specific
- change to set the sudo_noexec path to the .a file, we do really
- want to use the .so file. Since libtool doesn't do that
- correctly, just install the .so file ourselves in the Makefile.
+2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-23 10:12 millert
+ * bsm_audit.c, bsm_audit.h:
+ Add const to make MacOS happy.
+ [4274432d6627]
- * install-sh: If the file given to install is a path, only use the
- basename of the file when building the destination path.
+ * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
+ configure.in, sudo.c:
+ Add bsm audit support from Christian S.J. Peron
+ [bef61cd8693d]
-2008-03-18 16:08 millert
+ * term.c:
+ This is new code, no DARPA notice.
+ [ec6ad09b9c23]
- * sudo.c: parse_args() cleanup: Sort command line options in the
- getopt() switch The -U option requires a parameter Normalize a
- few ISSET calls Split mode into mode and flags and retire the
- now-obsolete excl variable
+2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-18 16:04 millert
+ * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
+ Rename simple_glob -> fast_glob
+ [68d9ed803cc1]
- * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
- sudo.pod, sudo_usage.h.in: Add -n (non-interactive) flag.
+ * match.c:
+ g/c unused var
+ [693fa0464eb6]
-2008-03-18 15:59 millert
+ * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
+ Add simple_glob option to use fnmatch() instead of glob(). This is
+ useful when you need to specify patterns that reference network file
+ systems.
+ [77ba634f6949]
- * sudo.c: Move version printing, etc. into a separate function.
+ * tgetpass.c:
+ add term_* proto
+ [520f5149d073]
-2008-03-18 15:57 millert
+ * sudoers.pod:
+ mention glob()
+ [ddaab8e03c52]
- * sudo.c: Don't try to cleanup nsswitch if it has not been
- initialized.
+2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-17 11:09 millert
+ * tgetpass.c:
+ Delete any pwstars we wrote after the user hits return. That way
+ there is no record on screen as to the user's password length.
+ [fae25cda762b]
- * logging.c: Block SIGPIPE in send_mail() so sudo is not killed by
- a problem executing the mailer.
+2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-14 08:11 millert
+ * term.c:
+ Move terminal setting bits from tgetpass.c to term.c
+ [03d43325ee99]
- * configure.in, configure: AIX shared libs end in .a, not .so.
+ * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
+ tgetpass.c:
+ Add pwstars sudoers option that causes sudo to print a star every
+ time the user presses a key.
+ [7aab417e184d]
-2008-03-13 07:34 millert
+2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Preserve HOME by default too. Matches documentation and
- previous behavior.
+ * Makefile.in:
+ Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
+ [64f70e879816]
-2008-03-12 19:42 millert
+2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Use getopt() to parse the command line. We need to be
- able to intersperse env variables and options yet still honor
- "--"" which complicates things slightly.
+ * ldap.c:
+ For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
+ indicate no limit. From Mark Janssen.
+ [e2c5732d54f5]
-2008-03-06 14:46 millert
+2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * ChangeLog: sync
+ * toke.c, toke.l:
+ Comments that begin with #- should not be parsed as uids.
+ [a72a50f12f41]
-2008-03-06 14:43 millert
+2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * acsite.m4, configure, ltmain.sh: update to libtool-1.5.26
+ * sudo.c:
+ Do not try to set the close on exec flag if we didn't actually open
+ sudoers.
+ [ece3ca256904]
-2008-03-06 14:32 millert
+2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.guess, config.sub: update from libtool-1.5.26 distribution
+ * ChangeLog:
+ regen
+ [e11f0e4c1bdd] [SUDO_1_7_0]
-2008-03-06 13:18 millert
+2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * aix.c, sudo.h: attempt to fix compilation errors on AIX
+ * TODO:
+ sync
+ [5b8954462bb3]
-2008-03-06 13:08 millert
+2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: fix typo in last commit
+ * auth/pam.c:
+ Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
+ password prompt.
+ [8563601cb3de]
-2008-03-06 13:07 millert
+ * configure, configure.in:
+ Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
+ as it cannot generate shared objects.
+ [6d4262ef9669]
- * Makefile.in: Add WHATSNEW file to the distribution
+ * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
+ K&R compilation fixes
+ [77921678d17c]
-2008-03-06 12:43 millert
+ * parse.c:
+ Use tq_foreach_fwd when checking pseudo-commands to make it clear
+ that we are not short-circuiting on last match. When pwcheck is
+ 'all', initialize nopass to TRUE and override it with the first non-
+ TRUE entry.
+ [96b209f4778f]
- * visudo.c: use warningx instead of fprintf(stderr, ...)
+2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-06 12:31 millert
+ * parse.c:
+ Do not short circuit pseudo commands when we get a match since,
+ depending on the settings, we may need to examine all commands for
+ tags.
+ [fdbaf89d6f35]
- * list.c: add DEBUG to list2tq
+2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-06 12:28 millert
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [1ecce7c1b841]
- * ChangeLog, TODO: sync
+ * sudoers.pod:
+ hostnames may also contain wildcards
+ [82b76695601c]
-2008-03-06 12:21 millert
+ * Makefile.in:
+ remove stamp-* files and linux core files in clean target
+ [22003f091467]
- * WHATSNEW: mention mailfrom
+2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-06 12:19 millert
+ * auth/sudo_auth.h, config.h.in, configure, configure.in:
+ Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
+ [6905bede8410]
- * Makefile.in, config.h.in, configure, configure.in, set_perms.c,
- sudo.h, aix.c: Add aix_setlimits() to set resource limits on AIX
- using a combination of getuserattr() and setrlimit(). Currently
- untested.
+2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-05 16:52 millert
+ * configure, configure.in:
+ correctly enable SIA on Digital UNIX
+ [a51881d13995]
- * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
- sudoers.pod, sudoers.man.in: Add mailfrom Defaults option that
- sets the value of the From: field in the warning/error mail. If
- unset the login name of the invoking user is used.
+ * TODO:
+ checkpoint
+ [af0fe8d94d42]
-2008-03-05 16:18 millert
+ * ChangeLog:
+ sync
+ [831f623cf99c]
- * defaults.c: store a copy of _PATH_SUDO_ASKPASS in def_askpass
- that is freeable
+2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-05 15:19 millert
+ * check.c, sudo.h, tgetpass.c:
+ Even if neither stdin nor stdout are ttys we may still have /dev/tty
+ available to us.
+ [20f306ba883b]
- * gram.c, gram.y: When adding a default, only call list2tq() once
- to do the list to tq conversion. It is not legal to call list2tq
- multiple times on the same list since list2tq consumes and
- modifies the list argument.
+2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-05 09:38 millert
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [76d97c4c318f]
- * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: comment
- out XXXs for now
+ * sudoers.pod:
+ fix typos; Markus Lude
+ [bff8bc1e2066]
-2008-03-05 09:36 millert
+ * ChangeLog:
+ sync
+ [f108552531cd]
- * WHATSNEW: mention askpass
+ * toke.c:
+ regen
+ [de828413c67e]
-2008-03-04 17:20 millert
+ * toke.l:
+ Fix matching of a line that only consists of a comment char
+ [09c953d8d5ca]
- * sudo.c: Error out if both -A and -S are specified Error out if -A
- is specified but no askpass is configured
+2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-04 17:16 millert
+ * auth/pam.c:
+ MacOS pam will retry conversation function if it fails so just treat
+ ^C as an empty password.
+ [d056058930bc]
- * configure, configure.in: we are not going to ship a sudo-specific
- askpass
+ * visudo.c:
+ When checking for alias use, also check defaults bindings.
+ [2647f82c7dbd]
-2008-03-03 14:30 millert
+ * redblack.c:
+ unused var
+ [b7ff71c17c18]
- * sudo.h: fix definition of TGP_ASKPASS
+ * redblack.c:
+ Replace my rbdelete with Emin's version (which actually works ;-)
+ [21b133dd0c72]
-2008-03-03 13:54 millert
+2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.c, def_data.in: make askpass boolean-capable
+ * testsudoers.c:
+ malloc debugging
+ [0fb446fa3279]
-2008-03-03 13:53 millert
+ * visudo.c:
+ malloc options in devel mode for visudo too
+ [98d06c6afeef]
- * INSTALL: document --with-askpass
+2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-03-02 19:27 millert
+ * sudo.c:
+ fix compilation on non-C99; from Theo
+ [7c304e16c536]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
- sudoers.ldap.cat, visudo.cat: regen
+ * visudo.c:
+ fix check_aliases
+ [83f30a3b1765]
-2008-03-02 17:31 millert
+ * alias.c:
+ when destroying an alias, free the correct data pointer
+ [6e1a8bd86c01]
- * sudo.pod, sudo_usage.h.in, sudoers.pod: document -A and askpass
+ * auth/sudo_auth.h:
+ add proto for aixauth_cleanup; from Dale King
+ [eba94ffc8f63]
-2008-03-02 09:31 millert
+2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c, configure, configure.in, def_data.c, def_data.h,
- def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
- sudo_usage.h.in, tgetpass.c, auth/sudo_auth.c: Add support for
- running a helper program to read the password when no tty is
- present (or when specified with the -A flag). TODO: docs.
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [409fa57fff83]
-2008-03-02 08:38 millert
+ * sudo.pod, sudoers.pod, visudo.pod:
+ standardize on the term 'option' for command line options (not flag)
+ [228caefc2e36]
- * def_data.c, def_data.in: add missing printf format to SELinux
- role and type strings
+2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-02-27 09:26 millert
+ * INSTALL:
+ Add note on configuring HP-UX pam
+ [f7674a581baf]
- * INSTALL, configure, configure.in: Disable use of
- gss_krb5_ccache_name() by default and add
- --enable-gss-krb5-ccache-name configure option to enable it. It
- seems that gss_krb5_ccache_name() doesn't work properly with some
- combinations of Heimdal and OpenLDAP.
+2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-02-22 15:33 millert
+ * check.c, sudo.c:
+ Move tty checks into check_user() so we only do them if we actually
+ need a password.
+ [7d997d7106d6]
- * selinux.c: Ignore setexeccon() failing in permissive mode. Also
- add a call to setkeycreatecon() (though this is probably
- insufficient). From Dan Walsh.
+ * sudo.c:
+ Don't error out if no tty or askpass unless we actually need to
+ authenticate.
+ [9f23b83ed66c]
-2008-02-22 15:19 millert
+2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: Only set std_prompt for the PAM_PROMPT_* cases. The
- conversation function may be called for non-password reading
- purposes so we must be careful not to use def_prompt in cases
- where it may not be set.
+ * ChangeLog:
+ regen
+ [23f9aef32da6]
-2008-02-20 12:00 millert
+ * pathnames.h.in, sudo.c:
+ s/overriden/overridden/; from Tobias Stoeckmann
+ [9f7459a8fac5]
- * selinux.c: Don't free the new tty context, we need to keep it
- around when we restore the tty context after the command
- completes
+2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-02-19 16:04 millert
+ * WHATSNEW, visudo.c:
+ check sudoers owner and mode in strict mode
+ [a3468c5ac1c4]
- * selinux.c: s/newrole/sudo/
+ * gram.c, toke.c:
+ regen
+ [7d6b515a5443]
-2008-02-19 13:21 millert
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ Update copyright years.
+ [52d340cb8cba]
- * sudo.man.pl, sudo.pod: Only put login_cap(3) in SEE ALSO section
- if we have login.conf support
+ * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
+ auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
+ closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
+ gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
+ interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
+ parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
+ sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
+ testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
+ visudo.pod, zero_bytes.c:
+ Update copyright years.
+ [b4e6bf2beafa]
-2008-02-18 11:05 millert
+ * emul/charclass.h, fnmatch.c, glob.c:
+ add my copyright
+ [28681385014a]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
- sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
- regen
+2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-02-18 10:53 millert
+ * toke.c, toke.l:
+ The loop in fill_cmnd() was going one byte too far past the end,
+ resulting in a NUL being written immediately after the buffer end.
+ [a5a49d603cd7]
- * Makefile.in, configure, configure.in, sudo.man.pl, sudo.pod,
- sudoers.man.pl, sudoers.pod: Substitute in comment characters for
- lines partaining to login.conf, BSD auth and SELinux and only
- enable them if pertinent.
+ * UPGRADE, WHATSNEW:
+ add sections on tgetpass changes
+ [2e6929b6a102]
-2008-02-18 10:42 millert
+ * tgetpass.c:
+ Treat EOF w/o newline as an error.
+ [aa02b1db9240]
- * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
- Remove the =cut on the first line (above the copyright notice) to
- quiet pod2man. Also remove the hackery in the FILES section and
- just deal with the fact that there will a newline between each
- pathname.
+2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-02-17 08:19 millert
+ * parse.c:
+ Fix "sudo -v" when NOPASSWD is set.
+ [f4914711ea80]
- * Makefile.in: run sudo.man.pl when generating sudo.man.in
+ * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
+ auth/sudo_auth.h:
+ No longer treat an empty password at the prompt as special. To quit
+ out of sudo you now need to hit ^C at the password prompt.
+ [980f760ad419]
-2008-02-17 08:11 millert
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [6ca21a2cd869]
- * configure, configure.in, sudo.man.pl: comment out SELinux manual
- bits unless --with-selinux was specified
+ * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
+ Sudo will now refuse to run if no tty is present unless the new
+ visiblepw sudoers flag is set.
+ [0cc56943252e]
-2008-02-17 08:04 millert
+2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: document role and type defaults for SELinux
+ * aix.c:
+ just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
+ defined
+ [24fc6f712d5c]
-2008-02-16 20:26 millert
+ * aix.c:
+ fix fallback value for RLIM_SAVED_MAX
+ [e09e04e1af89]
- * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
- Document "sudo -ll" and make "sudo -l -l" be equivalent.
+ * auth/aix_auth.c, auth/sudo_auth.h:
+ Move clearing of AUTHSTATE into aixauth_cleanup.
+ [e14ae7bd259c]
-2008-02-15 15:23 millert
+ * auth/aix_auth.c, env.c:
+ Unset AUTHSTATE after calling authenticate() as it may not be
+ correct for the user we are running the command as.
+ [d14f68f1b0ab]
- * configure.in, configure: Treat k*bsd*-gnu like Linux, not BSD.
- Fixes compilation problems on Debian GNU/kFreeBSD.
+ * isblank.c:
+ Add isblank() function for systems without it. Needed for POSIX
+ character class matching in fnmatch.c and glob.c.
+ [16cba30b283f]
-2008-02-13 17:17 millert
+2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/kerb5.c: Avoid Heimdal'isms introduced in the rev 1.32
- rewrite of verify_krb_v5_tgt()
+ * TROUBLESHOOTING:
+ expound on sudo and cd
+ [8e0fa9033637]
-2008-02-13 07:28 millert
+2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c, logging.h, sudo.c: Remove dependence on
- VALIDATE_NOT_OK in logging functions. Split log_auth() into
- log_allowed() and log_denial() Replace mail_auth() with
- should_mail() and a call to send_mail()
+ * ChangeLog:
+ regen
+ [40cf320a10fc]
-2008-02-10 18:06 millert
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [7cac761ae2c6]
- * ldap.c: Add debugging so we can tell if the krb5 ccache is
- accessible
+ * sudoers.pod:
+ mention defauts parse order
+ [4e2ce86d1394]
-2008-02-10 17:34 millert
+2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL: mention --with-selinux
+ * Makefile.in, aclocal.m4, compat.h, configure:
+ Add isblank() function for systems without it. Needed for POSIX
+ character class matching in fnmatch.c and glob.c.
+ [a1ab55da8424]
-2008-02-09 09:48 millert
+ * Makefile.in:
+ add emul/charclass.h to HDRS
+ [7e8a019dcaa4]
- * configure: regen
+2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-02-09 09:43 millert
+ * TODO:
+ checkpoint
+ [afeb9bc1baed]
- * selinux.c: add Sudo tag
+ * defaults.c, parse.c, testsudoers.c, visudo.c:
+ Move update_defaults into defaults.c and call it properly from
+ visudo and testsudoers.
+ [f4dbb369461f]
-2008-02-09 09:30 millert
+ * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
+ tsgetgrpw.c:
+ use zero_bytes() instead of memset() for consistency
+ [4cee0465f4a8]
- * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
- def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
- pathnames.h.in, selinux.c, sesh.c, sudo.c, sudo.cat, sudo.h,
- sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.ldap.cat,
- sudoers.ldap.man.in, sudoers.ldap.pod, testsudoers.c, toke.c,
- toke.l: Add support for SELinux RBAC. Sudoers entries may
- specify a role and type. There are also role and type defaults
- that may be used. To make sure a transition occurs, when using
- RBAC commands are executed via the new sesh binary. Based on
- initial changes from Dan Walsh.
+ * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
+ visudo.c:
+ Zero out sigaction_t before use in case it has non-standard entries.
+ [120092225459]
-2008-02-08 08:18 millert
+ * match.c:
+ quiet gcc
+ [098a1df49b23]
- * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c: Add long
- list (sudo -ll) support for printing verbose LDAP and sudoers
- file entries. Still need to update manual.
+ * match.c:
+ Short circuit glob() checks if basename(pattern) !=
+ basename(command). Refactor code that checks for a command in a
+ directory and use it in the glob case if the resolved pattern ends
+ in a '/'.
+ [3c46fd317acb]
-2008-02-03 10:43 millert
+2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h: Unify the -l
- output for file and ldap based sudoers and use lbufs for both.
- The ldap output does not currently include options that cannot be
- represented as tags. This will be remedied in a long list output
- mode to come.
+ * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
+ Defer setting runas defaults until after runaspw/gr is setup.
+ [12e75ee49c0c]
-2008-01-27 16:37 millert
+2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c: Use a specific error message for errno == EAGAIN
- when setuid() et al fails. On Linux systems setuid() will fail
- with errno set to EAGAIN if changing to the new uid would result
- in a resource limit violation.
+ * match.c, sudo.c, testsudoers.c:
+ Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
+ systems do not include space for the NUL in the size. Also manually
+ NUL-terminate buffer from gethostname() since POSIX is wishy-washy
+ on this.
+ [7266ab3296a3]
-2008-01-27 16:34 millert
+2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Unlimit nproc on Linux systems where calling the setuid()
- family of syscalls causes the nroc resource limit to be checked.
- The limits will be reset by pam_limits.so when PAM is used. In
- the non-PAM case the nproc limit will remain unlimited but there
- doesn't seem to be a way around that other than having sudo parse
- /etc/security/limits.conf directly.
+ * sudo.c, sudoers.pod:
+ When setting the umask, use the union of the user's umask and the
+ default value set in sudoers so that we never lower the user's umask
+ when running a command.
+ [4e804b004e38]
-2008-01-27 16:31 millert
+ * sudo.c:
+ Don't try to read from a zero-length sudoers file. Remove the bogus
+ Solaris work-around for EAGAIN. Since we now use fgetc() it should
+ not be a problem.
+ [bb8e5f68d944]
- * env.c, sudo.c, sudo.pod: Only read /etc/environment on Linux and
- AIX
+2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-23 06:33 millert
+ * parse.c:
+ In update_defaults() check the return value of user*_matches against
+ ALLOW so we don't inadvertantly match on UNSPEC.
+ [4e422fa1527e]
- * configure, configure.in: Use SUDO_DEFINE_UNQUOTED instead of
- AC_DEFINE_UNQUOTED to prevent ldap.conf and ldap.secret paths
- from going into config.h. Avoid single quotes in variable
- expansion when using SUDO_DEFINE_UNQUOTED since in some versions
- of bash they will end up literally in the resulting define.
+2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-21 13:22 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen man pages; no more hyphenation
+ [15de4fe2fe01]
- * README.LDAP: mention --with-nsswitch=no
+ * sudo.c:
+ Don't error out on a zero-length sudoers file. With the advent of
+ #include the user could create a situation where sudo is unusable.
+ [6eb461319fa5]
-2008-01-21 11:43 millert
+2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: ldap_ssl.h depends on ldap.h being
- included first
+ * auth/kerb5.c, config.h.in, configure, configure.in:
+ Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
+ krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
+ all. Add configure tests to handle all the cases.
+ [4b554a98470d]
-2008-01-21 11:07 millert
+2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in, ldap.c, config.h.in: Include ldap_ssl.h
- if we can find it. Needed for the ldapssl_set_strength defines
- on HP-UX at least.
+ * sudo.pod:
+ resort ENVIRONMENT
+ [f4f20f40653e]
-2008-01-21 10:02 millert
+ * sudoers.pod:
+ document sudoers_locale
+ [0bffd2dbe806]
- * TODO, sudoers.ldap.pod: sync
+ * sudo.pod, sudo_edit.c:
+ add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
+ or EDITOR
+ [0ef8cb248cee]
-2008-01-21 10:01 millert
+ * toke.c, toke.l:
+ In fill_cmnd(), collapse any escaped sudo-specific characters.
+ Allows character classes to be used in pathnames.
+ [5685244c8e44]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
- sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
- regen
+2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-21 10:00 millert
+ * lbuf.c:
+ fix typo in non-C89 function declaration
+ [99a7113b3a05]
- * Makefile.in: Use 78n line length when formatting cat pages.
+ * sudoers.pod:
+ Mention POSIX characters classes now that out fnmatch() and glob()
+ support them.
+ [9c916f1230c3]
-2008-01-21 09:50 millert
+ * sample.sudoers, sudoers.pod:
+ Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
+ locale agnostic.
+ [a60a62bec244]
- * README.LDAP: Remove redundant info that is now in
- sudoers.ldap.pod
+ * parse.h:
+ use __signed char if we are going to assign a negative value since
+ on Power, char is unsigned by default
+ [2877b319df17]
-2008-01-20 16:18 millert
+ * config.h.in, configure, configure.in:
+ Add tests for __signed char and signed char.
+ [5eb874fdf1d4]
- * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
- Reorganize the first section a bit. Substitute the proper path
- for /etc/sudoers.
+ * aix.c:
+ Fix AIX limit setting. getuserattr() returns values in disk blocks
+ rather than bytes. The default hard stack size in newer AIX is
+ RLIM_SAVED_MAX. From Dale King.
+ [3db67415ecc3]
-2008-01-20 10:17 millert
+2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
- Substitute values for ldap.conf, ldap.secret and nsswitch.conf
- Move schema into EXAMPLES
+ * emul/charclass.h, fnmatch.c, glob.c:
+ Add character class support to included glob(3) and fnmatch(3).
+ [6b5b4ad77899]
-2008-01-20 10:15 millert
+2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in, configure: Substitute values for ldap.conf,
- ldap.secret and nsswitch.conf into sudoers.ldap.man.
+ * emul/fnmatch.h:
+ Remove UCB advertising clause and some compatibility defines.
+ [2ade7bee74e1]
-2008-01-19 20:35 millert
+2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: substitute for sudoers.ldap.man
+ * sudo_edit.c:
+ Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
+ or sudo. This allows one to set EDITOR to sudoedit without getting
+ into an infinite loop of sudoedit running itself until the path gets
+ too big.
+ [aa49ab68f82d]
-2008-01-19 20:34 millert
+ * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
+ Add sudoers_locale Defaults option to override the default sudoers
+ locale of "C".
+ [0639886a35bf]
- * Makefile.in: Fix cut & pasto introduced when adding sudoers.ldap
- man page.
+2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-19 20:25 millert
+ * sudo.c:
+ Set locale to system default except for during sudoers parse.
+ [016dd2736728]
- * sudoers.ldap.pod, sudoers.ldap.cat, sudoers.ldap.man.in: Fill in
- some of the missing pieces. Still needs some reorganization and
- editing.
+2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-19 15:06 millert
+ * match.c:
+ Redo change in 1.34 to use pointer arithmetic.
+ [f9e7b63bb450]
- * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
- sudoers.ldap.pod: Beginnings of a sudoers.ldap man page.
- Currently, much of the information is adapted from README.LDAP.
+2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-18 17:32 millert
+ * match.c:
+ Fix a dereference (read) of a freed pointer. Reported by Patrick
+ Williams.
+ [69877b633753]
- * pwutil.c: When copying gr_mem we must guarantee that the storage
- space for gr_mem is properly aligned. The simplest way to do
- this is to simply store gr_mem directly after struct group. This
- is not a problem for gr_passwd or gr_name as they are simple
- strings.
+2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-18 16:47 millert
+ * sudo.c:
+ Set locale to "C" to avoid interpretation issues with character
+ ranges in sudoers. May want to make the locale a sudoers option in
+ the future.
+ [098a95de1746]
- * ldap.c: Fix a typo/thinko in one of the calls to
- sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
+2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-17 15:44 millert
+ * config.h.in:
+ we no longer use setproctitle
+ [c7f20fb747ea]
- * config.h.in, configure, configure.in, ldap.c: include
- <mps/ldap_ssl.h> in ldap.c if available
+ * sudo.h:
+ remove #if 1
+ [a368ee6816c6]
-2008-01-16 18:20 millert
+ * LICENSE, mkstemp.c:
+ Use my replacement mkstemp() from the mktemp package.
+ [d07c2beb0f9e]
- * gram.c, gram.y: Make sure we define SIZE_MAX for yacc's
- skeleton.c
+2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-16 13:03 millert
+ * gram.c:
+ regen with yacc skeleton bug fixed
+ [24784571cbb8]
- * tgetpass.c: Use TCSAFLUSH when restoring terminal settings (and
- echo) to guarantee that any pending output is discarded
+ * sudoers.pod:
+ Remove duplicate "as root". From Martin Toft.
+ [97241acfee5e]
-2008-01-15 17:18 millert
+2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers: no longer need to specify SETENV when user has sudo ALL
+ * pwutil.c, sudo.c, sudo.h, testsudoers.c:
+ Flesh out the fake passwd entry used for running commands as a uid
+ not listed in the passwd database. Fixes an issue with some PAM
+ modules.
+ [a6648227f3f2]
-2008-01-15 09:40 millert
+2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * testsudoers.c: sync user_args size calculation with sudo.c Add -g
- group option, renaming old -g to -G Add set_runasgr() and
- set_runaspw() and use them
+ * sudo.c:
+ Error out in -i mode if the user has no shell. This can happen when
+ running commands as a uid with no password entry.
+ [0c174bef36ff]
-2008-01-15 09:23 millert
+2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.h, sudo.c: Make set_runaspw static void
+ * toke.c, toke.l:
+ Better fix for line continuation inside double quotes. Now accepts
+ whitespace between the backslash and the newline like the main
+ lexer.
+ [64efcdf86d31]
-2008-01-15 09:17 millert
+2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * testsudoers.c, visudo.c: g/c set_runaspw stub
+ * toke.c, toke.l:
+ Fix line continuation in strings. It was only being honored if
+ preceded by whitespace.
+ [96c21271a3e4]
-2008-01-15 07:28 millert
+2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Don't add -llber twice.
+ * config.h.in, configure, configure.in, logging.c:
+ Replace the double fork with a fork + daemonize.
+ [328505441e67]
-2008-01-14 06:40 millert
+2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: fix typo
+ * env.c, sudo.c:
+ The -i flag should imply env_reset. This got broken in sudo 1.6.9.
+ [3caedfeaec87]
-2008-01-13 15:39 millert
+ * logging.c, sudo.c, sudo_edit.c, visudo.c:
+ Change how the mailer is waited for. Instead of having a SIGCHLD
+ handler, use the double fork trick to orphan the child that opens
+ the pipe to sendmail. Fixes a problem running su on some Linux
+ distros.
+ [b59ce60a393d]
- * gram.c: regen
+2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-13 14:57 millert
+ * configure, configure.in:
+ Fix configure test for dirfd() on Linux where DIR is opaque.
+ [b8f729cdfecc]
- * configure, configure.in: Fix check that determines whether -llber
- is required.
+2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-13 14:22 millert
+ * tgetpass.c:
+ Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
+ this problem we'll need to revisit this again.
+ [c17fee8ad530]
- * config.h.in, configure, configure.in, README.LDAP, ldap.c: For
- netscape-based LDAP, use ldapssl_set_strength() to implement the
- checkpeer ldap.conf option.
+2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-13 09:49 millert
+ * logging.c:
+ Ignore SIGPIPE instead of blocking it when piping to the mailer. If
+ we only block the signal it may be delivered later when we unblock.
+ Also, there is no need to block SIGCHLD since we no longer do the
+ double fork. The normal SIGCHLD handler is sufficient.
+ [e94a49e992e5]
- * auth/kerb5.c: Delay krb5_cc_initialize() until we actually need
- to use the cred cache, which is what krb5_verify_user() does.
- Better cleanup on failure.
+2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-12 12:40 millert
+ * configure, configure.in:
+ Add description for NO_PAM_SESSION, from a redhat patch.
+ [b9e4c939ec09]
- * auth/kerb5.c: Rewrite verify_krb_v5_tgt() based on what heimdal's
- krb5_verify_user() does.
+2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-09 14:58 millert
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Fix typos in -i usage
+ [2d7ce5de0235]
- * gram.c: The U suffix on constants is an ANSI feature
+2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-09 12:08 millert
+ * configure, configure.in:
+ Redo the test for dgettext() in a way that hopefully will work
+ around the libintl_dgettext() undefined problem.
+ [d27beb0cf85e]
- * configure.in, configure: Add check for ber_set_option() in -llber
+2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-06 19:02 millert
+ * schema.ActiveDirectory:
+ change filename in comment
+ [733da4ee9ac5]
- * README.LDAP: default if no nsswitch.conf is files only
+2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-06 17:28 millert
+ * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
+ sudoers.ldap.pod:
+ Reference schema.ActiveDirectory
+ [d6aec537800e]
- * README.LDAP: don't tell people to mail aaron about LDAP stuff
+2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-06 12:32 millert
+ * schema.OpenLDAP, schema.iPlanet:
+ Mark sudoRunAs as deprecated.
+ [00c50df807af]
- * README.LDAP: timelimit and bind_timelimit
+ * schema.ActiveDirectory:
+ add sudoRunAsUser and sudoRunAsGroup
+ [19bcce6f72fb]
-2008-01-06 08:54 millert
+ * schema.ActiveDirectory:
+ Active Directory schema by Chantal Paradis and Eric Paquet
+ [06a09c92c6a5]
- * ChangeLog: sync
+2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-06 07:56 millert
+ * parse.c:
+ remove an XXX that was fixed
+ [b88038062fa2]
- * ldap.c: Move ldap.secret reading into a separate function.
+ * ChangeLog:
+ sync
+ [8fc27c17270e]
-2008-01-05 19:09 millert
+ * parse.c:
+ Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
+ fixes a problem where the tag value printed was influenced by
+ defaults set in the first pass through the parser.
+ [588ccd630367]
- * check.c: user_runas -> runas_pw
+2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-05 18:59 millert
+ * Makefile.in, sudo.psf:
+ No point in packaging the TODO file
+ [9590248fffe1]
- * TODO: sync
+ * ChangeLog:
+ sync
+ [152acf4c6813]
-2008-01-05 18:59 millert
+2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c, sudo.pod, sudoers.pod: Add and document the %p escape in
- the password prompt. Based on a patch from Patrick Schoenfeld.
+ * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
+ sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
+ Add env_file Defaults option that is similar to /etc/environment on
+ some systems.
+ [1daf53d51e18]
-2008-01-05 18:25 millert
+2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Check strlcpy() return values.
+ * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
+ sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ version.h, visudo.cat, visudo.man.in:
+ change version to 1.7.0
+ [d41d126b9bd8]
-2008-01-05 18:12 millert
+ * UPGRADE:
+ initial valgrind pass done
+ [c59c3876d8ca]
- * ldap.c: refactor ldap binding code into sudo_ldap_bind_s()
+2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-05 16:35 millert
+ * ldap.c:
+ Fix typo/think in sudo_ldap_read_secret() when storing the secret.
+ [830d246c09b0]
- * README.LDAP: Make it clear that host and uri can take multiple
- parameters. URI is now supported for more than just openldap
- nsswitch.conf does't accept "compat"
+2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-05 16:27 millert
+ * ldap.c:
+ define LDAPS_PORT if the system headers do not
+ [247b12325701]
- * sudo.c: comment cleanup and update (c) year
+2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-05 16:25 millert
+ * gram.c, gram.y:
+ Fix another memory leak in init_parser().
+ [7bba47deba11]
- * parse.c, sudo_nss.c: Move display_privs() and display_cmnd() from
- parse.c to sudo_nss.c. This should make it possible to build an
- LDAP-only sudo binary.
+ * configure, configure.in:
+ There was a missing space before the ldap libs in SUDO_LIBS for some
+ configurations.
+ [7524cfc93759]
-2008-01-05 13:27 millert
+ * alias.c, gram.c, gram.y, toke.c, toke.l:
+ Clean up some memory leaks pointed out by valgrind.
+ [a965866ece1a]
- * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h: Improve chaining of
- multiple sudoers sources by passing in the previous return value
- to the next in the chain
+2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-05 13:26 millert
+ * sudo.c:
+ fix "sudo -s" broken by mode/flags breakout
+ [acffe984d408]
- * gram.y: Free up parser data structures in sudo_file_close().
+ * configure, configure.in:
+ remove duplicate check for dgettext
+ [58145529133c]
-2008-01-05 08:13 millert
+2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * gram.c, parse.c: Free up parser data structures in
- sudo_file_close().
+ * aix.c:
+ Fall back to default stanza if no user-specific limit is found.
+ [7b8cb29123ee]
-2008-01-05 07:59 millert
+2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Parse uri ourself if no ldap_initialize() is present Use
- ldap_create() instead of deprecated ldap_init() Use
- ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
+ * snprintf.c:
+ include stdint.h if present
+ [f0ec38529306]
-2008-01-05 07:56 millert
+ * snprintf.c:
+ Use LLONG_MAX, not the old QUAD_MAX
+ [01041ce508fb]
- * config.h.in, configure, configure.in: Add check for
- ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from CFLAGS
+2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-04 09:56 millert
+ * sudoers.ldap.pod:
+ fix cut and pasto
+ [34240fdef5ab]
- * configure.in, configure, config.h.in: add check for ldap_create
+2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-03 16:11 millert
+ * pwutil.c:
+ Add #ifdef PURITY
+ [ce1b571ad526]
- * config.h.in, configure, configure.in, ldap.c: Add
- sudo_ldap_get_first_rdn() to return the first rdn of an entry's
- dn using the mechanism appropriate for the LDAP SDK in use. Use
- ldap_unbind_ext_s() instead of deprecated ldap_unbind_s().
- Emulate ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's
- without them.
+2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-03 16:02 millert
+ * auth/bsdauth.c:
+ remove useless cast
+ [494f8a862e1d]
- * lbuf.c: include unistd.h
+2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-03 11:05 millert
+ * ChangeLog:
+ sync
+ [f5c97ffaabcc]
- * config.h.in, configure.in: fix typo in mtim_getnsec
+ * TODO:
+ sync
+ [96ff1c44c182]
-2008-01-02 15:29 millert
+ * sudo.h:
+ Split MODE_* defines into primary and flags.
+ [c02ee3027cb9]
- * config.h.in, configure.in, configure: add check for st__tim in
- struct stat as used by SCO
+2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-02 11:05 millert
+ * aix.c:
+ It turns out the logic for getting AIX limits is more convoluted
+ than I realized and differs depending on whether the soft and/or
+ hard limits are defined.
+ [cf8d3f85d395]
- * ldap.c: use ldap_search_ext_s instead of deprecated ldap_search_s
+2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-02 10:09 millert
+ * Makefile.in, configure, configure.in:
+ Back out AIX-specific change to set the sudo_noexec path to the .a
+ file, we do really want to use the .so file. Since libtool doesn't
+ do that correctly, just install the .so file ourselves in the
+ Makefile.
+ [05c6f33177d9]
- * Makefile.in, TODO, sudo.cat, sudo.man.in: add sudo_nss.h to HDRS
+ * install-sh:
+ If the file given to install is a path, only use the basename of the
+ file when building the destination path.
+ [695ba4e429ce]
-2008-01-01 19:04 millert
+2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Replace deprecated ldap_explode_dn() with calls to
- ldap_str2dn() and ldap_rdn2str().
+ * sudo.c:
+ parse_args() cleanup: Sort command line options in the getopt()
+ switch The -U option requires a parameter Normalize a few ISSET
+ calls Split mode into mode and flags and retire the now-obsolete
+ excl variable
+ [0d156835f861]
-2008-01-01 18:37 millert
+ * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
+ sudo_usage.h.in:
+ Add -n (non-interactive) flag.
+ [e3e50400d32d]
- * ldap.c: Use ldap_get_values_len()/ldap_value_free_len() instead
- of the deprecated ldap_get_values()/ldap_value_free().
+ * sudo.c:
+ Move version printing, etc. into a separate function.
+ [18c91b476e2c]
-2008-01-01 17:07 millert
+ * sudo.c:
+ Don't try to cleanup nsswitch if it has not been initialized.
+ [aeb1ca1b399d]
- * TODO, ChangeLog: sync
+2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-01 17:06 millert
+ * logging.c:
+ Block SIGPIPE in send_mail() so sudo is not killed by a problem
+ executing the mailer.
+ [f130e7924cca]
- * gettime.c, sudo.c: Remove some already fixed XXXs
+2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-01 17:03 millert
+ * configure, configure.in:
+ AIX shared libs end in .a, not .so.
+ [a5deb07020d8]
- * ldap.c: Same return value as non-existent sudoers if LDAP was
- unable to connect.
+2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-01 16:52 millert
+ * env.c:
+ Preserve HOME by default too. Matches documentation and previous
+ behavior.
+ [c16f17f1047c]
- * sudo.pod: mention /etc/environment
+2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-01 16:42 millert
+ * sudo.c:
+ Use getopt() to parse the command line. We need to be able to
+ intersperse env variables and options yet still honor "--"" which
+ complicates things slightly.
+ [60f271ce5c16]
- * UPGRADE, WHATSNEW, README.LDAP: Update to reflect recent
- developments.
+2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2008-01-01 16:42 millert
+ * ChangeLog:
+ sync
+ [685e67964eda]
- * sudo.c: Print nsswitch.conf, ldap.conf and ldap.secret paths in
- -V output.
+ * acsite.m4, configure, ltmain.sh:
+ update to libtool-1.5.26
+ [4c9a8c3d3b40]
-2008-01-01 16:25 millert
+ * config.guess, config.sub:
+ update from libtool-1.5.26 distribution
+ [c6641aef2527]
- * ldap.c: When building up a query don't list groups in the aux
- group vector that are the same as the passwd file group. On most
- systems the first gid in the group vector is the same as the
- passwd entry gid.
+ * aix.c, sudo.h:
+ attempt to fix compilation errors on AIX
+ [edb13e5b2184]
-2008-01-01 14:01 millert
+ * Makefile.in:
+ fix typo in last commit
+ [25ba7f7ceae4]
- * env.c, ldap.c: Define LDAPNOINIT before calling ldap_init(), etc.
- to disable user ldaprc and system defaults that could affect how
- LDAP works.
+ * Makefile.in:
+ Add WHATSNEW file to the distribution
+ [213f4115de8f]
-2008-01-01 13:21 millert
+ * visudo.c:
+ use warningx instead of fprintf(stderr, ...)
+ [a3494b8ccb19]
- * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
- sudo_nss.c, sudo_nss.h: Rename read_nss -> sudo_read_nss Add
- --with-nsswitch to allow users to specify nsswitch.conf path or
- disable it. If --with-nsswitch=no but --with-ldap, order is
- LDAP, then sudoers. Fix --with-ldap-conf-file and
- --with-ldap-secret-file
+ * list.c:
+ add DEBUG to list2tq
+ [115d24a3000c]
-2008-01-01 13:12 millert
+ * ChangeLog, TODO:
+ sync
+ [60e6f4d1fac0]
- * parse.c: Honor def_ignore_local_sudoers
+ * WHATSNEW:
+ mention mailfrom
+ [e2498f9e18d6]
-2007-12-31 16:44 millert
+ * Makefile.in, aix.c, config.h.in, configure, configure.in,
+ set_perms.c, sudo.h:
+ Add aix_setlimits() to set resource limits on AIX using a
+ combination of getuserattr() and setrlimit(). Currently untested.
+ [9b1441fd89ca]
- * ldap.c: no longer need to check def_ignore_local_sudoers here
+2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-31 16:36 millert
+ * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
+ sudoers.man.in, sudoers.pod:
+ Add mailfrom Defaults option that sets the value of the From: field
+ in the warning/error mail. If unset the login name of the invoking
+ user is used.
+ [029b9f05d3d9]
+
+ * defaults.c:
+ store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
+ [a90e407d5e00]
+
+ * gram.c, gram.y:
+ When adding a default, only call list2tq() once to do the list to tq
+ conversion. It is not legal to call list2tq multiple times on the
+ same list since list2tq consumes and modifies the list argument.
+ [fbc25d245c4a]
- * parse.c: Refactor group vector resetting into a function and also
- call it from display_cmnd. Stop after the first sucessful match
- in display_cmnd. Print a newline between each display_privs
- method.
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ comment out XXXs for now
+ [595a1d43309d]
-2007-12-31 16:23 millert
+ * WHATSNEW:
+ mention askpass
+ [b993e0837c22]
- * parse.c: fix double free introduced in rev 1.218
+2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-31 16:10 millert
+ * sudo.c:
+ Error out if both -A and -S are specified Error out if -A is
+ specified but no askpass is configured
+ [24f1df2638f6]
- * ldap.c: belt and suspenders; zero out result after freeing it
+ * configure, configure.in:
+ we are not going to ship a sudo-specific askpass
+ [61949e7a3943]
-2007-12-31 15:04 millert
+2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c: Refactor line
- reading into a separate function, sudo_parseln(), which removes
- comments, leading/trailing whitespace and newlines. May want to
- rethink the use of sudo_parseln() for /etc/ldap.secret
+ * sudo.h:
+ fix definition of TGP_ASKPASS
+ [0447c57ba4c3]
-2007-12-31 14:26 millert
+ * def_data.c, def_data.in:
+ make askpass boolean-capable
+ [e0885893a325]
- * parse.c, sudo.c: Make the inability to read the sudoers file a
- non-fatal error if there are other sudoers sources available.
- sudoers_file_lookup now returns "not OK" if sudoers was not
- present
+ * INSTALL:
+ document --with-askpass
+ [c76e15ba97cf]
-2007-12-31 14:24 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.man.in, visudo.cat:
+ regen
+ [8d16242980b7]
- * ldap.c: make it clear that the global options are from LDAP
+2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-31 14:13 millert
+ * sudo.pod, sudo_usage.h.in, sudoers.pod:
+ document -A and askpass
+ [02c07505a78c]
- * logging.c: allocate proper amount of space for error string
+ * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
+ def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
+ sudo_usage.h.in, tgetpass.c:
+ Add support for running a helper program to read the password when
+ no tty is present (or when specified with the -A flag). TODO: docs.
+ [05780f5f71fd]
-2007-12-31 10:24 millert
+ * def_data.c, def_data.in:
+ add missing printf format to SELinux role and type strings
+ [2b32774715e7]
- * sudo_nss.c, sudo_nss.h: actual sudo nss code
+2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-31 10:08 millert
+ * INSTALL, configure, configure.in:
+ Disable use of gss_krb5_ccache_name() by default and add
+ --enable-gss-krb5-ccache-name configure option to enable it. It
+ seems that gss_krb5_ccache_name() doesn't work properly with some
+ combinations of Heimdal and OpenLDAP.
+ [f61ebd3b19bd]
- * ldap.c, parse.c, sudo.c, sudo.h: nss-ify display_privs and
- display_cmnd.
+2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-31 07:54 millert
+ * selinux.c:
+ Ignore setexeccon() failing in permissive mode. Also add a call to
+ setkeycreatecon() (though this is probably insufficient). From Dan
+ Walsh.
+ [52564fc1c069]
- * defaults.c, parse.c, testsudoers.c, visudo.c: move
- update_defaults() to parse.c
+ * auth/pam.c:
+ Only set std_prompt for the PAM_PROMPT_* cases. The conversation
+ function may be called for non-password reading purposes so we must
+ be careful not to use def_prompt in cases where it may not be set.
+ [29d88ca575ba]
-2007-12-31 07:39 millert
+2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
- Use nsswitch to hide some sudoers vs. ldap implementation details
- and reduce the number of #ifdef LDAP TODO: fix display routines
- and error handling
+ * selinux.c:
+ Don't free the new tty context, we need to keep it around when we
+ restore the tty context after the command completes
+ [5b4bd39b6ea8]
-2007-12-28 11:20 millert
+2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
- First cut at nsswitch.conf support. Further reorganizaton and
- related changes are forthcoming.
+ * selinux.c:
+ s/newrole/sudo/
+ [21b8a96ff8df]
-2007-12-21 16:53 millert
+ * sudo.man.pl, sudo.pod:
+ Only put login_cap(3) in SEE ALSO section if we have login.conf
+ support
+ [05250ddff2c0]
- * env.c, pathnames.h.in, sudo.c, sudo.h: Add support for reading
- and /etc/environment file. Still needs to be documented and
- should probably only applies to OSes that have it (AIX and Linux,
- maybe others).
+2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-21 16:20 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [301e5c5ccdbe]
+
+ * sudoers.pod:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [c1c98fa163ce]
+
+ * sudoers.man.pl:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [6c88f30b878a]
+
+ * sudo.pod:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [acdbdfd24e1d]
+
+ * sudo.man.pl:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [0c56d4750ac3]
+
+ * Makefile.in, configure, configure.in:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [9a02bd6a6658]
- * ldap.c: include limits.h
+ * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
+ Remove the =cut on the first line (above the copyright notice) to
+ quiet pod2man. Also remove the hackery in the FILES section and
+ just deal with the fact that there will a newline between each
+ pathname.
+ [2ac1ab191835]
-2007-12-20 10:02 millert
+2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * WHATSNEW: reword LDAP SASL
+ * Makefile.in:
+ run sudo.man.pl when generating sudo.man.in
+ [859727369168]
-2007-12-19 16:40 millert
+ * configure, configure.in, sudo.man.pl:
+ comment out SELinux manual bits unless --with-selinux was specified
+ [97ff4212b649]
- * TODO: sync
+ * sudoers.pod:
+ document role and type defaults for SELinux
+ [870f303366b3]
-2007-12-19 16:39 millert
+ * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
+ Document "sudo -ll" and make "sudo -l -l" be equivalent.
+ [3ce6dc429ea3]
+
+2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
+ Debian GNU/kFreeBSD.
+ [c4efa567a328]
+
+2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
+ verify_krb_v5_tgt()
+ [f80538e5a6fa]
+
+ * logging.c, logging.h, sudo.c:
+ Remove dependence on VALIDATE_NOT_OK in logging functions. Split
+ log_auth() into log_allowed() and log_denial() Replace mail_auth()
+ with should_mail() and a call to send_mail()
+ [58aac9997557]
+
+2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Add debugging so we can tell if the krb5 ccache is accessible
+ [c679322527bb]
+
+ * INSTALL:
+ mention --with-selinux
+ [9efbe0b52194]
+
+2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [467a834f867c]
+
+ * selinux.c:
+ add Sudo tag
+ [d004ee669bed]
+
+ * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
+ testsudoers.c, toke.c, toke.l:
+ Add support for SELinux RBAC. Sudoers entries may specify a role
+ and type. There are also role and type defaults that may be used.
+ To make sure a transition occurs, when using RBAC commands are
+ executed via the new sesh binary. Based on initial changes from Dan
+ Walsh.
+ [1d4abfe2c004]
+
+ * sesh.c:
+ Add support for SELinux RBAC. Sudoers entries may specify a role
+ and type. There are also role and type defaults that may be used.
+ To make sure a transition occurs, when using RBAC commands are
+ executed via the new sesh binary. Based on initial changes from Dan
+ Walsh.
+ [1e3b395ce049]
- * README.LDAP: Add an example sudoRole, clarify netscape vs.
- openldap a bit more
+ * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
+ def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
+ pathnames.h.in, selinux.c:
+ Add support for SELinux RBAC. Sudoers entries may specify a role
+ and type. There are also role and type defaults that may be used.
+ To make sure a transition occurs, when using RBAC commands are
+ executed via the new sesh binary. Based on initial changes from Dan
+ Walsh.
+ [6b421948286e]
+
+2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
+ Add long list (sudo -ll) support for printing verbose LDAP and
+ sudoers file entries. Still need to update manual.
+ [2875be37935c]
+
+2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
+ Unify the -l output for file and ldap based sudoers and use lbufs
+ for both. The ldap output does not currently include options that
+ cannot be represented as tags. This will be remedied in a long list
+ output mode to come.
+ [b2e429456596]
+
+2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Use a specific error message for errno == EAGAIN when setuid() et al
+ fails. On Linux systems setuid() will fail with errno set to EAGAIN
+ if changing to the new uid would result in a resource limit
+ violation.
+ [08d0aecd9f03]
+
+ * sudo.c:
+ Unlimit nproc on Linux systems where calling the setuid() family of
+ syscalls causes the nroc resource limit to be checked. The limits
+ will be reset by pam_limits.so when PAM is used. In the non-PAM
+ case the nproc limit will remain unlimited but there doesn't seem to
+ be a way around that other than having sudo parse
+ /etc/security/limits.conf directly.
+ [df024b415a8d]
+
+ * env.c, sudo.c, sudo.pod:
+ Only read /etc/environment on Linux and AIX
+ [90669e2aefdb]
+
+2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
+ ldap.conf and ldap.secret paths from going into config.h. Avoid
+ single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
+ since in some versions of bash they will end up literally in the
+ resulting define.
+ [25390f3ef10a]
+
+2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ mention --with-nsswitch=no
+ [c509df927263]
+
+ * configure, configure.in:
+ ldap_ssl.h depends on ldap.h being included first
+ [d96d90e9b21f]
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Include ldap_ssl.h if we can find it. Needed for the
+ ldapssl_set_strength defines on HP-UX at least.
+ [9e530470948a]
+
+ * sudoers.ldap.pod:
+ sync
+ [b9d101f4673a]
+
+ * TODO:
+ sync
+ [2ce951b2ecd0]
-2007-12-19 14:42 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [b61d793987e0]
- * README.LDAP: Be clear on what is OpenLDAP vs. Netscape-derived
+ * Makefile.in:
+ Use 78n line length when formatting cat pages.
+ [761bee9d5759]
-2007-12-19 14:28 millert
+ * README.LDAP:
+ Remove redundant info that is now in sudoers.ldap.pod
+ [01828dcce59e]
- * config.h.in, configure, configure.in, ldap.c: Use ldapssl_init()
- for ldaps support instead of trying to do it manually with
- ldap_init() + ldapssl_install_routines(). Use tls_cert and
- tls_key for cert7.db and key3.db respectively. Don't print
- debugging info for options that are not set. Add warning if
- start_tls specified when not supported.
+2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-19 14:25 millert
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Reorganize the first section a bit. Substitute the proper path for
+ /etc/sudoers.
+ [11ae165e065d]
- * ldap.c: fix compilation on solaris
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
+ schema into EXAMPLES
+ [ab6509d1dde7]
-2007-12-19 14:23 millert
+ * configure, configure.in:
+ Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
+ sudoers.ldap.man.
+ [6e689972f465]
- * Makefile.in: add missing .h and .c files for missing lib objs
+ * configure, configure.in:
+ substitute for sudoers.ldap.man
+ [5a4a25766dee]
-2007-12-18 09:54 millert
+ * Makefile.in:
+ Fix cut & pasto introduced when adding sudoers.ldap man page.
+ [a7b069af8894]
- * ldap.c: fix LDAP_OPT_NETWORK_TIMEOUT setting
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Fill in some of the missing pieces. Still needs some reorganization
+ and editing.
+ [5e7331722166]
-2007-12-17 20:10 millert
+2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: fix compilation on Solaris
+ * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
+ sudoers.ldap.pod:
+ Beginnings of a sudoers.ldap man page. Currently, much of the
+ information is adapted from README.LDAP.
+ [aad28c8a922d]
-2007-12-17 10:14 millert
+2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: fix typo
+ * pwutil.c:
+ When copying gr_mem we must guarantee that the storage space for
+ gr_mem is properly aligned. The simplest way to do this is to
+ simply store gr_mem directly after struct group. This is not a
+ problem for gr_passwd or gr_name as they are simple strings.
+ [af58fc76f1ed]
-2007-12-17 08:08 millert
+ * ldap.c:
+ Fix a typo/thinko in one of the calls to
+ sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
+ [70b2eb8097f5]
- * README.LDAP: try to clear up which variables are for OpenLDAP and
- which are for netscape-derived SDKs
+2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-17 07:31 millert
+ * config.h.in, configure, configure.in, ldap.c:
+ include <mps/ldap_ssl.h> in ldap.c if available
+ [34346206ef16]
- * config.h.in, configure, configure.in, ldap.c: Add support for
- "ssl on" in both netscape and openldap flavors. Only the
- OpenLDAP flavor has been tested.
+2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-17 07:28 millert
+ * gram.c, gram.y:
+ Make sure we define SIZE_MAX for yacc's skeleton.c
+ [d8a45c7a3c42]
- * logging.c, sudo.c, sudo.h: Call cleanup() before exit in
- log_error() instead of calling sudo_ldap_close() directly.
- ldap_conn can now be static to sudo.c
+ * tgetpass.c:
+ Use TCSAFLUSH when restoring terminal settings (and echo) to
+ guarantee that any pending output is discarded
+ [549a184479e5]
-2007-12-16 20:02 millert
+2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: ld -> ldap_conn
+ * sudoers:
+ no longer need to specify SETENV when user has sudo ALL
+ [3051b41f8032]
-2007-12-16 14:42 millert
+ * testsudoers.c:
+ sync user_args size calculation with sudo.c Add -g group option,
+ renaming old -g to -G Add set_runasgr() and set_runaspw() and use
+ them
+ [0850325180f0]
- * logging.c, sudo.c, sudo.h: Better ldap cleanup.
+ * sudo.c, sudo.h:
+ Make set_runaspw static void
+ [5d44d7a340ce]
-2007-12-16 14:08 millert
+ * testsudoers.c, visudo.c:
+ g/c set_runaspw stub
+ [79ebb5e2cc38]
- * ldap.c: Distinguish between LDAP conf settings that are
- connection-specific (which take an ld pointer) and those that are
- default settings (which do not).
+ * configure, configure.in:
+ Don't add -llber twice.
+ [4356d302eef4]
-2007-12-14 16:46 millert
+2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Improved warnings on error.
+ * ldap.c:
+ fix typo
+ [249cecc557e9]
-2007-12-14 15:59 millert
+2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Make ldap config table driven and set the config *after*
- we open the connection.
+ * gram.c:
+ regen
+ [2f94ea375b67]
-2007-12-13 16:41 millert
+ * configure, configure.in:
+ Fix check that determines whether -llber is required.
+ [6afa99523379]
- * ldap.c: fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
+ * README.LDAP, config.h.in, configure, configure.in, ldap.c:
+ For netscape-based LDAP, use ldapssl_set_strength() to implement the
+ checkpeer ldap.conf option.
+ [16ae24d73795]
-2007-12-13 09:13 millert
+ * auth/kerb5.c:
+ Delay krb5_cc_initialize() until we actually need to use the cred
+ cache, which is what krb5_verify_user() does. Better cleanup on
+ failure.
+ [d12e5f1695b8]
- * configure, configure.in: some operating systems need to link with
- -lkrb5support when using krb5
+2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-10 17:12 millert
+ * auth/kerb5.c:
+ Rewrite verify_krb_v5_tgt() based on what heimdal's
+ krb5_verify_user() does.
+ [05b5815f86c9]
- * WHATSNEW: minor update
+2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-12-10 10:56 millert
+ * gram.c:
+ The U suffix on constants is an ANSI feature
+ [c6dfce3167f1]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen
+ * configure, configure.in:
+ Add check for ber_set_option() in -llber
+ [43d0c0566074]
-2007-12-07 19:17 millert
+2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * TODO, ChangeLog: sync
+ * README.LDAP:
+ default if no nsswitch.conf is files only
+ [c13001d9c998]
-2007-12-07 19:09 millert
+2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif: add -g
- support for LDAP
+ * README.LDAP:
+ don't tell people to mail aaron about LDAP stuff
+ [8165ec1ef0c6]
-2007-12-03 11:36 millert
+ * README.LDAP:
+ timelimit and bind_timelimit
+ [44f74cbed167]
- * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in: The -i and -s flags
- can now take an optional command.
+ * ChangeLog:
+ sync
+ [aba1a0ab02bd]
-2007-12-02 12:13 millert
+ * ldap.c:
+ Move ldap.secret reading into a separate function.
+ [1948acc9f7a4]
- * def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
- sudoers.pod, auth/pam.c: Add passprompt_override flag to sudoers
- that will cause the prompt to be overridden in all cases. This
- flag is also set when the user specifies the -p flag.
+ * check.c:
+ user_runas -> runas_pw
+ [334490fc2bae]
-2007-12-01 19:51 millert
+2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Move setting of login class until after sudoers has been
- parsed. Set NewArgv[0] for -i after runas_pw has been set.
+ * TODO:
+ sync
+ [c7b165cc47c6]
-2007-12-01 19:34 millert
+ * check.c, sudo.pod, sudoers.pod:
+ Add and document the %p escape in the password prompt. Based on a
+ patch from Patrick Schoenfeld.
+ [3972d4f31ffa]
- * configure, configure.in: Move the dgettext check.
+ * ldap.c:
+ Check strlcpy() return values.
+ [9b42f3ae8ff1]
-2007-12-01 11:22 millert
+ * ldap.c:
+ refactor ldap binding code into sudo_ldap_bind_s()
+ [cb0c66a4d955]
- * config.h.in, configure, configure.in, auth/pam.c: Add basic
- support for looking up the string "Password: " in the PAM
- localized text db. This allows us to determine whether the PAM
- prompt is the default "Password: " one even if it has been
- localized.
+ * README.LDAP:
+ Make it clear that host and uri can take multiple parameters. URI is
+ now supported for more than just openldap nsswitch.conf does't
+ accept "compat"
+ [f610dea656d6]
- TODO: concatenate non-std PAM prompts and user-specified sudo
- prompts.
+ * sudo.c:
+ comment cleanup and update (c) year
+ [6cd69c810ca5]
-2007-11-27 18:40 millert
+ * parse.c, sudo_nss.c:
+ Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
+ This should make it possible to build an LDAP-only sudo binary.
+ [61c3f27066a0]
- * Makefile.in, config.h.in, configure.in, parse.c, set_perms.c,
- sudo.c, configure, sudo.h: Use AC_FUNC_GETGROUPS instead of a
- home-grown attempt that was insufficient.
+ * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
+ Improve chaining of multiple sudoers sources by passing in the
+ previous return value to the next in the chain
+ [2c0b722b1b2d]
-2007-11-27 12:13 millert
+ * gram.y:
+ Free up parser data structures in sudo_file_close().
+ [2251531d4519]
- * configure, acsite.m4, interfaces.c, memrchr.c: Fix typos;
- Martynas Venckus
+ * gram.c, parse.c:
+ Free up parser data structures in sudo_file_close().
+ [8371f130f401]
-2007-11-25 19:26 millert
+ * ldap.c:
+ Parse uri ourself if no ldap_initialize() is present Use
+ ldap_create() instead of deprecated ldap_init() Use
+ ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
+ [85d3825b1953]
- * set_perms.c: Don't assume runas_pw is set; it may not be in the
- -g case.
+ * config.h.in, configure, configure.in:
+ Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
+ CFLAGS
+ [240524512bc5]
-2007-11-25 08:07 millert
+2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c, set_perms.c: Set aux group vector for PERM_RUNAS and
- restore group vector for PERM_ROOT if we previously changed it.
- Stash the runas group vector so we don't have to call initgroups
- more than once. Also add no-op check to check_perms.
+ * config.h.in, configure, configure.in:
+ add check for ldap_create
+ [3089badd73b8]
-2007-11-21 15:11 millert
+2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h,
- gram.y, ldap.c, logging.c, match.c, mon_systrace.c, parse.c,
- parse.h, pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h,
- sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.cat,
- sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, visudo.c,
- visudo.cat, visudo.man.in: Add support for runas groups. This
- allows the user to run a command with a different effective
- group. If the -g option is specified without -u the command will
- be run as the current user (only the group will change). the -g
- and -u options may be used together. TODO: implement runas group
- for ldap improve runas group documentation add
- testsudoers support
+ * config.h.in, configure, configure.in, ldap.c:
+ Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
+ dn using the mechanism appropriate for the LDAP SDK in use. Use
+ ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
+ ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
+ [6deeca3d00cc]
-2007-11-21 15:02 millert
+ * lbuf.c:
+ include unistd.h
+ [8419ed0bae7f]
- * configure, configure.in: fix setting of mandir
+ * config.h.in, configure.in:
+ fix typo in mtim_getnsec
+ [2d5f21230a60]
+
+2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ add check for st__tim in struct stat as used by SCO
+ [587060ea2a89]
+
+ * ldap.c:
+ use ldap_search_ext_s instead of deprecated ldap_search_s
+ [5fc44fe3b44c]
+
+ * Makefile.in, TODO, sudo.cat, sudo.man.in:
+ add sudo_nss.h to HDRS
+ [86f01a70ff29]
+
+ * ldap.c:
+ Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
+ ldap_rdn2str().
+ [aa217002cfae]
+
+2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Use ldap_get_values_len()/ldap_value_free_len() instead of the
+ deprecated ldap_get_values()/ldap_value_free().
+ [e22dceb85e57]
+
+ * ChangeLog:
+ sync
+ [adad27b36107]
+
+ * TODO:
+ sync
+ [c449eb47e0ef]
+
+ * gettime.c, sudo.c:
+ Remove some already fixed XXXs
+ [532788d0e6da]
+
+ * ldap.c:
+ Same return value as non-existent sudoers if LDAP was unable to
+ connect.
+ [5819810e8e4e]
+
+ * sudo.pod:
+ mention /etc/environment
+ [ea8e6102f853]
+
+ * README.LDAP, UPGRADE, WHATSNEW:
+ Update to reflect recent developments.
+ [ed1fb026fe77]
+
+ * sudo.c:
+ Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
+ [55b68a58260d]
+
+ * ldap.c:
+ When building up a query don't list groups in the aux group vector
+ that are the same as the passwd file group. On most systems the
+ first gid in the group vector is the same as the passwd entry gid.
+ [4bb51e297e0d]
-2007-11-21 14:26 millert
+ * env.c, ldap.c:
+ Define LDAPNOINIT before calling ldap_init(), etc. to disable user
+ ldaprc and system defaults that could affect how LDAP works.
+ [ce5036440db2]
- * sudo.pod, sudoers.pod: document that ALL implies SETENV
+ * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
+ sudo_nss.c, sudo_nss.h:
+ Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
+ to specify nsswitch.conf path or disable it. If --with-nsswitch=no
+ but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
+ file and --with-ldap-secret-file
+ [ea5d7704381f]
+
+ * parse.c:
+ Honor def_ignore_local_sudoers
+ [f38e1121fae1]
+
+2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ no longer need to check def_ignore_local_sudoers here
+ [fce2a72f96fb]
+
+ * parse.c:
+ Refactor group vector resetting into a function and also call it
+ from display_cmnd. Stop after the first sucessful match in
+ display_cmnd. Print a newline between each display_privs method.
+ [981b37b5adff]
+
+ * parse.c:
+ fix double free introduced in rev 1.218
+ [c574b02d8747]
+
+ * ldap.c:
+ belt and suspenders; zero out result after freeing it
+ [7732988d4620]
+
+ * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
+ Refactor line reading into a separate function, sudo_parseln(),
+ which removes comments, leading/trailing whitespace and newlines.
+ May want to rethink the use of sudo_parseln() for /etc/ldap.secret
+ [61d9068f0645]
+
+ * parse.c, sudo.c:
+ Make the inability to read the sudoers file a non-fatal error if
+ there are other sudoers sources available. sudoers_file_lookup now
+ returns "not OK" if sudoers was not present
+ [643babf597a8]
+
+ * ldap.c:
+ make it clear that the global options are from LDAP
+ [9ff950349463]
+
+ * logging.c:
+ allocate proper amount of space for error string
+ [8bebb7d46d19]
+
+ * sudo_nss.c, sudo_nss.h:
+ actual sudo nss code
+ [5bd7d52d7738]
+
+ * ldap.c, parse.c, sudo.c, sudo.h:
+ nss-ify display_privs and display_cmnd.
+ [cccfdd3253f2]
+
+ * defaults.c, parse.c, testsudoers.c, visudo.c:
+ move update_defaults() to parse.c
+ [ace144b958a9]
-2007-11-21 13:50 millert
+ * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
+ Use nsswitch to hide some sudoers vs. ldap implementation details
+ and reduce the number of #ifdef LDAP TODO: fix display routines and
+ error handling
+ [6225edde89a6]
- * ldap.c: s/setenv_ok/setenv_implied/g
+2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-11-21 13:44 millert
+ * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
+ First cut at nsswitch.conf support. Further reorganizaton and
+ related changes are forthcoming.
+ [717f59d0790b]
- * ldap.c: hostname_matches() returns TRUE on match in sudo 1.7.
+2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-11-21 13:26 millert
+ * env.c, pathnames.h.in, sudo.c, sudo.h:
+ Add support for reading and /etc/environment file. Still needs to
+ be documented and should probably only applies to OSes that have it
+ (AIX and Linux, maybe others).
+ [15d3edae27e4]
- * ldap.c: use strcmp, not strcasecmp when comparing ALL
+ * ldap.c:
+ include limits.h
+ [e19875ef0f82]
-2007-11-21 11:41 millert
+2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Make sudo ALL imply setenv. Note that unlike with
- file-based sudoers this does affect all the commands in the
- sudoRole.
+ * WHATSNEW:
+ reword LDAP SASL
+ [7ec3c4ec31b5]
-2007-11-21 11:05 millert
+2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * gram.c, gram.y, parse.c, parse.h: sudo "ALL" now implies the
- SETENV tag but, unlike an explicit tag, it is not passed on to
- other commands in the list.
+ * TODO:
+ sync
+ [87c5a7aea7bf]
-2007-11-21 11:02 millert
+ * README.LDAP:
+ Add an example sudoRole, clarify netscape vs. openldap a bit more
+ [6f96c0ca8107]
- * visudo.c: Add missing sudo_setpwent() and sudo_setgrent() calls.
- Also use sudo_getpwuid() instead of getpwuid().
+ * README.LDAP:
+ Be clear on what is OpenLDAP vs. Netscape-derived
+ [a33c8314dec5]
-2007-11-15 11:16 millert
+ * config.h.in, configure, configure.in, ldap.c:
+ Use ldapssl_init() for ldaps support instead of trying to do it
+ manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
+ and tls_key for cert7.db and key3.db respectively. Don't print
+ debugging info for options that are not set. Add warning if
+ start_tls specified when not supported.
+ [abb62dc7e4a3]
- * sudoers: Expand on the dangers of not using visudo to edit
- sudoers.
+ * ldap.c:
+ fix compilation on solaris
+ [03d449684e80]
-2007-11-08 07:24 millert
+ * Makefile.in:
+ add missing .h and .c files for missing lib objs
+ [8b37825bdfc7]
- * parse.c: Don't quote *?[]! on output since the lexer does not
- strip off the backslash when reading those in.
+2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-11-07 13:16 millert
+ * ldap.c:
+ fix LDAP_OPT_NETWORK_TIMEOUT setting
+ [226eba89c0ad]
- * glob.c: expand "u_foo" types to "unsigned foo" to avoid
- compatibility issues.
+ * ldap.c:
+ fix compilation on Solaris
+ [917d47639eb6]
-2007-11-04 08:33 millert
+2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c: Refactor log line generation in to new_logline().
+ * configure, configure.in:
+ fix typo
+ [009d5c81b225]
-2007-10-25 09:23 millert
+ * README.LDAP:
+ try to clear up which variables are for OpenLDAP and which are for
+ netscape-derived SDKs
+ [f8d9823ee73c]
- * TROUBLESHOOTING: fix typo
+ * config.h.in, configure, configure.in, ldap.c:
+ Add support for "ssl on" in both netscape and openldap flavors. Only
+ the OpenLDAP flavor has been tested.
+ [952745829ec5]
-2007-10-24 12:41 millert
+ * logging.c, sudo.c, sudo.h:
+ Call cleanup() before exit in log_error() instead of calling
+ sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
+ [da02d1b67a2c]
- * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
- match.c: Add configure check for struct in6_addr instead of
- relying on AF_INET6 since some systems define AF_INET6 but do not
- include IPv6 support.
+ * sudo.c:
+ ld -> ldap_conn
+ [01afa6d927cc]
-2007-10-21 09:29 millert
+2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Fix block to add -lutil for FreeBSD and
- NetBSD when logincap is in use.
+ * logging.c, sudo.c, sudo.h:
+ Better ldap cleanup.
+ [25b9abe2d617]
-2007-10-19 22:28 millert
+ * ldap.c:
+ Distinguish between LDAP conf settings that are connection-specific
+ (which take an ld pointer) and those that are default settings
+ (which do not).
+ [d48dc6c9c3b4]
- * configure, configure.in: POSIX states that struct timespec be
- declared in time.h so check there regardless of the value of
- TIME_WITH_SYS_TIME.
+2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-10-17 11:37 millert
+ * ldap.c:
+ Improved warnings on error.
+ [c8dce7b4feb4]
- * tgetpass.c: Instead of defining a macro to call the appropriate
- method for turning on/off echo, just define tc[gs]etattr() and
- the related defines that use the correct terminal ioctls if
- needed. Also go back to using TCSAFLUSH instead of TCSADRAIN on
- all but QNX.
+ * ldap.c:
+ Make ldap config table driven and set the config *after* we open the
+ connection.
+ [d9698b5a2681]
-2007-10-08 20:18 millert
+2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: g/c @ALLOCA@
+ * ldap.c:
+ fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
+ [598c6df06660]
-2007-10-08 20:07 millert
+ * configure, configure.in:
+ some operating systems need to link with -lkrb5support when using
+ krb5
+ [8896365dde9e]
- * configure: regen
+2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-10-08 20:04 millert
+ * WHATSNEW:
+ minor update
+ [acfeeb7f4886]
- * INSTALL, config.h.in, configure.in, auth/pam.c: Add
- --disable-pam-session configure option to disable calling
- pam_{open,close}_session. May work around bugs in some PAM
- implementations.
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [a3c6699674f9]
-2007-10-08 12:00 millert
+2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog, TODO:
+ sync
+ [138e99b925ee]
+
+ * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
+ add -g support for LDAP
+ [8fc27dbe9287]
- * tgetpass.c: quiet gcc warnings
+2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-10-08 08:41 millert
+ * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
+ The -i and -s flags can now take an optional command.
+ [6afec104ee77]
- * tgetpass.c: Avoid printing the prompt if we are already
- backgrounded. E.g. if the user runs "sudo foo &" from the shell.
- In this case, the call to tcsetattr() will cause SIGTTOU to be
- delivered.
+2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-15 16:07 millert
+ * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
+ sudoers.pod:
+ Add passprompt_override flag to sudoers that will cause the prompt
+ to be overridden in all cases. This flag is also set when the user
+ specifies the -p flag.
+ [e4c5402131a6]
- * def_data.c, def_data.h, def_data.in: Reorder things such that the
- definition of env_reset come right before the env variable lists.
+ * sudo.c:
+ Move setting of login class until after sudoers has been parsed. Set
+ NewArgv[0] for -i after runas_pw has been set.
+ [62a48c8c56fa]
-2007-09-15 07:50 millert
+ * configure, configure.in:
+ Move the dgettext check.
+ [5fd8a4712d1c]
+
+2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.h: Shrink type and seqno in struct alias from int to
- u_short
+ * auth/pam.c, config.h.in, configure, configure.in:
+ Add basic support for looking up the string "Password: " in the PAM
+ localized text db. This allows us to determine whether the PAM
+ prompt is the default "Password: " one even if it has been
+ localized.
-2007-09-15 07:24 millert
+ TODO: concatenate non-std PAM prompts and user-specified sudo
+ prompts.
+ [81c25a415d41]
- * alias.c, match.c, parse.c, parse.h: Add a sequence number in the
- aliases for loop detection. If we find an alias with the seqno
- already set to the current (global) value we know we've visited
- it before so ignore it.
+2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-13 19:05 millert
+ * Makefile.in, config.h.in, configure, configure.in, parse.c,
+ set_perms.c, sudo.c, sudo.h:
+ Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
+ insufficient.
+ [1cce6ec1a91e]
- * TODO, sudo.c, sudo.h, auth/pam.c: PAM wants the full tty path so
- add user_ttypath which holds the full path to the tty or is NULL
- if no tty was present.
+ * acsite.m4, configure, interfaces.c, memrchr.c:
+ Fix typos; Martynas Venckus
+ [be1233cca11a]
-2007-09-13 18:42 millert
+2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: Set PAM_RHOST to work around a bug in Solaris 7 and
- lower that results in a segv.
+ * set_perms.c:
+ Don't assume runas_pw is set; it may not be in the -g case.
+ [aa11bd2193ac]
-2007-09-11 15:43 millert
+2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * gram.c: regen
+ * logging.c, set_perms.c:
+ Set aux group vector for PERM_RUNAS and restore group vector for
+ PERM_ROOT if we previously changed it. Stash the runas group vector
+ so we don't have to call initgroups more than once. Also add no-op
+ check to check_perms.
+ [53837fc755f7]
-2007-09-11 15:42 millert
+2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
- parse.h, testsudoers.c, visudo.c: rename lh_ -> tq_
+ * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
+ ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
+ pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
+ sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
+ testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
+ Add support for runas groups. This allows the user to run a command
+ with a different effective group. If the -g option is specified
+ without -u the command will be run as the current user (only the
+ group will change). the -g and -u options may be used together.
+ TODO: implement runas group for ldap improve runas group
+ documentation add testsudoers support
+ [9019309df6d0]
-2007-09-10 17:33 millert
+ * configure, configure.in:
+ fix setting of mandir
+ [2c60f269399f]
- * alloc.c: remove some useless casts
+ * sudo.pod, sudoers.pod:
+ document that ALL implies SETENV
+ [bcc8e5b703b9]
-2007-09-10 17:32 millert
+ * ldap.c:
+ s/setenv_ok/setenv_implied/g
+ [f005df2c2eea]
- * alloc.c: pull in inttypes.h for SIZE_MAX; we avoid stdint.h since
- inttypes.h predates the final C99 spec and the standard specifies
- that it shall include stdint.h anyway
+ * ldap.c:
+ hostname_matches() returns TRUE on match in sudo 1.7.
+ [c3d4377b6e8b]
-2007-09-06 12:39 millert
+ * ldap.c:
+ use strcmp, not strcasecmp when comparing ALL
+ [e486024574a1]
- * Makefile.in, alloca.c, configure.in: Since we ship with a
- pre-generated parser there is no need to ship a bogus alloca
- implementation.
+ * ldap.c:
+ Make sudo ALL imply setenv. Note that unlike with file-based
+ sudoers this does affect all the commands in the sudoRole.
+ [bc12f54321d1]
-2007-09-06 12:22 millert
+ * gram.c, gram.y, parse.c, parse.h:
+ sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
+ it is not passed on to other commands in the list.
+ [026e2cb40680]
- * configure: regen
+ * visudo.c:
+ Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
+ sudo_getpwuid() instead of getpwuid().
+ [86f30a8fbd49]
-2007-09-06 12:19 millert
+2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: remove initial setting of CHECKSIA, we require that
- it be unset if not used
+ * sudoers:
+ Expand on the dangers of not using visudo to edit sudoers.
+ [e434e8057d02]
-2007-09-06 11:55 millert
+2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: add list.c to SRCS
+ * parse.c:
+ Don't quote *?[]! on output since the lexer does not strip off the
+ backslash when reading those in.
+ [561da4a13afa]
-2007-09-06 07:18 millert
+2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * glob.c:
+ expand "u_foo" types to "unsigned foo" to avoid compatibility
+ issues.
+ [b0d7c64d78c3]
-2007-09-06 07:17 millert
+2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: only do SIA checks on Digital Unix
+ * logging.c:
+ Refactor log line generation in to new_logline().
+ [6a9b9730615d]
-2007-09-05 18:50 millert
+2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.cat, sudoers.man.in: regen
+ * TROUBLESHOOTING:
+ fix typo
+ [9e19d4f86e47]
-2007-09-05 18:48 millert
+2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * ChangeLog, TODO: sync
+ * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
+ match.c:
+ Add configure check for struct in6_addr instead of relying on
+ AF_INET6 since some systems define AF_INET6 but do not include IPv6
+ support.
+ [e24082c416bd]
-2007-09-05 18:39 millert
+2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/kerb5.c: Remove call to krb5_cc_register() as it is not
- needed for modern kerb5.
+ * configure, configure.in:
+ Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
+ use.
+ [76a9df4a63be]
-2007-09-05 18:16 millert
+2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * configure, configure.in:
+ POSIX states that struct timespec be declared in time.h so check
+ there regardless of the value of TIME_WITH_SYS_TIME.
+ [e42c55ec9daf]
-2007-09-05 18:16 millert
+2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in, aclocal.m4: New method for setting the default
- authentication type and avoiding conflicts in auth types.
+ * tgetpass.c:
+ Instead of defining a macro to call the appropriate method for
+ turning on/off echo, just define tc[gs]etattr() and the related
+ defines that use the correct terminal ioctls if needed. Also go back
+ to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
+ [5dfb2379d995]
-2007-09-05 14:45 millert
+2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c, parse.c, testsudoers.c: Each entry in a cmndlist now has
- an associated runaslist so no need to keep track of the most
- recent non-NULL one.
+ * Makefile.in:
+ g/c @ALLOCA@
+ [e6946c2e3820]
-2007-09-04 18:51 millert
+ * configure:
+ regen
+ [9bac7159a138]
- * ldap.c: back out partial ldaps support mistakenly committed
+ * INSTALL, auth/pam.c, config.h.in, configure.in:
+ Add --disable-pam-session configure option to disable calling
+ pam_{open,close}_session. May work around bugs in some PAM
+ implementations.
+ [273d0fdb4a9d]
-2007-09-04 10:57 millert
+2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Add support for unix groups and netgroups in sudoRunas
+ * tgetpass.c:
+ quiet gcc warnings
+ [325565c5a579]
-2007-09-03 16:28 millert
+ * tgetpass.c:
+ Avoid printing the prompt if we are already backgrounded. E.g. if
+ the user runs "sudo foo &" from the shell. In this case, the call
+ to tcsetattr() will cause SIGTTOU to be delivered.
+ [db2139a8d8b8]
- * sudo_edit.c: Fix sudoedit of a non-existent file. From Tilo
- Stritzky.
+2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-02 17:05 millert
+ * def_data.c, def_data.h, def_data.in:
+ Reorder things such that the definition of env_reset come right
+ before the env variable lists.
+ [e0d8e22a581a]
- * configure: regen
+ * parse.h:
+ Shrink type and seqno in struct alias from int to u_short
+ [9425263dd565]
-2007-09-02 17:05 millert
+ * alias.c, match.c, parse.c, parse.h:
+ Add a sequence number in the aliases for loop detection. If we find
+ an alias with the seqno already set to the current (global) value we
+ know we've visited it before so ignore it.
+ [301a0548ffff]
- * INSTALL: update --passprompt escape info
+2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-02 17:03 millert
+ * TODO, auth/pam.c, sudo.c, sudo.h:
+ PAM wants the full tty path so add user_ttypath which holds the full
+ path to the tty or is NULL if no tty was present.
+ [c7c1dd4b36c8]
- * configure.in: remove now-bogus comment and update copyright date
+ * auth/pam.c:
+ Set PAM_RHOST to work around a bug in Solaris 7 and lower that
+ results in a segv.
+ [3a8865b3a357]
-2007-09-02 16:35 millert
+2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: Fix up use of with_passwd
+ * gram.c:
+ regen
+ [5647be127950]
-2007-09-02 16:25 millert
+ * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
+ parse.h, testsudoers.c, visudo.c:
+ rename lh_ -> tq_
+ [8f500c542c4a]
- * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
- Update to autoconf-2.61 andf libtool-1.5.24
+2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-09-02 16:17 millert
+ * alloc.c:
+ remove some useless casts
+ [409a448b23f5]
- * Makefile.in: "cmp -s" not just cmp Add @datarootdir@ to quiet
- autoconf-2.61
+ * alloc.c:
+ pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
+ predates the final C99 spec and the standard specifies that it shall
+ include stdint.h anyway
+ [ae478fdef61a]
-2007-09-01 17:39 millert
+2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * gram.c: regen
+ * Makefile.in, alloca.c, configure.in:
+ Since we ship with a pre-generated parser there is no need to ship a
+ bogus alloca implementation.
+ [3f611a7cc0e5]
-2007-09-01 17:39 millert
+ * configure:
+ regen
+ [771eccf5269c]
- * gram.y: move tags and runaslist propagation to be earlier
+ * configure.in:
+ remove initial setting of CHECKSIA, we require that it be unset if
+ not used
+ [a2e91adc5aa2]
-2007-09-01 09:34 millert
+ * Makefile.in:
+ add list.c to SRCS
+ [7db0e56cf5b9]
- * visudo.c: If -f flag given use the permissions of the original
- file as a template
+ * configure:
+ regen
+ [3716ec30172e]
-2007-09-01 08:45 millert
+ * configure.in:
+ only do SIA checks on Digital Unix
+ [6a96e1af2597]
- * gram.y: prevent a double free() when re-initing the parser
+2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-31 19:30 millert
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [ac1dc29de72b]
- * configure: regen
+ * ChangeLog, TODO:
+ sync
+ [781effce0a2d]
-2007-08-31 19:30 millert
+ * auth/kerb5.c:
+ Remove call to krb5_cc_register() as it is not needed for modern
+ kerb5.
+ [351b8b764f16]
- * aclocal.m4, alias.c, alloc.c, config.h.in, configure.in, env.c,
- ldap.c, list.c, list.h, memrchr.c, parse.c, parse.h, pwutil.c,
- redblack.c, redblack.h, snprintf.c, sudo.c, sudo.h,
- testsudoers.c, visudo.c, zero_bytes.c, auth/API, auth/afs.c,
- auth/bsdauth.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
- auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h:
- Remove support for compilers that don't support void *
+ * configure:
+ regen
+ [ac21dbcc9c2c]
-2007-08-31 19:14 millert
+ * aclocal.m4, configure.in:
+ New method for setting the default authentication type and avoiding
+ conflicts in auth types.
+ [5fb15be11f78]
- * gram.c: regen
+ * match.c, parse.c, testsudoers.c:
+ Each entry in a cmndlist now has an associated runaslist so no need
+ to keep track of the most recent non-NULL one.
+ [582e015786b0]
-2007-08-31 19:13 millert
+2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h,
- match.c, parse.c, parse.h, testsudoers.c, visudo.c: Move list
- manipulation macros to list.h and create C versions of the more
- complex ones in list.c. The names have been down-cased so they
- appear more like normal functions.
+ * ldap.c:
+ back out partial ldaps support mistakenly committed
+ [357703e94b2d]
-2007-08-31 17:21 millert
+ * ldap.c:
+ Add support for unix groups and netgroups in sudoRunas
+ [2f04eb91c6d0]
- * Makefile.in: Fix cmp command when regenerating parser. Make
- gram.o the first dependency for all programs so gram.h will be
- generated before anything that needs it.
+2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-31 13:56 millert
+ * sudo_edit.c:
+ Fix sudoedit of a non-existent file. From Tilo Stritzky.
+ [a5488a03bddd]
- * parse.h, gram.y: Convert NEW_DEFAULT anf NEW_MEMBER into static
- functions.
+2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-30 21:21 millert
+ * configure:
+ regen
+ [541177376ee1]
- * match.c, parse.c, testsudoers.c: Use LH_FOREACH_REV when checking
- permission and short-circuit on the first non-UNSPEC hit we get
- for the command. This means that instead of cycling through the
- all the parsed sudoers entries we start at the end and work
- backwards and quit after the first positive or negative match.
+ * INSTALL:
+ update --passprompt escape info
+ [6d57db4cd538]
-2007-08-30 21:13 millert
+ * configure.in:
+ remove now-bogus comment and update copyright date
+ [6a4af45fa331]
- * gram.c: regen
+ * configure.in:
+ Fix up use of with_passwd
+ [7c79d8640f77]
-2007-08-30 21:12 millert
+ * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
+ Update to autoconf-2.61 andf libtool-1.5.24
+ [045259b0b439]
+
+ * Makefile.in:
+ "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
+ [f5b6a7afb817]
+
+2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c:
+ regen
+ [b5b78e71d2cb]
+
+ * gram.y:
+ move tags and runaslist propagation to be earlier
+ [94f7805f4489]
+
+ * visudo.c:
+ If -f flag given use the permissions of the original file as a
+ template
+ [9303d22bddb0]
+
+ * gram.y:
+ prevent a double free() when re-initing the parser
+ [5b3907c4de5a]
+
+2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [49a90b19a17d]
+
+ * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
+ auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
+ configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
+ parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
+ sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
+ Remove support for compilers that don't support void *
+ [35e1d01ae197]
+
+ * gram.c:
+ regen
+ [70ce412a458a]
+
+ * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
+ parse.c, parse.h, testsudoers.c, visudo.c:
+ Move list manipulation macros to list.h and create C versions of the
+ more complex ones in list.c. The names have been down-cased so they
+ appear more like normal functions.
+ [9cea0e281148]
+
+ * Makefile.in:
+ Fix cmp command when regenerating parser. Make gram.o the first
+ dependency for all programs so gram.h will be generated before
+ anything that needs it.
+ [429ea065abf1]
+
+ * gram.y, parse.h:
+ Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
+ [2f3433833589]
+
+ * match.c, parse.c, testsudoers.c:
+ Use LH_FOREACH_REV when checking permission and short-circuit on the
+ first non-UNSPEC hit we get for the command. This means that
+ instead of cycling through the all the parsed sudoers entries we
+ start at the end and work backwards and quit after the first
+ positive or negative match.
+ [881474532f3e]
+
+ * gram.c:
+ regen
+ [9152a19d4188]
* defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
- Change list head macros to take a pointer, not a struct.
-
-2007-08-30 20:46 millert
-
- * gram.c: regen
+ Change list head macros to take a pointer, not a struct.
+ [054f1dcce4cc]
-2007-08-30 20:46 millert
+ * gram.c:
+ regen
+ [be154aae6235]
- * gram.y: Propagate the runasspec from one command to the next in a
- cmndspec.
+ * gram.y:
+ Propagate the runasspec from one command to the next in a cmndspec.
+ [4957b1cb03a3]
-2007-08-30 16:15 millert
+2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: Replace has_meta() with a macro that calls strpbrk().
+ * match.c:
+ Replace has_meta() with a macro that calls strpbrk().
+ [a2e58846a542]
-2007-08-30 16:04 millert
-
- * gram.c: regen
-
-2007-08-30 13:26 millert
+ * regen
+ [5a932a5c9451]
* alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
- testsudoers.c, visudo.c: Use a list head struct when storing the
- semi-circular lists and convert to tail queues in the process.
- This will allow us to reverse foreach loops more easily and it
- makes it clearer which functions expect a list as opposed to a
- single member.
-
- Add macros for manipulating lists. Some of these should become
- functions.
-
- When freeing up a list, just pop off the last item in the queue
- instead of going from head to tail. This is simpler since we
- don't have to stash a pointer to the next member, we always just
- use the last one in the queue until the queue is empty.
+ testsudoers.c, visudo.c:
+ Use a list head struct when storing the semi-circular lists and
+ convert to tail queues in the process. This will allow us to
+ reverse foreach loops more easily and it makes it clearer which
+ functions expect a list as opposed to a single member.
- Rename match functions that take a list to have list in the name.
- Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
+ Add macros for manipulating lists. Some of these should become
+ functions.
-2007-08-30 13:12 millert
+ When freeing up a list, just pop off the last item in the queue
+ instead of going from head to tail. This is simpler since we don't
+ have to stash a pointer to the next member, we always just use the
+ last one in the queue until the queue is empty.
- * parse.c: Fix pasto, append "!" not negated (which is an int) for
- sudo -l output.
+ Rename match functions that take a list to have list in the name.
+ Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
+ [7c37b271607a]
-2007-08-30 12:45 millert
+ * parse.c:
+ Fix pasto, append "!" not negated (which is an int) for sudo -l
+ output.
+ [93a444c3997f]
- * Makefile.in: Remove the dependency of gram .h on gram.y, the .c
- dependency is enough. Only move y.tab.h to gram.h if it is
- different; avoids needless rebuilding.
+ * Makefile.in:
+ Remove the dependency of gram .h on gram.y, the .c dependency is
+ enough. Only move y.tab.h to gram.h if it is different; avoids
+ needless rebuilding.
+ [67bf4ea2a2e5]
+
+2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Defaults lines may be associated with lists of users, hosts,
+ commands and runas users, not just single entries.
+ [795effacb6be]
+
+2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Revert the "cmp" portion of the last diff, it doesn't make sense.
+ [26f34bf4e2e3]
+
+ * Makefile.in:
+ Remove *.lo for clean: When generating the parser, only move the
+ generated files into place if they differ from the existing ones.
+ [84673fea371b]
+
+2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Replace IPV6 regexp with a much simpler (readable) one and add an
+ extra check when it matches to make sure we have a valid address.
+ [592e9f690556]
+
+ * match.c:
+ Fix thinko introduced when merging IPV6 support.
+ [da38cd5eb8c7]
+
+2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY, LICENSE:
+ regen
+ [0d7b27b90634]
+
+ * license.pod:
+ add 2007
+ [510e5048ae1a]
+
+ * UPGRADE:
+ mention #uid vs. comment pitfall
+ [4d2861898bcc]
+
+ * acsite.m4:
+ Merge in a patch from the libtool cvs that fixes a problem with the
+ latest autoconf. From Stepan Kasal.
+ [0c279ae7df3e]
+
+ * parse.h:
+ Back out he XOR swap trick, it is slower than a temp variable on
+ modern CPUs.
+ [91c4b024e317]
+
+ * gram.c:
+ regen
+ [cb6d4106fb74]
+
+ * gram.y, parse.h:
+ Convert the tail queue to a semi-circle queue and use the XOR swap
+ trick to swap the prev pointers during append.
+ [8bf4d9fbee58]
+
+2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.h:
+ remove useless statement
+ [421ec1dd73e6]
+
+ * toke.c, toke.l:
+ Refactor #include parsing into a separate function and return
+ unparsed chars (such as newline or comment) back to the lexer.
+ [64166917aa3d]
-2007-08-27 15:51 millert
+2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Defaults lines may be associated with lists of
- users, hosts, commands and runas users, not just single entries.
+ * WHATSNEW:
+ mention better uid support
+ [56f510e7f2ec]
-2007-08-26 17:42 millert
+ * sudoers.pod:
+ Users may now consist of a uid.
+ [5fd31b2c55ed]
- * Makefile.in: Revert the "cmp" portion of the last diff, it
- doesn't make sense.
+ * gram.c, gram.h, toke.c:
+ regen
+ [599e58af6dc1]
-2007-08-26 17:10 millert
+ * parse.c:
+ Use lbuf_append_quoted() for sudo -l output to quote characters that
+ would require quoting in sudoers.
+ [3132d05c990a]
- * Makefile.in: Remove *.lo for clean: When generating the parser,
- only move the generated files into place if they differ from the
- existing ones.
+ * lbuf.c, lbuf.h:
+ Add lbuf_append_quoted() which takes a set of characters which
+ should be quoted with a backslash when displayed.
+ [ab09bebb1d65]
-2007-08-24 22:47 millert
+ * toke.l:
+ Require that the first character after a comment not be a digit or a
+ dash. This allows us to remove the GOTRUNAS state and treat
+ uid/gids similar to other words. It also means that we can now
+ specify uids in User_Lists and a User_Spec may now contain a uid.
+ [461fe01f8392]
- * toke.c, toke.l: Replace IPV6 regexp with a much simpler
- (readable) one and add an extra check when it matches to make
- sure we have a valid address.
+ * gram.y, toke.l:
+ Replace RUNAS token with '(' and ')' tokens to make the runas
+ portion of the grammar more natural.
+ [e0c383b4684d]
-2007-08-24 22:36 millert
+ * BUGS:
+ The BUGS file is history
+ [4d9a809585c7]
- * match.c: Fix thinko introduced when merging IPV6 support.
+ * Makefile.in, README:
+ The BUGS file is history
+ [d9500e261172]
-2007-08-24 14:23 millert
+2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * HISTORY, LICENSE: regen
+ * toke.c, toke.l:
+ Allow comments after a RunasAlias as long as the character after the
+ pound sign isn't a digit or a dash.
+ [d7f3bd94eeda]
-2007-08-24 14:23 millert
+ * WHATSNEW:
+ Glob support was back-ported to 1.6.9
+ [d1d5cfd46228]
- * license.pod: add 2007
+2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-24 14:19 millert
+ * Makefile.in:
+ remove sudo_usage.h in distclean
+ [df05ce9c4127]
- * UPGRADE: mention #uid vs. comment pitfall
+ * parse.c:
+ If a Defaults value contains a blank, double-quote the string.
+ [9057a910daad]
-2007-08-24 09:50 millert
+ * toke.c, toke.l:
+ Properly deal with Defaults double-quoted strings that span multiple
+ lines using the line continuation char. Previously, the entire
+ thing, including the continuation char, newline, and spaces was
+ stored as-is.
+ [4a4e8eacefe6]
- * acsite.m4: Merge in a patch from the libtool cvs that fixes a
- problem with the latest autoconf. From Stepan Kasal.
+ * sudo.c:
+ Be consistent when using single quotes and backticks.
+ [d010b83a0fa1]
-2007-08-23 20:28 millert
+2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.h: Back out he XOR swap trick, it is slower than a temp
- variable on modern CPUs.
-
-2007-08-23 20:14 millert
-
- * gram.c: regen
-
-2007-08-23 20:14 millert
-
- * gram.y, parse.h: Convert the tail queue to a semi-circle queue
- and use the XOR swap trick to swap the prev pointers during
- append.
-
-2007-08-23 15:31 millert
-
- * parse.h: remove useless statement
-
-2007-08-23 07:47 millert
-
- * toke.c, toke.l: Refactor #include parsing into a separate
- function and return unparsed chars (such as newline or comment)
- back to the lexer.
-
-2007-08-22 18:56 millert
-
- * WHATSNEW: mention better uid support
-
-2007-08-22 18:55 millert
-
- * sudoers.pod: Users may now consist of a uid.
-
-2007-08-22 18:39 millert
-
- * gram.c, gram.h, toke.c: regen
-
-2007-08-22 18:32 millert
-
- * parse.c: Use lbuf_append_quoted() for sudo -l output to quote
- characters that would require quoting in sudoers.
-
-2007-08-22 18:31 millert
-
- * lbuf.c, lbuf.h: Add lbuf_append_quoted() which takes a set of
- characters which should be quoted with a backslash when
- displayed.
-
-2007-08-22 18:28 millert
+ * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
+ sudo.c, sudo_usage.h.in:
+ Add new linebuf code to do appends of dynamically allocated strings
+ and word-wrapped output. Currently used for sudo's usage() and sudo
+ -l output. Sudo usage strings are now in sudo_usage.h which is
+ generated at configure time.
+ [4dfd0ee8d961]
- * toke.l: Require that the first character after a comment not be a
- digit or a dash. This allows us to remove the GOTRUNAS state and
- treat uid/gids similar to other words. It also means that we can
- now specify uids in User_Lists and a User_Spec may now contain a
- uid.
+2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-22 18:23 millert
+ * parse.c, sudo.c, sudo.h:
+ Fix line wrapping in usage() and use the actual tty width instead of
+ assuming 80.
+ [700eab37c5a6]
- * gram.y, toke.l: Replace RUNAS token with '(' and ')' tokens to
- make the runas portion of the grammar more natural.
+2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-22 06:35 millert
+ * history.pod:
+ some more info
+ [8140112a8ae1]
- * Makefile.in, README, BUGS: The BUGS file is history
+ * history.pod:
+ Mentioned Chris Jepeway's parser and also the new one that is in
+ sudo 1.7.
+ [2132d00f0597]
-2007-08-21 09:19 millert
+2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l: Allow comments after a RunasAlias as long as the
- character after the pound sign isn't a digit or a dash.
+ * sudo.pod, visudo.pod:
+ For the options list, add flag args where appropriate and increase
+ the indent level so there is room for them.
+ [2b60fb572e12]
-2007-08-20 20:43 millert
+2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * WHATSNEW: Glob support was back-ported to 1.6.9
+ * parse.c:
+ Fix some spacing in "sudo -l" and add a comment about some bogosity
+ in the line wrapping.
+ [b59b056f5ee2]
-2007-08-20 19:59 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [5fb719f18ebc]
- * Makefile.in: remove sudo_usage.h in distclean
+ * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
+ def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
+ parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
+ testsudoers.c, toke.c, toke.l:
+ Remove monitor support until there is a versino of systrace that
+ uses a lookaside buffer (or we have a better mechanism to use).
+ [61ff76878e4a]
-2007-08-20 19:24 millert
+ * config.h.in, configure, configure.in, sudo.c:
+ use getaddrinfo() instead of gethostbyname() if it is available
+ [cc33c136aa6a]
- * parse.c: If a Defaults value contains a blank, double-quote the
- string.
+2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-20 19:19 millert
+ * parse.c, sudo.c:
+ Deal with OSes where sizeof(gid_t) < sizeof(int).
+ [130a89cbdfba]
- * toke.c, toke.l: Properly deal with Defaults double-quoted strings
- that span multiple lines using the line continuation char.
- Previously, the entire thing, including the continuation char,
- newline, and spaces was stored as-is.
+ * interfaces.c:
+ repair non-getifaddrs() code after ipv6 integration
+ [7ae7a89e2236]
-2007-08-20 10:46 millert
+ * sudo.c:
+ If we can open sudoers but fail to read the first byte, close the
+ file stream before trying again.
+ [6f31272fae7b]
- * sudo.c: Be consistent when using single quotes and backticks.
+2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-19 16:48 millert
+ * toke.c:
+ regen
+ [4d7afe0aa6fa]
- * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
- sudo.c, sudo_usage.h.in: Add new linebuf code to do appends of
- dynamically allocated strings and word-wrapped output. Currently
- used for sudo's usage() and sudo -l output. Sudo usage strings
- are now in sudo_usage.h which is generated at configure time.
+ * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
+ Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
+ [4e6ff2965a42]
-2007-08-18 08:22 millert
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Add some missing markup Update copyright
+ [7e6d3c686b5e]
- * sudo.h, parse.c, sudo.c: Fix line wrapping in usage() and use the
- actual tty width instead of assuming 80.
+2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-17 18:32 millert
+ * configure, configure.in:
+ fix sudo_noexec extension which got broken in the libtool update
+ [3a5b447df861]
- * history.pod: some more info
+2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-17 17:28 millert
+ * Makefile.in:
+ explicitly specify -Tascii to nroff
+ [45c8da4cbefe]
- * history.pod: Mentioned Chris Jepeway's parser and also the new
- one that is in sudo 1.7.
+2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-16 09:38 millert
+ * logging.c:
+ remove an ANSI-ism that crept in
+ [29086f87b2ca]
- * sudo.pod, visudo.pod: For the options list, add flag args where
- appropriate and increase the indent level so there is room for
- them.
+2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-15 13:49 millert
+ * sudo.pod:
+ Adjust list indents Prevent -- from being turned into an em dash Use
+ a list for the environment instead of a literal paragraph
+ [c3abcd8f76f4]
- * parse.c: Fix some spacing in "sudo -l" and add a comment about
- some bogosity in the line wrapping.
+ * visudo.pod:
+ Use a list for the environment instead of an indented literal
+ paragraph.
+ [0ffcfcb7349f]
-2007-08-15 11:21 millert
+ * sudoers.pod:
+ Adjust list indentation
+ [615c89e3123a]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
- visudo.man.in, visudo.cat: regen
+ * license.pod:
+ add =head3
+ [8b2e0d38c0bd]
-2007-08-15 11:20 millert
+2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
- def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
- parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
- testsudoers.c, toke.c, toke.l: Remove monitor support until there
- is a versino of systrace that uses a lookaside buffer (or we have
- a better mechanism to use).
+ * sudo.pod:
+ mention that when specifying a uid for the -u option the shell may
+ require that the # be escaped
+ [3e3a17bff150]
-2007-08-15 09:22 millert
+2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in, configure, config.h.in, sudo.c: use getaddrinfo()
- instead of gethostbyname() if it is available
+ * match.c:
+ Fix off by one in group matching.
+ [b529602b7fba]
-2007-08-14 15:27 millert
+2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, sudo.c: Deal with OSes where sizeof(gid_t) <
- sizeof(int).
+ * env.c:
+ Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
+ [ffbf8907c6e7]
-2007-08-14 11:19 millert
+2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * interfaces.c: repair non-getifaddrs() code after ipv6 integration
+ * configure, configure.in:
+ Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
+ -lgssapi_krb5 case.
+ [2b85a89c2252]
-2007-08-14 10:04 millert
+ * aclocal.m4, configure, configure.in:
+ Fix link tests such that new gcc doesn't optimize away the test.
+ [83484ec95cba]
- * sudo.c: If we can open sudoers but fail to read the first byte,
- close the file stream before trying again.
+2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-08-13 12:34 millert
+ * sudo.pod, sudoers.pod, visudo.pod:
+ add missing over/back
+ [251a12c89b91]
- * gram.c, toke.c: regen
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Change FILES section to use =item
+ [60b9efc3a0b2]
-2007-08-13 12:29 millert
+ * env.c:
+ Add back allocation of the env struct in rebuild_env but save a copy
+ of the old pointer and free it before returning.
+ [1100cd4fa997]
- * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
- Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
+ * env.c:
+ Don't init the private environment in rebuild_env() since it may
+ have already been done implicitly sudo_setenv/sudo_unsetenv.
-2007-08-13 12:23 millert
+ Multiply length by sizeof(char *) in memcpy/memmove when copying the
+ environment so we copy the full thing.
- * sudo.pod, sudoers.pod, visudo.pod: Add some missing markup Update
- copyright
+ Add missing set of parens so we deref the right pointer in
+ sudo_unsetenv when searching for a matching variable.
+ [9086a8f756b1]
-2007-08-12 18:55 millert
+2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: fix sudo_noexec extension which got
- broken in the libtool update
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Use file markup for paths in the FILES section
+ [940d99f731f2]
-2007-08-10 10:41 millert
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Don't capitalize sudo/visudo
+ [f067a455d44b]
- * Makefile.in: explicitly specify -Tascii to nroff
+ * sudoers.pod:
+ Sort sudoers options; based on a diff from Igor Sobrado.
+ [a9b9befe85ac]
-2007-08-08 16:07 millert
+2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c: remove an ANSI-ism that crept in
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
+ latter confuses pod2man. The Makefile rules for the .man.in file
+ will add @mansectsu@ and @mansectform@ back in after pod2man is done
+ anyway.
+ [b50ea0db727c]
-2007-08-06 20:37 millert
+2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod: Adjust list indents Prevent -- from being turned into
- an em dash Use a list for the environment instead of a literal
- paragraph
+ * LICENSE, Makefile.in, license.pod:
+ Move license info to pod format
+ [25bdd82e592b]
-2007-08-06 20:36 millert
+ * configure, configure.in, sudoers.pod:
+ Substitute value of path_info into sudoers man page.
+ [9ba661a82798]
- * visudo.pod: Use a list for the environment instead of an indented
- literal paragraph.
+ * WHATSNEW:
+ remove features that were back-ported to 1.6.9
+ [e76d756cbe65]
-2007-08-06 20:33 millert
+ * sudo.c, sudo.pod, visudo.c, visudo.pod:
+ Sort SYNOPSIS and sync usage. From Igor Sobrado.
+ [4970386c9e54]
- * sudoers.pod: Adjust list indentation
+ * env.c:
+ Only need sudo_setenv/sudo_unsetenv if we are going to use
+ ldap_sasl_interactive_bind_s() but don't have
+ gss_krb5_ccache_name().
+ [f1a73d8b35c5]
-2007-08-06 20:31 millert
+ * ChangeLog:
+ rebuild without branch info
+ [5d5a33494677]
- * license.pod: add =head3
+ * Makefile.in:
+ Add ChangeLog target
+ [a702034fdd89]
-2007-08-06 10:24 millert
+ * auth/pam.c:
+ Run cleanup code if the user hits ^C at the password prompt.
+ [9cf87768e921]
- * sudo.pod: mention that when specifying a uid for the -u option
- the shell may require that the # be escaped
+ * auth/pam.c:
+ Some versions of pam_lastlog have a bug that will cause a crash if
+ PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
+ string.
+ [5b63f6c88866]
-2007-08-01 22:08 millert
+2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * match.c: Fix off by one in group matching.
+ * Makefile.in:
+ ChageLog not Changelog
+ [1243d8473ceb]
-2007-07-31 14:04 millert
+ * ChangeLog:
+ sync
+ [d887df98c6b0]
- * env.c: Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From
- David Krause.
+ * Makefile.in:
+ CHANGE -> Changelog
+ [917738df30dd]
-2007-07-30 10:45 millert
+ * TODO:
+ sync
+ [cd382f7d1948]
- * configure, configure.in: Add missing define of
- HAVE_GSS_KRB5_CCACHE_NAME for the -lgssapi_krb5 case.
+2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-30 09:29 millert
+ * config.h.in, configure, configure.in, ldap.c:
+ Add configure hooks for gss_krb5_ccache_name() and the gssapi
+ headers.
+ [139606209991]
- * aclocal.m4, configure.in, configure: Fix link tests such that new
- gcc doesn't optimize away the test.
+2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-29 19:21 millert
+ * env.c, sudo.c:
+ rebuild_env() and insert_env_vars() no longer return environment
+ pointer, they set environ directly.
- * sudo.pod, sudoers.pod, visudo.pod: add missing over/back
+ No longer need to pass around an envp pointer since we just operate
+ on environ now.
-2007-07-29 19:09 millert
+ Add dosync argument to insert_env() that indicates whether it should
+ reset environ when realloc()ing env.envp.
- * sudo.pod, sudoers.pod, visudo.pod: Change FILES section to use
- =item
+ Use an initial size of 128 for the environment.
+ [4735fd5fddb8]
-2007-07-29 18:32 millert
+ * env.c:
+ Split sudo_setenv() into an external version and a version only for
+ use by rebuild_env().
+ [fda7d655adb1]
- * env.c: Add back allocation of the env struct in rebuild_env but
- save a copy of the old pointer and free it before returning.
+2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Add support for using gss_krb5_ccache_name() instead of setting
+ KRB5CCNAME. Also use sudo_unsetenv() in the non-
+ gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
+ original environment. TODO: configure setup for
+ gss_krb5_ccache_name()
+ [fcafa5a49caf]
+
+ * README.LDAP:
+ add krb5_ccname
+ [fceb8f883886]
+
+ * README.LDAP, ldap.c:
+ Add support for sasl_secprops in ldap.conf
+ [1f06f4bf7347]
+
+ * env.c, sudo.h:
+ Add sudo_unsetenv() and refactor private env syncing code into
+ sync_env().
+ [045ecb3fd22b]
+
+ * README.LDAP, ldap.c:
+ The ldap.conf variable is sasl_auth_id not sasl_authid.
+ [a5f98491311b]
+
+2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, sudo.c, sudo.h:
+ Add support for krb5_ccname in ldap.conf. If specified, it will
+ override the default value of KRB5CCNAME in the environment for the
+ duration of the call to ldap_sasl_interactive_bind_s().
+ [b08a10c3045b]
+
+ * env.c, sudo.h:
+ Remove format_env() Add sudo_setenv() to replace most format_env() +
+ insert_env() combinations. insert_env() no longer takes a struct
+ environment *
+ [131da52f43f3]
+
+ * ldap.c:
+ Fix use_sasl vs. rootuse_sasl logic.
+ [0c0417b6918c]
+
+ * README.LDAP, config.h.in, configure, configure.in, ldap.c:
+ Add support for SASL auth when connecting to an LDAP server. Adapted
+ from a diff by Tom McLaughlin.
+ [a6285f1356ea]
+
+2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Only enable AIX or BSD auth if no other exclusive auth method has
+ been chosen. Allows people to e.g., use PAM on AIX without adding
+ --without-aixauth. A better solution is needed to deal with default
+ authentication since if a non-exclusive method is chosen we will
+ still get an error.
+ [83f7afdc0ec3]
+
+2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY, Makefile.in, history.pod:
+ Generate HISTORY from history.pod (which is also used for web pages)
+ [60bcd5164931]
+
+2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man.in, sudoers.man.in:
+ regen
+ [63956a366191]
+
+ * sudo.pod:
+ Better explanation of environment handling in the sudo man page.
+ [6c247742f7ee]
+
+ * env.c, sudo.c:
+ Defer setting user-specified env vars until after authentication.
+ [4750b79323ee]
+
+ * env.c:
+ honor def_default_path for PATH set on the command line
+ [6db31d9b6d65]
+
+ * env.c, sudo.c, sudo.pod, sudoers.pod:
+ Allow user to set environment variables on the command line as long
+ as they are allowed by env_keep and env_check. Ie: apply the same
+ restrictions as normal environment variables. TODO: deal with
+ secure_path
+ [26c0da3840cf]
+
+2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo_edit.c:
+ Call rebuild_env() in call cases. Pass original envp to sudo_edit().
+ Don't allow -E or env var setting in sudoedit mode. More accurate
+ usage() when called as sudoedit.
+ [a4af20658361]
+
+ * ldap.c:
+ warn -> warning
+ [d87d1192b048]
+
+ * sudo.pod:
+ add -c option to sudoedit synopsis
+ [15b596a7e2db]
+
+ * TODO:
+ udpate to reality
+ [e2f8fde89db1]
+
+ * parse.c:
+ Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
+ value from {user,host,runas,cmnd}_matches(). Rename *matches
+ variables -> *match. Purely cosmetic.
+ [e54a44c00a88]
-2007-07-29 16:09 millert
+ * parse.c:
+ Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
+ in behavior.
+ [c6272b4f2127]
- * env.c: Don't init the private environment in rebuild_env() since
- it may have already been done implicitly
- sudo_setenv/sudo_unsetenv.
+ * sudoers:
+ add SETENV tag
+ [3a3066bb6788]
- Multiply length by sizeof(char *) in memcpy/memmove when copying
- the environment so we copy the full thing.
+2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
- Add missing set of parens so we deref the right pointer in
- sudo_unsetenv when searching for a matching variable.
+ * parse.c:
+ Make pwcheck local to the pwflag block. Use pwcheck even if user
+ didn't match since Defaults options may still apply.
+ [45da9efbbafd]
-2007-07-26 16:35 millert
+ * check.c, sudo.c:
+ Do not update timestamp if user not validated by sudoers.
+ [a4a9d4364827]
- * sudo.pod, sudoers.pod, visudo.pod: Use file markup for paths in
- the FILES section
+ * set_perms.c:
+ for PERM_RUNAS, set the egid to the runas user's gid and restore to
+ the user's original in PERM_ROOT
+ [1514bfb32847]
-2007-07-26 10:04 millert
+ * logging.c, mon_systrace.c, set_perms.c, sudo.h:
+ PERM_FULL_ROOT is now no different than PERM_ROOT so remove
+ PERM_FULL_ROOT
+ [b9d047a3178c]
- * sudo.pod, sudoers.pod, visudo.pod: Don't capitalize sudo/visudo
+ * check.c:
+ don't check timestamp mtime if we are just going to remove it
+ [5d2470bc6cbd]
-2007-07-26 07:28 millert
+ * sudoers.pod:
+ Move sudoers defaults parameters into their own section.
+ [54701fbc0ff3]
- * sudoers.pod: Sort sudoers options; based on a diff from Igor
- Sobrado.
+ * testsudoers.c:
+ Reduce a level of indent by a few placed continue statements.
+ [5d5a9838c8ef]
-2007-07-25 16:19 millert
+ * parse.c:
+ Make matching but negated commands/hosts/runas entries override a
+ previous match as expected. Also reduce some levels of indent by a
+ few placed continue statements.
+ [dd59fa4b91a1]
- * sudo.pod, sudoers.pod, visudo.pod: Use 8 and 5 instead of
- @mansectsu@ and @mansectform@ since the latter confuses pod2man.
- The Makefile rules for the .man.in file will add @mansectsu@ and
- @mansectform@ back in after pod2man is done anyway.
+2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-22 19:09 millert
+ * parse.c:
+ Print default runas in "sudo -l" if sudoers don't specify one.
+ [07d408c400bd]
- * LICENSE, Makefile.in, license.pod: Move license info to pod
- format
+ * match.c:
+ Less hacky way of testing whether the domain was set.
+ [a537059776e5]
-2007-07-22 18:43 millert
+2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in, sudoers.pod: Substitute value of
- path_info into sudoers man page.
+ * INSTALL:
+ Mention pam-devel and openldap-devel for Linux
+ [9e708c54ecc3]
-2007-07-22 16:40 millert
+2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * WHATSNEW: remove features that were back-ported to 1.6.9
+ * README.LDAP:
+ or vs. are
+ [abe8c0f3a410]
-2007-07-22 15:20 millert
+2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c, sudo.pod, visudo.c, visudo.pod: Sort SYNOPSIS and sync
- usage. From Igor Sobrado.
+ * sudo.c:
+ fix typo in Solaris project support
+ [2ffeb2d80959]
-2007-07-22 15:19 millert
+ * HISTORY:
+ update
+ [df162b36f120]
- * env.c: Only need sudo_setenv/sudo_unsetenv if we are going to use
- ldap_sasl_interactive_bind_s() but don't have
- gss_krb5_ccache_name().
+ * sudo.c:
+ Make -- on the command line match the manual page. The implied shell
+ case has been simplified as a result.
+ [cd217a1f6694]
-2007-07-22 08:23 millert
+2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * ChangeLog: rebuild without branch info
+ * sudoers2ldif:
+ add simplistic support for sudoRunas; note that if a sudoers entry
+ contains multiple Runas users, all will apply to the sudoRole
+ [65b11421f5c8]
-2007-07-22 08:23 millert
+ * sudoers2ldif:
+ honor SETENV and NOSETENV tags
+ [2c0d5ba7a09b]
- * Makefile.in: Add ChangeLog target
+2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-22 08:14 millert
+ * mon_systrace.c:
+ Redo setting of user_args. We now build up a private copy of argv
+ first and then replace the NULs?with spaces.
+ [ccbba72ea112]
- * auth/pam.c: Run cleanup code if the user hits ^C at the password
- prompt.
+ * mon_systrace.c:
+ getcwd() returns NULL on failure, not 0 on success
+ [88cd9e66e530]
-2007-07-22 08:13 millert
+ * mon_systrace.c:
+ allow chunksiz to reach 1 before erroring out
+ [619d68f14964]
- * auth/pam.c: Some versions of pam_lastlog have a bug that will
- cause a crash if PAM_TTY is not set so if there is no tty, set
- PAM_TTY to the empty string.
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [8db512d3caf0]
-2007-07-20 09:32 millert
+2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: ChageLog not Changelog
+ * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
+ logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
+ toke.c, toke.l:
+ Add support for setting environment variables on the command line.
+ This is only allowed if the setenv sudoers options is enabled or if
+ the command is prefixed with the SETENV tag.
+ [5744caebd969]
-2007-07-20 09:31 millert
+ * README.LDAP:
+ replace Aaron's email address with the sudo-workers list
+ [2ffce5f9afc0]
- * ChangeLog: sync
+ * configure:
+ regen
+ [8013dff82c0c]
-2007-07-20 09:29 millert
+2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: CHANGE -> Changelog
+ * schema.OpenLDAP, schema.iPlanet:
+ Break schema out into separate files.
+ [15e598e4c60b]
-2007-07-19 20:23 millert
+ * Makefile.in, README.LDAP:
+ Break schema out into separate files.
+ [1a53966ca1fa]
- * TODO: sync
+2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-19 19:53 millert
+ * auth/aix_auth.c:
+ free message if set by authenticate()
+ [849c220c1236]
- * config.h.in, configure.in, configure, ldap.c: Add configure hooks
- for gss_krb5_ccache_name() and the gssapi headers.
+ * match.c:
+ deal with NULL gr_mem
+ [49e4d74f0bbe]
-2007-07-18 12:57 millert
+2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c, sudo.c: rebuild_env() and insert_env_vars() no longer
- return environment pointer, they set environ directly.
+ * config.h.in:
+ regen
+ [fead999ad3e9]
- No longer need to pass around an envp pointer since we just
- operate on environ now.
+ * configure.in:
+ add template for HAVE_PROJECT_H
+ [e6c42c2eaad1]
- Add dosync argument to insert_env() that indicates whether it
- should reset environ when realloc()ing env.envp.
+ * closefrom.c:
+ include fcntl.h
+ [54d98b382f03]
- Use an initial size of 128 for the environment.
+2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-18 12:41 millert
+ * INSTALL:
+ mention --with-project
+ [d3ea3baad7c5]
- * env.c: Split sudo_setenv() into an external version and a version
- only for use by rebuild_env().
+ * config.h.in, configure.in, sudo.c:
+ Add Solaris 10 "project" support. From Michael Brantley.
+ [f14f3c8c6554]
-2007-07-16 19:40 millert
+ * sudoers.pod:
+ fix typo
+ [50db81a19787]
- * ldap.c: Add support for using gss_krb5_ccache_name() instead of
- setting KRB5CCNAME. Also use sudo_unsetenv() in the
- non-gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
- original environment. TODO: configure setup for
- gss_krb5_ccache_name()
+ * configure:
+ regen
+ [ea71afd3e564]
-2007-07-16 18:44 millert
+ * configure.in:
+ Fix preservation of LDFLAGS in the LDAP case.
+ [40a3a47e8059]
- * README.LDAP: add krb5_ccname
+ * memrchr.c:
+ Remove dependecy on NULL
+ [c957ae5e1733]
-2007-07-16 18:44 millert
+ * configure:
+ regen
+ [4955ce0c6912]
- * README.LDAP, ldap.c: Add support for sasl_secprops in ldap.conf
+ * aclocal.m4, configure.in:
+ Can't use the regular autoconf fnmatch() check since we need
+ FNM_CASEFOLD so go back to our custom one.
+ [f10d76237486]
-2007-07-16 18:39 millert
+ * env.c:
+ Fix preserving of variables in env_keep.
+ [d040049d6b84]
- * env.c, sudo.h: Add sudo_unsetenv() and refactor private env
- syncing code into sync_env().
+ * env.c:
+ add XAUTHORIZATION
+ [0d589a5fe015]
-2007-07-16 07:27 millert
+ * UPGRADE:
+ expand upon env resetting and mention that it began in 1.6.9 not
+ 1.7.
+ [dba251655c76]
- * README.LDAP, ldap.c: The ldap.conf variable is sasl_auth_id not
- sasl_authid.
+ * sudoers.pod:
+ Update descriptions of env_keep and env_check to match current
+ reality.
+ [dba77357954b]
-2007-07-15 15:44 millert
+2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c, sudo.c, sudo.h: Add support for krb5_ccname in ldap.conf.
- If specified, it will override the default value of KRB5CCNAME
- in the environment for the duration of the call to
- ldap_sasl_interactive_bind_s().
+ * env.c:
+ Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
+ LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
+ [eec4632bd190]
-2007-07-15 15:41 millert
+ * env.c, logging.c:
+ Treat USERNAME environemnt variable like LOGNAME/USER
+ [09f52dcfd70c]
- * env.c, sudo.h: Remove format_env() Add sudo_setenv() to replace
- most format_env() + insert_env() combinations. insert_env() no
- longer takes a struct environment *
+ * env.c:
+ Don't need to populate keepenv table with the contents of the
+ checkenv table.
+ [527a14afd973]
-2007-07-15 12:47 millert
+ * sudo.c:
+ Don't force sudo into the C locale.
+ [8a5bd301ef96]
- * ldap.c: Fix use_sasl vs. rootuse_sasl logic.
+ * env.c:
+ Make env_check apply when env_reset it true. Environment variables
+ are passed through unless they contain '/' or '%'. There is no need
+ to have a variable in both env_check and env_keep.
+ [840c802721e4]
-2007-07-15 09:23 millert
+2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * README.LDAP, config.h.in, configure, configure.in, ldap.c: Add
- support for SASL auth when connecting to an LDAP server. Adapted
- from a diff by Tom McLaughlin.
+ * visudo.c:
+ Remove an duplicate lock_file() call and add a comment.
+ [5af9dcdf0eb6]
-2007-07-14 16:32 millert
+ * UPGRADE:
+ Add sudo 1.6.9 upgrade note.
+ [1585149f2914]
- * configure, configure.in: Only enable AIX or BSD auth if no other
- exclusive auth method has been chosen. Allows people to e.g.,
- use PAM on AIX without adding --without-aixauth. A better
- solution is needed to deal with default authentication since if a
- non-exclusive method is chosen we will still get an error.
+2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-11 11:23 millert
+ * interfaces.c:
+ Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
+ small. From Klaus Wagner.
+ [d6899fc44f77]
- * HISTORY, Makefile.in, history.pod: Generate HISTORY from
- history.pod (which is also used for web pages)
+ * logging.c, sudo.h:
+ Redo the long syslog line splitting based on a patch from Eygene
+ Ryabinkin. Include memrchr() for systems without it.
+ [66a50e8d553a]
-2007-07-09 19:40 millert
+ * memrchr.c:
+ Redo the long syslog line splitting based on a patch from Eygene
+ Ryabinkin. Include memrchr() for systems without it.
+ [2f6702b7d41b]
- * sudo.man.in, sudoers.man.in: regen
+ * Makefile.in, config.h.in, configure, configure.in:
+ Redo the long syslog line splitting based on a patch from Eygene
+ Ryabinkin. Include memrchr() for systems without it.
+ [407a46190921]
-2007-07-09 19:25 millert
+ * configure.in:
+ Since we need to be able to convert timespec to timeval for utimes()
+ the last 3 digits in the tv_nsec are not significant. This makes the
+ sudoedit file date comparison work again.
+ [9d0258849fa9]
- * sudo.pod: Better explanation of environment handling in the sudo
- man page.
+2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-09 15:13 millert
+ * aclocal.m4, configure, configure.in:
+ Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
+ This deals with exclusive authentication methods in a simple way.
+ [7d70072c0f35]
- * env.c, sudo.c: Defer setting user-specified env vars until after
- authentication.
+2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-09 13:25 millert
+ * LICENSE:
+ mkstemp.c is BSD code too.
+ [29e236d98162]
- * env.c: honor def_default_path for PATH set on the command line
+ * sudo.pod, sudoers.pod, visudo.pod:
+ No commercial support for now.
+ [7c76b3e192dd]
-2007-07-09 13:22 millert
+2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c, env.c, sudo.pod, sudoers.pod: Allow user to set
- environment variables on the command line as long as they are
- allowed by env_keep and env_check. Ie: apply the same
- restrictions as normal environment variables. TODO: deal with
- secure_path
+ * sudo.c:
+ cleanenv() is no more.
+ [518080514408]
-2007-07-08 14:44 millert
+2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c, sudo_edit.c: Call rebuild_env() in call cases. Pass
- original envp to sudo_edit(). Don't allow -E or env var setting
- in sudoedit mode. More accurate usage() when called as sudoedit.
+ * ChangeLog:
+ Display branch info in Changelog
+ [44e3b27427c7]
-2007-07-08 14:41 millert
+ * utimes.c:
+ Include config.h early so we have it for TIME_WITH_SYS_TIME
+ [4bf1a00d0703]
- * ldap.c: warn -> warning
+ * ChangeLog:
+ Fix Changelog generation and update.
+ [6e960dbcbece]
-2007-07-08 14:11 millert
+2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod: add -c option to sudoedit synopsis
+ * closefrom.c:
+ Use /proc/self/fd instead of /proc/$$/fd
-2007-07-08 10:27 millert
+ Move old-style fd closing into closefrom_fallback() and call that if
+ /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
+ [faa7e4810758]
- * TODO: udpate to reality
+ * auth/kerb5.c, config.h.in, configure.in:
+ o use krb5_verify_user() if available instead of doing it by hand o
+ use krb5_init_secure_context() if we have it o pass an encryption
+ type of 0 to krb5_kt_read_service_key() instead of
+ ENCTYPE_DES_CBC_MD5 to let kerberos choose.
+ [df7acf72bd7c]
-2007-07-08 09:43 millert
+ * env.c:
+ Check TERM and COLORTERM for '%' and '/' characters. From Debian.
+ [f92d05197e40]
- * parse.c: Use ALLOW/DENY instead of TRUE/FALSE when dealing with
- the return value from {user,host,runas,cmnd}_matches(). Rename
- *matches variables -> *match. Purely cosmetic.
+ * configure.in:
+ Fix closefrom() substitution in the Makefile
+ [b642b13fcc5c]
-2007-07-08 09:30 millert
+ * TROUBLESHOOTING:
+ Mention alternate sudo pronunciation.
+ [7c71dc73409f]
- * parse.c: Move setting of FLAG_NO_CHECK into the if(pwflag) block.
- No change in behavior.
+2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-08 09:17 millert
+ * env.c:
+ Remove KRB5_KTNAME from environment. Allow COLORTERM.
+ [70f35a79f780]
- * sudoers: add SETENV tag
+ * auth/kerb5.c:
+ If we cannot get a valid service key using the default keytab it is
+ a fatal error. Fixes a bug where sudo could be tricked into
+ allowing access when it should not by a fake KDC. From Thor Lancelot
+ Simon.
+ [a3ae6a47cb23]
-2007-07-06 15:51 millert
+2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: Make pwcheck local to the pwflag block. Use pwcheck
- even if user didn't match since Defaults options may still apply.
+ * aclocal.m4, configure, configure.in:
+ Update long long checks to use AC_CHECK_TYPES and to cache values.
+ [047318eaaeb2]
-2007-07-06 14:51 millert
+ * aclocal.m4, configure.in:
+ Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
+ use AC_REPLACE_FNMATCH since that assumes replacing with GNU
+ fnmatch.
+ [80513a1003ea]
- * check.c, sudo.c: Do not update timestamp if user not validated by
- sudoers.
+2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-06 10:14 millert
+ * configure, configure.in:
+ Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
+ need it for visudo now too.
+ [50837c7c2b5e]
- * set_perms.c: for PERM_RUNAS, set the egid to the runas user's gid
- and restore to the user's original in PERM_ROOT
+2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-06 10:04 millert
+ * sudoers.pod:
+ Attempt to clarify the bit talking about network numbers w/o
+ netmasks.
+ [211e68c1d034]
- * logging.c, mon_systrace.c, set_perms.c, sudo.h: PERM_FULL_ROOT is
- now no different than PERM_ROOT so remove PERM_FULL_ROOT
+ * sudo.pod:
+ Clarify timestamp dir ownership sentence.
+ [9178f132c7f7]
-2007-07-06 09:49 millert
+2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c: don't check timestamp mtime if we are just going to
- remove it
+ * auth/pam.c:
+ Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
+ Dmitry V. Levin.
+ [81fce91667bc]
-2007-07-06 09:33 millert
+2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Move sudoers defaults parameters into their own
- section.
+ * sudo.c:
+ -i is also one of the mutually exclusive options to list it in the
+ warning message. Noted by Chris Pepper.
+ [7da73fb248e9]
-2007-07-05 20:21 millert
+2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * testsudoers.c: Reduce a level of indent by a few placed continue
- statements.
+ * visudo.pod:
+ The sudoers variable is env_editor, not enveditor. From Jean-
+ Francois Saucier.
+ [2a86ec09a6db]
-2007-07-05 20:20 millert
+2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: Make matching but negated commands/hosts/runas entries
- override a previous match as expected. Also reduce some levels
- of indent by a few placed continue statements.
+ * redblack.c:
+ I tracked down the original author so credit him and include his
+ license info.
+ [3733553a1bba]
-2007-07-05 16:34 millert
+2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: Print default runas in "sudo -l" if sudoers don't
- specify one.
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+ sudoers.pod:
+ Fix typos; from Jason McIntyre.
+ [1ee4ce2512f2]
-2007-07-05 15:46 millert
+ * logging.c:
+ Restore signal mask before calling reapchild(). Fixes a possible
+ race condition that could prevent sudo from properly waiting for the
+ child.
+ [9ee4192385dc]
- * match.c: Less hacky way of testing whether the domain was set.
+2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-07-04 15:50 millert
+ * pwutil.c:
+ Don't declare pw_free() if we are not going to use it.
+ [adb79a4289ca]
- * INSTALL: Mention pam-devel and openldap-devel for Linux
+ * env.c:
+ Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
+ LDR_PRELOAD64. The 64-bit version is not currently supported.
+ Remove zero_env() prototype as it no longer exists.
+ [b4fe65027fb6]
-2007-07-03 19:38 millert
+2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * README.LDAP: or vs. are
+ * logging.c:
+ Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
+ [78002ad90f7b]
-2007-07-01 16:55 millert
+2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: fix typo in Solaris project support
+ * auth/pam.c:
+ If the user enters ^C at the password prompt, abort instead of
+ trying to authenticate with an empty password (which causes an
+ annoying delay).
+ [da3f27b747c7]
-2007-07-01 09:40 millert
+2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * HISTORY: update
+ * closefrom.c, config.h.in, configure, configure.in:
+ Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
+ Darren Tucker.
+ [0331b7780759]
-2007-07-01 09:07 millert
+ * pwutil.c:
+ pw_free() is only used by sudo_freepwcache() so ifdef it out too.
+ [0014c0d9eeba]
- * sudo.c: Make -- on the command line match the manual page. The
- implied shell case has been simplified as a result.
+2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-28 10:44 millert
+ * config.guess, config.sub:
+ Update to latest versions from cvs.savannah.gnu.org
+ [aa0143101c20]
- * sudoers2ldif: add simplistic support for sudoRunas; note that if
- a sudoers entry contains multiple Runas users, all will apply to
- the sudoRole
+2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-28 10:42 millert
+ * pwutil.c, sudo_edit.c:
+ Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
+ we can close the passwd/group files early.
+ [559074bd7eb7]
- * sudoers2ldif: honor SETENV and NOSETENV tags
+ * config.h.in, configure, configure.in, set_perms.c:
+ Add seteuid() flavor of set_perms() for systems without setreuid()
+ or setresuid() that have a working seteuid(). Tested on Darwin.
+ [508d8da99189]
-2007-06-24 09:25 millert
+2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * mon_systrace.c: Redo setting of user_args. We now build up a
- private copy of argv first and then replace the NULs with spaces.
+ * mon_systrace.c:
+ systrace_read() returns ssize_t
+ [9f97d1d1a59d]
-2007-06-24 09:19 millert
+ * configure, configure.in:
+ Fix typo, -lldap vs. -ldap; from Tim Knox.
+ [a8cc43c3bb2a]
- * mon_systrace.c: getcwd() returns NULL on failure, not 0 on
- success
+2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-24 07:39 millert
+ * HISTORY:
+ Fix typo; Matt Ackeret
+ [86964ee3dfbd]
- * mon_systrace.c: allow chunksiz to reach 1 before erroring out
+2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-23 20:00 millert
+ * sudo.c:
+ Print sudoers path in -V mode for root.
+ [dc43f2d75bd9]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: regen
+2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-23 19:58 millert
+ * ldap.c:
+ Do a sub tree search instead of a base search (one level in the tree
+ only) for sudo right objects. This allows system administrators to
+ categorize the rights in a tree to make them easier to manage.
+ [6d2d9abf996e]
- * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h,
- gram.y, logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod,
- sudoers.pod, toke.c, toke.l: Add support for setting environment
- variables on the command line. This is only allowed if the
- setenv sudoers options is enabled or if the command is prefixed
- with the SETENV tag.
+2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-23 19:57 millert
+ * sudo.pod:
+ fix typo
+ [1473413bcbda]
- * README.LDAP: replace Aaron's email address with the sudo-workers
- list
+2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-23 19:55 millert
+ * ldap.c:
+ Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
+ bind_timelimit support; adapted from gentoo.
+ [afc816093026]
- * configure: regen
+2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-21 20:35 millert
+ * ldap.c:
+ Support comments that start in the middle of a line
+ [c25df6ee3db8]
- * Makefile.in, README.LDAP, schema.OpenLDAP, schema.iPlanet: Break
- schema out into separate files.
+ * configure, configure.in:
+ Define LDAP_DEPRECATED until we start using ldap_get_values_len()
+ [ee249bfe230a]
-2007-06-21 18:28 millert
+2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/aix_auth.c: free message if set by authenticate()
+ * closefrom.c:
+ Silence gcc -Wsign-compare; djm@openbsd.org
+ [28769ce6418d]
-2007-06-21 13:03 millert
+ * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ cleanup() now takes an int as an arg so it can be used as a signal
+ handler too.
+ [2bb0df34d09c]
- * match.c: deal with NULL gr_mem
+ * sudo.c:
+ Make a copy of the shell field in the passwd struct for NewArgv to
+ avoid a use after free situation after sudo_endpwent() is called.
+ [5dcc9ffd362e]
-2007-06-20 15:04 millert
+2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in: regen
+ * config.h.in, configure, configure.in:
+ Add mkstemp() for those poor souls without it.
+ [5fdd02e863e0]
-2007-06-20 15:04 millert
+ * mkstemp.c:
+ Add mkstemp() for those poor souls without it.
+ [c99401207860]
- * configure.in: add template for HAVE_PROJECT_H
+ * Makefile.in:
+ Add mkstemp() for those poor souls without it.
+ [9c1cf2678f24]
-2007-06-20 07:06 millert
+2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * closefrom.c: include fcntl.h
+ * env.c:
+ Add PERL5DB to list of environment variables to remove.
+ [7375c27ecf75]
-2007-06-19 19:37 millert
+2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL: mention --with-project
+ * mon_systrace.c, mon_systrace.h:
+ Instead of calling the check function twice with a state cookie use
+ separate check/log functions.
-2007-06-19 18:24 millert
+ Check more ioctl() calls for failure.
- * config.h.in, configure.in, sudo.c: Add Solaris 10 "project"
- support. From Michael Brantley.
+ systrace_{read,write} now return the number of bytes read/written or
+ -1 on error.
+ [3dc8946d90e9]
-2007-06-19 17:27 millert
+ * env.c:
+ Add more environment variables to remove; from gentoo linux Add some
+ comments about what bad env variables go to what (more to do)
+ [6918110a6b82]
- * sudoers.pod: fix typo
+2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-19 17:22 millert
+ * sudo.c, sudo_edit.c:
+ Move sudo_end{gr,pw}ent() until just before the exec since they free
+ up our cached copy of the passwd structs, including sudo_user and
+ sudo_runas. Fixes a use-after-free bug.
+ [54de3778bad0]
- * configure: regen
+ * visudo.c:
+ Close all fd's before executing editor.
+ [4fcc05e1bec8]
-2007-06-19 17:21 millert
+ * sudo.c:
+ Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
+ [ef0e8ffa5c9f]
- * configure.in: Fix preservation of LDFLAGS in the LDAP case.
+ * check.c:
+ Fix fd leak when lecture file option is enabled. From Jerry Brown
+ [ce97f9207cd8]
-2007-06-19 17:00 millert
+2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * memrchr.c: Remove dependecy on NULL
+ * env.c:
+ Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
+ environment variables to remove. From Charles Morris
+ [c96e1367d1c1]
-2007-06-19 15:37 millert
+2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * env.c:
+ add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
+ [72a6a1571226]
-2007-06-19 15:37 millert
+2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4, configure.in: Can't use the regular autoconf
- fnmatch() check since we need FNM_CASEFOLD so go back to our
- custom one.
+ * env.c:
+ add PS4 and SHELLOPTS to initial_badenv_table for bash
+ [89dfb3f318f3]
-2007-06-19 12:52 millert
+2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Fix preserving of variables in env_keep.
+ * sudoers.pod:
+ Fix typo; Toby Peterson
+ [b7a3222b23f4]
-2007-06-19 07:10 millert
+2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: add XAUTHORIZATION
+ * tsgetgrpw.c:
+ Make return buffers static so they don't get clobbered
+ [13323a39b9f5]
-2007-06-18 20:41 millert
+2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * UPGRADE: expand upon env resetting and mention that it began in
- 1.6.9 not 1.7.
+ * auth/securid5.c:
+ Fix securid5 authentication, was not checking for ACM_OK. Also add
+ default cases for the two switch()es. Problem noted by ccon at
+ worldbank
+ [14091e418333]
-2007-06-18 20:33 millert
+2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Update descriptions of env_keep and env_check to
- match current reality.
+ * ldap.c:
+ Remove ncat() in favor of just counting bytes and pre-allocating
+ what is needed.
+ [25b8712adb61]
-2007-06-18 17:33 millert
+2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Add LINGUAS to initial_checkenv_table. Add COLORS,
- HOSTNAME, LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to
- intial_keepenv_table.
+ * ldap.c:
+ Fix up some comments Add missing fclose() for the rootbinddn case
+ [ae95c8a89711]
-2007-06-18 17:23 millert
+ * ldap.c:
+ align struct ldap_config
+ [35d0d64c76f8]
- * env.c, logging.c: Treat USERNAME environemnt variable like
- LOGNAME/USER
+ * ldap.c:
+ use LINE_MAX for max conf file line size
+ [da116cb8853d]
-2007-06-18 17:21 millert
+ * pathnames.h.in:
+ add _PATH_LDAP_SECRET
+ [128b04ecfab7]
- * env.c: Don't need to populate keepenv table with the contents of
- the checkenv table.
+ * README.LDAP:
+ Mention rootbinddn Give example ou=SUDOers container
+ [852edc69bd1c]
-2007-06-18 08:57 millert
+2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Don't force sudo into the C locale.
+ * INSTALL, configure, configure.in, ldap.c:
+ Support rootbinddn in ldap.conf
+ [1615c91522a1]
-2007-06-18 08:56 millert
+ * env.c, sudo.pod, sudoers.pod:
+ Preserve DISPLAY environment variable by default.
+ [05f503d5f438]
- * env.c: Make env_check apply when env_reset it true. Environment
- variables are passed through unless they contain '/' or '%'.
- There is no need to have a variable in both env_check and
- env_keep.
+ * acsite.m4, configure:
+ set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
+ [18a04dea8d05]
-2007-06-16 07:31 millert
+ * acsite.m4, configure:
+ set need_version=no for all cases; this is safe for LD_PRELOAD
+ [b542560e1a73]
- * visudo.c: Remove an duplicate lock_file() call and add a comment.
+ * aclocal.m4:
+ typo
+ [c040df0fcd5a]
-2007-06-15 21:16 millert
+ * configure, configure.in:
+ Add dragonfly
+ [f13794618636]
- * UPGRADE: Add sudo 1.6.9 upgrade note.
+ * auth/pam.c:
+ Fix call to pam_end() when pam_open_session() fails.
+ [0be47cdfdef1]
-2007-06-14 12:23 millert
+ * configure:
+ regen
+ [7f5c13b4b800]
- * interfaces.c: Solaris will return EINVAL if the buffer used in
- SIOCGIFCONF is too small. From Klaus Wagner.
+ * acsite.m4:
+ rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
+ ltsugar.m4 ltversion.m4
+ [a7ba9fd1a2ab]
-2007-06-14 12:03 millert
+ * config.guess, config.sub, ltmain.sh:
+ merge in local changes: config.guess: o better openbsd support
+ config.sub: o hiuxmpp support ltmain.sh o remove requirement that
+ libs must begin with "lib" o don't print a bunch of crap about
+ library installs o don't run ldconfig
+ [f4149f2c720f]
- * Makefile.in, config.h.in, configure, configure.in, memrchr.c,
- logging.c, sudo.h: Redo the long syslog line splitting based on a
- patch from Eygene Ryabinkin. Include memrchr() for systems
- without it.
+ * config.guess, config.sub, ltmain.sh:
+ libtool 1.9f
+ [82a534e7121f]
-2007-06-14 07:09 millert
+ * configure.in:
+ Update with autoupdate and make minor changes for libtool 1.9f
+ [11b5ae5c1428]
+
+2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: Since we need to be able to convert timespec to
- timeval for utimes() the last 3 digits in the tv_nsec are not
- significant. This makes the sudoedit file date comparison work
- again.
+ * parse.c:
+ don't call sudo_ldap_display_cmnd if ldap not setup
+ [8bcf6c094ffe]
+
+ * sudo_edit.c, visudo.c:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [b95c333299a0]
-2007-06-13 13:41 millert
+ * gettime.c:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [021b4569cc0c]
- * aclocal.m4, configure, configure.in: Add SUDO_ADD_AUTH macro to
- deal with adding things to AUTH_OBJS. This deals with exclusive
- authentication methods in a simple way.
+ * fileops.c:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [dd8573b2ee7d]
-2007-06-12 13:08 millert
+ * emul/timespec.h:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [f95137771564]
- * LICENSE: mkstemp.c is BSD code too.
+ * check.c, compat.h:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [2ef2ace8fe85]
+
+ * ldap.c:
+ Don't set safe_cmnd for the "sudo ALL" case.
+ [ad7fa9e07da0]
-2007-06-12 09:21 millert
+2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod, sudoers.pod, visudo.pod: No commercial support for now.
+ * auth/pam.c:
+ Call pam_open_session() and pam_close_session() to give pam_limits a
+ chance to run. Idea from Karel Zak.
+ [fed46d471350]
-2007-06-11 18:27 millert
+2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: cleanenv() is no more.
+ * check.c, sudo.c:
+ Add explicit cast from mode_t -> u_int in printf to silence warnings
+ on Solaris
+ [17bb961fe22d]
-2007-06-10 18:37 millert
+ * parse.c:
+ include grp.h to silence a warning on Solaris
+ [14386fbab640]
+
+2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Fix printing of += and -= defaults.
+ [a667604c56cd]
+
+2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Sanity check number of syscall args with argsize. Not really needed
+ but a little paranoia never hurts.
+ [6bb455a2c2d6]
+
+ * mon_systrace.c, mon_systrace.h:
+ Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
+ for systrace lengths (since it uses int)
+ [3cafccffcffd]
+
+2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Add some memsets for paranoia Fix namespace collsion w/ error Check
+ rval of decode_args() and update_env() Remove improper setting of
+ validated variable
+ [3d385158354d]
- * ChangeLog: Display branch info in Changelog
+2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-10 18:18 millert
+ * parse.c, sudo.c, sudo.h:
+ In -l mode, only check local sudoers file if def_ignore_sudoers is
+ not set and call LDAP versions from display_privs() and
+ display_cmnd() instead of directly from main(). Because of this we
+ need to defer closing the ldap connection until after -l processing
+ has ocurred and we must pass in the ldap pointer to display_privs()
+ and display_cmnd().
+ [1dfc2e8c9f2b]
- * utimes.c: Include config.h early so we have it for
- TIME_WITH_SYS_TIME
+ * ldap.c:
+ Reorganize LDAP code to better match normal sudoers parsing.
+ Instead of storing strings for later printing in -l mode we do
+ another query since the authenticating user and the user being
+ listed may not be the same (the new -U flag). Also add support for
+ "sudo -l command".
-2007-06-10 18:00 millert
+ There is still a fair bit if duplicated code that can probably be
+ refactored.
+ [e9568f19bde5]
- * ChangeLog: Fix Changelog generation and update.
+2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-09 07:26 millert
+ * ldap.c:
+ Replace pass variable with do_netgr for better readability.
+ [1bba841b6e79]
- * closefrom.c: Use /proc/self/fd instead of /proc/$$/fd
+ * ldap.c:
+ use DPRINTF macro
+ [02b159b66bb5]
- Move old-style fd closing into closefrom_fallback() and call that
- if /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
+ * ldap.c:
+ estrdup, not strdup
+ [22cdee7973c1]
-2007-06-09 07:24 millert
+2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure.in, auth/kerb5.c: o use
- krb5_verify_user() if available instead of doing it by hand
- o use krb5_init_secure_context() if we have it
- o pass an encryption type of 0 to krb5_kt_read_service_key()
- instead of
- ENCTYPE_DES_CBC_MD5 to let kerberos choose.
+ * parse.c:
+ Add macro to test if the tag changed to improve readability.
+ [4e11b4819556]
-2007-06-09 07:20 millert
+ * parse.c:
+ Avoid printing defaults header if there are no defaults to print...
+ [41a28627df03]
- * env.c: Check TERM and COLORTERM for '%' and '/' characters. From
- Debian.
+ * glob.c:
+ Fix a warning on systems without strlcpy().
+ [6814e0f0e4f4]
-2007-06-09 07:17 millert
+ * pwutil.c:
+ Use macros where possible for sudo_grdup() like sudo_pwdup().
+ [30f201ff35cd]
- * configure.in: Fix closefrom() substitution in the Makefile
+2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-09 07:15 millert
+ * utimes.c:
+ It is possible for tv_usec to hold >= 1000000 usecs so add in
+ tv_usec / 1000000.
+ [794ac4d53a65]
- * TROUBLESHOOTING: Mention alternate sudo pronunciation.
+2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-07 07:52 millert
+ * auth/kerb5.c:
+ The component in krb5_principal_get_comp_string() should be 1, not 0
+ for Heimdal. From Alex Plotnick.
+ [fefa351c5044]
- * env.c: Remove KRB5_KTNAME from environment. Allow COLORTERM.
+2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-06-07 07:22 millert
+ * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
+ interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
+ redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
+ Add efree() for consistency with emalloc() et al. Allows us to rely
+ on C89 behavior (free(NULL) is valid) even on K&R.
+ [7876bb80d87c]
- * auth/kerb5.c: If we cannot get a valid service key using the
- default keytab it is a fatal error. Fixes a bug where sudo could
- be tricked into allowing access when it should not by a fake KDC.
- From Thor Lancelot Simon.
+ * parse.c, sudo.c:
+ Move initgroups() for -U option into display_privs() so group
+ matching in sudoers works correctly.
+ [b074428ad2ca]
-2007-05-12 08:56 millert
+2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4, configure, configure.in: Update long long checks to
- use AC_CHECK_TYPES and to cache values.
+ * ldap.c:
+ Removed duplicate call to ldap_unbind_s introduced along with
+ sudo_ldap_close.
+ [19acc1c20f7c]
-2007-05-12 08:07 millert
+ * parse.c:
+ Add missing space in Defaults printing
+ [95d2935bf6d4]
- * aclocal.m4, configure.in: Use AC_FUNC_FNMATCH instead of a
- homebrew fnmatch checker. We can't use AC_REPLACE_FNMATCH since
- that assumes replacing with GNU fnmatch.
+2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-05-11 17:05 millert
+ * pwutil.c:
+ Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
+ and string copies.
+ [6b6b241495e5]
- * configure, configure.in: Add closefrom() to LIB_OBJS not
- SUDO_OBJS if it is missing since we need it for visudo now too.
+2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-04-24 14:44 millert
+ * pwutil.c:
+ Zero old pw_passwd before replacing with version from shadow file.
+ [3251b349dfe1]
- * sudoers.pod: Attempt to clarify the bit talking about network
- numbers w/o netmasks.
+ * configure, configure.in:
+ Only attempt shadow password detection if PAM is not being used Add
+ shadow_* variables to make shadow password detection more generic.
+ [d498a3423ac9]
-2007-04-24 14:25 millert
+ * configure.in:
+ Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
+ [04d55bbd5e35]
- * sudo.pod: Clarify timestamp dir ownership sentence.
+2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-04-20 12:40 millert
+ * sudoers.pod:
+ use a non-breaking space to avoid a double space after e.g.
+ [11cdb54bdf7b]
- * auth/pam.c: Linux PAM now defines __LINUX_PAM__, not
- __LIBPAM_VERSION. From Dmitry V. Levin.
+ * sudo.pod:
+ commna, not colon after e.g.
+ [8d5875ff72e0]
-2007-04-16 12:13 millert
+2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: -i is also one of the mutually exclusive options to list
- it in the warning message. Noted by Chris Pepper.
+ * sudo_noexec.c:
+ Add __ variants of the exec functions. GNU libc at least uses
+ __execve() internally.
+ [d1880473d790]
-2007-04-12 11:18 millert
+ * indent.pro:
+ Match reality a bit more.
+ [633e3fa875a7]
- * visudo.pod: The sudoers variable is env_editor, not enveditor.
- From Jean-Francois Saucier.
+ * pwutil.c:
+ Missed piece from rev. 1.6, fix sudo_getpwnam() too.
+ [128f7b21c2ee]
-2007-03-29 13:30 millert
+ * pwutil.c:
+ Store shadow password after making a local copy of struct passwd in
+ case normal and shadow routines use the same internal buffer in
+ libc.
+ [f806052a6ffc]
- * redblack.c: I tracked down the original author so credit him and
- include his license info.
+2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-02-06 13:25 millert
+ * alloc.c, logging.c:
+ Make varargs usage consistent with the rest of the code.
+ [3d45affc9851]
- * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
- sudoers.pod: Fix typos; from Jason McIntyre.
+2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2007-02-06 13:23 millert
+ * sudo_noexec.c:
+ Wrap more of the exec family since on Linux the others do not appear
+ to go through the normal execve() path.
+ [8167769b4e19]
- * logging.c: Restore signal mask before calling reapchild(). Fixes
- a possible race condition that could prevent sudo from properly
- waiting for the child.
+ * visudo.c:
+ make print_unused static like proto says
+ [ecf10e1bae55]
-2007-01-31 10:02 millert
+ * glob.c:
+ silence a warning on K&R systems
+ [2e00425f1a5c]
- * pwutil.c: Don't declare pw_free() if we are not going to use it.
+ * alias.c, error.c:
+ make this build in K&R land
+ [156f65f8525a]
-2007-01-31 10:00 millert
+ * parse.c:
+ make this build in K&R land
+ [6fc9276889cb]
- * env.c: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD
- and LDR_PRELOAD64. The 64-bit version is not currently
- supported. Remove zero_env() prototype as it no longer exists.
+2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2006-12-11 13:21 millert
+ * toke.c:
+ regen
+ [3b349748cd21]
- * logging.c: Add "Auto-Submitted: auto-generated" line to sudo mail
- for rfc 3834.
+2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2006-09-29 10:53 millert
+ * ldap.c:
+ return(foo) not return foo optimize _atobool() slightly
+ [11d09d154ed5]
- * auth/pam.c: If the user enters ^C at the password prompt, abort
- instead of trying to authenticate with an empty password (which
- causes an annoying delay).
+ * ldap.c:
+ Use TRUE/FALSE
+ [53999320d98f]
-2006-08-17 11:26 millert
+ * ldap.c:
+ Reformat to match the rest of sudo's code.
+ [1bd0f2afa0e7]
- * closefrom.c, config.h.in, configure, configure.in: Add fcntl
- F_CLOSEM support to closefrom(); adapted from a diff by Darren
- Tucker.
+ * sudo.pod:
+ I am the primary author
+ [5d311ecd85c6]
-2006-08-17 11:25 millert
+2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * pwutil.c: pw_free() is only used by sudo_freepwcache() so ifdef
- it out too.
+ * Makefile.in, README, RUNSON:
+ The RUNSON file is toast--it confused too many people and really
+ isn't needed in a configure-oriented world.
+ [96a6ef7bbc08]
-2006-08-04 11:34 millert
+ * INSTALL:
+ alternate -> alternative
+ [b65015c5d0a2]
- * config.sub, config.guess: Update to latest versions from
- cvs.savannah.gnu.org
+ * tgetpass.c:
+ Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
+ TCSAFLUSH.
+ [c66b4763ffdc]
-2006-07-31 13:51 millert
+ * toke.l:
+ Allow leading blanks before Defaults and Foo_Alias definitions
+ [2add513d9277]
- * pwutil.c, sudo_edit.c: Move password/group cache cleaning out of
- sudo_end{pw,grp}ent() so we can close the passwd/group files
- early.
+ * Makefile.in:
+ fix rules to build toke.o and gram.o in devel mode
+ [96cbb414ebd3]
-2006-07-31 13:50 millert
+2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure, configure.in, set_perms.c: Add seteuid()
- flavor of set_perms() for systems without setreuid() or
- setresuid() that have a working seteuid(). Tested on Darwin.
+ * sudoers.pod:
+ env_keep overrides set_logname
+ [401877193a15]
+
+ * env.c:
+ Fix disabling set_logname and make env_keep override set_logname.
+ [0906e7a5ed93]
+
+ * compat.h, config.h.in, configure, configure.in:
+ No longer need memmove()
+ [43bdb6efe3f2]
+
+ * env.c, sudo.c:
+ Just clean the environment once. This assumes that any further
+ setenv/putenv will be able to handle the fact that we replaced
+ environ with our own malloc'd copy but all the implementations I've
+ checked do.
+ [11658fe92ba2]
-2006-07-30 15:56 millert
+2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * mon_systrace.c: systrace_read() returns ssize_t
+ * env.c, sudo.c:
+ In -i mode, base the value of insert_env()'s dupcheck flag on
+ DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
+ [8365b0bd0c71]
-2006-07-30 15:53 millert
+2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ Move setting of user_path, user_shell, user_prompt and prev_user
+ into init_vars() since user_shell at least is needed there.
+ [37e22dce66e9]
+
+2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fix devel builds
+ [9fbb15ef164c]
+
+ * sudo.c:
+ Fix some printf format mismatches on error.
+ [ffc1c3f11740]
+
+ * check.c:
+ Fix some printf format mismatches on error.
+ [7b3b508adf50]
+
+ * configure, gram.c, toke.c:
+ regen
+ [aa76f9d8b02a]
+
+ * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
+ auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
+ auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
+ auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
+ closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
+ emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
+ getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
+ interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
+ parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
+ snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
+ sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
+ testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
+ visudo.pod, zero_bytes.c:
+ Update copyright years.
+ [0610c3654739]
+
+ * Makefile.binary.in:
+ Update copyright years.
+ [d78ffc9f2e2b]
+
+ * LICENSE:
+ Update copyright years.
+ [f60473bca4b1]
- * configure, configure.in: Fix typo, -lldap vs. -ldap; from Tim
- Knox.
+ * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
+ version 1.7
+ [aa977a544ca1]
-2006-07-28 13:12 millert
+ * WHATSNEW:
+ What's new in sudo 1.7, based on the 1.7 CHANGES entries.
+ [ecfcf7269c14]
- * HISTORY: Fix typo; Matt Ackeret
+2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2006-07-17 08:25 millert
+ * compat.h, logging.h, sudo.h:
+ Add __printflike and use it with gcc to warn about printf-like
+ format mismatches
+ [b192ad4a0548]
- * sudo.c: Print sudoers path in -V mode for root.
+2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2006-06-15 14:44 millert
+ * CHANGES, ChangeLog:
+ Replaced CHANGES file with ChangeLog generated from cvs logs
+ [d9ace9dab98f]
- * ldap.c: Do a sub tree search instead of a base search (one level
- in the tree only) for sudo right objects. This allows system
- administrators to categorize the rights in a tree to make them
- easier to manage.
+ * set_perms.c:
+ Use warning/error instead of perror/fatal.
+ [e33259df7738]
-2005-12-28 13:52 millert
+ * config.guess:
+ Update OpenBSD section
+ [9d2c23de6801]
- * sudo.pod: fix typo
+ * UPGRADE:
+ Add upgrading noted for 1.7
+ [1fb6b6d6df07]
-2005-12-04 12:16 millert
+ * env.c, sudo.c, sudoers.pod:
+ Instead of zeroing out the environment, just prune out entries based
+ on the env_delete and env_check lists. Base building up the new
+ environment on the current environment and the variables we removed
+ initially.
+ [fc192df8fd15]
- * ldap.c: Convert GET_OPT and GET_OPTI to use just 2 args. Add
- timelimit and bind_timelimit support; adapted from gentoo.
+ * config.h.in, configure, configure.in, sudo.c:
+ Set locale to "C" if locales are supported, just to be safe.
+ [91fbaa98f02e]
-2005-11-23 18:57 millert
+ * toke.c, toke.l:
+ Cast?argument to ctype functions to unsigned char.
+ [e096b4d65796]
+
+2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ correct value for DID_USER
+ [b5b05d36ec15]
+
+ * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
+ #include <compat.h> not "compat.h"
+ [7a0ad9a0ccd7]
+
+ * defaults.c:
+ Reset the environment by default.
+ [4ecc6423e0f0]
+
+ * sudo.c:
+ Alloc an extra slot in NewArgv. Removes the need to malloc an new
+ vector if execve() fails.
+ [83dfb6f584a7]
+
+2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, config.h.in, configure, configure.in, sudo.c:
+ Use execve(2) and wrap the command in sh if we get ENOEXEC.
+ [c0c6af4e2a21]
+
+2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_noexec.c:
+ Only include time.h on systems that lack struct timespec which gets
+ defind in compat.h (using time_t).
+ [e373e518b4cb]
+
+ * sudo_noexec.c:
+ Include time.h for time_t in compat.h for systems w/o struct
+ timespec.
+ [a34b5637e458]
+
+ * compat.h, config.h.in, configure, configure.in:
+ use bcopy on systems w/o memmove
+ [f835eafd78c6]
+
+ * compat.h:
+ __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
+ use to gcc >= 2.8.
+ [1cb9a4e58566]
+
+ * Makefile.in:
+ Add explicit rule to build sudo_noexec.lo
+ [df1dfcf8dd77]
- * ldap.c: Support comments that start in the middle of a line
+2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-11-23 18:56 millert
+ * INSTALL.configure, Makefile.in:
+ No longer depend on VPATH; pointed out a bunch of missed
+ dependencies.
+ [601a45d4af6b]
+
+ * TROUBLESHOOTING:
+ Help for PAM when account section is missing
+ [9b8221256756]
- * configure.in, configure: Define LDAP_DEPRECATED until we start
- using ldap_get_values_len()
+ * auth/pam.c:
+ Give user a clue when there is a missing "account" section in the
+ PAM config.
+ [2529625c0495]
-2005-11-18 09:55 millert
+ * auth/pam.c:
+ Better error handling.
+ [518c9bda23d8]
+
+ * config.h.in, configure, configure.in:
+ Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
+ possible. Silences a warning about isblank() on linux.
+ [19c94d7ecdc8]
+
+ * auth/pam.c:
+ Fix typo (missing comma) that caused an incorrect number of args to
+ be passed to log_error().
+ [0099dfec560f]
+
+2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Don't try to destroy a tree we didn't create.
+ [d43c4fe03aa4]
+
+2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+ auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
+ compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
+ fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
+ goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
+ match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
+ sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
+ strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
+ tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
+ Add __unused to rcsids
+ [ad6b4ac45705]
+
+2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix error message when mixing invalid auth types
+ [68069b3ff5bc]
+
+ * INSTALL:
+ PAM, AIX auth, BSD auth and login_cap are now on by default if the
+ OS supports them.
+ [4e44e9098cf0]
+
+ * auth/sudo_auth.h, config.h.in:
+ s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
+ [2d569b43b23e]
+
+ * configure.in:
+ Better checking for conflicting authentication methods Display the
+ authentication methods used at the end of configure Rename --with-
+ authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
+ --with-pam, --with-logincap by default on systems that support them
+ unless disabled. Add OSMAJOR variable that replaces old OSREV; now
+ OSREV has full version number
+ [a21115b6fe9f]
+
+2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.in, sudo.c, sudoers.pod:
+ s/-O/-C/
+ [ee73f1b81923]
+
+2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Replace: test -n "$FOO" || FOO="bar"
+
+ With: : ${FOO='bar'}
+ [37552d9054fc]
+
+2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c, testsudoers.c, tsgetgrpw.c:
+ Use function pointers to only call private passwd/group routines
+ when using a nonstandard passwd/group file.
+ [215908681dfb]
+
+2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ sync
+ [2e55c03f5790]
+
+ * tsgetgrpw.c:
+ Can't use strtok() since it doesn't handle empty fields so add
+ getpwent()/getgrent() functions and call those.
+ [bdaa5b0db70e]
+
+2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Fix dummied out toke.c and gram.c dependencies.
+ [4b909c8b2ebe]
+
+ * Makefile.in:
+ Rename PARSESRCS -> GENERATED since it is only used in the clean
+ target Add devdir variable and use it to specify the path to parser
+ sources
+ [f27b3f41ca23]
+
+ * configure:
+ regen
+ [22c6435dbd46]
+
+ * configure.in:
+ Add a devdir variables that defaults to $(srcdir) and is set to . if
+ --devel was specified. Allows for proper dependecies building the
+ parser.
+ [a36d694c6d21]
+
+ * testsudoers.c:
+ Add support for custom passwd/group files.
+ [296549ff4b87]
+
+ * Makefile.in:
+ Build private copy of pwutil.o for testsudoers with MYPW defined so
+ it uses our own passwd/group routines.
+ [bafa54ec78ca]
+
+ * visudo.c:
+ Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
+ stubs instead. We can now just use the caching sudo_*{pw,gr}*
+ functions in pwutil.c Add comment about wanting to call
+ sudo_endpwent/sudo_endgrent in cleanup()
+ [7e59d6b5510d]
+
+ * tsgetgrpw.c:
+ Remove caching; we will just use what is in pwutil.c Use global
+ buffers for passwd/group structs Rename functions from sudo_* to
+ my_*
+ [8c1e068f574c]
+
+ * logging.c, sudo.c:
+ g/c pwcache_init/pwcache_destroy
+ [60a24909b947]
+
+ * sudo.h:
+ Undo last commit and add sudo_setspent and sudo_endspent instead.
+ [bac80db08296]
+
+ * getspwuid.c, pwutil.c:
+ Move all but the shadow stuff from getspwuid.c to pwutil.c and
+ pwcache_get and pwcache_put as they are no longer needed. Also add
+ preprocessor magic to use private versions of the passwd and group
+ routines if MYPW is defined (for use by testsudoers).
+ [a16b8678a426]
+
+ * tsgetgrpw.c:
+ zero out struct passwd/group before filling it in so if there are
+ fields we don't handle they end up as 0.
+ [274cb6a93301]
- * closefrom.c: Silence gcc -Wsign-compare; djm@openbsd.org
+ * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ Adapt to pwutil.c
+ [43ebd04c8b82]
-2005-11-17 20:39 millert
+ * Makefile.in:
+ Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
+ readability.
+ [7f88c6061e2d]
- * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c: cleanup() now
- takes an int as an arg so it can be used as a signal handler too.
+ * tsgetgrpw.c:
+ Passwd and group lookup routines for testsudoers that support
+ alternate passwd and group files.
+ [d7803101d34e]
+
+ * getspwuid.c, pwutil.c:
+ Split off pw/gr cache and dup code into its own file. This allows
+ visudo and testsudoers to use the pw/gr cache too.
+ [ef333d3ffedf]
+
+2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Print Defaults info in "sudo -l" output and wrap lines based on the
+ terminal width.
+ [e559eae4250e]
+
+2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c, testsudoers.c, visudo.c:
+ Only check group vector in usergr_matches() if we are matching the
+ invoking or list user. Always check the group members, even if
+ there was a group vector.
+ [d0c7ceb2a041]
+
+2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, Makefile.in, fnmatch.3:
+ No longer bundle fnmatch.3
+ [72db4a4ff4e1]
+
+ * CHANGES, TODO:
+ checkpoint
+ [e92781bfd99c]
+
+2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ sort usage
+ [15e3b876ec2c]
+
+ * sudo.pod:
+ Sort command line options
+ [c1fa56584bc4]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
+ sudo.pod, sudoers.pod:
+ Add closefrom sudoers option to start closing at a point other than
+ 3. Add closefrom_override sudoers option and -C sudo flag to allow
+ the user to specify a different closefrom starting point.
+ [370652b099d1]
+
+ * pathnames.h.in:
+ Add _PATH_DEVNULL for those without it.
+ [0c4c3e0ceb8b]
+
+ * LICENSE:
+ no more UCB strcasecmp
+ [397a6298e07f]
+
+ * strcasecmp.c:
+ replace BSD licensed one with version derived from pdksh
+ [d7cfda8c57a2]
-2005-11-17 20:38 millert
+2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Fix last commit.
+ [7afb9a180532]
- * sudo.c: Make a copy of the shell field in the passwd struct for
- NewArgv to avoid a use after free situation after sudo_endpwent()
- is called.
+ * sudo.c:
+ Make sure stdin, stdout and stderr are open and dup them to
+ /dev/null if not.
+ [590f387068bd]
-2005-11-16 20:36 millert
+2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, mkstemp.c, config.h.in, configure, configure.in: Add
- mkstemp() for those poor souls without it.
+ * ldap.c, mon_systrace.c, sudo.c, sudo.h:
+ add sudo_ldap_close
+ [4273a36765a7]
-2005-11-15 09:25 millert
+ * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
+ Use TIME_WITH_SYS_TIME
+ [c32b59bf15fb]
- * env.c: Add PERL5DB to list of environment variables to remove.
+ * config.h.in, configure, configure.in:
+ Add TIME_WITH_SYS_TIME_H
+ [57cb146f451d]
-2005-11-13 15:49 millert
+2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * mon_systrace.c, mon_systrace.h: Instead of calling the check
- function twice with a state cookie use separate check/log
- functions.
+ * env.c:
+ Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
+ unconditionally on darwin. From Toby Peterson.
+ [d69959681c87]
- Check more ioctl() calls for failure.
+ * getspwuid.c:
+ Check rbinsert() return value. In the case of faked up entries
+ there is usually a negative response cached that we need to
+ overwrite.
- systrace_{read,write} now return the number of bytes read/written
- or -1 on error.
+ In pwfree() don't try to zero out a NULL pw_passwd pointer.
+ [00b32d1a48c1]
-2005-11-13 14:51 millert
+ * mon_systrace.c:
+ Use the double fork trick to avoid the monitor process being waited
+ for by the main program run through sudo.
+ [e0ce556712ff]
- * env.c: Add more environment variables to remove; from gentoo
- linux Add some comments about what bad env variables go to what
- (more to do)
+2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-11-11 17:23 millert
+ * sudo.c:
+ Call initgroups() in -U mode so group matches work normally.
+ [2235bea15283]
- * sudo.c, sudo_edit.c: Move sudo_end{gr,pw}ent() until just before
- the exec since they free up our cached copy of the passwd
- structs, including sudo_user and sudo_runas. Fixes a
- use-after-free bug.
+ * def_data.h, mkdefaults:
+ Don't print a trailing comma for the last entry in enum def_tupple
+ [c43a96bb31df]
-2005-11-11 17:19 millert
+2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: Close all fd's before executing editor.
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Mention values when lecture, listpw and verifypw are used in boolean
+ context.
+ [a0b5c0abaccf]
-2005-11-11 17:17 millert
+ * def_data.c, def_data.in:
+ verifypw when used in a boolean TRUE context should be "all", not
+ "any".
+ [2eb076ddd5e2]
- * sudo.c: Enable malloc debugging on OpenBSD when SUDO_DEVEL is
- set.
+2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-11-11 11:22 millert
+ * def_data.in, defaults.c:
+ Allow tuples that can be used as booleans to be used as boolean
+ TRUE. In this case the 2nd possible value of the tuple is used for
+ TRUE.
+ [bd99aa77e88b]
- * check.c: Fix fd leak when lecture file option is enabled. From
- Jerry Brown
+2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-11-07 11:02 millert
+ * configure, configure.in:
+ Correct the test for 2-parameter timespecsub
+ [d41c9cb26b97]
- * env.c: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
- environment variables to remove. From Charles Morris
+ * sudo.h:
+ Add strub struct definitions for passwd, timeval and timespec
+ [c4ce5c43d8c5]
-2005-11-01 13:24 millert
+ * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
+ Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
+ and fix a typo in the gettimeofday check.
+ [8ac9893057ce]
- * env.c: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
+2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-10-27 20:35 millert
+ * match.c, testsudoers.c:
+ Deal with user_stat being NULL as it is for visudo and testsudoers.
+ [3605a6ff64d0]
- * env.c: add PS4 and SHELLOPTS to initial_badenv_table for bash
+ * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
+ Add -U option to use in conjunction with -l instead of -u. Add
+ support for "sudo -l command" to test a specific command.
+ [99638789d415]
-2005-08-14 20:32 millert
+ * gram.c, gram.y, sudo.c:
+ Set safe_cmnd after sudoers_lookup() if it has not been set.
+ Previously it was set by sudo "ALL" in the parser but at that point
+ the fully-qualified pathname has not yet been found.
+ [ac30d98f8225]
- * sudoers.pod: Fix typo; Toby Peterson
+2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-08-02 09:57 millert
+ * parse.c, testsudoers.c:
+ Correctly handle multiple privileges per userspec and runas
+ inheritence.
+ [a98a965181af]
- * tsgetgrpw.c: Make return buffers static so they don't get
- clobbered
+2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-07-27 21:14 millert
+ * defaults.c:
+ Zero out sd_un for each entry in sudo_defs_table in init_defaults.
+ [031d3cd4a848]
- * auth/securid5.c: Fix securid5 authentication, was not checking
- for ACM_OK. Also add default cases for the two switch()es.
- Problem noted by ccon at worldbank
+2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-06-26 20:10 millert
+ * toke.c, toke.l:
+ make per-command defaults work with sudoedit
+ [e56fe33db916]
- * ldap.c: Remove ncat() in favor of just counting bytes and
- pre-allocating what is needed.
+ * ldap.c, parse.c, sudo.c, sudo.h:
+ Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
+ Instead, we just set the approriate defaults variable.
+ [756eeecc1d86]
-2005-06-26 19:44 millert
+ * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
+ Document per-command Defaults.
+ [92a0f84b91c1]
- * ldap.c: Fix up some comments Add missing fclose() for the
- rootbinddn case
+ * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
+ sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
+ Add support for command-specific Defaults entries. E.g.
+ Defaults!/usr/bin/vi noexec
+ [be3d52bf01cf]
+
+ * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
+ Change an occurence of user_matches() -> runas_matches() missed
+ previously runas_matches(), host_matches() and cmnd_matches() only
+ really need to pass in a list of members. user_matches() still
+ needs to pass in a passwd struct because of "sudo -l"
+ [833b22fc6fa0]
+
+ * parse.c:
+ Check def_authenticate, def_noexec and def_monitor when setting
+ return flags. XXX May be better to just set the defaults directly
+ and get rid of those flags.
+ [b6db22b59d69]
+
+ * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+ auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
+ defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
+ getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
+ gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
+ mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
+ strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
+ sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
+ visudo.c, zero_bytes.c:
+ Use: #include <config.h> Not: #include "config.h" That way we get
+ the correct config.h when build dir != src dir
+ [97e5670a442b]
+
+ * Makefile.in:
+ Back out part of rev 1.263; fix -I order
+ [197ea01cad5d]
+
+ * toke.c, toke.l:
+ More robust parsing if #include; could be much better still.
+ [31bc3cd8f045]
+
+ * sudo_edit.c, visudo.c:
+ Make arg splitting in visudo and sudoedit consistent.
+ [7bc74485f246]
+
+ * Makefile.in, alias.c, gram.c, gram.y, parse.h:
+ Split alias routines out into their own file.
+ [d90f633cf9ae]
+
+ * error.h:
+ __attribute__ is already defined in compat.h
+ [676ed3fe9203]
+
+ * visudo.c:
+ quit() should not be __noreturn__ as it is non-void on some
+ platforms.
+ [e528c2b6ba10]
+
+ * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
+ Add local error/warning functions like err/warn but that call an
+ additional cleanup routine in the error case. This means we no
+ longer need to compile a special version of alloc.o for visudo.
+ [e78e8aae882e]
+
+ * parse.h:
+ Clarify comments about the data structures
+ [ae894e266701]
+
+2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Add support for VISUAL and EDITOR containing command line args. If
+ env_editor is not set any args in VISUAL and EDITOR are ignored.
+ Arguments are also now supported in def_editor.
+ [ff7303b8e298]
+
+2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.h:
+ alias_matches() is no more
+ [b59825e28084]
+
+ * CHANGES, TODO:
+ sync
+ [2b8f5f63c1de]
+
+ * Makefile.in:
+ When regenerating the parser, don't replace gram.h unless it has
+ changed.
+ [819949668018]
+
+ * Makefile.in:
+ remove Makefile.binary for distclean
+ [351eec8d00b2]
+
+ * env.c:
+ Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
+ sure we can't overflow new_env.
+ [3284d17b9c6d]
+
+ * sudo_edit.c:
+ paranoia when stripping trailing slashes from tempdir.
+ [012f1aa2b81f]
+
+ * sudo.c:
+ Set user_ngroups to 0 if getgroups() returns an error.
+ [c46d43e9449a]
+
+2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, sudo.c:
+ Add configure check for getgroups()
+ [5d8a214e2cef]
+
+ * ldap.c:
+ Use supplementary group vector in struct sudo_user.
+ [3d0c463c034d]
+
+ * match.c:
+ Only do string comparisons on the group members if there is no
+ supplemental group list.
+ [be1c8362f7ef]
+
+ * CHANGES, TODO:
+ sync
+ [db188bc5b975]
+
+ * sudo_edit.c:
+ On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
+ chop off any trailing slashes we see and add an explicit one.
+ [e1b477dafee1]
-2005-06-26 19:38 millert
+ * match.c:
+ remove bogus XXX comment
+ [8aecb8a28d40]
- * ldap.c: align struct ldap_config
+ * match.c:
+ Get rid of alias_matches and correctly fall through to the non-alias
+ cases when there is no alias with the specified name.
+ [2cd555246f09]
-2005-06-26 19:37 millert
+ * getspwuid.c:
+ Cache non-existent passwd/group entries too.
+ [8de9a467d271]
- * ldap.c: use LINE_MAX for max conf file line size
+ * gram.c:
+ regen
+ [9ece18c58f36]
-2005-06-26 18:36 millert
+ * getspwuid.c:
+ fix typo
+ [9a7ae371eac1]
- * pathnames.h.in: add _PATH_LDAP_SECRET
+ * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
+ mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ Implement group caching and use the passwd and group caches
+ throughout.
+ [f1d8c5015169]
+
+2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Properly negate the return value of alias_matches() when
+ appropriate.
+ [ce59c4ce77ad]
+
+ * match.c:
+ Make hostname_matches() return TRUE for a match, else FALSE like the
+ caller expects.
+ [1dc03902d3a2]
+
+ * Makefile.in:
+ Add missing dependencies on gram.h
+ [4f94bbb1d50c]
+
+ * match.c:
+ Use runas_matches in alias_matches() now that we have it.
+ [284d22e91178]
+
+ * parse.c, parse.h:
+ Expand aliases in "sudo -l" mode
+ [f67a38b79c44]
+
+ * gram.y, match.c:
+ Use ALIAS for the member type when storing an alias instead of
+ HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
+ more generic type. Expand runas_matches instead of calling
+ user_matches() inside of it since user_matches() looks up
+ USERALIASes, not RUNASALIASes.
+ [52004d75232b]
+
+ * CHANGES, getspwuid.c:
+ Paranoia; zero out pw_passwd before freeing passwd entry.
+ [bd1b22638f00]
-2005-06-26 18:36 millert
+ * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
+ configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
+ error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
+ sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
+ Add local error/warning functions like err/warn but that call an
+ additional cleanup routine in the error case. This means we no
+ longer need to compile a special version of alloc.o for visudo.
+ [25000b676cfe]
+
+ * match.c:
+ Use userpw_matches() to compare usernames, not strcmp(), since the
+ latter checks for "#uid".
+ [fcbe4b859f66]
+
+ * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
+ Cache passwd db entries in 2 reb-black trees; one indexed by uid,
+ the other by user name. The data returned from the cache should be
+ considered read-only and is destroyed by sudo_endpwent().
+ [ee2418ff3f86]
+
+ * match.c:
+ add cast to uid_t
+ [eb6415302d84]
+
+ * gram.y:
+ missing free in alias_destroy
+ [572ecb680ad8]
+
+ * redblack.c:
+ Can't use rbapply() for rbdestroy since the destructor is passed a
+ data pointer, not a node pointer.
+ [11ce713830c0]
+
+ * getspwuid.c, logging.c, sudo.c, sudo.h:
+ Create and use private versions of setpwent() and endpwent() that
+ set/end the shadow password file too.
+ [616bc76d23bf]
+
+ * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
+ Store aliases in a red-black tree.
+ [ce017d540416]
+
+ * Makefile.in, redblack.c, redblack.h:
+ red-black tree implementation
+ [cd5586e8f48b]
+
+ * visudo.c:
+ Edit all sudoers file if there were unused or undefined aliases and
+ we are in strict mode.
+ [b6d5f5bb7262]
+
+2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * README.LDAP: Mention rootbinddn Give example ou=SUDOers container
+ * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
+ find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
+ Bring back the "secure_path" Defaults option now that Defaults take
+ effect before the path is searched.
+ [2e52c0e27606]
+
+2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, parse.c:
+ A user can always list their own entries, even with -u. Better error
+ message when failing to list another user's entries.
+ [e2e24deb0071]
+
+ * parse.c, sudo.c, sudo.h:
+ The syntax to list another user's entries is now "-u otheruser -l".
+ Only root or users with sudo "ALL" may list other user's entries.
+ [3c0657e8f5fe]
+
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Update env variable info in SECURITY NOTES
+ [299716071024]
+
+ * env.c:
+ strip CDPATH too
+ [9b97643b26f9]
+
+ * env.c:
+ strip exported bash functions from the environment.
+ [9e5090c8284f]
+
+2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Only reset sudo_user.pw based on SUDO_USER environment variables for
+ real commands and sudoedit. This avoids a confusing message when a
+ user tries "sudo -l" or "sudo -v" and is denied.
+ [3ea6d0053274]
+
+ * gram.c, gram.y, parse.h:
+ Extend LIST_APPEND to deal with appending lists too
+ [d963e42f622f]
+
+2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Convert some bitwise AND to ISSET
+ [130dc40d268e]
+
+ * lex.yy.c, toke.c:
+ toke.c replaces lex.yy.c
+ [048858df79e7]
+
+ * CHANGES, TODO:
+ sync
+ [d19e7abf251c]
+
+ * BUGS:
+ new parser fixes most of the outstanding bugs
+ [0891f66e3758]
+
+ * configure:
+ regen
+ [1a3358cc7283]
+
+ * visudo.c:
+ Rework for the new parser. Now checks for unused aliases in sudoers.
+ [ad462ede3094]
+
+ * testsudoers.c:
+ Rewrite for the new parser. Now supports a -d flag (dump) and adds
+ a -h flag (host). It now defaults to the local hostname unless
+ otherwise specified.
+ [1b69685cc601]
+
+ * sudo.h:
+ Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
+ [2e4fb3abfef0]
+
+ * sudo.c:
+ Update for new parse. We now call find_path() *after* we have
+ updated the global defaults based on sudoers. Also adds support for
+ listing other user's privs if you are root.
+ [cf3db9fc3024]
+
+ * mon_systrace.c:
+ Working LDAP support; also remove a now-unneeded rewind().
+ [649ecf1baf6b]
+
+ * logging.c, logging.h:
+ Add NO_STDERR flag.
+ [6cb935af94e0]
+
+ * ldap.c:
+ Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
+ udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
+ connecto to LDAP, apply the default options, find the command in the
+ user's path, and then check whether the user is allowed to run it.
+ The important thing here is that the default runas user may be
+ specified as a default option and that needs to be set before we
+ search for the command.
+ [fc0426abc6f1]
+
+ * ldap.c:
+ Add casts to unsigned char for isspace() to quiet a gcc warning.
+ [e5358e3df439]
+
+ * defaults.h:
+ Add prototype for update_defaults()
+ [564dac3db74e]
+
+ * defaults.c:
+ Don't warn about line numbers now that we operate on a set of data
+ structures (or LDAP) and not a file.
+ [bcd9ffb9b67c]
+
+ * config.h.in:
+ No long use lsearch()
+ [9d048c587319]
+
+ * Makefile.in:
+ Update for new and changed file names.
+ [6f424a7c4515]
+
+ * LICENSE:
+ no more BSD lsearch.c
+ [463a96d89026]
+
+ * match.c:
+ foo_matches() routines now live in match.c Added user_matches(),
+ runas_matches(), host_matches(), cmnd_matches() and alias_matches()
+ that operate on the parsed sudoers file.
+ [b14da8a0567e]
+
+ * parse.lex, toke.l:
+ Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
+ WORD no longer needs to exclude '@' kill yywrap()
+ [a922294eb7b7]
+
+ * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
+ sudo.tab.h:
+ Rewritten parser that converts sudoers into a set of data
+ structures. This eliminates ordering issues and makes it possible to
+ apply sudoers Defaults entries before searching for the command.
+ [30d2ec4d203c]
+
+ * configure.in, emul/search.h, lsearch.c:
+ We won't be using lsearch() any longer.
+ [29c4d54bfac0]
+
+ * ldap.c:
+ sudo should not send mail if someone who runs 'sudo -l' has no
+ entry.
+ [6fc27a69fd9c]
-2005-06-25 18:03 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [8166347917f3]
- * configure, INSTALL, configure.in, ldap.c: Support rootbinddn in
- ldap.conf
+ * visudo.pod:
+ Update warnings to match new visudo
+ [004c0766798f]
-2005-06-25 17:46 millert
+ * sudoers.pod:
+ The new parser doesn't have the old ordering constraints.
+ [ffd43bd08661]
- * env.c, sudo.pod, sudoers.pod: Preserve DISPLAY environment
- variable by default.
+ * sudo.pod:
+ Document that -l now takes an optional username argument
+ [278f9557de8b]
-2005-06-25 16:39 millert
+2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * acsite.m4, configure: set need_lib_prefix=no for all cases; this
- is safe for LD_PRELOAD
+ * RUNSON:
+ AIX 5.2.0.0 works
+ [523acd29d858]
-2005-06-25 16:15 millert
+ * ldap.c:
+ If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
+ a compilation problem with Solaris 9's native LDAP.
- * acsite.m4, configure: set need_version=no for all cases; this is
- safe for LD_PRELOAD
+ Set FLAG_MONITOR when needed.
+ [35824ade672d]
-2005-06-25 14:45 millert
+2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4: typo
+ * mon_systrace.c:
+ Call sudo_goodpath() *after* changing the cwd to match the traced
+ process. Fixes relative paths.
+ [12ee111d0ad7]
-2005-06-25 14:33 millert
+2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Add dragonfly
+ * testsudoers.c:
+ Kill set_perms() stub--it is no longer needed.
+ [116ed702935d]
-2005-06-25 14:29 millert
+2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: Fix call to pam_end() when pam_open_session() fails.
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ stay_setuid now requires set_reuid() or setresuid()
+ [8511f67e25d5]
-2005-06-25 14:21 millert
+ * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
+ configure.in, set_perms.c, sudo.c, sudo.h:
+ Kill use of POSIX saved uids; they aren't worth bothering with.
+ [b3b1f19f18c1]
+
+2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * glob.c:
+ remove call to issetugid()
+ [63f2e492c08f]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Remove warning about wildcards. Now that we use glob() the bug is
+ fixed.
+ [b15729d32266]
+
+ * parse.c:
+ Use glob(3) instead of fnmatch(3) for matching pathnames and stat
+ each result that matches the basename of the user's command. This
+ makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
+ /usr/bin/blah. Fixes bug #143.
+ [e31eb6310340]
+
+ * config.h.in, configure, configure.in:
+ Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
+ GLOB_BRACE)
+ [677ed6661e17]
+
+ * config.h.in, configure, configure.in:
+ Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
+ [aaa2329dd266]
+
+ * LICENSE:
+ reference glob
+ [bedc9a923423]
+
+ * glob.c:
+ 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
+ removed.
+ [81799451473c]
+
+ * emul/glob.h:
+ 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
+ removed.
+ [0335cf31fb1e]
+
+2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
+ means we are out of space in the stack gap...
+ [5b02b702021e]
+
+ * CHANGES:
+ sync
+ [be3826273e56]
+
+ * mon_systrace.c:
+ Take a stab at ldap sudoers support here.
+ [9d023695b0de]
+
+ * mon_systrace.c, mon_systrace.h:
+ Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
+ doesn't cause reboot to inadvertanly kill itself.
+ [d4aab2365610]
+
+ * mon_systrace.c:
+ put "monitor" in the proctitle, not "systrace"
+ [9a9025767d86]
+
+ * mon_systrace.c:
+ When modifying the environment, don't replace envp when we can get
+ away with just rewriting pointers in the traced process.
+ [c03622f7a2e2]
+
+ * mon_systrace.c, mon_systrace.h:
+ Add environment updating via STRIOCINJECT (if available).
+ [037291016870]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [869acc511046]
+
+2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c:
+ regen
+ [4e61a9bd3c97]
+
+ * parse.lex:
+ Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
+ [b70d7bd6e147]
+
+ * mon_systrace.c:
+ Include file is now mon_systrace.h
+ [ead4e36d92ae]
- * configure: regen
+ * Makefile.in, configure, configure.in, def_data.c, def_data.h,
+ def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
+ sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
+ No longer call it tracing, it is now "monitoring" which should be
+ more a obvious name to non-hackers.
+ [aa811ded0789]
-2005-06-25 14:20 millert
+2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * acsite.m4: rebuild acsite.m4 from libtool 1.9f libtool.m4
- ltoptions.m4 ltsugar.m4 ltversion.m4
+ * mon_systrace.c, mon_systrace.h:
+ Fix some XXX
+ [a271072dacc6]
-2005-06-25 14:08 millert
+ * mon_systrace.c, mon_systrace.h:
+ No need to include syscall.h, use 1024 as the max # of entries (the
+ max that systrace(4) allows).
- * config.guess, config.sub, ltmain.sh: merge in local changes:
- config.guess: o better openbsd support config.sub: o hiuxmpp
- support ltmain.sh o remove requirement that libs must begin with
- "lib" o don't print a bunch of crap about library installs o
- don't run ldconfig
+ Only need to use SYSTR_POLICY_ASSIGN once
-2005-06-25 14:05 millert
+ Change check_syscall() -> find_handler() and have it return the
+ handler instead of just running it. We need this since handler now
+ have two parts: one part that generates and answer and another that
+ gets called after the answer is accepted (to do logging).
- * config.guess, config.sub, ltmain.sh: libtool 1.9f
+ Add some missing check_exec for emul execv
+ [a89d243f0525]
-2005-06-25 14:04 millert
+ * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
+ Add $Sudo$ tags.
+ [6f3fedb0daba]
- * configure.in: Update with autoupdate and make minor changes for
- libtool 1.9f
+ * config.h.in:
+ Add missing HAVE_LINUX_SYSTRACE_H
+ [ff75ab7bfc53]
-2005-06-22 23:19 millert
+ * Makefile.in:
+ add trace_systrace.o dependency
+ [88a408668ab2]
- * parse.c: don't call sudo_ldap_display_cmnd if ldap not setup
+2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-06-22 23:04 millert
+ * configure, configure.in:
+ Also look for systrace.h in /usr/include/linux
+ [98b98b436cf3]
- * check.c, compat.h, fileops.c, gettime.c, sudo_edit.c, visudo.c,
- emul/timespec.h: Move declatation of struct timespec to its own
- include files for systems without it since it needs time_t
- defined.
+ * mon_systrace.c, mon_systrace.h:
+ Move all struct defs and prototypes into trace_systrace.h and mark
+ all but systace_attach() static.
+ [85511253b570]
-2005-06-22 22:57 millert
+ * mon_systrace.c, mon_systrace.h:
+ Add support for tracing emulations. At the moment, all emulations
+ are compiled in. It might make sense to #ifdef them in the future,
+ though this impeeds readability.
+ [87bb50abf277]
- * ldap.c: Don't set safe_cmnd for the "sudo ALL" case.
+ * Makefile.in, configure, configure.in:
+ rename systrace.c -> trace_systrace.c
+ [31cfa4407d93]
-2005-05-27 01:59 millert
+ * parse.yacc, sudo.tab.c:
+ Allow this to build with a K&R compiler again
+ [32876af5bb98]
- * auth/pam.c: Call pam_open_session() and pam_close_session() to
- give pam_limits a chance to run. Idea from Karel Zak.
+ * TODO:
+ sync
+ [46865bd70f7c]
-2005-04-24 19:24 millert
+ * compat.h, sudo.c, visudo.c:
+ Use __attribute__((__noreturn__))
+ [65bbad71fe89]
- * check.c, sudo.c: Add explicit cast from mode_t -> u_int in printf
- to silence warnings on Solaris
+ * visudo.c:
+ Exit() takes a negative value to indicate it was not called via
+ signal.
+ [b93032ed7b60]
-2005-04-24 19:22 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [45bcf4661558]
+
+ * Makefile.in, visudo.c:
+ Define Err() and Errx() that are like err() and errx() but call
+ Exit() instead of exit(). Build private copy of alloc.o for visudo
+ that calls Err() and Errx().
+ [c6d02bf42edd]
+
+2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [39de7e7c59da]
+
+ * CHANGES:
+ sync
+ [ba481d9ed1aa]
+
+ * visudo.c:
+ Overhaul visudo for editing multiple files: o visudo has been
+ broken out into functions (more work needed here) o each file is
+ now edited before sudoers is re-parsed o if a #include line is
+ added that file will be edited too
+
+ TODO: o cleanup temp files when exiting via err() or errx() o
+ continue breaking things out into separate functions
+ [80c35cf534eb]
+
+ * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ Add keepopen arg to open_sudoers that open_sudoers can use to
+ indicate to the caller that the fd should not be closed when it is
+ done with it. To be used by visudo to keep locked fds from being
+ closed prematurely (and thus losing the lock).
+ [f330fe632470]
+
+ * parse.yacc, sudo.c:
+ Add errorfile global that contains the name of the file that caused
+ the error.
+ [98079c7a37ed]
+
+ * parse.lex:
+ return COMMENT to yacc grammar for a #include line
+ [2024a8de4fa8]
+
+ * parse.lex:
+ Remove us of unput() in favor of yyless() which is cheaper.
+ [c61291902beb]
+
+ * parse.yacc:
+ Allow an empty sudoers file.
+ [62fb111db2e7]
+
+2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
+ [9e15869ef597]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [c29bdd43bfad]
+
+ * visudo.c:
+ Do signal setup before calling edit_sudoers(). Don't shadow the
+ "quiet" global.
+ [74252efd09ff]
+
+ * visudo.c:
+ If a sudoers file includes other files, edit those too. Does not yes
+ deal with creating the new includes files itself.
+ [06af7b9c173f]
+
+ * testsudoers.c:
+ init_parser now takes a path
+ [b5ee186eb192]
+
+ * parse.c, parse.h, parse.lex, parse.yacc:
+ More scaffolding for dealing with multiple sudoers files: o
+ init_parser() now takes a path used to populate the sudoers global
+ o the sudoers global is used to print the correct file in yyerror()
+ o when switching to a new sudoers file, perserve old file name and
+ line number
+ [d9be4970b8bd]
+
+ * Makefile.in, pathnames.h.in:
+ Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
+ multiple sudoers files.
+ [6ccc4e921c43]
+
+ * parse.c, sudo.c:
+ Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
+ we start at the right file position when reading include files.
+ [91fcb961e7a4]
+
+ * sudoers.pod:
+ document #include
+ [fbb92a25a726]
+
+ * lex.yy.c:
+ regen
+ [50cd7a4c9dff]
+
+ * parse.lex:
+ Add max depth of 128 for the include stack to avoid loops.
+
+ Since yyerror() doesn't stop parsing, pass return values back to
+ yylex and call yyterminate() on error.
+ [e79dbffb729d]
+
+2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ document tracing
+ [165a467eadd8]
+
+ * sudo.pod:
+ Mention PREVENTING SHELL ESCAPES section of sudoers man page
+ [3217ccecd834]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [fbd58d1d3a76]
- * parse.c: include grp.h to silence a warning on Solaris
+ * parse.lex:
+ Add support for #include in sudoers (visudo support TBD)
+ [a78015ca81af]
-2005-04-23 15:10 millert
+ * parse.yacc:
+ make yyerror()'s argument const
+ [7d8e168c019a]
- * parse.c: Fix printing of += and -= defaults.
+ * testsudoers.c, visudo.c:
+ Add open_sudoers() stubs.
+ [087466787198]
-2005-04-17 01:21 millert
+ * sudo.c, sudo.h:
+ Rename check_sudoers() open_sudoers() and make it return a FILE *
+ [142fc511fc65]
- * mon_systrace.c: Sanity check number of syscall args with argsize.
- Not really needed but a little paranoia never hurts.
+2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-04-17 01:18 millert
+ * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
+ version.h:
+ Crank version
+ [1adc3f839480]
+
+ * Makefile.in, sudo.psf:
+ Better HP-UX depot construction
+ [2d952b000e63]
+
+2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ o Made children global so check_exec() can lookup a child. o
+ Replaced uid in struct childinfo with struct passwd * (for runas) o
+ new_child() now takes a parent pid so the runas info can be
+ inherited o Added find_child() to lookup a child by its pid o
+ update_child() now fills in a struct passwd o Converted the big
+ if/else mess in set_policy to a switch o Syscalls that change uid
+ are now "ask" so we get SYSTR_MSG_UGID events
+ [29b9ea3f09a3]
+
+ * getspwuid.c:
+ Add flag to sudo_pwdup that indicates whether or not to lookup the
+ shadow password. Will be used to a struct passwd that has the
+ shadow password already filled in.
+ [e19d43dd7238]
+
+ * mon_systrace.c:
+ add missing increment of addr in read_string()
+ [f9eb0f060cb6]
+
+ * mon_systrace.c:
+ Remove bogus call to update_child() and some cosmetic fixes
+ [701ab0b97fef]
+
+ * mon_systrace.c:
+ Don't leak /dev/systrace fd to tracee Make initialized global for
+ simplicity If STRIOCATTACH returns EBUSY we are already being traced
+ Check for user_args == NULL in setproctitle() call Add missing calls
+ to STRIOCANSWER
+ [1956edf9bc3a]
+
+ * sudo.c:
+ g/c sudo_pwdup proto
+ [b7c4d6249ecb]
+
+ * Makefile.in, sudo.psf:
+ Add target for building a depot file
+ [357019efd99b]
+
+ * mon_systrace.c:
+ trim includes
+ [501534428471]
+
+2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c, sudo.tab.c, sudo.tab.h:
+ regen
+ [52fd250c6986]
+
+ * INSTALL:
+ document --with-systrace
+ [79623927c94e]
+
+ * config.h.in, configure, configure.in:
+ Add check for setproctitle
+ [1730cf1c26ed]
+
+ * mon_systrace.c:
+ pass struct str_msg_ask in to syscall checker so it can set the
+ error code
+ [1703fd2fdef6]
+
+ * mon_systrace.c:
+ systrace(4) support for sudo. On systems with the systrace(4)
+ kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
+ intercept exec calls and check the exec args against the sudoers
+ file. In other words, sudo can now control subcommands and shell
+ escapes.
+ [928c9217c386]
+
+ * sudo.c, sudo.h:
+ Call systrace_attach() if FLAG_TRACE is set.
+ [014ba9402fa5]
+
+ * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
+ Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
+ [a99904db5e56]
+
+ * parse.c, sudo.c:
+ Don't close sudoers_fp, keep it open and set close on exec flag
+ instead.
+ [43a9fec60bee]
+
+ * def_data.c, def_data.h, def_data.in:
+ Add trace option
+ [5b643b86730a]
+
+ * Makefile.in:
+ Add systrace
+ [47a0519c427c]
+
+ * INSTALL:
+ SunOS /bin/sh blows up with configure
+ [005a23cc5615]
+
+ * configure, configure.in:
+ Include sys/param.h before systrace.h
+ [9345bc8efecf]
+
+ * configure:
+ regen
+ [a8f53fcbb254]
+
+ * pathnames.h.in:
+ _PATH_DEV_SYSTRACE
+ [d2ad1e492a00]
+
+ * configure.in:
+ line up options in --help
+ [fa51f2821d09]
+
+ * config.h.in, configure.in:
+ Add --with-systrace
+ [a264d54bc413]
- * mon_systrace.c, mon_systrace.h: Don't do pointer arithmetic on
- void * Use int, not size_t/ssize_t for systrace lengths (since it
- uses int)
+2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-04-16 03:14 millert
+ * configure:
+ regen
+ [a4dad0bcc523]
- * mon_systrace.c: Add some memsets for paranoia Fix namespace
- collsion w/ error Check rval of decode_args() and update_env()
- Remove improper setting of validated variable
+ * aclocal.m4, configure.in:
+ make this work with autoconf-2.59
+ [c4a92b6a684a]
-2005-04-11 21:37 millert
+2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, sudo.c, sudo.h: In -l mode, only check local sudoers
- file if def_ignore_sudoers is not set and call LDAP versions from
- display_privs() and display_cmnd() instead of directly from
- main(). Because of this we need to defer closing the ldap
- connection until after -l processing has ocurred and we must pass
- in the ldap pointer to display_privs() and display_cmnd().
+ * sudo_edit.c:
+ Simplify logic around open & stat of files and do sanity on edited
+ file even if we lack fstat (still racable but worth doing).
+ [adda65ade70c]
-2005-04-11 21:33 millert
+2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Reorganize LDAP code to better match normal sudoers
- parsing. Instead of storing strings for later printing in -l
- mode we do another query since the authenticating user and the
- user being listed may not be the same (the new -U flag). Also
- add support for "sudo -l command".
+ * HISTORY:
+ Add support url
+ [bf6590fbde9f]
- There is still a fair bit if duplicated code that can probably be
- refactored.
+ * Makefile.in:
+ versino 1.6.8p1
+ [b84ebfaf1552] [SUDO_1_6_8p1]
-2005-04-11 00:37 millert
+ * CHANGES:
+ more changes for 1.6.8p1
+ [e23a9c0393b6]
- * ldap.c: Replace pass variable with do_netgr for better
- readability.
+ * version.h:
+ 1.6.8p1
+ [872f14504b5f]
-2005-04-10 23:49 millert
+ * CHANGES, sudo_edit.c:
+ Add sanity check so we don't try to edit something other than a
+ regular file.
+ [350134ec6d4e]
- * ldap.c: use DPRINTF macro
+2004-09-15 Aaron Spangler <aaron777@gmail.com>
-2005-04-10 23:18 millert
+ * CHANGES:
+ sync
+ [3091ca9eae00]
- * ldap.c: estrdup, not strdup
+ * INSTALL:
+ document --with-ldap-conf-file
+ [0e2cd6b896f1]
-2005-04-10 17:44 millert
+2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: Add macro to test if the tag changed to improve
- readability.
+ * CHANGES, ins_csops.h:
+ political correctness strikes again
+ [428e8bc77f55]
-2005-04-10 17:40 millert
+ * RUNSON:
+ sync
+ [27f44bd423dc]
- * parse.c: Avoid printing defaults header if there are no defaults
- to print...
+2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-04-10 15:29 millert
+ * Makefile.binary.in, Makefile.in:
+ Install sudoedit man link
+ [19a55234fc1f]
- * glob.c: Fix a warning on systems without strlcpy().
+ * INSTALL:
+ Update PAM note and mention where HP-UX users can download gcc
+ binaries.
+ [d37cdbbabfd4]
-2005-04-10 13:32 millert
+ * Makefile.in:
+ libtool wants to install stuff from .libs so fake one up for binary
+ installations.
+ [a681bc6fcfba]
- * pwutil.c: Use macros where possible for sudo_grdup() like
- sudo_pwdup().
+ * Makefile.binary.in:
+ rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
+ [3e0c4b3372cc]
-2005-04-08 17:04 millert
+ * Makefile.in:
+ Deal with "uname -m" having slashes in it rm -f old sudoedit link
+ instead of using ln -f
+ [cff33fb97e5b]
- * utimes.c: It is possible for tv_usec to hold >= 1000000 usecs so
- add in tv_usec / 1000000.
+ * Makefile.binary, Makefile.binary.in:
+ Makefile.binary -> Makefile.binary.in for config.status substitution
+ Add support for installing noexec bits
+ [37d8bb3483c6]
-2005-03-29 23:38 millert
+ * Makefile.in:
+ Copy noexec bits into binary dists too No longer use my old arch
+ script for making binary dists
+ [e7058bab9e33]
- * auth/kerb5.c: The component in krb5_principal_get_comp_string()
- should be 1, not 0 for Heimdal. From Alex Plotnick.
+ * Makefile.binary:
+ Install sudoedit link.
+ [417d1e101711]
-2005-03-29 09:29 millert
+2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c,
- gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c,
- pwutil.c, redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
- Add efree() for consistency with emalloc() et al. Allows us to
- rely on C89 behavior (free(NULL) is valid) even on K&R.
+ * emul/utime.h:
+ avoid __P so there is no need for compat.h to be included
+ [6d8d1f1abf7d]
-2005-03-28 22:33 millert
+ * utimes.c:
+ Don't use HAVE_UTIME_H before including config.h.
+ [013b7bb61181]
- * parse.c, sudo.c: Move initgroups() for -U option into
- display_privs() so group matching in sudoers works correctly.
+2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-03-26 21:34 millert
+ * compat.h:
+ Fix Solatis futimes macro
+ [d4eda2ca0d29]
- * ldap.c: Removed duplicate call to ldap_unbind_s introduced along
- with sudo_ldap_close.
+2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-03-26 20:01 millert
+ * sudo_edit.c:
+ Rename ots -> omtim for improved readability.
+ [127ca5bb297c]
- * parse.c: Add missing space in Defaults printing
+2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-03-25 12:36 millert
+ * sudo_edit.c:
+ Redo changes in revision 1.7. Don't really need to keep the temp
+ file open; re-opening it with the invoking user's euid is
+ sufficient.
+ [55a883165a95]
- * pwutil.c: Sync sudo_pwdup with OpenBSD changes: use macros for
- size computaton and string copies.
+ * CHANGES:
+ sync
+ [9015b291170d]
-2005-03-18 22:08 millert
+ * sudo.cat, sudo.man.in:
+ regen
+ [c0313f6ed783]
- * pwutil.c: Zero old pw_passwd before replacing with version from
- shadow file.
+ * sudo.pod:
+ back out revision 1.70; it is no long applicable
+ [b641d503aff6]
-2005-03-18 22:07 millert
+ * env.c:
+ Let the loader initialize nep
+ [bec192139b02]
- * configure, configure.in: Only attempt shadow password detection
- if PAM is not being used Add shadow_* variables to make shadow
- password detection more generic.
+ * config.h.in, configure, configure.in:
+ Removed unneed check for fchown Add check for gettimeofday Move
+ autoheader template stuff into separate AH_TEMPLATE lines
+ [bfc0edbd43f2]
-2005-03-18 21:46 millert
+ * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
+ Use timespec throughout.
+ [1a178a23b69b]
- * configure.in: Use OSDEFS for os-specific -D_FOO_BAR stuff rather
- than CPPFLAGS
+ * Makefile.in:
+ gettime.[co]
+ [6aeb48a7ab7f]
-2005-03-12 19:27 millert
+ * gettime.c:
+ function to return the current time in a struct timespec
+ [bf8eb12cb63f]
- * sudoers.pod: use a non-breaking space to avoid a double space
- after e.g.
+ * utimes.c:
+ Not a darpa-sponsored file.
+ [121ce5e2036c]
-2005-03-12 19:26 millert
+2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod: commna, not colon after e.g.
+ * compat.h, config.h.in, configure, configure.in:
+ Add a check for struct timespec and provide it for those without.
+ [42124055030d]
-2005-03-12 18:43 millert
+ * config.h.in, configure, configure.in, sudo_edit.c:
+ Add checks for st_mtim and st_mtimespec and add macros for pulling
+ the mtime sec and nsec out of struct stat. These are used in
+ sudo_edit() to better tell whether or not the file has changed.
+ [23debfbb3fab]
- * sudo_noexec.c: Add __ variants of the exec functions. GNU libc
- at least uses __execve() internally.
+ * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
+ Add an extra param to touch() for nsec
+ [56f7a4ba8ddb]
-2005-03-12 12:29 millert
+ * sudo_edit.c:
+ Call mkstemp() as the in invoking user so we don't have to chown the
+ file later. Only touch() the temp file if we can do it via the file
+ descriptor. Don't check for modification of the temp file if we lack
+ fstat(). Catch errors read()ing the temp file.
+ [665f52c70836]
- * indent.pro: Match reality a bit more.
+ * fileops.c:
+ If path is NULL and fd == -1 return -1.
+ [757a518a824c]
-2005-03-12 12:27 millert
+ * sudo_edit.c:
+ closefrom() is overkill, the only extra fds are the ones we opened
+ so just close those in the child.
+ [f361c9d2a1f4]
- * pwutil.c: Missed piece from rev. 1.6, fix sudo_getpwnam() too.
+ * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
+ configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
+ visudo.c:
+ Use utimes() and futimes() instead of utime() in touch(), emulating
+ as needed. Not all systems are able to support setting the times of
+ an fd so touch() takes both an fd and a file name as arguments.
+ [3d9276f29717]
-2005-03-11 23:42 millert
+2004-09-07 Aaron Spangler <aaron777@gmail.com>
- * pwutil.c: Store shadow password after making a local copy of
- struct passwd in case normal and shadow routines use the same
- internal buffer in libc.
+ * env.c:
+ Rare SEGV
+ [8995f828782d]
-2005-03-10 20:57 millert
+2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * alloc.c, logging.c: Make varargs usage consistent with the rest
- of the code.
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [b8e9406711c5]
-2005-03-10 10:09 millert
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Add SUPPORT section and re-order some of the sections to match the
+ order we use in OpenBSD.
+ [fa37bd917e2c]
- * sudo_noexec.c: Wrap more of the exec family since on Linux the
- others do not appear to go through the normal execve() path.
+2004-09-06 Aaron Spangler <aaron777@gmail.com>
-2005-03-10 09:57 millert
+ * env.c:
+ Openldap ~/.ldaprc fix
+ [1a37afe6850f]
- * visudo.c: make print_unused static like proto says
+2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-03-10 09:55 millert
+ * sudo.pod:
+ Talk about how the editor must write its changes to the original
+ file and not just use rename(2).
+ [c55ed91c5ee9]
- * glob.c: silence a warning on K&R systems
+ * CHANGES:
+ sync
+ [62af26bd37a2]
-2005-03-10 09:51 millert
+ * sudo_edit.c:
+ Keep the temp file open instead of re-opening after the editor has
+ exited.
+ [de41eeb6dcf2]
- * parse.c, alias.c, error.c: make this build in K&R land
+ * sample.pam:
+ Update for current redhat/fedora core.
+ [8cf083077333]
-2005-03-07 22:21 millert
+2004-09-03 Aaron Spangler <aaron777@gmail.com>
- * toke.c: regen
+ * README.LDAP:
+ tls_ examples
+ [ba783d88a034]
-2005-03-05 22:46 millert
+2004-09-02 Aaron Spangler <aaron777@gmail.com>
- * ldap.c: return(foo) not return foo optimize _atobool() slightly
+ * ldap.c:
+ config tls_* options
+ [0b0e0797b3b9]
-2005-03-05 22:40 millert
+2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Use TRUE/FALSE
+ * configure, configure.in:
+ No need for -lcrypt when using pam.
+ [41fff3a53e68]
-2005-03-05 22:31 millert
+2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Reformat to match the rest of sudo's code.
+ * configure:
+ regen
+ [75820aecce2c]
-2005-03-05 19:33 millert
+2004-08-27 Aaron Spangler <aaron777@gmail.com>
- * sudo.pod: I am the primary author
+ * configure.in, ldap.c, pathnames.h.in:
+ Allow --with-ldap-conf-file option to override LDAP_CONF
+ [c9909bc484a5]
-2005-02-22 22:28 millert
+ * ldap.c:
+ cleanup debug message
+ [1f6ca4824d8d]
- * README, RUNSON, Makefile.in: The RUNSON file is toast--it
- confused too many people and really isn't needed in a
- configure-oriented world.
+2004-08-26 Aaron Spangler <aaron777@gmail.com>
-2005-02-22 22:28 millert
+ * README.LDAP:
+ more config info
+ [f2e7147fd507]
- * INSTALL: alternate -> alternative
+2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-02-22 22:26 millert
+ * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
+ Add cmnd_base to struct sudo_user and set it in init_vars(). Add
+ cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
+ longer use gross statics in command_matches(). Also rename some
+ variables for improved clarity.
+ [7169a6c7bea4]
- * tgetpass.c: Use TCSADRAIN instead of TCSAFLUSH since some OSes
- have issues with TCSAFLUSH.
+2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-02-22 22:16 millert
+ * INSTALL:
+ document HP's crippled compiler deficiency.
+ [c405ea5a8d4c]
- * toke.l: Allow leading blanks before Defaults and Foo_Alias
- definitions
+ * INSTALL:
+ Fix some thinkos in --with-editor and --with-env-editor
+ descriptions. Noticed by Norihiko Murase.
+ [dd781de1c985]
-2005-02-22 22:14 millert
+ * configure, configure.in:
+ --with-noexec takes an optional PATH argument.
+ [8f6ab77f22cc]
- * Makefile.in: fix rules to build toke.o and gram.o in devel mode
+ * INSTALL:
+ document --with-noexec
+ [50cb1fc627ce]
-2005-02-20 13:00 millert
+2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: env_keep overrides set_logname
+ * RUNSON, TODO:
+ sync
+ [f2503bd13373] [SUDO_1_6_8]
-2005-02-20 12:57 millert
+ * sudo_edit.c:
+ Better warning message when sudoedit is unable to write to the
+ destination file.
+ [f78c18f2ffa8]
- * env.c: Fix disabling set_logname and make env_keep override
- set_logname.
+ * sudo.cat, sudo.man.in:
+ regen
+ [7e2bf63d6d9a]
-2005-02-20 12:28 millert
+ * sudo.pod:
+ Don't italicize the string "sudoedit"
+ [c691643bd269]
- * compat.h, config.h.in, configure, configure.in: No longer need
- memmove()
+2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-02-20 11:48 millert
+ * HISTORY:
+ Mention GratiSoft.
+ [dc53de581b2d]
- * env.c, sudo.c: Just clean the environment once. This assumes
- that any further setenv/putenv will be able to handle the fact
- that we replaced environ with our own malloc'd copy but all the
- implementations I've checked do.
+2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-02-15 23:16 millert
+ * sudo.tab.c:
+ regen
+ [8ae0484dfc38]
- * env.c, sudo.c: In -i mode, base the value of insert_env()'s
- dupcheck flag on DID_FOO flags. Move checks for $HOME resetting
- into rebuild_env()
+ * parse.yacc:
+ Reset used_runas to FALSE when re-intializing the parser.
+ [b7403f353a02]
-2005-02-13 00:33 millert
+2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c, sudo.c: Move setting of user_path, user_shell, user_prompt
- and prev_user into init_vars() since user_shell at least is
- needed there.
+ * config.guess:
+ Correct OpenBSD mips support
+ [314fc7afc165]
-2005-02-12 18:51 millert
+ * config.guess:
+ Add OpenBSD/mips
+ [ac87d0a773ef]
- * Makefile.in: fix devel builds
+2004-08-07 Aaron Spangler <aaron777@gmail.com>
-2005-02-12 18:46 millert
+ * README.LDAP:
+ More behavior notes
+ [13be1d212b47]
- * check.c, sudo.c: Fix some printf format mismatches on error.
+ * README.LDAP:
+ Updates on current behavior
+ [d498a8866d6f]
-2005-02-12 18:33 millert
+2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, gram.c, toke.c: regen
+ * sudoers.pod:
+ =back does not take an indentlevel (makes no difference to formatted
+ files).
+ [9c8523bb382a]
-2005-02-12 17:56 millert
+ * sudo.pod:
+ =back does not take an indentlevel (makes no difference to formatted
+ files).
+ [e5f479e24fa8]
- * LICENSE, Makefile.binary.in, Makefile.in, aclocal.m4, alias.c,
- alloc.c, check.c, closefrom.c, compat.h, configure.in,
- defaults.c, defaults.h, env.c, error.c, fileops.c, find_path.c,
- getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.y,
- interfaces.c, interfaces.h, ldap.c, logging.c, logging.h,
- match.c, mon_systrace.c, parse.c, redblack.c, redblack.h,
- set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c,
- strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.pod, sudo_edit.c,
- sudo_noexec.c, sudoers.pod, testsudoers.c, tgetpass.c, toke.l,
- utimes.c, version.h, visudo.c, visudo.pod, zero_bytes.c,
- auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
- auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
- auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
- emul/utime.h: Update copyright years.
+ * CHANGES:
+ new
+ [2dbd9aba8b33]
-2005-02-12 16:46 millert
+ * sudo.c:
+ Consistency. Use same error for bad -u #uid when targetpw is set as
+ we do when a bad -u username is specified.
+ [922961c4a9d6]
- * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
- version 1.7
+ * TODO:
+ Add checksum idea from Steve Mancini
+ [e6ece1b766ba]
-2005-02-12 16:16 millert
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [370d2317829f]
- * WHATSNEW: What's new in sudo 1.7, based on the 1.7 CHANGES
- entries.
+ * sudo.cat, sudo.man.in:
+ regen
+ [f93d41fc38b1]
-2005-02-11 18:06 millert
+ * sudo.pod, sudoers.pod:
+ Document the restriction on uids specified via -u when targetpw is
+ set.
+ [878fedb455db]
- * compat.h, logging.h, sudo.h: Add __printflike and use it with gcc
- to warn about printf-like format mismatches
+ * sudo.c:
+ Error out when targetpw is enabled and sudo is run with -u #uid but
+ #uid does not exist in the passwd database. We can't do target
+ authentication when the target is not in passwd!
+ [27c5888c86eb]
-2005-02-10 00:16 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [ceb65711050c]
- * CHANGES, ChangeLog: Replaced CHANGES file with ChangeLog
- generated from cvs logs
+ * TODO:
+ Some more todo for the next release.
+ [7b7417be7601]
-2005-02-10 00:03 millert
+ * INSTALL:
+ Make it clear that PAM should be used for DCE support when possible.
+ [7502029fd385]
- * set_perms.c: Use warning/error instead of perror/fatal.
+ * sudoers.pod:
+ o Document problems with wildcards and relative paths. o Make the
+ order requirements more prominent. o Change a "set" to "reset" for
+ clarity.
+ [bacdd181b33f]
-2005-02-09 23:13 millert
+2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.guess: Update OpenBSD section
+ * sudo.pod:
+ Mention --with-secure-path, not SECURE_PATH.
+ [41283ddde5e1]
-2005-02-09 23:10 millert
+2004-08-03 Aaron Spangler <aaron777@gmail.com>
- * UPGRADE: Add upgrading noted for 1.7
+ * ldap.c:
+ reflect changes to parse.c
+ [8880fe9b724d]
-2005-02-09 23:00 millert
+2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c, sudo.c, sudoers.pod: Instead of zeroing out the
- environment, just prune out entries based on the env_delete and
- env_check lists. Base building up the new environment on the
- current environment and the variables we removed initially.
+ * sudo.tab.c:
+ regen
+ [a57658ca9177]
-2005-02-09 22:23 millert
+ * parse.c, parse.h, testsudoers.c, visudo.c:
+ Don't pass user_cmnd and user_args to command_matches(), just use
+ the globals there. Since we keep state with statics anyway it is
+ misleading to pretend that passing in different cmnd and cmnd_args
+ will work.
+ [0a2544991fd6]
- * configure, configure.in, sudo.c, config.h.in: Set locale to "C"
- if locales are supported, just to be safe.
+ * parse.yacc:
+ Don't pass user_cmnd and user_args to command_matches(), just use
+ the globals there. Since we keep state with statics anyway it is
+ misleading to pretend that passing in different cmnd and cmnd_args
+ will work.
+ [a4910bf6032b]
-2005-02-09 22:19 millert
+ * parse.c:
+ Fix a bug introduced in rev. 1.149. When checking for pseudo-
+ commands check for a '/' anywhere in cmnd, not just the first
+ character.
+ [ce98142f03ca]
- * toke.c, toke.l: Cast argument to ctype functions to unsigned
- char.
+2004-07-31 Aaron Spangler <aaron777@gmail.com>
-2005-02-07 22:56 millert
+ * sudo.man.in, sudo.pod:
+ Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
+ [a91800e094b1]
- * env.c: correct value for DID_USER
+ * sudoers.man.in, sudoers.pod:
+ Add ignore_local_sudoers
+ [741ddcbf7083]
-2005-02-07 22:55 millert
+ * README.LDAP:
+ Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
+ janth@moldung.no
+ [742c02e07cd9]
- * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c: #include
- <compat.h> not "compat.h"
+2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-02-07 22:51 millert
+ * CHANGES:
+ typo
+ [e7cdefbd7a9a]
- * defaults.c: Reset the environment by default.
+2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-02-07 22:50 millert
+ * CHANGES:
+ sync
+ [734dafc4a85e]
- * sudo.c: Alloc an extra slot in NewArgv. Removes the need to
- malloc an new vector if execve() fails.
+ * parse.c:
+ Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
+ PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
+ [151b7f593568]
-2005-02-06 23:16 millert
+2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, config.h.in, configure, configure.in, sudo.c: Use
- execve(2) and wrap the command in sh if we get ENOEXEC.
+ * CHANGES:
+ PAM change
+ [d8fb6d6a22d0]
-2005-02-05 23:01 millert
+2004-07-08 Aaron Spangler <aaron777@gmail.com>
- * sudo_noexec.c: Only include time.h on systems that lack struct
- timespec which gets defind in compat.h (using time_t).
+ * ldap.c:
+ Better debugging of ALL command
+ [9db3e84029dc]
-2005-02-05 22:59 millert
+2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_noexec.c: Include time.h for time_t in compat.h for systems
- w/o struct timespec.
+ * parse.c:
+ When matching for "sudoedit" in sudoers check both the command the
+ user typed *and* the command that is listed in the sudoers entry.
+ [f36ca1f94095]
-2005-02-05 22:56 millert
+2004-07-04 Aaron Spangler <aaron777@gmail.com>
- * configure, compat.h, config.h.in, configure.in: use bcopy on
- systems w/o memmove
+ * ldap.c:
+ Added !command feature
+ [ed539574611b]
-2005-02-05 22:31 millert
+2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * compat.h: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1
- so limit its use to gcc >= 2.8.
+ * auth/pam.c:
+ Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
+ [2be8e0e8813a]
-2005-02-05 21:21 millert
+2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Add explicit rule to build sudo_noexec.lo
+ * LICENSE:
+ License is ISC-style, not BSD-style
+ [ac0589e1dd5d]
-2005-02-05 17:56 millert
+ * CHANGES:
+ sync
+ [16058a30f404]
- * INSTALL.configure, Makefile.in: No longer depend on VPATH;
- pointed out a bunch of missed dependencies.
+2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-02-05 13:18 millert
+ * sudo.cat, sudo.man.in:
+ regen
+ [8820eb9c809b]
- * TROUBLESHOOTING: Help for PAM when account section is missing
+ * sudo.pod:
+ o Update some out of date bits to reality o Change the shell promt
+ in examples to bourne-shell style o Clarify some details o Add a
+ CAVEAT about "sudo cd /foo"
+ [b0af373214b6]
-2005-02-05 13:01 millert
+ * check.c:
+ Don't ask for a password if invoking user == target user.
+ [dd5c96141132]
- * auth/pam.c: Give user a clue when there is a missing "account"
- section in the PAM config.
+ * sudo.c:
+ typo in comment
+ [278d20f9b249]
-2005-02-05 10:22 millert
+2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: Better error handling.
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [9036c6f39eff]
-2005-02-05 09:57 millert
+ * sudoers.pod:
+ Expand on NOEXEC a little.
+ [9a13756aebe4]
- * configure, config.h.in, configure.in: Move _FOO_SOURCE to
- CPPFLAGS so it takes effect as early as possible. Silences a
- warning about isblank() on linux.
+ * TODO:
+ sync
+ [8d2c1af48de8]
-2005-02-04 21:49 millert
+ * visudo.cat, visudo.man.in:
+ regen
+ [3921f01607c8]
- * auth/pam.c: Fix typo (missing comma) that caused an incorrect
- number of args to be passed to log_error().
+ * sudo.tab.c:
+ regen
+ [9338c3d68250]
-2005-01-31 23:03 millert
+ * visudo.pod:
+ Add a check in visudo for runas_default being set after it has
+ already been used.
+ [6700358d7ad8]
- * pwutil.c: Don't try to destroy a tree we didn't create.
+ * CHANGES, parse.yacc, visudo.c:
+ Add a check in visudo for runas_default being set after it has
+ already been used.
+ [803560986a8a]
-2005-01-27 10:42 millert
+ * sudo.tab.c:
+ regen
+ [b60636e2cf63]
- * alias.c, alloc.c, check.c, closefrom.c, compat.h, defaults.c,
- env.c, error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c,
- getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.c,
- gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c,
- parse.c, pwutil.c, set_perms.c, sigaction.c, snprintf.c,
- strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
- sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c,
- toke.l, utimes.c, visudo.c, zero_bytes.c, auth/afs.c,
- auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
- auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
- auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/securid5.c, auth/sia.c, auth/sudo_auth.c: Add __unused to
- rcsids
+ * parse.yacc:
+ Add a MATCHED macro for testing whether foo_matches has been set to
+ TRUE or FALSE. This is more readable than checking for >=0 or < 0.
+ Doesn't change the actual code generated.
+ [f376da8ccdc8]
-2005-01-21 10:34 millert
+2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Fix error message when mixing invalid
- auth types
+ * sudoers.cat:
+ regen
+ [6cceb6d6c9bd]
-2005-01-21 10:32 millert
+ * sudoers.man.in:
+ regen
+ [5acd12b730b3]
- * INSTALL: PAM, AIX auth, BSD auth and login_cap are now on by
- default if the OS supports them.
+ * sudoers.pod:
+ Correct description of where Defaults specs should go.
+ [6b11ff53d7ad]
-2005-01-21 10:29 millert
+ * sudoers:
+ Correct description of where Defaults specs should go.
+ [868db857630d]
- * config.h.in, auth/sudo_auth.h: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
+ * testsudoers.c, visudo.c:
+ update (c) year
+ [272c8a53604c]
-2005-01-21 10:29 millert
+ * logging.h:
+ update (c) year
+ [3cec76d400ce]
+
+ * ldap.c:
+ update (c) year
+ [f264632488a0]
+
+ * find_path.c:
+ update (c) year
+ [40c227af9227]
+
+ * auth/pam.c:
+ update (c) year
+ [87149e0eed50]
+
+ * auth/bsdauth.c, auth/kerb5.c:
+ update (c) year
+ [d72eb434c068]
+
+2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [83408d9e9d2e]
+
+ * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
+ Remove trailing spaces, no actual code changes.
+ [4c3bf2819293]
+
+ * tgetpass.c:
+ Remove trailing spaces, no actual code changes.
+ [96f6e0a24c26]
+
+ * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
+ Remove trailing spaces, no actual code changes.
+ [c7075d1cbed5]
+
+ * getcwd.c:
+ Remove trailing spaces, no actual code changes.
+ [776cc0374547]
+
+ * find_path.c:
+ Remove trailing spaces, no actual code changes.
+ [7ed7099f3c71]
+
+ * compat.h, defaults.c, env.c:
+ Remove trailing spaces, no actual code changes.
+ [893e83c33795]
+
+ * check.c:
+ Remove trailing spaces, no actual code changes.
+ [f77750f8803b]
+
+ * sudo.tab.c:
+ regen
+ [62e0ed883b31]
+
+ * parse.yacc:
+ Fix a >=0 that should be <0 that was improperly converted when
+ UNSPEC was added.
+ [ad1531a55a49]
+
+ * parse.yacc:
+ Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
+ NOMATCH when resetting it.
+ [ae017a12870a]
+
+ * parse.yacc:
+ Fix pastos introduced in SETNMATCH addition.
+ [6ea1c9d80681]
+
+2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ Update for configure changes
+ [637a635da287]
+
+ * sudo.tab.c:
+ regen
+ [4753c2788713]
+
+ * sudo.h:
+ Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
+ these in parse.yacc. Also in parse.yacc initialize the *_matches
+ vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
+ when setting *_matches to a value that may be
+ NOMATCH/UNSPEC/TRUE/FALSE.
+ [2ba622e15a4d]
+
+ * parse.yacc:
+ Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
+ these in parse.yacc. Also in parse.yacc initialize the *_matches
+ vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
+ when setting *_matches to a value that may be
+ NOMATCH/UNSPEC/TRUE/FALSE.
+ [746b519e41a6]
+
+ * parse.yacc:
+ Initialize runas to -2, not -1 since we need to be able to
+ distinguish between the initialized value and the value of a non-
+ match when passing along the runas value to multiple commands.
+
+ The result of this is that an unmatched runas is now set to -1, not
+ 0. This is required now that parse.c treats a FALSE value for runas
+ as being explicitly denied.
+ [7791ed3621f6]
+
+2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, visudo.c:
+ Error out if argc < 1.
+ [ce6b2a9eda3c]
+
+ * getprogname.c:
+ Error out if argc < 1.
+ [c566cce8dc78]
+
+ * configure, configure.in:
+ Add tests for what libs we need to link with for ldap and for
+ whether or not lber.h needs to be explicitly included.
+ [b2e9729cc4e7]
+
+2004-06-03 Aaron Spangler <aaron777@gmail.com>
+
+ * ldap.c:
+ Solaris native LDAP build fix
+ [39929e40eb11]
+
+2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
+ unset variable.
+ [6a4c20a66f98]
+
+ * sudo.h:
+ Add prototype for sudo_ldap_list_matches
+ [443b007a8dab]
+
+ * configure, configure.in:
+ Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+ version too. Added check for dd_fd in `DIR' if no dirfd is found;
+ this is now used to confitionally define the dirfd macro in
+ compat.h.
+ [567656978f7e]
+
+ * config.h.in:
+ Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+ version too. Added check for dd_fd in `DIR' if no dirfd is found;
+ this is now used to confitionally define the dirfd macro in
+ compat.h.
+ [34eace4faec8]
+
+ * compat.h:
+ Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+ version too. Added check for dd_fd in `DIR' if no dirfd is found;
+ this is now used to confitionally define the dirfd macro in
+ compat.h.
+ [8d50ff1bbf2a]
+
+ * closefrom.c:
+ Only check /proc/$$/fd if we have the dirfd function/macro.
+ [15e3ccce7553]
+
+ * compat.h, config.h.in, configure, configure.in:
+ Add a check for a dirfd() function (like Linux) and add a dirfd
+ macro in compat.h if there is no dirfd() function or macro.
+ [1e95756edb50]
+
+ * closefrom.c, getcwd.c:
+ dirfd() is now defined in compat.h as needed.
+ [bb1d79271188]
+
+ * CHANGES:
+ Clarify closefrom() note.
+ [f4e4a5508dda]
+
+ * parse.c:
+ When checking for a command in the directory, only copy the base dir
+ once.
+ [7a3276808b87]
+
+ * closefrom.c:
+ If there is a /proc/$$/fd directory, behave like the Solaris
+ closefrom() and only close the descriptors listed therein.
+ [19de23779e84]
+
+ * alloc.c:
+ compat.h guarantees INT_MAX is defined.
+ [1bf0c79d4606]
+
+ * compat.h:
+ Add definitions of OPEN_MAX and INT_MAX for those without it and
+ remove definition of RLIM_INFINITY (now unused).
+ [f827d1ebf96e]
+
+ * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
+ sudo.c, sudo.h, visudo.c:
+ Use PATH_MAX, not MAXPATHLEN since the former is standardized.
+ [59788f211c24]
+
+2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ sync
+ [d32fa124f1ad]
+
+ * RUNSON:
+ Add some entries that were mailed in a while ago
+ [ff8d5bfec54e]
+
+ * closefrom.c:
+ o sysconf returns a long, not an int. o check for negative return
+ value from sysconf/getdtablesize and use OPEN_MAX in this case. o
+ define OPEN_MAX to 256 for those without it (a fair guess...)
+ [ccf81ae6deb2]
- * configure.in: Better checking for conflicting authentication
- methods Display the authentication methods used at the end of
- configure Rename --with-authenticate -> --with-aixauth Use
- --with-aixauth, --with-bsdauth, --with-pam, --with-logincap by
- default on systems that support them unless disabled. Add
- OSMAJOR variable that replaces old OSREV; now OSREV has full
- version number
+2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * UPGRADE:
+ Mention change in parse order for RunAs entries.
+ [dc73b0bca617]
+
+ * configure:
+ regen
+ [07cce8e0534e]
+
+2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, README.LDAP, config.h.in, configure.in:
+ o --with-ldap now takes an optional dir as a parameter o added
+ check for ldap_initialize() and start_tls_s()
+ [2b846c7974c6]
+
+ * README.LDAP:
+ Fix some typos, word choice and formatting issues.
+ [00dc8ca84b10]
+
+2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
+ read/write as it is simpler.
+ [30f5446ee8b0]
-2005-01-17 19:40 millert
+ * configure, configure.in:
+ Remove hack overriding cross-compiler check. It should no longer be
+ needed.
+ [22a6cbd88608]
- * def_data.c, def_data.in, sudo.c, sudoers.pod: s/-O/-C/
+ * compat.h:
+ Remove select() compat bits since we no longer use select().
+ [d7bbf7cd36f5]
-2005-01-14 13:35 millert
+ * CHANGES, tgetpass.c:
+ Use alarm() instead of select() for the timeout for systems that
+ don't fully/properly implement select().
+ [d7cc60f15800]
- * configure.in: Replace: test -n "$FOO" || FOO="bar"
+2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
- With: : ${FOO='bar'}
+ * CHANGES:
+ synbc
+ [132a39788e07]
-2005-01-09 18:58 millert
+ * RUNSON:
+ update
+ [61ef508380c6]
- * pwutil.c, testsudoers.c, tsgetgrpw.c: Use function pointers to
- only call private passwd/group routines when using a nonstandard
- passwd/group file.
+ * set_perms.c:
+ Deal with systems that have no way of setting the effective uid such
+ as nsr-tandem-nsk.
+ [306e00e9b5a4]
-2005-01-06 10:34 millert
+ * configure, configure.in:
+ Define NO_SAVED_IDS if we don't find seteuid()
+ [8588f18345cf]
- * CHANGES: sync
+ * config.h.in, configure, configure.in:
+ Add back check for setreuid() since NSK doesn't have it.
+ [43127bd703d1]
-2005-01-05 22:16 millert
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [af4f4b20e422]
- * tsgetgrpw.c: Can't use strtok() since it doesn't handle empty
- fields so add getpwent()/getgrent() functions and call those.
+ * CHANGES:
+ sync
+ [29ca3b699c24]
-2005-01-05 17:29 millert
+ * BUGS:
+ sync
+ [3593f17f72ed]
- * Makefile.in: Fix dummied out toke.c and gram.c dependencies.
+ * parse.c:
+ In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
+ explicitly denied and the command matched. This fixes a long-
+ standing bug and makes: foo machine = (ALL) /usr/bin/blah
+ foo machine = (!bar) /usr/bin/blah
-2005-01-05 17:18 millert
+ equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
+ [2f5ee244985a]
- * Makefile.in: Rename PARSESRCS -> GENERATED since it is only used
- in the clean target Add devdir variable and use it to specify the
- path to parser sources
+ * sudoers.pod:
+ Clarify mail_noperm
+ [3238b2d41989]
-2005-01-05 17:17 millert
+2004-05-20 Aaron Spangler <aaron777@gmail.com>
- * configure: regen
+ * Makefile.in:
+ Missing DESTDIR in make install for sudo_noexec.la
+ [91431e821525]
-2005-01-05 17:17 millert
+2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: Add a devdir variables that defaults to $(srcdir)
- and is set to . if --devel was specified. Allows for proper
- dependecies building the parser.
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [cdfde0dcb556]
+
+ * TODO:
+ sync
+ [4799b7d8b62c]
+
+ * sudoers.pod:
+ Remove fastboot/fasthalt (who still remembers these?) and add a
+ minimal sudoedit example.
+ [19d299f233cd]
+
+ * sample.sudoers:
+ Remove fastboot/fasthalt (who still remembers these?) and add a
+ minimal sudoedit example.
+ [b1bca73d6250]
+
+ * UPGRADE, sudo.c, visudo.c:
+ filesystem -> file system
+ [1e1afaf30469]
+
+ * TROUBLESHOOTING:
+ filesystem -> file system
+ [39fb594e9338]
+
+ * CHANGES, INSTALL:
+ filesystem -> file system
+ [85948b608ffe]
+
+ * sudo.pod, sudoers.pod:
+ Fix some minor typos and formatting goofs
+ [e94d243a0b90]
+
+ * lex.yy.c:
+ regen
+ [2eed0ab1f4c4]
+
+ * visudo.pod:
+ remove my email addr
+ [b63262c0389b]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Use @mansectform@ and @mansectsu@ everywhere Make man page
+ references links with L<>
+ [f459f4b9ddb9]
+
+ * parse.lex:
+ Accept quoted globbing characters and pass them verbatim for
+ fnmatch()
+ [8248b86e9380]
+
+ * UPGRADE:
+ Document that /tmp/.odus is gone.
+ [3667b66af5bb]
+
+ * pathnames.h.in:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [48d94c9f9ad4]
+
+ * configure:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [058d7b8cf07b]
+
+ * aclocal.m4:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [cf52c4c2803f]
-2005-01-05 14:50 millert
+ * CHANGES:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [6058c4cefcec]
+
+ * set_perms.c, sudo.c, tgetpass.c, visudo.c:
+ Preliminary changes to support nsr-tandem-nsk. Based on patches
+ from Tom Bates.
+ [2e5f81834383]
- * testsudoers.c: Add support for custom passwd/group files.
+ * logging.c:
+ Preliminary changes to support nsr-tandem-nsk. Based on patches
+ from Tom Bates.
+ [934bbe6872b6]
-2005-01-05 14:47 millert
+ * check.c, compat.h:
+ Preliminary changes to support nsr-tandem-nsk. Based on patches
+ from Tom Bates.
+ [390b698b5924]
- * Makefile.in: Build private copy of pwutil.o for testsudoers with
- MYPW defined so it uses our own passwd/group routines.
+2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-01-05 14:46 millert
+ * CHANGES:
+ There was no 1.6.7p6.
+ [8013d2e6b062]
- * visudo.c: Remove sudo_*{pw,gr}* stubs and add
- sudo_setspent/sudo_endspent stubs instead. We can now just use
- the caching sudo_*{pw,gr}* functions in pwutil.c Add comment
- about wanting to call sudo_endpwent/sudo_endgrent in cleanup()
+ * BUGS, CHANGES:
+ sync
+ [c38b41f32857]
-2005-01-05 14:44 millert
+ * Makefile.in:
+ add missing files to DISTFILES
+ [e6a80ad03039]
- * tsgetgrpw.c: Remove caching; we will just use what is in pwutil.c
- Use global buffers for passwd/group structs Rename functions from
- sudo_* to my_*
+ * sudo.cat, sudoers.cat, visudo.cat:
+ regen
+ [027bc9746dd5]
-2005-01-05 14:43 millert
+ * sudoers.man.in:
+ regen
+ [f5e85ef686cf]
- * logging.c, sudo.c: g/c pwcache_init/pwcache_destroy
+ * Makefile.in:
+ Fix some line wrap and update (c) year
+ [bad1f46aa1ca]
-2005-01-05 14:42 millert
+2004-04-28 Aaron Spangler <aaron777@gmail.com>
- * sudo.h: Undo last commit and add sudo_setspent and sudo_endspent
- instead.
+ * README.LDAP:
+ Build Note
+ [7a061248249b]
-2005-01-05 14:41 millert
+2004-04-07 Aaron Spangler <aaron777@gmail.com>
- * getspwuid.c, pwutil.c: Move all but the shadow stuff from
- getspwuid.c to pwutil.c and pwcache_get and pwcache_put as they
- are no longer needed. Also add preprocessor magic to use private
- versions of the passwd and group routines if MYPW is defined (for
- use by testsudoers).
+ * Makefile.in:
+ Fix install-dirs
+ [be0726dd92e7]
-2005-01-04 22:40 millert
+2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * tsgetgrpw.c: zero out struct passwd/group before filling it in so
- if there are fields we don't handle they end up as 0.
+ * sudo.tab.c:
+ regen
+ [3f4f0d1ab8b9]
-2005-01-04 20:10 millert
+ * visudo.c:
+ In Exit() when used as a signal handler, emsg is a pointer so
+ sizeof() is wrong so make it a #define instead. Also avoid using a
+ negative exit value. Found by Aaron Campbell
+ [78716a3a3fdc]
- * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c: Adapt to
- pwutil.c
+2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-01-04 20:09 millert
+ * sudoers.pod:
+ Remove bogus sentence about uids in a User_List. Document usernames
+ vs. uid parsing in a Runas_List.
+ [7ca510b5031c]
- * Makefile.in: Add tsgetgrpw.c and pwutil.c Rename the *OBJ
- variables for better readability.
+ * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
+ If the user specified a uid with the -u flag and the uid exists in
+ the passwd file, set runas_user to the name, not the uid.
-2005-01-04 20:08 millert
+ When comparing usernames in sudoers, if a name is really a uid
+ (starts with '#') compare it numerically to pw_uid.
+ [8d6935d04673]
- * tsgetgrpw.c: Passwd and group lookup routines for testsudoers
- that support alternate passwd and group files.
+2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-01-04 20:07 millert
+ * auth/kerb5.c:
+ krb5_mcc_ops should be const; Johnny C. Lam
+ [aa8c753e426e]
- * getspwuid.c, pwutil.c: Split off pw/gr cache and dup code into
- its own file. This allows visudo and testsudoers to use the
- pw/gr cache too.
+2004-02-28 Aaron Spangler <aaron777@gmail.com>
-2005-01-01 19:31 millert
+ * CHANGES, config.h.in, ldap.c:
+ Added start_tls support
+ [7ef864c15b69]
- * parse.c: Print Defaults info in "sudo -l" output and wrap lines
- based on the terminal width.
+2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2005-01-01 12:41 millert
+ * Makefile.in:
+ Clean up libtool stuff for 'make distclean' and add def_data.c,
+ def_data.h to PARSESRCS.
+ [bf9bb6bb06ab]
- * match.c, visudo.c, testsudoers.c: Only check group vector in
- usergr_matches() if we are matching the invoking or list user.
- Always check the group members, even if there was a group vector.
+2004-02-14 Aaron Spangler <aaron777@gmail.com>
-2004-12-17 17:24 millert
+ * strlcat.c, strlcpy.c:
+ Un-Fix last license munge
+ [42654b77ac71]
- * LICENSE, Makefile.in, fnmatch.3: No longer bundle fnmatch.3
+2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-12-17 13:12 millert
+ * configure:
+ regen
+ [e4de6b23a4dc]
- * CHANGES, TODO: checkpoint
+ * CHANGES, RUNSON, TODO:
+ checkpoint
+ [94e1ace84d5c]
-2004-12-16 14:20 millert
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [8ce784505643]
- * sudo.c: sort usage
+ * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
+ emul/search.h, emul/utime.h:
+ More to a less restrictive, ISC-style license.
+ [a31b20e48003]
-2004-12-16 14:20 millert
+ * auth/kerb5.c, auth/pam.c:
+ More to a less restrictive, ISC-style license.
+ [e41f92b41216]
- * sudo.pod: Sort command line options
+ * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
+ More to a less restrictive, ISC-style license.
+ [87534c164a52]
-2004-12-16 13:33 millert
+ * auth/bsdauth.c:
+ More to a less restrictive, ISC-style license.
+ [e21be6594b58]
- * def_data.c, def_data.h, def_data.in, defaults.c, logging.c,
- sudo.c, sudo.pod, sudoers.pod: Add closefrom sudoers option to
- start closing at a point other than 3. Add closefrom_override
- sudoers option and -C sudo flag to allow the user to specify a
- different closefrom starting point.
+ * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
+ More to a less restrictive, ISC-style license.
+ [6d234be91c5e]
-2004-12-16 13:25 millert
+ * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
+ visudo.man.in, visudo.pod:
+ More to a less restrictive, ISC-style license.
+ [b02aea324fd6]
- * pathnames.h.in: Add _PATH_DEVNULL for those without it.
+ * sudo_noexec.c:
+ More to a less restrictive, ISC-style license.
+ [a6da7631e0b2]
-2004-12-15 22:55 millert
+ * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudo_edit.c:
+ More to a less restrictive, ISC-style license.
+ [71cdcc241e94]
- * LICENSE: no more UCB strcasecmp
+ * sigaction.c, strerror.c:
+ More to a less restrictive, ISC-style license.
+ [4bccdedca58a]
-2004-12-15 22:54 millert
+ * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
+ set_perms.c:
+ More to a less restrictive, ISC-style license.
+ [64d772d70ab3]
- * strcasecmp.c: replace BSD licensed one with version derived from
- pdksh
+ * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, interfaces.h:
+ More to a less restrictive, ISC-style license.
+ [520381c60a54]
-2004-12-09 21:07 millert
+ * find_path.c, getprogname.c:
+ More to a less restrictive, ISC-style license.
+ [f605d5eab6f1]
- * sudo.c: Fix last commit.
+ * fileops.c:
+ More to a less restrictive, ISC-style license.
+ [4129a8b38a67]
-2004-12-09 19:26 millert
+ * env.c:
+ More to a less restrictive, ISC-style license.
+ [d5bd859757de]
- * sudo.c: Make sure stdin, stdout and stderr are open and dup them
- to /dev/null if not.
+ * defaults.h:
+ More to a less restrictive, ISC-style license.
+ [008f5d5743f5]
-2004-12-03 13:57 millert
+ * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
+ defaults.c:
+ More to a less restrictive, ISC-style license.
+ [d8d7bfc8a18b]
- * ldap.c, mon_systrace.c, sudo.c, sudo.h: add sudo_ldap_close
+ * utime.c, version.h:
+ More to a less restrictive, ISC-style license.
+ [e2e038ad8209]
-2004-12-03 13:52 millert
+ * parse.lex, parse.yacc:
+ More to a less restrictive, ISC-style license.
+ [2f5942e847a1]
- * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
- Use TIME_WITH_SYS_TIME
+ * Makefile.binary:
+ More to a less restrictive, ISC-style license.
+ [1ed561734535]
-2004-12-03 13:48 millert
+2004-02-13 Aaron Spangler <aaron777@gmail.com>
- * configure, configure.in, config.h.in: Add TIME_WITH_SYS_TIME_H
+ * sudoers2ldif:
+ Merged in LDAP Support
+ [3994c4d05947]
-2004-12-02 11:18 millert
+ * ldap.c, sudo.c, sudo.h:
+ Merged in LDAP Support
+ [547eaa346fcc]
- * env.c: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE
- being set unconditionally on darwin. From Toby Peterson.
+ * def_data.c, def_data.h, def_data.in:
+ Merged in LDAP Support
+ [8fb255280e42]
-2004-12-02 10:40 millert
+ * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
+ Merged in LDAP Support
+ [1038092a161e]
- * getspwuid.c: Check rbinsert() return value. In the case of faked
- up entries there is usually a negative response cached that we
- need to overwrite.
+2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
- In pwfree() don't try to zero out a NULL pw_passwd pointer.
+ * sudo.h, sudo_noexec.c:
+ Only do "extern int errno" if errno is not a macro.
+ [b2e02a08be8b]
-2004-12-02 09:53 millert
+2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * mon_systrace.c: Use the double fork trick to avoid the monitor
- process being waited for by the main program run through sudo.
+ * set_perms.c:
+ setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
+ euid first, then just call setuid(0) to set the real uid too.
+ [f08546e2e0ee]
-2004-11-29 12:52 millert
+ * set_perms.c:
+ Use setresuid() and setreuid() for PERM_RUNAS when appropriate
+ instead of seteuid() which may not exist.
+ [ba508581befb]
- * sudo.c: Call initgroups() in -U mode so group matches work
- normally.
+2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-29 12:34 millert
+ * LICENSE:
+ 2004
+ [37425513a342]
- * def_data.h, mkdefaults: Don't print a trailing comma for the last
- entry in enum def_tupple
+ * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
+ Add --with-pc-insults configure option
+ [7daa5294c17b]
-2004-11-28 16:08 millert
+ * visudo.man.in:
+ Prefer VISUAL over EDITOR like old vipw did.
+ [996252a4ab65]
- * sudoers.cat, sudoers.man.in, sudoers.pod: Mention values when
- lecture, listpw and verifypw are used in boolean context.
+2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-28 16:05 millert
+ * sudo.man.in, sudoers.man.in:
+ regen
+ [a247f1c52eb9]
+
+ * sudoers.pod:
+ Add a note that noexec is not a cure-all.
+ [9e7fc535367d]
+
+ * sudoers.pod:
+ Mention that disabling "root_sudo" is pretty pointless.
+ [f38a415afba0]
+
+ * configure, configure.in:
+ Substitute for root_sudo in sudoers.pod
+ [ce483cfc86be]
+
+ * sudo.pod:
+ Add sudoedit to the NAME section
+ [51bc453ec2f6]
+
+ * sudoers.pod:
+ Document that fact that setting ignore_dot in sudoers has no effect
+ due to the fact that find_path() is called *before* sudoers is read.
+ [6808df7e417c]
+
+2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.c, def_data.in: verifypw when used in a boolean TRUE
- context should be "all", not "any".
+ * sudo_edit.c:
+ Do not require _PATH_USRTMP to be set.
+ [546f3270dd10]
-2004-11-26 14:21 millert
+ * BUGS, CHANGES, TODO:
+ sync
+ [4205ddeab781]
- * def_data.in, defaults.c: Allow tuples that can be used as
- booleans to be used as boolean TRUE. In this case the 2nd
- possible value of the tuple is used for TRUE.
+ * sudo.man.in:
+ regen
+ [e2143690a88a]
-2004-11-25 12:23 millert
+ * sudo.pod:
+ Clarify that when sudo is run by root with the SUDO_USER variable
+ set, the sudoers lookup happens for root and not the SUDO_USER user.
+ [47207bec1bdf]
+
+2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
+ set_perms.c, sigaction.c, sudo.c, tgetpass.c:
+ Use the SET, CLR and ISSET macros.
+ [a8b0d7f1e8fd]
+
+ * fnmatch.c:
+ Use the SET, CLR and ISSET macros.
+ [1afbcba22ba6]
+
+ * defaults.c, env.c:
+ Use the SET, CLR and ISSET macros.
+ [2f39431e0a49]
+
+ * interfaces.h:
+ MAIN was replaced with _SUDO_MAIN some time ago.
+ [ea1b38f2ac9d]
+
+ * sudo.c:
+ Don't look at prev_user until after we've parsed sudoers and done
+ the password check. That way, if sudo/sudoedit is run from a root
+ process that was invoked by sudo, we check sudoers for root, not the
+ previous user. This makes sudoedit much more useful and means that
+ for the sudo case, we get correct logging on who actually ran the
+ command.
+ [431dfbf20552]
+
+2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Add a comment describing why we need to be notified about our child
+ stopping.
+ [0bec3ce4b49d]
+
+2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.in:
+ Update the noexec variable descriptions
+ [9cb7f1aa0e57]
+
+ * sudoers.man.in, sudoers.pod:
+ noexec now replaces more than just execve()
+ [23cbdc0ee95c]
+
+ * sudo_noexec.c:
+ Alas, all the world does not go through execve(2). Many systems
+ still have an execv(2) system call, Linux 2.6 provides fexecve(2)
+ and it is not uncommon for libc to have underscore ('_') versions of
+ the functions to be used internally by the library. Instead of
+ stubbing all these out by hand, define a macro and let it do the
+ work. Extra exec functions pointed out by Reznic Valery.
+ [9fa0cd871b0c]
+
+ * sudo.c, sudo_edit.c:
+ Fix suspending the editor in -e mode. Because we do a fork() first
+ we need to be notified when the child has been stopped and then send
+ that same signal to ourself so the shell can do its job control
+ thing.
+ [773165eb6057]
+
+ * visudo.c:
+ Use WIFEXITED and WEXITSTATUS macros. If there are systems out
+ there that want to run sudo that still don't support these we can
+ try to deal with that later.
+ [6af68e4aff60]
+
+ * lex.yy.c:
+ regen
+ [403435317d5d]
+
+ * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
+ Document sudo -e / sudoedit
+ [a80f6ea910af]
+
+ * configure, configure.in:
+ fix typo
+ [5020fcdc27f4]
+
+ * config.h.in, configure.in:
+ Add SET/CLR/ISSET
+ [03ff57286e7e]
+
+2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Allow non-exclusive flags when invoked as sudoedit. Pretty print the
+ long usage() line to not wrap (assumes 80 char display)
+ [3941fa4004bb]
+
+ * Makefile.in, sudo.c:
+ If sudo is invoked as "sudoedit" the -e flag is implied and no other
+ flags are permitted.
+ [929670b01293]
+
+ * sudo.h:
+ Add a new flag, -e, that makes it possible to give users the ability
+ to edit files with the editor of their choice as the invoking user,
+ not the runas user. Temporary files are used for the actual edit
+ and the temp file is copied over the original after the editor is
+ done.
+ [c4051414c1f4]
+
+ * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
+ Add a new flag, -e, that makes it possible to give users the ability
+ to edit files with the editor of their choice as the invoking user,
+ not the runas user. Temporary files are used for the actual edit
+ and the temp file is copied over the original after the editor is
+ done.
+ [37ac05c8ac3c]
+
+ * env.c, sudo.c:
+ If real uid == 0 and the SUDO_USER environment variables is set, use
+ that to determine the invoking user's true identity. That way the
+ proper info gets logged by someone who has done "sudo su" but still
+ uses sudo to as root. We can't do this for non-root users since
+ that would open up a security hole, though perhaps it would be
+ acceptable to use getlogin(2) on OSes where this a system call (and
+ doesn't just look in the utmp file).
+ [c2f9198708a1]
+
+ * pathnames.h.in:
+ Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
+ [7d9e5768df93]
+
+ * config.h.in, configure, configure.in:
+ Add check for fchown(2)
+ [a85df18798ed]
+
+2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Back out portions of the -i commit that set NewArgv[0] in
+ set_runaspw. It is far to late to set NewArgv[0] there and will have
+ no effect anyway as cmnd and safe_cmnd have already been set.
+ [c2d343430c1c]
+
+ * visudo.c, visudo.pod:
+ Prefer VISUAL over EDITOR like old vipw did.
+ [ae32f477cea3]
+
+2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ In -i mode always set new environment based on the runas user's
+ passwd entry.
+ [fa653b7887a8]
+
+2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man.in, sudo.pod:
+ Document the new -i flag and sync SYNOPSIS section with usage() in
+ sudo.c. Also sort the flags in the OPTIONS section.
+ [6aabc0ffc47e]
+
+ * sudo.c, sudo.h:
+ o Add -i that acts similar to "su -", based on patches from David J.
+ MacKenzie o Sort the flags in the usage message
+ [c0fe7d6beffd]
+
+ * sudoers.man.in, sudoers.pod:
+ Add a missing @runas_default@ substitution.
+ [60516fe2d090]
+
+2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Change euid to runas user before calling find_path().
+ Unfortunately, though runas_user can be modified in sudoers we
+ haven't parsed sudoers yet.
+ [f469fdf2e313]
+
+ * sudoers.man.in, sudoers.pod:
+ Add missing defintion of Parameter_List and use single pipes in the
+ Defaults EBNF definition.
+ [f7bed6e909bf]
+
+ * sudo.c:
+ Fix a bug when set_runaspw() is used as a callback. We don't want
+ to reset the contents of runas_pw if the user specified a user via
+ the -u flag.
+
+ Avoid unnecessary passwd lookups in set_authpw(). In most cases we
+ already have the info in runas_pw.
+ [efc35623ba09]
+
+2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ Add Stan Lee / Uncle Ben quote to the lecture from RedHat
+ [ebd5a76ccd7e]
+
+ * sudo.h:
+ Update sudo_getepw() proto and add one for set_runaspw()
+ [6ed65795c17f]
+
+ * parse.c:
+ If we can't stat the command as root, try as the runas user instead.
+ [ae713fca0e15]
+
+ * testsudoers.c, visudo.c:
+ Add stub set_runaspw() function
+ [42aa37050053]
+
+ * sudo.c:
+ Add set_runaspw() function to fill in runas_pw. This will be used
+ as a callback to update runas_pw when the runas user changes.
+ [e570aa0088d0]
+
+ * env.c, sudo.c:
+ PERM_RUNAS -> PERM_FULL_RUNAS
+ [51eec6f9e89a]
+
+ * set_perms.c, sudo.h:
+ Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
+ changes the euid.
+ [877c6fe4d12c]
+
+ * getspwuid.c:
+ Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
+ one chunk for easy free()ing. Also change it from static to extern.
+ [ab503260a7ec]
+
+ * defaults.c, defaults.h:
+ Add callback support
+ [a61c4ca983fb]
+
+ * mkdefaults:
+ Add a callback field and use it for runas_default
+ [96b69c27df5e]
+
+ * def_data.c, def_data.in:
+ Add a callback field and use it for runas_default
+ [d3e9f06872b8]
+
+2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/fwtk.c:
+ Add support for chalnecho and display server responses used by fwtk
+ >= 2.0
+ [b1870f7aaf0d]
+
+2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.man.in, sudoers.pod:
+ ld.so is ld.so.1 on solaris
+ [2bf9a123fa4c]
+
+ * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
+ Use closefrom() instead of doing the equivalent inline.
+ [7e3ef6072884]
+
+ * closefrom.c:
+ closefrom(3) for systems w/o it
+ [35caf58bb636]
+
+2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.man.in:
+ Update from .pod file.
+ [d4c94fc0e0c9]
+
+ * configure, configure.in:
+ Substitute noexec_file for the sudoers man page
+ [203d3376a551]
+
+ * sudo.man.in, sudo.pod:
+ Mention noexec
+ [014375ddbb06]
+
+ * sudoers.man.in, sudoers.pod:
+ Document noexec
+ [49a65d06201f]
+
+ * auth/pam.c, config.h.in, configure.in:
+ Move PAM_CONST macro definition from config.h to pam.c where it
+ belongs. We can't have this in config.h since that gets included too
+ early.
+ [e64748071637]
+
+ * auth/pam.c, config.h.in, configure, configure.in:
+ Some PAM implementations put their headers in /usr/include/pam
+ instead of /usr/include/security.
+ [8cc749e9575c]
+
+ * configure.in:
+ I missed changing the EXEC macro -> EXECV here when I changed this
+ in config.h.in and sudo.c a while ago.
+ [6f5afac7789f]
+
+ * acsite.m4:
+ OpenBSD vax/m88k/hppa don't do shared libs
+ [e4901d958bb7]
+
+ * configure, configure.in:
+ o merge the hpux case entries into a single entry w/ its own sub-
+ case statement. o HP-UX >= 11 support getspnam(), use it in
+ preference to getprpwuid()
+ [0caad428894e]
+
+ * configure, configure.in:
+ eval $shrext so that it expands nicely on MacOS X
+ [40419343eef8]
+
+ * Makefile.in:
+ Don't lie about making a module, it does the wrong thing on mach
+ [7629b28f5688]
+
+ * ltmain.sh:
+ Remove requirement that libs must begin with "lib". They don't when
+ we point directly at the lib using LD_PRELOAD or its equivalent.
+ [d66f3de6ec85]
+
+ * acsite.m4:
+ Disable support for c++, f77 and java. We don't need it, it takes a
+ lot of time, and it hosed our check for shared lib support.
+ [4f5749c52ce4]
+
+ * configure:
+ regen
+ [160865e9d15f]
+
+ * configure.in:
+ Call AC_ENABLE_SHARED and check the status of enable_shared to know
+ when shared libs are available.
+ [42504c1668fc]
+
+ * acsite.m4:
+ Duh, OpenBSD suports shared libs too
+ [8e3cd9417475]
+
+ * config.h.in, configure.in:
+ Only OpenPAM and Linux PAM use const qualifiers.
+ [b2f76476e866]
+
+ * configure, configure.in:
+ o No need to check for sed, libtool config does that for us o move
+ check for --with-noexec until after libtool magic is run so we can
+ use $can_build_shared and $shrext
+ [668c656e89cc]
+
+ * ltmain.sh:
+ Don't print a bunch of crap about library installs since we are not
+ really installing a library.
+ [83fbcad29fe4]
+
+ * env.c:
+ Make format_env() varargs Add noexec support for Darwin, MacOS X,
+ Irix, and Tru64
+ [468885d75d10]
+
+ * acsite.m4, ltconfig, ltmain.sh:
+ Update to libtool 1.5 with local changes: o no ldconfig in the
+ finish step o assume no libprefix or version is needed
+ [4961cffc3797]
+
+ * sudo_noexec.c:
+ Fix compilation under K&R
+ [8b309bf0b1b2]
+
+2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint
+ [3c368badab32]
+
+ * sudo_noexec.c:
+ stub execve() that just returns EACCES; used for noexec
+ functionality
+ [1297acae283a]
+
+ * sudo.tab.h:
+ Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
+ generated code.
+ [dcab78c49273]
+
+ * sudo.tab.c:
+ Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
+ generated code.
+ [0a61c735eabe]
+
+2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in:
+ Move the environment defaults to the end and shorten a few of the
+ descriptions.
+ [66787b9c612c]
+
+ * configure, configure.in:
+ no shared libs on ultris or convexos
+ [2c5f3c456e32]
+
+ * Makefile.in, configure, configure.in:
+ Build sudo_noexec shared object using libtool; could use some
+ cleanup.
+ [373f483555dd]
+
+ * acsite.m4, ltconfig, ltmain.sh:
+ libtool scaffolding
+ [c903a42e3d90]
+
+ * parse.yacc, sudo.tab.c:
+ Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
+ important.
+ [c6e8a34639a4]
+
+ * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
+ parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
+ update copyright year
+ [a16372ae1711]
+
+ * configure, configure.in, defaults.c, env.c, pathnames.h.in:
+ Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
+ option. The default value of noexec_file is set to this.
+ [7d88e1d3c494]
- * configure, configure.in: Correct the test for 2-parameter
- timespecsub
+ * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
+ parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
+ sudo.tab.h:
+ Add support for preloading a shared object containing a dummy
+ execve() function that just sets error and returns -1. This adds a
+ "noexec_file" option to load the filename as well as a "noexec" flag
+ to enable it unconditionally. There is also a NOEXEC tag that can
+ be attached to specific commands and an EXEC tag to disable it.
+ [c8b6712feb91]
+
+ * mkdefaults:
+ add missing newline to usage statement
+ [e84746618362]
+
+ * config.h.in, sudo.c:
+ Rename EXEC macro -> EXECV
+ [ddaa0c027299]
+
+ * logging.c:
+ Don't truncate usernames to 8 characters in the log message.
+ [f62a20f27075]
+
+ * check.c, sudoers.man.in, sudoers.pod:
+ Update copyright year
+ [ca9964054085]
-2004-11-25 12:20 millert
+ * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
+ sudoers.pod:
+ Add a new option, lecture_file, that can be used to point to a
+ custom sudo lecture.
+ [940133231216]
- * sudo.h: Add strub struct definitions for passwd, timeval and
- timespec
+2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-25 12:09 millert
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c:
+ Add a zero_bytes() function to do the equivalent of bzero in such a
+ way that will heopfully not be optimized away by sneaky compilers.
+ [161b6d74bfb4]
- * configure, configure.in, config.h.in, sudo_edit.c, visudo.c: Add
- check for 2-argument form of timespecsub (FreeBSD and BSD/OS) and
- fix a typo in the gettimeofday check.
+ * zero_bytes.c:
+ Add a zero_bytes() function to do the equivalent of bzero in such a
+ way that will heopfully not be optimized away by sneaky compilers.
+ [d035abf0af94]
-2004-11-24 16:44 millert
+ * Makefile.in, sudo.h:
+ Add a zero_bytes() function to do the equivalent of bzero in such a
+ way that will heopfully not be optimized away by sneaky compilers.
+ [ff136de3e255]
- * match.c, testsudoers.c: Deal with user_stat being NULL as it is
- for visudo and testsudoers.
+ * err.c:
+ Use #ifdef __STDC__, not #if __STDC__.
+ [6889dd6bc51a]
-2004-11-24 16:31 millert
+2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod: Add -U
- option to use in conjunction with -l instead of -u. Add support
- for "sudo -l command" to test a specific command.
+ * mkdefaults:
+ Always put at least one space between the def_* macro name and its
+ definition.
+ [6b3ad0e6619a]
-2004-11-24 16:28 millert
+ * configure, configure.in:
+ Adjust code for --without-lecture to match new values.
+ [062aa788a6b9]
- * gram.c, gram.y, sudo.c: Set safe_cmnd after sudoers_lookup() if
- it has not been set. Previously it was set by sudo "ALL" in the
- parser but at that point the fully-qualified pathname has not yet
- been found.
+ * visudo.man.in:
+ regen after pasto fix
+ [3deec16906c0]
-2004-11-23 18:18 millert
+ * sudoers.man.in, sudoers.pod:
+ Document that "lecture" has changed from a flag to a tuple.
+ [e2c03062b533]
- * parse.c, testsudoers.c: Correctly handle multiple privileges per
- userspec and runas inheritence.
+ * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
+ defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
+ Add support for tuples in def_data.in; these are implemented as an
+ enum type. Currently there is only a single tuple enum but in the
+ future we may have one tuple enum per T_TUPLE entry in def_data.in.
+ Currently listpw, verifypw and lecture are tuples. This avoids the
+ need to have two entries (one ival, one str) for pwflags and syslog
+ values.
+
+ lecture is now a tuple with the following values: never, once,
+ always
+
+ We no longer use both an int and string entry for syslog facilities
+ and priorities. Instead, there are logfac2str() and logpri2str()
+ functions that get used when we need to print the string values.
+ [5293f946c836]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
+ check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
+ logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
+ sudo.tab.c, visudo.c:
+ Create def_* macros for each defaults value so we no longer need the
+ def_{flag,ival,str,list,mode} macros (which have been removed). This
+ is a step toward more flexible data types in def_data.in.
+ [009c02934106]
+
+ * TODO:
+ checkpoint
+ [0a99a4bb5d15]
-2004-11-21 14:09 millert
+2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ If we are in -k/-K mode, just spew to stderr. It is not unusual for
+ users to place "sudo -k" in a .logout file which can cause sudo to
+ be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
+ Previously, this would result in useless mail and logging.
+ [d282e7ed63af]
- * defaults.c: Zero out sd_un for each entry in sudo_defs_table in
- init_defaults.
+2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-19 18:04 millert
+ * visudo.pod:
+ fix pasto in VISUAL description
+ [1c6a6148b5f9]
- * toke.c, toke.l: make per-command defaults work with sudoedit
+2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-19 18:00 millert
+ * configure:
+ regen
+ [f44312c63799]
- * ldap.c, parse.c, sudo.c, sudo.h: Remove the FLAG_NOPASS,
- FLAG_NOEXEC and FLAG_MONITOR flags. Instead, we just set the
- approriate defaults variable.
+ * CHANGES:
+ checkpoint
+ [0c42e38f78d5]
-2004-11-19 17:09 millert
+ * TROUBLESHOOTING:
+ Some OSes (like Solaris) allow export w/ nosuid too
+ [973ce85ffa12]
- * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
- Document per-command Defaults.
+2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-19 16:35 millert
+ * compat.h:
+ We don't use FD_ZERO anymore so just define FD_SET (if not already
+ there).
+ [d1c8c11905cd]
- * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
- sudo.c, testsudoers.c, toke.c, toke.l, visudo.c: Add support for
- command-specific Defaults entries. E.g.
- Defaults!/usr/bin/vi noexec
+2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-19 15:03 millert
+ * auth/pam.c:
+ Fix a core dump on Solaris by preserving the pam_handle_t we used
+ during authentication for pam_prep_user(). If we didn't
+ authenticate (ie: ticket still valid), we call pam_init() from
+ pam_prep_user(). This is something of a hack; it may be better to
+ change the auth API and add an auth_final() function that acts like
+ pam_prep_user().
+ [f787de49b175]
- * defaults.c, match.c, parse.c, parse.h, testsudoers.c: Change an
- occurence of user_matches() -> runas_matches() missed previously
- runas_matches(), host_matches() and cmnd_matches() only really
- need to pass in a list of members. user_matches() still needs to
- pass in a passwd struct because of "sudo -l"
+2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-19 14:46 millert
+ * set_perms.c:
+ Add explicit declaration of printerr variable in function header
+ (was defaulting to int which is OK but oh so K&R :-). From Theo.
+ [492c2358783f]
- * parse.c: Check def_authenticate, def_noexec and def_monitor when
- setting return flags. XXX May be better to just set the defaults
- directly and get rid of those flags.
+2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-19 13:39 millert
+ * config.h.in, configure.in:
+ s/HAVE_STOW/USE_STOW/
+ [4b99e1824ece]
- * alias.c, alloc.c, check.c, closefrom.c, defaults.c, env.c,
- error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c,
- getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
- gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
- mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
- strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
- sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c,
- toke.l, utimes.c, visudo.c, zero_bytes.c, auth/afs.c,
- auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
- auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
- auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/securid5.c, auth/sia.c, auth/sudo_auth.c: Use: #include
- <config.h> Not: #include "config.h" That way we get the correct
- config.h when build dir != src dir
+ * logging.c:
+ Also exit waitpid() loop when pid == 0. Fixes a problem where the
+ sudo process would spin eating up CPU until sendmail finished when
+ it has to send mail.
+ [ec3d5792b9b4]
+
+2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-19 13:30 millert
+ * fnmatch.c:
+ Remove advertising clause, UCB has disavowed it
+ [43a26bbd6628]
- * Makefile.in: Back out part of rev 1.263; fix -I order
+ * fnmatch.3:
+ Remove advertising clause, UCB has disavowed it
+ [3ff24291bcfa]
-2004-11-19 13:12 millert
+2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * toke.c, toke.l: More robust parsing if #include; could be much
- better still.
+ * parse.c:
+ Don't assume that getgrnam() calls don't modify contents of struct
+ passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
+ Based on a patch from Kirk Webb.
+ [5574c68f60f3]
-2004-11-19 12:55 millert
+2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_edit.c, visudo.c: Make arg splitting in visudo and sudoedit
- consistent.
+ * configure.in:
+ missing ;;
+ [22378f2a9d31]
-2004-11-19 12:35 millert
+ * configure.in:
+ darwin has a broken setreuid() in at least some versions
+ [d572aed930d2]
- * Makefile.in, alias.c, gram.c, gram.y, parse.h: Split alias
- routines out into their own file.
+ * env.c:
+ Fix an off by one error when reallocating the environment; Kevin Pye
+ [3d98e7cf097a]
-2004-11-19 12:32 millert
+2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * error.h: __attribute__ is already defined in compat.h
+ * sudoers.pod:
+ Fix User_Spec definition; SEKINE Tatsuo
+ [49b0da65e090]
-2004-11-19 12:30 millert
+2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: quit() should not be __noreturn__ as it is non-void on
- some platforms.
+ * HISTORY:
+ More info on the early days from Coggs.
+ [9381ca10b06b]
-2004-11-19 12:24 millert
+2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/: fwtk.c, rfc1938.c, securid.c, securid5.c: Add local
- error/warning functions like err/warn but that call an additional
- cleanup routine in the error case. This means we no longer need
- to compile a special version of alloc.o for visudo.
+ * auth/kerb5.c:
+ remove errant semicolon that prevented compilation under heimdal
+ [d2f2bb73a598]
-2004-11-19 11:54 millert
+2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.h: Clarify comments about the data structures
+ * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
+ add DARPA credit on affected files
+ [7020785ee50d]
-2004-11-18 15:28 millert
+ * sudoers.pod:
+ add DARPA credit on affected files
+ [83b46318750b]
- * visudo.c: Add support for VISUAL and EDITOR containing command
- line args. If env_editor is not set any args in VISUAL and
- EDITOR are ignored. Arguments are also now supported in
- def_editor.
+ * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudoers.man.in:
+ add DARPA credit on affected files
+ [d8adf1c2ba22]
-2004-11-17 14:25 millert
+ * set_perms.c:
+ add DARPA credit on affected files
+ [3d79fdabb582]
- * parse.h: alias_matches() is no more
+ * pathnames.h.in:
+ add DARPA credit on affected files
+ [e334cdda422f]
-2004-11-17 14:09 millert
+ * logging.c, parse.c:
+ add DARPA credit on affected files
+ [8f75f822755b]
- * CHANGES, TODO: sync
+ * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
+ find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
+ interfaces.h:
+ add DARPA credit on affected files
+ [da66e28fb3f5]
-2004-11-17 13:19 millert
+ * auth/kerb5.c, auth/pam.c:
+ add DARPA credit on affected files
+ [15da3021b49c]
- * Makefile.in: When regenerating the parser, don't replace gram.h
- unless it has changed.
+ * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
+ version.h:
+ add DARPA credit on affected files
+ [868d54cbddea]
-2004-11-17 11:56 millert
+ * env.c:
+ add DARPA credit on affected files
+ [90239f51ef0a]
- * Makefile.in: remove Makefile.binary for distclean
+ * defaults.c, defaults.h:
+ add DARPA credit on affected files
+ [6a64205fd1eb]
-2004-11-17 11:18 millert
+ * compat.h:
+ add DARPA credit on affected files
+ [316a735783c4]
- * env.c: Preserve KRB5CCNAME in zero_env() and add a paranoia check
- to make sure we can't overflow new_env.
+ * Makefile.in, alloc.c, check.c:
+ add DARPA credit on affected files
+ [cd939e05c810]
-2004-11-17 10:33 millert
+ * LICENSE:
+ slightly different wording for the darpa credit
+ [e468909c4a21]
- * sudo_edit.c: paranoia when stripping trailing slashes from
- tempdir.
+2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-16 19:00 millert
+ * LICENSE:
+ Add DARPA credit
+ [8eb20e2cd63e]
- * sudo.c: Set user_ngroups to 0 if getgroups() returns an error.
+2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-16 18:59 millert
+ * auth/kerb5.c:
+ Use krb5_princ_component() instead of krb5_princ_realm() for MIT
+ Kerberos like we did before I messed things up ;-)
- * configure, configure.in, config.h.in, sudo.c: Add configure check
- for getgroups()
+ Use krb5_principal_get_comp_string() to do the same thing w/
+ Heimdal. I'm not sure if the component should be 0 or 1 in this
+ case.
-2004-11-16 18:55 millert
+ #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
+ older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
+ should be a configure check for this I guess.
+ [74919a3933fe]
- * ldap.c: Use supplementary group vector in struct sudo_user.
+2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-16 18:40 millert
+ * sample.sudoers:
+ builtin -> built-in; Jason McIntyre
+ [027f2187923e]
+
+ * TROUBLESHOOTING, config.h.in, configure, configure.in:
+ builtin -> built-in; Jason McIntyre
+ [70b81ac48943]
+
+ * sudoers.pod:
+ built in -> built-in; Jason McIntyre
+ [da658ef5138d]
+
+2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint for 1.6.7p3
+ [da85f989fadf]
+
+ * HISTORY:
+ Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
+ Amazingly, sudo source from 1985 is available via groups.google.com
+ [39e0fc85b89f]
+
+ * sudo.c:
+ Don't change rl.rlim_max for RLIMIT_CORE. We need only set
+ rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
+ RLIMIT_CORE restoration on some OSes.
+ [7e2c1a7adfd8]
+
+2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Make this compile on Heimdal and MIT Kerberos 5
+ [44c07d615868]
+
+ * config.h.in, configure, configure.in:
+ Check for heimdal even if we found krb5-config and define
+ HAVE_HEIMDAL.
+ [aba0126f0059]
- * match.c: Only do string comparisons on the group members if there
- is no supplemental group list.
+ * auth/kerb5.c:
+ Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
+ no longer defined by MIT kerb5 (though it used to be and indeed
+ remains so in Heimdal).
+ [e5a6c64d7cd5]
-2004-11-16 16:10 millert
+2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, TODO: sync
+ * mkinstalldirs:
+ Remove newer stuff that passes multiple (possibly duplicate)
+ directories to "mkdir -p" since that seems to break on Tru64 Unix at
+ least. This basically brings back what shipped with sudo 1.6.6.
+ [f2a1abd872b3]
-2004-11-16 15:54 millert
+2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_edit.c: On Digital UNIX _PATH_VAR_TMP doesn't end with a
- trailing slash so chop off any trailing slashes we see and add an
- explicit one.
+ * auth/kerb5.c:
+ Correct number of args to krb5_principal_get_realm() and fix an
+ unclosed comment that hid the bug.
+ [0b37f8ce7824]
-2004-11-16 12:02 millert
+ * configure:
+ regen
+ [1876cb840fe0]
- * match.c: remove bogus XXX comment
+ * configure.in:
+ ++version
+ [480aff7c048e]
-2004-11-16 11:10 millert
+ * README:
+ ++version
+ [488e0bbff613]
- * match.c: Get rid of alias_matches and correctly fall through to
- the non-alias cases when there is no alias with the specified
- name.
+ * Makefile.in:
+ ++version
+ [97ef63cedc38]
-2004-11-16 10:47 millert
+ * INSTALL.binary:
+ ++version
+ [a506204e77d0]
- * getspwuid.c: Cache non-existent passwd/group entries too.
+ * INSTALL:
+ ++version
+ [555aeba5c2bf]
-2004-11-16 10:45 millert
+ * CHANGES, version.h:
+ ++version
+ [f66985a64063]
- * gram.c: regen
+ * BUGS:
+ ++version
+ [ea3573432412]
-2004-11-15 23:32 millert
+ * configure.in:
+ use krb5-config to determine Kerberos V details if it exists
+ [7b46bbdaf774]
+
+ * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
+ find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
+ testsudoers.c, visudo.c:
+ Use warn/err and getprogname() throughout. The main exception is
+ openlog(). Since the admin may be filtering logs based on the
+ program name in the log files, hard code this to "sudo".
+ [9f180d015cfa]
+
+ * Makefile.in:
+ Add getprogname.c and err.c
+ [d411c54a07dc]
+
+ * configure:
+ regen
+ [6d585d391acc]
+
+ * config.h.in, configure.in:
+ Add checks for getprognam(), __progname and err.h
+ [bcbccf61d34a]
+
+ * emul/err.h:
+ For systems withour err/warn functions.
+ [1b33118884d9]
+
+ * err.c:
+ For systems withour err/warn functions.
+ [26721f6b041f]
+
+ * getprogname.c:
+ For systems neither getprogname() nor __progname; uses Argv[0].
+ [841cf42af1eb]
+
+2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint for 1.6.7p1
+ [5bfdaf441dce]
+
+ * sudo.c, testsudoers.c:
+ fix strlcpy() rval check (innocuous)
+ [e05ac7e0d1f3]
+
+ * check.c:
+ oflow detection in expand_prompt() was faulty (false positives). The
+ count was based on strlcat() return value which includes the length
+ of the entire string.
+ [086c5a0acb25]
+
+2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON, TODO:
+ checkpoint for the sudo 1.6.7 release
+ [096bab4da29a] [SUDO_1_6_7]
+
+ * CHANGES:
+ checkpoint for the sudo 1.6.7 release
+ [87322187ed78]
+
+2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ g/c unused variable
+ [c57cd4a17765]
+
+ * configure:
+ regen
+ [e7c1f581dfac]
+
+ * configure.in:
+ use man sections 8 and 5 for csops
+ [87de581bda88]
+
+2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [cb1433a9c7a1]
+
+ * configure.in:
+ Add -lskey or -lopie directly to SUDO_LIBS instead of having
+ AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
+ [ac5667978939]
+
+ * configure:
+ regen
+ [638459118a2a]
+
+ * configure.in:
+ Add --with-blibpath for AIX. An alternate libpath may be specified
+ or
+ -blibpath support can be disabled. Also change conifgure such that
+ -blibpath is not specified if no -L libpaths were added to
+ SUDO_LDFLAGS.
+ [c7d17b480cad]
+
+ * aclocal.m4:
+ Add --with-blibpath for AIX. An alternate libpath may be specified
+ or
+ -blibpath support can be disabled. Also change conifgure such that
+ -blibpath is not specified if no -L libpaths were added to
+ SUDO_LDFLAGS.
+ [37022e991575]
+
+ * INSTALL:
+ Add --with-blibpath for AIX. An alternate libpath may be specified
+ or
+ -blibpath support can be disabled. Also change conifgure such that
+ -blibpath is not specified if no -L libpaths were added to
+ SUDO_LDFLAGS.
+ [4b4bbe5bbe1b]
+
+ * configure.in:
+ add AIX blibpath support
+ [16ba788bf086]
+
+ * INSTALL, configure.in:
+ --with-skey and --with-opie now take an option directory argument
+ This obsoletes a --with-csops hack (/tools/cs/skey)
+
+ Also remove the remaining direct uses of "echo"
+ [5b4986a90c03]
+
+2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Detect KTH Kerberos IV and deal with it. Also make -lroken optional
+ for KTH Kerberos IV and V.
+ [119f97b48e18]
+
+ * aclocal.m4:
+ Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
+ -R/path/to/dir if $with_rpath) to the specified variable.
+ [e55e49d076ce]
+
+ * INSTALL, configure.in:
+ Add -R/path/to/libs for Solaris and SVR4. There is a new configure
+ option, --with-rpath to control this behavior.
+ [d4730c5399ab]
+
+ * configure.in:
+ for kerb4 put libdes after libkrb on the link line
+ [5c566100eab6]
+
+ * auth/kerb4.c:
+ typo
+ [6541b72b64a3]
+
+ * configure.in:
+ fix kerberos lib check when a path is specified
+ [ae833a914c6f]
+
+ * logging.c:
+ Fix boolean thinko in SIGCHLD reaper and call reapchild after
+ sending mail instead of doing a conditional sudo_waitpid.
+ [86fa9a35df5a]
+
+2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [e6275cf528ba]
+
+ * configure.in:
+ replace =DIR with [=DIR] where sensible
+ [c39a59173b38]
+
+ * configure.in:
+ o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
+ detection based on openssh's configure.in
+ [5b7a340912df]
+
+ * INSTALL:
+ --with-kerb4 and --with-kerb5 now take an optional argument.
+ [71ed87fc9c64]
+
+2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/securid.c:
+ Kill remaining strcpy(), the programmer's guide says username is 32
+ bytes.
+ [bdba70fcd08d]
+
+ * auth/kerb4.c:
+ trat uid_t as unsigned long for printf and use snprintf, not sprintf
+ [8072f5f8966d]
+
+ * auth/rfc1938.c:
+ use snprintf
+ [fc0c70c665fe]
+
+2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/sudo_auth.c:
+ update copyright year
+ [b0a10ccb1d0e]
+
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ update copyright year
+ [8fce0034eb51]
+
+ * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
+ configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
+ parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
+ sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
+ update copyright year
+ [d541e75fe520]
+
+ * check.c, env.c, sudo.c:
+ Cast [ug]ids to unsigned long and printf with %lu
+ [2ede64d3592b]
- * getspwuid.c: fix typo
+ * configure:
+ regen
+ [c7c3245bdf3e]
-2004-11-15 23:24 millert
+ * configure.in:
+ correct error messages for --with-sudoers-{mode,uid,gid}
+ [77fc15b1c9db]
- * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
- mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
- Implement group caching and use the passwd and group caches
- throughout.
+ * alloc.c:
+ make the malloc(0) error specific to each function to aid tracking
+ down bugs.
+ [a58c34374b4b]
+
+ * alloc.c:
+ deal with platforms where size_t is signed and there is no SIZE_MAX
+ or SIZE_T_MAX
+ [7192abb4ab4e]
+
+ * auth/kerb5.c:
+ Make this compile w/ Heimdal and fix some gcc warnings.
+ [f52f026f31c2]
-2004-11-15 14:43 millert
+ * sudo.c:
+ Use stat_sudoers macro so --with-stow can work
+ [c3674735c139]
- * match.c: Properly negate the return value of alias_matches() when
- appropriate.
+ * INSTALL, config.h.in, configure, configure.in:
+ Add support for --with-stow based on patches from Robert Uhl
+ [b274cc1dd52c]
-2004-11-15 14:38 millert
+ * env.c:
+ fix indentation
+ [110d9f1721b1]
- * match.c: Make hostname_matches() return TRUE for a match, else
- FALSE like the caller expects.
+ * configure.in:
+ back out rev 1.352
+ [1eee91c83f11]
-2004-11-15 13:24 millert
+ * lex.yy.c:
+ regen
+ [72fba1c9590b]
- * Makefile.in: Add missing dependencies on gram.h
+ * parse.lex:
+ use strlcpy, not strncpy
+ [4faccbaeccef]
-2004-11-15 13:06 millert
+ * set_perms.c:
+ Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
+ [33bf0d18fdc1]
- * match.c: Use runas_matches in alias_matches() now that we have
- it.
+ * logging.c:
+ use pid_t
+ [3e0536993d2c]
-2004-11-15 13:00 millert
+2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, parse.h: Expand aliases in "sudo -l" mode
+ * strlcat.c, strlcpy.c:
+ Make gcc shutup about unused rcsid
+ [1669a0c74e9e]
-2004-11-15 12:33 millert
+ * interfaces.c:
+ Move the n == 0 check for the non-getifaddrs cas
+ [2460be061b2a]
- * gram.y, match.c: Use ALIAS for the member type when storing an
- alias instead of HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since
- match.c relies on the more generic type. Expand runas_matches
- instead of calling user_matches() inside of it since
- user_matches() looks up USERALIASes, not RUNASALIASes.
+ * auth/rfc1938.c:
+ skeychallenge() on NetBSD take a size parameter
+ [05acc2012801]
-2004-11-15 12:05 millert
+ * configure:
+ regen
+ [24bccf4749e8]
- * CHANGES, getspwuid.c: Paranoia; zero out pw_passwd before freeing
- passwd entry.
+ * configure.in:
+ put -ldl after -lpam, not before; fixes static linking on Linux
+ [7f06b7b2b4d8]
-2004-11-15 10:53 millert
+ * interfaces.c:
+ Avoid malloc(0) and fix the loop invariant for the getifaddrs()
+ case.
+ [239a55068646]
+
+ * sudo.cat, sudoers.cat, visudo.cat:
+ regen
+ [4a2eed3981ca]
- * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
- configure.in, err.c, error.c, error.h, defaults.c, env.c,
- find_path.c, interfaces.c, logging.c, mon_systrace.c, sudo.c,
- sudo.h, sudo_edit.c, testsudoers.c, visudo.c, emul/err.h: Add
- local error/warning functions like err/warn but that call an
- additional cleanup routine in the error case. This means we no
- longer need to compile a special version of alloc.o for visudo.
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ regen
+ [2c96ea2cf930]
-2004-11-15 09:59 millert
+ * Makefile.in:
+ Preserve copyright notice from .pod file in .man.in file
+ [519fbd09aebc]
- * match.c: Use userpw_matches() to compare usernames, not strcmp(),
- since the latter checks for "#uid".
+ * visudo.pod:
+ Add sudoers(5) to SEE ALSO
+ [77ecfe3aedf1]
-2004-11-15 09:53 millert
+2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c: Cache passwd
- db entries in 2 reb-black trees; one indexed by uid, the other by
- user name. The data returned from the cache should be considered
- read-only and is destroyed by sudo_endpwent().
+ * lex.yy.c:
+ regen
+ [6f5751ce0b74]
-2004-11-15 09:50 millert
+ * parse.lex:
+ Don't assume libc can realloc() a NULL string. If malloc/realloc
+ fails, make sure we just return; yyerror() is not terminal.
+ [1b8618623708]
- * match.c: add cast to uid_t
+ * lex.yy.c:
+ regen
+ [5d31b46191c6]
-2004-11-15 09:49 millert
+ * parse.lex:
+ simplify fill_args a little and use strlcpy for paranoia
+ [0ea35a55542b]
- * gram.y: missing free in alias_destroy
+ * sudo.tab.c:
+ regen
+ [5a8d508d708b]
-2004-11-15 09:49 millert
+ * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
+ testsudoers.c:
+ Use strlc{at,py} for paranoia's sake and exit on overflow. In all
+ cases the strings were either pre-allocated to the correct size of
+ length checks were done before the copy but a little paranoia can go
+ a long way.
+ [e73d28f1d14e]
- * redblack.c: Can't use rbapply() for rbdestroy since the
- destructor is passed a data pointer, not a node pointer.
+ * sudo.h:
+ Add strlc{at,py} protos
+ [748ffc7fc7f4]
-2004-11-14 23:06 millert
+ * env.c, interfaces.c:
+ Use erealloc3()
+ [47f2cb46aba8]
- * getspwuid.c, logging.c, sudo.c, sudo.h: Create and use private
- versions of setpwent() and endpwent() that set/end the shadow
- password file too.
+ * configure:
+ regen
+ [e7e2fb79f935]
-2004-11-14 22:55 millert
+ * alloc.c:
+ Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
+ memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
+ [7e0fa4d6fc1d]
- * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c,
- visudo.c: Store aliases in a red-black tree.
+ * sudo.c:
+ snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
+ configure.
+ [09ea4d3959e9]
-2004-11-14 22:52 millert
+ * aclocal.m4:
+ In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
+ [31b4fdfdb8bf]
- * Makefile.in, redblack.c, redblack.h: red-black tree
- implementation
+2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-14 22:37 millert
+ * sudo.c:
+ Use snprintf() for paranoia
+ [a2659ceb46de]
- * visudo.c: Edit all sudoers file if there were unused or undefined
- aliases and we are in strict mode.
+ * parse.yacc:
+ Use emalloc2 and erealloc3
+ [90a069842401]
-2004-11-12 11:19 millert
+ * Makefile.in:
+ strlc{at,py} for those w/o it
+ [bac82dc916ee]
- * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
- find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
- Bring back the "secure_path" Defaults option now that Defaults
- take effect before the path is searched.
+ * strlcat.c, strlcpy.c:
+ stlc{at,py} for those w/o it.
+ [ce7254f5db09]
-2004-11-11 12:22 millert
+ * config.h.in, configure, configure.in:
+ Add stlc{at,py} for those w/o it.
+ [00f08219657a]
- * logging.c, parse.c: A user can always list their own entries,
- even with -u. Better error message when failing to list another
- user's entries.
+ * alloc.c, sudo.h:
+ Add erealloc3(), a realloc() version of emalloc2().
+ [c96eaf08bbed]
-2004-11-11 12:12 millert
+ * interfaces.c, sudo.c:
+ Use emalloc2() to allocate N things of a certain size.
+ [1e0aba365555]
- * parse.c, sudo.c, sudo.h: The syntax to list another user's
- entries is now "-u otheruser -l". Only root or users with sudo
- "ALL" may list other user's entries.
+ * alloc.c, sudo.h:
+ Add emalloc2() -- like calloc() but w/o the bzero and with
+ error/oflow checking.
+ [292150bc4153]
-2004-11-11 11:30 millert
+ * alloc.c:
+ Error out on malloc(0); suggested by theo
+ [995279e81326]
- * sudo.cat, sudo.man.in, sudo.pod: Update env variable info in
- SECURITY NOTES
+2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-11 11:25 millert
+ * configure, configure.in:
+ fix a typo; David Krause
+ [f161213a17ab]
- * env.c: strip CDPATH too
+2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-11-11 11:20 millert
+ * sudo.pod:
+ fix typo
+ [3ae5ad9a351a]
- * env.c: strip exported bash functions from the environment.
+2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-27 12:16 millert
+ * env.c:
+ Remove DYLD_ from the environment for MacOS X; from bbraun
+ [38caad5a3935]
- * sudo.c: Only reset sudo_user.pw based on SUDO_USER environment
- variables for real commands and sudoedit. This avoids a
- confusing message when a user tries "sudo -l" or "sudo -v" and is
- denied.
+2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-27 12:06 millert
+ * config.h.in, configure.in:
+ not not; Anil Madhavapeddy
+ [d4f4f0bfc66b]
- * gram.c, gram.y, parse.h: Extend LIST_APPEND to deal with
- appending lists too
+2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-26 18:39 millert
+ * sudo.pod, sudoers.pod, visudo.pod:
+ typos; jmc@openbsd.org
+ [868c0f09bf9e]
- * logging.c: Convert some bitwise AND to ISSET
+2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-26 18:29 millert
+ * parse.yacc:
+ Add some missing ';' rule terminators that bison warns about.
+ [535b0b8dcce5]
- * lex.yy.c, toke.c: toke.c replaces lex.yy.c
+ * config.sub:
+ fix typo I introduced in last merge
+ [81db4e4f43fe]
-2004-10-26 18:29 millert
+ * configure:
+ regenerate with autoconf 2.57
+ [ca0c1e9564f8]
- * CHANGES, TODO: sync
+ * config.h.in:
+ Add missing "$HOME"
+ [209186197ad1]
-2004-10-26 18:28 millert
+ * configure.in:
+ Add some more square backets to make autoconf 2.57 happy
+ [b5639c14faf7]
- * BUGS: new parser fixes most of the outstanding bugs
+ * config.sub, mkinstalldirs:
+ Updates from autoconf-2.57
+ [36be35eb331b]
-2004-10-26 18:27 millert
+ * config.guess:
+ Updates from autoconf-2.57
+ [ea0f8ca622af]
- * configure: regen
+2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-26 18:26 millert
+ * sudo.tab.h:
+ regen
+ [13a65a421567]
- * visudo.c: Rework for the new parser. Now checks for unused
- aliases in sudoers.
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [0b529db7cb6d]
-2004-10-26 18:25 millert
+ * parse.lex, parse.yacc, sudoers.pod:
+ Add support for Defaults>RunasUser
+ [20d726373175]
- * testsudoers.c: Rewrite for the new parser. Now supports a -d
- flag (dump) and adds a -h flag (host). It now defaults to the
- local hostname unless otherwise specified.
+2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-26 18:23 millert
+ * visudo.c:
+ fclose() yyin after each yyparse() is done and use fopen() instead
+ of using freopen().
+ [587f8a2df857]
- * sudo.h: Add new prototypes. Remove NOMATCH/UNSPEC (now in
- parse.h)
+ * parse.lex:
+ Better fix for sudoers files w/o a newline before EOF. It looks
+ like the issue is that yyrestart() does not reset the start
+ condition to INITIAL which is an issue since we parse sudoers
+ multiple times.
+ [920f8326968a]
-2004-10-26 18:22 millert
+2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Update for new parse. We now call find_path() *after* we
- have updated the global defaults based on sudoers. Also adds
- support for listing other user's privs if you are root.
+ * parse.lex:
+ Work around what appears to be a flex bug when dealing with files
+ that lack a final newline before EOF. This adds a rule to match EOF
+ in the non-initial states which resets the state to INITIAL and
+ throws an error.
+ [b94943bb1f81]
-2004-10-26 18:21 millert
+ * visudo.c:
+ o The parser needs sudoers to end with a newline but some editors
+ (emacs) may not add one. Check for a missing newline at EOF and
+ add one if needed. o Set quiet flag during initial sudoers parse (to
+ get options) o Move yyrestart() call and always use freopen() to
+ open yyin after initial sudoers parse.
+ [12d12f9b07aa]
- * mon_systrace.c: Working LDAP support; also remove a now-unneeded
- rewind().
+2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-26 18:20 millert
+ * set_perms.c:
+ Fix pasto/thinko in setresgid()/setregid() usage. Want to set
+ effective gid, not real gid, when reading sudoers.
+ [c7d18b810fcd]
- * logging.c, logging.h: Add NO_STDERR flag.
+ * set_perms.c:
+ don't compile set_perms_posix if we have setreuid or setresuid
+ [b9cea7a81a29]
+
+2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod:
+ document new prompt escapes
+ [2f088076b640]
+
+ * check.c:
+ Add %U and %H escapes and redo prompt rewriting. "%%" now gets
+ collapsed to "%" as was originally intended. This also gets rid of
+ lastchar (does lookahead instead of lookback) which should simplify
+ the logic slightly.
+ [4b707b77b3c7]
+
+2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Write the prompt *after* turning off echo to avoid some password
+ characters being echoed on heavily-loaded machines with fast
+ typists.
+ [d38c57775915]
+
+ * config.sub:
+ Add support for mipseb; wiz@danbala.tuwien.ac.at
+ [cfdac87ed5c8]
+
+ * configure.in:
+ Fix IRIX fallout from name changes in man dir/sect Makefile
+ variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
+ [9a7618755c23]
+
+ * auth/pam.c:
+ Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
+ the global copy. Problem noted by Peter Pentchev.
+ [d0a3e189cb06]
+
+2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [23b931359087]
+
+ * parse.yacc:
+ Add missing yyerror() calls; YYERROR does not seem to call this for
+ us.
+ [0be7aeb3ac57]
+
+2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fix typo in comment; Pedro Bastos
+ [d7406c460e99]
+
+2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ document --disable-setresuid
+ [fbd03d03a027]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c:
+ Sprinkle some volatile qualifiers to prevent over-enthusiastic
+ optimizers from removing memset() calls.
+ [5370ac0e6129]
+
+ * logging.c, parse.yacc:
+ minor sign fixes pointed out by gcc -Wsign-compare
+ [db872438337f]
+
+ * set_perms.c, sudo.c, sudo.h:
+ Revamp set_perms. We now use a version based on setresuid() or
+ setreuid() when possible since that allows us to support the
+ stay_setuid option and we always know exactly what the semantics
+ will be (various Linux kernels have broken POSIX saved uid support).
+ [523bc212396c]
+
+ * config.h.in, configure:
+ regen from configure.in
+ [351877ea2624]
-2004-10-26 18:19 millert
+ * configure.in:
+ Add checks for setresuid() and a way to disable using it
+ [a5b21653d169]
- * ldap.c: Split sudo_ldap_check() into three pieces:
- sudo_ldap_open(), udo_ldap_update_defaults() and
- sudo_ldap_check(). This allows us to connecto to LDAP, apply the
- default options, find the command in the user's path, and then
- check whether the user is allowed to run it. The important thing
- here is that the default runas user may be specified as a default
- option and that needs to be set before we search for the command.
+ * compat.h:
+ No long need to emulate set*[ug]id() via setres[ug]id() or
+ setre[ug]id(). The new set_perms stuff only uses things it knows are
+ there.
+ [47884bd5d1d9]
-2004-10-26 18:17 millert
+ * sudo.c:
+ Before exec, restore state of signal handlers to be the same as when
+ we were initialy invoked instead of just reseting to SIG_DFL. Fixes
+ a problem when using sudo with nohup. Based on a patch from Paul
+ Markham.
+ [f8f5a1484faa]
- * ldap.c: Add casts to unsigned char for isspace() to quiet a gcc
- warning.
+ * sudo.c:
+ o timestamp_uid should be uid_t, not int o clarify error message
+ when sudo is run by root and no_root_sudo is set
+ [19dda0734264]
-2004-10-26 18:16 millert
+2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.h: Add prototype for update_defaults()
+ * README:
+ update ftp link for bison
+ [98bc191016e3]
-2004-10-26 18:16 millert
+2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c: Don't warn about line numbers now that we operate on
- a set of data structures (or LDAP) and not a file.
+ * set_perms.c:
+ Error out if setusercontext() fails and the runas user is not root.
+ [089f9ade4686]
-2004-10-26 18:15 millert
+2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in: No long use lsearch()
+ * auth/securid5.c:
+ Fix rcsid
+ [07e9e85dcc2f]
-2004-10-26 18:14 millert
+ * configure.in:
+ Fix SecurID API test
+ [5ec201f454a5]
- * Makefile.in: Update for new and changed file names.
+2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-26 18:14 millert
+ * env.c:
+ typo in comment
+ [9d385c9ac533]
- * LICENSE: no more BSD lsearch.c
+ * configure.in:
+ securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
+ but I don't see a better way at the moment.
+ [f89e55cbb313]
-2004-10-26 18:14 millert
+ * Makefile.in, auth/securid5.c:
+ SecurID API version 5 support from Michael Stroucken
+ [68500ac7e531]
- * match.c: foo_matches() routines now live in match.c Added
- user_matches(), runas_matches(), host_matches(), cmnd_matches()
- and alias_matches() that operate on the parsed sudoers file.
+ * configure.in:
+ Add check for SecurID 5.0 API
+ [1ee242e6de6b]
-2004-10-26 18:12 millert
+2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.lex, toke.l: Move parse.lex -> toke.l Rename buffer_frob()
- -> switch_buffer() WORD no longer needs to exclude '@' kill
- yywrap()
+ * strerror.c:
+ We actually do still need config.h to get the 'const' definition for
+ K&R C.
+ [d9c982032d85]
-2004-10-26 18:10 millert
+2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.h:
- Rewritten parser that converts sudoers into a set of data
- structures. This eliminates ordering issues and makes it
- possible to apply sudoers Defaults entries before searching for
- the command.
+ * configure:
+ regen with autoconf 2.5.3
+ [c71fc086eef5]
-2004-10-26 18:09 millert
+ * configure.in:
+ Don't set sysconfdir to '/etc' if the user has specified a --prefix.
+ [d90da1efafd9]
- * configure.in, lsearch.c, emul/search.h: We won't be using
- lsearch() any longer.
+ * configure.in:
+ Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
+ LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
+ [dd67afefa90d]
-2004-10-26 18:07 millert
+ * env.c, sudo.c, sudo.h:
+ No need for dump_badenv() now that dump_defaults() knows how to dump
+ lists.
+ [6bcda468501d]
- * ldap.c: sudo should not send mail if someone who runs 'sudo -l'
- has no entry.
+ * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
+ version.h:
+ ++version
+ [44e3b8f95f0b]
-2004-10-26 16:09 millert
+ * sudoers.pod:
+ document timestampowner
+ [37ebd69e9dd1]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: regen
+ * check.c:
+ Don't call set_perms() when doing timestamp stuff unless
+ timestamp_uid != 0.
+ [63a63d41d18c]
-2004-10-26 16:09 millert
+ * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
+ sudo.h, testsudoers.c:
+ g/c second arg to set_perms--it is no longer used
+ [7ac4ce50c612]
- * visudo.pod: Update warnings to match new visudo
+2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-26 16:08 millert
+ * check.c, set_perms.c, sudo.c, sudo.h:
+ Add support for non-root timestamp dirs. This allows the timestamp
+ dir to be shared via NFS (though this is not recommended).
+ [faa83dd2b7fb]
- * sudoers.pod: The new parser doesn't have the old ordering
- constraints.
+ * def_data.c, def_data.h, def_data.in:
+ Add timestampowner, "Owner of the authentication timestamp dir"
+ [d47640d4c86a]
-2004-10-26 16:08 millert
+2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod: Document that -l now takes an optional username
- argument
+ * env.c:
+ Don't try to pre-compute the size of the new envp, just allocate
+ space up front and realloc as needed. Changes to the new env
+ pointer must all be made through insert_env() which now keeps track
+ of spaced used and allocates as needed.
+ [39bc934a9f2c]
-2004-10-25 13:44 millert
+2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * RUNSON: AIX 5.2.0.0 works
+ * configure:
+ regen
+ [0e12c09bb790]
-2004-10-25 13:38 millert
+ * configure.in:
+ Fix two typo/pastos; from jrj@purdue.edu
+ [b718a4bf1181]
- * ldap.c: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS
- instead. Fixes a compilation problem with Solaris 9's native
- LDAP.
+2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
- Set FLAG_MONITOR when needed.
+ * INSTALL.binary, README:
+ ++version
+ [a1e33027278c] [SUDO_1_6_6]
-2004-10-23 13:32 millert
+ * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
+ visudo.cat, visudo.man.in:
+ regen
+ [19eb2be283ef]
- * mon_systrace.c: Call sudo_goodpath() *after* changing the cwd to
- match the traced process. Fixes relative paths.
+ * CHANGES, RUNSON, TODO:
+ Sync with 1.6.6
+ [2ff9a9087f63]
-2004-10-21 12:31 millert
+ * check.c:
+ The the loop used to expand %h and %u, the lastchar variable was not
+ being initialized. This means that if the last char in the prompt
+ is '%' and the first char is 'h' or 'u' a extra copy of the host or
+ user name would be copied, for which space had not been allocated.
+ [b2e27197857d]
- * testsudoers.c: Kill set_perms() stub--it is no longer needed.
+2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-13 12:52 millert
+ * BUGS, INSTALL, Makefile.in, configure.in, version.h:
+ crank version to 1.6.6
+ [cfd08689e597]
- * sudoers.cat, sudoers.man.in, sudoers.pod: stay_setuid now
- requires set_reuid() or setresuid()
+ * auth/afs.c:
+ #undef VOID to get rid of an AFS warning
+ [b40760564dc1]
-2004-10-13 12:46 millert
+ * env.c:
+ Use easprintf instead of emalloc + sprintf for some things.
+ [e7bfe2e69a03]
- * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
- configure.in, set_perms.c, sudo.c, sudo.h: Kill use of POSIX
- saved uids; they aren't worth bothering with.
+2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-07 16:23 millert
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [35327104383d]
- * glob.c: remove call to issetugid()
+ * parse.c, parse.lex, parse.yacc, testsudoers.c:
+ Remove Chris Jepeway's email address so people don't bug him ;-)
+ [c03410747a69]
-2004-10-07 14:57 millert
+2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.cat, sudoers.man.in, sudoers.pod: Remove warning about
- wildcards. Now that we use glob() the bug is fixed.
+ * sudo.c:
+ Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
+ endgrent() at the same time.
+ [28b6097d5d1a]
-2004-10-07 14:52 millert
+2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: Use glob(3) instead of fnmatch(3) for matching pathnames
- and stat each result that matches the basename of the user's
- command. This makes "cd /usr/bin ; sudo ./blah" work when
- sudoers allows /usr/bin/blah. Fixes bug #143.
+ * INSTALL:
+ Make it clear which configure options take arguments.
+ [38529e7efad0]
-2004-10-07 14:27 millert
+2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in, config.h.in: Define HAVE_EXTENDED_GLOB
- for extended glob (GLOB_TILDE and GLOB_BRACE)
+ * compat.h:
+ HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
+ RLIM_INFINITY, just pretend it is -1. This works because we only
+ check for RLIM_INFINITY and do not set anything to that value.
+ [53173d34e6eb]
-2004-10-07 12:59 millert
+2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure, configure.in: Check for a glob() that
- supports GLOB_BRACE and GLOB_TILDE
+ * auth/pam.c:
+ Zero and free allocated memory when there is a conversation error.
+ [e342133db579]
-2004-10-07 12:51 millert
+ * auth/bsdauth.c:
+ Use sigaction() not signal()
+ [126c2790561f]
- * LICENSE: reference glob
+ * INSTALL:
+ Mention that some linux kernels have broken POSIX saved ID support
+ [571ef1a893d3]
-2004-10-07 12:50 millert
+ * CHANGES:
+ checkpoint for 1.6.5p2
+ [9e9e456f7f43]
- * glob.c, emul/glob.h: 4.4BSD glob(3) with fixes from OpenBSD and
- some unneeded extensions removed.
+ * configure:
+ regen
+ [d53703a46708]
-2004-10-05 17:26 millert
+ * configure.in:
+ Add --disable-setreuid flag
+ [3b9f2679cb55]
- * mon_systrace.c: Just return if STRIOCINJECT or STRIOCREPLACE
- fail. It probably means we are out of space in the stack gap...
+ * INSTALL:
+ Document new --disable-setreuid option and change description for
+ --disable-saved-ids to match new error message.
+ [14fd3e5f60a5]
-2004-10-05 17:20 millert
+ * set_perms.c:
+ fatal() now takes an argument that determines whether or not to call
+ perror().
+ [d826b25e62ff]
- * CHANGES: sync
+ * TROUBLESHOOTING:
+ Update for new error messages from set_perms()
+ [78007c3f76a9]
-2004-10-05 16:53 millert
+ * PORTING:
+ Update for new error messages from set_perms()
+ [60c545a6bcff]
- * mon_systrace.c: Take a stab at ldap sudoers support here.
+2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-05 15:13 millert
+ * auth/pam.c:
+ Make this compile w/o warnings
+ [b90843a29af5]
- * mon_systrace.c, mon_systrace.h: Detach from tracee on SIGHUP,
- SIGINT and SIGTERM. Now "sudo reboot" doesn't cause reboot to
- inadvertanly kill itself.
+ * auth/pam.c:
+ Mention that we can't use pam_acct_mgmt()
+ [1dfc5a6e0479]
-2004-10-05 14:21 millert
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
+ The user's password was not zeroed after use when AIX
+ authentication, BSD authentication, FWTK or PAM was in use.
+ [b18fff30b1e7]
- * mon_systrace.c: put "monitor" in the proctitle, not "systrace"
+2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-05 14:15 millert
+ * auth/pam.c:
+ Avoid giving PAM a NULL password response, use the empty string
+ instead. This avoids a log warning when the user hits ^C at the
+ password prompt when PAM is in use.
+ [c3315805e4e4]
- * mon_systrace.c: When modifying the environment, don't replace
- envp when we can get away with just rewriting pointers in the
- traced process.
+ * auth/pam.c:
+ Don't check the return value of pam_setcred(). In Linux-PAM 0.75
+ pam_setcred() returns the last saved return code, not the return
+ code for the setcred module. Because we haven't called
+ pam_authenticate(), this is not set and so pam_setcred() returns
+ PAM_PERM_DENIED.
+ [73db145fa179]
-2004-10-05 13:46 millert
+ * Makefile.in:
+ Don't need a '/' between $(DESTDIR) and a directory.
+ [0901ca618176]
- * mon_systrace.c, mon_systrace.h: Add environment updating via
- STRIOCINJECT (if available).
+ * Makefile.binary:
+ Don't need a '/' between $(DESTDIR) and a directory.
+ [cd7eb6098b87]
-2004-10-05 10:22 millert
+2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.cat, sudoers.man.in: regen
+ * configure:
+ regen
+ [41b12c039282]
-2004-10-04 16:15 millert
+ * configure.in:
+ o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
+ setreuid() o new NetBSD has a real setreuid() o add check for
+ freeifaddrs() if getifaddrs() exists.
+ [a82ee3b01733]
+
+ * config.h.in, interfaces.c:
+ Older BSDi releases lack freeifaddrs() so add a test for that and if
+ it is not present just use free().
+ [6270671ea9d5]
- * lex.yy.c: regen
+2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-10-04 16:15 millert
+ * CHANGES, RUNSON:
+ Checkpoint for 1.6.5p1
+ [26134ecf9b36]
- * parse.lex: Fix bug introduced in unput() removal; want yyless(0)
- not yyless(1)
+ * auth/passwd.c:
+ Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
+ to normal passwords, not AUTH_FATAL (which just causes an exit).
+ [785e0f4bc0e2]
+
+ * visudo.c:
+ Don't use memory after it has been freed.
+ [c60492739fdb]
+
+ * auth/passwd.c:
+ skeyaccess() wants a struct passwd * not a char *; Patch from
+ Phillip E. Lobbes
+ [65a1d3806fcd] [SUDO_1_6_5]
-2004-10-04 12:09 millert
+ * BUGS:
+ ++version
+ [b2e1825e692e]
- * mon_systrace.c: Include file is now mon_systrace.h
+ * CHANGES, RUNSON, TODO:
+ checkpoint for sudo 1.6.5
+ [d730945622e7]
-2004-10-04 12:07 millert
+2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, configure, configure.in, def_data.c, def_data.h,
- def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
- sudo.c, sudo.h, sudo.tab.h, sudoers.pod: No longer call it
- tracing, it is now "monitoring" which should be more a obvious
- name to non-hackers.
+ * configure:
+ regen
+ [49744c403ac9]
-2004-10-01 15:06 millert
+ * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
+ version 1.6.5
+ [ec30a5f7fc45]
- * mon_systrace.c, mon_systrace.h: Fix some XXX
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ sudo version 1.6.5
+ [458a3bed535d]
-2004-10-01 14:30 millert
+ * logging.c:
+ o when invoking the mailer as root use a hard-coded environment that
+ doesn't include any info from the user's environment. Basically
+ paranoia.
- * mon_systrace.c, mon_systrace.h: No need to include syscall.h, use
- 1024 as the max # of entries (the max that systrace(4) allows).
+ o Add support for the NO_ROOT_MAILER compile-time option and run the
+ mailer as the user and not root if NO_ROOT_MAILER is defined.
+ [4df351ec92ce]
- Only need to use SYSTR_POLICY_ASSIGN once
+ * set_perms.c, sudo.h:
+ Bring back PERM_FULL_USER
+ [edb6039bb284]
- Change check_syscall() -> find_handler() and have it return the
- handler instead of just running it. We need this since handler
- now have two parts: one part that generates and answer and
- another that gets called after the answer is accepted (to do
- logging).
+ * configure:
+ regen
+ [3eb2943afa03]
- Add some missing check_exec for emul execv
+ * version.h:
+ version 1.6.5
+ [044fc9a0c72b]
-2004-10-01 10:58 millert
+ * INSTALL, config.h.in, configure.in:
+ Add --disable-root-mailer option to run the mailer as the user and
+ not root.
+ [e9f805397963]
- * sample.pam, sample.sudoers, sample.syslog.conf, sudoers: Add
- $Sudo$ tags.
+ * CHANGES:
+ checkpoint for 1.6.4p2
+ [b58aae5aa98a]
-2004-10-01 10:47 millert
+ * PORTING:
+ Mention the "seteuid(0): Operation not permitted" problem here too
+ just for good measure.
+ [90135b37a691]
- * config.h.in: Add missing HAVE_LINUX_SYSTRACE_H
+2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-30 20:46 millert
+ * env.c, getspwuid.c, sudo.c:
+ The SHELL environment variable was preserved from the user's
+ environment instead of being reset based on the passwd database when
+ the "env_reset" option was used. Now it is reset as it should be.
+ [300066ef3c71]
- * Makefile.in: add trace_systrace.o dependency
+ * configure:
+ regen
+ [a47d779e6552]
-2004-09-30 19:00 millert
+ * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
+ sudo.c:
+ Add a configure option to turn off use of POSIX saved IDs
+ [fb18cc8e94d0]
+
+ * configure:
+ regen
+ [d4f2f20025b6]
+
+ * configure.in:
+ add --with-efence option
+ [45c4f33a8e88]
+
+ * sudo.c:
+ Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
+ "sudo -l" would not work if always_set_home was set.
+ [c3a6de6c4800]
+
+ * lex.yy.c:
+ regen
+ [417424452998]
+
+ * parse.lex:
+ Quoted commas were not being treated correctly in command line
+ arguments.
+ [753415541b37]
+
+ * sudo.c:
+ o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
+ Otherwise, the set_home option has no effect.
+
+ o Fix use of freed memory when the "fqdn" flag is set. This was
+ introduced by the fix for the "segv when gethostbynam() fails" bug.
+ Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
+ there is no need to check the "fqdn" flag in set_fqdn() itself.
+ [4b6a4245c04e]
+
+ * env.c:
+ Add 'continue' statements to optimize the switch statement. From
+ Solar.
+ [a82c76975ae5]
+
+2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ Regen from new sudoers.pod
+ [6ecc07b3d0e1] [SUDO_1_6_4]
+
+ * sudoers.pod:
+ Add caveat about stay_setuid flag
+ [9d228a7bea1b]
+
+ * sudo.c:
+ If set_perms == set_perms_posix and the stay_setuid flag is not set,
+ set all uids to 0 and use set_perms_fallback().
+ [c4e54d1ec86f]
+
+ * set_perms.c, sudo.h:
+ Remove PERM_FULL_USER (which is no longer used) and add
+ PERM_FULL_ROOT (used when exec'ing the mailer).
+ [15406c522ea2]
+
+ * logging.c:
+ Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
+ never want to run the mailer setuid.
+ [2294853e0666]
+
+2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Also look for systrace.h in
- /usr/include/linux
+ * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
+ visudo.pod:
+ Use sudo.ws instead of courtesan.com in URLs
+ [55204002a308]
-2004-09-30 18:27 millert
+ * Makefile.binary, Makefile.in:
+ Fix mansect substitution
+ [b7b5cbc3aa91]
- * mon_systrace.c, mon_systrace.h: Move all struct defs and
- prototypes into trace_systrace.h and mark all but
- systace_attach() static.
+ * Makefile.in:
+ Substitute man sections in Makefile.binary
+ [040deb785e56]
-2004-09-30 18:14 millert
+ * Makefile.binary:
+ Sync install targets with Makefile.in and substitute in man
+ sections.
+ [77882a275281]
- * mon_systrace.c, mon_systrace.h: Add support for tracing
- emulations. At the moment, all emulations are compiled in. It
- might make sense to #ifdef them in the future, though this
- impeeds readability.
+ * INSTALL, INSTALL.binary:
+ version is 1.6.4
+ [0f87aabbcb70]
-2004-09-30 17:07 millert
+ * Makefile.in:
+ Repair bindist target
+ [8d43bfe7e2d1]
- * Makefile.in, configure.in, configure: rename systrace.c ->
- trace_systrace.c
+ * CHANGES:
+ sync for 1.6.4
+ [13ca3d4a0a72]
-2004-09-30 15:58 millert
+2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.yacc: Allow this to build with a K&R compiler again
+ * install-sh:
+ Fix case where neither whoami nor id are found
+ [424dd270bc47]
-2004-09-30 13:58 millert
+2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * TODO: sync
+ * install-sh:
+ If neither whoami nor id exists, just assume we are root.
+ [2d2644e42c53]
-2004-09-30 13:55 millert
+ * alloc.c:
+ Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
+ on AIX which for some reason isn't pulling in the malloc prototype.
+ [231440d2ee3b]
- * sudo.c, compat.h, visudo.c: Use __attribute__((__noreturn__))
+2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-30 13:44 millert
+ * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
+ (c) 2002
+ [700e3b41a68e]
- * visudo.c: Exit() takes a negative value to indicate it was not
- called via signal.
+ * CHANGES:
+ checkpoint
+ [33e604bd8d5b]
-2004-09-30 13:25 millert
+ * sudo.c:
+ Defer assigning new environment until right before the exec.
+ [f13c49e75c1c]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: regen
+ * parse.c:
+ kill extra blank line
+ [12ef22e9dae3]
-2004-09-30 13:22 millert
+2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, visudo.c: Define Err() and Errx() that are like
- err() and errx() but call Exit() instead of exit(). Build
- private copy of alloc.o for visudo that calls Err() and Errx().
+ * configure:
+ regen
+ [a6cd2d788f74]
-2004-09-29 15:22 millert
+ * configure.in:
+ Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
+ compiler doesn't recognise -O2.
+ [5234aa543692]
- * lex.yy.c: regen
+ * HISTORY:
+ Clarify origins of Root Group sudo a bit based on info from
+ billp@rootgroup.com
+ [4deef01c4208]
-2004-09-29 15:22 millert
+2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: sync
+ * LICENSE:
+ 2002
+ [6c8e089dbd1a]
-2004-09-29 14:41 millert
+ * CHANGES:
+ checkpoint for 1.6.4rc1
+ [3349eb87a49f]
- * visudo.c: Overhaul visudo for editing multiple files: o visudo
- has been broken out into functions (more work needed here) o
- each file is now edited before sudoers is re-parsed o if a
- #include line is added that file will be edited too
+2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
- TODO: o cleanup temp files when exiting via err() or errx() o
- continue breaking things out into separate functions
+ * config.h.in:
+ now generated via autoheader
+ [84657d303cb9]
-2004-09-29 14:36 millert
+ * configure:
+ regen
+ [207bfa6a13f6]
- * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c: Add keepopen
- arg to open_sudoers that open_sudoers can use to indicate to the
- caller that the fd should not be closed when it is done with it.
- To be used by visudo to keep locked fds from being closed
- prematurely (and thus losing the lock).
+ * compat.h:
+ Move in some stuff that was previously in config.h.
+ [e576d8b6480f]
-2004-09-29 14:33 millert
+ * aclocal.m4, configure.in:
+ Add info for autoheader.
+ [0549cd5da27c]
- * parse.yacc, sudo.c: Add errorfile global that contains the name
- of the file that caused the error.
+2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-29 14:30 millert
+ * Makefile.in:
+ o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
+ -g to facilitate non-root installs
+ [619216038f56]
- * parse.lex: return COMMENT to yacc grammar for a #include line
+ * install-sh:
+ Add -M option (like -m but only for root) If we can't find "whoami",
+ use "id" w/ some sed.
+ [b39121c8b792]
-2004-09-29 14:29 millert
+ * configure:
+ regen
+ [b39b93ff9804]
- * parse.lex: Remove us of unput() in favor of yyless() which is
- cheaper.
+ * configure.in:
+ allow user to always override mansectsu and mansectform
+ [0fca5e63bd90]
-2004-09-29 14:28 millert
+2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.yacc: Allow an empty sudoers file.
+ * mkinstalldirs:
+ update from autoconf 2.52
+ [07bd75a508c3]
-2004-09-28 16:50 millert
+ * config.guess, config.sub:
+ Update from autoconf 2.52
+ [857b90fe31b7]
- * mon_systrace.c: Rewind sudoers_fp now that sudoers_lookup()
- doesn't do it for us.
+ * configure:
+ regen with autoconf 2.52
+ [08e7d1ea2aeb]
-2004-09-28 14:37 millert
+ * configure.in:
+ o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
+ mode o Remove compiler-specific checks for HP-UX now that we use
+ AC_PROG_CC_STDC
+ [d433a70b6208]
- * lex.yy.c: regen
+ * RUNSON:
+ Checkpoint
+ [babf6d2235d1]
-2004-09-28 14:36 millert
+ * auth/pam.c:
+ o Add pam_prep_user function to call pam_setcred() for the target
+ user; on Linux this often sets resource limits. o When calling
+ pam_end(), try to convert the auth->result to a PAM_FOO value.
+ This is a hack--we really need to stash the last PAM_FOO value
+ received and use that instead.
+ [6ad6f340dd2a]
- * visudo.c: Do signal setup before calling edit_sudoers(). Don't
- shadow the "quiet" global.
+ * set_perms.c, sudo.h:
+ o Add pam_prep_user function to call pam_setcred() for the target
+ user; on Linux this often sets resource limits.
+ [67795421ac82]
-2004-09-28 14:33 millert
+ * env.c:
+ Fix off by one error in number of bytes allocated via malloc (does
+ not affected any released version of sudo).
+ [5f5915360111]
- * visudo.c: If a sudoers file includes other files, edit those too.
- Does not yes deal with creating the new includes files itself.
+2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-28 14:31 millert
+ * lex.yy.c:
+ regen
+ [8208c0277775]
- * testsudoers.c: init_parser now takes a path
+ * parse.lex:
+ Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
+ requiring that they be quoted.
+ [ae59bc8f68dd]
-2004-09-28 14:31 millert
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Mention that no double quotes are needed when
+ adding/deleting/assigning a single value to a list.
+ [25efc940a1f0]
- * parse.c, parse.h, parse.lex, parse.yacc: More scaffolding for
- dealing with multiple sudoers files: o init_parser() now takes a
- path used to populate the sudoers global o the sudoers global is
- used to print the correct file in yyerror() o when switching to
- a new sudoers file, perserve old file name and line number
+ * Makefile.in:
+ Don't rely on mkdefaults being executable, call perl explicitly.
+ [6edc97ba5f1d]
-2004-09-28 14:29 millert
+ * sudo.tab.c:
+ regen
+ [49130b2e7e4d]
+
+ * parse.yacc:
+ Remove some XXX that are no longer relevant.
+ [d460ac0d3767]
+
+ * defaults.c:
+ o Roll our own loop instead of using strpbrk() for better
+ grokability o When adding to a list we must malloc() and use
+ memcpy(), not strdup() since we must only copy len bytes from str.
+ [649bef08e1f0]
- * Makefile.in, pathnames.h.in: Kill _PATH_SUDOERS_TMP; it is not
- meaningful now that we can have multiple sudoers files.
+2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [f0bbf2c38c0e]
+
+ * parse.yacc:
+ typo in comment
+ [2563711ff593]
+
+2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint
+ [a6d8a29fb30e]
-2004-09-28 13:52 millert
+ * configure:
+ regen
+ [bdfcaaf3bd13]
- * parse.c, sudo.c: Rewind sudoers_fp in open_sudoers() instead of
- sudoers_lookup() so we start at the right file position when
- reading include files.
+ * configure.in:
+ avoid the -g flag unless --with-devel was specified
+ [a976707bef30]
-2004-09-27 21:04 millert
+ * Makefile.in:
+ mkdefaults, def_data.in and sigaction.c were missing from the
+ tarball
+ [6917ffbaa412]
+
+ * Makefile.in:
+ def_data.c was missing
+ [87c78b11453d]
+
+2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
+ allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
+ [fc8698e6a45e]
+
+ * TODO:
+ Another TODO item
+ [6f251d6cd466]
+
+ * sudoers:
+ Add comment for Default section so folks know where it should go.
+ [7edba626f392]
+
+2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Use TCSETAF, not TCSETA to set terminal in termio case
+ [fbd172f6c5d3]
- * sudoers.pod: document #include
+ * sudoers.cat, sudoers.man.in:
+ regen from sudoers.pod
+ [64edd2de816e]
-2004-09-27 20:47 millert
+ * sudoers.pod:
+ o Typo, Runas_User_List should be Runas_List o a User_List can not
+ contain a uid o mention that the Defaults section should come after
+ Alias definitions but before the user specifications
+ [54070ba2092b]
- * lex.yy.c: regen
+2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-27 20:47 millert
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [e62d1d97693c]
+
+ * sudoers.pod:
+ Fix listpw and verifypw sections, they were not being formatted
+ properly.
+ [123868c2f3e9]
- * parse.lex: Add max depth of 128 for the include stack to avoid
- loops.
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [f94841f8b374]
- Since yyerror() doesn't stop parsing, pass return values back to
- yylex and call yyterminate() on error.
+ * sudoers.pod:
+ fix typos
+ [f278f1c1184e]
-2004-09-27 14:06 millert
+ * configure:
+ regen
+ [d2270049ba9f]
- * sudoers.pod: document tracing
+ * config.h.in, configure.in:
+ use AC_SYS_POSIX_TERMIOS instead of rolling our own
+ [c1a13f1354b9]
-2004-09-27 14:05 millert
+ * README:
+ Reference sudo.ws not courtesan.com
+ [ca13be67ebd7]
- * sudo.pod: Mention PREVENTING SHELL ESCAPES section of sudoers man
- page
+ * PORTING:
+ Add notes on shadow passwords
+ [aa13863f2314]
-2004-09-27 12:08 millert
+ * BUGS:
+ In list mode (sudo -l), characters escaped with a backslash are
+ shown verbatim with the backslash.
+ [1a75a2858be2]
- * lex.yy.c: regen
+ * sudoers:
+ Add simple examples from OpenBSD (Marc Espie)
+ [3ae9a9ae4125]
-2004-09-27 12:03 millert
+ * tgetpass.c:
+ Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
+ [f8817699ee10]
- * parse.lex: Add support for #include in sudoers (visudo support
- TBD)
+ * CHANGES:
+ minor prettyification
+ [f523587929b9]
-2004-09-27 12:02 millert
+ * CHANGES:
+ Updated change log
+ [39d9010ee7a8]
- * parse.yacc: make yyerror()'s argument const
+ * testsudoers.c:
+ Fix CIDR handling here too.
+ [c91db8344c32]
-2004-09-27 12:02 millert
+ * auth/pam.c:
+ Apparently a NULL response is OK
+ [83bae61078d9]
- * testsudoers.c, visudo.c: Add open_sudoers() stubs.
+ * TODO:
+ Checkpoint for upcoming beta release
+ [efb95c09df2a]
-2004-09-27 12:01 millert
+ * TROUBLESHOOTING:
+ Many people believe that adding a runas spec should obviate the need
+ for the -u flag. It does not.
+ [c698bad85b0e]
+
+ * RUNSON:
+ checkpoint update for upcoming 1.6.4 beta
+ [009e465a0a45]
+
+ * config.h.in:
+ o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
+ if HAVE_STRING_H is defined -- this is safe now
+ [d27c035f4e14]
- * sudo.c, sudo.h: Rename check_sudoers() open_sudoers() and make it
- return a FILE *
+ * PORTING:
+ Add signals section
+ [2d24c13cb3c8]
-2004-09-26 12:35 millert
+ * configure:
+ regen
+ [2b80a939e2ed]
- * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
- version.h: Crank version
+ * configure.in:
+ Fix check for sigaction_t
+ [6fa41c89ab20]
-2004-09-26 12:33 millert
+ * sudo.c:
+ XXX - should call find_path() as runas user, not root. Can't do
+ that until the parser changes though.
+ [f0b4f85651bd]
- * Makefile.in, sudo.psf: Better HP-UX depot construction
+ * sudo.c:
+ If find_path() fails as root, try again as the invoking user (useful
+ for NFS). Idea from Chip Capelik.
+ [e03fa7872692]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ Regenerate after pod file changes
+ [48e4bd75ec21]
-2004-09-25 17:08 millert
+ * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
+ sudo.pod, sudoers.pod:
+ Add new sudoers option "preserve_groups". Previously sudo would not
+ call initgroups() if the target user was root. Now it always calls
+ initgroups() unless the -P command line option or the
+ "preserve_groups" sudoers option is set. Idea from TJ Saunders.
+ [4f730359f101]
- * mon_systrace.c: o Made children global so check_exec() can lookup
- a child. o Replaced uid in struct childinfo with struct passwd *
- (for runas) o new_child() now takes a parent pid so the runas
- info can be inherited o Added find_child() to lookup a child by
- its pid o update_child() now fills in a struct passwd o Converted
- the big if/else mess in set_policy to a switch o Syscalls that
- change uid are now "ask" so we get SYSTR_MSG_UGID events
+2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-25 17:01 millert
+ * compat.h, config.h.in:
+ Use new HAVE_SIGACTION_T define
+ [dfb25f3cae5b]
- * getspwuid.c: Add flag to sudo_pwdup that indicates whether or not
- to lookup the shadow password. Will be used to a struct passwd
- that has the shadow password already filled in.
+ * logging.c:
+ Fix compilation on K&C
+ [7355e3275e34]
-2004-09-25 16:58 millert
+ * configure:
+ regen
+ [a710584f92f0]
- * mon_systrace.c: add missing increment of addr in read_string()
+ * configure.in:
+ Add check for sigaction_t -- IRIX already defines this so don't
+ redefine it.
+ [df9c5737f6da]
-2004-09-25 16:15 millert
+ * snprintf.c:
+ fix typo
+ [3d782b8134c8]
- * mon_systrace.c: Remove bogus call to update_child() and some
- cosmetic fixes
+ * interfaces.c:
+ need stdlib.h here too
+ [c789d8973ab2]
-2004-09-25 16:11 millert
+ * configure:
+ regen
+ [44822856bf46]
- * mon_systrace.c: Don't leak /dev/systrace fd to tracee Make
- initialized global for simplicity If STRIOCATTACH returns EBUSY
- we are already being traced Check for user_args == NULL in
- setproctitle() call Add missing calls to STRIOCANSWER
+ * configure.in:
+ Remove redundant checks for string.h, strings.h and unistd.h
+ [933c94f8bbf4]
-2004-09-25 13:15 millert
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ Regen from pod files
+ [ad18c590f638]
- * sudo.c: g/c sudo_pwdup proto
+ * BUGS:
+ Update for 1.6.4
+ [26bc88b69d22]
-2004-09-24 20:21 millert
+ * configure, lex.yy.c, sudo.tab.c:
+ regen
+ [bef89fd6fa2d]
- * Makefile.in, sudo.psf: Add target for building a depot file
+ * strerror.c:
+ Return EINVAL if errnum > sys_nerr
+ [0512374e6661]
-2004-09-24 20:07 millert
+ * auth/sudo_auth.h:
+ o Update copyright year
+ [a877016db6e2]
- * mon_systrace.c: trim includes
+ * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
+ config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
+ sudo.pod:
+ o Update copyright year
+ [e15a1b39039f]
+
+ * configure.in:
+ o Don't define STDC_HEADERS unconditionally for IRIX o Update
+ copyright year
+ [82a8cb819e07]
+
+ * README:
+ update version
+ [d82e523a16b4]
+
+ * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
+ auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
+ set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
+ visudo.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [fe39f76b3795]
+
+ * lsearch.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [764ba3d4fa13]
+
+ * getspwuid.c, goodpath.c, interfaces.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [fb46d46140d4]
+
+ * getcwd.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [b199d70ac7ab]
-2004-09-24 14:11 millert
+ * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
+ fnmatch.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [dab8f192a3ed]
+
+ * configure:
+ regen
+ [156658f25cea]
+
+ * tgetpass.c:
+ flags set in signal handlers should be volatile sig_atomic_t
+ [c22931a5535e]
+
+ * config.h.in, configure.in:
+ Add checks for volatile and sig_atomic_t
+ [b03b3341381d]
+
+ * configure, lex.yy.c:
+ regen
+ [ed9daba88217]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
+ sudo.c, sudoers.pod:
+ Remove "secure_path" Defaults option since it cannot work with the
+ existing parser.
+ [c9e54a0f5971]
+
+ * find_path.c, sudo.c:
+ Unset "secure_path" if user_is_exempt()
+ [fb7544565ae8]
+
+ * env.c, pathnames.h.in:
+ o Remove assumption that PATH and TERM are not listed in env_keep o
+ If no PATH is in the environment use a default value o If TERM is
+ not set in the non-reset case also give it a default value.
+ [c987eb7df268]
- * lex.yy.c, sudo.tab.h: regen
+ * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
+ _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
+ systems that define in paths.h
+ [51865b0cdebf]
+
+ * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
+ Add support for skeyaccess(3) if it is present in libskey.
+ [8add77c7d3e7]
+
+2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Only need to do 'lc = login_getclass(NULL)' if lc == NULL
+ [5a3d3cbf2c6d]
+
+ * parse.lex:
+ '\\' is a perfectly legal character to have in a command line
+ argument.
+ [c15a466ef00e]
+
+ * sudo.c:
+ o Defer call to set_fqdn() until it is safe to use log_error() o
+ Don't print errno string value if gethostbyname fails, it is not
+ relevant
+ [c0c6bcf08bcb]
+
+ * parse.c:
+ Fix CIDR -> in_addr_t conversion.
+ [2f307ebeb63f]
+
+2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Remove an extra "User_List" in the User_Spec definition From
+ ybertrand AT snoopymail.com
+ [97bde59ea280]
+
+ * parse.c:
+ Make 'listpw=never' work for users who are not explicitly mentioned
+ in sudoers.
+ [258f0f30a428]
+
+ * sudoers.pod:
+ Remove gratuitous '=' in EBNF grammar; era AT iki.fi
+ [4b0f03872ee1]
+
+ * sudoers.pod:
+ Document new list Defaults type and convert env_keep and env_delete
+ to lists. Document new env_check option.
+ [a07f1f079fe3]
+
+ * lex.yy.c, sudo.tab.c, sudo.tab.h:
+ regen parser
+ [e39ac6c6581b]
+
+ * parse.lex:
+ Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
+ to #[0-9-]+.
+ [69c5388908f3]
+
+ * configure:
+ regen
+ [0f1877b88cb3]
+
+ * aclocal.m4:
+ Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
+ [6545503ae361]
+
+ * config.h.in, configure.in:
+ Add check for skeyaccess(3)
+ [6caf69fe6359]
+
+ * visudo.pod:
+ Document new -c, -f, and -q options
+ [13d0203c21d3]
+
+ * visudo.c:
+ o Add -f option (alternate sudoers file) o Convert to use getopt(3)
+ [4c2b664d617d]
+
+ * configure:
+ regen
+ [6d5bd932e7b5]
+
+ * aclocal.m4, config.h.in, configure.in:
+ Add check for isblank and a replacement macro if it doesn't exist.
+ [b524f5e4f953]
+
+2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ In check-only mode, don't create sudoers if it does not already
+ exist.
+ [c748a2d5acad]
+
+ * parse.yacc:
+ o Add a new token, DEFVAR, to indicate a Defaults variable name o
+ Add support for "+=" and "-=" list operators o replace some 1 and 0
+ with TRUE and FALSE for greater legibility.
+ [554cb174b37e]
+
+ * parse.lex:
+ o Use exclusive start conditions to remove some ambiguity in the
+ lexer. Also reorder some things for clarity. o Add support for
+ "+=" and "-=" list operators. o Use the new DEFVAR token to denote
+ a Defaults variable name.
+ [3a2cf8323e26]
+
+ * sudo.h:
+ Prototype init_envtables()
+ [b74916469dab]
+
+ * env.c:
+ o Convert environment handling to use lists instead of strings.
+ This greatly simplifies routines that need to do "foreach" type
+ operations. o Add new init_envtables() function to set env_check
+ and env_delete defaults based on initial_badenv_table and
+ initial_checkenv_table (formerly sudo_badenv_table).
+ [0a8b404658b6]
+
+ * defaults.c, defaults.h:
+ o Add a new LIST type and functions to manipulate it. o This is for
+ use with environment handling variables. o Call new
+ init_envtables() routine inside init_defaults() to initialize the
+ environment lists.
+ [ae73e64f0902]
+
+ * def_data.c, def_data.h, def_data.in:
+ Convert environment options to use the new LIST type and add a new
+ one, env_check that only deletes if the sanity check fails.
+ [3019503936de]
+
+ * testsudoers.c:
+ Add dummy version of init_envtables()
+ [9d9e3ee609d9]
+
+ * parse.yacc:
+ honor quiet mode
+ [8330fba6167c]
+
+ * visudo.c:
+ Add check-only mode
+ [dab411bc8c35]
+
+ * mkdefaults:
+ Fix generation of entries with NULL descriptions.
+ [ea75b9fed02e]
+
+2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Use sigaction_t and quiet a gcc warning.
+ [6f67d719c452]
+
+ * sudo.c:
+ Must reset signal handlers before we exec
+ [300418120e1a]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c:
+ Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
+ version needs testing. Set SIGTSTP to SIG_DFL during password entry
+ so user can suspend us.
+ [00304aa58747]
+
+ * tgetpass.c:
+ Add support for interrupting/suspending tgetpass via keyboard input.
+ If you suspend sudo from the password prompt and resume it will re-
+ prompt you.
+ [4af2b5101d32]
+
+ * sudo.c:
+ Don't block keyboard interrupt signals, just set them to SIG_IGN.
+ [d46d7f67ef6b]
+
+2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ add back HAVE_SIGACTION
+ [c9c7702c603e]
+
+ * configure:
+ regen
+ [09fe669d337f]
+
+ * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
+ Kill POSIX_SIGNALS define and old signal support now that we emulate
+ POSIX ones Also be sure to correctly initialize struct sigaction.
+ [4bc2a6dbb2be]
+
+ * strerror.c:
+ Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
+ [1ad64a19f328]
+
+ * compat.h:
+ Add scaffolding for POSIX signal emulation
+ [945861d4c93b]
+
+ * sigaction.c:
+ o Add missing ';' so this compiles o Can't use NULL since we don't
+ include stdio.h
+ [04d0cac7438f]
+
+ * sigaction.c:
+ Emulate sigaction() using sigvec()
+ [d0b54a989875]
+
+2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Document new behavior of negative values of timestamp_timeout Fix a
+ typo
+ [4c0716570d01]
+
+ * sudo.pod:
+ Add security note about command not being logged after 'sudo su' and
+ friends.
+ [43294851a33c]
+
+ * sudo.pod:
+ Mention that -V prints default values when run as root, including
+ the list of environment variables to clear.
+ [d9e5e550a8c3]
+
+ * Makefile.in:
+ Run pod2man with --quotes=none to avoid stupid quoting of C<>
+ entries.
+ [997b23c35dbe]
+
+2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-24 14:10 millert
+ * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
+ Add mail_badpass option Also modify mail_always behavior to also
+ send mail when the password is wrong
+ [838d40ccafce]
- * INSTALL: document --with-systrace
+ * env.c, sudo.c, sudo.h:
+ Dump default bad env table when 'sudo -V' is run by root.
+ [f67f1b8048b0]
-2004-09-24 14:10 millert
+ * sudoers.pod:
+ document env_delete
+ [d74f893663a2]
- * config.h.in, configure, configure.in: Add check for setproctitle
+ * env.c:
+ Add support for '*' in env_keep when not resetting the environment
+ (ie: the normal case).
+ [fd4fb62ea8fd]
-2004-09-24 14:09 millert
+ * env.c:
+ Add env_delete variable that lets the user replace/add to the
+ bad_env_table. Allow '*' wildcard in env_keep entries.
+ [aa728bc35e29]
- * mon_systrace.c: pass struct str_msg_ask in to syscall checker so
- it can set the error code
+2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-24 13:30 millert
+ * mkinstalldirs:
+ Force umask to 022 to guarantee sane directory permissions.
+ [9ab3cfe70569]
- * mon_systrace.c: systrace(4) support for sudo. On systems with
- the systrace(4) kernel facility (OpenBSD, NetBSD, Linux w/
- patches) sudo can intercept exec calls and check the exec args
- against the sudoers file. In other words, sudo can now control
- subcommands and shell escapes.
+2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-24 13:17 millert
+ * Makefile.in:
+ add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
+ [671010465e6f]
- * sudo.c, sudo.h: Call systrace_attach() if FLAG_TRACE is set.
+ * mkdefaults:
+ fix breakage in last commit
+ [8318f8851e56]
-2004-09-24 13:15 millert
+ * Makefile.in:
+ acsite.m4 -> aclocal.m4
+ [30c146873a01]
- * parse.c, parse.h, parse.lex, parse.yacc, sudo.h: Add trace
- Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
+ * check.c:
+ fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
+ [4dc8b39954da]
-2004-09-24 13:13 millert
+ * def_data.c:
+ regenerated from def_data.in
+ [915ea16ce1eb]
- * parse.c, sudo.c: Don't close sudoers_fp, keep it open and set
- close on exec flag instead.
+ * check.c, defaults.c, defaults.h:
+ Add new T_UINT type that most things use instead of T_INT If
+ timestamp_timeout is < 0 then treat the ticket as never expiring (to
+ be expired manually by the user).
+ [3a3a636a2a5d]
-2004-09-24 13:11 millert
+ * def_data.in:
+ change most T_INT -> T_UINT
+ [a2228d2457af]
- * def_data.c, def_data.h, def_data.in: Add trace option
+ * mkdefaults:
+ fix warning when no args
+ [ca70a5394af5]
-2004-09-23 20:24 millert
+ * visudo.c:
+ Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
+ we are a signal handler. We no longer print the signal number but
+ the user can just check the exit value for that.
+ [dc424f631fef]
- * Makefile.in: Add systrace
+2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-23 20:23 millert
+ * logging.c:
+ when setting up pipes in child process check for case where stdin ==
+ pipe fd 0
+ [518112d76184]
- * INSTALL: SunOS /bin/sh blows up with configure
+2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-23 20:23 millert
+ * visudo.c:
+ Ignore editor exit value since XPG4 says vi's exit value is the
+ count of editing errors made (failed searches, etc).
+ [b9d952284865]
- * configure, configure.in: Include sys/param.h before systrace.h
+2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-23 20:15 millert
+ * configure:
+ regen
+ [cb3aa586f03b]
- * configure: regen
+ * configure.in:
+ sco now is identified by config.guess as *-sco-*
+ [46664bbdea61]
-2004-09-23 20:15 millert
+ * configure.in:
+ Check for getspnam() in -lgen if not in -lc for UnixWare.
+ [0f152ad1ba93]
- * pathnames.h.in: _PATH_DEV_SYSTRACE
+2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-23 20:14 millert
+ * sudoers.pod, visudo.pod:
+ "upper case" -> "uppercase"
+ [f9151f232326]
- * configure.in: line up options in --help
+ * sudoers.pod:
+ fix typos and grammar; pjanzen@foatdi.harvard.edu
+ [2855d73d0237]
-2004-09-23 20:11 millert
+2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure.in: Add --with-systrace
+ * sudoers.pod:
+ Missing word (specify); krapht@secureops.com
+ [65523eb37a2c]
-2004-09-23 13:35 millert
+2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * sudo.c:
+ If we fail to lookup a login class, apply the default one.
+ [d4869faa6816]
-2004-09-23 13:35 millert
+ * logging.c:
+ In log_error() free message, not logline unconditionally, then free
+ logline if it is not the same as message. No function change but
+ this mirrors how they are allocated.
+ [565e5f6cc643]
- * aclocal.m4, configure.in: make this work with autoconf-2.59
+2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-16 12:58 millert
+ * configure:
+ regenerate
+ [834a48f548a2]
- * sudo_edit.c: Simplify logic around open & stat of files and do
- sanity on edited file even if we lack fstat (still racable but
- worth doing).
+ * configure.in:
+ remove some backslash quotes that are unneeded
+ [50d401d6e2ca]
-2004-09-15 18:47 millert
+ * configure.in:
+ o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
+ instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
+ can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
+ to AC_DEFINE things manually.
+ [f502c5f15f92]
- * HISTORY: Add support url
+ * config.guess, config.sub:
+ Updated from autoconf-2.50
+ [6140205915ef]
-2004-09-15 16:11 millert
+2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: versino 1.6.8p1
+ * README:
+ Update mailing list section. We use mailman now, not majordomo.
+ [b9a8ca45e6dc]
-2004-09-15 15:20 millert
+2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: more changes for 1.6.8p1
+ * getspwuid.c, logging.c, sudo.c:
+ Use setpwent()/endpwent() + all the shadow variants to make sure we
+ don't inadvertantly leak an fd to the child. Apparently Linux's
+ shadow routines leave the fd open even if you don't call setspent().
+ Reported by mike@gistnet.com; different patch used.
+ [d33792ef6c01]
-2004-09-15 15:18 millert
+2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * version.h: 1.6.8p1
+ * sudoers.pod:
+ s/eg./e.g./
+ [bd32a0acaf93]
-2004-09-15 12:16 millert
+ * tgetpass.c:
+ select() may return EAGAIN. If so, continue like we do for EINTR.
+ [5f202c943818]
- * CHANGES, sudo_edit.c: Add sanity check so we don't try to edit
- something other than a regular file.
+ * logging.c:
+ Fix a non-exploitable buffer overflow in the word splitting code.
+ This should really be rewritten.
+ [4c724363863a]
-2004-09-14 20:55 aaron
+ * Makefile.in:
+ FAQ link goes away
+ [1d26dd6c8972]
- * CHANGES: sync
+ * INSTALL:
+ Tell people to look in sample.syslog.conf for examples, not FAQ
+ [affcae3f43ca]
-2004-09-14 20:21 aaron
+ * TROUBLESHOOTING:
+ Update list of env vars that are cleared
+ [234e56f1435a]
- * INSTALL: document --with-ldap-conf-file
+ * sudo.c:
+ remove struct env_table decl since that stuff has all moved to env.c
+ [5dd923148777]
-2004-09-14 17:43 millert
+2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, ins_csops.h: political correctness strikes again
+ * fileops.c:
+ Fix a pasto in flock-style unlocking and include <sys/file.h> for
+ flock on older systems; twetzel@gwdg.de
+ [d5420d9d2861]
-2004-09-14 15:09 millert
+ * configure:
+ regen to get NeXT lockf/flock fix
+ [d3ba6ed70e15]
- * RUNSON: sync
+ * configure.in:
+ force NeXT to use flock since lockf is broken
+ [bd5391dca1bb]
-2004-09-12 19:50 millert
+2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.binary.in, Makefile.in: Install sudoedit man link
+ * check.c:
+ Use stashed user_gid when checking against exempt gid since sudo
+ sets its gid to a a value that makes sudoers readable. Previously
+ if you used gid 0 as the exempt group everyone would be exempt. From
+ Paul Kranenburg <pk@cs.few.eur.nl>
+ [0b140cc3a817]
-2004-09-12 14:25 millert
+2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL: Update PAM note and mention where HP-UX users can
- download gcc binaries.
+ * configure:
+ regen
+ [cc455408f32b]
-2004-09-12 12:08 millert
+ * aclocal.m4:
+ #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
+ some types (such as ssize_t) therein.
+ [b6aee85ca331]
- * Makefile.in: libtool wants to install stuff from .libs so fake
- one up for binary installations.
+2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-12 11:53 millert
+ * defaults.c:
+ Fix negation of paths in a boolean context. Problem found by
+ apt@UH.EDU
+ [8aee217a7cdf]
- * Makefile.binary.in: rm -f old sudoedit link instead of using ln
- -f set LIBTOOL correctly
+2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-12 11:53 millert
+ * visudo.c:
+ pasto
+ [ad32b277bf68]
- * Makefile.in: Deal with "uname -m" having slashes in it rm -f old
- sudoedit link instead of using ln -f
+2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-12 10:22 millert
+ * visudo.c:
+ SA_RESETHAND means the opposite of what I was thinking--oops To
+ block all signals in old-style signals use ~0, not 0xffffffff
+ [6ecdd793590a]
- * Makefile.binary, Makefile.binary.in: Makefile.binary ->
- Makefile.binary.in for config.status substitution Add support for
- installing noexec bits
+2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-12 10:21 millert
+ * defaults.c:
+ coerce difference of pointers to int when used in a string length
+ printf format; deraadt@openbsd.org
+ [a9d10f07180d]
- * Makefile.in: Copy noexec bits into binary dists too No longer use
- my old arch script for making binary dists
+2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-12 09:36 millert
+ * visudo.c:
+ Block all signals in Exit() to avoid a signal race. There is still
+ a tiny window but I'm not going to worry about it.
+ [6661805c0458]
- * Makefile.binary: Install sudoedit link.
+2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-11 12:25 millert
+ * env.c:
+ glibc uses the LANGUAGE env var so clear that too; Solar Designer
+ [d4ba95628afb]
- * emul/utime.h: avoid __P so there is no need for compat.h to be
- included
+ * lex.yy.c:
+ Regenerate with a fix to flex.skl that preserves errno from
+ clobbering by isatty().
+ [607eec736e19]
-2004-09-11 12:24 millert
+2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * utimes.c: Don't use HAVE_UTIME_H before including config.h.
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sia.c, auth/sudo_auth.c:
+ Some defaults I_ defines got renamed.
+ [ec19b23caaf3]
-2004-09-10 12:31 millert
+ * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
+ defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
+ set_perms.c, sudo.c, sudo.tab.c:
+ Move defaults info into its own files from which we generate .h and
+ .c files. This makes adding or rearranging variables much simpler.
+ [e91b880b5043]
+
+2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ fix typo in last commit
+ [10a6ee2bae71]
+
+ * compat.h, config.h.in, configure, configure.in:
+ Add check + emulation for setegid (like seteuid).
+ [29492092bd2f]
+
+ * env.c:
+ Make env_keep override badenv_table as documented Fix traversal of
+ badenv_table (broken in last commit)
+ [37c9f0d22673]
+
+ * set_perms.c, sudo.c, sudo.h:
+ Don't try and build saved uid version of set_perms on systems w/o
+ them. Rename set_perms_saved_uid() -> set_perms_posix() Make
+ set_perms_setreuid simply be set_perms_fallback() and simply include
+ the appropriate function at compile time (setreuid() vs. setuid()).
+ [3107333c062c]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ PATH is also preserved when env_reset is in effect
+ [90e45c5711ff]
+
+ * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
+ configure.in, defaults.c, defaults.h, env.c, find_path.c,
+ getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
+ sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
+ visudo.c, visudo.cat, visudo.man.in:
+ New Defaults options: o stay_setuid - sudo will remain setuid if
+ system has saved uids or setreuid(2) o env_reset - reset the
+ environment to a sane default o env_keep - preserve environment
+ variables that would otherwise be cleared
+
+ No longer use getenv/putenv/setenv functions--do environment munging
+ by hand. Potentially dangerous environment variables can be cleared
+ only if they contain '/' pr '%' characters to protect buggy
+ programs. Moved environment routines into env.c (new file)
+ [c2f97651db4c]
+
+ * INSTALL:
+ Clear up --without-passwd description
+ [2f336dab6733]
+
+ * putenv.c, sudo_setenv.c:
+ We now build up a new environment from scratch and assign it to
+ "environ".
+ [6ae6152f2238]
+
+2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, visudo.pod:
+ Grammatical fixes from Paul Janzen
+ [e03ead2e56f8]
+
+2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ If there was a syntax error and the user just wants to quit, unlink
+ sudoers if it is zero length.
+ [74ba7921f520]
+
+ * visudo.c:
+ 'Q' means ignore parse error, not 'q'
+ [e8d0e4491fe6]
+
+ * visudo.c:
+ Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
+ <dim@xs4all.nl>
+ [b24990a72491]
- * compat.h: Fix Solatis futimes macro
+2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
+ [41a8db10e076]
+
+2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess, config.sub:
+ Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
+ [6052da895d2e]
-2004-09-09 11:02 millert
+2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, visudo.c:
+ Use exit(127), not exit(-1)
+ [9ff0c3eada34]
- * sudo_edit.c: Rename ots -> omtim for improved readability.
+ * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
+ Move set_perms() to its own file and use POSIX saved uid or
+ setreuid() if available.
-2004-09-08 14:38 millert
+ Added stay_setuid option for systems that have libraries that
+ perform extra paranoia checks in system libraries for setuid
+ programs (ie: anything with issetugid(2)).
+ [28960f842698]
- * sudo_edit.c: Redo changes in revision 1.7. Don't really need to
- keep the temp file open; re-opening it with the invoking user's
- euid is sufficient.
+ * sudo.c:
+ strip more bits from the environment and add a facility for
+ stripping things only if they contain '/' or '%' to address printf
+ format string vulnerabilities in other programs.
+ [b98d6375f299]
-2004-09-08 14:36 millert
+2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: sync
+ * configure:
+ regen
+ [7e74e5c91049]
-2004-09-08 14:35 millert
+ * configure.in:
+ For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
+ strcasecmp().
+ [a418e9e70442]
- * sudo.cat, sudo.man.in: regen
+ * configure:
+ regen
+ [bbff244a52bc]
-2004-09-08 14:34 millert
+ * configure.in:
+ Check for strcasecmp(3) in -lc89 for NCR Unix
+ [361c99576681]
- * sudo.pod: back out revision 1.70; it is no long applicable
+2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-08 11:57 millert
+ * config.h.in:
+ Define HAVE_INNETGR #ifdef HAVE__INNETGR
+ [473cdb92b6db]
- * env.c: Let the loader initialize nep
+ * configure:
+ regen
+ [4e6364a195e0]
-2004-09-08 11:49 millert
+ * compat.h, config.h.in, configure.in:
+ Add check for _innetgr(3) since NCR systems have that instead of
+ innetgr(3).
+ [25e6852e7494]
- * configure, configure.in, config.h.in: Removed unneed check for
- fchown Add check for gettimeofday Move autoheader template stuff
- into separate AH_TEMPLATE lines
+2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-08 11:48 millert
+ * auth/securid.c:
+ check return value of creadcfg() call sd_close() after sd_auth()
+ store username in sd->username so we don't rely on the USER env
+ variable
+ [d106b4f42722]
- * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c: Use
- timespec throughout.
+2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-08 11:47 millert
+ * INSTALL:
+ document --with-bsdauth
+ [f1518ecc2ee9]
- * Makefile.in: gettime.[co]
+ * configure:
+ regen
+ [dceb35071ea8]
-2004-09-08 11:47 millert
+ * configure.in:
+ --with-bsdauth assumes --with-logincap
+ [4200778083fd]
- * gettime.c: function to return the current time in a struct
- timespec
+ * auth/bsdauth.c, auth/fwtk.c:
+ When prompting for a response to a challenge, if the user just hits
+ return then reprompt with echo turned on.
+ [a539b6474a97]
-2004-09-08 10:51 millert
+2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * utimes.c: Not a darpa-sponsored file.
+ * sudo.c:
+ Remove debugging code that should not have been committed, oops.
+ [9862607b77a7]
-2004-09-07 16:36 millert
+ * auth/bsdauth.c:
+ Use lower-level routines and get the password ourselves. Checks for
+ a challenge and if there is one echo is not turned off.
+ [2d8fcd166baa]
- * compat.h, config.h.in, configure, configure.in: Add a check for
- struct timespec and provide it for those without.
+ * auth/pam.c, auth/sudo_auth.h:
+ minor housekeeping, no real code changes
+ [d0074a277fb4]
-2004-09-07 15:56 millert
+2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure, configure.in, sudo_edit.c: Add checks for
- st_mtim and st_mtimespec and add macros for pulling the mtime sec
- and nsec out of struct stat. These are used in sudo_edit() to
- better tell whether or not the file has changed.
+ * sudo.c:
+ Fix a coredump in the logging functions if gethostname(2) fails by
+ deferring the call to log_error() until things are better setup.
-2004-09-07 15:55 millert
+ Fix return value of set_loginclass() in non-BSD-auth case.
- * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c: Add an extra
- param to touch() for nsec
+ Hard-code 'sudo' in the usage message so we can fit more options on
+ a line
+ [d9d1b7579818]
-2004-09-07 14:06 millert
+ * logging.c:
+ Fix errant ';' (typo) that broken MSG_ONLY
+ [849b2276a470]
- * sudo_edit.c: Call mkstemp() as the in invoking user so we don't
- have to chown the file later. Only touch() the temp file if we
- can do it via the file descriptor. Don't check for modification
- of the temp file if we lack fstat(). Catch errors read()ing the
- temp file.
+2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-07 14:04 millert
+ * sudo.cat, sudo.man.in:
+ regen
+ [bb3c8c6704d1]
- * fileops.c: If path is NULL and fd == -1 return -1.
+ * sudo.pod:
+ Document -a flag
+ [e18316cebaac]
-2004-09-07 13:31 millert
+ * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
+ configure, configure.in, getspwuid.c, sudo.c:
+ Add support for BSD authentication.
+ [f374cfd9ca0d]
- * sudo_edit.c: closefrom() is overkill, the only extra fds are the
- ones we opened so just close those in the child.
+2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-07 13:14 millert
+ * sudoers.pod:
+ Fix typo; from sato@complex.eng.hokudai.ac.jp
+ [3085fee9766e]
- * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in,
- configure, configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c,
- utimes.c, visudo.c: Use utimes() and futimes() instead of utime()
- in touch(), emulating as needed. Not all systems are able to
- support setting the times of an fd so touch() takes both an fd
- and a file name as arguments.
+2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-06 21:12 aaron
+ * sudoers.pod:
+ Mention negating umask
+ [c9e410294dae]
- * env.c: Rare SEGV
+ * defaults.c:
+ Allow user to specify umask of 0777 (same as !umask)
+ [bb771daa96fe]
-2004-09-06 16:46 millert
+2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: regen
+ * sudo.pod, visudo.pod:
+ Fix a typo and give a URL for the sudo history.
+ [77f73199aedb]
-2004-09-06 16:45 millert
+2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod, sudoers.pod, visudo.pod: Add SUPPORT section and
- re-order some of the sections to match the order we use in
- OpenBSD.
+ * defaults.c, sudo.pod:
+ fix typos; pepper@reppep.com
+ [5532c7421340]
-2004-09-06 15:05 aaron
+2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Openldap ~/.ldaprc fix
+ * sudo.c, sudo.h, sudo_setenv.c:
+ sudo_setenv() now exits on memory alloc failure instead of returning
+ -1.
+ [71f1cf18f47b]
-2004-09-06 12:18 millert
+2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod: Talk about how the editor must write its changes to the
- original file and not just use rename(2).
+ * sudo.c:
+ Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
+ and possibly others.
+ [b69d985b0d22]
-2004-09-06 12:12 millert
+ * logging.c:
+ Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
+ that "%m" won't be expanded but we don't use that anyway since the
+ logging routines may splat to stderr as well.
+ [8d37a544d0c0]
- * CHANGES: sync
+ * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
+ sudoers.pod:
+ Add always_set_home variable
+ [dbcaff646e07]
-2004-09-06 12:11 millert
+ * configure, configure.in:
+ Have to hard code default values in help since the defaults are set
+ _after_ the help stuff.
+ [7b5d6d72f55c]
- * sudo_edit.c: Keep the temp file open instead of re-opening after
- the editor has exited.
+2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-06 12:10 millert
+ * lex.yy.c, parse.lex:
+ Allow special characters (including '#') to be embedded in pathnames
+ if quoted by a '\\'. The quoted chars will be dealt with by
+ fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
+ [3ed33cf09977]
- * sample.pam: Update for current redhat/fedora core.
+2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-09-02 21:56 aaron
+ * install-sh:
+ Better path searching for programs we need.
+ [60517cb1f0d6]
- * README.LDAP: tls_ examples
+ * TROUBLESHOOTING:
+ Add section on "C compiler cannot create executables" errors.
+ [e4ada6eaee59]
-2004-09-02 00:03 aaron
+ * Makefile.binary, Makefile.in, version.h:
+ Crank version
+ [93d1bd5b7f5e]
- * ldap.c: config tls_* options
+ * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
+ sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
+ visudo.man.in, visudo.pod:
+ Substitute values from configure into man pages.
+ [619854c356c1]
-2004-08-29 11:39 millert
+2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: No need for -lcrypt when using pam.
+ * parse.c, sudo.c:
+ The listpw and verifypw sudoers options would not take effect
+ because the value of the default was checked *before* sudoers was
+ parsed. Instead of passing in the value of PWCHECK_* to
+ sudoers_lookup(), pass in the arg for def_ival() so the check can be
+ deferred until after sudoers is parsed.
+ [4f596e358f72]
-2004-08-26 23:57 millert
+2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * tgetpass.c:
+ When writing prompt, no need to write the NUL as well;
+ hag@linnaean.org
+ [fbcdd7b431ee]
-2004-08-26 23:44 aaron
+2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in, ldap.c, pathnames.h.in: Allow --with-ldap-conf-file
- option to override LDAP_CONF
+ * install-sh:
+ When looking for chown, check in /sbin too
+ [657ba6653f8c]
-2004-08-26 22:08 aaron
+2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: cleanup debug message
+ * visudo.c:
+ Remove extraneous call to init_defaults() and set runas_user to NULL
+ betweem parses so init_defaults will reset it each time, thus
+ avoiding a reference to free()d data.
+ [7421fcd692af]
-2004-08-26 19:29 aaron
+2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * README.LDAP: more config info
+ * config.h.in, interfaces.c, interfaces.h, sudo.c:
+ Add support for using getifaddrs() to get the list of ip addr /
+ netmask pairs. Currently IPv4-only.
+ [a35bc4f7306d]
-2004-08-24 14:01 millert
+ * visudo.c:
+ Add a missing check for UserEditor == NULL Add missing '+' before
+ line number when invoking editor to fix a syntax error
+ [f0d4635f6082]
- * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
- Add cmnd_base to struct sudo_user and set it in init_vars(). Add
- cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
- longer use gross statics in command_matches(). Also rename some
- variables for improved clarity.
+2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-21 14:33 millert
+ * sudo.c:
+ Call clean_env very early in main() for paranoia's sake. Idea from
+ Marc Esipovich.
+ [f8d72ebd0115]
- * INSTALL: document HP's crippled compiler deficiency.
+2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-21 14:25 millert
+ * sudo.h:
+ Update proto for evasprintf and easprintf
+ [d147d6e58419]
- * INSTALL: Fix some thinkos in --with-editor and --with-env-editor
- descriptions. Noticed by Norihiko Murase.
+ * alloc.c:
+ Make easprintf() and evasprintf() return an int.
+ [b2ca5d089667]
-2004-08-21 14:20 millert
+ * check.c:
+ If the targetpw flag is set, use target username as part of the
+ timestamp path. If tty tickets are in effect cat the tty and the
+ target username with a ':' as the separator.
+ [de11abc693c2]
- * configure, configure.in: --with-noexec takes an optional PATH
- argument.
+2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-21 14:20 millert
+ * auth/pam.c:
+ Backout part of last change; setting PAM_USER to the invoking user
+ breaks things like targetpw.
+ [427218a7387f]
- * INSTALL: document --with-noexec
+ * auth/pam.c:
+ set tty and username via pam_set_item
+ [85d1922dbcc9]
-2004-08-17 16:21 millert
+ * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
+ Fix root, runas, and target authentication for non-passwd file auth
+ methods.
+ [a14535e7b30c]
- * RUNSON, TODO: sync
+2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-17 15:11 millert
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+ Use B<-Z> not C<-Z> for command line flags in all places. This is
+ more consistent and works around a bug in Pod::Man.
+ [64b5a05f30c5]
- * sudo_edit.c: Better warning message when sudoedit is unable to
- write to the destination file.
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Fix an occurence of 'semicolon' that should be 'colon'
+ [4ea5aacae3fb]
-2004-08-17 14:53 millert
+2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudo.man.in: regen
+ * configure, configure.in:
+ Fix --with-badpri help line
+ [3cc40977c043]
-2004-08-17 14:53 millert
+2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod: Don't italicize the string "sudoedit"
+ * defaults.c, logging.c, sudo.c:
+ Bracket calls to syslog with an openlog() and closelog() since some
+ authentication methods (like PAM) may do their own logging via
+ syslog. Since we don't use syslog much (usually just once per
+ session) this doesn't really incur a performance penalty. It also
+ Fixes a SEGV with pam_kafs.
+ [fe1cc28529f6]
-2004-08-16 18:45 millert
+2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * HISTORY: Mention GratiSoft.
+ * sudo.c:
+ Fix -H flag. runas_homedir is only valid after
+ set_perms(PERM_RUNAS, mode)
+ [ce9b1c6f68a6]
-2004-08-11 14:29 millert
+2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.yacc: Reset used_runas to FALSE when re-intializing the
- parser.
+ * INSTALL:
+ Clarify the fact that insults are not enabled just by including them
+ in the binary.
+ [d5a31d48320c]
-2004-08-09 19:04 millert
+2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.guess: Correct OpenBSD mips support
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ Regenerated with perl 5.6.0 pod2man
+ [21751433768b]
-2004-08-09 17:28 millert
+ * Makefile.in:
+ Give date string to pod2man since its default is ugly and it ain't
+ got no alibi.
+ [0080b2f6298f]
- * config.guess: Add OpenBSD/mips
+ * Makefile.in:
+ Do section substitution on the output of pod2man and remove hack
+ needed for old pod2man.
+ [1ef843d5c78b]
-2004-08-06 23:43 aaron
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Put back real man sections, we will do the substitution later.
+ [f728c1abad7e]
- * README.LDAP: More behavior notes
+2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-06 23:36 aaron
+ * configure, configure.in:
+ Don't bother checking for the path to vi if user specified --with-
+ editor
+ [bf698487e0d5]
- * README.LDAP: Updates on current behavior
+2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-06 19:56 millert
+ * CHANGES, visudo.c:
+ Visudo now does its own fork/exec instead of calling system(3).
+ [99bbcd88863b]
- * sudo.pod, sudoers.pod: =back does not take an indentlevel (makes
- no difference to formatted files).
+ * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.c:
+ Visudo now checks for the existence of an editor and gives a
+ sensible error if it does not exist.
-2004-08-06 19:48 millert
+ The path to the editor for visudo is now a colon-separated list of
+ allowable editors. If the user has $EDITOR set and it matches one
+ of the allowed editors that editor will be used. If not, the first
+ editor in the list that actually exists is used.
+ [cc86eb9f5440]
- * CHANGES: new
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Clear up confusion wrt sudo's return value.
+ [9385b12d8e79]
-2004-08-06 19:42 millert
+2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Consistency. Use same error for bad -u #uid when
- targetpw is set as we do when a bad -u username is specified.
+ * Makefile.in:
+ Strip sudo and visudo for bindist target
+ [a995ddd79177]
-2004-08-06 19:33 millert
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+ Use @mansectsu@ and @mansectform@ in the man page bodies as well.
+ [5eb9e60a726f] [SUDO_1_6_3]
+
+ * visudo.cat, visudo.man.in, visudo.pod:
+ Typo: @sysconf@ -> @sysconfdir@
+ [f07f52fcd099]
+
+ * Makefile.in:
+ 'make dist' should not cause any files to be modified so remove its
+ dependencies.
+ [7f44a2666a9c]
+
+ * CHANGES:
+ Whoops, forgot to add release marker
+ [16c0f16b35b8]
+
+2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ Final change for 1.6.3 (or so I hope)
+ [473c89da6123]
+
+ * sudo.cat, sudoers.cat, visudo.cat:
+ Use SYSV man sections since BSD systems will have nroff...
+ [0a6bd154324e]
+
+2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.tab.c:
+ When checking to see if the host/user matches in a defaults spec,
+ check against TRUE, not just non-zero since it might be -1.
+ [41f2b7ad3fdd]
+
+ * configure, configure.in:
+ OSF/1 puts file formats in section 4, not 5.
+ [d77c1301afa9]
+
+ * CHANGES, INSTALL, sudo.c:
+ Make login class support work on BSD/OS
+ [e9bbe3c08ade]
+
+ * RUNSON:
+ Update for 1.6.3
+ [c40ce1d76c4d]
+
+ * configure, configure.in:
+ If there is no inet_addr but there *is* an __inet_addr that's ok
+ since inet_addr is probably just a macro then. The better thing to
+ do would be to look for the macro, but this is fine for now.
+ [1b8865ae4d68]
+
+ * configure, configure.in:
+ Don't use shlicc for BSD/OS 4.x
+ [83fbf6dedd2c]
+
+ * Makefile.in, configure, configure.in:
+ *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
+ configure variable so we can deal with this. Also, only remove *.man
+ for 'distclean' not 'clean'.
+ [30d56e6de214]
+
+ * sudo.c:
+ set_loginclass() should be static like the proto says
+ [d570a2d55fb8]
+
+2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fnmatch.c:
+ Add #ifdef __STDC__ around the rangematch function header to avoid
+ promotion of test to int, thus violating the prototype. Gcc handles
+ this gracefully but more std ANSI compilers will complain.
+ [7d98c3e332b2]
+
+ * emul/fnmatch.h:
+ Pull in newer fnmatch(3) that supports FNM_CASEFOLD
+ [4e1320852f8b]
+
+ * aclocal.m4, configure, fnmatch.3, fnmatch.c:
+ Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
+ FNM_CASEFOLD in configure
+ [9ef952bf1896]
+
+ * CHANGES, TODO:
+ update for 1.6.3
+ [e4ba6368a0c5]
+
+ * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
+ Fully qualified hosts w/ wildcards were not matching the FQHOST
+ token type. There's really no need for a separate token for fully-
+ qualified vs. unqualified anymore so FQHOST is now history and
+ hostname_matches now decides which hostname (short or long) to check
+ based on whether or not the pattern contains a '.'.
+ [fbd2887d9811]
+
+ * parse.h:
+ Fully qualified hosts w/ wildcards were not matching the FQHOST
+ token type. There's really no need for a separate token for fully-
+ qualified vs. unqualified anymore so FQHOST is now history and
+ hostname_matches now decides which hostname (short or long) to check
+ based on whether or not the pattern contains a '.'.
+ [dd7bbe223461]
+
+ * lex.yy.c, parse.c, parse.lex, parse.yacc:
+ Fully qualified hosts w/ wildcards were not matching the FQHOST
+ token type. There's really no need for a separate token for fully-
+ qualified vs. unqualified anymore so FQHOST is now history and
+ hostname_matches now decides which hostname (short or long) to check
+ based on whether or not the pattern contains a '.'.
+ [630d9d205397]
+
+ * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
+ sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
+ Add support for wildcards in the hostname.
+ [d8d821ed4238]
+
+ * Makefile.in:
+ Add targets for *.man.in, using config.status to generate *.man from
+ *.man.in
+ [640e50ede485]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Document set_logname option and enbolden refs to sudo and visudo.
+ [9622b3a48707]
+
+ * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
+ sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
+ visudo.cat, visudo.man.in, visudo.pod:
+ Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
+ from Michael D. Marchionna. configure now does substitution on the
+ man pages, allowing us to fix up the paths and set the section
+ correctly. Based on an idea from Michael D. Marchionna.
+ [463e928a0a2f]
+
+ * auth/passwd.c:
+ Better fix for handling HP-UX aging info.
+ [3950f42d8549]
+
+ * sudo.c:
+ Add support for set_logname run-time default
+ [c6a7cc76b8b4]
+
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ configure does substitution on these to produce *.man
+ [b83fc3c1bfc9]
+
+ * sudo.man, sudoers.man, visudo.man:
+ These files now get generated from *.man.in at configure time.
+ [c499061f79e0]
+
+2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c, defaults.h:
+ Add set_logname option so users can turn off setting of LOGNAME/USER
+ environment variables.
+ [6316869180b8]
+
+ * lsearch.c, parse.c, testsudoers.c:
+ kill register
+ [6e104e653748]
+
+2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/passwd.c:
+ HP-UX adds extra info at the end for password aging so when
+ comparing the result of crypt to pw_passwd we only compare the first
+ len(epass) bytes *unless* the user entered an empty string for a
+ password.
+ [3d24d4e4e889]
+
+ * logging.c:
+ Get rid of grandchild hack, it was causing problems and there is
+ really no need for it. This fixes a bug where we spin eating up CPU
+ when the user runs a long-running process like a shell.
+ [5743b10b1e81]
+
+2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ User can always specify a login class if he/she is already root.
+ [710d160cef9f]
- * TODO: Add checksum idea from Steve Mancini
+ * config.h.in, configure, configure.in, defaults.c, defaults.h,
+ sudo.c, sudo.h:
+ FreeBSD login class (login.conf) support.
+ [026b981d6328]
-2004-08-06 19:32 millert
+2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen
+ * auth/sudo_auth.c:
+ HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
+ [9cd4929f1a78]
-2004-08-06 19:31 millert
+2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod, sudoers.pod: Document the restriction on uids specified
- via -u when targetpw is set.
+ * auth/passwd.c:
+ Truncate unencrypted password to 8 chars if encrypted password is
+ exactly 13 characters (indicateing standard a DES password). Many
+ versions of crypt() do this for you, but not all (like HP-UX's).
+ [a9d0259cb193]
-2004-08-06 19:24 millert
+2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Error out when targetpw is enabled and sudo is run with
- -u #uid but #uid does not exist in the passwd database. We can't
- do target authentication when the target is not in passwd!
+ * INSTALL, RUNSON:
+ Mention that gcc on dynix may have problems
+ [77b97fa5bf1b]
-2004-08-05 21:16 millert
+2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen
+ * Makefile.in:
+ Link visudo with NET_LIBS since we now call syslog via defaults.c
+ [9e3830b277cc]
-2004-08-05 21:14 millert
+ * defaults.c:
+ Use Argv[0] as the first arg to openlog() since visudo uses this
+ too.
+ [e61078f328ec]
- * TODO: Some more todo for the next release.
+2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-05 21:13 millert
+ * sudo.c:
+ Stash coredumpsize resource limit and retsore it before the exec()
+ Otherwise the child ends up with a coredumpsize of 0.
+ [f6a4783835a3]
- * INSTALL: Make it clear that PAM should be used for DCE support
- when possible.
+2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-05 21:13 millert
+ * sudo.cat, sudo.man, sudo.pod:
+ document -S flag
+ [3ebd805b7142]
- * sudoers.pod: o Document problems with wildcards and relative
- paths. o Make the order requirements more prominent. o Change a
- "set" to "reset" for clarity.
+ * sudo.c:
+ fix usage string
+ [66b2dfa47fe8]
-2004-08-05 14:29 millert
+ * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
+ Added -S flag (read passwd from stdin) and tgetpass_flags global
+ that holds flags to be passed in to tgetpass(). Change echo_off
+ param to tgetpass() into a flags field. There are currently 2
+ possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
+ tgetpass(), abstract the echo set/clear via macros and if (flags &
+ TGP_ECHO) but echo is not set on the terminal, but sure to set it.
+ [a4fcbb712cd0]
- * sudo.pod: Mention --with-secure-path, not SECURE_PATH.
+ * tgetpass.c:
+ Fixed a bug that caused an infinite loop when the password timeout
+ was disabled.
+ [2be1ffc5a39f]
-2004-08-02 22:34 aaron
+2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: reflect changes to parse.c
+ * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
+ sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
+ Add rootpw, runaspw, and targetpw options.
+ [2d4563e46df7]
-2004-08-02 14:44 millert
+ * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
+ visudo.c:
+ enveditor -> env_editor
+ [ddc5f856e583]
- * parse.c, parse.h, parse.yacc, testsudoers.c, visudo.c: Don't pass
- user_cmnd and user_args to command_matches(), just use the
- globals there. Since we keep state with statics anyway it is
- misleading to pretend that passing in different cmnd and
- cmnd_args will work.
+2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-08-02 14:40 millert
+ * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
+ sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
+ visudo.man:
+ crank versino to 1.6.3
+ [a5f7d3e74360]
- * parse.c: Fix a bug introduced in rev. 1.149. When checking for
- pseudo-commands check for a '/' anywhere in cmnd, not just the
- first character.
+ * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
+ sudoers.pod, visudo.c:
+ Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
+ them. This means that visudo will now parse the sudoers file
+ *before* it is edited so a bogus sudoers file will cause a warning
+ to go to stderr. Also, visudo checks the variables once--it does not
+ check them after each editor run since that could be confusing.
+ [9f5af18e9212]
-2004-07-30 23:07 aaron
+2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.man.in, sudo.pod: Clarification thanks to Olivier Blin
- <oblin@mandrakesoft.com>
+ * RUNSON:
+ 1.6.2 -> 1.6.2p1
+ [e25b74f1d1af]
-2004-07-30 22:41 aaron
+ * check.c, sudo.c, sudo.h:
+ Move user_is_exempt prototype into sudo.h
+ [daf26a6ded8a]
- * sudoers.man.in, sudoers.pod: Add ignore_local_sudoers
+2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-07-30 22:06 aaron
+ * configure, configure.in:
+ Fix thinko, some && should have been || in the last commit
+ [4b9b2d487ded]
- * README.LDAP: Sun One schema definition by
- Andreas.Bussjaeger@t-systems.com and janth@moldung.no
+ * configure, configure.in:
+ Don't initialized Makefile variables to be NULL since the user may
+ want to import variables from their environment.
+ [7be019f4422c]
-2004-07-29 11:57 millert
+2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: typo
+ * configure, configure.in:
+ typo
+ [38f4d8971f0a]
-2004-07-23 16:44 millert
+2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: sync
+ * sudo.tab.c:
+ fix a yacc (skeleton.c) warning
+ [a2da228a937b]
-2004-07-23 16:43 millert
+2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: Parse sudoers file as PERM_RUNAS not PERM_ROOT and
- remove a useless PERM_SUDOERS. Restore to PERM_ROOT upon exit of
- the parse.
+ * INSTALL, RUNSON, configure, configure.in:
+ Make pam work on HP-UX 11.0;jaearick@colby.edu
+ [b94de0ff6f42]
-2004-07-08 10:20 millert
+ * CHANGES:
+ recent changes; prepare for 1.6.2p1
+ [b291635ea141]
- * CHANGES: PAM change
+ * find_path.c:
+ Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
+ [4306285c4f6e]
-2004-07-07 21:04 aaron
+2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Better debugging of ALL command
+ * sudo.tab.c:
+ Regen with yacc that has a memory leak plugged.
+ [e26383a04eb7]
-2004-07-07 20:15 millert
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ Expanded docs on sudoers 'defaults' options based on INSTALL file
+ info.
+ [54c3d62d6c74]
- * parse.c: When matching for "sudoedit" in sudoers check both the
- command the user typed *and* the command that is listed in the
- sudoers entry.
+ * INSTALL:
+ Fix some while lies
+ [d15311782150]
-2004-07-04 19:59 aaron
+2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * ldap.c: Added !command feature
+ * Makefile.in:
+ When making a bindist, link FAQ to TROUBLESHOOTING instead of
+ copying.
+ [2d88a6ac88cf]
-2004-06-28 10:51 millert
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ Add netgroup caveat
+ [28d119f466e3] [SUDO_1_6_2]
- * auth/pam.c: Use pam_acct_mgmt() to check for disabled accounts;
- Brian Farrell
+ * RUNSON:
+ Last minute updates
+ [89fb4ed22d52]
-2004-06-10 23:11 millert
+ * TROUBLESHOOTING:
+ PAM entry
+ [a9fd59f39457]
- * LICENSE: License is ISC-style, not BSD-style
+ * auth/pam.c:
+ correct a comment
+ [a29627225ba9]
-2004-06-10 20:58 millert
+ * CHANGES, RUNSON:
+ update for 1.6.2
+ [b7f1c40ea732]
- * CHANGES: sync
+ * auth/pam.c:
+ Better detection of PAM errors and fix custom prompts with PAM.
+ Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
+ [ff69234b94a5]
-2004-06-10 16:54 millert
+2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.man.in, sudo.cat: regen
+ * snprintf.c:
+ Cast ULONG_MAX to unsigned long long when comparing to an unsigned
+ long long value.
+ [9d918c3a2ecd]
-2004-06-10 16:53 millert
+2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod: o Update some out of date bits to reality o Change the
- shell promt in examples to bourne-shell style o Clarify some
- details o Add a CAVEAT about "sudo cd /foo"
+ * CHANGES, config.h.in, configure, configure.in, visudo.c:
+ Fix sudoers locking in visudo. We now lock the sudoers file itself,
+ not the temp file (since locking the temp file can foul up editors).
+ The previous locking scheme didn't work because the fd was closed
+ too early.
+ [de2011bb11ed]
-2004-06-10 16:19 millert
+ * config.h.in, configure, configure.in:
+ Don't need test for ftruncate() any more.
+ [e5f71c848104]
- * check.c: Don't ask for a password if invoking user == target
- user.
+ * configure, configure.in:
+ Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
+ the unbundled HP-UX cc.
+ [2c373612c644]
-2004-06-10 12:32 millert
+2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: typo in comment
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
+ [05360d2c314e]
-2004-06-08 19:20 millert
+2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.man.in, sudoers.cat: regen
+ * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
+ parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
+ version.h, visudo.c:
+ update copyright year on changed files
+ [5792a2a28a4c]
-2004-06-08 19:19 millert
+ * RUNSON:
+ updates
+ [edf8f19aa403]
- * sudoers.pod: Expand on NOEXEC a little.
+ * CHANGES:
+ aix fix
+ [4d4a243b31e2]
-2004-06-08 16:20 millert
+ * INSTALL:
+ Crank version to 1.6.2
+ [bcb5cb411624]
- * TODO: sync
+ * configure:
+ Crank version to 1.6.2
+ [32a19f33427f]
-2004-06-08 15:58 millert
+ * sudo.c:
+ When using rlimit check for RLIM_INFINITY When computing the value
+ of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
+ [8c16166802e5]
- * visudo.man.in, visudo.cat: regen
+ * CHANGES:
+ recent changes
+ [09fc7112e44d]
-2004-06-08 15:55 millert
+ * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
+ sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
+ Crank version to 1.6.2
+ [055fa61a7c61]
+
+ * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
+ Add 'shell_noargs' runtime option back in. We have to defer
+ checking until after the sudoers file has been parsed but since
+ there are now other options that operate that way this one can too.
+ Based on a patch from bguillory@email.com.
+ [231db7a007a6]
+
+ * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
+ Add "listpw" and "verifypw" options.
+ [190683bac878]
+
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ o Fix some typos/omissions o Add section on verifypw and listpw o
+ Define how NOPASSWD interacts with the -v and -l flags
+ [6feb7350eb79]
+
+2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
+ -D_HPUX_SOURCE to CPPFLAGS.
+ [06cc35d89dc8]
+
+ * defaults.c, defaults.h:
+ In struct sudo_defs_types, move the union to the end and don't
+ initialize the union member since that only works with an ANSI
+ compiler. We set the value of the union by hand in init_defaults()
+ anyway. This allows sudo to compile on a K&R compiler again.
+ [623487e1fcfa]
+
+2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
+ netgr_matches needs to check shost as well as host since they may be
+ different.
+ [3f43ace23d3e]
+
+ * tgetpass.c:
+ End on \r as well as \n
+ [cb7c6e6f4202]
+
+2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
+ from 0400 to whatever SUDOERS_MODE is (converting from the old
+ sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
+ 0400 which should always be the case.
+ [34cd83d49d20]
+
+ * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
+ Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
+ w/o a passwd if there is *any* entry for the user on the host with a
+ NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
+ the user on the host w/ the specified runas user have the NOPASSWD
+ flag set.
+ [4b3b85697653]
+
+ * Makefile.in:
+ add check target
+ [3d24d34a76fd]
+
+1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Treat EOF at whatnow prompt like 'x' instead of looping.
+ [5deffc27114c]
+
+1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ recent changes
+ [5836a9452568] [SUDO_1_6_1]
+
+1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, sudo.c:
+ Add check for initgroups() since old SYSV lacks this.
+ [657a6005a569]
+
+ * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
+ parse.c, testsudoers.c:
+ o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
+ exists.
+ [17d081e917d6]
+
+1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.c:
+ Don't allow insults to be enabled if the insults[] array is empty.
+ Otherwise there would be division by zero.
+ [b20c14db6029]
+
+ * insults.h:
+ Don't allow insults to be enabled if the insults[] array is empty.
+ Otherwise there would be division by zero.
+ [028f130204b0]
+
+ * CHANGES, RUNSON:
+ Don't allow insults to be enabled if the insults[] array is empty.
+ Otherwise there would be division by zero.
+ [974f4780254b]
+
+ * insults.h:
+ Don't care about USE_INSULTS #define since the insult stuff may be
+ overridden at runtime.
+ [b873df8b299c]
+
+ * auth/sudo_auth.c:
+ Honor insults flag.
+ [756111640fdc]
+
+ * CHANGES, parse.c:
+ Don't ask the user for a password if the user is not allowed to run
+ the command and the authenticate flag (in sudoers) is false.
+ [cea9fdc09c76]
+
+ * CHANGES, RUNSON, lex.yy.c, parse.lex:
+ o Whenever we get a bare newline we change to the INITIAL state. o
+ Enter GOTRUNAS when we see Runas_Alias
+
+ This allows #uid to work in a RunasAlias.
+ [a475513e7c7a]
+
+1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, parse.yacc, sudo.tab.c:
+ fix parsing of runas lists: o oprunasuser and runaslist now return a
+ value o in a runasspec, if a runaslist does not return TRUE, set
+ runas_matches to FALSE. Normally, a runaslist only returns FALSE
+ for explicitly denied users. o since runaslist does not modify the
+ stack there is no need for a push/pop in runasalias.
+ [82b305b34a8c]
+
+ * check.c, sudo.c:
+ Don't kill the user's tickets until after sudoers has been parsed
+ since tty_tickets and ticket_dir could be set in sudoers.
+ [f43e25367f3a]
- * CHANGES, parse.yacc, visudo.c, visudo.pod: Add a check in visudo
- for runas_default being set after it has already been used.
+ * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
+ configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
+ sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
+ crank version to 1.6
+ [95f8bdcf9bb2]
-2004-06-08 13:53 millert
+ * testsudoers.c:
+ add set_fqdn() stub
+ [bbc81af5b41a]
- * parse.yacc: Add a MATCHED macro for testing whether foo_matches
- has been set to TRUE or FALSE. This is more readable than
- checking for >=0 or < 0. Doesn't change the actual code
- generated.
+1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-06-06 20:11 millert
+ * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
+ sudoers.man, sudoers.pod, visudo.c:
+ o Kill shell_noargs option, it cannot work since the command needs
+ to be set before sudoers is parsed. o Fix the "set_home" sudoers
+ option (only worked at compile time). o Fix "fqdn" sudoers option.
+ We now set host/shost via set_fqdn which gets called when the
+ "fqdn" option is set in sudoers. o Move the openlog() to
+ store_syslogfac() so this gets overridden correctly from the
+ sudoers file.
+ [3dca861f0f5d]
- * sudoers.man.in, sudoers.cat: regen
+ * auth/securid.c:
+ SecurID support should compile now.
+ [a544e5c6ea34]
-2004-06-06 20:07 millert
+1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers, sudoers.pod: Correct description of where Defaults specs
- should go.
+ * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
+ visudo.man, visudo.pod:
+ fix some syntactic goofs
+ [b3451f0d5239]
-2004-06-06 20:02 millert
+1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * find_path.c, ldap.c, logging.h, testsudoers.c, visudo.c,
- auth/bsdauth.c, auth/kerb5.c, auth/pam.c: update (c) year
+ * Makefile.in, sudo.html, sudoers.html, visudo.html:
+ No longer need the .html files as they are generated automatically
+ on the web site.
+ [1b4aa4204584]
-2004-06-06 19:58 millert
+ * CHANGES, LICENSE:
+ kill characters that made wml unhappy
+ [b988fbc6da56]
- * check.c, compat.h, defaults.c, env.c, find_path.c, getcwd.c,
- ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c,
- tgetpass.c, visudo.c, auth/bsdauth.c, auth/kerb5.c, auth/pam.c:
- Remove trailing spaces, no actual code changes.
+ * HISTORY:
+ typo
+ [a418963f7fce]
-2004-06-06 16:22 millert
+1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.yacc: Fix a >=0 that should be <0 that was improperly
- converted when UNSPEC was added.
+ * README:
+ majordomo@cs.colorado.edu -> majordomo@courtesan.com
+ [5d151e8ffd3b]
-2004-06-06 15:54 millert
+ * Makefile.in, configure:
+ Wrap script execution w/ /bin/sh for the benefit of ctm
+ [3a9c4766b2c3]
- * parse.yacc: Add do {} while(0) around pop macro Set cmnd_matches
- to UNSPEC, not NOMATCH when resetting it.
+1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-06-06 15:39 millert
+ * sudo.c:
+ Make the -s flag be exclusive too. Also reorder the flags in the
+ exclusive usage message so they are alphabetical.
+ [4c7af200db34]
- * parse.yacc: Fix pastos introduced in SETNMATCH addition.
+1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-06-05 13:55 millert
+ * auth/pam.c:
+ make pam errors other than PAM_PERM_DENIED fatal
+ [64bcb3fd2baf]
- * README.LDAP: Update for configure changes
+ * auth/API:
+ fix typo
+ [f3134c88b12e]
-2004-06-05 13:42 millert
+ * INSTALL:
+ make it clear that /etc/pam.d/sudo is required on linux
+ [213cc3eaad82]
- * parse.yacc, sudo.h: Add NOMATCH and UNSPEC defines (-1 and -2
- respectively) and use these in parse.yacc. Also in parse.yacc
- initialize the *_matches vars to UNSPEC and add two macros,
- SETMATCH and SETNMATCH for use when setting *_matches to a value
- that may be NOMATCH/UNSPEC/TRUE/FALSE.
+ * auth/pam.c:
+ fix a warning on redhat and spew an error if pam_authenticate()
+ returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
+ [7e46dd19da89]
-2004-06-05 11:17 millert
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Be very clear that the password required is the user's not root's
+ [a6da127347e5]
- * parse.yacc: Initialize runas to -2, not -1 since we need to be
- able to distinguish between the initialized value and the value
- of a non-match when passing along the runas value to multiple
- commands.
+1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
- The result of this is that an unmatched runas is now set to -1,
- not 0. This is required now that parse.c treats a FALSE value
- for runas as being explicitly denied.
+ * Makefile.in:
+ add sample.syslog.conf to DISTFILES and BINFILES
+ [8661c27c007e]
-2004-06-03 16:21 millert
+1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * getprogname.c, sudo.c, visudo.c: Error out if argc < 1.
+ * RUNSON:
+ updates from Brian Jackson + some formatting
+ [6d31c6fa63f8]
-2004-06-03 12:37 millert
+1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Add tests for what libs we need to link
- with for ldap and for whether or not lber.h needs to be
- explicitly included.
+ * INSTALL.binary, Makefile.binary, README, RUNSON:
+ o One RUNSon update o Changes for automating real binary releases
+ [dd9585f4406c]
-2004-06-02 20:30 aaron
+ * Makefile.in:
+ Add bindist target
+ [546ed3fa94bb]
- * ldap.c: Solaris native LDAP build fix
+1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-06-01 16:56 millert
+ * TROUBLESHOOTING:
+ talk about run-time options in addition to compile-time options
+ [1eb813ff0a9a] [SUDO_1_6_0]
- * ldap.c: Set edn to NULL is ldap_get_dn() fails to avoid potential
- use of an unset variable.
+ * CHANGES:
+ fix typos
+ [65e92bb70a7b]
-2004-06-01 16:56 millert
+ * sudo.c:
+ need sys/time.h if HAVE_SETRLIMIT
+ [ce31655a8a60]
- * sudo.h: Add prototype for sudo_ldap_list_matches
+ * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
+ sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
+ get rid of references to sudo-bugs. Now mention the web site or the
+ sudo@ alias
+ [a9db861fd8c6]
-2004-06-01 16:53 millert
+ * sudoers.html:
+ repair pod2html damage
+ [62ece4277f1f]
- * compat.h, config.h.in, configure, configure.in: Better check for
- dirfd macro--we now set HAVE_DIRFD for the macro version too.
- Added check for dd_fd in `DIR' if no dirfd is found; this is now
- used to confitionally define the dirfd macro in compat.h.
+ * RUNSON, TODO:
+ Update for 1.6 release
+ [98569c57ba2a]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ Add warning about using ALL in a command context.
+ [6c77685ab280]
+
+1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Call yyrestart() on a parse error to reset the lexer state.
+ [1370a27acdb2]
-2004-06-01 16:51 millert
+ * lex.yy.c, parse.lex:
+ Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
+ since it might not get called in yywrap if we get a parse error
+ (and we only reread the file on error anyway).
+ [37f4b449e28e]
+
+ * lex.yy.c, parse.lex:
+ Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
+ might still exist. Call yyrestart() instead of using the deprecated
+ YY_NEW_FILE macro.
+ [7d0d873046c6]
- * closefrom.c: Only check /proc/$$/fd if we have the dirfd
- function/macro.
+ * lex.yy.c, parse.lex:
+ flex doesn't need %N table size declarations
+ [268b020fd60a]
-2004-06-01 15:13 millert
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ Mention what characters need to be escaped in names.
+ [72ccbb6b0f31]
- * compat.h, config.h.in, configure, configure.in: Add a check for a
- dirfd() function (like Linux) and add a dirfd macro in compat.h
- if there is no dirfd() function or macro.
+1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-06-01 14:59 millert
+ * configure:
+ regen
+ [65827abb5c7b]
+
+ * INSTALL:
+ clarify Mac OS X entry
+ [8da1549a71f5]
- * closefrom.c, getcwd.c: dirfd() is now defined in compat.h as
- needed.
+ * RUNSON:
+ update
+ [0cff8df7459f]
-2004-06-01 14:30 millert
+ * configure.in:
+ o Use AC_MSG_ERROR throughout o Check syslog configure options for
+ danity
+ [4cb81e642e5c]
- * CHANGES: Clarify closefrom() note.
+1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ Fix printing of type T_MODE in dump_defaults()
+ [a868bb6f5515]
-2004-06-01 12:51 millert
+ * strcasecmp.c:
+ missing sys/types.h
+ [ca694ca325b6]
- * parse.c: When checking for a command in the directory, only copy
- the base dir once.
+ * INSTALL:
+ Break out options that may be overridden at run time into their own
+ section. Add a not about Max OS X and correct some lies.
+ [d8bcfd120593]
-2004-06-01 12:44 millert
+1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * closefrom.c: If there is a /proc/$$/fd directory, behave like the
- Solaris closefrom() and only close the descriptors listed
- therein.
+ * CHANGES, config.h.in, configure, configure.in, sudo.c:
+ o Now use getrlimit to find the highest fd when closing all non-std
+ fd's o Turn off core dumps via setrlimit for the sake of paranoia
+ [dd9f651b6def]
-2004-06-01 12:23 millert
+ * RUNSON:
+ updates
+ [f581841fe615]
- * alloc.c: compat.h guarantees INT_MAX is defined.
+1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-06-01 12:23 millert
+ * CHANGES:
+ updates
+ [553baa1d44c7]
- * compat.h: Add definitions of OPEN_MAX and INT_MAX for those
- without it and remove definition of RLIM_INFINITY (now unused).
+ * tgetpass.c:
+ When read()'ing, do a single character at a time to be sure we don't
+ go oast the newline.
+ [907d33f55bb4]
-2004-05-31 21:22 millert
+ * sudo.c:
+ For the sudo_root option, check against user_uid, not getuid() since
+ at this point, ruid == euid == 0.
+ [92d5c51939b4]
- * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c,
- parse.c, sudo.c, sudo.h, visudo.c: Use PATH_MAX, not MAXPATHLEN
- since the former is standardized.
+ * RUNSON:
+ some updates
+ [e3ed0c1f312b]
-2004-05-31 19:18 millert
+ * logging.h:
+ Fix compilation problem when --with-logging=file was specified.
+ This means that syslog is now required to build sudo but that should
+ not be a problem. If it is it can be fixed trivially with a
+ configure check for syslog() or syslog.h.
+ [839a4b069190]
- * CHANGES: sync
+ * tgetpass.c:
+ Make this work again for things like "sudo echo hi | more" where the
+ tty gets put into character at a time mode. We read until we read
+ end of line or we run out of space (similar to fgets(3)).
+ [c8f746df2e63]
-2004-05-31 19:10 millert
+1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * RUNSON: Add some entries that were mailed in a while ago
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ change ital to bold
+ [f860978e530a]
-2004-05-31 14:16 millert
+ * RUNSON:
+ update
+ [9bcfbb405568]
- * closefrom.c: o sysconf returns a long, not an int. o check for
- negative return value from sysconf/getdtablesize and use
- OPEN_MAX in this case. o define OPEN_MAX to 256 for those
- without it (a fair guess...)
+1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-30 12:25 millert
+ * defaults.c:
+ Error out if syslog parameters are given without a value. For
+ Ultrix or 4.2BSD "syslog" is allowed without a value since there are
+ no facilities in the 4.2BSD syslog.
+ [69e7a686f5f0]
- * UPGRADE: Mention change in parse order for RunAs entries.
+1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-30 12:15 millert
+ * defaults.c:
+ Ignore the syslog facility for systems w/ old syslog like Ultrix.
+ [5c250adbbb84]
- * configure: regen
+ * TROUBLESHOOTING:
+ people with "." early in their path can have problems running sudo
+ from the build dir ;-)
+ [20a1744a24a4]
-2004-05-29 18:29 millert
+1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure.in, INSTALL, README.LDAP: o --with-ldap
- now takes an optional dir as a parameter
- o added check for ldap_initialize() and start_tls_s()
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Remove -r realm option
+ [127caa537f95]
-2004-05-29 14:54 millert
+ * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
+ configure.in, sudo.c:
+ New krb5 code from Frank Cusack <fcusack@iconnet.net>.
+ [7177a3893a62]
- * README.LDAP: Fix some typos, word choice and formatting issues.
+ * CHANGES:
+ update to reality
+ [766cfbb512d6]
-2004-05-28 18:06 millert
+1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * tgetpass.c: Use SA_INTERRUPT so SunOS works correctly, avoid
- stdio and just use read/write as it is simpler.
+ * auth/fwtk.c:
+ include <auth.h> to get function prototypes.
+ [d6c7c12d09fe]
-2004-05-28 16:27 millert
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ document -L flag
+ [dc803e1ce0d7]
- * configure, configure.in: Remove hack overriding cross-compiler
- check. It should no longer be needed.
+1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-28 16:26 millert
+ * sudo.c:
+ in set_perms(), always call setuid(0) before changing the ruid/euid
+ so we always know it will succeed.
+ [8cced1b862bf]
- * compat.h: Remove select() compat bits since we no longer use
- select().
+ * defaults.h:
+ #undef T_FOO to avoid conflicts with system defines (like on
+ ULTRIX).
+ [d9f0aac092b0]
-2004-05-28 16:24 millert
+ * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
+ sudoers.pod:
+ Docuement "Defaults" lines in /etc/sudoers. Still needs some
+ fleshing out but this is a start.
+ [521a1e629bbc]
- * CHANGES, tgetpass.c: Use alarm() instead of select() for the
- timeout for systems that don't fully/properly implement select().
+1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-27 19:14 millert
+ * use strtol, not strtoul since not everyone has not strtoul
+ [988462f093cc]
- * CHANGES: synbc
+ * defaults.c:
+ use strtol, not strtoul since not everyone has not strtoul
+ [fce835ce62e3]
+
+ * lex.yy.c, parse.lex:
+ last {WORD} rule should only apply in the INITIAL state
+ [9b57570bfa83]
+
+ * lex.yy.c, parse.lex:
+ o Add support for escaped characters in the WORD macro o Modify
+ fill() to squash escape chars
+ [87572d59e4e0]
-2004-05-27 19:12 millert
+ * defaults.c, defaults.h:
+ o Add T_PATH flag to allow simple sanity checks for default values
+ that are supposed to be pathnames. o Fix a duplicate free when
+ visudo finds an error.
+ [bdc6855a6c6d]
- * RUNSON: update
+1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-27 19:12 millert
+ * defaults.c, defaults.h, logging.c:
+ mail_if_foo -> mail_foo
+ [cbee9415875d]
- * set_perms.c: Deal with systems that have no way of setting the
- effective uid such as nsr-tandem-nsk.
+1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-27 19:01 millert
+ * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
+ o Add requiretty option o Move O_NOCTTY to compat.h
+ [65b8bf0e1795]
- * configure, configure.in: Define NO_SAVED_IDS if we don't find
- seteuid()
+ * logging.c:
+ The exit() in log_error() was mistakenly removed in a previous
+ version. Put it back...
+ [9473449130a4]
-2004-05-27 18:21 millert
+1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure, configure.in: Add back check for
- setreuid() since NSK doesn't have it.
+ * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
+ auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
+ configure, configure.in, defaults.c, defaults.h, find_path.c,
+ getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
+ o Change defaults stuff to put the value right in the struct. o
+ Implement mailer_flags o Store syslog stuff both in int and string
+ form. Setting the string form magically updates the int version.
+ o Add boolean attribute to strings where it makes sense to say !foo
+ [4698953f9a36]
-2004-05-27 15:57 millert
+ * tgetpass.c:
+ add O_NOCTTY when opening /dev/tty just in case
+ [4c6d1d1bb300]
- * sudoers.cat, sudoers.man.in: regen
+1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-27 15:56 millert
+ * auth/API:
+ cleanup function no longer takes a status arg
+ [0819edbfe7f8]
- * BUGS, CHANGES: sync
+ * INSTALL:
+ the the
+ [19aadb65ea28]
-2004-05-27 15:55 millert
+1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c: In sudoers_lookup() return VALIDATE_NOT_OK if the runas
- user was explicitly denied and the command matched. This fixes a
- long-standing bug and makes: foo machine = (ALL)
- /usr/bin/blah foo machine = (!bar) /usr/bin/blah
+ * TODO, config.h.in, configure, configure.in, logging.c:
+ Use strftime() instead of ctime() if it is available.
+ [fb60ea63b514]
- equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
+1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-27 15:52 millert
+ * defaults.c:
+ fix copyright date
+ [4a53b54aa72f]
- * sudoers.pod: Clarify mail_noperm
+ * RUNSON:
+ update ReliantUNIX entry
+ [de618a4f67d9]
-2004-05-19 21:25 aaron
+ * defaults.c, defaults.h, logging.c:
+ add log_year option
+ [251a9e20568a]
- * Makefile.in: Missing DESTDIR in make install for sudo_noexec.la
+ * configure, configure.in:
+ add --without-sendmail to help output
+ [93162f199902]
-2004-05-17 18:32 millert
+ * configure, configure.in:
+ enforce an otctal arg for --with-suoders-mode
+ [45e1b04ccad3]
- * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat,
- sudoers.cat, visudo.cat: regen
+1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-17 18:31 millert
+ * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
+ auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
+ auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
+ defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
+ parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
+ testsudoers.c, version.c, visudo.c:
+ Add support for "Defaults" line in sudoers to make configuration
+ variables changable at runtime (and on a global, per-host and per-
+ user basis). Both the names and the internal representation are
+ still subject to change. It was necessary to make sudo_user.runas
+ but a char ** instead of a char * since this value can be changed by
+ a Defaults line. There is a similar (but more complicated) issue
+ with sudo_user.prompt but it is handled differently at the moment.
- * TODO: sync
+ Add a "-L" flag to list the name of options with their descriptions.
+ This may only be temporary.
-2004-05-17 18:31 millert
+ Move some prototypes to parse.h
- * sample.sudoers, sudoers.pod: Remove fastboot/fasthalt (who still
- remembers these?) and add a minimal sudoedit example.
+ Be much less restrictive on what is allowed for a username.
+ [f71abf7ba80c]
-2004-05-17 18:21 millert
+ * sample.syslog.conf:
+ Add more info
+ [e952e6f42d4d]
- * CHANGES, INSTALL, TROUBLESHOOTING, UPGRADE, sudo.c, visudo.c:
- filesystem -> file system
+1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-17 18:19 millert
+ * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
+ strcasecmp.c:
+ UCB has dropped the advertising clause from their license.
+ [a5602b36a341]
- * sudo.pod, sudoers.pod: Fix some minor typos and formatting goofs
+1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-05-17 18:10 millert
+ * auth/sudo_auth.h:
+ move dce_verofy proto to correct section
+ [972c815af558]
- * lex.yy.c: regen
+ * auth/dce.c:
+ remove XXX
+ [820631855be0]
-2004-05-17 17:57 millert
+1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * emul/fnmatch.h:
+ Add fnmatch() prototype
+ [79e84576d92a]
- * visudo.pod: remove my email addr
+ * fnmatch.c, parse.c, testsudoers.c:
+ Move inclusion of emul/fnmatch.h to be after sudo.h for __P
+ [1182c89fa811]
-2004-05-17 17:55 millert
+ * sudo.h:
+ add strcasecmp proto
+ [512d1d8a6a0c]
- * sudo.pod, sudoers.pod, visudo.pod: Use @mansectform@ and
- @mansectsu@ everywhere Make man page references links with L<>
+ * auth/sudo_auth.c:
+ add check for case where there are no auth methods
+ [e4af2b91b43e]
-2004-05-17 16:51 millert
+ * configure, configure.in:
+ Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
+ SunOS4 w/ gcc
+ [746ce8bcec23]
- * parse.lex: Accept quoted globbing characters and pass them
- verbatim for fnmatch()
+ * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
+ include strings.h everywhere we include string.h
+ [6f7d5d437e7b]
-2004-05-17 16:50 millert
+ * version.c:
+ nicer output when showing auth methods
+ [0eac4b977f9d]
+
+ * version.c:
+ Add support for SEND_MAIL_WHEN_NO_HOST
+ [9f20a3a3fae6]
+
+ * config.h.in, configure, configure.in:
+ Add _GNU_SOURCE for Linux
+ [c7bd8c511847]
+
+ * lex.yy.c, parse.lex:
+ fix definition of OCTECT
+ [4af30e63244d]
+
+ * configure, configure.in:
+ aix_auth.o not authenticate.o
+ [fe95dfb08df4]
+
+1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
+ keyboard). Since we run with ruid/euid == 0 the user can't really
+ signal us in nasty ways.
+ [a7f6487c0f48]
+
+ * visudo.c:
+ Don't need to worry about catching too many signals since we do
+ locking on the tmp file. If a lockfile is really stale, it will be
+ detected and overwritten.
+ [28983db3e749]
+
+ * INSTALL, Makefile.in:
+ include auth/API in tarball
+ [014991600252]
+
+ * auth/sudo_auth.c:
+ move memset() of plaintext pw outside of verify loop and only do the
+ memset if we are *not* in standalone mode.
+ [66f8e87567e2]
- * UPGRADE: Document that /tmp/.odus is gone.
+ * auth/sudo_auth.c, auth/sudo_auth.h:
+ DCE is not a standalone method
+ [34963e2d8a1b]
-2004-05-17 16:28 millert
+ * sudo.c:
+ fix --enable-noargs-shell
+ [4234062abbb0]
+
+ * snprintf.c:
+ "#ifdef __STDC__" not "#if __STDC__" (I missed one)
+ [c430b80454c6]
+
+ * auth/fwtk.c, auth/sia.c:
+ _cleanup() function returns an int.
+ [d1a1cc071ec1]
+
+ * auth/dce.c:
+ there were still some return(0)'s hanging around, make them
+ AUTH_FAILURE
+ [1002aa1962c3]
+
+ * parse.c:
+ typo in comment
+ [5abc410dbfd2]
+
+ * version.c:
+ add missing semicolon
+ [a262283b52a5]
+
+ * auth/sudo_auth.h:
+ missing backslash
+ [bf89f6bd2900]
+
+1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, config.h.in, configure, configure.in:
+ Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
+ [f1a9bca0cf67]
+
+ * Makefile.in:
+ add parse.h to HDRS
+ [a3d054987766]
+
+ * Makefile.in, configure, configure.in:
+ Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
+ LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
+ network libs like -lsocket, -lnsl go in NET_LIBS. This allows
+ testsudoers to build on Solaris and is a bit cleaner in general.
+ [4e6239e97002]
+
+ * UPGRADE:
+ mention ptmp -> sudoers.tmp
+ [ec3baa0fe8a1]
+
+ * config.h.in, configure, configure.in:
+ Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
+ [6f93dc7f39f5]
+
+ * RUNSON:
+ add 2 reports
+ [ce0fcc00ee4e]
+
+ * auth/kerb5.c:
+ Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
+ return a value more like a system function
+ [0dd56aa21424]
+
+ * auth/dce.c:
+ Add an XXX
+ [58fc8562c212]
+
+ * TODO:
+ more things todo!
+ [5a459d0cf339]
+
+ * sample.sudoers:
+ update based on what is in the man page
+ [1a0477db96fa]
+
+ * parse.yacc, sudo.tab.c:
+ minor change to first line printed in -l mode
+ [69eb57d96952]
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
+ standard and add "EXAMPLES" section
+ [7e543335ebe1]
+
+ * visudo.cat, visudo.html, visudo.man, visudo.pod:
+ rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
+ standard
+ [f82d87ed65c2]
+
+ * logging.c, parse.c, sudo.h:
+ add FLAG_NO_CHECK
+ [c7d69176a2d7]
+
+ * lex.yy.c, parse.lex:
+ make an OCTET really be limited to 0-255
+ [6ee568dd6a02]
+
+ * UPGRADE:
+ mention timestamp changes
+ [e44d5302bf60]
+
+ * PORTING:
+ cosmetic cleanup
+ [36fa3a2664dd]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ new sudoers(8) man page
+ [e674d06283d0]
+
+1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.c:
+ Update comments about syslog name tables
+ [63830a782dcb]
+
+ * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
+ strcasecmp.c, sudo.tab.c:
+ include strcasecmp() for those without it
+ [a0d8e2488bbc]
- * CHANGES, aclocal.m4, configure, pathnames.h.in: No longer use
- /tmp/.odus as a possible timestamp dir unless specifically
- configured to do so. Instead, if no /var/run exists, use
- /var/adm/sudo or /usr/adm/sudo.
+ * sample.sudoers:
+ Use the : operator some more and fix a typo
+ [18804c70da86]
-2004-05-17 16:08 millert
+ * HISTORY:
+ update the history of sudo
+ [9d9b3d5279b3]
- * check.c, compat.h, logging.c, set_perms.c, sudo.c, tgetpass.c,
- visudo.c: Preliminary changes to support nsr-tandem-nsk. Based
- on patches from Tom Bates.
+ * parse.c, parse.lex, testsudoers.c:
+ CIDR-style netmask support
+ [768644467353]
+
+ * CHANGES:
+ recent changes
+ [a4319e9d07cb]
+
+ * sudo.tab.c, sudo.tab.h:
+ these should be generated with byacc, not bison
+ [f57b9489b752]
+
+ * lex.yy.c:
+ regen
+ [522461f95dfa]
-2004-05-16 18:47 millert
+ * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
+ In "sudo -l" mode, the type of the stored (expanded) alias was not
+ stored with the contents. This could lead to incorrect output if
+ the sudoers file had different alias types with the same name.
+ Normal parsing (ie: not in '-l' mode) is unaffected.
+ [823fe2bc4b79]
+
+1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: There was no 1.6.7p6.
+ * configure, configure.in:
+ define _XOPEN_SOURCE to get at crypt() proto on some systems
+ [1b3769b86fb9]
-2004-05-16 16:38 millert
+1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * snprintf.c:
+ fix comment
+ [fc1264df00f7]
- * BUGS, CHANGES: sync
+ * tgetpass.c:
+ don't need limits.h
+ [f1631829af45]
-2004-05-16 16:36 millert
+ * snprintf.c:
+ kill bogus reference to vfprintf
+ [a0b99b25d389]
- * Makefile.in: add missing files to DISTFILES
+ * sample.sudoers, sudoers:
+ better examples
+ [b4d87ea64cc8]
-2004-05-16 16:23 millert
+ * snprintf.c:
+ Add some const in the K&R defs. This is safe since we define const
+ away if the compiler doesn't grok it.
+ [614d6e83d45e]
- * sudoers.man.in, sudo.cat, sudoers.cat, visudo.cat: regen
+ * aclocal.m4, configure:
+ Better test for working long long support. Ultrix compiler supports
+ basic long long but not all operations on them.
+ [5da1508710ed]
-2004-05-16 16:20 millert
+ * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
+ snprintf.c, sudo.c:
+ Add check for LONG_IS_QUAD #undef MAXINT before including
+ hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
+ in snprintf.c and use LONG_IS_QUAD
+ [a1f7993367fc]
- * Makefile.in: Fix some line wrap and update (c) year
+1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-04-28 15:05 aaron
+ * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
+ snprintf.c:
+ UCB-derived snprintf + asprintf support. Supports quads if the
+ compiler does. No floating point yet, perhaps later...
+ [0caf05aba945]
+
+1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
+ goodpath.c, logging.c, parse.c, sudo.c:
+ Run most of the code as root, not the invoking user. It doesn't
+ really gain us anything to run as the user since an attacker can
+ just have an setuid(0) in their egg. Running as root solves
+ potential problems wrt signalling.
+ [408e530dda01]
+
+ * sudo.tab.c:
+ regen
+ [f8cfb37e37de]
+
+1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, sudo.c:
+ Don't wait for child to finish in log_error(), let the signal
+ handler get it if we are still running, else let init reap it for
+ us. The extra time it takes to wait lets the user know that mail is
+ being sent.
+
+ Install SIGCHLD handler in main() and for POSIX signals, block
+ everything
+ *except* SIGCHLD.
+ [d2b6ab0ef3be]
+
+ * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
+ parse.yacc, sudo.c, sudo.h:
+ sudoers_lookup() now returns a bitmap instead of an int. This makes
+ it possible to express things like "failed to validate because user
+ not listed for this host". Some thigns that were previously
+ VALIDATE_FOO are now FLAG_FOO. This may change later on.
+
+ Reorganized code in log_auth() and sudo.c to deal with above
+ changes.
+
+ Safer versions of push/pushcp with in the do { ... } while (0) style
+
+ parse.yacc now saves info on the stack to allow parse.c to determine
+ if a user was listed, but not for the host he/she tried to run on.
+
+ Added --with-mail-if-no-host option
+ [63326cb01efc]
+
+1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
+ visudo.man, visudo.pod:
+ o NewArgv and NewArgc don't need to be externally visible. o If
+ pedantic > 1, it is a parse error. o Add -s (strict) option to
+ visudo which sets pedantic to 2.
+ [5d7d81b55cd5]
+
+ * HISTORY, INSTALL:
+ Just have sudo-bugs contact info in one place
+ [e7f6588ea683]
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Add BUGS section
+ [6607d96ea510]
+
+ * Makefile.in, configure, configure.in:
+ Add testsudoers to default build target if --with-devel Don't clean
+ generated parser files unless "distclean".
+ [5827b769dc57]
+
+ * parse.yacc, sudo.tab.c:
+ In pedantic mode we need to save *all* the aliases, not just those
+ that match, or we get spurious warnings.
+ [24f5b1f0e1de]
+
+ * TROUBLESHOOTING:
+ reference samples.sylog.conf
+ [11841668380a]
+
+1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.syslog.conf:
+ Sample entries for syslog.conf
+ [0f7697d878a1]
+
+ * CHANGES:
+ recent changes
+ [8bca8810c6bd]
+
+ * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
+ auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
+ auth/sudo_auth.c, auth/sudo_auth.h:
+ In struct sudo_auth, turn need_root and configured into flags and
+ add a flag to specify an auth method is running alone (the only
+ one). Pass auth methods their sudo_auth pointer, not the data
+ pointer. This allows us to get at the flags and tell if we are the
+ only auth method. That, in turn, allows the method to be able to
+ decide what should/should not be a fatal error. Currently only
+ rfc1938 uses it this way, which allows us to kill the OTP_ONLY
+ define and te hackery that went with it. With access to the
+ sudo_auth struct, methods can also get at a string holding their
+ cannonical name (useful in error messages).
+ [b7e320fc6511]
+
+ * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
+ getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
+ sudo.tab.h:
+ o --with-otp deprecated, use --without-passwd instead o real
+ dependencies in the Makefile o --with-devel option to enable yacc,
+ lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
+ back to being a token, not a string but don't leak memory o rename
+ hsotspec -> host in parse.yacc
+ [912c45226cb2]
+
+1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, CHANGES:
+ recent changes
+ [801fa6e55687]
+
+ * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
+ sudo.c, sudo.h:
+ o Digital UNIX needs to check for *snprintf() before -ldb is added
+ to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
+ for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
+ functions in snprintf.c to fix -Wall o Add missing includes to fix
+ more -Wall
+ [8d207203e126]
+
+ * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
+ configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
+ visudo.c:
+ o Add a "pedentic" flag to the parser. This makes sudo warn in
+ cases where an alias may be used before it is defined. Only turned
+ on for visudo and testsudoers. o Add --disable-authentication option
+ that makes sudo not require authentication by default. The PASSWD
+ tag can be used to require authentication for an entry. We no
+ longer overload --without-passwd.
+ [f307e09adf98]
+
+ * lex.yy.c, parse.lex:
+ Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
+ username can contain just about anything so be very permissive. Also
+ drop the unused \. punctuation.
+ [06a50614ff89]
+
+1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.tab.c:
+ o add a 'val' element to aliasinfo struct and move -> parse.h o
+ find_alias() now returns an aliasinfo * instead of boolean o
+ add_alias() now takes a value parameter to store in the
+ aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
+ return: 1) positive match 0) negative match (due to '!')
+ -1) no match This means setting $$ explicitly in all cases, which I
+ should have done in the first place. It also means that we always
+ store a value that is != -1 and when we see a '!' we can set
+ *_matches to !rv if rv != -1. The upshot of all of this is that '!'
+ now works the way it should in lists and some of the rules are more
+ uniform and sensible.
+ [ad8e73b5d581]
+
+ * Makefile.in:
+ add parse.h dependency
+ [4ccccd464d30]
+
+ * parse.h:
+ kill unused *_matched macros
+ [02cba6dcb732]
+
+ * parse.yacc:
+ Allow a list of users as the first thing in a user spec, not just a
+ single entry. This makes things more uniform, though it does allow
+ you to write user specs that are hard to read.
+ [3c4c91c508ca]
+
+ * sudo.tab.c:
+ parse.yacc
+ [feca81881bb6]
+
+ * configure:
+ regen
+ [6f247010bb3b]
+
+ * configure.in:
+ fix check for crypt() in libufc
+ [82770736f4b0]
+
+1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ sudo-users list now exists
+ [4716d2bb0bbf]
+
+ * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
+ Update to reality.
+ [1eda2d57e42a]
- * README.LDAP: Build Note
+ * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
+ config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
+ version.c, visudo.c:
+ o Move lock_file() and touch() into fileops.c so visudo can use them
+ o Visudo now locks the sudoers temp file instead of bailing when the
+ temp file already exists. This fixes the problem of stale temp
+ files but it does *require* that you not try to put the temp file in
+ a world-writable directory. This shoud not be an issue as the temp
+ file should live in the same dir as sudoers. o Visudo now only
+ installs the temp file as sudoers if it changed.
+ [2517cd06c070]
+
+1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ add fcntl locking
+ [c304adeaf515]
+
+ * config.h.in, configure, configure.in, logging.c:
+ Lock the log file.
+ [d8652704fbdf]
-2004-04-06 22:03 aaron
+ * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
+ visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
+ o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
+ temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
+ -> _PATH_SUDOERS_TMP
+ [68cad8975807]
+
+1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
+ o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
+ root sudo -V config reporting
+ [cdd2613a9dcf]
+
+ * configure, configure.in:
+ aix_auth.o not authenticate.o
+ [d972e35f6730]
+
+ * config.h.in:
+ Add --with-goodpri and --with-badpri configure options to specify
+ the syslog priority to use.
+ [2595ae50ab86]
+
+ * INSTALL, configure, configure.in, logging.h:
+ Add --with-goodpri and --with-badpri configure options to specify
+ the syslog priority to use.
+ [8276ee9b2b49]
+
+ * compat.h:
+ kill crufty AIX stuff
+ [a4f35ef9854e]
+
+ * Makefile.in:
+ Sigh, some versions of make (like Solaris's) don't deal with $< like
+ I would expect. Both GNU and BSD makes get this right but... So, we
+ just expand $< inline at the cost of some ugliness.
+ [b1b456f8801f]
+
+ * version.c:
+ If the invoking user is root, sudo will now print configure info in
+ -V mode. Currently just prints logging info, to be expanded later.
+ [392f7ed99267]
+
+ * logging.c, logging.h, sudo.c, sudo.h:
+ o new defines for syslog facility and priority o use new
+ print_version() functino for -V mode
+ [78abc5142985]
+
+ * check.c:
+ Don't need version.c
+ [db9a830ad893]
+
+ * aclocal.m4, config.h.in, configure, configure.in:
+ Add check for syslog facilities and priorities tables in syslog.h
+ [b86213e5fc5c]
+
+ * Makefile.in:
+ o authenticate -> aix_auth o add version.c
+ [44b6b9a8d0f5]
+
+ * auth/sudo_auth.c:
+ Missed a prompt -> user_prompt conversion
+ [e4c60b1f210c]
+
+1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ sudo should lock its logfile
+ [6d2830b28b07]
+
+ * parse.yacc, sudo.tab.c:
+ o Add '!' correctly when expanding Aliases. o Add shortcut macros
+ for append() to make things more readable. o The separator in
+ append() is now a string instead of a char. o In append(), only
+ prepend the separator if the last char is not a '!'. This is a
+ hack but it greatly simplifies '!' handling. o In -l mode, Runas
+ lists and NOPASSWD/PASSWD tags are now inherited across entries in
+ a list (matches current behavior). o Fix formatting in -l mode such
+ that items in a list are separated by a space. Greatlt improves
+ readability. o Space for name field in struct aliasinfo is now
+ allocated dyanically instead of using a (big) buffer. o In
+ add_alias(), only search the list once (lsearch instead of lfind +
+ lsearch)
+ [51f7e07addb9]
+
+ * lex.yy.c, sudo.tab.c, sudo.tab.h:
+ regen
+ [5c19bb05dc21]
+
+ * configure, configure.in:
+ Solais pam doesn't require anye xtra setup
+ [a25ba03d91d1]
+
+ * parse.yacc:
+ o Simpler '!' support now that the lexer deals with multiple !'s for
+ us. o In the case of opFOO, have FOO give a boolean return value and
+ set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
+ it gets fill()'d in parse.lex--fixes a small memory leak. In the
+ long run it may be better to just fix parse.lex and make ALL back
+ into a token. However, having it be a string is useful since it
+ can be easily passed back to the parent rule if we so desire.
+ [b3c64b443018]
+
+ * parse.lex:
+ o Remove some unnecessary backslashes o collapse multiple !'s by
+ using !+ and checking if yyleng is even or odd. this allows us to
+ simplify ! handling in parse.yacc
+ [76330e8da8e3]
+
+ * sudo.c:
+ -u flag was being ignored
+ [e30283207585]
+
+1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ correct fix
+ [a0e2377dec8f]
+
+ * Makefile.in:
+ work around pod2man stupididy
+ [7c755640b67f]
+
+ * Makefile.in:
+ correct dependencies for .cat
+ [5ed7b0653b68]
+
+ * sudo.cat, sudo.man, visudo.cat, visudo.man:
+ regen
+ [b74510dd6a0a]
+
+ * sudo.pod, visudo.pod:
+ Add copyright Update to reality
+ [188e9b046c15]
+
+ * parse.c, sudo.c, sudo.h:
+ rename validate() to the more descriptive sudoers_lookup()
+ [7a1cb652f379]
+
+ * auth/aix_auth.c:
+ use tgetpass
+ [b8ba5daec40a]
+
+1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updates
+ [e61460cdf4a0]
- * Makefile.in: Fix install-dirs
+ * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
+ configure, configure.in, sudo.c:
+ Sudo, not CU Sudo
+ [9061b3573c0c]
+
+ * LICENSE:
+ add 4th term to license similar to term 5 in the apache license
+ [92712e895afb]
+
+ * emul/search.h, emul/utime.h:
+ add 4th term to license similar to term 5 in the apache license
+ [4f93a8b9396e]
+
+ * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
+ auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
+ auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
+ auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
+ logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ add 4th term to license similar to term 5 in the apache license
+ [afae9f2bf9ec]
+
+ * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
+ add 4th term to license similar to term 5 in the apache license
+ [c389d3fdafac]
+
+ * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
+ getspwuid.c, goodpath.c:
+ add 4th term to license similar to term 5 in the apache license
+ [969e63dbd38e]
+
+ * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
+ insults.h, logging.c, sudo.c, sudo.h:
+ there was a 1995 release too
+ [5963fd89457a]
+
+1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updates
+ [254b794f16ab]
+
+ * check.c:
+ Use dirs instead of files for timestamp. This allows tty and non-
+ tty schemes to coexist reasonably. Note, however, that when you
+ update a tty ticket, the mtime on the user dir gets updated as well.
+ [44bfac32f799]
+
+ * configure, configure.in:
+ Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
+ when linking test program, not just -lprot. Also add check for
+ getspnam(). The SCO docs indicate that /etc/shadow can be used but
+ this may be a lie.
+ [2ba21d36cc1e]
+
+1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/API:
+ first cut at auth API description
+ [3d10df021eb8]
+
+1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
+ auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
+ auth/sudo_auth.h:
+ auth API change. There is now an init method that gets run before
+ the main loop. This allows auth routines to differentiate between
+ initialization that happens once vs. setup that needs to run each
+ time through the loop.
+ [76df1c0d3478]
+
+ * auth/kerb5.c, logging.c:
+ use easprintf() and evasprintf()
+ [fd97d96dc12f]
+
+ * alloc.c, sudo.h:
+ add easprintf() and evasprintf(), error checking versions of
+ asprintf() and vasprintf()
+ [f54385de20b7]
+
+ * TODO:
+ remove 2 items. One done, one won't do.
+ [64513b47bc7a]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [4aa299de2752]
+
+ * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
+ visudo.html, visudo.man:
+ regen
+ [553c0d1209be]
+
+ * CHANGES:
+ new changes
+ [d7be00b7e36b]
+
+ * sudo.pod:
+ o Document -K flag and update meaning of -k flag. o BSD-style
+ copyright o Document clearing of BIND resolver environment variables
+ o Clarify bit about shared libs o suggest rc files create /tmp/.odus
+ if your OS gives away files
+ [4a4092be1455]
+
+ * visudo.pod:
+ BSD license
+ [ad0bfd0a4630]
+
+ * version.h:
+ BSD-style copyright
+ [ecc6479325be]
+
+ * tgetpass.c:
+ o BSD copyright o no need to block signals, we now do that in main()
+ o cosmetic changes
+ [61958beda7ab]
+
+ * testsudoers.c, visudo.c:
+ o BSD-style copyright o Use "struct sudo_user" instead of old
+ globals. o some cometic cleanup
+ [88c0c6924082]
+
+ * sudo_setenv.c:
+ BSD-style copyright
+ [df20290129a0]
+
+ * sudo.h:
+ o BSD copyright o logging and parser bits moved to their own .h
+ files o new "struct sudo_user" to encapsulate many of the old
+ globals.
+ [50fc86bf25cb]
+
+ * sudo.c:
+ o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
+ logging routines o simplified flow of control o BIND resolver
+ additions to badenv_table
+ [8c53f15bfcb0]
+
+ * strerror.c:
+ BSD-style copyright
+ [7c906c3a82ac]
+
+ * snprintf.c:
+ Now compiles on more K&R compilers
+ [07ab1d3231c7]
+
+ * putenv.c:
+ BSD-style copyright, cosmetic changes
+ [c42371295881]
+
+ * pathnames.h.in:
+ BSD-style copyright
+ [e5c34ebd4cf1]
+
+ * parse.c, parse.h, parse.lex, parse.yacc:
+ BSD-style copyright. Move parser-specific defines and structs into
+ parse.h + other cosmetic changes
+ [d3088efb6228]
+
+ * logging.h:
+ defines for logging routines
+ [13147941c02d]
+
+ * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
+ BSD-style copyright, cosmetic changes
+ [e8205e91a4fa]
-2004-04-04 20:27 millert
+ * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.h:
+ BSD-style copyright
+ [b9499da7cdce]
+
+ * configure.in:
+ o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
+ kill --disable-tgetpass o add --without-passwd o changes to fill in
+ AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
+ v?asprintf() o replace --with-AuthSRV with --with-fwtk
+ [9a3f39b9c128]
+
+ * config.h.in:
+ BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
+ HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
+ HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
+ [9a09054db53a]
+
+ * compat.h:
+ BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
+ [25509c566975]
+
+ * alloc.c:
+ BSD-style copyright
+ [4967be892363]
+
+ * TROUBLESHOOTING:
+ no more --with-getpass
+ [afd5b670c196]
+
+ * TODO:
+ Take out things I've done...
+ [375420c8270e]
+
+ * README:
+ Refer to LICENSE
+ [c486c8db30f6]
+
+ * PORTING:
+ --with-getpass no longer exists
+ [db48202df1bb]
+
+ * Makefile.in:
+ BSD-style copyright. Update to reflect reality wrt new files and
+ new auth modules.
+ [61a2ca7940fb]
+
+ * INSTALL:
+ Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
+ --without-passwd.
+ [64e8f9e1c05e]
+
+ * HISTORY:
+ Update history a bit
+ [df60c0a871b8]
+
+ * COPYING, LICENSE:
+ Now distributed under a BSD-style license
+ [d1a184ccabe1]
+
+ * auth/sudo_auth.c:
+ o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
+ options. o skey/opie replaced by rfc1938 code o new struct sudo_user
+ global
+ [891b57060868]
+
+ * auth/pam.c, auth/sia.c:
+ BSD-style copyright and use new log functions
+ [65c44445ea84]
+
+ * auth/kerb5.c:
+ o BSD-style copyright o Use new log functiongs o Use asprintf() and
+ snprintf() where sensible.
+ [1ff0feaacf95]
+
+ * check.c:
+ Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
+ done more reasonably--better sanity checks and tty-based stamps are
+ now done as files in a directory with the same name as the invoking
+ user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
+ to mix tty and non-tty based ticket schemes but this may change in
+ the future (it requires sudo to use a directory instead of a file in
+ the non-tty case). Also, ``sudo -k'' now sets the ticket back to
+ the epoch and ``sudo -K'' really deletes the file. That way you
+ don't get the lecture again just because you killed your ticket in
+ .logout. BSD-style copyright now.
+ [ec3460f85be8]
+
+ * logging.c:
+ o rewritten logging routines. log_error() now takes printf-style
+ varargs and log_auth() for the return value of validate(). o BSD-
+ style copyright
+ [438292025c4e]
+
+ * auth.c, check_sia.c, dce_pwent.c, secureware.c:
+ superceded by new auth API
+ [412060590da7]
+
+ * auth/kerb4.c:
+ BSD-style copyright
+ [cc4e800833c7]
+
+ * auth/fwtk.c:
+ Use snprintf() where it makes sense and add a BSD-style copyright
+ [1b7502388a74]
+
+ * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
+ BSD-style copyright
+ [42583bedae5c]
+
+ * emul/utime.h, utime.c:
+ BSD-style copyright
+ [3985c90aba47]
+
+ * emul/search.h:
+ this has been rewritten so use my BSD-style copyright
+ [176df1b0de6f]
+
+1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * snprintf.c:
+ include malloc.h if no stdlib.h
+ [7b123f1d1d03]
+
+ * snprintf.c:
+ KTH snprintf()/asprintf() for systems w/o them
+ [3ca9aefb9d01]
+
+ * strerror.c:
+ strerror() for systems w/o it
+ [7f0bd8a1c1b4]
+
+1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ stylistic changes
+ [6f99aceb7170]
+
+ * parse.c, parse.lex, parse.yacc:
+ Add contribution info in the main comment
+ [e50cec10acd6]
+
+1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ remove missed ref to PAM_nullpw
+ [a43e59692cdb]
+
+ * auth/sudo_auth.h:
+ pasto
+ [891ff138ab89]
+
+ * auth/kerb5.c:
+ more or less complete now--still untested
+ [21036732faa0]
+
+ * auth/afs.c, auth/pam.c:
+ don't use user_name macro, it will go away
+ [def7cf727349]
+
+ * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
+ combine skey/opie code into rfc1938.c
+ [44d88ca93d3e]
+
+ * auth/dce.c, auth/sudo_auth.h:
+ DCE authentication method; basically unchanged from dce_pwent.c
+ [4d468473dd6f]
+
+ * auth/aix_auth.c, auth/sudo_auth.h:
+ AIX authenticate() support. Could probably be much better
+ [000013321a33]
+
+ * auth/sia.c:
+ Fix an uninitialized variable and some cleanup. Now works (tested)
+ [fd6ad88ff055]
+
+ * auth/sia.c, auth/sudo_auth.h:
+ SIA support for digital unix
+ [5335f3e70eab]
+
+ * auth/pam.c:
+ don't use prompt global, it will go away
+ [fadd22dd6ce4]
- * visudo.c: In Exit() when used as a signal handler, emsg is a
- pointer so sizeof() is wrong so make it a #define instead. Also
- avoid using a negative exit value. Found by Aaron Campbell
+ * auth/secureware.c:
+ correct copyright years
+ [6aa07c49f51b]
-2004-03-24 18:23 millert
+ * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
+ auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
+ auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
+ New authentication API and methods
+ [9debe9b59c79]
- * sudoers.pod: Remove bogus sentence about uids in a User_List.
- Document usernames vs. uid parsing in a Runas_List.
+1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-03-24 18:06 millert
+ * sudo.tab.c:
+ regen
+ [84578e82c1a6]
- * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: If
- the user specified a uid with the -u flag and the uid exists in
- the passwd file, set runas_user to the name, not the uid.
+ * parse.yacc:
+ only save an entry if user_matches && host_matches, even if the
+ stack is empty (fix for previous commit)
+ [00984b078d8a]
- When comparing usernames in sudoers, if a name is really a uid
- (starts with '#') compare it numerically to pw_uid.
+ * sudo.tab.c:
+ regen
+ [66acf160b4b7]
-2004-03-22 13:35 millert
+ * parse.yacc:
+ 1) Always save an entry on the stack if it is empty. This fixes the
+ -l and -v flags that were broken by earlier parser changes.
- * auth/kerb5.c: krb5_mcc_ops should be const; Johnny C. Lam
+ 2) In a Runas list, don't negate FALSE -> TRUE since that would make
+ !foo match any time the user specified a runas user (via -u) other
+ than foo.
+ [f322eb54b015]
-2004-02-28 18:54 aaron
+ * testsudoers.c:
+ interfaces and num_interfaces are now auto, not extern
+ [113add5c6518]
- * CHANGES, config.h.in, ldap.c: Added start_tls support
+1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-02-14 18:04 millert
+ * auth.c:
+ use a static global to keep stae about empty passwords
+ [bc02e30807d8]
- * Makefile.in: Clean up libtool stuff for 'make distclean' and add
- def_data.c, def_data.h to PARSESRCS.
+ * check_sia.c:
+ make PASSWORD_NOT_CORRECT logging consistent with other modules
+ [21962549d5fd]
-2004-02-14 10:13 aaron
+1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * strlcat.c, strlcpy.c: Un-Fix last license munge
+ * auth.c:
+ PAM prompt code was wrong, looks like we have to kludge it after
+ all.
+ [91f246155ead]
-2004-02-13 16:37 millert
+ * auth.c:
+ In the PAM code, when a user hits return at the first password
+ prompt, exit without a warning just like the normal auth code
+ [918f59bacdb7]
- * CHANGES, RUNSON, TODO: checkpoint
+ * configure, configure.in:
+ kludge around cross-compiler false positives
+ [5e5fc8356400]
-2004-02-13 16:37 millert
+ * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
+ New (correct) PAM code Tgetpass now takes an echo flag for use with
+ PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
+ useless umask setting Change error from BAD_ALLOCATION ->
+ BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
+ for consistency
+ [e71397f09dd8]
- * lex.yy.c, configure: regen
+ * sudo.c:
+ Some -Wall and kill some trailing spaces
+ [8229b43d5c4e]
-2004-02-13 16:36 millert
+ * configure.in:
+ define -D__EXTENSIONS__ for solaris so we get crypt() proto
+ [7533e4436cab]
- * LICENSE, Makefile.binary, Makefile.in, alloc.c, check.c,
- closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
- find_path.c, getprogname.c, getspwuid.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- interfaces.h, ldap.c, logging.c, logging.h, parse.c, parse.h,
- parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c,
- strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in,
- sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.man.in,
- sudoers.pod, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c, visudo.man.in, visudo.pod, zero_bytes.c, auth/afs.c,
- auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
- auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
- auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
- emul/search.h, emul/utime.h: More to a less restrictive,
- ISC-style license.
+1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-02-12 21:08 aaron
+ * RUNSON:
+ add Dynix 4.4.4
+ [b69f773efbce]
- * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in,
- def_data.c, def_data.h, def_data.in, ldap.c, sudo.c, sudo.h,
- sudoers2ldif: Merged in LDAP Support
+ * INSTALL, config.h.in, configure, configure.in:
+ for kerberos V < version, fall back on old kerb4 auth code
+ [d685ed3a1d8e]
-2004-02-08 15:53 millert
+ * INSTALL:
+ clarify some things
+ [2f5ba2e8e53a]
- * sudo.h, sudo_noexec.c: Only do "extern int errno" if errno is not
- a macro.
+ * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
+ typos
+ [8925a109c093]
-2004-02-06 18:08 millert
+1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c: setreuid(0, 0) fails on QNX if the euid is not
- already 0 so set the euid first, then just call setuid(0) to set
- the real uid too.
+ * sudo.c:
+ mention why DONT_LEAK_PATH_INFO is not the default
+ [0346260cb4ec]
-2004-02-06 14:52 millert
+1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c: Use setresuid() and setreuid() for PERM_RUNAS when
- appropriate instead of seteuid() which may not exist.
+ * tgetpass.c:
+ Fix open(2) return value checking, was NULL for fopen, should be -1
+ for open
+ [355878bf6d8a]
-2004-02-04 14:58 millert
+ * configure:
+ regen
+ [68bf82871862]
- * LICENSE: 2004
+ * configure.in:
+ better wording for solaris pam notice
+ [04e88c7a6c42]
-2004-02-03 23:38 millert
+ * CHANGES:
+ document recent changes
+ [7c922c5622ef]
- * INSTALL, config.h.in, configure, configure.in, ins_classic.h: Add
- --with-pc-insults configure option
+ * TROUBLESHOOTING:
+ Update shadow password section
+ [e8448bae7d66]
-2004-02-03 23:32 millert
+ * auth.c:
+ move authentication code from check.c to auth.c
+ [e9f6ecae2399]
- * visudo.man.in: Prefer VISUAL over EDITOR like old vipw did.
+ * Makefile.in, check.c, sudo.h:
+ move authentication code to auth.c
+ [124cded85f46]
-2004-02-01 15:45 millert
+1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.man.in, sudoers.man.in: regen
+ * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
+ getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
+ logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
+ sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
+ visudo.c:
+ Move interface-related defines to interfaces.h so we don't have to
+ include <netinet/in.h> everywhere.
+ [e7599d8ea0bf]
-2004-02-01 15:44 millert
+1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Add a note that noexec is not a cure-all.
+ * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
+ parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
+ o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
+ turns out the old DES crypt does the right thing with passwords
+ longert than 8 characters. o Fix common typo (necesary ->
+ necessary) o Update TODO list
+ [ad75007a6f13]
-2004-02-01 15:20 millert
+1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Mention that disabling "root_sudo" is pretty
- pointless.
+ * sudo.c:
+ set $LOGNAME when we set $USER
+ [391596210fd7]
-2004-02-01 15:20 millert
+1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Substitute for root_sudo in sudoers.pod
+ * INSTALL:
+ add comment about digital unix and interfaces.c warning with gcc
+ [e20f815901cc]
-2004-02-01 15:03 millert
+1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod: Add sudoedit to the NAME section
+ * sample.sudoers:
+ use modern paths and give examples for some of the new parser
+ features
+ [e7b2e507c695]
-2004-02-01 15:00 millert
+1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: Document that fact that setting ignore_dot in
- sudoers has no effect due to the fact that find_path() is called
- *before* sudoers is read.
+ * parse.c:
+ fix comment
+ [5eb0d005a65f]
-2004-01-29 19:50 millert
+ * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
+ getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
+ parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ Function names should be flush with the start of the line so they
+ can be found trivially in an editor and with grep
+ [3c400abde574]
+
+ * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
+ sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
+ free(3) is already void, no need to cast it
+ [6981e1ebda0f]
+
+ * logging.c, sudo.c, sudo.h:
+ catch case where cmnd_safe is not set (this should not be possible)
+ [3e1e3038546c]
+
+ * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
+ testsudoers.c, visudo.c:
+ Stash the "safe" path (ie: the one listed in sudoers) to the command
+ instead of stashing the struct stat. Should be safer.
+ [aa2883fcf57e]
+
+1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, Makefile.in, UPGRADE:
+ notes on updating from an earlier release
+ [df9fffa4ab2c]
+
+ * CHANGES:
+ updated
+ [574f5065d15a]
+
+1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
+ sudoers.man, sudoers.pod:
+ You can now specifiy a host list instead of just a host or alias.
+ Ie: user = host1,host2,ALIAS,!host3 my_command now works.
+ [e3942bb78021]
+
+ * testsudoers.c:
+ Quiet -Wall
+ [a3edc8b08c3a]
+
+ * parse.yacc, sudo.tab.c:
+ Move the push from the beginning of cmndspec to the end. This means
+ we no longer have to do a push at the end of privilege, just reset
+ some values.
+ [8ea66e5860c6]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
+ use "!" most everywhere
+ [aadae4d1c9d5]
+
+1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ modernize paths and update su example based on sample.sudoers one
+ [3f6a37e16c83]
+
+ * sample.sudoers:
+ New runas semantics
+ [756ee92865b7]
+
+ * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
+ strdup.c, sudo.h:
+ In estrdup(), do the malloc ourselves so we don't need to rely on
+ the system strdup(3) which may or may not exist. There is now no
+ need to provide strdup() for those w/o it. Also, the prototype for
+ estrdup() was wrong, it returns char * and its param is const.
+ [5f1f984da8e3]
+
+ * getcwd.c:
+ $Sudo tag
+ [e4188a35e68c]
+
+ * check.c:
+ buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
+ [2aec87c86cde]
+
+ * CHANGES, TODO, parse.yacc, sudo.tab.c:
+ It is now possible to use the '!' operator in a runas list as well
+ as in a Cmnd_Alias, Host_Alias and User_Alias.
+ [a4fdaabda990]
+
+ * logging.c, sudo.h:
+ Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
+ [73d0376785ae]
+
+ * sudo.h:
+ Definitions of *_matched were wrong--user top, not top-2 as
+ subscript.
+ [5f8350a57362]
+
+ * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
+ Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
+ command but the NOPASSWD flag was set. Make runasspec, runaslist,
+ runasuser, and nopasswd typeless in parse.yacc Add support for '!'
+ in the runas list Fix double printing of '%' and '+' for groups and
+ netgroups respectively Add *_matched macros (no need for local stack
+ variable). Should only be used directly after a pop (since top must
+ be >= 2).
+ [392b1400c4e6]
+
+ * aclocal.m4, configure.in:
+ Add copyright, somewhat silly
+ [55c2cdd82dca]
+
+1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
+ compat.h, config.h.in, configure, configure.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
+ ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+ lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
+ putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
+ sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
+ visudo.man:
+ Crank version to 1.6 and combine copyright statements
+ [0e1c791658ae]
+
+ * sample.sudoers:
+ Use ! not ^ to do negation
+ [1480a0761730]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [89ca5a46684b]
+
+ * parse.lex, parse.yacc:
+ Make runas and NOPASSWD tags persistent across entris in a command
+ list. Add a PASSWD tag to reverse NOPASSWD. When you override a
+ runas or *PASSWD tag the value given becomes the new default for the
+ rest of the command list.
+ [f1bbb4066542]
+
+1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, RUNSON:
+ update for 1.5.9
+ [a1ae9d4a7d54] [SUDO_1_5_9]
+
+ * visudo.c:
+ Shift return value of system(3) by 8 to get real exit value and if
+ it is not 1 or 0 print the retval along with the error message.
+ [c1ff50d743fb]
+
+1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ testsudoers needs LIBOBJS too
+ [972571b4e4bf]
+
+ * parse.c, parse.yacc, sudo.tab.c:
+ Fix another parser bug. For a sudoers entry like this: millert
+ ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
+ as root.
+ [51968e1eb33d]
+
+ * CHANGES:
+ new change
+ [271c6110bb62]
+
+ * parse.yacc, sudo.tab.c:
+ Save entries that match a ! command on the matching stack too
+ [5afb5107116c]
+
+ * sudo.c:
+ Make sudo's usage info better when mutually exclusive args are given
+ and don't rely on argument order to detect this; nick@zeta.org.au
+ [2422753c88fd]
+
+1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, Makefile.in, RUNSON:
+ updates from CU
+ [b37381e3dafb]
+
+ * Makefile.in:
+ use gzip
+ [94a64e52a166]
+
+ * parse.yacc, sudo.tab.c:
+ Fix off by one error introduced in *alloc changes
+ [95ede581153a]
- * sudo_edit.c: Do not require _PATH_USRTMP to be set.
+ * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
+ check_sia.c, compat.h, config.h.in, configure, configure.in,
+ dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
+ sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
+ sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
+ ++version
+ [c6d88f024e37]
-2004-01-29 19:42 millert
+ * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
+ interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
+ putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
+ sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
+ Use emalloc/erealloc/estrdup
+ [44221d97361a]
- * BUGS, CHANGES, TODO: sync
+ * alloc.c:
+ error checking memory allocation routines
+ [5f8c1e7bbc71]
-2004-01-29 19:42 millert
+ * parse.yacc, sudo.tab.c:
+ Still not right, this fixes it for real
+ [ad553b6f5339]
- * sudo.man.in: regen
+ * parse.yacc, sudo.tab.c:
+ Fix for previous commit
+ [4d6f989f9bf2]
-2004-01-29 19:41 millert
+ * CHANGES, INSTALL, parse.yacc:
+ Fix a parser bug that was exposed when mixing different runas specs
+ and ! commands. For example: millert ALL=(daemon)
+ /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
+ as well as daemon when it should just allow daemon. The problem was
+ that comma-separated commands in a list shared the same entry on the
+ matching stack. Now they get their own entry iff there is a full
+ match. It may be better to just make the runas spec persistent
+ across all commands in a list like the user and host entries of the
+ matching stack. However, since that is a fairly major change it
+ should gets its own minor rev increase.
+ [c4b939cdcc8e]
- * sudo.pod: Clarify that when sudo is run by root with the
- SUDO_USER variable set, the sudoers lookup happens for root and
- not the SUDO_USER user.
+1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-29 17:33 millert
+ * check.c, config.h.in:
+ Simplify PAM code and fix a PAM-related warning on Linux
+ [2468399523b6]
- * defaults.c, env.c, fnmatch.c, interfaces.c, logging.c, parse.c,
- set_perms.c, sigaction.c, sudo.c, tgetpass.c, auth/pam.c,
- auth/sudo_auth.c: Use the SET, CLR and ISSET macros.
+1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-29 16:22 millert
+ * CHANGES:
+ updates
+ [29d4a997769c]
- * interfaces.h: MAIN was replaced with _SUDO_MAIN some time ago.
+ * sample.sudoers:
+ better su entry
+ [76d8285a72ba]
-2004-01-29 16:15 millert
+ * configure:
+ regen
+ [b7450cc6975d]
- * sudo.c: Don't look at prev_user until after we've parsed sudoers
- and done the password check. That way, if sudo/sudoedit is run
- from a root process that was invoked by sudo, we check sudoers
- for root, not the previous user. This makes sudoedit much more
- useful and means that for the sudo case, we get correct logging
- on who actually ran the command.
+ * check.c, configure.in:
+ new pam code that works on solaris, should work on linux too;
+ aelberg@home.com
+ [84c16c0ff259]
-2004-01-22 19:22 millert
+1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_edit.c: Add a comment describing why we need to be notified
- about our child stopping.
+ * RUNSON:
+ more entries
+ [b6bef8660759]
-2004-01-22 16:06 millert
+ * config.h.in:
+ only include strings.h if there is no string.h
+ [b66054a32b00]
- * def_data.c, def_data.in: Update the noexec variable descriptions
+1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-22 14:18 millert
+ * config.guess:
+ Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
+ [c086d2fe63af]
- * sudoers.man.in, sudoers.pod: noexec now replaces more than just
- execve()
+1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-22 12:14 millert
+ * sudo.c:
+ shost must be set before log functions are called #ifdef HOST_IN_LOG
+ [d49a7944358f]
- * sudo_noexec.c: Alas, all the world does not go through execve(2).
- Many systems still have an execv(2) system call, Linux 2.6
- provides fexecve(2) and it is not uncommon for libc to have
- underscore ('_') versions of the functions to be used internally
- by the library. Instead of stubbing all these out by hand,
- define a macro and let it do the work. Extra exec functions
- pointed out by Reznic Valery.
+1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-21 21:57 millert
+ * CHANGES, lex.yy.c, parse.lex:
+ Fix a bug wrt quoting characters in command args. Stop processing
+ an arg when you hit a backslash so the quoted-character detection
+ can catch it.
+ [2281438d7f41]
- * sudo.c, sudo_edit.c: Fix suspending the editor in -e mode.
- Because we do a fork() first we need to be notified when the
- child has been stopped and then send that same signal to ourself
- so the shell can do its job control thing.
+1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-21 21:44 millert
+ * interfaces.c:
+ include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
+ [31118a9e9916]
- * visudo.c: Use WIFEXITED and WEXITSTATUS macros. If there are
- systems out there that want to run sudo that still don't support
- these we can try to deal with that later.
+1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-21 20:03 millert
+ * configure, configure.in:
+ add missing case statement so --without-sendmail works
+ [ca25614f7dd9]
- * lex.yy.c: regen
+1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-21 20:00 millert
+ * CHANGES:
+ more
+ [4d70e44f7f93]
- * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod: Document sudo
- -e / sudoedit
+1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-21 19:08 millert
+ * configure, configure.in:
+ only search for -lsun in irix <= 4.x
+ [e604238317b1]
- * configure, configure.in: fix typo
+ * configure, configure.in:
+ back out last configure.in change now that I've hacked autoconf to
+ fix the real problem and add a missing newline
+ [2dabf59a79b5]
-2004-01-21 19:02 millert
+ * CHANGES:
+ updated
+ [bb35d526552f]
- * config.h.in, configure.in: Add SET/CLR/ISSET
+ * getcwd.c:
+ add def of dirfd() for those without it
+ [95f0173d8441]
-2004-01-21 18:55 millert
+ * configure, configure.in:
+ When falling back to checking for socket() when linking with
+ "-lsocket -lnsl" check for main() instead since autoconf has already
+ cached the results of checking for socket() in -lsocket. This is
+ really an autoconf bug as it should use the extra libs as part of
+ the cache variable name.
+ [a845f8b710ad]
- * sudo.c: Allow non-exclusive flags when invoked as sudoedit.
- Pretty print the long usage() line to not wrap (assumes 80 char
- display)
+ * configure.in:
+ typo
+ [a7d62f62a478]
-2004-01-21 18:01 millert
+1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, sudo.c: If sudo is invoked as "sudoedit" the -e flag
- is implied and no other flags are permitted.
+ * configure.in:
+ fix occurrence of $with_timeout that should be
+ $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
+ bochum.de
+ [8c4da2cf73d1]
-2004-01-21 18:00 millert
+1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.h: Add a new flag, -e, that makes it possible to give users
- the ability to edit files with the editor of their choice as the
- invoking user, not the runas user. Temporary files are used for
- the actual edit and the temp file is copied over the original
- after the editor is done.
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ fix grammar; espie@openbsd.org
+ [7031d9dfbc3e] [SUDO_1_5_8]
-2004-01-21 17:25 millert
+1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: Add a new
- flag, -e, that makes it possible to give users the ability to
- edit files with the editor of their choice as the invoking user,
- not the runas user. Temporary files are used for the actual edit
- and the temp file is copied over the original after the editor is
- done.
+ * parse.yacc, sudo.c, testsudoers.c:
+ add cast for strdup in places it does not have it
+ [7ce4478d3b0f]
-2004-01-21 17:06 millert
+1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c, env.c: If real uid == 0 and the SUDO_USER environment
- variables is set, use that to determine the invoking user's true
- identity. That way the proper info gets logged by someone who
- has done "sudo su" but still uses sudo to as root. We can't do
- this for non-root users since that would open up a security hole,
- though perhaps it would be acceptable to use getlogin(2) on OSes
- where this a system call (and doesn't just look in the utmp
- file).
+ * configure, configure.in:
+ define for_BSD_TYPES irix
+ [858337ff4af8]
-2004-01-21 16:58 millert
+1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * pathnames.h.in: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
+ * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Make it clear that it is the user's password, not root's, that we
+ want.
+ [ae0f51b35ee4]
-2004-01-21 16:57 millert
+ * check.c, sudo.h:
+ If the user enters an empty password and really has no password,
+ accept the empty password they entered. Perviously, they could
+ enter anything
+ *but* an empty password. Also, add GETPASS macro that calls either
+ tgetpass() or getpass() depending on how sudo was configured.
+ Problem noted by jdg@maths.qmw.ac.uk
+ [2fde21ce94c1]
- * configure, config.h.in, configure.in: Add check for fchown(2)
+1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-20 14:22 millert
+ * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
+ dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ add explicate copyright
+ [d3b4449834a5]
- * sudo.c: Back out portions of the -i commit that set NewArgv[0] in
- set_runaspw. It is far to late to set NewArgv[0] there and will
- have no effect anyway as cmnd and safe_cmnd have already been
- set.
+ * CHANGES:
+ mention -lsocket, -lnsl configure changes
+ [9140af4ad8ae]
-2004-01-20 14:18 millert
+1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c, visudo.pod: Prefer VISUAL over EDITOR like old vipw
- did.
+ * sudo.c:
+ Don't clobber errno after calling check_sudoers().
+ [59bd581b2654]
-2004-01-18 20:17 millert
+1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c, sudo.c: In -i mode always set new environment based on the
- runas user's passwd entry.
+ * configure, configure.in:
+ When linking with both -lsocket and -lnsl be sure to do so in that
+ order. Also, when we can't find socket() or inet_addr() and have to
+ try linking with both libs, issue a warning.
+ [0ee547163067]
-2004-01-18 17:56 millert
+ * sudo.cat, sudo.man, sudo.pod:
+ clarify bad timestamp and fmt
+ [70e42cf56c75]
- * sudo.man.in, sudo.pod: Document the new -i flag and sync SYNOPSIS
- section with usage() in sudo.c. Also sort the flags in the
- OPTIONS section.
+1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-18 17:55 millert
+ * INSTALL, RUNSON:
+ be clear that pam is linux-only and add a RUNSON entry
+ [7fdeab875e0d]
- * sudo.c, sudo.h: o Add -i that acts similar to "su -", based on
- patches from David J. MacKenzie o Sort the flags in the usage
- message
+1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-18 17:22 millert
+ * CHANGES, INSTALL, configure, configure.in:
+ fix and correctly document --with-umask; problem noted by
+ adap@adap.org
+ [11cd0481d63a]
- * sudoers.man.in, sudoers.pod: Add a missing @runas_default@
- substitution.
+1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-17 16:34 millert
+ * configure, configure.in:
+ only use /usr/{man,catman}/local to store man pages if suer didn't
+ override prefix or mandir
+ [781ad2cbe9be]
- * sudo.c: Change euid to runas user before calling find_path().
- Unfortunately, though runas_user can be modified in sudoers we
- haven't parsed sudoers yet.
+ * INSTALL, configure, configure.in:
+ fix typo, make --with-SecurID take an arg
+ [026a9b4014fc]
-2004-01-17 16:25 millert
+1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.man.in, sudoers.pod: Add missing defintion of
- Parameter_List and use single pipes in the Defaults EBNF
- definition.
+ * RUNSON:
+ updates from users
+ [2286982b31e6]
-2004-01-17 13:49 millert
+ * CHANGES, INSTALL, check.c, configure, configure.in:
+ FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
+ [23aa4e5c6b02]
- * sudo.c: Fix a bug when set_runaspw() is used as a callback. We
- don't want to reset the contents of runas_pw if the user
- specified a user via the -u flag.
+ * configure, configure.in:
+ better fix for the problem of unresolved symbols in -lnsl or
+ -lsocket
+ [82fe70fc287f]
- Avoid unnecessary passwd lookups in set_authpw(). In most cases
- we already have the info in runas_pw.
+ * configure, configure.in:
+ when checking for functions in -lnsl and -lsocket link with both of
+ them to avoid unresolved symbols on some weirdo systems
+ [1734a591808e]
-2004-01-16 18:16 millert
+1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c: Add Stan Lee / Uncle Ben quote to the lecture from
- RedHat
+ * BUGS, CHANGES, RUNSON, TODO:
+ old changes that didn't make it into RCS before the RCS->CVS switch
+ [846eb2b8f9aa]
-2004-01-16 18:12 millert
+1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.h: Update sudo_getepw() proto and add one for set_runaspw()
+ * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
+ configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
+ getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
+ lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+ secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
+ sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
+ visudo.pod:
+ add sudo tags
+ [962f81eaa5ab]
+
+ * sudo.h:
+ testing Sudo tag
+ [e84cbc521129]
+
+ * version.h:
+ testing Sudo tag
+ [a8c3a3998b88]
+
+ * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
+ config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
+ find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
+ logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+ secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
+ sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
+ utime.c, version.h, visudo.c, visudo.cat, visudo.man:
+ crank version and regen files
+ [23eacf00a1a4]
+
+ * Makefile.in:
+ kill rcs goop in update_version and fix now that version is a const
+ [e6e50bd8d1e1]
+
+ * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
+ sudo.c, sudo.h, sudo.pod:
+ kerb5 support from fcusack@iconnet.net
+ [8134027986e2]
+
+ * realpath.c, sudo_realpath.c:
+ we no longer use realpath
+ [0f5f64abc646]
+
+ * qualify.c:
+ replaced by find_path.c
+ [9e32a87e09c4]
+
+ * options.h:
+ all options are now configure flags
+ [ee6bd9610102]
+
+ * lex.yy.c:
+ regen
+ [bdbf8a18161f]
+
+ * getwd.c:
+ superceded by getcwd.c
+ [1e54ee0990b4]
+
+ * getpass.c:
+ superceded by tgetpass.c
+ [4e0d1edc30e3]
+
+ * SUPPORTED:
+ superceded by RUNSON
+ [854c5a21cb53]
+
+ * OPTIONS:
+ No longer used now that we have configure options for everything.
+ [9b1ae1c89259]
+
+ * configure:
+ regen based on configure.in
+ [3a4d73936973]
+
+ * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
+ sudoers.man, visudo.cat, visudo.html, visudo.man:
+ regen based on sudo.pod, sudoers.pod, and visudo.pod
+ [c267beb90778]
+
+1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fix tty tickets in remove_timestamp (didn't use ':')
+ [fd964a74a32b]
+
+1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ close sock when we are done with it
+ [95de0380f8a4]
+
+1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ never say "error on line -1"
+ [361db1491121]
+
+1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ check for -lnsl before -lsocket
+ [8e966d6bbcb5]
-2004-01-16 18:10 millert
+ * configure.in:
+ quote '[', ']' used in ranges correctly
+ [fa4f9c6ff651]
- * parse.c: If we can't stat the command as root, try as the runas
- user instead.
+1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-16 18:09 millert
+ * config.h.in:
+ add missing NO_ROOT_SUDO noted by drno@tsd.edu
+ [c969f25d1667]
- * testsudoers.c, visudo.c: Add stub set_runaspw() function
+1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-16 18:09 millert
+ * version.h:
+ 1.5.7
+ [7a22de0bc148]
- * sudo.c: Add set_runaspw() function to fill in runas_pw. This
- will be used as a callback to update runas_pw when the runas user
- changes.
+ * INSTALL:
+ more info for 1.5.7
+ [30ad9e784799]
-2004-01-16 18:07 millert
+ * README:
+ update for 1.5.7
+ [cd03a0a27cd2]
- * env.c, sudo.c: PERM_RUNAS -> PERM_FULL_RUNAS
+ * parse.yacc:
+ make increases of cm_list_size and ga_list_size be similar to
+ increases of stacksize (ie: >= not > in initial compare).
+ [6bd450a896c7]
-2004-01-16 18:05 millert
+ * parse.yacc:
+ when we get a syntax error, report it for the previous line since
+ that's generally where the error occurred.
+ [c4ac84058f0b]
- * set_perms.c, sudo.h: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add
- a PERM_RUNAS that just changes the euid.
+1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-16 18:04 millert
+ * config.h.in, configure.in, interfaces.c:
+ add back check for sys/sockio.h but only use it if SIOCGIFCONF is
+ not defined
+ [d197f31fd1e4] [SUDO_1_5_7]
- * getspwuid.c: Make sudo_pwdup() act like OpenBSD pw_dup() and
- allocate memory in one chunk for easy free()ing. Also change it
- from static to extern.
+ * config.h.in:
+ define BSD_COMP for svr4
+ [87ac1147ff79]
-2004-01-16 18:03 millert
+ * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
+ goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
+ parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ more -Wall
+ [d98e2d32db2a]
- * defaults.c, defaults.h: Add callback support
+ * configure.in:
+ kill check for sockio,h
+ [4399779014c1]
-2004-01-16 18:02 millert
+ * config.h.in:
+ no more HAVE_SYS_SOCKIO_H
+ [67484528e347]
- * def_data.c, def_data.in, mkdefaults: Add a callback field and use
- it for runas_default
+ * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
+ goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
+ parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ -Wall
+ [2b7e83976788]
-2004-01-15 15:13 millert
+1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/fwtk.c: Add support for chalnecho and display server
- responses used by fwtk >= 2.0
+ * sudo.c:
+ add missing inform_user()
+ [8689528c6d55]
-2004-01-12 18:39 millert
+1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.man.in, sudoers.pod: ld.so is ld.so.1 on solaris
+ * find_path.c:
+ return NOT_FOUND if given fully qualified path and it does not exist
+ previously it would perror(ENOENT) which bypasses the option to not
+ leak path info
+ [ccbc3d0130ae]
-2004-01-12 14:03 millert
+ * configure.in:
+ for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
+ -ldes
+ [c77d3b484ece]
- * Makefile.in, config.h.in, configure, configure.in, sudo.c,
- sudo.h: Use closefrom() instead of doing the equivalent inline.
+1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-12 13:55 millert
+ * INSTALL:
+ tty tickets are user:tty now
+ [a53a303a614d]
- * closefrom.c: closefrom(3) for systems w/o it
+ * check.c:
+ when using tty tickets make it user:tty not user.tty as a username
+ could have a '.' in it
+ [3160b3f5c890]
-2004-01-09 16:29 millert
+1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.man.in: Update from .pod file.
+ * sudo.c:
+ add "ignoring foo found in ." for auth successful case
+ [24257169e0bd]
-2004-01-09 16:26 millert
+1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Substitute noexec_file for the sudoers
- man page
+ * sudo.c:
+ add missing printf param
+ [8c905124f777]
-2004-01-09 16:24 millert
+1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.man.in, sudo.pod: Mention noexec
+ * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
+ go back to printing "command not found" unless --disable-path-info
+ specified. Also, tell user when we ignore '.' in their path and it
+ would have been used but for --with-ignore-dot.
+ [066e118c11e4]
-2004-01-09 16:16 millert
+ * check.c, sudo.c:
+ Only one space after a colon, not two, in printf's
+ [38452f4c8007]
- * sudoers.man.in, sudoers.pod: Document noexec
+1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-09 14:38 millert
+ * sudo.pod:
+ document setting $USER
+ [80557fe6aede]
- * config.h.in, configure.in, auth/pam.c: Move PAM_CONST macro
- definition from config.h to pam.c where it belongs. We can't
- have this in config.h since that gets included too early.
+ * check.c:
+ fix bugs with prompt expansion
+ [44c4fca5f009]
-2004-01-09 14:35 millert
+ * sudo.c:
+ set $USER for root too
+ [4b525e1c6269]
- * config.h.in, configure, configure.in, auth/pam.c: Some PAM
- implementations put their headers in /usr/include/pam instead of
- /usr/include/security.
+1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-09 14:32 millert
+ * getspwuid.c:
+ typo
+ [5107446f43e0]
- * configure.in: I missed changing the EXEC macro -> EXECV here when
- I changed this in config.h.in and sudo.c a while ago.
+ * configure.in:
+ HP-UX's iscomsec is in -lsec, not libc
+ [03c9f700b795]
-2004-01-09 13:15 millert
+ * configure.in:
+ remove some entries in the OS case statement that did nothing
+ [ea96e7e0f624]
- * acsite.m4: OpenBSD vax/m88k/hppa don't do shared libs
+ * TROUBLESHOOTING:
+ add "cd" section and flush out syslog section
+ [5107f7363b78]
-2004-01-09 03:29 millert
+ * Makefile.in:
+ no more sudo-lex.yy.c
+ [ed50826efbbc]
- * configure, configure.in: o merge the hpux case entries into a
- single entry w/ its own sub-case statement. o HP-UX >= 11
- support getspnam(), use it in preference to getprpwuid()
+ * check_sia.c:
+ add custom prompt support
+ [6a285cea10b7]
-2004-01-09 02:58 millert
+ * testsudoers.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity
+ [eee31052921e]
- * configure, configure.in: eval $shrext so that it expands nicely
- on MacOS X
+ * sudo.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity set $USER if -u specified
+ [9f3753461f8a]
-2004-01-09 02:50 millert
+ * parse.yacc:
+ kill perror("malloc") since we already have a good error messages
+ [849459088ac3]
- * Makefile.in: Don't lie about making a module, it does the wrong
- thing on mach
+ * parse.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity when checking if %group matches, look up
+ user in password file so that %groups works in a RunAs spec.
+ [0489b4ecc59a]
-2004-01-09 02:49 millert
+ * logging.c:
+ kill perror("malloc") since we already have a good error messages
+ [3191a18b3526]
- * ltmain.sh: Remove requirement that libs must begin with "lib".
- They don't when we point directly at the lib using LD_PRELOAD or
- its equivalent.
+ * check.c, getspwuid.c, interfaces.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity
+ [7193fdb38cf9]
-2004-01-09 02:01 millert
+1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * acsite.m4: Disable support for c++, f77 and java. We don't need
- it, it takes a lot of time, and it hosed our check for shared lib
- support.
+ * tgetpass.c:
+ the prompt is expanded before tgetpass is called
+ [0f408f508041]
-2004-01-09 02:00 millert
+ * sudo.h:
+ tgetpass now has the same args as getpass again
+ [b6778cd9d79f]
- * configure: regen
+ * getspwuid.c:
+ add iscomsec, issecure support
+ [007be7ec7ae7]
-2004-01-09 02:00 millert
+ * check.c:
+ we now expand any %h or %u in the prompt before passing to tgetpass
+ [f3db8c9ee387]
- * configure.in: Call AC_ENABLE_SHARED and check the status of
- enable_shared to know when shared libs are available.
+ * configure.in:
+ add check for syslog(3) in -lsocket, -lnsl, -linet
+ [5a96f902ce00]
-2004-01-09 01:37 millert
+ * config.h.in:
+ add HAVE_ISCOMSEC and HAVE_ISSECURE
+ [f640b0d4cf05]
- * acsite.m4: Duh, OpenBSD suports shared libs too
+ * configure.in:
+ add check for iscomsec in HP-UX
+ [b28b249040f0]
-2004-01-09 01:18 millert
+ * configure.in:
+ check for issecure if we have getpwanam on SunOS some options are
+ incompatible with DUNIX SIA check for dispcrypt on DUNIX
+ [a49d05d9c913]
- * configure.in, config.h.in: Only OpenPAM and Linux PAM use const
- qualifiers.
+1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-09 01:15 millert
+ * config.h.in:
+ add HAVE_DISPCRYPT
+ [7376d543d8d6]
- * configure, configure.in: o No need to check for sed, libtool
- config does that for us o move check for --with-noexec until
- after libtool magic is run so we can use $can_build_shared and
- $shrext
+ * secureware.c:
+ add back support for non-dispcrypt based checking for older DUNIX
+ [977b98e936be]
-2004-01-09 01:14 millert
+ * INSTALL:
+ sia changes
+ [c5387c06e30f]
- * ltmain.sh: Don't print a bunch of crap about library installs
- since we are not really installing a library.
+ * configure.in:
+ SIA becomes the default on Digital UNIX now havbe --disable-sia to
+ turn it off...
+ [3b647558ea13]
-2004-01-09 00:38 millert
+ * check.c:
+ move local includes after system ones
+ [b2abad4c4aef]
- * env.c: Make format_env() varargs Add noexec support for Darwin,
- MacOS X, Irix, and Tru64
+1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-09 00:32 millert
+ * check.c, check_sia.c, sudo.h:
+ add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
+ stderr
+ [547cbf299661]
- * acsite.m4, ltconfig, ltmain.sh: Update to libtool 1.5 with local
- changes: o no ldconfig in the finish step o assume no libprefix
- or version is needed
+ * check_sia.c:
+ fix while loop in sia_attempt_auth() that checks the password. Only
+ the first iteration was working.
+ [1886fd1ac831]
-2004-01-09 00:15 millert
+1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo_noexec.c: Fix compilation under K&R
+ * aclocal.m4:
+ don't trust UID_MAX or MAXUID
+ [2aeddb1654d8]
-2004-01-06 09:31 millert
+ * configure.in:
+ fix two pastos
+ [c18f0a10b75d]
- * CHANGES: checkpoint
+ * configure.in:
+ fix typo
+ [1eb3190ef12d]
-2004-01-06 09:28 millert
+ * getspwuid.c, secureware.c:
+ init crypt_type to INT_MAX since it is legal to be negative in DUNX
+ 5.0
+ [cefbde04822d]
- * sudo_noexec.c: stub execve() that just returns EACCES; used for
- noexec functionality
+ * configure.in:
+ for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
+ -ldb since DUNX < 4.0 lacks it
+ [e6b11d971068]
-2004-01-06 01:42 millert
+1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.tab.h: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2
- issue with generated code.
+ * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
+ secureware.c, sudo.c, tgetpass.c:
+ getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
+ minutes if the shadow files don't exist).
+ [2f297d095004]
-2004-01-05 16:10 millert
+1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.c, def_data.h, def_data.in: Move the environment
- defaults to the end and shorten a few of the descriptions.
+ * INSTALL:
+ updated --with-editor blurb
+ [77d8a3ea7328]
-2004-01-05 15:05 millert
+ * TROUBLESHOOTING:
+ tell how to put sudoers in a different dir
+ [456cd20eb1d0]
- * configure.in, configure: no shared libs on ultris or convexos
+ * configure.in:
+ add missing quotes around $with_editor
+ [22881748ab1b]
-2004-01-05 15:03 millert
+ * configure.in:
+ typo in --with-editor bits
+ [ab6964580681]
- * Makefile.in, configure, configure.in: Build sudo_noexec shared
- object using libtool; could use some cleanup.
+ * INSTALL:
+ I don't expect it to work on Solaris
+ [1c2fceaaf56e]
-2004-01-05 14:59 millert
+ * check.c:
+ add back security/pam_misc.h
+ [6ffd30033c1e]
- * acsite.m4, ltconfig, ltmain.sh: libtool scaffolding
+1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2004-01-05 14:56 millert
+ * INSTALL:
+ remove dunix note since configure checks for this now
+ [e9904512b8e8]
- * parse.yacc: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so
- that order is not important.
+ * configure.in:
+ add check for broken dunix prot.h (4.0 < 4.0D is bad)
+ [8a4c1e6aef3b]
-2004-01-05 12:15 millert
+ * getspwuid.c, secureware.c, tgetpass.c:
+ new dunix shadow code, use dispcrypt(3)
+ [1b936bc7268c]
- * defaults.c, env.c, parse.c, parse.h, parse.lex, parse.yacc,
- pathnames.h.in, sudo.c, sudo.h, lex.yy.c: update copyright year
+ * config.h.in:
+ add HAVE_INITPRIVS
+ [4369f4c4f914]
-2004-01-04 22:58 millert
+ * sudo.c:
+ call initprivs() if we have it for getprpwuid later on
+ [11cf5915d826]
- * configure, configure.in, defaults.c, env.c, pathnames.h.in: Add
- _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
- option. The default value of noexec_file is set to this.
+ * Makefile.in:
+ clean pathnames.h too
+ [5f1df3262613]
-2004-01-04 21:48 millert
+ * configure.in:
+ quote "Sorry, try again." with [] since it has a comma in it set
+ LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
+ getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
+ initprivs later.
+ [e226b0a3f250]
+
+ * INSTALL:
+ update Digital UNIX note about acl.h
+ [80132b71d73a]
+
+ * INSTALL:
+ add --with-sia
+ --without-root-sudo -> --disable-root-sudo some reordering
+ [198386358818]
- * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
- parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.h: Add
- support for preloading a shared object containing a dummy
- execve() function that just sets error and returns -1. This adds
- a "noexec_file" option to load the filename as well as a "noexec"
- flag to enable it unconditionally. There is also a NOEXEC tag
- that can be attached to specific commands and an EXEC tag to
- disable it.
+ * secureware.c:
+ add whitespace
+ [4aadaf1a54b0]
-2004-01-04 21:40 millert
+ * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
+ add SIA support
+ [fa3ddbb9cc51]
- * mkdefaults: add missing newline to usage statement
+ * check_sia.c:
+ Initial revision
+ [2968551d40e4]
-2004-01-04 20:39 millert
+1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, sudo.c: Rename EXEC macro -> EXECV
+ * configure.in:
+ when checking for -lsocket, -lnsl, and -linet, check for the
+ specific functions we need from them.
+ [8d33e64362a3]
-2004-01-04 20:16 millert
+ * config.h.in, sudo.h:
+ move Syslog_* defs into sudo.h
+ [03d1774f25c7]
- * logging.c: Don't truncate usernames to 8 characters in the log
- message.
+ * Makefile.in, sudo.h:
+ added check_secureware
+ [e46e3cbb9a97]
-2004-01-04 20:13 millert
+ * configure.in:
+ finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
+ [dbefe1856503]
- * check.c, sudoers.man.in, sudoers.pod: Update copyright year
+ * insults.h:
+ don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
+ defined. configure now does that for us
+ [e4520ea0581f]
-2004-01-04 20:12 millert
+ * configure.in:
+ move some --with options around change a bunch of echo's to
+ AC_MSG_CHECKING, AC_MSG_RESULT pairs
+ [ffdf6869fdd7]
- * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
- sudoers.pod: Add a new option, lecture_file, that can be used to
- point to a custom sudo lecture.
+ * configure.in:
+ change $with_foo-bar -> $with_foo_bar kill extra " that caused a
+ syntax error add some echo verbage
+ [3278c49bf74b]
-2003-12-31 17:46 millert
+1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, sudo.h, zero_bytes.c, auth/aix_auth.c,
- auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Add a
- zero_bytes() function to do the equivalent of bzero in such a way
- that will heopfully not be optimized away by sneaky compilers.
+ * check.c:
+ moved SecureWare stuff into secureware.c
+ [42d3d3ac35dc]
-2003-12-31 13:35 millert
+ * secureware.c:
+ Initial revision
+ [aa7f72a249cf]
- * err.c: Use #ifdef __STDC__, not #if __STDC__.
+ * INSTALL:
+ update url to solaris gcc bins
+ [36a3eb668777]
-2003-12-30 17:41 millert
+ * INSTALL:
+ change option formatter and flesh out someentries
+ [6fbd1db4a8ad]
- * mkdefaults: Always put at least one space between the def_* macro
- name and its definition.
+ * TROUBLESHOOTING, sudo.pod, visudo.pod:
+ environmental variable -> environment variable
+ [6f14d708e32d]
-2003-12-30 17:34 millert
+ * BUGS:
+ everything is now done via configure
+ [c217858f58ab]
- * configure, configure.in: Adjust code for --without-lecture to
- match new values.
+ * README:
+ prev rev was 1.5.6
+ [7b4177103c35]
-2003-12-30 17:33 millert
+ * Makefile.in:
+ passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
+ [31c6b0a5e0e2]
- * visudo.man.in: regen after pasto fix
+ * config.h.in:
+ SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
+ [d406a1ef6d25]
-2003-12-30 17:31 millert
+ * Makefile.in:
+ merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
+ sudoers_mode from configure
+ [1c509500655a]
- * sudoers.man.in, sudoers.pod: Document that "lecture" has changed
- from a flag to a tuple.
+ * configure.in:
+ SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
+ the Makefile, not config.h
+ [d4482f1492fe]
-2003-12-30 17:31 millert
+ * INSTALL:
+ document all --with/--enable options
+ [22d81b312d7f]
- * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
- defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h: Add
- support for tuples in def_data.in; these are implemented as an
- enum type. Currently there is only a single tuple enum but in
- the future we may have one tuple enum per T_TUPLE entry in
- def_data.in. Currently listpw, verifypw and lecture are tuples.
- This avoids the need to have two entries (one ival, one str) for
- pwflags and syslog values.
+1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
- lecture is now a tuple with the following values: never, once,
- always
+ * insults.h:
+ options.h is no more
+ [560946a33f7f]
- We no longer use both an int and string entry for syslog
- facilities and priorities. Instead, there are logfac2str() and
- logpri2str() functions that get used when we need to print the
- string values.
+ * config.h.in:
+ assimilated options.h
+ [dd8ce74613c1]
-2003-12-30 17:20 millert
+ * configure.in:
+ moved options from options.h to configure
+ [d39662f71b4e]
- * check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
- logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
- visudo.c, auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c,
- auth/pam.c, auth/rfc1938.c, auth/securid5.c, auth/sia.c,
- auth/sudo_auth.c: Create def_* macros for each defaults value so
- we no longer need the def_{flag,ival,str,list,mode} macros (which
- have been removed). This is a step toward more flexible data
- types in def_data.in.
+ * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
+ logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
+ sudo_setenv.c, visudo.c:
+ no more options.h
+ [43924bf0858d]
-2003-12-30 15:55 millert
+ * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
+ remove references to options.h
+ [ef3474295395]
- * TODO: checkpoint
+ * dce_pwent.c, interfaces.c, sudo.c:
+ kill sys/time.h
+ [4d833f0034e4]
-2003-12-22 21:18 millert
+ * tgetpass.c:
+ if select return < -1 still prompt for pw
+ [e0009e5c93a2]
- * sudo.c: If we are in -k/-K mode, just spew to stderr. It is not
- unusual for users to place "sudo -k" in a .logout file which can
- cause sudo to be run during reboot after the YP/NIS/NIS+/LDAP/etc
- daemon has died. Previously, this would result in useless mail
- and logging.
+ * options.h:
+ convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
+ configure options
+ [e60a1e546516]
-2003-12-16 13:51 millert
+ * parse.c:
+ FAST_MATCH is no longer an optino
+ [c448dbb3464b]
- * visudo.pod: fix pasto in VISUAL description
+ * check.c:
+ remove_timestamp() if timestamp is preposterous
+ [70d9a86c6ecd]
-2003-12-09 22:09 millert
+ * options.h:
+ convert more options to --with/--enable
+ [34646d9b09dc]
- * configure: regen
+ * INSTALL, aclocal.m4:
+ logfile -> logpath
+ [42de502bc637]
-2003-12-09 22:08 millert
+ * configure.in:
+ convert more options into --with and --enable
+ [92d0898c9844]
- * CHANGES: checkpoint
+ * tgetpass.c:
+ catch EINTR in select and restart
+ [f045d2f234d7]
-2003-12-09 22:02 millert
+ * logging.c:
+ sys/errno -> errno
+ [7f0c5beab6f2]
- * TROUBLESHOOTING: Some OSes (like Solaris) allow export w/ nosuid
- too
+1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-08-12 16:45 millert
+ * sudo.c:
+ UMASK -> SUDO_UMASK.
+ [48f308661514]
- * compat.h: We don't use FD_ZERO anymore so just define FD_SET (if
- not already there).
+ * check.c, logging.c:
+ time.h, not sys/time.h
+ [91de049c79e4]
-2003-06-28 21:31 millert
+1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: Fix a core dump on Solaris by preserving the
- pam_handle_t we used during authentication for pam_prep_user().
- If we didn't authenticate (ie: ticket still valid), we call
- pam_init() from pam_prep_user(). This is something of a hack; it
- may be better to change the auth API and add an auth_final()
- function that acts like pam_prep_user().
+ * logging.c:
+ MAILER -> _PATH_SENDMAIL
+ [df65d6896639]
-2003-06-21 12:50 millert
+ * INSTALL, configure.in:
+ no more --with-C2, now it is --disable-shadow
+ [18bfcab3b9ab]
- * set_perms.c: Add explicit declaration of printerr variable in
- function header (was defaulting to int which is OK but oh so K&R
- :-). From Theo.
+ * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
+ getspwuid.c, sudo.c, tgetpass.c:
+ new shadow password scheme. Always include shadow support if the
+ platform supports it and the user did not disable it via configure
+ [2135d93bb4a9]
-2003-06-09 19:00 millert
+1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure.in: s/HAVE_STOW/USE_STOW/
+ * configure.in:
+ --with-getpass -> --{enable,disable}-tgetpass
+ [451b33fdd4c7]
-2003-06-09 16:07 millert
+ * Makefile.in:
+ pathnames.h -> pathnames.h.in
+ [b109022eca69]
- * logging.c: Also exit waitpid() loop when pid == 0. Fixes a
- problem where the sudo process would spin eating up CPU until
- sendmail finished when it has to send mail.
+ * check.c:
+ fix version string
+ [761b25c314ea]
-2003-05-30 16:22 millert
+ * check.c:
+ move pam_conv to be static to auth function remove pam_misc.h
+ (solaris doesn't have one)
+ [a682e4da987a]
- * fnmatch.3, fnmatch.c: Remove advertising clause, UCB has
- disavowed it
+ * aclocal.m4:
+ _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
+ [e6005d0599b5]
-2003-05-21 21:53 millert
+ * configure.in:
+ munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
+ [24c0ac2155ef]
- * parse.c: Don't assume that getgrnam() calls don't modify contents
- of struct passwd returned by getpwnam(). On FreeBSD w/ NIS this
- can happen. Based on a patch from Kirk Webb.
+ * pathnames.h.in:
+ convert to pathnames.h.in
+ [013bddf7f684]
-2003-05-06 11:25 millert
+1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: missing ;;
+ * configure.in:
+ fix typo in sysv4 matching case /.
+ [2994c4f88cf5]
-2003-05-06 00:53 millert
+1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: darwin has a broken setreuid() in at least some
- versions
+ * check.c:
+ pam stuff needs to run as root, not user, for shadow passwords
+ [d94ff75de503]
-2003-05-06 00:31 millert
+1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Fix an off by one error when reallocating the environment;
- Kevin Pye
+ * BUGS, INSTALL, README, configure.in:
+ updated version
+ [775adc7de7ac]
-2003-04-30 14:04 millert
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
+ ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+ logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [5ca599fb6b93]
- * sudoers.pod: Fix User_Spec definition; SEKINE Tatsuo
+ * check.c:
+ user version.h for long message
+ [47a52ac7e542]
-2003-04-28 19:30 millert
+ * check.c:
+ this is version 1.5.6
+ [8451ac79eee2]
- * HISTORY: More info on the early days from Coggs.
+1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-21 14:47 millert
+ * Makefile.in:
+ remove errant backslash
+ [0222a8a650ff]
- * auth/kerb5.c: remove errant semicolon that prevented compilation
- under heimdal
+1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-15 20:42 millert
+ * options.h, parse.yacc, pathnames.h.in:
+ fix version string
+ [fdee73255d64] [SUDO_1_5_6]
- * Makefile.in, alloc.c, check.c, compat.h, defaults.c, defaults.h,
- env.c, fileops.c, find_path.c, getprogname.c, getspwuid.c,
- goodpath.c, interfaces.c, interfaces.h, logging.c, parse.c,
- parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c,
- strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
- sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, utime.c,
- version.h, visudo.c, visudo.man.in, visudo.pod, auth/afs.c,
- auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
- auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
- auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/securid5.c, auth/sia.c, auth/sudo_auth.c: add DARPA credit
- on affected files
+ * BUGS, CHANGES, TODO:
+ updtaed for 1.5.6
+ [752443bf7f26]
-2003-04-15 20:25 millert
+ * RUNSON:
+ updated for 1.5.6
+ [0f878123fe6a]
- * LICENSE: slightly different wording for the darpa credit
+1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-15 14:37 millert
+ * interfaces.c:
+ kill unused localhost_mask var copy if name to ifr_tmp after we zero
+ it
+ [8e89c364cef2]
- * LICENSE: Add DARPA credit
+1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-14 16:49 millert
+ * INSTALL:
+ Better description of new vs. old sudoers modes fix some typos
+ better description of /usr/ucb/cc gotchas on slowaris
+ [c00b2a6fc1e8]
- * auth/kerb5.c: Use krb5_princ_component() instead of
- krb5_princ_realm() for MIT Kerberos like we did before I messed
- things up ;-)
+ * Makefile.in:
+ add sample.pam
+ [ec7f6cc19b00]
- Use krb5_principal_get_comp_string() to do the same thing w/
- Heimdal. I'm not sure if the component should be 0 or 1 in this
- case.
+ * sudo.c:
+ set NewArgv[0] to user_shell, not basename(user_shell)
+ [1e907cbc9f7b]
- #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
- older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
- should be a configure check for this I guess.
+1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-13 15:48 millert
+ * README:
+ mention TROUBLESHOOTING more fix some typos
+ [2c2e6907d4a4]
- * TROUBLESHOOTING, config.h.in, configure, configure.in,
- sample.sudoers: builtin -> built-in; Jason McIntyre
+ * configure.in:
+ move --enable/--disable to be after --with
+ [9b30097f76c1]
-2003-04-13 15:45 millert
+ * INSTALL:
+ document --enable/--disable
+ [c522362e38a8]
- * sudoers.pod: built in -> built-in; Jason McIntyre
+ * INSTALL:
+ document --with-pam
+ [7e38932c78ac]
-2003-04-09 16:14 millert
+1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: checkpoint for 1.6.7p3
+ * configure.in:
+ Add message for pam users
+ [d224f277e3cd]
-2003-04-09 16:14 millert
+ * sample.pam:
+ Initial revision
+ [3a84d7045f54]
- * HISTORY: Update info on the early years @ SUNY-Buffalo from Cliff
- Spencer. Amazingly, sudo source from 1985 is available via
- groups.google.com
+ * config.h.in:
+ fix HAVE_PAM
+ [2f0f303ebd88]
-2003-04-09 16:13 millert
+ * check.c, config.h.in, configure.in:
+ pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
+ [ea3e0a72d707]
- * sudo.c: Don't change rl.rlim_max for RLIMIT_CORE. We need only
- set rl.rlim_cur to 0 to turn off core dumps. This may be needed
- for the RLIMIT_CORE restoration on some OSes.
+1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-04 12:46 millert
+ * config.h.in:
+ add HOST_IN_LOG and WRAP_LOG
+ [822c36eeb6a8]
- * auth/kerb5.c: Make this compile on Heimdal and MIT Kerberos 5
+ * logging.c:
+ add WRAP_LOG and HOST_IN_LOG
+ [3cf6052bd27e]
-2003-04-04 12:45 millert
+ * configure.in:
+ add --enable-log-host and --enable-log-wrap
+ [c968cc12b353]
- * config.h.in, configure, configure.in: Check for heimdal even if
- we found krb5-config and define HAVE_HEIMDAL.
+ * aclocal.m4:
+ use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
+ [915fef7e11a1]
-2003-04-03 22:04 millert
+1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/kerb5.c: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5.
- The former is no longer defined by MIT kerb5 (though it used to
- be and indeed remains so in Heimdal).
+ * compat.h:
+ add howmany macro
+ [9107a057a7c8]
-2003-04-03 10:16 millert
+ * tgetpass.c:
+ include sys/param.h to get howmany macro
+ [7e908b5e1f32]
- * mkinstalldirs: Remove newer stuff that passes multiple (possibly
- duplicate) directories to "mkdir -p" since that seems to break on
- Tru64 Unix at least. This basically brings back what shipped
- with sudo 1.6.6.
+1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-04-02 13:57 millert
+ * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
+ add RUNAS_DEFAULT
+ [1e76398ea3fd]
- * auth/kerb5.c: Correct number of args to
- krb5_principal_get_realm() and fix an unclosed comment that hid
- the bug.
+1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fnmatch.c:
+ bring in stdio.h for NULL
+ [69c016610cbb]
+
+ * aclocal.m4:
+ allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
+ [15ab2972f8d0]
+
+ * sudo.c:
+ use HAVE_SET_AUTH_PARAMETERS
+ [8abfdc8c80f7]
+
+ * config.h.in:
+ add HAVE_SET_AUTH_PARAMETERS
+ [673a5ebd5539]
+
+ * configure.in:
+ add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
+ [a401f5a7469a]
-2003-04-02 13:45 millert
+ * config.sub:
+ add support for HI-UX/MPP SR220001 02-03 0 SR2201
+ [cb657b7acaae]
- * configure: regen
+ * interfaces.c:
+ initialize previfname
+ [26a1902f56dc]
-2003-04-02 13:45 millert
+ * interfaces.c:
+ Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
+ it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
+ kludging it
+ [fa5c890c313b]
- * BUGS, CHANGES, INSTALL, INSTALL.binary, Makefile.in, README,
- configure.in, version.h: ++version
+ * configure.in:
+ typo
+ [bff579fbe95c]
-2003-04-02 13:44 millert
+ * Makefile.in:
+ don't need special build line for sudo.tab.o
+ [10c0a0a912e4]
- * configure.in: use krb5-config to determine Kerberos V details if
- it exists
+ * Makefile.in:
+ don't clean sudo.tab.[ch]
+ [c40d5968efbb]
-2003-04-02 13:25 millert
+ * sudo.c:
+ Sudo should prompt for a password before telling the user that a
+ command could not be found.
+ [d718c85a0047]
- * alloc.c, check.c, compat.h, defaults.c, env.c, find_path.c,
- interfaces.c, logging.c, parse.c, sudo.c, sudo.h, testsudoers.c,
- visudo.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
- auth/securid5.c, auth/sia.c: Use warn/err and getprogname()
- throughout. The main exception is openlog(). Since the admin
- may be filtering logs based on the program name in the log files,
- hard code this to "sudo".
+ * BUGS:
+ for 1.5.6
+ [0cc1fe5b9129]
-2003-04-02 13:16 millert
+ * INSTALL, README:
+ no longer require yacc
+ [d9096fc5b8b6]
- * Makefile.in: Add getprogname.c and err.c
+ * Makefile.in:
+ typo
+ [70feb1aefbd5]
-2003-04-02 13:15 millert
+ * Makefile.in:
+ y.tab -> sudo.tab include pre-yacc'd parse.yacc
+ [cc802025fd44]
- * configure: regen
+ * parse.lex:
+ include sudo.tab.h, not y.tab.h don't break out of command args if
+ you get a '='
+ [728ad26dbda5]
-2003-04-02 13:15 millert
+ * insults.h:
+ fix version ,
+ [242bbce1b2d4]
- * configure.in, config.h.in: Add checks for getprognam(),
- __progname and err.h
+ * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
+ fix version
+ [2bb9086fea1e]
-2003-04-02 13:14 millert
+ * compat.h:
+ fix version
+ [7e634d498ce6]
- * err.c, emul/err.h: For systems withour err/warn functions.
+ * getcwd.c:
+ getcwd(3) from OpenBSD for those without it.
+ [6c68d0df8f6c]
-2003-04-02 13:14 millert
+ * sudo.h:
+ HAVE_GETWD -> HAVE_GETCWD
+ [2ad1e64d60c0]
- * getprogname.c: For systems neither getprogname() nor __progname;
- uses Argv[0].
+ * configure.in:
+ pretend sunos doesn't have getcwd(3) since it opens a pipe to
+ getpwd!
+ [677992ba5a6a]
-2003-04-01 10:09 millert
+ * parse.c:
+ use NAMLEN() macro
+ [8f5685aa3165]
- * CHANGES: checkpoint for 1.6.7p1
+ * fnmatch.c:
+ remove duplicate include of string.h
+ [6024f3051ac3]
-2003-04-01 10:02 millert
+ * configure.in:
+ call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
+ [3d82a9c22cc2]
- * sudo.c, testsudoers.c: fix strlcpy() rval check (innocuous)
+ * aclocal.m4:
+ add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
+ [53fbc47282f9]
-2003-04-01 09:58 millert
+ * config.h.in:
+ add dev_t and ino_t
+ [5929bb0c7e1a]
- * check.c: oflow detection in expand_prompt() was faulty (false
- positives). The count was based on strlcat() return value which
- includes the length of the entire string.
+1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-30 19:02 millert
+ * check.c:
+ fix OTP_ONLY for opie
+ [7edcfa78f2ec]
- * CHANGES, RUNSON, TODO: checkpoint for the sudo 1.6.7 release
+1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-24 16:09 millert
+ * testsudoers.c, tgetpass.c:
+ include stdlib.h for malloc proto
+ [c9f4b99a2fe9]
- * logging.c: g/c unused variable
+1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-24 11:06 millert
+ * Makefile.in:
+ make update_version saner
+ [d522f93ee04a]
- * configure: regen
+ * config.h.in:
+ add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
+ [c9a2d21dc608]
-2003-03-24 11:05 millert
+ * configure.in:
+ check for waitpid and wait3 or no waitpid
+ [1f18c3224184]
- * configure.in: use man sections 8 and 5 for csops
+ * logging.c:
+ used waitpid or wait3 if we have 'em
+ [391c3279ee65]
-2003-03-21 18:11 millert
+1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * visudo.c:
+ fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
+ [fbf53b18178f]
-2003-03-21 15:10 millert
+1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: Add -lskey or -lopie directly to SUDO_LIBS instead
- of having AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
+ * configure.in:
+ don't need to explicately mention -lsocket -lnsl for sequent
+ [1898dc055352]
-2003-03-21 14:02 millert
+1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * configure.in:
+ dynix should not link with -linet
+ [278a4b9cfe2a]
-2003-03-21 14:01 millert
+1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, aclocal.m4, configure.in: Add --with-blibpath for AIX.
- An alternate libpath may be specified or -blibpath support can be
- disabled. Also change conifgure such that -blibpath is not
- specified if no -L libpaths were added to SUDO_LDFLAGS.
+ * INSTALL:
+ mention that HP-UX doesn't ship with yacc
+ [bde5147198c0]
-2003-03-20 22:05 millert
+1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: add AIX blibpath support
+ * check.c:
+ ignore kerberos if we can't get the local realm
+ [1e311a091a27]
-2003-03-20 20:28 millert
+1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, configure.in: --with-skey and --with-opie now take an
- option directory argument This obsoletes a --with-csops hack
- (/tools/cs/skey)
+ * BUGS, INSTALL, README, configure.in:
+ ++version
+ [499ffc746018]
- Also remove the remaining direct uses of "echo"
+ * version.h:
+ ++
+ [35ba1ee01bd3]
-2003-03-20 17:44 millert
+ * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
+ find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
+ logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [b4990a513f31]
- * configure.in: Detect KTH Kerberos IV and deal with it. Also make
- -lroken optional for KTH Kerberos IV and V.
+ * check.c, sudo.h:
+ fix version
+ [5710795834e8]
-2003-03-20 14:42 millert
+ * getcwd.c:
+ don't use popen/pclose. Do it inline.
+ [29e57b0646a4]
- * aclocal.m4: Add SUDO_APPEND_LIBPATH function that add
- -L/path/to/dir (and -R/path/to/dir if $with_rpath) to the
- specified variable.
+ * lsearch.c:
+ add rcsid
+ [b2b55c39858d]
-2003-03-20 14:40 millert
+ * sudo.c:
+ typo
+ [d381ac39ed0f]
- * INSTALL, configure.in: Add -R/path/to/libs for Solaris and SVR4.
- There is a new configure option, --with-rpath to control this
- behavior.
+ * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
+ sudo.h:
+ updated version
+ [462d6e1a2d75]
-2003-03-19 23:50 millert
+ * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
+ MAX* + 1 -> MAX*
+ [2c2eeb78d34f]
- * configure.in: for kerb4 put libdes after libkrb on the link line
+ * Makefile.in:
+ getwd.c -> getcwd.c
+ [7d718c32fc02]
-2003-03-19 23:49 millert
+ * config.h.in:
+ kill HAVE_GETWD
+ [6ad3d702343f]
- * auth/kerb4.c: typo
+ * configure.in:
+ getcwd, not getwd
+ [33e5b9841f58]
-2003-03-19 23:33 millert
+ * getcwd.c:
+ use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
+ purpose
+ [24e58d340161]
- * configure.in: fix kerberos lib check when a path is specified
+1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-19 21:04 millert
+ * OPTIONS, options.h:
+ add STUB_LOAD_INTERFACES
+ [d747cb23ca83]
- * logging.c: Fix boolean thinko in SIGCHLD reaper and call
- reapchild after sending mail instead of doing a conditional
- sudo_waitpid.
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [0798229312cc]
-2003-03-19 16:20 millert
+ * configure.in:
+ support *-ccur-sysv4 and fix two typos
+ [24a823ad7cc9]
- * configure: regen
+1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-19 16:19 millert
+ * configure.in:
+ don't echo about with_logfile and with_timedir
+ [31e4a1e2d9ad]
- * configure.in: replace =DIR with [=DIR] where sensible
+ * INSTALL:
+ document --with-logfile and --with-timedir
+ [674f811a40e0]
-2003-03-19 16:16 millert
+ * aclocal.m4:
+ support --with-logfile and --with-timedir
+ [2fc36b35db12]
- * configure.in: o Use AC_MSG_* instead of "echo" o New Kerberos
- include/lib detection based on openssh's configure.in
+ * configure.in:
+ Add --with-logfile and --with-timedir
+ [09045bf07e29]
-2003-03-19 15:58 millert
+ * sudo.c:
+ change size computation of NewArgv for UNICOS
+ [b50df07da3a1]
- * INSTALL: --with-kerb4 and --with-kerb5 now take an optional
- argument.
+1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-15 22:03 millert
+ * configure.in:
+ treate -*-sysv4* like *-*-svr4
+ [471b7ef4dbf2]
- * auth/securid.c: Kill remaining strcpy(), the programmer's guide
- says username is 32 bytes.
+1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-15 21:18 millert
+ * configure.in:
+ fix spacing for --with-authenticate help
+ [8321cb37c410]
- * auth/kerb4.c: trat uid_t as unsigned long for printf and use
- snprintf, not sprintf
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [dc1ab97312eb]
-2003-03-15 21:18 millert
+ * parse.yacc:
+ fix off by one error in push macro
+ [bece59c8c3a9]
- * auth/rfc1938.c: use snprintf
+1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-15 15:37 millert
+ * configure.in:
+ removed bogus alloca hack
+ [a68dd720462d]
- * auth/: afs.c, aix_auth.c, bsdauth.c, dce.c, fwtk.c, kerb4.c,
- kerb5.c, pam.c, passwd.c, rfc1938.c, sudo_auth.c: update
- copyright year
+ * check.c:
+ added AIX 4.x authenticate() support
+ [12985eb448a0]
-2003-03-15 15:31 millert
+ * parse.yacc:
+ include alloca.h if using bison and not gcc and it exists. fixes an
+ alloca problem on hpux 10.x
+ [e3b5c4f26072]
- * LICENSE, alloc.c, check.c, configure.in, env.c, sudo.c,
- Makefile.in, aclocal.m4, compat.h, find_path.c, interfaces.c,
- logging.c, parse.c, parse.lex, parse.yacc, set_perms.c, sudo.h,
- sudo.pod, sudoers.pod, testsudoers.c, version.h, visudo.c,
- visudo.pod, sudo.man.in, sudoers.man.in, visudo.man.in: update
- copyright year
+ * INSTALL:
+ mention --with-authenticate
+ [78a1c96820e7]
-2003-03-15 15:19 millert
+ * configure.in:
+ added AIX authenticate() support
+ [c983193ec252]
- * check.c, env.c, sudo.c: Cast [ug]ids to unsigned long and printf
- with %lu
+ * config.h.in:
+ add HAVE_AUTHENTICATE
+ [7b0e5f5db5d9]
-2003-03-15 15:17 millert
+ * interfaces.c:
+ dynamically size ifconf buffer
+ [10afb0e9b2f9]
- * configure: regen
+ * configure.in:
+ quote '[' and ']'
+ [8fc38a4defad]
-2003-03-15 15:16 millert
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [5f66de71ec61]
- * configure.in: correct error messages for
- --with-sudoers-{mode,uid,gid}
+ * visudo.pod:
+ add ERRORS section
+ [3df3edb73cf6]
-2003-03-15 15:10 millert
+1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * alloc.c: make the malloc(0) error specific to each function to
- aid tracking down bugs.
+ * TROUBLESHOOTING:
+ add busy stmp file explanation
+ [6c555d469b6f]
-2003-03-15 14:49 millert
+1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * alloc.c: deal with platforms where size_t is signed and there is
- no SIZE_MAX or SIZE_T_MAX
+ * configure.in:
+ the name of the cached var that signals whether or not you are cross
+ compiling changed. It is now ac_cv_prog_cc_cross
+ [123911c0658c]
-2003-03-15 14:10 millert
+1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/kerb5.c: Make this compile w/ Heimdal and fix some gcc
- warnings.
+ * INSTALL:
+ mention glibc 2.07 is fixed wrt lsearch()\.
+ [ded758524582]
-2003-03-15 13:02 millert
+1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Use stat_sudoers macro so --with-stow can work
+ * sample.sudoers, sudoers.pod:
+ better example of su but not root su
+ [b3199610be21]
-2003-03-15 13:01 millert
+1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, config.h.in, configure, configure.in: Add support for
- --with-stow based on patches from Robert Uhl
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [46922b84e86b]
-2003-03-15 12:51 millert
+ * Makefile.in:
+ correct regexp for updating version
+ [8032728b2a8a]
- * env.c: fix indentation
+ * tgetpass.c:
+ remove bogus flush of stderr spew prompt before turning off echo.
+ Seems to fix a weird problem where if sudo complained about a bogus
+ stamp file the user would sometimes not have a chance to enter a
+ password
+ [7aa1493cc141]
-2003-03-15 00:21 millert
+ * check.c:
+ fix bogus flush of stderr
+ [6d047871c5e8]
- * configure.in: back out rev 1.352
+ * sudo.c:
+ close fd's <=2 not <=3 and move that chunk of code up
+ [553e4faac195]
-2003-03-14 20:11 millert
+ * configure.in:
+ support hpux1[0-9] not just hpux10
+ [5a34a000ff8a]
- * lex.yy.c: regen
+1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-14 20:11 millert
+ * parse.c:
+ set sudoers_fp to nil after closing
+ [221a8b4bbf34]
- * parse.lex: use strlcpy, not strncpy
+1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-14 19:48 millert
+ * config.guess, config.sub:
+ updated from autoconf 2.12
+ [6fc86a0fc61b]
- * set_perms.c: Fix typo; check pw_uid, not pw_gid after
- setusercontext() failure.
+ * configure.in:
+ add *-*-svr4 rule
+ [38f0427f7c9d]
-2003-03-14 19:43 millert
+1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c: use pid_t
+ * tgetpass.c:
+ fix select usage for high fd's (dynamically allocate readfds)
+ [c2d1f76e0321]
-2003-03-14 10:43 millert
+ * check.c:
+ kill extra whitespace
+ [d784b6c9c514]
- * strlcat.c, strlcpy.c: Make gcc shutup about unused rcsid
+ * sudo.c:
+ do an initgroups() before running a command, unless the target user
+ is root.
+ [4ca561287480]
-2003-03-14 10:35 millert
+1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * interfaces.c: Move the n == 0 check for the non-getifaddrs cas
+ * TROUBLESHOOTING:
+ tell people to use tabs, not spaces, in syslog.conf
+ [8ae90a205134]
-2003-03-13 21:47 millert
+1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/rfc1938.c: skeychallenge() on NetBSD take a size parameter
+ * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
+ parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
+ updated version
+ [4d855ff5de26]
-2003-03-13 21:38 millert
+ * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
+ logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
+ updated version
+ [8e007e178b33]
+
+ * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
+ updated version
+ [9ddea5c8814d]
+
+ * Makefile.in:
+ more tweaks to update_version
+ [047698752855]
+
+ * Makefile.in:
+ fixed up update_version rule
+ [47b6fa34b77f]
+
+ * configure.in:
+ ++version
+ [c1ca664e30b7]
+
+ * Makefile.in:
+ removed supe of check.c
+ [8f340a05296a]
+
+ * INSTALL:
+ ++version I missed
+ [a298e6c17491]
+
+ * RUNSON:
+ updated
+ [a14f6057bc15]
+
+ * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+ dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
+ goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
+ parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ updated version
+ [02231b1a3ab3]
+
+ * CHANGES:
+ updated for 1.5.5
+ [634e5fcaf40b]
+
+ * Makefile.in:
+ add rules to update version stuff in files so I don't need to do it
+ by hand
+ [3620ad60485a]
+
+ * sudo.h:
+ sudoers_fp is now extern
+ [88c6e9b9ea84]
+
+ * sudo.c:
+ in check_sudoers, cache the sudoers file handle in sudoers_fp so we
+ don't have to open it again in the parse. This may help with weird
+ solaris problems where EAGAIN sometime occurrs.
+ [d3c26451ed1d]
+
+ * parse.c:
+ sudoers file open is now done only in check_sudoers() so we just do
+ a rewind() instead of an open. May help people on solaris who were
+ getting EAGAIN.
+ [c8b8c7722fa5]
+
+1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention that newer glibc is fixed
+ [20f06f5d3ef3]
+
+1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
+ _RLD* instead of _RLD_*
+ [1e22c588d602]
+
+ * parse.c:
+ typo
+ [d0b7cb85f08a]
+
+ * parse.c:
+ fix that bug for real
+ [5a6eeca6d04b]
+
+ * INSTALL:
+ document Linux's libc6 brokenness.
+ [0246c1aa64ee]
+
+ * parse.yacc:
+ -Wall
+ [d0e452fb1e2d]
+
+ * RUNSON:
+ updated
+ [4949a1bbd0a9] [SUDO_1_5_4]
+
+ * TROUBLESHOOTING:
+ remind people to HUP syslogd
+ [590962faa4f0]
+
+ * Makefile.in:
+ add -O flag to tar
+ [622d02de339d]
+
+ * RUNSON:
+ updated
+ [a72930d6e615]
+
+ * TODO:
+ updated
+ [4a51bd458390]
+
+ * sudo.pod:
+ remove author's email addr. people should mail sudo-bugs
+ [9b6bbdb3a6d9]
+
+ * INSTALL:
+ fix version
+ [246274c6c8af]
+
+ * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
+ find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
+ ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+ logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+ ++version
+ [f532ff4ee766]
+
+ * RUNSON:
+ updated
+ [62d5c71358b5]
- * configure: regen
+ * INSTALL, Makefile.in:
+ ++version
+ [1a7c7628edfc]
-2003-03-13 21:38 millert
+ * CHANGES:
+ updated fort 1.5.4
+ [7e4873508c99]
- * configure.in: put -ldl after -lpam, not before; fixes static
- linking on Linux
+ * check.c:
+ exit(1) if user enters no passwd
+ [f382c0e35e4e]
-2003-03-13 21:17 millert
+ * BUGS:
+ ++version
+ [fab6a867ab67]
- * interfaces.c: Avoid malloc(0) and fix the loop invariant for the
- getifaddrs() case.
+ * parse.c:
+ commands can start with ./* not just /* -- fixes a serious security
+ hole.
+ [244d2fe35ee3]
-2003-03-13 20:24 millert
+1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat,
- sudoers.cat, visudo.cat: regen
+ * sudo.c:
+ Don't set the tty variable to NULL when we lack a tty, leave it as
+ "unknown".
+ [193b26daba03]
-2003-03-13 20:23 millert
+1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: Preserve copyright notice from .pod file in .man.in
- file
+ * sample.sudoers:
+ fix usage of (username) in conjunction with , and !
+ [7ae68607f68f]
-2003-03-13 20:01 millert
+ * visudo.c:
+ catch the case where the user is not in the passwd file
+ [31650258deb0]
- * visudo.pod: Add sudoers(5) to SEE ALSO
+ * tgetpass.c:
+ use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
+ select(2)
+ [60ab2d9a9ee8]
-2003-03-13 15:27 millert
+ * sudo.c:
+ define tty global to an initial value to avoid dumping core in
+ logging functions when passwd file is unavailable.
+ [77056c7bc908]
- * lex.yy.c: regen
+ * sudo.c:
+ do the set_perms(PERM_USER, sudo_mode) after we have gotten the
+ passwd entry
+ [1fdb8e579a5a]
-2003-03-13 15:27 millert
+ * sudo.pod:
+ talk about problem of ALL
+ [1cd1905c9f6f]
- * parse.lex: Don't assume libc can realloc() a NULL string. If
- malloc/realloc fails, make sure we just return; yyerror() is not
- terminal.
+1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-13 15:17 millert
+ * README:
+ new web location
+ [d24dc26f6da5]
- * lex.yy.c: regen
+ * INSTALL:
+ fdesc bug is fixed in Open/Net BSD
+ [7d4d81b08ac3]
-2003-03-13 15:17 millert
+ * HISTORY:
+ updates from Nieusma
+ [3a43769a1b78]
- * parse.lex: simplify fill_args a little and use strlcpy for
- paranoia
+1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-13 15:00 millert
+ * dce_pwent.c:
+ move compat.h after the system includes
+ [5ea43a5968ac]
- * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
- testsudoers.c: Use strlc{at,py} for paranoia's sake and exit on
- overflow. In all cases the strings were either pre-allocated to
- the correct size of length checks were done before the copy but a
- little paranoia can go a long way.
+1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-13 12:54 millert
+ * logging.c:
+ save errno from being clobbered by wait(). From Theo
+ [f2d1c48cd592]
- * sudo.h: Add strlc{at,py} protos
+1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-13 12:03 millert
+ * compat.h:
+ fix an occurence of setresuid -> setreuid (typo)
+ [394de35c9b1c]
- * env.c, interfaces.c: Use erealloc3()
+1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-13 12:00 millert
+ * install-sh:
+ check for path to strip
+ [2b7ef824bd55]
- * configure: regen
+1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-13 12:00 millert
+ * logging.c:
+ deal with maxfilelen < 0 case
+ [f0af095178d7]
- * alloc.c: Oflow test of nmemb > SIZE_MAX / size is fine (don't
- need >=). Use memcpy() instead of strcpy() in estrdup() so this
- is strcpy()-free.
+ * OPTIONS:
+ fixed descriptin
+ [629f60bd4b5f]
-2003-03-13 11:58 millert
+1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: snprintf() a uid as %lu, not %ld to match the
- MAX_UID_T_LEN test in configure.
+ * sudo.c:
+ correct error message if mode/owner wrong and not statable by owner
+ but is statable by root.
+ [cb631ce2e85e]
-2003-03-13 11:56 millert
+1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4: In MAX_UID_T_LEN test cast uid_t to unsigned long,
- just unsigned.
+ * config.guess, config.sub:
+ autoconf 2.11
+ [f3cbe59e0756]
-2003-03-12 18:46 millert
+1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Use snprintf() for paranoia
+ * CHANGES, RUNSON, TODO:
+ sudo 1.5.3.
+ [2be3229b8626]
-2003-03-12 17:16 millert
+1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.yacc: Use emalloc2 and erealloc3
+ * parse.yacc, sudo.h:
+ command_alias -> generic_alias
+ [c404ca8c510d] [SUDO_1_5_3]
-2003-03-12 17:08 millert
+ * sample.sudoers:
+ added Runas_Alias example and fixed syntax errors
+ [c304053f4a8a]
- * Makefile.in: strlc{at,py} for those w/o it
+ * OPTIONS, options.h:
+ updated MAILSUBJECT
+ [18d1573fcd2a]
-2003-03-12 17:07 millert
+ * logging.c:
+ added %h expansion
+ [a4bff9b284fd]
- * strlcat.c, strlcpy.c: stlc{at,py} for those w/o it.
+ * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+ configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
+ goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
+ parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ ++version
+ [211ff20f956f]
-2003-03-12 17:07 millert
+ * BUGS, emul/utime.h:
+ ++version
+ [cde5376579e3]
- * config.h.in, configure, configure.in: Add stlc{at,py} for those
- w/o it.
+ * sudoers.pod:
+ document Runas_Alias
+ [b1a58f28fb2c]
-2003-03-12 16:51 millert
+ * visudo.pod:
+ q (uid) -> Q
+ [d256649a0e6b]
- * alloc.c, sudo.h: Add erealloc3(), a realloc() version of
- emalloc2().
+ * visudo.c:
+ buffer oflow checking q (uit) -> Q if yyparse() fails drop into
+ whatnow
+ [1cb183d15626]
-2003-03-12 16:45 millert
+ * parse.yacc:
+ add size params to sprintf
+ [9228f698921f]
- * interfaces.c, sudo.c: Use emalloc2() to allocate N things of a
- certain size.
+ * parse.lex:
+ allow trailing space after '\\' but before '\n'
+ [f51dbbf69fdf]
-2003-03-12 16:41 millert
+ * find_path.c:
+ off by one error in path size check
+ [a6d75ccd7632]
- * alloc.c, sudo.h: Add emalloc2() -- like calloc() but w/o the
- bzero and with error/oflow checking.
+ * check.c:
+ sprintf paranoia
+ [3ffb12d198dd]
-2003-03-12 16:23 millert
+1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * alloc.c: Error out on malloc(0); suggested by theo
+ * parse.yacc:
+ fixed more_aliases
+ [aab12f2a50af]
-2003-03-09 19:34 millert
+ * visudo.c:
+ now warns if killed by signal ./
+ [310c186a0fd7]
- * configure, configure.in: fix a typo; David Krause
+1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-03-07 10:46 millert
+ * parse.yacc:
+ fix Runas_Alias stuff Alias's in runas list now get expanded (but it
+ is gross)
+ [45590b83120f]
- * sudo.pod: fix typo
+ * sudo.c:
+ Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
+ [d53e01c14c58]
-2003-03-03 21:47 millert
+ * parse.yacc:
+ add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
+ [7a4a040aae2d]
- * env.c: Remove DYLD_ from the environment for MacOS X; from bbraun
+ * parse.lex:
+ Add Runas_Alias and simplify a rule.
+ [6f794a769a37]
-2003-03-01 13:20 millert
+ * parse.yacc:
+ always store User_Alias's since they can be used inside of a runas
+ list. Sigh. Really need a Runas_Alias instead.
+ [3bab058a873e]
- * configure.in, config.h.in: not not; Anil Madhavapeddy
+1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-01-23 03:03 millert
+ * visudo.c:
+ deal with case where there is no sudoers file
+ [fa38b3bb244d]
- * sudo.pod, sudoers.pod, visudo.pod: typos; jmc@openbsd.org
+1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-01-20 16:13 millert
+ * TROUBLESHOOTING:
+ added one
+ [e61346d06725]
- * parse.yacc: Add some missing ';' rule terminators that bison
- warns about.
+1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2003-01-20 16:07 millert
+ * HISTORY, testsudoers.c:
+ developement -> development
+ [4df55e293941]
- * config.sub: fix typo I introduced in last merge
+ * INSTALL:
+ added a note
+ [3845fb83dbc0]
-2003-01-20 15:59 millert
+ * RUNSON:
+ for 1.5.2
+ [5489b7298942]
- * configure: regenerate with autoconf 2.57
+ * CHANGES:
+ updated
+ [0741834929e6]
-2003-01-20 15:58 millert
+1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in: Add missing "$HOME"
+ * PORTING:
+ removed seteuid() notes
+ [1010a60f281d] [SUDO_1_5_2]
-2003-01-20 15:57 millert
+1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: Add some more square backets to make autoconf 2.57
- happy
+ * compat.h:
+ better seteuid() emulatino
+ [e807623b662c]
-2003-01-20 14:39 millert
+ * configure.in:
+ added check for seteuid
+ [8cf9fabc6f4f]
- * config.guess, config.sub, mkinstalldirs: Updates from
- autoconf-2.57
+ * config.h.in:
+ added HAVE_SETEUID
+ [596db46aa828]
-2003-01-17 18:10 millert
+1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * lex.yy.c, sudo.tab.h: regen
+ * configure.in:
+ first stab at sequent support
+ [b85a7bfcac76]
-2003-01-17 18:09 millert
+ * config.h.in:
+ added HAVE_SYS_SELECT_H
+ [93ecdd042463]
- * parse.lex, parse.yacc, sudoers.pod: Add support for
- Defaults>RunasUser
+ * compat.h:
+ sequent -> _SEQUENT_
+ [63a38b6da98c]
-2003-01-06 19:10 millert
+ * compat.h:
+ added seteuid() macro for DYNIX
+ [695bd63c5ea6]
- * visudo.c: fclose() yyin after each yyparse() is done and use
- fopen() instead of using freopen().
+ * tgetpass.c:
+ _AIX -> HAVE_SYS_SELECT_H
+ [b31221211bc2]
-2003-01-06 19:02 millert
+1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.lex: Better fix for sudoers files w/o a newline before EOF.
- It looks like the issue is that yyrestart() does not reset the
- start condition to INITIAL which is an issue since we parse
- sudoers multiple times.
+ * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
+ parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ ++version
+ [8052992fd453]
-2003-01-06 18:47 millert
+ * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
+ getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
+ pathnames.h.in, version.h:
+ ++version
+ [f7ad15e1598a]
- * parse.lex: Work around what appears to be a flex bug when dealing
- with files that lack a final newline before EOF. This adds a
- rule to match EOF in the non-initial states which resets the
- state to INITIAL and throws an error.
+ * sudo.pod:
+ added -H and SUDO_PS1
+ [bb965241e30c]
-2003-01-06 15:06 millert
+ * configure.in:
+ use SUDO_FUNC_FNMATCH
+ [6a8350d85fb2]
- * visudo.c: o The parser needs sudoers to end with a newline but
- some editors (emacs) may not add one. Check for a missing
- newline at EOF and add one if needed. o Set quiet flag during
- initial sudoers parse (to get options) o Move yyrestart() call
- and always use freopen() to open yyin after initial sudoers
- parse.
+ * aclocal.m4:
+ added SUDO_FUNC_FNMATCH
+ [45b32c91c4ba]
-2002-12-15 11:24 millert
+ * sudo.c:
+ added -H flag
+ [11ebc6872fd6]
- * set_perms.c: Fix pasto/thinko in setresgid()/setregid() usage.
- Want to set effective gid, not real gid, when reading sudoers.
+ * sudo.h:
+ added MODE_RESET_HOME /
+ [67a7f8bcbbd6]
-2002-12-15 11:08 millert
+1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c: don't compile set_perms_posix if we have setreuid or
- setresuid
+ * INSTALL:
+ mention OPIE
+ [5723515d5bbd]
-2002-12-14 14:21 millert
+ * options.h:
+ SKEY -> OTP
+ [c1d268130bc4]
- * sudo.pod, sudoers.pod: document new prompt escapes
+ * configure.in:
+ added opie support
+ [123872b41b20]
-2002-12-14 14:15 millert
+ * compat.h, config.h.in:
+ added HAVE_OPIE
+ [528c71afc1e5]
- * check.c: Add %U and %H escapes and redo prompt rewriting. "%%"
- now gets collapsed to "%" as was originally intended. This also
- gets rid of lastchar (does lookahead instead of lookback) which
- should simplify the logic slightly.
+ * check.c:
+ added HAVE_OPIE and changed to *_OTP_*
+ [4c62f5db872a]
-2002-12-13 13:20 millert
+ * OPTIONS:
+ SKEY -> OTP
+ [bd858e5e9652]
- * tgetpass.c: Write the prompt *after* turning off echo to avoid
- some password characters being echoed on heavily-loaded machines
- with fast typists.
+1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-12-13 13:09 millert
+ * check.c:
+ moved fclose() in skey stuff.
+ [11f7dc8431a6]
- * config.sub: Add support for mipseb; wiz@danbala.tuwien.ac.at
+1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-12-13 12:48 millert
+ * putenv.c:
+ index -> strchr remove unnecesary stuff
+ [af2d05238062]
- * configure.in: Fix IRIX fallout from name changes in man dir/sect
- Makefile variables. Patch from erici AT motown DOT cc DOT utexas
- DOT edu
+ * check.c:
+ now call skeychallenge() to get challenge instead of making one up
+ ourselves. this way, we get extra goodies in the prompt.
+ [49b770d98d3a]
-2002-12-13 11:33 millert
+1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: Keep a local copy of tgetpass_flags so we don't add
- in TGP_ECHO to the global copy. Problem noted by Peter Pentchev.
+ * CHANGES:
+ added one
+ [3f5149357e2a] [SUDO_1_5_1]
-2002-11-28 18:43 millert
+ * parse.lex:
+ allow logins to start with a number (YUCK!)
+ [7ed7ef324741]
- * parse.yacc: Add missing yyerror() calls; YYERROR does not seem to
- call this for us.
+1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-11-26 12:09 millert
+ * TROUBLESHOOTING:
+ added soalris 2.5 vs 2.4 note
+ [16160a251aae]
- * sudo.c: fix typo in comment; Pedro Bastos
+ * configure.in:
+ DUNIX doesn't need -lnsl
+ [be924cc322c3]
-2002-11-22 14:41 millert
+ * CHANGES:
+ *** empty log message ***
+ [1b2937521981]
- * INSTALL: document --disable-setresuid
+ * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
+ getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
+ options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+ strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
+ utime.c, version.h, visudo.c:
+ courtesan
+ [5f203589bbfe]
-2002-11-22 14:41 millert
+ * PORTING, README, RUNSON:
+ courtesan
+ [d72517f4937e]
- * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sudo_auth.c:
- Sprinkle some volatile qualifiers to prevent over-enthusiastic
- optimizers from removing memset() calls.
+ * INSTALL, Makefile.in, TROUBLESHOOTING:
+ courtesan
+ [5c007e3c7a71]
-2002-11-22 14:11 millert
+ * visudo.pod:
+ *** empty log message ***
+ [37ebe85bd4e1]
- * logging.c, parse.yacc: minor sign fixes pointed out by gcc
- -Wsign-compare
+ * sudo.pod, visudo.pod:
+ courtesan
+ [37f02e2130ea]
-2002-11-22 14:09 millert
+1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c, sudo.c, sudo.h: Revamp set_perms. We now use a
- version based on setresuid() or setreuid() when possible since
- that allows us to support the stay_setuid option and we always
- know exactly what the semantics will be (various Linux kernels
- have broken POSIX saved uid support).
+ * HISTORY:
+ added courtesan ./
+ [b01435226276]
-2002-11-22 14:08 millert
+1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure: regen from configure.in
+ * sudo.c:
+ added $SUDO_PROMPT support
+ [cb1fa72c093d]
-2002-11-22 14:07 millert
+1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: Add checks for setresuid() and a way to disable
- using it
+ * check.c:
+ print long skey challemged to stderr, not stdout
+ [750fc775b3b2]
-2002-11-22 14:05 millert
+1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * compat.h: No long need to emulate set*[ug]id() via setres[ug]id()
- or setre[ug]id(). The new set_perms stuff only uses things it
- knows are there.
+ * CHANGES:
+ updated for 1.5.1
+ [9b615f393057]
-2002-11-22 13:33 millert
+ * emul/utime.h:
+ ++version
+ [a94de18deafb]
- * sudo.c: Before exec, restore state of signal handlers to be the
- same as when we were initialy invoked instead of just reseting to
- SIG_DFL. Fixes a problem when using sudo with nohup. Based on a
- patch from Paul Markham.
+1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-11-22 13:23 millert
+ * RUNSON:
+ updated for 1.5.1
+ [4092f20ab634]
- * sudo.c: o timestamp_uid should be uid_t, not int o clarify error
- message when sudo is run by root and no_root_sudo is set
+1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-09-19 17:27 millert
+ * check.c:
+ use shost, not host for tgetpass
+ [6061c49ff9be]
- * README: update ftp link for bison
+ * sudo.pod:
+ documented %u and %h
+ [6d2922d29897]
-2002-07-20 08:30 millert
+ * OPTIONS:
+ documented %u and %h
+ [1a71da13a864]
- * set_perms.c: Error out if setusercontext() fails and the runas
- user is not root.
+ * configure.in:
+ fixed typo
+ [1230dec2b062]
-2002-05-20 16:51 millert
+ * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+ dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+ ++version
+ [65ce8eabf77a]
- * auth/securid5.c: Fix rcsid
+ * BUGS:
+ ++version
+ [afecab53aab7]
-2002-05-20 16:50 millert
+1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: Fix SecurID API test
+ * Makefile.in, configure.in, version.h:
+ ++version
+ [fb3ff940d672]
-2002-05-17 13:20 millert
+ * sudo.h:
+ new tgetpass() params
+ [9eccc5b0f8ae]
- * env.c: typo in comment
+ * check.c:
+ pass use and host to tgetpass
+ [c56d9d13c401]
-2002-05-17 13:20 millert
+ * tgetpass.c:
+ added %u and %h escapes
+ [04ae775d3e5d]
- * configure.in: securid5 stuff needs pthreads. Just adding
- -lpthread is suboptimal but I don't see a better way at the
- moment.
+ * OPTIONS, check.c, options.h:
+ added NO_MESSAGE
+ [3927dad19057]
-2002-05-17 13:04 millert
+ * configure.in:
+ added cray (unicos) support
+ [1122210c5fb1]
- * Makefile.in, auth/securid5.c: SecurID API version 5 support from
- Michael Stroucken
+1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-05-17 13:02 millert
+ * OPTIONS, options.h, sudo.c:
+ added SHELL_SETS_HOME
+ [0b26909b0929]
- * configure.in: Add check for SecurID 5.0 API
+1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-05-08 16:46 millert
+ * INSTALL:
+ added note about "make install"
+ [7e56ea76d4b4]
- * strerror.c: We actually do still need config.h to get the 'const'
- definition for K&R C.
+ * parse.yacc:
+ changed length/size params from int to size_t
+ [5654e5ceb1b3]
-2002-05-05 16:43 millert
+ * OPTIONS:
+ now get CSOPS insults as well by default
+ [297323d0179a]
- * configure: regen with autoconf 2.5.3
+ * insults.h:
+ use csops insults too by default
+ [07fafc136169]
-2002-05-05 16:25 millert
+ * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
+ version = 1.5
+ [4b8772b11e3b]
- * configure.in: Don't set sysconfdir to '/etc' if the user has
- specified a --prefix.
+ * sudo.c:
+ added runas_homedir
+ [b0e0d4417a15]
-2002-05-05 16:14 millert
+ * TODO:
+ updated for 1.5
+ [66259df825d5]
- * configure.in: Some fixes for autoconf 2.53 from Robert Uhl o
- don't AC_SUBST LIBOBJS o force a 4th arg for AC_CHECK_HEADER()
- to workaround a bug
+ * RUNSON:
+ updated for 1.5
+ [e08bc9ebfe95]
-2002-05-05 15:58 millert
+ * CHANGES:
+ 1.5 release
+ [8c16942fea41]
- * env.c, sudo.c, sudo.h: No need for dump_badenv() now that
- dump_defaults() knows how to dump lists.
+ * INSTALL:
+ added "upgrading" notes
+ [210d968964ff]
-2002-05-04 21:31 millert
+1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * BUGS, INSTALL, Makefile.in, configure.in, version.h,
- INSTALL.binary, README: ++version
+ * visudo.c:
+ now do chmod and chown after edit of temp file and before rename
+ [de174e34faa7] [SUDO_1_5_0]
-2002-05-04 20:57 millert
+1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod: document timestampowner
+ * Makefile.in:
+ ++version added INSTALL.configure
+ [c9e9214f52ae]
-2002-05-04 20:45 millert
+ * configure.in, version.h:
+ ++version
+ [5985abed3eb2]
- * check.c: Don't call set_perms() when doing timestamp stuff unless
- timestamp_uid != 0.
+ * TROUBLESHOOTING:
+ *** empty log message ***
+ [d65c540ec52e]
-2002-05-04 20:43 millert
+ * parse.yacc:
+ added missing cast
+ [e7247319a7d5]
- * check.c, logging.c, parse.c, set_perms.c, sudo.c, sudo.h,
- testsudoers.c, auth/sudo_auth.c: g/c second arg to set_perms--it
- is no longer used
+ * sudo.c:
+ sets $HOME to pw_dir of runas user
+ [d3f7f4d05752]
-2002-05-03 18:48 millert
+ * sudo.pod:
+ document $HOME change
+ [854454d458c4]
- * check.c, set_perms.c, sudo.c, sudo.h: Add support for non-root
- timestamp dirs. This allows the timestamp dir to be shared via
- NFS (though this is not recommended).
+1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-05-03 18:47 millert
+ * sudo.pod:
+ fixed up some wording
+ [b0c8582f2c97]
- * def_data.c, def_data.h, def_data.in: Add timestampowner, "Owner
- of the authentication timestamp dir"
+ * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
+ strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ visudo.c:
+ ++version
+ [748be723fd8b]
-2002-05-02 15:40 millert
+ * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, options.h, pathnames.h.in, sudo.h:
+ ++version
+ [acdf8b1b2a1b]
- * env.c: Don't try to pre-compute the size of the new envp, just
- allocate space up front and realloc as needed. Changes to the
- new env pointer must all be made through insert_env() which now
- keeps track of spaced used and allocates as needed.
+ * emul/utime.h:
+ ++version
+ [b3f35298ab8d]
-2002-04-26 15:12 millert
+ * sudo.h:
+ name nad type changes
+ [db24ab3da141]
- * configure: regen
+ * testsudoers.c:
+ now works with new sudo
+ [379346c42cc2]
-2002-04-26 15:12 millert
+ * parse.yacc:
+ fixed some XXX
+ [f5fe4c990052]
- * configure.in: Fix two typo/pastos; from jrj@purdue.edu
+ * parse.yacc:
+ some variable name changes + comment headers for functions.
+ [3dc3bd9aa73d]
-2002-04-25 11:36 millert
+ * tgetpass.c:
+ added extra paren's to make compilers happy
+ [9e4968a34d56]
- * INSTALL.binary, README: ++version
+ * sudo.c:
+ *** empty log message ***
+ [70c924c1ed69]
-2002-04-25 11:35 millert
+ * parse.c:
+ now uses init_parser() if not in sudoers and tries "list" or
+ "validate" scold but don't be nasty.
+ [c0d8fb3f8c9e]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in, configure: regen
+ * TROUBLESHOOTING:
+ now can use upper case login names
+ [c772fffcefe5]
-2002-04-25 11:31 millert
+ * visudo.c:
+ now uses init_parser()
+ [b9efae7243fd]
- * CHANGES, RUNSON, TODO: Sync with 1.6.6
+ * INSTALL, README:
+ updated
+ [27dc8283fdc8]
-2002-04-25 11:30 millert
+ * PORTING:
+ added info about PASSWORD_TIMEOUT
+ [980e15d892f8]
- * check.c: The the loop used to expand %h and %u, the lastchar
- variable was not being initialized. This means that if the last
- char in the prompt is '%' and the first char is 'h' or 'u' a
- extra copy of the host or user name would be copied, for which
- space had not been allocated.
+ * INSTALL.configure:
+ Initial revision
+ [8292e89a08d3]
-2002-04-18 11:41 millert
+ * BUGS:
+ fixed a bug ,
+ [c6e46f5624f9]
- * BUGS, INSTALL, Makefile.in, configure.in, version.h: crank
- version to 1.6.6
+ * parse.yacc:
+ now dynamically allocates memory for the stacks -- no more
+ overflows!
+ [8615c35b6ad3]
-2002-04-18 11:39 millert
+ * sudo.pod:
+ -l now explands command aliases
+ [39f45605935d]
- * auth/afs.c: #undef VOID to get rid of an AFS warning
+ * parse.yacc:
+ hacks to expand command aliases for `sudo -l'
+ [e4eb752608f9]
-2002-04-18 11:38 millert
+ * sudo.c:
+ remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
+ [01327ca5084b]
- * env.c: Use easprintf instead of emalloc + sprintf for some
- things.
+ * sudo.h:
+ added struct command_alias
+ [dd2f32764082]
-2002-03-15 19:45 millert
+ * sudo.pod:
+ fixed a bug
+ [e708ff08d2eb]
- * lex.yy.c: regen
+ * lsearch.c:
+ in compar() key should be first arg
+ [fc14c3fa62ee]
-2002-03-15 19:44 millert
+1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, parse.lex, parse.yacc, testsudoers.c: Remove Chris
- Jepeway's email address so people don't bug him ;-)
+ * BUGS:
+ fixed some bugs
+ [639dfe425bd5]
-2002-03-11 22:19 millert
+ * parse.yacc:
+ can now deal with upcase HOST and USER names
+ [c6aa7bcfb00d]
- * sudo.c: Move endpwent() to be after set_perms(PERM_RUNAS, ...)
- and also call endgrent() at the same time.
+ * sudo.c:
+ don't yell too loudly at non-sudoers if they do "sudo -l"
+ [4ef146128d89]
-2002-02-21 22:23 millert
+ * sudo.pod:
+ fixed thinko
+ [830f2f0f22e7]
- * INSTALL: Make it clear which configure options take arguments.
+ * parse.c:
+ fix comment
+ [d20ce9e17ddc]
-2002-01-25 13:38 millert
+1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
- * compat.h: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there
- is no RLIM_INFINITY, just pretend it is -1. This works because
- we only check for RLIM_INFINITY and do not set anything to that
- value.
+ * parse.c, parse.yacc:
+ added support for new `sudo -l' stuff
+ [7dceaef3c733]
-2002-01-22 11:43 millert
+ * sudo.c:
+ now uses list_matches()
+ [293364821b61]
- * auth/pam.c: Zero and free allocated memory when there is a
- conversation error.
+ * sudo.h:
+ added struct sudo_match
+ [b2684179d179]
-2002-01-21 22:37 millert
+ * configure.in:
+ now more -lgnumalloc
+ [4f8ae42617d8]
- * auth/bsdauth.c: Use sigaction() not signal()
+1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-21 22:26 millert
+ * install-sh:
+ added more paths for chown and whoami
+ [6e685a19426c]
- * INSTALL: Mention that some linux kernels have broken POSIX saved
- ID support
+1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-21 21:03 millert
+ * check.c:
+ typo
+ [3adfa01c04bc]
- * CHANGES: checkpoint for 1.6.5p2
+1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-21 21:01 millert
+ * aclocal.m4:
+ fixed DUNIX check for shadow pw
+ [c25324bcd27b]
- * configure: regen
+ * tgetpass.c:
+ now only turn off echo if it is already on. this fixes a race when
+ you use sudo in a pipelin
+ [28388c2de21c]
-2002-01-21 21:01 millert
+ * INSTALL:
+ updated
+ [b45ac9366b7e]
- * configure.in: Add --disable-setreuid flag
+ * configure.in:
+ changed "test -z $foo && do_this" to if; then construct
+ [2183c4426bca]
-2002-01-21 21:00 millert
+1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL: Document new --disable-setreuid option and change
- description for --disable-saved-ids to match new error message.
+ * configure.in:
+ added missing defines of SHADOW_TYPE
+ [be89ea68a7f3]
-2002-01-21 21:00 millert
+1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c: fatal() now takes an argument that determines
- whether or not to call perror().
+ * check.c:
+ protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
+ only in dunix 4.x
+ [1e7c1c677263]
-2002-01-21 20:58 millert
+ * getspwuid.c:
+ added AUTH_CRYPT_C1CRYPT support
+ [88d6b0058b20]
- * PORTING, TROUBLESHOOTING: Update for new error messages from
- set_perms()
+ * parse.c:
+ no longer return VALIDATE_NOT_OK if there was a runas that didn't
+ match. Now we can have runas stuff on more than one line.
+ [52b68920d7b7]
-2002-01-21 17:46 millert
+ * getspwuid.c, sudo.c, tgetpass.c:
+ use SHADOW_TYPE instead of HAVE_C2_SECURITY
+ [cf401dfcbc06]
- * auth/pam.c: Make this compile w/o warnings
+ * configure.in:
+ got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
+ something
+ [c7a233c4dd93]
-2002-01-21 17:36 millert
+ * config.h.in:
+ removed HAVE_C2_SECURITY added SPW_BSD
+ [8314405e9754]
- * auth/pam.c: Mention that we can't use pam_acct_mgmt()
+ * compat.h:
+ use SHADOW_TYPE instead of HAVE_C2_SECURITY
+ [6f94870df17f]
-2002-01-21 17:25 millert
+ * check.c:
+ SHADOW_TYPE is always defined so just against its value
+ [72c69a55d02f]
- * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c: The user's password
- was not zeroed after use when AIX authentication, BSD
- authentication, FWTK or PAM was in use.
+ * aclocal.m4:
+ added SUDO_CHECK_SHADOW_DUNIX
+ [ef025ae9d496]
-2002-01-20 14:21 millert
+1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: Avoid giving PAM a NULL password response, use the
- empty string instead. This avoids a log warning when the user
- hits ^C at the password prompt when PAM is in use.
+ * sudoers.pod:
+ * -> ?* in one example added another instance of (runas) and one of
+ NOPASSWD:
+ [d74fe1dcbe7d]
-2002-01-19 19:46 millert
+1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: Don't check the return value of pam_setcred(). In
- Linux-PAM 0.75 pam_setcred() returns the last saved return code,
- not the return code for the setcred module. Because we haven't
- called pam_authenticate(), this is not set and so pam_setcred()
- returns PAM_PERM_DENIED.
+ * configure.in:
+ added back check for config.cache from other host type
+ [0ba87871f585]
-2002-01-19 19:43 millert
+ * parse.lex:
+ removed an instance of \"
+ [1e008d3709f6]
- * Makefile.binary, Makefile.in: Don't need a '/' between $(DESTDIR)
- and a directory.
+ * sample.sudoers:
+ added an example
+ [dbfcf68ee330]
-2002-01-18 14:18 millert
+ * sudoers.pod:
+ updated wrt new wildcard matching
+ [193fa44a475b]
- * configure: regen
+ * configure.in:
+ new check for shadow passwords if we don't know anything
+ [67465df7dc9a]
-2002-01-18 14:18 millert
+ * aclocal.m4:
+ new SUDO_CHECK_SHADOW_GENERIC
+ [3563b16a41b8]
- * configure.in: o BSDi also has a bogus setreuid() o Old FreeBSD
- has a bogus setreuid() o new NetBSD has a real setreuid() o add
- check for freeifaddrs() if getifaddrs() exists.
+ * configure.in:
+ added back check for -lsocket (oops)
+ [a80882ee1cb6]
-2002-01-18 14:17 millert
+ * configure.in:
+ better (working) check for shadow passwd type if we know to use C2.
+ [3cdd2a59a641]
- * config.h.in, interfaces.c: Older BSDi releases lack freeifaddrs()
- so add a test for that and if it is not present just use free().
+ * configure.in:
+ now uses AC_CANONICAL_HOST to figure out os type
+ [80db7fe6e704]
-2002-01-17 11:30 millert
+ * Makefile.in:
+ added config.{guess,sub}
+ [c6be7e3ca384]
- * CHANGES, RUNSON: Checkpoint for 1.6.5p1
+ * aclocal.m4:
+ removed unused stuff to figure out os type
+ [c9a0f3b57123]
-2002-01-17 10:56 millert
+ * config.sub:
+ added openbsd
+ [bfc6bfec3668]
- * auth/passwd.c: Return AUTH_FAILURE in passwd_init() if
- skeyaccess() denies access to normal passwords, not AUTH_FATAL
- (which just causes an exit).
+ * config.sub:
+ Initial revision
+ [e6e06ce0d17d]
-2002-01-17 10:35 millert
+ * config.guess:
+ Initial revision
+ [99dd06f79199]
- * visudo.c: Don't use memory after it has been freed.
+ * testsudoers.c:
+ don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
+ pathname. need to check against sudoers_args even if user_args is
+ nil
+ [66e6cf77f5d6]
-2002-01-17 00:24 millert
+ * parse.c:
+ don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
+ pathname need to check against sudoers_args even if user_args is nil
+ [74374df17311]
- * auth/passwd.c: skeyaccess() wants a struct passwd * not a char *;
- Patch from Phillip E. Lobbes
+1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-16 20:00 millert
+ * check.c:
+ added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
+ [cbb00261c415]
- * BUGS: ++version
+ * testsudoers.c:
+ now takes command line args and uses cmnd_args
+ [f0c2fd35a527]
-2002-01-16 19:53 millert
+ * parse.lex:
+ fill_args was adding an extra leading space
+ [692fc999b2e8]
- * CHANGES, RUNSON, TODO: checkpoint for sudo 1.6.5
+1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-16 18:37 millert
+ * visudo.c:
+ fixed dummy command_matches()
+ [93d9543db6e2]
- * configure: regen
+ * parse.yacc:
+ fixed prototype
+ [7b0addfbd429]
-2002-01-16 18:37 millert
+ * sudo.h:
+ added cmnd_args
+ [8f47c4ae65ef]
- * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
- version 1.6.5
+ * parse.yacc:
+ now uses flat args string
+ [016e65877da3]
-2002-01-16 18:37 millert
+ * parse.c, parse.lex:
+ now uses flat arg string
+ [5b5f2e3f4c09]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: sudo version 1.6.5
+ * visudo.c:
+ added cmnd_args def
+ [876867134775]
-2002-01-16 16:28 millert
+ * sudo.c:
+ now sets cmnd_args global
+ [e6fee70cb59b]
- * logging.c: o when invoking the mailer as root use a hard-coded
- environment that doesn't include any info from the user's
- environment. Basically paranoia.
+ * logging.c:
+ cmnd_args is now exported from sudo.[ch]
+ [7a9cd36e356f]
- o Add support for the NO_ROOT_MAILER compile-time option and run
- the mailer as the user and not root if NO_ROOT_MAILER is
- defined.
+1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-16 16:27 millert
+ * parse.yacc:
+ can't rely on cmnd_matches as much as I thought -- added some $$
+ stuff back in to prevent namespace pollution problems.
+ [3c45fedb5af3]
- * set_perms.c, sudo.h: Bring back PERM_FULL_USER
+ * parse.yacc:
+ Simplified parse rules wrt runas and NOPASSWD (more consistent).
+ [e6d838c8a4c7]
-2002-01-16 16:26 millert
+1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * parse.lex:
+ NOPASSWD may now have blanks before the ':' '(' only starts a
+ 'runas' if in the initial state to avoid collision with command args
+ [c5c01172f499]
-2002-01-16 16:26 millert
+ * configure.in:
+ added checks for specific shadow passwd schemes
+ [b7e3d1f7b84f]
- * version.h: version 1.6.5
+ * aclocal.m4:
+ added routines to check for specific shadow passwd types
+ [e5e1d19960a6]
-2002-01-16 16:26 millert
+1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, config.h.in, configure.in: Add --disable-root-mailer
- option to run the mailer as the user and not root.
+ * configure.in:
+ added support for ncr boxen
+ [bea9dc5aae7f]
-2002-01-16 12:44 millert
+ * aclocal.m4:
+ added support for detecting ncr boxen
+ [8653a158a924]
- * CHANGES: checkpoint for 1.6.4p2
+1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-15 19:22 millert
+ * configure.in:
+ added sinix support
+ [5de2b2173ee1]
- * PORTING: Mention the "seteuid(0): Operation not permitted"
- problem here too just for good measure.
+1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-15 18:43 millert
+ * TROUBLESHOOTING:
+ added info about "config.cache from other other" error.
+ [845b10198e0b]
- * env.c, getspwuid.c, sudo.c: The SHELL environment variable was
- preserved from the user's environment instead of being reset
- based on the passwd database when the "env_reset" option was
- used. Now it is reset as it should be.
+ * aclocal.m4:
+ now makes sure you don't have a config.cache file from another OS
+ [4fe32571c021]
-2002-01-15 17:47 millert
+ * configure.in:
+ now sets $LIBS when needed to configure links with libs when doing
+ tests hpux10 now uses SPW_SECUREWARE for C2 added check for
+ bigcrypt(3) if SPW_SECUREWARE
+ [2df6b8ca538f]
- * configure: regen
+ * getspwuid.c:
+ fixed typo
+ [fe1cb1d792d6]
-2002-01-15 17:47 millert
+ * tgetpass.c:
+ now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
+ [f71138372c07]
- * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
- sudo.c: Add a configure option to turn off use of POSIX saved IDs
+ * getspwuid.c:
+ no more SPW_HPUX10
+ [cfdeb18bc16b]
-2002-01-15 15:48 millert
+ * config.h.in:
+ no more SPW_HPUX10 added HAVE_BIGCRYPT
+ [00d296479a61]
- * configure: regen
+ * compat.h:
+ now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
+ [6c6d9e680417]
-2002-01-15 15:48 millert
+ * check.c:
+ SPW_SECUREWARE now uses bigcrypt
+ [be71fc66690f]
- * configure.in: add --with-efence option
+1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-15 15:39 millert
+ * sample.sudoers:
+ fixed 2 syntax errors
+ [45eee19ef4ac]
- * sudo.c: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a
- problem where "sudo -l" would not work if always_set_home was
- set.
+ * sudoers:
+ root may now run ALL as ALL
+ [1b54c6b9b212]
-2002-01-15 13:16 millert
+1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * lex.yy.c: regen
+ * interfaces.c:
+ fixed a typo/thinko that broke BSD's with sa_len
+ [603438360126]
-2002-01-15 13:16 millert
+1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.lex: Quoted commas were not being treated correctly in
- command line arguments.
+ * check.c, configure.in:
+ updated AFS support
+ [e572eb8d177a]
-2002-01-14 20:53 millert
+ * TROUBLESHOOTING:
+ added entry about /usr/ucb/cc
+ [025b353aa9d3]
- * sudo.c: o Move the call to rebuild_env() until after
- MODE_RESET_HOME is set. Otherwise, the set_home option has no
- effect.
+ * INSTALL:
+ prep no longer holds gcc binaries
+ [8b0942958049]
- o Fix use of freed memory when the "fqdn" flag is set. This was
- introduced by the fix for the "segv when gethostbynam() fails"
- bug. Also, we no longer call set_fqdn() if the "fqdn" flag is
- not set so there is no need to check the "fqdn" flag in
- set_fqdn() itself.
+ * INSTALL:
+ updated AFS note
+ [7af6efd5abe4]
-2002-01-14 20:45 millert
+ * Makefile.in:
+ added @AFS_LIBS@
+ [97b6fe6ad7d6]
- * env.c: Add 'continue' statements to optimize the switch
- statement. From Solar.
+ * compat.h:
+ AFS allows long passwords
+ [5fb17122c302]
-2002-01-13 13:42 millert
+ * testsudoers.c:
+ fixed -u user support
+ [b1a0c1648639]
- * sudoers.cat, sudoers.man.in: Regen from new sudoers.pod
+ * parse.c:
+ sudo -v now groks VALIDATE_OK_NOPASS
+ [74fc03fffe7e]
-2002-01-13 13:36 millert
+ * parse.yacc:
+ fixed no_passwd vs. runas_matched
+ [549a9b791a6a]
- * sudoers.pod: Add caveat about stay_setuid flag
+ * TROUBLESHOOTING:
+ took out stuff about NFS-mounting since it is no longer an issue
+ [d95ab7fbbc61]
-2002-01-13 13:29 millert
+ * INSTALL:
+ added --with-libraries > --with-libpath --with-incpath
+ [d5d15a7a0f4c]
- * sudo.c: If set_perms == set_perms_posix and the stay_setuid flag
- is not set, set all uids to 0 and use set_perms_fallback().
+ * parse.yacc:
+ was setting runas_matches to -1 in wrong place
+ [db2b1deb8d33]
-2002-01-13 13:28 millert
+ * check.c:
+ removed usersec.h which is not present in new AFS versions
+ [618b016dd17f]
- * set_perms.c, sudo.h: Remove PERM_FULL_USER (which is no longer
- used) and add PERM_FULL_ROOT (used when exec'ing the mailer).
+ * tgetpass.c:
+ now deals with timeout <= 0
+ [ba53a1257255]
-2002-01-13 13:27 millert
+ * OPTIONS:
+ updated
+ [75093bd8fdca]
- * logging.c: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the
- mailer since we never want to run the mailer setuid.
+ * configure.in:
+ BSD/OS >= 2.0 now uses shlicc instead of just gcc
+ [ff6dbf7825c2]
-2002-01-12 17:55 millert
+ * sudo.c:
+ fixed backwards compatibility with sudo 1.4 sudoers mode for root
+ readable/writable filesystems
+ [2694ed627221]
- * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
- visudo.pod: Use sudo.ws instead of courtesan.com in URLs
+ * Makefile.in:
+ now gives INSTALL -c flag
+ [63db055a2fd1]
-2002-01-12 14:00 millert
+ * parse.yacc:
+ slightly simpler initialization of no_passwd and runas_matches
+ [463a1b5fa323]
- * Makefile.in, Makefile.binary: Fix mansect substitution
+ * testsudoers.c:
+ added -u username support
+ [38b072fcd6b3]
-2002-01-12 13:15 millert
+ * configure.in:
+ improved --with-libraries support
+ [047dbc5f0af2]
- * Makefile.in: Substitute man sections in Makefile.binary
+1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-12 13:15 millert
+ * configure.in:
+ added --with-incpath, --with-libpath, --with-libraries
+ [20f20d6c718c]
- * Makefile.binary: Sync install targets with Makefile.in and
- substitute in man sections.
+ * parse.yacc:
+ now initializes some fields that weren't getting set to -1 pretty
+ gross -- need a rewrite.
+ [021c160390c6]
-2002-01-12 13:09 millert
+1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, INSTALL.binary: version is 1.6.4
+ * alloca.c:
+ removed emacs'isms
+ [9d4ec2efe057]
-2002-01-12 12:59 millert
+ * configure.in:
+ no longer add -lPW to *_LIBS since we include alloca.c
+ [a626d1bbea80]
- * Makefile.in: Repair bindist target
+ * config.h.in:
+ added HAVE_ALLOCA_H
+ [15491e2a6cff]
-2002-01-12 11:43 millert
+ * Makefile.in:
+ added alloca.c
+ [0400f25e1fe4]
- * CHANGES: sync for 1.6.4
+ * alloca.c:
+ Initial revision
+ [06d033aa4882]
-2002-01-10 13:00 millert
+ * configure.in:
+ ++version
+ [f52c0fb98f90]
- * install-sh: Fix case where neither whoami nor id are found
+1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-09 12:35 millert
+ * sudo.c:
+ now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
+ not always set to a valid uid.
+ [c2669f77704d]
- * install-sh: If neither whoami nor id exists, just assume we are
- root.
+ * OPTIONS:
+ fixed entry for SUDO_MODE
+ [d7272f6035b8]
-2002-01-09 11:56 millert
+ * sudo.c:
+ Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
+ being set to -2. Now beat NFS to the punch and set uid to "nobody"
+ ourselves, preserving group 0 to read sudoers.
+ [b1fbc5dd1e34]
- * alloc.c: Add explicit cast to (VOID *) on malloc/realloc. Seems
- to be needed on AIX which for some reason isn't pulling in the
- malloc prototype.
+ * parse.c:
+ moved set_perms(PERM_ROOT) to be before yyparse()
+ [7619d8080735]
-2002-01-08 10:00 millert
+ * logging.c:
+ fixed a typo
+ [318acc48cde0]
- * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c: (c) 2002
+ * configure.in:
+ no longer need AC_PROG_INSTALL
+ [de01b1336dc8]
-2002-01-08 09:21 millert
+ * Makefile.in:
+ always use install-sh to avoid install(1)'s that use get{pw,gr}nam
+ [ea2351986406]
- * CHANGES: checkpoint
+ * INSTALL:
+ make clean -> make distclean
+ [704a98e8ba10]
-2002-01-08 09:20 millert
+1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: Defer assigning new environment until right before the
- exec.
+ * parse.yacc:
+ removed some unnecsary if's
+ [f00db6508132]
-2002-01-08 09:08 millert
+ * Makefile.in, version.h:
+ ++version
+ [bdb6740b24c8]
- * parse.c: kill extra blank line
+ * parse.c, testsudoers.c:
+ now includes netgroup.h
+ [93f5a06352bc]
-2002-01-07 13:59 millert
+ * interfaces.c:
+ removed cats of ioctl to int since they didn't shut up -Wall
+ [83e9f912cd7a]
- * configure: regen
+ * interfaces.c:
+ explicately cast ioctl() to int since it it not always declared
+ [2ff9294e469e]
-2002-01-07 13:59 millert
+ * sudo.h:
+ added declarations for yyparse() and yylex()
+ [6071321ab771]
- * configure.in: Use -O not -O2 for m88k-motorola-sysv* since
- motorola gcc-derived compiler doesn't recognise -O2.
+ * parse.yacc:
+ fixed an occurence of '==' -> '='
+ [2c46d2e11d57]
-2002-01-06 23:02 millert
+ * config.h.in, configure.in:
+ added check for netgroup.h
+ [73403050f4e3]
- * HISTORY: Clarify origins of Root Group sudo a bit based on info
- from billp@rootgroup.com
+ * sudo.c:
+ fixed 2 compiler warnings
+ [680929b0bd97]
-2002-01-02 22:41 millert
+ * sudo.c:
+ SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
+ initialized
+ [18707ecd07c2]
- * LICENSE: 2002
+1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-02 22:26 millert
+ * sudo.pod:
+ fixed a typo
+ [e4b5c12aa130]
- * CHANGES: checkpoint for 1.6.4rc1
+1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-02 17:40 millert
+ * parse.yacc:
+ fixed a formatting thingie
+ [c79327b6f19b]
- * config.h.in: now generated via autoheader
+ * parse.c, parse.yacc:
+ fixed -u support with multiple user lists on a line
+ [e4d1066adca2]
-2002-01-02 17:40 millert
+ * configure.in:
+ unixware needs -lgen
+ [b5bf9bca63cc]
- * configure: regen
+ * README:
+ updated ftp location
+ [b25a033f7921]
-2002-01-02 17:37 millert
+ * sudoers.pod:
+ add net_addr/netmask support
+ [674e83516d1e]
- * compat.h: Move in some stuff that was previously in config.h.
+ * sample.sudoers:
+ added net_addr/mask example
+ [774878e89b28]
-2002-01-02 17:36 millert
+ * parse.c, parse.lex:
+ added support for net_addr/netmask
+ [e33de27325d8]
- * configure.in, aclocal.m4: Add info for autoheader.
+1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-01 16:53 millert
+ * sudoers.pod:
+ ^ -> !
+ [1a084950d6ef]
- * Makefile.in: o Add DESTDIR support
- o Use -M, -O, and -G instead of -m, -o, and -g to facilitate
- non-root installs
+1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2002-01-01 16:48 millert
+ * RUNSON:
+ updated for 1.4.3
+ [c82019025d09]
- * install-sh: Add -M option (like -m but only for root) If we can't
- find "whoami", use "id" w/ some sed.
+ * CHANGES:
+ udpated for 1.4.3
+ [ceaa81adb8f0]
-2002-01-01 14:01 millert
+ * BUGS, TODO, TROUBLESHOOTING:
+ updated
+ [ff94fae4b853]
- * configure: regen
+ * sample.sudoers:
+ updated with examples of new stuff
+ [99d0b4cb4c9c]
-2002-01-01 14:00 millert
+ * INSTALL, README:
+ ++version
+ [b763b80fe836]
- * configure.in: allow user to always override mansectsu and
- mansectform
+ * sudoers.pod:
+ updated wrt -u and NOPASSWD
+ [0b5b722ea0f4]
-2001-12-31 17:05 millert
+ * sudo.pod:
+ updated wrt -u and CAVEATS
+ [71d5d53b5d18]
- * mkinstalldirs: update from autoconf 2.52
+1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-31 17:03 millert
+ * sudo.c:
+ fixed usage()
+ [114c7d09b550]
- * config.guess, config.sub: Update from autoconf 2.52
+ * parse.lex:
+ now use :foo: character classes (makes no diff for generated lexer)
+ [7b0aeb737a02]
-2001-12-31 16:57 millert
+1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen with autoconf 2.52
+ * check.c:
+ fixed LONG_SKEY_PROMPT stuff
+ [0efe78b4bdda]
-2001-12-31 16:57 millert
+1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: o Call AC_PROG_CC_STDC to find out how to run the
- compiler in ANSI mode
- o Remove compiler-specific checks for HP-UX now that we use
- AC_PROG_CC_STDC
+ * visudo.c:
+ fixed a comment
+ [3d289017104b]
-2001-12-31 12:19 millert
+ * lsearch.c:
+ make more like NetBSD one -- now compiles w/o warnings
+ [932206296a54]
- * RUNSON: Checkpoint
+ * emul/search.h:
+ fixed decls of lsearch()
+ [c58cf4584c45]
-2001-12-31 12:18 millert
+ * config.h.in, configure.in, getspwuid.c:
+ added SPW_HPUX10
+ [d74e5eaa5f17]
- * auth/pam.c: o Add pam_prep_user function to call pam_setcred()
- for the target user; on Linux this often sets resource limits.
- o When calling pam_end(), try to convert the auth->result to a
- PAM_FOO value. This is a hack--we really need to stash the
- last PAM_FOO value received and use that instead.
+ * check.c:
+ hpux 10 uses bigcrypt() if C2
+ [359eb63f4021]
-2001-12-31 12:18 millert
+1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * set_perms.c, sudo.h: o Add pam_prep_user function to call
- pam_setcred() for the target user; on Linux this often sets
- resource limits.
+ * parse.c:
+ now always uses fnmatch to match args
+ [a9d91f35256a]
-2001-12-31 00:53 millert
+ * tgetpass.c:
+ back to using stdio instead of raw i/o since that caused some
+ problems
+ [e7ce2bc92974]
- * env.c: Fix off by one error in number of bytes allocated via
- malloc (does not affected any released version of sudo).
+1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-30 17:12 millert
+ * sudo.c:
+ now give usage warning if use -l,-v,-k with args
+ [6b48180c4fea]
- * lex.yy.c: regen
+1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-30 17:12 millert
+ * sudo.c:
+ NewArgc is now set to 1 for -l, -v, -k
+ [7497cb1416a8]
- * parse.lex: Allow '@', '(', ')', ':' in arguments to a defaults
- variable w/o requiring that they be quoted.
+ * sudo.c:
+ now sets sudoers to correct group if mode is 0400
+ [484c43d99718]
-2001-12-30 14:26 millert
+ * install-sh:
+ updated to version used by inn and bind
+ [28683ad8725a]
- * sudoers.cat, sudoers.man.in, sudoers.pod: Mention that no double
- quotes are needed when adding/deleting/assigning a single value
- to a list.
+ * configure.in:
+ now uses -lgnumalloc if it exists
+ [3651ca4415a2]
-2001-12-30 13:58 millert
+ * Makefile.in:
+ "make install" now sets uid/gid and mode on sudoers if it exists
+ [1f5216191ae9]
- * Makefile.in: Don't rely on mkdefaults being executable, call perl
- explicitly.
+ * sudo.c:
+ rmeoved debugging statements
+ [aeda278e2c26]
-2001-12-30 13:41 millert
+ * parse.yacc:
+ added a missing free()
+ [592c9482a159]
- * parse.yacc: Remove some XXX that are no longer relevant.
+ * sudo.c:
+ now uses user_gid instead of getegid (which was wrong anyway) to set
+ SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
+ (logging.c depends on args being in the environment)
+ [9f5328a3b942]
-2001-12-30 13:40 millert
+ * logging.c:
+ now uses SUDO_COMMAND envariable to get command args rather than
+ building it up again.
+ [7f8edc5bccb7]
- * defaults.c: o Roll our own loop instead of using strpbrk() for
- better grokability o When adding to a list we must malloc() and
- use memcpy(), not strdup() since we must only copy len bytes
- from str.
+ * parse.c:
+ now uses user_gid
+ [4b9303ae45fe]
-2001-12-21 16:49 millert
+ * sudo.c:
+ fixed off by one error in allocation NewArgv
+ [921ea1a4e7c6]
- * parse.yacc: typo in comment
+ * parse.c:
+ in sudoers, 'command ""' now means command with no args
+ [a5273648ace2]
-2001-12-19 11:50 millert
+ * configure.in:
+ added check for fnmatch(3) and fnmatch.h
+ [258916a7866f]
- * CHANGES: checkpoint
+ * config.h.in:
+ added HAVE_FNMATCH
+ [b9860d361e93]
-2001-12-19 10:56 millert
+ * Makefile.in:
+ replaced wildcat.* with fnmatch.*
+ [03ad9ee21a1c]
- * configure: regen
+ * testsudoers.c:
+ now uses fnmatch()
+ [5a7f7de987a9]
-2001-12-19 10:56 millert
+1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: avoid the -g flag unless --with-devel was specified
+ * parse.c:
+ now uses fnmatch() instead of wildmat a trailing star (*) by itself
+ now matches multiple args added support for wildcards in the
+ pathname in sudoers
+ [1f7fb950b868]
-2001-12-19 10:04 millert
+1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: mkdefaults, def_data.in and sigaction.c were missing
- from the tarball
+ * fnmatch.c:
+ now includes compat.h and config.h
+ [090206b95cf8]
-2001-12-19 09:46 millert
+ * config.h.in:
+ added HAVE_FNMATCH_H
+ [90eb42150173]
+
+ * configure.in:
+ now checks for alloca() (if needed by bison or dce) and links with
+ -lPW if it contains alloca() and libv and compiler do not.
+ [cfa2b3cef49a]
+
+ * emul/fnmatch.h, fnmatch.3, fnmatch.c:
+ Initial revision
+ [20b1f762a32a]
- * Makefile.in: def_data.c was missing
+1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now fixes mode on sudoers if set to 0400 to aid in upgrade
+ [d4bdfd521820]
-2001-12-18 12:42 millert
+1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fixed pod2man usage
+ [5adf2ec77b27]
+
+ * Makefile.in, configure.in, version.h:
+ ++version
+ [b4029de876d0]
- * env.c: Fix setting of $USER and $LOGNAME in the non-reset_env
- case. Also allow HOME, SHELL, LOGNAME, and USER to be specified
- in keep_env
+ * testsudoers.c, visudo.c:
+ runas_user is now initialized to "root"
+ [8537d97bff39]
-2001-12-17 20:48 millert
+ * sudo.h:
+ removed PERM_FULL_ROOT
+ [241f8bbf647f]
- * TODO: Another TODO item
+ * sudo.c:
+ runas_user defaults to "root" so no more need to PERM_RUNAS
+ [fc0c0dfc72ba]
-2001-12-17 19:50 millert
+ * parse.c:
+ will now only running commands as root if there was no runas list
+ (or if root is in the runas list)
+ [40c587666c81]
- * sudoers: Add comment for Default section so folks know where it
- should go.
+ * logging.c:
+ now logs "USER=%s"
+ [b733504c87fd]
-2001-12-17 18:56 millert
+ * parse.yacc:
+ runas_matches is now set to false if we get a negative match
+ [5495b150b300]
- * tgetpass.c: Use TCSETAF, not TCSETA to set terminal in termio
- case
+ * parse.lex:
+ make #uid work + some minor cleanup
+ [07851bbce03a]
-2001-12-17 18:35 millert
+ * sample.sudoers:
+ added support for NOPASSWD and "runas" from garp@opustel.com /
+ [7a9c67b51fa5]
- * sudoers.man.in, sudoers.cat: regen from sudoers.pod
+ * visudo.c:
+ added support for "runas" from garp@opustel.com replaced
+ SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
+ SUDOERS_MODE
+ [e714209b9885]
-2001-12-17 18:33 millert
+ * testsudoers.c:
+ added support for "runas" from garp@opustel.com
+ [b837f856da10]
- * sudoers.pod: o Typo, Runas_User_List should be Runas_List
- o a User_List can not contain a uid
- o mention that the Defaults section should come after Alias
- definitions but before the user specifications
+ * sudo.h:
+ added support for NO_PASSWD and runas from garp@opustel.com replaced
+ SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
+ fro SUDOERS_MODE
+ [cea6f26679b7]
-2001-12-15 11:51 millert
+ * sudo.c:
+ added support for NO_PASSWD and runas from garp@opustel.com replaced
+ SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
+ SUDOERS_MODE
+ [61b5434237c5]
- * sudoers.cat, sudoers.man.in: regen
+ * parse.yacc:
+ added support for NO_PASSWD and runas from garp@opustel.com
+ [72ebd3056f22]
-2001-12-15 11:51 millert
+ * parse.c, parse.lex:
+ added support for NO_PASSWD and runas from garp@opustel.com
+ [fef6dbdd114d]
- * sudoers.pod: Fix listpw and verifypw sections, they were not
- being formatted properly.
+ * logging.c:
+ added support for SUDOERS_WRONG_MODE and "runas"
+ [e794efc2b443]
-2001-12-15 11:39 millert
+ * configure.in:
+ added --with-CC only link with -lshadow on linux (with shadow pw) if
+ libc lacks getspnam()
+ [3ecf4ae21002]
- * sudoers.cat, sudoers.man.in: regen
+ * OPTIONS, options.h:
+ removed NO_PASSWD since it is not possible to do this in the sudoers
+ file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
+ SUDOERS_GID. Added SUDOERS_MODE.
+ [2eaa4891ef48]
-2001-12-15 11:38 millert
+ * Makefile.in:
+ now uses SUDOERS_UID and SUDOERS_GID
+ [8d615f0fdb2a]
- * sudoers.pod: fix typos
+1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-15 10:57 millert
+ * INSTALL:
+ added --with-CC
+ [a1b8286a81b8]
- * configure: regen
+1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-15 10:57 millert
+ * parse.lex:
+ added double quote support
+ [a5e4fc7e3a2b]
- * configure.in, config.h.in: use AC_SYS_POSIX_TERMIOS instead of
- rolling our own
+ * sudoers.pod:
+ documented double quoting
+ [c6ea47969a44]
-2001-12-15 10:33 millert
+1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * README: Reference sudo.ws not courtesan.com
+ * mkinstalldirs:
+ Initial revision
+ [dcb86d65ad8f]
-2001-12-15 10:29 millert
+ * check.c:
+ fixed some indentation
+ [4d1c5ab8072b]
- * PORTING: Add notes on shadow passwords
+ * Makefile.in:
+ fixed a typo
+ [0d27eebc7227]
-2001-12-15 00:48 millert
+ * Makefile.in:
+ added install-dirs .
+ [f499b99b8be7]
- * BUGS: In list mode (sudo -l), characters escaped with a backslash
- are shown verbatim with the backslash.
+1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-15 00:44 millert
+ * dce_pwent.c:
+ new version from "Jeff A. Earickson" <jaearick@colby.edu>
+ [422481be5fbd]
- * sudoers: Add simple examples from OpenBSD (Marc Espie)
+1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-15 00:40 millert
+ * configure.in:
+ $CSOPS -> $with_csops (whoops, missed one)
+ [b04c6948130e]
- * tgetpass.c: Catch SIGTTIN and SIGTTOU too and treat them like
- SIGTSTP.
+ * BUGS:
+ updated
+ [c4d5713e227d]
-2001-12-14 21:53 millert
+ * parse.lex:
+ FQHOST now has same constraints as non-FQHOST
+ [e1c3bf2381d1]
- * CHANGES: minor prettyification
+ * INSTALL:
+ added note about OS's w/ shadow passwords turned on by default
+ [166257f43be4]
-2001-12-14 21:43 millert
+1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: Updated change log
+ * configure.in:
+ fixed a typo
+ [e5c3e2e9a359]
-2001-12-14 21:27 millert
+ * configure.in:
+ added support for --without-THING sanitized shadow pw situtation by
+ adding support for
+ --without-C2
+ [65dc6bf64cce]
- * testsudoers.c: Fix CIDR handling here too.
+ * tgetpass.c:
+ fixed a typo wrt placement of an end paren
+ [a8780f818231]
-2001-12-14 21:21 millert
+ * check.c:
+ was closing an fd that may not have been opened
+ [760271c7bdc9]
- * auth/pam.c: Apparently a NULL response is OK
+1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-14 21:19 millert
+ * OPTIONS, options.h, sudo.c:
+ added NO_PASSWD
+ [28ff1dc93d7a]
- * TODO: Checkpoint for upcoming beta release
+1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-14 21:17 millert
+ * configure.in:
+ now always use shadow pw on some arches
+ [069161ccffda]
- * TROUBLESHOOTING: Many people believe that adding a runas spec
- should obviate the need for the -u flag. It does not.
+1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-14 21:11 millert
+ * configure.in:
+ added pyramid support
+ [a0eb57a3a531]
- * RUNSON: checkpoint update for upcoming 1.6.4 beta
+ * configure.in:
+ no longer check for C2 if alternate passwd method is used no longer
+ check for some libs twice
+ [2d0c3c902b40]
-2001-12-14 20:44 millert
+ * parse.yacc:
+ moved fqdn stuff into parse.lex (FQHOST)
+ [d9c9abd481d8]
- * config.h.in: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define
- HAVE_STRINGS_H even if HAVE_STRING_H is defined -- this is safe
- now
+ * parse.lex:
+ added FQHOST rules
+ [4a1695acff6d]
-2001-12-14 20:07 millert
+ * tgetpass.c:
+ now define TCSASOFT in necesary
+ [3fac2e21c9ab]
- * PORTING: Add signals section
+ * tgetpass.c:
+ now uses read/write instead of stdio string goop to avoid problems
+ with select(2)
+ [67fd174e518c]
-2001-12-14 20:00 millert
+ * OPTIONS, find_path.c, options.h:
+ -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
+ [d05ba5100d28]
- * configure: regen
+1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-14 20:00 millert
+ * INSTALL:
+ added note about no shadow auto-detect if using alternate auth
+ schemes
+ [b425592232a3]
- * configure.in: Fix check for sigaction_t
+ * configure.in:
+ don't check for C2 if AFS or DCE (unless they said --with-C2)
+ [61342962171a]
-2001-12-14 19:45 millert
+ * testsudoers.c:
+ now groks shost
+ [85dda17303f6]
- * sudo.c: XXX - should call find_path() as runas user, not root.
- Can't do that until the parser changes though.
+ * OPTIONS, find_path.c, options.h:
+ added NO_DOT_PATH
+ [c261ca1fb196]
-2001-12-14 19:38 millert
+1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: If find_path() fails as root, try again as the invoking
- user (useful for NFS). Idea from Chip Capelik.
+ * find_path.c:
+ checkdot now works correctly
+ [3bc4835bb3e9]
-2001-12-14 19:28 millert
+1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: Regenerate
- after pod file changes
+ * configure.in:
+ can't have DCE and C2 passwords both...
+ [fb9a8ab7ca66]
-2001-12-14 19:24 millert
+1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
- sudo.pod, sudoers.pod: Add new sudoers option "preserve_groups".
- Previously sudo would not call initgroups() if the target user
- was root. Now it always calls initgroups() unless the -P command
- line option or the "preserve_groups" sudoers option is set. Idea
- from TJ Saunders.
+ * parse.yacc, sudo.c, sudo.h, visudo.c:
+ now uses shost even if not FQDN
+ [87f7498b3a1f]
-2001-12-14 18:38 millert
+ * configure.in:
+ now looks for skey in /usr/lib and doesn't require libskey to be in
+ /usr/local/lib just because skey.h is (for my netbsd box :-)
+ [ceb1763e37d2]
- * compat.h, config.h.in: Use new HAVE_SIGACTION_T define
+ * aclocal.m4, config.h.in, pathnames.h.in:
+ _SUDO_PATH_ -> _CONFIG_PATH_
+ [84d97ad13d75]
-2001-12-14 18:33 millert
+ * aclocal.m4, sudo.pod:
+ /var/run/.odus -> /var/run/sudo
+ [922da220b8f5]
- * logging.c: Fix compilation on K&C
+ * pathnames.h.in:
+ now uses _SUDO_PATH_TIMEDIR
+ [5ecab0155fdf]
-2001-12-14 18:14 millert
+ * OPTIONS:
+ udpated FQDN
+ [361b6f7440c0]
- * configure: regen
+ * aclocal.m4, configure.in:
+ added SUDO_TIMEDIR
+ [368c95c8c950]
-2001-12-14 18:14 millert
+ * config.h.in:
+ added _SUDO_PATH_TIMEDIR
+ [3879864d808c]
- * configure.in: Add check for sigaction_t -- IRIX already defines
- this so don't redefine it.
+ * sudo.pod:
+ updated wrt /var/run/sudo
+ [9e14f2a429d3]
-2001-12-14 17:15 millert
+ * sudo.c, sudo.h:
+ added support for shost if FQDN
+ [51a3f51a09a1]
- * snprintf.c: fix typo
+ * parse.yacc, visudo.c:
+ now uses shost if FQDN
+ [d19da2e92b42]
-2001-12-14 17:12 millert
+ * check.c:
+ Now use skeylookup() instead off skeychallenge()
+ [4c7438bb2ae0]
- * interfaces.c: need stdlib.h here too
+1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-14 15:31 millert
+ * logging.c:
+ mail_argv should not contain ALERTMAIL as it includes "-t"
+ [67ffaaa8f843]
- * configure: regen
+1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-14 15:31 millert
+ * INSTALL, Makefile.in, README, configure.in, version.h:
+ ++version
+ [e08fd4a809fc]
- * configure.in: Remove redundant checks for string.h, strings.h and
- unistd.h
+ * compat.h:
+ added more _PASSWD_LEN stuff -- now uses PASS_MAX too
+ [2f20c3153689]
-2001-12-14 15:29 millert
+ * tgetpass.c:
+ now includes limits.h moved _PASSWD_LEN -> compat.h
+ [b1ca3cafdacc]
- * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
- visudo.man.in: Regen from pod files
+1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-14 15:03 millert
+ * INSTALL, README:
+ ++version
+ [3eacf32803f5]
- * BUGS: Update for 1.6.4
+ * Makefile.in:
+ ++versoin
+ [3b91c317630a]
-2001-12-14 14:59 millert
+ * Makefile.in:
+ fixed a typo
+ [3661ac4a7803]
- * configure, lex.yy.c: regen
+ * configure.in:
+ ++version
+ [60e842973745]
-2001-12-14 14:56 millert
+1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * strerror.c: Return EINVAL if errnum > sys_nerr
+ * RUNSON:
+ updated
+ [def2c3c24195]
-2001-12-14 14:54 millert
+ * CHANGES:
+ done for 1.4.1 (I hope)
+ [2ab543769a40]
- * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
- config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
- sudo.pod, auth/sudo_auth.h: o Update copyright year
+ * sudoers.pod:
+ added info on wildcards
+ [ce3bd41bc063]
-2001-12-14 14:54 millert
+ * sample.sudoers:
+ added wildcard example
+ [762feb0577bd]
- * configure.in: o Don't define STDC_HEADERS unconditionally for
- IRIX o Update copyright year
+ * Makefile.in:
+ now uses *.pod to build *.man and *.cat & *.html
+ [3ec14962028b]
-2001-12-14 14:53 millert
+ * configure.in:
+ addedSUDO_PROG_BSHELL !ll
+ [3c80b320bf16]
- * README: update version
+ * visudo.pod:
+ fixed up some formatting
+ [12166c434526]
-2001-12-14 14:52 millert
+ * sudoers.pod:
+ redid section describing sample sudoers stuff
+ [b8065cceec71]
- * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
- fnmatch.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
- logging.c, lsearch.c, parse.c, parse.lex, parse.yacc,
- set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c,
- utime.c, visudo.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
- auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
- auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/sia.c, auth/sudo_auth.c: o Reorder some headers and use
- STDC_HEADERS define properly o Update copyright year
+ * sudo.pod:
+ fixed some formatting
+ [aa9a681add0f]
-2001-12-14 01:53 millert
+ * getspwuid.c:
+ now treats "" as bourne shell
+ [30194a72ad56]
- * configure: regen
+ * Makefile.in:
+ TESTOBJS nwo includes wildmat.o
+ [86cc6500f84d]
-2001-12-14 01:53 millert
+ * testsudoers.c:
+ now works with NewArg[cv]
+ [2f72674ce942]
- * tgetpass.c: flags set in signal handlers should be volatile
- sig_atomic_t
+ * sudo.c:
+ removed an XXX (fixed it in getspwuid.c)
+ [e791ee0d1a68]
-2001-12-14 01:52 millert
+ * aclocal.m4:
+ added check for bourne shell
+ [a2fd51676b8a]
- * config.h.in, configure.in: Add checks for volatile and
- sig_atomic_t
+ * pathnames.h.in:
+ added _PATH_BSHELL
+ [e7c10011d47b]
-2001-12-14 01:42 millert
+ * config.h.in:
+ added _SUDO_PATH_BSHELL
+ [6a1182898de9]
- * lex.yy.c, configure: regen
+1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-14 01:40 millert
+ * visudo.c:
+ unixware vi returns 256 instead of 0
+ [234ffc7c6786]
- * def_data.c, def_data.h, def_data.in, defaults.c, env.c,
- find_path.c, sudo.c, sudoers.pod: Remove "secure_path" Defaults
- option since it cannot work with the existing parser.
+ * INSTALL:
+ added Linux note
+ [5f85efcd2b58]
-2001-12-14 01:26 millert
+ * logging.c:
+ fixed up some XXX's. file log format now looks a little more like
+ real syslog(3) format.
+ [6df55707bfc3]
- * find_path.c, sudo.c: Unset "secure_path" if user_is_exempt()
+ * README, TROUBLESHOOTING:
+ updated wrt lex/flex
+ [eb787d69156b]
-2001-12-14 01:24 millert
+ * Makefile.in:
+ commented out rule to build lex.yy.c from parse.lex since we ship
+ with a pre-flex'd parser
+ [7507e2ce4a95]
- * env.c, pathnames.h.in: o Remove assumption that PATH and TERM are
- not listed in env_keep o If no PATH is in the environment use a
- default value o If TERM is not set in the non-reset case also
- give it a default value.
+ * parse.c, parse.yacc, visudo.c:
+ path_matches -> command_matches
+ [0bd469424f86]
-2001-12-14 01:17 millert
+ * logging.c:
+ eliminated some strcat()'s
+ [9878a79bc374]
- * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
- _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works
- on systems that define in paths.h
+ * configure.in:
+ no longer checks for lex/flex (now assumes flex)
+ [a086ccc73798]
-2001-12-14 01:15 millert
+ * configure.in:
+ now checks for $kerb_dir_candidate/krb.h instead of just
+ kerb_dir_candidate
+ [9133bc3c5208]
- * auth/: passwd.c, sudo_auth.c, sudo_auth.h: Add support for
- skeyaccess(3) if it is present in libskey.
+1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-12 21:42 millert
+ * parse.yacc:
+ now use a 'hook' expression instead of an iffy one :-)
+ [9560df01b8c0]
- * sudo.c: Only need to do 'lc = login_getclass(NULL)' if lc == NULL
+1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-12 21:24 millert
+ * visudo.c:
+ now works with new sudo arg stuff
+ [310a0d43ddad]
- * parse.lex: '\\' is a perfectly legal character to have in a
- command line argument.
+ * parse.yacc:
+ fixed dereferencing deadbeef
+ [474ef8a8006b]
-2001-12-12 20:24 millert
+ * sudo.c:
+ changed an occurrence of Argv to NewArgv
+ [205b012b7691]
- * sudo.c: o Defer call to set_fqdn() until it is safe to use
- log_error() o Don't print errno string value if gethostbyname
- fails, it is not relevant
+ * parse.lex:
+ took out support for quoted commands since there is no need...
+ [5c5036d353b1]
-2001-12-12 20:07 millert
+ * parse.c:
+ fixed a typo in a for() loop
+ [7e8d5283c43b]
- * parse.c: Fix CIDR -> in_addr_t conversion.
+ * logging.c:
+ protected against dereferencing rogue pointers
+ [56debd517717]
-2001-12-12 16:21 millert
+ * sudo.c:
+ now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
+ also allows us to eliminate some kludges in parse_args() and
+ eliminate superfluous code.
+ [5122f66ad150]
- * sudoers.pod: Remove an extra "User_List" in the User_Spec
- definition From ybertrand AT snoopymail.com
+ * logging.c:
+ no longer uses cmnd_args, now uses NewArgv instead.
+ [abddd23cf068]
-2001-12-12 16:00 millert
+ * sudo.h:
+ added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
+ (no longer used)
+ [78410984fb05]
- * parse.c: Make 'listpw=never' work for users who are not
- explicitly mentioned in sudoers.
+ * Makefile.in:
+ added wildmat.c to SRCS & SUDOBJS
+ [3800efb41794]
-2001-12-12 15:40 millert
+ * parse.yacc:
+ COMMAND is now a struct containing the path and args
+ [5c32822c5b94]
- * sudoers.pod: Remove gratuitous '=' in EBNF grammar; era AT iki.fi
+ * parse.lex:
+ replaced append() with fill_cmnd() and fill_args. command args from
+ a sudoers entry are now stored in an arrary for easy matching.
+ [a981d7f4eb0d]
-2001-12-12 15:34 millert
+ * parse.c:
+ command line args from sudoers file are now in an array like ones
+ passed in from the command line
+ [1d9e37e84519]
- * sudoers.pod: Document new list Defaults type and convert env_keep
- and env_delete to lists. Document new env_check option.
+1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-12 15:11 millert
+ * parse.c:
+ wildwat stuff now works
+ [49d16488531f]
- * lex.yy.c, sudo.tab.h: regen parser
+1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-12 14:56 millert
+ * version.h:
+ ++version
+ [53e55463ef89]
- * parse.lex: Don't let '#' appear in a {WORD} and restrict #foo in
- a Runas spec to #[0-9-]+.
+ * Makefile.in:
+ ++version added wildmat.*
+ [0508297a4711]
-2001-12-12 14:55 millert
+1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * parse.lex:
+ added support for quoted commands (w/ or w/o args)
+ [b9a637155673]
-2001-12-12 14:55 millert
+1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
+ * sudo.pod, visudo.pod:
+ cleaned up formatting
+ [4591d4195437]
-2001-12-12 14:43 millert
+ * sudo.pod, visudo.pod:
+ Initial revision
+ [7564a8242750]
- * config.h.in, configure.in: Add check for skeyaccess(3)
+1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-11 19:47 millert
+ * sudoers.pod:
+ looks reasonable, could be mroe readable
+ [a5be2d19d9e0]
- * visudo.pod: Document new -c, -f, and -q options
+ * sudoers.pod:
+ Initial revision
+ [957888be31a6]
-2001-12-11 19:41 millert
+1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: o Add -f option (alternate sudoers file) o Convert to
- use getopt(3)
+ * RUNSON:
+ updated
+ [633743aa924b]
-2001-12-11 19:31 millert
+ * OPTIONS:
+ updated NO_ROOT_SUDO entry
+ [f1c15b1dec9e]
- * configure: regen
+1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-11 19:31 millert
+ * RUNSON:
+ *** empty log message ***
+ [5b63de579ff7] [SUDO_1_4_0]
- * aclocal.m4, config.h.in, configure.in: Add check for isblank and
- a replacement macro if it doesn't exist.
+ * sudo.c:
+ fixed SECURE_PATH
+ [6002889f606d]
-2001-12-11 18:22 millert
+ * RUNSON:
+ udpa`ted for 1.4
+ [6014a8592815]
- * visudo.c: In check-only mode, don't create sudoers if it does not
- already exist.
+ * configure.in:
+ AIX aixcrypt.exp now uses $(srcdir)
+ [b0d57674fef4]
-2001-12-11 18:06 millert
+ * TROUBLESHOOTING:
+ added entry for anal ansi compilers
+ [4193cec1c6b1]
- * parse.yacc: o Add a new token, DEFVAR, to indicate a Defaults
- variable name
- o Add support for "+=" and "-=" list operators
- o replace some 1 and 0 with TRUE and FALSE for greater
- legibility.
+1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-11 18:05 millert
+ * INSTALL:
+ added info on libcrypt_i for SCO
+ [575497d56698]
- * parse.lex: o Use exclusive start conditions to remove some
- ambiguity in the
- lexer. Also reorder some things for clarity.
- o Add support for "+=" and "-=" list operators.
- o Use the new DEFVAR token to denote a Defaults variable name.
+ * TODO:
+ *** empty log message ***
+ [d0aaf67b9913]
-2001-12-11 18:03 millert
+ * sample.sudoers:
+ added comments
+ [a7773f7eda8d]
- * sudo.h: Prototype init_envtables()
+ * TODO:
+ 1.4 release
+ [1dade29e9fd9]
-2001-12-11 18:02 millert
+ * CHANGES:
+ ++version
+ [67241be40780]
- * env.c: o Convert environment handling to use lists instead of
- strings.
- This greatly simplifies routines that need to do "foreach"
- type
- operations.
- o Add new init_envtables() function to set env_check and
- env_delete
- defaults based on initial_badenv_table and
- initial_checkenv_table
- (formerly sudo_badenv_table).
+ * INSTALL, OPTIONS, README, config.h.in, configure.in:
+ ++version
+ [2e0a37897f68]
-2001-12-11 18:00 millert
+ * BUGS:
+ ++version and fixed ISC
+ [78963f01a0e3]
- * defaults.c, defaults.h: o Add a new LIST type and functions to
- manipulate it.
- o This is for use with environment handling variables.
- o Call new init_envtables() routine inside init_defaults() to
- initialize the environment lists.
+ * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
+ goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
+ sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ visudo.c:
+ ++version
+ [b6227f29b3d9]
-2001-12-11 17:57 millert
+ * interfaces.c:
+ added STUB_LOAD_INTERFACES ++version
+ [d8150a3fd577]
- * def_data.c, def_data.h, def_data.in: Convert environment options
- to use the new LIST type and add a new one, env_check that only
- deletes if the sanity check fails.
+ * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
+ version.h:
+ ++version
+ [da9e90e69bdc]
-2001-12-11 17:55 millert
+ * PORTING:
+ added info about fd_set in tgetpass added info on interfaces.c
+ [a39902febd17]
- * testsudoers.c: Add dummy version of init_envtables()
+1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-11 17:53 millert
+ * dce_pwent.c:
+ added sudo header
+ [fc0f2c48682e]
- * parse.yacc: honor quiet mode
+ * tgetpass.c:
+ fixed a typo
+ [43d40b72ee8f]
-2001-12-11 17:51 millert
+ * Makefile.in:
+ tgetpass.o is now only linked in with sudo (not visudo)
+ [7407c5ff11f8]
- * visudo.c: Add check-only mode
+1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-10 20:27 millert
+ * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
+ configure.in:
+ ++version
+ [9b82ad805d6b]
- * mkdefaults: Fix generation of entries with NULL descriptions.
+ * emul/utime.h:
+ added copyright notice
+ [4380f16cd075]
-2001-12-09 00:27 millert
+ * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+ ++version
+ [32717fdb5d05]
- * tgetpass.c: Use sigaction_t and quiet a gcc warning.
+ * tgetpass.c:
+ minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
+ [326864428da2]
-2001-12-09 00:20 millert
+ * configure.in:
+ ISC now gets -lcrypt now check for sys/bsdtypes.h
+ [e064799c054b]
- * sudo.c: Must reset signal handlers before we exec
+ * config.h.in:
+ added check for sys/bsdtypes.h
+ [9adb9533c363]
-2001-12-09 00:16 millert
+1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sudo_auth.c: Be
- carefule now that tgetpass() can return NULL (user hit ^C). PAM
- version needs testing. Set SIGTSTP to SIG_DFL during password
- entry so user can suspend us.
+ * parse.yacc:
+ removed debugging stuff (setting freed ptr to NULL)
+ [02fe8eec63a0]
-2001-12-09 00:14 millert
+ * TROUBLESHOOTING:
+ added 2 entries
+ [02884e2733e2]
- * tgetpass.c: Add support for interrupting/suspending tgetpass via
- keyboard input. If you suspend sudo from the password prompt and
- resume it will re-prompt you.
+ * Makefile.in:
+ added FAQ
+ [074d8dfcf28d]
-2001-12-09 00:09 millert
+ * TROUBLESHOOTING:
+ added section on syslog
+ [e6bc02a22b86]
- * sudo.c: Don't block keyboard interrupt signals, just set them to
- SIG_IGN.
+ * configure.in:
+ added AC_ISC_POSIX for better ISC support
+ [8436b3e12af2]
-2001-12-08 14:48 millert
+ * config.h.in:
+ fixed typo
+ [f1b3922babf4]
- * config.h.in: add back HAVE_SIGACTION
+ * config.h.in:
+ added define for _POSIX_SOURCE
+ [ded6d92b34f9]
-2001-12-08 14:44 millert
+1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regen
+ * configure.in:
+ fixed check for lsearch()
+ [75baa5bc28a3]
-2001-12-08 14:44 millert
+1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure.in, logging.c, sudo.c, visudo.c: Kill
- POSIX_SIGNALS define and old signal support now that we emulate
- POSIX ones Also be sure to correctly initialize struct sigaction.
+ * interfaces.c:
+ fixed for AIX now deal if num_interfaces == 0 (should not happen)
+ [ae450e859227]
-2001-12-08 14:42 millert
+1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * strerror.c: Don't need config.h or "#ifndef HAVE_STRERROR"
- wrapper.
+ * configure.in:
+ now only define HAVE_LSEARCH if there is a corresponding search.h
+ [8ce645c5d17f]
-2001-12-08 14:39 millert
+ * interfaces.c:
+ works on ISC again
+ [ccac920d424c]
- * compat.h: Add scaffolding for POSIX signal emulation
+1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-12-08 14:36 millert
+ * configure.in:
+ now define HAVE_LSEARCH if we find lsearch() in libcompat
+ [7343e4313a87]
- * sigaction.c: o Add missing ';' so this compiles o Can't use NULL
- since we don't include stdio.h
+ * lsearch.c:
+ char * -> const char *
+ [1c0b11c2300a]
-2001-12-08 14:23 millert
+ * configure.in:
+ now looks in -lcompat for lsearch()
+ [a1cc1d6fcd09]
- * sigaction.c: Emulate sigaction() using sigvec()
+ * Makefile.in:
+ remove sudo.core visudo.core for clan target
+ [b523456a85df]
-2001-11-12 19:32 millert
+ * aclocal.m4:
+ added UID_MAX support in check for MAX_UID_T_LEN
+ [7ab262b1173f]
- * sudoers.pod: Document new behavior of negative values of
- timestamp_timeout Fix a typo
+ * Makefile.in:
+ fixed another occurence of sudo_getpwuid.*
+ [fb5809c07da2]
-2001-11-12 19:31 millert
+ * Makefile.in, getspwuid.c:
+ sudo_getpwuid.c -> getspwuid.c
+ [875f2ef808b4]
- * sudo.pod: Add security note about command not being logged after
- 'sudo su' and friends.
+ * configure.in:
+ moved the "echo"
+ [ad7b8f966076]
-2001-11-12 19:19 millert
+ * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
+ compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
+ getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
+ parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
+ sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ version.h, visudo.c:
+ ++version
+ [ee57c6410ffa]
- * sudo.pod: Mention that -V prints default values when run as root,
- including the list of environment variables to clear.
+ * testsudoers.c:
+ added group support
+ [54d8097df8bd]
-2001-11-12 19:14 millert
+ * sample.sudoers:
+ added group entry
+ [50994d31fd49]
- * Makefile.in: Run pod2man with --quotes=none to avoid stupid
- quoting of C<> entries.
+ * sudoers.man:
+ documented group support
+ [0a16707f8fed]
-2001-11-12 13:12 millert
+ * parse.c, parse.lex, parse.yacc, visudo.c:
+ added group support
+ [427218c879c8]
- * def_data.c, def_data.h, def_data.in, sudoers.pod,
- auth/sudo_auth.c: Add mail_badpass option Also modify mail_always
- behavior to also send mail when the password is wrong
+1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-11-12 13:08 millert
+ * check.c:
+ tkfile was too short and overflowed the kerberos realm
+ [53823a1ff5af]
- * env.c, sudo.c, sudo.h: Dump default bad env table when 'sudo -V'
- is run by root.
+1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-11-11 23:52 millert
+ * sudo.c:
+ now copy command args directly from Argv
+ [77408278b6fd]
- * sudoers.pod: document env_delete
+ * sudo.c:
+ replaced code to copy cmnd_args so that is does not use realloc
+ since most realloc()'s really stink
+ [b29a0ff73fb6]
-2001-11-11 23:51 millert
+1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Add support for '*' in env_keep when not resetting the
- environment (ie: the normal case).
+ * configure.in:
+ syslog() fixed in hpux 10.01
+ [2648e6f0cdb0]
-2001-11-11 23:47 millert
+1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * env.c: Add env_delete variable that lets the user replace/add to
- the bad_env_table. Allow '*' wildcard in env_keep entries.
+ * configure.in:
+ AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
+ [8f108b8d8711]
-2001-11-06 13:59 millert
+ * configure.in:
+ better error if cannot find skey incs or libs
+ [5887662ee9d3]
- * mkinstalldirs: Force umask to 022 to guarantee sane directory
- permissions.
+ * aclocal.m4:
+ now use a temp file for determining max len of uid_t in string form.
+ the old hacky way broke on netbsd
+ [b68f470fa9f8]
-2001-11-02 18:09 millert
+ * sudo.c:
+ added set of parens and a space
+ [8a3d4826d022]
- * Makefile.in: add sudo.tab.h and sudo.tab.c to sudo.tab.o
- dependency
+1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-11-02 17:25 millert
+ * dce_pwent.c:
+ fixes from Jeff Earickson <jaearick@colby.edu> ,
+ [bde0f0b756ec]
- * mkdefaults: fix breakage in last commit
+ * check.c:
+ modified a comment
+ [e2a97f1afbbe]
-2001-11-02 17:18 millert
+ * Makefile.in:
+ fixed up testsudoers target
+ [d39c4e7bb609]
- * Makefile.in: acsite.m4 -> aclocal.m4
+ * configure.in:
+ DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
+ SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
+ [da7a1c433828]
-2001-11-02 15:59 millert
+ * Makefile.in:
+ LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
+ VISUDO_LDFLAGS
+ [4b69503e8487]
- * check.c: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in
- previous commit
+1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-11-02 15:57 millert
+ * configure.in:
+ fix for C2 on hpux 10 now uses -linet if it exists
+ [8d300112263d]
- * def_data.c: regenerated from def_data.in
+ * check.c:
+ LONG_SKEY_PROMPT is less of a klusge /
+ [dcc144abaac3]
-2001-11-02 15:56 millert
+ * configure.in:
+ fixed typos w/ dce stuff
+ [f7dfd6d4e149]
- * check.c, defaults.c, defaults.h: Add new T_UINT type that most
- things use instead of T_INT If timestamp_timeout is < 0 then
- treat the ticket as never expiring (to be expired manually by the
- user).
+ * Makefile.in:
+ added dce_pwent.c
+ [79047acdc516]
-2001-11-02 15:51 millert
+1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * def_data.in: change most T_INT -> T_UINT
+ * INSTALL:
+ amended section on combining authentication mechanisms
+ [dc5138c7c716]
-2001-11-02 15:51 millert
+ * PORTING:
+ minor updates for 1.3.6
+ [fe80c13bd994]
- * mkdefaults: fix warning when no args
+ * TROUBLESHOOTING:
+ added 2 more entries
+ [c7201439a0f5]
-2001-11-02 12:52 millert
+ * BUGS:
+ updated for 1.3.6
+ [979b414d2a2d]
- * visudo.c: Change 2 Exit() -> exit() Avoid stdio in Exit() and
- call _exit() if we are a signal handler. We no longer print the
- signal number but the user can just check the exit value for
- that.
+ * README:
+ overhauled
+ [3af8b60eb594]
-2001-10-16 01:35 millert
+ * INSTALL:
+ rewrote for sudo 1.3.6
+ [b16027b9c726]
- * logging.c: when setting up pipes in child process check for case
- where stdin == pipe fd 0
+ * TROUBLESHOOTING:
+ added 3 entries
+ [934c9ee3f153]
-2001-10-11 13:20 millert
+1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: Ignore editor exit value since XPG4 says vi's exit
- value is the count of editing errors made (failed searches, etc).
+ * find_path.c, getspwuid.c, sudo.c:
+ added explict casts for strdup since many includes don't prototype
+ it. gag me.
+ [3e19a11f2fcc]
-2001-10-05 16:39 millert
+ * sudo.h:
+ removed prototype for sudo_getpwuid() since convex C compiler choked
+ on it.
+ [c3ea74ca67b0]
- * configure: regen
+ * sudo.c:
+ added prototype for sudo_getpwuid()
+ [4a8e3cdc2b98]
-2001-10-05 16:39 millert
+ * lsearch.c:
+ now compiles on strict ANSI compilers
+ [3ce5d72d0b08]
- * configure.in: sco now is identified by config.guess as *-sco-*
+ * check.c:
+ added LONG_SKEY_PROMPT support
+ [48a18b8a2332]
-2001-10-05 16:24 millert
+ * Makefile.in:
+ added extra $'s for make to eat up, yum.
+ [2995b214e12b]
- * configure.in: Check for getspnam() in -lgen if not in -lc for
- UnixWare.
+ * OPTIONS, options.h:
+ added LONG_SKEY_PROMPT
+ [f23ae799b5a4]
-2001-09-17 21:48 millert
+1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod, visudo.pod: "upper case" -> "uppercase"
+ * check.c:
+ s/key support now works with normal s/key as well as logdaemon
+ [d67573f523bf]
-2001-09-17 21:32 millert
+ * OPTIONS, options.h:
+ added SKEY_ONLY
+ [bbf07654e0de]
- * sudoers.pod: fix typos and grammar; pjanzen@foatdi.harvard.edu
+ * compat.h:
+ set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
+ [205895b96a36]
-2001-08-28 10:26 millert
+ * INSTALL:
+ added DCE note added more AIX notes
+ [6345403b3522]
- * sudoers.pod: Missing word (specify); krapht@secureops.com
+ * sudo.c:
+ now include pthread.h for DCE support
+ [6fe02865f679]
-2001-08-23 17:43 millert
+ * check.c:
+ dce_pwent() is ok after all .,
+ [d26a8746a55d]
- * sudo.c: If we fail to lookup a login class, apply the default
- one.
+ * logging.c:
+ now uses SYSLOG() macro that equates to either syslog() or
+ syslog_wrapper
+ [42ac4cff8045]
-2001-08-23 17:42 millert
+ * dce_pwent.c:
+ minor formatting changes. renamed check() to somthing less generic
+ [71859f217be1]
- * logging.c: In log_error() free message, not logline
- unconditionally, then free logline if it is not the same as
- message. No function change but this mirrors how they are
- allocated.
+ * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
+ visudo.c:
+ now uses user_pw_ent and simple macros to get at the contents
+ [f4cbf3e7145a]
-2001-07-16 23:33 millert
+1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure: regenerate
+ * check.c:
+ simpler dec unix C2 support
+ [86bc8f75250e]
-2001-07-16 23:33 millert
+ * getspwuid.c:
+ now sets crypt_type for DEC unix C2
+ [99aeadd18266]
- * configure.in: remove some backslash quotes that are unneeded
+1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-07-16 23:30 millert
+ * configure.in:
+ added csops paths for skey
+ [b8ca672e2117]
- * configure.in: o Tweaks to make this work with autoconf-2.50 o Use
- AC_LIBOBJ instead of changing LIBOBJS directly o Use
- AC_REPLACE_FUNCS where we can o Use AC_CHECK_FUNCS instead of
- AC_CHECK_FUNC so we don't have to AC_DEFINE things manually.
+ * getspwuid.c:
+ now includes string.h for strdup() prototype
+ [3605259c3620]
-2001-07-16 23:28 millert
+ * getspwuid.c:
+ fixed a few typos
+ [46c97e4ea417]
- * config.guess, config.sub: Updated from autoconf-2.50
+ * check.c:
+ now includes skey.h
+ [11e611ce1b61]
-2001-05-22 19:11 millert
+ * getspwuid.c:
+ fixed up comments
+ [223dac56f0c8]
- * README: Update mailing list section. We use mailman now, not
- majordomo.
+ * check.c:
+ moved a lot of the shadow passwd crap to sudo_getpwuid()
+ [97d8887fb7d3]
-2001-05-10 14:55 millert
+ * sudo.c:
+ now uses sudo_pw_ent
+ [d014dadbef48]
- * getspwuid.c, logging.c, sudo.c: Use setpwent()/endpwent() + all
- the shadow variants to make sure we don't inadvertantly leak an
- fd to the child. Apparently Linux's shadow routines leave the fd
- open even if you don't call setspent(). Reported by
- mike@gistnet.com; different patch used.
+ * testsudoers.c:
+ now uses sudo_pw_ent
+ [d92936ed7e34]
-2001-04-12 21:43 millert
+ * visudo.c:
+ now sets sudo_pw_ent
+ [ff75cdfcf8b3]
- * sudoers.pod: s/eg./e.g./
+ * getspwuid.c:
+ Initial revision
+ [6deb6df9d7bc]
-2001-04-12 21:42 millert
+ * tgetpass.c:
+ moved dce stuff into compat.h
+ [1124284396e7]
- * tgetpass.c: select() may return EAGAIN. If so, continue like we
- do for EINTR.
+ * logging.c, sudo.h:
+ now uses sudo_pw_ent
+ [404ff20a5067]
-2001-04-12 21:41 millert
+ * Makefile.in:
+ added sudo_getpwuid.c
+ [6666d0644512]
- * logging.c: Fix a non-exploitable buffer overflow in the word
- splitting code. This should really be rewritten.
+ * compat.h:
+ added dce support
+ [3c3b36a7ce0e]
-2001-04-12 21:41 millert
+ * parse.yacc:
+ now uses sudo_pw_ent
+ [9f5e8d11bd68]
- * Makefile.in: FAQ link goes away
+1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-04-12 21:40 millert
+ * check.c:
+ fixed exempt_group stuff for OS's that don't put base gid in group
+ vector
+ [003f153bd396]
- * INSTALL: Tell people to look in sample.syslog.conf for examples,
- not FAQ
+ * check.c:
+ S/Key support now works with sunos4 shadow passwords
+ [1eb64a5efff1]
-2001-04-12 21:40 millert
+ * Makefile.in:
+ fixed clean rule
+ [5695a2c62816]
- * TROUBLESHOOTING: Update list of env vars that are cleared
+ * config.h.in, configure.in:
+ added DCE support
+ [f53c766c1947]
-2001-04-12 21:36 millert
+ * tgetpass.c:
+ DCE & KERB support
+ [904cf436506a]
- * sudo.c: remove struct env_table decl since that stuff has all
- moved to env.c
+ * check.c:
+ first stab at dce support
+ [aea5ca07b1e3]
-2001-04-04 13:17 millert
+ * dce_pwent.c:
+ now smells like sudo
+ [8b3d609b49cd]
- * fileops.c: Fix a pasto in flock-style unlocking and include
- <sys/file.h> for flock on older systems; twetzel@gwdg.de
+ * dce_pwent.c:
+ Initial revision
+ [b573555f2399]
-2001-04-04 13:14 millert
+ * check.c:
+ skey'd sudo now works w/ normal password as well
+ [8d038f9f6e94]
- * configure: regen to get NeXT lockf/flock fix
+1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
-2001-04-04 13:14 millert
+ * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
+ getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
+ parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
+ sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ version.h, visudo.c:
+ updated version number
+ [ba7e346d7904]
- * configure.in: force NeXT to use flock since lockf is broken
+ * README:
+ updated to reflect version change
+ [1d15cf1d8cc8]
-2001-03-30 08:54 millert
+ * configure.in:
+ --with options now line up ++version
+ [08ebf625fbca]
- * check.c: Use stashed user_gid when checking against exempt gid
- since sudo sets its gid to a a value that makes sudoers readable.
- Previously if you used gid 0 as the exempt group everyone would
- be exempt. From Paul Kranenburg <pk@cs.few.eur.nl>
+ * sudo.h:
+ removed unecesary S/Key stuff
+ [68188cba90af]
-2001-03-29 13:14 millert
+ * configure.in:
+ fixed S/Key support
+ [f6d9cbc36618]
- * configure: regen
+ * Makefile.in:
+ -I stuff now goes in CPPFLAGS
+ [7b8e53c5b046]
-2001-03-29 13:08 millert
+ * check.c:
+ fixed SKey support
+ [52c1a5cf4435]
- * aclocal.m4: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6
- aparently defines some types (such as ssize_t) therein.
+ * README:
+ updated version
+ [bed6498a10bb]
-2001-03-02 09:09 millert
+ * OPTIONS:
+ fixed description of EXEMPTGROUP
+ [cfeead55edc2]
- * defaults.c: Fix negation of paths in a boolean context. Problem
- found by apt@UH.EDU
+ * sudo.c:
+ more people use _RLD_ than just alphas...
+ [6a3c7090a6f6]
-2001-02-23 13:03 millert
+ * Makefile.in:
+ replaced $man_prefix with $mandir
+ [dc4b36a550e2]
- * visudo.c: pasto
+ * configure.in:
+ fixed a typo
+ [a38a4acddcaf]
-2001-02-17 16:11 millert
+ * Makefile.in:
+ now use more GNU'ish dir names
+ [c5498391a520]
- * visudo.c: SA_RESETHAND means the opposite of what I was
- thinking--oops To block all signals in old-style signals use ~0,
- not 0xffffffff
+ * configure.in:
+ now set *dir correctly (can override from command line)
+ [523ff98fd438]
-2001-02-04 11:16 millert
+ * sudo.c:
+ now deal with situations where we getwd() fails
+ [88a9e61dccbb]
- * defaults.c: coerce difference of pointers to int when used in a
- string length printf format; deraadt@openbsd.org
+1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ added etc_dir, bin_dir, sbin_dir
+ [75fd08d92842]
-2001-01-17 11:34 millert
+ * configure.in:
+ added sbin_dir
+ [3cb318c0d8d1]
- * visudo.c: Block all signals in Exit() to avoid a signal race.
- There is still a tiny window but I'm not going to worry about it.
+ * Makefile.in:
+ now ship a flex-generated lex.yy.c
+ [4d083ed70dce]
-2001-01-07 13:57 millert
+ * Makefile.in:
+ now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
+ [4d51dc9c3780]
- * env.c: glibc uses the LANGUAGE env var so clear that too; Solar
- Designer
+ * pathnames.h.in:
+ _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
+ [773fd163d52f]
-2001-01-07 13:55 millert
+ * options.h:
+ no more error for redefining SUDOERS_OWNER
+ [4ba336644c6a]
- * lex.yy.c: Regenerate with a fix to flex.skl that preserves errno
- from clobbering by isatty().
+ * OPTIONS:
+ expanded SUDOERS_OWNER section
+ [12fae405759e]
-2000-12-30 20:39 millert
+1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sia.c, sudo_auth.c:
- Some defaults I_ defines got renamed.
+ * visudo.c:
+ now warn if chown(2) failed
+ [d0d1db6e3a1f]
-2000-12-30 20:38 millert
+ * logging.c:
+ better default warning for NO_SUDOERS_FILE
+ [5260b458ac64]
- * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
- defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
- set_perms.c, sudo.c: Move defaults info into its own files from
- which we generate .h and .c files. This makes adding or
- rearranging variables much simpler.
+ * sudo.c:
+ added missing set_perms() no more cryptic message if the sudoers
+ file is zero length, now just give a parse error
+ [b81ea724838a]
-2000-12-30 16:58 millert
+ * logging.c:
+ better diagnostics if NO_SUDOERS_FILE
+ [877e878663c5]
- * configure, configure.in: fix typo in last commit
+ * sudo.c:
+ check_sudoers() now catches sudoers files that are not readable (but
+ are stat'able).
+ [fea05663b3de]
-2000-12-30 16:55 millert
+1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * compat.h, config.h.in, configure, configure.in: Add check +
- emulation for setegid (like seteuid).
+ * configure.in:
+ now add -D__STDC__ for convex cc (not gcc)
+ [c80fc53ff51b]
-2000-12-30 16:22 millert
+ * configure.in:
+ MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
+ [fe238226a057]
- * env.c: Make env_keep override badenv_table as documented Fix
- traversal of badenv_table (broken in last commit)
+ * Makefile.in:
+ now uses exec_prefix & prefix from configure
+ [f62fca5f56bd]
-2000-12-29 22:59 millert
+ * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
+ parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
+ utime.c, visudo.c:
+ options.h is now <> instead of "" so shadow build trees can have a
+ custom copy of options.h
+ [e6782676099c]
- * set_perms.c, sudo.c, sudo.h: Don't try and build saved uid
- version of set_perms on systems w/o them. Rename
- set_perms_saved_uid() -> set_perms_posix() Make
- set_perms_setreuid simply be set_perms_fallback() and simply
- include the appropriate function at compile time (setreuid()
- vs. setuid()).
+ * check.c:
+ user_is_exempt() is no longer a hack, it now uses getgrnam()
+ [287f8d5356f7]
-2000-12-29 22:45 millert
+ * options.h:
+ EXEMPTGROUP is now "sudo"
+ [61487304dbe1]
- * sudoers.pod, sudoers.cat, sudoers.man.in: PATH is also preserved
- when env_reset is in effect
+ * configure.in:
+ MAN_POSTINSTALL now contains a leading space
+ [eaad4ac34012]
-2000-12-29 22:29 millert
+ * Makefile.in:
+ removed leading tab if @MAN_POSTINSTALL@ not defined now removes
+ testsudoers in clean:
+ [e01711baceb8]
- * CHANGES, env.c, Makefile.in, check.c, compat.h, config.h.in,
- configure, configure.in, defaults.c, defaults.h, find_path.c,
- getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
- sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
- testsudoers.c, visudo.c, visudo.cat, visudo.man.in: New Defaults
- options: o stay_setuid - sudo will remain setuid if system has
- saved uids or setreuid(2) o env_reset - reset the environment to
- a sane default o env_keep - preserve environment variables that
- would otherwise be cleared
+ * tgetpass.c:
+ includes pwd.h to get _PASSWD_LEN definition
+ [8ec174f263f1]
- No longer use getenv/putenv/setenv functions--do environment
- munging by hand. Potentially dangerous environment variables can
- be cleared only if they contain '/' pr '%' characters to protect
- buggy programs. Moved environment routines into env.c (new file)
+1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-12-29 22:17 millert
+ * sudo.c:
+ unset the KRB_CONF envariable if using kerberos so we don't get
+ spoofed into using a bogus server
+ [2561a0274fca]
- * INSTALL: Clear up --without-passwd description
+1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-12-29 19:39 millert
+ * parse.yacc:
+ now explicately initialize match[] tp be FALSE
+ [0e45e5c47766]
- * sudo_setenv.c, putenv.c: We now build up a new environment from
- scratch and assign it to "environ".
+1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-12-18 22:35 millert
+ * sudo.c:
+ removed unused variable now passes -Wall
+ [3452508bc16d]
- * sudo.pod, visudo.pod: Grammatical fixes from Paul Janzen
+ * parse.yacc:
+ yyerror and dumpaliases are now void's now passes -Wall
+ [2769dfb51993]
-2000-12-14 23:19 millert
+ * parse.lex:
+ added prototype for yyerror
+ [1f3f0c1b4ab4]
- * visudo.c: If there was a syntax error and the user just wants to
- quit, unlink sudoers if it is zero length.
+ * check.c, logging.c, parse.c:
+ now passes -Wall
+ [eab57e5e81d2]
-2000-12-14 23:10 millert
+ * interfaces.c:
+ rmeoved unused cruft now passes -Wall
+ [7a47e1866f4b]
- * visudo.c: 'Q' means ignore parse error, not 'q'
+ * Makefile.in:
+ fixed headers that moved to emul dir
+ [e680c1e5049b]
-2000-12-14 22:57 millert
+ * logging.c:
+ fixed deref of nil pointer if no args
+ [973b9bea432f]
- * visudo.c: Open sudoers for writing with mode SUDOERS_MODE From
- Dimitry Andric <dim@xs4all.nl>
+1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-12-13 12:23 millert
+ * OPTIONS:
+ added a caveat to FQDN section
+ [dcf6e2a5fff4]
- * set_perms.c: Add missing #ifdef HAVE_LOGIN_CAP_H;
- ayamura@ayamura.org
+1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-12-09 11:46 millert
+ * Makefile.in:
+ more $srcdir support for install targets
+ [f6eac78436dd]
- * config.guess, config.sub: Darwin / Mac OS X support from Wilfredo
- Sanchez <wsanchez@apple.com>
+ * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
+ strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
+ don't include malloc.h if we include stdlib.h
+ [fca2ff307cd8]
-2000-11-03 09:36 millert
+ * parse.yacc:
+ local search.h now lives in emul
+ [51c458904424]
- * sudo.c, visudo.c: Use exit(127), not exit(-1)
+ * check.c, utime.c:
+ local utime.h now lives in emul dir
+ [f92fc9e8c8de]
-2000-11-03 00:37 millert
+ * lsearch.c:
+ local search.h now lives in emul
+ [579efc407439]
- * defaults.h, set_perms.c, sudo.c, Makefile.in, defaults.c: Move
- set_perms() to its own file and use POSIX saved uid or setreuid()
- if available.
+ * Makefile.in:
+ added support for building in other than the sourcedir
+ [2ab53a43f7d4]
- Added stay_setuid option for systems that have libraries that
- perform extra paranoia checks in system libraries for setuid
- programs (ie: anything with issetugid(2)).
+1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-11-02 20:28 millert
+ * OPTIONS:
+ annotated CSOPS_INSULTS option
+ [9e57d45a0afa]
- * sudo.c: strip more bits from the environment and add a facility
- for stripping things only if they contain '/' or '%' to address
- printf format string vulnerabilities in other programs.
+ * TROUBLESHOOTING:
+ updated shadow passwords blurb
+ [39b785bc7253]
-2000-11-02 12:55 millert
+ * sudo.c:
+ if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
+ passes along foo as the arguments
+ [a91077aa8fc5]
- * configure: regen
+1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-11-02 12:55 millert
+ * parse.lex:
+ collapsed pathname and dir sections into one -- its now less
+ expensive
+ [89caa03bec25]
- * configure.in: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache
- the existence of strcasecmp().
+ * parse.lex:
+ fixed spacing quoting [,:\\=] now works correctly append() and
+ fill() now take args to make the above work
+ [09d023d9ef3a]
-2000-11-02 12:46 millert
+ * sudo.c:
+ fixed a typo that caused commands with no tty on fd 0 but a tty on
+ fd 1 to erroneously have "none" as their tty
+ [07d2c0e7977c]
- * configure: regen
+1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-11-02 12:46 millert
+ * check.c:
+ timestampfile is now a global static removed decl of timestampfile
+ in remove_timestamp since we can just use the global one
+ [f0cbdc6aab1c]
- * configure.in: Check for strcasecmp(3) in -lc89 for NCR Unix
+ * check.c:
+ created touch() to update timestamps added USE_TTY_TICKETS support
+ (bit of a kludge)
+ [cee1dd0318f8]
-2000-11-01 10:22 millert
+ * compat.h:
+ added _S_IFDIR and S_ISDIR
+ [b4a51cc9628e]
- * config.h.in: Define HAVE_INNETGR #ifdef HAVE__INNETGR
+ * OPTIONS, options.h:
+ added USE_TTY_TICKETS
+ [b4e22f81f25e]
-2000-11-01 10:17 millert
+ * parse.yacc:
+ removed const from casts for lsearch() & lfind() to placate irix 4.x
+ C compiler
+ [5003081f76ea]
- * configure: regen
+1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-11-01 10:17 millert
+ * sudo.c:
+ now only strip '/dev/' off of a tty if it starts with '/dev/'
+ [7f62bcd24039]
- * compat.h, config.h.in, configure.in: Add check for _innetgr(3)
- since NCR systems have that instead of innetgr(3).
+ * pathnames.h.in:
+ added _PATH_DEV
+ [6375f44d1910]
-2000-10-31 14:16 millert
+ * configure.in:
+ AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
+ have termios.h
+ [9c60391235fd]
- * auth/securid.c: check return value of creadcfg() call sd_close()
- after sd_auth() store username in sd->username so we don't rely
- on the USER env variable
+ * tgetpass.c:
+ fixed incorrect #ifdef termio uses "unsigned short" not int for
+ c_?flag
+ [d032e6a29845]
+
+ * parse.lex, parse.yacc:
+ fixed a spelling error
+ [cad6a944c7b1]
+
+ * Makefile.in:
+ fixed typo
+ [204a65403e7c]
+
+1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-10-29 23:00 millert
+ * Makefile.in:
+ fixed a comment
+ [268f760e57ad]
- * INSTALL: document --with-bsdauth
+ * parse.yacc:
+ added dotcat() to cat 2 strings w/ a dot effeciently now that we
+ dynamically allocate strings they need to be free()'d
+ [ec2e2152f415]
-2000-10-29 22:57 millert
+ * parse.lex:
+ dynamically allocates space for strings
+ [d10ac3533d66]
- * configure: regen
+ * sudo.h:
+ no more MAXCOMMANDLENGTH
+ [e2e1219bff8a]
+
+ * sudo.h:
+ added decl of tty
+ [c8ae81303ee5]
+
+ * logging.c, sudo.c:
+ moved tty stuff into sudo.c
+ [e028abefeb07]
+
+1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ fixed a logic bug. Was denying a command if user gave command line
+ args but there were none in the sudoers file which is wrong.
+ [7489a99b8e8a]
+
+ * sudo.h:
+ MAXCOMMMANDLEN dropped down to 1K
+ [38ef54ba290b]
+
+ * parse.lex:
+ return foo; -> return(foo);
+ [0e8be1b57001]
+
+ * parse.yacc:
+ fixed netgr_matches() prototype
+ [e69f15910464]
+
+ * parse.lex:
+ added support for escaping "termination" characters
+ [8bd4ef50f35c]
+
+ * parse.c:
+ buf is now of size MAXPATHLEN+1 since it never holds command args
+ [2ce4b763058c]
+
+ * sudo.c:
+ fixed comments
+ [0c74a3d2ebb0]
+
+ * goodpath.c:
+ fixed negation problem (doh!)
+ [782814e3a2d1]
+
+ * parse.yacc:
+ fixed 2nd parameter to lfind()
+ [63d7b1623c08]
-2000-10-29 22:56 millert
+ * parse.lex:
+ now do bounds checking in fill() and append()
+ [54381b563251]
- * configure.in: --with-bsdauth assumes --with-logincap
+ * sudo.c:
+ include netdb.h as we should added a missing void cast added
+ SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
+ realloc actually moved the string instead of shrinking it
+ [897ccdec9c06]
+
+ * sample.sudoers:
+ updated with examples of new features
+ [9b3ed00e8aa6]
+
+ * goodpath.c:
+ now set errno to EACCES if not a regular file or not executable
+ [2d069548a5ea]
+
+ * find_path.c:
+ if given a fully-qualified or relative path we now check it with
+ sudo_goodpath() and error out with the appropriate error message if
+ the file does not exist or is not executable
+ [590f89dd8dec]
+
+ * emul/search.h, lsearch.c:
+ now use correct args for lfind
+ [fccdcdbf020e]
+
+ * logging.c:
+ added a comment
+ [fab9f49708ea]
+
+ * insults.h:
+ added in CSOps insults
+ [ad8eb1862adc]
+
+ * ins_csops.h:
+ Initial revision
+ [de5a475ec018]
+
+ * tgetpass.c:
+ added RCS id
+ [c3ffd550a482]
+
+ * sudo.h:
+ increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
+ [aba25c90d08a]
+
+ * OPTIONS:
+ added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
+ [e27bd62e9ccf]
+
+ * sudo.c:
+ fixed -k load_interfaces() now gets called if FQDN is set
+ -p now works with -s
+ [07ca2a34bae8]
-2000-10-29 22:45 millert
+ * parse.c:
+ don't try to stat() "pseudo commands" like "validate"
+ [75527045984b]
- * auth/: bsdauth.c, fwtk.c: When prompting for a response to a
- challenge, if the user just hits return then reprompt with echo
- turned on.
+ * options.h:
+ added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
+ [07b157a0eafd]
+
+ * configure.in:
+ added SecurID support added other insults to --with-csops
+ [6c992ceb244c]
+
+ * config.h.in:
+ added HAVE_SECURID
+ [e734ff617fe8]
+
+ * Makefile.in:
+ added clobber target added ins_csops.h now gets CFLAGS from
+ configure
+ [d1e29c7cec25]
-2000-10-29 17:31 millert
+ * aclocal.m4:
+ relaxed SUDO_FULL_VOID
+ [fb4084f27406]
+
+ * visudo.c:
+ function comment blocks are now in same style as rest of code
+ [04a2931354c5]
- * sudo.c: Remove debugging code that should not have been
- committed, oops.
+ * testsudoers.c:
+ added support for command line args in /etc/sudoers
+ [bfe4e1bcc655]
-2000-10-29 17:31 millert
+ * sudoers.man:
+ updated to have command args in the sudoers file
+ [1cd34355e9ea]
+
+ * sudo.man:
+ added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
+ [930b48023b68]
+
+1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/bsdauth.c: Use lower-level routines and get the password
- ourselves. Checks for a challenge and if there is one echo is
- not turned off.
+ * parse.yacc:
+ PATH renamed to COMMAND
+ [4e109a6de3cd]
-2000-10-29 17:30 millert
+ * parse.lex:
+ it is now a parse error for directories to have args attached to
+ them
+ [2ab10a146b54]
- * auth/: pam.c, sudo_auth.h: minor housekeeping, no real code
- changes
+ * logging.c:
+ now say command args if telling user to buzz off
+ [933de26ded8b]
-2000-10-27 18:41 millert
+ * sudo.c:
+ -s no longer indicates end of args sped up loading on cmnd_args in
+ load_cmnd()
+ [eac99a4da862]
- * sudo.c: Fix a coredump in the logging functions if gethostname(2)
- fails by deferring the call to log_error() until things are
- better setup.
+ * parse.c:
+ removed an unreachable statement
+ [634302623c49]
- Fix return value of set_loginclass() in non-BSD-auth case.
+ * parse.lex:
+ made more efficient by pulling out the terminators when in GOTCMND
+ state and making them their own rule
+ [80798f1e1166]
- Hard-code 'sudo' in the usage message so we can fit more options
- on a line
+1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-10-27 18:35 millert
+ * sudo.h:
+ removed MAXLOGLEN since it is no longer used
+ [102824196b71]
- * logging.c: Fix errant ';' (typo) that broken MSG_ONLY
+ * parse.lex:
+ now allows command args
+ [d29dfa1e5254]
-2000-10-26 13:03 millert
+ * parse.c:
+ now groks command arguments
+ [6c414cb7f105]
- * sudo.cat, sudo.man.in: regen
+ * logging.c:
+ now sets tty correctly when piped input
+ [de46a30c0406]
-2000-10-26 13:01 millert
+ * sudo.c:
+ fixed loading of cmnd_args (was including command name too)
+ [15319a425ea6]
- * sudo.pod: Document -a flag
+ * logging.c:
+ fixed a core dump due to incorrect if construct
+ [582363c7d7fa]
-2000-10-26 12:42 millert
+1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, config.h.in, configure, configure.in, getspwuid.c,
- sudo.c, auth/sudo_auth.h, auth/bsdauth.c: Add support for BSD
- authentication.
+ * configure.in:
+ only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
+ [da591fe9b931]
-2000-10-19 10:09 millert
+ * aclocal.m4:
+ fixed check for ISC
+ [52e59f2082a7]
- * sudoers.pod: Fix typo; from sato@complex.eng.hokudai.ac.jp
+ * sudo.c:
+ now sets cmnd_args used by log_error() and that will be used by the
+ parse to check against command args
+ [c6804389723b]
-2000-10-12 09:49 millert
+ * sudo.h:
+ added cmnd_args
+ [4d00446b4a8d]
- * sudoers.pod: Mention negating umask
+ * logging.c:
+ now dynamically allocate logline since we can guess at its size
+ [4bed8c8446aa]
-2000-10-12 01:30 millert
+1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c: Allow user to specify umask of 0777 (same as !umask)
+ * logging.c:
+ cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
+ "register" since the compiler knows more than I do now do a
+ "basename" of the tty
+ [3b1bbf0b3da1]
-2000-10-08 21:46 millert
+1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod, visudo.pod: Fix a typo and give a URL for the sudo
- history.
+ * configure.in:
+ ++version
+ [5ce552f9a5f1]
-2000-10-08 12:25 millert
+ * sudo.h:
+ added shell extern changed MODE_* to be bit masks to allow for
+ several options together
+ [06f9dc4f400c]
- * defaults.c, sudo.pod: fix typos; pepper@reppep.com
+ * sudo.c:
+ added -s (shell) option made MODE_* masks so we can do bitwise & and
+ | to see if multiple flags are set.
+ [01f8143010ad]
-2000-09-14 16:48 millert
+ * check.c:
+ added securid support
+ [909e078005fe]
- * sudo.c, sudo.h, sudo_setenv.c: sudo_setenv() now exits on memory
- alloc failure instead of returning -1.
+1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-09-07 17:41 millert
+ * logging.c:
+ removed a bunch of unnecesary strncpy()'s and replaced with strcat()
+ [644506b57d61]
- * sudo.c: Strip out NLSPATH and PATH_LOCALE from the environment
- for FreeBSD and possibly others.
+1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-09-07 10:43 millert
+ * Makefile.in, version.h:
+ ++version
+ [3cd6f1fbc3d9]
- * logging.c: Don't use vsyslog(3) since HP-UX (and others?) lack
- it. This means that "%m" won't be expanded but we don't use that
- anyway since the logging routines may splat to stderr as well.
+1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-09-06 21:35 millert
+ * parse.yacc:
+ fixed free() of an uninitialized pointer (yuck)
+ [8c404ee502ee]
- * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
- sudoers.pod: Add always_set_home variable
+ * testsudoers.c:
+ added netgr_matches
+ [e7c9fa2f774c]
-2000-09-06 21:24 millert
+ * parse.c:
+ cleaned up netgr_matches
+ [8108f00b810e]
- * configure, configure.in: Have to hard code default values in help
- since the defaults are set _after_ the help stuff.
+1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-08-31 13:08 millert
+ * RUNSON:
+ updated for 1.3.4
+ [4741704310a1]
- * lex.yy.c, parse.lex: Allow special characters (including '#') to
- be embedded in pathnames if quoted by a '\\'. The quoted chars
- will be dealt with by fnmatch(). Unfortunately, 'sudo -l' still
- prints the '\\'.
+1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-08-13 17:10 millert
+ * Makefile.in:
+ now installs sudoers.man -- really should clean this up though.
+ [455631d45a1d]
- * install-sh: Better path searching for programs we need.
+ * Makefile.in:
+ added sudoers.cat and sudoers.man
+ [0bdedd6c7363]
-2000-08-13 17:10 millert
+ * sudo.man:
+ pulled out stuff on the sudoers file format into a separate man page
+ [de215d999cb9]
- * TROUBLESHOOTING: Add section on "C compiler cannot create
- executables" errors.
+ * sudoers.man:
+ Initial revision
+ [f25eafbb7095]
-2000-08-13 17:10 millert
+ * HISTORY:
+ fixed up my email address
+ [254fbf80be74]
- * Makefile.binary, Makefile.in, version.h: Crank version
+ * configure.in:
+ added checks for innetgr and getdomainname
+ [24a99cb7e97e]
-2000-08-13 17:09 millert
+ * visudo.c:
+ added dummy netgr_matches function
+ [1841ff2c01da]
- * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
- sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
- visudo.man.in, visudo.pod: Substitute values from configure into
- man pages.
+ * parse.c:
+ added netgr_matches
+ [ec90db6a97b8]
-2000-08-12 16:48 millert
+ * parse.lex, parse.yacc:
+ added NETGROUP support
+ [c9dd93e3bc4b]
- * parse.c, sudo.c: The listpw and verifypw sudoers options would
- not take effect because the value of the default was checked
- *before* sudoers was parsed. Instead of passing in the value of
- PWCHECK_* to sudoers_lookup(), pass in the arg for def_ival() so
- the check can be deferred until after sudoers is parsed.
+ * config.h.in:
+ added HAVE_INNETGR & HAVE_GETDOMAINNAME
+ [14abd494d875]
-2000-08-11 15:41 millert
+1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
- * tgetpass.c: When writing prompt, no need to write the NUL as
- well; hag@linnaean.org
+ * sudo.c:
+ rewrote clean_env() that has rm_env() builtin
+ [55cb43818a95]
-2000-06-09 12:25 millert
+1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * install-sh: When looking for chown, check in /sbin too
+ * check.c:
+ now cast uid to long in sprintf
+ [b549eea40aeb]
-2000-06-04 22:57 millert
+ * OPTIONS:
+ added _INSULTS suffix to HAL & GOONS end
+ [ed620d0aad30]
- * visudo.c: Remove extraneous call to init_defaults() and set
- runas_user to NULL betweem parses so init_defaults will reset it
- each time, thus avoiding a reference to free()d data.
+ * options.h:
+ added _INSULTS suffix to HAL & GOONS
+ [9f72e9b83afd]
-2000-06-04 19:57 millert
+ * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
+ converted to new scheme of insult "unions" end
+ [2f6d2b412132]
- * config.h.in, interfaces.c, interfaces.h, sudo.c: Add support for
- using getifaddrs() to get the list of ip addr / netmask pairs.
- Currently IPv4-only.
+ * sudo.c:
+ now uses MAX_UID_T_LEN
+ [c1df79e0f389]
-2000-06-04 19:51 millert
+ * configure.in:
+ added SUDO_UID_T_LEN !l
+ [195f0b9f5f84]
- * visudo.c: Add a missing check for UserEditor == NULL Add missing
- '+' before line number when invoking editor to fix a syntax error
+ * config.h.in:
+ added MAX_UID_T_LEN
+ [73f42ae4f14d]
-2000-05-12 16:55 millert
+ * check.c:
+ now use MAX_UID_T_LEN
+ [df9c063234cb]
- * sudo.c: Call clean_env very early in main() for paranoia's sake.
- Idea from Marc Esipovich.
+ * aclocal.m4:
+ added check for max len of uid_t fixed sco vs. isc check
+ [d558f36d2223]
-2000-05-10 01:11 millert
+1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.h: Update proto for evasprintf and easprintf
+ * configure.in:
+ corrected version
+ [828dd1571e86]
-2000-05-10 01:10 millert
+ * configure.in:
+ added sco support
+ [af1e2f616638]
- * alloc.c: Make easprintf() and evasprintf() return an int.
+ * aclocal.m4:
+ hack to check for sco
+ [549ab99a9a43]
-2000-05-10 00:56 millert
+ * interfaces.c:
+ removed #include <net/route.h> since it was hosing some OS's
+ [ac78a7c04005]
- * check.c: If the targetpw flag is set, use target username as part
- of the timestamp path. If tty tickets are in effect cat the tty
- and the target username with a ':' as the separator.
+1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-05-09 12:05 millert
+ * find_path.c:
+ fixed prreadlink() prototype
+ [b380fe1f2b11]
- * auth/pam.c: Backout part of last change; setting PAM_USER to the
- invoking user breaks things like targetpw.
+ * check.c:
+ added parens in #if's
+ [e96ade691b82]
-2000-05-09 11:52 millert
+ * configure.in:
+ added SPW_ prefix
+ [a302683a1483]
- * auth/pam.c: set tty and username via pam_set_item
+ * sudo.h:
+ moved SPW_* to config.h.in
+ [6b3be70e34cf]
-2000-05-09 11:42 millert
+ * sudo.c:
+ added a set of parens
+ [8188d735d695]
- * check.c, getspwuid.c, sudo.c, sudo.h, auth/sudo_auth.c: Fix root,
- runas, and target authentication for non-passwd file auth
- methods.
+ * config.h.in:
+ added SPW_*
+ [5ead6371cf60]
-2000-04-22 14:15 millert
+ * sudo.h:
+ added SPW_* reordered error codes
+ [dead25b4ed0a]
- * sudo.pod, sudo.man.in, sudoers.man.in, sudoers.pod, visudo.pod,
- sudo.cat, sudoers.cat, visudo.man.in, visudo.cat: Use B<-Z> not
- C<-Z> for command line flags in all places. This is more
- consistent and works around a bug in Pod::Man.
+ * check.c:
+ moved SPW_* to sudo.h
+ [ca51fb04caf4]
-2000-04-22 13:59 millert
+1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.cat, sudoers.man.in, sudoers.pod: Fix an occurence of
- 'semicolon' that should be 'colon'
+ * sudo.c:
+ SPW_AUTH -> SPW_SECUREWARE
+ [6b512b2bc5dc]
-2000-04-19 15:30 millert
+ * logging.c:
+ GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
+ [defdd0944e2f]
- * configure, configure.in: Fix --with-badpri help line
+ * configure.in:
+ AUTH -> SECUREWARE
+ [d1f8a17001dd]
-2000-04-17 14:01 millert
+ * check.c:
+ SPW_AUTH -> SPW_SECUREWARE
+ [af0e8d8b89b2]
- * defaults.c, logging.c, sudo.c: Bracket calls to syslog with an
- openlog() and closelog() since some authentication methods (like
- PAM) may do their own logging via syslog. Since we don't use
- syslog much (usually just once per session) this doesn't really
- incur a performance penalty. It also Fixes a SEGV with pam_kafs.
+ * check.c:
+ now uses SHADOW_TYPE to make shadow pw support more readable and
+ modular. It's a start...
+ [8c2a59667014]
-2000-04-15 16:32 millert
+ * configure.in:
+ added autodetection of shadow passwords
+ [85f81fa54b1b]
- * sudo.c: Fix -H flag. runas_homedir is only valid after
- set_perms(PERM_RUNAS, mode)
+ * sudo.c:
+ now uses SHADOW_TYPE define
+ [355e5dc09b07]
-2000-04-12 18:56 millert
+ * config.h.in:
+ added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
+ [c0c06e83e483]
- * INSTALL: Clarify the fact that insults are not enabled just by
- including them in the binary.
+ * aclocal.m4:
+ added SUDO_CHECK_SHADOW
+ [464301301639]
-2000-04-07 10:39 millert
+1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat,
- sudoers.cat, visudo.cat: Regenerated with perl 5.6.0 pod2man
+ * configure.in:
+ define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
+ memmove() since we dno longer use it...
+ [8aefa87d7d31]
-2000-04-07 10:38 millert
+ * CHANGES:
+ updated
+ [ce97b3fd7182]
- * Makefile.in: Give date string to pod2man since its default is
- ugly and it ain't got no alibi.
+ * logging.c:
+ added BROKEN_SYSLOG support
+ [a45c3bca36f6]
-2000-04-07 10:27 millert
+ * config.h.in:
+ added BROKEN_SYSLOG
+ [6f6abf0a6268]
- * Makefile.in: Do section substitution on the output of pod2man and
- remove hack needed for old pod2man.
+ * check.c:
+ now only bitch it timestamp > time_now + 2 * timeout to allow for a
+ machine udpating its time from a server
+ [546bc8d35325]
-2000-04-07 10:26 millert
+ * sudo.man:
+ added 2 security notes updated Nieusma's email addr
+ [616756c56977]
- * sudo.pod, sudoers.pod, visudo.pod: Put back real man sections, we
- will do the substitution later.
+ * lsearch.c:
+ changed a memmove() to memcpy() since we don't have to worry about
+ overlapping segments.
+ [30baa478526b]
-2000-04-02 11:44 millert
+1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Don't bother checking for the path to vi
- if user specified --with-editor
+ * interfaces.c:
+ cleanup up the loop when interfaces are groped in so that it is
+ readable
+ [1fa39446bd69]
-2000-04-01 17:25 millert
+ * Makefile.in, version.h:
+ ++version
+ [b46bd2b1770f]
- * CHANGES, visudo.c: Visudo now does its own fork/exec instead of
- calling system(3).
+1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-04-01 16:23 millert
+ * CHANGES:
+ annotated 124-126
+ [b82a2b3ec7ce]
- * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
- sudoers.pod, visudo.c: Visudo now checks for the existence of an
- editor and gives a sensible error if it does not exist.
+1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
- The path to the editor for visudo is now a colon-separated list
- of allowable editors. If the user has $EDITOR set and it matches
- one of the allowed editors that editor will be used. If not, the
- first editor in the list that actually exists is used.
+ * check.c:
+ fixed permissions check on /tmp/.odus
+ [cc2431a65468]
-2000-04-01 16:22 millert
+1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod, sudo.cat, sudo.man.in: Clear up confusion wrt sudo's
- return value.
+ * check.c:
+ fixed some comments
+ [8896d09b4fda]
-2000-03-27 12:08 millert
+ * check.c:
+ now checks owner & mode of timedir also checks for bogus dates on
+ timestamp file
+ [a0fad5df5b0a]
- * Makefile.in: Strip sudo and visudo for bindist target
+ * OPTIONS:
+ updated TIMEOUT info
+ [033cc22d9e04]
-2000-03-26 22:26 millert
+ * logging.c, sudo.h:
+ added BAD_STAMPDIR and BAD_STAMPFILE
+ [31d9ce691101]
- * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
- sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Use
- @mansectsu@ and @mansectform@ in the man page bodies as well.
+ * compat.h:
+ added definition of S_IRWXU
+ [ff2dab091a9b]
-2000-03-26 22:07 millert
+ * CHANGES:
+ updated
+ [a40df90284f1]
- * visudo.cat, visudo.man.in, visudo.pod: Typo: @sysconf@ ->
- @sysconfdir@
+1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-03-26 21:57 millert
+ * interfaces.c:
+ added #ifdef to make it compile on strange arches
+ [4a127f12afce]
- * Makefile.in: 'make dist' should not cause any files to be
- modified so remove its dependencies.
+1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-03-26 21:43 millert
+ * aclocal.m4:
+ fixed check for fulkl void impl.
+ [b6f2a4a361d8]
- * CHANGES: Whoops, forgot to add release marker
+ * check.c:
+ added mssing "static"
+ [520552f2772b]
-2000-03-26 11:57 millert
+ * insults.h:
+ replaced #elif with #else #if constructs for ancient C compilers
+ [39ab2d365b57]
- * CHANGES: Final change for 1.6.3 (or so I hope)
+ * INSTALL:
+ updated irix c2 & kerb5 info
+ [ae79b99b4905]
-2000-03-26 11:57 millert
+ * configure.in:
+ added shadow pw support for irix
+ [632469d9c528]
- * sudo.cat, sudoers.cat, visudo.cat: Use SYSV man sections since
- BSD systems will have nroff...
+1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-03-24 18:58 millert
+ * BUGS, TODO:
+ updated
+ [2a96bb18ac30]
- * parse.yacc: When checking to see if the host/user matches in a
- defaults spec, check against TRUE, not just non-zero since it
- might be -1.
+ * CHANGES:
+ last changes for sudo 1.3.3
+ [c1c0cd1034b8]
-2000-03-24 15:14 millert
+ * configure.in:
+ now calls SUDO_SOCK_SA_LEN
+ [14ea78159d45]
- * configure.in, configure: OSF/1 puts file formats in section 4,
- not 5.
+ * config.h.in:
+ added HAVE_SA_LEN
+ [cc2a346aa905]
-2000-03-24 15:13 millert
+ * aclocal.m4:
+ added SUDO_SOCK_SA_LEN
+ [456a2025644a]
- * CHANGES, INSTALL, sudo.c: Make login class support work on BSD/OS
+ * interfaces.c:
+ now works with ip implementations that use sa_len in sockaddr
+ [90be6e028077]
-2000-03-23 20:24 millert
+ * INSTALL:
+ added note about buggy AIX compiler
+ [c0f6d427e4e4]
- * RUNSON: Update for 1.6.3
+ * interfaces.c:
+ now include sys/time.h for AIX
+ [2510858ab38b]
-2000-03-23 20:23 millert
+1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: If there is no inet_addr but there *is*
- an __inet_addr that's ok since inet_addr is probably just a macro
- then. The better thing to do would be to look for the macro, but
- this is fine for now.
+ * Makefile.in:
+ getcwd -> getwd
+ [66085ebca98e]
-2000-03-23 19:50 millert
+ * interfaces.c:
+ now works for ISC and others. yay.
+ [f336d4ffc927]
- * configure, configure.in: Don't use shlicc for BSD/OS 4.x
+1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-03-23 19:40 millert
+ * Makefile.in, version.h:
+ version++
+ [836cffc2078d]
- * Makefile.in, configure, configure.in: *.man lives in cwd, *.cat
- lives in $(srcdir), add a @mansrcdir@ configure variable so we
- can deal with this. Also, only remove *.man for 'distclean' not
- 'clean'.
+1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-03-23 19:16 millert
+ * aclocal.m4:
+ fixed test for full void impl
+ [fb004107e7b9]
- * sudo.c: set_loginclass() should be static like the proto says
+ * sudo.c:
+ now check to see that st_dev is non-zero before assuming that we are
+ being spoofed
+ [1b0e1c30c506]
-2000-03-23 14:14 millert
+1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * fnmatch.c: Add #ifdef __STDC__ around the rangematch function
- header to avoid promotion of test to int, thus violating the
- prototype. Gcc handles this gracefully but more std ANSI
- compilers will complain.
+ * aclocal.m4, configure.in:
+ SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
+ [4953379bfb01]
-2000-03-23 10:11 millert
+1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * emul/fnmatch.h: Pull in newer fnmatch(3) that supports
- FNM_CASEFOLD
+ * aclocal.m4:
+ fixed include file order for SUDO_FUNC_UTIME_POSIX
+ [ff64ab7df44f]
-2000-03-23 10:11 millert
+ * logging.c:
+ added cast for ttyname()
+ [444f05f56758]
- * aclocal.m4, configure, fnmatch.3, fnmatch.c: Pull in newer
- fnmatch(3) that supports FNM_CASEFOLD Check for FNM_CASEFOLD in
- configure
+ * configure.in:
+ fixed typo
+ [de068e748431]
-2000-03-22 23:41 millert
+ * check.c:
+ now deal correctly with all known variation of utime() -- yippe
+ [b778a4195a89]
- * CHANGES, TODO: update for 1.6.3
+ * configure.in:
+ added SUDO_FUNC_UTIME_POSIX
+ [cf635f2269d6]
-2000-03-22 23:38 millert
+ * aclocal.m4:
+ added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
+ [d79593be4b73]
- * lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, sudo.tab.h,
- testsudoers.c, visudo.c: Fully qualified hosts w/ wildcards were
- not matching the FQHOST token type. There's really no need for a
- separate token for fully-qualified vs. unqualified anymore so
- FQHOST is now history and hostname_matches now decides which
- hostname (short or long) to check based on whether or not the
- pattern contains a '.'.
+ * config.h.in:
+ added HAVE_UTIME_POSIX
+ [c67b4ac0dca5]
-2000-03-22 23:09 millert
+ * check.c:
+ fixed a typo
+ [b14df5680f59]
- * parse.c, parse.h, parse.yacc, sudoers.pod, testsudoers.c,
- visudo.c, sudoers.cat, sudoers.man.in: Add support for wildcards
- in the hostname.
+ * check.c:
+ no longer assume !HAVE_UTIME_NULL means old BSD utime()
+ [0aeaf4b2f38b]
-2000-03-22 22:50 millert
+ * check.c:
+ fixed fascist C compiler warning
+ [c61ddf2f1f93]
- * Makefile.in: Add targets for *.man.in, using config.status to
- generate *.man from *.man.in
+ * interfaces.c:
+ now set strioctl.ic_timout in STRSET() now initialize num_interfaces
+ to 0 (just to be anal)
+ [c54cc2ba0052]
-2000-03-22 22:20 millert
+1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.cat, sudoers.man.in, sudoers.pod: Document set_logname
- option and enbolden refs to sudo and visudo.
+ * sudo.h:
+ increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
+ [74cf585a54fb]
-2000-03-22 19:35 millert
+ * logging.c:
+ added tty logging
+ [e27d8dcfbd78]
- * INSTALL, Makefile.in, aclocal.m4, configure, configure.in,
- sudo.cat, sudo.pod, sudo.man.in, sudoers.cat, sudoers.pod,
- visudo.cat, visudo.pod, sudoers.man.in, visudo.man.in: Add
- FreeBSD login.conf support (untested on BSD/OS) based on a patch
- from Michael D. Marchionna. configure now does substitution on
- the man pages, allowing us to fix up the paths and set the
- section correctly. Based on an idea from Michael D. Marchionna.
+ * interfaces.c:
+ reworked the ISC code
+ [bcf57ce8ae69]
-2000-03-22 19:27 millert
+ * Makefile.in, version.h:
+ updated version
+ [032941c9b94d]
- * auth/passwd.c: Better fix for handling HP-UX aging info.
+ * check.c:
+ now expect old-style utime(3) if utime() can't take NULL as an arg
+ [018dd4a73030]
-2000-03-22 19:20 millert
+ * configure.in:
+ added check for utime.h
+ [0b76e8feb618]
- * sudo.c: Add support for set_logname run-time default
+ * config.h.in:
+ added HAVE_UTIME_H
+ [62ee42feda46]
-2000-03-22 19:17 millert
+ * Makefile.in:
+ added CPPFLAGS STATIC_FLAGS -> LDFLAGS
+ [fa3201d294e1]
- * sudo.man.in, sudoers.man.in, visudo.man.in: configure does
- substitution on these to produce *.man
+ * configure.in:
+ now search for kerb libs and includes
+ [cc332401e571]
-2000-03-22 19:16 millert
+ * check.c:
+ added support for utime(2)'s that can't take a NULL parameter
+ [98797fedf69f]
- * sudo.man, sudoers.man, visudo.man: These files now get generated
- from *.man.in at configure time.
+ * utime.c:
+ moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
+ [6ce6d825fb44]
-2000-03-22 18:40 millert
+ * configure.in:
+ added utime(s) stuff
+ [a2afb744403e]
- * defaults.c, defaults.h: Add set_logname option so users can turn
- off setting of LOGNAME/USER environment variables.
+ * check.c:
+ now use utime()
+ [48902240a51e]
-2000-03-22 10:53 millert
+ * config.h.in:
+ added HAVE_UTIME and HAVE_UTIME_NULL
+ [9a56ab65d4f4]
- * testsudoers.c, lsearch.c, parse.c: kill register
+1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-03-13 15:52 millert
+ * utime.c:
+ now use HAVE_UTIME_NULL
+ [e3944de09a92]
- * auth/passwd.c: HP-UX adds extra info at the end for password
- aging so when comparing the result of crypt to pw_passwd we only
- compare the first len(epass) bytes *unless* the user entered an
- empty string for a password.
+ * emul/utime.h, utime.c:
+ Initial revision
+ [a2cbf2ef3427]
-2000-03-13 11:05 millert
+ * check.c:
+ need to setuid(0) to make kerb4 stuff work.
+ [c6cfda4039d7]
- * logging.c: Get rid of grandchild hack, it was causing problems
- and there is really no need for it. This fixes a bug where we
- spin eating up CPU when the user runs a long-running process like
- a shell.
+ * tgetpass.c:
+ no more special case for kerberos
+ [4a5c33145be9]
-2000-03-07 14:26 millert
+ * config.h.in:
+ took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
+ emulation)
+ [a607ee43e650]
- * sudo.c: User can always specify a login class if he/she is
- already root.
+ * compat.h:
+ no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
+ kerberos
+ [02fb274cc136]
-2000-03-06 23:29 millert
+ * check.c:
+ now use private ticket file for kerberos support to avoid trouncing
+ on system one
+ [28d8b6b812c7]
- * config.h.in, configure, configure.in, defaults.c, defaults.h,
- sudo.c, sudo.h: FreeBSD login class (login.conf) support.
+1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-03-06 14:42 millert
+ * sudo.h:
+ added SPOOF_ATTEMPT & cmnd_st
+ [d3b42a1f4d0d]
- * auth/sudo_auth.c: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes
- secureware support
+ * sudo.c:
+ added anti-spoofing support
+ [ab1e2aa44a57]
-2000-03-03 18:04 millert
+ * parse.c:
+ now use global cmnd_st
+ [47018265a1a6]
- * auth/passwd.c: Truncate unencrypted password to 8 chars if
- encrypted password is exactly 13 characters (indicateing standard
- a DES password). Many versions of crypt() do this for you, but
- not all (like HP-UX's).
+ * logging.c:
+ added SPOOF_ATTEMPT suypport
+ [7bbe9dd2a021]
-2000-03-01 21:01 millert
+ * testsudoers.c, visudo.c:
+ added void casts where appropriate
+ [f191441ba333]
- * INSTALL, RUNSON: Mention that gcc on dynix may have problems
+ * parse.yacc:
+ fixed up spacing and added void casts where appropriate
+ [15d886fc809c]
-2000-02-29 17:46 millert
+ * sudo.c:
+ fixed problem with "-p prompt" but no args
+ [6fc048261a3e]
- * Makefile.in: Link visudo with NET_LIBS since we now call syslog
- via defaults.c
+1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-02-29 17:41 millert
+ * sudo.man:
+ added BUGS and annotated -l description
+ [e5c506de2603]
- * defaults.c: Use Argv[0] as the first arg to openlog() since
- visudo uses this too.
+ * sudo.h:
+ validate() now takes a flag
+ [26627becc60a]
-2000-02-28 18:58 millert
+ * sudo.c:
+ validate() now takes a flag added -l
+ [a4f7bb97fe54]
- * sudo.c: Stash coredumpsize resource limit and retsore it before
- the exec() Otherwise the child ends up with a coredumpsize of 0.
+ * parse.yacc:
+ added support for -l
+ [e7a9b10b0ad3]
-2000-02-26 22:56 millert
+ * parse.c:
+ validate() now takes a flag that says whether or not to check the
+ command
+ [9e1e67f4e281]
- * sudo.cat, sudo.man, sudo.pod: document -S flag
+1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-02-26 22:54 millert
+ * logging.c:
+ now deals with Argv == 1
+ [0acb637ab635]
- * sudo.c: fix usage string
+ * sudo.man:
+ added -p option
+ [e60382fc0561]
-2000-02-26 22:48 millert
+ * sudo.c:
+ added prompt support reworked parse_args()
+ [2f605267ed4a]
- * CHANGES, RUNSON, TODO, sudo.c, sudo.h, tgetpass.c,
- auth/aix_auth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Added
- -S flag (read passwd from stdin) and tgetpass_flags global that
- holds flags to be passed in to tgetpass(). Change echo_off param
- to tgetpass() into a flags field. There are currently 2 possible
- flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(),
- abstract the echo set/clear via macros and if (flags & TGP_ECHO)
- but echo is not set on the terminal, but sure to set it.
+ * sudo.h:
+ added prompt
+ [5ab021bdb419]
-2000-02-26 22:11 millert
+ * options.h:
+ added PASSPROMPT
+ [614727ff44a2]
- * tgetpass.c: Fixed a bug that caused an infinite loop when the
- password timeout was disabled.
+ * check.c:
+ now use BUFSIZ as length of kerb password added kpass so pass is
+ always a char * now use prompt global when asking for a password
+ [76be09af784f]
-2000-02-18 12:56 millert
+ * tgetpass.c:
+ now use BUFSIZ as _PASSWD_LEN if using kerberos
+ [1e907eed312b]
- * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
- sudoers.cat, sudoers.man, sudoers.pod, visudo.c: Add rootpw,
- runaspw, and targetpw options.
+ * OPTIONS:
+ added PASSPROMPT
+ [ddb2f405ce40]
-2000-02-18 12:11 millert
+1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
- visudo.c: enveditor -> env_editor
+ * configure.in:
+ only look for -lufc or -lcrypt if crypt() not in libc
+ [9717d315661f]
-2000-02-15 19:07 millert
+ * check.c:
+ don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
+ (unknown user) silently fail
+ [2b48693d4ee9]
- * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
- sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h,
- visudo.cat, visudo.man: crank versino to 1.6.3
+ * INSTALL:
+ added kerb4 note
+ [986e393f740c]
-2000-02-15 19:03 millert
+ * tgetpass.c:
+ HAVE_KERBEROS -> HAVE_KERB4
+ [e438bfb5e6aa]
- * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
- sudoers.pod, visudo.c: Add 'editor' and 'enveditor' sudoers
- defaults and make visudo honor them. This means that visudo will
- now parse the sudoers file *before* it is edited so a bogus
- sudoers file will cause a warning to go to stderr. Also, visudo
- checks the variables once--it does not check them after each
- editor run since that could be confusing.
+ * check.c:
+ removed debugging printf
+ [1cf9f5cbffa5]
-2000-02-15 18:49 millert
+ * configure.in:
+ KERBEROS -> KERB4 added checks for setreuid & setresuid
+ [01e9945beb1e]
- * RUNSON: 1.6.2 -> 1.6.2p1
+ * config.h.in:
+ HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
+ [0e0bb5b8ac3e]
-2000-02-15 18:36 millert
+ * compat.h:
+ added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
+ with setresuid if applic
+ [9dae24c47696]
- * check.c, sudo.c, sudo.h: Move user_is_exempt prototype into
- sudo.h
+ * check.c:
+ HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
+ no setreuid() or a broken one
+ [1fca642bdb8e]
-2000-02-13 13:38 millert
+1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in: Fix thinko, some && should have been ||
- in the last commit
+ * configure.in:
+ added kerberos support
+ [da5639b9b8e7]
-2000-02-13 13:28 millert
+ * config.h.in:
+ added HAVE_KERBEROS
+ [fcc5be550e65]
- * configure, configure.in: Don't initialized Makefile variables to
- be NULL since the user may want to import variables from their
- environment.
+ * tgetpass.c:
+ added KERBEROS support (long passwords)
+ [303ba6924dd2]
-2000-02-03 21:09 millert
+ * check.c:
+ added kerberos support
+ [e40afe98fc1d]
- * configure, configure.in: typo
+1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-01-27 15:01 millert
+ * sudo.h:
+ added MODE_BACKGROUND
+ [9b483c932016]
- * INSTALL, RUNSON, configure, configure.in: Make pam work on HP-UX
- 11.0;jaearick@colby.edu
+ * sudo.man:
+ escaped dashes added -b option
+ [62e84f1a7714]
-2000-01-27 15:01 millert
+ * sudo.c:
+ added -b option
+ [7e78aaefeb95]
- * CHANGES: recent changes; prepare for 1.6.2p1
+ * check.c:
+ added crypt() for osf/1 3.x enhanced secuiry
+ [e9aa5abdb7d5]
-2000-01-26 23:31 millert
+ * configure.in:
+ now check for -lcrypt
+ [5cb9c67e9fa2]
- * find_path.c: Don't apply SECURE_PATH if user is example;
- jmknoble@pobox.com
+ * interfaces.c:
+ added ENXIO like EADDRNOTAVAIL
+ [74223bb1ba75]
-2000-01-26 16:21 millert
+1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.cat, sudoers.man, sudoers.pod: Expanded docs on sudoers
- 'defaults' options based on INSTALL file info.
+ * configure.in:
+ now emulate getwd(), not getcwd()
+ [3e5439d9a5f4]
-2000-01-26 16:21 millert
+ * sudo.c:
+ getcwd() -> getwd()
+ [6392a96a658e]
- * INSTALL: Fix some while lies
+ * getwd.c:
+ getcwd -> getwd
+ [1b0ab9bae11e]
-2000-01-24 10:48 millert
+1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: When making a bindist, link FAQ to TROUBLESHOOTING
- instead of copying.
+ * ins_2001.h, ins_classic.h, ins_goons.h:
+ Initial revision
+ [86db60d8cf00]
-2000-01-23 22:57 millert
+ * insults.h:
+ broke out insults into separate include files
+ [0a01993bd38a]
- * sudoers.cat, sudoers.man, sudoers.pod: Add netgroup caveat
+ * OPTIONS, options.h:
+ added GOONS
+ [e283203c6515]
-2000-01-23 22:42 millert
+ * Makefile.in:
+ added ins_2001.h ins_classic.h ins_goons.h
+ [2a39cd6a4cd2]
- * RUNSON: Last minute updates
+ * Makefile.in, version.h:
+ ++version
+ [05ebf4f5e41a]
-2000-01-23 22:26 millert
+ * visudo.c:
+ moved signal handler setup to setup_signals()
+ [3dd976c04540]
- * TROUBLESHOOTING: PAM entry
+ * sudo.h:
+ added load_interfaces()
+ [af2d473b09e2]
-2000-01-23 22:23 millert
+ * sudo.c:
+ moved load_interfaces to interfaces.c
+ [5c8c138e5d4c]
- * auth/pam.c: correct a comment
+ * parse.yacc:
+ added clearaliases
+ [aeb4ff301daa]
-2000-01-23 22:03 millert
+ * OPTIONS, options.h:
+ added FAST_MATCH
+ [f49ea3d1b525]
- * CHANGES, RUNSON: update for 1.6.2
+ * parse.lex:
+ now uses clearaliases variable
+ [a2dda415bf61]
-2000-01-23 21:59 millert
+ * interfaces.c:
+ Initial revision
+ [a1990e3f5c69]
- * auth/pam.c: Better detection of PAM errors and fix custom prompts
- with PAM. Based on patches from "Cloyce D. Spradling"
- <cloyce@headgear.org>
+ * Makefile.in:
+ added interfaces.[co]
+ [1e8e5984de97]
-2000-01-20 11:15 millert
+ * testsudoers.c:
+ now uses ip addrs and netmasks via load_interfaces()
+ [54b8f7a6835e]
- * snprintf.c: Cast ULONG_MAX to unsigned long long when comparing
- to an unsigned long long value.
+ * sudo.c:
+ now remove IFS instead of setting to "sane" value
+ [ce7eec9f115e]
-2000-01-19 14:07 millert
+1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, config.h.in, configure, configure.in, visudo.c: Fix
- sudoers locking in visudo. We now lock the sudoers file itself,
- not the temp file (since locking the temp file can foul up
- editors). The previous locking scheme didn't work because the fd
- was closed too early.
+ * parse.c:
+ added FAST_MATCH
+ [816d4f5fe81a]
-2000-01-19 13:37 millert
+1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, config.h.in, configure.in: Don't need test for
- ftruncate() any more.
+ * Makefile.in:
+ sudo_goodpath.c-> goodpath.c
+ [a5072c4e1de2]
-2000-01-18 21:23 millert
+ * sudo.c:
+ added Andy's new ISC changes
+ [caa6bbee358e]
- * configure, configure.in: Add a test for the -Aa flag w/ HP-UX's
- cc. Fixes compilation with the unbundled HP-UX cc.
+1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-01-18 17:00 millert
+ * OPTIONS:
+ added a sentence to SECURE_PATH info
+ [cad6e1569d15]
- * sudoers.cat, sudoers.man, sudoers.pod: "a a" -> "a"; Aaron
- Campbell <aaron@cs.dal.ca>
+ * BUGS:
+ added one
+ [4b35cf699a83]
-2000-01-17 18:46 millert
+ * CHANGES:
+ updated
+ [5fded9dc62f0]
- * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
- parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c,
- tgetpass.c, version.h, visudo.c: update copyright year on changed
- files
+ * RUNSON:
+ updated
+ [33cb993cfd39]
-2000-01-17 18:45 millert
+1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * RUNSON: updates
+ * RUNSON:
+ updated for beta3
+ [a05dc6a91995]
-2000-01-17 18:45 millert
+ * Makefile.in, version.h:
+ ++version
+ [54aaf3fadc75]
- * CHANGES: aix fix
+ * aclocal.m4:
+ sendmail is now looked for in \17/usr/ucblib
+ [231ac1a4662f]
-2000-01-17 18:42 millert
+ * sudo.c:
+ fixed indentation
+ [fb137400c8c2]
- * INSTALL: Crank version to 1.6.2
+ * aclocal.m4:
+ fixed a typo
+ [e03f1acc468b]
-2000-01-17 18:11 millert
+ * sudo.c:
+ updated ISC mods
+ [070290d4754b]
- * configure: Crank version to 1.6.2
+ * configure.in:
+ added unixware case
+ [e90250bae0d9]
-2000-01-17 17:46 millert
+ * check.c:
+ user_is_exempt is no longer hidden
+ [1a341765b8af]
- * sudo.c: When using rlimit check for RLIM_INFINITY When computing
- the value of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
+ * RUNSON:
+ updated
+ [a9c4898b26dd]
-2000-01-17 12:32 millert
+ * aclocal.m4:
+ isc and riscos changes
+ [98b5d86585d1]
- * CHANGES: recent changes
+ * OPTIONS:
+ added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
+ [e1ecc464ce4b]
-2000-01-17 12:28 millert
+ * Makefile.in:
+ fixed a typo and added testsudoers stuff
+ [435d60e163dc]
- * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
- sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
- Crank version to 1.6.2
+ * testsudoers.c:
+ Initial revision
+ [6ce14a448662]
-2000-01-17 12:25 millert
+1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: Add
- 'shell_noargs' runtime option back in. We have to defer checking
- until after the sudoers file has been parsed but since there are
- now other options that operate that way this one can too. Based
- on a patch from bguillory@email.com.
+ * parse.yacc:
+ applied fixed patch from Chris
+ [cd6144203d13]
-2000-01-16 23:05 millert
+1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c, defaults.h, parse.c, sudo.c, sudo.h: Add "listpw" and
- "verifypw" options.
+ * Makefile.in:
+ fixed a typo
+ [34f8a54ba041]
-2000-01-16 22:57 millert
+ * parse.yacc:
+ added a set of braces for bison
+ [f0e43b938914]
- * sudoers.cat, sudoers.man, sudoers.pod: o Fix some typos/omissions
- o Add section on verifypw and listpw o Define how NOPASSWD
- interacts with the -v and -l flags
+ * parse.yacc:
+ merged in Chris' changes to dekludge the parser.
+ [82d6e373ab1c]
-2000-01-14 12:39 millert
+ * logging.c:
+ send_mail() was calling find_path() which is wrong since find_path()
+ stores cmnd in a static var. Anyhow, it doesn't make much sense
+ since MAILER should always be fully qualified
+ [6eae6a0b8098]
- * configure, configure.in: For HP-UX cc, add -Aa to CPPFLAGS. For
- HP-UX always add -D_HPUX_SOURCE to CPPFLAGS.
+1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-01-14 12:29 millert
+ * sample.sudoers:
+ added User_Alias stuff
+ [aaba8c8e918d]
- * defaults.c, defaults.h: In struct sudo_defs_types, move the union
- to the end and don't initialize the union member since that only
- works with an ANSI compiler. We set the value of the union by
- hand in init_defaults() anyway. This allows sudo to compile on a
- K&R compiler again.
+ * aclocal.m4:
+ SUDO_NEXT now looks for /usr/lib/NextStep/software_version
+ [52bd81f34b32]
-2000-01-11 13:20 millert
+ * RUNSON:
+ added DEC UNIX 3.0 w/ gcc
+ [7daf570775b5]
- * parse.c, parse.h, parse.yacc, testsudoers.c, visudo.c:
- netgr_matches needs to check shost as well as host since they may
- be different.
+ * visudo.c:
+ Exit was being used in places where exit should be used
+ [6026a89c07ed]
-2000-01-11 13:17 millert
+ * sudoers:
+ added "User alias specification"
+ [a487b6e234f8]
- * tgetpass.c: End on \r as well as \n
+ * parse.yacc:
+ fixed probs caused by making nslots and naliases a size_t
+ [0be919384f3f]
-2000-01-02 23:53 millert
+ * RUNSON:
+ added KSR, upped rev to 1.3.1b2
+ [ce04ee6faadf]
- * sudo.c: Update statbuf.st_mode based on SUDOERS_MODE when we are
- chaning from 0400 to whatever SUDOERS_MODE is (converting from
- the old sudoers mode). Assumes that SUDOERS_MODE is less
- restrictive than 0400 which should always be the case.
+ * logging.c, parse.yacc:
+ 1024 -> BUFSIZ
+ [cd6dda45fa11]
-2000-01-02 23:43 millert
+ * parse.yacc:
+ void * -> VOID * naliases and nslots are now size_t to appease
+ lsearch on 64-bit machines
+ [bf2f807c0dc1]
- * parse.c, parse.yacc, sudo.c, sudo.h: Make treatment of -l and -v
- sane wrt NOPASSWD flags. Now allow -l w/o a passwd if there is
- *any* entry for the user on the host with a NOPASSWD flag. For
- -v, only allow w/o a passwd if *all* entries for the user on the
- host w/ the specified runas user have the NOPASSWD flag set.
+1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
-2000-01-02 23:26 millert
+ * TODO:
+ did a bunch of things and added a bunch :-)
+ [42afd957b829]
- * Makefile.in: add check target
+ * PORTING:
+ updated
+ [972f95c85776]
-1999-12-16 13:02 millert
+ * visudo.man:
+ closer to BSD manpage style
+ [07ae88f50325]
- * visudo.c: Treat EOF at whatnow prompt like 'x' instead of
- looping.
+ * sudo.man:
+ closer to standard BSD man format
+ [372c28dcc135]
-1999-12-10 00:09 millert
+ * compat.h, config.h.in, emul/search.h, insults.h, options.h,
+ pathnames.h.in, sudo.h, version.h:
+ added RCS id
+ [c0ec90b81002]
- * CHANGES: recent changes
+ * sudo.h:
+ removed crufty #defines that are no longer used
+ [35e2b4b477f0]
-1999-12-08 23:04 millert
+ * BUGS:
+ fixed a bug
+ [5bb3e1bee85e]
- * config.h.in, configure, configure.in, sudo.c: Add check for
- initgroups() since old SYSV lacks this.
+ * sudo.man:
+ updated based on sudo changes
+ [e65de1cae438]
-1999-12-08 22:54 millert
+ * parse.yacc:
+ now allow ALL keyword in User_Aliases now allow ALL keyword as well
+ as a NAME or ALIAS
+ [1fb31404dd0f]
- * CHANGES, RUNSON, aclocal.m4, config.h.in, configure,
- configure.in, parse.c, testsudoers.c: o Kill HAVE_FNMATCH_H o
- Only define HAVE_FNMATCH if <fnmatch.h> exists.
+ * CHANGES:
+ updated
+ [b24018ac610b]
-1999-12-06 01:47 millert
+ * sudo.c:
+ now sets SUDO_COMMAND and SUDO_GID envariables.
+ [e9d791557fb7]
- * CHANGES, RUNSON, insults.h, auth/sudo_auth.c: Don't allow insults
- to be enabled if the insults[] array is empty. Otherwise there
- would be division by zero.
+ * aclocal.m4:
+ fixed bug with full void impl check
+ [35715301023c]
-1999-12-06 01:25 millert
+ * parse.yacc:
+ fixed User_Alias supoprt
+ [4c30dfbaaa07]
- * insults.h: Don't care about USE_INSULTS #define since the insult
- stuff may be overridden at runtime.
+ * parse.yacc:
+ added stubs for User_Alias support
+ [f4afbd247edf]
-1999-12-06 01:23 millert
+ * sudo.c:
+ now sets removes # bogus interfaces from num_interfaces
+ [6f077fac9ab1]
- * auth/sudo_auth.c: Honor insults flag.
+ * parse.lex:
+ added User_Alias support
+ [bc7997e5df85]
-1999-12-05 19:14 millert
+1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, parse.c: Don't ask the user for a password if the user
- is not allowed to run the command and the authenticate flag (in
- sudoers) is false.
+ * Makefile.in:
+ removed extraneous TODO
+ [bc87a3b14d6d]
-1999-12-05 19:05 millert
+1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, RUNSON, lex.yy.c, parse.lex: o Whenever we get a bare
- newline we change to the INITIAL state. o Enter GOTRUNAS when we
- see Runas_Alias
+ * visudo.c:
+ ntwk_matches -> addr_matches
+ [475044e288b8]
- This allows #uid to work in a RunasAlias.
+ * parse.yacc:
+ ntwk_matches -> addr_matches
+ [dd1f4093fd2d]
-1999-12-05 14:06 millert
+ * parse.c:
+ ntwk_matches -> addr_matches now use inet_addr() not inet_network()
+ (which expects octet boundaries) fixes for OSF (sizeof(int) !=
+ sizeof(long))
+ [acd2f556940f]
- * CHANGES, parse.yacc: fix parsing of runas lists: o oprunasuser
- and runaslist now return a value o in a runasspec, if a runaslist
- does not return TRUE, set runas_matches to FALSE. Normally, a
- runaslist only returns FALSE for explicitly denied users. o
- since runaslist does not modify the stack there is no need for a
- push/pop in runasalias.
+ * sudo.c:
+ took out debugging info
+ [044023063eca]
-1999-12-04 21:54 millert
+ * aclocal.m4:
+ OS was being set to unknown before non-uname based host checks.
+ This caused no checks to happen since $OS was not zero-length.
+ [335a7267479d]
- * check.c, sudo.c: Don't kill the user's tickets until after
- sudoers has been parsed since tty_tickets and ticket_dir could be
- set in sudoers.
+ * sudo.c:
+ fixed loading of interfaces struct still has debugging info in
+ though
+ [2d1a18998c1e]
-1999-12-04 21:18 millert
+ * parse.c:
+ fixed typo
+ [175674a3a9fa]
- * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
- configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
- sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man: crank
- version to 1.6
+1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-12-04 21:18 millert
+ * Makefile.in:
+ ++version
+ [55d191b5daa3]
- * testsudoers.c: add set_fqdn() stub
+ * version.h:
+ ++
+ [d7d1f115696a]
-1999-12-02 15:31 millert
+ * visudo.c:
+ removed extraneous extern decl of "top
+ [50355621047d]
- * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
- sudoers.man, sudoers.pod, visudo.c: o Kill shell_noargs option,
- it cannot work since the command needs to be set before sudoers
- is parsed. o Fix the "set_home" sudoers option (only worked at
- compile time). o Fix "fqdn" sudoers option. We now set
- host/shost via set_fqdn which gets called when the "fqdn"
- option is set in sudoers. o Move the openlog() to
- store_syslogfac() so this gets overridden correctly from the
- sudoers file.
+ * visudo.c:
+ now zeros "top"
+ [4e683210345b]
-1999-12-02 15:21 millert
+ * parse.yacc:
+ removed parser_cleanup (no need for it now)
+ [afa59f222b6c]
- * auth/securid.c: SecurID support should compile now.
+ * parse.lex:
+ now calls reset_aliases() directly
+ [3a23cbd60fc0]
-1999-11-28 20:56 millert
+1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.pod, visudo.pod, sudo.cat, sudo.man, sudoers.man,
- visudo.man, sudoers.cat, visudo.cat: fix some syntactic goofs
+ * OPTIONS:
+ added a sentence to SECURE_PATH description
+ [c5bf75b85af0]
-1999-11-28 18:51 millert
+ * parse.c:
+ fixed my stupid bug where I used NAMLEN on something I wanted to
+ just get the name from. argh.
+ [111f460f6540]
- * sudo.html, sudoers.html, Makefile.in, visudo.html: No longer need
- the .html files as they are generated automatically on the web
- site.
+1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-11-28 18:49 millert
+ * lsearch.c:
+ fixed argument order of memmove() that i hosed when converting from
+ bcopy(). arghh.
+ [2f5336045c8b]
- * CHANGES, LICENSE: kill characters that made wml unhappy
+ * Makefile.in:
+ finally fixed DISTFILES line
+ [a1b419e73a63]
-1999-11-28 18:34 millert
+ * Makefile.in:
+ tabs -> spaces
+ [280fb03e5764]
- * HISTORY: typo
+ * Makefile.in:
+ added missing files to DISTFILES
+ [991fc1cd2263]
-1999-11-25 12:05 millert
+ * Makefile.in:
+ SUPPORTED -> RUNSON
+ [7580e65b05fb]
- * README: majordomo@cs.colorado.edu -> majordomo@courtesan.com
+1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-11-24 19:43 millert
+ * TODO:
+ updated
+ [fe764a29c1cc]
- * Makefile.in, configure: Wrap script execution w/ /bin/sh for the
- benefit of ctm
+ * RUNSON:
+ updated for pl5b1 release
+ [aefc35bd2291]
-1999-11-23 22:52 millert
+ * BUGS, TODO:
+ updated
+ [8f0ea249b687]
- * sudo.c: Make the -s flag be exclusive too. Also reorder the
- flags in the exclusive usage message so they are alphabetical.
+ * check.c:
+ fixed bug where if you hit return at first sudo prompt it would
+ still log as a failure
+ [24539c854692]
-1999-11-23 13:27 millert
+ * CHANGES:
+ updated
+ [251cc7b3ede4]
- * auth/pam.c: make pam errors other than PAM_PERM_DENIED fatal
+ * aclocal.m4:
+ better test for bogus void * implementation
+ [efe23180cb88]
-1999-11-23 13:07 millert
+ * logging.c:
+ added PASSWORDS_NOT_CORRECT
+ [bd12c73f83f7]
- * auth/API: fix typo
+ * check.c:
+ added PASSWORDS_NOT_CORRECT stuff]
+ [90de391a979f]
-1999-11-23 13:07 millert
+ * sudo.h:
+ added PASSWORDS_NOT_CORRECT
+ [727fbeb76fc5]
- * INSTALL: make it clear that /etc/pam.d/sudo is required on linux
+ * tgetpass.c:
+ moved pathnames.h
+ [4f910e5a8df7]
-1999-11-23 13:06 millert
+ * sudo.c:
+ removed some unused vars and fixed up uid2str
+ [70e92c7f9076]
- * auth/pam.c: fix a warning on redhat and spew an error if
- pam_authenticate() returns an error other than AUTH_SUCCESS or
- PAM_PERM_DENIED
+ * putenv.c:
+ moved compat.h
+ [b271091586f6]
-1999-11-23 00:43 millert
+ * getcwd.c, getwd.c:
+ added pathnames.h
+ [6f25218f133f]
- * sudo.cat, sudo.html, sudo.man, sudo.pod: Be very clear that the
- password required is the user's not root's
+1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-11-19 21:04 millert
+ * parse.yacc:
+ fixed a typo I introduced in the last checkin :-(
+ [62c3af75c4fe]
- * Makefile.in: add sample.syslog.conf to DISTFILES and BINFILES
+ * parse.lex:
+ can't have #ifdef's where N is defined so just do this the broken
+ way for AIX
+ [c5648a5594e4]
-1999-11-18 19:13 millert
+ * parse.yacc:
+ better hack from Chris (but still a hack)
+ [6b6d8aed93f3]
- * RUNSON: updates from Brian Jackson + some formatting
+ * parse.lex:
+ stupid hack for broken aix lex
+ [efc3f9e5280e]
-1999-11-17 21:39 millert
+ * tgetpass.c:
+ now includes compat.h \ 6
+ [401822173f77]
- * INSTALL.binary, Makefile.binary, README, RUNSON: o One RUNSon
- update o Changes for automating real binary releases
+ * visudo.c:
+ now includes fcntl.h
+ [63865c2f8ac6]
-1999-11-17 21:38 millert
+ * compat.h:
+ added FD_SET and FD_ZERO for 4.2BSD
+ [00c5597c0bb0]
- * Makefile.in: Add bindist target
+ * parse.yacc:
+ dirty hack to fix parser bug. i don't really like this but it works
+ for now...
+ [5b8bbdc81569]
-1999-11-16 16:26 millert
+ * sudo.c:
+ uid2str is now static like the prototype says
+ [f2a97b5cb870]
- * TROUBLESHOOTING: talk about run-time options in addition to
- compile-time options
+1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-11-16 01:16 millert
+ * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
+ updated
+ [6f79c3e92716]
- * CHANGES: fix typos
+ * RUNSON:
+ Initial revision
+ [12a09ef9e884]
-1999-11-16 01:09 millert
+ * sudo.c:
+ check_sudoers now returns an error code and sudo calls inform_user
+ and log_error based on the return value.
+ [340eca188d9a]
- * sudo.c: need sys/time.h if HAVE_SETRLIMIT
+ * logging.c, sudo.h:
+ added entries for new errors
+ [6050d8542e1f]
+
+ * parse.c:
+ now set uid to that of SUDOERS_OWNER while parsing sudoers file
+ [3683c42bc9b0]
+
+ * Makefile.in:
+ took out testsudoers \ 6
+ [65317d49db48]
+
+ * sudo.c:
+ now explicately checks that it is setuid root
+ [2fe1be60ef6a]
+
+ * sudo.c:
+ If a user has no passwd entry sudo would segv (writing to a garbage
+ pointer). Now allocate space before writing :-)
+ [d08e7eb5e5ef]
+
+ * configure.in:
+ reordered AC_CHECK_FUNCS
+ [4c82e56c6f4f]
+
+ * config.h.in:
+ fixed memset macro
+ [77ede6b714ab]
+
+ * tgetpass.c, visudo.c:
+ bzero -> memset
+ [1a005bb322c8]
+
+ * logging.c:
+ bzero -> memset when a parse error is logged the line number of the
+ error is now logged too
+ [a42d68047723]
+
+ * INSTALL:
+ added Sunos to blurb about c2 security
+ [af750a1d131e]
+
+ * configure.in:
+ added a SUN4 define for C2 security
+ [6ad5b23a3eb0]
+
+ * config.h.in:
+ bcopy -> memmove bzero -> memset
+ [5494460c8464]
+
+ * lsearch.c:
+ bcopy -> memmove char * -> VOID *
+ [a15f5c316e16]
+
+ * check.c:
+ added support for sunos with C2 security
+ [03fea5bb21e6]
+
+ * OPTIONS, options.h:
+ reordered
+ [1686265af3e1]
+
+ * pathnames.h.in:
+ _PATH_SUDO_LOGFILE now set based on configure
+ [5867b58e4a04]
+
+ * configure.in:
+ added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
+ [1984d9fd1b5c]
+
+ * config.h.in:
+ added _SUDO_PATH_LOGFILE
+ [dd3eebe62580]
+
+ * aclocal.m4:
+ added SUDO_LOGFILE to find where to put sudo.log added
+ SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
+ SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
+ [c589a515a99a]
+
+1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ Initial revision
+ [f42f1baba3a8]
+
+ * sudo.c:
+ now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
+ to work around a problem is trusted hpux shadow passwords. yuck.
+ [ae1f13b54687]
+
+ * parse.yacc:
+ backed out a change in malloc/realloc
+ [ab868db0ad69]
+
+ * parse.yacc:
+ now include stdlib.h
+ [957eef0631eb]
+
+ * visudo.c:
+ now do an freopen() of the stmp file so that yyin will always point
+ to the same thing. This is important for flex since we are doing a
+ YY_NEWFILE
+ [44558922fd3e]
+
+ * parse.yacc:
+ replaced yywrap() with parser_cleanup() since yywrap() needs to be
+ in parse.lex to be able to use YY_NEW_FILE. sigh.
+ [12dd09921074]
+
+ * parse.lex:
+ now have a rule that matches anything that doesn't match an
+ explicite rule. well, you know what i mean (. matches anything not
+ yet matched). However, this means that there is input still queued
+ up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
+ into parse.lex and it calls parser_cleanup() which is most of the
+ old yywrap() sigh.
+ [7f4042bc48d6]
+
+ * SUPPORTED:
+ no longer used
+ [8f220be4da94]
+
+ * getcwd.c, getwd.c:
+ moved compat.h to be the last include file
+ [9f3a65e2d485]
+
+ * parse.yacc:
+ fixed type of aliascmp() args
+ [1c27eb989bdf]
+
+ * find_path.c:
+ NULL -> '\0'
+ [5c8d8cf1692e]
+
+ * parse.yacc:
+ added casts to lfind and lsearch args for irix
+ [61027ddeecf8]
+
+ * Makefile.in:
+ bsdinstall -> install-sh
+ [61de6612c5a5]
+
+ * INSTALL:
+ added info about make realclean
+ [29c6324d727f]
+
+ * Makefile.in:
+ updated VERSION added dependencies for visudo.cat
+ [09077d7229d4]
+
+ * version.h:
+ -> pl5b1
+ [5d21c7ad1a41]
+
+ * sudo.c:
+ took out -l
+ [fc1478d81b38]
+
+ * Makefile.in:
+ now there is a real visudo.man and visudo.cat
+ [58aeac43a6dd]
+
+ * sudo.man:
+ took out visudo stuff
+ [4a6ac4393343]
+
+ * visudo.man:
+ Initial revision
+ [cba348843db8]
+
+ * parse.c, parse.lex, parse.yacc:
+ updated copyright
+ [ffa16b70944a]
+
+ * README:
+ updated for pl5
+ [a26e423e9e5f]
+
+ * sudo.man:
+ updated Nieusma & Hieb email addresses
+ [f0083e71989d]
+
+ * INSTALL:
+ updated to include options.h and OPTIONS
+ [ee59e2b76c94]
+
+ * CHANGES, TODO:
+ updated
+ [51e011ad5220]
+
+ * BUGS:
+ eliminated bug #1 (yay)
+ [e7e88515494e]
+
+ * configure.in:
+ sunos no longer gets linked statically
+ [2e5b3ff3108f]
+
+1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ prototype now uses __P()
+ [68ecdcab4c70]
+
+ * parse.lex:
+ make fill() non-ansi
+ [d6509972260b]
+
+ * parse.c:
+ made -v (validate) work
+ [13c9d520638c]
+
+ * logging.c:
+ now gives host
+ [f04859cdba5a]
+
+ * find_path.c:
+ don't check for execute/statable if fq or relative path given
+ [4bbe851f3973]
+
+ * parse.c:
+ added a cast
+ [345c308f72f3]
+
+ * visudo.c:
+ now include ctype.h for islower and tolower macros
+ [582c0aa332d5]
+
+ * goodpath.c:
+ moved _S_IFMT & _S_ISREG to compat.h
+ [828e4ca4e7b4]
+
+ * sudo.c:
+ moved a set of parens
+ [5783474ecf37]
+
+ * strdup.c:
+ now include compat.h
+ [75e2036b94af]
+
+ * emul/search.h:
+ void * -> VOID *
+ [cedcfaf04161]
+
+ * parse.yacc:
+ now cast malloc & realloc return vals added search for HAVE_LSEARCH
+ now use strcmp if no strcasecmp available
+ [d6a42bc3d4ae]
+
+ * lsearch.c:
+ void * -> VOID *
+ [886adc44f607]
+
+ * config.h.in:
+ removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
+ HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
+ [3b50d7fb4349]
+
+ * compat.h:
+ added _S_IFMT, _S_IFREG, and S_ISREG
+ [73d506c7d53c]
+
+ * aclocal.m4:
+ took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
+ to most SUDO_* macros
+ [8442155f5936]
+
+ * Makefile.in:
+ no more -I.
+ [63462f195bd4]
+
+ * configure.in:
+ various 1.x ro 2.x autoconf changes now check for strcasecmp now use
+ AC_INSTALL_PROG instead of custom one added check for fully woorking
+ void implementation
+ [5ac6b6e6230f]
+
+ * Makefile.in:
+ added lsearch & search.h visudo links into $(LIBOBJS)
+ [bc119cda4598]
+
+ * aclocal.m4:
+ partial 1.x to 2.x changes added SUDO_FULL_VOID
+ [1194d01fa5c5]
+
+ * visudo.c:
+ whatnow_help was prototyped to be static be was not declared as
+ such
+ [0f85489dd426]
+
+ * configure.in:
+ autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
+ for dirent/dir/ndir.h
+ [7408f3854948]
+
+ * parse.c:
+ now use groovy gnu autoconf macro AC_HEADER_DIRENT
+ [e465db9f5dfa]
+
+ * getcwd.c, getwd.c:
+ MAXPATHLEN -> MAXPATHLEN+1
+ [714d87424e21]
+
+ * emul/search.h, lsearch.c:
+ Initial revision
+ [55d79482c535]
+
+1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ eliminated bison warnings
+ [61ca0a96da22]
+
+ * parse.lex:
+ added missing case
+ [6be0f849747c]
+
+ * visudo.c:
+ now iincludes signal.h
+ [221e0fcc144f]
+
+ * parse.yacc:
+ only clear data structures on a parse error
+ [7b1c0f1a4527]
+
+ * visudo.c:
+ whatnow() now gives help on invalid input
+ [e5a4cd88c587]
+
+ * visudo.c:
+ added a whatnow() function (sort of like mh)
+ [932d9b145f1c]
+
+ * parse.yacc:
+ kill_aliases -> reset_aliases yywrap() now cleans up by calling
+ reset_aliases() and clearing top took reset stuff out of yyerror()
+ since it doesn't beling there (and doesn't work anyway). errorlineno
+ is now initially set to -1 so we can set it to the first error that
+ occurrs (it was getting set to the last)
+ [2f71f95a974c]
+
+ * parse.lex:
+ added a void cast
+ [18ae6042dce4]
+
+ * visudo.c:
+ rewrote from scratch based on 4.3BSD vipw.c
+ [2f6814f18576]
+
+1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo.h:
+ removed ocmnd
+ [a31735f41ad4]
+
+ * sudo.h:
+ no more sudo_realpath() and find_path() changed params
+ [8e85c3b39159]
+
+ * sudo.c:
+ find_path() changed since no more realpath()
+ [b25366c7f2ee]
+
+ * parse.yacc:
+ on error, errorlineno is set to the line where the error occurred
+ added kill_aliases() to free the aliases struct now clean up in
+ yyerror() so we can reparse cleanly
+ [2342f578c27a]
-1999-11-16 00:42 millert
+ * options.h, parse.c:
+ no more USE_REALPATH
+ [cfc59babeaff]
+
+ * logging.c:
+ changed to use new find_path()
+ [91c7a38e7751]
- * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
- sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod: get
- rid of references to sudo-bugs. Now mention the web site or the
- sudo@ alias
+ * find_path.c:
+ removed all the realpath() stuff
+ [cc21a43a8562]
-1999-11-16 00:35 millert
+ * Makefile.in:
+ sudo_realpath.c -> sudo_goodpath.c
+ [03a9b1ddec2f]
- * sudoers.html: repair pod2html damage
+ * visudo.c:
+ now works correctly with utk parser
+ [08aa554a0ce8]
-1999-11-16 00:28 millert
+ * goodpath.c:
+ Initial revision
+ [1ea607e1ffb2]
- * RUNSON, TODO: Update for 1.6 release
+ * sudo_realpath.c:
+ eliminated a compiler warning
+ [198bcccc55b6]
-1999-11-16 00:23 millert
+ * sudo.c:
+ elinated compiler warning
+ [e2384f9a878b]
- * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Add warning
- about using ALL in a command context.
+ * sudo_realpath.c:
+ added sudo_goodpath()
+ [43878c4cc540]
-1999-11-09 15:12 millert
+ * sudo.h:
+ added prototype for sudo_goodpath
+ [23e8627a2265]
- * visudo.c: Call yyrestart() on a parse error to reset the lexer
- state.
+ * parse.c:
+ added support for /sys/dir.h
+ [eca897087741]
-1999-11-09 15:06 millert
+ * options.h:
+ USE_REALPATH turned off
+ [620ac8b63d85]
- * parse.lex, lex.yy.c: Don't need YY_FLUSH_BUFFER after all Move
- yyrestart() into visudo.c since it might not get called in yywrap
- if we get a parse error (and we only reread the file on error
- anyway).
+ * find_path.c:
+ added calls to sudo_goodpath()
+ [ad170904fbcd]
-1999-11-09 14:32 millert
+ * configure.in:
+ added check for dirent.h
+ [7964a8c26855]
- * parse.lex, lex.yy.c: Call YY_FLUSH_BUFFER macro in yywrap() to
- clean up any buffers that might still exist. Call yyrestart()
- instead of using the deprecated YY_NEW_FILE macro.
+ * config.h.in:
+ added HAVE_DIRENT_H
+ [1f785fec7e19]
-1999-11-09 12:13 millert
+ * configure.in:
+ added in linux shadow pass stuff \ 6
+ [e585a5785f50]
- * lex.yy.c, parse.lex: flex doesn't need %N table size declarations
+1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-11-08 19:00 millert
+ * visudo.c:
+ added back host, user, cmnd, parse_error
+ [0ec19f3d64f4]
- * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Mention what
- characters need to be escaped in names.
+ * visudo.c:
+ added in utk changes plus some minor cosmetic changes
+ [c5c1921c8a58]
-1999-11-08 18:59 millert
+ * sudo.c, sudo_realpath.c:
+ added void casts for printf's
+ [9c6ff11c0082]
- * configure: regen
+ * options.h:
+ added a define of USE_REALPATH
+ [db3711c9efc5]
-1999-11-08 18:59 millert
+ * configure.in:
+ there is no more visudoers/Makefile
+ [36e1bc1f78d0]
- * INSTALL: clarify Mac OS X entry
+ * Makefile.in:
+ added in utk changes (visudo is now built from the toplevel)
+ [76203d4b345d]
-1999-11-08 18:59 millert
+ * find_path.c:
+ added (void) casts to printf's
+ [dd5cb1e060ac]
- * RUNSON: update
+ * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
+ merged in utk changes
+ [35563307fd8e]
-1999-11-08 17:45 millert
+1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in: o Use AC_MSG_ERROR throughout o Check syslog
- configure options for danity
+ * find_path.c:
+ now check to see that what we are trying to run is a file (or a link
+ to a file, we do a stat(2) so there is no diff)
+ [05889c4bcace]
-1999-11-05 17:11 millert
+1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c: Fix printing of type T_MODE in dump_defaults()
+ * CHANGES:
+ updated
+ [3e8047bb26fb]
-1999-11-05 12:00 millert
+ * Makefile.in:
+ aclocal.m4 -> acsite.m4 make realclean updated for new autoconf \ 6
+ [0bdbaa7c4c7d]
- * strcasecmp.c: missing sys/types.h
+ * sudo.man:
+ added myself as maintainer
+ [77a9d75aab84]
-1999-11-05 00:42 millert
+1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL: Break out options that may be overridden at run time
- into their own section. Add a not about Max OS X and correct
- some lies.
+ * sudo.c:
+ changed setegid -> setgid
+ [7f4788d73b6f]
-1999-11-04 14:01 millert
+1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES, config.h.in, configure, configure.in, sudo.c: o Now use
- getrlimit to find the highest fd when closing all non-std fd's o
- Turn off core dumps via setrlimit for the sake of paranoia
+ * configure.in:
+ fixed the test for irix 5.x to skip bad libs
+ [bfef896de013]
-1999-11-04 13:57 millert
+ * aclocal.m4:
+ now initialize OS and OSREV
+ [cc302756e440]
- * RUNSON: updates
+1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-11-01 10:59 millert
+ * configure.in:
+ irix5 changes
+ [ac985b23f5f2]
- * CHANGES: updates
+ * configure.in:
+ AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
+ compatibility
+ [0cf8c92a06d7]
-1999-11-01 10:58 millert
+1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
- * tgetpass.c: When read()'ing, do a single character at a time to
- be sure we don't go oast the newline.
+ * visudo.c:
+ use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
+ thing wrt yyrestart (grrrr)
+ [18e8eabfbb82]
-1999-11-01 10:43 millert
+1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: For the sudo_root option, check against user_uid, not
- getuid() since at this point, ruid == euid == 0.
+ * Makefile.in:
+ added visudoers/compat.h to DISTFILES
+ [db23b574b034]
-1999-10-31 23:14 millert
+ * configure.in:
+ fixed an echo
+ [7cbc0462b89d]
- * RUNSON: some updates
+ * sudo.c:
+ added ocmnd declaration adjusted for find_path()'s new parameters
+ [d929cd156474]
-1999-10-31 23:14 millert
+ * sudo.h:
+ added ocmnd extern adjusted find_path() prototype
+ [e0004daf5d3c]
- * logging.h: Fix compilation problem when --with-logging=file was
- specified. This means that syslog is now required to build sudo
- but that should not be a problem. If it is it can be fixed
- trivially with a configure check for syslog() or syslog.h.
+ * parse.c:
+ cmndcmp() now takes 3 arguments and checks against the qualified as
+ well as the unqualified pathname. more code that should use
+ cmndcmp() but did not, now does
+ [6f70a8c17bee]
-1999-10-31 23:00 millert
+ * options.h:
+ added to a comment
+ [7a78680426b2]
- * tgetpass.c: Make this work again for things like "sudo echo hi |
- more" where the tty gets put into character at a time mode. We
- read until we read end of line or we run out of space (similar to
- fgets(3)).
+ * logging.c:
+ changed to use new find_path() parameter passing
+ [840981d30db4]
-1999-10-20 11:23 millert
+ * find_path.c:
+ find_path() now takes 2 copyout parameters (one for the qualified
+ pathname and one for the unqualified pathname). The third parameter
+ may be NULL.
+ [851503b005e9]
- * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: change ital
- to bold
+ * configure.in:
+ no longer munge pathnames.h
+ [427d8796c5a9]
-1999-10-20 11:23 millert
+ * pathnames.h.in:
+ changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
+ as a result, pathnames.h does not need to be run through configure
+ and the user can override the configured values easily.
+ [2e378f2ebe88]
- * RUNSON: update
+ * config.h.in:
+ added _SUDO_PATH_* entries
+ [0857de7cebab]
-1999-10-16 13:56 millert
+ * aclocal.m4:
+ _PATH* -> _SUDO_PATH_*
+ [7601193f56cc]
- * defaults.c: Error out if syslog parameters are given without a
- value. For Ultrix or 4.2BSD "syslog" is allowed without a value
- since there are no facilities in the 4.2BSD syslog.
+ * Makefile.in:
+ updated DISTFILES and HDRS .o's now depend on config.h
+ [39d8601965cf]
-1999-10-15 16:37 millert
+1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c: Ignore the syslog facility for systems w/ old syslog
- like Ultrix.
+ * compat.h:
+ removed extraneous #endif
+ [27d4c5f2ce7e]
-1999-10-15 12:51 millert
+ * aclocal.m4:
+ added SUDO_PROG_MV
+ [76dda3bdd816]
- * TROUBLESHOOTING: people with "." early in their path can have
- problems running sudo from the build dir ;-)
+ * configure.in:
+ added SUDO_PROG_MV added riscos and isc os types took out
+ -DSHORT_MESSAGE from --with-csops since it is now the default
+ [68c206ad976e]
-1999-10-13 00:18 millert
+ * sudo.c:
+ move the include of id.h to compat.h now includes options.h
+ [45a1eaafb3a8]
- * sudo.man, sudo.pod, sudo.cat, sudo.html: Remove -r realm option
+ * sudo.h:
+ moved compatibility #defines to compat.h
+ [0eee27057698]
-1999-10-12 22:34 millert
+ * pathnames.h.in:
+ added _PATH_MV
+ [e830797ab320]
- * configure, configure.in, sudo.c, auth/kerb5.c, auth/sudo_auth.c,
- auth/sudo_auth.h: New krb5 code from Frank Cusack
- <fcusack@iconnet.net>.
+ * config.h.in:
+ move __P to compat.h
+ [188e12e0ba93]
-1999-10-12 22:33 millert
+ * getcwd.c, getwd.c, putenv.c:
+ now includes compat.h
+ [c72cb6d73981]
- * CHANGES: update to reality
+ * compat.h:
+ Initial revision
+ [d4d2f359ae03]
-1999-10-11 20:53 millert
+1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/fwtk.c: include <auth.h> to get function prototypes.
+ * sudo.h:
+ pull user-configurable stuff out and put in options.h
+ [ef929467b070]
-1999-10-11 20:05 millert
+1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.cat, sudo.html, sudo.man, sudo.pod: document -L flag
+ * parse.lex, parse.yacc, visudo.c:
+ now includes options.h
+ [e36d7c82add1]
-1999-10-11 19:42 millert
+ * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
+ sudo_setenv.c:
+ now includes options.h
+ [f186ba03de07]
- * sudo.c: in set_perms(), always call setuid(0) before changing the
- ruid/euid so we always know it will succeed.
+ * Makefile.in:
+ added visudoers/options.h
+ [e5350c476494]
-1999-10-11 12:24 millert
+ * OPTIONS, options.h:
+ Initial revision
+ [9b6b5001e318]
- * defaults.h: #undef T_FOO to avoid conflicts with system defines
- (like on ULTRIX).
+ * Makefile.in:
+ added OPTIONS and options.h
+ [25448341e16a]
-1999-10-11 11:55 millert
+ * logging.c:
+ changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
+ [5dd6385dd1d3]
- * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
- sudoers.pod: Docuement "Defaults" lines in /etc/sudoers. Still
- needs some fleshing out but this is a start.
+ * check.c, sudo.h:
+ changed PASSWORD_TIMEOUT to minutes
+ [0ec6aab98738]
-1999-10-10 17:21 millert
+1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c: use strtol, not strtoul since not everyone has not
- strtoul
+ * visudo.c:
+ now only do Editor +line_num if line_num != 0
+ [b69f04b5e3c7]
-1999-10-10 15:01 millert
+1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * lex.yy.c, parse.lex: last {WORD} rule should only apply in the
- INITIAL state
+ * visudo.c:
+ now use mv if rename(2) fails
+ [83210dca1bab]
-1999-10-10 14:38 millert
+ * BUGS:
+ added a visudo bug
+ [d61a806f9aa7]
- * lex.yy.c, parse.lex: o Add support for escaped characters in the
- WORD macro o Modify fill() to squash escape chars
+ * check.c:
+ expanded comment
+ [641f2cba94cb]
-1999-10-10 13:56 millert
+1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c, defaults.h: o Add T_PATH flag to allow simple sanity
- checks for default values that are supposed to be pathnames. o
- Fix a duplicate free when visudo finds an error.
+ * check.c:
+ fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
+ [7a11135039a8]
-1999-10-09 01:01 millert
+1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c, defaults.h, logging.c: mail_if_foo -> mail_foo
+ * sudo.c:
+ added mips & isc support
+ [e258dc053119]
-1999-10-07 21:12 millert
+ * parse.c:
+ added support for non-root owned sudoers file
+ [fea07e65a0fc]
- * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c: o Add
- requiretty option o Move O_NOCTTY to compat.h
+ * check.c:
+ added exempt group support
+ [928fb4bd9ad5]
-1999-10-07 21:12 millert
+ * sudo.h:
+ added set_perms() support added SUDOERS_OWNER so can have non-root
+ own sudoers file added exempt group support added isc support
+ [61c578d31fc1]
- * logging.c: The exit() in log_error() was mistakenly removed in a
- previous version. Put it back...
+ * visudo.c:
+ now copy sudoers to temp file via read/write (not stdio) now chown
+ new sudoers file to SUDOERS_OWNER
+ [a5176c59df70]
-1999-10-07 17:20 millert
+1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, TODO, check.c, config.h.in, configure, configure.in,
- defaults.c, defaults.h, find_path.c, getspwuid.c, lex.yy.c,
- logging.c, parse.yacc, sudo.c, auth/aix_auth.c, auth/fwtk.c,
- auth/pam.c, auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c: o
- Change defaults stuff to put the value right in the struct. o
- Implement mailer_flags o Store syslog stuff both in int and
- string form. Setting the string form magically updates the int
- version. o Add boolean attribute to strings where it makes sense
- to say !foo
+ * configure.in:
+ added skey support
+ [35a8d2fabdb7]
-1999-10-07 17:13 millert
+ * sudo_realpath.c:
+ be_* -> setperms()
+ [a1631d686e1c]
- * tgetpass.c: add O_NOCTTY when opening /dev/tty just in case
+ * sudo.h:
+ fixed typo added set_perms support added skey support added
+ seteuid()/setegid() emulation for AIX
+ [c0c8d6771406]
-1999-10-06 00:48 millert
+ * sudo.c:
+ be_* -> setperms() now check to make sure sudoers file is owned by
+ root nread/write by only root
+ [13ab1e261f1a]
- * auth/API: cleanup function no longer takes a status arg
+ * logging.c, parse.c:
+ be_* -> setperms()
+ [21499d845c8f]
-1999-10-06 00:48 millert
+ * check.c:
+ be_* -> set_perms() added skey support
+ [df51b56871c1]
- * INSTALL: the the
+1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-09-15 05:15 millert
+ * Makefile.in:
+ ++version
+ [3c1abbe4e43c]
- * TODO, config.h.in, configure, configure.in, logging.c: Use
- strftime() instead of ctime() if it is available.
+ * version.h:
+ ++
+ [1d2f9b540a95]
-1999-09-14 12:58 millert
+1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * defaults.c: fix copyright date
+ * sudo.c:
+ now sets IFS
+ [eabbb41b9f08]
-1999-09-14 12:57 millert
+ * insults.h:
+ fixed typo
+ [c7997f19216e]
- * RUNSON: update ReliantUNIX entry
+1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-09-14 12:56 millert
+ * config.h.in:
+ added HAVE_SKEY
+ [da948ec4186b]
- * defaults.c, defaults.h, logging.c: add log_year option
+1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-09-14 04:01 millert
+ * CHANGES:
+ updated
+ [f4b55ab007ea]
- * configure, configure.in: add --without-sendmail to help output
+ * Makefile.in:
+ ++version
+ [0489068b8c95]
-1999-09-14 03:42 millert
+ * version.h:
+ ++
+ [d189faedf423]
- * configure, configure.in: enforce an otctal arg for
- --with-suoders-mode
+ * sudo.c:
+ now bail if ARgv[1] > MAXPATHLEN
+ [0cea8ecc9dc2]
-1999-09-08 04:06 millert
+ * configure.in:
+ added function check for tcgetattr(3)
+ [e03289b22c2f]
- * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, check.c,
- config.h.in, configure, configure.in, defaults.c, defaults.h,
- find_path.c, lex.yy.c, logging.c, parse.h, parse.lex, parse.yacc,
- sudo.c, sudo.h, sudo.tab.h, testsudoers.c, version.c, visudo.c,
- auth/aix_auth.c, auth/fwtk.c, auth/kerb5.c, auth/pam.c,
- auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c: Add support for
- "Defaults" line in sudoers to make configuration variables
- changable at runtime (and on a global, per-host and per-user
- basis). Both the names and the internal representation are still
- subject to change. It was necessary to make sudo_user.runas but
- a char ** instead of a char * since this value can be changed by
- a Defaults line. There is a similar (but more complicated) issue
- with sudo_user.prompt but it is handled differently at the
- moment.
+ * config.h.in:
+ only define HAVE_TERMIOS_H if you have tcgetattr(3)
+ [757eab83d1a2]
- Add a "-L" flag to list the name of options with their
- descriptions. This may only be temporary.
+ * config.h.in:
+ added check for tcgetattr
+ [c5ae92715930]
- Move some prototypes to parse.h
+1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
- Be much less restrictive on what is allowed for a username.
+ * CHANGES:
+ updated
+ [cbc419883108]
-1999-09-08 04:01 millert
+1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * sample.syslog.conf: Add more info
+ * parse.lex:
+ now only include unistd.h for linux
+ [e9adeab95ef0]
-1999-09-04 03:09 millert
+1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
- * fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
- strcasecmp.c, LICENSE: UCB has dropped the advertising clause
- from their license.
+ * Makefile.in:
+ added visudo.8 generation
+ [d6a3f0f887f8]
-1999-08-31 05:39 millert
+ * configure.in:
+ added -Wl,-bI:./aixcrypt.exp to aix flags
+ [72594a21edcf]
- * auth/sudo_auth.h: move dce_verofy proto to correct section
+1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-31 05:39 millert
+ * BUGS:
+ added one
+ [9993a349e096]
- * auth/dce.c: remove XXX
+ * CHANGES:
+ updated
+ [297b31ec4cdd]
-1999-08-28 06:00 millert
+ * README:
+ added mailing list info
+ [10372f94a2b2]
- * emul/fnmatch.h: Add fnmatch() prototype
+ * parse.yacc:
+ now use sudolineno instead of yylineno fixed bison warnings
+ [25a83e62057b]
-1999-08-28 06:00 millert
+ * configure.in:
+ now use -no_library_replacement for osf don't make a static binary
+ for hpux >= 9.0
+ [1fa7b892f1a3]
- * fnmatch.c, parse.c, testsudoers.c: Move inclusion of
- emul/fnmatch.h to be after sudo.h for __P
+ * tgetpass.c:
+ added string.h/strings.h inclusion
+ [71faa98fc0a1]
-1999-08-28 05:59 millert
+ * config.h.in:
+ added ssize_t def
+ [406284bd1ac0]
- * sudo.h: add strcasecmp proto
+ * parse.lex:
+ added inclusion of string.h/strings.h
+ [6985b1df5d09]
-1999-08-28 05:50 millert
+ * aclocal.m4:
+ fixed uname | sed (needed to quote the '[')
+ [4cd2d3415c1a]
- * auth/sudo_auth.c: add check for case where there are no auth
- methods
+ * parse.lex:
+ replaced yylineno with sudolineno fixed bison syntax errors
+ [0bd31a5fab26]
-1999-08-28 05:36 millert
+ * visudo.c:
+ changed yylineno to sudolineno since yylineno cannot be counted
+ upon.
+ [38c30104d0ae]
- * configure, configure.in: Define _XOPEN_EXTENDED_SOURCE on AIX and
- __USE_FIXED_PROTOTYPES__ on SunOS4 w/ gcc
+ * TODO:
+ updated
+ [5d4746f1a752]
-1999-08-28 05:24 millert
+ * parse.c:
+ added code to support command listings
+ [030172e133fd]
- * getspwuid.c, lex.yy.c, parse.lex, parse.yacc: include strings.h
- everywhere we include string.h
+ * sudo.c:
+ added code for -l flag
+ [801dbbc82778]
-1999-08-28 05:22 millert
+ * sudo.man:
+ fixed typo added info for -l flag
+ [8916ca945d65]
- * version.c: nicer output when showing auth methods
+ * configure.in:
+ AC_SSIZE_T -> SUDO_SSIZE_T
+ [c61f7f47013f]
-1999-08-28 05:00 millert
+ * aclocal.m4:
+ added SUDO_SSIZE_T
+ [0ccdb77be84d]
- * version.c: Add support for SEND_MAIL_WHEN_NO_HOST
+ * sudo.h:
+ added MODE_LIST
+ [9b2bd844c76c]
-1999-08-28 04:49 millert
+ * configure.in:
+ added AC_SSIZE_T
+ [35cca208f9b5]
- * config.h.in, configure.in, configure: Add _GNU_SOURCE for Linux
+ * find_path.c, sudo_realpath.c:
+ readlink() is now declared as returning ssize~_t
+ [0640a08d1407]
-1999-08-28 04:22 millert
+ * configure.in:
+ added -laud for OSF c2
+ [b7539c905efc]
- * parse.lex, lex.yy.c: fix definition of OCTECT
+1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-28 04:10 millert
+ * Makefile.in, visudo.c:
+ changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
+ [067fd9bcb5e1]
- * configure, configure.in: aix_auth.o not authenticate.o
+ * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
+ changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
+ [fc46e7c7110a]
-1999-08-27 17:02 millert
+ * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
+ parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
+ sudo_setenv.c, tgetpass.c, version.h:
+ changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
+ [d1d4fbc53a98]
- * sudo.c: Only block SIGINT, SIGQUIT, SIGTSTP (which can be
- generated from the keyboard). Since we run with ruid/euid == 0
- the user can't really signal us in nasty ways.
+1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-27 17:01 millert
+ * Makefile.in:
+ ++version
+ [b7066d97633f]
- * visudo.c: Don't need to worry about catching too many signals
- since we do locking on the tmp file. If a lockfile is really
- stale, it will be detected and overwritten.
+ * version.h:
+ ++
+ [65ec69d88110]
-1999-08-27 16:09 millert
+ * logging.c:
+ added host to alertmail messages
+ [d973c19ce777]
- * INSTALL, Makefile.in: include auth/API in tarball
+ * CHANGES, TODO:
+ udpated
+ [5a65eb16faeb]
-1999-08-27 16:09 millert
+ * logging.c:
+ fixed logging problem where mail would not say which user it was
+ [35723edcc5d2]
- * auth/sudo_auth.c: move memset() of plaintext pw outside of verify
- loop and only do the memset if we are *not* in standalone mode.
+ * configure.in:
+ added -laud for gcc if osf & c2
+ [18f1e0ae5548]
-1999-08-27 13:46 millert
+ * check.c:
+ moved set_auth_parameters to sudo.c
+ [d23112fe01db]
- * auth/: sudo_auth.c, sudo_auth.h: DCE is not a standalone method
+ * sudo.c:
+ added set_auth_parameters for osf
+ [eb70f65214ac]
-1999-08-27 11:53 millert
+ * configure.in:
+ cleaned up -static stuff
+ [01e9575f0422]
- * sudo.c: fix --enable-noargs-shell
+ * Makefile.in:
+ ++version
+ [7ac3bff5c770]
-1999-08-27 11:06 millert
+ * version.h:
+ ++
+ [10a4ff478469]
- * snprintf.c: "#ifdef __STDC__" not "#if __STDC__" (I missed one)
+ * sudo.c:
+ changed setenv() to sudo_setenv()
+ [40a78abb9946]
-1999-08-27 10:54 millert
+ * check.c:
+ fixed osf problem
+ [3d69b118efb8]
- * auth/: fwtk.c, sia.c: _cleanup() function returns an int.
+ * configure.in:
+ added OSF C2 stuff
+ [38cff3ad4093]
-1999-08-27 10:50 millert
+ * CHANGES:
+ updated
+ [cd341dd0581a]
- * auth/dce.c: there were still some return(0)'s hanging around,
- make them AUTH_FAILURE
+ * check.c:
+ added osf auth support & removed some extra spaces
+ [a448cdd81514]
-1999-08-27 10:39 millert
+ * INSTALL, SUPPORTED:
+ added osf C2 stuff
+ [f70484796146]
- * parse.c: typo in comment
+1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-27 10:03 millert
+ * TODO:
+ added 2 suggestions
+ [695fbdbd86e6]
- * version.c: add missing semicolon
+ * Makefile.in:
+ removed README.v1.3.1 and added VERSION stuff
+ [f69403eb04c6]
-1999-08-27 08:31 millert
+ * version.h:
+ pl1
+ [21580c0f8cb1]
- * auth/sudo_auth.h: missing backslash
+1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-26 17:24 millert
+ * version.h:
+ 1.3.1final
+ [630114970298]
- * CHANGES, config.h.in, configure, configure.in: Kill
- _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
+ * Makefile.in:
+ added HISTORY
+ [901bff251614]
-1999-08-26 09:21 millert
+ * sudo.man:
+ mention HISTPRY file
+ [86dbcfd4326e]
- * Makefile.in: add parse.h to HDRS
+ * sudo.c:
+ use sizeof instead of a constant in 1 place
+ [d819604c68ca]
-1999-08-26 09:16 millert
+ * parse.yacc:
+ added unistd.h
+ [6f9500f9fe7e]
- * Makefile.in, configure, configure.in: Kill VISUDO_LIBS and
- VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and LDFLAGS. Common libs go
- in LIBS, commong ld flags go in LDFLAGS and network libs like
- -lsocket, -lnsl go in NET_LIBS. This allows testsudoers to build
- on Solaris and is a bit cleaner in general.
+ * parse.lex:
+ added unistd.h
+ [468b81a276eb]
-1999-08-26 06:56 millert
+ * README:
+ udpated
+ [7e275618923a]
- * UPGRADE: mention ptmp -> sudoers.tmp
+ * HISTORY:
+ Initial revision
+ [5db1b0a3939b]
-1999-08-26 06:12 millert
+1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure.in, configure, config.h.in: Define
- _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
+ * version.h:
+ ++
+ [7dfbb4a810bb] [SUDO_1_3_1]
-1999-08-26 05:37 millert
+ * CHANGES:
+ updated
+ [7820ee610bf8]
- * RUNSON: add 2 reports
+ * sudo_setenv.c:
+ added unistd.h include
+ [30cf2b654525]
-1999-08-26 05:20 millert
+1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/kerb5.c: Minor changes, mostly cosmetic.
- verify_krb_v5_tgt() changed to return a value more like a system
- function
+ * sudo.c:
+ added sys/time.h for AIX
+ [199fc8caf3a3]
-1999-08-26 05:19 millert
+1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/dce.c: Add an XXX
+ * configure.in:
+ added check for -lsocket and sys/sockio.h
+ [f9abfbb31031]
-1999-08-26 05:19 millert
+ * config.h.in:
+ took out libshadow check and added in sys/sockio.h check
+ [0c4b0393ac80]
- * TODO: more things todo!
+ * sudo.c:
+ now include sockio.h instead of ioctl.h if it exists "sudo -" now
+ gets a better error message
+ [53041bea5483]
-1999-08-26 05:18 millert
+ * sample.sudoers:
+ now has a dir and subnet entry
+ [56b820f65438]
- * sample.sudoers: update based on what is in the man page
+1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-26 05:10 millert
+ * sudo.c:
+ removed if_ether.h
+ [b4f64507493e]
- * parse.yacc: minor change to first line printed in -l mode
+ * TODO:
+ added an item
+ [ea2a1bb6922a]
-1999-08-26 05:10 millert
+ * sudo.man:
+ added network and ip addresses to man page
+ [01c85016511f]
- * sudo.cat, sudo.html, sudo.man, sudo.pod: rename "ENVIRONMENT
- VARIABLES" section to "ENVIRONMENT" to be more standard and add
- "EXAMPLES" section
+ * sudo.c:
+ no error if can't get interfaces or netmask since networking may not
+ be in the kernel.
+ [50b8890e2134]
-1999-08-26 05:08 millert
+ * parse.c:
+ nwo check for interfaces == NULL
+ [dc1b3eef0db2]
- * visudo.cat, visudo.html, visudo.man, visudo.pod: rename
- "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
- standard
+ * parse.c:
+ fixed a bug that caused directory specs in a Cmnd_Alias to fail if
+ the last entry in the spec failed (ie: it was only looking at the
+ last entry). CLeaned things up by adding the cmndcmp() function--all
+ neat & tidy
+ [007e93578e5e]
-1999-08-26 05:06 millert
+ * CHANGES:
+ added one
+ [40e8a2cef497]
- * logging.c, parse.c, sudo.h: add FLAG_NO_CHECK
+1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-26 05:05 millert
+ * sudo.c:
+ now do two passes to skip bogus interfaces (lo0, etc)
+ [465e30aecaf7]
- * parse.lex, lex.yy.c: make an OCTET really be limited to 0-255
+ * parse.lex, parse.yacc, visudo.c:
+ added include of netinet/in.h
+ [11e3816ed362]
-1999-08-26 05:04 millert
+ * logging.c, sudo_realpath.c, sudo_setenv.c:
+ added ninclude of netinet/in.h
+ [daccfa40fe1e]
- * UPGRADE: mention timestamp changes
+ * check.c, find_path.c, getcwd.c, getwd.c:
+ added include of netinet/in.h
+ [0222f95e06ad]
-1999-08-26 05:04 millert
+ * version.h:
+ ++
+ [d6b0cfa35a38]
- * PORTING: cosmetic cleanup
+ * sudo.h:
+ added interfaces global
+ [ba52fa8ad75e]
-1999-08-26 05:00 millert
+ * parse.c:
+ now uses new interfaces global
+ [17473ad5ecba]
- * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: new
- sudoers(8) man page
+ * sudo.c:
+ now ip addresses are gleaned fw/o dns
+ [8828bb2007e0]
-1999-08-24 13:45 millert
+1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
- * version.c: Update comments about syslog name tables
+ * sudo.c:
+ added load_ip_addrs() to load the ip_addrs global var
+ [60c825f04238]
-1999-08-24 13:37 millert
+ * parse.c:
+ added hostcmp() to compare hostnames, ip addrs, and network addrs
+ [ab0e40e37537]
- * CHANGES, LICENSE, Makefile.in, configure, strcasecmp.c,
- configure.in, parse.yacc: include strcasecmp() for those without
- it
+ * sudo.h:
+ added ip_addrs def added load_ip_addrs prototype
+ [c41c565d0777]
-1999-08-24 12:43 millert
+1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * sample.sudoers: Use the : operator some more and fix a typo
+ * CHANGES:
+ updated
+ [2a128dbe9bcb]
-1999-08-24 12:43 millert
+ * Makefile.in:
+ removed multiple entries in DISTFILES
+ [2490f4f371e6]
- * HISTORY: update the history of sudo
+ * visudo.c:
+ ansified the !STDC_HEADERS decls
+ [646ba06d17ae]
-1999-08-24 12:42 millert
+ * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
+ don't do malloc decl if gnuc
+ [f1bad1925f98]
- * parse.c, parse.lex, testsudoers.c: CIDR-style netmask support
+ * sudo.c:
+ can't use getopt(3) since it munges args to the command to be run as
+ root don't do malloc decl if gnuc
+ [38e78f6da14e]
-1999-08-24 12:41 millert
+ * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
+ sudo_realpath.c, sudo_setenv.c:
+ ansi-fied !STDC_HEADER function prottypes
+ [51d8cad89976]
+
+ * getcwd.c, getwd.c:
+ added missing paren
+ [6a1fae70e27e]
+
+ * Makefile.in:
+ added putenv.c to DISTFILES
+ [a5e4523eabbb]
+
+ * sudo_setenv.c:
+ added params to func decls when STDC_HEADERS is not defined now can
+ count on putenv() being there
+ [fd587796189b]
+
+ * sudo_realpath.c:
+ took out errno decl since sudo.h does it for us fixed up a next cc
+ warning added params to func decls when STDC_HEADERS is not defined
+ [70fa5152ace6]
- * CHANGES: recent changes
+ * sudo.h:
+ took out environ extern added local declaratio of putenv() if local
+ version is needed
+ [a84bae6c020d]
-1999-08-24 12:40 millert
+ * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
+ added params to func decls when STDC_HEADERS is not defined
+ [f406f0e47ac0]
- * sudo.tab.h: these should be generated with byacc, not bison
+ * config.h.in:
+ added memcpy check check to see that ansi vs bsd macros are ntot
+ already defiend before defining (ie: avoid redefinition)
+ [879ae026e19f]
+
+ * configure.in:
+ removed fluff setenv check plus check w/ replace for putenv if also
+ no setenv
+ [e3c03814ad4b]
+
+ * putenv.c:
+ Initial revision
+ [3cff63e2dc1b]
+
+1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-24 12:40 millert
+ * sudo_setenv.c:
+ Initial revision
+ [4d637631fa6b]
+
+ * sudo.h:
+ rm'd s realp[ath added sudo_realpath and sudo_setenv
+ [07ba001ff57e]
+
+ * sudo.c:
+ now use sudo_setenvc
+ [fd81e04d5ef0]
+
+ * configure.in:
+ added puteenv and setenv, removed realpath
+ [27bfacfb513b]
+
+ * config.h.in:
+ added putenv & setenv
+ [515f14eaf6e4]
+
+ * Makefile.in:
+ added sudo_setenv
+ [217731a717c5]
+
+ * version.h:
+ ++
+ [eadb346d7129]
+
+1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added MAN_POSTINSTALL and /usr/share/catman for irix
+ [2a9496c1bdba]
+
+ * Makefile.in:
+ added MAN_POSTINSTALL
+ [89b0d4695529]
+
+ * CHANGES:
+ added
+ [48c021ba8a70]
+
+ * sudo.man:
+ added SUDO_* plus new options
+ [c0759cff5683]
+
+ * CHANGES:
+ added one
+ [7d44a3922d56]
+
+ * configure.in:
+ took out shadow lib
+ [07cf3de18701]
+
+ * TODO:
+ adde done
+ [a27a578e8afe]
+
+ * visudo.c:
+ now use yyrestart() if flex now reset yylineno to 0
+ [77d67ce0b677]
+
+ * Makefile.in:
+ support for installing a cat page instead of a man page if no nroff
+ [44671c0fc0fa]
+
+ * configure.in:
+ now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
+ to determine whether or not to install a cat or man page
+ [0562d069c135]
- * lex.yy.c: regen
+ * config.h.in:
+ added HAVE_FLEX
+ [c5490bae39d3]
-1999-08-24 11:58 millert
+ * sudo.c:
+ not set ret to MODE_RUN initially
+ [88b4983c195b]
- * parse.h, parse.yacc, sudo.tab.h: In "sudo -l" mode, the type of
- the stored (expanded) alias was not stored with the contents.
- This could lead to incorrect output if the sudoers file had
- different alias types with the same name. Normal parsing (ie:
- not in '-l' mode) is unaffected.
+ * find_path.c:
+ made command (and therefor cmnd dynamically allocated)
+ [95b82e32b6de]
-1999-08-23 12:47 millert
+ * TODO:
+ did #8
+ [fb6f41308cdf]
- * configure, configure.in: define _XOPEN_SOURCE to get at crypt()
- proto on some systems
+ * version.h:
+ ++
+ [14112ecab5ae]
-1999-08-22 13:10 millert
+ * sudo_realpath.c:
+ changed bufs from MAXPATHLEN to MAXPATHLEN+1
+ [0ad4f34e55c0]
- * snprintf.c: fix comment
+ * sudo.h:
+ added MODE_ removed validate_only and added remove_timestamp()
+ [dd5f99c57728]
-1999-08-22 13:09 millert
+ * sudo.c:
+ usage() now takes an int (exit value) added parse_args() to parse
+ command line arguments moved call to find_path() from load_globals
+ to new function load_cmnd() removed validate_only global -- now use
+ the concept of "modes" added -h and -k options
+ [c3887090b28a]
- * tgetpass.c: don't need limits.h
+ * parse.c:
+ no longer use global validate_only now checks for command called
+ "validate" removed check for non-fully qualified commands since that
+ is done by find_path
+ [7d56fbd26369]
-1999-08-22 07:36 millert
+ * find_path.c:
+ changed MAXPATHLEN r to MAXPATHLEN+1
+ [a86e8664d971]
- * snprintf.c: kill bogus reference to vfprintf
+ * find_path.c:
+ fixed off by one error with MAXPATHLEN and fixed a comment
+ [58adcef8c981]
-1999-08-22 07:26 millert
+ * check.c:
+ check_timestamp no longer runs reminder(), it is implied in the
+ return val added remove_timestamp()
+ [42ab5a77066f]
- * sample.sudoers, sudoers: better examples
+ * CHANGES:
+ updated
+ [8e69b31df024]
-1999-08-22 07:23 millert
+1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * snprintf.c: Add some const in the K&R defs. This is safe since
- we define const away if the compiler doesn't grok it.
+ * BUGS:
+ fixed on
+ [bc34f1ac4280]
-1999-08-22 07:22 millert
+ * sudo_realpath.c:
+ took out old_errno
+ [a168d00a0768]
- * aclocal.m4, configure: Better test for working long long support.
- Ultrix compiler supports basic long long but not all operations
- on them.
+ * CHANGES:
+ updated
+ [04ba80922df7]
-1999-08-22 05:59 millert
+1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * aclocal.m4, config.h.in, configure, getspwuid.c, snprintf.c,
- sudo.c, auth/secureware.c: Add check for LONG_IS_QUAD #undef
- MAXINT before including hpsecurity.h to silence an HP-UX warning
- Check for U?LONG_LONG_MAX in snprintf.c and use LONG_IS_QUAD
+ * logging.c:
+ moved send_mail to after syslog
+ [4d4188087834]
-1999-08-21 15:00 millert
+ * sudo.c:
+ now set SUDO_ envariables
+ [e5963f1bd3bb]
- * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
- snprintf.c: UCB-derived snprintf + asprintf support. Supports
- quads if the compiler does. No floating point yet, perhaps
- later...
+1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-20 16:37 millert
+ * version.h:
+ ++
+ [2a4534845d8c]
- * check.c, find_path.c, goodpath.c, logging.c, parse.c, sudo.c,
- auth/API, auth/sudo_auth.c, auth/sudo_auth.h: Run most of the
- code as root, not the invoking user. It doesn't really gain us
- anything to run as the user since an attacker can just have an
- setuid(0) in their egg. Running as root solves potential
- problems wrt signalling.
+ * sudo_realpath.c:
+ now print error if chdir fails
+ [0d75c8973d49]
-1999-08-19 13:45 millert
+ * find_path.c:
+ removed an XXX
+ [e2077bcb35aa]
- * logging.c, sudo.c: Don't wait for child to finish in log_error(),
- let the signal handler get it if we are still running, else let
- init reap it for us. The extra time it takes to wait lets the
- user know that mail is being sent.
+1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
- Install SIGCHLD handler in main() and for POSIX signals, block
- everything *except* SIGCHLD.
+ * CHANGES:
+ updated
+ [e30a2b39b41a]
-1999-08-19 12:30 millert
+ * configure.in:
+ no more static binaries for aix
+ [77a0beb6bd80]
- * logging.c, parse.c, parse.yacc, sudo.c, configure, sudo.h,
- INSTALL, config.h.in, configure.in: sudoers_lookup() now returns
- a bitmap instead of an int. This makes it possible to express
- things like "failed to validate because user not listed for this
- host". Some thigns that were previously VALIDATE_FOO are now
- FLAG_FOO. This may change later on.
+1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
- Reorganized code in log_auth() and sudo.c to deal with above
- changes.
+ * INSTALL:
+ fixed typo
+ [ba5e0d391bc4]
- Safer versions of push/pushcp with in the do { ... } while (0)
- style
+ * sudo_realpath.c:
+ took out stuff not needed for sudo now does be_root/be_user itself
+ now uses cwd global
+ [4f6d4641d793]
- parse.yacc now saves info on the stack to allow parse.c to
- determine if a user was listed, but not for the host he/she tried
- to run on.
+ * version.h:
+ +=2
+ [97da927b297c]
- Added --with-mail-if-no-host option
+ * logging.c, sudo.c:
+ be_root/be_user is now down in sudo_realpath()
+ [f331662fa50f]
-1999-08-17 11:29 millert
+ * logging.c, sudo.h:
+ now works with 4.2BSD syslog (blech)
+ [98e39d89dd36]
- * parse.yacc, sudo.h, visudo.c, visudo.cat, visudo.html,
- visudo.man, visudo.pod: o NewArgv and NewArgc don't need to be
- externally visible. o If pedantic > 1, it is a parse error. o
- Add -s (strict) option to visudo which sets pedantic to 2.
+ * find_path.c:
+ now use sudo_realpath()
+ [ab436a8ebd02]
-1999-08-17 11:26 millert
+ * config.h.in:
+ took out realpth() stuff since we now use sudo_realpath()
+ [8de5ef9f6044]
- * HISTORY, INSTALL: Just have sudo-bugs contact info in one place
+ * configure.in:
+ ultrix enhanced sec
+ [815fb7fffcc0]
-1999-08-17 11:20 millert
+ * SUPPORTED:
+ added ultrix enhanced sec.
+ [6466766c8062]
- * sudo.cat, sudo.html, sudo.man, sudo.pod: Add BUGS section
+ * INSTALL:
+ updated
+ [d681a634297a]
-1999-08-17 10:29 millert
+ * check.c:
+ ultrix enhanced security suport
+ [f10c8decbcc2]
- * configure, configure.in, Makefile.in: Add testsudoers to default
- build target if --with-devel Don't clean generated parser files
- unless "distclean".
+ * Makefile.in:
+ added sudo_realpath.c
+ [6b9bcd3be022]
-1999-08-17 08:47 millert
+ * CHANGES:
+ updated
+ [2fa8084c1b53]
- * parse.yacc: In pedantic mode we need to save *all* the aliases,
- not just those that match, or we get spurious warnings.
+ * tgetpass.c:
+ increased passwd len to 24 for c2 security
+ [ec64838be62d]
-1999-08-17 05:32 millert
+ * BUGS:
+ updated BUGS
+ [ca00d8fec2ce]
- * TROUBLESHOOTING: reference samples.sylog.conf
+1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-14 11:50 millert
+ * check.c:
+ now use user global var
+ [568769719013]
- * sample.syslog.conf: Sample entries for syslog.conf
+ * configure.in:
+ took out -ls
+ [490a44180d5f]
-1999-08-14 11:40 millert
+1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: recent changes
+ * configure.in:
+ added AFS libs
+ [4fb40c8c01ba]
-1999-08-14 11:36 millert
+ * sudo.h:
+ user is now a char * added epasswd
+ [27a919fafdfb]
- * auth/: API, afs.c, aix_auth.c, dce.c, fwtk.c, kerb4.c, kerb5.c,
- pam.c, passwd.c, rfc1938.c, secureware.c, securid.c, sia.c,
- sudo_auth.c, sudo_auth.h: In struct sudo_auth, turn need_root and
- configured into flags and add a flag to specify an auth method is
- running alone (the only one). Pass auth methods their sudo_auth
- pointer, not the data pointer. This allows us to get at the
- flags and tell if we are the only auth method. That, in turn,
- allows the method to be able to decide what should/should not be
- a fatal error. Currently only rfc1938 uses it this way, which
- allows us to kill the OTP_ONLY define and te hackery that went
- with it. With access to the sudo_auth struct, methods can also
- get at a string holding their cannonical name (useful in error
- messages).
+ * sudo.c:
+ added tzset() to load_globals added epasswd (encrypted password)
+ global made user dynamically allocated
+ [b99ef9bdbfce]
-1999-08-14 11:34 millert
+ * configure.in:
+ added tzset test
+ [27592dd1214b]
- * Makefile.in, INSTALL, README, config.h.in, configure,
- configure.in, getspwuid.c, lex.yy.c, parse.lex, parse.yacc,
- sudo.tab.h: o --with-otp deprecated, use --without-passwd instead
- o real dependencies in the Makefile o --with-devel option to
- enable yacc, lex, and -Wall o style -- "foo -> bar" becomes
- "foo->bar" o ALL goes back to being a token, not a string but
- don't leak memory o rename hsotspec -> host in parse.yacc
+ * config.h.in:
+ added HAVE_TZSET
+ [b13f4213f3d0]
-1999-08-12 12:26 millert
+ * check.c:
+ cleaned up encrypted passwd grab somewhat
+ [c8ba9a4db38a]
- * BUGS, CHANGES: recent changes
+ * configure.in:
+ fixed AFS typo
+ [2bfcbce237b6]
-1999-08-12 12:24 millert
+ * INSTALL:
+ added AFS not
+ [80c67329393c]
- * configure, configure.in, interfaces.c, snprintf.c, sudo.c,
- sudo.h, auth/sudo_auth.c: o Digital UNIX needs to check for
- *snprintf() before -ldb is added to LIBS since -ldb includes a
- bogus snprintf(). o Add forward refs for struct mbuf and struct
- rtentry for Digital UNIX. o Reorder some functions in snprintf.c
- to fix -Wall o Add missing includes to fix more -Wall
+ * CHANGES:
+ udpated
+ [2f09ecdd5d31]
-1999-08-12 10:37 millert
+ * logging.c:
+ can now log to both syslog & a file
+ [4d5c0932bc01]
- * INSTALL, check.c, config.h.in, configure, configure.in,
- parse.yacc, testsudoers.c, version.c, visudo.c, auth/sudo_auth.c:
- o Add a "pedentic" flag to the parser. This makes sudo warn in
- cases where an alias may be used before it is defined. Only
- turned on for visudo and testsudoers. o Add
- --disable-authentication option that makes sudo not require
- authentication by default. The PASSWD tag can be used to require
- authentication for an entry. We no longer overload
- --without-passwd.
+ * sudo.h:
+ added BOTH_LOGS
+ [623c539be824]
-1999-08-12 10:29 millert
+ * CHANGES:
+ updated
+ [a1c7f5ef3616]
- * lex.yy.c, parse.lex: Break 'WORD' regexp def into HOSTNAME and
- USERNAME. These days a username can contain just about anything
- so be very permissive. Also drop the unused \. punctuation.
+ * configure.in:
+ --with-AFS
+ [28718d8f5daf]
-1999-08-09 18:25 millert
+ * config.h.in:
+ added HAVE_AFS
+ [2e32bb4e63e4]
- * parse.yacc: o add a 'val' element to aliasinfo struct and move ->
- parse.h o find_alias() now returns an aliasinfo * instead of
- boolean o add_alias() now takes a value parameter to store in the
- aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
- return: 1) positive match 0) negative match (due to '!') -1) no
- match This means setting $$ explicitly in all cases, which I
- should have done in the first place. It also means that we
- always store a value that is != -1 and when we see a '!' we can
- set *_matches to !rv if rv != -1. The upshot of all of this is
- that '!' now works the way it should in lists and some of the
- rules are more uniform and sensible.
+ * check.c:
+ added afs changes
+ [fe4d0ff320a2]
-1999-08-09 18:17 millert
+ * sudo.h:
+ removed AFS stuff :-)
+ [a40387e6fa27]
- * Makefile.in: add parse.h dependency
+ * tgetpass.c:
+ include sys/select for AIX
+ [f32c5a8f2c84]
-1999-08-09 18:17 millert
+ * sudo.h:
+ added AFS
+ [da2ab3dd0348]
- * parse.h: kill unused *_matched macros
+ * version.h:
+ ++
+ [452d4dfe25af]
-1999-08-09 10:35 millert
+1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.yacc: Allow a list of users as the first thing in a user
- spec, not just a single entry. This makes things more uniform,
- though it does allow you to write user specs that are hard to
- read.
+ * CHANGES, SUPPORTED:
+ updated
+ [e7dfe6f23a37]
-1999-08-09 10:08 millert
+ * logging.c:
+ can now have MAILER undefined
+ [1d33b98b35e1]
- * configure: regen
+ * INSTALL:
+ new sub-note about MAILER
+ [d35c636a0574]
-1999-08-09 10:08 millert
+ * sudo.man:
+ added blurb about password timeout
+ [70c2ee50de20]
- * configure.in: fix check for crypt() in libufc
+ * configure.in:
+ convex c2 changes
+ [367138a6232e]
-1999-08-07 14:03 millert
+ * aclocal.m4:
+ took out duplicate define of _CONVEX_SOURCE
+ [647182138450]
- * README: sudo-users list now exists
+ * Makefile.in:
+ added OSDEFS
+ [7fdcd50602d1]
-1999-08-07 07:46 millert
+ * config.h.in:
+ added spaces
+ [f2b8a05e48f3]
- * INSTALL, PORTING, README, TODO, TROUBLESHOOTING: Update to
- reality.
+ * tgetpass.c:
+ added a goto if fgets fails
+ [68a6586d9c45]
-1999-08-07 05:59 millert
+ * sudo.h:
+ use __hpux not hpux convex c2 stuff
+ [5c377a8d5f34]
- * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
- config.h.in, configure.in, logging.c, sudo.h, version.c,
- visudo.c, configure, fileops.c: o Move lock_file() and touch()
- into fileops.c so visudo can use them o Visudo now locks the
- sudoers temp file instead of bailing when the temp file already
- exists. This fixes the problem of stale temp files but it does
- *require* that you not try to put the temp file in a
- world-writable directory. This shoud not be an issue as the temp
- file should live in the same dir as sudoers. o Visudo now only
- installs the temp file as sudoers if it changed.
+ * sudo.c:
+ use __hpux not hpux
+ [9363bc0f9f9e]
-1999-08-06 09:49 millert
+ * logging.c:
+ convex c2 stuff
+ [ea5630975ac4]
- * logging.c: add fcntl locking
+ * config.h.in:
+ define ansi-ish cpp os defines if non-ansi are defined for hpux &
+ convex
+ [664f53a5e786]
-1999-08-06 09:33 millert
+ * INSTALL:
+ updated to say we support sonvex C2
+ [5f2f8b87013e]
- * configure, config.h.in, configure.in, logging.c: Lock the log
- file.
+ * check.c:
+ added convex c2 support
+ [9a665d4918fa]
-1999-08-06 05:36 millert
+1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
- visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: o
- /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
- temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and
- _PATH_SUDO_STMP -> _PATH_SUDOERS_TMP
+ * tgetpass.c:
+ no more ioctl never returns NULL uses fgets() and select() to
+ timeout
+ [b333e6d63e97]
-1999-08-05 17:38 millert
+1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, check.c, config.h.in, configure, configure.in,
- version.c: o Kill *_MESSAGE and replace with NO_LECTURE o Add
- more things to root sudo -V config reporting
+ * configure.in:
+ things were testing -n "$GCC" instead of -z "$GCC"
+ [059a9b15ede2]
-1999-08-05 10:56 millert
+ * tgetpass.c:
+ now works + uses fgets()
+ [353d7ebcb7bb]
- * configure, configure.in: aix_auth.o not authenticate.o
+1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-05 10:48 millert
+ * tgetpass.c:
+ select doesn't seem to recognize a single '\n' as input waiting so
+ we can;t use it, sigh.
+ [f76e3218b835]
- * config.h.in: Add --with-goodpri and --with-badpri configure
- options to specify the syslog priority to use.
+1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-05 10:30 millert
+ * PORTING:
+ updated tgetpass() blurb
+ [95baac736b49]
- * INSTALL, configure.in, logging.h, configure: Add --with-goodpri
- and --with-badpri configure options to specify the syslog
- priority to use.
+ * configure.in:
+ added --with-getpass
+ [42ac0bdf58ed]
-1999-08-05 10:25 millert
+ * Makefile.in:
+ added tgetpass stuff
+ [e2b38c635663]
- * compat.h: kill crufty AIX stuff
+ * tgetpass.c:
+ now uses stdio
+ [36af8ff66e35]
-1999-08-05 06:55 millert
+ * version.h:
+ ++
+ [4e81c9db19bd]
- * Makefile.in: Sigh, some versions of make (like Solaris's) don't
- deal with $< like I would expect. Both GNU and BSD makes get
- this right but... So, we just expand $< inline at the cost of
- some ugliness.
+1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-05 06:52 millert
+ * PORTING:
+ updated ,.
+ [54f523770a05]
- * version.c: If the invoking user is root, sudo will now print
- configure info in -V mode. Currently just prints logging info,
- to be expanded later.
+ * config.h.in:
+ added USE_GETPASS && HAVE_C2_SECURITY
+ [86b355cb2953]
-1999-08-05 06:51 millert
+ * configure.in:
+ fixed a test aded --with-C2 and --with-tgetpass
+ [abf6181588ef]
- * logging.c, logging.h, sudo.c, sudo.h: o new defines for syslog
- facility and priority o use new print_version() functino for -V
- mode
+ * check.c:
+ added hpux C2 shit
+ [20d4177ffa88]
-1999-08-05 06:49 millert
+ * Makefile.in:
+ took out tgetpass.*
+ [cc82fd9984b4]
- * check.c: Don't need version.c
+ * INSTALL:
+ added C2 blurb
+ [1d2bfc35e4b6]
-1999-08-05 06:21 millert
+1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * configure, configure.in, aclocal.m4, config.h.in: Add check for
- syslog facilities and priorities tables in syslog.h
+ * configure.in:
+ no termio(s) for ultrix since it is broken
+ [d3e82e835350]
-1999-08-05 05:23 millert
+ * check.c:
+ added a space (yeah, anal)
+ [05e4b31ca68c]
- * Makefile.in: o authenticate -> aix_auth o add version.c
+ * realpath.c, sudo_realpath.c:
+ fixed it (duh, rtfm)
+ [f13097cb8cb6]
-1999-08-05 05:21 millert
+1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/sudo_auth.c: Missed a prompt -> user_prompt conversion
+ * config.h.in:
+ took out bsd signal stuff for irix
+ [e179cdafc97a]
-1999-08-04 13:32 millert
+ * visudo.c:
+ comments in #endif
+ [e3a629190f5e]
- * TODO: sudo should lock its logfile
+ * configure.in:
+ don't define BSD signals for irix
+ [3ce57bffb7f0]
-1999-08-04 13:28 millert
+ * TODO:
+ did some...
+ [274241cd0f74]
- * parse.yacc: o Add '!' correctly when expanding Aliases. o Add
- shortcut macros for append() to make things more readable. o The
- separator in append() is now a string instead of a char. o In
- append(), only prepend the separator if the last char is not a
- '!'. This is a hack but it greatly simplifies '!' handling. o
- In -l mode, Runas lists and NOPASSWD/PASSWD tags are now
- inherited across entries in a list (matches current behavior).
- o Fix formatting in -l mode such that items in a list are
- separated by a space. Greatlt improves readability. o Space
- for name field in struct aliasinfo is now allocated dyanically
- instead of using a (big) buffer. o In add_alias(), only search
- the list once (lsearch instead of lfind + lsearch)
+ * CHANGES:
+ updated
+ [8f29fc755faf]
-1999-08-04 11:31 millert
+ * realpath.c, sudo_realpath.c:
+ took out unneeded code by changing where a strings was terminated
+ [b5564d62d30e]
- * lex.yy.c, sudo.tab.h: regen
+1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-08-04 10:54 millert
+ * realpath.c, sudo_realpath.c:
+ fix bug where /dirname would return NULL
+ [b85f470daf26]
- * configure, configure.in: Solais pam doesn't require anye xtra
- setup
+ * sudo.h:
+ move __P to config.h
+ [7763c0ff3f28]
-1999-08-04 05:35 millert
+ * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
+ added errno definition
+ [4cc9d2d9782a]
- * parse.yacc: o Simpler '!' support now that the lexer deals with
- multiple !'s for us. o In the case of opFOO, have FOO give a
- boolean return value and set foo_matches in opFOO, not FOO. o
- Treat 'ALL' as a string since it gets fill()'d in
- parse.lex--fixes a small memory leak. In the long run it may
- be better to just fix parse.lex and make ALL back into a token.
- However, having it be a string is useful since it can be
- easily passed back to the parent rule if we so desire.
+ * config.h.in:
+ added __P
+ [ca06f5aa58f3]
-1999-08-04 03:54 millert
+ * config.h.in:
+ added HAVE_FCHDIR
+ [206d714641e0]
- * parse.lex: o Remove some unnecessary backslashes o collapse
- multiple !'s by using !+ and checking if yyleng is even or odd.
- this allows us to simplify ! handling in parse.yacc
+ * strdup.c:
+ now include stdio
+ [0d8458da0e1d]
-1999-08-04 03:53 millert
+ * realpath.c, sudo_realpath.c:
+ now works if no fchdir
+ [e035911b6722]
- * sudo.c: -u flag was being ignored
+ * visudo.c:
+ define SA_RESETHAND to null if not defined
+ [afec03e84342]
-1999-08-01 13:04 millert
+ * configure.in:
+ added check & replace
+ [c1a65481441c]
- * Makefile.in: correct fix
+ * configure.in:
+ took out -static for nextstep -- it doesn't work
+ [fa1a1a611743]
-1999-08-01 12:37 millert
+1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * Makefile.in: work around pod2man stupididy
+ * logging.c:
+ moved #endif to where it belongs
+ [07d3a8972097]
-1999-08-01 12:35 millert
+ * SUPPORTED:
+ correction
+ [0c1ecba3e5a3]
- * Makefile.in: correct dependencies for .cat
+ * configure.in:
+ now checks for strdup realpath getcwd bzero
+ [f029a1917515]
-1999-08-01 12:26 millert
+ * config.h.in:
+ emulate bzero
+ [d792352e44a3]
- * sudo.cat, sudo.man, visudo.cat, visudo.man: regen
+ * visudo.c:
+ added posic signals
+ [2ed0005f90fc]
-1999-08-01 12:25 millert
+ * tgetpass.c:
+ bzero cast
+ [6d91b1a1526f]
- * sudo.pod, visudo.pod: Add copyright Update to reality
+ * logging.c:
+ added posix signals
+ [67ede9c22a05]
-1999-08-01 11:42 millert
+ * configure.in:
+ removed BROKEN_GETPASS added new srcs toreplace missing functions
+ [cf44274bb1c8]
- * parse.c, sudo.c, sudo.h: rename validate() to the more
- descriptive sudoers_lookup()
+ * config.h.in:
+ added posix signal stuff
+ [a3c1c98fe8ef]
-1999-08-01 06:49 millert
+ * Makefile.in:
+ added new srcs
+ [b6a079afee47]
- * auth/aix_auth.c: use tgetpass
+ * visudo.c:
+ updated useag
+ [589ed091c44f]
-1999-07-31 12:32 millert
+ * tgetpass.c:
+ now uses posix signals
+ [30f74964074f]
- * CHANGES: updates
+ * PORTING:
+ updated sto reflect major changes
+ [bcfc309e017b]
-1999-07-31 12:31 millert
+ * CHANGES, TODO:
+ updated
+ [23aacbd54278]
- * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
- configure, configure.in, sudo.c: Sudo, not CU Sudo
+ * tgetpass.c:
+ uses sysconf() if available
+ [a27431c90bab]
-1999-07-31 12:19 millert
+ * sudo.h:
+ added PASSWORD_TIMEOUT + prototypes for new functions
+ [d7473c2f77c4]
- * Makefile.in, alloc.c, check.c, compat.h, config.h.in,
- find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
- ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
- lex.yy.c, logging.c, logging.h, parse.c, parse.h, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
- auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
- auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
- auth/sudo_auth.c, auth/sudo_auth.h, emul/search.h, emul/utime.h,
- LICENSE: add 4th term to license similar to term 5 in the apache
- license
+ * realpath.c, sudo_realpath.c:
+ for those w/o this in libc
+ [1e47aa7a9d46]
-1999-07-31 12:02 millert
+ * getcwd.c, getwd.c:
+ Initial revision
+ [c90dea57a84f]
- * LICENSE, aclocal.m4, check.c, configure.in, insults.h, logging.c,
- sudo.c, sudo.h, auth/rfc1938.c: there was a 1995 release too
+ * find_path.c:
+ rewrote to use realpath(3) - nis now all my code
+ [d2c3bb8fb37d]
-1999-07-28 05:24 millert
+ * config.h.in:
+ added HAVE_REALPATH
+ [02c10352a8c7]
- * CHANGES: updates
+ * check.c:
+ now use tgetpass
+ [b5c021fc179f]
-1999-07-28 05:21 millert
+ * Makefile.in:
+ added LIBOBJS use tgetpass.c
+ [230a7b3eeaa3]
- * check.c: Use dirs instead of files for timestamp. This allows
- tty and non-tty schemes to coexist reasonably. Note, however,
- that when you update a tty ticket, the mtime on the user dir gets
- updated as well.
+1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-28 05:17 millert
+ * tgetpass.c:
+ works now :-)
+ [025e7a3875ba]
- * configure.in, configure: Fix getprpwnam() checking on SCO. Need
- to link with "-lprot -lx" when linking test program, not just
- -lprot. Also add check for getspnam(). The SCO docs indicate
- that /etc/shadow can be used but this may be a lie.
+ * tgetpass.c:
+ Initial revision
+ [3316ab33b230]
-1999-07-24 03:35 millert
+ * pathnames.h.in:
+ added /dev/tty
+ [29242585e53f]
- * auth/API: first cut at auth API description
+1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-22 15:48 millert
+ * version.h:
+ incremented
+ [f2e54b48280f]
- * auth/: fwtk.c, kerb4.c, kerb5.c, pam.c, rfc1938.c, secureware.c,
- securid.c, sudo_auth.c, sudo_auth.h: auth API change. There is
- now an init method that gets run before the main loop. This
- allows auth routines to differentiate between initialization that
- happens once vs. setup that needs to run each time through the
- loop.
+ * sudo.c:
+ always use getcwd
+ [c6068e8a4029]
-1999-07-22 12:23 millert
+ * config.h.in:
+ added check for getwd
+ [ab1e102ad673]
- * logging.c, auth/kerb5.c: use easprintf() and evasprintf()
+ * configure.in:
+ replace strdup & realpath & getcwd if missing
+ [b0eb14f2a1c3]
-1999-07-22 12:22 millert
+ * pathnames.h.in:
+ added _PATH_PWD
+ [309d2388f69a]
- * alloc.c, sudo.h: add easprintf() and evasprintf(), error checking
- versions of asprintf() and vasprintf()
+ * aclocal.m4:
+ added SUDO_PROG_PWD
+ [e16e85deb96c]
-1999-07-22 09:14 millert
+ * strdup.c:
+ Initial revision
+ [810efdc15007]
- * TODO: remove 2 items. One done, one won't do.
+ * realpath.c, sudo_realpath.c:
+ Initial revision
+ [d85eee438e09]
-1999-07-22 09:10 millert
+1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.man, visudo.man, sudo.cat, sudo.html, sudoers.html,
- visudo.cat, visudo.html, configure, lex.yy.c: regen
+ * configure.in:
+ quoted quare brackets
+ [d0e7ca111d98]
-1999-07-22 09:06 millert
+1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: new changes
+ * sudo.c:
+ no need to strdup() a constant
+ [a8c44712df9a]
-1999-07-22 09:01 millert
+ * CHANGES:
+ updated
+ [71364129cca0]
- * sudo.pod: o Document -K flag and update meaning of -k flag. o
- BSD-style copyright o Document clearing of BIND resolver
- environment variables o Clarify bit about shared libs o suggest
- rc files create /tmp/.odus if your OS gives away files
+ * sudo.man:
+ added validate
+ [0bb198095a26]
-1999-07-22 08:59 millert
+ * sudo.c:
+ added -v to usage
+ [31ea71f11dbb]
- * visudo.pod: BSD license
+ * parse.c, sudo.c, sudo.h:
+ added validate_only stuff
+ [9bcd853d3c90]
-1999-07-22 08:58 millert
+1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * tgetpass.c: o BSD copyright o no need to block signals, we now do
- that in main() o cosmetic changes
+ * configure.in:
+ now finds sed
+ [6374bb0d3f28]
-1999-07-22 08:57 millert
+ * aclocal.m4:
+ $OSREV is now an int
+ [ace0666d66cf]
- * testsudoers.c, visudo.c: o BSD-style copyright o Use "struct
- sudo_user" instead of old globals. o some cometic cleanup
+1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-22 08:56 millert
+ * configure.in:
+ added mtxinu to caser
+ [73a776887b16]
- * sudo_setenv.c, version.h: BSD-style copyright
+ * sudo.h:
+ added EXEC macro
+ [2e8eb28b710a]
-1999-07-22 08:56 millert
+ * sudo.c:
+ now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
+ [56afb4f658d5]
- * sudo.h: o BSD copyright o logging and parser bits moved to their
- own .h files o new "struct sudo_user" to encapsulate many of the
- old globals.
+ * logging.c:
+ changed mail_argv[] def now use EXEC() macro
+ [ddcabd28edb1]
-1999-07-22 08:55 millert
+ * check.c:
+ took out crypt() definition
+ [0e657724cf5f]
- * sudo.c: o no longer contains sudo 1.1/1.2 code o BSD copyright o
- use new logging routines o simplified flow of control o BIND
- resolver additions to badenv_table
+ * version.h:
+ upped the version
+ [62c5d66119fc]
-1999-07-22 08:53 millert
+ * configure.in:
+ always look for -lnsl
+ [d7b594f0313b]
- * strerror.c: BSD-style copyright
+ * aclocal.m4:
+ added an echo
+ [1caae3491dc5]
-1999-07-22 08:53 millert
+ * sudo.h:
+ SHORT_MESSAGE is now the default
+ [cfce35c3119a]
- * snprintf.c: Now compiles on more K&R compilers
+ * config.h.in:
+ fixed typo
+ [6499a564bf75]
-1999-07-22 08:52 millert
+ * configure.in:
+ added missing AC_DEFINE(SVR4) for solaris
+ [feef0b17b94f]
- * putenv.c: BSD-style copyright, cosmetic changes
+ * sudo.man:
+ documented the -v flag
+ [a6429f2bc2cf]
-1999-07-22 08:51 millert
+ * SUPPORTED:
+ updated
+ [088886e79540]
- * parse.c, parse.yacc, parse.h, parse.lex: BSD-style copyright.
- Move parser-specific defines and structs into parse.h + other
- cosmetic changes
+ * check.c:
+ proto-ized crypt()
+ [801e4ff5b121]
-1999-07-22 08:51 millert
+ * config.h.in:
+ added LIBSHADOW undef
+ [8df588e9ee2b]
- * logging.h: defines for logging routines
+ * configure.in:
+ nwo set OS to be lowercase
+ [561ebed833e4]
-1999-07-22 08:49 millert
+1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.h, pathnames.h.in: BSD-style copyright
+ * configure.in:
+ now use SUDO_OSTYPE to set $OS
+ [0e60aee23098]
-1999-07-22 08:48 millert
+ * aclocal.m4:
+ now use uname to determine os
+ [99705e58d400]
- * find_path.c, getspwuid.c, goodpath.c, interfaces.c: BSD-style
- copyright, cosmetic changes
+ * visudo.c:
+ added prototypes & moved sig handler around
+ [1f0bc8d23b51]
-1999-07-22 08:46 millert
+ * sudo.h:
+ added prototyppes
+ [be3935a2b163]
- * configure.in: o tgetpass.c is no longer optional o kill DCE_OBJS,
- add AUTH_OBJS o kill --disable-tgetpass o add --without-passwd o
- changes to fill in AUTH_OBJS for new auth api o check for
- strerror(), v?snprintf() and v?asprintf() o replace
- --with-AuthSRV with --with-fwtk
+ * check.c, logging.c, sudo.c:
+ added prototypes
+ [2079b4605ab8]
-1999-07-22 08:43 millert
+ * parse.c:
+ added comment
+ [a34d147d8399]
- * config.h.in: BSD-style copyright. Remove USE_GETPASS and
- HAVE_UTIME_NULL. Add HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF,
- HAVE_VSNPRINTF, HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and
- NO_PASSWD
+ * config.h.in:
+ nwo use _BSD_SIGNALS not _BSD_COMPAT
+ [63663195f047]
-1999-07-22 08:42 millert
+ * aixcrypt.exp:
+ Initial revision
+ [890aed08357e]
- * compat.h: BSD-style copyright; Add S_IFLNK and MIN/MAX id they
- are missing.
+ * Makefile.in:
+ added aixcrypt.exp
+ [1005a183105f]
-1999-07-22 08:39 millert
+ * parse.lex, parse.yacc:
+ moved config.h to top of includes
+ [9569c49aa5f3]
- * alloc.c: BSD-style copyright
+1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-22 08:38 millert
+ * find_path.c:
+ now don't bitch if get EACCESS (treat like EPERM)
+ [dbeffb638de4]
- * TROUBLESHOOTING: no more --with-getpass
+ * visudo.c:
+ added -v flag and usage()
+ [4d44ed60ed75]
-1999-07-22 08:34 millert
+ * version.h:
+ fixed a typo
+ [cf3f9347ae41]
- * TODO: Take out things I've done...
+ * sudo.c:
+ cast Argv to a const for exec added -v flag
+ [d11b6efc0e45]
-1999-07-22 08:34 millert
+ * logging.c:
+ mail_argv is now a const
+ [93bb5d90bb6f]
- * README: Refer to LICENSE
+ * configure.in:
+ only set RETSIGTYPE if it is not set already
+ [c97aac260b77]
-1999-07-22 08:34 millert
+ * aclocal.m4:
+ now defines & STDC_HEADERS for Irix
+ [9c2b24ad1fc5]
- * PORTING: --with-getpass no longer exists
+ * Makefile.in:
+ added version.h
+ [9f79e880229a]
-1999-07-22 08:33 millert
+ * insults.h, sudo.h:
+ prevent multiple inclusion
+ [d68c8a9243ce]
- * Makefile.in: BSD-style copyright. Update to reflect reality wrt
- new files and new auth modules.
+ * version.h:
+ Initial revision
+ [dbb39c5ef8d9]
-1999-07-22 08:32 millert
+ * parse.lex, parse.yacc:
+ now includes config.h
+ [f117e036a56b]
- * INSTALL: Remove --with-AuthSRV and --disable-tgetpass. Add
- --with-fwtk and --without-passwd.
+ * aclocal.m4:
+ now talks about sunos 4.x
+ [c9054aa92d4e]
-1999-07-22 08:31 millert
+ * visudo.c:
+ calls to Exit now pass an arg
+ [a92104670551]
- * HISTORY: Update history a bit
+1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-22 08:29 millert
+ * visudo.c:
+ signal handler now takes an int argument
+ [26f480c41523]
- * COPYING, LICENSE: Now distributed under a BSD-style license
+ * CHANGES:
+ updated
+ [8c166a9d796b]
-1999-07-22 08:28 millert
+ * sudo.c:
+ ok, the getcwd() is now *really* done as the user
+ [ab86cf85134a]
- * auth/sudo_auth.c: o BSD-style copyright o Add support for
- NO_PASSWD/WITHOUT_PASSWD options. o skey/opie replaced by
- rfc1938 code o new struct sudo_user global
+ * configure.in:
+ changed AIX STATIC_FLAGS
+ [b9c0a3ba5663]
-1999-07-22 08:25 millert
+ * aclocal.m4:
+ solaris now defines SVR4
+ [c3e20cac96f5]
- * auth/: pam.c, sia.c: BSD-style copyright and use new log
- functions
+ * sudo.h:
+ added cwd and fixed stupid core dump that makes no sense. sigh.
+ [7a9755436dbb]
-1999-07-22 08:24 millert
+ * sudo.c:
+ moved getcwd stuff into load_globals
+ [ec2bc90df1f3]
- * auth/kerb5.c: o BSD-style copyright o Use new log functiongs o
- Use asprintf() and snprintf() where sensible.
+ * parse.c:
+ took out externs that are in suod.h
+ [93c4b3f856d7]
-1999-07-22 08:19 millert
+ * logging.c:
+ moved cwd into load_globals
+ [050de754d228]
- * check.c: Rewrote all the old sudo 1.1/1.2 code. Timestamp
- handling is now done more reasonably--better sanity checks and
- tty-based stamps are now done as files in a directory with the
- same name as the invoking user, eg. /var/run/sudo/millert/ttyp1.
- It is not currently possible to mix tty and non-tty based ticket
- schemes but this may change in the future (it requires sudo to
- use a directory instead of a file in the non-tty case). Also,
- ``sudo -k'' now sets the ticket back to the epoch and ``sudo -K''
- really deletes the file. That way you don't get the lecture
- again just because you killed your ticket in .logout. BSD-style
- copyright now.
+ * find_path.c:
+ moved cwd stuff
+ [22f3f3b4c34d]
-1999-07-22 08:13 millert
+ * Makefile.in:
+ fixed make distclean & realclean
+ [c9964d89bcef]
- * logging.c: o rewritten logging routines. log_error() now takes
- printf-style varargs and log_auth() for the return value of
- validate(). o BSD-style copyright
+ * TODO:
+ updated .,
+ [e513581ef0e3]
-1999-07-22 07:04 millert
+ * CHANGES:
+ added solaris changes
+ [505d930daf27]
- * auth.c, check_sia.c, dce_pwent.c, secureware.c: superceded by new
- auth API
+ * aclocal.m4:
+ added solaris changes, need to rework
+ [33f20fb16c49]
-1999-07-22 07:02 millert
+ * configure.in:
+ cleaned up for solaris
+ [2fb8cfa05d0f]
- * auth/fwtk.c: Use snprintf() where it makes sense and add a
- BSD-style copyright
+ * logging.c:
+ reinstall reapchild signal handler for non-bsd signals
+ [3d1dc545113d]
-1999-07-22 07:00 millert
+ * sudo.h:
+ took out getdtablesize() emulation for HP-UX (no longer needed)
+ [1fc83d170f34]
- * auth/: afs.c, aix_auth.c, dce.c, passwd.c, rfc1938.c,
- secureware.c, securid.c, sudo_auth.h, kerb4.c: BSD-style
- copyright
+ * sudo.c:
+ support for HAVE_SYSCONF
+ [50ca2a7a224a]
-1999-07-22 06:57 millert
+ * visudo.c:
+ added <fcntl.h> for solaris & reorg'd the includes + minor prettying
+ up /
+ [0a570e826dd4]
- * emul/utime.h, utime.c: BSD-style copyright
+ * config.h.in:
+ added HAVE_SYSCONF
+ [2b9a9f3a4e94]
-1999-07-22 06:57 millert
+1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * emul/search.h: this has been rewritten so use my BSD-style
- copyright
+ * configure.in:
+ now tells you what os you are running /.
+ [06c6332a895b]
-1999-07-15 11:21 millert
+ * aclocal.m4:
+ took out extra ','
+ [e8c75ce59f4a]
- * snprintf.c: include malloc.h if no stdlib.h
+1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
-1999-07-15 10:21 millert
+ * config.h.in:
+ added _BSD_COMPAT
+ [73c5099806c2]
- * snprintf.c: KTH snprintf()/asprintf() for systems w/o them
+ * aclocal.m4:
+ fixed for irix5
+ [1047d1f6c0eb]
-1999-07-15 10:20 millert
+ * CHANGES:
+ updated
+ [1bc4969fee96]
- * strerror.c: strerror() for systems w/o it
+ * sudo.c:
+ uid seinitialized to -2
+ [8d7812b1878b]
-1999-07-12 06:53 millert
+1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: stylistic changes
+ * sudo.c:
+ now removes LIBPATH for AIX
+ [075392eb1dd9]
-1999-07-12 06:25 millert
+1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.c, parse.lex, parse.yacc: Add contribution info in the main
- comment
+ * configure.in:
+ now uses ufc if it finds it
+ [ab6ce30a5958]
-1999-07-11 16:10 millert
+1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * auth/pam.c: remove missed ref to PAM_nullpw
+ * sudo.h:
+ no longer define yyval & yylval since yacc does it
+ [09d250aea50a]
-1999-07-11 16:10 millert
+ * parse.lex:
+ now defines yylval as extenr
+ [8ec2b88952bc]
- * auth/sudo_auth.h: pasto
+ * configure.in:
+ BROKEN_GETPASS is now an OPTION
+ [3714f4bb8312]
-1999-07-11 15:19 millert
+ * config.h.in:
+ took out BROKEN_GETPASS
+ [9c4f6aa50137]
- * auth/kerb5.c: more or less complete now--still untested
+ * Makefile.in:
+ took out big comment
+ [4c13cff0e556]
-1999-07-11 15:09 millert
+ * README:
+ updated
+ [b8b9902b620d]
- * auth/: afs.c, pam.c: don't use user_name macro, it will go away
+ * Makefile.in:
+ took out README.beta
+ [ed2cd861e82b]
-1999-07-11 14:42 millert
+ * SUPPORTED:
+ Initial revision
+ [2fffc51e6606]
- * auth/: opie.c, rfc1938.c, sudo_auth.h, skey.c: combine skey/opie
- code into rfc1938.c
+ * INSTALL:
+ now reference SUPPORTED .,
+ [d112c30be1f2]
-1999-07-11 07:22 millert
+ * config.h.in:
+ now check for convex OR __convex__
+ [a0e5701a3069]
- * auth/: dce.c, sudo_auth.h: DCE authentication method; basically
- unchanged from dce_pwent.c
+ * aclocal.m4:
+ now check for convex or __convex__
+ [5dae2bfbe3bc]
-1999-07-11 06:44 millert
+ * Makefile.in:
+ added dist target
+ [400a54de57db]
- * auth/: aix_auth.c, sudo_auth.h: AIX authenticate() support.
- Could probably be much better
+ * aclocal.m4:
+ use __convex__
+ [58a19470ed0b]
-1999-07-11 06:43 millert
+ * find_path.c:
+ now use _S_* stat stuff to be ansi-like
+ [28cce560e048]
- * auth/sia.c: Fix an uninitialized variable and some cleanup. Now
- works (tested)
+ * INSTALL:
+ updated for configure directions
+ [a034ccc7c30a]
-1999-07-11 05:37 millert
+ * Makefile.in:
+ distclean now removes config.h and pathnames.h
+ [300f2349b4ab]
- * auth/: sia.c, sudo_auth.h: SIA support for digital unix
+ * CHANGES:
+ updated
+ [646f7e9430c1]
-1999-07-11 05:33 millert
+ * TODO:
+ fixed typoe
+ [70fd6361b2bc]
- * auth/pam.c: don't use prompt global, it will go away
+ * visudo.c:
+ updated version
+ [cf13d87d789f]
-1999-07-11 05:32 millert
+ * Makefile.in:
+ updated version
+ [8c5dacc27a7a]
- * auth/secureware.c: correct copyright years
+ * config.h.in, pathnames.h.in:
+ added copyright header
+ [747ce3d3d6b7]
-1999-07-10 20:32 millert
+ * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
+ parse.yacc, sudo.c, sudo.h:
+ udpated version
+ [4751c39bad18]
- * auth/: afs.c, fwtk.c, kerb4.c, sudo_auth.h, kerb5.c, opie.c,
- pam.c, passwd.c, secureware.c, securid.c, skey.c, sudo_auth.c:
- New authentication API and methods
+ * visudo.c:
+ udpated to use configure + pathnames.h
+ [d45dff76a1cd]
-1999-07-08 06:46 millert
+ * aclocal.m4:
+ updated
+ [f05a367a55be]
- * parse.yacc: only save an entry if user_matches && host_matches,
- even if the stack is empty (fix for previous commit)
+ * Makefile.in, config.h.in, configure.in:
+ updated
+ [524778598879]
-1999-07-08 06:35 millert
-
- * parse.yacc: 1) Always save an entry on the stack if it is empty.
- This fixes the -l and -v flags that were broken by earlier parser
- changes.
-
- 2) In a Runas list, don't negate FALSE -> TRUE since that would
- make !foo match any time the user specified a runas user (via -u)
- other than foo.
-
-1999-07-08 05:45 millert
-
- * testsudoers.c: interfaces and num_interfaces are now auto, not
- extern
-
-1999-07-07 14:09 millert
-
- * auth.c: use a static global to keep stae about empty passwords
-
-1999-07-07 14:08 millert
-
- * check_sia.c: make PASSWORD_NOT_CORRECT logging consistent with
- other modules
-
-1999-07-05 16:53 millert
-
- * auth.c: PAM prompt code was wrong, looks like we have to kludge
- it after all.
-
-1999-07-05 16:35 millert
-
- * auth.c: In the PAM code, when a user hits return at the first
- password prompt, exit without a warning just like the normal auth
- code
-
-1999-07-05 16:15 millert
-
- * configure, configure.in: kludge around cross-compiler false
- positives
-
-1999-07-05 16:14 millert
-
- * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c: New
- (correct) PAM code Tgetpass now takes an echo flag for use with
- PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
- useless umask setting Change error from BAD_ALLOCATION ->
- BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to
- auth.c for consistency
-
-1999-07-05 16:11 millert
-
- * sudo.c: Some -Wall and kill some trailing spaces
-
-1999-07-05 16:10 millert
-
- * configure.in: define -D__EXTENSIONS__ for solaris so we get
- crypt() proto
-
-1999-06-22 09:42 millert
-
- * RUNSON: add Dynix 4.4.4
-
-1999-06-22 09:30 millert
-
- * INSTALL, config.h.in, configure.in, configure: for kerberos V <
- version, fall back on old kerb4 auth code
-
-1999-06-22 06:41 millert
-
- * INSTALL: clarify some things
-
-1999-06-22 06:38 millert
-
- * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod: typos
-
-1999-06-14 19:47 millert
-
- * sudo.c: mention why DONT_LEAK_PATH_INFO is not the default
-
-1999-06-03 12:34 millert
-
- * tgetpass.c: Fix open(2) return value checking, was NULL for
- fopen, should be -1 for open
-
-1999-06-03 12:06 millert
-
- * configure: regen
-
-1999-06-03 12:06 millert
-
- * configure.in: better wording for solaris pam notice
-
-1999-06-03 11:52 millert
-
- * CHANGES: document recent changes
-
-1999-06-03 11:52 millert
-
- * TROUBLESHOOTING: Update shadow password section
-
-1999-06-03 11:51 millert
-
- * auth.c: move authentication code from check.c to auth.c
-
-1999-06-03 11:51 millert
-
- * Makefile.in, check.c, sudo.h: move authentication code to auth.c
-
-1999-05-16 21:36 millert
-
- * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
- getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
- logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
- sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, visudo.c: Move
- interface-related defines to interfaces.h so we don't have to
- include <netinet/in.h> everywhere.
-
-1999-05-14 12:30 millert
-
- * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c,
- logging.c, parse.yacc, sudo.c, tgetpass.c: o Replace _PASSWD_LEN
- braindeath with our own SUDO_MAX_PASS.
- It turns out the old DES crypt does the right thing with
- passwords
- longert than 8 characters.
- o Fix common typo (necesary -> necessary)
- o Update TODO list
-
-1999-05-03 12:00 millert
-
- * sudo.c: set $LOGNAME when we set $USER
-
-1999-04-27 00:00 millert
-
- * INSTALL: add comment about digital unix and interfaces.c warning
- with gcc
-
-1999-04-15 01:12 millert
-
- * sample.sudoers: use modern paths and give examples for some of
- the new parser features
-
-1999-04-10 13:03 millert
-
- * parse.c: fix comment
-
-1999-04-10 00:49 millert
-
- * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
- getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c,
- parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
- Function names should be flush with the start of the line so they
- can be found trivially in an editor and with grep
-
-1999-04-10 00:40 millert
-
- * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex,
- parse.yacc, sudo.c, testsudoers.c, tgetpass.c, visudo.c: free(3)
- is already void, no need to cast it
-
-1999-04-10 00:37 millert
-
- * logging.c, sudo.c, sudo.h: catch case where cmnd_safe is not set
- (this should not be possible)
-
-1999-04-10 00:10 millert
-
- * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h,
- testsudoers.c, visudo.c: Stash the "safe" path (ie: the one
- listed in sudoers) to the command instead of stashing the struct
- stat. Should be safer.
-
-1999-04-08 19:56 millert
-
- * INSTALL, Makefile.in, UPGRADE: notes on updating from an earlier
- release
-
-1999-04-07 20:20 millert
-
- * CHANGES: updated
-
-1999-04-07 19:18 millert
-
- * parse.yacc, sudo.tab.h, sudoers.cat, sudoers.html, sudoers.man,
- sudoers.pod: You can now specifiy a host list instead of just a
- host or alias. Ie: user = host1,host2,ALIAS,!host3 my_command
- now works.
-
-1999-04-07 02:59 millert
-
- * testsudoers.c: Quiet -Wall
-
-1999-04-07 02:50 millert
-
- * parse.yacc: Move the push from the beginning of cmndspec to the
- end. This means we no longer have to do a push at the end of
- privilege, just reset some values.
-
-1999-04-06 20:24 millert
-
- * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: runas-lists
- and NOPASSWD/PASSWD modifiers are now sticky and you can use "!"
- most everywhere
-
-1999-04-06 14:12 millert
-
- * sudoers.pod: modernize paths and update su example based on
- sample.sudoers one
-
-1999-04-06 14:06 millert
-
- * sample.sudoers: New runas semantics
-
-1999-04-06 13:54 millert
-
- * CHANGES, Makefile.in, alloc.c, config.h.in, configure,
- configure.in, strdup.c, sudo.h: In estrdup(), do the malloc
- ourselves so we don't need to rely on the system strdup(3) which
- may or may not exist. There is now no need to provide strdup()
- for those w/o it. Also, the prototype for estrdup() was wrong,
- it returns char * and its param is const.
-
-1999-04-06 13:40 millert
-
- * getcwd.c: $Sudo tag
-
-1999-04-06 13:20 millert
-
- * check.c: buf should be prompt; Michael Robokoff
- <mrobo@networkcs.com>
-
-1999-04-06 01:40 millert
-
- * CHANGES, TODO, parse.yacc: It is now possible to use the '!'
- operator in a runas list as well as in a Cmnd_Alias, Host_Alias
- and User_Alias.
-
-1999-04-06 01:38 millert
-
- * logging.c, sudo.h: Kill GLOBAL_NO_SPW_ENT (not used) and crank
- GLOBAL_PROBLEM
-
-1999-04-06 01:08 millert
-
- * sudo.h: Definitions of *_matched were wrong--user top, not top-2
- as subscript.
-
-1999-04-06 01:00 millert
-
- * logging.c, parse.c, parse.yacc, sudo.c, sudo.h: Add
- VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
- command but the NOPASSWD flag was set. Make runasspec,
- runaslist, runasuser, and nopasswd typeless in parse.yacc Add
- support for '!' in the runas list Fix double printing of '%' and
- '+' for groups and netgroups respectively Add *_matched macros
- (no need for local stack variable). Should only be used directly
- after a pop (since top must be >= 2).
-
-1999-04-05 23:25 millert
-
- * aclocal.m4, configure.in: Add copyright, somewhat silly
-
-1999-04-05 16:57 millert
-
- * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c,
- check_sia.c, compat.h, config.h.in, configure, configure.in,
- dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
- pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c,
- sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat,
- sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c, visudo.cat, visudo.man, emul/utime.h: Crank version to
- 1.6 and combine copyright statements
-
-1999-04-05 16:30 millert
-
- * sample.sudoers: Use ! not ^ to do negation
-
-1999-04-05 16:29 millert
-
- * lex.yy.c: regen
-
-1999-04-05 16:28 millert
-
- * parse.yacc, parse.lex: Make runas and NOPASSWD tags persistent
- across entris in a command list. Add a PASSWD tag to reverse
- NOPASSWD. When you override a runas or *PASSWD tag the value
- given becomes the new default for the rest of the command list.
-
-1999-04-02 16:03 millert
-
- * CHANGES, RUNSON: update for 1.5.9
-
-1999-04-02 16:02 millert
-
- * visudo.c: Shift return value of system(3) by 8 to get real exit
- value and if it is not 1 or 0 print the retval along with the
- error message.
-
-1999-03-30 16:45 millert
-
- * Makefile.in: testsudoers needs LIBOBJS too
-
-1999-03-30 12:17 millert
-
- * parse.c, parse.yacc: Fix another parser bug. For a sudoers entry
- like this: millert ALL=/bin/ls,(daemon) !/bin/ls sudo
- would not allow millert to run ls as root.
-
-1999-03-30 01:08 millert
-
- * CHANGES: new change
-
-1999-03-30 01:03 millert
-
- * parse.yacc: Save entries that match a ! command on the matching
- stack too
-
-1999-03-30 01:01 millert
-
- * sudo.c: Make sudo's usage info better when mutually exclusive
- args are given and don't rely on argument order to detect this;
- nick@zeta.org.au
-
-1999-03-29 15:03 millert
-
- * CHANGES, Makefile.in, RUNSON: updates from CU
-
-1999-03-28 23:38 millert
-
- * Makefile.in: use gzip
-
-1999-03-28 23:31 millert
-
- * parse.yacc: Fix off by one error introduced in *alloc changes
-
-1999-03-28 23:05 millert
-
- * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
- check_sia.c, compat.h, config.h.in, configure, configure.in,
- dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
- pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c,
- sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat,
- sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod,
- emul/utime.h: ++version
-
-1999-03-28 21:59 millert
-
- * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
- interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex,
- parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, utime.c, visudo.c: Use
- emalloc/erealloc/estrdup
-
-1999-03-28 20:29 millert
-
- * alloc.c: error checking memory allocation routines
-
-1999-03-28 19:23 millert
-
- * parse.yacc: Still not right, this fixes it for real
-
-1999-03-28 19:08 millert
-
- * parse.yacc: Fix for previous commit
-
-1999-03-28 19:05 millert
-
- * CHANGES, INSTALL, parse.yacc: Fix a parser bug that was exposed
- when mixing different runas specs and ! commands. For example:
- millert ALL=(daemon) /usr/bin/whoami,!/bin/ls would
- allow millert to run whoami as root as well as daemon when it
- should just allow daemon. The problem was that comma-separated
- commands in a list shared the same entry on the matching stack.
- Now they get their own entry iff there is a full match. It may
- be better to just make the runas spec persistent across all
- commands in a list like the user and host entries of the matching
- stack. However, since that is a fairly major change it should
- gets its own minor rev increase.
-
-1999-03-28 13:50 millert
-
- * check.c, config.h.in: Simplify PAM code and fix a PAM-related
- warning on Linux
-
-1999-03-26 13:17 millert
-
- * CHANGES: updates
-
-1999-03-26 13:12 millert
-
- * sample.sudoers: better su entry
-
-1999-03-26 13:10 millert
-
- * configure: regen
-
-1999-03-26 13:09 millert
-
- * check.c, configure.in: new pam code that works on solaris, should
- work on linux too; aelberg@home.com
-
-1999-03-19 14:44 millert
-
- * RUNSON: more entries
-
-1999-03-19 14:43 millert
-
- * config.h.in: only include strings.h if there is no string.h
-
-1999-03-17 15:25 millert
-
- * config.guess: Sinix is now being called ReliantUNIX;
- bjjackso@us.oracle.com
-
-1999-03-13 13:37 millert
-
- * sudo.c: shost must be set before log functions are called #ifdef
- HOST_IN_LOG
-
-1999-03-07 18:34 millert
-
- * CHANGES, lex.yy.c, parse.lex: Fix a bug wrt quoting characters in
- command args. Stop processing an arg when you hit a backslash so
- the quoted-character detection can catch it.
-
-1999-02-26 01:19 millert
-
- * interfaces.c: include sys/time.h; aparently AIX needs it.
- ppz@cdu.elektra.ru
-
-1999-02-23 19:43 millert
-
- * configure, configure.in: add missing case statement so
- --without-sendmail works
-
-1999-02-22 21:51 millert
-
- * CHANGES: more
-
-1999-02-22 15:10 millert
-
- * configure, configure.in: only search for -lsun in irix <= 4.x
-
-1999-02-22 15:01 millert
-
- * configure, configure.in: back out last configure.in change now
- that I've hacked autoconf to fix the real problem and add a
- missing newline
-
-1999-02-22 14:32 millert
-
- * CHANGES: updated
-
-1999-02-22 14:05 millert
-
- * getcwd.c: add def of dirfd() for those without it
-
-1999-02-22 10:58 millert
-
- * configure.in, configure: When falling back to checking for
- socket() when linking with "-lsocket -lnsl" check for main()
- instead since autoconf has already cached the results of checking
- for socket() in -lsocket. This is really an autoconf bug as it
- should use the extra libs as part of the cache variable name.
-
-1999-02-22 10:47 millert
-
- * configure.in: typo
-
-1999-02-21 15:18 millert
-
- * configure.in: fix occurrence of $with_timeout that should be
- $with_password_timeout;
- Michael.Neef@neuroinformatik.ruhr-uni-bochum.de
-
-1999-02-17 11:40 millert
-
- * sudo.cat, sudo.html, sudo.man, sudo.pod: fix grammar;
- espie@openbsd.org
-
-1999-02-11 01:41 millert
-
- * parse.yacc, sudo.c, testsudoers.c: add cast for strdup in places
- it does not have it
-
-1999-02-09 13:11 millert
-
- * configure, configure.in: define for_BSD_TYPES irix
-
-1999-02-06 19:47 millert
-
- * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod: Make it
- clear that it is the user's password, not root's, that we want.
-
-1999-02-06 19:43 millert
-
- * check.c, sudo.h: If the user enters an empty password and really
- has no password, accept the empty password they entered.
- Perviously, they could enter anything *but* an empty password.
- Also, add GETPASS macro that calls either tgetpass() or getpass()
- depending on how sudo was configured. Problem noted by
- jdg@maths.qmw.ac.uk
-
-1999-02-02 23:32 millert
-
- * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
- putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
- testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c,
- emul/utime.h: add explicate copyright
-
-1999-02-02 23:16 millert
-
- * CHANGES: mention -lsocket, -lnsl configure changes
-
-1999-02-02 17:54 millert
-
- * sudo.c: Don't clobber errno after calling check_sudoers().
-
-1999-01-31 19:46 millert
-
- * configure.in, configure: When linking with both -lsocket and
- -lnsl be sure to do so in that order. Also, when we can't find
- socket() or inet_addr() and have to try linking with both libs,
- issue a warning.
-
-1999-01-31 19:45 millert
-
- * sudo.cat, sudo.man, sudo.pod: clarify bad timestamp and fmt
-
-1999-01-23 12:18 millert
-
- * INSTALL, RUNSON: be clear that pam is linux-only and add a RUNSON
- entry
-
-1999-01-22 13:13 millert
-
- * configure, CHANGES, INSTALL, configure.in: fix and correctly
- document --with-umask; problem noted by adap@adap.org
-
-1999-01-19 20:38 millert
-
- * configure.in, configure: only use /usr/{man,catman}/local to
- store man pages if suer didn't override prefix or mandir
-
-1999-01-19 20:24 millert
-
- * configure, INSTALL, configure.in: fix typo, make --with-SecurID
- take an arg
-
-1999-01-18 21:53 millert
-
- * RUNSON: updates from users
-
-1999-01-18 21:04 millert
-
- * CHANGES, INSTALL, check.c, configure, configure.in: FWTK
- 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
-
-1999-01-18 20:00 millert
-
- * configure, configure.in: better fix for the problem of unresolved
- symbols in -lnsl or -lsocket
-
-1999-01-18 19:39 millert
-
- * configure, configure.in: when checking for functions in -lnsl and
- -lsocket link with both of them to avoid unresolved symbols on
- some weirdo systems
-
-1999-01-17 20:49 millert
-
- * BUGS, CHANGES, RUNSON, TODO: old changes that didn't make it into
- RCS before the RCS->CVS switch
-
-1999-01-17 18:16 millert
-
- * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
- configure.in, dce_pwent.c, find_path.c, getspwuid.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, lex.yy.c, logging.c, lsearch.c, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c,
- sudo.c, sudo.pod, sudo_setenv.c, sudoers.pod, testsudoers.c,
- tgetpass.c, utime.c, visudo.c, visudo.pod, emul/search.h,
- emul/utime.h: add sudo tags
-
-1999-01-17 17:53 millert
-
- * version.h, sudo.h: testing Sudo tag
-
-1999-01-17 17:40 millert
-
- * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c,
- compat.h, config.h.in, configure, configure.in, dce_pwent.c,
- find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
- ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
- logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
- putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
- sudo.man, sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c,
- tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, visudo.man,
- emul/utime.h: crank version and regen files
-
-1999-01-17 17:27 millert
-
- * Makefile.in: kill rcs goop in update_version and fix now that
- version is a const
-
-1999-01-17 17:08 millert
-
- * INSTALL, check.c, config.h.in, configure, configure.in,
- logging.c, sudo.c, sudo.h, sudo.pod: kerb5 support from
- fcusack@iconnet.net
-
-1999-01-17 16:45 millert
-
- * realpath.c, sudo_realpath.c: we no longer use realpath
-
-1999-01-17 16:44 millert
-
- * qualify.c: replaced by find_path.c
-
-1999-01-17 16:43 millert
-
- * options.h: all options are now configure flags
-
-1999-01-17 16:42 millert
-
- * lex.yy.c: regen
-
-1999-01-17 16:41 millert
-
- * getwd.c: superceded by getcwd.c
-
-1999-01-17 16:36 millert
-
- * getpass.c: superceded by tgetpass.c
-
-1999-01-17 16:36 millert
-
- * SUPPORTED: superceded by RUNSON
-
-1999-01-17 16:33 millert
-
- * OPTIONS: No longer used now that we have configure options for
- everything.
-
-1999-01-17 16:32 millert
-
- * configure: regen based on configure.in
-
-1999-01-17 16:31 millert
-
- * sudo.man, sudoers.man, visudo.man, sudo.cat, sudo.html,
- sudoers.cat, visudo.cat, sudoers.html, visudo.html: regen based
- on sudo.pod, sudoers.pod, and visudo.pod
-
-1998-12-11 12:16 millert
-
- * check.c: fix tty tickets in remove_timestamp (didn't use ':')
-
-1998-12-07 16:16 millert
-
- * interfaces.c: close sock when we are done with it
-
-1998-11-27 19:37 millert
-
- * parse.yacc: never say "error on line -1"
-
-1998-11-23 23:38 millert
-
- * configure.in: check for -lnsl before -lsocket
-
-1998-11-23 23:29 millert
-
- * configure.in: quote '[', ']' used in ranges correctly
-
-1998-11-21 17:54 millert
-
- * config.h.in: add missing NO_ROOT_SUDO noted by drno@tsd.edu
-
-1998-11-20 18:33 millert
-
- * version.h: 1.5.7
-
-1998-11-20 18:33 millert
-
- * INSTALL: more info for 1.5.7
-
-1998-11-20 18:30 millert
-
- * README: update for 1.5.7
-
-1998-11-20 14:26 millert
-
- * parse.yacc: make increases of cm_list_size and ga_list_size be
- similar to increases of stacksize (ie: >= not > in initial
- compare).
-
-1998-11-20 14:22 millert
-
- * parse.yacc: when we get a syntax error, report it for the
- previous line since that's generally where the error occurred.
-
-1998-11-18 15:31 millert
-
- * config.h.in, configure.in, interfaces.c: add back check for
- sys/sockio.h but only use it if SIOCGIFCONF is not defined
-
-1998-11-18 15:25 millert
-
- * config.h.in: define BSD_COMP for svr4
-
-1998-11-17 23:16 millert
-
- * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
- goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c,
- parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: more
- -Wall
-
-1998-11-17 23:10 millert
-
- * configure.in: kill check for sockio,h
-
-1998-11-17 23:10 millert
-
- * config.h.in: no more HAVE_SYS_SOCKIO_H
-
-1998-11-17 22:51 millert
-
- * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
- goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c,
- parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
- -Wall
-
-1998-11-16 17:38 millert
-
- * sudo.c: add missing inform_user()
-
-1998-11-13 19:21 millert
-
- * find_path.c: return NOT_FOUND if given fully qualified path and
- it does not exist previously it would perror(ENOENT) which
- bypasses the option to not leak path info
-
-1998-11-13 19:20 millert
-
- * configure.in: for kerb5, check for -lkerb4, fall back on -lkrb
- for kerb, check for -ldes
-
-1998-11-13 14:19 millert
-
- * INSTALL: tty tickets are user:tty now
-
-1998-11-13 14:10 millert
-
- * check.c: when using tty tickets make it user:tty not user.tty as
- a username could have a '.' in it
-
-1998-11-09 19:15 millert
-
- * sudo.c: add "ignoring foo found in ." for auth successful case
-
-1998-11-09 17:57 millert
-
- * sudo.c: add missing printf param
-
-1998-11-08 15:56 millert
-
- * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
- go back to printing "command not found" unless
- --disable-path-info specified. Also, tell user when we ignore
- '.' in their path and it would have been used but for
- --with-ignore-dot.
-
-1998-11-08 13:51 millert
-
- * check.c, sudo.c: Only one space after a colon, not two, in
- printf's
-
-1998-11-05 12:59 millert
-
- * sudo.pod: document setting $USER
-
-1998-11-04 22:24 millert
-
- * check.c: fix bugs with prompt expansion
-
-1998-11-04 21:21 millert
-
- * sudo.c: set $USER for root too
-
-1998-11-04 17:13 millert
-
- * getspwuid.c: typo
-
-1998-11-04 17:07 millert
-
- * configure.in: HP-UX's iscomsec is in -lsec, not libc
-
-1998-11-03 22:24 millert
-
- * configure.in: remove some entries in the OS case statement that
- did nothing
-
-1998-11-03 22:19 millert
-
- * TROUBLESHOOTING: add "cd" section and flush out syslog section
-
-1998-11-03 20:51 millert
-
- * Makefile.in: no more sudo-lex.yy.c
-
-1998-11-03 20:50 millert
-
- * check_sia.c: add custom prompt support
-
-1998-11-03 20:40 millert
-
- * sudo.c: kill perror("malloc") since we already have a good error
- messages pw_ent -> pw for brevity set $USER if -u specified
-
-1998-11-03 20:39 millert
-
- * parse.c: kill perror("malloc") since we already have a good error
- messages pw_ent -> pw for brevity when checking if %group
- matches, look up user in password file so that %groups works in a
- RunAs spec.
-
-1998-11-03 20:39 millert
-
- * logging.c, parse.yacc: kill perror("malloc") since we already
- have a good error messages
-
-1998-11-03 20:38 millert
-
- * check.c, getspwuid.c, interfaces.c, testsudoers.c: kill
- perror("malloc") since we already have a good error messages
- pw_ent -> pw for brevity
-
-1998-11-03 15:03 millert
-
- * tgetpass.c: the prompt is expanded before tgetpass is called
-
-1998-11-03 15:03 millert
-
- * sudo.h: tgetpass now has the same args as getpass again
-
-1998-11-03 15:02 millert
-
- * getspwuid.c: add iscomsec, issecure support
-
-1998-11-03 15:02 millert
-
- * check.c: we now expand any %h or %u in the prompt before passing
- to tgetpass
-
-1998-11-03 14:58 millert
-
- * configure.in: add check for syslog(3) in -lsocket, -lnsl, -linet
-
-1998-11-03 14:56 millert
-
- * config.h.in: add HAVE_ISCOMSEC and HAVE_ISSECURE
-
-1998-11-03 14:55 millert
-
- * configure.in: add check for iscomsec in HP-UX
-
-1998-11-03 14:51 millert
-
- * configure.in: check for issecure if we have getpwanam on SunOS
- some options are incompatible with DUNIX SIA check for dispcrypt
- on DUNIX
-
-1998-10-25 15:21 millert
-
- * config.h.in: add HAVE_DISPCRYPT
-
-1998-10-25 15:21 millert
-
- * secureware.c: add back support for non-dispcrypt based checking
- for older DUNIX
-
-1998-10-25 00:51 millert
-
- * INSTALL: sia changes
-
-1998-10-25 00:48 millert
-
- * configure.in: SIA becomes the default on Digital UNIX now havbe
- --disable-sia to turn it off...
-
-1998-10-24 23:52 millert
-
- * check.c: move local includes after system ones
-
-1998-10-24 19:28 millert
-
- * check.c, check_sia.c, sudo.h: add pass_warn() which prints out
- INCORRECT_PASSWORD or an insult to stderr
-
-1998-10-24 19:07 millert
-
- * check_sia.c: fix while loop in sia_attempt_auth() that checks the
- password. Only the first iteration was working.
-
-1998-10-21 21:00 millert
-
- * aclocal.m4: don't trust UID_MAX or MAXUID
-
-1998-10-21 20:35 millert
-
- * configure.in: fix two pastos
-
-1998-10-21 20:30 millert
-
- * configure.in: fix typo
-
-1998-10-21 20:19 millert
-
- * getspwuid.c, secureware.c: init crypt_type to INT_MAX since it is
- legal to be negative in DUNX 5.0
-
-1998-10-21 20:15 millert
-
- * configure.in: for secureware on dunix, use -lsecurity -ldb -laud
- -lm but check for -ldb since DUNX < 4.0 lacks it
-
-1998-10-21 19:50 millert
-
- * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
- secureware.c, sudo.c, tgetpass.c: getprpwuid is broken in HP-UX
- 10.20 at least (it sleeps for 2 minutes if the shadow files don't
- exist).
-
-1998-10-20 17:22 millert
-
- * INSTALL: updated --with-editor blurb
-
-1998-10-20 17:21 millert
-
- * TROUBLESHOOTING: tell how to put sudoers in a different dir
-
-1998-10-20 16:22 millert
-
- * configure.in: add missing quotes around $with_editor
-
-1998-10-20 14:00 millert
-
- * configure.in: typo in --with-editor bits
-
-1998-10-20 01:24 millert
-
- * INSTALL: I don't expect it to work on Solaris
-
-1998-10-20 01:24 millert
-
- * check.c: add back security/pam_misc.h
-
-1998-10-19 17:13 millert
-
- * INSTALL: remove dunix note since configure checks for this now
-
-1998-10-19 16:30 millert
-
- * configure.in: add check for broken dunix prot.h (4.0 < 4.0D is
- bad)
-
-1998-10-19 14:32 millert
-
- * getspwuid.c, secureware.c, tgetpass.c: new dunix shadow code, use
- dispcrypt(3)
-
-1998-10-19 14:32 millert
-
- * config.h.in: add HAVE_INITPRIVS
-
-1998-10-19 14:31 millert
-
- * sudo.c: call initprivs() if we have it for getprpwuid later on
-
-1998-10-19 14:30 millert
-
- * Makefile.in: clean pathnames.h too
-
-1998-10-19 14:28 millert
-
- * configure.in: quote "Sorry, try again." with [] since it has a
- comma in it set LIBS when we add stuff to SUDO_LIBS set
- SECUREWARE when we find getprpwuid() so we can check for
- bigcrypt, set_auth_parameters, and initprivs later.
-
-1998-10-19 13:48 millert
-
- * INSTALL: update Digital UNIX note about acl.h
-
-1998-10-18 20:26 millert
-
- * INSTALL: add --with-sia --without-root-sudo ->
- --disable-root-sudo some reordering
-
-1998-10-18 20:22 millert
-
- * secureware.c: add whitespace
-
-1998-10-18 20:22 millert
-
- * Makefile.in, check.c, config.h.in, configure.in, logging.c,
- sudo.h: add SIA support
-
-1998-10-18 20:21 millert
-
- * check_sia.c: Initial revision
-
-1998-10-18 19:42 millert
-
- * configure.in: when checking for -lsocket, -lnsl, and -linet,
- check for the specific functions we need from them.
-
-1998-10-18 19:10 millert
-
- * config.h.in, sudo.h: move Syslog_* defs into sudo.h
-
-1998-10-18 18:15 millert
-
- * sudo.h, Makefile.in: added check_secureware
-
-1998-10-18 18:12 millert
-
- * configure.in: finished adding AC_MSG_CHECKING and AC_MSG_RESULT
- bits
-
-1998-10-18 18:00 millert
-
- * insults.h: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no
- other sets defined. configure now does that for us
-
-1998-10-18 17:45 millert
-
- * configure.in: move some --with options around change a bunch of
- echo's to AC_MSG_CHECKING, AC_MSG_RESULT pairs
-
-1998-10-18 01:09 millert
-
- * configure.in: change $with_foo-bar -> $with_foo_bar kill extra "
- that caused a syntax error add some echo verbage
-
-1998-10-17 18:08 millert
-
- * check.c: moved SecureWare stuff into secureware.c
-
-1998-10-17 18:07 millert
-
- * secureware.c: Initial revision
-
-1998-10-17 17:02 millert
-
- * INSTALL: update url to solaris gcc bins
-
-1998-10-17 16:39 millert
-
- * INSTALL: change option formatter and flesh out someentries
-
-1998-10-17 16:18 millert
-
- * sudo.pod, visudo.pod, TROUBLESHOOTING: environmental variable ->
- environment variable
-
-1998-10-17 16:01 millert
-
- * BUGS: everything is now done via configure
-
-1998-10-17 16:00 millert
-
- * README: prev rev was 1.5.6
-
-1998-10-17 00:33 millert
-
- * Makefile.in: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID
- correctly
-
-1998-10-17 00:32 millert
-
- * config.h.in: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from
- the Makefile
-
-1998-10-17 00:31 millert
-
- * Makefile.in: merge OSDEFS and OPTIONS into DEFS get sudoers_uid,
- sudoers_gid, sudoers_mode from configure
-
-1998-10-17 00:30 millert
-
- * configure.in: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get
- substituted into the Makefile, not config.h
-
-1998-10-17 00:30 millert
-
- * INSTALL: document all --with/--enable options
-
-1998-10-15 02:25 millert
-
- * insults.h: options.h is no more
-
-1998-10-15 02:25 millert
-
- * config.h.in: assimilated options.h
-
-1998-10-15 02:24 millert
-
- * configure.in: moved options from options.h to configure
-
-1998-10-15 01:41 millert
-
- * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
- logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
- sudo_setenv.c, visudo.c: no more options.h
-
-1998-10-15 01:39 millert
-
- * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING: remove references
- to options.h
-
-1998-10-15 01:32 millert
-
- * interfaces.c, dce_pwent.c, sudo.c: kill sys/time.h
-
-1998-10-15 00:10 millert
-
- * tgetpass.c: if select return < -1 still prompt for pw
-
-1998-10-15 00:03 millert
-
- * options.h: convert LOGGING, LOGFAC, MAXLOGFILELEN,
- IGNORE_DOT_PATH into configure options
-
-1998-10-14 23:57 millert
-
- * parse.c: FAST_MATCH is no longer an optino
-
-1998-10-14 23:52 millert
-
- * check.c: remove_timestamp() if timestamp is preposterous
-
-1998-10-14 23:36 millert
-
- * options.h: convert more options to --with/--enable
-
-1998-10-14 23:36 millert
-
- * INSTALL, aclocal.m4: logfile -> logpath
-
-1998-10-14 23:31 millert
-
- * configure.in: convert more options into --with and --enable
-
-1998-10-14 23:28 millert
-
- * tgetpass.c: catch EINTR in select and restart
-
-1998-10-14 23:15 millert
-
- * logging.c: sys/errno -> errno
-
-1998-09-24 11:40 millert
-
- * sudo.c: UMASK -> SUDO_UMASK.
-
-1998-09-24 11:36 millert
-
- * check.c, logging.c: time.h, not sys/time.h
-
-1998-09-21 19:52 millert
-
- * logging.c: MAILER -> _PATH_SENDMAIL
-
-1998-09-21 00:06 millert
-
- * INSTALL, configure.in: no more --with-C2, now it is
- --disable-shadow
-
-1998-09-21 00:00 millert
-
- * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
- getspwuid.c, sudo.c, tgetpass.c: new shadow password scheme.
- Always include shadow support if the platform supports it and the
- user did not disable it via configure
-
-1998-09-20 19:48 millert
-
- * configure.in: --with-getpass -> --{enable,disable}-tgetpass
-
-1998-09-20 19:16 millert
-
- * Makefile.in: pathnames.h -> pathnames.h.in
-
-1998-09-20 19:14 millert
-
- * check.c: fix version string
-
-1998-09-20 19:12 millert
-
- * check.c: move pam_conv to be static to auth function remove
- pam_misc.h (solaris doesn't have one)
-
-1998-09-20 19:10 millert
-
- * aclocal.m4: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill
- SUDO_PROG_PWD
-
-1998-09-20 19:10 millert
-
- * configure.in: munge pathnames.h.in -> pathnames.h kill
- SUDO_PROG_PWD
-
-1998-09-20 19:10 millert
-
- * pathnames.h.in: convert to pathnames.h.in
-
-1998-09-18 20:20 millert
-
- * configure.in: fix typo in sysv4 matching case /.
-
-1998-09-18 01:29 millert
-
- * check.c: pam stuff needs to run as root, not user, for shadow
- passwords
-
-1998-09-17 12:26 millert
-
- * Makefile.in, emul/utime.h, check.c, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- logging.c, options.h, parse.c, parse.lex, parse.yacc,
- pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c,
- BUGS, INSTALL, README, configure.in: updated version
-
-1998-09-17 12:13 millert
-
- * check.c: user version.h for long message
-
-1998-09-17 11:53 millert
-
- * check.c: this is version 1.5.6
-
-1998-09-16 13:42 millert
-
- * Makefile.in: remove errant backslash
-
-1998-09-14 22:25 millert
-
- * options.h, parse.yacc, pathnames.h.in: fix version string
-
-1998-09-14 22:02 millert
-
- * BUGS, CHANGES, TODO: updtaed for 1.5.6
-
-1998-09-14 22:02 millert
-
- * RUNSON: updated for 1.5.6
-
-1998-09-14 11:48 millert
-
- * interfaces.c: kill unused localhost_mask var copy if name to
- ifr_tmp after we zero it
-
-1998-09-13 15:50 millert
-
- * INSTALL: Better description of new vs. old sudoers modes fix some
- typos better description of /usr/ucb/cc gotchas on slowaris
-
-1998-09-13 15:49 millert
-
- * Makefile.in: add sample.pam
-
-1998-09-13 15:32 millert
-
- * sudo.c: set NewArgv[0] to user_shell, not basename(user_shell)
-
-1998-09-12 11:10 millert
-
- * README: mention TROUBLESHOOTING more fix some typos
-
-1998-09-11 20:30 millert
-
- * configure.in: move --enable/--disable to be after --with
-
-1998-09-11 20:30 millert
-
- * INSTALL: document --enable/--disable
-
-1998-09-11 20:26 millert
-
- * INSTALL: document --with-pam
-
-1998-09-11 19:47 millert
-
- * configure.in: Add message for pam users
-
-1998-09-11 19:27 millert
-
- * sample.pam: Initial revision
-
-1998-09-11 19:23 millert
-
- * config.h.in: fix HAVE_PAM
-
-1998-09-11 19:19 millert
-
- * check.c, config.h.in, configure.in: pam support, from Gary Calvin
- <GCalvin@kenwoodusa.com>
-
-1998-09-10 18:51 millert
-
- * config.h.in: add HOST_IN_LOG and WRAP_LOG
-
-1998-09-10 18:51 millert
-
- * logging.c: add WRAP_LOG and HOST_IN_LOG
-
-1998-09-10 18:37 millert
-
- * configure.in: add --enable-log-host and --enable-log-wrap
-
-1998-09-10 18:32 millert
-
- * aclocal.m4: use AC_DEFINE_UNQUOTED for --with-logfile and
- --with-timedir
-
-1998-09-08 20:45 millert
-
- * compat.h: add howmany macro
-
-1998-09-08 20:43 millert
-
- * tgetpass.c: include sys/param.h to get howmany macro
-
-1998-09-07 20:42 millert
-
- * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
- add RUNAS_DEFAULT
-
-1998-09-07 12:51 millert
-
- * fnmatch.c: bring in stdio.h for NULL
-
-1998-09-07 12:50 millert
-
- * aclocal.m4: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
-
-1998-09-07 12:43 millert
-
- * sudo.c: use HAVE_SET_AUTH_PARAMETERS
-
-1998-09-07 12:42 millert
-
- * config.h.in: add HAVE_SET_AUTH_PARAMETERS
-
-1998-09-07 12:41 millert
-
- * configure.in: add *-*-hiuxmpp* add test for set_auth_parameters()
- if secureware
-
-1998-09-07 12:39 millert
-
- * config.sub: add support for HI-UX/MPP SR220001 02-03 0 SR2201
-
-1998-09-07 12:06 millert
-
- * interfaces.c: initialize previfname
-
-1998-09-07 11:51 millert
-
- * interfaces.c: Don't use SIOCGIFADDR, we don't need it Use
- SIOCGIFFLAGS if we have it check ifr_flags against IFF_UP and
- IFF_LOOPBACK instead of kludging it
-
-1998-09-07 11:49 millert
-
- * configure.in: typo
-
-1998-09-07 00:01 millert
-
- * Makefile.in: don't need special build line for sudo.tab.o
-
-1998-09-06 23:58 millert
-
- * Makefile.in: don't clean sudo.tab.[ch]
-
-1998-09-06 23:48 millert
-
- * sudo.c: Sudo should prompt for a password before telling the user
- that a command could not be found.
-
-1998-09-06 23:47 millert
-
- * BUGS: for 1.5.6
-
-1998-09-06 23:25 millert
-
- * INSTALL, README: no longer require yacc
-
-1998-09-06 23:19 millert
-
- * Makefile.in: typo
-
-1998-09-06 23:18 millert
-
- * Makefile.in: y.tab -> sudo.tab include pre-yacc'd parse.yacc
-
-1998-09-06 23:09 millert
-
- * parse.lex: include sudo.tab.h, not y.tab.h don't break out of
- command args if you get a '='
-
-1998-09-06 22:59 millert
-
- * insults.h: fix version ,
-
-1998-09-06 22:57 millert
-
- * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
- fix version
-
-1998-09-06 22:55 millert
-
- * getcwd.c: getcwd(3) from OpenBSD for those without it.
-
-1998-09-06 22:51 millert
-
- * sudo.h: HAVE_GETWD -> HAVE_GETCWD
-
-1998-09-06 22:49 millert
-
- * configure.in: pretend sunos doesn't have getcwd(3) since it opens
- a pipe to getpwd!
-
-1998-09-06 22:41 millert
-
- * parse.c: use NAMLEN() macro
-
-1998-09-06 22:34 millert
-
- * fnmatch.c: remove duplicate include of string.h
-
-1998-09-06 22:28 millert
-
- * configure.in: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
-
-1998-09-06 22:28 millert
-
- * aclocal.m4: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
-
-1998-09-06 22:28 millert
-
- * config.h.in: add dev_t and ino_t
-
-1998-07-28 12:44 millert
-
- * check.c: fix OTP_ONLY for opie
-
-1998-06-24 12:22 millert
-
- * testsudoers.c, tgetpass.c: include stdlib.h for malloc proto
-
-1998-05-19 00:10 millert
-
- * Makefile.in: make update_version saner
-
-1998-05-18 23:32 millert
-
- * config.h.in: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
-
-1998-05-18 23:32 millert
-
- * configure.in: check for waitpid and wait3 or no waitpid
-
-1998-05-18 23:31 millert
-
- * logging.c: used waitpid or wait3 if we have 'em
-
-1998-05-02 14:16 millert
-
- * visudo.c: fix some fprintf args, ariel@oz.engr.sgi.com (Ariel
- Faigon)
-
-1998-04-27 20:09 millert
-
- * configure.in: don't need to explicately mention -lsocket -lnsl
- for sequent
-
-1998-04-25 01:56 millert
-
- * configure.in: dynix should not link with -linet
-
-1998-04-10 15:32 millert
-
- * INSTALL: mention that HP-UX doesn't ship with yacc
-
-1998-04-06 22:35 millert
-
- * check.c: ignore kerberos if we can't get the local realm
-
-1998-04-05 23:37 millert
-
- * configure.in, BUGS, INSTALL, README: ++version
-
-1998-04-05 23:36 millert
-
- * version.h: ++
-
-1998-04-05 23:35 millert
-
- * Makefile.in, emul/utime.h, check.c, config.h.in, dce_pwent.c,
- find_path.c, getspwuid.c, getcwd.c, goodpath.c, interfaces.c,
- logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c,
- sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
- visudo.c: updated version
-
-1998-04-05 23:34 millert
-
- * check.c, sudo.h: fix version
-
-1998-04-05 23:33 millert
-
- * getcwd.c: don't use popen/pclose. Do it inline.
-
-1998-04-05 23:25 millert
-
- * lsearch.c: add rcsid
-
-1998-04-05 23:21 millert
-
- * sudo.c: typo
-
-1998-04-05 23:17 millert
-
- * sudo.h, pathnames.h.in, compat.h, options.h, ins_2001.h,
- insults.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc,
- check.c: updated version
-
-1998-04-05 23:15 millert
-
- * check.c, find_path.c, parse.c, sudo.c, testsudoers.c: MAX* + 1 ->
- MAX*
-
-1998-04-05 23:14 millert
-
- * Makefile.in: getwd.c -> getcwd.c
-
-1998-04-05 22:49 millert
-
- * config.h.in: kill HAVE_GETWD
-
-1998-04-05 22:49 millert
-
- * configure.in: getcwd, not getwd
-
-1998-04-05 22:48 millert
-
- * getcwd.c: use MAX* not MAX* + 1 always run pwd as using getwd()
- defeats the purpose
-
-1998-03-31 00:15 millert
-
- * OPTIONS, options.h: add STUB_LOAD_INTERFACES
-
-1998-03-31 00:05 millert
-
- * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, logging.c, options.h, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
- updated version
-
-1998-03-30 23:54 millert
-
- * configure.in: support *-ccur-sysv4 and fix two typos
-
-1998-03-27 19:52 millert
-
- * configure.in: don't echo about with_logfile and with_timedir
-
-1998-03-27 19:49 millert
-
- * INSTALL: document --with-logfile and --with-timedir
-
-1998-03-27 19:46 millert
-
- * aclocal.m4: support --with-logfile and --with-timedir
-
-1998-03-27 19:46 millert
-
- * configure.in: Add --with-logfile and --with-timedir
-
-1998-03-27 19:27 millert
-
- * sudo.c: change size computation of NewArgv for UNICOS
-
-1998-02-18 20:10 millert
-
- * configure.in: treate -*-sysv4* like *-*-svr4
-
-1998-02-18 18:19 millert
-
- * configure.in: fix spacing for --with-authenticate help
-
-1998-02-18 16:39 millert
-
- * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, logging.c, options.h, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
- updated version
-
-1998-02-18 16:23 millert
-
- * parse.yacc: fix off by one error in push macro
-
-1998-02-17 01:15 millert
-
- * configure.in: removed bogus alloca hack
-
-1998-02-17 01:15 millert
-
- * check.c: added AIX 4.x authenticate() support
-
-1998-02-17 01:11 millert
-
- * parse.yacc: include alloca.h if using bison and not gcc and it
- exists. fixes an alloca problem on hpux 10.x
-
-1998-02-17 00:39 millert
-
- * INSTALL: mention --with-authenticate
-
-1998-02-17 00:37 millert
-
- * configure.in: added AIX authenticate() support
-
-1998-02-17 00:22 millert
-
- * config.h.in: add HAVE_AUTHENTICATE
-
-1998-02-16 23:58 millert
-
- * interfaces.c: dynamically size ifconf buffer
-
-1998-02-16 23:56 millert
-
- * configure.in: quote '[' and ']'
-
-1998-02-16 21:42 millert
-
- * Makefile.in, emul/utime.h, check.c, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- logging.c, options.h, parse.c, parse.lex, parse.yacc,
- pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
- updated version
-
-1998-02-16 19:06 millert
-
- * visudo.pod: add ERRORS section
-
-1998-02-16 18:57 millert
-
- * TROUBLESHOOTING: add busy stmp file explanation
-
-1998-02-15 18:49 millert
-
- * configure.in: the name of the cached var that signals whether or
- not you are cross compiling changed. It is now
- ac_cv_prog_cc_cross
-
-1998-02-11 16:26 millert
-
- * INSTALL: mention glibc 2.07 is fixed wrt lsearch()\.
-
-1998-02-06 21:55 millert
-
- * sample.sudoers, sudoers.pod: better example of su but not root su
-
-1998-02-06 15:49 millert
-
- * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, logging.c, options.h, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
- updated version
-
-1998-02-06 15:48 millert
-
- * Makefile.in: correct regexp for updating version
-
-1998-02-06 14:05 millert
-
- * tgetpass.c: remove bogus flush of stderr spew prompt before
- turning off echo. Seems to fix a weird problem where if sudo
- complained about a bogus stamp file the user would sometimes not
- have a chance to enter a password
-
-1998-02-06 14:05 millert
-
- * check.c: fix bogus flush of stderr
-
-1998-02-05 19:19 millert
-
- * sudo.c: close fd's <=2 not <=3 and move that chunk of code up
-
-1998-02-05 19:18 millert
-
- * configure.in: support hpux1[0-9] not just hpux10
-
-1998-01-30 14:59 millert
-
- * parse.c: set sudoers_fp to nil after closing
-
-1998-01-24 01:05 millert
-
- * config.guess, config.sub: updated from autoconf 2.12
-
-1998-01-24 00:50 millert
-
- * configure.in: add *-*-svr4 rule
-
-1998-01-22 22:53 millert
-
- * tgetpass.c: fix select usage for high fd's (dynamically allocate
- readfds)
-
-1998-01-22 22:49 millert
-
- * check.c: kill extra whitespace
-
-1998-01-22 19:28 millert
-
- * sudo.c: do an initgroups() before running a command, unless the
- target user is root.
-
-1998-01-22 12:22 millert
-
- * TROUBLESHOOTING: tell people to use tabs, not spaces, in
- syslog.conf
-
-1998-01-21 01:56 millert
-
- * parse.lex, Makefile.in, config.h.in, getwd.c, strdup.c, putenv.c,
- emul/utime.h, testsudoers.c, utime.c, dce_pwent.c: updated
- version
-
-1998-01-21 01:32 millert
-
- * goodpath.c, sudo_setenv.c, interfaces.c, tgetpass.c, visudo.c:
- updated version
-
-1998-01-21 01:29 millert
-
- * sudo.h, pathnames.h.in, options.h, compat.h, insults.h,
- ins_2001.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc,
- check.c, getspwuid.c, find_path.c, logging.c, parse.c, sudo.c:
- updated version
-
-1998-01-21 01:20 millert
-
- * Makefile.in: more tweaks to update_version
-
-1998-01-21 01:19 millert
-
- * Makefile.in: fixed up update_version rule
-
-1998-01-21 00:55 millert
-
- * configure.in: ++version
-
-1998-01-21 00:53 millert
-
- * Makefile.in: removed supe of check.c
-
-1998-01-21 00:51 millert
-
- * INSTALL: ++version I missed
-
-1998-01-21 00:51 millert
-
- * RUNSON: updated
-
-1998-01-21 00:48 millert
-
- * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
- find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- logging.c, options.h, parse.c, parse.lex, parse.yacc,
- pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c, emul/utime.h, BUGS, INSTALL, README: updated version
-
-1998-01-21 00:47 millert
-
- * CHANGES: updated for 1.5.5
-
-1998-01-21 00:35 millert
-
- * Makefile.in: add rules to update version stuff in files so I
- don't need to do it by hand
-
-1998-01-21 00:04 millert
-
- * sudo.h: sudoers_fp is now extern
-
-1998-01-21 00:03 millert
-
- * sudo.c: in check_sudoers, cache the sudoers file handle in
- sudoers_fp so we don't have to open it again in the parse. This
- may help with weird solaris problems where EAGAIN sometime
- occurrs.
-
-1998-01-21 00:02 millert
-
- * parse.c: sudoers file open is now done only in check_sudoers() so
- we just do a rewind() instead of an open. May help people on
- solaris who were getting EAGAIN.
-
-1998-01-16 11:43 millert
-
- * INSTALL: mention that newer glibc is fixed
-
-1998-01-13 12:58 millert
-
- * sudo.c: newer irix uses _RLDN32_* envariables for 32-bit binaries
- so ignore _RLD* instead of _RLD_*
-
-1998-01-13 10:32 millert
-
- * parse.c: typo
-
-1998-01-13 10:19 millert
-
- * parse.c: fix that bug for real
-
-1998-01-13 02:39 millert
-
- * INSTALL: document Linux's libc6 brokenness.
-
-1998-01-13 02:00 millert
-
- * parse.yacc: -Wall
-
-1998-01-13 01:22 millert
-
- * RUNSON: updated
-
-1998-01-13 00:50 millert
-
- * TROUBLESHOOTING: remind people to HUP syslogd
-
-1998-01-13 00:05 millert
-
- * Makefile.in: add -O flag to tar
-
-1998-01-13 00:00 millert
-
- * TODO, RUNSON: updated
-
-1998-01-12 23:59 millert
-
- * sudo.pod: remove author's email addr. people should mail
- sudo-bugs
-
-1998-01-12 23:49 millert
-
- * INSTALL: fix version
-
-1998-01-12 23:48 millert
-
- * README, check.c, compat.h, config.h.in, configure.in,
- dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, logging.c, options.h, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c: ++version
-
-1998-01-12 23:44 millert
-
- * RUNSON: updated
-
-1998-01-12 23:42 millert
-
- * INSTALL, Makefile.in: ++version
-
-1998-01-12 23:41 millert
-
- * CHANGES: updated fort 1.5.4
-
-1998-01-12 23:41 millert
-
- * check.c: exit(1) if user enters no passwd
-
-1998-01-12 23:37 millert
-
- * BUGS: ++version
-
-1998-01-12 23:10 millert
-
- * parse.c: commands can start with ./* not just /* -- fixes a
- serious security hole.
-
-1997-12-21 18:17 millert
-
- * sudo.c: Don't set the tty variable to NULL when we lack a tty,
- leave it as "unknown".
-
-1997-11-23 13:29 millert
-
- * sample.sudoers: fix usage of (username) in conjunction with , and
- !
-
-1997-11-23 13:28 millert
-
- * visudo.c: catch the case where the user is not in the passwd file
-
-1997-11-23 13:24 millert
-
- * tgetpass.c: use fileno(input) + 1 instead of getdtablesize() as
- the nfds arg to select(2)
-
-1997-11-23 01:53 millert
-
- * sudo.c: define tty global to an initial value to avoid dumping
- core in logging functions when passwd file is unavailable.
-
-1997-11-23 01:51 millert
-
- * sudo.c: do the set_perms(PERM_USER, sudo_mode) after we have
- gotten the passwd entry
-
-1997-11-23 00:21 millert
-
- * sudo.pod: talk about problem of ALL
-
-1997-10-10 00:54 millert
-
- * README: new web location
-
-1997-10-10 00:54 millert
-
- * INSTALL: fdesc bug is fixed in Open/Net BSD
-
-1997-10-10 00:52 millert
-
- * HISTORY: updates from Nieusma
-
-1997-10-09 18:37 millert
-
- * dce_pwent.c: move compat.h after the system includes
-
-1997-08-06 14:58 millert
-
- * logging.c: save errno from being clobbered by wait(). From Theo
-
-1997-05-21 11:57 millert
-
- * compat.h: fix an occurence of setresuid -> setreuid (typo)
-
-1997-03-19 17:45 millert
-
- * install-sh: check for path to strip
-
-1997-01-15 19:05 millert
-
- * logging.c: deal with maxfilelen < 0 case
-
-1997-01-15 19:05 millert
-
- * OPTIONS: fixed descriptin
-
-1996-12-11 23:10 millert
-
- * sudo.c: correct error message if mode/owner wrong and not
- statable by owner but is statable by root.
-
-1996-11-23 02:18 millert
-
- * config.guess, config.sub: autoconf 2.11
-
-1996-11-16 14:42 millert
-
- * CHANGES, RUNSON, TODO: sudo 1.5.3.
-
-1996-11-14 15:08 millert
-
- * sudo.h, parse.yacc: command_alias -> generic_alias
-
-1996-11-13 22:50 millert
-
- * sample.sudoers: added Runas_Alias example and fixed syntax errors
-
-1996-11-13 22:50 millert
-
- * OPTIONS, options.h: updated MAILSUBJECT
-
-1996-11-13 22:49 millert
-
- * logging.c: added %h expansion
-
-1996-11-13 21:37 millert
-
- * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
- find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
- ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
- logging.c, options.h, parse.c, parse.lex, parse.yacc,
- pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c, INSTALL, README, configure.in: ++version
-
-1996-11-13 20:01 millert
-
- * emul/utime.h, BUGS: ++version
-
-1996-11-13 19:45 millert
-
- * sudoers.pod: document Runas_Alias
-
-1996-11-13 19:22 millert
-
- * visudo.pod: q (uid) -> Q
-
-1996-11-13 19:21 millert
-
- * visudo.c: buffer oflow checking q (uit) -> Q if yyparse() fails
- drop into whatnow
-
-1996-11-13 19:05 millert
-
- * parse.yacc: add size params to sprintf
-
-1996-11-13 19:04 millert
-
- * parse.lex: allow trailing space after '\\' but before '\n'
-
-1996-11-13 19:04 millert
-
- * find_path.c: off by one error in path size check
-
-1996-11-13 19:03 millert
-
- * check.c: sprintf paranoia
-
-1996-11-12 11:59 millert
-
- * parse.yacc: fixed more_aliases
-
-1996-11-12 11:58 millert
-
- * visudo.c: now warns if killed by signal ./
-
-1996-11-11 10:49 millert
-
- * parse.yacc: fix Runas_Alias stuff Alias's in runas list now get
- expanded (but it is gross)
-
-1996-11-10 20:32 millert
-
- * sudo.c: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE ==
- 0400
-
-1996-11-10 20:08 millert
-
- * parse.yacc: add Runas_Alias support change FOO to FOO_ALIAS (ie:
- USER_ALIAS)
-
-1996-11-10 20:02 millert
-
- * parse.lex: Add Runas_Alias and simplify a rule.
-
-1996-11-10 19:15 millert
-
- * parse.yacc: always store User_Alias's since they can be used
- inside of a runas list. Sigh. Really need a Runas_Alias
- instead.
-
-1996-10-30 18:04 millert
-
- * visudo.c: deal with case where there is no sudoers file
-
-1996-10-11 23:01 millert
-
- * TROUBLESHOOTING: added one
-
-1996-10-10 22:11 millert
-
- * HISTORY, testsudoers.c: developement -> development
-
-1996-10-10 22:08 millert
-
- * INSTALL: added a note
-
-1996-10-10 20:36 millert
-
- * RUNSON: for 1.5.2
-
-1996-10-10 20:36 millert
-
- * CHANGES: updated
-
-1996-10-10 00:56 millert
-
- * PORTING: removed seteuid() notes
-
-1996-10-09 13:37 millert
-
- * compat.h: better seteuid() emulatino
-
-1996-10-09 13:36 millert
-
- * configure.in: added check for seteuid
-
-1996-10-09 13:36 millert
-
- * config.h.in: added HAVE_SETEUID
-
-1996-10-08 19:22 millert
-
- * configure.in: first stab at sequent support
-
-1996-10-08 19:21 millert
-
- * config.h.in: added HAVE_SYS_SELECT_H
-
-1996-10-08 19:21 millert
-
- * compat.h: sequent -> _SEQUENT_
-
-1996-10-08 19:11 millert
-
- * compat.h: added seteuid() macro for DYNIX
-
-1996-10-08 18:54 millert
-
- * tgetpass.c: _AIX -> HAVE_SYS_SELECT_H
-
-1996-10-07 01:05 millert
-
- * emul/utime.h, check.c, compat.h, dce_pwent.c, find_path.c,
- getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
- ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
- pathnames.h.in, version.h, BUGS, INSTALL, Makefile.in, OPTIONS,
- README, config.h.in, logging.c, parse.c, parse.lex, parse.yacc,
- putenv.c, strdup.c, sudo_setenv.c, testsudoers.c, utime.c,
- visudo.c, tgetpass.c: ++version
-
-1996-10-07 00:59 millert
-
- * sudo.pod: added -H and SUDO_PS1
-
-1996-10-07 00:55 millert
-
- * configure.in: use SUDO_FUNC_FNMATCH
-
-1996-10-07 00:54 millert
-
- * aclocal.m4: added SUDO_FUNC_FNMATCH
-
-1996-10-07 00:53 millert
-
- * sudo.c: added -H flag
-
-1996-10-07 00:53 millert
-
- * sudo.h: added MODE_RESET_HOME /
-
-1996-10-05 00:00 millert
-
- * INSTALL: mention OPIE
-
-1996-10-04 23:59 millert
-
- * configure.in: added opie support
-
-1996-10-04 23:59 millert
-
- * check.c: added HAVE_OPIE and changed to *_OTP_*
-
-1996-10-04 23:58 millert
-
- * compat.h, config.h.in: added HAVE_OPIE
-
-1996-10-04 23:58 millert
-
- * OPTIONS, options.h: SKEY -> OTP
-
-1996-10-03 23:27 millert
-
- * check.c: moved fclose() in skey stuff.
-
-1996-10-03 19:53 millert
-
- * putenv.c: index -> strchr remove unnecesary stuff
-
-1996-10-03 19:43 millert
-
- * check.c: now call skeychallenge() to get challenge instead of
- making one up ourselves. this way, we get extra goodies in the
- prompt.
-
-1996-09-10 00:32 millert
-
- * CHANGES: added one
-
-1996-09-10 00:18 millert
-
- * parse.lex: allow logins to start with a number (YUCK!)
-
-1996-09-08 15:18 millert
-
- * TROUBLESHOOTING: added soalris 2.5 vs 2.4 note
-
-1996-09-08 15:15 millert
-
- * configure.in: DUNIX doesn't need -lnsl
-
-1996-09-07 20:22 millert
-
- * CHANGES: [no log message]
-
-1996-09-07 20:21 millert
-
- * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
- getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
- ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
- options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in,
- putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c,
- tgetpass.c, utime.c, version.h, visudo.c: courtesan
-
-1996-09-07 20:13 millert
-
- * TROUBLESHOOTING, INSTALL, Makefile.in, PORTING, RUNSON, README:
- courtesan
-
-1996-09-07 20:12 millert
-
- * visudo.pod: [no log message]
-
-1996-09-07 20:00 millert
-
- * sudo.pod, visudo.pod: courtesan
-
-1996-09-07 19:45 millert
-
- * HISTORY: added courtesan ./
-
-1996-09-06 00:12 millert
-
- * sudo.c: added $SUDO_PROMPT support
-
-1996-09-04 17:19 millert
-
- * check.c: print long skey challemged to stderr, not stdout
-
-1996-08-31 23:10 millert
-
- * CHANGES: updated for 1.5.1
-
-1996-08-31 23:07 millert
-
- * emul/utime.h: ++version
-
-1996-08-31 12:34 millert
-
- * RUNSON: updated for 1.5.1
-
-1996-08-30 10:49 millert
-
- * check.c: use shost, not host for tgetpass
-
-1996-08-30 00:21 millert
-
- * OPTIONS, sudo.pod: documented %u and %h
-
-1996-08-29 20:40 millert
-
- * configure.in: fixed typo
-
-1996-08-29 20:37 millert
-
- * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
- dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, logging.c, options.h, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c: ++version
-
-1996-08-29 20:30 millert
-
- * BUGS: ++version
-
-1996-08-29 18:32 millert
-
- * configure.in, Makefile.in, version.h: ++version
-
-1996-08-29 17:58 millert
-
- * sudo.h: new tgetpass() params
-
-1996-08-29 17:58 millert
-
- * check.c: pass use and host to tgetpass
-
-1996-08-29 17:57 millert
-
- * tgetpass.c: added %u and %h escapes
-
-1996-08-29 16:56 millert
-
- * OPTIONS, options.h, check.c: added NO_MESSAGE
-
-1996-08-29 16:23 millert
-
- * configure.in: added cray (unicos) support
-
-1996-08-27 11:36 millert
-
- * OPTIONS, options.h, sudo.c: added SHELL_SETS_HOME
-
-1996-08-25 17:56 millert
-
- * INSTALL: added note about "make install"
-
-1996-08-25 17:50 millert
-
- * parse.yacc: changed length/size params from int to size_t
-
-1996-08-25 13:35 millert
-
- * OPTIONS: now get CSOPS insults as well by default
-
-1996-08-25 13:33 millert
-
- * insults.h: use csops insults too by default
-
-1996-08-25 13:31 millert
-
- * INSTALL, Makefile.in, README, config.h.in, configure.in,
- version.h: version = 1.5
-
-1996-08-25 13:27 millert
-
- * sudo.c: added runas_homedir
-
-1996-08-25 13:27 millert
-
- * TODO: updated for 1.5
-
-1996-08-25 13:23 millert
-
- * RUNSON: updated for 1.5
-
-1996-08-25 13:19 millert
-
- * CHANGES: 1.5 release
-
-1996-08-25 13:17 millert
-
- * INSTALL: added "upgrading" notes
-
-1996-08-22 14:00 millert
-
- * visudo.c: now do chmod and chown after edit of temp file and
- before rename
-
-1996-08-18 12:52 millert
-
- * Makefile.in: ++version added INSTALL.configure
-
-1996-08-18 12:52 millert
-
- * version.h, configure.in: ++version
-
-1996-08-18 12:51 millert
-
- * TROUBLESHOOTING: [no log message]
-
-1996-08-18 12:50 millert
-
- * parse.yacc: added missing cast
-
-1996-08-17 20:37 millert
-
- * sudo.c: sets $HOME to pw_dir of runas user
-
-1996-08-17 20:02 millert
-
- * sudo.pod: document $HOME change
-
-1996-08-17 19:43 millert
-
- * sudo.pod: fixed up some wording
-
-1996-08-17 19:25 millert
-
- * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
- goodpath.c, interfaces.c, logging.c, parse.c, parse.lex,
- parse.yacc, putenv.c, strdup.c, sudo.c, sudo_setenv.c,
- testsudoers.c, tgetpass.c, utime.c, visudo.c: ++version
-
-1996-08-17 19:19 millert
-
- * emul/utime.h, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
- ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h:
- ++version
-
-1996-08-17 19:18 millert
-
- * sudo.h: name nad type changes
-
-1996-08-17 19:17 millert
-
- * testsudoers.c: now works with new sudo
-
-1996-08-17 19:07 millert
-
- * parse.yacc: fixed some XXX
-
-1996-08-17 18:52 millert
-
- * parse.yacc: some variable name changes + comment headers for
- functions.
-
-1996-08-17 18:41 millert
-
- * tgetpass.c: added extra paren's to make compilers happy
-
-1996-08-17 18:34 millert
-
- * sudo.c: [no log message]
-
-1996-08-17 18:30 millert
-
- * parse.c: now uses init_parser() if not in sudoers and tries
- "list" or "validate" scold but don't be nasty.
-
-1996-08-17 18:29 millert
-
- * TROUBLESHOOTING: now can use upper case login names
-
-1996-08-17 18:29 millert
-
- * visudo.c: now uses init_parser()
-
-1996-08-17 18:28 millert
-
- * PORTING: added info about PASSWORD_TIMEOUT
-
-1996-08-17 18:28 millert
-
- * INSTALL, README: updated
-
-1996-08-17 18:28 millert
-
- * INSTALL.configure: Initial revision
-
-1996-08-17 18:27 millert
-
- * BUGS: fixed a bug ,
-
-1996-08-17 18:27 millert
-
- * parse.yacc: now dynamically allocates memory for the stacks -- no
- more overflows!
-
-1996-08-17 18:26 millert
-
- * sudo.pod: -l now explands command aliases
-
-1996-08-17 13:22 millert
-
- * parse.yacc: hacks to expand command aliases for `sudo -l'
-
-1996-08-17 13:22 millert
-
- * sudo.c: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh,
- and bash)
-
-1996-08-17 13:22 millert
-
- * sudo.h: added struct command_alias
-
-1996-08-17 13:20 millert
-
- * sudo.pod: fixed a bug
-
-1996-08-17 13:15 millert
-
- * lsearch.c: in compar() key should be first arg
-
-1996-08-15 15:48 millert
-
- * BUGS: fixed some bugs
-
-1996-08-15 15:47 millert
-
- * parse.yacc: can now deal with upcase HOST and USER names
-
-1996-08-15 15:47 millert
-
- * sudo.c: don't yell too loudly at non-sudoers if they do "sudo -l"
-
-1996-08-15 15:46 millert
-
- * sudo.pod: fixed thinko
-
-1996-08-15 15:46 millert
-
- * parse.c: fix comment
-
-1996-08-09 18:07 millert
-
- * parse.c, parse.yacc: added support for new `sudo -l' stuff
-
-1996-08-09 18:06 millert
-
- * sudo.c: now uses list_matches()
-
-1996-08-09 18:06 millert
-
- * sudo.h: added struct sudo_match
-
-1996-08-09 17:37 millert
-
- * configure.in: now more -lgnumalloc
-
-1996-08-01 13:12 millert
-
- * install-sh: added more paths for chown and whoami
-
-1996-07-31 10:41 millert
-
- * check.c: typo
-
-1996-07-30 13:45 millert
-
- * aclocal.m4: fixed DUNIX check for shadow pw
-
-1996-07-30 13:41 millert
-
- * tgetpass.c: now only turn off echo if it is already on. this
- fixes a race when you use sudo in a pipelin
-
-1996-07-30 12:53 millert
-
- * INSTALL: updated
-
-1996-07-29 22:29 millert
-
- * configure.in: changed "test -z $foo && do_this" to if; then
- construct
-
-1996-07-28 22:47 millert
-
- * configure.in: added missing defines of SHADOW_TYPE
-
-1996-07-26 14:10 millert
-
- * check.c: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since
- they are only in dunix 4.x
-
-1996-07-26 14:09 millert
-
- * getspwuid.c: added AUTH_CRYPT_C1CRYPT support
-
-1996-07-26 13:23 millert
-
- * parse.c: no longer return VALIDATE_NOT_OK if there was a runas
- that didn't match. Now we can have runas stuff on more than one
- line.
-
-1996-07-25 23:45 millert
-
- * configure.in: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always
- defined to something
-
-1996-07-25 23:45 millert
-
- * config.h.in: removed HAVE_C2_SECURITY added SPW_BSD
-
-1996-07-25 23:44 millert
-
- * compat.h, getspwuid.c, sudo.c, tgetpass.c: use SHADOW_TYPE
- instead of HAVE_C2_SECURITY
-
-1996-07-25 23:44 millert
-
- * check.c: SHADOW_TYPE is always defined so just against its value
-
-1996-07-25 23:44 millert
-
- * aclocal.m4: added SUDO_CHECK_SHADOW_DUNIX
-
-1996-07-25 18:47 millert
-
- * sudoers.pod: * -> ?* in one example added another instance of
- (runas) and one of NOPASSWD:
-
-1996-07-24 13:02 millert
-
- * configure.in: added back check for config.cache from other host
- type
-
-1996-07-24 12:49 millert
-
- * parse.lex: removed an instance of \"
-
-1996-07-24 12:49 millert
-
- * sample.sudoers: added an example
-
-1996-07-24 12:44 millert
-
- * sudoers.pod: updated wrt new wildcard matching
-
-1996-07-24 10:28 millert
-
- * configure.in: new check for shadow passwords if we don't know
- anything
-
-1996-07-24 10:28 millert
-
- * aclocal.m4: new SUDO_CHECK_SHADOW_GENERIC
-
-1996-07-24 02:19 millert
-
- * configure.in: added back check for -lsocket (oops)
-
-1996-07-24 02:16 millert
-
- * configure.in: better (working) check for shadow passwd type if we
- know to use C2.
-
-1996-07-24 01:59 millert
-
- * configure.in: now uses AC_CANONICAL_HOST to figure out os type
-
-1996-07-24 01:59 millert
-
- * Makefile.in: added config.{guess,sub}
-
-1996-07-24 01:58 millert
-
- * aclocal.m4: removed unused stuff to figure out os type
-
-1996-07-23 22:58 millert
-
- * config.sub: added openbsd
-
-1996-07-23 22:54 millert
-
- * config.sub: Initial revision
-
-1996-07-23 22:40 millert
-
- * config.guess: Initial revision
-
-1996-07-23 21:18 millert
-
- * testsudoers.c: don't call fnmatch() with FNM_PATHNAME flag unless
- it can only be a pathname. need to check against sudoers_args
- even if user_args is nil
-
-1996-07-23 21:18 millert
-
- * parse.c: don't call fnmatch() with FNM_PATHNAME flag unless it
- can only be a pathname need to check against sudoers_args even if
- user_args is nil
-
-1996-07-23 18:52 millert
-
- * check.c: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
-
-1996-07-23 01:18 millert
-
- * testsudoers.c: now takes command line args and uses cmnd_args
-
-1996-07-23 01:10 millert
-
- * parse.lex: fill_args was adding an extra leading space
-
-1996-07-22 15:50 millert
-
- * visudo.c: fixed dummy command_matches()
-
-1996-07-22 15:50 millert
-
- * parse.yacc: fixed prototype
-
-1996-07-22 15:31 millert
-
- * sudo.h: added cmnd_args
-
-1996-07-22 15:31 millert
-
- * parse.yacc: now uses flat args string
-
-1996-07-22 15:30 millert
-
- * parse.c, parse.lex: now uses flat arg string
-
-1996-07-22 15:29 millert
-
- * visudo.c: added cmnd_args def
-
-1996-07-22 14:30 millert
-
- * sudo.c: now sets cmnd_args global
-
-1996-07-22 14:30 millert
-
- * logging.c: cmnd_args is now exported from sudo.[ch]
-
-1996-07-21 18:41 millert
-
- * parse.yacc: can't rely on cmnd_matches as much as I thought --
- added some $$ stuff back in to prevent namespace pollution
- problems.
-
-1996-07-21 18:01 millert
-
- * parse.yacc: Simplified parse rules wrt runas and NOPASSWD (more
- consistent).
-
-1996-07-20 00:45 millert
-
- * parse.lex: NOPASSWD may now have blanks before the ':' '(' only
- starts a 'runas' if in the initial state to avoid collision with
- command args
-
-1996-07-20 00:23 millert
-
- * configure.in: added checks for specific shadow passwd schemes
-
-1996-07-20 00:18 millert
-
- * aclocal.m4: added routines to check for specific shadow passwd
- types
-
-1996-07-18 18:27 millert
-
- * configure.in: added support for ncr boxen
-
-1996-07-18 18:26 millert
-
- * aclocal.m4: added support for detecting ncr boxen
-
-1996-07-16 14:57 millert
-
- * configure.in: added sinix support
-
-1996-07-13 22:29 millert
-
- * TROUBLESHOOTING: added info about "config.cache from other other"
- error.
-
-1996-07-13 22:22 millert
-
- * aclocal.m4: now makes sure you don't have a config.cache file
- from another OS
-
-1996-07-13 21:36 millert
-
- * configure.in: now sets $LIBS when needed to configure links with
- libs when doing tests hpux10 now uses SPW_SECUREWARE for C2 added
- check for bigcrypt(3) if SPW_SECUREWARE
-
-1996-07-13 21:30 millert
-
- * getspwuid.c: fixed typo
-
-1996-07-13 21:05 millert
-
- * tgetpass.c: now include stuff for SPW_SECUREWARE to get
- AUTH_MAX_PASSWD_LENGTH
-
-1996-07-13 21:05 millert
-
- * getspwuid.c: no more SPW_HPUX10
-
-1996-07-13 21:04 millert
-
- * config.h.in: no more SPW_HPUX10 added HAVE_BIGCRYPT
-
-1996-07-13 21:04 millert
-
- * compat.h: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
-
-1996-07-13 21:04 millert
-
- * check.c: SPW_SECUREWARE now uses bigcrypt
-
-1996-07-13 18:24 millert
-
- * sample.sudoers: fixed 2 syntax errors
-
-1996-07-13 18:24 millert
-
- * sudoers: root may now run ALL as ALL
-
-1996-07-11 20:59 millert
-
- * interfaces.c: fixed a typo/thinko that broke BSD's with sa_len
-
-1996-07-08 16:08 millert
-
- * check.c, configure.in: updated AFS support
-
-1996-07-08 16:07 millert
-
- * TROUBLESHOOTING: added entry about /usr/ucb/cc
-
-1996-07-08 16:06 millert
-
- * INSTALL: prep no longer holds gcc binaries
-
-1996-07-08 15:48 millert
-
- * INSTALL: updated AFS note
-
-1996-07-08 15:43 millert
-
- * Makefile.in: added @AFS_LIBS@
-
-1996-07-08 15:33 millert
-
- * compat.h: AFS allows long passwords
-
-1996-07-08 14:16 millert
-
- * testsudoers.c: fixed -u user support
-
-1996-07-08 14:16 millert
-
- * parse.c: sudo -v now groks VALIDATE_OK_NOPASS
-
-1996-07-08 13:30 millert
-
- * parse.yacc: fixed no_passwd vs. runas_matched
-
-1996-07-08 10:30 millert
-
- * TROUBLESHOOTING: took out stuff about NFS-mounting since it is no
- longer an issue
-
-1996-07-08 10:30 millert
-
- * INSTALL: added --with-libraries > --with-libpath --with-incpath
-
-1996-07-08 10:21 millert
-
- * parse.yacc: was setting runas_matches to -1 in wrong place
-
-1996-07-08 09:58 millert
-
- * check.c: removed usersec.h which is not present in new AFS
- versions
-
-1996-07-08 09:55 millert
-
- * tgetpass.c: now deals with timeout <= 0
-
-1996-07-08 09:51 millert
-
- * OPTIONS: updated
-
-1996-07-08 00:04 millert
-
- * configure.in: BSD/OS >= 2.0 now uses shlicc instead of just gcc
-
-1996-07-07 22:30 millert
-
- * sudo.c: fixed backwards compatibility with sudo 1.4 sudoers mode
- for root readable/writable filesystems
-
-1996-07-07 20:49 millert
-
- * Makefile.in: now gives INSTALL -c flag
-
-1996-07-07 20:34 millert
-
- * parse.yacc: slightly simpler initialization of no_passwd and
- runas_matches
-
-1996-07-07 20:33 millert
-
- * testsudoers.c: added -u username support
-
-1996-07-07 20:32 millert
-
- * configure.in: improved --with-libraries support
-
-1996-07-07 16:27 millert
-
- * configure.in: added --with-incpath, --with-libpath,
- --with-libraries
-
-1996-07-07 16:01 millert
-
- * parse.yacc: now initializes some fields that weren't getting set
- to -1 pretty gross -- need a rewrite.
-
-1996-06-25 23:19 millert
-
- * alloca.c: removed emacs'isms
-
-1996-06-25 22:29 millert
-
- * configure.in: no longer add -lPW to *_LIBS since we include
- alloca.c
-
-1996-06-25 22:29 millert
-
- * config.h.in: added HAVE_ALLOCA_H
-
-1996-06-25 22:28 millert
-
- * Makefile.in: added alloca.c
-
-1996-06-25 22:18 millert
-
- * alloca.c: Initial revision
-
-1996-06-25 21:58 millert
-
- * configure.in: ++version
-
-1996-06-25 19:32 millert
-
- * sudo.c: now set uid to 1 instead of nobody for PERM_SUDOERS since
- nobody is not always set to a valid uid.
-
-1996-06-25 19:31 millert
-
- * OPTIONS: fixed entry for SUDO_MODE
-
-1996-06-25 18:02 millert
-
- * sudo.c: Fixed NFS-mounted sudoers file under solaris both uid
- *and* gid were being set to -2. Now beat NFS to the punch and
- set uid to "nobody" ourselves, preserving group 0 to read
- sudoers.
-
-1996-06-25 18:02 millert
-
- * parse.c: moved set_perms(PERM_ROOT) to be before yyparse()
-
-1996-06-25 18:00 millert
-
- * logging.c: fixed a typo
-
-1996-06-25 18:00 millert
-
- * configure.in: no longer need AC_PROG_INSTALL
-
-1996-06-25 17:59 millert
-
- * Makefile.in: always use install-sh to avoid install(1)'s that use
- get{pw,gr}nam
-
-1996-06-25 16:07 millert
-
- * INSTALL: make clean -> make distclean
-
-1996-06-20 01:17 millert
-
- * parse.yacc: removed some unnecsary if's
-
-1996-06-20 01:16 millert
-
- * Makefile.in, version.h: ++version
-
-1996-06-20 01:16 millert
-
- * parse.c, testsudoers.c: now includes netgroup.h
-
-1996-06-20 00:45 millert
-
- * interfaces.c: removed cats of ioctl to int since they didn't shut
- up -Wall
-
-1996-06-20 00:43 millert
-
- * interfaces.c: explicately cast ioctl() to int since it it not
- always declared
-
-1996-06-20 00:41 millert
-
- * sudo.h: added declarations for yyparse() and yylex()
-
-1996-06-20 00:27 millert
-
- * parse.yacc: fixed an occurence of '==' -> '='
-
-1996-06-20 00:22 millert
-
- * config.h.in, configure.in: added check for netgroup.h
-
-1996-06-20 00:20 millert
-
- * sudo.c: fixed 2 compiler warnings
-
-1996-06-20 00:08 millert
-
- * sudo.c: SHELL_IF_NO_ARGS caused core dump since NewArg[cv]
- weren't being initialized
-
-1996-06-19 13:53 millert
-
- * sudo.pod: fixed a typo
-
-1996-06-17 12:19 millert
-
- * parse.yacc: fixed a formatting thingie
-
-1996-06-17 12:16 millert
-
- * parse.c, parse.yacc: fixed -u support with multiple user lists on
- a line
-
-1996-06-17 10:23 millert
-
- * configure.in: unixware needs -lgen
-
-1996-06-17 10:23 millert
-
- * README: updated ftp location
-
-1996-06-17 00:08 millert
-
- * sudoers.pod: add net_addr/netmask support
-
-1996-06-17 00:07 millert
-
- * sample.sudoers: added net_addr/mask example
-
-1996-06-17 00:02 millert
-
- * parse.lex, parse.c: added support for net_addr/netmask
-
-1996-06-15 20:13 millert
-
- * sudoers.pod: ^ -> !
-
-1996-06-15 18:12 millert
-
- * RUNSON: updated for 1.4.3
-
-1996-06-15 18:12 millert
-
- * CHANGES: udpated for 1.4.3
-
-1996-06-15 18:11 millert
-
- * TROUBLESHOOTING, TODO, BUGS: updated
-
-1996-06-15 18:11 millert
-
- * sample.sudoers: updated with examples of new stuff
-
-1996-06-15 18:10 millert
-
- * INSTALL, README: ++version
-
-1996-06-15 18:01 millert
-
- * sudoers.pod: updated wrt -u and NOPASSWD
-
-1996-06-15 17:58 millert
-
- * sudo.pod: updated wrt -u and CAVEATS
-
-1996-06-08 23:15 millert
-
- * sudo.c: fixed usage()
-
-1996-06-08 22:57 millert
-
- * parse.lex: now use :foo: character classes (makes no diff for
- generated lexer)
-
-1996-06-07 14:33 millert
-
- * check.c: fixed LONG_SKEY_PROMPT stuff
-
-1996-06-06 15:35 millert
-
- * visudo.c: fixed a comment
-
-1996-06-06 15:03 millert
-
- * lsearch.c: make more like NetBSD one -- now compiles w/o warnings
-
-1996-06-06 15:02 millert
-
- * emul/search.h: fixed decls of lsearch()
-
-1996-06-05 22:20 millert
-
- * config.h.in, configure.in, getspwuid.c: added SPW_HPUX10
-
-1996-06-05 22:20 millert
-
- * check.c: hpux 10 uses bigcrypt() if C2
-
-1996-06-04 19:57 millert
-
- * parse.c: now always uses fnmatch to match args
-
-1996-06-04 19:40 millert
-
- * tgetpass.c: back to using stdio instead of raw i/o since that
- caused some problems
-
-1996-05-28 22:14 millert
-
- * sudo.c: now give usage warning if use -l,-v,-k with args
-
-1996-05-28 18:22 millert
-
- * sudo.c: NewArgc is now set to 1 for -l, -v, -k
-
-1996-05-28 12:50 millert
-
- * sudo.c: now sets sudoers to correct group if mode is 0400
-
-1996-05-28 12:02 millert
-
- * install-sh: updated to version used by inn and bind
-
-1996-05-28 00:08 millert
-
- * configure.in: now uses -lgnumalloc if it exists
-
-1996-05-28 00:02 millert
-
- * Makefile.in: "make install" now sets uid/gid and mode on sudoers
- if it exists
-
-1996-05-28 00:01 millert
-
- * sudo.c: rmeoved debugging statements
-
-1996-05-28 00:00 millert
-
- * parse.yacc: added a missing free()
-
-1996-05-27 23:58 millert
-
- * sudo.c: now uses user_gid instead of getegid (which was wrong
- anyway) to set SUDO_GID Now sets command line args in
- SUDO_COMMAND envariabled (logging.c depends on args being in the
- environment)
-
-1996-05-27 23:57 millert
-
- * logging.c: now uses SUDO_COMMAND envariable to get command args
- rather than building it up again.
-
-1996-05-27 22:42 millert
-
- * parse.c: now uses user_gid
-
-1996-05-27 20:02 millert
-
- * sudo.c: fixed off by one error in allocation NewArgv
-
-1996-05-27 20:01 millert
-
- * parse.c: in sudoers, 'command ""' now means command with no args
-
-1996-05-27 20:01 millert
-
- * configure.in: added check for fnmatch(3) and fnmatch.h
-
-1996-05-27 20:01 millert
-
- * config.h.in: added HAVE_FNMATCH
-
-1996-05-27 20:00 millert
-
- * Makefile.in: replaced wildcat.* with fnmatch.*
-
-1996-05-27 20:00 millert
-
- * testsudoers.c: now uses fnmatch()
-
-1996-05-27 19:38 millert
-
- * parse.c: now uses fnmatch() instead of wildmat a trailing star
- (*) by itself now matches multiple args added support for
- wildcards in the pathname in sudoers
-
-1996-05-25 19:23 millert
-
- * fnmatch.c: now includes compat.h and config.h
-
-1996-05-25 18:09 millert
-
- * config.h.in: added HAVE_FNMATCH_H
-
-1996-05-25 18:07 millert
-
- * configure.in: now checks for alloca() (if needed by bison or dce)
- and links with -lPW if it contains alloca() and libv and compiler
- do not.
-
-1996-05-25 18:03 millert
-
- * fnmatch.3, fnmatch.c, emul/fnmatch.h: Initial revision
-
-1996-04-28 22:38 millert
-
- * sudo.c: now fixes mode on sudoers if set to 0400 to aid in
- upgrade
-
-1996-04-28 17:44 millert
-
- * Makefile.in: fixed pod2man usage
-
-1996-04-28 17:40 millert
-
- * configure.in, Makefile.in, version.h: ++version
-
-1996-04-28 17:20 millert
-
- * testsudoers.c, visudo.c: runas_user is now initialized to "root"
-
-1996-04-28 17:20 millert
-
- * sudo.h: removed PERM_FULL_ROOT
-
-1996-04-28 17:18 millert
-
- * sudo.c: runas_user defaults to "root" so no more need to
- PERM_RUNAS
-
-1996-04-28 17:16 millert
-
- * parse.c: will now only running commands as root if there was no
- runas list (or if root is in the runas list)
-
-1996-04-28 17:15 millert
-
- * logging.c: now logs "USER=%s"
-
-1996-04-28 17:12 millert
-
- * parse.yacc: runas_matches is now set to false if we get a
- negative match
-
-1996-04-28 15:01 millert
-
- * parse.lex: make #uid work + some minor cleanup
-
-1996-04-27 21:04 millert
-
- * sample.sudoers: added support for NOPASSWD and "runas" from
- garp@opustel.com /
-
-1996-04-27 21:03 millert
-
- * visudo.c: added support for "runas" from garp@opustel.com
- replaced SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added
- support for SUDOERS_MODE
-
-1996-04-27 21:03 millert
-
- * testsudoers.c: added support for "runas" from garp@opustel.com
-
-1996-04-27 21:02 millert
-
- * sudo.h: added support for NO_PASSWD and runas from
- garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and
- SUDOERS_GID and added support fro SUDOERS_MODE
-
-1996-04-27 21:00 millert
-
- * sudo.c: added support for NO_PASSWD and runas from
- garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and
- SUDOERS_GID and added support fro SUDOERS_MODE
-
-1996-04-27 21:00 millert
-
- * parse.yacc: added support for NO_PASSWD and runas from
- garp@opustel.com
-
-1996-04-27 20:58 millert
-
- * parse.c, parse.lex: added support for NO_PASSWD and runas from
- garp@opustel.com
-
-1996-04-27 20:56 millert
-
- * logging.c: added support for SUDOERS_WRONG_MODE and "runas"
-
-1996-04-27 20:40 millert
-
- * configure.in: added --with-CC only link with -lshadow on linux
- (with shadow pw) if libc lacks getspnam()
-
-1996-04-27 20:39 millert
-
- * OPTIONS, options.h: removed NO_PASSWD since it is not possible to
- do this in the sudoers file itself. Replaced SUDOERS_OWNER with
- SUDOERS_UID and SUDOERS_GID. Added SUDOERS_MODE.
-
-1996-04-27 20:26 millert
-
- * Makefile.in: now uses SUDOERS_UID and SUDOERS_GID
-
-1996-04-27 11:20 millert
-
- * INSTALL: added --with-CC
-
-1996-04-06 16:31 millert
-
- * parse.lex: added double quote support
-
-1996-04-06 16:29 millert
-
- * sudoers.pod: documented double quoting
-
-1996-04-05 16:53 millert
-
- * mkinstalldirs: Initial revision
-
-1996-04-05 16:53 millert
-
- * check.c: fixed some indentation
-
-1996-04-05 16:48 millert
-
- * Makefile.in: fixed a typo
-
-1996-04-04 19:39 millert
-
- * Makefile.in: added install-dirs .
-
-1996-04-04 14:16 millert
-
- * dce_pwent.c: new version from "Jeff A. Earickson"
- <jaearick@colby.edu>
-
-1996-04-03 13:40 millert
-
- * configure.in: $CSOPS -> $with_csops (whoops, missed one)
-
-1996-04-03 13:40 millert
-
- * BUGS: updated
-
-1996-04-03 13:36 millert
-
- * parse.lex: FQHOST now has same constraints as non-FQHOST
-
-1996-04-02 19:00 millert
-
- * INSTALL: added note about OS's w/ shadow passwords turned on by
- default
-
-1996-04-02 18:58 millert
-
- * configure.in: fixed a typo
-
-1996-04-02 18:48 millert
-
- * configure.in: added support for --without-THING sanitized shadow
- pw situtation by adding support for --without-C2
-
-1996-04-02 16:42 millert
-
- * tgetpass.c: fixed a typo wrt placement of an end paren
-
-1996-04-02 14:57 millert
-
- * check.c: was closing an fd that may not have been opened
-
-1996-03-21 19:55 millert
-
- * sudo.c, OPTIONS, options.h: added NO_PASSWD
-
-1996-03-19 19:40 millert
-
- * configure.in: now always use shadow pw on some arches
-
-1996-03-19 17:07 millert
-
- * configure.in: added pyramid support
-
-1996-03-19 17:04 millert
-
- * configure.in: no longer check for C2 if alternate passwd method
- is used no longer check for some libs twice
-
-1996-03-19 17:00 millert
-
- * parse.yacc: moved fqdn stuff into parse.lex (FQHOST)
-
-1996-03-19 17:00 millert
-
- * parse.lex: added FQHOST rules
-
-1996-03-18 20:57 millert
-
- * tgetpass.c: now define TCSASOFT in necesary
-
-1996-03-18 20:31 millert
-
- * tgetpass.c: now uses read/write instead of stdio string goop to
- avoid problems with select(2)
-
-1996-03-18 19:37 millert
-
- * OPTIONS, find_path.c, options.h: -DNO_DOT_PATH ->
- -DIGNORE_DOT_PATH
-
-1996-03-17 16:18 millert
-
- * INSTALL: added note about no shadow auto-detect if using
- alternate auth schemes
-
-1996-03-17 15:33 millert
-
- * configure.in: don't check for C2 if AFS or DCE (unless they said
- --with-C2)
-
-1996-03-17 15:08 millert
-
- * testsudoers.c: now groks shost
-
-1996-03-17 15:01 millert
-
- * options.h, OPTIONS, find_path.c: added NO_DOT_PATH
-
-1996-03-16 14:43 millert
-
- * find_path.c: checkdot now works correctly
-
-1996-03-12 18:01 millert
-
- * configure.in: can't have DCE and C2 passwords both...
-
-1996-03-11 14:05 millert
-
- * parse.yacc, sudo.c, sudo.h, visudo.c: now uses shost even if not
- FQDN
-
-1996-03-11 14:04 millert
-
- * configure.in: now looks for skey in /usr/lib and doesn't require
- libskey to be in /usr/local/lib just because skey.h is (for my
- netbsd box :-)
-
-1996-03-11 02:00 millert
-
- * aclocal.m4, config.h.in, pathnames.h.in: _SUDO_PATH_ ->
- _CONFIG_PATH_
-
-1996-03-10 21:01 millert
-
- * aclocal.m4, sudo.pod: /var/run/.odus -> /var/run/sudo
-
-1996-03-10 20:59 millert
-
- * pathnames.h.in: now uses _SUDO_PATH_TIMEDIR
-
-1996-03-10 20:59 millert
-
- * OPTIONS: udpated FQDN
-
-1996-03-10 20:58 millert
-
- * config.h.in: added _SUDO_PATH_TIMEDIR
-
-1996-03-10 20:58 millert
-
- * aclocal.m4, configure.in: added SUDO_TIMEDIR
-
-1996-03-10 20:58 millert
-
- * sudo.pod: updated wrt /var/run/sudo
-
-1996-03-10 20:16 millert
-
- * sudo.c, sudo.h: added support for shost if FQDN
-
-1996-03-10 20:14 millert
-
- * parse.yacc, visudo.c: now uses shost if FQDN
-
-1996-03-10 20:12 millert
-
- * check.c: Now use skeylookup() instead off skeychallenge()
-
-1996-02-27 20:41 millert
-
- * logging.c: mail_argv should not contain ALERTMAIL as it includes
- "-t"
-
-1996-02-22 17:06 millert
-
- * INSTALL, Makefile.in, README, version.h, configure.in: ++version
-
-1996-02-22 16:27 millert
-
- * compat.h: added more _PASSWD_LEN stuff -- now uses PASS_MAX too
-
-1996-02-22 16:27 millert
-
- * tgetpass.c: now includes limits.h moved _PASSWD_LEN -> compat.h
-
-1996-02-05 19:20 millert
-
- * README, INSTALL: ++version
-
-1996-02-05 19:20 millert
-
- * Makefile.in: ++versoin
-
-1996-02-05 19:16 millert
-
- * Makefile.in: fixed a typo
-
-1996-02-05 19:16 millert
-
- * configure.in: ++version
-
-1996-02-05 18:53 millert
-
- * RUNSON: updated
-
-1996-02-05 18:47 millert
-
- * CHANGES: done for 1.4.1 (I hope)
-
-1996-02-05 18:45 millert
-
- * sudoers.pod: added info on wildcards
-
-1996-02-05 18:39 millert
-
- * sample.sudoers: added wildcard example
-
-1996-02-05 17:03 millert
-
- * Makefile.in: now uses *.pod to build *.man and *.cat & *.html
-
-1996-02-05 17:03 millert
-
- * configure.in: addedSUDO_PROG_BSHELL !ll
-
-1996-02-05 16:10 millert
-
- * visudo.pod: fixed up some formatting
-
-1996-02-05 16:10 millert
-
- * sudoers.pod: redid section describing sample sudoers stuff
-
-1996-02-05 16:10 millert
-
- * sudo.pod: fixed some formatting
-
-1996-02-04 22:50 millert
-
- * getspwuid.c: now treats "" as bourne shell
-
-1996-02-04 22:49 millert
-
- * Makefile.in: TESTOBJS nwo includes wildmat.o
-
-1996-02-04 22:48 millert
-
- * testsudoers.c: now works with NewArg[cv]
-
-1996-02-04 21:59 millert
-
- * sudo.c: removed an XXX (fixed it in getspwuid.c)
-
-1996-02-04 21:58 millert
-
- * aclocal.m4: added check for bourne shell
-
-1996-02-04 21:58 millert
-
- * pathnames.h.in: added _PATH_BSHELL
-
-1996-02-04 21:58 millert
-
- * config.h.in: added _SUDO_PATH_BSHELL
-
-1996-02-04 16:36 millert
-
- * visudo.c: unixware vi returns 256 instead of 0
-
-1996-02-04 16:24 millert
-
- * INSTALL: added Linux note
-
-1996-02-04 16:13 millert
-
- * logging.c: fixed up some XXX's. file log format now looks a
- little more like real syslog(3) format.
-
-1996-02-04 16:13 millert
-
- * README, TROUBLESHOOTING: updated wrt lex/flex
-
-1996-02-04 16:11 millert
-
- * Makefile.in: commented out rule to build lex.yy.c from parse.lex
- since we ship with a pre-flex'd parser
-
-1996-02-04 16:09 millert
-
- * parse.c, parse.yacc, visudo.c: path_matches -> command_matches
-
-1996-02-04 02:28 millert
-
- * logging.c: eliminated some strcat()'s
-
-1996-02-04 02:10 millert
-
- * configure.in: no longer checks for lex/flex (now assumes flex)
-
-1996-02-04 02:08 millert
-
- * configure.in: now checks for $kerb_dir_candidate/krb.h instead of
- just kerb_dir_candidate
-
-1996-02-02 20:48 millert
-
- * parse.yacc: now use a 'hook' expression instead of an iffy one
- :-)
-
-1996-02-02 01:14 millert
-
- * visudo.c: now works with new sudo arg stuff
-
-1996-02-02 01:14 millert
-
- * parse.yacc: fixed dereferencing deadbeef
-
-1996-02-01 23:53 millert
-
- * sudo.c: changed an occurrence of Argv to NewArgv
-
-1996-02-01 23:53 millert
-
- * parse.lex: took out support for quoted commands since there is no
- need...
-
-1996-02-01 23:52 millert
-
- * parse.c: fixed a typo in a for() loop
-
-1996-02-01 23:52 millert
-
- * logging.c: protected against dereferencing rogue pointers
-
-1996-02-01 22:34 millert
-
- * sudo.c: now uses NewArgv amd NewArgc so cmnd_aegs is no longer
- needed this also allows us to eliminate some kludges in
- parse_args() and eliminate superfluous code.
-
-1996-02-01 22:34 millert
-
- * logging.c: no longer uses cmnd_args, now uses NewArgv instead.
-
-1996-02-01 22:32 millert
-
- * sudo.h: added struct sudo_command, NewArgc, and NewArgv removed
- cmnd_args (no longer used)
-
-1996-02-01 22:31 millert
-
- * Makefile.in: added wildmat.c to SRCS & SUDOBJS
-
-1996-02-01 22:30 millert
-
- * parse.yacc: COMMAND is now a struct containing the path and args
-
-1996-02-01 22:30 millert
-
- * parse.lex: replaced append() with fill_cmnd() and fill_args.
- command args from a sudoers entry are now stored in an arrary for
- easy matching.
-
-1996-02-01 22:28 millert
-
- * parse.c: command line args from sudoers file are now in an array
- like ones passed in from the command line
-
-1996-01-31 20:59 millert
-
- * parse.c: wildwat stuff now works
-
-1996-01-29 00:44 millert
-
- * version.h: ++version
-
-1996-01-29 00:44 millert
-
- * Makefile.in: ++version added wildmat.*
-
-1996-01-28 17:55 millert
-
- * parse.lex: added support for quoted commands (w/ or w/o args)
-
-1996-01-22 01:55 millert
-
- * sudo.pod, visudo.pod: cleaned up formatting
-
-1996-01-21 20:53 millert
-
- * sudo.pod, visudo.pod: Initial revision
-
-1996-01-21 02:07 millert
-
- * sudoers.pod: looks reasonable, could be mroe readable
-
-1996-01-20 23:47 millert
-
- * sudoers.pod: Initial revision
-
-1996-01-16 14:38 millert
-
- * RUNSON: updated
-
-1996-01-16 14:37 millert
-
- * OPTIONS: updated NO_ROOT_SUDO entry
-
-1996-01-15 11:37 millert
-
- * RUNSON: [no log message]
-
-1996-01-15 11:34 millert
-
- * sudo.c: fixed SECURE_PATH
-
-1996-01-14 20:55 millert
-
- * RUNSON: udpa`ted for 1.4
-
-1996-01-14 20:52 millert
-
- * configure.in: AIX aixcrypt.exp now uses $(srcdir)
-
-1996-01-14 20:32 millert
-
- * TROUBLESHOOTING: added entry for anal ansi compilers
-
-1996-01-14 16:13 millert
-
- * INSTALL: added info on libcrypt_i for SCO
-
-1996-01-14 16:05 millert
-
- * TODO: [no log message]
-
-1996-01-14 15:39 millert
-
- * sample.sudoers: added comments
-
-1996-01-14 15:25 millert
-
- * TODO: 1.4 release
-
-1996-01-14 15:22 millert
-
- * README, config.h.in, configure.in, CHANGES: ++version
-
-1996-01-14 15:21 millert
-
- * BUGS: ++version and fixed ISC
-
-1996-01-14 15:19 millert
-
- * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c,
- getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
- ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h,
- logging.c, putenv.c, strdup.c, sudo.c, sudo_setenv.c,
- testsudoers.c, tgetpass.c, utime.c, visudo.c, INSTALL, OPTIONS:
- ++version
-
-1996-01-14 15:16 millert
-
- * interfaces.c: added STUB_LOAD_INTERFACES ++version
-
-1996-01-14 15:14 millert
-
- * Makefile.in, version.h, parse.c, parse.lex, parse.yacc,
- emul/utime.h: ++version
-
-1996-01-14 15:13 millert
-
- * PORTING: added info about fd_set in tgetpass added info on
- interfaces.c
-
-1996-01-11 13:22 millert
-
- * dce_pwent.c: added sudo header
-
-1996-01-11 13:04 millert
-
- * tgetpass.c: fixed a typo
-
-1996-01-11 13:01 millert
-
- * Makefile.in: tgetpass.o is now only linked in with sudo (not
- visudo)
-
-1996-01-09 12:56 millert
-
- * BUGS, INSTALL, OPTIONS, README, Makefile.in, config.h.in,
- configure.in: ++version
-
-1996-01-09 12:54 millert
-
- * emul/utime.h: added copyright notice
-
-1996-01-09 12:52 millert
-
- * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
- ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
- interfaces.c, logging.c, options.h, parse.c, parse.lex,
- parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
- sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
- visudo.c: ++version
-
-1996-01-09 12:46 millert
-
- * tgetpass.c: minor cleanup and now includes sys/bsdtypes for
- svr4'ish boxen
-
-1996-01-09 12:42 millert
-
- * configure.in: ISC now gets -lcrypt now check for sys/bsdtypes.h
-
-1996-01-09 12:41 millert
-
- * config.h.in: added check for sys/bsdtypes.h
-
-1996-01-07 16:00 millert
-
- * parse.yacc: removed debugging stuff (setting freed ptr to NULL)
-
-1996-01-07 15:55 millert
-
- * TROUBLESHOOTING: added 2 entries
-
-1996-01-07 15:55 millert
-
- * Makefile.in: added FAQ
-
-1996-01-07 14:26 millert
-
- * TROUBLESHOOTING: added section on syslog
-
-1996-01-07 14:25 millert
-
- * configure.in: added AC_ISC_POSIX for better ISC support
-
-1996-01-07 14:25 millert
-
- * config.h.in: fixed typo
-
-1996-01-07 14:25 millert
-
- * config.h.in: added define for _POSIX_SOURCE
-
-1996-01-04 00:41 millert
-
- * configure.in: fixed check for lsearch()
-
-1995-12-21 21:53 millert
-
- * interfaces.c: fixed for AIX now deal if num_interfaces == 0
- (should not happen)
-
-1995-12-20 17:02 millert
-
- * configure.in: now only define HAVE_LSEARCH if there is a
- corresponding search.h
-
-1995-12-20 15:52 millert
-
- * interfaces.c: works on ISC again
-
-1995-12-18 17:36 millert
-
- * configure.in: now define HAVE_LSEARCH if we find lsearch() in
- libcompat
-
-1995-12-18 17:32 millert
-
- * lsearch.c: char * -> const char *
-
-1995-12-18 17:29 millert
-
- * configure.in: now looks in -lcompat for lsearch()
-
-1995-12-18 17:23 millert
-
- * Makefile.in: remove sudo.core visudo.core for clan target
-
-1995-12-17 22:53 millert
-
- * aclocal.m4: added UID_MAX support in check for MAX_UID_T_LEN
-
-1995-12-17 22:36 millert
-
- * Makefile.in: fixed another occurence of sudo_getpwuid.*
-
-1995-12-17 22:30 millert
-
- * getspwuid.c, Makefile.in: sudo_getpwuid.c -> getspwuid.c
-
-1995-12-17 22:22 millert
-
- * configure.in: moved the "echo"
-
-1995-12-17 22:09 millert
-
- * CHANGES, BUGS, INSTALL, Makefile.in, OPTIONS, README, check.c,
- compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
- getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
- ins_goons.h, insults.h, interfaces.c, logging.c, options.h,
- parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
- strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c,
- tgetpass.c, utime.c, version.h, visudo.c: ++version
-
-1995-12-17 22:04 millert
-
- * testsudoers.c: added group support
-
-1995-12-17 22:00 millert
-
- * sample.sudoers: added group entry
-
-1995-12-17 21:59 millert
-
- * sudoers.man: documented group support
-
-1995-12-17 21:50 millert
-
- * parse.c, parse.lex, visudo.c, parse.yacc: added group support
-
-1995-12-15 17:45 millert
-
- * check.c: tkfile was too short and overflowed the kerberos realm
-
-1995-12-11 17:09 millert
-
- * sudo.c: now copy command args directly from Argv
-
-1995-12-11 15:55 millert
-
- * sudo.c: replaced code to copy cmnd_args so that is does not use
- realloc since most realloc()'s really stink
-
-1995-12-08 14:11 millert
-
- * configure.in: syslog() fixed in hpux 10.01
-
-1995-12-06 17:45 millert
-
- * configure.in: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS
- if appropriate)
-
-1995-12-06 17:30 millert
-
- * configure.in: better error if cannot find skey incs or libs
-
-1995-12-06 17:26 millert
-
- * aclocal.m4: now use a temp file for determining max len of uid_t
- in string form. the old hacky way broke on netbsd
-
-1995-12-05 19:02 millert
-
- * sudo.c: added set of parens and a space
-
-1995-12-05 18:58 millert
-
- * dce_pwent.c: fixes from Jeff Earickson <jaearick@colby.edu> ,
-
-1995-12-05 18:58 millert
-
- * check.c: modified a comment
-
-1995-12-05 18:57 millert
-
- * Makefile.in: fixed up testsudoers target
-
-1995-12-05 18:56 millert
-
- * configure.in: DCE changes from Jeff Earickson
- <jaearick@colby.edu> LIBS -> SUDO_LIBS and VISUDO_LIBS LDFLAGS ->
- SUDO_FDFLAGS and VISUDO_LDFLAGS
-
-1995-12-05 18:17 millert
-
- * Makefile.in: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS ->
- SUDO_LDFLAGS, VISUDO_LDFLAGS
-
-1995-11-27 23:32 millert
-
- * configure.in: fix for C2 on hpux 10 now uses -linet if it exists
-
-1995-11-27 23:17 millert
-
- * check.c: LONG_SKEY_PROMPT is less of a klusge /
-
-1995-11-27 23:17 millert
-
- * configure.in: fixed typos w/ dce stuff
-
-1995-11-27 23:14 millert
-
- * Makefile.in: added dce_pwent.c
-
-1995-11-26 13:48 millert
-
- * INSTALL: amended section on combining authentication mechanisms
-
-1995-11-26 13:48 millert
-
- * PORTING: minor updates for 1.3.6
-
-1995-11-26 13:47 millert
-
- * TROUBLESHOOTING: added 2 more entries
-
-1995-11-26 13:39 millert
-
- * BUGS: updated for 1.3.6
-
-1995-11-26 13:39 millert
-
- * README: overhauled
-
-1995-11-25 21:23 millert
-
- * INSTALL: rewrote for sudo 1.3.6
-
-1995-11-25 21:23 millert
-
- * TROUBLESHOOTING: added 3 entries
-
-1995-11-25 13:53 millert
-
- * find_path.c, getspwuid.c, sudo.c: added explict casts for strdup
- since many includes don't prototype it. gag me.
-
-1995-11-25 13:23 millert
-
- * sudo.h: removed prototype for sudo_getpwuid() since convex C
- compiler choked on it.
-
-1995-11-25 13:23 millert
-
- * sudo.c: added prototype for sudo_getpwuid()
-
-1995-11-25 13:23 millert
-
- * lsearch.c: now compiles on strict ANSI compilers
-
-1995-11-24 23:56 millert
-
- * check.c: added LONG_SKEY_PROMPT support
-
-1995-11-24 23:55 millert
-
- * Makefile.in: added extra $'s for make to eat up, yum.
-
-1995-11-24 23:38 millert
-
- * OPTIONS, options.h: added LONG_SKEY_PROMPT
-
-1995-11-24 18:48 millert
-
- * check.c: s/key support now works with normal s/key as well as
- logdaemon
-
-1995-11-24 18:46 millert
-
- * options.h, OPTIONS: added SKEY_ONLY
-
-1995-11-24 18:46 millert
-
- * compat.h: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
-
-1995-11-24 00:42 millert
-
- * INSTALL: added DCE note added more AIX notes
-
-1995-11-24 00:39 millert
-
- * sudo.c: now include pthread.h for DCE support
-
-1995-11-23 22:22 millert
-
- * check.c: dce_pwent() is ok after all .,
-
-1995-11-23 22:21 millert
-
- * logging.c: now uses SYSLOG() macro that equates to either
- syslog() or syslog_wrapper
-
-1995-11-23 21:44 millert
-
- * dce_pwent.c: minor formatting changes. renamed check() to
- somthing less generic
-
-1995-11-23 21:27 millert
-
- * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
- visudo.c: now uses user_pw_ent and simple macros to get at the
- contents
-
-1995-11-22 20:35 millert
-
- * check.c: simpler dec unix C2 support
-
-1995-11-22 20:35 millert
-
- * getspwuid.c: now sets crypt_type for DEC unix C2
-
-1995-11-21 18:00 millert
-
- * configure.in: added csops paths for skey
-
-1995-11-21 16:27 millert
-
- * getspwuid.c: now includes string.h for strdup() prototype
-
-1995-11-21 01:47 millert
-
- * getspwuid.c: fixed a few typos
-
-1995-11-20 22:59 millert
-
- * check.c: now includes skey.h
-
-1995-11-20 22:10 millert
-
- * getspwuid.c: fixed up comments
-
-1995-11-20 22:04 millert
-
- * check.c: moved a lot of the shadow passwd crap to sudo_getpwuid()
-
-1995-11-20 22:01 millert
-
- * sudo.c: now uses sudo_pw_ent
-
-1995-11-20 21:50 millert
-
- * testsudoers.c: now uses sudo_pw_ent
-
-1995-11-20 21:40 millert
-
- * visudo.c: now sets sudo_pw_ent
-
-1995-11-20 21:28 millert
-
- * getspwuid.c: Initial revision
-
-1995-11-20 21:28 millert
-
- * tgetpass.c: moved dce stuff into compat.h
-
-1995-11-20 21:27 millert
-
- * sudo.h, logging.c: now uses sudo_pw_ent
-
-1995-11-20 21:27 millert
-
- * Makefile.in: added sudo_getpwuid.c
-
-1995-11-20 21:25 millert
-
- * compat.h: added dce support
-
-1995-11-20 21:13 millert
-
- * parse.yacc: now uses sudo_pw_ent
-
-1995-11-20 14:40 millert
-
- * check.c: fixed exempt_group stuff for OS's that don't put base
- gid in group vector
-
-1995-11-20 01:39 millert
-
- * check.c: S/Key support now works with sunos4 shadow passwords
-
-1995-11-19 22:31 millert
-
- * Makefile.in: fixed clean rule
-
-1995-11-19 22:31 millert
-
- * config.h.in, configure.in: added DCE support
-
-1995-11-19 22:30 millert
-
- * tgetpass.c: DCE & KERB support
-
-1995-11-19 22:30 millert
-
- * check.c: first stab at dce support
-
-1995-11-19 22:24 millert
-
- * dce_pwent.c: now smells like sudo
-
-1995-11-19 22:11 millert
-
- * dce_pwent.c: Initial revision
-
-1995-11-19 21:36 millert
-
- * check.c: skey'd sudo now works w/ normal password as well
-
-1995-11-19 18:37 millert
-
- * Makefile.in, OPTIONS, check.c, compat.h, config.h.in,
- find_path.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
- ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
- options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in,
- putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c,
- tgetpass.c, utime.c, version.h, visudo.c: updated version number
-
-1995-11-19 18:32 millert
-
- * README: updated to reflect version change
-
-1995-11-19 18:27 millert
-
- * configure.in: --with options now line up ++version
-
-1995-11-19 18:26 millert
-
- * sudo.h: removed unecesary S/Key stuff
-
-1995-11-19 18:25 millert
-
- * configure.in: fixed S/Key support
-
-1995-11-19 18:24 millert
-
- * Makefile.in: -I stuff now goes in CPPFLAGS
-
-1995-11-19 18:23 millert
-
- * check.c: fixed SKey support
-
-1995-11-19 15:23 millert
-
- * README: updated version
-
-1995-11-19 13:59 millert
-
- * OPTIONS: fixed description of EXEMPTGROUP
-
-1995-11-19 10:47 millert
-
- * sudo.c: more people use _RLD_ than just alphas...
-
-1995-11-18 21:35 millert
-
- * Makefile.in: replaced $man_prefix with $mandir
-
-1995-11-18 21:30 millert
-
- * configure.in: fixed a typo
-
-1995-11-18 21:28 millert
-
- * Makefile.in: now use more GNU'ish dir names
-
-1995-11-18 21:27 millert
-
- * configure.in: now set *dir correctly (can override from command
- line)
-
-1995-11-18 19:17 millert
-
- * sudo.c: now deal with situations where we getwd() fails
-
-1995-11-17 00:37 millert
-
- * Makefile.in: added etc_dir, bin_dir, sbin_dir
-
-1995-11-17 00:37 millert
-
- * configure.in: added sbin_dir
-
-1995-11-16 21:28 millert
-
- * Makefile.in: now ship a flex-generated lex.yy.c
-
-1995-11-16 21:09 millert
-
- * Makefile.in: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP,
- SUDOERS_OWNER
-
-1995-11-16 21:06 millert
-
- * pathnames.h.in: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now
- overridden via Makefile
-
-1995-11-16 21:05 millert
-
- * options.h: no more error for redefining SUDOERS_OWNER
-
-1995-11-16 21:05 millert
-
- * OPTIONS: expanded SUDOERS_OWNER section
-
-1995-11-16 03:05 millert
-
- * visudo.c: now warn if chown(2) failed
-
-1995-11-16 02:55 millert
-
- * logging.c: better default warning for NO_SUDOERS_FILE
-
-1995-11-16 02:54 millert
-
- * sudo.c: added missing set_perms() no more cryptic message if the
- sudoers file is zero length, now just give a parse error
-
-1995-11-16 02:42 millert
-
- * logging.c: better diagnostics if NO_SUDOERS_FILE
-
-1995-11-16 02:41 millert
-
- * sudo.c: check_sudoers() now catches sudoers files that are not
- readable (but are stat'able).
-
-1995-11-13 01:12 millert
-
- * configure.in: now add -D__STDC__ for convex cc (not gcc)
-
-1995-11-13 00:52 millert
-
- * configure.in: MAN_PREFIX -> man_prefix now sets prefix and
- exec_prefix
-
-1995-11-13 00:52 millert
-
- * Makefile.in: now uses exec_prefix & prefix from configure
-
-1995-11-13 00:16 millert
-
- * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c,
- parse.c, parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c,
- tgetpass.c, utime.c, visudo.c: options.h is now <> instead of ""
- so shadow build trees can have a custom copy of options.h
-
-1995-11-13 00:15 millert
-
- * check.c: user_is_exempt() is no longer a hack, it now uses
- getgrnam()
-
-1995-11-12 23:56 millert
-
- * options.h: EXEMPTGROUP is now "sudo"
-
-1995-11-12 22:25 millert
-
- * configure.in: MAN_POSTINSTALL now contains a leading space
-
-1995-11-12 22:25 millert
-
- * Makefile.in: removed leading tab if @MAN_POSTINSTALL@ not defined
- now removes testsudoers in clean:
-
-1995-11-12 22:24 millert
-
- * tgetpass.c: includes pwd.h to get _PASSWD_LEN definition
-
-1995-10-30 15:51 millert
-
- * sudo.c: unset the KRB_CONF envariable if using kerberos so we
- don't get spoofed into using a bogus server
-
-1995-09-29 17:50 millert
-
- * parse.yacc: now explicately initialize match[] tp be FALSE
-
-1995-09-23 16:48 millert
-
- * sudo.c: removed unused variable now passes -Wall
-
-1995-09-23 16:48 millert
-
- * parse.yacc: yyerror and dumpaliases are now void's now passes
- -Wall
-
-1995-09-23 16:48 millert
-
- * parse.lex: added prototype for yyerror
-
-1995-09-23 16:47 millert
-
- * interfaces.c: rmeoved unused cruft now passes -Wall
-
-1995-09-23 16:47 millert
-
- * check.c, logging.c, parse.c: now passes -Wall
-
-1995-09-23 16:46 millert
-
- * Makefile.in: fixed headers that moved to emul dir
-
-1995-09-23 12:05 millert
-
- * logging.c: fixed deref of nil pointer if no args
-
-1995-09-15 19:18 millert
-
- * OPTIONS: added a caveat to FQDN section
-
-1995-09-13 19:48 millert
-
- * Makefile.in: more $srcdir support for install targets
-
-1995-09-13 17:17 millert
-
- * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc,
- putenv.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c,
- visudo.c: don't include malloc.h if we include stdlib.h
-
-1995-09-12 21:44 millert
-
- * parse.yacc: local search.h now lives in emul
-
-1995-09-12 21:41 millert
-
- * lsearch.c: local search.h now lives in emul
-
-1995-09-12 21:41 millert
-
- * check.c, utime.c: local utime.h now lives in emul dir
-
-1995-09-12 21:38 millert
-
- * Makefile.in: added support for building in other than the
- sourcedir
-
-1995-09-10 14:01 millert
-
- * OPTIONS: annotated CSOPS_INSULTS option
-
-1995-09-10 13:56 millert
-
- * TROUBLESHOOTING: updated shadow passwords blurb
-
-1995-09-09 21:00 millert
-
- * sudo.c: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a
- shell and passes along foo as the arguments
-
-1995-09-09 18:52 millert
-
- * parse.lex: collapsed pathname and dir sections into one -- its
- now less expensive
-
-1995-09-09 18:34 millert
-
- * parse.lex: fixed spacing quoting [,:\\=] now works correctly
- append() and fill() now take args to make the above work
-
-1995-09-08 20:51 millert
-
- * sudo.c: fixed a typo that caused commands with no tty on fd 0 but
- a tty on fd 1 to erroneously have "none" as their tty
-
-1995-09-04 15:35 millert
-
- * check.c: timestampfile is now a global static removed decl of
- timestampfile in remove_timestamp since we can just use the
- global one
-
-1995-09-04 15:28 millert
-
- * check.c: created touch() to update timestamps added
- USE_TTY_TICKETS support (bit of a kludge)
-
-1995-09-04 15:28 millert
-
- * compat.h: added _S_IFDIR and S_ISDIR
-
-1995-09-04 15:22 millert
-
- * OPTIONS, options.h: added USE_TTY_TICKETS
-
-1995-09-04 00:38 millert
-
- * parse.yacc: removed const from casts for lsearch() & lfind() to
- placate irix 4.x C compiler
-
-1995-09-03 14:12 millert
-
- * sudo.c: now only strip '/dev/' off of a tty if it starts with
- '/dev/'
-
-1995-09-03 14:12 millert
-
- * pathnames.h.in: added _PATH_DEV
-
-1995-09-03 14:11 millert
-
- * configure.in: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for
- tcgetattr only if have termios.h
-
-1995-09-03 14:09 millert
-
- * tgetpass.c: fixed incorrect #ifdef termio uses "unsigned short"
- not int for c_?flag
-
-1995-09-03 13:19 millert
-
- * parse.lex, parse.yacc: fixed a spelling error
-
-1995-09-03 13:17 millert
-
- * Makefile.in: fixed typo
-
-1995-09-02 12:55 millert
-
- * Makefile.in: fixed a comment
-
-1995-09-02 12:54 millert
-
- * parse.yacc: added dotcat() to cat 2 strings w/ a dot effeciently
- now that we dynamically allocate strings they need to be free()'d
-
-1995-09-02 12:46 millert
-
- * parse.lex: dynamically allocates space for strings
-
-1995-09-02 12:34 millert
-
- * sudo.h: no more MAXCOMMANDLENGTH
-
-1995-09-01 22:25 millert
-
- * sudo.h: added decl of tty
-
-1995-09-01 22:25 millert
-
- * logging.c, sudo.c: moved tty stuff into sudo.c
-
-1995-09-01 14:18 millert
-
- * parse.c: fixed a logic bug. Was denying a command if user gave
- command line args but there were none in the sudoers file which
- is wrong.
-
-1995-09-01 01:18 millert
-
- * sudo.h: MAXCOMMMANDLEN dropped down to 1K
-
-1995-09-01 01:13 millert
-
- * parse.lex: return foo; -> return(foo);
-
-1995-09-01 01:03 millert
-
- * parse.yacc: fixed netgr_matches() prototype
-
-1995-09-01 01:02 millert
-
- * parse.lex: added support for escaping "termination" characters
-
-1995-09-01 00:55 millert
-
- * parse.c: buf is now of size MAXPATHLEN+1 since it never holds
- command args
-
-1995-09-01 00:50 millert
-
- * sudo.c: fixed comments
-
-1995-09-01 00:49 millert
-
- * goodpath.c: fixed negation problem (doh!)
-
-1995-09-01 00:25 millert
-
- * parse.yacc: fixed 2nd parameter to lfind()
-
-1995-09-01 00:24 millert
-
- * parse.lex: now do bounds checking in fill() and append()
-
-1995-09-01 00:23 millert
-
- * sudo.c: include netdb.h as we should added a missing void cast
- added SHELL_IF_NO_ARGS support now use realloc() properly. would
- fail if realloc actually moved the string instead of shrinking it
-
-1995-09-01 00:17 millert
-
- * sample.sudoers: updated with examples of new features
-
-1995-09-01 00:05 millert
-
- * goodpath.c: now set errno to EACCES if not a regular file or not
- executable
-
-1995-09-01 00:04 millert
-
- * find_path.c: if given a fully-qualified or relative path we now
- check it with sudo_goodpath() and error out with the appropriate
- error message if the file does not exist or is not executable
-
-1995-09-01 00:03 millert
-
- * lsearch.c, emul/search.h: now use correct args for lfind
-
-1995-09-01 00:03 millert
-
- * logging.c: added a comment
-
-1995-08-31 23:52 millert
-
- * insults.h: added in CSOps insults
-
-1995-08-31 23:51 millert
-
- * ins_csops.h: Initial revision
-
-1995-08-31 23:35 millert
-
- * tgetpass.c: added RCS id
-
-1995-08-31 22:56 millert
-
- * sudo.h: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD ->
- HAVE_GETWD
-
-1995-08-31 22:55 millert
-
- * OPTIONS: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
-
-1995-08-31 22:54 millert
-
- * sudo.c: fixed -k load_interfaces() now gets called if FQDN is set
- -p now works with -s
-
-1995-08-31 22:54 millert
-
- * parse.c: don't try to stat() "pseudo commands" like "validate"
-
-1995-08-31 22:53 millert
-
- * options.h: added CLASSIC_INSULTS added CSOPS_INSULTS added
- SHELL_IF_NO_ARGS
-
-1995-08-31 22:53 millert
-
- * configure.in: added SecurID support added other insults to
- --with-csops
-
-1995-08-31 22:52 millert
-
- * config.h.in: added HAVE_SECURID
-
-1995-08-31 22:52 millert
-
- * Makefile.in: added clobber target added ins_csops.h now gets
- CFLAGS from configure
-
-1995-08-31 22:46 millert
-
- * aclocal.m4: relaxed SUDO_FULL_VOID
-
-1995-08-31 22:44 millert
-
- * visudo.c: function comment blocks are now in same style as rest
- of code
-
-1995-08-31 22:44 millert
-
- * testsudoers.c: added support for command line args in
- /etc/sudoers
-
-1995-08-31 22:43 millert
-
- * sudoers.man: updated to have command args in the sudoers file
-
-1995-08-31 22:42 millert
-
- * sudo.man: added -s and -- flags added SHELL to ENVIRONMENT
- VARIABLES section
-
-1995-08-19 19:32 millert
-
- * parse.yacc: PATH renamed to COMMAND
-
-1995-08-19 19:31 millert
-
- * parse.lex: it is now a parse error for directories to have args
- attached to them
-
-1995-08-19 19:30 millert
-
- * logging.c: now say command args if telling user to buzz off
-
-1995-08-19 19:30 millert
-
- * sudo.c: -s no longer indicates end of args sped up loading on
- cmnd_args in load_cmnd()
-
-1995-08-19 19:29 millert
-
- * parse.c: removed an unreachable statement
-
-1995-08-19 17:53 millert
-
- * parse.lex: made more efficient by pulling out the terminators
- when in GOTCMND state and making them their own rule
-
-1995-08-14 00:07 millert
-
- * sudo.h: removed MAXLOGLEN since it is no longer used
-
-1995-08-14 00:07 millert
-
- * parse.lex: now allows command args
-
-1995-08-14 00:06 millert
-
- * parse.c: now groks command arguments
-
-1995-08-13 23:39 millert
-
- * logging.c: now sets tty correctly when piped input
-
-1995-08-13 23:35 millert
-
- * sudo.c: fixed loading of cmnd_args (was including command name
- too)
-
-1995-08-13 23:34 millert
-
- * logging.c: fixed a core dump due to incorrect if construct
-
-1995-08-13 00:33 millert
-
- * configure.in: only add -lsun is irix < 5 don't look for -lnsl or
- -lsocket if irix
-
-1995-08-13 00:33 millert
-
- * aclocal.m4: fixed check for ISC
-
-1995-08-13 00:32 millert
-
- * sudo.c: now sets cmnd_args used by log_error() and that will be
- used by the parse to check against command args
-
-1995-08-13 00:32 millert
-
- * sudo.h: added cmnd_args
-
-1995-08-13 00:31 millert
-
- * logging.c: now dynamically allocate logline since we can guess at
- its size
-
-1995-08-05 13:52 millert
-
- * logging.c: cleaned up a bunch of unnecesary #ifdef's eliminated a
- buffer remove "register" since the compiler knows more than I do
- now do a "basename" of the tty
-
-1995-07-31 18:20 millert
-
- * configure.in: ++version
-
-1995-07-30 22:37 millert
-
- * sudo.h: added shell extern changed MODE_* to be bit masks to
- allow for several options together
-
-1995-07-30 22:36 millert
-
- * sudo.c: added -s (shell) option made MODE_* masks so we can do
- bitwise & and | to see if multiple flags are set.
-
-1995-07-30 22:01 millert
-
- * check.c: added securid support
-
-1995-07-30 14:38 millert
-
- * logging.c: removed a bunch of unnecesary strncpy()'s and replaced
- with strcat()
-
-1995-07-29 17:17 millert
-
- * Makefile.in, version.h: ++version
-
-1995-07-27 06:52 millert
-
- * parse.yacc: fixed free() of an uninitialized pointer (yuck)
-
-1995-07-26 22:00 millert
-
- * testsudoers.c: added netgr_matches
-
-1995-07-26 21:29 millert
-
- * parse.c: cleaned up netgr_matches
-
-1995-07-26 00:26 millert
-
- * RUNSON: updated for 1.3.4
-
-1995-07-24 21:51 millert
-
- * Makefile.in: now installs sudoers.man -- really should clean this
- up though.
-
-1995-07-24 21:18 millert
-
- * Makefile.in: added sudoers.cat and sudoers.man
-
-1995-07-24 21:15 millert
-
- * sudo.man: pulled out stuff on the sudoers file format into a
- separate man page
-
-1995-07-24 21:14 millert
-
- * sudoers.man: Initial revision
-
-1995-07-24 21:04 millert
-
- * HISTORY: fixed up my email address
-
-1995-07-24 20:03 millert
-
- * configure.in: added checks for innetgr and getdomainname
-
-1995-07-24 20:02 millert
-
- * visudo.c: added dummy netgr_matches function
-
-1995-07-24 20:01 millert
-
- * parse.c: added netgr_matches
-
-1995-07-24 20:01 millert
-
- * parse.lex, parse.yacc: added NETGROUP support
-
-1995-07-24 20:01 millert
-
- * config.h.in: added HAVE_INNETGR & HAVE_GETDOMAINNAME
-
-1995-07-24 18:07 millert
-
- * sudo.c: rewrote clean_env() that has rm_env() builtin
-
-1995-07-23 19:58 millert
-
- * check.c: now cast uid to long in sprintf
-
-1995-07-23 19:58 millert
-
- * OPTIONS: added _INSULTS suffix to HAL & GOONS end
-
-1995-07-23 19:57 millert
-
- * options.h: added _INSULTS suffix to HAL & GOONS
-
-1995-07-23 19:35 millert
-
- * ins_2001.h, ins_classic.h, ins_goons.h, insults.h: converted to
- new scheme of insult "unions" end
-
-1995-07-23 17:48 millert
-
- * sudo.c: now uses MAX_UID_T_LEN
-
-1995-07-23 17:48 millert
-
- * configure.in: added SUDO_UID_T_LEN !l
-
-1995-07-23 17:48 millert
-
- * config.h.in: added MAX_UID_T_LEN
-
-1995-07-23 17:47 millert
-
- * check.c: now use MAX_UID_T_LEN
-
-1995-07-23 17:47 millert
-
- * aclocal.m4: added check for max len of uid_t fixed sco vs. isc
- check
-
-1995-07-19 19:05 millert
-
- * configure.in: corrected version
-
-1995-07-19 17:29 millert
-
- * configure.in: added sco support
-
-1995-07-19 17:29 millert
-
- * aclocal.m4: hack to check for sco
-
-1995-07-18 21:27 millert
-
- * interfaces.c: removed #include <net/route.h> since it was hosing
- some OS's
-
-1995-07-18 13:35 millert
-
- * find_path.c: fixed prreadlink() prototype
-
-1995-07-17 23:54 millert
-
- * check.c: added parens in #if's
-
-1995-07-17 23:53 millert
-
- * configure.in: added SPW_ prefix
-
-1995-07-17 23:20 millert
-
- * sudo.h: moved SPW_* to config.h.in
-
-1995-07-17 23:19 millert
-
- * sudo.c: added a set of parens
-
-1995-07-17 23:19 millert
-
- * config.h.in: added SPW_*
-
-1995-07-17 22:50 millert
-
- * sudo.h: added SPW_* reordered error codes
-
-1995-07-17 22:49 millert
-
- * check.c: moved SPW_* to sudo.h
-
-1995-07-17 14:29 millert
-
- * logging.c: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
-
-1995-07-17 14:29 millert
-
- * configure.in: AUTH -> SECUREWARE
-
-1995-07-17 14:29 millert
-
- * check.c, sudo.c: SPW_AUTH -> SPW_SECUREWARE
-
-1995-07-17 00:22 millert
-
- * check.c: now uses SHADOW_TYPE to make shadow pw support more
- readable and modular. It's a start...
-
-1995-07-17 00:21 millert
-
- * configure.in: added autodetection of shadow passwords
-
-1995-07-17 00:20 millert
-
- * sudo.c: now uses SHADOW_TYPE define
-
-1995-07-17 00:19 millert
-
- * config.h.in: added SHADOW_TYPE which replaces SUNOS4 & __svr4__
- defines
-
-1995-07-17 00:19 millert
-
- * aclocal.m4: added SUDO_CHECK_SHADOW
-
-1995-07-12 17:09 millert
-
- * configure.in: define SVR4 for ISC define BROKEN_SYSLOG for hpux
- took out test for memmove() since we dno longer use it...
-
-1995-07-12 17:08 millert
-
- * CHANGES: updated
-
-1995-07-12 17:05 millert
-
- * logging.c: added BROKEN_SYSLOG support
-
-1995-07-12 17:05 millert
-
- * config.h.in: added BROKEN_SYSLOG
-
-1995-07-12 17:04 millert
-
- * check.c: now only bitch it timestamp > time_now + 2 * timeout to
- allow for a machine udpating its time from a server
-
-1995-07-12 17:04 millert
-
- * sudo.man: added 2 security notes updated Nieusma's email addr
-
-1995-07-12 14:18 millert
-
- * lsearch.c: changed a memmove() to memcpy() since we don't have to
- worry about overlapping segments.
-
-1995-07-11 15:41 millert
-
- * interfaces.c: cleanup up the loop when interfaces are groped in
- so that it is readable
-
-1995-07-11 14:52 millert
-
- * Makefile.in, version.h: ++version
-
-1995-07-09 18:17 millert
-
- * CHANGES: annotated 124-126
-
-1995-07-07 16:06 millert
-
- * check.c: fixed permissions check on /tmp/.odus
-
-1995-07-06 19:35 millert
-
- * check.c: fixed some comments
-
-1995-07-06 14:49 millert
-
- * check.c: now checks owner & mode of timedir also checks for bogus
- dates on timestamp file
-
-1995-07-06 14:49 millert
-
- * OPTIONS: updated TIMEOUT info
-
-1995-07-06 14:48 millert
-
- * logging.c, sudo.h: added BAD_STAMPDIR and BAD_STAMPFILE
-
-1995-07-06 14:47 millert
-
- * compat.h: added definition of S_IRWXU
-
-1995-07-06 14:47 millert
-
- * CHANGES: updated
-
-1995-07-03 14:16 millert
-
- * interfaces.c: added #ifdef to make it compile on strange arches
-
-1995-07-02 18:13 millert
-
- * aclocal.m4: fixed check for fulkl void impl.
-
-1995-07-02 09:56 millert
-
- * check.c: added mssing "static"
-
-1995-07-01 20:41 millert
-
- * insults.h: replaced #elif with #else #if constructs for ancient C
- compilers
-
-1995-07-01 20:18 millert
-
- * INSTALL: updated irix c2 & kerb5 info
-
-1995-07-01 20:15 millert
-
- * configure.in: added shadow pw support for irix
-
-1995-07-01 16:07 millert
-
- * CHANGES: last changes for sudo 1.3.3
-
-1995-07-01 16:07 millert
-
- * TODO, BUGS: updated
-
-1995-07-01 16:04 millert
-
- * configure.in: now calls SUDO_SOCK_SA_LEN
-
-1995-07-01 16:04 millert
-
- * config.h.in: added HAVE_SA_LEN
-
-1995-07-01 16:04 millert
-
- * aclocal.m4: added SUDO_SOCK_SA_LEN
-
-1995-07-01 15:49 millert
-
- * interfaces.c: now works with ip implementations that use sa_len
- in sockaddr
-
-1995-07-01 14:26 millert
-
- * INSTALL: added note about buggy AIX compiler
-
-1995-07-01 14:24 millert
-
- * interfaces.c: now include sys/time.h for AIX
-
-1995-06-27 22:35 millert
-
- * Makefile.in: getcwd -> getwd
-
-1995-06-27 21:28 millert
-
- * interfaces.c: now works for ISC and others. yay.
-
-1995-06-26 14:24 millert
-
- * Makefile.in, version.h: version++
-
-1995-06-22 20:26 millert
-
- * aclocal.m4: fixed test for full void impl
-
-1995-06-22 20:25 millert
-
- * sudo.c: now check to see that st_dev is non-zero before assuming
- that we are being spoofed
-
-1995-06-20 16:56 millert
-
- * aclocal.m4, configure.in: SUDO_FUNC_UTIME_NULL ->
- AC_FUNC_UTIME_NULL
-
-1995-06-19 16:32 millert
-
- * aclocal.m4: fixed include file order for SUDO_FUNC_UTIME_POSIX
-
-1995-06-19 16:10 millert
-
- * logging.c: added cast for ttyname()
-
-1995-06-19 15:23 millert
-
- * configure.in: fixed typo
-
-1995-06-19 15:19 millert
-
- * check.c: now deal correctly with all known variation of utime()
- -- yippe
-
-1995-06-19 15:19 millert
-
- * configure.in: added SUDO_FUNC_UTIME_POSIX
-
-1995-06-19 15:19 millert
-
- * aclocal.m4: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
-
-1995-06-19 15:14 millert
-
- * config.h.in: added HAVE_UTIME_POSIX
-
-1995-06-19 13:38 millert
-
- * check.c: fixed a typo
-
-1995-06-19 13:29 millert
-
- * check.c: no longer assume !HAVE_UTIME_NULL means old BSD utime()
-
-1995-06-19 13:20 millert
-
- * check.c: fixed fascist C compiler warning
-
-1995-06-18 23:14 millert
-
- * interfaces.c: now set strioctl.ic_timout in STRSET() now
- initialize num_interfaces to 0 (just to be anal)
-
-1995-06-18 18:06 millert
-
- * sudo.h: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
-
-1995-06-18 18:05 millert
-
- * logging.c: added tty logging
-
-1995-06-18 16:04 millert
-
- * interfaces.c: reworked the ISC code
-
-1995-06-18 15:27 millert
-
- * Makefile.in, version.h: updated version
-
-1995-06-18 15:24 millert
-
- * check.c: now expect old-style utime(3) if utime() can't take NULL
- as an arg
-
-1995-06-18 15:08 millert
-
- * configure.in: added check for utime.h
-
-1995-06-18 15:08 millert
-
- * config.h.in: added HAVE_UTIME_H
-
-1995-06-18 14:48 millert
-
- * Makefile.in: added CPPFLAGS STATIC_FLAGS -> LDFLAGS
-
-1995-06-18 13:58 millert
-
- * configure.in: now search for kerb libs and includes
-
-1995-06-18 13:03 millert
-
- * check.c: added support for utime(2)'s that can't take a NULL
- parameter
-
-1995-06-18 13:03 millert
-
- * utime.c: moved HAVE_UTIME_NULL stuff to update_timestamp() where
- t belongs
-
-1995-06-17 20:46 millert
-
- * configure.in: added utime(s) stuff
-
-1995-06-17 20:46 millert
-
- * check.c: now use utime()
-
-1995-06-17 20:46 millert
-
- * config.h.in: added HAVE_UTIME and HAVE_UTIME_NULL
-
-1995-06-17 19:12 millert
-
- * utime.c: now use HAVE_UTIME_NULL
-
-1995-06-17 19:02 millert
-
- * utime.c, emul/utime.h: Initial revision
-
-1995-06-17 18:24 millert
-
- * check.c: need to setuid(0) to make kerb4 stuff work.
-
-1995-06-17 18:14 millert
-
- * tgetpass.c: no more special case for kerberos
-
-1995-06-17 18:13 millert
-
- * config.h.in: took out setreuid and setresuid stuff added kerb5
- stuff (use kerb4 emulation)
-
-1995-06-17 18:13 millert
-
- * compat.h: no longer need setreuid() emulation now set _PASSWD_LEN
- to 128 if kerberos
-
-1995-06-17 18:12 millert
-
- * check.c: now use private ticket file for kerberos support to
- avoid trouncing on system one
-
-1995-06-15 00:48 millert
-
- * sudo.h: added SPOOF_ATTEMPT & cmnd_st
-
-1995-06-15 00:47 millert
-
- * sudo.c: added anti-spoofing support
-
-1995-06-15 00:47 millert
-
- * parse.c: now use global cmnd_st
-
-1995-06-15 00:47 millert
-
- * logging.c: added SPOOF_ATTEMPT suypport
-
-1995-06-14 23:41 millert
-
- * testsudoers.c, visudo.c: added void casts where appropriate
-
-1995-06-14 23:40 millert
-
- * parse.yacc: fixed up spacing and added void casts where
- appropriate
-
-1995-06-14 23:27 millert
-
- * sudo.c: fixed problem with "-p prompt" but no args
-
-1995-06-14 04:43 millert
-
- * sudo.man: added BUGS and annotated -l description
-
-1995-06-14 04:43 millert
-
- * sudo.h: validate() now takes a flag
-
-1995-06-14 04:43 millert
-
- * sudo.c: validate() now takes a flag added -l
-
-1995-06-14 04:42 millert
-
- * parse.yacc: added support for -l
-
-1995-06-14 04:41 millert
-
- * parse.c: validate() now takes a flag that says whether or not to
- check the command
-
-1995-06-07 21:36 millert
-
- * logging.c: now deals with Argv == 1
-
-1995-06-07 21:34 millert
-
- * sudo.man: added -p option
-
-1995-06-07 21:27 millert
-
- * sudo.c: added prompt support reworked parse_args()
-
-1995-06-07 20:49 millert
-
- * sudo.h: added prompt
-
-1995-06-07 20:49 millert
-
- * options.h: added PASSPROMPT
-
-1995-06-07 20:48 millert
-
- * check.c: now use BUFSIZ as length of kerb password added kpass so
- pass is always a char * now use prompt global when asking for a
- password
-
-1995-06-07 20:47 millert
-
- * tgetpass.c: now use BUFSIZ as _PASSWD_LEN if using kerberos
-
-1995-06-07 20:43 millert
-
- * OPTIONS: added PASSPROMPT
-
-1995-06-07 01:44 millert
-
- * configure.in: only look for -lufc or -lcrypt if crypt() not in
- libc
-
-1995-06-07 01:43 millert
-
- * check.c: don't exit on kerb error, just warn if k_errno ==
- KDC_PR_UNKNOWN (unknown user) silently fail
-
-1995-06-06 22:44 millert
-
- * INSTALL: added kerb4 note
-
-1995-06-06 22:43 millert
-
- * tgetpass.c: HAVE_KERBEROS -> HAVE_KERB4
-
-1995-06-06 22:41 millert
-
- * check.c: removed debugging printf
-
-1995-06-06 22:33 millert
-
- * configure.in: KERBEROS -> KERB4 added checks for setreuid &
- setresuid
-
-1995-06-06 22:32 millert
-
- * config.h.in: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and
- HAVE_SETRESUID
-
-1995-06-06 22:32 millert
-
- * compat.h: added deif of UID_NO_CHANGE & GID_NO_CHANGE added
- setreuid emulation with setresuid if applic
-
-1995-06-06 22:31 millert
-
- * check.c: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid
- chown() hack if no setreuid() or a broken one
-
-1995-06-05 23:44 millert
-
- * config.h.in: added HAVE_KERBEROS
-
-1995-06-05 23:43 millert
-
- * tgetpass.c: added KERBEROS support (long passwords)
-
-1995-06-05 23:42 millert
-
- * check.c, configure.in: added kerberos support
-
-1995-06-03 19:36 millert
-
- * sudo.h: added MODE_BACKGROUND
-
-1995-06-03 19:36 millert
-
- * sudo.man: escaped dashes added -b option
-
-1995-06-03 19:34 millert
-
- * sudo.c: added -b option
-
-1995-06-03 18:52 millert
-
- * check.c: added crypt() for osf/1 3.x enhanced secuiry
-
-1995-06-03 18:18 millert
-
- * configure.in: now check for -lcrypt
-
-1995-06-03 18:00 millert
-
- * interfaces.c: added ENXIO like EADDRNOTAVAIL
-
-1995-05-07 23:14 millert
-
- * configure.in: now emulate getwd(), not getcwd()
-
-1995-05-07 23:13 millert
-
- * sudo.c: getcwd() -> getwd()
-
-1995-05-07 23:12 millert
-
- * getwd.c: getcwd -> getwd
-
-1995-05-02 01:34 millert
-
- * ins_2001.h, ins_classic.h, ins_goons.h: Initial revision
-
-1995-05-02 01:34 millert
-
- * insults.h: broke out insults into separate include files
-
-1995-05-02 01:32 millert
-
- * options.h, OPTIONS: added GOONS
-
-1995-05-02 01:32 millert
-
- * Makefile.in: added ins_2001.h ins_classic.h ins_goons.h
-
-1995-05-01 23:34 millert
-
- * Makefile.in, version.h: ++version
-
-1995-05-01 23:34 millert
-
- * visudo.c: moved signal handler setup to setup_signals()
-
-1995-05-01 23:33 millert
-
- * sudo.h: added load_interfaces()
-
-1995-05-01 23:33 millert
-
- * sudo.c: moved load_interfaces to interfaces.c
-
-1995-05-01 23:33 millert
-
- * parse.yacc: added clearaliases
-
-1995-05-01 23:33 millert
-
- * OPTIONS, options.h: added FAST_MATCH
-
-1995-05-01 23:32 millert
-
- * parse.lex: now uses clearaliases variable
-
-1995-05-01 23:31 millert
-
- * interfaces.c: Initial revision
-
-1995-05-01 23:31 millert
-
- * Makefile.in: added interfaces.[co]
-
-1995-05-01 23:30 millert
-
- * testsudoers.c: now uses ip addrs and netmasks via
- load_interfaces()
-
-1995-05-01 22:47 millert
-
- * sudo.c: now remove IFS instead of setting to "sane" value
-
-1995-05-01 16:30 millert
-
- * parse.c: added FAST_MATCH
-
-1995-04-29 20:19 millert
-
- * Makefile.in: sudo_goodpath.c-> goodpath.c
-
-1995-04-29 20:15 millert
-
- * sudo.c: added Andy's new ISC changes
-
-1995-04-14 14:06 millert
-
- * OPTIONS: added a sentence to SECURE_PATH info
-
-1995-04-14 13:57 millert
-
- * BUGS: added one
-
-1995-04-14 13:54 millert
-
- * RUNSON, CHANGES: updated
-
-1995-04-13 17:04 millert
-
- * RUNSON: updated for beta3
-
-1995-04-13 14:32 millert
-
- * Makefile.in, version.h: ++version
-
-1995-04-13 13:56 millert
-
- * aclocal.m4: sendmail is now looked for in \17/usr/ucblib
-
-1995-04-13 13:54 millert
-
- * sudo.c: fixed indentation
-
-1995-04-13 13:35 millert
-
- * aclocal.m4: fixed a typo
-
-1995-04-13 13:19 millert
-
- * sudo.c: updated ISC mods
-
-1995-04-13 13:19 millert
-
- * configure.in: added unixware case
-
-1995-04-13 13:19 millert
-
- * check.c: user_is_exempt is no longer hidden
-
-1995-04-13 13:19 millert
-
- * RUNSON: updated
-
-1995-04-13 13:19 millert
-
- * aclocal.m4: isc and riscos changes
-
-1995-04-13 13:18 millert
-
- * OPTIONS: added NOTE about new interaction of EXEMPTGROUP and
- SECURE_PATH
-
-1995-04-13 13:18 millert
-
- * Makefile.in: fixed a typo and added testsudoers stuff
-
-1995-04-13 12:34 millert
-
- * testsudoers.c: Initial revision
-
-1995-04-12 19:31 millert
-
- * parse.yacc: applied fixed patch from Chris
-
-1995-04-11 14:30 millert
-
- * Makefile.in: fixed a typo
-
-1995-04-11 14:14 millert
-
- * parse.yacc: added a set of braces for bison
-
-1995-04-11 14:01 millert
-
- * parse.yacc: merged in Chris' changes to dekludge the parser.
-
-1995-04-11 00:38 millert
-
- * logging.c: send_mail() was calling find_path() which is wrong
- since find_path() stores cmnd in a static var. Anyhow, it
- doesn't make much sense since MAILER should always be fully
- qualified
-
-1995-04-10 19:51 millert
-
- * sample.sudoers: added User_Alias stuff
-
-1995-04-10 19:50 millert
-
- * aclocal.m4: SUDO_NEXT now looks for
- /usr/lib/NextStep/software_version
-
-1995-04-10 19:50 millert
-
- * RUNSON: added DEC UNIX 3.0 w/ gcc
-
-1995-04-10 19:49 millert
-
- * visudo.c: Exit was being used in places where exit should be used
-
-1995-04-10 19:44 millert
-
- * sudoers: added "User alias specification"
-
-1995-04-10 18:04 millert
-
- * parse.yacc: fixed probs caused by making nslots and naliases a
- size_t
-
-1995-04-10 15:09 millert
-
- * RUNSON: added KSR, upped rev to 1.3.1b2
-
-1995-04-10 15:07 millert
-
- * logging.c, parse.yacc: 1024 -> BUFSIZ
-
-1995-04-10 15:05 millert
-
- * parse.yacc: void * -> VOID * naliases and nslots are now size_t
- to appease lsearch on 64-bit machines
-
-1995-04-09 19:30 millert
-
- * TODO: did a bunch of things and added a bunch :-)
-
-1995-04-09 19:30 millert
-
- * PORTING: updated
-
-1995-04-09 19:24 millert
-
- * visudo.man: closer to BSD manpage style
-
-1995-04-09 19:15 millert
-
- * sudo.man: closer to standard BSD man format
-
-1995-04-09 18:58 millert
-
- * compat.h, config.h.in, insults.h, options.h, pathnames.h.in,
- sudo.h, version.h, emul/search.h: added RCS id
-
-1995-04-09 17:35 millert
-
- * sudo.h: removed crufty #defines that are no longer used
-
-1995-04-09 17:13 millert
-
- * BUGS: fixed a bug
-
-1995-04-09 17:12 millert
-
- * sudo.man: updated based on sudo changes
-
-1995-04-09 17:11 millert
-
- * parse.yacc: now allow ALL keyword in User_Aliases now allow ALL
- keyword as well as a NAME or ALIAS
-
-1995-04-09 17:11 millert
-
- * CHANGES: updated
-
-1995-04-09 17:04 millert
-
- * sudo.c: now sets SUDO_COMMAND and SUDO_GID envariables.
-
-1995-04-09 15:24 millert
-
- * aclocal.m4: fixed bug with full void impl check
-
-1995-04-08 23:11 millert
-
- * parse.yacc: fixed User_Alias supoprt
-
-1995-04-08 22:27 millert
-
- * parse.yacc: added stubs for User_Alias support
-
-1995-04-08 22:27 millert
-
- * sudo.c: now sets removes # bogus interfaces from num_interfaces
-
-1995-04-08 22:26 millert
-
- * parse.lex: added User_Alias support
-
-1995-04-07 21:10 millert
-
- * Makefile.in: removed extraneous TODO
-
-1995-04-07 19:48 millert
-
- * visudo.c: ntwk_matches -> addr_matches
-
-1995-04-07 15:38 millert
-
- * parse.yacc: ntwk_matches -> addr_matches
-
-1995-04-07 15:37 millert
-
- * parse.c: ntwk_matches -> addr_matches now use inet_addr() not
- inet_network() (which expects octet boundaries) fixes for OSF
- (sizeof(int) != sizeof(long))
-
-1995-04-07 15:08 millert
-
- * sudo.c: took out debugging info
-
-1995-04-06 23:45 millert
-
- * aclocal.m4: OS was being set to unknown before non-uname based
- host checks. This caused no checks to happen since $OS was not
- zero-length.
-
-1995-04-06 23:30 millert
-
- * sudo.c: fixed loading of interfaces struct still has debugging
- info in though
-
-1995-04-06 22:23 millert
-
- * parse.c: fixed typo
-
-1995-04-06 16:17 millert
-
- * Makefile.in: ++version
-
-1995-04-06 16:16 millert
-
- * version.h: ++
-
-1995-04-06 16:16 millert
-
- * visudo.c: removed extraneous extern decl of "top
-
-1995-04-06 16:14 millert
-
- * visudo.c: now zeros "top"
-
-1995-04-06 16:13 millert
-
- * parse.yacc: removed parser_cleanup (no need for it now)
-
-1995-04-06 16:13 millert
-
- * parse.lex: now calls reset_aliases() directly
-
-1995-04-04 18:21 millert
-
- * OPTIONS: added a sentence to SECURE_PATH description
-
-1995-04-04 18:17 millert
-
- * parse.c: fixed my stupid bug where I used NAMLEN on something I
- wanted to just get the name from. argh.
-
-1995-04-03 16:58 millert
-
- * lsearch.c: fixed argument order of memmove() that i hosed when
- converting from bcopy(). arghh.
-
-1995-04-03 15:33 millert
-
- * Makefile.in: finally fixed DISTFILES line
-
-1995-04-03 15:21 millert
-
- * Makefile.in: tabs -> spaces
-
-1995-04-03 15:15 millert
-
- * Makefile.in: added missing files to DISTFILES
-
-1995-04-03 14:50 millert
-
- * Makefile.in: SUPPORTED -> RUNSON
-
-1995-04-01 03:12 millert
-
- * TODO: updated
-
-1995-04-01 01:54 millert
-
- * RUNSON: updated for pl5b1 release
-
-1995-04-01 01:53 millert
-
- * BUGS, TODO: updated
-
-1995-04-01 01:52 millert
-
- * check.c: fixed bug where if you hit return at first sudo prompt
- it would still log as a failure
-
-1995-04-01 01:29 millert
-
- * CHANGES: updated
-
-1995-04-01 01:25 millert
-
- * aclocal.m4: better test for bogus void * implementation
-
-1995-03-31 20:33 millert
-
- * logging.c: added PASSWORDS_NOT_CORRECT
-
-1995-03-31 20:32 millert
-
- * check.c: added PASSWORDS_NOT_CORRECT stuff]
-
-1995-03-31 20:30 millert
-
- * sudo.h: added PASSWORDS_NOT_CORRECT
-
-1995-03-31 19:16 millert
-
- * tgetpass.c: moved pathnames.h
-
-1995-03-31 19:16 millert
-
- * sudo.c: removed some unused vars and fixed up uid2str
-
-1995-03-31 19:15 millert
-
- * putenv.c: moved compat.h
-
-1995-03-31 19:14 millert
-
- * getcwd.c, getwd.c: added pathnames.h
-
-1995-03-31 18:18 millert
-
- * parse.yacc: fixed a typo I introduced in the last checkin :-(
-
-1995-03-31 18:11 millert
-
- * parse.lex: can't have #ifdef's where N is defined so just do this
- the broken way for AIX
-
-1995-03-31 18:08 millert
-
- * parse.yacc: better hack from Chris (but still a hack)
-
-1995-03-31 18:05 millert
-
- * parse.lex: stupid hack for broken aix lex
-
-1995-03-31 17:47 millert
-
- * tgetpass.c: now includes compat.h \ 6
-
-1995-03-31 17:27 millert
-
- * visudo.c: now includes fcntl.h
-
-1995-03-31 17:27 millert
-
- * compat.h: added FD_SET and FD_ZERO for 4.2BSD
-
-1995-03-31 16:12 millert
-
- * parse.yacc: dirty hack to fix parser bug. i don't really like
- this but it works for now...
-
-1995-03-31 16:12 millert
-
- * sudo.c: uid2str is now static like the prototype says
-
-1995-03-29 23:48 millert
-
- * RUNSON: Initial revision
-
-1995-03-29 23:47 millert
-
- * TODO, CHANGES, SUPPORTED, TROUBLESHOOTING: updated
-
-1995-03-29 23:46 millert
-
- * sudo.c: check_sudoers now returns an error code and sudo calls
- inform_user and log_error based on the return value.
-
-1995-03-29 23:45 millert
-
- * logging.c, sudo.h: added entries for new errors
-
-1995-03-29 23:03 millert
-
- * parse.c: now set uid to that of SUDOERS_OWNER while parsing
- sudoers file
-
-1995-03-29 22:52 millert
-
- * Makefile.in: took out testsudoers \ 6
-
-1995-03-29 22:36 millert
-
- * sudo.c: now explicately checks that it is setuid root
-
-1995-03-29 22:28 millert
-
- * sudo.c: If a user has no passwd entry sudo would segv (writing to
- a garbage pointer). Now allocate space before writing :-)
-
-1995-03-29 22:06 millert
-
- * configure.in: reordered AC_CHECK_FUNCS
-
-1995-03-29 22:06 millert
-
- * config.h.in: fixed memset macro
-
-1995-03-29 21:47 millert
-
- * logging.c: bzero -> memset when a parse error is logged the line
- number of the error is now logged too
-
-1995-03-29 21:46 millert
-
- * tgetpass.c, visudo.c: bzero -> memset
-
-1995-03-29 21:46 millert
-
- * INSTALL: added Sunos to blurb about c2 security
-
-1995-03-29 21:45 millert
-
- * configure.in: added a SUN4 define for C2 security
-
-1995-03-29 21:44 millert
-
- * config.h.in: bcopy -> memmove bzero -> memset
-
-1995-03-29 21:43 millert
-
- * lsearch.c: bcopy -> memmove char * -> VOID *
-
-1995-03-29 21:30 millert
-
- * check.c: added support for sunos with C2 security
-
-1995-03-29 21:12 millert
-
- * OPTIONS, options.h: reordered
-
-1995-03-29 21:12 millert
-
- * pathnames.h.in: _PATH_SUDO_LOGFILE now set based on configure
-
-1995-03-29 21:12 millert
-
- * configure.in: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
-
-1995-03-29 21:12 millert
-
- * config.h.in: added _SUDO_PATH_LOGFILE
-
-1995-03-29 21:11 millert
-
- * aclocal.m4: added SUDO_LOGFILE to find where to put sudo.log
- added SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h
- too) added SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
-
-1995-03-29 18:17 millert
-
- * TROUBLESHOOTING: Initial revision
-
-1995-03-29 17:59 millert
-
- * sudo.c: now do set_perms(PERM_ROOT) before the getpwuid() in
- load_global() to work around a problem is trusted hpux shadow
- passwords. yuck.
-
-1995-03-29 17:41 millert
-
- * parse.yacc: backed out a change in malloc/realloc
-
-1995-03-29 17:38 millert
-
- * parse.yacc: now include stdlib.h
-
-1995-03-29 17:22 millert
-
- * visudo.c: now do an freopen() of the stmp file so that yyin will
- always point to the same thing. This is important for flex since
- we are doing a YY_NEWFILE
-
-1995-03-29 17:20 millert
-
- * parse.yacc: replaced yywrap() with parser_cleanup() since
- yywrap() needs to be in parse.lex to be able to use YY_NEW_FILE.
- sigh.
-
-1995-03-29 17:18 millert
-
- * parse.lex: now have a rule that matches anything that doesn't
- match an explicite rule. well, you know what i mean (. matches
- anything not yet matched). However, this means that there is
- input still queued up so we need to do a YY_NEW_FILE; in yywrap.
- So, yywrap has moved into parse.lex and it calls parser_cleanup()
- which is most of the old yywrap() sigh.
-
-1995-03-29 17:17 millert
-
- * SUPPORTED: no longer used
-
-1995-03-29 16:13 millert
-
- * getcwd.c, getwd.c: moved compat.h to be the last include file
-
-1995-03-29 16:11 millert
-
- * parse.yacc: fixed type of aliascmp() args
-
-1995-03-29 15:58 millert
-
- * find_path.c: NULL -> '\0'
-
-1995-03-29 15:42 millert
-
- * parse.yacc: added casts to lfind and lsearch args for irix
-
-1995-03-29 08:20 millert
-
- * Makefile.in: bsdinstall -> install-sh
-
-1995-03-29 08:20 millert
-
- * INSTALL: added info about make realclean
-
-1995-03-29 08:17 millert
-
- * Makefile.in: updated VERSION added dependencies for visudo.cat
-
-1995-03-29 08:17 millert
-
- * version.h: -> pl5b1
-
-1995-03-29 08:16 millert
-
- * sudo.c: took out -l
-
-1995-03-29 00:03 millert
-
- * Makefile.in: now there is a real visudo.man and visudo.cat
-
-1995-03-28 23:54 millert
-
- * sudo.man: took out visudo stuff
-
-1995-03-28 23:54 millert
-
- * visudo.man: Initial revision
-
-1995-03-28 23:12 millert
-
- * parse.c, parse.lex, parse.yacc: updated copyright
-
-1995-03-28 23:05 millert
-
- * README: updated for pl5
-
-1995-03-28 20:02 millert
-
- * sudo.man: updated Nieusma & Hieb email addresses
-
-1995-03-28 19:57 millert
-
- * INSTALL: updated to include options.h and OPTIONS
-
-1995-03-28 19:35 millert
-
- * CHANGES, TODO: updated
-
-1995-03-28 19:35 millert
-
- * BUGS: eliminated bug #1 (yay)
-
-1995-03-28 19:31 millert
-
- * configure.in: sunos no longer gets linked statically
-
-1995-03-28 18:58 millert
-
- * parse.lex: prototype now uses __P()
-
-1995-03-28 18:49 millert
-
- * parse.lex: make fill() non-ansi
-
-1995-03-28 15:26 millert
-
- * parse.c: made -v (validate) work
-
-1995-03-28 15:26 millert
-
- * logging.c: now gives host
-
-1995-03-28 10:34 millert
-
- * find_path.c: don't check for execute/statable if fq or relative
- path given
-
-1995-03-28 01:07 millert
-
- * parse.c: added a cast
-
-1995-03-28 00:49 millert
-
- * visudo.c: now include ctype.h for islower and tolower macros
-
-1995-03-28 00:48 millert
-
- * goodpath.c: moved _S_IFMT & _S_ISREG to compat.h
-
-1995-03-28 00:48 millert
-
- * sudo.c: moved a set of parens
-
-1995-03-28 00:48 millert
-
- * strdup.c: now include compat.h
-
-1995-03-28 00:47 millert
-
- * parse.yacc: now cast malloc & realloc return vals added search
- for HAVE_LSEARCH now use strcmp if no strcasecmp available
-
-1995-03-28 00:46 millert
-
- * lsearch.c, emul/search.h: void * -> VOID *
-
-1995-03-28 00:45 millert
-
- * config.h.in: removed HAVE_FLEX added VOID added HAVE_DIRENT_H,
- HAVE_SYS_NDIR_H, HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
-
-1995-03-28 00:44 millert
-
- * compat.h: added _S_IFMT, _S_IFREG, and S_ISREG
-
-1995-03-28 00:44 millert
-
- * aclocal.m4: took out SUDO_PROG_INSTALL 1.x to 2.x changes added
- echo and results to most SUDO_* macros
-
-1995-03-28 00:43 millert
-
- * Makefile.in: no more -I.
-
-1995-03-28 00:22 millert
-
- * configure.in: various 1.x ro 2.x autoconf changes now check for
- strcasecmp now use AC_INSTALL_PROG instead of custom one added
- check for fully woorking void implementation
-
-1995-03-28 00:02 millert
-
- * Makefile.in: added lsearch & search.h visudo links into
- $(LIBOBJS)
-
-1995-03-27 23:43 millert
-
- * aclocal.m4: partial 1.x to 2.x changes added SUDO_FULL_VOID
-
-1995-03-27 23:40 millert
-
- * visudo.c: whatnow_help was prototyped to be static be was not
- declared as such
-
-1995-03-27 21:15 millert
-
- * configure.in: autoconf 2.x changes took out HAVE_FLEX (no longer
- used) added check for dirent/dir/ndir.h
-
-1995-03-27 21:09 millert
-
- * parse.c: now use groovy gnu autoconf macro AC_HEADER_DIRENT
-
-1995-03-27 20:38 millert
-
- * getcwd.c, getwd.c: MAXPATHLEN -> MAXPATHLEN+1
-
-1995-03-27 20:23 millert
-
- * emul/search.h, lsearch.c: Initial revision
-
-1995-03-27 18:26 millert
-
- * parse.yacc: eliminated bison warnings
-
-1995-03-27 17:10 millert
-
- * parse.lex: added missing case
-
-1995-03-27 17:04 millert
-
- * visudo.c: now iincludes signal.h
-
-1995-03-27 15:16 millert
-
- * parse.yacc: only clear data structures on a parse error
-
-1995-03-27 15:01 millert
-
- * visudo.c: whatnow() now gives help on invalid input
-
-1995-03-27 14:54 millert
-
- * visudo.c: added a whatnow() function (sort of like mh)
-
-1995-03-27 14:53 millert
-
- * parse.yacc: kill_aliases -> reset_aliases yywrap() now cleans up
- by calling reset_aliases() and clearing top took reset stuff out
- of yyerror() since it doesn't beling there (and doesn't work
- anyway). errorlineno is now initially set to -1 so we can set it
- to the first error that occurrs (it was getting set to the last)
-
-1995-03-27 14:53 millert
-
- * parse.lex: added a void cast
-
-1995-03-27 13:26 millert
-
- * visudo.c: rewrote from scratch based on 4.3BSD vipw.c
-
-1995-03-26 01:33 millert
-
- * sudo.c, sudo.h: removed ocmnd
-
-1995-03-26 01:19 millert
-
- * sudo.h: no more sudo_realpath() and find_path() changed params
-
-1995-03-26 01:19 millert
-
- * sudo.c: find_path() changed since no more realpath()
-
-1995-03-26 01:18 millert
-
- * parse.yacc: on error, errorlineno is set to the line where the
- error occurred added kill_aliases() to free the aliases struct
- now clean up in yyerror() so we can reparse cleanly
-
-1995-03-26 01:17 millert
-
- * logging.c: changed to use new find_path()
-
-1995-03-26 01:17 millert
-
- * options.h, parse.c: no more USE_REALPATH
-
-1995-03-26 01:16 millert
-
- * find_path.c: removed all the realpath() stuff
-
-1995-03-26 01:16 millert
-
- * Makefile.in: sudo_realpath.c -> sudo_goodpath.c
-
-1995-03-26 01:12 millert
-
- * visudo.c: now works correctly with utk parser
-
-1995-03-26 00:04 millert
-
- * goodpath.c: Initial revision
-
-1995-03-25 23:23 millert
-
- * sudo_realpath.c: eliminated a compiler warning
-
-1995-03-25 21:56 millert
-
- * sudo.c: elinated compiler warning
-
-1995-03-25 20:40 millert
-
- * sudo_realpath.c: added sudo_goodpath()
-
-1995-03-25 20:40 millert
-
- * sudo.h: added prototype for sudo_goodpath
-
-1995-03-25 20:39 millert
-
- * parse.c: added support for /sys/dir.h
-
-1995-03-25 20:39 millert
-
- * options.h: USE_REALPATH turned off
-
-1995-03-25 20:39 millert
-
- * find_path.c: added calls to sudo_goodpath()
-
-1995-03-25 20:39 millert
-
- * configure.in: added check for dirent.h
-
-1995-03-25 20:38 millert
-
- * config.h.in: added HAVE_DIRENT_H
-
-1995-03-25 19:27 millert
-
- * configure.in: added in linux shadow pass stuff \ 6
-
-1995-03-24 14:43 millert
-
- * visudo.c: added back host, user, cmnd, parse_error
-
-1995-03-24 14:19 millert
-
- * visudo.c: added in utk changes plus some minor cosmetic changes
-
-1995-03-24 14:17 millert
-
- * sudo.c, sudo_realpath.c: added void casts for printf's
-
-1995-03-24 14:17 millert
-
- * options.h: added a define of USE_REALPATH
-
-1995-03-24 14:17 millert
-
- * configure.in: there is no more visudoers/Makefile
-
-1995-03-24 14:16 millert
-
- * Makefile.in: added in utk changes (visudo is now built from the
- toplevel)
-
-1995-03-24 14:15 millert
-
- * find_path.c: added (void) casts to printf's
-
-1995-03-23 22:32 millert
-
- * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c: merged
- in utk changes
-
-1995-03-22 23:13 millert
-
- * find_path.c: now check to see that what we are trying to run is a
- file (or a link to a file, we do a stat(2) so there is no diff)
-
-1995-03-13 15:56 millert
-
- * CHANGES: updated
-
-1995-03-13 15:56 millert
-
- * Makefile.in: aclocal.m4 -> acsite.m4 make realclean updated for
- new autoconf \ 6
-
-1995-03-13 15:11 millert
-
- * sudo.man: added myself as maintainer
-
-1995-02-16 23:31 millert
-
- * sudo.c: changed setegid -> setgid
-
-1995-02-06 17:43 millert
-
- * configure.in: fixed the test for irix 5.x to skip bad libs
-
-1995-02-06 17:43 millert
-
- * aclocal.m4: now initialize OS and OSREV
-
-1995-01-26 20:52 millert
-
- * configure.in: irix5 changes
-
-1995-01-26 20:28 millert
-
- * configure.in: AC_WITH -> AC_ARG_WITH changes other misc changes
- for autoconf 2.1 compatibility
-
-1995-01-18 19:49 millert
-
- * visudo.c: use YY_NEW_FILE, not yyrestart since OSF flex doesn't
- do the righ thing wrt yyrestart (grrrr)
-
-1995-01-16 18:44 millert
-
- * Makefile.in: added visudoers/compat.h to DISTFILES
-
-1995-01-16 17:01 millert
-
- * configure.in: fixed an echo
-
-1995-01-16 16:36 millert
-
- * sudo.c: added ocmnd declaration adjusted for find_path()'s new
- parameters
-
-1995-01-16 16:35 millert
-
- * sudo.h: added ocmnd extern adjusted find_path() prototype
-
-1995-01-16 16:34 millert
-
- * parse.c: cmndcmp() now takes 3 arguments and checks against the
- qualified as well as the unqualified pathname. more code that
- should use cmndcmp() but did not, now does
-
-1995-01-16 16:34 millert
-
- * options.h: added to a comment
-
-1995-01-16 16:33 millert
-
- * logging.c: changed to use new find_path() parameter passing
-
-1995-01-16 16:32 millert
-
- * find_path.c: find_path() now takes 2 copyout parameters (one for
- the qualified pathname and one for the unqualified pathname).
- The third parameter may be NULL.
-
-1995-01-16 16:31 millert
-
- * configure.in: no longer munge pathnames.h
-
-1995-01-16 16:30 millert
-
- * pathnames.h.in: changed _PATH_* to use _SUDO_PATH_* (which are
- defined in config.h) as a result, pathnames.h does not need to be
- run through configure and the user can override the configured
- values easily.
-
-1995-01-16 16:30 millert
-
- * config.h.in: added _SUDO_PATH_* entries
-
-1995-01-16 16:30 millert
-
- * aclocal.m4: _PATH* -> _SUDO_PATH_*
-
-1995-01-16 16:28 millert
-
- * Makefile.in: updated DISTFILES and HDRS .o's now depend on
- config.h
-
-1995-01-13 12:52 millert
-
- * compat.h: removed extraneous #endif
-
-1995-01-13 12:48 millert
-
- * aclocal.m4: added SUDO_PROG_MV
-
-1995-01-13 12:47 millert
-
- * configure.in: added SUDO_PROG_MV added riscos and isc os types
- took out -DSHORT_MESSAGE from --with-csops since it is now the
- default
-
-1995-01-13 12:46 millert
-
- * sudo.c: move the include of id.h to compat.h now includes
- options.h
-
-1995-01-13 12:45 millert
-
- * sudo.h: moved compatibility #defines to compat.h
-
-1995-01-13 12:45 millert
-
- * pathnames.h.in: added _PATH_MV
-
-1995-01-13 12:43 millert
-
- * config.h.in: move __P to compat.h
-
-1995-01-13 12:39 millert
-
- * getcwd.c, getwd.c, putenv.c: now includes compat.h
-
-1995-01-13 12:39 millert
-
- * compat.h: Initial revision
-
-1995-01-11 19:11 millert
-
- * sudo.h: pull user-configurable stuff out and put in options.h
-
-1995-01-11 18:43 millert
-
- * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
- sudo_setenv.c, parse.lex, parse.yacc, visudo.c: now includes
- options.h
-
-1995-01-11 18:41 millert
-
- * Makefile.in: added visudoers/options.h
-
-1995-01-11 18:40 millert
-
- * options.h, OPTIONS: Initial revision
-
-1995-01-11 18:39 millert
-
- * Makefile.in: added OPTIONS and options.h
-
-1995-01-11 18:36 millert
-
- * logging.c: changed #ifdef's to use LOGGING and
- SLOG_SYSLOG/SLOG_FILE
-
-1995-01-11 11:02 millert
-
- * check.c, sudo.h: changed PASSWORD_TIMEOUT to minutes
-
-1994-12-17 18:18 millert
-
- * visudo.c: now only do Editor +line_num if line_num != 0
-
-1994-12-15 21:06 millert
-
- * visudo.c: now use mv if rename(2) fails
-
-1994-12-15 20:32 millert
-
- * BUGS: added a visudo bug
-
-1994-12-15 19:46 millert
-
- * check.c: expanded comment
-
-1994-11-12 18:33 millert
-
- * check.c: fixed user_is_exempt to return 0 if EXEMPTGROUP is not
- set
-
-1994-11-09 19:49 millert
-
- * sudo.c: added mips & isc support
-
-1994-11-09 19:49 millert
-
- * parse.c: added support for non-root owned sudoers file
-
-1994-11-09 19:48 millert
-
- * check.c: added exempt group support
-
-1994-11-09 19:47 millert
-
- * sudo.h: added set_perms() support added SUDOERS_OWNER so can have
- non-root own sudoers file added exempt group support added isc
- support
-
-1994-11-09 19:46 millert
-
- * visudo.c: now copy sudoers to temp file via read/write (not
- stdio) now chown new sudoers file to SUDOERS_OWNER
-
-1994-11-07 20:40 millert
-
- * configure.in: added skey support
-
-1994-11-07 20:39 millert
-
- * sudo.h: fixed typo added set_perms support added skey support
- added seteuid()/setegid() emulation for AIX
-
-1994-11-07 20:38 millert
-
- * sudo.c: be_* -> setperms() now check to make sure sudoers file is
- owned by root nread/write by only root
-
-1994-11-07 20:38 millert
-
- * logging.c, parse.c, sudo_realpath.c: be_* -> setperms()
-
-1994-11-07 20:38 millert
-
- * check.c: be_* -> set_perms() added skey support
-
-1994-11-06 18:59 millert
-
- * Makefile.in: ++version
-
-1994-11-06 18:59 millert
-
- * version.h: ++
-
-1994-10-21 13:16 millert
-
- * sudo.c: now sets IFS
-
-1994-10-21 12:02 millert
-
- * insults.h: fixed typo
-
-1994-10-15 15:48 millert
-
- * config.h.in: added HAVE_SKEY
-
-1994-10-04 13:00 millert
-
- * CHANGES: updated
-
-1994-10-04 12:57 millert
-
- * Makefile.in: ++version
-
-1994-10-04 12:57 millert
-
- * version.h: ++
-
-1994-10-04 12:56 millert
-
- * sudo.c: now bail if ARgv[1] > MAXPATHLEN
-
-1994-10-04 12:56 millert
-
- * configure.in: added function check for tcgetattr(3)
-
-1994-10-04 12:55 millert
-
- * config.h.in: only define HAVE_TERMIOS_H if you have tcgetattr(3)
-
-1994-10-04 12:53 millert
-
- * config.h.in: added check for tcgetattr
-
-1994-09-26 17:38 millert
-
- * CHANGES: updated
-
-1994-09-22 13:30 millert
-
- * parse.lex: now only include unistd.h for linux
-
-1994-09-21 14:29 millert
-
- * Makefile.in: added visudo.8 generation
-
-1994-09-21 14:07 millert
-
- * configure.in: added -Wl,-bI:./aixcrypt.exp to aix flags
-
-1994-09-20 19:39 millert
-
- * BUGS: added one
-
-1994-09-20 19:39 millert
-
- * CHANGES: updated
-
-1994-09-20 19:38 millert
-
- * README: added mailing list info
-
-1994-09-20 19:37 millert
-
- * parse.yacc: now use sudolineno instead of yylineno fixed bison
- warnings
-
-1994-09-20 19:37 millert
-
- * configure.in: now use -no_library_replacement for osf don't make
- a static binary for hpux >= 9.0
-
-1994-09-20 19:21 millert
-
- * tgetpass.c: added string.h/strings.h inclusion
-
-1994-09-20 19:21 millert
-
- * config.h.in: added ssize_t def
-
-1994-09-20 19:18 millert
-
- * parse.lex: added inclusion of string.h/strings.h
-
-1994-09-20 18:48 millert
-
- * aclocal.m4: fixed uname | sed (needed to quote the '[')
-
-1994-09-20 18:42 millert
-
- * parse.lex: replaced yylineno with sudolineno fixed bison syntax
- errors
-
-1994-09-20 18:13 millert
-
- * visudo.c: changed yylineno to sudolineno since yylineno cannot be
- counted upon.
-
-1994-09-20 18:10 millert
-
- * TODO: updated
-
-1994-09-20 17:52 millert
-
- * parse.c: added code to support command listings
-
-1994-09-20 17:36 millert
-
- * sudo.c: added code for -l flag
-
-1994-09-20 17:35 millert
-
- * sudo.man: fixed typo added info for -l flag
-
-1994-09-20 14:45 millert
-
- * configure.in: AC_SSIZE_T -> SUDO_SSIZE_T
-
-1994-09-20 14:45 millert
-
- * aclocal.m4: added SUDO_SSIZE_T
-
-1994-09-20 14:44 millert
-
- * sudo.h: added MODE_LIST
-
-1994-09-20 14:43 millert
-
- * configure.in: added AC_SSIZE_T
-
-1994-09-19 20:53 millert
-
- * find_path.c, sudo_realpath.c: readlink() is now declared as
- returning ssize~_t
-
-1994-09-19 20:44 millert
-
- * configure.in: added -laud for OSF c2
-
-1994-09-02 15:55 millert
-
- * config.h.in, parse.lex, parse.yacc, pathnames.h.in, visudo.c,
- Makefile.in: changed sudo-bugs.cs.colorado.edu ->
- sudo-bugs@cs.colorado.edu
-
-1994-09-02 15:54 millert
-
- * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
- parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
- sudo_setenv.c, tgetpass.c, version.h: changed
- sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
-
-1994-09-01 15:56 millert
-
- * Makefile.in: ++version
-
-1994-09-01 15:55 millert
-
- * version.h: ++
-
-1994-09-01 15:55 millert
-
- * logging.c: added host to alertmail messages
-
-1994-09-01 15:55 millert
-
- * CHANGES, TODO: udpated
-
-1994-09-01 15:26 millert
-
- * logging.c: fixed logging problem where mail would not say which
- user it was
-
-1994-09-01 13:45 millert
-
- * configure.in: added -laud for gcc if osf & c2
-
-1994-09-01 13:39 millert
-
- * check.c: moved set_auth_parameters to sudo.c
-
-1994-09-01 13:38 millert
-
- * sudo.c: added set_auth_parameters for osf
-
-1994-09-01 13:22 millert
-
- * configure.in: cleaned up -static stuff
-
-1994-09-01 13:15 millert
-
- * Makefile.in: ++version
-
-1994-09-01 13:15 millert
-
- * version.h: ++
-
-1994-09-01 13:15 millert
-
- * sudo.c: changed setenv() to sudo_setenv()
-
-1994-09-01 13:12 millert
-
- * check.c: fixed osf problem
-
-1994-08-31 22:17 millert
-
- * configure.in: added OSF C2 stuff
-
-1994-08-31 22:00 millert
-
- * CHANGES: updated
-
-1994-08-31 21:56 millert
-
- * check.c: added osf auth support & removed some extra spaces
-
-1994-08-31 21:52 millert
-
- * INSTALL, SUPPORTED: added osf C2 stuff
-
-1994-08-31 19:52 millert
-
- * TODO: added 2 suggestions
-
-1994-08-31 19:33 millert
-
- * Makefile.in: removed README.v1.3.1 and added VERSION stuff
-
-1994-08-31 18:48 millert
-
- * version.h: pl1
-
-1994-08-30 18:31 millert
-
- * version.h: 1.3.1final
-
-1994-08-30 18:30 millert
-
- * Makefile.in: added HISTORY
-
-1994-08-30 18:30 millert
-
- * sudo.man: mention HISTPRY file
-
-1994-08-30 18:30 millert
-
- * sudo.c: use sizeof instead of a constant in 1 place
-
-1994-08-30 18:30 millert
-
- * parse.yacc: added unistd.h
-
-1994-08-30 18:29 millert
-
- * parse.lex: added unistd.h
-
-1994-08-30 18:27 millert
-
- * README: udpated
-
-1994-08-30 18:15 millert
-
- * HISTORY: Initial revision
-
-1994-08-17 12:45 millert
-
- * version.h: ++
-
-1994-08-17 12:39 millert
-
- * CHANGES: updated
-
-1994-08-17 12:36 millert
-
- * sudo_setenv.c: added unistd.h include
-
-1994-08-16 15:46 millert
-
- * sudo.c: added sys/time.h for AIX
-
-1994-08-14 21:22 millert
-
- * configure.in: added check for -lsocket and sys/sockio.h
-
-1994-08-14 21:21 millert
-
- * config.h.in: took out libshadow check and added in sys/sockio.h
- check
-
-1994-08-14 21:21 millert
-
- * sudo.c: now include sockio.h instead of ioctl.h if it exists
- "sudo -" now gets a better error message
-
-1994-08-14 20:47 millert
-
- * sample.sudoers: now has a dir and subnet entry
-
-1994-08-13 18:15 millert
-
- * sudo.c: removed if_ether.h
-
-1994-08-13 17:16 millert
-
- * TODO: added an item
-
-1994-08-13 17:15 millert
-
- * sudo.man: added network and ip addresses to man page
-
-1994-08-13 17:09 millert
-
- * sudo.c: no error if can't get interfaces or netmask since
- networking may not be in the kernel.
-
-1994-08-13 17:08 millert
-
- * parse.c: nwo check for interfaces == NULL
-
-1994-08-12 21:22 millert
-
- * parse.c: fixed a bug that caused directory specs in a Cmnd_Alias
- to fail if the last entry in the spec failed (ie: it was only
- looking at the last entry). CLeaned things up by adding the
- cmndcmp() function--all neat & tidy
-
-1994-08-12 21:21 millert
-
- * CHANGES: added one
-
-1994-08-11 23:42 millert
-
- * sudo.c: now do two passes to skip bogus interfaces (lo0, etc)
-
-1994-08-11 21:58 millert
-
- * logging.c, sudo_realpath.c, sudo_setenv.c: added ninclude of
- netinet/in.h
-
-1994-08-11 21:58 millert
-
- * check.c, find_path.c, getcwd.c, getwd.c, parse.lex, parse.yacc,
- visudo.c: added include of netinet/in.h
-
-1994-08-11 21:57 millert
-
- * version.h: ++
-
-1994-08-11 21:57 millert
-
- * sudo.h: added interfaces global
-
-1994-08-11 21:56 millert
-
- * parse.c: now uses new interfaces global
-
-1994-08-11 21:56 millert
-
- * sudo.c: now ip addresses are gleaned fw/o dns
-
-1994-08-10 19:21 millert
-
- * sudo.c: added load_ip_addrs() to load the ip_addrs global var
-
-1994-08-10 19:21 millert
-
- * parse.c: added hostcmp() to compare hostnames, ip addrs, and
- network addrs
-
-1994-08-10 19:20 millert
-
- * sudo.h: added ip_addrs def added load_ip_addrs prototype
-
-1994-08-08 16:03 millert
-
- * CHANGES: updated
-
-1994-08-08 15:57 millert
-
- * Makefile.in: removed multiple entries in DISTFILES
-
-1994-08-08 13:05 millert
-
- * visudo.c: ansified the !STDC_HEADERS decls
-
-1994-08-08 13:05 millert
-
- * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c: don't do
- malloc decl if gnuc
-
-1994-08-08 13:04 millert
-
- * sudo.c: can't use getopt(3) since it munges args to the command
- to be run as root don't do malloc decl if gnuc
-
-1994-08-08 00:41 millert
-
- * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
- sudo_realpath.c, sudo_setenv.c: ansi-fied !STDC_HEADER function
- prottypes
-
-1994-08-08 00:27 millert
-
- * getcwd.c, getwd.c: added missing paren
-
-1994-08-08 00:23 millert
-
- * Makefile.in: added putenv.c to DISTFILES
-
-1994-08-08 00:08 millert
-
- * sudo_setenv.c: added params to func decls when STDC_HEADERS is
- not defined now can count on putenv() being there
-
-1994-08-08 00:08 millert
-
- * sudo_realpath.c: took out errno decl since sudo.h does it for us
- fixed up a next cc warning added params to func decls when
- STDC_HEADERS is not defined
-
-1994-08-08 00:07 millert
-
- * sudo.h: took out environ extern added local declaratio of
- putenv() if local version is needed
-
-1994-08-08 00:05 millert
-
- * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c: added params to
- func decls when STDC_HEADERS is not defined
-
-1994-08-08 00:04 millert
-
- * config.h.in: added memcpy check check to see that ansi vs bsd
- macros are ntot already defiend before defining (ie: avoid
- redefinition)
-
-1994-08-08 00:03 millert
-
- * configure.in: removed fluff setenv check plus check w/ replace
- for putenv if also no setenv
-
-1994-08-08 00:01 millert
-
- * putenv.c: Initial revision
-
-1994-08-06 19:19 millert
-
- * sudo_setenv.c: Initial revision
-
-1994-08-06 19:19 millert
-
- * sudo.h: rm'd s realp[ath added sudo_realpath and sudo_setenv
-
-1994-08-06 19:19 millert
-
- * sudo.c: now use sudo_setenvc
-
-1994-08-06 19:18 millert
-
- * configure.in: added puteenv and setenv, removed realpath
-
-1994-08-06 19:18 millert
-
- * config.h.in: added putenv & setenv
-
-1994-08-06 19:18 millert
-
- * Makefile.in: added sudo_setenv
-
-1994-08-06 19:16 millert
-
- * version.h: ++
-
-1994-08-05 19:43 millert
-
- * configure.in: added MAN_POSTINSTALL and /usr/share/catman for
- irix
-
-1994-08-05 19:43 millert
-
- * Makefile.in: added MAN_POSTINSTALL
-
-1994-08-05 19:43 millert
-
- * CHANGES: added
-
-1994-08-05 19:10 millert
-
- * sudo.man: added SUDO_* plus new options
-
-1994-08-05 19:10 millert
-
- * CHANGES: added one
-
-1994-08-05 19:07 millert
-
- * configure.in: took out shadow lib
-
-1994-08-05 18:35 millert
-
- * TODO: adde done
-
-1994-08-05 17:52 millert
-
- * visudo.c: now use yyrestart() if flex now reset yylineno to 0
-
-1994-08-05 17:49 millert
-
- * Makefile.in: support for installing a cat page instead of a man
- page if no nroff
-
-1994-08-05 17:48 millert
-
- * configure.in: now defines HAVE_FLEX fixed up man stuff so that it
- looks for nroff to determine whether or not to install a cat or
- man page
-
-1994-08-05 17:48 millert
-
- * config.h.in: added HAVE_FLEX
-
-1994-08-05 16:14 millert
-
- * sudo.c: not set ret to MODE_RUN initially
-
-1994-08-05 16:12 millert
-
- * find_path.c: made command (and therefor cmnd dynamically
- allocated)
-
-1994-08-04 20:25 millert
-
- * TODO: did #8
-
-1994-08-04 20:24 millert
-
- * version.h: ++
-
-1994-08-04 20:24 millert
-
- * sudo_realpath.c: changed bufs from MAXPATHLEN to MAXPATHLEN+1
-
-1994-08-04 20:24 millert
-
- * sudo.h: added MODE_ removed validate_only and added
- remove_timestamp()
-
-1994-08-04 20:22 millert
-
- * sudo.c: usage() now takes an int (exit value) added parse_args()
- to parse command line arguments moved call to find_path() from
- load_globals to new function load_cmnd() removed validate_only
- global -- now use the concept of "modes" added -h and -k options
-
-1994-08-04 20:21 millert
-
- * parse.c: no longer use global validate_only now checks for
- command called "validate" removed check for non-fully qualified
- commands since that is done by find_path
-
-1994-08-04 20:20 millert
-
- * find_path.c: changed MAXPATHLEN r to MAXPATHLEN+1
-
-1994-08-04 20:17 millert
-
- * find_path.c: fixed off by one error with MAXPATHLEN and fixed a
- comment
-
-1994-08-04 20:17 millert
-
- * check.c: check_timestamp no longer runs reminder(), it is implied
- in the return val added remove_timestamp()
-
-1994-08-04 20:16 millert
-
- * CHANGES: updated
-
-1994-08-04 16:38 millert
-
- * BUGS: fixed on
-
-1994-08-04 16:38 millert
-
- * sudo_realpath.c: took out old_errno
-
-1994-08-04 16:37 millert
-
- * CHANGES: updated
-
-1994-08-03 12:08 millert
-
- * logging.c: moved send_mail to after syslog
-
-1994-08-02 22:41 millert
-
- * sudo.c: now set SUDO_ envariables
-
-1994-08-01 13:40 millert
-
- * version.h: ++
-
-1994-08-01 13:39 millert
-
- * sudo_realpath.c: now print error if chdir fails
-
-1994-08-01 13:39 millert
-
- * find_path.c: removed an XXX
-
-1994-07-25 20:40 millert
-
- * CHANGES: updated
-
-1994-07-25 20:36 millert
-
- * configure.in: no more static binaries for aix
-
-1994-07-25 18:37 millert
-
- * INSTALL: fixed typo
-
-1994-07-25 18:33 millert
-
- * sudo_realpath.c: took out stuff not needed for sudo now does
- be_root/be_user itself now uses cwd global
-
-1994-07-25 18:32 millert
-
- * version.h: +=2
-
-1994-07-25 18:31 millert
-
- * logging.c, sudo.c: be_root/be_user is now down in sudo_realpath()
-
-1994-07-25 18:26 millert
-
- * logging.c, sudo.h: now works with 4.2BSD syslog (blech)
-
-1994-07-25 18:25 millert
-
- * find_path.c: now use sudo_realpath()
-
-1994-07-25 18:25 millert
-
- * config.h.in: took out realpth() stuff since we now use
- sudo_realpath()
-
-1994-07-25 18:25 millert
-
- * configure.in: ultrix enhanced sec
-
-1994-07-25 18:25 millert
-
- * SUPPORTED: added ultrix enhanced sec.
-
-1994-07-25 18:24 millert
-
- * INSTALL: updated
-
-1994-07-25 18:21 millert
-
- * check.c: ultrix enhanced security suport
-
-1994-07-25 18:20 millert
-
- * Makefile.in: added sudo_realpath.c
-
-1994-07-25 18:18 millert
-
- * CHANGES: updated
-
-1994-07-25 14:28 millert
-
- * tgetpass.c: increased passwd len to 24 for c2 security
-
-1994-07-25 13:17 millert
-
- * BUGS: updated BUGS
-
-1994-07-15 11:49 millert
-
- * check.c: now use user global var
-
-1994-07-15 11:48 millert
-
- * configure.in: took out -ls
-
-1994-07-14 19:11 millert
-
- * configure.in: added AFS libs
-
-1994-07-14 17:45 millert
-
- * sudo.h: user is now a char * added epasswd
-
-1994-07-14 17:43 millert
-
- * sudo.c: added tzset() to load_globals added epasswd (encrypted
- password) global made user dynamically allocated
-
-1994-07-14 17:43 millert
-
- * configure.in: added tzset test
-
-1994-07-14 17:43 millert
-
- * config.h.in: added HAVE_TZSET
-
-1994-07-14 17:42 millert
-
- * check.c: cleaned up encrypted passwd grab somewhat
-
-1994-07-14 12:34 millert
-
- * configure.in: fixed AFS typo
-
-1994-07-14 12:34 millert
-
- * INSTALL: added AFS not
-
-1994-07-14 12:34 millert
-
- * CHANGES: udpated
-
-1994-07-14 12:33 millert
-
- * logging.c: can now log to both syslog & a file
-
-1994-07-14 12:12 millert
-
- * sudo.h: added BOTH_LOGS
-
-1994-07-14 11:34 millert
-
- * CHANGES: updated
-
-1994-07-14 11:32 millert
-
- * configure.in: --with-AFS
-
-1994-07-14 11:32 millert
-
- * config.h.in: added HAVE_AFS
-
-1994-07-14 11:31 millert
-
- * check.c: added afs changes
-
-1994-07-14 11:21 millert
-
- * sudo.h: removed AFS stuff :-)
-
-1994-07-14 11:19 millert
-
- * tgetpass.c: include sys/select for AIX
-
-1994-07-14 11:17 millert
-
- * sudo.h: added AFS
-
-1994-07-14 11:16 millert
-
- * version.h: ++
-
-1994-07-07 14:45 millert
-
- * SUPPORTED, CHANGES: updated
-
-1994-07-07 14:44 millert
-
- * logging.c: can now have MAILER undefined
-
-1994-07-07 14:37 millert
-
- * INSTALL: new sub-note about MAILER
-
-1994-07-06 23:11 millert
-
- * sudo.man: added blurb about password timeout
-
-1994-07-06 20:52 millert
-
- * configure.in: convex c2 changes
-
-1994-07-06 20:52 millert
-
- * aclocal.m4: took out duplicate define of _CONVEX_SOURCE
-
-1994-07-06 20:51 millert
-
- * Makefile.in: added OSDEFS
-
-1994-07-06 20:46 millert
-
- * config.h.in: added spaces
-
-1994-07-06 20:08 millert
-
- * tgetpass.c: added a goto if fgets fails
-
-1994-07-06 20:08 millert
-
- * sudo.h: use __hpux not hpux convex c2 stuff
-
-1994-07-06 20:08 millert
-
- * sudo.c: use __hpux not hpux
-
-1994-07-06 20:08 millert
-
- * logging.c: convex c2 stuff
-
-1994-07-06 20:07 millert
-
- * config.h.in: define ansi-ish cpp os defines if non-ansi are
- defined for hpux & convex
-
-1994-07-06 20:07 millert
-
- * INSTALL: updated to say we support sonvex C2
-
-1994-07-06 20:05 millert
-
- * check.c: added convex c2 support
-
-1994-07-01 12:06 millert
-
- * tgetpass.c: no more ioctl never returns NULL uses fgets() and
- select() to timeout
-
-1994-06-29 17:04 millert
-
- * configure.in: things were testing -n "$GCC" instead of -z "$GCC"
-
-1994-06-29 16:39 millert
-
- * tgetpass.c: now works + uses fgets()
-
-1994-06-28 18:25 millert
-
- * tgetpass.c: select doesn't seem to recognize a single '\n' as
- input waiting so we can;t use it, sigh.
-
-1994-06-26 16:38 millert
-
- * PORTING: updated tgetpass() blurb
-
-1994-06-26 16:35 millert
-
- * configure.in: added --with-getpass
-
-1994-06-26 16:35 millert
-
- * Makefile.in: added tgetpass stuff
-
-1994-06-26 15:25 millert
-
- * tgetpass.c: now uses stdio
-
-1994-06-26 15:17 millert
-
- * version.h: ++
-
-1994-06-24 19:48 millert
-
- * PORTING: updated ,.
-
-1994-06-24 19:46 millert
-
- * config.h.in: added USE_GETPASS && HAVE_C2_SECURITY
-
-1994-06-24 19:45 millert
-
- * configure.in: fixed a test aded --with-C2 and --with-tgetpass
-
-1994-06-24 19:45 millert
-
- * check.c: added hpux C2 shit
-
-1994-06-24 19:45 millert
-
- * Makefile.in: took out tgetpass.*
-
-1994-06-24 19:45 millert
-
- * INSTALL: added C2 blurb
-
-1994-06-13 15:54 millert
-
- * configure.in: no termio(s) for ultrix since it is broken
-
-1994-06-13 15:41 millert
-
- * check.c: added a space (yeah, anal)
-
-1994-06-13 15:17 millert
-
- * realpath.c, sudo_realpath.c: fixed it (duh, rtfm)
-
-1994-06-08 14:34 millert
-
- * config.h.in: took out bsd signal stuff for irix
-
-1994-06-08 14:26 millert
-
- * visudo.c: comments in #endif
-
-1994-06-08 14:09 millert
-
- * configure.in: don't define BSD signals for irix
-
-1994-06-08 12:57 millert
-
- * TODO: did some...
-
-1994-06-08 12:57 millert
-
- * CHANGES: updated
-
-1994-06-08 12:56 millert
-
- * realpath.c, sudo_realpath.c: took out unneeded code by changing
- where a strings was terminated
-
-1994-06-07 19:21 millert
-
- * realpath.c, sudo_realpath.c: fix bug where /dirname would return
- NULL
-
-1994-06-07 17:40 millert
-
- * sudo.h: move __P to config.h
-
-1994-06-07 17:40 millert
-
- * getcwd.c, getwd.c, realpath.c, sudo_realpath.c: added errno
- definition
-
-1994-06-07 17:40 millert
-
- * config.h.in: added __P
-
-1994-06-07 17:21 millert
-
- * config.h.in: added HAVE_FCHDIR
-
-1994-06-07 17:18 millert
-
- * strdup.c: now include stdio
-
-1994-06-07 14:55 millert
-
- * realpath.c, sudo_realpath.c: now works if no fchdir
-
-1994-06-07 14:55 millert
-
- * visudo.c: define SA_RESETHAND to null if not defined
-
-1994-06-07 14:54 millert
-
- * configure.in: added check & replace
-
-1994-06-06 20:05 millert
-
- * configure.in: took out -static for nextstep -- it doesn't work
-
-1994-06-06 19:59 millert
-
- * logging.c: moved #endif to where it belongs
-
-1994-06-06 19:54 millert
-
- * SUPPORTED: correction
-
-1994-06-06 19:42 millert
-
- * configure.in: now checks for strdup realpath getcwd bzero
-
-1994-06-06 19:31 millert
-
- * config.h.in: emulate bzero
-
-1994-06-06 16:57 millert
-
- * visudo.c: added posic signals
-
-1994-06-06 16:57 millert
-
- * tgetpass.c: bzero cast
-
-1994-06-06 16:57 millert
-
- * logging.c: added posix signals
-
-1994-06-06 16:56 millert
-
- * configure.in: removed BROKEN_GETPASS added new srcs toreplace
- missing functions
-
-1994-06-06 16:56 millert
-
- * config.h.in: added posix signal stuff
-
-1994-06-06 16:56 millert
-
- * Makefile.in: added new srcs
-
-1994-06-06 12:53 millert
-
- * visudo.c: updated useag
-
-1994-06-06 12:39 millert
-
- * tgetpass.c: now uses posix signals
-
-1994-06-05 20:17 millert
-
- * PORTING: updated sto reflect major changes
-
-1994-06-05 20:05 millert
-
- * TODO, CHANGES: updated
-
-1994-06-05 20:04 millert
-
- * tgetpass.c: uses sysconf() if available
-
-1994-06-05 20:04 millert
-
- * sudo.h: added PASSWORD_TIMEOUT + prototypes for new functions
-
-1994-06-05 20:04 millert
-
- * realpath.c, sudo_realpath.c: for those w/o this in libc
-
-1994-06-05 20:03 millert
-
- * getcwd.c, getwd.c: Initial revision
-
-1994-06-05 20:03 millert
-
- * find_path.c: rewrote to use realpath(3) - nis now all my code
-
-1994-06-05 20:02 millert
-
- * config.h.in: added HAVE_REALPATH
-
-1994-06-05 20:02 millert
-
- * check.c: now use tgetpass
-
-1994-06-05 20:02 millert
-
- * Makefile.in: added LIBOBJS use tgetpass.c
-
-1994-06-05 18:55 millert
-
- * tgetpass.c: works now :-)
-
-1994-06-05 18:27 millert
-
- * tgetpass.c: Initial revision
-
-1994-06-05 17:17 millert
-
- * pathnames.h.in: added /dev/tty
-
-1994-06-04 17:12 millert
-
- * version.h: incremented
-
-1994-06-04 15:29 millert
-
- * sudo.c: always use getcwd
-
-1994-06-04 14:49 millert
-
- * config.h.in: added check for getwd
-
-1994-06-04 14:48 millert
-
- * configure.in: replace strdup & realpath & getcwd if missing
-
-1994-06-04 14:47 millert
-
- * pathnames.h.in: added _PATH_PWD
-
-1994-06-04 14:46 millert
-
- * aclocal.m4: added SUDO_PROG_PWD
-
-1994-06-04 14:37 millert
-
- * realpath.c, sudo_realpath.c, strdup.c: Initial revision
-
-1994-06-03 11:31 millert
-
- * configure.in: quoted quare brackets
-
-1994-06-02 17:49 millert
-
- * sudo.c: no need to strdup() a constant
-
-1994-06-02 15:45 millert
-
- * CHANGES: updated
-
-1994-06-02 15:44 millert
-
- * sudo.man: added validate
-
-1994-06-02 15:42 millert
-
- * sudo.c: added -v to usage
-
-1994-06-02 15:41 millert
-
- * parse.c, sudo.c, sudo.h: added validate_only stuff
-
-1994-05-29 21:29 millert
-
- * configure.in: now finds sed
-
-1994-05-29 21:28 millert
-
- * aclocal.m4: $OSREV is now an int
-
-1994-05-29 19:13 millert
-
- * configure.in: added mtxinu to caser
-
-1994-05-29 18:37 millert
-
- * sudo.h: added EXEC macro
-
-1994-05-29 18:36 millert
-
- * sudo.c: now use the EXEC nmacro now only do a gethostbyname() if
- FQDN is set
-
-1994-05-29 18:36 millert
-
- * logging.c: changed mail_argv[] def now use EXEC() macro
-
-1994-05-29 18:35 millert
-
- * check.c: took out crypt() definition
-
-1994-05-29 17:23 millert
-
- * version.h: upped the version
-
-1994-05-29 15:52 millert
-
- * configure.in: always look for -lnsl
-
-1994-05-29 15:29 millert
-
- * aclocal.m4: added an echo
-
-1994-05-29 15:25 millert
-
- * sudo.h: SHORT_MESSAGE is now the default
-
-1994-05-29 15:18 millert
-
- * config.h.in: fixed typo
-
-1994-05-29 01:29 millert
-
- * configure.in: added missing AC_DEFINE(SVR4) for solaris
-
-1994-05-28 20:42 millert
-
- * sudo.man: documented the -v flag
-
-1994-05-28 20:34 millert
-
- * SUPPORTED: updated
-
-1994-05-28 20:31 millert
-
- * check.c: proto-ized crypt()
-
-1994-05-28 20:28 millert
-
- * config.h.in: added LIBSHADOW undef
-
-1994-05-28 20:18 millert
-
- * configure.in: nwo set OS to be lowercase
-
-1994-05-28 19:36 millert
-
- * configure.in: now use SUDO_OSTYPE to set $OS
-
-1994-05-28 19:36 millert
-
- * aclocal.m4: now use uname to determine os
-
-1994-05-28 16:23 millert
-
- * visudo.c: added prototypes & moved sig handler around
-
-1994-05-28 15:13 millert
-
- * sudo.h: added prototyppes
-
-1994-05-28 15:13 millert
-
- * parse.c: added comment
-
-1994-05-28 15:12 millert
-
- * config.h.in: nwo use _BSD_SIGNALS not _BSD_COMPAT
-
-1994-05-28 15:11 millert
-
- * check.c, logging.c, sudo.c: added prototypes
-
-1994-05-28 15:11 millert
-
- * aixcrypt.exp: Initial revision
-
-1994-05-28 15:11 millert
-
- * Makefile.in: added aixcrypt.exp
-
-1994-05-28 13:21 millert
-
- * parse.lex, parse.yacc: moved config.h to top of includes
-
-1994-05-25 15:48 millert
-
- * find_path.c: now don't bitch if get EACCESS (treat like EPERM)
-
-1994-05-24 23:08 millert
-
- * visudo.c: added -v flag and usage()
-
-1994-05-24 23:08 millert
-
- * version.h: fixed a typo
-
-1994-05-24 23:08 millert
-
- * sudo.c: cast Argv to a const for exec added -v flag
-
-1994-05-24 23:07 millert
-
- * logging.c: mail_argv is now a const
-
-1994-05-24 23:07 millert
-
- * configure.in: only set RETSIGTYPE if it is not set already
-
-1994-05-24 23:07 millert
-
- * aclocal.m4: now defines & STDC_HEADERS for Irix
-
-1994-05-24 23:07 millert
-
- * Makefile.in: added version.h
-
-1994-05-24 21:25 millert
-
- * insults.h, sudo.h: prevent multiple inclusion
-
-1994-05-24 21:20 millert
-
- * version.h: Initial revision
-
-1994-05-24 21:09 millert
-
- * parse.lex, parse.yacc: now includes config.h
-
-1994-05-24 20:54 millert
-
- * aclocal.m4: now talks about sunos 4.x
-
-1994-05-24 20:23 millert
-
- * visudo.c: calls to Exit now pass an arg
-
-1994-05-24 18:00 millert
-
- * visudo.c: signal handler now takes an int argument
-
-1994-05-24 18:00 millert
-
- * CHANGES: updated
-
-1994-05-24 17:44 millert
-
- * sudo.c: ok, the getcwd() is now *really* done as the user
-
-1994-05-24 17:44 millert
-
- * configure.in: changed AIX STATIC_FLAGS
-
-1994-05-24 16:27 millert
-
- * aclocal.m4: solaris now defines SVR4
-
-1994-05-24 16:18 millert
-
- * sudo.h: added cwd and fixed stupid core dump that makes no sense.
- sigh.
-
-1994-05-24 16:18 millert
-
- * sudo.c: moved getcwd stuff into load_globals
-
-1994-05-24 16:18 millert
-
- * parse.c: took out externs that are in suod.h
-
-1994-05-24 16:18 millert
-
- * logging.c: moved cwd into load_globals
-
-1994-05-24 16:17 millert
-
- * find_path.c: moved cwd stuff
-
-1994-05-24 15:55 millert
-
- * Makefile.in: fixed make distclean & realclean
-
-1994-05-24 12:51 millert
-
- * TODO: updated .,
-
-1994-05-24 12:51 millert
-
- * CHANGES: added solaris changes
-
-1994-05-24 12:51 millert
-
- * aclocal.m4: added solaris changes, need to rework
-
-1994-05-24 12:50 millert
-
- * configure.in: cleaned up for solaris
-
-1994-05-24 12:13 millert
-
- * logging.c: reinstall reapchild signal handler for non-bsd signals
-
-1994-05-24 12:03 millert
-
- * sudo.h: took out getdtablesize() emulation for HP-UX (no longer
- needed)
-
-1994-05-24 12:03 millert
-
- * sudo.c: support for HAVE_SYSCONF
-
-1994-05-24 12:02 millert
-
- * visudo.c: added <fcntl.h> for solaris & reorg'd the includes +
- minor prettying up /
-
-1994-05-23 20:26 millert
-
- * config.h.in: added HAVE_SYSCONF
-
-1994-05-16 18:57 millert
-
- * configure.in: now tells you what os you are running /.
-
-1994-05-16 18:56 millert
-
- * aclocal.m4: took out extra ','
-
-1994-05-14 17:56 millert
-
- * config.h.in: added _BSD_COMPAT
-
-1994-05-14 17:56 millert
-
- * aclocal.m4: fixed for irix5
-
-1994-05-14 17:55 millert
-
- * CHANGES: updated
-
-1994-05-14 17:27 millert
-
- * sudo.c: uid seinitialized to -2
-
-1994-04-28 12:36 millert
-
- * sudo.c: now removes LIBPATH for AIX
-
-1994-03-12 20:41 millert
-
- * configure.in: now uses ufc if it finds it
-
-1994-03-12 17:42 millert
-
- * sudo.h: no longer define yyval & yylval since yacc does it
-
-1994-03-12 17:42 millert
-
- * parse.lex: now defines yylval as extenr
-
-1994-03-12 17:41 millert
-
- * configure.in: BROKEN_GETPASS is now an OPTION
-
-1994-03-12 17:41 millert
-
- * config.h.in: took out BROKEN_GETPASS
-
-1994-03-12 17:20 millert
-
- * Makefile.in: took out big comment
-
-1994-03-12 16:24 millert
-
- * README: updated
-
-1994-03-12 16:20 millert
-
- * Makefile.in: took out README.beta
-
-1994-03-12 16:19 millert
-
- * SUPPORTED: Initial revision
-
-1994-03-12 16:19 millert
-
- * INSTALL: now reference SUPPORTED .,
-
-1994-03-12 16:17 millert
-
- * config.h.in: now check for convex OR __convex__
-
-1994-03-12 16:16 millert
-
- * aclocal.m4: now check for convex or __convex__
-
-1994-03-12 16:15 millert
-
- * Makefile.in: added dist target
-
-1994-03-12 15:19 millert
-
- * aclocal.m4: use __convex__
-
-1994-03-12 14:33 millert
-
- * find_path.c: now use _S_* stat stuff to be ansi-like
-
-1994-03-12 14:11 millert
-
- * INSTALL: updated for configure directions
-
-1994-03-12 14:05 millert
-
- * Makefile.in: distclean now removes config.h and pathnames.h
-
-1994-03-12 14:03 millert
-
- * CHANGES: updated
-
-1994-03-12 14:00 millert
-
- * TODO: fixed typoe
-
-1994-03-12 13:57 millert
-
- * Makefile.in, visudo.c: updated version
-
-1994-03-12 13:57 millert
-
- * config.h.in, pathnames.h.in: added copyright header
-
-1994-03-12 13:55 millert
-
- * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
- parse.yacc, sudo.c, sudo.h: udpated version
-
-1994-03-12 13:39 millert
-
- * visudo.c: udpated to use configure + pathnames.h
-
-1994-03-12 13:37 millert
-
- * Makefile.in, config.h.in, configure.in, aclocal.m4: updated
-
-1994-03-12 13:37 millert
-
- * sudo.h: now works with configure
-
-1994-03-12 13:36 millert
+ * sudo.h:
+ now works with configure
+ [83fc40e533f4]
* check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
- updated to work with configure + pathnames.h
-
-1994-03-12 10:40 millert
-
- * Makefile.in: added LEXLIB
-
-1994-03-10 03:18 millert
-
- * COPYING: updated gnu general licence to versio 2
-
-1994-03-10 02:44 millert
-
- * pathnames.h.in, config.h.in: Initial revision
-
-1994-03-10 01:43 millert
-
- * sudo.h: changed to work with configure
-
-1994-03-09 18:51 millert
-
- * Makefile.in, aclocal.m4, configure.in: Initial revision
-
-1994-03-09 17:36 millert
-
- * visudo.c: now uses defines used by configure
-
-1994-03-01 16:31 millert
-
- * find_path.c: sudo won't bitch about EPERM now, for real
-
-1994-02-28 00:36 millert
-
- * logging.c: renamed exec_argv to eliminate a libc name clash with
- ksros
-
-1994-02-28 00:28 millert
-
- * CHANGES: corrected
-
-1994-02-28 00:27 millert
-
- * logging.c, sudo.c, sudo.h: execve -> execv
-
-1994-02-27 23:27 millert
-
- * TODO: upated
-
-1994-02-27 23:19 millert
-
- * PORTING: added 2 mroe items
-
-1994-02-27 23:12 millert
-
- * CHANGES: updated
-
-1994-02-27 23:11 millert
-
- * sudo.h: added UMASK and mode_t declaration
-
-1994-02-27 23:11 millert
-
- * sudo.c: added UMASK
-
-1994-02-27 20:55 millert
-
- * logging.c: now opens log file with mode 077
-
-1994-02-27 20:55 millert
-
- * check.c: saved current umask ans restores it
-
-1994-02-27 20:36 millert
-
- * sudo.h: added MAXLOGFILELEN
-
-1994-02-27 20:35 millert
-
- * logging.c: split long log lines. FOr syslog, split into multiple
- entries, for a log file, indent the extra for readability
-
-1994-02-27 17:22 millert
-
- * CHANGES: added changes
-
-1994-02-27 17:18 millert
-
- * sudo.h: MAXLOGLEN & MAXSYSLOGLEN are now different (as they
- should be)
-
-1994-02-25 16:04 millert
-
- * TODO: added input from Brett M Hogden <hogden@rge.com>
-
-1994-02-16 13:35 millert
-
- * sudo.c: added rmenv() to remove stuff from environ. can now uses
- execvp() OR execve() becuase of this.
-
-1994-02-16 13:35 millert
-
- * logging.c: now uses execvp() OR execve()
-
-1994-02-16 13:31 millert
-
- * sudo.h: added USE_EXECVE
-
-1994-02-16 13:27 millert
-
- * sudo.h: added environ
-
-1994-02-16 12:53 millert
-
- * find_path.c: now ignore EPERM
-
-1994-02-15 23:52 millert
-
- * sudo.h: moved some func decls out of sudo.h and into sudo.c as
- statics /.
-
-1994-02-15 23:52 millert
-
- * CHANGES: updated
-
-1994-02-15 23:40 millert
-
- * sudo.h: took out Envp
-
-1994-02-14 12:28 millert
-
- * BUGS: Initial revision
-
-1994-02-10 14:29 millert
-
- * sudo.c, sudo.h, CHANGES: added SECURE_PATH
-
-1994-02-10 14:05 millert
-
- * sudo.h: added SECURE_PATH
-
-1994-02-10 13:50 millert
-
- * INSTALL: added sample.sudoers note
-
-1994-02-10 13:47 millert
-
- * sudoers: Initial revision
-
-1994-02-09 14:54 millert
-
- * find_path.c: fixed typo
-
-1994-02-08 23:06 millert
-
- * PORTING: took out SAVED_UID garbage
-
-1994-02-08 22:55 millert
-
- * INSTALL: mentioned HAL
-
-1994-02-08 22:50 millert
-
- * sudo.h: added HAL line
-
-1994-02-08 22:48 millert
-
- * insults.h: added HAL insults
-
-1994-02-08 22:48 millert
-
- * TODO: updated
-
-1994-02-08 22:02 millert
-
- * logging.c: more verbose error if mailer not found
-
-1994-02-08 22:02 millert
-
- * check.c: now do getpwent as root for soem shadow password systems
- (bsdi)
-
-1994-02-08 13:22 millert
-
- * sudo.h: took out SAVED_UID garbade
-
-1994-02-08 13:21 millert
-
- * sudo.c: took out SAVED_UID garbage since it don't work
-
-1994-02-06 17:43 millert
-
- * README: updated
-
-1994-02-06 17:40 millert
-
- * insults.h: added a missing space :-)
-
-1994-02-05 19:48 millert
-
- * sudo.c, sudo.h: took out multimax cruft
-
-1994-02-05 19:30 millert
-
- * INSTALL: minor update
-
-1994-02-05 19:30 millert
-
- * PORTING: finished
-
-1994-02-05 19:19 millert
-
- * sudo.c: fixed a typo + indentation
-
-1994-02-05 18:43 millert
-
- * sudo.h: took outumoved some defines to the config file ,. ,.
-
-1994-02-05 15:17 millert
-
- * PORTING: Initial revision
-
-1994-02-05 15:17 millert
-
- * TODO: did #6
-
-1994-02-05 15:16 millert
-
- * sudo.h: added HAS_SAVED_UID
-
-1994-02-05 15:16 millert
-
- * sudo.c: put back AIX cruft
-
-1994-02-03 00:44 millert
-
- * sudo.c: aix changes
-
-1994-02-02 01:31 millert
-
- * CHANGES: updated
+ updated to work with configure + pathnames.h
+ [cb67fa6ab52d]
-1994-02-02 01:30 millert
+ * Makefile.in:
+ added LEXLIB
+ [f43cad4ab0a2]
- * check.c, logging.c, parse.c, sudo.c, sudo.h: now is only root
- when abs necesary
+1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
-1994-02-01 22:21 millert
+ * COPYING:
+ updated gnu general licence to versio 2
+ [2b0b56112ddc]
- * check.c: added missing %s\n
+ * config.h.in, pathnames.h.in:
+ Initial revision
+ [4b586f39ec2d]
-1994-01-31 02:06 millert
+ * sudo.h:
+ changed to work with configure
+ [13f3506ddf16]
- * install-sh: Initial revision
+1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
-1994-01-31 01:58 millert
+ * Makefile.in, aclocal.m4, configure.in:
+ Initial revision
+ [a8636ae77371]
- * CHANGES, TODO: updated
+ * visudo.c:
+ now uses defines used by configure
+ [de438d118993]
-1994-01-31 01:56 millert
+1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: now removed _RLD_* for alphas
+ * find_path.c:
+ sudo won't bitch about EPERM now, for real
+ [ce26d9ef7e3f]
-1994-01-31 01:50 millert
+1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL: updated for new config scheme
+ * logging.c:
+ renamed exec_argv to eliminate a libc name clash with ksros
+ [bcb4350d8411]
-1994-01-30 19:42 millert
+ * CHANGES:
+ corrected
+ [dae68d422efd]
- * find_path.c: more verbose eror messages
+ * logging.c, sudo.c, sudo.h:
+ execve -> execv
+ [40cc2c4bdb15]
-1994-01-27 14:08 millert
+ * TODO:
+ upated
+ [9275a8b8fc45]
- * TODO: now have solaris
+ * PORTING:
+ added 2 mroe items
+ [6cbb5c56993c]
-1994-01-27 14:07 millert
+ * CHANGES:
+ updated
+ [73f34f8e571a]
- * sudo.h: define __svr4__ for SOLARIS
+ * sudo.h:
+ added UMASK and mode_t declaration
+ [7c2015e1d171]
-1994-01-27 14:07 millert
+ * sudo.c:
+ added UMASK
+ [d37be7523680]
- * check.c: added svr4 junk for shadow pws for solaris 2.x
+ * logging.c:
+ now opens log file with mode 077
+ [0825cc3ee841]
-1994-01-27 13:19 millert
+ * check.c:
+ saved current umask ans restores it
+ [659c1aaae8e8]
- * check.c, sudo.c: took out setuid(0) and setreuid(udi) garbage.
- Its not needed since we start out setuid with the correct perms.
+ * sudo.h:
+ added MAXLOGFILELEN
+ [34331c7dee90]
-1994-01-26 19:51 millert
+ * logging.c:
+ split long log lines. FOr syslog, split into multiple entries, for
+ a log file, indent the extra for readability
+ [72c9e4cdba6e]
- * check.c, sudo.c, sudo.h: now use setreuid()
+1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
-1994-01-26 18:58 millert
+ * CHANGES:
+ added changes
+ [81196833673d]
- * sudo.man: revised AUTHORS secrtion & added ENV_EDITOR stuff to
- VARIABLES sectoin
+ * sudo.h:
+ MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
+ [1aa69e903840]
-1994-01-26 18:52 millert
+1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: now uses ENV_EDITOR if you want to use the EDITOR envar
+ * TODO:
+ added input from Brett M Hogden <hogden@rge.com>
+ [80f01fc88ce9]
-1994-01-26 18:52 millert
+1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.h: now uses ENV_EDITOR if you want to use the EDITOR envar
- >> .
+ * sudo.c:
+ added rmenv() to remove stuff from environ. can now uses execvp()
+ OR execve() becuase of this.
+ [e7fc2535bd67]
-1993-12-07 01:33 millert
+ * logging.c:
+ now uses execvp() OR execve()
+ [56391aa1f99d]
- * README: minor update + spell fix
+ * sudo.h:
+ added USE_EXECVE
+ [f21f38050b95]
-1993-12-07 01:33 millert
+ * sudo.h:
+ added environ
+ [6b805e23c6f6]
- * INSTALL: rewrote most of this
+ * find_path.c:
+ now ignore EPERM
+ [c8fd7117a1d7]
-1993-12-07 01:13 millert
+ * sudo.h:
+ moved some func decls out of sudo.h and into sudo.c as statics /.
+ [5f555c267d27]
- * sudo.h: added all options that are in the Makefile
+ * CHANGES:
+ updated
+ [431f478af320]
-1993-12-07 00:23 millert
+ * sudo.h:
+ took out Envp
+ [6f722be7793d]
- * getpass.c: now use USE_TERMIO #define for sgi & hpux
+1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-12-06 23:19 millert
+ * BUGS:
+ Initial revision
+ [4a8ecf0da95c]
- * TODO: todo: posix sigs
+1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-12-06 01:12 millert
+ * CHANGES:
+ added SECURE_PATH
+ [1c72cb222609]
- * check.c, find_path.c: always include strings.h
+ * sudo.c, sudo.h:
+ added SECURE_PATH
+ [5bf5357a63c5]
-1993-12-05 20:34 millert
+ * sudo.h:
+ added SECURE_PATH
+ [3976a74405ac]
- * visudo.c: added STATICEDITOR
+ * INSTALL:
+ added sample.sudoers note
+ [1b395d29aaeb]
-1993-12-05 20:30 millert
+ * sudoers:
+ Initial revision
+ [485888d07477]
- * sudo.h: sgi has vi in /usr/bin too
+1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-12-05 20:23 millert
+ * find_path.c:
+ fixed typo
+ [bfc3cc4d41ca]
- * sudo.man: added VISUAL
+ * PORTING:
+ took out SAVED_UID garbage
+ [b7c2d3469661] [SUDO_1_3_0]
-1993-12-02 22:20 millert
+ * INSTALL:
+ mentioned HAL
+ [253d6695df90]
- * sudo.h: sue /usr/bin/vi on some systems
+ * sudo.h:
+ added HAL line
+ [29ec1a4ac6de]
-1993-12-02 22:19 millert
+ * insults.h:
+ added HAL insults
+ [7d7c96d77c74]
- * sudo.c: fixed warning (include strings.h)
+ * TODO:
+ updated
+ [aa2ed9790586]
-1993-12-02 22:06 millert
+ * logging.c:
+ more verbose error if mailer not found
+ [fca47fd00cb6]
- * sudo.man: added John_Rouillard@dl5000.bc.edu's changes (new
- features)
+ * check.c:
+ now do getpwent as root for soem shadow password systems (bsdi)
+ [e0339e110d46]
-1993-12-02 21:38 millert
+1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * CHANGES: changes from John_Rouillard@dl5000.bc.edu
+ * sudo.h:
+ took out SAVED_UID garbade
+ [fcb0e81dcdb5]
-1993-12-02 21:35 millert
+ * sudo.c:
+ took out SAVED_UID garbage since it don't work
+ [507e9513e9c2]
- * visudo.c: added EDITOR envar
+1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-12-02 21:34 millert
+ * README:
+ updated
+ [d2b6b253dae5]
- * check.c, find_path.c, parse.c, sudo.c: added patches from
- John_Rouillard directory spec uses EDITOR
+ * insults.h:
+ added a missing space :-)
+ [8940ea991f87]
-1993-12-01 19:32 millert
+ * sudo.c, sudo.h:
+ took out multimax cruft
+ [c2606b365181]
- * getpass.c: added flush for hpux
+ * INSTALL:
+ minor update
+ [05fb6ee73131]
-1993-11-30 13:37 millert
+ * PORTING:
+ finished
+ [c4ac47c84dc5]
- * sudo.c: no longer assume malloc returns a char *
+ * sudo.c:
+ fixed a typo + indentation
+ [7eab40aae8fa]
-1993-11-29 20:35 millert
+1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: alpha change to remove LD_-like thing fixed SHLIB_PATH
- stuff -- now gets removed correctly
+ * sudo.h:
+ took outumoved some defines to the config file ,. ,.
+ [defff05beb52]
-1993-11-29 19:31 millert
+ * PORTING:
+ Initial revision
+ [c803e9127959]
- * sudo.h: added STD_HEADERS macro
+ * TODO:
+ did #6
+ [c6fa1c946c31]
-1993-11-29 19:14 millert
+ * sudo.h:
+ added HAS_SAVED_UID
+ [6a88a39c0a07]
- * sudo.c: now uses STD_HEADERS macor for ansi
+ * sudo.c:
+ put back AIX cruft
+ [a24d2507ddd4]
-1993-11-29 19:14 millert
+1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * find_path.c: now uses STD_HEADERS macro
+ * sudo.c:
+ aix changes
+ [1663915f754a]
-1993-11-29 19:13 millert
+1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * check.c: niceties for C compiler bitches -- no real change
+ * CHANGES:
+ updated
+ [a8cc73747cae]
-1993-11-29 13:04 millert
+ * check.c, logging.c, parse.c, sudo.c, sudo.h:
+ now is only root when abs necesary
+ [3c9d12c5cdfe]
- * visudo.c: now doesn't fclose a file never opened.
+ * check.c:
+ added missing %s\n
+ [609320b72d89]
-1993-11-28 16:35 millert
+1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.man: added visudo line
+ * install-sh:
+ Initial revision
+ [b5bba140a175]
-1993-11-28 16:31 millert
+ * TODO:
+ updated
+ [c9d2eba602af]
- * sudo.man: added error stuff added me in there...
+ * CHANGES:
+ updated
+ [932f1fc3bb14]
-1993-11-28 03:12 millert
+ * sudo.c:
+ now removed _RLD_* for alphas
+ [54a36e648158]
- * CHANGES: noted insults
+ * INSTALL:
+ updated for new config scheme
+ [61c8ae800444]
-1993-11-28 03:01 millert
+ * find_path.c:
+ more verbose eror messages
+ [b4fd123db42d]
- * INSTALL: added blurb about reading stuff
+1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-11-28 03:00 millert
+ * TODO:
+ now have solaris
+ [371002fbf266]
- * sudo.h: added insults
+ * sudo.h:
+ define __svr4__ for SOLARIS
+ [0b5cf5ed936d]
-1993-11-28 03:00 millert
+ * check.c:
+ added svr4 junk for shadow pws for solaris 2.x
+ [91ed58f21618]
- * insults.h: corrected somments and removed newlines
+ * check.c, sudo.c:
+ took out setuid(0) and setreuid(udi) garbage. Its not needed since
+ we start out setuid with the correct perms.
+ [07689e782b0b]
-1993-11-28 03:00 millert
+ * check.c, sudo.c, sudo.h:
+ now use setreuid()
+ [7d64d685d78e]
- * check.c: now uses insults
+1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-11-28 02:45 millert
+ * sudo.man:
+ revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
+ sectoin
+ [b26967b1e19b]
- * insults.h: Initial revision
+ * visudo.c:
+ now uses ENV_EDITOR if you want to use the EDITOR envar
+ [a4f8fcb9bd1d]
-1993-11-27 19:46 millert
+ * sudo.h:
+ now uses ENV_EDITOR if you want to use the EDITOR envar >> .
+ [028cc55c4328]
- * INSTALL: added dec syslog note
+1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-11-27 19:25 millert
+ * INSTALL:
+ rewrote most of this
+ [a6750923f9c9]
- * sample.sudoers: added real stuff in there
+ * README:
+ minor update + spell fix
+ [a411717a7249]
-1993-11-27 19:24 millert
+ * sudo.h:
+ added all options that are in the Makefile
+ [6db3b3b841b3]
- * TODO: added a todo
+ * getpass.c:
+ now use USE_TERMIO #define for sgi & hpux
+ [b91f89ae6be1]
-1993-11-27 19:10 millert
+ * TODO:
+ todo: posix sigs
+ [4548a56eb2ef]
- * TODO: added one
+1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-11-27 18:59 millert
+ * check.c, find_path.c:
+ always include strings.h
+ [1fc20bda92c0]
- * sample.sudoers: Initial revision
+ * visudo.c:
+ added STATICEDITOR
+ [0596f820716e]
-1993-11-27 18:59 millert
+ * sudo.h:
+ sgi has vi in /usr/bin too
+ [94203b62bfd9]
- * sudo.man: updated with changes
+ * sudo.man:
+ added VISUAL
+ [87c2844c4cac]
-1993-11-27 18:52 millert
+1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.man: Initial revision
+ * sudo.h:
+ sue /usr/bin/vi on some systems
+ [e3ad9190f35e]
-1993-11-27 18:48 millert
+ * sudo.c:
+ fixed warning (include strings.h)
+ [0b896de4d8a0]
- * CHANGES, COPYING, INSTALL, README, TODO, indent.pro: Initial
- revision
+ * sudo.man:
+ added John_Rouillard@dl5000.bc.edu's changes (new features)
+ [f41b4205a8cf]
-1993-11-27 18:46 millert
+ * CHANGES:
+ changes from John_Rouillard@dl5000.bc.edu
+ [6bdef8e948d5]
- * visudo.c: updated version number and took out jeff's old addr
- since it is no good
+ * visudo.c:
+ added EDITOR envar
+ [5c4bf716de21]
-1993-11-27 18:42 millert
+ * check.c, find_path.c, parse.c, sudo.c:
+ added patches from John_Rouillard directory spec
+ uses EDITOR
+ [f62a435f8c41]
- * sudo.h, check.c, find_path.c, logging.c, parse.c, parse.lex,
- parse.yacc, sudo.c: updated version number and took out jeff's
- email (since it is invalid)
+1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-10-28 09:36 millert
+ * getpass.c:
+ added flush for hpux
+ [07cfdd6a7b55]
- * check.c: added fflush()
+1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-10-22 20:46 millert
+ * sudo.c:
+ no longer assume malloc returns a char *
+ [7480bd2756f3]
- * find_path.c: now return NULL instead pf\b\bof exiting for
- nopn\b\bn-fatal errors
+ * sudo.c:
+ alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
+ gets removed correctly
+ [8587166c6ac8]
-1993-10-21 16:57 millert
+ * sudo.h:
+ added STD_HEADERS macro
+ [480f5a9a516c]
- * check.c: new banner
+ * sudo.c:
+ now uses STD_HEADERS macor for ansi
+ [c5018806fd59]
-1993-10-21 16:42 millert
+ * find_path.c:
+ now uses STD_HEADERS macro
+ [ad821e0788ea]
- * parse.lex: now sudo.h gets included first
+ * check.c:
+ niceties for C compiler bitches -- no real change
+ [0fc0b1a5fb64]
-1993-10-17 20:31 millert
+1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * parse.lex: now can use flex
+ * visudo.c:
+ now doesn't fclose a file never opened.
+ [ee888ec9427d]
-1993-10-17 20:31 millert
+1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.h: linux patch
+ * sudo.man:
+ added visudo line
+ [698d51c66407]
-1993-10-17 20:30 millert
+ * sudo.man:
+ added error stuff added me in there...
+ [d202fd34b906]
- * sudo.c: hpux 9 fix, removes SHLIB_PATH linux patch
+ * CHANGES:
+ noted insults
+ [998a22c2230c]
-1993-10-17 20:30 millert
+ * INSTALL:
+ added blurb about reading stuff
+ [e71db100798f]
- * check.c: linux diff
+ * sudo.h:
+ added insults
+ [c110431cec56]
-1993-10-15 16:03 millert
+ * insults.h:
+ corrected somments and removed newlines
+ [493706fd488c]
- * find_path.c: stat now ignores EINVAL
+ * check.c:
+ now uses insults
+ [6d23cf06a0ef]
-1993-10-05 21:48 millert
+ * insults.h:
+ Initial revision
+ [83153c26b4a3]
- * find_path.c, sudo.c: now declare strdup as extern
+ * INSTALL:
+ added dec syslog note
+ [555437273237]
-1993-10-04 15:23 millert
+ * sample.sudoers:
+ added real stuff in there
+ [53442a7fba78]
- * visudo.c: reformatted with indent + by hand
+ * TODO:
+ added a todo
+ [c630472bd4dc]
-1993-10-04 15:10 millert
+ * TODO:
+ added one
+ [806464453284]
- * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c,
- sudo.h: used indent to "fix" coding style
+1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-10-03 20:12 millert
+ * sample.sudoers:
+ Initial revision
+ [7db0a9f1ca8f]
- * find_path.c: now checks '.' or '.' or '' in PATH -- but does it
- LAST should maybe move the code that does this into the loop
- body. makes it messier tho. hmmm.
+ * sudo.man:
+ updated with changes
+ [d9bf254c6c08]
-1993-09-08 11:53 millert
+ * sudo.man:
+ Initial revision
+ [dd6f11174ac6]
- * find_path.c: redid the fix for non-executable files in an easier
- to read way plus some minor aethetic changes
+ * indent.pro:
+ Initial revision
+ [dbfbb494fad9]
-1993-09-08 11:39 millert
+ * CHANGES, COPYING, INSTALL, README, TODO:
+ Initial revision
+ [6d98f489a079]
- * find_path.c: fixed bug with non-executable tings of same name in
- path introduced by checkig errno after stat(2).
+ * visudo.c:
+ updated version number and took out jeff's old addr since it is no
+ good
+ [ee47c24818cb]
-1993-09-05 10:02 millert
+ * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
+ sudo.c, sudo.h:
+ updated version number and took out jeff's email (since it is
+ invalid)
+ [54616458a52e]
- * sudo.c: fixed off by one error
+1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-05 09:55 millert
+ * check.c:
+ added fflush()
+ [145c881f4fb4]
- * find_path.c: now handles decending below '/' correctly
+1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-05 08:35 millert
+ * find_path.c:
+ now return NULL instead pf\b\bof exiting for nopn\b\bn-fatal errors
+ [8bc74f8cb1ae]
- * sudo.c: now actually builds Envp instead of munging envp
+1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-04 15:42 millert
+ * check.c:
+ new banner
+ [5387ab2af516]
- * parse.yacc: now includes sys/param.h
+ * parse.lex:
+ now sudo.h gets included first
+ [2acb01c18e18]
-1993-09-04 15:41 millert
+1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
- * visudo.c: now includes sys/param.h
+ * parse.lex:
+ now can use flex
+ [164d3839adf0]
-1993-09-04 15:30 millert
+ * sudo.h:
+ linux patch
+ [f1b6b1b1a2ca]
- * sudo.h: fixed ifndef -> ifdef
+ * sudo.c:
+ hpux 9 fix, removes SHLIB_PATH linux patch
+ [67611dc1737f]
-1993-09-04 15:19 millert
+ * check.c:
+ linux diff
+ [c24536682397]
- * qualify.c: make more like find_path.c
+1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-04 15:18 millert
+ * find_path.c:
+ stat now ignores EINVAL
+ [c7761a5dc642]
- * find_path.c: rewritten by millert
+1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-04 15:17 millert
+ * find_path.c, sudo.c:
+ now declare strdup as extern
+ [6b7d6f8784b5]
- * sudo.h: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP
- added info about new defines in the comment
+1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-04 15:15 millert
+ * visudo.c:
+ reformatted with indent + by hand
+ [9d43084e4990]
- * logging.c: now uses USE_CWD
+ * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
+ used indent to "fix" coding style
+ [489ffacbdc70]
-1993-09-04 14:10 millert
+ * find_path.c:
+ now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
+ move the code that does this into the loop body. makes it messier
+ tho. hmmm.
+ [c4d22b48da9a]
- * sudo.h: added delc for clean_envp() and Envp
+1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-09-04 14:09 millert
+ * find_path.c:
+ redid the fix for non-executable files in an easier to read way plus
+ some minor aethetic changes
+ [84fe337f1426]
- * sudo.c: now rips LD_* env vars out of envp and passed sanitized
- Envp to exec
+ * find_path.c:
+ fixed bug with non-executable tings of same name in path introduced
+ by checkig errno after stat(2).
+ [c2a812cfcbc1]
-1993-09-04 14:09 millert
+1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
- * logging.c: now uses execve()
+ * sudo.c:
+ fixed off by one error
+ [fabb7cee0041]
-1993-09-04 14:08 millert
+ * find_path.c:
+ now handles decending below '/' correctly
+ [5d2ddfc0b220]
- * find_path.c: ENOTDIR is ok now too (in case part of the path is
- bogus)
+ * sudo.c:
+ now actually builds Envp instead of munging envp
+ [bdc4b08f6898]
-1993-09-04 08:17 millert
+1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
- * qualify.c: now works correctly (ttaltotal rewrite)
+ * parse.yacc:
+ now includes sys/param.h
+ [efbb494ab4de]
-1993-09-04 07:59 millert
+ * visudo.c:
+ now includes sys/param.h
+ [ad6c91d59958]
- * parse.lex: now includes sys/param.h didn't match trailing / --
- fix from rouilj@cs.umb.edu
+ * sudo.h:
+ fixed ifndef -> ifdef
+ [7aebe822d863]
-1993-06-11 18:04 millert
+ * qualify.c:
+ make more like find_path.c
+ [853b2dab2e03]
- * sudo.c: moved around the #ifndef _AIX
+ * find_path.c:
+ rewritten by millert
+ [c6a043cc11b3]
-1993-06-11 18:03 millert
+ * sudo.h:
+ fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
+ about new defines in the comment
+ [39ffefce3aec]
- * check.c, logging.c, parse.c: Initial revision
+ * logging.c:
+ now uses USE_CWD
+ [fa0f3b118bb3]
-1993-03-20 07:57 millert
+ * sudo.h:
+ added delc for clean_envp() and Envp
+ [a12034e300c2]
- * qualify.c: Initial revision
+ * sudo.c:
+ now rips LD_* env vars out of envp and passed sanitized Envp to exec
+ [d201a218e056]
-1993-03-13 15:09 millert
+ * logging.c:
+ now uses execve()
+ [f3e01032cd33]
- * find_path.c: now works if you do sudo bin/test
+ * find_path.c:
+ ENOTDIR is ok now too (in case part of the path is bogus)
+ [b5cbbb201bb5]
-1993-03-13 14:20 millert
+ * qualify.c:
+ now works correctly (ttaltotal rewrite)
+ [0c25d64a5c68]
- * find_path.c: works
+ * parse.lex:
+ now includes sys/param.h didn't match trailing / -- fix from
+ rouilj@cs.umb.edu
+ [b6363ba110af]
-1993-03-02 18:28 millert
+1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.h: Initial revision
+ * sudo.c:
+ moved around the #ifndef _AIX
+ [7d4330950c20]
-1993-03-02 11:35 millert
+ * check.c, logging.c, parse.c:
+ Initial revision
+ [c101e9572d7f]
- * visudo.c: Initial revision
+1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-03-02 11:32 millert
+ * qualify.c:
+ Initial revision
+ [5a5f21d0e0bf]
- * parse.lex, parse.yacc: Initial revision
+1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
-1993-02-16 13:24 millert
+ * find_path.c:
+ now works if you do sudo bin/test
+ [07835120ce43]
- * sudo.c: took out errno.h
+ * find_path.c:
+ works
+ [c3da8b5efa20]
-1993-02-16 13:22 millert
+1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c: now spews error if exec fails and exits with -1
+ * sudo.h:
+ Initial revision
+ [28a1caa38b72]
-1993-02-16 12:07 millert
+ * visudo.c:
+ Initial revision
+ [0e5cd7c3cdbe]
- * sudo.c: Initial revision
+ * parse.lex, parse.yacc:
+ Initial revision
+ [5f2d0cccb06b]
-1993-02-15 22:27 millert
+1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * find_path.c: now only execs files with (an) executable bit set.
+ * sudo.c:
+ took out errno.h
+ [7466431a2655]
-1993-02-15 22:01 millert
+ * sudo.c:
+ now spews error if exec fails and exits with -1
+ [e5c41ea725c1]
- * find_path.c: Initial revision
+ * sudo.c:
+ Initial revision
+ [8aeabe39a0c2]
-1993-02-15 14:32 millert
+ * find_path.c:
+ now only execs files with (an) executable bit set.
+ [0a451f9c0e58]
- * getpass.c: added nice comment
+ * find_path.c:
+ Initial revision
+ [02a534891a35]
-1993-02-15 14:19 millert
+1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
- * getpass.c: now works on sgi's
+ * getpass.c:
+ added nice comment
+ [ea8b2aaa9389]
-1993-02-15 13:57 millert
+ * getpass.c:
+ now works on sgi's
+ [bf2b7c6d0960]
- * getpass.c: Initial revision
+ * getpass.c:
+ Initial revision
+ [9f4de251c1b5]
projects / debian / sudo / blobdiff