X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=ChangeLog;h=5eaab26fc822c5cfb535778bdd4e5b73ea67903e;hb=f766b1e15af37ffb667ccfbba34833c5c2a33c18;hp=a8d71a2dfe0464686b00165b7b73dc970bb50f46;hpb=83cad190740ab8312cf2ea953c1bf9dee2e965bf;p=debian%2Fsudo diff --git a/ChangeLog b/ChangeLog index a8d71a2..5eaab26 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,20376 +1,29157 @@ -2010-04-09 Todd C. Miller - - * configure, configure.in: Fix installation of sudoers.ldap - in "make install" when --with-ldap was specified without a - directory. From Prof. Dr. Andreas Mueller - -2010-04-09 Todd C. Miller - - * find_path.c: Qualify the command even if it is in the - current working directory, e.g. "./foo" instead of just - returning "foo". This removes an ambiguity between real - commands and possible pseudo-commands in command matching. - -2010-04-07 Todd C. Miller - - * sudoers.cat, sudoers.man.in, sudoers.pod: Add a note about - the security implications of the fast_glob option. - - * memrchr.c: Remove duplicate includes - -2010-03-10 Todd C. Miller - - * sudo.c: Fix a bug introduced with def_closefrom. The value - of def_closefrom already includes the +1. - -2010-03-09 Todd C. Miller - - * match.c: When doing a glob match, short circuit if - gl.gl_pathc is 0. From Mark Kettenis. - -2010-02-22 Todd C. Miller - - * match.c: Check for pseudo-command by looking at the first - character of the command in sudoers instead of checking the - user-supplied command for a slash. - -2010-02-09 Todd C. Miller - - * toke.l: Fix size arg when realloc()ing include stack. - From Daniel Kopecek - - * toke.l: Avoid a duplicate fclose() of the sudoers file. - -2010-02-06 Todd C. Miller - - * aix.c, config.h.in, configure, configure.in: Use setrlimit64(), - if available, instead of setrlimit() when setting AIX resource - limits since rlim_t is 32bits. - - * logging.c: Fix use after free when sending error messages. - From Timo Juhani Lindfors - -2009-12-17 15:02 millert - - * parse.c: Fix printing of entries with multiple host entries on - a single line. - -2009-12-09 16:05 millert - - * logging.c: fix typo in last commit - -2009-12-08 22:19 millert - - * logging.c: Convert fmt_first and fmt_confd into macros. - -2009-11-23 10:56 millert - - * match.c: cmnd_matches() already deals with negation so - _cmndlist_matches() does not need to do so itself. Fixes a bug - with negated entries in a Cmnd_List. - -2009-11-22 11:12 millert - - * sudo.c: Don't exit() from open_sudoers, just return NULL for all - errors. - -2009-11-22 09:54 millert - - * toke.c, toke.l: Add missing extern def for parse_error - -2009-11-20 19:11 millert - - * toke.c, toke.l: Avoid a parse error when #includedir doesn't find - any files. Closes bug #375 - -2009-11-20 19:03 millert - - * Makefile.in: Include sudo.man.pl and sudoers.man.pl in the - distribution tarball. - -2009-11-04 09:42 millert - - * configure, configure.in: Fix a few typos in the descriptions; - from Jeff Makey Only do the check for - krb5_get_init_creds_opt_free() taking two arguments if we find - krb5_get_init_creds_opt_alloc(). Otherwise we will get a false - positive when using our own krb5_get_init_creds_opt_free which - takes only a single argument. - -2009-11-03 09:58 millert - - * configure, configure.in: Remove a spurious comma in the kerb5 - bits. - -2009-11-03 09:51 millert - - * auth/kerb5.c: Call krb5_get_init_creds_opt_init() in our emulated - krb5_get_init_creds_opt_alloc() for MIT kerberos. - -2009-09-30 09:50 millert - - * sudo_edit.c: Always update the stashed mtime of the temp file - instead of using what we have for the original because the time - resolution of the filesystem the temporary is on may not match - that of the filesystem that holds the original. Should fix bz - #371 found by Philippe Levan. - -2009-09-24 21:11 millert - - * configure, configure.in, sudoers.man.pl, sudoers.pod: Substitute - in default value for secure_path - -2009-09-24 20:31 millert - - * sudo.pod: Mention that the password must be followed by a newline - with the -S option. - -2009-08-07 10:21 millert - - * auth/pam.c: Set PAM_RUSER and PAM_RHOST early so they can be used - during authentication. Based on a patch from Jamie Beverly. - -2009-08-07 09:25 millert - - * match.c: Close dir before returning if strlcpy() reports - overflow. From Martynas Venckus. - -2009-07-18 09:55 millert - - * toke.c, toke.l: Fix expansion of %h in #include names. Fixes - bugzilla 363 - -2009-07-12 17:17 millert - - * mkdefaults: If no arg assume def_data.in - -2009-07-11 21:27 millert - - * README, WHATSNEW: Update for 1.7.2 - -2009-07-11 21:12 millert - - * ChangeLog: sync - -2009-06-30 08:41 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod: Add missing single - quotes around a colon in Runas_Spec definition. From Elias - Benali. - -2009-06-29 09:36 millert - - * redblack.c: In rbrepair, re-color the root or the first non-block - node we find to be black. Re-coloring the root is probably not - needed but won't hurt. - -2009-06-29 09:35 millert - - * sudo.cat, sudoers.cat, sudo.man.in, sudoers.man.in: regen - -2009-06-26 16:40 millert - - * redblack.c: When repairing the tree, don't touch the root node. - -2009-06-25 08:44 millert - - * set_perms.c: Protect call to setegid in runas_setup with #ifdef - HAVE_SETEUID. Reported by Josef Schmid. - -2009-06-23 14:29 millert - - * sudoers.pod: Document that we accept env_pam-style environment - files - -2009-06-23 14:24 millert - - * env.c: Adapt to accept pam_env-style /etc/environment which - allows shell-style lines such as: export EDITOR="/usr/bin/vi" - -2009-06-23 12:22 millert - - * sudoers.pod: Make it clear that env_delete only works when - !env_reset. From Loïc Minier - -2009-06-15 17:19 millert - - * sudo.pod, sudoers.pod: Add non-unix group bits, adapted from - Quest - -2009-06-15 17:18 millert - - * Makefile.in: build the .cat page in the current working dir, not - the src dir - -2009-06-15 09:10 millert - - * env.c: Return EINVAL in setenv() if var is NULL or the empty - string to match glibc behavior. - -2009-06-13 16:52 millert - - * configure, configure.in: Use AS_HELP_STRING for AC_ARG_WITH and - AC_ARG_ENABLE - -2009-06-11 16:29 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen - -2009-06-09 10:08 millert - - * INSTALL: Document --with-libvas and --with-libvas-rpath - -2009-05-29 09:43 millert - - * ldap.c, sudoers.ldap.pod: For netscape-derived LDAP SDKs the cert - and key paths may be a directory or a file. However, version 5.0 - of the SDK only seems to support using a directory. If - ldapssl_clientauth_init fails and the cert or key paths look like - they could be files, strip off the last path element and try - again. - -2009-05-29 09:40 millert - - * Makefile.in: Add non-Unix group .o to COMMON_OBJS and substitute - in path to flex. - -2009-05-26 20:49 millert - - * configure, configure.in, match.c, sudo.c, vasgroups.c: Update - non-Unix group support from Quest, as reworked by me. - -2009-05-26 20:47 millert - - * toke.c: regen - -2009-05-26 20:46 millert - - * toke.l: Add support for escaped hex chars in names, e.g. \x20 for - space. - -2009-05-25 08:02 millert - - * LICENSE, Makefile.in, aclocal.m4, alias.c, check.c, env.c, - fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, - logging.c, logging.h, match.c, parse.c, parse.h, pathnames.h.in, - pwutil.c, set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, - sudo_nss.h, sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, - testsudoers.c, tgetpass.c, toke.l, visudo.c, auth/aix_auth.c, - auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h: Update copyright - years. - -2009-05-24 08:33 millert - - * interfaces.c, lbuf.c: Minor fixes for Minix-3 - -2009-05-22 06:37 millert - - * set_perms.c: Handle getgroups() returning 0. Also add missing - check for HAVE_GETGROUPS. - -2009-05-19 17:24 millert - - * Makefile.in, config.h.in, configure, configure.in, sudo.c, - version.h, visudo.c: Replace version.h with PACKAGE_VERSION set - via AC_INIT in configure. - -2009-05-18 06:33 millert - - * set_perms.c: Remove group setting code in setusercontext case, we - will do it ourselves later on in runas_setup. Set the gid after - initgroups/setgroups is called, since on Mac OS X it seems to - change the egid. - -2009-05-17 18:19 millert - - * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c, - vasgroups.c: Initial bits of non-unix group support using Quest - Authentication Services - -2009-05-17 16:52 millert - - * toke.c, toke.l: Accept %:foo as a non-Unix group - -2009-05-17 16:22 millert - - * toke.c, toke.l: Allow user/group to be double quoted in the case - of non-Unix groups which contain spaces. - -2009-05-11 12:47 millert - - * match.c: Don't allow the user to specify the default runas user - if their sudoers entry only allows them to run as a group. - -2009-05-10 07:59 millert - - * sudo.c: Must call audit_success before we change uids. - -2009-05-10 07:52 millert - - * logging.c, set_perms.c, sudo.h, testsudoers.c: Add option for - set_perm to not exit on failure and use this in the logging - routines. - -2009-05-10 07:33 millert - - * parse.c: In -l mode, if the user is only allowed to run as a - group, display the user's name, not root's before the allowed - group. - -2009-05-09 21:00 millert - - * sudo.c: Fix -g mode, broken by rev 1.503 which had the side - effect of setting the runas user to root unilaterally. - -2009-05-08 16:19 millert - - * fileops.c: When unlocking a file with fcntl, use F_SETLK, not - F_SETLKW. - -2009-05-08 13:07 millert - - * pwutil.c: Only cache by the method we fetched for pwd and grp - lookups. Previously we cached both by namd and id but this can - cause problems for entries that share the same id. Also add more - info in the error message in case the insert fails (which should - now be impossible). - -2009-04-30 15:04 millert - - * sudoers.pod: Add a clarification from Nick Sieger - -2009-04-25 12:49 millert - - * env.c: Inline the setting of the environment string. - -2009-04-24 14:53 millert - - * env.c: setenv(3) in Linux treats a NUL value as the empty string - setenv(3) in BSD doesn't return an error if the name has '=' in - it, it just treats the '=' as end of string. - -2009-04-22 16:32 millert - - * toke.c, toke.l: Not all systems have d_namlen - -2009-04-20 13:53 millert - - * sudoers.pod: Fix up some pod2html issues. - -2009-04-19 14:09 millert - - * interfaces.c: Check for NULL ifa_addr and ifa_netmask. Adapted - from a diff from Quest Software. - -2009-04-19 09:01 millert - - * sudoers.pod: Ignore files ending in '~' in sudo.d (emacs backup - files) - -2009-04-19 08:56 millert - - * toke.c, toke.l: Ignore files ending in '~' in sudo.d (emacs - backup files) - -2009-04-18 19:37 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l: For - #includedir, ignore any file containing a dot - -2009-04-18 19:25 millert - - * Makefile.in, version.h: Bump version - -2009-04-18 19:25 millert - - * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat, - sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l, - visudo.c: Implement #includedir directive. Files in an - includedir are not edited by visudo unless they contain a syntax - error. - -2009-04-18 12:06 millert - - * ChangeLog: sync - -2009-04-18 10:27 millert - - * WHATSNEW: Forgot umask_override - -2009-04-18 09:25 millert - - * ChangeLog, TODO: sync - -2009-04-16 08:22 millert - - * visudo.c: Rewind stream if we fdopen sudoers since it may not be - at the beginning. Set the keepopen flag on already-open files - too so the lexer doesn't close them out from under us. - -2009-04-16 08:18 millert - - * visudo.c: Print the proper file name when there is a parse error - in an include file. - -2009-04-11 07:45 millert - - * WHATSNEW: Sync - -2009-04-10 16:59 millert - - * configure, configure.in: Fix a warning when --without-ldap is - specified. - -2009-04-05 12:25 millert - - * alias.c, parse.h, visudo.c: Store aliases that we remove during - check_aliases in a freelist and free them at the end so we don't - leak memory. - -2009-03-28 09:30 millert - - * visudo.c: Check aliases in -c mode too. - -2009-03-28 09:09 millert - - * alias.c, parse.h, visudo.c: Make alias_remove return the alias - struct instead of freeing it directly. Fixes a use after free in - alias_remove_recursive, the only consumer. - -2009-03-28 09:07 millert - - * alias.c, match.c, parse.c, parse.h, visudo.c: Rename find_alias - -> alias_find for consistency. - -2009-03-27 19:29 millert - - * visudo.c: When checking for unused aliases, recurse if the alias - points to another alias. - -2009-03-16 12:11 millert - - * ldap.c: Back out rev 1.105 for now. Real ldapux_client.conf - support will be done later after some refactoring. - -2009-03-14 12:02 millert - - * ldap.c: Treat ldap_hostport the same as "host" for ldapux. - -2009-03-13 21:04 millert - - * configure, configure.in: Only check for - ldap_sasl_interactive_bind_s if we can find sasl.h. Fixes - compilation with ldapux. - -2009-03-11 20:03 millert - - * fileops.c: fix char subscript - -2009-03-11 19:19 millert - - * Makefile.in: remove errant carriage returns - -2009-03-11 19:01 millert - - * audit.c, env.c: fix K&R compilation - -2009-03-11 12:12 millert - - * sudo.man.in, sudo.cat, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen - -2009-03-10 17:34 millert - - * config.h.in: Add missing HAVE_BSM_AUDIT - -2009-03-10 17:21 millert - - * WHATSNEW: Add 1.7.1 features - -2009-03-10 17:10 millert - - * INSTALL: Mention --with-netsvc - -2009-03-10 17:08 millert - - * sudoers.ldap.pod: Document netsvc.conf support - -2009-03-10 16:44 millert - - * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c, - sudo_nss.h: Add support for AIX netsvc.conf (like nsswitch.conf). - -2009-03-08 16:57 millert - - * configure, config.h.in, configure.in, env.c: Add - --enable-env-debug flag to enable environment sanity checks. - -2009-03-08 11:51 millert - - * sudoers.ldap.pod, sudoers.pod: Work around some pod2html issue. - -2009-03-07 17:10 millert - - * env.c: Only sync environ for putenv, setenv, and unsetenv. We - need to make sure that sudo_putenv and sudo_setenv only modify - env.envp, not environ. - -2009-03-02 14:19 millert - - * env.c: Really fix UNSETENV_VOID - -2009-03-02 14:18 millert - - * env.c: Fix unsetenv when UNSETENV_VOID - -2009-03-02 08:00 millert - - * aclocal.m4, configure: Fix SUDO_FUNC_PUTENV_CONST - -2009-03-02 07:36 millert - - * ldap.c: tivoli-based ldap does not have ldapssl_err2string - -2009-03-02 07:30 millert - - * configure: regen - -2009-03-01 16:20 millert - - * config.h.in, configure, configure.in, ldap.c: Add support for - Tivoli-based LDAP start TLS as seen in AIX. Untested. - -2009-03-01 08:52 millert - - * env.c: Add sanity checks for setenv/unsetenv - -2009-02-28 20:17 millert - - * Makefile.in: Include bsm_audit.h in the tarball - -2009-02-28 20:00 millert - - * Makefile.in, version.h: bump version for sudo 1.7.1 - -2009-02-28 19:58 millert - - * aclocal.m4, config.h.in, configure, configure.in, env.c, ldap.c, - sudo.h, auth/aix_auth.c: Replace sudo_setenv/sudo_unsetenv with - calls to setenv/unsetenv and provide our own - setenv/unsetenv/putenv that operates on own env pointer. Make - sync_env() inline in setenv/unsetenv/putenv functions. - -2009-02-25 07:33 millert - - * sudo.c: Make "sudoedit -h" work as expected - -2009-02-25 07:21 millert - - * auth/pam.c: Make sure def_prompt is always defined. This is a - workaround for pam configs that prompt for a password in the - session but don't have an auth line. A better fix is to expand - the sudo prompt earlier and set def_prompt to that when - initializing. - -2009-02-25 06:17 millert - - * sudo.pod: Mention that the helper for -A may be graphical. - -2009-02-25 06:16 millert - - * TROUBLESHOOTING: Document what happens if there is no tty. - -2009-02-25 06:05 millert - - * sudo.c: cosmetic changes - -2009-02-25 05:47 millert - - * term.c: Fix term_restore - -2009-02-24 20:23 millert - - * sudo.c: Fix "sudo -k" with no other args - -2009-02-24 08:04 millert - - * check.c, sudo.c, sudo.pod, sudo_usage.h.in: Allow the -k flag to - be specified in conjunction with a command or another option that - may require authentication. - -2009-02-23 09:18 millert - - * configure, configure.in: Remove unneeded AC_CANONICAL_TARGET; - from Diego E. 'Flameeyes' - -2009-02-23 09:15 millert - - * Makefile.in: Parallel make fix. From Diego E. 'Flameeyes' - -2009-02-21 17:03 millert - - * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: - Implement umask_override - -2009-02-21 16:51 millert - - * toke.c: regen - -2009-02-21 16:49 millert - - * sudoers.pod, toke.l, visudo.c: Implement %h escape in sudoers - include filenames. - -2009-02-21 08:43 millert - - * audit.c: Need to include compat.h - -2009-02-21 08:37 millert - - * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, - sudo.c: Make audit_success and audit_failure generic functions in - preparation for integrating linux audit support. - -2009-02-21 08:06 millert - - * term.c: remove duplicate include - -2009-02-20 16:13 millert - - * bsm_audit.c: Add missing include - -2009-02-20 15:55 millert - - * sudo.c: May need to update the runas user after parsing - command-based defaults. - -2009-02-18 10:53 millert - - * glob.c: Add missing pair of braces introduced with character - class support. - -2009-02-15 15:53 millert - - * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c: - Rename pwstars to pwfeedback - -2009-02-10 20:25 millert - - * bsm_audit.c, bsm_audit.h: Add const to make MacOS happy. - -2009-02-10 20:18 millert - - * Makefile.in, bsm_audit.c, bsm_audit.h, configure, configure.in, - sudo.c, auth/sudo_auth.c: Add bsm audit support from Christian - S.J. Peron - -2009-02-10 19:58 millert - - * term.c: This is new code, no DARPA notice. - -2009-02-10 14:04 millert - - * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: Rename - simple_glob -> fast_glob - -2009-02-10 09:39 millert - - * match.c: g/c unused var - -2009-02-10 08:09 millert - - * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: Add - simple_glob option to use fnmatch() instead of glob(). This is - useful when you need to specify patterns that reference network - file systems. - -2009-02-10 07:58 millert - - * tgetpass.c: add term_* proto - -2009-02-10 07:51 millert - - * sudoers.pod: mention glob() - -2009-02-09 07:59 millert - - * tgetpass.c: Delete any pwstars we wrote after the user hits - return. That way there is no record on screen as to the user's - password length. - -2009-02-08 10:27 millert - - * term.c: Move terminal setting bits from tgetpass.c to term.c - -2009-02-07 19:50 millert - - * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod, - tgetpass.c: Add pwstars sudoers option that causes sudo to print - a star every time the user presses a key. - -2009-02-03 10:10 millert - - * Makefile.in: Fix up F<> brokenness for visudo.man.in and - sudoers.ldap.man.in. - -2009-01-27 11:54 millert - - * ldap.c: For ldap_search_ext_s() the sizelimit param should be 0, - not -1, to indicate no limit. From Mark Janssen. - -2009-01-17 17:36 millert - - * toke.c, toke.l: Comments that begin with #- should not be parsed - as uids. - -2009-01-08 19:13 millert - - * sudo.c: Do not try to set the close on exec flag if we didn't - actually open sudoers. - -2008-12-19 12:40 millert - - * ChangeLog: regen - -2008-12-14 17:40 millert - - * TODO: sync - -2008-12-09 18:48 millert - - * auth/pam.c: Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user - enters ^C at the password prompt. - -2008-12-09 16:13 millert - - * configure.in, configure: Don't try to build sudo_noexec.so on - HP-UX with the bundled compiler as it cannot generate shared - objects. - -2008-12-09 15:55 millert - - * glob.c, lbuf.c, tgetpass.c, emul/charclass.h: K&R compilation - fixes - -2008-12-09 08:49 millert - - * parse.c: Use tq_foreach_fwd when checking pseudo-commands to make - it clear that we are not short-circuiting on last match. When - pwcheck is 'all', initialize nopass to TRUE and override it with - the first non-TRUE entry. - -2008-12-08 10:02 millert - - * parse.c: Do not short circuit pseudo commands when we get a match - since, depending on the settings, we may need to examine all - commands for tags. - -2008-12-03 15:58 millert - - * sudoers.cat, sudoers.man.in: regen - -2008-12-03 15:57 millert - - * sudoers.pod: hostnames may also contain wildcards - -2008-12-03 15:40 millert - - * Makefile.in: remove stamp-* files and linux core files in clean - target - -2008-12-02 12:30 millert - - * config.h.in, configure, configure.in, auth/sudo_auth.h: Use - HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX - -2008-11-26 15:10 millert - - * configure, configure.in: correctly enable SIA on Digital UNIX - -2008-11-25 20:06 millert - - * TODO: checkpoint - -2008-11-25 20:05 millert - - * ChangeLog: sync - -2008-11-25 12:01 millert - - * check.c, sudo.h, tgetpass.c: Even if neither stdin nor stdout are - ttys we may still have /dev/tty available to us. - -2008-11-24 10:09 millert - - * sudoers.cat, sudoers.man.in: regen - -2008-11-24 10:08 millert - - * sudoers.pod: fix typos; Markus Lude - -2008-11-24 07:08 millert - - * ChangeLog: sync - -2008-11-23 19:42 millert - - * toke.c: regen - -2008-11-23 19:41 millert - - * toke.l: Fix matching of a line that only consists of a comment - char - -2008-11-22 13:17 millert - - * auth/pam.c: MacOS pam will retry conversation function if it - fails so just treat ^C as an empty password. - -2008-11-22 10:12 millert - - * visudo.c: When checking for alias use, also check defaults - bindings. - -2008-11-22 10:01 millert - - * redblack.c: unused var - -2008-11-22 09:42 millert - - * redblack.c: Replace my rbdelete with Emin's version (which - actually works ;-) - -2008-11-19 12:01 millert - - * testsudoers.c: malloc debugging - -2008-11-19 07:37 millert - - * visudo.c: malloc options in devel mode for visudo too - -2008-11-18 10:57 millert - - * sudo.c: fix compilation on non-C99; from Theo - -2008-11-18 10:50 millert - - * visudo.c: fix check_aliases - -2008-11-18 08:29 millert - - * alias.c: when destroying an alias, free the correct data pointer - -2008-11-18 07:54 millert - - * auth/sudo_auth.h: add proto for aixauth_cleanup; from Dale King - -2008-11-15 13:34 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen - -2008-11-15 13:34 millert - - * sudo.pod, sudoers.pod, visudo.pod: standardize on the term - 'option' for command line options (not flag) - -2008-11-14 06:18 millert - - * INSTALL: Add note on configuring HP-UX pam - -2008-11-11 13:28 millert - - * check.c, sudo.c: Move tty checks into check_user() so we only do - them if we actually need a password. - -2008-11-11 12:34 millert - - * sudo.c: Don't error out if no tty or askpass unless we actually - need to authenticate. - -2008-11-10 15:20 millert - - * ChangeLog: regen - -2008-11-10 08:07 millert - - * pathnames.h.in, sudo.c: s/overriden/overridden/; from Tobias - Stoeckmann - -2008-11-09 15:18 millert - - * visudo.c, WHATSNEW: check sudoers owner and mode in strict mode - -2008-11-09 09:15 millert - - * gram.c, toke.c: regen - -2008-11-09 09:13 millert - - * alias.c, alloc.c, closefrom.c, compat.h, defaults.c, defaults.h, - env.c, fileops.c, gettime.c, gram.y, ins_csops.h, insults.h, - interfaces.c, interfaces.h, lbuf.c, license.pod, list.c, - logging.c, logging.h, parse.c, parse.h, pwutil.c, redblack.c, - redblack.h, snprintf.c, sudo.c, sudo.pod, sudo_edit.c, - sudo_nss.h, testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, - version.h, visudo.c, zero_bytes.c, LICENSE, sudoers.pod, - visudo.pod, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, - auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h, - sudo.man.in, sudoers.man.in, visudo.man.in: Update copyright - years. - -2008-11-09 08:48 millert - - * fnmatch.c, glob.c, emul/charclass.h: add my copyright - -2008-11-08 10:40 millert - - * toke.c, toke.l: The loop in fill_cmnd() was going one byte too - far past the end, resulting in a NUL being written immediately - after the buffer end. - -2008-11-08 10:31 millert - - * UPGRADE, WHATSNEW: add sections on tgetpass changes - -2008-11-08 10:30 millert - - * tgetpass.c: Treat EOF w/o newline as an error. - -2008-11-07 17:42 millert - - * parse.c: Fix "sudo -v" when NOPASSWD is set. - -2008-11-07 12:45 millert - - * auth/: bsdauth.c, fwtk.c, pam.c, sudo_auth.c, sudo_auth.h: No - longer treat an empty password at the prompt as special. To quit - out of sudo you now need to hit ^C at the password prompt. - -2008-11-06 21:07 millert - - * sudoers.cat, sudoers.man.in: regen - -2008-11-06 21:06 millert - - * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: Sudo - will now refuse to run if no tty is present unless the new - visiblepw sudoers flag is set. - -2008-11-05 19:42 millert - - * aix.c: just use RLIM_INFINITY for RLIM_SAVED_MAX if - RLIM_SAVED_MAX not defined - -2008-11-05 19:40 millert - - * aix.c: fix fallback value for RLIM_SAVED_MAX - -2008-11-05 19:14 millert - - * auth/: aix_auth.c, sudo_auth.h: Move clearing of AUTHSTATE into - aixauth_cleanup. - -2008-11-05 19:08 millert - - * env.c, auth/aix_auth.c: Unset AUTHSTATE after calling - authenticate() as it may not be correct for the user we are - running the command as. - -2008-11-05 19:05 millert - - * isblank.c: Add isblank() function for systems without it. Needed - for POSIX character class matching in fnmatch.c and glob.c. - -2008-11-05 11:02 millert - - * TROUBLESHOOTING: expound on sudo and cd - -2008-11-04 15:52 millert - - * ChangeLog: regen - -2008-11-04 15:46 millert - - * sudoers.cat, sudoers.man.in: regen - -2008-11-04 15:45 millert - - * sudoers.pod: mention defauts parse order - -2008-11-03 13:19 millert - - * Makefile.in, aclocal.m4, compat.h, configure: Add isblank() - function for systems without it. Needed for POSIX character - class matching in fnmatch.c and glob.c. - -2008-11-03 12:54 millert - - * Makefile.in: add emul/charclass.h to HDRS - -2008-11-02 14:08 millert - - * TODO: checkpoint - -2008-11-02 14:06 millert - - * parse.c, defaults.c, testsudoers.c, visudo.c: Move - update_defaults into defaults.c and call it properly from visudo - and testsudoers. - -2008-11-02 09:51 millert - - * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, - tgetpass.c, tsgetgrpw.c: use zero_bytes() instead of memset() for - consistency - -2008-11-02 09:45 millert - - * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, - tgetpass.c, visudo.c: Zero out sigaction_t before use in case it - has non-standard entries. - -2008-11-02 09:35 millert - - * match.c: quiet gcc - -2008-11-02 09:28 millert - - * match.c: Short circuit glob() checks if basename(pattern) != - basename(command). Refactor code that checks for a command in a - directory and use it in the glob case if the resolved pattern - ends in a '/'. - -2008-11-01 09:20 millert - - * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c: Defer - setting runas defaults until after runaspw/gr is setup. - -2008-10-29 13:26 millert - - * match.c, sudo.c, testsudoers.c: Use MAXHOSTNAMELEN+1 when - allocating host/domain name since some systems do not include - space for the NUL in the size. Also manually NUL-terminate - buffer from gethostname() since POSIX is wishy-washy on this. - -2008-10-26 17:13 millert - - * sudo.c, sudoers.pod: When setting the umask, use the union of the - user's umask and the default value set in sudoers so that we - never lower the user's umask when running a command. - -2008-10-26 16:43 millert - - * sudo.c: Don't try to read from a zero-length sudoers file. - Remove the bogus Solaris work-around for EAGAIN. Since we now - use fgetc() it should not be a problem. - -2008-10-25 09:22 millert - - * parse.c: In update_defaults() check the return value of - user*_matches against ALLOW so we don't inadvertantly match on - UNSPEC. - -2008-10-24 09:52 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen man pages; no more hyphenation - -2008-10-24 09:49 millert - - * sudo.c: Don't error out on a zero-length sudoers file. With the - advent of #include the user could create a situation where sudo - is unusable. - -2008-10-23 12:06 millert - - * config.h.in, configure, configure.in, auth/kerb5.c: Newer heimdal - has 2-argument krb5_get_init_creds_opt_free() like MIT krb5. - Really old heimdal has no krb5_get_init_creds_opt_alloc() at all. - Add configure tests to handle all the cases. - -2008-10-08 17:28 millert - - * sudo.pod: resort ENVIRONMENT - -2008-10-08 17:09 millert - - * sudoers.pod: document sudoers_locale - -2008-10-08 16:56 millert - - * sudo.pod, sudo_edit.c: add SUDO_EDITOR variable that sudoedit - uses in preference to VISUAL or EDITOR - -2008-10-08 14:27 millert - - * toke.c, toke.l: In fill_cmnd(), collapse any escaped - sudo-specific characters. Allows character classes to be used in - pathnames. - -2008-10-03 16:02 millert - - * lbuf.c: fix typo in non-C89 function declaration - -2008-10-03 15:56 millert - - * sudoers.pod: Mention POSIX characters classes now that out - fnmatch() and glob() support them. - -2008-10-03 15:55 millert - - * sample.sudoers, sudoers.pod: Replace [A-z] (which won't match in - UTF8) with [A-Za-z] which is locale agnostic. - -2008-10-03 10:02 millert - - * parse.h: use __signed char if we are going to assign a negative - value since on Power, char is unsigned by default - -2008-10-03 09:59 millert - - * configure, configure.in, config.h.in: Add tests for __signed char - and signed char. - -2008-10-03 09:19 millert - - * aix.c: Fix AIX limit setting. getuserattr() returns values in - disk blocks rather than bytes. The default hard stack size in - newer AIX is RLIM_SAVED_MAX. From Dale King. - -2008-09-26 17:13 millert - - * fnmatch.c, glob.c, emul/charclass.h: Add character class support - to included glob(3) and fnmatch(3). - -2008-09-16 08:28 millert - - * emul/fnmatch.h: Remove UCB advertising clause and some - compatibility defines. - -2008-09-14 16:07 millert - - * sudo_edit.c: Check EDITOR/VISUAL to make sure sudoedit is not - re-invoking itself or sudo. This allows one to set EDITOR to - sudoedit without getting into an infinite loop of sudoedit - running itself until the path gets too big. - -2008-09-13 20:45 millert - - * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c: Add - sudoers_locale Defaults option to override the default sudoers - locale of "C". - -2008-09-13 14:09 millert - - * sudo.c: Set locale to system default except for during sudoers - parse. - -2008-09-12 09:34 millert - - * match.c: Redo change in 1.34 to use pointer arithmetic. - -2008-09-11 07:06 millert - - * match.c: Fix a dereference (read) of a freed pointer. Reported - by Patrick Williams. - -2008-08-23 19:09 millert - - * sudo.c: Set locale to "C" to avoid interpretation issues with - character ranges in sudoers. May want to make the locale a - sudoers option in the future. - -2008-08-20 07:45 millert - - * config.h.in: we no longer use setproctitle - -2008-08-20 07:41 millert - - * sudo.h: remove #if 1 - -2008-08-20 07:40 millert - - * LICENSE, mkstemp.c: Use my replacement mkstemp() from the mktemp - package. - -2008-07-12 08:53 millert - - * gram.c: regen with yacc skeleton bug fixed - -2008-07-12 08:48 millert - - * sudoers.pod: Remove duplicate "as root". From Martin Toft. - -2008-07-02 06:27 millert - - * pwutil.c, sudo.c, testsudoers.c, sudo.h: Flesh out the fake - passwd entry used for running commands as a uid not listed in the - passwd database. Fixes an issue with some PAM modules. - -2008-07-01 07:57 millert - - * sudo.c: Error out in -i mode if the user has no shell. This can - happen when running commands as a uid with no password entry. - -2008-06-26 07:49 millert - - * toke.c, toke.l: Better fix for line continuation inside double - quotes. Now accepts whitespace between the backslash and the - newline like the main lexer. - -2008-06-25 14:31 millert - - * toke.c, toke.l: Fix line continuation in strings. It was only - being honored if preceded by whitespace. - -2008-06-22 16:19 millert - - * config.h.in, configure, configure.in, logging.c: Replace the - double fork with a fork + daemonize. - -2008-06-21 14:59 millert - - * env.c, sudo.c: The -i flag should imply env_reset. This got - broken in sudo 1.6.9. - -2008-06-20 20:34 millert - - * logging.c, sudo.c, sudo_edit.c, visudo.c: Change how the mailer - is waited for. Instead of having a SIGCHLD handler, use the - double fork trick to orphan the child that opens the pipe to - sendmail. Fixes a problem running su on some Linux distros. - -2008-06-20 17:16 millert - - * configure, configure.in: Fix configure test for dirfd() on Linux - where DIR is opaque. - -2008-06-17 17:42 millert - - * tgetpass.c: Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If - QNX still has this problem we'll need to revisit this again. - -2008-06-10 21:13 millert - - * logging.c: Ignore SIGPIPE instead of blocking it when piping to - the mailer. If we only block the signal it may be delivered - later when we unblock. Also, there is no need to block SIGCHLD - since we no longer do the double fork. The normal SIGCHLD - handler is sufficient. - -2008-06-08 17:37 millert - - * configure, configure.in: Add description for NO_PAM_SESSION, from - a redhat patch. - -2008-06-06 09:36 millert - - * sudo.cat, sudo.man.in, sudo.pod: Fix typos in -i usage - -2008-05-18 13:54 millert - - * configure, configure.in: Redo the test for dgettext() in a way - that hopefully will work around the libintl_dgettext() undefined - problem. - -2008-05-11 09:21 millert - - * schema.ActiveDirectory: change filename in comment - -2008-05-10 09:18 millert - - * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in, - sudoers.ldap.pod: Reference schema.ActiveDirectory - -2008-05-09 14:49 millert - - * schema.OpenLDAP, schema.iPlanet: Mark sudoRunAs as deprecated. - -2008-05-09 14:48 millert - - * schema.ActiveDirectory: add sudoRunAsUser and sudoRunAsGroup - -2008-05-09 14:01 millert - - * schema.ActiveDirectory: Active Directory schema by Chantal - Paradis and Eric Paquet - -2008-05-08 17:54 millert - - * parse.c: remove an XXX that was fixed - -2008-05-08 12:53 millert - - * ChangeLog: sync - -2008-05-08 12:49 millert - - * parse.c: Initialize tags to UNSPEC instead of def_* in "sudo -l" - mode. This fixes a problem where the tag value printed was - influenced by defaults set in the first pass through the parser. - -2008-05-03 21:29 millert - - * Makefile.in, sudo.psf: No point in packaging the TODO file - -2008-05-03 21:24 millert - - * ChangeLog: sync - -2008-05-02 20:53 millert - - * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c, - sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod: Add env_file - Defaults option that is similar to /etc/environment on some - systems. - -2008-05-02 16:38 millert - - * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in, - sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, - sudoers.man.in, version.h, visudo.cat, visudo.man.in: change - version to 1.7.0 - -2008-05-02 16:37 millert - - * UPGRADE: initial valgrind pass done - -2008-04-23 08:30 millert - - * ldap.c: Fix typo/think in sudo_ldap_read_secret() when storing - the secret. - -2008-04-11 10:03 millert - - * ldap.c: define LDAPS_PORT if the system headers do not - -2008-04-10 14:54 millert - - * gram.c, gram.y: Fix another memory leak in init_parser(). - -2008-04-10 12:51 millert - - * configure, configure.in: There was a missing space before the - ldap libs in SUDO_LIBS for some configurations. - -2008-04-10 11:28 millert - - * alias.c, gram.c, gram.y, toke.c, toke.l: Clean up some memory - leaks pointed out by valgrind. - -2008-04-07 14:39 millert - - * sudo.c: fix "sudo -s" broken by mode/flags breakout - -2008-04-07 14:26 millert - - * configure, configure.in: remove duplicate check for dgettext - -2008-04-05 15:54 millert - - * aix.c: Fall back to default stanza if no user-specific limit is - found. - -2008-04-02 15:56 millert - - * snprintf.c: include stdint.h if present - -2008-04-02 15:28 millert - - * snprintf.c: Use LLONG_MAX, not the old QUAD_MAX - -2008-04-01 19:18 millert - - * sudoers.ldap.pod: fix cut and pasto - -2008-03-31 11:24 millert - - * pwutil.c: Add #ifdef PURITY - -2008-03-30 17:36 millert - - * auth/bsdauth.c: remove useless cast - -2008-03-27 19:07 millert - - * ChangeLog: sync - -2008-03-27 19:04 millert - - * TODO: sync - -2008-03-27 19:01 millert - - * sudo.h: Split MODE_* defines into primary and flags. - -2008-03-26 13:11 millert - - * aix.c: It turns out the logic for getting AIX limits is more - convoluted than I realized and differs depending on whether the - soft and/or hard limits are defined. - -2008-03-23 10:18 millert - - * Makefile.in, configure, configure.in: Back out AIX-specific - change to set the sudo_noexec path to the .a file, we do really - want to use the .so file. Since libtool doesn't do that - correctly, just install the .so file ourselves in the Makefile. - -2008-03-23 10:12 millert - - * install-sh: If the file given to install is a path, only use the - basename of the file when building the destination path. - -2008-03-18 16:08 millert - - * sudo.c: parse_args() cleanup: Sort command line options in the - getopt() switch The -U option requires a parameter Normalize a - few ISSET calls Split mode into mode and flags and retire the - now-obsolete excl variable - -2008-03-18 16:04 millert - - * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, - sudo.pod, sudo_usage.h.in: Add -n (non-interactive) flag. - -2008-03-18 15:59 millert - - * sudo.c: Move version printing, etc. into a separate function. - -2008-03-18 15:57 millert - - * sudo.c: Don't try to cleanup nsswitch if it has not been - initialized. - -2008-03-17 11:09 millert - - * logging.c: Block SIGPIPE in send_mail() so sudo is not killed by - a problem executing the mailer. - -2008-03-14 08:11 millert - - * configure.in, configure: AIX shared libs end in .a, not .so. - -2008-03-13 07:34 millert - - * env.c: Preserve HOME by default too. Matches documentation and - previous behavior. - -2008-03-12 19:42 millert - - * sudo.c: Use getopt() to parse the command line. We need to be - able to intersperse env variables and options yet still honor - "--"" which complicates things slightly. - -2008-03-06 14:46 millert - - * ChangeLog: sync - -2008-03-06 14:43 millert - - * acsite.m4, configure, ltmain.sh: update to libtool-1.5.26 - -2008-03-06 14:32 millert - - * config.guess, config.sub: update from libtool-1.5.26 distribution - -2008-03-06 13:18 millert - - * aix.c, sudo.h: attempt to fix compilation errors on AIX - -2008-03-06 13:08 millert - - * Makefile.in: fix typo in last commit - -2008-03-06 13:07 millert - - * Makefile.in: Add WHATSNEW file to the distribution - -2008-03-06 12:43 millert - - * visudo.c: use warningx instead of fprintf(stderr, ...) - -2008-03-06 12:31 millert - - * list.c: add DEBUG to list2tq - -2008-03-06 12:28 millert - - * ChangeLog, TODO: sync - -2008-03-06 12:21 millert - - * WHATSNEW: mention mailfrom - -2008-03-06 12:19 millert - - * Makefile.in, config.h.in, configure, configure.in, set_perms.c, - sudo.h, aix.c: Add aix_setlimits() to set resource limits on AIX - using a combination of getuserattr() and setrlimit(). Currently - untested. - -2008-03-05 16:52 millert - - * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat, - sudoers.pod, sudoers.man.in: Add mailfrom Defaults option that - sets the value of the From: field in the warning/error mail. If - unset the login name of the invoking user is used. - -2008-03-05 16:18 millert - - * defaults.c: store a copy of _PATH_SUDO_ASKPASS in def_askpass - that is freeable - -2008-03-05 15:19 millert - - * gram.c, gram.y: When adding a default, only call list2tq() once - to do the list to tq conversion. It is not legal to call list2tq - multiple times on the same list since list2tq consumes and - modifies the list argument. - -2008-03-05 09:38 millert - - * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: comment - out XXXs for now - -2008-03-05 09:36 millert - - * WHATSNEW: mention askpass - -2008-03-04 17:20 millert - - * sudo.c: Error out if both -A and -S are specified Error out if -A - is specified but no askpass is configured - -2008-03-04 17:16 millert - - * configure, configure.in: we are not going to ship a sudo-specific - askpass - -2008-03-03 14:30 millert - - * sudo.h: fix definition of TGP_ASKPASS - -2008-03-03 13:54 millert - - * def_data.c, def_data.in: make askpass boolean-capable - -2008-03-03 13:53 millert - - * INSTALL: document --with-askpass - -2008-03-02 19:27 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, - sudoers.ldap.cat, visudo.cat: regen - -2008-03-02 17:31 millert - - * sudo.pod, sudo_usage.h.in, sudoers.pod: document -A and askpass - -2008-03-02 09:31 millert - - * check.c, configure, configure.in, def_data.c, def_data.h, - def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h, - sudo_usage.h.in, tgetpass.c, auth/sudo_auth.c: Add support for - running a helper program to read the password when no tty is - present (or when specified with the -A flag). TODO: docs. - -2008-03-02 08:38 millert - - * def_data.c, def_data.in: add missing printf format to SELinux - role and type strings - -2008-02-27 09:26 millert - - * INSTALL, configure, configure.in: Disable use of - gss_krb5_ccache_name() by default and add - --enable-gss-krb5-ccache-name configure option to enable it. It - seems that gss_krb5_ccache_name() doesn't work properly with some - combinations of Heimdal and OpenLDAP. - -2008-02-22 15:33 millert - - * selinux.c: Ignore setexeccon() failing in permissive mode. Also - add a call to setkeycreatecon() (though this is probably - insufficient). From Dan Walsh. - -2008-02-22 15:19 millert - - * auth/pam.c: Only set std_prompt for the PAM_PROMPT_* cases. The - conversation function may be called for non-password reading - purposes so we must be careful not to use def_prompt in cases - where it may not be set. - -2008-02-20 12:00 millert - - * selinux.c: Don't free the new tty context, we need to keep it - around when we restore the tty context after the command - completes - -2008-02-19 16:04 millert - - * selinux.c: s/newrole/sudo/ - -2008-02-19 13:21 millert - - * sudo.man.pl, sudo.pod: Only put login_cap(3) in SEE ALSO section - if we have login.conf support - -2008-02-18 11:05 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen - -2008-02-18 10:53 millert - - * Makefile.in, configure, configure.in, sudo.man.pl, sudo.pod, - sudoers.man.pl, sudoers.pod: Substitute in comment characters for - lines partaining to login.conf, BSD auth and SELinux and only - enable them if pertinent. - -2008-02-18 10:42 millert - - * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod: - Remove the =cut on the first line (above the copyright notice) to - quiet pod2man. Also remove the hackery in the FILES section and - just deal with the fact that there will a newline between each - pathname. - -2008-02-17 08:19 millert - - * Makefile.in: run sudo.man.pl when generating sudo.man.in - -2008-02-17 08:11 millert - - * configure, configure.in, sudo.man.pl: comment out SELinux manual - bits unless --with-selinux was specified - -2008-02-17 08:04 millert - - * sudoers.pod: document role and type defaults for SELinux - -2008-02-16 20:26 millert - - * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in: - Document "sudo -ll" and make "sudo -l -l" be equivalent. - -2008-02-15 15:23 millert - - * configure.in, configure: Treat k*bsd*-gnu like Linux, not BSD. - Fixes compilation problems on Debian GNU/kFreeBSD. - -2008-02-13 17:17 millert - - * auth/kerb5.c: Avoid Heimdal'isms introduced in the rev 1.32 - rewrite of verify_krb_v5_tgt() - -2008-02-13 07:28 millert - - * logging.c, logging.h, sudo.c: Remove dependence on - VALIDATE_NOT_OK in logging functions. Split log_auth() into - log_allowed() and log_denial() Replace mail_auth() with - should_mail() and a call to send_mail() - -2008-02-10 18:06 millert - - * ldap.c: Add debugging so we can tell if the krb5 ccache is - accessible - -2008-02-10 17:34 millert - - * INSTALL: mention --with-selinux - -2008-02-09 09:48 millert - - * configure: regen - -2008-02-09 09:43 millert - - * selinux.c: add Sudo tag - -2008-02-09 09:30 millert - - * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h, - def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h, - pathnames.h.in, selinux.c, sesh.c, sudo.c, sudo.cat, sudo.h, - sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.ldap.pod, testsudoers.c, toke.c, - toke.l: Add support for SELinux RBAC. Sudoers entries may - specify a role and type. There are also role and type defaults - that may be used. To make sure a transition occurs, when using - RBAC commands are executed via the new sesh binary. Based on - initial changes from Dan Walsh. - -2008-02-08 08:18 millert - - * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c: Add long - list (sudo -ll) support for printing verbose LDAP and sudoers - file entries. Still need to update manual. - -2008-02-03 10:43 millert - - * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h: Unify the -l - output for file and ldap based sudoers and use lbufs for both. - The ldap output does not currently include options that cannot be - represented as tags. This will be remedied in a long list output - mode to come. - -2008-01-27 16:37 millert - - * set_perms.c: Use a specific error message for errno == EAGAIN - when setuid() et al fails. On Linux systems setuid() will fail - with errno set to EAGAIN if changing to the new uid would result - in a resource limit violation. - -2008-01-27 16:34 millert - - * sudo.c: Unlimit nproc on Linux systems where calling the setuid() - family of syscalls causes the nroc resource limit to be checked. - The limits will be reset by pam_limits.so when PAM is used. In - the non-PAM case the nproc limit will remain unlimited but there - doesn't seem to be a way around that other than having sudo parse - /etc/security/limits.conf directly. - -2008-01-27 16:31 millert - - * env.c, sudo.c, sudo.pod: Only read /etc/environment on Linux and - AIX - -2008-01-23 06:33 millert - - * configure, configure.in: Use SUDO_DEFINE_UNQUOTED instead of - AC_DEFINE_UNQUOTED to prevent ldap.conf and ldap.secret paths - from going into config.h. Avoid single quotes in variable - expansion when using SUDO_DEFINE_UNQUOTED since in some versions - of bash they will end up literally in the resulting define. - -2008-01-21 13:22 millert - - * README.LDAP: mention --with-nsswitch=no - -2008-01-21 11:43 millert - - * configure, configure.in: ldap_ssl.h depends on ldap.h being - included first - -2008-01-21 11:07 millert - - * configure, configure.in, ldap.c, config.h.in: Include ldap_ssl.h - if we can find it. Needed for the ldapssl_set_strength defines - on HP-UX at least. - -2008-01-21 10:02 millert - - * TODO, sudoers.ldap.pod: sync - -2008-01-21 10:01 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen - -2008-01-21 10:00 millert - - * Makefile.in: Use 78n line length when formatting cat pages. - -2008-01-21 09:50 millert - - * README.LDAP: Remove redundant info that is now in - sudoers.ldap.pod - -2008-01-20 16:18 millert - - * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: - Reorganize the first section a bit. Substitute the proper path - for /etc/sudoers. - -2008-01-20 10:17 millert - - * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: - Substitute values for ldap.conf, ldap.secret and nsswitch.conf - Move schema into EXAMPLES - -2008-01-20 10:15 millert - - * configure.in, configure: Substitute values for ldap.conf, - ldap.secret and nsswitch.conf into sudoers.ldap.man. - -2008-01-19 20:35 millert - - * configure, configure.in: substitute for sudoers.ldap.man - -2008-01-19 20:34 millert - - * Makefile.in: Fix cut & pasto introduced when adding sudoers.ldap - man page. - -2008-01-19 20:25 millert - - * sudoers.ldap.pod, sudoers.ldap.cat, sudoers.ldap.man.in: Fill in - some of the missing pieces. Still needs some reorganization and - editing. - -2008-01-19 15:06 millert - - * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in, - sudoers.ldap.pod: Beginnings of a sudoers.ldap man page. - Currently, much of the information is adapted from README.LDAP. - -2008-01-18 17:32 millert - - * pwutil.c: When copying gr_mem we must guarantee that the storage - space for gr_mem is properly aligned. The simplest way to do - this is to simply store gr_mem directly after struct group. This - is not a problem for gr_passwd or gr_name as they are simple - strings. - -2008-01-18 16:47 millert - - * ldap.c: Fix a typo/thinko in one of the calls to - sudo_ldap_check_user_netgroup(). From Marco van Wieringen. - -2008-01-17 15:44 millert - - * config.h.in, configure, configure.in, ldap.c: include - in ldap.c if available - -2008-01-16 18:20 millert - - * gram.c, gram.y: Make sure we define SIZE_MAX for yacc's - skeleton.c - -2008-01-16 13:03 millert - - * tgetpass.c: Use TCSAFLUSH when restoring terminal settings (and - echo) to guarantee that any pending output is discarded - -2008-01-15 17:18 millert - - * sudoers: no longer need to specify SETENV when user has sudo ALL - -2008-01-15 09:40 millert - - * testsudoers.c: sync user_args size calculation with sudo.c Add -g - group option, renaming old -g to -G Add set_runasgr() and - set_runaspw() and use them - -2008-01-15 09:23 millert - - * sudo.h, sudo.c: Make set_runaspw static void - -2008-01-15 09:17 millert - - * testsudoers.c, visudo.c: g/c set_runaspw stub - -2008-01-15 07:28 millert - - * configure, configure.in: Don't add -llber twice. - -2008-01-14 06:40 millert - - * ldap.c: fix typo - -2008-01-13 15:39 millert - - * gram.c: regen - -2008-01-13 14:57 millert - - * configure, configure.in: Fix check that determines whether -llber - is required. - -2008-01-13 14:22 millert - - * config.h.in, configure, configure.in, README.LDAP, ldap.c: For - netscape-based LDAP, use ldapssl_set_strength() to implement the - checkpeer ldap.conf option. - -2008-01-13 09:49 millert - - * auth/kerb5.c: Delay krb5_cc_initialize() until we actually need - to use the cred cache, which is what krb5_verify_user() does. - Better cleanup on failure. - -2008-01-12 12:40 millert - - * auth/kerb5.c: Rewrite verify_krb_v5_tgt() based on what heimdal's - krb5_verify_user() does. - -2008-01-09 14:58 millert - - * gram.c: The U suffix on constants is an ANSI feature - -2008-01-09 12:08 millert - - * configure.in, configure: Add check for ber_set_option() in -llber - -2008-01-06 19:02 millert - - * README.LDAP: default if no nsswitch.conf is files only - -2008-01-06 17:28 millert - - * README.LDAP: don't tell people to mail aaron about LDAP stuff - -2008-01-06 12:32 millert - - * README.LDAP: timelimit and bind_timelimit - -2008-01-06 08:54 millert - - * ChangeLog: sync - -2008-01-06 07:56 millert - - * ldap.c: Move ldap.secret reading into a separate function. - -2008-01-05 19:09 millert - - * check.c: user_runas -> runas_pw - -2008-01-05 18:59 millert - - * TODO: sync - -2008-01-05 18:59 millert - - * check.c, sudo.pod, sudoers.pod: Add and document the %p escape in - the password prompt. Based on a patch from Patrick Schoenfeld. - -2008-01-05 18:25 millert - - * ldap.c: Check strlcpy() return values. - -2008-01-05 18:12 millert - - * ldap.c: refactor ldap binding code into sudo_ldap_bind_s() - -2008-01-05 16:35 millert - - * README.LDAP: Make it clear that host and uri can take multiple - parameters. URI is now supported for more than just openldap - nsswitch.conf does't accept "compat" - -2008-01-05 16:27 millert - - * sudo.c: comment cleanup and update (c) year - -2008-01-05 16:25 millert - - * parse.c, sudo_nss.c: Move display_privs() and display_cmnd() from - parse.c to sudo_nss.c. This should make it possible to build an - LDAP-only sudo binary. - -2008-01-05 13:27 millert - - * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h: Improve chaining of - multiple sudoers sources by passing in the previous return value - to the next in the chain - -2008-01-05 13:26 millert - - * gram.y: Free up parser data structures in sudo_file_close(). - -2008-01-05 08:13 millert - - * gram.c, parse.c: Free up parser data structures in - sudo_file_close(). - -2008-01-05 07:59 millert - - * ldap.c: Parse uri ourself if no ldap_initialize() is present Use - ldap_create() instead of deprecated ldap_init() Use - ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s() - -2008-01-05 07:56 millert - - * config.h.in, configure, configure.in: Add check for - ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from CFLAGS - -2008-01-04 09:56 millert - - * configure.in, configure, config.h.in: add check for ldap_create - -2008-01-03 16:11 millert - - * config.h.in, configure, configure.in, ldap.c: Add - sudo_ldap_get_first_rdn() to return the first rdn of an entry's - dn using the mechanism appropriate for the LDAP SDK in use. Use - ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). - Emulate ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's - without them. - -2008-01-03 16:02 millert - - * lbuf.c: include unistd.h - -2008-01-03 11:05 millert - - * config.h.in, configure.in: fix typo in mtim_getnsec - -2008-01-02 15:29 millert - - * config.h.in, configure.in, configure: add check for st__tim in - struct stat as used by SCO - -2008-01-02 11:05 millert - - * ldap.c: use ldap_search_ext_s instead of deprecated ldap_search_s - -2008-01-02 10:09 millert - - * Makefile.in, TODO, sudo.cat, sudo.man.in: add sudo_nss.h to HDRS - -2008-01-01 19:04 millert - - * ldap.c: Replace deprecated ldap_explode_dn() with calls to - ldap_str2dn() and ldap_rdn2str(). - -2008-01-01 18:37 millert - - * ldap.c: Use ldap_get_values_len()/ldap_value_free_len() instead - of the deprecated ldap_get_values()/ldap_value_free(). - -2008-01-01 17:07 millert - - * TODO, ChangeLog: sync - -2008-01-01 17:06 millert - - * gettime.c, sudo.c: Remove some already fixed XXXs - -2008-01-01 17:03 millert - - * ldap.c: Same return value as non-existent sudoers if LDAP was - unable to connect. - -2008-01-01 16:52 millert - - * sudo.pod: mention /etc/environment - -2008-01-01 16:42 millert - - * UPGRADE, WHATSNEW, README.LDAP: Update to reflect recent - developments. - -2008-01-01 16:42 millert - - * sudo.c: Print nsswitch.conf, ldap.conf and ldap.secret paths in - -V output. - -2008-01-01 16:25 millert - - * ldap.c: When building up a query don't list groups in the aux - group vector that are the same as the passwd file group. On most - systems the first gid in the group vector is the same as the - passwd entry gid. - -2008-01-01 14:01 millert - - * env.c, ldap.c: Define LDAPNOINIT before calling ldap_init(), etc. - to disable user ldaprc and system defaults that could affect how - LDAP works. - -2008-01-01 13:21 millert - - * INSTALL, configure, configure.in, pathnames.h.in, sudo.c, - sudo_nss.c, sudo_nss.h: Rename read_nss -> sudo_read_nss Add - --with-nsswitch to allow users to specify nsswitch.conf path or - disable it. If --with-nsswitch=no but --with-ldap, order is - LDAP, then sudoers. Fix --with-ldap-conf-file and - --with-ldap-secret-file - -2008-01-01 13:12 millert - - * parse.c: Honor def_ignore_local_sudoers - -2007-12-31 16:44 millert - - * ldap.c: no longer need to check def_ignore_local_sudoers here - -2007-12-31 16:36 millert - - * parse.c: Refactor group vector resetting into a function and also - call it from display_cmnd. Stop after the first sucessful match - in display_cmnd. Print a newline between each display_privs - method. - -2007-12-31 16:23 millert - - * parse.c: fix double free introduced in rev 1.218 - -2007-12-31 16:10 millert - - * ldap.c: belt and suspenders; zero out result after freeing it - -2007-12-31 15:04 millert - - * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c: Refactor line - reading into a separate function, sudo_parseln(), which removes - comments, leading/trailing whitespace and newlines. May want to - rethink the use of sudo_parseln() for /etc/ldap.secret - -2007-12-31 14:26 millert - - * parse.c, sudo.c: Make the inability to read the sudoers file a - non-fatal error if there are other sudoers sources available. - sudoers_file_lookup now returns "not OK" if sudoers was not - present - -2007-12-31 14:24 millert - - * ldap.c: make it clear that the global options are from LDAP - -2007-12-31 14:13 millert - - * logging.c: allocate proper amount of space for error string - -2007-12-31 10:24 millert - - * sudo_nss.c, sudo_nss.h: actual sudo nss code - -2007-12-31 10:08 millert - - * ldap.c, parse.c, sudo.c, sudo.h: nss-ify display_privs and - display_cmnd. - -2007-12-31 07:54 millert - - * defaults.c, parse.c, testsudoers.c, visudo.c: move - update_defaults() to parse.c - -2007-12-31 07:39 millert - - * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h: - Use nsswitch to hide some sudoers vs. ldap implementation details - and reduce the number of #ifdef LDAP TODO: fix display routines - and error handling - -2007-12-28 11:20 millert - - * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h: - First cut at nsswitch.conf support. Further reorganizaton and - related changes are forthcoming. - -2007-12-21 16:53 millert - - * env.c, pathnames.h.in, sudo.c, sudo.h: Add support for reading - and /etc/environment file. Still needs to be documented and - should probably only applies to OSes that have it (AIX and Linux, - maybe others). - -2007-12-21 16:20 millert - - * ldap.c: include limits.h - -2007-12-20 10:02 millert - - * WHATSNEW: reword LDAP SASL - -2007-12-19 16:40 millert - - * TODO: sync - -2007-12-19 16:39 millert - - * README.LDAP: Add an example sudoRole, clarify netscape vs. - openldap a bit more - -2007-12-19 14:42 millert - - * README.LDAP: Be clear on what is OpenLDAP vs. Netscape-derived - -2007-12-19 14:28 millert - - * config.h.in, configure, configure.in, ldap.c: Use ldapssl_init() - for ldaps support instead of trying to do it manually with - ldap_init() + ldapssl_install_routines(). Use tls_cert and - tls_key for cert7.db and key3.db respectively. Don't print - debugging info for options that are not set. Add warning if - start_tls specified when not supported. - -2007-12-19 14:25 millert - - * ldap.c: fix compilation on solaris - -2007-12-19 14:23 millert - - * Makefile.in: add missing .h and .c files for missing lib objs - -2007-12-18 09:54 millert - - * ldap.c: fix LDAP_OPT_NETWORK_TIMEOUT setting - -2007-12-17 20:10 millert - - * ldap.c: fix compilation on Solaris - -2007-12-17 10:14 millert - - * configure, configure.in: fix typo - -2007-12-17 08:08 millert - - * README.LDAP: try to clear up which variables are for OpenLDAP and - which are for netscape-derived SDKs - -2007-12-17 07:31 millert - - * config.h.in, configure, configure.in, ldap.c: Add support for - "ssl on" in both netscape and openldap flavors. Only the - OpenLDAP flavor has been tested. - -2007-12-17 07:28 millert - - * logging.c, sudo.c, sudo.h: Call cleanup() before exit in - log_error() instead of calling sudo_ldap_close() directly. - ldap_conn can now be static to sudo.c - -2007-12-16 20:02 millert - - * sudo.c: ld -> ldap_conn - -2007-12-16 14:42 millert - - * logging.c, sudo.c, sudo.h: Better ldap cleanup. - -2007-12-16 14:08 millert - - * ldap.c: Distinguish between LDAP conf settings that are - connection-specific (which take an ld pointer) and those that are - default settings (which do not). - -2007-12-14 16:46 millert - - * ldap.c: Improved warnings on error. - -2007-12-14 15:59 millert - - * ldap.c: Make ldap config table driven and set the config *after* - we open the connection. - -2007-12-13 16:41 millert - - * ldap.c: fix LDAP_OPT_X_CONNECT_TIMEOUT compat define - -2007-12-13 09:13 millert - - * configure, configure.in: some operating systems need to link with - -lkrb5support when using krb5 - -2007-12-10 17:12 millert - - * WHATSNEW: minor update - -2007-12-10 10:56 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen - -2007-12-07 19:17 millert - - * TODO, ChangeLog: sync - -2007-12-07 19:09 millert - - * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif: add -g - support for LDAP - -2007-12-03 11:36 millert - - * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in: The -i and -s flags - can now take an optional command. - -2007-12-02 12:13 millert - - * def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod, - sudoers.pod, auth/pam.c: Add passprompt_override flag to sudoers - that will cause the prompt to be overridden in all cases. This - flag is also set when the user specifies the -p flag. - -2007-12-01 19:51 millert - - * sudo.c: Move setting of login class until after sudoers has been - parsed. Set NewArgv[0] for -i after runas_pw has been set. - -2007-12-01 19:34 millert - - * configure, configure.in: Move the dgettext check. - -2007-12-01 11:22 millert - - * config.h.in, configure, configure.in, auth/pam.c: Add basic - support for looking up the string "Password: " in the PAM - localized text db. This allows us to determine whether the PAM - prompt is the default "Password: " one even if it has been - localized. - - TODO: concatenate non-std PAM prompts and user-specified sudo - prompts. - -2007-11-27 18:40 millert - - * Makefile.in, config.h.in, configure.in, parse.c, set_perms.c, - sudo.c, configure, sudo.h: Use AC_FUNC_GETGROUPS instead of a - home-grown attempt that was insufficient. - -2007-11-27 12:13 millert - - * configure, acsite.m4, interfaces.c, memrchr.c: Fix typos; - Martynas Venckus - -2007-11-25 19:26 millert - - * set_perms.c: Don't assume runas_pw is set; it may not be in the - -g case. - -2007-11-25 08:07 millert - - * logging.c, set_perms.c: Set aux group vector for PERM_RUNAS and - restore group vector for PERM_ROOT if we previously changed it. - Stash the runas group vector so we don't have to call initgroups - more than once. Also add no-op check to check_perms. - -2007-11-21 15:11 millert - - * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, - gram.y, ldap.c, logging.c, match.c, mon_systrace.c, parse.c, - parse.h, pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, - sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.cat, - sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, visudo.c, - visudo.cat, visudo.man.in: Add support for runas groups. This - allows the user to run a command with a different effective - group. If the -g option is specified without -u the command will - be run as the current user (only the group will change). the -g - and -u options may be used together. TODO: implement runas group - for ldap improve runas group documentation add - testsudoers support - -2007-11-21 15:02 millert - - * configure, configure.in: fix setting of mandir - -2007-11-21 14:26 millert - - * sudo.pod, sudoers.pod: document that ALL implies SETENV - -2007-11-21 13:50 millert - - * ldap.c: s/setenv_ok/setenv_implied/g - -2007-11-21 13:44 millert - - * ldap.c: hostname_matches() returns TRUE on match in sudo 1.7. - -2007-11-21 13:26 millert - - * ldap.c: use strcmp, not strcasecmp when comparing ALL - -2007-11-21 11:41 millert - - * ldap.c: Make sudo ALL imply setenv. Note that unlike with - file-based sudoers this does affect all the commands in the - sudoRole. - -2007-11-21 11:05 millert - - * gram.c, gram.y, parse.c, parse.h: sudo "ALL" now implies the - SETENV tag but, unlike an explicit tag, it is not passed on to - other commands in the list. - -2007-11-21 11:02 millert - - * visudo.c: Add missing sudo_setpwent() and sudo_setgrent() calls. - Also use sudo_getpwuid() instead of getpwuid(). - -2007-11-15 11:16 millert - - * sudoers: Expand on the dangers of not using visudo to edit - sudoers. - -2007-11-08 07:24 millert - - * parse.c: Don't quote *?[]! on output since the lexer does not - strip off the backslash when reading those in. - -2007-11-07 13:16 millert - - * glob.c: expand "u_foo" types to "unsigned foo" to avoid - compatibility issues. - -2007-11-04 08:33 millert - - * logging.c: Refactor log line generation in to new_logline(). - -2007-10-25 09:23 millert - - * TROUBLESHOOTING: fix typo - -2007-10-24 12:41 millert - - * config.h.in, configure, configure.in, interfaces.c, interfaces.h, - match.c: Add configure check for struct in6_addr instead of - relying on AF_INET6 since some systems define AF_INET6 but do not - include IPv6 support. - -2007-10-21 09:29 millert - - * configure, configure.in: Fix block to add -lutil for FreeBSD and - NetBSD when logincap is in use. - -2007-10-19 22:28 millert - - * configure, configure.in: POSIX states that struct timespec be - declared in time.h so check there regardless of the value of - TIME_WITH_SYS_TIME. - -2007-10-17 11:37 millert - - * tgetpass.c: Instead of defining a macro to call the appropriate - method for turning on/off echo, just define tc[gs]etattr() and - the related defines that use the correct terminal ioctls if - needed. Also go back to using TCSAFLUSH instead of TCSADRAIN on - all but QNX. - -2007-10-08 20:18 millert - - * Makefile.in: g/c @ALLOCA@ - -2007-10-08 20:07 millert - - * configure: regen - -2007-10-08 20:04 millert - - * INSTALL, config.h.in, configure.in, auth/pam.c: Add - --disable-pam-session configure option to disable calling - pam_{open,close}_session. May work around bugs in some PAM - implementations. - -2007-10-08 12:00 millert - - * tgetpass.c: quiet gcc warnings - -2007-10-08 08:41 millert - - * tgetpass.c: Avoid printing the prompt if we are already - backgrounded. E.g. if the user runs "sudo foo &" from the shell. - In this case, the call to tcsetattr() will cause SIGTTOU to be - delivered. - -2007-09-15 16:07 millert - - * def_data.c, def_data.h, def_data.in: Reorder things such that the - definition of env_reset come right before the env variable lists. - -2007-09-15 07:50 millert - - * parse.h: Shrink type and seqno in struct alias from int to - u_short - -2007-09-15 07:24 millert - - * alias.c, match.c, parse.c, parse.h: Add a sequence number in the - aliases for loop detection. If we find an alias with the seqno - already set to the current (global) value we know we've visited - it before so ignore it. - -2007-09-13 19:05 millert - - * TODO, sudo.c, sudo.h, auth/pam.c: PAM wants the full tty path so - add user_ttypath which holds the full path to the tty or is NULL - if no tty was present. - -2007-09-13 18:42 millert - - * auth/pam.c: Set PAM_RHOST to work around a bug in Solaris 7 and - lower that results in a segv. - -2007-09-11 15:43 millert - - * gram.c: regen - -2007-09-11 15:42 millert - - * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c, - parse.h, testsudoers.c, visudo.c: rename lh_ -> tq_ - -2007-09-10 17:33 millert - - * alloc.c: remove some useless casts - -2007-09-10 17:32 millert - - * alloc.c: pull in inttypes.h for SIZE_MAX; we avoid stdint.h since - inttypes.h predates the final C99 spec and the standard specifies - that it shall include stdint.h anyway - -2007-09-06 12:39 millert - - * Makefile.in, alloca.c, configure.in: Since we ship with a - pre-generated parser there is no need to ship a bogus alloca - implementation. - -2007-09-06 12:22 millert - - * configure: regen - -2007-09-06 12:19 millert - - * configure.in: remove initial setting of CHECKSIA, we require that - it be unset if not used - -2007-09-06 11:55 millert - - * Makefile.in: add list.c to SRCS - -2007-09-06 07:18 millert - - * configure: regen - -2007-09-06 07:17 millert - - * configure.in: only do SIA checks on Digital Unix - -2007-09-05 18:50 millert - - * sudoers.cat, sudoers.man.in: regen - -2007-09-05 18:48 millert - - * ChangeLog, TODO: sync - -2007-09-05 18:39 millert - - * auth/kerb5.c: Remove call to krb5_cc_register() as it is not - needed for modern kerb5. - -2007-09-05 18:16 millert - - * configure: regen - -2007-09-05 18:16 millert - - * configure.in, aclocal.m4: New method for setting the default - authentication type and avoiding conflicts in auth types. - -2007-09-05 14:45 millert - - * match.c, parse.c, testsudoers.c: Each entry in a cmndlist now has - an associated runaslist so no need to keep track of the most - recent non-NULL one. - -2007-09-04 18:51 millert - - * ldap.c: back out partial ldaps support mistakenly committed - -2007-09-04 10:57 millert - - * ldap.c: Add support for unix groups and netgroups in sudoRunas - -2007-09-03 16:28 millert - - * sudo_edit.c: Fix sudoedit of a non-existent file. From Tilo - Stritzky. - -2007-09-02 17:05 millert - - * configure: regen - -2007-09-02 17:05 millert - - * INSTALL: update --passprompt escape info - -2007-09-02 17:03 millert - - * configure.in: remove now-bogus comment and update copyright date - -2007-09-02 16:35 millert - - * configure.in: Fix up use of with_passwd - -2007-09-02 16:25 millert - - * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh: - Update to autoconf-2.61 andf libtool-1.5.24 - -2007-09-02 16:17 millert - - * Makefile.in: "cmp -s" not just cmp Add @datarootdir@ to quiet - autoconf-2.61 - -2007-09-01 17:39 millert - - * gram.c: regen - -2007-09-01 17:39 millert - - * gram.y: move tags and runaslist propagation to be earlier - -2007-09-01 09:34 millert - - * visudo.c: If -f flag given use the permissions of the original - file as a template - -2007-09-01 08:45 millert - - * gram.y: prevent a double free() when re-initing the parser - -2007-08-31 19:30 millert - - * configure: regen - -2007-08-31 19:30 millert - - * aclocal.m4, alias.c, alloc.c, config.h.in, configure.in, env.c, - ldap.c, list.c, list.h, memrchr.c, parse.c, parse.h, pwutil.c, - redblack.c, redblack.h, snprintf.c, sudo.c, sudo.h, - testsudoers.c, visudo.c, zero_bytes.c, auth/API, auth/afs.c, - auth/bsdauth.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h: - Remove support for compilers that don't support void * - -2007-08-31 19:14 millert - - * gram.c: regen - -2007-08-31 19:13 millert - - * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, - match.c, parse.c, parse.h, testsudoers.c, visudo.c: Move list - manipulation macros to list.h and create C versions of the more - complex ones in list.c. The names have been down-cased so they - appear more like normal functions. - -2007-08-31 17:21 millert - - * Makefile.in: Fix cmp command when regenerating parser. Make - gram.o the first dependency for all programs so gram.h will be - generated before anything that needs it. - -2007-08-31 13:56 millert - - * parse.h, gram.y: Convert NEW_DEFAULT anf NEW_MEMBER into static - functions. - -2007-08-30 21:21 millert - - * match.c, parse.c, testsudoers.c: Use LH_FOREACH_REV when checking - permission and short-circuit on the first non-UNSPEC hit we get - for the command. This means that instead of cycling through the - all the parsed sudoers entries we start at the end and work - backwards and quit after the first positive or negative match. - -2007-08-30 21:13 millert - - * gram.c: regen - -2007-08-30 21:12 millert - - * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c: - Change list head macros to take a pointer, not a struct. - -2007-08-30 20:46 millert - - * gram.c: regen - -2007-08-30 20:46 millert - - * gram.y: Propagate the runasspec from one command to the next in a - cmndspec. - -2007-08-30 16:15 millert - - * match.c: Replace has_meta() with a macro that calls strpbrk(). - -2007-08-30 16:04 millert - - * gram.c: regen - -2007-08-30 13:26 millert - - * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h, - testsudoers.c, visudo.c: Use a list head struct when storing the - semi-circular lists and convert to tail queues in the process. - This will allow us to reverse foreach loops more easily and it - makes it clearer which functions expect a list as opposed to a - single member. - - Add macros for manipulating lists. Some of these should become - functions. - - When freeing up a list, just pop off the last item in the queue - instead of going from head to tail. This is simpler since we - don't have to stash a pointer to the next member, we always just - use the last one in the queue until the queue is empty. - - Rename match functions that take a list to have list in the name. - Break cmnd_matches() into cmnd_matches() and cmndlist_matches. - -2007-08-30 13:12 millert - - * parse.c: Fix pasto, append "!" not negated (which is an int) for - sudo -l output. - -2007-08-30 12:45 millert - - * Makefile.in: Remove the dependency of gram .h on gram.y, the .c - dependency is enough. Only move y.tab.h to gram.h if it is - different; avoids needless rebuilding. - -2007-08-27 15:51 millert - - * sudoers.pod: Defaults lines may be associated with lists of - users, hosts, commands and runas users, not just single entries. - -2007-08-26 17:42 millert - - * Makefile.in: Revert the "cmp" portion of the last diff, it - doesn't make sense. - -2007-08-26 17:10 millert - - * Makefile.in: Remove *.lo for clean: When generating the parser, - only move the generated files into place if they differ from the - existing ones. - -2007-08-24 22:47 millert - - * toke.c, toke.l: Replace IPV6 regexp with a much simpler - (readable) one and add an extra check when it matches to make - sure we have a valid address. - -2007-08-24 22:36 millert - - * match.c: Fix thinko introduced when merging IPV6 support. - -2007-08-24 14:23 millert - - * HISTORY, LICENSE: regen - -2007-08-24 14:23 millert - - * license.pod: add 2007 - -2007-08-24 14:19 millert - - * UPGRADE: mention #uid vs. comment pitfall - -2007-08-24 09:50 millert - - * acsite.m4: Merge in a patch from the libtool cvs that fixes a - problem with the latest autoconf. From Stepan Kasal. - -2007-08-23 20:28 millert - - * parse.h: Back out he XOR swap trick, it is slower than a temp - variable on modern CPUs. - -2007-08-23 20:14 millert - - * gram.c: regen - -2007-08-23 20:14 millert - - * gram.y, parse.h: Convert the tail queue to a semi-circle queue - and use the XOR swap trick to swap the prev pointers during - append. - -2007-08-23 15:31 millert - - * parse.h: remove useless statement - -2007-08-23 07:47 millert - - * toke.c, toke.l: Refactor #include parsing into a separate - function and return unparsed chars (such as newline or comment) - back to the lexer. - -2007-08-22 18:56 millert - - * WHATSNEW: mention better uid support - -2007-08-22 18:55 millert - - * sudoers.pod: Users may now consist of a uid. - -2007-08-22 18:39 millert - - * gram.c, gram.h, toke.c: regen - -2007-08-22 18:32 millert - - * parse.c: Use lbuf_append_quoted() for sudo -l output to quote - characters that would require quoting in sudoers. - -2007-08-22 18:31 millert - - * lbuf.c, lbuf.h: Add lbuf_append_quoted() which takes a set of - characters which should be quoted with a backslash when - displayed. - -2007-08-22 18:28 millert - - * toke.l: Require that the first character after a comment not be a - digit or a dash. This allows us to remove the GOTRUNAS state and - treat uid/gids similar to other words. It also means that we can - now specify uids in User_Lists and a User_Spec may now contain a - uid. - -2007-08-22 18:23 millert - - * gram.y, toke.l: Replace RUNAS token with '(' and ')' tokens to - make the runas portion of the grammar more natural. - -2007-08-22 06:35 millert - - * Makefile.in, README, BUGS: The BUGS file is history - -2007-08-21 09:19 millert - - * toke.c, toke.l: Allow comments after a RunasAlias as long as the - character after the pound sign isn't a digit or a dash. - -2007-08-20 20:43 millert - - * WHATSNEW: Glob support was back-ported to 1.6.9 - -2007-08-20 19:59 millert - - * Makefile.in: remove sudo_usage.h in distclean - -2007-08-20 19:24 millert - - * parse.c: If a Defaults value contains a blank, double-quote the - string. - -2007-08-20 19:19 millert - - * toke.c, toke.l: Properly deal with Defaults double-quoted strings - that span multiple lines using the line continuation char. - Previously, the entire thing, including the continuation char, - newline, and spaces was stored as-is. - -2007-08-20 10:46 millert - - * sudo.c: Be consistent when using single quotes and backticks. - -2007-08-19 16:48 millert - - * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c, - sudo.c, sudo_usage.h.in: Add new linebuf code to do appends of - dynamically allocated strings and word-wrapped output. Currently - used for sudo's usage() and sudo -l output. Sudo usage strings - are now in sudo_usage.h which is generated at configure time. - -2007-08-18 08:22 millert - - * sudo.h, parse.c, sudo.c: Fix line wrapping in usage() and use the - actual tty width instead of assuming 80. - -2007-08-17 18:32 millert - - * history.pod: some more info - -2007-08-17 17:28 millert - - * history.pod: Mentioned Chris Jepeway's parser and also the new - one that is in sudo 1.7. - -2007-08-16 09:38 millert - - * sudo.pod, visudo.pod: For the options list, add flag args where - appropriate and increase the indent level so there is room for - them. - -2007-08-15 13:49 millert - - * parse.c: Fix some spacing in "sudo -l" and add a comment about - some bogosity in the line wrapping. - -2007-08-15 11:21 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, - visudo.man.in, visudo.cat: regen - -2007-08-15 11:20 millert - - * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in, - def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, - parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod, - testsudoers.c, toke.c, toke.l: Remove monitor support until there - is a versino of systrace that uses a lookaside buffer (or we have - a better mechanism to use). - -2007-08-15 09:22 millert - - * configure.in, configure, config.h.in, sudo.c: use getaddrinfo() - instead of gethostbyname() if it is available - -2007-08-14 15:27 millert - - * parse.c, sudo.c: Deal with OSes where sizeof(gid_t) < - sizeof(int). - -2007-08-14 11:19 millert - - * interfaces.c: repair non-getifaddrs() code after ipv6 integration - -2007-08-14 10:04 millert - - * sudo.c: If we can open sudoers but fail to read the first byte, - close the file stream before trying again. - -2007-08-13 12:34 millert - - * gram.c, toke.c: regen - -2007-08-13 12:29 millert - - * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l: - Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki - -2007-08-13 12:23 millert - - * sudo.pod, sudoers.pod, visudo.pod: Add some missing markup Update - copyright - -2007-08-12 18:55 millert - - * configure, configure.in: fix sudo_noexec extension which got - broken in the libtool update - -2007-08-10 10:41 millert - - * Makefile.in: explicitly specify -Tascii to nroff - -2007-08-08 16:07 millert - - * logging.c: remove an ANSI-ism that crept in - -2007-08-06 20:37 millert - - * sudo.pod: Adjust list indents Prevent -- from being turned into - an em dash Use a list for the environment instead of a literal - paragraph - -2007-08-06 20:36 millert - - * visudo.pod: Use a list for the environment instead of an indented - literal paragraph. - -2007-08-06 20:33 millert - - * sudoers.pod: Adjust list indentation - -2007-08-06 20:31 millert - - * license.pod: add =head3 - -2007-08-06 10:24 millert - - * sudo.pod: mention that when specifying a uid for the -u option - the shell may require that the # be escaped - -2007-08-01 22:08 millert - - * match.c: Fix off by one in group matching. - -2007-07-31 14:04 millert - - * env.c: Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From - David Krause. - -2007-07-30 10:45 millert - - * configure, configure.in: Add missing define of - HAVE_GSS_KRB5_CCACHE_NAME for the -lgssapi_krb5 case. - -2007-07-30 09:29 millert - - * aclocal.m4, configure.in, configure: Fix link tests such that new - gcc doesn't optimize away the test. - -2007-07-29 19:21 millert - - * sudo.pod, sudoers.pod, visudo.pod: add missing over/back - -2007-07-29 19:09 millert - - * sudo.pod, sudoers.pod, visudo.pod: Change FILES section to use - =item - -2007-07-29 18:32 millert - - * env.c: Add back allocation of the env struct in rebuild_env but - save a copy of the old pointer and free it before returning. - -2007-07-29 16:09 millert - - * env.c: Don't init the private environment in rebuild_env() since - it may have already been done implicitly - sudo_setenv/sudo_unsetenv. - - Multiply length by sizeof(char *) in memcpy/memmove when copying - the environment so we copy the full thing. - - Add missing set of parens so we deref the right pointer in - sudo_unsetenv when searching for a matching variable. - -2007-07-26 16:35 millert - - * sudo.pod, sudoers.pod, visudo.pod: Use file markup for paths in - the FILES section - -2007-07-26 10:04 millert - - * sudo.pod, sudoers.pod, visudo.pod: Don't capitalize sudo/visudo - -2007-07-26 07:28 millert - - * sudoers.pod: Sort sudoers options; based on a diff from Igor - Sobrado. - -2007-07-25 16:19 millert - - * sudo.pod, sudoers.pod, visudo.pod: Use 8 and 5 instead of - @mansectsu@ and @mansectform@ since the latter confuses pod2man. - The Makefile rules for the .man.in file will add @mansectsu@ and - @mansectform@ back in after pod2man is done anyway. - -2007-07-22 19:09 millert - - * LICENSE, Makefile.in, license.pod: Move license info to pod - format - -2007-07-22 18:43 millert - - * configure, configure.in, sudoers.pod: Substitute value of - path_info into sudoers man page. - -2007-07-22 16:40 millert - - * WHATSNEW: remove features that were back-ported to 1.6.9 - -2007-07-22 15:20 millert - - * sudo.c, sudo.pod, visudo.c, visudo.pod: Sort SYNOPSIS and sync - usage. From Igor Sobrado. - -2007-07-22 15:19 millert - - * env.c: Only need sudo_setenv/sudo_unsetenv if we are going to use - ldap_sasl_interactive_bind_s() but don't have - gss_krb5_ccache_name(). - -2007-07-22 08:23 millert - - * ChangeLog: rebuild without branch info - -2007-07-22 08:23 millert - - * Makefile.in: Add ChangeLog target - -2007-07-22 08:14 millert - - * auth/pam.c: Run cleanup code if the user hits ^C at the password - prompt. - -2007-07-22 08:13 millert - - * auth/pam.c: Some versions of pam_lastlog have a bug that will - cause a crash if PAM_TTY is not set so if there is no tty, set - PAM_TTY to the empty string. - -2007-07-20 09:32 millert - - * Makefile.in: ChageLog not Changelog - -2007-07-20 09:31 millert - - * ChangeLog: sync - -2007-07-20 09:29 millert - - * Makefile.in: CHANGE -> Changelog - -2007-07-19 20:23 millert - - * TODO: sync - -2007-07-19 19:53 millert - - * config.h.in, configure.in, configure, ldap.c: Add configure hooks - for gss_krb5_ccache_name() and the gssapi headers. - -2007-07-18 12:57 millert - - * env.c, sudo.c: rebuild_env() and insert_env_vars() no longer - return environment pointer, they set environ directly. - - No longer need to pass around an envp pointer since we just - operate on environ now. - - Add dosync argument to insert_env() that indicates whether it - should reset environ when realloc()ing env.envp. - - Use an initial size of 128 for the environment. - -2007-07-18 12:41 millert - - * env.c: Split sudo_setenv() into an external version and a version - only for use by rebuild_env(). - -2007-07-16 19:40 millert - - * ldap.c: Add support for using gss_krb5_ccache_name() instead of - setting KRB5CCNAME. Also use sudo_unsetenv() in the - non-gss_krb5_ccache_name() case if there was no KRB5CCNAME in the - original environment. TODO: configure setup for - gss_krb5_ccache_name() - -2007-07-16 18:44 millert - - * README.LDAP: add krb5_ccname - -2007-07-16 18:44 millert - - * README.LDAP, ldap.c: Add support for sasl_secprops in ldap.conf - -2007-07-16 18:39 millert - - * env.c, sudo.h: Add sudo_unsetenv() and refactor private env - syncing code into sync_env(). - -2007-07-16 07:27 millert - - * README.LDAP, ldap.c: The ldap.conf variable is sasl_auth_id not - sasl_authid. - -2007-07-15 15:44 millert - - * ldap.c, sudo.c, sudo.h: Add support for krb5_ccname in ldap.conf. - If specified, it will override the default value of KRB5CCNAME - in the environment for the duration of the call to - ldap_sasl_interactive_bind_s(). - -2007-07-15 15:41 millert - - * env.c, sudo.h: Remove format_env() Add sudo_setenv() to replace - most format_env() + insert_env() combinations. insert_env() no - longer takes a struct environment * - -2007-07-15 12:47 millert - - * ldap.c: Fix use_sasl vs. rootuse_sasl logic. - -2007-07-15 09:23 millert - - * README.LDAP, config.h.in, configure, configure.in, ldap.c: Add - support for SASL auth when connecting to an LDAP server. Adapted - from a diff by Tom McLaughlin. - -2007-07-14 16:32 millert - - * configure, configure.in: Only enable AIX or BSD auth if no other - exclusive auth method has been chosen. Allows people to e.g., - use PAM on AIX without adding --without-aixauth. A better - solution is needed to deal with default authentication since if a - non-exclusive method is chosen we will still get an error. - -2007-07-11 11:23 millert - - * HISTORY, Makefile.in, history.pod: Generate HISTORY from - history.pod (which is also used for web pages) - -2007-07-09 19:40 millert - - * sudo.man.in, sudoers.man.in: regen - -2007-07-09 19:25 millert - - * sudo.pod: Better explanation of environment handling in the sudo - man page. - -2007-07-09 15:13 millert - - * env.c, sudo.c: Defer setting user-specified env vars until after - authentication. - -2007-07-09 13:25 millert - - * env.c: honor def_default_path for PATH set on the command line - -2007-07-09 13:22 millert - - * sudo.c, env.c, sudo.pod, sudoers.pod: Allow user to set - environment variables on the command line as long as they are - allowed by env_keep and env_check. Ie: apply the same - restrictions as normal environment variables. TODO: deal with - secure_path - -2007-07-08 14:44 millert - - * sudo.c, sudo_edit.c: Call rebuild_env() in call cases. Pass - original envp to sudo_edit(). Don't allow -E or env var setting - in sudoedit mode. More accurate usage() when called as sudoedit. - -2007-07-08 14:41 millert - - * ldap.c: warn -> warning - -2007-07-08 14:11 millert - - * sudo.pod: add -c option to sudoedit synopsis - -2007-07-08 10:27 millert - - * TODO: udpate to reality - -2007-07-08 09:43 millert - - * parse.c: Use ALLOW/DENY instead of TRUE/FALSE when dealing with - the return value from {user,host,runas,cmnd}_matches(). Rename - *matches variables -> *match. Purely cosmetic. - -2007-07-08 09:30 millert - - * parse.c: Move setting of FLAG_NO_CHECK into the if(pwflag) block. - No change in behavior. - -2007-07-08 09:17 millert - - * sudoers: add SETENV tag - -2007-07-06 15:51 millert - - * parse.c: Make pwcheck local to the pwflag block. Use pwcheck - even if user didn't match since Defaults options may still apply. - -2007-07-06 14:51 millert - - * check.c, sudo.c: Do not update timestamp if user not validated by - sudoers. - -2007-07-06 10:14 millert - - * set_perms.c: for PERM_RUNAS, set the egid to the runas user's gid - and restore to the user's original in PERM_ROOT - -2007-07-06 10:04 millert - - * logging.c, mon_systrace.c, set_perms.c, sudo.h: PERM_FULL_ROOT is - now no different than PERM_ROOT so remove PERM_FULL_ROOT - -2007-07-06 09:49 millert - - * check.c: don't check timestamp mtime if we are just going to - remove it - -2007-07-06 09:33 millert - - * sudoers.pod: Move sudoers defaults parameters into their own - section. - -2007-07-05 20:21 millert - - * testsudoers.c: Reduce a level of indent by a few placed continue - statements. - -2007-07-05 20:20 millert - - * parse.c: Make matching but negated commands/hosts/runas entries - override a previous match as expected. Also reduce some levels - of indent by a few placed continue statements. - -2007-07-05 16:34 millert - - * parse.c: Print default runas in "sudo -l" if sudoers don't - specify one. - -2007-07-05 15:46 millert - - * match.c: Less hacky way of testing whether the domain was set. - -2007-07-04 15:50 millert - - * INSTALL: Mention pam-devel and openldap-devel for Linux - -2007-07-03 19:38 millert - - * README.LDAP: or vs. are - -2007-07-01 16:55 millert - - * sudo.c: fix typo in Solaris project support - -2007-07-01 09:40 millert - - * HISTORY: update - -2007-07-01 09:07 millert - - * sudo.c: Make -- on the command line match the manual page. The - implied shell case has been simplified as a result. - -2007-06-28 10:44 millert - - * sudoers2ldif: add simplistic support for sudoRunas; note that if - a sudoers entry contains multiple Runas users, all will apply to - the sudoRole - -2007-06-28 10:42 millert - - * sudoers2ldif: honor SETENV and NOSETENV tags - -2007-06-24 09:25 millert - - * mon_systrace.c: Redo setting of user_args. We now build up a - private copy of argv first and then replace the NULs with spaces. - -2007-06-24 09:19 millert - - * mon_systrace.c: getcwd() returns NULL on failure, not 0 on - success - -2007-06-24 07:39 millert - - * mon_systrace.c: allow chunksiz to reach 1 before erroring out - -2007-06-23 20:00 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen - -2007-06-23 19:58 millert - - * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, - gram.y, logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, - sudoers.pod, toke.c, toke.l: Add support for setting environment - variables on the command line. This is only allowed if the - setenv sudoers options is enabled or if the command is prefixed - with the SETENV tag. - -2007-06-23 19:57 millert - - * README.LDAP: replace Aaron's email address with the sudo-workers - list - -2007-06-23 19:55 millert - - * configure: regen - -2007-06-21 20:35 millert - - * Makefile.in, README.LDAP, schema.OpenLDAP, schema.iPlanet: Break - schema out into separate files. - -2007-06-21 18:28 millert - - * auth/aix_auth.c: free message if set by authenticate() - -2007-06-21 13:03 millert - - * match.c: deal with NULL gr_mem - -2007-06-20 15:04 millert - - * config.h.in: regen - -2007-06-20 15:04 millert - - * configure.in: add template for HAVE_PROJECT_H - -2007-06-20 07:06 millert - - * closefrom.c: include fcntl.h - -2007-06-19 19:37 millert - - * INSTALL: mention --with-project - -2007-06-19 18:24 millert - - * config.h.in, configure.in, sudo.c: Add Solaris 10 "project" - support. From Michael Brantley. - -2007-06-19 17:27 millert - - * sudoers.pod: fix typo - -2007-06-19 17:22 millert - - * configure: regen - -2007-06-19 17:21 millert - - * configure.in: Fix preservation of LDFLAGS in the LDAP case. - -2007-06-19 17:00 millert - - * memrchr.c: Remove dependecy on NULL - -2007-06-19 15:37 millert - - * configure: regen - -2007-06-19 15:37 millert - - * aclocal.m4, configure.in: Can't use the regular autoconf - fnmatch() check since we need FNM_CASEFOLD so go back to our - custom one. - -2007-06-19 12:52 millert - - * env.c: Fix preserving of variables in env_keep. - -2007-06-19 07:10 millert - - * env.c: add XAUTHORIZATION - -2007-06-18 20:41 millert - - * UPGRADE: expand upon env resetting and mention that it began in - 1.6.9 not 1.7. - -2007-06-18 20:33 millert - - * sudoers.pod: Update descriptions of env_keep and env_check to - match current reality. - -2007-06-18 17:33 millert - - * env.c: Add LINGUAS to initial_checkenv_table. Add COLORS, - HOSTNAME, LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to - intial_keepenv_table. - -2007-06-18 17:23 millert - - * env.c, logging.c: Treat USERNAME environemnt variable like - LOGNAME/USER - -2007-06-18 17:21 millert - - * env.c: Don't need to populate keepenv table with the contents of - the checkenv table. - -2007-06-18 08:57 millert - - * sudo.c: Don't force sudo into the C locale. - -2007-06-18 08:56 millert - - * env.c: Make env_check apply when env_reset it true. Environment - variables are passed through unless they contain '/' or '%'. - There is no need to have a variable in both env_check and - env_keep. - -2007-06-16 07:31 millert - - * visudo.c: Remove an duplicate lock_file() call and add a comment. - -2007-06-15 21:16 millert - - * UPGRADE: Add sudo 1.6.9 upgrade note. - -2007-06-14 12:23 millert - - * interfaces.c: Solaris will return EINVAL if the buffer used in - SIOCGIFCONF is too small. From Klaus Wagner. - -2007-06-14 12:03 millert - - * Makefile.in, config.h.in, configure, configure.in, memrchr.c, - logging.c, sudo.h: Redo the long syslog line splitting based on a - patch from Eygene Ryabinkin. Include memrchr() for systems - without it. - -2007-06-14 07:09 millert - - * configure.in: Since we need to be able to convert timespec to - timeval for utimes() the last 3 digits in the tv_nsec are not - significant. This makes the sudoedit file date comparison work - again. - -2007-06-13 13:41 millert - - * aclocal.m4, configure, configure.in: Add SUDO_ADD_AUTH macro to - deal with adding things to AUTH_OBJS. This deals with exclusive - authentication methods in a simple way. - -2007-06-12 13:08 millert - - * LICENSE: mkstemp.c is BSD code too. - -2007-06-12 09:21 millert - - * sudo.pod, sudoers.pod, visudo.pod: No commercial support for now. - -2007-06-11 18:27 millert - - * sudo.c: cleanenv() is no more. - -2007-06-10 18:37 millert - - * ChangeLog: Display branch info in Changelog - -2007-06-10 18:18 millert - - * utimes.c: Include config.h early so we have it for - TIME_WITH_SYS_TIME - -2007-06-10 18:00 millert - - * ChangeLog: Fix Changelog generation and update. - -2007-06-09 07:26 millert - - * closefrom.c: Use /proc/self/fd instead of /proc/$$/fd - - Move old-style fd closing into closefrom_fallback() and call that - if /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails - -2007-06-09 07:24 millert - - * config.h.in, configure.in, auth/kerb5.c: o use - krb5_verify_user() if available instead of doing it by hand - o use krb5_init_secure_context() if we have it - o pass an encryption type of 0 to krb5_kt_read_service_key() - instead of - ENCTYPE_DES_CBC_MD5 to let kerberos choose. - -2007-06-09 07:20 millert - - * env.c: Check TERM and COLORTERM for '%' and '/' characters. From - Debian. - -2007-06-09 07:17 millert - - * configure.in: Fix closefrom() substitution in the Makefile - -2007-06-09 07:15 millert - - * TROUBLESHOOTING: Mention alternate sudo pronunciation. - -2007-06-07 07:52 millert - - * env.c: Remove KRB5_KTNAME from environment. Allow COLORTERM. - -2007-06-07 07:22 millert - - * auth/kerb5.c: If we cannot get a valid service key using the - default keytab it is a fatal error. Fixes a bug where sudo could - be tricked into allowing access when it should not by a fake KDC. - From Thor Lancelot Simon. - -2007-05-12 08:56 millert - - * aclocal.m4, configure, configure.in: Update long long checks to - use AC_CHECK_TYPES and to cache values. - -2007-05-12 08:07 millert - - * aclocal.m4, configure.in: Use AC_FUNC_FNMATCH instead of a - homebrew fnmatch checker. We can't use AC_REPLACE_FNMATCH since - that assumes replacing with GNU fnmatch. - -2007-05-11 17:05 millert - - * configure, configure.in: Add closefrom() to LIB_OBJS not - SUDO_OBJS if it is missing since we need it for visudo now too. - -2007-04-24 14:44 millert - - * sudoers.pod: Attempt to clarify the bit talking about network - numbers w/o netmasks. - -2007-04-24 14:25 millert - - * sudo.pod: Clarify timestamp dir ownership sentence. - -2007-04-20 12:40 millert - - * auth/pam.c: Linux PAM now defines __LINUX_PAM__, not - __LIBPAM_VERSION. From Dmitry V. Levin. - -2007-04-16 12:13 millert - - * sudo.c: -i is also one of the mutually exclusive options to list - it in the warning message. Noted by Chris Pepper. - -2007-04-12 11:18 millert - - * visudo.pod: The sudoers variable is env_editor, not enveditor. - From Jean-Francois Saucier. - -2007-03-29 13:30 millert - - * redblack.c: I tracked down the original author so credit him and - include his license info. - -2007-02-06 13:25 millert - - * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, - sudoers.pod: Fix typos; from Jason McIntyre. - -2007-02-06 13:23 millert - - * logging.c: Restore signal mask before calling reapchild(). Fixes - a possible race condition that could prevent sudo from properly - waiting for the child. - -2007-01-31 10:02 millert - - * pwutil.c: Don't declare pw_free() if we are not going to use it. - -2007-01-31 10:00 millert - - * env.c: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD - and LDR_PRELOAD64. The 64-bit version is not currently - supported. Remove zero_env() prototype as it no longer exists. - -2006-12-11 13:21 millert - - * logging.c: Add "Auto-Submitted: auto-generated" line to sudo mail - for rfc 3834. - -2006-09-29 10:53 millert - - * auth/pam.c: If the user enters ^C at the password prompt, abort - instead of trying to authenticate with an empty password (which - causes an annoying delay). - -2006-08-17 11:26 millert - - * closefrom.c, config.h.in, configure, configure.in: Add fcntl - F_CLOSEM support to closefrom(); adapted from a diff by Darren - Tucker. - -2006-08-17 11:25 millert - - * pwutil.c: pw_free() is only used by sudo_freepwcache() so ifdef - it out too. - -2006-08-04 11:34 millert - - * config.sub, config.guess: Update to latest versions from - cvs.savannah.gnu.org - -2006-07-31 13:51 millert - - * pwutil.c, sudo_edit.c: Move password/group cache cleaning out of - sudo_end{pw,grp}ent() so we can close the passwd/group files - early. - -2006-07-31 13:50 millert - - * config.h.in, configure, configure.in, set_perms.c: Add seteuid() - flavor of set_perms() for systems without setreuid() or - setresuid() that have a working seteuid(). Tested on Darwin. - -2006-07-30 15:56 millert - - * mon_systrace.c: systrace_read() returns ssize_t - -2006-07-30 15:53 millert - - * configure, configure.in: Fix typo, -lldap vs. -ldap; from Tim - Knox. - -2006-07-28 13:12 millert - - * HISTORY: Fix typo; Matt Ackeret - -2006-07-17 08:25 millert - - * sudo.c: Print sudoers path in -V mode for root. - -2006-06-15 14:44 millert - - * ldap.c: Do a sub tree search instead of a base search (one level - in the tree only) for sudo right objects. This allows system - administrators to categorize the rights in a tree to make them - easier to manage. - -2005-12-28 13:52 millert - - * sudo.pod: fix typo - -2005-12-04 12:16 millert - - * ldap.c: Convert GET_OPT and GET_OPTI to use just 2 args. Add - timelimit and bind_timelimit support; adapted from gentoo. - -2005-11-23 18:57 millert - - * ldap.c: Support comments that start in the middle of a line - -2005-11-23 18:56 millert - - * configure.in, configure: Define LDAP_DEPRECATED until we start - using ldap_get_values_len() - -2005-11-18 09:55 millert - - * closefrom.c: Silence gcc -Wsign-compare; djm@openbsd.org - -2005-11-17 20:39 millert - - * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c: cleanup() now - takes an int as an arg so it can be used as a signal handler too. - -2005-11-17 20:38 millert - - * sudo.c: Make a copy of the shell field in the passwd struct for - NewArgv to avoid a use after free situation after sudo_endpwent() - is called. - -2005-11-16 20:36 millert - - * Makefile.in, mkstemp.c, config.h.in, configure, configure.in: Add - mkstemp() for those poor souls without it. - -2005-11-15 09:25 millert - - * env.c: Add PERL5DB to list of environment variables to remove. - -2005-11-13 15:49 millert - - * mon_systrace.c, mon_systrace.h: Instead of calling the check - function twice with a state cookie use separate check/log - functions. - - Check more ioctl() calls for failure. - - systrace_{read,write} now return the number of bytes read/written - or -1 on error. - -2005-11-13 14:51 millert - - * env.c: Add more environment variables to remove; from gentoo - linux Add some comments about what bad env variables go to what - (more to do) - -2005-11-11 17:23 millert - - * sudo.c, sudo_edit.c: Move sudo_end{gr,pw}ent() until just before - the exec since they free up our cached copy of the passwd - structs, including sudo_user and sudo_runas. Fixes a - use-after-free bug. - -2005-11-11 17:19 millert - - * visudo.c: Close all fd's before executing editor. - -2005-11-11 17:17 millert - - * sudo.c: Enable malloc debugging on OpenBSD when SUDO_DEVEL is - set. - -2005-11-11 11:22 millert - - * check.c: Fix fd leak when lecture file option is enabled. From - Jerry Brown - -2005-11-07 11:02 millert - - * env.c: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of - environment variables to remove. From Charles Morris - -2005-11-01 13:24 millert - - * env.c: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5 - -2005-10-27 20:35 millert - - * env.c: add PS4 and SHELLOPTS to initial_badenv_table for bash - -2005-08-14 20:32 millert - - * sudoers.pod: Fix typo; Toby Peterson - -2005-08-02 09:57 millert - - * tsgetgrpw.c: Make return buffers static so they don't get - clobbered - -2005-07-27 21:14 millert - - * auth/securid5.c: Fix securid5 authentication, was not checking - for ACM_OK. Also add default cases for the two switch()es. - Problem noted by ccon at worldbank - -2005-06-26 20:10 millert - - * ldap.c: Remove ncat() in favor of just counting bytes and - pre-allocating what is needed. - -2005-06-26 19:44 millert - - * ldap.c: Fix up some comments Add missing fclose() for the - rootbinddn case - -2005-06-26 19:38 millert - - * ldap.c: align struct ldap_config - -2005-06-26 19:37 millert - - * ldap.c: use LINE_MAX for max conf file line size - -2005-06-26 18:36 millert - - * pathnames.h.in: add _PATH_LDAP_SECRET - -2005-06-26 18:36 millert - - * README.LDAP: Mention rootbinddn Give example ou=SUDOers container - -2005-06-25 18:03 millert - - * configure, INSTALL, configure.in, ldap.c: Support rootbinddn in - ldap.conf - -2005-06-25 17:46 millert - - * env.c, sudo.pod, sudoers.pod: Preserve DISPLAY environment - variable by default. - -2005-06-25 16:39 millert - - * acsite.m4, configure: set need_lib_prefix=no for all cases; this - is safe for LD_PRELOAD - -2005-06-25 16:15 millert - - * acsite.m4, configure: set need_version=no for all cases; this is - safe for LD_PRELOAD - -2005-06-25 14:45 millert - - * aclocal.m4: typo - -2005-06-25 14:33 millert - - * configure, configure.in: Add dragonfly - -2005-06-25 14:29 millert - - * auth/pam.c: Fix call to pam_end() when pam_open_session() fails. - -2005-06-25 14:21 millert - - * configure: regen - -2005-06-25 14:20 millert - - * acsite.m4: rebuild acsite.m4 from libtool 1.9f libtool.m4 - ltoptions.m4 ltsugar.m4 ltversion.m4 - -2005-06-25 14:08 millert - - * config.guess, config.sub, ltmain.sh: merge in local changes: - config.guess: o better openbsd support config.sub: o hiuxmpp - support ltmain.sh o remove requirement that libs must begin with - "lib" o don't print a bunch of crap about library installs o - don't run ldconfig - -2005-06-25 14:05 millert - - * config.guess, config.sub, ltmain.sh: libtool 1.9f - -2005-06-25 14:04 millert - - * configure.in: Update with autoupdate and make minor changes for - libtool 1.9f - -2005-06-22 23:19 millert - - * parse.c: don't call sudo_ldap_display_cmnd if ldap not setup - -2005-06-22 23:04 millert - - * check.c, compat.h, fileops.c, gettime.c, sudo_edit.c, visudo.c, - emul/timespec.h: Move declatation of struct timespec to its own - include files for systems without it since it needs time_t - defined. - -2005-06-22 22:57 millert - - * ldap.c: Don't set safe_cmnd for the "sudo ALL" case. - -2005-05-27 01:59 millert - - * auth/pam.c: Call pam_open_session() and pam_close_session() to - give pam_limits a chance to run. Idea from Karel Zak. - -2005-04-24 19:24 millert - - * check.c, sudo.c: Add explicit cast from mode_t -> u_int in printf - to silence warnings on Solaris - -2005-04-24 19:22 millert - - * parse.c: include grp.h to silence a warning on Solaris - -2005-04-23 15:10 millert - - * parse.c: Fix printing of += and -= defaults. - -2005-04-17 01:21 millert - - * mon_systrace.c: Sanity check number of syscall args with argsize. - Not really needed but a little paranoia never hurts. - -2005-04-17 01:18 millert - - * mon_systrace.c, mon_systrace.h: Don't do pointer arithmetic on - void * Use int, not size_t/ssize_t for systrace lengths (since it - uses int) - -2005-04-16 03:14 millert - - * mon_systrace.c: Add some memsets for paranoia Fix namespace - collsion w/ error Check rval of decode_args() and update_env() - Remove improper setting of validated variable - -2005-04-11 21:37 millert - - * parse.c, sudo.c, sudo.h: In -l mode, only check local sudoers - file if def_ignore_sudoers is not set and call LDAP versions from - display_privs() and display_cmnd() instead of directly from - main(). Because of this we need to defer closing the ldap - connection until after -l processing has ocurred and we must pass - in the ldap pointer to display_privs() and display_cmnd(). - -2005-04-11 21:33 millert - - * ldap.c: Reorganize LDAP code to better match normal sudoers - parsing. Instead of storing strings for later printing in -l - mode we do another query since the authenticating user and the - user being listed may not be the same (the new -U flag). Also - add support for "sudo -l command". - - There is still a fair bit if duplicated code that can probably be - refactored. - -2005-04-11 00:37 millert - - * ldap.c: Replace pass variable with do_netgr for better - readability. - -2005-04-10 23:49 millert - - * ldap.c: use DPRINTF macro - -2005-04-10 23:18 millert - - * ldap.c: estrdup, not strdup - -2005-04-10 17:44 millert - - * parse.c: Add macro to test if the tag changed to improve - readability. - -2005-04-10 17:40 millert - - * parse.c: Avoid printing defaults header if there are no defaults - to print... - -2005-04-10 15:29 millert - - * glob.c: Fix a warning on systems without strlcpy(). - -2005-04-10 13:32 millert - - * pwutil.c: Use macros where possible for sudo_grdup() like - sudo_pwdup(). - -2005-04-08 17:04 millert - - * utimes.c: It is possible for tv_usec to hold >= 1000000 usecs so - add in tv_usec / 1000000. - -2005-03-29 23:38 millert - - * auth/kerb5.c: The component in krb5_principal_get_comp_string() - should be 1, not 0 for Heimdal. From Alex Plotnick. - -2005-03-29 09:29 millert - - * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, - gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, - pwutil.c, redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c: - Add efree() for consistency with emalloc() et al. Allows us to - rely on C89 behavior (free(NULL) is valid) even on K&R. - -2005-03-28 22:33 millert - - * parse.c, sudo.c: Move initgroups() for -U option into - display_privs() so group matching in sudoers works correctly. - -2005-03-26 21:34 millert - - * ldap.c: Removed duplicate call to ldap_unbind_s introduced along - with sudo_ldap_close. - -2005-03-26 20:01 millert - - * parse.c: Add missing space in Defaults printing - -2005-03-25 12:36 millert - - * pwutil.c: Sync sudo_pwdup with OpenBSD changes: use macros for - size computaton and string copies. - -2005-03-18 22:08 millert - - * pwutil.c: Zero old pw_passwd before replacing with version from - shadow file. - -2005-03-18 22:07 millert - - * configure, configure.in: Only attempt shadow password detection - if PAM is not being used Add shadow_* variables to make shadow - password detection more generic. - -2005-03-18 21:46 millert - - * configure.in: Use OSDEFS for os-specific -D_FOO_BAR stuff rather - than CPPFLAGS - -2005-03-12 19:27 millert - - * sudoers.pod: use a non-breaking space to avoid a double space - after e.g. - -2005-03-12 19:26 millert - - * sudo.pod: commna, not colon after e.g. - -2005-03-12 18:43 millert - - * sudo_noexec.c: Add __ variants of the exec functions. GNU libc - at least uses __execve() internally. - -2005-03-12 12:29 millert - - * indent.pro: Match reality a bit more. - -2005-03-12 12:27 millert - - * pwutil.c: Missed piece from rev. 1.6, fix sudo_getpwnam() too. - -2005-03-11 23:42 millert - - * pwutil.c: Store shadow password after making a local copy of - struct passwd in case normal and shadow routines use the same - internal buffer in libc. - -2005-03-10 20:57 millert - - * alloc.c, logging.c: Make varargs usage consistent with the rest - of the code. - -2005-03-10 10:09 millert - - * sudo_noexec.c: Wrap more of the exec family since on Linux the - others do not appear to go through the normal execve() path. - -2005-03-10 09:57 millert - - * visudo.c: make print_unused static like proto says - -2005-03-10 09:55 millert - - * glob.c: silence a warning on K&R systems - -2005-03-10 09:51 millert - - * parse.c, alias.c, error.c: make this build in K&R land - -2005-03-07 22:21 millert - - * toke.c: regen - -2005-03-05 22:46 millert - - * ldap.c: return(foo) not return foo optimize _atobool() slightly - -2005-03-05 22:40 millert - - * ldap.c: Use TRUE/FALSE - -2005-03-05 22:31 millert - - * ldap.c: Reformat to match the rest of sudo's code. - -2005-03-05 19:33 millert - - * sudo.pod: I am the primary author - -2005-02-22 22:28 millert - - * README, RUNSON, Makefile.in: The RUNSON file is toast--it - confused too many people and really isn't needed in a - configure-oriented world. - -2005-02-22 22:28 millert - - * INSTALL: alternate -> alternative - -2005-02-22 22:26 millert - - * tgetpass.c: Use TCSADRAIN instead of TCSAFLUSH since some OSes - have issues with TCSAFLUSH. - -2005-02-22 22:16 millert - - * toke.l: Allow leading blanks before Defaults and Foo_Alias - definitions - -2005-02-22 22:14 millert - - * Makefile.in: fix rules to build toke.o and gram.o in devel mode - -2005-02-20 13:00 millert - - * sudoers.pod: env_keep overrides set_logname - -2005-02-20 12:57 millert - - * env.c: Fix disabling set_logname and make env_keep override - set_logname. - -2005-02-20 12:28 millert - - * compat.h, config.h.in, configure, configure.in: No longer need - memmove() - -2005-02-20 11:48 millert - - * env.c, sudo.c: Just clean the environment once. This assumes - that any further setenv/putenv will be able to handle the fact - that we replaced environ with our own malloc'd copy but all the - implementations I've checked do. - -2005-02-15 23:16 millert - - * env.c, sudo.c: In -i mode, base the value of insert_env()'s - dupcheck flag on DID_FOO flags. Move checks for $HOME resetting - into rebuild_env() - -2005-02-13 00:33 millert - - * env.c, sudo.c: Move setting of user_path, user_shell, user_prompt - and prev_user into init_vars() since user_shell at least is - needed there. - -2005-02-12 18:51 millert - - * Makefile.in: fix devel builds - -2005-02-12 18:46 millert - - * check.c, sudo.c: Fix some printf format mismatches on error. - -2005-02-12 18:33 millert - - * configure, gram.c, toke.c: regen - -2005-02-12 17:56 millert - - * LICENSE, Makefile.binary.in, Makefile.in, aclocal.m4, alias.c, - alloc.c, check.c, closefrom.c, compat.h, configure.in, - defaults.c, defaults.h, env.c, error.c, fileops.c, find_path.c, - getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.y, - interfaces.c, interfaces.h, ldap.c, logging.c, logging.h, - match.c, mon_systrace.c, parse.c, redblack.c, redblack.h, - set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c, - strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.pod, sudo_edit.c, - sudo_noexec.c, sudoers.pod, testsudoers.c, tgetpass.c, toke.l, - utimes.c, version.h, visudo.c, visudo.pod, zero_bytes.c, - auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, - auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, - emul/utime.h: Update copyright years. - -2005-02-12 16:46 millert - - * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in: - version 1.7 - -2005-02-12 16:16 millert - - * WHATSNEW: What's new in sudo 1.7, based on the 1.7 CHANGES - entries. - -2005-02-11 18:06 millert - - * compat.h, logging.h, sudo.h: Add __printflike and use it with gcc - to warn about printf-like format mismatches - -2005-02-10 00:16 millert - - * CHANGES, ChangeLog: Replaced CHANGES file with ChangeLog - generated from cvs logs - -2005-02-10 00:03 millert - - * set_perms.c: Use warning/error instead of perror/fatal. - -2005-02-09 23:13 millert - - * config.guess: Update OpenBSD section - -2005-02-09 23:10 millert - - * UPGRADE: Add upgrading noted for 1.7 - -2005-02-09 23:00 millert - - * env.c, sudo.c, sudoers.pod: Instead of zeroing out the - environment, just prune out entries based on the env_delete and - env_check lists. Base building up the new environment on the - current environment and the variables we removed initially. - -2005-02-09 22:23 millert - - * configure, configure.in, sudo.c, config.h.in: Set locale to "C" - if locales are supported, just to be safe. - -2005-02-09 22:19 millert - - * toke.c, toke.l: Cast argument to ctype functions to unsigned - char. - -2005-02-07 22:56 millert - - * env.c: correct value for DID_USER - -2005-02-07 22:55 millert - - * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c: #include - not "compat.h" - -2005-02-07 22:51 millert - - * defaults.c: Reset the environment by default. - -2005-02-07 22:50 millert - - * sudo.c: Alloc an extra slot in NewArgv. Removes the need to - malloc an new vector if execve() fails. - -2005-02-06 23:16 millert - - * INSTALL, config.h.in, configure, configure.in, sudo.c: Use - execve(2) and wrap the command in sh if we get ENOEXEC. - -2005-02-05 23:01 millert - - * sudo_noexec.c: Only include time.h on systems that lack struct - timespec which gets defind in compat.h (using time_t). - -2005-02-05 22:59 millert - - * sudo_noexec.c: Include time.h for time_t in compat.h for systems - w/o struct timespec. - -2005-02-05 22:56 millert - - * configure, compat.h, config.h.in, configure.in: use bcopy on - systems w/o memmove - -2005-02-05 22:31 millert - - * compat.h: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 - so limit its use to gcc >= 2.8. - -2005-02-05 21:21 millert - - * Makefile.in: Add explicit rule to build sudo_noexec.lo - -2005-02-05 17:56 millert - - * INSTALL.configure, Makefile.in: No longer depend on VPATH; - pointed out a bunch of missed dependencies. - -2005-02-05 13:18 millert - - * TROUBLESHOOTING: Help for PAM when account section is missing - -2005-02-05 13:01 millert - - * auth/pam.c: Give user a clue when there is a missing "account" - section in the PAM config. - -2005-02-05 10:22 millert - - * auth/pam.c: Better error handling. - -2005-02-05 09:57 millert - - * configure, config.h.in, configure.in: Move _FOO_SOURCE to - CPPFLAGS so it takes effect as early as possible. Silences a - warning about isblank() on linux. - -2005-02-04 21:49 millert - - * auth/pam.c: Fix typo (missing comma) that caused an incorrect - number of args to be passed to log_error(). - -2005-01-31 23:03 millert - - * pwutil.c: Don't try to destroy a tree we didn't create. - -2005-01-27 10:42 millert - - * alias.c, alloc.c, check.c, closefrom.c, compat.h, defaults.c, - env.c, error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, - getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.c, - gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, - parse.c, pwutil.c, set_perms.c, sigaction.c, snprintf.c, - strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, - sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, - toke.l, utimes.c, visudo.c, zero_bytes.c, auth/afs.c, - auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c: Add __unused to - rcsids - -2005-01-21 10:34 millert - - * configure, configure.in: Fix error message when mixing invalid - auth types - -2005-01-21 10:32 millert - - * INSTALL: PAM, AIX auth, BSD auth and login_cap are now on by - default if the OS supports them. - -2005-01-21 10:29 millert - - * config.h.in, auth/sudo_auth.h: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g - -2005-01-21 10:29 millert - - * configure.in: Better checking for conflicting authentication - methods Display the authentication methods used at the end of - configure Rename --with-authenticate -> --with-aixauth Use - --with-aixauth, --with-bsdauth, --with-pam, --with-logincap by - default on systems that support them unless disabled. Add - OSMAJOR variable that replaces old OSREV; now OSREV has full - version number - -2005-01-17 19:40 millert - - * def_data.c, def_data.in, sudo.c, sudoers.pod: s/-O/-C/ - -2005-01-14 13:35 millert - - * configure.in: Replace: test -n "$FOO" || FOO="bar" - - With: : ${FOO='bar'} - -2005-01-09 18:58 millert - - * pwutil.c, testsudoers.c, tsgetgrpw.c: Use function pointers to - only call private passwd/group routines when using a nonstandard - passwd/group file. - -2005-01-06 10:34 millert - - * CHANGES: sync - -2005-01-05 22:16 millert - - * tsgetgrpw.c: Can't use strtok() since it doesn't handle empty - fields so add getpwent()/getgrent() functions and call those. - -2005-01-05 17:29 millert - - * Makefile.in: Fix dummied out toke.c and gram.c dependencies. - -2005-01-05 17:18 millert - - * Makefile.in: Rename PARSESRCS -> GENERATED since it is only used - in the clean target Add devdir variable and use it to specify the - path to parser sources - -2005-01-05 17:17 millert - - * configure: regen - -2005-01-05 17:17 millert - - * configure.in: Add a devdir variables that defaults to $(srcdir) - and is set to . if --devel was specified. Allows for proper - dependecies building the parser. - -2005-01-05 14:50 millert - - * testsudoers.c: Add support for custom passwd/group files. - -2005-01-05 14:47 millert - - * Makefile.in: Build private copy of pwutil.o for testsudoers with - MYPW defined so it uses our own passwd/group routines. - -2005-01-05 14:46 millert - - * visudo.c: Remove sudo_*{pw,gr}* stubs and add - sudo_setspent/sudo_endspent stubs instead. We can now just use - the caching sudo_*{pw,gr}* functions in pwutil.c Add comment - about wanting to call sudo_endpwent/sudo_endgrent in cleanup() - -2005-01-05 14:44 millert - - * tsgetgrpw.c: Remove caching; we will just use what is in pwutil.c - Use global buffers for passwd/group structs Rename functions from - sudo_* to my_* - -2005-01-05 14:43 millert - - * logging.c, sudo.c: g/c pwcache_init/pwcache_destroy - -2005-01-05 14:42 millert - - * sudo.h: Undo last commit and add sudo_setspent and sudo_endspent - instead. - -2005-01-05 14:41 millert - - * getspwuid.c, pwutil.c: Move all but the shadow stuff from - getspwuid.c to pwutil.c and pwcache_get and pwcache_put as they - are no longer needed. Also add preprocessor magic to use private - versions of the passwd and group routines if MYPW is defined (for - use by testsudoers). - -2005-01-04 22:40 millert - - * tsgetgrpw.c: zero out struct passwd/group before filling it in so - if there are fields we don't handle they end up as 0. - -2005-01-04 20:10 millert - - * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c: Adapt to - pwutil.c - -2005-01-04 20:09 millert - - * Makefile.in: Add tsgetgrpw.c and pwutil.c Rename the *OBJ - variables for better readability. - -2005-01-04 20:08 millert - - * tsgetgrpw.c: Passwd and group lookup routines for testsudoers - that support alternate passwd and group files. - -2005-01-04 20:07 millert - - * getspwuid.c, pwutil.c: Split off pw/gr cache and dup code into - its own file. This allows visudo and testsudoers to use the - pw/gr cache too. - -2005-01-01 19:31 millert - - * parse.c: Print Defaults info in "sudo -l" output and wrap lines - based on the terminal width. - -2005-01-01 12:41 millert - - * match.c, visudo.c, testsudoers.c: Only check group vector in - usergr_matches() if we are matching the invoking or list user. - Always check the group members, even if there was a group vector. - -2004-12-17 17:24 millert - - * LICENSE, Makefile.in, fnmatch.3: No longer bundle fnmatch.3 - -2004-12-17 13:12 millert - - * CHANGES, TODO: checkpoint - -2004-12-16 14:20 millert - - * sudo.c: sort usage - -2004-12-16 14:20 millert - - * sudo.pod: Sort command line options - -2004-12-16 13:33 millert - - * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, - sudo.c, sudo.pod, sudoers.pod: Add closefrom sudoers option to - start closing at a point other than 3. Add closefrom_override - sudoers option and -C sudo flag to allow the user to specify a - different closefrom starting point. - -2004-12-16 13:25 millert - - * pathnames.h.in: Add _PATH_DEVNULL for those without it. - -2004-12-15 22:55 millert - - * LICENSE: no more UCB strcasecmp - -2004-12-15 22:54 millert - - * strcasecmp.c: replace BSD licensed one with version derived from - pdksh - -2004-12-09 21:07 millert - - * sudo.c: Fix last commit. - -2004-12-09 19:26 millert - - * sudo.c: Make sure stdin, stdout and stderr are open and dup them - to /dev/null if not. - -2004-12-03 13:57 millert - - * ldap.c, mon_systrace.c, sudo.c, sudo.h: add sudo_ldap_close - -2004-12-03 13:52 millert - - * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c: - Use TIME_WITH_SYS_TIME - -2004-12-03 13:48 millert - - * configure, configure.in, config.h.in: Add TIME_WITH_SYS_TIME_H - -2004-12-02 11:18 millert - - * env.c: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE - being set unconditionally on darwin. From Toby Peterson. - -2004-12-02 10:40 millert - - * getspwuid.c: Check rbinsert() return value. In the case of faked - up entries there is usually a negative response cached that we - need to overwrite. - - In pwfree() don't try to zero out a NULL pw_passwd pointer. - -2004-12-02 09:53 millert - - * mon_systrace.c: Use the double fork trick to avoid the monitor - process being waited for by the main program run through sudo. - -2004-11-29 12:52 millert - - * sudo.c: Call initgroups() in -U mode so group matches work - normally. - -2004-11-29 12:34 millert - - * def_data.h, mkdefaults: Don't print a trailing comma for the last - entry in enum def_tupple - -2004-11-28 16:08 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod: Mention values when - lecture, listpw and verifypw are used in boolean context. - -2004-11-28 16:05 millert - - * def_data.c, def_data.in: verifypw when used in a boolean TRUE - context should be "all", not "any". - -2004-11-26 14:21 millert - - * def_data.in, defaults.c: Allow tuples that can be used as - booleans to be used as boolean TRUE. In this case the 2nd - possible value of the tuple is used for TRUE. - -2004-11-25 12:23 millert - - * configure, configure.in: Correct the test for 2-parameter - timespecsub - -2004-11-25 12:20 millert - - * sudo.h: Add strub struct definitions for passwd, timeval and - timespec - -2004-11-25 12:09 millert - - * configure, configure.in, config.h.in, sudo_edit.c, visudo.c: Add - check for 2-argument form of timespecsub (FreeBSD and BSD/OS) and - fix a typo in the gettimeofday check. - -2004-11-24 16:44 millert - - * match.c, testsudoers.c: Deal with user_stat being NULL as it is - for visudo and testsudoers. - -2004-11-24 16:31 millert - - * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod: Add -U - option to use in conjunction with -l instead of -u. Add support - for "sudo -l command" to test a specific command. - -2004-11-24 16:28 millert - - * gram.c, gram.y, sudo.c: Set safe_cmnd after sudoers_lookup() if - it has not been set. Previously it was set by sudo "ALL" in the - parser but at that point the fully-qualified pathname has not yet - been found. - -2004-11-23 18:18 millert - - * parse.c, testsudoers.c: Correctly handle multiple privileges per - userspec and runas inheritence. - -2004-11-21 14:09 millert - - * defaults.c: Zero out sd_un for each entry in sudo_defs_table in - init_defaults. - -2004-11-19 18:04 millert - - * toke.c, toke.l: make per-command defaults work with sudoedit - -2004-11-19 18:00 millert - - * ldap.c, parse.c, sudo.c, sudo.h: Remove the FLAG_NOPASS, - FLAG_NOEXEC and FLAG_MONITOR flags. Instead, we just set the - approriate defaults variable. - -2004-11-19 17:09 millert - - * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod: - Document per-command Defaults. - -2004-11-19 16:35 millert - - * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c, - sudo.c, testsudoers.c, toke.c, toke.l, visudo.c: Add support for - command-specific Defaults entries. E.g. - Defaults!/usr/bin/vi noexec - -2004-11-19 15:03 millert - - * defaults.c, match.c, parse.c, parse.h, testsudoers.c: Change an - occurence of user_matches() -> runas_matches() missed previously - runas_matches(), host_matches() and cmnd_matches() only really - need to pass in a list of members. user_matches() still needs to - pass in a passwd struct because of "sudo -l" - -2004-11-19 14:46 millert - - * parse.c: Check def_authenticate, def_noexec and def_monitor when - setting return flags. XXX May be better to just set the defaults - directly and get rid of those flags. - -2004-11-19 13:39 millert - - * alias.c, alloc.c, check.c, closefrom.c, defaults.c, env.c, - error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, - getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c, - gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c, - mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c, - strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, - sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, - toke.l, utimes.c, visudo.c, zero_bytes.c, auth/afs.c, - auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c: Use: #include - Not: #include "config.h" That way we get the correct - config.h when build dir != src dir - -2004-11-19 13:30 millert - - * Makefile.in: Back out part of rev 1.263; fix -I order - -2004-11-19 13:12 millert - - * toke.c, toke.l: More robust parsing if #include; could be much - better still. - -2004-11-19 12:55 millert - - * sudo_edit.c, visudo.c: Make arg splitting in visudo and sudoedit - consistent. - -2004-11-19 12:35 millert - - * Makefile.in, alias.c, gram.c, gram.y, parse.h: Split alias - routines out into their own file. - -2004-11-19 12:32 millert - - * error.h: __attribute__ is already defined in compat.h - -2004-11-19 12:30 millert - - * visudo.c: quit() should not be __noreturn__ as it is non-void on - some platforms. - -2004-11-19 12:24 millert - - * auth/: fwtk.c, rfc1938.c, securid.c, securid5.c: Add local - error/warning functions like err/warn but that call an additional - cleanup routine in the error case. This means we no longer need - to compile a special version of alloc.o for visudo. - -2004-11-19 11:54 millert - - * parse.h: Clarify comments about the data structures - -2004-11-18 15:28 millert - - * visudo.c: Add support for VISUAL and EDITOR containing command - line args. If env_editor is not set any args in VISUAL and - EDITOR are ignored. Arguments are also now supported in - def_editor. - -2004-11-17 14:25 millert - - * parse.h: alias_matches() is no more - -2004-11-17 14:09 millert - - * CHANGES, TODO: sync - -2004-11-17 13:19 millert - - * Makefile.in: When regenerating the parser, don't replace gram.h - unless it has changed. - -2004-11-17 11:56 millert - - * Makefile.in: remove Makefile.binary for distclean - -2004-11-17 11:18 millert - - * env.c: Preserve KRB5CCNAME in zero_env() and add a paranoia check - to make sure we can't overflow new_env. - -2004-11-17 10:33 millert - - * sudo_edit.c: paranoia when stripping trailing slashes from - tempdir. - -2004-11-16 19:00 millert - - * sudo.c: Set user_ngroups to 0 if getgroups() returns an error. - -2004-11-16 18:59 millert - - * configure, configure.in, config.h.in, sudo.c: Add configure check - for getgroups() - -2004-11-16 18:55 millert - - * ldap.c: Use supplementary group vector in struct sudo_user. - -2004-11-16 18:40 millert - - * match.c: Only do string comparisons on the group members if there - is no supplemental group list. - -2004-11-16 16:10 millert - - * CHANGES, TODO: sync - -2004-11-16 15:54 millert - - * sudo_edit.c: On Digital UNIX _PATH_VAR_TMP doesn't end with a - trailing slash so chop off any trailing slashes we see and add an - explicit one. - -2004-11-16 12:02 millert - - * match.c: remove bogus XXX comment - -2004-11-16 11:10 millert - - * match.c: Get rid of alias_matches and correctly fall through to - the non-alias cases when there is no alias with the specified - name. - -2004-11-16 10:47 millert - - * getspwuid.c: Cache non-existent passwd/group entries too. - -2004-11-16 10:45 millert - - * gram.c: regen - -2004-11-15 23:32 millert - - * getspwuid.c: fix typo - -2004-11-15 23:24 millert - - * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c, - mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c: - Implement group caching and use the passwd and group caches - throughout. - -2004-11-15 14:43 millert - - * match.c: Properly negate the return value of alias_matches() when - appropriate. - -2004-11-15 14:38 millert - - * match.c: Make hostname_matches() return TRUE for a match, else - FALSE like the caller expects. - -2004-11-15 13:24 millert - - * Makefile.in: Add missing dependencies on gram.h - -2004-11-15 13:06 millert - - * match.c: Use runas_matches in alias_matches() now that we have - it. - -2004-11-15 13:00 millert - - * parse.c, parse.h: Expand aliases in "sudo -l" mode - -2004-11-15 12:33 millert - - * gram.y, match.c: Use ALIAS for the member type when storing an - alias instead of HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since - match.c relies on the more generic type. Expand runas_matches - instead of calling user_matches() inside of it since - user_matches() looks up USERALIASes, not RUNASALIASes. - -2004-11-15 12:05 millert - - * CHANGES, getspwuid.c: Paranoia; zero out pw_passwd before freeing - passwd entry. - -2004-11-15 10:53 millert - - * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure, - configure.in, err.c, error.c, error.h, defaults.c, env.c, - find_path.c, interfaces.c, logging.c, mon_systrace.c, sudo.c, - sudo.h, sudo_edit.c, testsudoers.c, visudo.c, emul/err.h: Add - local error/warning functions like err/warn but that call an - additional cleanup routine in the error case. This means we no - longer need to compile a special version of alloc.o for visudo. - -2004-11-15 09:59 millert - - * match.c: Use userpw_matches() to compare usernames, not strcmp(), - since the latter checks for "#uid". - -2004-11-15 09:53 millert - - * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c: Cache passwd - db entries in 2 reb-black trees; one indexed by uid, the other by - user name. The data returned from the cache should be considered - read-only and is destroyed by sudo_endpwent(). - -2004-11-15 09:50 millert - - * match.c: add cast to uid_t - -2004-11-15 09:49 millert - - * gram.y: missing free in alias_destroy - -2004-11-15 09:49 millert - - * redblack.c: Can't use rbapply() for rbdestroy since the - destructor is passed a data pointer, not a node pointer. - -2004-11-14 23:06 millert - - * getspwuid.c, logging.c, sudo.c, sudo.h: Create and use private - versions of setpwent() and endpwent() that set/end the shadow - password file too. - -2004-11-14 22:55 millert - - * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, - visudo.c: Store aliases in a red-black tree. - -2004-11-14 22:52 millert - - * Makefile.in, redblack.c, redblack.h: red-black tree - implementation - -2004-11-14 22:37 millert - - * visudo.c: Edit all sudoers file if there were unused or undefined - aliases and we are in strict mode. - -2004-11-12 11:19 millert - - * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c, - find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c: - Bring back the "secure_path" Defaults option now that Defaults - take effect before the path is searched. - -2004-11-11 12:22 millert - - * logging.c, parse.c: A user can always list their own entries, - even with -u. Better error message when failing to list another - user's entries. - -2004-11-11 12:12 millert - - * parse.c, sudo.c, sudo.h: The syntax to list another user's - entries is now "-u otheruser -l". Only root or users with sudo - "ALL" may list other user's entries. - -2004-11-11 11:30 millert - - * sudo.cat, sudo.man.in, sudo.pod: Update env variable info in - SECURITY NOTES - -2004-11-11 11:25 millert - - * env.c: strip CDPATH too - -2004-11-11 11:20 millert - - * env.c: strip exported bash functions from the environment. - -2004-10-27 12:16 millert - - * sudo.c: Only reset sudo_user.pw based on SUDO_USER environment - variables for real commands and sudoedit. This avoids a - confusing message when a user tries "sudo -l" or "sudo -v" and is - denied. - -2004-10-27 12:06 millert - - * gram.c, gram.y, parse.h: Extend LIST_APPEND to deal with - appending lists too - -2004-10-26 18:39 millert - - * logging.c: Convert some bitwise AND to ISSET - -2004-10-26 18:29 millert - - * lex.yy.c, toke.c: toke.c replaces lex.yy.c - -2004-10-26 18:29 millert - - * CHANGES, TODO: sync - -2004-10-26 18:28 millert - - * BUGS: new parser fixes most of the outstanding bugs - -2004-10-26 18:27 millert - - * configure: regen - -2004-10-26 18:26 millert - - * visudo.c: Rework for the new parser. Now checks for unused - aliases in sudoers. - -2004-10-26 18:25 millert - - * testsudoers.c: Rewrite for the new parser. Now supports a -d - flag (dump) and adds a -h flag (host). It now defaults to the - local hostname unless otherwise specified. - -2004-10-26 18:23 millert - - * sudo.h: Add new prototypes. Remove NOMATCH/UNSPEC (now in - parse.h) - -2004-10-26 18:22 millert - - * sudo.c: Update for new parse. We now call find_path() *after* we - have updated the global defaults based on sudoers. Also adds - support for listing other user's privs if you are root. - -2004-10-26 18:21 millert - - * mon_systrace.c: Working LDAP support; also remove a now-unneeded - rewind(). - -2004-10-26 18:20 millert - - * logging.c, logging.h: Add NO_STDERR flag. - -2004-10-26 18:19 millert - - * ldap.c: Split sudo_ldap_check() into three pieces: - sudo_ldap_open(), udo_ldap_update_defaults() and - sudo_ldap_check(). This allows us to connecto to LDAP, apply the - default options, find the command in the user's path, and then - check whether the user is allowed to run it. The important thing - here is that the default runas user may be specified as a default - option and that needs to be set before we search for the command. - -2004-10-26 18:17 millert - - * ldap.c: Add casts to unsigned char for isspace() to quiet a gcc - warning. - -2004-10-26 18:16 millert - - * defaults.h: Add prototype for update_defaults() - -2004-10-26 18:16 millert - - * defaults.c: Don't warn about line numbers now that we operate on - a set of data structures (or LDAP) and not a file. - -2004-10-26 18:15 millert - - * config.h.in: No long use lsearch() - -2004-10-26 18:14 millert - - * Makefile.in: Update for new and changed file names. - -2004-10-26 18:14 millert - - * LICENSE: no more BSD lsearch.c - -2004-10-26 18:14 millert - - * match.c: foo_matches() routines now live in match.c Added - user_matches(), runas_matches(), host_matches(), cmnd_matches() - and alias_matches() that operate on the parsed sudoers file. - -2004-10-26 18:12 millert - - * parse.lex, toke.l: Move parse.lex -> toke.l Rename buffer_frob() - -> switch_buffer() WORD no longer needs to exclude '@' kill - yywrap() - -2004-10-26 18:10 millert - - * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.h: - Rewritten parser that converts sudoers into a set of data - structures. This eliminates ordering issues and makes it - possible to apply sudoers Defaults entries before searching for - the command. - -2004-10-26 18:09 millert - - * configure.in, lsearch.c, emul/search.h: We won't be using - lsearch() any longer. - -2004-10-26 18:07 millert - - * ldap.c: sudo should not send mail if someone who runs 'sudo -l' - has no entry. - -2004-10-26 16:09 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen - -2004-10-26 16:09 millert - - * visudo.pod: Update warnings to match new visudo - -2004-10-26 16:08 millert - - * sudoers.pod: The new parser doesn't have the old ordering - constraints. - -2004-10-26 16:08 millert - - * sudo.pod: Document that -l now takes an optional username - argument - -2004-10-25 13:44 millert - - * RUNSON: AIX 5.2.0.0 works - -2004-10-25 13:38 millert - - * ldap.c: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS - instead. Fixes a compilation problem with Solaris 9's native - LDAP. - - Set FLAG_MONITOR when needed. - -2004-10-23 13:32 millert - - * mon_systrace.c: Call sudo_goodpath() *after* changing the cwd to - match the traced process. Fixes relative paths. - -2004-10-21 12:31 millert - - * testsudoers.c: Kill set_perms() stub--it is no longer needed. - -2004-10-13 12:52 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod: stay_setuid now - requires set_reuid() or setresuid() - -2004-10-13 12:46 millert - - * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure, - configure.in, set_perms.c, sudo.c, sudo.h: Kill use of POSIX - saved uids; they aren't worth bothering with. - -2004-10-07 16:23 millert - - * glob.c: remove call to issetugid() - -2004-10-07 14:57 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod: Remove warning about - wildcards. Now that we use glob() the bug is fixed. - -2004-10-07 14:52 millert - - * parse.c: Use glob(3) instead of fnmatch(3) for matching pathnames - and stat each result that matches the basename of the user's - command. This makes "cd /usr/bin ; sudo ./blah" work when - sudoers allows /usr/bin/blah. Fixes bug #143. - -2004-10-07 14:27 millert - - * configure, configure.in, config.h.in: Define HAVE_EXTENDED_GLOB - for extended glob (GLOB_TILDE and GLOB_BRACE) - -2004-10-07 12:59 millert - - * config.h.in, configure, configure.in: Check for a glob() that - supports GLOB_BRACE and GLOB_TILDE - -2004-10-07 12:51 millert - - * LICENSE: reference glob - -2004-10-07 12:50 millert - - * glob.c, emul/glob.h: 4.4BSD glob(3) with fixes from OpenBSD and - some unneeded extensions removed. - -2004-10-05 17:26 millert - - * mon_systrace.c: Just return if STRIOCINJECT or STRIOCREPLACE - fail. It probably means we are out of space in the stack gap... - -2004-10-05 17:20 millert - - * CHANGES: sync - -2004-10-05 16:53 millert - - * mon_systrace.c: Take a stab at ldap sudoers support here. - -2004-10-05 15:13 millert - - * mon_systrace.c, mon_systrace.h: Detach from tracee on SIGHUP, - SIGINT and SIGTERM. Now "sudo reboot" doesn't cause reboot to - inadvertanly kill itself. - -2004-10-05 14:21 millert - - * mon_systrace.c: put "monitor" in the proctitle, not "systrace" - -2004-10-05 14:15 millert - - * mon_systrace.c: When modifying the environment, don't replace - envp when we can get away with just rewriting pointers in the - traced process. - -2004-10-05 13:46 millert - - * mon_systrace.c, mon_systrace.h: Add environment updating via - STRIOCINJECT (if available). - -2004-10-05 10:22 millert - - * sudoers.cat, sudoers.man.in: regen - -2004-10-04 16:15 millert - - * lex.yy.c: regen - -2004-10-04 16:15 millert - - * parse.lex: Fix bug introduced in unput() removal; want yyless(0) - not yyless(1) - -2004-10-04 12:09 millert - - * mon_systrace.c: Include file is now mon_systrace.h - -2004-10-04 12:07 millert - - * Makefile.in, configure, configure.in, def_data.c, def_data.h, - def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, - sudo.c, sudo.h, sudo.tab.h, sudoers.pod: No longer call it - tracing, it is now "monitoring" which should be more a obvious - name to non-hackers. - -2004-10-01 15:06 millert - - * mon_systrace.c, mon_systrace.h: Fix some XXX - -2004-10-01 14:30 millert - - * mon_systrace.c, mon_systrace.h: No need to include syscall.h, use - 1024 as the max # of entries (the max that systrace(4) allows). - - Only need to use SYSTR_POLICY_ASSIGN once - - Change check_syscall() -> find_handler() and have it return the - handler instead of just running it. We need this since handler - now have two parts: one part that generates and answer and - another that gets called after the answer is accepted (to do - logging). - - Add some missing check_exec for emul execv - -2004-10-01 10:58 millert - - * sample.pam, sample.sudoers, sample.syslog.conf, sudoers: Add - $Sudo$ tags. - -2004-10-01 10:47 millert - - * config.h.in: Add missing HAVE_LINUX_SYSTRACE_H - -2004-09-30 20:46 millert - - * Makefile.in: add trace_systrace.o dependency - -2004-09-30 19:00 millert - - * configure, configure.in: Also look for systrace.h in - /usr/include/linux - -2004-09-30 18:27 millert - - * mon_systrace.c, mon_systrace.h: Move all struct defs and - prototypes into trace_systrace.h and mark all but - systace_attach() static. - -2004-09-30 18:14 millert - - * mon_systrace.c, mon_systrace.h: Add support for tracing - emulations. At the moment, all emulations are compiled in. It - might make sense to #ifdef them in the future, though this - impeeds readability. - -2004-09-30 17:07 millert - - * Makefile.in, configure.in, configure: rename systrace.c -> - trace_systrace.c - -2004-09-30 15:58 millert - - * parse.yacc: Allow this to build with a K&R compiler again - -2004-09-30 13:58 millert - - * TODO: sync - -2004-09-30 13:55 millert - - * sudo.c, compat.h, visudo.c: Use __attribute__((__noreturn__)) - -2004-09-30 13:44 millert - - * visudo.c: Exit() takes a negative value to indicate it was not - called via signal. - -2004-09-30 13:25 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen - -2004-09-30 13:22 millert - - * Makefile.in, visudo.c: Define Err() and Errx() that are like - err() and errx() but call Exit() instead of exit(). Build - private copy of alloc.o for visudo that calls Err() and Errx(). - -2004-09-29 15:22 millert - - * lex.yy.c: regen - -2004-09-29 15:22 millert - - * CHANGES: sync - -2004-09-29 14:41 millert - - * visudo.c: Overhaul visudo for editing multiple files: o visudo - has been broken out into functions (more work needed here) o - each file is now edited before sudoers is re-parsed o if a - #include line is added that file will be edited too - - TODO: o cleanup temp files when exiting via err() or errx() o - continue breaking things out into separate functions - -2004-09-29 14:36 millert - - * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c: Add keepopen - arg to open_sudoers that open_sudoers can use to indicate to the - caller that the fd should not be closed when it is done with it. - To be used by visudo to keep locked fds from being closed - prematurely (and thus losing the lock). - -2004-09-29 14:33 millert - - * parse.yacc, sudo.c: Add errorfile global that contains the name - of the file that caused the error. - -2004-09-29 14:30 millert - - * parse.lex: return COMMENT to yacc grammar for a #include line - -2004-09-29 14:29 millert - - * parse.lex: Remove us of unput() in favor of yyless() which is - cheaper. - -2004-09-29 14:28 millert - - * parse.yacc: Allow an empty sudoers file. - -2004-09-28 16:50 millert - - * mon_systrace.c: Rewind sudoers_fp now that sudoers_lookup() - doesn't do it for us. - -2004-09-28 14:37 millert - - * lex.yy.c: regen - -2004-09-28 14:36 millert - - * visudo.c: Do signal setup before calling edit_sudoers(). Don't - shadow the "quiet" global. - -2004-09-28 14:33 millert - - * visudo.c: If a sudoers file includes other files, edit those too. - Does not yes deal with creating the new includes files itself. - -2004-09-28 14:31 millert - - * testsudoers.c: init_parser now takes a path - -2004-09-28 14:31 millert - - * parse.c, parse.h, parse.lex, parse.yacc: More scaffolding for - dealing with multiple sudoers files: o init_parser() now takes a - path used to populate the sudoers global o the sudoers global is - used to print the correct file in yyerror() o when switching to - a new sudoers file, perserve old file name and line number - -2004-09-28 14:29 millert - - * Makefile.in, pathnames.h.in: Kill _PATH_SUDOERS_TMP; it is not - meaningful now that we can have multiple sudoers files. - -2004-09-28 13:52 millert - - * parse.c, sudo.c: Rewind sudoers_fp in open_sudoers() instead of - sudoers_lookup() so we start at the right file position when - reading include files. - -2004-09-27 21:04 millert - - * sudoers.pod: document #include - -2004-09-27 20:47 millert - - * lex.yy.c: regen - -2004-09-27 20:47 millert - - * parse.lex: Add max depth of 128 for the include stack to avoid - loops. - - Since yyerror() doesn't stop parsing, pass return values back to - yylex and call yyterminate() on error. - -2004-09-27 14:06 millert - - * sudoers.pod: document tracing - -2004-09-27 14:05 millert - - * sudo.pod: Mention PREVENTING SHELL ESCAPES section of sudoers man - page - -2004-09-27 12:08 millert - - * lex.yy.c: regen - -2004-09-27 12:03 millert - - * parse.lex: Add support for #include in sudoers (visudo support - TBD) - -2004-09-27 12:02 millert - - * parse.yacc: make yyerror()'s argument const - -2004-09-27 12:02 millert - - * testsudoers.c, visudo.c: Add open_sudoers() stubs. - -2004-09-27 12:01 millert - - * sudo.c, sudo.h: Rename check_sudoers() open_sudoers() and make it - return a FILE * - -2004-09-26 12:35 millert - - * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, - version.h: Crank version - -2004-09-26 12:33 millert - - * Makefile.in, sudo.psf: Better HP-UX depot construction - -2004-09-25 17:08 millert - - * mon_systrace.c: o Made children global so check_exec() can lookup - a child. o Replaced uid in struct childinfo with struct passwd * - (for runas) o new_child() now takes a parent pid so the runas - info can be inherited o Added find_child() to lookup a child by - its pid o update_child() now fills in a struct passwd o Converted - the big if/else mess in set_policy to a switch o Syscalls that - change uid are now "ask" so we get SYSTR_MSG_UGID events - -2004-09-25 17:01 millert - - * getspwuid.c: Add flag to sudo_pwdup that indicates whether or not - to lookup the shadow password. Will be used to a struct passwd - that has the shadow password already filled in. - -2004-09-25 16:58 millert - - * mon_systrace.c: add missing increment of addr in read_string() - -2004-09-25 16:15 millert - - * mon_systrace.c: Remove bogus call to update_child() and some - cosmetic fixes - -2004-09-25 16:11 millert - - * mon_systrace.c: Don't leak /dev/systrace fd to tracee Make - initialized global for simplicity If STRIOCATTACH returns EBUSY - we are already being traced Check for user_args == NULL in - setproctitle() call Add missing calls to STRIOCANSWER - -2004-09-25 13:15 millert - - * sudo.c: g/c sudo_pwdup proto - -2004-09-24 20:21 millert - - * Makefile.in, sudo.psf: Add target for building a depot file - -2004-09-24 20:07 millert - - * mon_systrace.c: trim includes - -2004-09-24 14:11 millert - - * lex.yy.c, sudo.tab.h: regen - -2004-09-24 14:10 millert - - * INSTALL: document --with-systrace - -2004-09-24 14:10 millert - - * config.h.in, configure, configure.in: Add check for setproctitle - -2004-09-24 14:09 millert - - * mon_systrace.c: pass struct str_msg_ask in to syscall checker so - it can set the error code - -2004-09-24 13:30 millert - - * mon_systrace.c: systrace(4) support for sudo. On systems with - the systrace(4) kernel facility (OpenBSD, NetBSD, Linux w/ - patches) sudo can intercept exec calls and check the exec args - against the sudoers file. In other words, sudo can now control - subcommands and shell escapes. - -2004-09-24 13:17 millert - - * sudo.c, sudo.h: Call systrace_attach() if FLAG_TRACE is set. - -2004-09-24 13:15 millert - - * parse.c, parse.h, parse.lex, parse.yacc, sudo.h: Add trace - Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE - -2004-09-24 13:13 millert - - * parse.c, sudo.c: Don't close sudoers_fp, keep it open and set - close on exec flag instead. - -2004-09-24 13:11 millert - - * def_data.c, def_data.h, def_data.in: Add trace option - -2004-09-23 20:24 millert - - * Makefile.in: Add systrace - -2004-09-23 20:23 millert - - * INSTALL: SunOS /bin/sh blows up with configure - -2004-09-23 20:23 millert - - * configure, configure.in: Include sys/param.h before systrace.h - -2004-09-23 20:15 millert - - * configure: regen - -2004-09-23 20:15 millert - - * pathnames.h.in: _PATH_DEV_SYSTRACE - -2004-09-23 20:14 millert - - * configure.in: line up options in --help - -2004-09-23 20:11 millert - - * config.h.in, configure.in: Add --with-systrace - -2004-09-23 13:35 millert - - * configure: regen - -2004-09-23 13:35 millert - - * aclocal.m4, configure.in: make this work with autoconf-2.59 - -2004-09-16 12:58 millert - - * sudo_edit.c: Simplify logic around open & stat of files and do - sanity on edited file even if we lack fstat (still racable but - worth doing). - -2004-09-15 18:47 millert - - * HISTORY: Add support url - -2004-09-15 16:11 millert - - * Makefile.in: versino 1.6.8p1 - -2004-09-15 15:20 millert - - * CHANGES: more changes for 1.6.8p1 - -2004-09-15 15:18 millert - - * version.h: 1.6.8p1 - -2004-09-15 12:16 millert - - * CHANGES, sudo_edit.c: Add sanity check so we don't try to edit - something other than a regular file. - -2004-09-14 20:55 aaron - - * CHANGES: sync - -2004-09-14 20:21 aaron - - * INSTALL: document --with-ldap-conf-file - -2004-09-14 17:43 millert - - * CHANGES, ins_csops.h: political correctness strikes again - -2004-09-14 15:09 millert - - * RUNSON: sync - -2004-09-12 19:50 millert - - * Makefile.binary.in, Makefile.in: Install sudoedit man link - -2004-09-12 14:25 millert - - * INSTALL: Update PAM note and mention where HP-UX users can - download gcc binaries. - -2004-09-12 12:08 millert - - * Makefile.in: libtool wants to install stuff from .libs so fake - one up for binary installations. - -2004-09-12 11:53 millert - - * Makefile.binary.in: rm -f old sudoedit link instead of using ln - -f set LIBTOOL correctly - -2004-09-12 11:53 millert - - * Makefile.in: Deal with "uname -m" having slashes in it rm -f old - sudoedit link instead of using ln -f - -2004-09-12 10:22 millert - - * Makefile.binary, Makefile.binary.in: Makefile.binary -> - Makefile.binary.in for config.status substitution Add support for - installing noexec bits - -2004-09-12 10:21 millert - - * Makefile.in: Copy noexec bits into binary dists too No longer use - my old arch script for making binary dists - -2004-09-12 09:36 millert - - * Makefile.binary: Install sudoedit link. - -2004-09-11 12:25 millert - - * emul/utime.h: avoid __P so there is no need for compat.h to be - included - -2004-09-11 12:24 millert - - * utimes.c: Don't use HAVE_UTIME_H before including config.h. - -2004-09-10 12:31 millert - - * compat.h: Fix Solatis futimes macro - -2004-09-09 11:02 millert - - * sudo_edit.c: Rename ots -> omtim for improved readability. - -2004-09-08 14:38 millert - - * sudo_edit.c: Redo changes in revision 1.7. Don't really need to - keep the temp file open; re-opening it with the invoking user's - euid is sufficient. - -2004-09-08 14:36 millert - - * CHANGES: sync - -2004-09-08 14:35 millert - - * sudo.cat, sudo.man.in: regen - -2004-09-08 14:34 millert - - * sudo.pod: back out revision 1.70; it is no long applicable - -2004-09-08 11:57 millert - - * env.c: Let the loader initialize nep - -2004-09-08 11:49 millert - - * configure, configure.in, config.h.in: Removed unneed check for - fchown Add check for gettimeofday Move autoheader template stuff - into separate AH_TEMPLATE lines - -2004-09-08 11:48 millert - - * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c: Use - timespec throughout. - -2004-09-08 11:47 millert - - * Makefile.in: gettime.[co] - -2004-09-08 11:47 millert - - * gettime.c: function to return the current time in a struct - timespec - -2004-09-08 10:51 millert - - * utimes.c: Not a darpa-sponsored file. - -2004-09-07 16:36 millert - - * compat.h, config.h.in, configure, configure.in: Add a check for - struct timespec and provide it for those without. - -2004-09-07 15:56 millert - - * config.h.in, configure, configure.in, sudo_edit.c: Add checks for - st_mtim and st_mtimespec and add macros for pulling the mtime sec - and nsec out of struct stat. These are used in sudo_edit() to - better tell whether or not the file has changed. - -2004-09-07 15:55 millert - - * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c: Add an extra - param to touch() for nsec - -2004-09-07 14:06 millert - - * sudo_edit.c: Call mkstemp() as the in invoking user so we don't - have to chown the file later. Only touch() the temp file if we - can do it via the file descriptor. Don't check for modification - of the temp file if we lack fstat(). Catch errors read()ing the - temp file. - -2004-09-07 14:04 millert - - * fileops.c: If path is NULL and fd == -1 return -1. - -2004-09-07 13:31 millert - - * sudo_edit.c: closefrom() is overkill, the only extra fds are the - ones we opened so just close those in the child. - -2004-09-07 13:14 millert - - * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, - configure, configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, - utimes.c, visudo.c: Use utimes() and futimes() instead of utime() - in touch(), emulating as needed. Not all systems are able to - support setting the times of an fd so touch() takes both an fd - and a file name as arguments. - -2004-09-06 21:12 aaron - - * env.c: Rare SEGV - -2004-09-06 16:46 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen - -2004-09-06 16:45 millert - - * sudo.pod, sudoers.pod, visudo.pod: Add SUPPORT section and - re-order some of the sections to match the order we use in - OpenBSD. - -2004-09-06 15:05 aaron - - * env.c: Openldap ~/.ldaprc fix - -2004-09-06 12:18 millert - - * sudo.pod: Talk about how the editor must write its changes to the - original file and not just use rename(2). - -2004-09-06 12:12 millert - - * CHANGES: sync - -2004-09-06 12:11 millert - - * sudo_edit.c: Keep the temp file open instead of re-opening after - the editor has exited. - -2004-09-06 12:10 millert - - * sample.pam: Update for current redhat/fedora core. - -2004-09-02 21:56 aaron - - * README.LDAP: tls_ examples - -2004-09-02 00:03 aaron - - * ldap.c: config tls_* options - -2004-08-29 11:39 millert - - * configure, configure.in: No need for -lcrypt when using pam. - -2004-08-26 23:57 millert - - * configure: regen - -2004-08-26 23:44 aaron - - * configure.in, ldap.c, pathnames.h.in: Allow --with-ldap-conf-file - option to override LDAP_CONF - -2004-08-26 22:08 aaron - - * ldap.c: cleanup debug message - -2004-08-26 19:29 aaron - - * README.LDAP: more config info - -2004-08-24 14:01 millert - - * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c: - Add cmnd_base to struct sudo_user and set it in init_vars(). Add - cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No - longer use gross statics in command_matches(). Also rename some - variables for improved clarity. - -2004-08-21 14:33 millert - - * INSTALL: document HP's crippled compiler deficiency. - -2004-08-21 14:25 millert - - * INSTALL: Fix some thinkos in --with-editor and --with-env-editor - descriptions. Noticed by Norihiko Murase. - -2004-08-21 14:20 millert - - * configure, configure.in: --with-noexec takes an optional PATH - argument. - -2004-08-21 14:20 millert - - * INSTALL: document --with-noexec - -2004-08-17 16:21 millert - - * RUNSON, TODO: sync - -2004-08-17 15:11 millert - - * sudo_edit.c: Better warning message when sudoedit is unable to - write to the destination file. - -2004-08-17 14:53 millert - - * sudo.cat, sudo.man.in: regen - -2004-08-17 14:53 millert - - * sudo.pod: Don't italicize the string "sudoedit" - -2004-08-16 18:45 millert - - * HISTORY: Mention GratiSoft. - -2004-08-11 14:29 millert - - * parse.yacc: Reset used_runas to FALSE when re-intializing the - parser. - -2004-08-09 19:04 millert - - * config.guess: Correct OpenBSD mips support - -2004-08-09 17:28 millert - - * config.guess: Add OpenBSD/mips - -2004-08-06 23:43 aaron - - * README.LDAP: More behavior notes - -2004-08-06 23:36 aaron - - * README.LDAP: Updates on current behavior - -2004-08-06 19:56 millert - - * sudo.pod, sudoers.pod: =back does not take an indentlevel (makes - no difference to formatted files). - -2004-08-06 19:48 millert - - * CHANGES: new - -2004-08-06 19:42 millert - - * sudo.c: Consistency. Use same error for bad -u #uid when - targetpw is set as we do when a bad -u username is specified. - -2004-08-06 19:33 millert - - * TODO: Add checksum idea from Steve Mancini - -2004-08-06 19:32 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen - -2004-08-06 19:31 millert - - * sudo.pod, sudoers.pod: Document the restriction on uids specified - via -u when targetpw is set. - -2004-08-06 19:24 millert - - * sudo.c: Error out when targetpw is enabled and sudo is run with - -u #uid but #uid does not exist in the passwd database. We can't - do target authentication when the target is not in passwd! - -2004-08-05 21:16 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen - -2004-08-05 21:14 millert - - * TODO: Some more todo for the next release. - -2004-08-05 21:13 millert - - * INSTALL: Make it clear that PAM should be used for DCE support - when possible. - -2004-08-05 21:13 millert - - * sudoers.pod: o Document problems with wildcards and relative - paths. o Make the order requirements more prominent. o Change a - "set" to "reset" for clarity. - -2004-08-05 14:29 millert - - * sudo.pod: Mention --with-secure-path, not SECURE_PATH. - -2004-08-02 22:34 aaron - - * ldap.c: reflect changes to parse.c - -2004-08-02 14:44 millert - - * parse.c, parse.h, parse.yacc, testsudoers.c, visudo.c: Don't pass - user_cmnd and user_args to command_matches(), just use the - globals there. Since we keep state with statics anyway it is - misleading to pretend that passing in different cmnd and - cmnd_args will work. - -2004-08-02 14:40 millert - - * parse.c: Fix a bug introduced in rev. 1.149. When checking for - pseudo-commands check for a '/' anywhere in cmnd, not just the - first character. - -2004-07-30 23:07 aaron - - * sudo.man.in, sudo.pod: Clarification thanks to Olivier Blin - - -2004-07-30 22:41 aaron - - * sudoers.man.in, sudoers.pod: Add ignore_local_sudoers - -2004-07-30 22:06 aaron - - * README.LDAP: Sun One schema definition by - Andreas.Bussjaeger@t-systems.com and janth@moldung.no - -2004-07-29 11:57 millert - - * CHANGES: typo - -2004-07-23 16:44 millert - - * CHANGES: sync - -2004-07-23 16:43 millert - - * parse.c: Parse sudoers file as PERM_RUNAS not PERM_ROOT and - remove a useless PERM_SUDOERS. Restore to PERM_ROOT upon exit of - the parse. - -2004-07-08 10:20 millert - - * CHANGES: PAM change - -2004-07-07 21:04 aaron - - * ldap.c: Better debugging of ALL command - -2004-07-07 20:15 millert - - * parse.c: When matching for "sudoedit" in sudoers check both the - command the user typed *and* the command that is listed in the - sudoers entry. - -2004-07-04 19:59 aaron - - * ldap.c: Added !command feature - -2004-06-28 10:51 millert - - * auth/pam.c: Use pam_acct_mgmt() to check for disabled accounts; - Brian Farrell - -2004-06-10 23:11 millert - - * LICENSE: License is ISC-style, not BSD-style - -2004-06-10 20:58 millert - - * CHANGES: sync - -2004-06-10 16:54 millert - - * sudo.man.in, sudo.cat: regen - -2004-06-10 16:53 millert - - * sudo.pod: o Update some out of date bits to reality o Change the - shell promt in examples to bourne-shell style o Clarify some - details o Add a CAVEAT about "sudo cd /foo" - -2004-06-10 16:19 millert - - * check.c: Don't ask for a password if invoking user == target - user. - -2004-06-10 12:32 millert - - * sudo.c: typo in comment - -2004-06-08 19:20 millert - - * sudoers.man.in, sudoers.cat: regen - -2004-06-08 19:19 millert - - * sudoers.pod: Expand on NOEXEC a little. - -2004-06-08 16:20 millert - - * TODO: sync - -2004-06-08 15:58 millert - - * visudo.man.in, visudo.cat: regen - -2004-06-08 15:55 millert - - * CHANGES, parse.yacc, visudo.c, visudo.pod: Add a check in visudo - for runas_default being set after it has already been used. - -2004-06-08 13:53 millert - - * parse.yacc: Add a MATCHED macro for testing whether foo_matches - has been set to TRUE or FALSE. This is more readable than - checking for >=0 or < 0. Doesn't change the actual code - generated. - -2004-06-06 20:11 millert - - * sudoers.man.in, sudoers.cat: regen - -2004-06-06 20:07 millert - - * sudoers, sudoers.pod: Correct description of where Defaults specs - should go. - -2004-06-06 20:02 millert - - * find_path.c, ldap.c, logging.h, testsudoers.c, visudo.c, - auth/bsdauth.c, auth/kerb5.c, auth/pam.c: update (c) year - -2004-06-06 19:58 millert - - * check.c, compat.h, defaults.c, env.c, find_path.c, getcwd.c, - ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c, - tgetpass.c, visudo.c, auth/bsdauth.c, auth/kerb5.c, auth/pam.c: - Remove trailing spaces, no actual code changes. - -2004-06-06 16:22 millert - - * parse.yacc: Fix a >=0 that should be <0 that was improperly - converted when UNSPEC was added. - -2004-06-06 15:54 millert - - * parse.yacc: Add do {} while(0) around pop macro Set cmnd_matches - to UNSPEC, not NOMATCH when resetting it. - -2004-06-06 15:39 millert - - * parse.yacc: Fix pastos introduced in SETNMATCH addition. - -2004-06-05 13:55 millert - - * README.LDAP: Update for configure changes - -2004-06-05 13:42 millert - - * parse.yacc, sudo.h: Add NOMATCH and UNSPEC defines (-1 and -2 - respectively) and use these in parse.yacc. Also in parse.yacc - initialize the *_matches vars to UNSPEC and add two macros, - SETMATCH and SETNMATCH for use when setting *_matches to a value - that may be NOMATCH/UNSPEC/TRUE/FALSE. - -2004-06-05 11:17 millert - - * parse.yacc: Initialize runas to -2, not -1 since we need to be - able to distinguish between the initialized value and the value - of a non-match when passing along the runas value to multiple - commands. - - The result of this is that an unmatched runas is now set to -1, - not 0. This is required now that parse.c treats a FALSE value - for runas as being explicitly denied. - -2004-06-03 16:21 millert - - * getprogname.c, sudo.c, visudo.c: Error out if argc < 1. - -2004-06-03 12:37 millert - - * configure, configure.in: Add tests for what libs we need to link - with for ldap and for whether or not lber.h needs to be - explicitly included. - -2004-06-02 20:30 aaron - - * ldap.c: Solaris native LDAP build fix - -2004-06-01 16:56 millert - - * ldap.c: Set edn to NULL is ldap_get_dn() fails to avoid potential - use of an unset variable. - -2004-06-01 16:56 millert - - * sudo.h: Add prototype for sudo_ldap_list_matches - -2004-06-01 16:53 millert - - * compat.h, config.h.in, configure, configure.in: Better check for - dirfd macro--we now set HAVE_DIRFD for the macro version too. - Added check for dd_fd in `DIR' if no dirfd is found; this is now - used to confitionally define the dirfd macro in compat.h. - -2004-06-01 16:51 millert - - * closefrom.c: Only check /proc/$$/fd if we have the dirfd - function/macro. - -2004-06-01 15:13 millert - - * compat.h, config.h.in, configure, configure.in: Add a check for a - dirfd() function (like Linux) and add a dirfd macro in compat.h - if there is no dirfd() function or macro. - -2004-06-01 14:59 millert - - * closefrom.c, getcwd.c: dirfd() is now defined in compat.h as - needed. - -2004-06-01 14:30 millert - - * CHANGES: Clarify closefrom() note. - -2004-06-01 12:51 millert - - * parse.c: When checking for a command in the directory, only copy - the base dir once. - -2004-06-01 12:44 millert - - * closefrom.c: If there is a /proc/$$/fd directory, behave like the - Solaris closefrom() and only close the descriptors listed - therein. - -2004-06-01 12:23 millert - - * alloc.c: compat.h guarantees INT_MAX is defined. - -2004-06-01 12:23 millert - - * compat.h: Add definitions of OPEN_MAX and INT_MAX for those - without it and remove definition of RLIM_INFINITY (now unused). - -2004-05-31 21:22 millert - - * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, - parse.c, sudo.c, sudo.h, visudo.c: Use PATH_MAX, not MAXPATHLEN - since the former is standardized. - -2004-05-31 19:18 millert - - * CHANGES: sync - -2004-05-31 19:10 millert - - * RUNSON: Add some entries that were mailed in a while ago - -2004-05-31 14:16 millert - - * closefrom.c: o sysconf returns a long, not an int. o check for - negative return value from sysconf/getdtablesize and use - OPEN_MAX in this case. o define OPEN_MAX to 256 for those - without it (a fair guess...) - -2004-05-30 12:25 millert - - * UPGRADE: Mention change in parse order for RunAs entries. - -2004-05-30 12:15 millert - - * configure: regen - -2004-05-29 18:29 millert - - * config.h.in, configure.in, INSTALL, README.LDAP: o --with-ldap - now takes an optional dir as a parameter - o added check for ldap_initialize() and start_tls_s() - -2004-05-29 14:54 millert - - * README.LDAP: Fix some typos, word choice and formatting issues. - -2004-05-28 18:06 millert - - * tgetpass.c: Use SA_INTERRUPT so SunOS works correctly, avoid - stdio and just use read/write as it is simpler. - -2004-05-28 16:27 millert - - * configure, configure.in: Remove hack overriding cross-compiler - check. It should no longer be needed. - -2004-05-28 16:26 millert - - * compat.h: Remove select() compat bits since we no longer use - select(). - -2004-05-28 16:24 millert - - * CHANGES, tgetpass.c: Use alarm() instead of select() for the - timeout for systems that don't fully/properly implement select(). - -2004-05-27 19:14 millert - - * CHANGES: synbc - -2004-05-27 19:12 millert - - * RUNSON: update - -2004-05-27 19:12 millert - - * set_perms.c: Deal with systems that have no way of setting the - effective uid such as nsr-tandem-nsk. - -2004-05-27 19:01 millert - - * configure, configure.in: Define NO_SAVED_IDS if we don't find - seteuid() - -2004-05-27 18:21 millert - - * config.h.in, configure, configure.in: Add back check for - setreuid() since NSK doesn't have it. - -2004-05-27 15:57 millert - - * sudoers.cat, sudoers.man.in: regen - -2004-05-27 15:56 millert - - * BUGS, CHANGES: sync - -2004-05-27 15:55 millert - - * parse.c: In sudoers_lookup() return VALIDATE_NOT_OK if the runas - user was explicitly denied and the command matched. This fixes a - long-standing bug and makes: foo machine = (ALL) - /usr/bin/blah foo machine = (!bar) /usr/bin/blah - - equivalent to: foo machine = (ALL, !bar) /usr/bin/blah - -2004-05-27 15:52 millert - - * sudoers.pod: Clarify mail_noperm - -2004-05-19 21:25 aaron - - * Makefile.in: Missing DESTDIR in make install for sudo_noexec.la - -2004-05-17 18:32 millert - - * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat, - sudoers.cat, visudo.cat: regen - -2004-05-17 18:31 millert - - * TODO: sync - -2004-05-17 18:31 millert - - * sample.sudoers, sudoers.pod: Remove fastboot/fasthalt (who still - remembers these?) and add a minimal sudoedit example. - -2004-05-17 18:21 millert - - * CHANGES, INSTALL, TROUBLESHOOTING, UPGRADE, sudo.c, visudo.c: - filesystem -> file system - -2004-05-17 18:19 millert - - * sudo.pod, sudoers.pod: Fix some minor typos and formatting goofs - -2004-05-17 18:10 millert - - * lex.yy.c: regen - -2004-05-17 17:57 millert - - * visudo.pod: remove my email addr - -2004-05-17 17:55 millert - - * sudo.pod, sudoers.pod, visudo.pod: Use @mansectform@ and - @mansectsu@ everywhere Make man page references links with L<> - -2004-05-17 16:51 millert - - * parse.lex: Accept quoted globbing characters and pass them - verbatim for fnmatch() - -2004-05-17 16:50 millert - - * UPGRADE: Document that /tmp/.odus is gone. - -2004-05-17 16:28 millert - - * CHANGES, aclocal.m4, configure, pathnames.h.in: No longer use - /tmp/.odus as a possible timestamp dir unless specifically - configured to do so. Instead, if no /var/run exists, use - /var/adm/sudo or /usr/adm/sudo. - -2004-05-17 16:08 millert - - * check.c, compat.h, logging.c, set_perms.c, sudo.c, tgetpass.c, - visudo.c: Preliminary changes to support nsr-tandem-nsk. Based - on patches from Tom Bates. - -2004-05-16 18:47 millert - - * CHANGES: There was no 1.6.7p6. - -2004-05-16 16:38 millert - - * BUGS, CHANGES: sync - -2004-05-16 16:36 millert - - * Makefile.in: add missing files to DISTFILES - -2004-05-16 16:23 millert - - * sudoers.man.in, sudo.cat, sudoers.cat, visudo.cat: regen - -2004-05-16 16:20 millert - - * Makefile.in: Fix some line wrap and update (c) year - -2004-04-28 15:05 aaron - - * README.LDAP: Build Note - -2004-04-06 22:03 aaron - - * Makefile.in: Fix install-dirs - -2004-04-04 20:27 millert - - * visudo.c: In Exit() when used as a signal handler, emsg is a - pointer so sizeof() is wrong so make it a #define instead. Also - avoid using a negative exit value. Found by Aaron Campbell - -2004-03-24 18:23 millert - - * sudoers.pod: Remove bogus sentence about uids in a User_List. - Document usernames vs. uid parsing in a Runas_List. - -2004-03-24 18:06 millert - - * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: If - the user specified a uid with the -u flag and the uid exists in - the passwd file, set runas_user to the name, not the uid. - - When comparing usernames in sudoers, if a name is really a uid - (starts with '#') compare it numerically to pw_uid. - -2004-03-22 13:35 millert - - * auth/kerb5.c: krb5_mcc_ops should be const; Johnny C. Lam - -2004-02-28 18:54 aaron - - * CHANGES, config.h.in, ldap.c: Added start_tls support - -2004-02-14 18:04 millert - - * Makefile.in: Clean up libtool stuff for 'make distclean' and add - def_data.c, def_data.h to PARSESRCS. - -2004-02-14 10:13 aaron - - * strlcat.c, strlcpy.c: Un-Fix last license munge - -2004-02-13 16:37 millert - - * CHANGES, RUNSON, TODO: checkpoint - -2004-02-13 16:37 millert - - * lex.yy.c, configure: regen - -2004-02-13 16:36 millert - - * LICENSE, Makefile.binary, Makefile.in, alloc.c, check.c, - closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c, - find_path.c, getprogname.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - interfaces.h, ldap.c, logging.c, logging.h, parse.c, parse.h, - parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c, - strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, - sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.man.in, - sudoers.pod, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, visudo.man.in, visudo.pod, zero_bytes.c, auth/afs.c, - auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, - emul/search.h, emul/utime.h: More to a less restrictive, - ISC-style license. - -2004-02-12 21:08 aaron - - * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in, - def_data.c, def_data.h, def_data.in, ldap.c, sudo.c, sudo.h, - sudoers2ldif: Merged in LDAP Support - -2004-02-08 15:53 millert - - * sudo.h, sudo_noexec.c: Only do "extern int errno" if errno is not - a macro. - -2004-02-06 18:08 millert - - * set_perms.c: setreuid(0, 0) fails on QNX if the euid is not - already 0 so set the euid first, then just call setuid(0) to set - the real uid too. - -2004-02-06 14:52 millert - - * set_perms.c: Use setresuid() and setreuid() for PERM_RUNAS when - appropriate instead of seteuid() which may not exist. - -2004-02-04 14:58 millert - - * LICENSE: 2004 - -2004-02-03 23:38 millert - - * INSTALL, config.h.in, configure, configure.in, ins_classic.h: Add - --with-pc-insults configure option - -2004-02-03 23:32 millert - - * visudo.man.in: Prefer VISUAL over EDITOR like old vipw did. - -2004-02-01 15:45 millert - - * sudo.man.in, sudoers.man.in: regen - -2004-02-01 15:44 millert - - * sudoers.pod: Add a note that noexec is not a cure-all. - -2004-02-01 15:20 millert - - * sudoers.pod: Mention that disabling "root_sudo" is pretty - pointless. - -2004-02-01 15:20 millert - - * configure, configure.in: Substitute for root_sudo in sudoers.pod - -2004-02-01 15:03 millert - - * sudo.pod: Add sudoedit to the NAME section - -2004-02-01 15:00 millert - - * sudoers.pod: Document that fact that setting ignore_dot in - sudoers has no effect due to the fact that find_path() is called - *before* sudoers is read. - -2004-01-29 19:50 millert - - * sudo_edit.c: Do not require _PATH_USRTMP to be set. - -2004-01-29 19:42 millert - - * BUGS, CHANGES, TODO: sync - -2004-01-29 19:42 millert - - * sudo.man.in: regen - -2004-01-29 19:41 millert - - * sudo.pod: Clarify that when sudo is run by root with the - SUDO_USER variable set, the sudoers lookup happens for root and - not the SUDO_USER user. - -2004-01-29 17:33 millert - - * defaults.c, env.c, fnmatch.c, interfaces.c, logging.c, parse.c, - set_perms.c, sigaction.c, sudo.c, tgetpass.c, auth/pam.c, - auth/sudo_auth.c: Use the SET, CLR and ISSET macros. - -2004-01-29 16:22 millert - - * interfaces.h: MAIN was replaced with _SUDO_MAIN some time ago. - -2004-01-29 16:15 millert - - * sudo.c: Don't look at prev_user until after we've parsed sudoers - and done the password check. That way, if sudo/sudoedit is run - from a root process that was invoked by sudo, we check sudoers - for root, not the previous user. This makes sudoedit much more - useful and means that for the sudo case, we get correct logging - on who actually ran the command. - -2004-01-22 19:22 millert - - * sudo_edit.c: Add a comment describing why we need to be notified - about our child stopping. - -2004-01-22 16:06 millert - - * def_data.c, def_data.in: Update the noexec variable descriptions - -2004-01-22 14:18 millert - - * sudoers.man.in, sudoers.pod: noexec now replaces more than just - execve() - -2004-01-22 12:14 millert - - * sudo_noexec.c: Alas, all the world does not go through execve(2). - Many systems still have an execv(2) system call, Linux 2.6 - provides fexecve(2) and it is not uncommon for libc to have - underscore ('_') versions of the functions to be used internally - by the library. Instead of stubbing all these out by hand, - define a macro and let it do the work. Extra exec functions - pointed out by Reznic Valery. - -2004-01-21 21:57 millert - - * sudo.c, sudo_edit.c: Fix suspending the editor in -e mode. - Because we do a fork() first we need to be notified when the - child has been stopped and then send that same signal to ourself - so the shell can do its job control thing. - -2004-01-21 21:44 millert - - * visudo.c: Use WIFEXITED and WEXITSTATUS macros. If there are - systems out there that want to run sudo that still don't support - these we can try to deal with that later. - -2004-01-21 20:03 millert - - * lex.yy.c: regen - -2004-01-21 20:00 millert - - * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod: Document sudo - -e / sudoedit - -2004-01-21 19:08 millert - - * configure, configure.in: fix typo - -2004-01-21 19:02 millert - - * config.h.in, configure.in: Add SET/CLR/ISSET - -2004-01-21 18:55 millert - - * sudo.c: Allow non-exclusive flags when invoked as sudoedit. - Pretty print the long usage() line to not wrap (assumes 80 char - display) - -2004-01-21 18:01 millert - - * Makefile.in, sudo.c: If sudo is invoked as "sudoedit" the -e flag - is implied and no other flags are permitted. - -2004-01-21 18:00 millert - - * sudo.h: Add a new flag, -e, that makes it possible to give users - the ability to edit files with the editor of their choice as the - invoking user, not the runas user. Temporary files are used for - the actual edit and the temp file is copied over the original - after the editor is done. - -2004-01-21 17:25 millert - - * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: Add a new - flag, -e, that makes it possible to give users the ability to - edit files with the editor of their choice as the invoking user, - not the runas user. Temporary files are used for the actual edit - and the temp file is copied over the original after the editor is - done. - -2004-01-21 17:06 millert - - * sudo.c, env.c: If real uid == 0 and the SUDO_USER environment - variables is set, use that to determine the invoking user's true - identity. That way the proper info gets logged by someone who - has done "sudo su" but still uses sudo to as root. We can't do - this for non-root users since that would open up a security hole, - though perhaps it would be acceptable to use getlogin(2) on OSes - where this a system call (and doesn't just look in the utmp - file). - -2004-01-21 16:58 millert - - * pathnames.h.in: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP - -2004-01-21 16:57 millert - - * configure, config.h.in, configure.in: Add check for fchown(2) - -2004-01-20 14:22 millert - - * sudo.c: Back out portions of the -i commit that set NewArgv[0] in - set_runaspw. It is far to late to set NewArgv[0] there and will - have no effect anyway as cmnd and safe_cmnd have already been - set. - -2004-01-20 14:18 millert - - * visudo.c, visudo.pod: Prefer VISUAL over EDITOR like old vipw - did. - -2004-01-18 20:17 millert - - * env.c, sudo.c: In -i mode always set new environment based on the - runas user's passwd entry. - -2004-01-18 17:56 millert - - * sudo.man.in, sudo.pod: Document the new -i flag and sync SYNOPSIS - section with usage() in sudo.c. Also sort the flags in the - OPTIONS section. - -2004-01-18 17:55 millert - - * sudo.c, sudo.h: o Add -i that acts similar to "su -", based on - patches from David J. MacKenzie o Sort the flags in the usage - message - -2004-01-18 17:22 millert - - * sudoers.man.in, sudoers.pod: Add a missing @runas_default@ - substitution. - -2004-01-17 16:34 millert - - * sudo.c: Change euid to runas user before calling find_path(). - Unfortunately, though runas_user can be modified in sudoers we - haven't parsed sudoers yet. - -2004-01-17 16:25 millert - - * sudoers.man.in, sudoers.pod: Add missing defintion of - Parameter_List and use single pipes in the Defaults EBNF - definition. - -2004-01-17 13:49 millert - - * sudo.c: Fix a bug when set_runaspw() is used as a callback. We - don't want to reset the contents of runas_pw if the user - specified a user via the -u flag. - - Avoid unnecessary passwd lookups in set_authpw(). In most cases - we already have the info in runas_pw. - -2004-01-16 18:16 millert - - * check.c: Add Stan Lee / Uncle Ben quote to the lecture from - RedHat - -2004-01-16 18:12 millert - - * sudo.h: Update sudo_getepw() proto and add one for set_runaspw() - -2004-01-16 18:10 millert - - * parse.c: If we can't stat the command as root, try as the runas - user instead. - -2004-01-16 18:09 millert - - * testsudoers.c, visudo.c: Add stub set_runaspw() function - -2004-01-16 18:09 millert - - * sudo.c: Add set_runaspw() function to fill in runas_pw. This - will be used as a callback to update runas_pw when the runas user - changes. - -2004-01-16 18:07 millert - - * env.c, sudo.c: PERM_RUNAS -> PERM_FULL_RUNAS - -2004-01-16 18:05 millert - - * set_perms.c, sudo.h: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add - a PERM_RUNAS that just changes the euid. - -2004-01-16 18:04 millert - - * getspwuid.c: Make sudo_pwdup() act like OpenBSD pw_dup() and - allocate memory in one chunk for easy free()ing. Also change it - from static to extern. - -2004-01-16 18:03 millert - - * defaults.c, defaults.h: Add callback support - -2004-01-16 18:02 millert - - * def_data.c, def_data.in, mkdefaults: Add a callback field and use - it for runas_default - -2004-01-15 15:13 millert - - * auth/fwtk.c: Add support for chalnecho and display server - responses used by fwtk >= 2.0 - -2004-01-12 18:39 millert - - * sudoers.man.in, sudoers.pod: ld.so is ld.so.1 on solaris - -2004-01-12 14:03 millert - - * Makefile.in, config.h.in, configure, configure.in, sudo.c, - sudo.h: Use closefrom() instead of doing the equivalent inline. - -2004-01-12 13:55 millert - - * closefrom.c: closefrom(3) for systems w/o it - -2004-01-09 16:29 millert - - * sudoers.man.in: Update from .pod file. - -2004-01-09 16:26 millert - - * configure, configure.in: Substitute noexec_file for the sudoers - man page - -2004-01-09 16:24 millert - - * sudo.man.in, sudo.pod: Mention noexec - -2004-01-09 16:16 millert - - * sudoers.man.in, sudoers.pod: Document noexec - -2004-01-09 14:38 millert - - * config.h.in, configure.in, auth/pam.c: Move PAM_CONST macro - definition from config.h to pam.c where it belongs. We can't - have this in config.h since that gets included too early. - -2004-01-09 14:35 millert - - * config.h.in, configure, configure.in, auth/pam.c: Some PAM - implementations put their headers in /usr/include/pam instead of - /usr/include/security. - -2004-01-09 14:32 millert - - * configure.in: I missed changing the EXEC macro -> EXECV here when - I changed this in config.h.in and sudo.c a while ago. - -2004-01-09 13:15 millert - - * acsite.m4: OpenBSD vax/m88k/hppa don't do shared libs - -2004-01-09 03:29 millert - - * configure, configure.in: o merge the hpux case entries into a - single entry w/ its own sub-case statement. o HP-UX >= 11 - support getspnam(), use it in preference to getprpwuid() - -2004-01-09 02:58 millert - - * configure, configure.in: eval $shrext so that it expands nicely - on MacOS X - -2004-01-09 02:50 millert - - * Makefile.in: Don't lie about making a module, it does the wrong - thing on mach - -2004-01-09 02:49 millert - - * ltmain.sh: Remove requirement that libs must begin with "lib". - They don't when we point directly at the lib using LD_PRELOAD or - its equivalent. - -2004-01-09 02:01 millert - - * acsite.m4: Disable support for c++, f77 and java. We don't need - it, it takes a lot of time, and it hosed our check for shared lib - support. - -2004-01-09 02:00 millert - - * configure: regen - -2004-01-09 02:00 millert - - * configure.in: Call AC_ENABLE_SHARED and check the status of - enable_shared to know when shared libs are available. - -2004-01-09 01:37 millert - - * acsite.m4: Duh, OpenBSD suports shared libs too - -2004-01-09 01:18 millert - - * configure.in, config.h.in: Only OpenPAM and Linux PAM use const - qualifiers. - -2004-01-09 01:15 millert - - * configure, configure.in: o No need to check for sed, libtool - config does that for us o move check for --with-noexec until - after libtool magic is run so we can use $can_build_shared and - $shrext - -2004-01-09 01:14 millert - - * ltmain.sh: Don't print a bunch of crap about library installs - since we are not really installing a library. - -2004-01-09 00:38 millert - - * env.c: Make format_env() varargs Add noexec support for Darwin, - MacOS X, Irix, and Tru64 - -2004-01-09 00:32 millert - - * acsite.m4, ltconfig, ltmain.sh: Update to libtool 1.5 with local - changes: o no ldconfig in the finish step o assume no libprefix - or version is needed - -2004-01-09 00:15 millert - - * sudo_noexec.c: Fix compilation under K&R - -2004-01-06 09:31 millert - - * CHANGES: checkpoint - -2004-01-06 09:28 millert - - * sudo_noexec.c: stub execve() that just returns EACCES; used for - noexec functionality - -2004-01-06 01:42 millert - - * sudo.tab.h: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 - issue with generated code. - -2004-01-05 16:10 millert - - * def_data.c, def_data.h, def_data.in: Move the environment - defaults to the end and shorten a few of the descriptions. - -2004-01-05 15:05 millert - - * configure.in, configure: no shared libs on ultris or convexos - -2004-01-05 15:03 millert - - * Makefile.in, configure, configure.in: Build sudo_noexec shared - object using libtool; could use some cleanup. - -2004-01-05 14:59 millert - - * acsite.m4, ltconfig, ltmain.sh: libtool scaffolding - -2004-01-05 14:56 millert - - * parse.yacc: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so - that order is not important. - -2004-01-05 12:15 millert - - * defaults.c, env.c, parse.c, parse.h, parse.lex, parse.yacc, - pathnames.h.in, sudo.c, sudo.h, lex.yy.c: update copyright year - -2004-01-04 22:58 millert - - * configure, configure.in, defaults.c, env.c, pathnames.h.in: Add - _PATH_SUDO_NOEXEC and corresponding --with-noexec configure - option. The default value of noexec_file is set to this. - -2004-01-04 21:48 millert - - * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c, - parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.h: Add - support for preloading a shared object containing a dummy - execve() function that just sets error and returns -1. This adds - a "noexec_file" option to load the filename as well as a "noexec" - flag to enable it unconditionally. There is also a NOEXEC tag - that can be attached to specific commands and an EXEC tag to - disable it. - -2004-01-04 21:40 millert - - * mkdefaults: add missing newline to usage statement - -2004-01-04 20:39 millert - - * config.h.in, sudo.c: Rename EXEC macro -> EXECV - -2004-01-04 20:16 millert - - * logging.c: Don't truncate usernames to 8 characters in the log - message. - -2004-01-04 20:13 millert - - * check.c, sudoers.man.in, sudoers.pod: Update copyright year - -2004-01-04 20:12 millert - - * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in, - sudoers.pod: Add a new option, lecture_file, that can be used to - point to a custom sudo lecture. - -2003-12-31 17:46 millert - - * Makefile.in, sudo.h, zero_bytes.c, auth/aix_auth.c, - auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Add a - zero_bytes() function to do the equivalent of bzero in such a way - that will heopfully not be optimized away by sneaky compilers. - -2003-12-31 13:35 millert - - * err.c: Use #ifdef __STDC__, not #if __STDC__. - -2003-12-30 17:41 millert - - * mkdefaults: Always put at least one space between the def_* macro - name and its definition. - -2003-12-30 17:34 millert - - * configure, configure.in: Adjust code for --without-lecture to - match new values. - -2003-12-30 17:33 millert - - * visudo.man.in: regen after pasto fix - -2003-12-30 17:31 millert - - * sudoers.man.in, sudoers.pod: Document that "lecture" has changed - from a flag to a tuple. - -2003-12-30 17:31 millert - - * check.c, def_data.c, def_data.h, def_data.in, defaults.c, - defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h: Add - support for tuples in def_data.in; these are implemented as an - enum type. Currently there is only a single tuple enum but in - the future we may have one tuple enum per T_TUPLE entry in - def_data.in. Currently listpw, verifypw and lecture are tuples. - This avoids the need to have two entries (one ival, one str) for - pwflags and syslog values. - - lecture is now a tuple with the following values: never, once, - always - - We no longer use both an int and string entry for syslog - facilities and priorities. Instead, there are logfac2str() and - logpri2str() functions that get used when we need to print the - string values. - -2003-12-30 17:20 millert - - * check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c, - logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c, - visudo.c, auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, - auth/pam.c, auth/rfc1938.c, auth/securid5.c, auth/sia.c, - auth/sudo_auth.c: Create def_* macros for each defaults value so - we no longer need the def_{flag,ival,str,list,mode} macros (which - have been removed). This is a step toward more flexible data - types in def_data.in. - -2003-12-30 15:55 millert - - * TODO: checkpoint - -2003-12-22 21:18 millert - - * sudo.c: If we are in -k/-K mode, just spew to stderr. It is not - unusual for users to place "sudo -k" in a .logout file which can - cause sudo to be run during reboot after the YP/NIS/NIS+/LDAP/etc - daemon has died. Previously, this would result in useless mail - and logging. - -2003-12-16 13:51 millert - - * visudo.pod: fix pasto in VISUAL description - -2003-12-09 22:09 millert - - * configure: regen - -2003-12-09 22:08 millert - - * CHANGES: checkpoint - -2003-12-09 22:02 millert - - * TROUBLESHOOTING: Some OSes (like Solaris) allow export w/ nosuid - too - -2003-08-12 16:45 millert - - * compat.h: We don't use FD_ZERO anymore so just define FD_SET (if - not already there). - -2003-06-28 21:31 millert - - * auth/pam.c: Fix a core dump on Solaris by preserving the - pam_handle_t we used during authentication for pam_prep_user(). - If we didn't authenticate (ie: ticket still valid), we call - pam_init() from pam_prep_user(). This is something of a hack; it - may be better to change the auth API and add an auth_final() - function that acts like pam_prep_user(). - -2003-06-21 12:50 millert - - * set_perms.c: Add explicit declaration of printerr variable in - function header (was defaulting to int which is OK but oh so K&R - :-). From Theo. - -2003-06-09 19:00 millert - - * config.h.in, configure.in: s/HAVE_STOW/USE_STOW/ - -2003-06-09 16:07 millert - - * logging.c: Also exit waitpid() loop when pid == 0. Fixes a - problem where the sudo process would spin eating up CPU until - sendmail finished when it has to send mail. - -2003-05-30 16:22 millert - - * fnmatch.3, fnmatch.c: Remove advertising clause, UCB has - disavowed it - -2003-05-21 21:53 millert - - * parse.c: Don't assume that getgrnam() calls don't modify contents - of struct passwd returned by getpwnam(). On FreeBSD w/ NIS this - can happen. Based on a patch from Kirk Webb. - -2003-05-06 11:25 millert - - * configure.in: missing ;; - -2003-05-06 00:53 millert - - * configure.in: darwin has a broken setreuid() in at least some - versions - -2003-05-06 00:31 millert - - * env.c: Fix an off by one error when reallocating the environment; - Kevin Pye - -2003-04-30 14:04 millert - - * sudoers.pod: Fix User_Spec definition; SEKINE Tatsuo - -2003-04-28 19:30 millert - - * HISTORY: More info on the early days from Coggs. - -2003-04-21 14:47 millert - - * auth/kerb5.c: remove errant semicolon that prevented compilation - under heimdal - -2003-04-15 20:42 millert - - * Makefile.in, alloc.c, check.c, compat.h, defaults.c, defaults.h, - env.c, fileops.c, find_path.c, getprogname.c, getspwuid.c, - goodpath.c, interfaces.c, interfaces.h, logging.c, parse.c, - parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c, - strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, - sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, utime.c, - version.h, visudo.c, visudo.man.in, visudo.pod, auth/afs.c, - auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c: add DARPA credit - on affected files - -2003-04-15 20:25 millert - - * LICENSE: slightly different wording for the darpa credit - -2003-04-15 14:37 millert - - * LICENSE: Add DARPA credit - -2003-04-14 16:49 millert - - * auth/kerb5.c: Use krb5_princ_component() instead of - krb5_princ_realm() for MIT Kerberos like we did before I messed - things up ;-) - - Use krb5_principal_get_comp_string() to do the same thing w/ - Heimdal. I'm not sure if the component should be 0 or 1 in this - case. - - #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since - older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there - should be a configure check for this I guess. - -2003-04-13 15:48 millert - - * TROUBLESHOOTING, config.h.in, configure, configure.in, - sample.sudoers: builtin -> built-in; Jason McIntyre - -2003-04-13 15:45 millert - - * sudoers.pod: built in -> built-in; Jason McIntyre - -2003-04-09 16:14 millert - - * CHANGES: checkpoint for 1.6.7p3 - -2003-04-09 16:14 millert - - * HISTORY: Update info on the early years @ SUNY-Buffalo from Cliff - Spencer. Amazingly, sudo source from 1985 is available via - groups.google.com - -2003-04-09 16:13 millert - - * sudo.c: Don't change rl.rlim_max for RLIMIT_CORE. We need only - set rl.rlim_cur to 0 to turn off core dumps. This may be needed - for the RLIMIT_CORE restoration on some OSes. - -2003-04-04 12:46 millert - - * auth/kerb5.c: Make this compile on Heimdal and MIT Kerberos 5 - -2003-04-04 12:45 millert - - * config.h.in, configure, configure.in: Check for heimdal even if - we found krb5-config and define HAVE_HEIMDAL. - -2003-04-03 22:04 millert - - * auth/kerb5.c: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. - The former is no longer defined by MIT kerb5 (though it used to - be and indeed remains so in Heimdal). - -2003-04-03 10:16 millert - - * mkinstalldirs: Remove newer stuff that passes multiple (possibly - duplicate) directories to "mkdir -p" since that seems to break on - Tru64 Unix at least. This basically brings back what shipped - with sudo 1.6.6. - -2003-04-02 13:57 millert - - * auth/kerb5.c: Correct number of args to - krb5_principal_get_realm() and fix an unclosed comment that hid - the bug. - -2003-04-02 13:45 millert - - * configure: regen - -2003-04-02 13:45 millert - - * BUGS, CHANGES, INSTALL, INSTALL.binary, Makefile.in, README, - configure.in, version.h: ++version - -2003-04-02 13:44 millert - - * configure.in: use krb5-config to determine Kerberos V details if - it exists - -2003-04-02 13:25 millert - - * alloc.c, check.c, compat.h, defaults.c, env.c, find_path.c, - interfaces.c, logging.c, parse.c, sudo.c, sudo.h, testsudoers.c, - visudo.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c, - auth/securid5.c, auth/sia.c: Use warn/err and getprogname() - throughout. The main exception is openlog(). Since the admin - may be filtering logs based on the program name in the log files, - hard code this to "sudo". - -2003-04-02 13:16 millert - - * Makefile.in: Add getprogname.c and err.c - -2003-04-02 13:15 millert - - * configure: regen - -2003-04-02 13:15 millert - - * configure.in, config.h.in: Add checks for getprognam(), - __progname and err.h - -2003-04-02 13:14 millert - - * err.c, emul/err.h: For systems withour err/warn functions. - -2003-04-02 13:14 millert - - * getprogname.c: For systems neither getprogname() nor __progname; - uses Argv[0]. - -2003-04-01 10:09 millert - - * CHANGES: checkpoint for 1.6.7p1 - -2003-04-01 10:02 millert - - * sudo.c, testsudoers.c: fix strlcpy() rval check (innocuous) - -2003-04-01 09:58 millert - - * check.c: oflow detection in expand_prompt() was faulty (false - positives). The count was based on strlcat() return value which - includes the length of the entire string. - -2003-03-30 19:02 millert - - * CHANGES, RUNSON, TODO: checkpoint for the sudo 1.6.7 release - -2003-03-24 16:09 millert - - * logging.c: g/c unused variable - -2003-03-24 11:06 millert - - * configure: regen - -2003-03-24 11:05 millert - - * configure.in: use man sections 8 and 5 for csops - -2003-03-21 18:11 millert - - * configure: regen - -2003-03-21 15:10 millert - - * configure.in: Add -lskey or -lopie directly to SUDO_LIBS instead - of having AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage. - -2003-03-21 14:02 millert - - * configure: regen - -2003-03-21 14:01 millert - - * INSTALL, aclocal.m4, configure.in: Add --with-blibpath for AIX. - An alternate libpath may be specified or -blibpath support can be - disabled. Also change conifgure such that -blibpath is not - specified if no -L libpaths were added to SUDO_LDFLAGS. - -2003-03-20 22:05 millert - - * configure.in: add AIX blibpath support - -2003-03-20 20:28 millert - - * INSTALL, configure.in: --with-skey and --with-opie now take an - option directory argument This obsoletes a --with-csops hack - (/tools/cs/skey) - - Also remove the remaining direct uses of "echo" - -2003-03-20 17:44 millert - - * configure.in: Detect KTH Kerberos IV and deal with it. Also make - -lroken optional for KTH Kerberos IV and V. - -2003-03-20 14:42 millert - - * aclocal.m4: Add SUDO_APPEND_LIBPATH function that add - -L/path/to/dir (and -R/path/to/dir if $with_rpath) to the - specified variable. - -2003-03-20 14:40 millert - - * INSTALL, configure.in: Add -R/path/to/libs for Solaris and SVR4. - There is a new configure option, --with-rpath to control this - behavior. - -2003-03-19 23:50 millert - - * configure.in: for kerb4 put libdes after libkrb on the link line - -2003-03-19 23:49 millert - - * auth/kerb4.c: typo - -2003-03-19 23:33 millert - - * configure.in: fix kerberos lib check when a path is specified - -2003-03-19 21:04 millert - - * logging.c: Fix boolean thinko in SIGCHLD reaper and call - reapchild after sending mail instead of doing a conditional - sudo_waitpid. - -2003-03-19 16:20 millert - - * configure: regen - -2003-03-19 16:19 millert - - * configure.in: replace =DIR with [=DIR] where sensible - -2003-03-19 16:16 millert - - * configure.in: o Use AC_MSG_* instead of "echo" o New Kerberos - include/lib detection based on openssh's configure.in - -2003-03-19 15:58 millert - - * INSTALL: --with-kerb4 and --with-kerb5 now take an optional - argument. - -2003-03-15 22:03 millert - - * auth/securid.c: Kill remaining strcpy(), the programmer's guide - says username is 32 bytes. - -2003-03-15 21:18 millert - - * auth/kerb4.c: trat uid_t as unsigned long for printf and use - snprintf, not sprintf - -2003-03-15 21:18 millert - - * auth/rfc1938.c: use snprintf - -2003-03-15 15:37 millert - - * auth/: afs.c, aix_auth.c, bsdauth.c, dce.c, fwtk.c, kerb4.c, - kerb5.c, pam.c, passwd.c, rfc1938.c, sudo_auth.c: update - copyright year - -2003-03-15 15:31 millert - - * LICENSE, alloc.c, check.c, configure.in, env.c, sudo.c, - Makefile.in, aclocal.m4, compat.h, find_path.c, interfaces.c, - logging.c, parse.c, parse.lex, parse.yacc, set_perms.c, sudo.h, - sudo.pod, sudoers.pod, testsudoers.c, version.h, visudo.c, - visudo.pod, sudo.man.in, sudoers.man.in, visudo.man.in: update - copyright year - -2003-03-15 15:19 millert - - * check.c, env.c, sudo.c: Cast [ug]ids to unsigned long and printf - with %lu - -2003-03-15 15:17 millert - - * configure: regen - -2003-03-15 15:16 millert - - * configure.in: correct error messages for - --with-sudoers-{mode,uid,gid} - -2003-03-15 15:10 millert - - * alloc.c: make the malloc(0) error specific to each function to - aid tracking down bugs. - -2003-03-15 14:49 millert - - * alloc.c: deal with platforms where size_t is signed and there is - no SIZE_MAX or SIZE_T_MAX - -2003-03-15 14:10 millert - - * auth/kerb5.c: Make this compile w/ Heimdal and fix some gcc - warnings. - -2003-03-15 13:02 millert - - * sudo.c: Use stat_sudoers macro so --with-stow can work - -2003-03-15 13:01 millert - - * INSTALL, config.h.in, configure, configure.in: Add support for - --with-stow based on patches from Robert Uhl - -2003-03-15 12:51 millert - - * env.c: fix indentation - -2003-03-15 00:21 millert - - * configure.in: back out rev 1.352 - -2003-03-14 20:11 millert - - * lex.yy.c: regen - -2003-03-14 20:11 millert - - * parse.lex: use strlcpy, not strncpy - -2003-03-14 19:48 millert - - * set_perms.c: Fix typo; check pw_uid, not pw_gid after - setusercontext() failure. - -2003-03-14 19:43 millert - - * logging.c: use pid_t - -2003-03-14 10:43 millert - - * strlcat.c, strlcpy.c: Make gcc shutup about unused rcsid - -2003-03-14 10:35 millert - - * interfaces.c: Move the n == 0 check for the non-getifaddrs cas - -2003-03-13 21:47 millert - - * auth/rfc1938.c: skeychallenge() on NetBSD take a size parameter - -2003-03-13 21:38 millert - - * configure: regen - -2003-03-13 21:38 millert - - * configure.in: put -ldl after -lpam, not before; fixes static - linking on Linux - -2003-03-13 21:17 millert - - * interfaces.c: Avoid malloc(0) and fix the loop invariant for the - getifaddrs() case. - -2003-03-13 20:24 millert - - * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat, - sudoers.cat, visudo.cat: regen - -2003-03-13 20:23 millert - - * Makefile.in: Preserve copyright notice from .pod file in .man.in - file - -2003-03-13 20:01 millert - - * visudo.pod: Add sudoers(5) to SEE ALSO - -2003-03-13 15:27 millert - - * lex.yy.c: regen - -2003-03-13 15:27 millert - - * parse.lex: Don't assume libc can realloc() a NULL string. If - malloc/realloc fails, make sure we just return; yyerror() is not - terminal. - -2003-03-13 15:17 millert - - * lex.yy.c: regen - -2003-03-13 15:17 millert - - * parse.lex: simplify fill_args a little and use strlcpy for - paranoia - -2003-03-13 15:00 millert - - * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c, - testsudoers.c: Use strlc{at,py} for paranoia's sake and exit on - overflow. In all cases the strings were either pre-allocated to - the correct size of length checks were done before the copy but a - little paranoia can go a long way. - -2003-03-13 12:54 millert - - * sudo.h: Add strlc{at,py} protos - -2003-03-13 12:03 millert - - * env.c, interfaces.c: Use erealloc3() - -2003-03-13 12:00 millert - - * configure: regen - -2003-03-13 12:00 millert - - * alloc.c: Oflow test of nmemb > SIZE_MAX / size is fine (don't - need >=). Use memcpy() instead of strcpy() in estrdup() so this - is strcpy()-free. - -2003-03-13 11:58 millert - - * sudo.c: snprintf() a uid as %lu, not %ld to match the - MAX_UID_T_LEN test in configure. - -2003-03-13 11:56 millert - - * aclocal.m4: In MAX_UID_T_LEN test cast uid_t to unsigned long, - just unsigned. - -2003-03-12 18:46 millert - - * sudo.c: Use snprintf() for paranoia - -2003-03-12 17:16 millert - - * parse.yacc: Use emalloc2 and erealloc3 - -2003-03-12 17:08 millert - - * Makefile.in: strlc{at,py} for those w/o it - -2003-03-12 17:07 millert - - * strlcat.c, strlcpy.c: stlc{at,py} for those w/o it. - -2003-03-12 17:07 millert - - * config.h.in, configure, configure.in: Add stlc{at,py} for those - w/o it. - -2003-03-12 16:51 millert - - * alloc.c, sudo.h: Add erealloc3(), a realloc() version of - emalloc2(). - -2003-03-12 16:45 millert - - * interfaces.c, sudo.c: Use emalloc2() to allocate N things of a - certain size. - -2003-03-12 16:41 millert - - * alloc.c, sudo.h: Add emalloc2() -- like calloc() but w/o the - bzero and with error/oflow checking. - -2003-03-12 16:23 millert - - * alloc.c: Error out on malloc(0); suggested by theo - -2003-03-09 19:34 millert - - * configure, configure.in: fix a typo; David Krause - -2003-03-07 10:46 millert - - * sudo.pod: fix typo - -2003-03-03 21:47 millert - - * env.c: Remove DYLD_ from the environment for MacOS X; from bbraun - -2003-03-01 13:20 millert - - * configure.in, config.h.in: not not; Anil Madhavapeddy - -2003-01-23 03:03 millert - - * sudo.pod, sudoers.pod, visudo.pod: typos; jmc@openbsd.org - -2003-01-20 16:13 millert - - * parse.yacc: Add some missing ';' rule terminators that bison - warns about. - -2003-01-20 16:07 millert - - * config.sub: fix typo I introduced in last merge - -2003-01-20 15:59 millert - - * configure: regenerate with autoconf 2.57 - -2003-01-20 15:58 millert - - * config.h.in: Add missing "$HOME" - -2003-01-20 15:57 millert - - * configure.in: Add some more square backets to make autoconf 2.57 - happy - -2003-01-20 14:39 millert - - * config.guess, config.sub, mkinstalldirs: Updates from - autoconf-2.57 - -2003-01-17 18:10 millert - - * lex.yy.c, sudo.tab.h: regen - -2003-01-17 18:09 millert - - * parse.lex, parse.yacc, sudoers.pod: Add support for - Defaults>RunasUser - -2003-01-06 19:10 millert - - * visudo.c: fclose() yyin after each yyparse() is done and use - fopen() instead of using freopen(). - -2003-01-06 19:02 millert - - * parse.lex: Better fix for sudoers files w/o a newline before EOF. - It looks like the issue is that yyrestart() does not reset the - start condition to INITIAL which is an issue since we parse - sudoers multiple times. - -2003-01-06 18:47 millert - - * parse.lex: Work around what appears to be a flex bug when dealing - with files that lack a final newline before EOF. This adds a - rule to match EOF in the non-initial states which resets the - state to INITIAL and throws an error. - -2003-01-06 15:06 millert - - * visudo.c: o The parser needs sudoers to end with a newline but - some editors (emacs) may not add one. Check for a missing - newline at EOF and add one if needed. o Set quiet flag during - initial sudoers parse (to get options) o Move yyrestart() call - and always use freopen() to open yyin after initial sudoers - parse. - -2002-12-15 11:24 millert - - * set_perms.c: Fix pasto/thinko in setresgid()/setregid() usage. - Want to set effective gid, not real gid, when reading sudoers. - -2002-12-15 11:08 millert - - * set_perms.c: don't compile set_perms_posix if we have setreuid or - setresuid - -2002-12-14 14:21 millert - - * sudo.pod, sudoers.pod: document new prompt escapes - -2002-12-14 14:15 millert - - * check.c: Add %U and %H escapes and redo prompt rewriting. "%%" - now gets collapsed to "%" as was originally intended. This also - gets rid of lastchar (does lookahead instead of lookback) which - should simplify the logic slightly. - -2002-12-13 13:20 millert - - * tgetpass.c: Write the prompt *after* turning off echo to avoid - some password characters being echoed on heavily-loaded machines - with fast typists. - -2002-12-13 13:09 millert - - * config.sub: Add support for mipseb; wiz@danbala.tuwien.ac.at - -2002-12-13 12:48 millert - - * configure.in: Fix IRIX fallout from name changes in man dir/sect - Makefile variables. Patch from erici AT motown DOT cc DOT utexas - DOT edu - -2002-12-13 11:33 millert - - * auth/pam.c: Keep a local copy of tgetpass_flags so we don't add - in TGP_ECHO to the global copy. Problem noted by Peter Pentchev. - -2002-11-28 18:43 millert - - * parse.yacc: Add missing yyerror() calls; YYERROR does not seem to - call this for us. - -2002-11-26 12:09 millert - - * sudo.c: fix typo in comment; Pedro Bastos - -2002-11-22 14:41 millert - - * INSTALL: document --disable-setresuid - -2002-11-22 14:41 millert - - * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sudo_auth.c: - Sprinkle some volatile qualifiers to prevent over-enthusiastic - optimizers from removing memset() calls. - -2002-11-22 14:11 millert - - * logging.c, parse.yacc: minor sign fixes pointed out by gcc - -Wsign-compare - -2002-11-22 14:09 millert - - * set_perms.c, sudo.c, sudo.h: Revamp set_perms. We now use a - version based on setresuid() or setreuid() when possible since - that allows us to support the stay_setuid option and we always - know exactly what the semantics will be (various Linux kernels - have broken POSIX saved uid support). - -2002-11-22 14:08 millert - - * config.h.in, configure: regen from configure.in - -2002-11-22 14:07 millert - - * configure.in: Add checks for setresuid() and a way to disable - using it - -2002-11-22 14:05 millert - - * compat.h: No long need to emulate set*[ug]id() via setres[ug]id() - or setre[ug]id(). The new set_perms stuff only uses things it - knows are there. - -2002-11-22 13:33 millert - - * sudo.c: Before exec, restore state of signal handlers to be the - same as when we were initialy invoked instead of just reseting to - SIG_DFL. Fixes a problem when using sudo with nohup. Based on a - patch from Paul Markham. - -2002-11-22 13:23 millert - - * sudo.c: o timestamp_uid should be uid_t, not int o clarify error - message when sudo is run by root and no_root_sudo is set - -2002-09-19 17:27 millert - - * README: update ftp link for bison - -2002-07-20 08:30 millert - - * set_perms.c: Error out if setusercontext() fails and the runas - user is not root. - -2002-05-20 16:51 millert - - * auth/securid5.c: Fix rcsid - -2002-05-20 16:50 millert - - * configure.in: Fix SecurID API test - -2002-05-17 13:20 millert - - * env.c: typo in comment - -2002-05-17 13:20 millert - - * configure.in: securid5 stuff needs pthreads. Just adding - -lpthread is suboptimal but I don't see a better way at the - moment. - -2002-05-17 13:04 millert - - * Makefile.in, auth/securid5.c: SecurID API version 5 support from - Michael Stroucken - -2002-05-17 13:02 millert - - * configure.in: Add check for SecurID 5.0 API - -2002-05-08 16:46 millert - - * strerror.c: We actually do still need config.h to get the 'const' - definition for K&R C. - -2002-05-05 16:43 millert - - * configure: regen with autoconf 2.5.3 - -2002-05-05 16:25 millert - - * configure.in: Don't set sysconfdir to '/etc' if the user has - specified a --prefix. - -2002-05-05 16:14 millert - - * configure.in: Some fixes for autoconf 2.53 from Robert Uhl o - don't AC_SUBST LIBOBJS o force a 4th arg for AC_CHECK_HEADER() - to workaround a bug - -2002-05-05 15:58 millert - - * env.c, sudo.c, sudo.h: No need for dump_badenv() now that - dump_defaults() knows how to dump lists. - -2002-05-04 21:31 millert - - * BUGS, INSTALL, Makefile.in, configure.in, version.h, - INSTALL.binary, README: ++version - -2002-05-04 20:57 millert - - * sudoers.pod: document timestampowner - -2002-05-04 20:45 millert - - * check.c: Don't call set_perms() when doing timestamp stuff unless - timestamp_uid != 0. - -2002-05-04 20:43 millert - - * check.c, logging.c, parse.c, set_perms.c, sudo.c, sudo.h, - testsudoers.c, auth/sudo_auth.c: g/c second arg to set_perms--it - is no longer used - -2002-05-03 18:48 millert - - * check.c, set_perms.c, sudo.c, sudo.h: Add support for non-root - timestamp dirs. This allows the timestamp dir to be shared via - NFS (though this is not recommended). - -2002-05-03 18:47 millert - - * def_data.c, def_data.h, def_data.in: Add timestampowner, "Owner - of the authentication timestamp dir" - -2002-05-02 15:40 millert - - * env.c: Don't try to pre-compute the size of the new envp, just - allocate space up front and realloc as needed. Changes to the - new env pointer must all be made through insert_env() which now - keeps track of spaced used and allocates as needed. - -2002-04-26 15:12 millert - - * configure: regen - -2002-04-26 15:12 millert - - * configure.in: Fix two typo/pastos; from jrj@purdue.edu - -2002-04-25 11:36 millert - - * INSTALL.binary, README: ++version - -2002-04-25 11:35 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in, configure: regen - -2002-04-25 11:31 millert - - * CHANGES, RUNSON, TODO: Sync with 1.6.6 - -2002-04-25 11:30 millert - - * check.c: The the loop used to expand %h and %u, the lastchar - variable was not being initialized. This means that if the last - char in the prompt is '%' and the first char is 'h' or 'u' a - extra copy of the host or user name would be copied, for which - space had not been allocated. - -2002-04-18 11:41 millert - - * BUGS, INSTALL, Makefile.in, configure.in, version.h: crank - version to 1.6.6 - -2002-04-18 11:39 millert - - * auth/afs.c: #undef VOID to get rid of an AFS warning - -2002-04-18 11:38 millert - - * env.c: Use easprintf instead of emalloc + sprintf for some - things. - -2002-03-15 19:45 millert - - * lex.yy.c: regen - -2002-03-15 19:44 millert - - * parse.c, parse.lex, parse.yacc, testsudoers.c: Remove Chris - Jepeway's email address so people don't bug him ;-) - -2002-03-11 22:19 millert - - * sudo.c: Move endpwent() to be after set_perms(PERM_RUNAS, ...) - and also call endgrent() at the same time. - -2002-02-21 22:23 millert - - * INSTALL: Make it clear which configure options take arguments. - -2002-01-25 13:38 millert - - * compat.h: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there - is no RLIM_INFINITY, just pretend it is -1. This works because - we only check for RLIM_INFINITY and do not set anything to that - value. - -2002-01-22 11:43 millert - - * auth/pam.c: Zero and free allocated memory when there is a - conversation error. - -2002-01-21 22:37 millert - - * auth/bsdauth.c: Use sigaction() not signal() - -2002-01-21 22:26 millert - - * INSTALL: Mention that some linux kernels have broken POSIX saved - ID support - -2002-01-21 21:03 millert - - * CHANGES: checkpoint for 1.6.5p2 - -2002-01-21 21:01 millert - - * configure: regen - -2002-01-21 21:01 millert - - * configure.in: Add --disable-setreuid flag - -2002-01-21 21:00 millert - - * INSTALL: Document new --disable-setreuid option and change - description for --disable-saved-ids to match new error message. - -2002-01-21 21:00 millert - - * set_perms.c: fatal() now takes an argument that determines - whether or not to call perror(). - -2002-01-21 20:58 millert - - * PORTING, TROUBLESHOOTING: Update for new error messages from - set_perms() - -2002-01-21 17:46 millert - - * auth/pam.c: Make this compile w/o warnings - -2002-01-21 17:36 millert - - * auth/pam.c: Mention that we can't use pam_acct_mgmt() - -2002-01-21 17:25 millert - - * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c: The user's password - was not zeroed after use when AIX authentication, BSD - authentication, FWTK or PAM was in use. - -2002-01-20 14:21 millert - - * auth/pam.c: Avoid giving PAM a NULL password response, use the - empty string instead. This avoids a log warning when the user - hits ^C at the password prompt when PAM is in use. - -2002-01-19 19:46 millert - - * auth/pam.c: Don't check the return value of pam_setcred(). In - Linux-PAM 0.75 pam_setcred() returns the last saved return code, - not the return code for the setcred module. Because we haven't - called pam_authenticate(), this is not set and so pam_setcred() - returns PAM_PERM_DENIED. - -2002-01-19 19:43 millert - - * Makefile.binary, Makefile.in: Don't need a '/' between $(DESTDIR) - and a directory. - -2002-01-18 14:18 millert - - * configure: regen - -2002-01-18 14:18 millert - - * configure.in: o BSDi also has a bogus setreuid() o Old FreeBSD - has a bogus setreuid() o new NetBSD has a real setreuid() o add - check for freeifaddrs() if getifaddrs() exists. - -2002-01-18 14:17 millert - - * config.h.in, interfaces.c: Older BSDi releases lack freeifaddrs() - so add a test for that and if it is not present just use free(). - -2002-01-17 11:30 millert - - * CHANGES, RUNSON: Checkpoint for 1.6.5p1 - -2002-01-17 10:56 millert - - * auth/passwd.c: Return AUTH_FAILURE in passwd_init() if - skeyaccess() denies access to normal passwords, not AUTH_FATAL - (which just causes an exit). - -2002-01-17 10:35 millert - - * visudo.c: Don't use memory after it has been freed. - -2002-01-17 00:24 millert - - * auth/passwd.c: skeyaccess() wants a struct passwd * not a char *; - Patch from Phillip E. Lobbes - -2002-01-16 20:00 millert - - * BUGS: ++version - -2002-01-16 19:53 millert - - * CHANGES, RUNSON, TODO: checkpoint for sudo 1.6.5 - -2002-01-16 18:37 millert - - * configure: regen - -2002-01-16 18:37 millert - - * INSTALL, INSTALL.binary, Makefile.in, README, configure.in: - version 1.6.5 - -2002-01-16 18:37 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: sudo version 1.6.5 - -2002-01-16 16:28 millert - - * logging.c: o when invoking the mailer as root use a hard-coded - environment that doesn't include any info from the user's - environment. Basically paranoia. - - o Add support for the NO_ROOT_MAILER compile-time option and run - the mailer as the user and not root if NO_ROOT_MAILER is - defined. - -2002-01-16 16:27 millert - - * set_perms.c, sudo.h: Bring back PERM_FULL_USER - -2002-01-16 16:26 millert - - * configure: regen - -2002-01-16 16:26 millert - - * version.h: version 1.6.5 - -2002-01-16 16:26 millert - - * INSTALL, config.h.in, configure.in: Add --disable-root-mailer - option to run the mailer as the user and not root. - -2002-01-16 12:44 millert - - * CHANGES: checkpoint for 1.6.4p2 - -2002-01-15 19:22 millert - - * PORTING: Mention the "seteuid(0): Operation not permitted" - problem here too just for good measure. - -2002-01-15 18:43 millert - - * env.c, getspwuid.c, sudo.c: The SHELL environment variable was - preserved from the user's environment instead of being reset - based on the passwd database when the "env_reset" option was - used. Now it is reset as it should be. - -2002-01-15 17:47 millert - - * configure: regen - -2002-01-15 17:47 millert - - * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c, - sudo.c: Add a configure option to turn off use of POSIX saved IDs - -2002-01-15 15:48 millert - - * configure: regen - -2002-01-15 15:48 millert - - * configure.in: add --with-efence option - -2002-01-15 15:39 millert - - * sudo.c: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a - problem where "sudo -l" would not work if always_set_home was - set. - -2002-01-15 13:16 millert - - * lex.yy.c: regen - -2002-01-15 13:16 millert - - * parse.lex: Quoted commas were not being treated correctly in - command line arguments. - -2002-01-14 20:53 millert - - * sudo.c: o Move the call to rebuild_env() until after - MODE_RESET_HOME is set. Otherwise, the set_home option has no - effect. - - o Fix use of freed memory when the "fqdn" flag is set. This was - introduced by the fix for the "segv when gethostbynam() fails" - bug. Also, we no longer call set_fqdn() if the "fqdn" flag is - not set so there is no need to check the "fqdn" flag in - set_fqdn() itself. - -2002-01-14 20:45 millert - - * env.c: Add 'continue' statements to optimize the switch - statement. From Solar. - -2002-01-13 13:42 millert - - * sudoers.cat, sudoers.man.in: Regen from new sudoers.pod - -2002-01-13 13:36 millert - - * sudoers.pod: Add caveat about stay_setuid flag - -2002-01-13 13:29 millert - - * sudo.c: If set_perms == set_perms_posix and the stay_setuid flag - is not set, set all uids to 0 and use set_perms_fallback(). - -2002-01-13 13:28 millert - - * set_perms.c, sudo.h: Remove PERM_FULL_USER (which is no longer - used) and add PERM_FULL_ROOT (used when exec'ing the mailer). - -2002-01-13 13:27 millert - - * logging.c: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the - mailer since we never want to run the mailer setuid. - -2002-01-12 17:55 millert - - * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in, - visudo.pod: Use sudo.ws instead of courtesan.com in URLs - -2002-01-12 14:00 millert - - * Makefile.in, Makefile.binary: Fix mansect substitution - -2002-01-12 13:15 millert - - * Makefile.in: Substitute man sections in Makefile.binary - -2002-01-12 13:15 millert - - * Makefile.binary: Sync install targets with Makefile.in and - substitute in man sections. - -2002-01-12 13:09 millert - - * INSTALL, INSTALL.binary: version is 1.6.4 - -2002-01-12 12:59 millert - - * Makefile.in: Repair bindist target - -2002-01-12 11:43 millert - - * CHANGES: sync for 1.6.4 - -2002-01-10 13:00 millert - - * install-sh: Fix case where neither whoami nor id are found - -2002-01-09 12:35 millert - - * install-sh: If neither whoami nor id exists, just assume we are - root. - -2002-01-09 11:56 millert - - * alloc.c: Add explicit cast to (VOID *) on malloc/realloc. Seems - to be needed on AIX which for some reason isn't pulling in the - malloc prototype. - -2002-01-08 10:00 millert - - * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c: (c) 2002 - -2002-01-08 09:21 millert - - * CHANGES: checkpoint - -2002-01-08 09:20 millert - - * sudo.c: Defer assigning new environment until right before the - exec. - -2002-01-08 09:08 millert - - * parse.c: kill extra blank line - -2002-01-07 13:59 millert - - * configure: regen - -2002-01-07 13:59 millert - - * configure.in: Use -O not -O2 for m88k-motorola-sysv* since - motorola gcc-derived compiler doesn't recognise -O2. - -2002-01-06 23:02 millert - - * HISTORY: Clarify origins of Root Group sudo a bit based on info - from billp@rootgroup.com - -2002-01-02 22:41 millert - - * LICENSE: 2002 - -2002-01-02 22:26 millert - - * CHANGES: checkpoint for 1.6.4rc1 - -2002-01-02 17:40 millert - - * config.h.in: now generated via autoheader - -2002-01-02 17:40 millert - - * configure: regen - -2002-01-02 17:37 millert - - * compat.h: Move in some stuff that was previously in config.h. - -2002-01-02 17:36 millert - - * configure.in, aclocal.m4: Add info for autoheader. - -2002-01-01 16:53 millert - - * Makefile.in: o Add DESTDIR support - o Use -M, -O, and -G instead of -m, -o, and -g to facilitate - non-root installs - -2002-01-01 16:48 millert - - * install-sh: Add -M option (like -m but only for root) If we can't - find "whoami", use "id" w/ some sed. - -2002-01-01 14:01 millert - - * configure: regen - -2002-01-01 14:00 millert - - * configure.in: allow user to always override mansectsu and - mansectform - -2001-12-31 17:05 millert - - * mkinstalldirs: update from autoconf 2.52 - -2001-12-31 17:03 millert - - * config.guess, config.sub: Update from autoconf 2.52 - -2001-12-31 16:57 millert - - * configure: regen with autoconf 2.52 - -2001-12-31 16:57 millert - - * configure.in: o Call AC_PROG_CC_STDC to find out how to run the - compiler in ANSI mode - o Remove compiler-specific checks for HP-UX now that we use - AC_PROG_CC_STDC - -2001-12-31 12:19 millert - - * RUNSON: Checkpoint - -2001-12-31 12:18 millert - - * auth/pam.c: o Add pam_prep_user function to call pam_setcred() - for the target user; on Linux this often sets resource limits. - o When calling pam_end(), try to convert the auth->result to a - PAM_FOO value. This is a hack--we really need to stash the - last PAM_FOO value received and use that instead. - -2001-12-31 12:18 millert - - * set_perms.c, sudo.h: o Add pam_prep_user function to call - pam_setcred() for the target user; on Linux this often sets - resource limits. - -2001-12-31 00:53 millert - - * env.c: Fix off by one error in number of bytes allocated via - malloc (does not affected any released version of sudo). - -2001-12-30 17:12 millert - - * lex.yy.c: regen - -2001-12-30 17:12 millert - - * parse.lex: Allow '@', '(', ')', ':' in arguments to a defaults - variable w/o requiring that they be quoted. - -2001-12-30 14:26 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod: Mention that no double - quotes are needed when adding/deleting/assigning a single value - to a list. - -2001-12-30 13:58 millert - - * Makefile.in: Don't rely on mkdefaults being executable, call perl - explicitly. - -2001-12-30 13:41 millert - - * parse.yacc: Remove some XXX that are no longer relevant. - -2001-12-30 13:40 millert - - * defaults.c: o Roll our own loop instead of using strpbrk() for - better grokability o When adding to a list we must malloc() and - use memcpy(), not strdup() since we must only copy len bytes - from str. - -2001-12-21 16:49 millert - - * parse.yacc: typo in comment - -2001-12-19 11:50 millert - - * CHANGES: checkpoint - -2001-12-19 10:56 millert - - * configure: regen - -2001-12-19 10:56 millert - - * configure.in: avoid the -g flag unless --with-devel was specified - -2001-12-19 10:04 millert - - * Makefile.in: mkdefaults, def_data.in and sigaction.c were missing - from the tarball - -2001-12-19 09:46 millert - - * Makefile.in: def_data.c was missing - -2001-12-18 12:42 millert - - * env.c: Fix setting of $USER and $LOGNAME in the non-reset_env - case. Also allow HOME, SHELL, LOGNAME, and USER to be specified - in keep_env - -2001-12-17 20:48 millert - - * TODO: Another TODO item - -2001-12-17 19:50 millert - - * sudoers: Add comment for Default section so folks know where it - should go. - -2001-12-17 18:56 millert - - * tgetpass.c: Use TCSETAF, not TCSETA to set terminal in termio - case - -2001-12-17 18:35 millert - - * sudoers.man.in, sudoers.cat: regen from sudoers.pod - -2001-12-17 18:33 millert - - * sudoers.pod: o Typo, Runas_User_List should be Runas_List - o a User_List can not contain a uid - o mention that the Defaults section should come after Alias - definitions but before the user specifications - -2001-12-15 11:51 millert - - * sudoers.cat, sudoers.man.in: regen - -2001-12-15 11:51 millert - - * sudoers.pod: Fix listpw and verifypw sections, they were not - being formatted properly. - -2001-12-15 11:39 millert - - * sudoers.cat, sudoers.man.in: regen - -2001-12-15 11:38 millert - - * sudoers.pod: fix typos - -2001-12-15 10:57 millert - - * configure: regen - -2001-12-15 10:57 millert - - * configure.in, config.h.in: use AC_SYS_POSIX_TERMIOS instead of - rolling our own - -2001-12-15 10:33 millert - - * README: Reference sudo.ws not courtesan.com - -2001-12-15 10:29 millert - - * PORTING: Add notes on shadow passwords - -2001-12-15 00:48 millert - - * BUGS: In list mode (sudo -l), characters escaped with a backslash - are shown verbatim with the backslash. - -2001-12-15 00:44 millert - - * sudoers: Add simple examples from OpenBSD (Marc Espie) - -2001-12-15 00:40 millert - - * tgetpass.c: Catch SIGTTIN and SIGTTOU too and treat them like - SIGTSTP. - -2001-12-14 21:53 millert - - * CHANGES: minor prettyification - -2001-12-14 21:43 millert - - * CHANGES: Updated change log - -2001-12-14 21:27 millert - - * testsudoers.c: Fix CIDR handling here too. - -2001-12-14 21:21 millert - - * auth/pam.c: Apparently a NULL response is OK - -2001-12-14 21:19 millert - - * TODO: Checkpoint for upcoming beta release - -2001-12-14 21:17 millert - - * TROUBLESHOOTING: Many people believe that adding a runas spec - should obviate the need for the -u flag. It does not. - -2001-12-14 21:11 millert - - * RUNSON: checkpoint update for upcoming 1.6.4 beta - -2001-12-14 20:44 millert - - * config.h.in: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define - HAVE_STRINGS_H even if HAVE_STRING_H is defined -- this is safe - now - -2001-12-14 20:07 millert - - * PORTING: Add signals section - -2001-12-14 20:00 millert - - * configure: regen - -2001-12-14 20:00 millert - - * configure.in: Fix check for sigaction_t - -2001-12-14 19:45 millert - - * sudo.c: XXX - should call find_path() as runas user, not root. - Can't do that until the parser changes though. - -2001-12-14 19:38 millert - - * sudo.c: If find_path() fails as root, try again as the invoking - user (useful for NFS). Idea from Chip Capelik. - -2001-12-14 19:28 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: Regenerate - after pod file changes - -2001-12-14 19:24 millert - - * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h, - sudo.pod, sudoers.pod: Add new sudoers option "preserve_groups". - Previously sudo would not call initgroups() if the target user - was root. Now it always calls initgroups() unless the -P command - line option or the "preserve_groups" sudoers option is set. Idea - from TJ Saunders. - -2001-12-14 18:38 millert - - * compat.h, config.h.in: Use new HAVE_SIGACTION_T define - -2001-12-14 18:33 millert - - * logging.c: Fix compilation on K&C - -2001-12-14 18:14 millert - - * configure: regen - -2001-12-14 18:14 millert - - * configure.in: Add check for sigaction_t -- IRIX already defines - this so don't redefine it. - -2001-12-14 17:15 millert - - * snprintf.c: fix typo - -2001-12-14 17:12 millert - - * interfaces.c: need stdlib.h here too - -2001-12-14 15:31 millert - - * configure: regen - -2001-12-14 15:31 millert - - * configure.in: Remove redundant checks for string.h, strings.h and - unistd.h - -2001-12-14 15:29 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: Regen from pod files - -2001-12-14 15:03 millert - - * BUGS: Update for 1.6.4 - -2001-12-14 14:59 millert - - * configure, lex.yy.c: regen - -2001-12-14 14:56 millert - - * strerror.c: Return EINVAL if errnum > sys_nerr - -2001-12-14 14:54 millert - - * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h, - config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h, - sudo.pod, auth/sudo_auth.h: o Update copyright year - -2001-12-14 14:54 millert - - * configure.in: o Don't define STDC_HEADERS unconditionally for - IRIX o Update copyright year - -2001-12-14 14:53 millert - - * README: update version - -2001-12-14 14:52 millert - - * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c, - fnmatch.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, - logging.c, lsearch.c, parse.c, parse.lex, parse.yacc, - set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, - utime.c, visudo.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, - auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/sia.c, auth/sudo_auth.c: o Reorder some headers and use - STDC_HEADERS define properly o Update copyright year - -2001-12-14 01:53 millert - - * configure: regen - -2001-12-14 01:53 millert - - * tgetpass.c: flags set in signal handlers should be volatile - sig_atomic_t - -2001-12-14 01:52 millert - - * config.h.in, configure.in: Add checks for volatile and - sig_atomic_t - -2001-12-14 01:42 millert - - * lex.yy.c, configure: regen - -2001-12-14 01:40 millert - - * def_data.c, def_data.h, def_data.in, defaults.c, env.c, - find_path.c, sudo.c, sudoers.pod: Remove "secure_path" Defaults - option since it cannot work with the existing parser. - -2001-12-14 01:26 millert - - * find_path.c, sudo.c: Unset "secure_path" if user_is_exempt() - -2001-12-14 01:24 millert - - * env.c, pathnames.h.in: o Remove assumption that PATH and TERM are - not listed in env_keep o If no PATH is in the environment use a - default value o If TERM is not set in the non-reset case also - give it a default value. - -2001-12-14 01:17 millert - - * aclocal.m4, configure.in, defaults.c, pathnames.h.in: - _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works - on systems that define in paths.h - -2001-12-14 01:15 millert - - * auth/: passwd.c, sudo_auth.c, sudo_auth.h: Add support for - skeyaccess(3) if it is present in libskey. - -2001-12-12 21:42 millert - - * sudo.c: Only need to do 'lc = login_getclass(NULL)' if lc == NULL - -2001-12-12 21:24 millert - - * parse.lex: '\\' is a perfectly legal character to have in a - command line argument. - -2001-12-12 20:24 millert - - * sudo.c: o Defer call to set_fqdn() until it is safe to use - log_error() o Don't print errno string value if gethostbyname - fails, it is not relevant - -2001-12-12 20:07 millert - - * parse.c: Fix CIDR -> in_addr_t conversion. - -2001-12-12 16:21 millert - - * sudoers.pod: Remove an extra "User_List" in the User_Spec - definition From ybertrand AT snoopymail.com - -2001-12-12 16:00 millert - - * parse.c: Make 'listpw=never' work for users who are not - explicitly mentioned in sudoers. - -2001-12-12 15:40 millert - - * sudoers.pod: Remove gratuitous '=' in EBNF grammar; era AT iki.fi - -2001-12-12 15:34 millert - - * sudoers.pod: Document new list Defaults type and convert env_keep - and env_delete to lists. Document new env_check option. - -2001-12-12 15:11 millert - - * lex.yy.c, sudo.tab.h: regen parser - -2001-12-12 14:56 millert - - * parse.lex: Don't let '#' appear in a {WORD} and restrict #foo in - a Runas spec to #[0-9-]+. - -2001-12-12 14:55 millert - - * configure: regen - -2001-12-12 14:55 millert - - * aclocal.m4: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK - -2001-12-12 14:43 millert - - * config.h.in, configure.in: Add check for skeyaccess(3) - -2001-12-11 19:47 millert - - * visudo.pod: Document new -c, -f, and -q options - -2001-12-11 19:41 millert - - * visudo.c: o Add -f option (alternate sudoers file) o Convert to - use getopt(3) - -2001-12-11 19:31 millert - - * configure: regen - -2001-12-11 19:31 millert - - * aclocal.m4, config.h.in, configure.in: Add check for isblank and - a replacement macro if it doesn't exist. - -2001-12-11 18:22 millert - - * visudo.c: In check-only mode, don't create sudoers if it does not - already exist. - -2001-12-11 18:06 millert - - * parse.yacc: o Add a new token, DEFVAR, to indicate a Defaults - variable name - o Add support for "+=" and "-=" list operators - o replace some 1 and 0 with TRUE and FALSE for greater - legibility. - -2001-12-11 18:05 millert - - * parse.lex: o Use exclusive start conditions to remove some - ambiguity in the - lexer. Also reorder some things for clarity. - o Add support for "+=" and "-=" list operators. - o Use the new DEFVAR token to denote a Defaults variable name. - -2001-12-11 18:03 millert - - * sudo.h: Prototype init_envtables() - -2001-12-11 18:02 millert - - * env.c: o Convert environment handling to use lists instead of - strings. - This greatly simplifies routines that need to do "foreach" - type - operations. - o Add new init_envtables() function to set env_check and - env_delete - defaults based on initial_badenv_table and - initial_checkenv_table - (formerly sudo_badenv_table). - -2001-12-11 18:00 millert - - * defaults.c, defaults.h: o Add a new LIST type and functions to - manipulate it. - o This is for use with environment handling variables. - o Call new init_envtables() routine inside init_defaults() to - initialize the environment lists. - -2001-12-11 17:57 millert - - * def_data.c, def_data.h, def_data.in: Convert environment options - to use the new LIST type and add a new one, env_check that only - deletes if the sanity check fails. - -2001-12-11 17:55 millert - - * testsudoers.c: Add dummy version of init_envtables() - -2001-12-11 17:53 millert - - * parse.yacc: honor quiet mode - -2001-12-11 17:51 millert - - * visudo.c: Add check-only mode - -2001-12-10 20:27 millert - - * mkdefaults: Fix generation of entries with NULL descriptions. - -2001-12-09 00:27 millert - - * tgetpass.c: Use sigaction_t and quiet a gcc warning. - -2001-12-09 00:20 millert - - * sudo.c: Must reset signal handlers before we exec - -2001-12-09 00:16 millert - - * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sudo_auth.c: Be - carefule now that tgetpass() can return NULL (user hit ^C). PAM - version needs testing. Set SIGTSTP to SIG_DFL during password - entry so user can suspend us. - -2001-12-09 00:14 millert - - * tgetpass.c: Add support for interrupting/suspending tgetpass via - keyboard input. If you suspend sudo from the password prompt and - resume it will re-prompt you. - -2001-12-09 00:09 millert - - * sudo.c: Don't block keyboard interrupt signals, just set them to - SIG_IGN. - -2001-12-08 14:48 millert - - * config.h.in: add back HAVE_SIGACTION - -2001-12-08 14:44 millert - - * configure: regen - -2001-12-08 14:44 millert - - * config.h.in, configure.in, logging.c, sudo.c, visudo.c: Kill - POSIX_SIGNALS define and old signal support now that we emulate - POSIX ones Also be sure to correctly initialize struct sigaction. - -2001-12-08 14:42 millert - - * strerror.c: Don't need config.h or "#ifndef HAVE_STRERROR" - wrapper. - -2001-12-08 14:39 millert - - * compat.h: Add scaffolding for POSIX signal emulation - -2001-12-08 14:36 millert - - * sigaction.c: o Add missing ';' so this compiles o Can't use NULL - since we don't include stdio.h - -2001-12-08 14:23 millert - - * sigaction.c: Emulate sigaction() using sigvec() - -2001-11-12 19:32 millert - - * sudoers.pod: Document new behavior of negative values of - timestamp_timeout Fix a typo - -2001-11-12 19:31 millert - - * sudo.pod: Add security note about command not being logged after - 'sudo su' and friends. - -2001-11-12 19:19 millert - - * sudo.pod: Mention that -V prints default values when run as root, - including the list of environment variables to clear. - -2001-11-12 19:14 millert - - * Makefile.in: Run pod2man with --quotes=none to avoid stupid - quoting of C<> entries. - -2001-11-12 13:12 millert - - * def_data.c, def_data.h, def_data.in, sudoers.pod, - auth/sudo_auth.c: Add mail_badpass option Also modify mail_always - behavior to also send mail when the password is wrong - -2001-11-12 13:08 millert - - * env.c, sudo.c, sudo.h: Dump default bad env table when 'sudo -V' - is run by root. - -2001-11-11 23:52 millert - - * sudoers.pod: document env_delete - -2001-11-11 23:51 millert - - * env.c: Add support for '*' in env_keep when not resetting the - environment (ie: the normal case). - -2001-11-11 23:47 millert - - * env.c: Add env_delete variable that lets the user replace/add to - the bad_env_table. Allow '*' wildcard in env_keep entries. - -2001-11-06 13:59 millert - - * mkinstalldirs: Force umask to 022 to guarantee sane directory - permissions. - -2001-11-02 18:09 millert - - * Makefile.in: add sudo.tab.h and sudo.tab.c to sudo.tab.o - dependency - -2001-11-02 17:25 millert - - * mkdefaults: fix breakage in last commit - -2001-11-02 17:18 millert - - * Makefile.in: acsite.m4 -> aclocal.m4 - -2001-11-02 15:59 millert - - * check.c: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in - previous commit - -2001-11-02 15:57 millert - - * def_data.c: regenerated from def_data.in - -2001-11-02 15:56 millert - - * check.c, defaults.c, defaults.h: Add new T_UINT type that most - things use instead of T_INT If timestamp_timeout is < 0 then - treat the ticket as never expiring (to be expired manually by the - user). - -2001-11-02 15:51 millert - - * def_data.in: change most T_INT -> T_UINT - -2001-11-02 15:51 millert - - * mkdefaults: fix warning when no args - -2001-11-02 12:52 millert - - * visudo.c: Change 2 Exit() -> exit() Avoid stdio in Exit() and - call _exit() if we are a signal handler. We no longer print the - signal number but the user can just check the exit value for - that. - -2001-10-16 01:35 millert - - * logging.c: when setting up pipes in child process check for case - where stdin == pipe fd 0 - -2001-10-11 13:20 millert - - * visudo.c: Ignore editor exit value since XPG4 says vi's exit - value is the count of editing errors made (failed searches, etc). - -2001-10-05 16:39 millert - - * configure: regen - -2001-10-05 16:39 millert - - * configure.in: sco now is identified by config.guess as *-sco-* - -2001-10-05 16:24 millert - - * configure.in: Check for getspnam() in -lgen if not in -lc for - UnixWare. - -2001-09-17 21:48 millert - - * sudoers.pod, visudo.pod: "upper case" -> "uppercase" - -2001-09-17 21:32 millert - - * sudoers.pod: fix typos and grammar; pjanzen@foatdi.harvard.edu - -2001-08-28 10:26 millert - - * sudoers.pod: Missing word (specify); krapht@secureops.com - -2001-08-23 17:43 millert - - * sudo.c: If we fail to lookup a login class, apply the default - one. - -2001-08-23 17:42 millert - - * logging.c: In log_error() free message, not logline - unconditionally, then free logline if it is not the same as - message. No function change but this mirrors how they are - allocated. - -2001-07-16 23:33 millert - - * configure: regenerate - -2001-07-16 23:33 millert - - * configure.in: remove some backslash quotes that are unneeded - -2001-07-16 23:30 millert - - * configure.in: o Tweaks to make this work with autoconf-2.50 o Use - AC_LIBOBJ instead of changing LIBOBJS directly o Use - AC_REPLACE_FUNCS where we can o Use AC_CHECK_FUNCS instead of - AC_CHECK_FUNC so we don't have to AC_DEFINE things manually. - -2001-07-16 23:28 millert - - * config.guess, config.sub: Updated from autoconf-2.50 - -2001-05-22 19:11 millert - - * README: Update mailing list section. We use mailman now, not - majordomo. - -2001-05-10 14:55 millert - - * getspwuid.c, logging.c, sudo.c: Use setpwent()/endpwent() + all - the shadow variants to make sure we don't inadvertantly leak an - fd to the child. Apparently Linux's shadow routines leave the fd - open even if you don't call setspent(). Reported by - mike@gistnet.com; different patch used. - -2001-04-12 21:43 millert - - * sudoers.pod: s/eg./e.g./ - -2001-04-12 21:42 millert - - * tgetpass.c: select() may return EAGAIN. If so, continue like we - do for EINTR. - -2001-04-12 21:41 millert - - * logging.c: Fix a non-exploitable buffer overflow in the word - splitting code. This should really be rewritten. - -2001-04-12 21:41 millert - - * Makefile.in: FAQ link goes away - -2001-04-12 21:40 millert - - * INSTALL: Tell people to look in sample.syslog.conf for examples, - not FAQ - -2001-04-12 21:40 millert - - * TROUBLESHOOTING: Update list of env vars that are cleared - -2001-04-12 21:36 millert - - * sudo.c: remove struct env_table decl since that stuff has all - moved to env.c - -2001-04-04 13:17 millert - - * fileops.c: Fix a pasto in flock-style unlocking and include - for flock on older systems; twetzel@gwdg.de - -2001-04-04 13:14 millert - - * configure: regen to get NeXT lockf/flock fix - -2001-04-04 13:14 millert - - * configure.in: force NeXT to use flock since lockf is broken - -2001-03-30 08:54 millert - - * check.c: Use stashed user_gid when checking against exempt gid - since sudo sets its gid to a a value that makes sudoers readable. - Previously if you used gid 0 as the exempt group everyone would - be exempt. From Paul Kranenburg - -2001-03-29 13:14 millert - - * configure: regen - -2001-03-29 13:08 millert - - * aclocal.m4: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 - aparently defines some types (such as ssize_t) therein. - -2001-03-02 09:09 millert - - * defaults.c: Fix negation of paths in a boolean context. Problem - found by apt@UH.EDU - -2001-02-23 13:03 millert - - * visudo.c: pasto - -2001-02-17 16:11 millert - - * visudo.c: SA_RESETHAND means the opposite of what I was - thinking--oops To block all signals in old-style signals use ~0, - not 0xffffffff - -2001-02-04 11:16 millert - - * defaults.c: coerce difference of pointers to int when used in a - string length printf format; deraadt@openbsd.org - -2001-01-17 11:34 millert - - * visudo.c: Block all signals in Exit() to avoid a signal race. - There is still a tiny window but I'm not going to worry about it. - -2001-01-07 13:57 millert - - * env.c: glibc uses the LANGUAGE env var so clear that too; Solar - Designer - -2001-01-07 13:55 millert - - * lex.yy.c: Regenerate with a fix to flex.skl that preserves errno - from clobbering by isatty(). - -2000-12-30 20:39 millert - - * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sia.c, sudo_auth.c: - Some defaults I_ defines got renamed. - -2000-12-30 20:38 millert - - * Makefile.in, check.c, def_data.c, def_data.h, def_data.in, - defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc, - set_perms.c, sudo.c: Move defaults info into its own files from - which we generate .h and .c files. This makes adding or - rearranging variables much simpler. - -2000-12-30 16:58 millert - - * configure, configure.in: fix typo in last commit - -2000-12-30 16:55 millert - - * compat.h, config.h.in, configure, configure.in: Add check + - emulation for setegid (like seteuid). - -2000-12-30 16:22 millert - - * env.c: Make env_keep override badenv_table as documented Fix - traversal of badenv_table (broken in last commit) - -2000-12-29 22:59 millert - - * set_perms.c, sudo.c, sudo.h: Don't try and build saved uid - version of set_perms on systems w/o them. Rename - set_perms_saved_uid() -> set_perms_posix() Make - set_perms_setreuid simply be set_perms_fallback() and simply - include the appropriate function at compile time (setreuid() - vs. setuid()). - -2000-12-29 22:45 millert - - * sudoers.pod, sudoers.cat, sudoers.man.in: PATH is also preserved - when env_reset is in effect - -2000-12-29 22:29 millert - - * CHANGES, env.c, Makefile.in, check.c, compat.h, config.h.in, - configure, configure.in, defaults.c, defaults.h, find_path.c, - getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, - sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, - testsudoers.c, visudo.c, visudo.cat, visudo.man.in: New Defaults - options: o stay_setuid - sudo will remain setuid if system has - saved uids or setreuid(2) o env_reset - reset the environment to - a sane default o env_keep - preserve environment variables that - would otherwise be cleared - - No longer use getenv/putenv/setenv functions--do environment - munging by hand. Potentially dangerous environment variables can - be cleared only if they contain '/' pr '%' characters to protect - buggy programs. Moved environment routines into env.c (new file) - -2000-12-29 22:17 millert - - * INSTALL: Clear up --without-passwd description - -2000-12-29 19:39 millert - - * sudo_setenv.c, putenv.c: We now build up a new environment from - scratch and assign it to "environ". - -2000-12-18 22:35 millert - - * sudo.pod, visudo.pod: Grammatical fixes from Paul Janzen - -2000-12-14 23:19 millert - - * visudo.c: If there was a syntax error and the user just wants to - quit, unlink sudoers if it is zero length. - -2000-12-14 23:10 millert - - * visudo.c: 'Q' means ignore parse error, not 'q' - -2000-12-14 22:57 millert - - * visudo.c: Open sudoers for writing with mode SUDOERS_MODE From - Dimitry Andric - -2000-12-13 12:23 millert - - * set_perms.c: Add missing #ifdef HAVE_LOGIN_CAP_H; - ayamura@ayamura.org - -2000-12-09 11:46 millert - - * config.guess, config.sub: Darwin / Mac OS X support from Wilfredo - Sanchez - -2000-11-03 09:36 millert - - * sudo.c, visudo.c: Use exit(127), not exit(-1) - -2000-11-03 00:37 millert - - * defaults.h, set_perms.c, sudo.c, Makefile.in, defaults.c: Move - set_perms() to its own file and use POSIX saved uid or setreuid() - if available. - - Added stay_setuid option for systems that have libraries that - perform extra paranoia checks in system libraries for setuid - programs (ie: anything with issetugid(2)). - -2000-11-02 20:28 millert - - * sudo.c: strip more bits from the environment and add a facility - for stripping things only if they contain '/' or '%' to address - printf format string vulnerabilities in other programs. - -2000-11-02 12:55 millert - - * configure: regen - -2000-11-02 12:55 millert - - * configure.in: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache - the existence of strcasecmp(). +2011-05-04 Todd C. Miller -2000-11-02 12:46 millert + * Don't let the fnmatch/glob macros expand the function prototype. + [d449e9a8f447] <1.8> - * configure: regen +2011-05-03 Todd C. Miller -2000-11-02 12:46 millert + * Resolve namespace collisions on HP-UX ia64 and possibly others by + adding a rpl_ prefix to our fnmatch and glob replacements and + #defining rpl_foo to foo in the header files. + [d23889375b21] <1.8> - * configure.in: Check for strcasecmp(3) in -lc89 for NCR Unix +2011-04-29 Todd C. Miller -2000-11-01 10:22 millert + * Split ALL, ROLE and TYPE into their own actions. Since you can only + have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in + the non-SELinux case. This is safe because the actions are in one + big switch() statement. + [0bd9b7e37ab1] <1.8> - * config.h.in: Define HAVE_INNETGR #ifdef HAVE__INNETGR + * Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. + [8dec97b359e0] <1.8> -2000-11-01 10:17 millert + * askpass moved from sudoers to sudo.conf in sudo 1.8.0 + [1001d87d82ed] <1.8> - * configure: regen + * Remove obsolete warning about runas_default and ordering. Move + syslog facility and priority lists into the section where the + relevant options are described. + [1286b9624021] <1.8> -2000-11-01 10:17 millert +2011-04-26 Todd C. Miller - * compat.h, config.h.in, configure.in: Add check for _innetgr(3) - since NCR systems have that instead of innetgr(3). + * Fix SIA support; we no longer have access to the real argc and argv + so allocate space for a fake one and use the argv passed to the + plugin with "sudo" for argv[0]. + [7c11eeffb91c] <1.8> -2000-10-31 14:16 millert + * Remove useless realloc when trying to get the buffer size right. + [58128e7f4e28] <1.8> - * auth/securid.c: check return value of creadcfg() call sd_close() - after sd_auth() store username in sd->username so we don't rely - on the USER env variable + * Be explicit when setting euid to 0 before call to setreuid(0, 0) + [95769a564ab8] <1.8> -2000-10-29 23:00 millert +2011-04-18 Todd C. Miller - * INSTALL: document --with-bsdauth + * NEWS: + sudo 1.8.1p1 updates + [de3d688b5bb1] <1.8> -2000-10-29 22:57 millert + * configure, configure.in: + Need to do checks for krb5_verify_user, krb5_init_secure_context and + krb5_get_init_creds_opt_alloc regardless of whether or + notkrb5-config is present. + [456c4a9cd5d6] <1.8> - * configure: regen +2011-04-15 Todd C. Miller -2000-10-29 22:56 millert + * Work around weird AIX saved uid semantics on setuid() and + setreuid(). On AIX, setuid() will only set the saved uid if the euid + is already 0. + [5d0a69e9d181] <1.8> - * configure.in: --with-bsdauth assumes --with-logincap +2011-04-14 Todd C. Miller -2000-10-29 22:45 millert + * update copyright year + [fa8da6d55783] <1.8> - * auth/: bsdauth.c, fwtk.c: When prompting for a response to a - challenge, if the user just hits return then reprompt with echo - turned on. + * Treat a missing includedir like an empty one and do not return an + error. + [5fd9fe004728] <1.8> -2000-10-29 17:31 millert +2011-04-12 Todd C. Miller - * sudo.c: Remove debugging code that should not have been - committed, oops. + * Fix ARCH setting in cross-compile Solaris packages. + [8ce40940f6c9] <1.8> -2000-10-29 17:31 millert + * Fix aix version setting. + [02a9e25d46ba] <1.8> - * auth/bsdauth.c: Use lower-level routines and get the password - ourselves. Checks for a challenge and if there is one echo is - not turned off. + * Remove extraneous parens in LDAP filter when sudoers_search_filter + is enabled that causes a search error. From Matthew Thomas. + [b67be9b51ec6] <1.8> -2000-10-29 17:30 millert +2011-04-11 Todd C. Miller - * auth/: pam.c, sudo_auth.h: minor housekeeping, no real code - changes + * Correct sizeof() to fix test failure. + [a11b89fd13f9] <1.8> -2000-10-27 18:41 millert + * "install" target should depend on "install-dirs". Fixes "make -j" + problem and closes bz #487. From Chris Coleman. + [06ab0558f848] <1.8> - * sudo.c: Fix a coredump in the logging functions if gethostname(2) - fails by deferring the call to log_error() until things are - better setup. +2011-04-09 Todd C. Miller - Fix return value of set_loginclass() in non-BSD-auth case. + * .hgtags: + Added tag SUDO_1_8_1 for changeset 0ed6281995f0 + [543d41a163e9] <1.8> - Hard-code 'sudo' in the usage message so we can fit more options - on a line + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + Regen man pages for 1.8.1 + [0ed6281995f0] [SUDO_1_8_1] <1.8> -2000-10-27 18:35 millert +2011-04-07 Todd C. Miller - * logging.c: Fix errant ';' (typo) that broken MSG_ONLY + * Add HAVE_RFC1938_SKEYCHALLENGE + [c0d7eb39799d] <1.8> -2000-10-26 13:03 millert +2011-04-06 Todd C. Miller - * sudo.cat, sudo.man.in: regen + * Mention plugin loading and libgcc changes + [b74929cba37c] <1.8> -2000-10-26 13:01 millert + * Load plugins after parsing arguments and potentially printing the + version. That way, an error loading or initializing a plugin + doesn't break "sudo -h" or "sudo -V". + [c1ecb5979cf0] <1.8> - * sudo.pod: Document -a flag + * Makefile.in: + When using a sub-shell to invoke the sub-make, exec make instead of + running it inside the shell to avoid an extra process. + [9439f016c993] <1.8> -2000-10-26 12:42 millert + * Stop testing unspecified behavior in fnmatch Make glob test more + portable + [87a91d76fbff] <1.8> - * Makefile.in, config.h.in, configure, configure.in, getspwuid.c, - sudo.c, auth/sudo_auth.h, auth/bsdauth.c: Add support for BSD - authentication. + * No need to add current dir to include path and having it breaks the + test programs that expect to get the system glob.h and fnmatch.h + [3ae7f9e7b710] <1.8> -2000-10-19 10:09 millert + * configure, configure.in: + Fix and document --with-plugindir; partially from Diego Elio Petteno + [0220a0c2606f] <1.8> - * sudoers.pod: Fix typo; from sato@complex.eng.hokudai.ac.jp + * Fix fnmatch and glob tests to not use hard-coded flag values in the + input file. Link test programs with libreplace so we get our + replacement verions as needed. + [66bab80241e0] <1.8> -2000-10-12 09:49 millert + * Makefile.in: + If make in a subdir fails, fail the target in the upper level + Makefile too. Adapted from a patch from Diego Elio Petteno + [bc35b7813507] <1.8> - * sudoers.pod: Mention negating umask + * configure, configure.in: + Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also + has this. Adapted from a patch from Diego Elio Petteno + [bb6228f484b9] <1.8> -2000-10-12 01:30 millert + * Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ + directly. + [47e6d5fadc6d] <1.8> - * defaults.c: Allow user to specify umask of 0777 (same as !umask) + * configure, configure.in: + Fix warnings when -without-skey, --without-opie, --without-kerb4, + --without-kerb5 or --without-SecurID were specified. + [1b75035dd129] <1.8> -2000-10-08 21:46 millert + * Add plugins/sudoers/sudoers_version.h + [1d470c6033ca] <1.8> - * sudo.pod, visudo.pod: Fix a typo and give a URL for the sudo - history. + * configure, configure.in: + Back out the --with-libpath addition to SUDOERS_LDFLAGS since that + now include LDFLAGS in the sudoers Makefile.in. Add missing settng + of @LDFLAGS@ in plugin Makefile.in files. + [dd237f43aa12] <1.8> -2000-10-08 12:25 millert +2011-04-05 Todd C. Miller - * defaults.c, sudo.pod: fix typos; pepper@reppep.com + * Mention %#gid support in User_List and Runas_List + [37e259b9181b] <1.8> -2000-09-14 16:48 millert + * Keep track of sudoers grammar version and report it in the -V + output. + [0e0b891dd8a4] <1.8> - * sudo.c, sudo.h, sudo_setenv.c: sudo_setenv() now exits on memory - alloc failure instead of returning -1. + * Add multiple inclusion guard + [ec6884f51ea8] <1.8> -2000-09-07 17:41 millert + * configure, configure.in: + The --with-libpath option now adds to SUDOERS_LDFLAGS as well as + LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and + set it to -Wc,-static-libgcc if not using GNU ld so we don't + have a dependency on the shared libgcc in sudoers.so. + [28d03f3eb0d2] <1.8> - * sudo.c: Strip out NLSPATH and PATH_LOCALE from the environment - for FreeBSD and possibly others. + * Fix typo; from Petr Uzel + [d19b9bd92bd3] <1.8> -2000-09-07 10:43 millert +2011-04-01 Todd C. Miller - * logging.c: Don't use vsyslog(3) since HP-UX (and others?) lack - it. This means that "%m" won't be expanded but we don't use that - anyway since the logging routines may splat to stderr as well. + * In dump-only mode, use "root" as the default username instead of + "nobody" as the latter may not be available on all systems. + [b304111616dd] <1.8> -2000-09-06 21:35 millert +2011-03-31 Todd C. Miller - * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in, - sudoers.pod: Add always_set_home variable - -2000-09-06 21:24 millert - - * configure, configure.in: Have to hard code default values in help - since the defaults are set _after_ the help stuff. - -2000-08-31 13:08 millert - - * lex.yy.c, parse.lex: Allow special characters (including '#') to - be embedded in pathnames if quoted by a '\\'. The quoted chars - will be dealt with by fnmatch(). Unfortunately, 'sudo -l' still - prints the '\\'. - -2000-08-13 17:10 millert - - * install-sh: Better path searching for programs we need. - -2000-08-13 17:10 millert - - * TROUBLESHOOTING: Add section on "C compiler cannot create - executables" errors. - -2000-08-13 17:10 millert - - * Makefile.binary, Makefile.in, version.h: Crank version - -2000-08-13 17:09 millert - - * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in, - sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, - visudo.man.in, visudo.pod: Substitute values from configure into - man pages. - -2000-08-12 16:48 millert - - * parse.c, sudo.c: The listpw and verifypw sudoers options would - not take effect because the value of the default was checked - *before* sudoers was parsed. Instead of passing in the value of - PWCHECK_* to sudoers_lookup(), pass in the arg for def_ival() so - the check can be deferred until after sudoers is parsed. - -2000-08-11 15:41 millert - - * tgetpass.c: When writing prompt, no need to write the NUL as - well; hag@linnaean.org - -2000-06-09 12:25 millert - - * install-sh: When looking for chown, check in /sbin too - -2000-06-04 22:57 millert - - * visudo.c: Remove extraneous call to init_defaults() and set - runas_user to NULL betweem parses so init_defaults will reset it - each time, thus avoiding a reference to free()d data. - -2000-06-04 19:57 millert - - * config.h.in, interfaces.c, interfaces.h, sudo.c: Add support for - using getifaddrs() to get the list of ip addr / netmask pairs. - Currently IPv4-only. - -2000-06-04 19:51 millert - - * visudo.c: Add a missing check for UserEditor == NULL Add missing - '+' before line number when invoking editor to fix a syntax error - -2000-05-12 16:55 millert - - * sudo.c: Call clean_env very early in main() for paranoia's sake. - Idea from Marc Esipovich. - -2000-05-10 01:11 millert - - * sudo.h: Update proto for evasprintf and easprintf - -2000-05-10 01:10 millert - - * alloc.c: Make easprintf() and evasprintf() return an int. - -2000-05-10 00:56 millert - - * check.c: If the targetpw flag is set, use target username as part - of the timestamp path. If tty tickets are in effect cat the tty - and the target username with a ':' as the separator. - -2000-05-09 12:05 millert - - * auth/pam.c: Backout part of last change; setting PAM_USER to the - invoking user breaks things like targetpw. - -2000-05-09 11:52 millert - - * auth/pam.c: set tty and username via pam_set_item - -2000-05-09 11:42 millert - - * check.c, getspwuid.c, sudo.c, sudo.h, auth/sudo_auth.c: Fix root, - runas, and target authentication for non-passwd file auth - methods. - -2000-04-22 14:15 millert - - * sudo.pod, sudo.man.in, sudoers.man.in, sudoers.pod, visudo.pod, - sudo.cat, sudoers.cat, visudo.man.in, visudo.cat: Use B<-Z> not - C<-Z> for command line flags in all places. This is more - consistent and works around a bug in Pod::Man. - -2000-04-22 13:59 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod: Fix an occurence of - 'semicolon' that should be 'colon' - -2000-04-19 15:30 millert - - * configure, configure.in: Fix --with-badpri help line - -2000-04-17 14:01 millert - - * defaults.c, logging.c, sudo.c: Bracket calls to syslog with an - openlog() and closelog() since some authentication methods (like - PAM) may do their own logging via syslog. Since we don't use - syslog much (usually just once per session) this doesn't really - incur a performance penalty. It also Fixes a SEGV with pam_kafs. - -2000-04-15 16:32 millert - - * sudo.c: Fix -H flag. runas_homedir is only valid after - set_perms(PERM_RUNAS, mode) - -2000-04-12 18:56 millert - - * INSTALL: Clarify the fact that insults are not enabled just by - including them in the binary. - -2000-04-07 10:39 millert - - * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat, - sudoers.cat, visudo.cat: Regenerated with perl 5.6.0 pod2man - -2000-04-07 10:38 millert - - * Makefile.in: Give date string to pod2man since its default is - ugly and it ain't got no alibi. - -2000-04-07 10:27 millert - - * Makefile.in: Do section substitution on the output of pod2man and - remove hack needed for old pod2man. - -2000-04-07 10:26 millert - - * sudo.pod, sudoers.pod, visudo.pod: Put back real man sections, we - will do the substitution later. - -2000-04-02 11:44 millert - - * configure, configure.in: Don't bother checking for the path to vi - if user specified --with-editor - -2000-04-01 17:25 millert - - * CHANGES, visudo.c: Visudo now does its own fork/exec instead of - calling system(3). + * Remove NewArgv/NewArgc, they are no longer needed. + [c0a36a42a68c] <1.8> -2000-04-01 16:23 millert + * Fix setting of user_args + [529e79ea95d1] <1.8> - * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in, - sudoers.pod, visudo.c: Visudo now checks for the existence of an - editor and gives a sensible error if it does not exist. - - The path to the editor for visudo is now a colon-separated list - of allowable editors. If the user has $EDITOR set and it matches - one of the allowed editors that editor will be used. If not, the - first editor in the list that actually exists is used. - -2000-04-01 16:22 millert - - * sudo.pod, sudo.cat, sudo.man.in: Clear up confusion wrt sudo's - return value. - -2000-03-27 12:08 millert - - * Makefile.in: Strip sudo and visudo for bindist target - -2000-03-26 22:26 millert - - * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, - sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Use - @mansectsu@ and @mansectform@ in the man page bodies as well. - -2000-03-26 22:07 millert - - * visudo.cat, visudo.man.in, visudo.pod: Typo: @sysconf@ -> - @sysconfdir@ - -2000-03-26 21:57 millert - - * Makefile.in: 'make dist' should not cause any files to be - modified so remove its dependencies. - -2000-03-26 21:43 millert - - * CHANGES: Whoops, forgot to add release marker - -2000-03-26 11:57 millert + * Add '!' token to lex tracing + [aef295d428e7] <1.8> - * CHANGES: Final change for 1.6.3 (or so I hope) + * Use group bin in test, not wheel as most systems have the bin group + but the same is no longer true of wheel. + [350347f09c1a] <1.8> -2000-03-26 11:57 millert + * Avoid using pre or post increment in a parameter to a ctype(3) + function as it might be a macro that causes the increment to happen + more than once. + [8a94ebdd53b8] <1.8> - * sudo.cat, sudoers.cat, visudo.cat: Use SYSV man sections since - BSD systems will have nroff... +2011-03-30 Todd C. Miller -2000-03-24 18:58 millert + * Strip off the beta or release candidate version when building AIX + packages. + [00ad950764e2] <1.8> - * parse.yacc: When checking to see if the host/user matches in a - defaults spec, check against TRUE, not just non-zero since it - might be -1. + * configure, configure.in: + We need to include OSDEFS in CFLAGS when doing the utmp/utmpx + structure checks for glibc which only has __e_termination visible + when _GNU_SOURCE is *not* defined. + [1d58420a4a4a] <1.8> -2000-03-24 15:14 millert + * getuserattr(user, ...) will fall back to the "default" entry + automatically, there's no need to check "default" manually. + [cefffa82967d] <1.8> - * configure.in, configure: OSF/1 puts file formats in section 4, - not 5. + * Document parser changes. + [5038238f60eb] <1.8> -2000-03-24 15:13 millert +2011-03-29 Todd C. Miller - * CHANGES, INSTALL, sudo.c: Make login class support work on BSD/OS + * Makefile.in: + If there is an existing sudoers file, only install if it passes a + syntax check. + [b1e4c9c56fe0] <1.8> -2000-03-23 20:24 millert + * Add runasgroup support to testsudoers + [30838590e9de] <1.8> - * RUNSON: Update for 1.6.3 + * For "make check", keep going even if a test fails. + [d3a72f67227e] <1.8> -2000-03-23 20:23 millert + * More useful exit codes: + * 0 - parsed OK and command matched. + * 1 - parse error + * 2 - command not matched + * 3 - command denied + [59301e0769cd] <1.8> - * configure, configure.in: If there is no inet_addr but there *is* - an __inet_addr that's ok since inet_addr is probably just a macro - then. The better thing to do would be to look for the macro, but - this is fine for now. + * Document %#gid, and %:#nonunix_gid syntax. + [39ee15af58e9] <1.8> -2000-03-23 19:50 millert + * Add support to user_in_group() for treating group names that begin + with a '#' as gids. + [0eb19980cf5f] <1.8> - * configure, configure.in: Don't use shlicc for BSD/OS 4.x + * configure, configure.in: + Add explicit check for struct utmpx.ut_exit.e_termination and struct + utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update + ut_exit if we detect one or the other. + [ab5b665fc04b] <1.8> -2000-03-23 19:40 millert +2011-03-28 Todd C. Miller - * Makefile.in, configure, configure.in: *.man lives in cwd, *.cat - lives in $(srcdir), add a @mansrcdir@ configure variable so we - can deal with this. Also, only remove *.man for 'distclean' not - 'clean'. + * Add back missing #include of config.h + [9c82bec81018] <1.8> -2000-03-23 19:16 millert + * Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like + strftime() does. + [1ae630470f8a] <1.8> - * sudo.c: set_loginclass() should be static like the proto says + * Quote first argument to AC_DEFUN(); from Elan Ruusamae + [c467e9e3b399] <1.8> -2000-03-23 14:14 millert +2011-03-27 Todd C. Miller - * fnmatch.c: Add #ifdef __STDC__ around the rangematch function - header to avoid promotion of test to int, thus violating the - prototype. Gcc handles this gracefully but more std ANSI - compilers will complain. + * add new sudoers tests + [05f2a0924acc] <1.8> -2000-03-23 10:11 millert + * Add test for a newline in the middle of a string when no line + continuation character is used. + [24b79be5822b] <1.8> - * emul/fnmatch.h: Pull in newer fnmatch(3) that supports - FNM_CASEFOLD + * Use bitwise AND instead of modulus to check for length being odd. A + newline in the middle of a string is an error unless a line + continuation character is used. + [65c468599688] <1.8> -2000-03-23 10:11 millert + * Move lexer globals initialization into init_lexer. + [07a1171a1853] <1.8> - * aclocal.m4, configure, fnmatch.3, fnmatch.c: Pull in newer - fnmatch(3) that supports FNM_CASEFOLD Check for FNM_CASEFOLD in - configure + * Fix a potential crash when a non-regular file is present in an + includedir. Fixes bz #452 + [5057cb9516e4] <1.8> -2000-03-22 23:41 millert + * On some Linux systems, "uname -p" contains detailed processor info + so check "uname -m" first and then "uname -p" if needed. Recognize + PLD Linux. + [56226c84a060] <1.8> - * CHANGES, TODO: update for 1.6.3 +2011-03-25 Todd C. Miller -2000-03-22 23:38 millert + * Don't need all sudoers.h here. + [43b6ae5999c5] <1.8> - * lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, sudo.tab.h, - testsudoers.c, visudo.c: Fully qualified hosts w/ wildcards were - not matching the FQHOST token type. There's really no need for a - separate token for fully-qualified vs. unqualified anymore so - FQHOST is now history and hostname_matches now decides which - hostname (short or long) to check based on whether or not the - pattern contains a '.'. + * Print sudo version early, in case policy plugin init fails. + [620f2d0ec4b1] <1.8> -2000-03-22 23:09 millert +2011-03-24 Todd C. Miller - * parse.c, parse.h, parse.yacc, sudoers.pod, testsudoers.c, - visudo.c, sudoers.cat, sudoers.man.in: Add support for wildcards - in the hostname. + * Update to match change in input. + [69540f84721d] <1.8> -2000-03-22 22:50 millert + * Make an empty group or netgroup a syntax error. + [4b85bddc494e] <1.8> - * Makefile.in: Add targets for *.man.in, using config.status to - generate *.man from *.man.in + * An empty group or netgroup should be a syntax error. + [6ec796972eff] <1.8> -2000-03-22 22:20 millert + * Check that uids work in per-user and per-runas Defaults Check that + uids and gids work in a Command_Spec + [68cf62353420] <1.8> - * sudoers.cat, sudoers.man.in, sudoers.pod: Document set_logname - option and enbolden refs to sudo and visudo. + * Test empty string in User_Alias and Command_Spec + [017d487c31be] <1.8> -2000-03-22 19:35 millert + * Allow a group ID in the User_Spec. + [37e0bf69c8d8] <1.8> - * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, - sudo.cat, sudo.pod, sudo.man.in, sudoers.cat, sudoers.pod, - visudo.cat, visudo.pod, sudoers.man.in, visudo.man.in: Add - FreeBSD login.conf support (untested on BSD/OS) based on a patch - from Michael D. Marchionna. configure now does substitution on - the man pages, allowing us to fix up the paths and set the - section correctly. Based on an idea from Michael D. Marchionna. + * Return an error for the empty string when a word is expected. Allow + an ID for per-user or per-runas Defaults. + [4c9020779582] <1.8> -2000-03-22 19:27 millert +2011-03-23 Todd C. Miller - * auth/passwd.c: Better fix for handling HP-UX aging info. + * Fix printing "User_Alias FOO = ALL" + [97c9fd7caeb7] <1.8> -2000-03-22 19:20 millert +2011-03-22 Todd C. Miller - * sudo.c: Add support for set_logname run-time default + * Better error message about invalid -C argument + [2301e7a3835b] <1.8> -2000-03-22 19:17 millert + * fix typo + [c5acde62a309] <1.8> - * sudo.man.in, sudoers.man.in, visudo.man.in: configure does - substitution on these to produce *.man + * Fix placement of equal size ('=') in user specification summary. + [4d0ffef77ae4] <1.8> -2000-03-22 19:16 millert +2011-03-21 Todd C. Miller - * sudo.man, sudoers.man, visudo.man: These files now get generated - from *.man.in at configure time. + * update to match sudoers regress + [0efb8dc9092a] <1.8> -2000-03-22 18:40 millert + * Restore ability to define TRACELEXER and have trace output go to + stderr. + [441c8b372217] <1.8> - * defaults.c, defaults.h: Add set_logname option so users can turn - off setting of LOGNAME/USER environment variables. + * Restore old behavior of setting sawspace = TRUE for command line + args when a line continuation character is hit to avoid causing + problems for existing sudoers files. + [963ded6ce070] <1.8> -2000-03-22 10:53 millert + * Add test for line continuation and aliases + [5703d11a3c46] <1.8> - * testsudoers.c, lsearch.c, parse.c: kill register + * Make test output line up nicely for parse vs. toke + [15321ce2d7d9] <1.8> -2000-03-13 15:52 millert + * plugins/sudoers/regress/testsudoers/test1.ok, + plugins/sudoers/regress/testsudoers/test2.out, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.ok, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/visudo/test1.ok, + plugins/sudoers/regress/visudo/test1.sh: + Move parser tests to sudoers directory and test the tokenizer output + too. + [111c1ccda334] <1.8> - * auth/passwd.c: HP-UX adds extra info at the end for password - aging so when comparing the result of crypt to pw_passwd we only - compare the first len(epass) bytes *unless* the user entered an - empty string for a password. + * If we match a rule anchored to the beginning of a line after parsing + a line continuation character, return an ERROR token. It would be + nicer to use REJECT instead but that substantially slows down the + lexer. + [67e54b14aa9d] <1.8> -2000-03-13 11:05 millert + * Move LEXTRACE macro to toke.h so we can use it in yyerror(). + [e6e04037deed] <1.8> - * logging.c: Get rid of grandchild hack, it was causing problems - and there is really no need for it. This fixes a bug where we - spin eating up CPU when the user runs a long-running process like - a shell. + * Make lex tracing settable at run-time in testsudoers via the -t + flag. Trace output goes to stderr. Will be used by regress tests + to check lexer. + [a973f43cc0c2] <1.8> -2000-03-07 14:26 millert + * Allow whitespace after the modifier in a Defaults entry. E.g. + "Defaults: username set_home" + [bf876c9fc5bb] <1.8> - * sudo.c: User can always specify a login class if he/she is - already root. +2011-03-18 Todd C. Miller -2000-03-06 23:29 millert + * Don't set CC when cross-compiling. + [d3c33dcb02f2] <1.8> - * config.h.in, configure, configure.in, defaults.c, defaults.h, - sudo.c, sudo.h: FreeBSD login class (login.conf) support. - -2000-03-06 14:42 millert - - * auth/sudo_auth.c: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes - secureware support - -2000-03-03 18:04 millert - - * auth/passwd.c: Truncate unencrypted password to 8 chars if - encrypted password is exactly 13 characters (indicateing standard - a DES password). Many versions of crypt() do this for you, but - not all (like HP-UX's). - -2000-03-01 21:01 millert - - * INSTALL, RUNSON: Mention that gcc on dynix may have problems - -2000-02-29 17:46 millert + * Credit Matthew Thomas for the sudoers_search_filter changes. + [2209b80664af] <1.8> - * Makefile.in: Link visudo with NET_LIBS since we now call syslog - via defaults.c + * Add the .sym files to the MANIFEST + [bb452b28a009] <1.8> -2000-02-29 17:41 millert + * Update for sudo 1.8.1 beta + [700d42d80e00] <1.8> - * defaults.c: Use Argv[0] as the first arg to openlog() since - visudo uses this too. + * user_shell -> run_shell to avoid confusion with the user's SHELL + variable. + [451b96d5f97e] <1.8> -2000-02-28 18:58 millert + * Save the controlling tty process group before suspending in pty + mode. Previously, we assumed that the child pgrp == child pid + (which is usually, but not always, the case). + [b0841d861191] <1.8> - * sudo.c: Stash coredumpsize resource limit and retsore it before - the exec() Otherwise the child ends up with a coredumpsize of 0. + * Add support for sudoers_search_filter setting in ldap.conf. This + can be used to restrict the set of records returned by the LDAP + query. + [70c5f496e2b3] <1.8> -2000-02-26 22:56 millert +2011-03-17 Todd C. Miller - * sudo.cat, sudo.man, sudo.pod: document -S flag + * configure, configure.in: + Remove the hack to disable -g in CFLAGS unless --with-devel + [9459839f50ba] <1.8> -2000-02-26 22:54 millert + * The '@' character does not normally need to be quoted. + [e66c4c64e514] <1.8> - * sudo.c: fix usage string + * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but + if that whitespace is followed by a comma, we want to treat it as + part of a list and not transition. + [52ae2df9959d] <1.8> -2000-02-26 22:48 millert + * Add check for whitespace when a User_List is used for a per-user + Defaults entry. + [44a4db95be86] <1.8> - * CHANGES, RUNSON, TODO, sudo.c, sudo.h, tgetpass.c, - auth/aix_auth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Added - -S flag (read passwd from stdin) and tgetpass_flags global that - holds flags to be passed in to tgetpass(). Change echo_off param - to tgetpass() into a flags field. There are currently 2 possible - flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(), - abstract the echo set/clear via macros and if (flags & TGP_ECHO) - but echo is not set on the terminal, but sure to set it. + * Expand quoted name checks to cover recent fixes. + [bd494b5c2bed] <1.8> -2000-02-26 22:11 millert + * Fix parsing of double-quoted names in Defaults and Aliases which was + broken in 601d97ea8792. + [dfdd58c3eb3b] <1.8> - * tgetpass.c: Fixed a bug that caused an infinite loop when the - password timeout was disabled. + * toke_util.c lives in $(srcdir) not $(devdir) + [94f8f024782e] <1.8> -2000-02-18 12:56 millert +2011-03-16 Todd C. Miller - * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h, - sudoers.cat, sudoers.man, sudoers.pod, visudo.c: Add rootpw, - runaspw, and targetpw options. - -2000-02-18 12:11 millert - - * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod, - visudo.c: enveditor -> env_editor + * configure, configure.in: + Update version to 1.8.1 + [531a7d520f18] <1.8> -2000-02-15 19:07 millert + * Document major changes in 1.8.1 and add upgrade notes. + [116821646140] <1.8> - * BUGS, INSTALL, Makefile.in, README, configure, configure.in, - sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, - visudo.cat, visudo.man: crank versino to 1.6.3 - -2000-02-15 19:03 millert - - * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man, - sudoers.pod, visudo.c: Add 'editor' and 'enveditor' sudoers - defaults and make visudo honor them. This means that visudo will - now parse the sudoers file *before* it is edited so a bogus - sudoers file will cause a warning to go to stderr. Also, visudo - checks the variables once--it does not check them after each - editor run since that could be confusing. + * Be careful not to deref user_stat if it is NULL. This cannot + currently happen in sudo but might in other programs using the + parser. + [d72a9c7151c4] <1.8> -2000-02-15 18:49 millert + * configure will not add -O2 to CFLAGS if it is already defined to add + -O2 to the CFLAGS we pass in when PIE is being used. + [2c7fe82be93d] <1.8> - * RUNSON: 1.6.2 -> 1.6.2p1 + * Warn about the dangers of log_input and mention iolog_file and + iolog_dir in the log_input and log_output descriptions. + [edc6aa59aa45] <1.8> -2000-02-15 18:36 millert + * sync with git version + [b121cf739c77] <1.8> - * check.c, sudo.c, sudo.h: Move user_is_exempt prototype into - sudo.h + * It seems that h comes after i + [99ad15015f05] <1.8> -2000-02-13 13:38 millert + * Move log_input and log_output to their proper, sorted, location. + Document set_utmp and utmp_runas. + [216ce8b0ae1a] <1.8> - * configure, configure.in: Fix thinko, some && should have been || - in the last commit + * Save the controlling tty process group before suspending so we can + restore it when we resume. Fixes job control problems on Linux + caused by the previous attemp to fix resuming a shell when I/O + logging not enabled. + [dfe038f733be] <1.8> -2000-02-13 13:28 millert + * Fix printing of the remainder after a newline. Fixes "sudo -l" + output corruption that could occur in some cases. + [ab2f0a629e0d] <1.8> - * configure, configure.in: Don't initialized Makefile variables to - be NULL since the user may want to import variables from their - environment. + * Add support for ut_exit + [7039ec6a73fa] <1.8> -2000-02-03 21:09 millert + * Add support for controlling whether utmp is updated and which user + is listed in the entry. + [1b008ce71eab] <1.8> - * configure, configure.in: typo + * Fix typo; tupple vs. tuple + [67bb5c67ae3d] <1.8> -2000-01-27 15:01 millert + * For legacy utmp, strip the /dev/ prefix before trying to determine + slot since the ttys file does not include the /dev/ prefix. + [8f597114381d] <1.8> - * INSTALL, RUNSON, configure, configure.in: Make pam work on HP-UX - 11.0;jaearick@colby.edu + * Add check for _PATH_UTMP + [fe7e2456f017] <1.8> -2000-01-27 15:01 millert + * Adapt check_iolog_path to sessid changes + [3016201869b6] <1.8> - * CHANGES: recent changes; prepare for 1.6.2p1 + * Redo utmp handling. If no getutent()/getutxent() is available, + assume a ttyslot-based utmp. If getttyent() is available, use that + directly instead of ttyslot() so we don't have to do the stdin dup2 + dance. + [817490c7c20e] <1.8> -2000-01-26 23:31 millert + * Move utmp handling into utmp.c + [e4729d9259e9] <1.8> - * find_path.c: Don't apply SECURE_PATH if user is example; - jmknoble@pobox.com + * Update copyright years. + [1065afc00233] <1.8> -2000-01-26 16:21 millert +2011-03-11 Todd C. Miller - * sudoers.cat, sudoers.man, sudoers.pod: Expanded docs on sudoers - 'defaults' options based on INSTALL file info. + * Add "user_shell" boolean as a way to indicate to the plugin that the + -s flag was given. + [6e8bc49b7ea7] <1.8> -2000-01-26 16:21 millert + * Move sessid out of sudo_user. + [00d67d5ba894] <1.8> - * INSTALL: Fix some while lies + * Log the TSID even if it is not a simple session ID. + [490cf0adae29] <1.8> -2000-01-24 10:48 millert + * Document noexec in sample.sudo.conf and add back noexec_file section + in sudoers with a note that it is deprecated. + [c7a2d8d0c563] <1.8> - * Makefile.in: When making a bindist, link FAQ to TROUBLESHOOTING - instead of copying. + * Fix running commands as non-root on systems where setreuid() changes + the saved uid based on the effective uid we are changing to. + [f3b27db56ba6] <1.8> -2000-01-23 22:57 millert +2011-03-10 Todd C. Miller - * sudoers.cat, sudoers.man, sudoers.pod: Add netgroup caveat + * Move noexec path into sudo.conf now that sudo itself handles noexec. + Currently can be configured in sudoers too but is now undocumented + and will be removed in a future release. + [9c5f64709994] <1.8> -2000-01-23 22:42 millert + * Document "Path noexec ..." in sudo.conf. No longer document + noexec_file in sudoers, it will be removed in a future release. + [959fa6b5217b] <1.8> - * RUNSON: Last minute updates + * Move noexec handling to sudo front-end where it is documented as + being. + [ef6cd4a40c61] <1.8> -2000-01-23 22:26 millert + * Add support for disabling exec via solaris privileges. Includes + preparation for moving noexec support out of sudoers and into front + end as documented. + [d9c05ba9a24f] <1.8> - * TROUBLESHOOTING: PAM entry + * Only export the symbols corresponding to the plugin structs. + [cb07af1d9b39] <1.8> -2000-01-23 22:23 millert + * Install plugins manually instead of using libtool. This works + around a problem on AIX where libtool will install a .a file + containing the .so file instead of the .so file itself. + [1ccf5af58c05] <1.8> - * auth/pam.c: correct a comment + * Makefile.in: + Move check into its own rule since some versions of make will run + both targets as the default rule. + [7159f37eb552] <1.8> -2000-01-23 22:03 millert + * Update to libtool 2.2.10 + [9e49773b32b7] <1.8> - * CHANGES, RUNSON: update for 1.6.2 + * In handle_signals(), restart the read() on EINTR to make sure we + keep up with the signal pipe. Don't return -1 on EAGAIN, it just + means we have emptied the pipe. + [dc2926097b2d] <1.8> -2000-01-23 21:59 millert + * Reorder functions to quiet a compiler warning. + [5201367e5db4] <1.8> - * auth/pam.c: Better detection of PAM errors and fix custom prompts - with PAM. Based on patches from "Cloyce D. Spradling" - + * Use the Sun Studio C compiler on Solaris if possible + [b8d43b423fb9] <1.8> -2000-01-20 11:15 millert +2011-03-08 Todd C. Miller - * snprintf.c: Cast ULONG_MAX to unsigned long long when comparing - to an unsigned long long value. + * Fix default setting of osversion variable. + [e12905851be5] <1.8> -2000-01-19 14:07 millert + * Make two login_class entris consistent. + [0671d7b204be] <1.8> - * CHANGES, config.h.in, configure, configure.in, visudo.c: Fix - sudoers locking in visudo. We now lock the sudoers file itself, - not the temp file (since locking the temp file can foul up - editors). The previous locking scheme didn't work because the fd - was closed too early. + * Add support for adding a utmp entry when allocating a new pty. + Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent(). + Currently only creates a new entry if the existing tty has a utmp + entry. + [40ff30099e79] <1.8> -2000-01-19 13:37 millert + * Avoid pulling in headers we don't need on Linux For getutx?id(), + call setutx?ent() first and always call endutx?ent(). + [b86f7a13aae9] <1.8> - * configure, config.h.in, configure.in: Don't need test for - ftruncate() any more. + * Add some more libs to SUDOERS_LIBS instead of relying on them to be + pulled in by SUDO_LIBS. + [bcbd16ec56c6] <1.8> -2000-01-18 21:23 millert + * Fix return value of "sudo -l command" when command is not allowed, + broken in [c7097ea22111]. The default return value is now TRUE and + a bad: label is used when permission is denied. Also fixed missing + permissions restoration on certain errors. On error()/errorx(), the + password and group files are now closed before returning. + [757c941a47b2] <1.8> - * configure, configure.in: Add a test for the -Aa flag w/ HP-UX's - cc. Fixes compilation with the unbundled HP-UX cc. +2011-03-07 Todd C. Miller -2000-01-18 17:00 millert + * Fix passing of login class back to sudo front end. + [5e649de6b7f5] <1.8> - * sudoers.cat, sudoers.man, sudoers.pod: "a a" -> "a"; Aaron - Campbell + * Add --osversion flag to specify OS instead of running "pp + --probeonly" + [8a03943ac5e8] <1.8> -2000-01-17 18:46 millert + * Fix expr usage w/ GNU expr + [bdecfa1f54fc] <1.8> - * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h, - parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, - tgetpass.c, version.h, visudo.c: update copyright year on changed - files +2011-03-06 Todd C. Miller -2000-01-17 18:45 millert + * Fix exit value for validate and list mode. + [6f8b20199935] <1.8> - * RUNSON: updates + * Fix non-interactive mode with sudoers plugin. + [cf5aca4fcbcf] <1.8> -2000-01-17 18:45 millert +2011-03-05 Todd C. Miller - * CHANGES: aix fix + * sudoreplay can now find IDs other than %{seq} and display the + session. + [60396b417633] <1.8> -2000-01-17 18:42 millert + * Add support for replaying sessions when iolog_file is set to + something other than %{seq}. + [1cd2baa74d56] <1.8> - * INSTALL: Crank version to 1.6.2 +2011-03-04 Todd C. Miller -2000-01-17 18:11 millert + * If we are killed by a signal, display the name of the signal that + got us. + [1b38c4d42282] <1.8> - * configure: Crank version to 1.6.2 + * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS + where they belong. + [78e97a921104] <1.8> -2000-01-17 17:46 millert + * Fix bug in skey/opie check that could cause a shell warning. + [f20229a04f30] <1.8> - * sudo.c: When using rlimit check for RLIM_INFINITY When computing - the value of maxfd, use min(getdtablesize(), RLIMIT_NOFILE) + * No longer need sudo_getepw() stubs. + [795631ac7db0] <1.8> -2000-01-17 12:32 millert +2011-03-03 Todd C. Miller - * CHANGES: recent changes + * Fix exit value of "sudo -l command" in sudoers module. + [4a05d6019b3d] <1.8> -2000-01-17 12:28 millert +2011-03-02 Todd C. Miller - * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man, - sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man: - Crank version to 1.6.2 + * Use fgets() not fgetln() for portability. + [1f2050745096] <1.8> -2000-01-17 12:25 millert + * Don't use the beta or release candidate version as the rpm release. + [a5b049477646] <1.8> - * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: Add - 'shell_noargs' runtime option back in. We have to defer checking - until after the sudoers file has been parsed but since there are - now other options that operate that way this one can too. Based - on a patch from bguillory@email.com. +2011-02-25 Todd C. Miller -2000-01-16 23:05 millert + * Makefile.in: + Adjust ChangeLog rule now that 1.8 is branched + [a994ac361e44] <1.8> - * defaults.c, defaults.h, parse.c, sudo.c, sudo.h: Add "listpw" and - "verifypw" options. + * .hgtags: + Added tag SUDO_1_8_0 for changeset f6530d56f6ae + [99a2b3801419] <1.8> -2000-01-16 22:57 millert +2011-02-25 Todd C. Miller - * sudoers.cat, sudoers.man, sudoers.pod: o Fix some typos/omissions - o Add section on verifypw and listpw o Define how NOPASSWD - interacts with the -v and -l flags + * configure, configure.in: + version 1.8.0 + [f6530d56f6ae] [SUDO_1_8_0] -2000-01-14 12:39 millert + * NEWS: + update sudo 1.8 section + [f2ee2cf95d18] - * configure, configure.in: For HP-UX cc, add -Aa to CPPFLAGS. For - HP-UX always add -D_HPUX_SOURCE to CPPFLAGS. +2011-02-23 Todd C. Miller -2000-01-14 12:29 millert + * plugins/sudoers/regress/testsudoers/test2.sh: + fix test description + [cd5730fa9f09] - * defaults.c, defaults.h: In struct sudo_defs_types, move the union - to the end and don't initialize the union member since that only - works with an ANSI compiler. We set the value of the union by - hand in init_defaults() anyway. This allows sudo to compile on a - K&R compiler again. + * plugins/sudoers/regress/testsudoers/test2.out, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/visudo/test2.out, + plugins/sudoers/regress/visudo/test2.sh: + convert test2 to use testsudoers + [b5ec3f0b69f1] -2000-01-11 13:20 millert + * include/sudo_plugin.h, src/sudo_plugin_int.h: + Move struct generic_plugin to sudo_plugin_int.h + [6f7bc629329c] - * parse.c, parse.h, parse.yacc, testsudoers.c, visudo.c: - netgr_matches needs to check shost as well as host since they may - be different. + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Allow sudoers file name, mode, uid and gid to be specified in the + settings list. The sudo front end does not currently set these but + may in the future. + [22f38a0fda2a] -2000-01-11 13:17 millert +2011-02-21 Todd C. Miller - * tgetpass.c: End on \r as well as \n + * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, + doc/visudo.man.in: + 1.8.0rc1 + [5d4588b9c057] -2000-01-02 23:53 millert + * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/parse_args.c, src/sudo.h: + add help text to sudo, visudo and sudoreplay for the -h option + [52e7378d8476] - * sudo.c: Update statbuf.st_mode based on SUDOERS_MODE when we are - chaning from 0400 to whatever SUDOERS_MODE is (converting from - the old sudoers mode). Assumes that SUDOERS_MODE is less - restrictive than 0400 which should always be the case. +2011-02-19 Todd C. Miller -2000-01-02 23:43 millert + * compat/snprintf.c: + avoid using "howmany" for a parameter name since it is a select- + related macro + [a14d565401a1] - * parse.c, parse.yacc, sudo.c, sudo.h: Make treatment of -l and -v - sane wrt NOPASSWD flags. Now allow -l w/o a passwd if there is - *any* entry for the user on the host with a NOPASSWD flag. For - -v, only allow w/o a passwd if *all* entries for the user on the - host w/ the specified runas user have the NOPASSWD flag set. + * doc/sudoers.pod: + mention group_plugin when describing nonunix_group + [e0d1d0034b17] -2000-01-02 23:26 millert + * doc/sudo_plugin.pod: + Add missing period at end of sentence + [6744d7e9056d] - * Makefile.in: add check target + * Makefile.in, doc/Makefile.in, include/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + add localstatedir; closes bug 471 + [7aefcab85088] -1999-12-16 13:02 millert + * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c, + src/exec.c, src/exec_pty.c: + The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes + Bug 470 + [927ed6740f32] - * visudo.c: Treat EOF at whatnow prompt like 'x' instead of - looping. + * configure.in: + add missing AH_TEMPLATE for ENV_RESET + [16300010c986] -1999-12-10 00:09 millert + * src/exec.c: + SVR5 systems return non-zero for success on socketpair(), check for + -1 instead. Closes Bug 469 + [4d276494bf8e] - * CHANGES: recent changes +2011-02-16 Todd C. Miller -1999-12-08 23:04 millert + * configure, configure.in: + 1.8.0b5 + [d611cd5d73d3] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + regen + [85e96eeaed82] + + * doc/sudo.pod: + Document that a sudo.conf file with no Pligin lines uses the default + sudoers plugins. + [88bd52da977f] + + * src/load_plugins.c: + If sudo.conf contains no Plugin lines, use the default sudoers + policy and I/O plugins. + [fd8f4cb811ab] + +2011-02-14 Todd C. Miller + + * plugins/sudoers/sudo_nss.c: + Avoid printing empty "Runas and Command-specific defaults for user" + line. + [2dd330fe4f8b] + + * common/lbuf.c: + Truncate the buffer at buf.len before printing in the non-wordwrap + case. + [901e9833f80d] + + * common/lbuf.c: + Remove extra newline when the tty width is very small or unavailable + [245c05506c0e] + +2011-02-11 Todd C. Miller + + * plugins/sudoers/alias.c: + Remove unneeded variable. + [2c086d30b796] + +2011-02-09 Todd C. Miller + + * configure, configure.in: + Prefer getutxid over getutid + [3f3322e9c93e] + + * plugins/sudoers/boottime.c: + Include utmp.h / utmpx.h before missing.h as apparently including it + afterwards causes a compilation problem on GNU Hurd. + [a528029ae962] + +2011-02-07 Todd C. Miller - * config.h.in, configure, configure.in, sudo.c: Add check for - initgroups() since old SYSV lacks this. + * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c: + #include "foo.h", not for local includes. + [f65ec693998e] -1999-12-08 22:54 millert + * src/parse_args.c: + remove bogus XXX + [9136c17d53ce] - * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, - configure.in, parse.c, testsudoers.c: o Kill HAVE_FNMATCH_H o - Only define HAVE_FNMATCH if exists. + * compat/mksiglist.c: + Fix typo + [1a3bb7b455c9] -1999-12-06 01:47 millert + * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c: + return foo not return(foo) + [5c9e0647359a] - * CHANGES, RUNSON, insults.h, auth/sudo_auth.c: Don't allow insults - to be enabled if the insults[] array is empty. Otherwise there - would be division by zero. +2011-02-06 Todd C. Miller + + * src/exec.c: + Remove duplicate FD_SET of signal_pipe[0] + [3096527d2215] + +2011-02-05 Todd C. Miller -1999-12-06 01:25 millert + * compat/mksiglist.c: + Use "missing.h" not in generated code. + [d8e09cffbe09] - * insults.h: Don't care about USE_INSULTS #define since the insult - stuff may be overridden at runtime. +2011-02-04 Todd C. Miller -1999-12-06 01:23 millert + * aclocal.m4, configure: + fix --with-iologdir=no + [a89699cb5f5f] - * auth/sudo_auth.c: Honor insults flag. + * aclocal.m4, configure: + fix typo that broke --with-iologdir + [91b54eb22403] -1999-12-05 19:14 millert +2011-02-03 Todd C. Miller - * CHANGES, parse.c: Don't ask the user for a password if the user - is not allowed to run the command and the authenticate flag (in - sudoers) is false. + * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, + doc/visudo.man.in: + Bump version to 1.8.0b4 + [e2b7f2cdc02e] -1999-12-05 19:05 millert + * NEWS: + sync + [decf5a0a8a33] - * CHANGES, RUNSON, lex.yy.c, parse.lex: o Whenever we get a bare - newline we change to the INITIAL state. o Enter GOTRUNAS when we - see Runas_Alias + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Attempt to clarify how users and groups interact in Runas_Specs + [e6fb3a2dbd77] - This allows #uid to work in a RunasAlias. + * plugins/sudoers/regress/visudo/test2.out, + plugins/sudoers/regress/visudo/test2.sh: + Add test for quoted group that contains escaped double quotes + [44596c48c629] -1999-12-05 14:06 millert + * src/exec.c, src/exec_pty.c: + Pass SIGUSR1/SIGUSR2 through to the child. + [c3108a827b01] - * CHANGES, parse.yacc: fix parsing of runas lists: o oprunasuser - and runaslist now return a value o in a runasspec, if a runaslist - does not return TRUE, set runas_matches to FALSE. Normally, a - runaslist only returns FALSE for explicitly denied users. o - since runaslist does not modify the stack there is no need for a - push/pop in runasalias. + * src/exec_pty.c, src/sudo_exec.h: + Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and + SIGUSR2 to indicate whether the child should be continued in the + foreground or background. + [35ca47cc6785] -1999-12-04 21:54 millert + * src/exec.c: + Use pid_t not int and check the return value of kill() + [36ae7d37d7f9] - * check.c, sudo.c: Don't kill the user's tickets until after - sudoers has been parsed since tty_tickets and ticket_dir could be - set in sudoers. +2011-02-02 Todd C. Miller -1999-12-04 21:18 millert + * src/exec_pty.c: + Remove obsolete comment + [baebef4919f6] - * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON, - configure, configure.in, sudo.cat, sudo.man, sudoers.cat, - sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man: crank - version to 1.6 + * src/exec.c: + In non-pty mode before continuing the child, make it the foreground + pgrp if possible. Fixes resuming a shell. + [fef5b1d02ddb] -1999-12-04 21:18 millert + * src/exec_pty.c: + If we get a signal other than SIGCHLD in the monitor, pass it + directly to the child. + [b3ecb28163a0] + + * src/exec.c, src/exec_pty.c, src/sudo.h: + Save signal state before changing handlers and restore before we + execute the command. + [faf7475dc4bf] + +2011-02-01 Todd C. Miller + + * plugins/sudoers/iolog.c: + Use a char array to map a number to a base36 digit. + [257576c51f8b] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod: + Be clear about what versions of sudo support new LDAP attributes. + Fix up some formatting of attribute names. Minor other tweaks. + [39f65df71f65] + +2011-01-31 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + match quoted strings the same way whether in a Defaults line or as a + user/group/netgroup name. Fixes escaped double quotes in quoted + user/group/netgroup names. + [601d97ea8792] + + * plugins/sudoers/Makefile.in: + 'make check' depends on visudo and testsudoers + [127c5a24df8f] + + * plugins/sudoers/sudoers2ldif: + Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags + [9029163a58c3] + +2011-01-30 Todd C. Miller + + * doc/UPGRADE: + Mention LDAP attribute compatibility status. + [2c3595aaec63] + +2011-01-28 Todd C. Miller + + * README.LDAP: + Mention phpQLAdmin + [9304c9064fbe] + + * INSTALL, NEWS, config.h.in, configure, configure.in, + doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: + Add --disable-env-reset configure option. + [8a753aa13a46] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document that sudoers_locale also affects logging and email. + [998d6ac11277] + + * NEWS, config.h.in, configure, configure.in, + plugins/sudoers/logging.c: + Do logging and email sending in the locale specified by the + "sudoers_locale" setting ("C" by default). Email send by sudo + includes MIME headers when the sudoers locale is not "C". + [cb7e55408400] + +2011-01-27 Todd C. Miller + + * plugins/sudoers/check.c: + Fix indentation + [65ae7e92b9e4] + +2011-01-25 Todd C. Miller + + * NEWS, src/parse_args.c, src/sudo.c: + Perform command escaping for "sudo -s" and "sudo -i" after + validating sudoers so the sudoers entries don't need to have all the + backslashes. + [4e168c103f4b] + +2011-01-24 Todd C. Miller + + * plugins/sudoers/logging.c: + Prepend "list " to the command logged when "sudo -l command" is used + to make it clear that the command was listed, not run. + [f392a6056cd6] + + * plugins/sudoers/parse.c: + cosmetic change + [7c0951dbc2dd] + + * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, + common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c, + compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c, + compat/nanosleep.c, compat/regress/glob/globtest.c, + compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, + compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c, + plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, + plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c, + src/sudo_noexec.c, src/tgetpass.c: + standardize on "return foo;" rather than "return(foo);" or "return + (foo);" + [32d76c5aaf8c] + + * plugins/sudoers/sudoers.c: + Do not reject sudoers file just because it is root-writable. + [0febc579185b] + +2011-01-21 Todd C. Miller + + * NEWS: + sync + [1ab03f8278ff] + + * plugins/sudoers/sudo_nss.c: + For "sudo -U user -l" if user is not authorized on the host, say so. + [289afe6dd15c] + + * plugins/sudoers/ldap.c: + In sudo_ldap_lookup(), always do the initial sudoers check as the + invoking user. If we are listing another user's privs we will do a + separate lookup using list_pw later. + [e52bc15de76d] + +2011-01-20 Todd C. Miller + + * MANIFEST: + add parser fill tests + [4f65140d3515] + + * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: + Don't test features not supported by the bundled glob() + [8ec7ace11949] + + * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c, + compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in, + doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in: + Update copyright year to 2011 + [ac1b45cb1809] + + * plugins/sudoers/sudo_nss.c: + When listing, use separate lbufs for the defaults and the privileges + and only print something if the number of privileges is non-zero. + Fixes extraneous Defaults output for "sudo -U unauthorized_user -l". + [d0854d39f8ef] + + * plugins/sudoers/ldap.c: + Stash pointer to user group vector in LDAP handle and only reuse the + query if it has not changed. We always allocate a new buffer when + we reset the group vector so a simple pointer check is sufficient. + [88861d4eba69] + + * plugins/sudoers/sudo_nss.c: + Check initgroups() return value. + [3bdaf58408a7] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_fill.c: + Add tests for the fill functions in toke_util.c + [bca587ab4956] + +2011-01-19 Todd C. Miller + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c: + fix copyright year + [e2038cdaf055] + + * NEWS: + sync + [56ca5d5eaebe] + +2011-01-18 Todd C. Miller + + * common/term.c: + Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e. + [b91f266624ec] + +2011-01-14 Todd C. Miller + + * mkpkg, sudo.pp: + Add Requires line for audit-libs >= 1.4 for RHEL5+ + [6c02f976171b] + + * pp: + sync with git version + [d301c32d5865] + +2011-01-13 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + fix typo + [39353f92976f] + +2011-01-12 Todd C. Miller + + * NEWS: + Update for sudo 1.7.4p5 + [b444da76901f] + + * doc/schema.OpenLDAP, doc/schema.iPlanet: + Add sudoNotBefore and sudoNotAfter attributes as optional attributes + to the sudoRole object class. From Andreas Mueller + [dacfad7e7a95] + +2011-01-11 Todd C. Miller + + * NEWS: + Mention "sudo -g group" password check fix. + [1eb8fb14e53b] + + * plugins/sudoers/sudoers.c: + Fix "sudo -g" support in the sudoers module. + [07d1b0ce530e] + + * plugins/sudoers/check.c: + If the user is running sudo as himself but as a different group we + need to prompt for a password. + [caf1fcc9a117] + +2011-01-10 Todd C. Miller + + * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, + plugins/sudoers/ldap.c: + Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP + LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla- + derived LDAP SDKs but we can pass the timeout parameter to + ldap_search_ext_s() or ldap_search_st() when possible. + [5537049991f7] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: + regen + [5b361c3c4324] + + * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility + with OpenLDAP ldap.conf files. + [e97843bd16fb] + + * plugins/sudoers/pwutil.c: + If user has no supplementary groups, fall back on checking the group + file expliticly. + [5223ad4eb690] + +2011-01-08 Todd C. Miller + + * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c: + constify + [6e132a4cca61] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Move fill macro to toke.h + [623d430798cf] - * testsudoers.c: add set_fqdn() stub + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Split tokenizer utility functions out into toke_util.c + [89a97bd51618] -1999-12-02 15:31 millert + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + ANSIfy + [ca0eba1dfaa9] + +2011-01-07 Todd C. Miller + + * MANIFEST: + sync + [a43f94064bb3] + + * plugins/sudoers/Makefile.in: + Add visudo tests to check target + [8c82fb4ed40f] + + * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, + compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files, + compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: + Add my regress tests for fnmatch() and glob() from OpenBSD. + [6e8c1f211723] + + * plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/visudo/test1.ok, + plugins/sudoers/regress/visudo/test1.sh: + Add regress test for command tags using visudo -c + [18b0ef207c0f] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test1.ok, + plugins/sudoers/regress/testsudoers/test1.sh: + Add support for regress tests using testsudoers + [1fa94bd2671b] + + * plugins/sudoers/testsudoers.c: + Need to set user_name explicitly due to internal changes made when + converting sudoers to a plugin. + [1fa54e86a364] + +2011-01-06 Todd C. Miller + + * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/iolog_path/data, src/Makefile.in, + zlib/Makefile.in: + Add regression tests for iolog_path() + [afa4b416e559] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Add support for "make Makefile" to regenerate Makefile from + Makefile.in + [98bd2dda3294] + + * plugins/sudoers/iolog_path.c: + Quiest a bogus compiler warning. + [5ff932a7ad67] + +2011-01-05 Todd C. Miller + + * plugins/sudoers/iolog_path.c: + Protect call to setlocale() with HAVE_SETLOCALE + [2c29ee3ccc81] + +2011-01-04 Todd C. Miller + + * MANIFEST: + mkstemps.c was renamed mktemp.c + [ae299c3b1827] + + * NEWS: + Update from 1.7 branch + [20817d79717b] + + * Makefile.in: + Use "mv -f" when regenerating ChangeLog + [c163635206c6] + + * plugins/sudoers/match.c: + Fix NULL dereference with "sudo -g group" when the sudoers rule has + no runas user or group listed. Fixes RedHat bug Bug 667103. + [41a6a1243d9e] + +2011-01-03 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Correct the default sudo.conf example + [4e791698cad1] + +2010-12-31 Todd C. Miller + + * plugins/sudoers/iolog_path.c: + Reset slashp if we allocate a new buffer for strftime() + [e491daa4203b] + + * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add extra out parameter to expand_iolog_path() to allow the caller + to split the path into dir and file components if needed. + [88346bc5ae39] + +2010-12-30 Todd C. Miller + + * plugins/sudoers/iolog.c: + mkdir_iopath() returns size_t now that it uses strlcpy() and not + snprintf() + [3c4c64d265eb] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c: + Trim leading slashes from iolog_file and trailing slashes from + iolog_dir + [a803b51f8948] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Pass a single I/O log file name in command_details instead of + separate dir + file parameters. + [d672a3e46e80] + + * plugins/sudoers/sudoreplay.c: + change an error() to errorx() + [8013dcfdd69d] + + * plugins/sudoers/iolog.c: + Add missing cwd line to I/O log info file that got dropped when + iolog_deserialize_info() was added + [7cf84f208423] + +2010-12-29 Todd C. Miller + + * plugins/sudoers/iolog.c: + Avoid relying on globals filled in by the sudoers policy module for + the sudoers I/O log module. The I/O log open function now pulls the + bits it needs out of user_info and command_info. + [c02f6951b0cc] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + If no iolog file is specified by the policy plugin, use io_nextid() + to determine the next file in the sequence. + [faa1130b1020] + +2010-12-28 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document iolog_compress in command_info + [58895c7d12f5] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Add support for the iolog_compress variable in command_info. + [36f13a2fd1c1] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Add sigsetjmp() calls to all plugin entry points just to be safe. + [3fa482355bc4] + + * src/sudo.c, src/sudo.h: + Don't need iolog variables in struct command_details, they are for + the I/O log plugins to handle. + [5111579ffd9d] + +2010-12-27 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document use of mkdtemp() for iolog path teplates + [5db6101408a9] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + regen + [1ee11fd6d4eb] + + * doc/sudo_plugin.pod, doc/sudoers.pod: + Document iolog_file and supported escape sequences for sudoers. + Clarify that iolog_file can contain directories. + [da611dedcbdb] + + * compat/Makefile.in, configure, configure.in: + Fix building of mkstemps/mkdtemp replacements. + [793a5e303122] + + * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure, + configure.in, include/missing.h: + Provide mkdtemp() for systems without it. + [b0527dfa965c] + + * plugins/sudoers/iolog_path.c: + Fix typo + [277f6c514cba] + + * plugins/sudoers/iolog.c: + Only use mkdtemp() if the path ends in at least 6 Xs since otherwise + glibc mkdtemp() returns EINVAL. + [2e7323b05579] + + * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Allow sudoers to specify the iolog file in addition to the iolog + dir. Add escape sequence support to iolog file and dir: sequence + number, user, group, runas_user, runas_group, hostname and + command in addition to any escape sequence recognized by + strftime(3). + [75cd32ee0435] + + * plugins/sudoers/iolog.c: + Add missing sigsetjmp() call in I/O plugin open function. Fixes a + crash when the I/O plugin calls error(), errorx() or log_error(). + [1a6718bd817d] + +2010-12-21 Todd C. Miller + + * doc/sudo_plugin.pod, plugins/sudoers/iolog.c, + plugins/sudoers/sudoers.c: + Give the policy module fine-grained control over what the I/O plugin + logs. + [d29784fd2a66] + + * common/term.c: + Clear OPOST from c_oflag like we used to. Fixes screen-based + editors such as vi. + [506ad5ae9b4e] + + * doc/sudoers.pod: + Clarify umask option description. From Reuben Thomas. + [1294ac84222b] + +2010-12-20 Todd C. Miller + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Pick last match in LDAP sudoers too + [fbfd8e85703b] + + * doc/sudo_plugin.pod: + Document iolog_file, iolog_dir and use_pty + [26120a59c20e] + + * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, + plugins/sudoers/sudoers.c: + Adapt plugins to version I/O logging ABI 1.1 + [880dd64bc1e8] + + * src/exec.c, src/sudo.h: + Add use_pty command_info flag for policies to indicate that a pty + should be allocated even if no I/O logging is performed. + [e7b167f8a6e5] + + * src/sudo.c: + Add remaining plugin convenience functions + [ffeaf96da031] + + * include/sudo_plugin.h, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h: + Change I/O log API to pass in command info to the I/O log open + function. Add iolog_file and iolog_dir parameters to command info. + This allows the policy plugin to specify the I/O log pathname. Add + convenience functions for calling plugin functions that handle ABI + backwards compatibility. + [9b81dce76ce5] + + * compat/dlopen.c: + Remove useless cast + [7cecce969739] + +2010-12-17 Todd C. Miller + + * configure, configure.in: + Bump version to 1.8.0b3 + [1dc9f040aae0] + +2010-12-13 Todd C. Miller + + * configure.in: + Remove extraneous newline + [71c94551eea5] + +2010-12-10 Todd C. Miller + + * doc/sudoers.pod, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c: + Make I/O log dir configurable. + [99b576667a38] + + * aclocal.m4, configure, configure.in, doc/sudoers.pod: + Rename io_logdir to iolog_dir + [0731662acc8d] + +2010-12-07 Todd C. Miller + + * pp: + Add missing '*' that prevented the generic ELF case from matching. + [be77ca26bfb2] + + * pp: + If file(1) can't identify the ELF binary type, try readelf(1). + [38a18d32a9e3] + +2010-11-30 Todd C. Miller + + * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.c, src/sudo.c: + Use %u to print uid/gid, not %lu and adjust casts to match. + [03c43b8749cf] - * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat, - sudoers.man, sudoers.pod, visudo.c: o Kill shell_noargs option, - it cannot work since the command needs to be set before sudoers - is parsed. o Fix the "set_home" sudoers option (only worked at - compile time). o Fix "fqdn" sudoers option. We now set - host/shost via set_fqdn which gets called when the "fqdn" - option is set in sudoers. o Move the openlog() to - store_syslogfac() so this gets overridden correctly from the - sudoers file. + * doc/sudoers.ldap.pod: + Clarify ordering of entries and attributes. + [924e2a6bb603] -1999-12-02 15:21 millert + * doc/sudoers.ldap.pod: + Fix typo and editing goof. + [79dc7ccd85a8] - * auth/securid.c: SecurID support should compile now. + * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, + doc/sudoers.ldap.pod: + Merge in ordered LDAP entry support from Andreas Mueller. + [ea5885989bad] -1999-11-28 20:56 millert + * plugins/sudoers/ldap.c: + Make sure we don't dereference a NULL handle. + [1a9f9ee15371] - * sudo.pod, visudo.pod, sudo.cat, sudo.man, sudoers.man, - visudo.man, sudoers.cat, visudo.cat: fix some syntactic goofs +2010-11-24 Todd C. Miller -1999-11-28 18:51 millert + * pp: + Add support for RHEL 6 file modes that include a trailing dot on + files with an SELinux security context + [dc09be959547] - * sudo.html, sudoers.html, Makefile.in, visudo.html: No longer need - the .html files as they are generated automatically on the web - site. +2010-11-23 Todd C. Miller -1999-11-28 18:49 millert + * src/sudo.c: + exec_setup() does not need to setuid(0), the Ubuntu issue was in the + sudoers module. + [d6dd99fc6062] - * CHANGES, LICENSE: kill characters that made wml unhappy + * plugins/sudoers/sudoers.c: + create_admin_success_flag() should use restore_perms() rather than + set_perms() to restore the uid. + [eba7a91c1f57] -1999-11-28 18:34 millert + * src/sudo.c: + In exec_setup() call setuid(0) to make certain the subsequent uid + and gid changes will succeed. Fixes a problem on Ubuntu. + [c5d32abf0645] - * HISTORY: typo + * src/sudo_edit.c: + Error out if we cannot change to root's uid so we catch the failure + early. + [7a2e7f8f2c80] -1999-11-25 12:05 millert +2010-11-22 Todd C. Miller - * README: majordomo@cs.colorado.edu -> majordomo@courtesan.com + * doc/sudoers.pod: + fix typo; from Michael T Hunter + [a574a9d0db5b] -1999-11-24 19:43 millert + * plugins/sudoers/match.c: + In sudoedit mode, assume command line arguments are paths and pass + FNM_PATHNAME to fnmatch(). + [ce0abff8ce9f] - * Makefile.in, configure: Wrap script execution w/ /bin/sh for the - benefit of ctm +2010-11-20 Todd C. Miller -1999-11-23 22:52 millert + * configure, configure.in: + Add workaround for an error in sys/types.h on HP-UX 11.23 when large + file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the + broken bits of the header file. + [e337217f097a] - * sudo.c: Make the -s flag be exclusive too. Also reorder the - flags in the exclusive usage message so they are alphabetical. + * aclocal.m4: + Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM + [fbbcee28961f] -1999-11-23 13:27 millert + * sudo.pp: + For Tru64, strip off beta version. + [eeccd762df5e] - * auth/pam.c: make pam errors other than PAM_PERM_DENIED fatal + * MANIFEST, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h: + Avoid conflicts with system definitions in grp.h and pwd.h + [b219ffe1da09] -1999-11-23 13:07 millert + * zlib/gzguts.h: + Include stdio.h after zlib.h, not before. We need the large file + defines to come first. + [21d6df39790f] - * auth/API: fix typo +2010-11-19 Todd C. Miller -1999-11-23 13:07 millert + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: + regen + [3ff8750d0aac] - * INSTALL: make it clear that /etc/pam.d/sudo is required on linux + * Makefile.in: + Don't clean ChangeLog + [ab0d30d289d4] -1999-11-23 13:06 millert + * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Add prototype for cleanup() + [75626fd3769a] - * auth/pam.c: fix a warning on redhat and spew an error if - pam_authenticate() returns an error other than AUTH_SUCCESS or - PAM_PERM_DENIED +2010-11-18 Todd C. Miller -1999-11-23 00:43 millert + * plugins/sudoers/group_plugin.c: + Avoid deferencing group_plugin if it is NULL in + group_plugin_query(). This should not happen. + [4f2933c8da7e] - * sudo.cat, sudo.html, sudo.man, sudo.pod: Be very clear that the - password required is the user's not root's + * plugins/sudoers/group_plugin.c: + group plugin init function return TRUE when successful + [198024477030] -1999-11-19 21:04 millert +2010-11-17 Todd C. Miller - * Makefile.in: add sample.syslog.conf to DISTFILES and BINFILES + * plugins/sudoers/ldap.c: + Enlarge the array of entry wrappers int blocks of 100 entries to + save on allocation time. From Andreas Mueller + [375c916bb03b] -1999-11-18 19:13 millert + * plugins/sudoers/ldap.c: + Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2() + that was mistakenly dropped. + [1555f5bc132d] - * RUNSON: updates from Brian Jackson + some formatting +2010-11-16 Todd C. Miller -1999-11-17 21:39 millert + * doc/TROUBLESHOOTING: + Mention that sudo needs "ar" to build. + [65582ace2d09] - * INSTALL.binary, Makefile.binary, README, RUNSON: o One RUNSon - update o Changes for automating real binary releases + * configure, configure.in: + Fail with a more useful error if "ar" is not found. + [d1cb83719c17] -1999-11-17 21:38 millert +2010-11-14 Todd C. Miller - * Makefile.in: Add bindist target + * plugins/sudoers/ldap.c: + Merge in ordered LDAP entry support from Andreas Mueller and add + local changes from the 1.7 branch. + [bca29e461618] -1999-11-16 16:26 millert +2010-11-12 Todd C. Miller - * TROUBLESHOOTING: talk about run-time options in addition to - compile-time options + * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, + doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add timed entry support from Andreas Mueller. + [e18d1df46a8d] -1999-11-16 01:16 millert + * plugins/sudoers/group_plugin.c: + Don't try to unload if group_plugin is NULL. Don't call dlclose() if + group_handle is NULL + [de2273da37d5] + + * plugins/sudoers/sudoers.h: + It is now plugin_cleanup(), not cleanup() + [da62a4e1a78c] + + * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: + Call plugin_cleanup(), not cleanup() + [e800ad8b33ad] - * CHANGES: fix typos +2010-11-11 Todd C. Miller + + * plugins/sudoers/ldap.c: + Use efree() not free() and remove malloc.h include since we never + directly call malloc() or free(). + [107fffd134bb] + +2010-11-09 Todd C. Miller + + * sudo.pp: + set PSTAMP for Solaris and move the backend-specific bits to their + own %if [xxx] %endif blocks in %set. + [a94ebe8920c1] + + * pp: + sync with git repo + [75ff509696b4] + + * configure, configure.in: + Only substitute file zlib files when using the builtin zlib + [6c8145b2deb4] + + * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Give up on using VPATH to find sources as it is implemented + inconsistenly in different versions of make. + [60517c69aaee] + + * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, + plugins/sudoers/gram.c, plugins/sudoers/toke.c: + Include config.h before any other includes to make sure we get the + right value for _FILE_OFFSET_BITS. + [8fb007ca832e] + + * MANIFEST: + Add zlib + [04a3e23dfaa9] + + * zlib/Makefile.in: + Add missing targets + [40e45a177168] + + * src/Makefile.in: + g/c unused $(GENERATED) + [c8758068c1bc] + +2010-11-08 Todd C. Miller + + * plugins/sudoers/group_plugin.c: + Zero out group_plugin on unload just to be safe. + [0b10f4d101ca] + + * plugins/sudoers/group_plugin.c: + Unload group plugin if its init function fails. + [6552cdac4b7c] + + * src/sudo.c: + Only chdir to cwd if it is different from the current cwd or there + is a new root (chroot). + [b8203e875e84] + + * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in: + Bump version to 1.8.0b2 + [6dadeb75a878] + +2010-10-28 Todd C. Miller + + * INSTALL: + Better --enable-zlib description + [e0da54fa59a6] + + * mkpkg: + Use system zlib on Linux Let configure decide on Solaris For all + others, use builtin zlib + [3d52eddb523c] + + * zlib/zconf.h.in: + Add large file support. + [bec01215270d] + + * config.h.in: + Add large file support. + [244e95b034ec] + + * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod, + zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c, + zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c, + zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c, + zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h, + zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h, + zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in, + zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: + Add local copy of zlib for systems that lack it. + [7542ca465c5a] + +2010-10-15 Todd C. Miller + + * src/exec.c: + If perform_io() fails, kill the child before exiting so it doesn't + complain about connection reset. We can get an I/O error if, for + example, and we get EIO reading from stdin. + [e59a05fa729f] + +2010-10-12 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c: + Fix complilation on systems with set_auth_parameters() Sprinkle + volatile to quiet warnings from gcc 2.8.0 + [a34c2b924ba7] + + * compat/dlfcn.h, compat/dlopen.c: + Avoid potential namespace issues with dlopen() emulation. + [aedfababd6ca] + + * MANIFEST: + sync + [6afb97e6d308] + + * plugins/sudoers/interfaces.c: + Use INADDR_NONE instead of casting -1 to in_addr_t (which may not + exist). + [ddfca5af1a36] + + * Makefile.in: + Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg + [e9d04bfa4505] + + * configure, configure.in: + HP-UX 10.20 libc has an incompatible getline + [2e7bc202e78d] + + * plugins/sudoers/visudo.c: + Quiet an HP-UX compiler warning. + [55b9d587ac8c] + + * configure, configure.in: + Check for vi even with --with-editor specified; the sample plugin + needs it. + [94dfc3643f76] + +2010-10-11 Todd C. Miller + + * compat/dlopen.c: + Fix remaining syntax errors. + [9d729b5b577e] + + * src/Makefile.in: + sudo binary depends on the libtool-generated libs + [9e6148406adb] + + * plugins/sudoers/group_plugin.c, src/load_plugins.c: + Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to + include the local or system dlfcn.h + [68cfe4c1089b] + + * pp: + Don't use run_as_superuser=false on HP-UX + [532242370b09] + + * src/net_ifs.c: + Use memset() instead of zero_bytes() since we don't include + sudoers.h + [a187c18c2472] + + * plugins/sudoers/interfaces.c: + Fix pasto; AF_INET not AF_INET6 + [2d2e9d7dc6f9] + + * compat/dlopen.c: + Actually call shl_load() + [ed8153b8a3cd] + + * pp: + Update from git repo. Debian: version numbers now compliant with + policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX + 10.20 + [ecf2692bceeb] + + * configure, configure.in: + Fix dlopen() detection for systems where dlopen() is in a separate + library. + [fa6b175582b6] + + * plugins/sudoers/auth/pam.c: + If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more + useful message and return AUTH_FATAL so sudo does not keep trying to + validate the user. + [1be8857e5291] + + * src/preload.c: + sudo_preload_table is an array + [b7704e72a9da] + + * compat/dlopen.c: + Quiet a compiler warning and fix sudo_preload_table external + definition. + [8234987664cc] + + * compat/dlfcn.h: + Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype. + [8bab6a4053cc] -1999-11-16 01:09 millert + * plugins/sudoers/group_plugin.c: + Make this compile correctly when no dlopen is available. + [57643879bd2b] + +2010-10-07 Todd C. Miller + + * plugins/sudoers/check.c: + Having a timestamp file defined is no longer indicative of tty + tickets being enabled. Check def_tty_tickets directly. + [efcc11ad157f] + + * src/exec_pty.c, src/sudo.h, src/ttysize.c: + Fix TCGETWINSZ compat. + [da3a8b17cf7a] + +2010-10-02 Todd C. Miller + + * src/exec_pty.c, src/ttysize.c: + Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE + [926492dd10a6] + +2010-10-01 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c: + Move set_project() from sudoers module into sudo proper. + [beabafac03b4] + + * configure, configure.in: + Fix typo and regenerate + [4a3caf4234f3] + + * plugins/sudoers/ldap.c: + When iterating over returned LDAP entries, keep looking at remaining + matches even if we have a positive match. This catches negative + matches that may exist in other entries and more closely match the + sudoers file behavior. + [f47db6e609b0] + + * pp: + Add support for multiple package instances on Solaris. + [7f2a8b942545] + + * src/exec.c: + Add missing signal_pipe[0] to fdsr for the non-pty case. + [79d01e11b19c] + + * mkpkg: + Add --with-project for Solaris + [ffa4c2bb93f7] + + * README: + Need ar and ranlib too + [5c2f679172ef] + +2010-09-27 Todd C. Miller + + * plugins/sudoers/env.c: + Preserve ODMDIR environment variable by default on AIX. + [bd47cb1e804f] + +2010-09-26 Todd C. Miller + + * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, + config.h.in, configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c, + src/preload.c: + Add dlopen() emulation for systems without it. For HP-UX 10, emulate + using shl_load(). For others, link sudoers plugin statically and use + a lookup table to emulate dlsym(). + [e92edfb3c642] + +2010-09-24 Todd C. Miller - * sudo.c: need sys/time.h if HAVE_SETRLIMIT + * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c, + compat/nanosleep.c, compat/utimes.c: + When including compat headers, use the compat dir as part of the + path so we are sure to get the correct header. + [6c2a45da6af5] -1999-11-16 00:42 millert +2010-09-21 Todd C. Miller + + * plugins/sudoers/linux_audit.c: + Ignore ECONNREFUSED from audit_log_user_command() which will occur + if auditd is not running. + [d314fe4c8d03] - * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man, - sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod: get - rid of references to sudo-bugs. Now mention the web site or the - sudo@ alias +2010-09-17 Todd C. Miller -1999-11-16 00:35 millert + * pp: + Sync with git version + [1c0357744222] - * sudoers.html: repair pod2html damage +2010-09-16 Todd C. Miller -1999-11-16 00:28 millert + * common/fileops.c, plugins/sudoers/defaults.c: + Cast isblank argument to unsigned char. + [c822dbb3ca54] - * RUNSON, TODO: Update for 1.6 release +2010-09-14 Todd C. Miller -1999-11-16 00:23 millert + * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: + Implement --with-umask-override configure flag. + [863e3047df22] - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Add warning - about using ALL in a command context. + * plugins/sudoers/env.c: + Take MODE_LOGIN_SHELL into account when initially setting reset_home + instead of special-casing it later. + [5d6b16480fd6] -1999-11-09 15:12 millert + * plugins/sudoers/sudoers.c: + In login mode, make a copy of the runas user's pw_shell for + NewArgv[0] because 1) we modify it and 2) it will runas_pw gets + freed before exec. + [1d1ccb568dfa] + + * plugins/sudoers/env.c: + Reset HOME for "sudo -i" even if HOME was listed in env_keep. + [c1c1c65a2d63] + + * src/sudo.c: + Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK. + [7443454e5f88] + + * src/sudo.c: + Reset signal mask at sudo startup time; we need to be able to rely + on normal signal delivery to control the child process. + [95800163ff94] + +2010-09-13 Todd C. Miller + + * install-sh: + Use sed instead of expr to split a flag from its argument. Fixes a + problem with expr interpreting its arguments as a flag when they + start with a dash. + [736065e14301] + + * common/lbuf.c: + Do not need sys/time.h after all + [91f6f668ccda] + + * common/lbuf.c: + Include sys/time.h for utimes() and struct timeval. No longer need + ioctl.h or termios.h + [2d75273d3213] + + * compat/snprintf.c: + Quiet bogus compiler warnings. + [fe252e1968f5] + + * include/missing.h: + Declare innetgr() for HP-UX which is missing a declaration. Declare + domainname() for HP-UX and Solaris which are missing a declaration. + [b37c50751138] + + * plugins/sudoers/bsm_audit.c: + Use __sun for consistency with the rest of the sources. + [6b086b61ccb6] + + * plugins/sudoers/group_plugin.c: + Quiet a bogus compiler warning. + [ebc069842c4a] + + * plugins/sudoers/pwutil.c: + Don't try to delref a NULL group. + [f6ff0838be21] + + * common/alloc.c, common/lbuf.c: + Include memory.h on systems that need it. + [4e676da81c6f] + +2010-09-11 Todd C. Miller + + * src/exec.c: + Quiet gcc warnings on glibc systems that use warn_unused_result for + write(2). + [0532da0b7cf7] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + sudo_plugin is in section 8; from Ted Percival + [b4506a0de87e] + + * plugins/sudoers/Makefile.in: + testsudoers depends on libsudoers.la, not sudoreplay + [cdb1cc3bf06a] + +2010-09-10 Todd C. Miller + + * src/exec.c: + Read as many signals on the signal pipe as we can before returning. + [b181671da047] + + * src/exec.c, src/exec_pty.c, src/sudo_exec.h: + Instead of using a array to store received signals, open a pipe and + have the signal handler write the signal number to one end and + select() on the other end. This makes it possible to handle signals + similar to I/O without race conditions. + [ee84d65c16b6] + +2010-09-09 Todd C. Miller + + * doc/visudo.pod, plugins/sudoers/visudo.c: + Make "visudo -c -f -" check the standard input. + [195a3d2a9a26] + + * doc/sudoers.pod: + set_home and always_set_home have an effect if HOME is present in + the env_keep list. + [159d0b9dc5c8] + + * plugins/sudoers/env.c: + Make -H flag work when HOME is listed in env_keep. Also makes + "set_home" and "always_set_home" override override HOME in env_keep. + [a3e5b966193f] + +2010-09-08 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/match.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/net_ifs.c: + Convert sudoers plugin to use interface list passed in settings. + [87d9b5f4f586] + + * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c, + src/parse_args.c, src/sudo.h: + Query local network interfaces in the main sudo driver and pass to + the plugin as "network_addrs" in the settings list. + [7f35bcfe77a7] + + * plugins/sudoers/bsm_audit.c: + Solaris BSM audit return EINVAL when auditing is not enabled, + whereas OpenBSM returns ENOSYS. + [411b980ec58b] + +2010-09-07 Todd C. Miller + + * compat/fnmatch.c: + missing.h should come before most local includes + [53921a7b8b5b] + + * plugins/sudoers/sudoreplay.c: + missing.h should come before most local includes + [e9abb0db1aac] + + * plugins/sudoers/sudoers.h: + Make local includes consistent; use double quotes for local includes + except for generated ones where we use angle brackets. + [09de4faa9547] + + * plugins/sudoers/sudoers.c: + Always fill in NewArgv for audit code. + [7c3aca60519f] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add missing LOG_INPUT/LOG_OUTPUT support in the lexer. + [007cf6560f92] + + * common/alloc.c, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c, + common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c, + compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, + compat/getprogname.c, compat/glob.c, compat/isblank.c, + compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c, + compat/nanosleep.c, compat/setenv.c, compat/snprintf.c, + compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, + compat/unsetenv.c, compat/utimes.c, include/compat.h, + plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, + plugins/sample_group/plugin_test.c, + plugins/sample_group/sample_group.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/linux_audit.c, plugins/sudoers/match.c, + plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h, + src/sudo_noexec.c, src/ttysize.c: + Make local includes consistent; use double quotes for local includes + except for generated ones where we use angle brackets. Also g/c + unused compat.h. + [e57070dc8f04] + +2010-09-06 Todd C. Miller + + * plugins/sudoers/match.c: + When matching the runas user and runas group (-u and -g command line + options), keep track of runas group and runas user matches + separately. Only return a positive match if we have a match for + both runas user and runas group (if specified). + [815219e04cc8] + +2010-09-04 Todd C. Miller + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for multiple URI lines by joining the contents and + passing the result to ldap_initialize. + [a47cae3b72e8] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: + Do not return -1 on error from the display functions; the caller + expects a return value >= 0. + [101456a7dd00] + + * plugins/sudoers/sudoers.c: + Do not set both MODE_EDIT and MODE_RUN + [8faa36694d54] + +2010-09-03 Todd C. Miller + + * include/missing.h: + Move includes to the top of the file. + [a51436798e8c] + +2010-08-30 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Add missing definition of timedir + [458a749c2c5e] + + * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c, + compat/mksiglist.c, compat/strsignal.c, + plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c: + Add #include of sys/types.h for .c files that include missing.h to + be sure that size_t and ssize_t are defined. + [08e3132dbf4f] + + * plugins/sudoers/Makefile.in: + Install sudoers file from the build dir not hte src dir. + [ca89e962dbf4] + +2010-08-26 Todd C. Miller + + * plugins/sudoers/set_perms.c: + If runas_pw changes, reset the stashed runas aux group vector. + Otherwise, if runas_default is set in a per-command Defaults + statement, the command runs with root's aux group vector (i.e. the + one that was used when locating the command). + [24f9107cedd2] + + * plugins/sudoers/Makefile.in: + Add target to generate sudoers file Remove generated sudoers file as + part of distclean + [fb7422e90f03] + +2010-08-24 Todd C. Miller + + * src/exec.c: + When not logging I/O install a handler for SIGCONT and deliver it to + the command upon resume. Fixes bugzilla #431 + [495dce52a5aa] + +2010-08-21 Todd C. Miller + + * plugins/sudoers/sudoers.h: + g/c unused auth_pw extern definition + [40eb7477ba17] + + * plugins/sudoers/check.c, plugins/sudoers/sudoers.c: + Move get_auth() into check.c where it is actually used. + [e31db0ce3a61] + +2010-08-20 Todd C. Miller + + * common/lbuf.c: + Convert a remaining puts() and putchar() to use the output function. + [d69e363a506b] + + * plugins/sudoers/plugin_error.c: + Plug memory leak + [68895469ea8d] + +2010-08-18 Todd C. Miller + + * plugins/sudoers/env.c: + Set dupcheck to TRUE when setting new HOME value if !env_reset but + always_set_home is true. Prevents a duplicate HOME in the + environment (old value plus the new one) introduced in f421f8827340. + [9ca19183794f] + + * configure, configure.in, plugins/sudoers/sudoers, + plugins/sudoers/sudoers.in: + Substitute sysconfdir in the installed sudoers file to get the + correct path for sudoers.d. + [86072b6cd55d] + +2010-08-17 Todd C. Miller + + * src/get_pty.c: + Fix typo that prevented compilation on Irix; Friedrich Haubensak + [b48be51b65fc] + +2010-08-16 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, + common/atobool.c, common/fileops.c, common/fmt_string.c, + common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c, + compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c, + compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, + compat/getprogname.c, compat/glob.c, compat/isblank.c, + compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c, + compat/nanosleep.c, compat/setenv.c, compat/snprintf.c, + compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, + compat/unsetenv.c, compat/utimes.c, include/compat.h, + include/missing.h, plugins/sample/sample_plugin.c, + plugins/sample_group/getgrent.c, + plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in, + plugins/sudoers/audit.c, plugins/sudoers/boottime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c, + src/sudo.h, src/sudo_noexec.c, src/ttysize.c: + Merge compat.h and missing.h into missing.h + [572909ae9716] + +2010-08-14 Todd C. Miller + + * plugins/sudoers/auth/pam.c: + If the user hits ^C while a password is being read, error out before + reading any further passwords in the pam conversation function. + Otherwise, if multiple PAM auth methods are required, the user will + have to hit ^C for each one. + [23782631748c] + +2010-08-12 Todd C. Miller + + * plugins/sudoers/check.c: + Update comment + [a5296cb3a20a] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document sudo_conv_t function and sudo_printf_t return values. + [745c0017814c] + + * src/conversation.c: + Make _sudo_printf return the number of characters printed on success + like printf(3). + [8eeefe8d7e77] + +2010-08-10 Todd C. Miller + + * plugins/sudoers/sudoers.c: + sudoers.h includes sudo_plugin.h for us + [cabe68e07807] + + * common/Makefile.in, common/gettime.c, compat/mkstemps.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h, + src/sudo_edit.c: + Use gettimeofday() directly instead of via the gettime() wrapper. + [7490426c99ae] + + * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c, + compat/strerror.c, config.h.in, configure, configure.in, + include/compat.h, include/missing.h, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c: + Remove some obsolete configure tests, ancient Unix systems are no + longer supported. + [2be6218c3a36] + +2010-08-07 Todd C. Miller + + * sudo.pp: + Set pp_kit_version and strip off patch level + [aacfda1b676d] + + * sudo.pp: + Better handling of versions with a patchlevel. For rpm and deb, use + the patchlevel+1 as the release. For AIX, use the patchlevel as the + 4th version number. For the rest, just leave the patchlevel in the + version string. + [638bd35f2346] + +2010-08-06 Todd C. Miller + + * plugins/sudoers/auth/sudo_auth.c: + For non-standalone auth methods, stop reading the password if the + user enters ^C at the prompt. + [82c2911bb264] + + * configure, configure.in, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/pwutil.c: + No need to look up shadow password unless we are doing password- + style authentication. This moves the shadow password lookup to the + auth functions that need it. + [ba9e3eba2b72] + + * plugins/sudoers/sudoers.c: + Retain final passwd/group refs until the policy close() function. + Note that this doesn't get called in all cases so putting this in a + cleanup function is probably better. + [bbe214cb4119] + + * plugins/sudoers/check.c: + Fix mismerge + [395115f89dd6] + + * plugins/sudoers/check.c: + When removing/resetting the timestamp file ignore the tty ticket + contents. + [b709f5667a0b] + + * plugins/sudoers/sudoers.c: + delref sudo_user.pw, runas_pw and runas_gr immediately before we + return. + [4d67d15dfd3b] + +2010-08-04 Todd C. Miller + + * plugins/sudoers/check.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Reference count cached passwd and group structs. The cache holds + one reference itself and another is added by sudo_getgr{gid,nam} and + sudo_getpw{uid,nam}. The final ref on the runas and user passwd and + group structs are persistent for now. + [e544685523c3] + + * doc/UPGRADE: + fix typo + [e32f2d35e6c9] + +2010-08-03 Todd C. Miller + + * plugins/sudoers/check.c: + Do not produce a warning for "sudo -k" if the ticket file does not + exist. + [1598f6061b75] + + * plugins/sudoers/pwutil.c: + Instead of caching struct passwd and struct group in the red-black + tree, store a struct cache_item which includes both the key and + datum. This allows us to user the actual name that was looked up as + the key instead of the contents of struct passwd or struct group. + This matters because the name in the database may not match what we + looked up, due either to case folding or truncation (historically at + 8 characters). Also mark the disabled calls to sudo_freepwcache() + and sudo_freegrcache() as broken since we use cached data for things + like set_perms() and the logging functions. Fixing this would + require making a copy of the structs for user and runas or adding a + reference count (better). + [225d4a22f60e] + + * plugins/sudoers/Makefile.in: + Fix path to mkinstalldirs + [b4968379b12d] + + * plugins/sudoers/check.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/exec_pty.c, src/get_pty.c, src/tgetpass.c: + Quiet gcc warnings on glibc systems that use warn_unused_result for + write(2) and others. + [c99f138960e0] + +2010-08-02 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add %option noinput + [72b9cd49b4f1] + + * aclocal.m4, configure, configure.in: + Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add + back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when + cross-compiling. + [e385c176d0ee] + +2010-07-31 Todd C. Miller + + * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in: + Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT + and AC_CHECK_SIZEOF([long int]) instead of rolling our own. + [cf3e60d9c440] + +2010-07-29 Todd C. Miller + + * pp: + Update to latest version + [32f93be33961] + +2010-07-28 Todd C. Miller + + * sudo.pp: + Let pp determine pp_aix_version itself. + [7cf0245d84ed] + + * INSTALL, config.h.in, configure, configure.in, mkpkg, + plugins/sudoers/sudoers.c: + Add support for Ubuntu admin flag file and enable it when building + Ubuntu packages. + [00e27cff2dfb] + + * plugins/sudoers/sudoers, sudo.pp: + Add commented out SuSE-like targetpw settings + [4605d47b7413] + + * configure, configure.in: + Only try to use +DAportable for non-GCC on hppa + [75d0f284ccf7] + + * configure, configure.in: + Prevent configure from adding the -g flag unless in devel mode + [b1fd3f8d45c0] + +2010-07-27 Todd C. Miller + + * sudo.pp: + Go back to sudo-flavor to match existing packages and only use an + underscore for those that need it. + [d737069d1e1c] + + * sudo.pp: + Use sudo_$flavor instead of sudo-$flavor since that causes the least + amount of trouble for the various package managers. + [71f547af35fc] + + * mkpkg: + Fix handling of the ldap flavor Remove destdir unless --debug was + specified Make distclean before running configure if there is a + Makefile present + [6316f08de7d3] + + * sudo.pp: + Add back include file. + [195627bf68b8] + + * mkpkg: + Pass extra args on to configure on HP-UX, if we don't have the HP C + compiler, disable zlib to prevent gcc from finding it in + /usr/local/lib. + [473efa0e2bac] + + * mkpkg: + Use the HP ANSI C compiler on HP-UX if possible + [fb249b6b175d] + + * plugins/sudoers/sudoreplay.c: + Some getline() implementations (FreeBSD 8.0) do not ignore the + length pointer when the line pointer is NULL as they should. + [2410a1a3543c] + + * plugins/sudoers/sudoreplay.c: + Don't need to check for *cp being non-zero, isdigit() will do that. + [7df11ea8a487] + + * plugins/sudoers/sudoreplay.c: + Add setlocale() so the command line arguments that use floating + point work in different locales. Since sudo now logs the timing + data in the C locale we must Parse the seconds in the timing file + manually instead of using strtod(). Furthermore, sudo 1.7.3 logged + the number of seconds with the user's locale so if the decimal point + is not '.' try using the locale-specific version. + [4d385765f23b] - * visudo.c: Call yyrestart() on a parse error to reset the lexer - state. + * src/exec.c: + Do I/O logging in the C locale so the floating point numbers in the + timing file are not locale-dependent. + [5961cec044ec] + + * plugins/sudoers/sudoreplay.c: + Use errorx() not error() for thingsthat don't set errno. + [0fe5e692af84] + +2010-07-26 Todd C. Miller + + * pp: + Better support for 1.2.3 style versions in Tru64 kits + [997c549bb777] + + * sudo.pp: + Add Tru64 kit support + [e273a954f981] + + * pp: + Remove apparently unnecessary use of sudo + [be8840d85125] + + * Makefile.in, plugins/sudoers/Makefile.in: + Create timedir as part of install-dirs target. + [c736bc2fb14f] + + * src/exec_pty.c: + Handle ENXIO from read/write which can occur when reading/writing a + pty that has gone away. + [fa2e8059879f] + + * plugins/sudoers/pwutil.c: + sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL + [3a045475d5ee] + + * mkpkg: + platform is a pp flag not a variable + [12eba39a47c1] + + * Makefile.in, mkpkg, sudo.pp: + Add simple arg parsing for mkpkg so we can set debug, flavor or + platform. + [ada839fe252d] + + * pp: + Make rpm backend work on AIX 5.x + [549a76d11393] + +2010-07-25 Todd C. Miller + + * plugins/sudoers/sudoers: + Add commented out Defaults entry for log_output + [7e67d7588900] + +2010-07-23 Todd C. Miller + + * doc/Makefile.in: + Remove sudo docdir completely + [dce8e82878ef] + + * doc/sample.sudo.conf: + Add sample sudo.conf + [aafdba3fc411] + +2010-07-22 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Add PACKAGE_TARNAME for docdir + [930c92b8f8f0] + +2010-07-23 Todd C. Miller + + * src/Makefile.in: + Pass install-sh -b~ here too. + [c3f5eb446c38] + + * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Install binary files with -b~ to make a backup. Fixes "text file + busy" error on HP-UX during install. + [81f306f54f8c] + + * install-sh: + "mv -f" on HP-UX doesn't unlink the destination first so add an + explicit rm before moving the temporary into place. + [fb719a79582d] + + * configure, configure.in: + Some more ${foo} -> $(foo) conversion for consistent Makefiles. + [0aa098770074] + + * doc/Makefile.in, plugins/sudoers/Makefile.in: + Install sudoers2ldif in the doc dir + [33ac3b53d7f5] + +2010-07-22 Todd C. Miller + + * pathnames.h.in: + Add missing include of maillock.h for Solaris + [5a58883be23a] + + * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE, + doc/sample.syslog.conf, doc/sudoers.cat: + Change the default syslog facility from local2 to authpriv (or auth + if the operating system doesn't support authpriv). + [3b70ba514f49] + + * Makefile.in, sudo.pp: + Install sudoers as /etc/sudoers on RPM and debian systems where the + package manager will not replace a user-modified configuration file. + This fixes upgrades from the vendor sudo packages. + [d886b6d60b5b] + + * pp: + RPM: use %config(noreplace) instead of %config for volatile This + results in the new file being installed with a .rpmnew suffix + instead of the file being replaced and the old one renamed with a + .rpmsave suffix. + [58be2119f8e8] + +2010-07-21 Todd C. Miller + + * compat/mkstemps.c, plugins/sudoers/boottime.c: + Include time.h for struct timeval + [ddf8b04f0276] + + * src/exec_pty.c: + The return value of strsignal() may be const and should be treated + as const regardless. + [620074ae1e77] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Mention that 127.0.0.1 will not match, nor will localhost unless + that is the actual host name. + [8b574122eb8f] + + * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE: + Rename WHATSNEW -> NEWS + [d1a2c8c47d89] + + * pp: + Updated pp with latest patches + [98e16b9b8f62] + + * WHATSNEW: + Sync with 1.7.4 + [65ac4dafeef7] -1999-11-09 15:06 millert + * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/sudoers: + Add commented out line to add HOME to env_keep and add a warning to + the note about the HOME change in UPGRADE. + [0d6a775bb6c8] + +2010-07-20 Todd C. Miller + + * plugins/sudoers/sudoreplay.c: + Add LINE_MAX define for those without it. + [446d9dbe7859] + + * INSTALL, WHATSNEW, config.h.in, configure, configure.in, + doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/defaults.c: + The tty_tickets option is now on by default. + [a01c48206d80] + + * WHATSNEW: + Mention that AIX authdb support has been fixed. + [87bd7f4eba6a] + + * common/aix.c: + setauthdb() only sets the "old" registry if it was set by a previous + call to setauthdb(). To restore the original value, passing NULL + (or an empty string) to setauthdb() is sufficient. + [470da190a254] + +2010-07-19 Todd C. Miller + + * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, + doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/env.c: + Reset HOME when env_reset is enabled unless it is in env_keep + [f421f8827340] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + The default for set_logname has been "true" for some time now. + [f489da5674c3] + + * plugins/sudoers/boottime.c: + Add missing include of time.h + [624d7014932f] + + * plugins/sudoers/logging.c: + Fix check for dup2() return value. + [140ea2d50d20] + + * plugins/sudoers/env.c: + Add PYTHONUSERBASE to initial_badenv_table + [3149aae5b12c] + + * plugins/sudoers/visudo.c: + Treat an unknown defaults entry as a parse error. + [b3ebad73efb2] + + * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Check return value of setdefs() but don't stop setting defaults if + we hit an unknown one. + [945e752239ab] + + * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, + doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in, + plugins/sudoers/env.c: + If env_reset is enabled, set the MAIL environment variable based on + the target user unless MAIL is explicitly preserved in sudoers. + [a1b03e2e0e96] + +2010-07-17 Todd C. Miller + + * pp: + decode debian code names + [8741280d9960] + + * WHATSNEW: + fix typo + [a8a19451110b] + +2010-07-16 Todd C. Miller + + * WHATSNEW: + Merge with 1.7.4 + [9348fa7e15b8] + + * src/sudo.c: + Restore RLIMIT_NPROC after the uid switch if it appears that + runas_setup() did not do it for us. Fixes a bash script problem on + SuSE with RLIMIT_NPROC set to RLIM_INFINITY. + [786fb272e5fd] + +2010-07-15 Todd C. Miller + + * mkpkg, pp, sudo.pp: + Restore the dot removal in the os version reported by polypkg. Adapt + mkpkg and sudo.pp to the change. + [dcafdd53b88f] + +2010-07-16 Todd C. Miller + + * INSTALL: + document --with-pam-login + [ea93e4c6873c] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + The tag is NOSETENV, not UNSETENV. From Petr Uzel. + [2ac90d8de36e] + +2010-07-15 Todd C. Miller + + * sudo.pp: + Include flavor in solaris package name + [e605f6364c9f] + + * mkpkg: + Older shells don't support IFS= so set explictly to space, tab, + newline. + [7773960bc8a0] + + * mkpkg: + Use '=' not '==' in test + [c99d42bc48e6] + + * mkpkg: + Fix typo that prevented debian from matching + [84421078fcb7] + + * mkpkg: + Add missing prefix setting for debian + [6466f23de4aa] + + * sudo.pp: + Use tab indents to reduce the chance of problem with <<- Fix the + debian %set section, pp does not set pp_deb_distro Uncomment %sudo + line in sudoers for debian Uncomment some env_keep lines for RHEL, + SLES and debian to more closely match the vendor sudoers files. + Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on + debian for ldap flavor + [c5b49feb1a0c] + + * plugins/sudoers/sudoers: + Add commented out env_keep entries, sample Aliases and a %sudo line + for debian. + [387719e52d0f] + + * configure, configure.in: + Move zlib check later on in the script to avoid a strange shell + problem on SLES11. + [1a3153bb1291] + + * configure.in: + Remove check for egrep; configure has its own + [a3b9d98cb5d2] + +2010-07-14 Todd C. Miller + + * mkpkg: + Enable zlib for linux distros + [8fa51a1405a4] + + * mkpkg: + Add ldap flavor to default build + [97644f5a555f] + + * mkpkg, sudo.pp: + Simplify rpm linux distro settings + [b9dcf10cdf20] + + * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat: + Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo. + [2c549c1acde9] + + * Makefile.in: + Fix ChangeLog creation from build dir + [3d0c7904f173] + + * plugins/sudoers/sudoers.c: + Handle getcwd() failure. + [aef7bef87394] + + * doc/Makefile.in, mkpkg, sudo.pp: + Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR + environment variable. + [be6ed611b7a8] + + * sudo.pp: + Create sudo group on debian + [6ed6c032042e] + + * mkpkg, sudo.pp: + Add debian 4/5/6 and use the dot when doing version matches + [6bcb664d1f4f] + + * aclocal.m4, configure: + Use a loop when searching for mv, sendmail and sh + [d5e9369f8d13] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Remove spurious "and"; from debian + [a21e6f7c5b99] + + * aclocal.m4, configure, configure.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.pod: + Substitute the value of EDITOR into the sudoers and visudo manuals. + [cd79e587dd7f] + +2010-07-13 Todd C. Miller + + * mkpkg, pp, sudo.pp: + Initial support for debian 4.0 + [ac6707915fa8] + + * mkpkg: + Some platforms need -fPIE instead of -fpie + [fd6be19e5bc2] + + * plugins/sudoers/auth/pam.c: + Only set PAM_RHOST for Solaris, where it is needed to avoid a bug. + On Linux it causes a DNS lookup via libaudit. + [1e10105ade5b] + + * MANIFEST: + Update MANIFEST to match packaging changes + [ef86ee557b5b] + + * sudo.psf: + We now use pp to generate HP-UX packages + [f7aa8da7844e] + + * INSTALL.binary, plugins/sudoers/Makefile.binary.in: + Remove vestiges of old binary package bits. + [afffd005452f] + + * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + install-man -> install-doc + [99b5fa05567c] + + * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg, + plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp: + Use http://rc.quest.com/topics/polypkg/ for packaging + [5ca8eb75b223] + + * install-sh: + Just ignore the -c option, it is the default Add support for -d + option + [a8b6b0a131e8] + +2010-07-12 Todd C. Miller + + * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c: + Use _PATH_STDPATH instead of _PATH_DEFPATH + [137fa911908e] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Do not strip binaries. + [20166e287176] + + * INSTALL, configure, configure.in: + Add --insults=disabled configure option to allow people to build in + insult support but have the insults disabled unless explicitly + enabled in sudoers. + [523b8c552e90] + + * compat/mkstemps.c: + Add prototype for gettime() + [275eee40473b] + + * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c, + plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add support for a sudo-i pam.d file to be used for "sudo -i". + Adapted from a RedHat patch. + [06d34f16520b] + +2010-07-09 Todd C. Miller + + * include/missing.h: + Fix mkstemps() prototype + [2421841e815b] + + * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c, + config.h.in, configure, configure.in, include/missing.h, + src/sudo_edit.c: + Use mkstemps() instead of mkstemp() in sudoedit. This allows + sudoedit to preserve the file extension (if any) which may be used + by the editor (like emacs) to choose the editing mode. + [d33172d2c086] + +2010-07-08 Todd C. Miller + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, + plugins/sudoers/ldap.c: + TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses + TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client + code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you + should avoid disabling TLS_CHECKPEER is possible. + [196622436212] + +2010-07-07 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Make sudo_plugin format a bit more like a man page + [048d596e32da] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add suport for negated user/host/command lists in a Defaults entry. + E.g. Defaults:!baduser noexec + [d41112cf0342] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Add uninstall target + [fea66ebf136a] + + * common/Makefile.in, compat/Makefile.in: + Remove unused AR, SED and RANLIB variables + [2ff9928bfdb3] + + * Makefile.in: + Do not install sample plugins + [5443b87bd1c3] + +2010-07-06 Todd C. Miller + + * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure, + configure.in, plugins/sudoers/env.c: + Now that sudoers is a dynamically loaded module we cannot override + the libc environment functions because the symbols may already have + been resolved via libc. Remove getenv/putenv/setenv/unsetenv + replacements from sudoers and add replacements for setenv/unsetenv + for systems that lack them. + [3f2b43cb8851] + + * configure, configure.in, plugins/sudoers/Makefile.in: + Link testsudoers with -ldl when needed + [f79606f9fcd7] + + * plugins/sample_group/plugin_test.c: + Remove unused time.h and add limits.h for PATH_MAX + [3f5d0074d621] + + * doc/sudoers.ldap.pod: + Fix typo. + [bc855fd57397] + +2010-07-05 Todd C. Miller + + * plugins/sample_group/plugin_test.c: + Do not depend on strlcpy/strlcat + [6e7e2b5af051] + + * plugins/sample_group/plugin_test.c: + Standalone test driver for sudoers group plugin. + [eb1235fc3b8e] + +2010-07-02 Todd C. Miller + + * plugins/sudoers/group_plugin.c, src/load_plugins.c: + Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging + aid. + [2a34e616229b] + + * plugins/sample_group/sample_group.c: + Fix style nit in function declarations + [ab87c7c76bf9] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document group_plugin syntax. + [ed1faf72ddcb] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document the sudoers group plugin. + [f19a62dc8cfc] + + * INSTALL, MANIFEST, Makefile.in, config.h.in, configure, + configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h, + plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c, + plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c, + plugins/sudoers/match.c, plugins/sudoers/nonunix.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c: + Replace built-in non-unix group support with a sudoers group plugin. + Include a sample plugin that can read Unix-format group files. + [8fc58ce0b1a8] + + * configure, configure.in, src/load_plugins.c: + Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage. + [5c491dddb8ef] + +2010-07-01 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod: + Move sudoers-specific bits out of sudo(8) and into sudoers(5) + [e8a5a5830cfe] + + * aclocal.m4, configure, configure.in: + Substitute @io_logdir@ for the sudoers I/O log directory. + [21a75ca7b0ab] + +2010-06-29 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, + common/atobool.c, common/fileops.c, common/fmt_string.c, + common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c, + compat/getgrouplist.c, compat/getline.c, compat/glob.c, + compat/snprintf.c, config.h.in, configure, configure.in, + include/fileops.h, plugins/sample/sample_plugin.c, + plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c, + src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c, + src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c: + Set usrinfo for AIX Set adminstrative domain for the process when + looking up user's password or group info and when preparing for + execve(). Include strings.h even if string.h exists since they may + define different things. Fixes warnings on AIX and others. + [cf8b93e872c9] + + * Makefile.in: + Add a separate all target for AIX make which was using the entire + LHS (not just the first entry) of the first target as the implicit + target. + [a45b980a01ef] + + * plugins/sudoers/env.c: + Do not rely on env.env_len when unsetting a variable, just use the + NULL terminator. + [ca6eb239c829] + + * plugins/sudoers/env.c: + In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008 + [7046ba7caa4e] + +2010-06-25 Todd C. Miller + + * plugins/sudoers/vasgroups.c: + Use warningx() instead of log_error() since the latter is not + available to visudo or testsudoers. This does mean that they don't + end up in syslog. + [152b7c50f426] + + * plugins/sudoers/sudoers.c: + Defer call to sudo_nonunix_groupcheck_cleanup() until after we have + closed the sudoers sources. From Quest sudo. + [c1cd573bab94] + + * plugins/sudoers/pwutil.c: + Ignore case when matching user/group names in the cache. From Quest + sudo. + [2aa4ecc7d7f5] + +2010-06-24 Todd C. Miller + + * config.h.in, configure, configure.in, src/selinux.c: + Add check for setkeycreatecon() when --with-selinux is specified. + [affae247b4e0] + + * configure, configure.in: + Error out if libaudit.h is missing or ununable when --with-linux- + audit was specified + [d82e743fac04] + + * doc/HISTORY, doc/history.pod: + Add =head3 entries, mostly for the html version + [ee93112d0308] + +2010-06-22 Todd C. Miller + + * doc/HISTORY, doc/history.pod: + Mention when LDAP was incorporate. + [2923dc17f79c] + +2010-06-21 Todd C. Miller + + * configure, configure.in: + Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is + not covered by _ALL_SOURCE. + [c92fd69809d0] + +2010-06-18 Todd C. Miller + + * plugins/sudoers/iolog.c: + Add a cast to quiet a compiler warning. + [a200e07ee1bc] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Quiet a compiler warning. + [c9acfc927cea] + + * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Call set_fqdn() after sudoers has parsed instead of inline as a + callback. + [5f4e5d075f2d] + + * WHATSNEW, plugins/sudoers/sudoers.c: + Do not call set_fqdn() until sudoers parses (where is gets run as a + callback). + [09040fca6d40] + + * WHATSNEW: + mention the change in tty ticket behavior when there is no tty + [575a1fd98f05] + + * plugins/sudoers/check.c: + Do not update tty ticket if there is no tty. + [63f9c33ce6a7] + + * doc/LICENSE, doc/license.pod: + Update copyright year + [0722ab5d404b] + + * doc/Makefile.in: + Do not rely on BSD make's $> + [936a86398bd9] + + * configure, configure.in: + Set timedir to /var/db/sudo for darwin to match Apple sudo's + location + [d5b9b03096f1] + +2010-06-16 Todd C. Miller + + * plugins/sudoers/sudoers.h: + Add stub declarations for struct stat and struct timeval + [f6d90551a4fd] + + * MANIFEST: + Remove compat/sigaction.c + [d0ed6d9a770e] + + * config.h.in, configure, configure.in, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: + Check for zlib.h in addition to libz. + [6e191b4a6065] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h, + src/sudo_exec.h: + Move functions and symbols shared between exec.c and exec_pty.c into + sudo_exec.h. + [14ae63403544] + + * doc/Makefile.in: + Comment out rules to build .man.in and .cat files unless --with- + devel + [3cf7e5606a85] + + * doc/Makefile.in: + Comment out rules to build .man.in and .cat files unless --with- + devel + [d30495b0e29e] + + * src/parse_args.c: + Quote any non-alphanumeric characters other than '_' or '-' when + passing a command to be run via the shell for the -s and -i options. + [d633f74fe2d9] + + * doc/Makefile.in: + Add back .man suffix + [6e63b60a2739] + + * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, + src/selinux.c: + Add Linux audit support. + [5a2f445e0bd4] + +2010-06-15 Todd C. Miller + + * plugins/sudoers/iolog.c: + Remove an XXX + [a170cbe651d1] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, + plugins/sudoers/sudoreplay.c: + Add -f (filter) option to sudoreplay to allow certain streams to be + replayed and others ignored. + [62e51b432ea1] + + * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h, + src/tgetpass.c: + Fix -A flag when askpass is specified in sudo.conf or if sudo + doesn't need to read a password. + [2e401e4a00e3] + + * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c, src/tgetpass.c: + Clean up some XXXs + [689f0b002d3d] + + * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for multiple sudoers_base entries in ldap.conf. From + Joachim Henke + [e3e4a3c2bd5b] + + * config.h.in, configure, configure.in, plugins/sudoers/logging.c, + src/exec_pty.c: + remove setsid check, we require a POSIX system + [cc73cb9e22c0] + + * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c, + src/sudo.c, src/tgetpass.c: + Check for dup2() failure. + [5d46d66794f5] + + * config.h.in, configure, configure.in: + Remove dup2() check, it is not optional. + [5f1d56de4384] + +2010-06-14 Todd C. Miller + + * WHATSNEW: + sync with sudo 1.7.3 + [88e5c0bd6d59] + + * INSTALL: + SunOS does not ship with an ANSI compiler + [f13c85c67069] + + * INSTALL: + Update OS specific notes. Delete some really ancient ones and move + older ones to the end of the list. + [59ce592c4c52] + + * README: + Sudo can be downloaded from the web site too Mention "OS dependent + notes" section in INSTALL + [191871538984] + + * src/exec_pty.c, src/selinux.c: + Call selinux_restore_tty() as part of cleanup() so it gets called + from error()/errorx() + [bb017da6b6da] + + * MANIFEST, doc/PORTING: + Remove obsolete porting guide + [321e35591344] + + * plugins/sudoers/interfaces.h, plugins/sudoers/match.c: + Move union sudo_in_addr_un into interfaces.h + [b2c8b19ee094] + + * doc/Makefile.in: + Remove useless circular dependencies + [5682181b59cf] + + * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c: + Convert to ANSI C function declarations + [a4f76927d034] + + * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c, + common/zero_bytes.c, compat/charclass.h, compat/closefrom.c, + compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, + compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c, + compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, + compat/strlcpy.c, compat/timespec.h, compat/utime.h, + compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod, + include/alloc.h, include/error.h, include/lbuf.h, include/list.h, + include/missing.h, pathnames.h.in, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/match.c, + plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c, + plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, + plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c, + src/conversation.c, src/error.c, src/load_plugins.c, + src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c, + src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c: + Update copyright year + [26ac7991f7d8] + + * doc/Makefile.in: + Fix commented DEVDOCS when not in devel mode. + [e0a97eaf3793] + + * plugins/sudoers/match.c: + Quiet a compiler warning. + [b2a17ebd5d38] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Quiet a compiler warning. + [687843bc593d] + + * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h: + Make all functions in ldap.c static + [b2111e89eeba] + + * doc/schema.ActiveDirectory: + Updates from Alain Roy to provide better examples for importing the + schema and to fix problems caused by Windows validating attributes + which have not yet been added before committing the changes. + [69f4c5ccaf89] + +2010-06-11 Todd C. Miller + + * configure, configure.in, doc/Makefile.in, doc/sudo.cat, + doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, + doc/visudo.cat, doc/visudo.man.in: + Leave rules to build .man.in and .cat files uncommented but only + make them part of the "all" rule in devel mode. Generate .cat files + directly from .man.in instead of .man using default values in + configure.in + [c3054a44f6a5] + + * configure, configure.in: + Bump sudo version to 1.8.0b1 + [8f79c85135e1] + + * configure, configure.in, src/sudo.c, src/sudo_usage.h.in: + Print configure args with verbose version information. + [1ce690660ed2] + + * TODO, plugins/sudoers/visudo.c: + Remove tfd from struct sudoersfile; it is not used. Add prev pointer + to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE. + Use tq_append to append sudoers entries to the tail queue. + [1743f9a286e4] + +2010-06-10 Todd C. Miller + + * WHATSNEW: + Describe tty timestamp improvements + [e214e863a313] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + A comment character may not be part of a command line argument + unless it is quoted with a backslash. Fixes parsing of: + testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441 + [ea2e990f85ed] + + * doc/sudoers.pod: + Make this read a little bit better when passwd_timeout is 0. + [39d362757f31] + + * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod: + Attempt to handle a default password prompt timeout of zero more + gracefully. + [ea47d43acf5b] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Do not override value of keepopen global, instead restore it to the + value we pushed onto the stack when popping. + [fe282e5a3402] + + * plugins/sudoers/Makefile.in: + Add dependency for utility programs on libreplace and libcommon + [2339aba64928] + + * compat/sigaction.c, config.h.in, configure.in, include/compat.h, + plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, + src/exec.c, src/exec_pty.c, src/tgetpass.c: + Remove sigaction emulation Use SA_INTERRUPT in sa_flags + [7dd61f1bd8d2] + + * MANIFEST, config.h.in, configure, configure.in, include/missing.h: + We don't use getgrouplist() at the moment so there's no need to + provide a compat version. + [1597536fbada] + + * TODO: + sync with reality + [9e1a874e7885] + + * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, + src/conversation.c, src/sudo.h, src/tgetpass.c: + Fix visiblepw sudoers option; the plugin API portion still needs + documenting + [60b6933ef5e0] + + * src/sudo.c: + Print sudo version as well. + [987ed459b459] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Use sudo_printf for I/O log version Clarify policy plugin version + string + [5a58b7e8c80b] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c: + Silence some compiler warnings + [afb1eba90915] + + * src/load_plugins.c, src/tgetpass.c: + Store askpass path in a global instead of uses setenv() which many + systems lack. + [b440bcc0e660] + +2010-06-09 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/check.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c, + src/tgetpass.c: + Move askpass path specification from sudoers to sudo.conf. + [5507ab867c26] + + * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Use a flag bit in struct command_details for selinux instead of a + separate field. + [c59ca4acded9] + + * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Implement background mode. If I/O logging we use pipes instead of a + pty. + [c07a4b356cbd] + + * compat/mksiglist.c, compat/strsignal.c, include/compat.h, + src/exec.c, src/exec_pty.c, src/tgetpass.c: + Move compat definition of NSIG to compat.h + [ab0385467f25] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Mention plugins in the sudo manual and add some missing path + substitution in the sudo_plugin manual. + [570f831f47a3] + + * src/Makefile.in: + Set _PATH_SUDO_CONF based on $(sysconfdir) + [fde51869cf07] + + * common/lbuf.c, common/term.c, config.h.in, configure, configure.in, + src/exec.c, src/exec_pty.c, src/ttysize.c: + Require POSIX termios to build sudo + [9ec6b41f3f95] + + * src/tgetpass.c: + Ignore SIGPIPE for "sudo -S" + [7ad27fde0c06] + + * src/tgetpass.c: + Fix uninitialized variable in TGP_ECHO case and print a newline if + the user interrupted password input. + [ce19204d8dd4] + + * src/tgetpass.c: + Make TGP_ECHO override TGP_MASK and don't try to restore the + terminal if we didn't modify it. + [a7e11abfe7e4] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, + src/conversation.c, src/sudo.h, src/tgetpass.c: + Add SUDO_CONV_PROMPT_MASK define which corresponds to the + "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is + set. + [e0550590cabe] + + * src/exec_pty.c: + Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl + [762448182fe3] + +2010-06-08 Todd C. Miller + + * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h: + Add selinux_enabled flag into struct command_details and set it in + command_info_to_details(). Return an error from selinux_setup() + instead of exiting. Call selinux_setup() from exec_setup(). + [011bea23a5a0] + +2010-06-09 Todd C. Miller + + * src/exec_pty.c: + Remove commented out copy of old sudo_execve() function. + [9c5e21380472] + +2010-06-08 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Fix setting selinux type on command line. + [814b20a0b3be] + + * plugins/sudoers/iolog.c: + In sudoers_io_close(), skip NULL io_fds[] elements. + [4011ff7d4daf] + + * include/compat.h: + No longer need NGROUPS_MAX define + [cae4c49d7077] + + * compat/nanosleep.c, config.h.in, configure, configure.in, + include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c, + plugins/sudoers/visudo.c, src/sudo_edit.c: + Replace timerfoo macros with timevalfoo since the timer macros are + known to be busted on some systems. + [4f97d79f2d41] + + * src/exec_pty.c: + Remove duplicate call to selinux_setup(). + [82bd52764e21] + + * plugins/sudoers/auth/pam.c: + If pam_open_session() fails, pass its status to pam_end. + [1d8de4cf8ff3] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + If a file in a #includedir has improper permissions or owner just + skip it. This prevents packages that incorrectly install a file + into /etc/sudoers.d from breaking sudo so easily. Syntax errors in + #includedir files still result in a parse error (for now). + [ade99a4549a4] + + * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/iolog.c: + Add use_pty sudoers option to force use of a pty even when not + logging I/O. + [b280a8972a79] + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: + Make env_init() void as it never fails. + [d3890e55daa7] + + * plugins/sudoers/env.c: + No longer use _NSGetEnviron so don't need crt_externs.h + [9b4e0e139881] + + * plugins/sudoers/env.c: + Remove unused VNULL define + [a42cacb263e3] + +2010-06-07 Todd C. Miller + + * plugins/sudoers/iolog.c: + Add #define for maximum session id + [9e18c17a28c2] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h: + Split exec.c into exec.c and exec_pty.c + [d52376327332] + + * MANIFEST: + Sync with source file moves. + [4a62c6c9e846] + + * src/Makefile.in, src/get_pty.c, src/pty.c: + Rename pty.c -> get_pty.c + [5696a12bd29b] + +2010-06-06 Todd C. Miller + + * plugins/sudoers/iolog.c: + Only use I/O input log file if def_log_input is set and output file + if def_log_output is set. + [d866992f1681] - * parse.lex, lex.yy.c: Don't need YY_FLUSH_BUFFER after all Move - yyrestart() into visudo.c since it might not get called in yywrap - if we get a parse error (and we only reread the file on error - anyway). +2010-06-04 Todd C. Miller -1999-11-09 14:32 millert + * compat/strsignal.c: + Update copyright year + [a96f2593fd4e] - * parse.lex, lex.yy.c: Call YY_FLUSH_BUFFER macro in yywrap() to - clean up any buffers that might still exist. Call yyrestart() - instead of using the deprecated YY_NEW_FILE macro. + * src/pty.c: + uid -> ttyuid + [c3454d74ebcb] + + * plugins/sudoers/sudoers.c: + For sudoedit, make a local copy of editor string si become part of + argv. If no editor environment variable, split def_editor on ':' + since it may be a colon-delimited path. + [2ee298506a6e] + + * src/sudo_edit.c: + Remove unneeded endpwent()/endgrent() + [623f6743d101] -1999-11-09 12:13 millert + * doc/Makefile.in: + Use value of nroff from configure + [b2ce649125ab] + + * src/exec.c: + Add missing const to I/O log action function + [d764a3955e04] + + * plugins/sudoers/check.c: + Update copyright year and fix whitespace + [e648c35b16be] + + * configure, configure.in: + Fix typo + [8e0bdfc47da4] + + * plugins/sudoers/iolog.c: + Remove redundant tty signal blocking in log function. + [f17f575dabd4] + +2010-06-03 Todd C. Miller + + * plugins/sudoers/iolog.c: + Place static keyword where it belongs + [b01aec7c86b4] + + * plugins/sudoers/logging.c: + Always use a printf format string for send_mail() + [13b1ada644c9] + + * common/atobool.c, plugins/sudoers/ldap.c: + Extend atobool() so we can use it in the LDAP code. + [73f8e6807044] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: + Sudo now stashes tty ctime for tty_tickets on Solaris too. + [e82df13ad3fd] + + * plugins/sudoers/boottime.c: + Fix dummy version of get_boottime() + [01d69c06013b] - * lex.yy.c, parse.lex: flex doesn't need %N table size declarations +2010-06-02 Todd C. Miller + + * plugins/sudoers/check.c: + Enable tty_is_devpts() support for Solaris with the "devices" + filesystem. + [237c6b25fa84] + + * src/exec.c: + Unbreak the non-io logging case. + [4822b9f709fb] + + * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: + Fix symbol name conflict with sudo_printf. + [0d44eab0a8f6] + + * plugins/sudoers/auth/pam.c: + Fix OpenPAM detection for newer versions. + [1b2abed232d8] + + * plugins/sudoers/vasgroups.c: + Sync with Quest sudo git repo + [f1d98b3cba02] + + * aclocal.m4, configure, configure.in: + HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check + Add missing template for ENV_DEBUG Adapted from Quest sudo + [695dbd7b28f4] + + * README.LDAP: + Fix typos; from Quest Sudo + [4eba9da33b8e] + +2010-06-01 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Add back -I$(top_srcdir); we need it for including compat/foo.h + since we cannot rely on "foo.h" being found relative to the source + file when the cwd is different. + [bbf24695f325] + + * src/exec.c: + Fix a bug where we could treat EAGAIN as a permanent error. Also set + cstat if perform_io() returns an error. + [200475c4326f] + + * common/alloc.c, plugins/sudoers/boottime.c, + plugins/sudoers/sudoers.c: + Add casts to quiet compiler warnings. + [85eb1c336697] + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Fix typo in ternary operator usage. + [6492ac1450e2] + +2010-05-30 Todd C. Miller + + * INSTALL, configure, configure.in: + Add --enable-warnings and fix typo in SUDO_IO_LOGDIR + [92121d693b30] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: + Update docs to match sudoers I/O logging changes + [18d651989e49] + + * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in, + pathnames.h.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c: + Break sudoers transcript feature up into log_input and log_output. + [db3c1248d2ad] + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Use setprogname() as needed. + [6beee63a4553] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: + Adapt sudoreplay to iolog changes. + [581f52c05f0f] + +2010-05-29 Todd C. Miller + + * plugins/sudoers/iolog.c: + Log all input and output into separate files and store a number on + each timing file line to indicate which file the data is in. + [fb460c5273dd] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Make sudoers_io functions static to iolog.c + [b2df3cc3eecb] + +2010-05-28 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c, + src/sudo_usage.h.in: + Completely remove the -L flag from the sudo front end. + [3d220030b720] + + * plugins/sudoers/sudoreplay.c: + Fix EAGAIN handling when writing to stdout. + [4766d77cea49] + + * plugins/sudoers/sudoers.c: + Eliminate unused variables + [83bd711e79c4] + + * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c: + Re-enable cleanup functions in sudoers plugin and sudo driver for + error()/errorx(). + [43093f937dd8] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Use sudo_printf to display verbose version information. + [435cc9f8d4a2] + + * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Minor Makefile cleanup: fix a typo, change the removal order in the + clean targets, and remove a superfluous include path for the sudoers + plugin. + [6e3b2d6b4437] + + * plugins/sudoers/env.c: + Handle duplicate variables in the environment. For unsetenv(), keep + looking even after remove the first instance. For sudo_putenv(), + check for and remove dupes after we replace an existing value. + [c1bbb88d0435] + +2010-05-27 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Use explicit path to source file instead of $< for files that live + in devdir and top_srcdir. + [358ab7f6cc64] + + * plugins/sudoers/Makefile.in: + Add explicit rules to compile gram.c and toke.c for HP-UX Pevent + ending LIBSUDOERS_OBJS with a backslash + [481a5c96d47e] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Link libcommon before libreplace since libcommon may use functions + only present in libreplace. + [1847c496ff5b] + + * common/Makefile.in: + Move code common to sudo and the sudoers plugin to a convenience + library, libcommon. Removes the need to make links in the sudoers + plugin dir and reduces re-compilation of duplicate object files. + [4c8986352937] + + * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c, + common/term.c, common/zero_bytes.c, configure, configure.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c, + src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c, + src/zero_bytes.c: + Move code common to sudo and the sudoers plugin to a convenience + library, libcommon. Removes the need to make links in the sudoers + plugin dir and reduces re-compilation of duplicate object files. + [1d1d98bd55b9] + + * src/exec.c, src/sudo.c, src/sudo.h: + Rename script_execve to sudo_execve and rename script_foo in exec.c + [a35ec80de96a] + + * MANIFEST, src/Makefile.in, src/exec.c, src/script.c: + rename script.c exec.c and fix up the MANIFEST file + [36bc3bff9578] + + * src/script.c, src/sudo.c, src/sudo.h: + Rename script_setup() to pty_setup() and call from script_execve() + directly. + [899b0fb2a14d] + + * configure, configure.in: + bump version to 1.8.0a2 + [0b1c1ca9d4e5] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document init_session + [b5324785a406] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + Clean up the sudoers auth API a bit and update the docs. + [c40fd4cb6e68] + + * include/sudo_plugin.h, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/script.c, src/sudo.c: + Add init_session function to struct policy_plugin that gets called + before the uid/gid/etc changes. A struct passwd pointer is passed + in,which may be NULL if the user does not exist in the passwd + database.The sudoers module uses init_session to open the pam + session as needed. + [d71723320ee8] + +2010-05-26 Todd C. Miller + + * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add open/close session to sudo auth, only used by PAM. This allows + us to open (and close) the PAM session from sudoers. + [2665e2920d0d] + + * plugins/sudoers/Makefile.in: + Add explicit rule to build getdate.o for HP-UX make. + [7f049e989956] + + * plugins/sudoers/Makefile.in: + Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c + rules as an alternate way to prevent HP-UX make (and others) from + trying to rebuild the parser in non-dev mode. + [f84badad98c5] + + * plugins/sudoers/sudoers.c: + Re-enable PATH_MAX check for command + [40d8a50da136] + + * Makefile.in: + For distclean, clean the main directory last since the subdirs need + to be able to run libtool to clean things. + [8949a9861634] + + * compat/Makefile.in: + Fix generation of mksiglist.h + [b7cdc9b36650] + + * src/script.c: + Now that we defer sending cstat until the end of script_child() we + cannot reuse cstat when reading command status from parent. + [25c882643466] + +2010-05-25 Todd C. Miller + + * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + Use numeric registers to handle conditionals instead of trying to do + it all with text processing. + [478079c3fd4b] + + * doc/sudoers.pod: + Document per-command SELinux settings + [13840d566805] + + * plugins/sudoers/sudoers.c: + Repair "sudo -l -U username" + [10a0dcdf2ddf] + + * plugins/sudoers/sudoers.c: + Set selinux role and type in command details. + [8ae6d35a126d] + + * src/script.c, src/selinux.c, src/sudo.h: + Rework SELinux support. + [83279cc94bf2] + +2010-05-24 Todd C. Miller + + * src/script.c, src/selinux.c, src/sudo.h: + Make SELinux support compile again. Needs more work to be complete. + [3d3addebcf82] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c, + src/sudo.h: + Bring back closefrom settings. + [b1c6257d4bbb] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + If running a command or sudoedit in transcript mode, call + io_nextid() before log_allowed() so the session id is logged. + [c42f3ae40150] + + * configure, configure.in: + Use mandoc(1) if nroff(1) is not present. + [daad4bbd04af] + + * doc/Makefile.in: + Use the --file argument to config.status instead of setting + CONFIG_FILES in the environment. + [c89411a8bf70] + + * plugins/sudoers/Makefile.in: + We cannot conditionally update gram.h or the dependency ordering + gets messed up in devel mode. + [c938953231d9] + +2010-05-21 Todd C. Miller + + * Makefile.in, compat/Makefile.in, configure, configure.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Substitute @SHELL@ into Makefiles + [36aa6a095335] + + * config.sub: + Fix typo + [16d294d26b58] + + * config.guess, config.sub, configure, configure.in: + Update to autoconf 2.65 + [4fa6ea8caea3] + + * Makefile.in: + Fix libtool target (space vs. tabs) + [755cf3892618] + + * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c: + Remove use of RETSIGTYPE; all modern systems have signal handlers + that return void. + [42b4e3aee668] + + * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in, + ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, + m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Update to libtool-2.2.6b. I haven't made any local modifications + this time, which should be OK since we install sudo_noexec.so by + hand now. + [6f79ced593bb] + + * compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Use libtool to clean objects + [1581057d6472] + + * include/Makefile.in: + Install sudo_plugin.h as part of "make install" and make other + install targets callable from the top-level Makefile + [aaaeb027d774] + + * configure, configure.in: + regen with autoupdate to eliminate AC_TRY_LINK + [5d5541c230f5] + + * Makefile.in, compat/Makefile.in, configure, configure.in, + doc/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Install sudo_plugin.h as part of "make install" and make other + install targets callable from the top-level Makefile + [b258b8401b1c] + + * plugins/sample/sample_plugin.c: + The sample plugin doesn't support being run with no args so return a + usage error in this case. + [473b3cf965be] + + * plugins/sudoers/iolog.c: + Set close on exec flag for descriptors used for I/O logging so they + are not present in the command being run. + [2c7e8708df76] + + * plugins/sudoers/tsgetgrpw.c: + Set close on exec flag in private versions of setpwent() and + setgrent(). + [64fef78cb833] + + * src/script.c: + Close the I/O pipes aftering dup2()ing them to std{in,out,err}. + Fixes extra fds being present in the command when it is part of a + pipeline. + [060451617713] + + * plugins/sudoers/sudoers.c: + Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it + is used when logging). Note that user_ttypath will still be NULL if + there is no tty. + [31b69a6ecda7] + + * src/script.c, src/sudo.h: + Cosmetic changes: add comments, remove orphaned prototype and + make a global static. + [f7851af0143e] + +2010-05-20 Todd C. Miller + + * src/script.c: + Move check for maxfd == -1 to flush_output where it belongs. + [b826a95b4491] + + * src/script.c: + Break out of select loop if all the fds we want to select on are -1. + [f5b387024238] + + * src/sudo.c: + Avoid possible malloc(0) if plugin returns an empty groups list. + [9765a8fe5ce7] + + * src/sudo.c: + Add debugging info when calling plugin close function + [95a273c7ff66] + + * src/script.c: + Avoid closing stdin/stdout/stderr when we are piping output. + [330e76423caf] + + * src/script.c: + When execve() of the command fails, it is possible to receive + SIGCHLD before we've read the error status from the pipe. Re-order + things such that we send the final status at the very end and prefer + error status over wait status. + [b0dcf825244f] + +2010-05-19 Todd C. Miller + + * plugins/sudoers/auth/sudo_auth.c: + Fix compilation for non PAM/BSD auth/AIX auth + [e382b39d2e4f] + +2010-05-18 Todd C. Miller + + * src/script.c: + Additional checks to make sure we don't close /dev/tty by mistake. + When flushing, sleep in select as long as we have buffers that need + to be written out. + [8139cbd3dd54] + + * src/script.c: + Now that we can use pipes for stdin/stdout/stderr there is no longer + a need to error out when there is no tty. We just need to make sure + we don't try to use the tty fd if it is -1. + [666621635d26] + +2010-05-17 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c: + Add argc and argv to I/O logger open function. + [0d7faa007d27] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h, + plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, + src/parse_args.c, src/sudo.c, src/sudo_edit.c: + Remove check_sudoedit function pointer in struct sudo_policy. + Instead, sudo will set sudoedit=true in the settings array. The + plugin should check for this and modify argv_out as appropriate in + check_policy. + [c0328e3276b8] + +2010-05-16 Todd C. Miller + + * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h, + src/sudo_edit.c: + If plugin sets "sudoedit=true" in the command info, enable sudoedit + mode even if not invoked as sudoedit. This allows a plugin to + enable sudoedit when the user runs an editor. + [96d67b99e42e] + +2010-05-15 Todd C. Miller + + * plugins/sudoers/Makefile.in: + gram.h must not depend on gram.y if we want to avoid unnecessary + rebuilding of targets dependent on gram.h when gram.y changes. + [9db4b767fdca] + + * plugins/sample/sample_plugin.c: + Refactor common bits of check_policy and check_edit + [ac4d366a04cf] + + * plugins/sample/sample_plugin.c: + Add sudoedit support + [a1a6cc4c0cef] + +2010-05-14 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Rely more on VPATH; fixes a dependency issue with the parser. + [45e406ebdea2] + + * include/compat.h: + Fix typo introduced in last commit + [3ccb0f853d11] + + * include/compat.h: + Emulate seteuid using setreuid() or setresuid() as needed. There are + still a few places that call seteuid() directly. + [36e8efa3a99d] + + * src/parse_args.c, src/sudo_edit.c: + Attempt to fix building on systems that only have setuid. + [8e9ba4083318] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Clarify sudoedit a tad. + [d39dfaa14ade] + +2010-05-13 Todd C. Miller + + * src/sudo_edit.c: + Fix compilation on HP-UX + [f6e47843d139] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document sudoedit + [4cbf5196d993] + + * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: + Change how we handle the sudoedit argv. We now require that there + be a "--" in argv to separate the editor and any command line + arguments from the files to be edited. + [20623d549a3c] + + * include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c: + Work in progress support for sudoedit. The actual interface used by + the plugin for sudoedit is likely to change. + [c31262a31997] + + * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c: + Make find_path() a little more generic by not checking def_foo + variables inside it. Instead, pass in ignore_dot as a function + argument. + [9c23101a094d] + + * plugins/sudoers/env.c: + Add version of getenv(3) that uses our own environ pointer. + [0e3783e63534] + +2010-05-12 Todd C. Miller + + * src/script.c: + Avoid a potential race condition if SIGCHLD is received immediately + before we call select(). + [99adc5ea7f0a] + + * plugins/sudoers/sudoers.c: + Call env_init() before we open the sudoers sources as those may call + our setenv() replacement. + [5f82601f5ab0] + + * plugins/sudoers/env.c: + Initialize env_len in env_init() + [7ae02b3029b5] + +2010-05-11 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: + Document time stamp shortcomings under SECURITY NOTES Use "time + stamp" instead of timestamp. + [2b86120815b2] + + * doc/Makefile.in: + Make sed substitution of mansectsu and mansectform global. + [94588632dba0] + + * plugins/sudoers/check.c: + If the tty lives on a devpts filesystem, stash the ctime in the tty + ticket file, as it is not updated when the tty is written to. This + helps us determine when a tty has been reused without the user + authenticating again with sudo. + [0e62a31bceb0] + + * src/tgetpass.c: + Fix pasto in mulitple signal fix and use _NSIG not NSIG since that + is what our compat checks set. + [df50f0a040c9] + + * configure, configure.in: + Add check for whether sudo need to link with -ldl to get dlopen(). + This is a bit of a hack that will get reworked when libtool is + updated. + [63bdcf579533] + + * plugins/sudoers/check.c: + Fix timestamp removal with -k/-K + [6b4639fef973] + + * plugins/sudoers/Makefile.in: + audit.c is now private to the sudoers plugin + [1974f342ae0b] + + * configure, configure.in: + Link with -lpthread on HP-UX since a plugin may be linked with + -lpthread and dlopen() will fail if the shared object has a + dependency on -lpthread but the main program is not linked with it. + [d42139391263] + + * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c: + Add separate test for getresuid() since HP-UX has setresuid() but no + getresuid(). + [910fe727a374] + + * doc/Makefile.in: + Remove errant backslash + [dd5464257c69] + + * src/script.c: + Fix SIGPIPE handling. Now that we use may use pipes for + stdin/stdout we need to pass any SIGPIPE we receive to the running + command. + [3f6b1991f4fd] + + * src/script.c: + Also start the command in the background if stdin is not a tty. + [d93bc33a3740] + +2010-05-10 Todd C. Miller + + * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c: + No need to use pseudo-cbreak mode now that we use pipes when stdout + is not a tty. Instead, check whether stdin is a tty and if not, + delay setting the tty to raw mode until the command tries to access + it itself (and receives SIGTTIN or SIGTTOU). + [e68315cf8c6b] + + * src/tgetpass.c: + Use an array for signals received instead of a single variable so we + don't lose any when there are multiple different signals. + [2ac726dac864] + + * src/tgetpass.c: + Do signal setup after turning off echo, not before. If we are using + a tty but are not the foreground pgrp this will generate SIGTTOU so + we want the default action to be taken (suspend process). + [bebb6209c795] + +2010-05-07 Todd C. Miller + + * src/script.c: + Flush the iobufs on suspend or child exit using the same logic as + the main event loop. + [c627feee1035] + + * src/script.c: + Free memory after we are done with it. + [8db9b611b45a] + +2010-05-06 Todd C. Miller + + * doc/HISTORY: + Quest now sponsors Sudo development + [6cc490083bc7] + +2010-05-05 Todd C. Miller + + * doc/Makefile.in: + Install sudo_plugin man page. + [c253729790b2] + + * src/script.c: + Go back to reseting io_buffer offset and length (and now also the + EOF handling) in the loop we do the FD_SET, not after we drain the + buffer after write() since we don't know what order reads and writes + will occur in. + [5f38bfa8497f] + + * MANIFEST: + audit files moved to sudoers plugin directory + [b1ead182428e] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document plugin_printf and new logging functions. + [fe9430b60ab5] + + * src/script.c: + Add support for logging stdin when it is not a tty. There is still a + bug where "cat | sudo cat" has problems because both cat and sudo + are trying to read from the tty. + [04c9c59fcfba] + + * include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/sudoers.c, src/script.c: + Add separate I/O logging functions for tty in/out and + stdin/stdout/stderr. NOTE: stdin logging does not currently work and + is disabled for now. + [a36dfd4ca935] + +2010-05-04 Todd C. Miller + + * include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: + Add pointer to a printf like function to plugin open functon. This + can be used instead of the conversation function to display info and + error messages. + [98734eea8ef1] + + * Makefile.in: + Stop if make in a subdir fails + [228bb3ad2dbc] + + * src/script.c: + Only set user's tty to blocking mode when doing the final flush. + Flush pipes as well as pty master when the process is done. + [20ff67218666] + +2010-05-03 Todd C. Miller + + * plugins/sudoers/ldap.c: + Use print_error() when displaying ldap config info in debugging + mode. + [d142e0cacb22] + + * compat/Makefile.in, compat/strdup.c, compat/strndup.c: + No longer need strdup() or strndup() replacements. + [df53697174ec] + + * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.h: + Add print_error() function that uses the conversation function to + print a variable number of error strings and use it in log_error(). + [b1fa2861b575] + + * src/script.c, src/sudo.h, src/term.c: + Do not need the opost flag to term_copy() now that we use pipes for + stdout/stderr when they are not a tty. + [f42811f70a19] + + * src/script.c: + Use pipes to the sudo process if stdout or stderr is not a tty. + Still needs some polishing and a decision as to whether it is + desirable to add additonal entry points for logging + stdout/stderr/stdin when they are not ttys. That would allow a + replay program to keep things separate and to know whether the + terminal needs to be in raw mode at replay time. + [1a945e0ab2da] + +2010-04-30 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, + src/audit.c, src/bsm_audit.c, src/bsm_audit.h: + Move audit sources into the sudoers plugin dir; the driver does not + use them. + [50ec36422cd0] + + * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c, + compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c, + plugins/sudoers/boottime.c, plugins/sudoers/getdate.c, + plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c, + src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c, + src/term.c, src/ttysize.c: + Use angle brackets when including headers that can only be found + when an -I flag is specified. The files in the compat dir could get + away with double quotes here but I've converted all the source files + to use angle brackets for consistency. + [9e30a8fc6d4b] + + * plugins/sudoers/Makefile.in: + Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat + dir can be found when building outside the source tree. + [1150934b79dd] + + * plugins/sudoers/Makefile.in: + Clean up links in distclean + [78595028be8b] + + * plugins/sudoers/Makefile.in: + Hack around VPATH semantic differences by symlinking files we need + from ../../src into the current directory and build those. A better + fix would be to either make a .a or .la file with those files in it + or simply use a single, flat, Makefile instead of per-subdirs + Makefiles. + [892c332d3f05] + + * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c: + fmt_string is used by the sudoers plugin too so do not include + sudo.h (which is not really needed here anyway) + [231c35e3941f] + + * compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Fix building with non-BSD versions of make such as GNU make. + Requires VPATH support, which should be in any non-neolithic make. + [dc174f135919] + + * configure, configure.in, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c, + src/Makefile.in: + Re-enable bsm audit. Currently auditing is done within the sudoers + plugin itself. If possible, this should really be done in the main + driver but we don't presently have the needed data to do that. This + will be re-evaluated when Linux audit support is added. + [1d05a3236bfe] + + * compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Remove extraneous $srcdir and use more .c.lo and .c.o rules instead + of explicit rules in the dependency. + [88f80efd25f0] + + * plugins/sudoers/visudo.c: + Fix mismerge; alias_remove_recursive() now returns int + [6257a4849641] + +2010-04-29 Todd C. Miller + + * plugins/sudoers/visudo.c: + Fix a crash when checking a sudoers file that has aliases that + reference themselves. Based on a diff from David Wood. + [545d194484a7] + + * src/script.c: + Print signal info after restoring the tty mode, not before. + [a68618e67435] + + * src/script.c: + Defer call to alarm() until after we fork the child. Pass correct + pid to terminate_child() If the command exits due to signal, set + alive to false like we do when it exits normally. Add missing + check for errpipe[0] != -1 before using it in FD_ISSET + [22f0a1549391] + +2010-04-28 Todd C. Miller + + * plugins/sudoers/boottime.c: + Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h + [0e627170c6e8] + +2010-04-27 Todd C. Miller + + * src/Makefile.in: + Simplify dependencies by using .c.o and .c.lo rules. + [6abcaef5d1ac] + + * configure, configure.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Substitute in @PROGS@ into src/Makefile to add sesh + [cc46d3b6208f] + +2010-04-26 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Add back calls to log_denial() if sudoers does not allow the + command. + [9783316207f0] + + * plugins/sudoers/sudoers.c: + Pass in correct pwflag for list and validate. + [973dd56d4b81] + + * plugins/sudoers/env.c: + Add missing check for NULL in validate_env_vars + [1d6eb6957824] + + * src/Makefile.in: + Add sudo_noexec.la to "all" target, otherwise it only gets built at + install time. + [644a9694d2ef] + + * plugins/sudoers/sudoers.c: + Only set sudo_user.env_vars if the env_add list is empty. + [fccdf6f0e0e2] + + * plugins/sudoers/sudoers.c: + Set sudo_user.env_vars so that environment variables specified on + the command line get logged correctly. + [9b51012c491e] + + * plugins/sudoers/env.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Re-enable environment files and setting environment variables on the + command line. + [5662d5645dbd] + +2010-04-24 Todd C. Miller + + * plugins/sudoers/check.c: + Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime() + a pointer to time_t as tv_sec in struct timeval may be long. + [4de0c46e788e] + + * plugins/sudoers/check.c: + Don't stash ctime in on-disk tty ticket info for now; on many + (most?) systems the ctime is updated when the tty is written to. + Once I have a better idea of what systems do not update ctime on + ttys (and have a way to test for this) the ctime stash will be + conditionally re-enabled. + [a90eeec0f648] + +2010-04-23 Todd C. Miller + + * MANIFEST, Makefile.in: + Add back "dist" target, this time using a MANIFEST file + [29277c05499f] + + * Makefile.in: + Remove Makefile in distclean target + [83d695f4f450] + + * Makefile.in, src/Makefile.in: + Update clean and cleandir targets + [ad7b2afeb9c1] + + * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c, + src/sudo.h: + Move fileops.c defines and prototypes to filesops.h + [4545e9b6892d] + + * plugins/sudoers/check.c: + Lock the tty timestamp when writing. We shouldn't have to lock when + reading since the file is updated via a single write system call. + [0c7276f02696] + +2010-04-22 Todd C. Miller + + * plugins/sudoers/alias.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c, + plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/nonunix.h, plugins/sudoers/parse.c, + plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c: + Convert to ANSI C function declarations + [9c45def57cf7] + + * plugins/sudoers/sudoers.h: + Remove extraneous bits and classify by source file. + [e8ea9f109ebb] + + * include/compat.h: + Add timercmp macro for systems without it + [d3bf87b1d08e] + + * plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/sudoers.h: + get_boottime() now fills in a timeval struct + [3573c3f44e11] + + * plugins/sudoers/check.c: + Store info from stat(2)ing the tty in the tty ticket when tty + tickets are in use. On most systems, this closes the loophole + whereby a user can log out of a tty, log back in and still have the + timestamp be valid. + [53380f9f5242] + + * config.h.in, configure.in: + Add timespec2timeval and use it when getting ctime/mtime + [4cb7f7caec2c] + +2010-04-20 Todd C. Miller + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Convert perm setting to push/pop model; still needs some work Use + the stashed runas groups instead of using getgrouplist() Reset perms + to the initial value on error + [09c072ebde8b] + + * config.h.in, configure.in: + fix ctim_get and mtim_get macros + [58773dc1e360] + + * config.h.in, configure, configure.in, include/compat.h, + plugins/sudoers/check.c, plugins/sudoers/gettime.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c: + Use timeval directly instead of converting to timespec when dealing + with file times and time of day. + [a0ce1ae00a67] + + * plugins/sudoers/Makefile.in: + Don't like sudoreplay with libsudoers.la due to a yacc symbol + conflict. + [f1a59cc63a15] + +2010-04-18 Todd C. Miller + + * configure, configure.in: + Darwin >= 9.x has real setreuid(2) + [7ec942a64275] + +2010-04-17 Todd C. Miller + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: + Ansify env.c + [f58551bad10a] + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Remove remaining references to the environ pointer. + [96faa530816a] + +2010-04-16 Todd C. Miller + + * config.h.in, configure, configure.in, plugins/sudoers/env.c: + Don't change the environ directly in the sudoers plugin + [6db48ed3f7e0] + +2010-04-15 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Fix typo + [4aa452b07f8f] + + * plugins/sudoers/alias.c: + Fix use after free in error message when a duplicate alias exists. + [ce1d2812ee34] + +2010-04-14 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + src/parse_args.c: + Add a "noninteractive" boolean to the settings passed in to the + plugin's open function that is set when the user specifies the -n + flag. + [68f8d9d6d4d0] + + * config.h.in, configure, configure.in, plugins/sudoers/env.c: + Add workaround for the lack of the environ pointer on Mac OS X in + dlopen()ed modules. Use of environ in the sudoers plugin should + ultimately be removed but this will do for the moment. + [80c61647434f] + + * plugins/sudoers/visudo.c: + Set errorfile to the sudoers path if we set parse_error manually. + This prevents a NULL dereference in printf() when checking a sudoers + file in strict mode when alias errors are present. + [45e249ca99f7] + + * plugins/sudoers/sudoers.c: + Main sudo no longer print "unable to execute" on exec failure so do + it here. + [50aaf62b43b5] + +2010-04-13 Todd C. Miller + + * src/script.c: + Use a pipe to pass back errno to the parent if execve() fails. If we + get an error in script_child(), kill the command and exit. + [dc3bf870f91b] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + src/parse_args.c, src/sudo.c: + Handle plugin's open function returning -2 (usage error). + [aadf900c1de8] + + * src/script.c: + If execve() fails, leave it to the plugin to print an error string. + [e25748f2d5b9] + + * src/script.c: + If execve fails in logging mode, pass the errno directly to the + grandparent on the backchannel and exit. The immediate parent will + get SIGCHLD and try to report that status but its parent will no + longer be listening. It would probably be cleaner to pass this over + a pipe in script_child(). + [cb122acc81a8] + + * plugins/sudoers/sudoers.c: + Don't override rval with results of check_user() unless it failed. + [46fb7e87ac7d] + +2010-04-12 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Fix typo + [ccd0b693f3da] -1999-11-08 19:00 millert + * src/parse_args.c: + NULL-terminate env_add + [2c534368a0c3] - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Mention what - characters need to be escaped in names. +2010-04-11 Todd C. Miller -1999-11-08 18:59 millert + * src/sudo.c: + Call the I/O log open function before the I/O version function. + [e88bf898990b] + + * plugins/sudoers/iolog.c: + Remove io_conv and just use sudo_conv + [a280052468eb] + + * plugins/sudoers/set_perms.c: + Fix set/restore perms for systems w/o setresuid + [4160517f6666] + +2010-04-10 Todd C. Miller + + * plugins/sudoers/check.c, plugins/sudoers/logging.c, + plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Primitive set/restore permissions. Will be replaced by a push/pop + model. + [aae102290866] + + * src/script.c: + Only need to take action on SIGCHLD in parent if no I/O logger. If + there is an I/O logger we will receive ECONNRESET or EPIPE when we + try to read from the socketpair. + [e1e4560401f6] - * configure: regen +2010-04-09 Todd C. Miller -1999-11-08 18:59 millert + * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.pod, plugins/sudoers/find_path.c: + Merge fb4d571495fa from the 1.7 branch to trunk. + [c8fb424ad4d2] + +2010-04-08 Todd C. Miller + + * src/script.c: + Don't set SA_RESTART when registering SIGALRM handler. Do set + SA_RESTART when registering SIGWINCH handler. + [173472b76525] + + * doc/Makefile.in: + Add dev targets for *.man.in and *.cat that don't specfify the + $(srcdir) prefix. + [b62f425da2e4] + + * src/script.c: + If log_input or log_output returns false, terminate the command. + [074f4c0c34a0] + + * src/script.c: + Better signal handling. Instead of using a single variable to store + the received signal, use an array so we can't lose a signal when + multiple are sent. Fix process termination by SIGALRM in non-I/O + logger mode. Fix relaying terminal signals to the child in non-I/O + logger mode. + [7a4723aca99d] + + * src/script.c: + Fix a race between when we get the child pid in the parent and when + the child process exits. The problem exhibited as a hang after a + short-lived process, e.g. "sudo id" when no IO logger was enabled. + [80bcc0aca70b] - * INSTALL: clarify Mac OS X entry +2010-04-07 Todd C. Miller -1999-11-08 18:59 millert + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Add a note about the security implications of the fast_glob option. + [c37a92ab7c93] - * RUNSON: update +2010-04-06 Todd C. Miller -1999-11-08 17:45 millert + * config.h.in, configure, configure.in: + Fix up some AC_DEFINE descriptions and regen config.h.in + [f4655adc0db3] - * configure.in: o Use AC_MSG_ERROR throughout o Check syslog - configure options for danity +2010-04-05 Todd C. Miller -1999-11-05 17:11 millert + * include/missing.h: + No longer check for strdup or strndup for LIBOBJ replacement. + [fdc764ee8109] - * defaults.c: Fix printing of type T_MODE in dump_defaults() + * src/script.c: + Avoid installing signal handlers that are io-logger specific. Fixes + job control when no io logger is enabled. + [0853dd0906d4] -1999-11-05 12:00 millert + * doc/Makefile.in: + Only regen man pages from pod when configured with --with-devel + [ab1995f8103d] - * strcasecmp.c: missing sys/types.h +2010-04-04 Todd C. Miller -1999-11-05 00:42 millert + * Makefile, Makefile.in, configure, configure.in: + Top-level Makefile.in. Nothing is currently substituted but this is + needed for separate build dirs. + [e80873cbd201] - * INSTALL: Break out options that may be overridden at run time - into their own section. Add a not about Max OS X and correct - some lies. + * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Fix out-of-tree builds + [59a35bef07b8] -1999-11-04 14:01 millert + * Merge + [386b848047e9] - * CHANGES, config.h.in, configure, configure.in, sudo.c: o Now use - getrlimit to find the highest fd when closing all non-std fd's o - Turn off core dumps via setrlimit for the sake of paranoia + * doc/Makefile.in: + We always install sudoreplay in 1.8 + [ce52ba6617c9] -1999-11-04 13:57 millert +2010-04-03 Todd C. Miller - * RUNSON: updates + * compat/siglist.in: + SIGPOLL is sometimes the same as SIGIO (like on HP-UX) + [6d69e1b05faf] -1999-11-01 10:59 millert +2010-04-02 Todd C. Miller - * CHANGES: updates + * configure, configure.in: + No need to provide strdup() or strndup(), sudo uses estrdup() and + estrndup() + [57ec23b72958] -1999-11-01 10:58 millert +2010-04-04 Todd C. Miller - * tgetpass.c: When read()'ing, do a single character at a time to - be sure we don't go oast the newline. + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Free str after using it in the version method. Use sudo_conv, not + io_conv since we don't have the IO conversation function pointer in + the I/O version method anymore now that io_open is delayed. + [f2ed132adeb0] -1999-11-01 10:43 millert +2010-04-02 Todd C. Miller - * sudo.c: For the sudo_root option, check against user_uid, not - getuid() since at this point, ruid == euid == 0. + * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h, + compat/siglist.in: + Add license to mksiglist.c and note that the bits from pdksh are + public domain + [d8121a2467e8] -1999-10-31 23:14 millert + * compat/Makefile.in: + Fix LIBOBJDIR vs. srcdir wrt the siglist bits + [164160148421] - * RUNSON: some updates + * plugins/sudoers/Makefile.in: + Add sudoreplay testsudoers and visudo to clean target + [138a17e51c0c] -1999-10-31 23:14 millert + * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h, + compat/siglist.in, compat/strsignal.c, configure, configure.in, + include/missing.h, src/script.c: + Create our own sys_siglist for systems without it for use by + strsignal() + [2e5da011ebc3] - * logging.h: Fix compilation problem when --with-logging=file was - specified. This means that syslog is now required to build sudo - but that should not be a problem. If it is it can be fixed - trivially with a configure check for syslog() or syslog.h. + * compat/Makefile.in: + Remove duplicate $(LIBOBJDIR) + [adf9abc9432f] -1999-10-31 23:00 millert +2010-04-01 Todd C. Miller - * tgetpass.c: Make this work again for things like "sudo echo hi | - more" where the tty gets put into character at a time mode. We - read until we read end of line or we run out of space (similar to - fgets(3)). + * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c: + Main sudo should not block signals; the plugin should do this in + check_policy. + [3f3736a7c5ed] -1999-10-20 11:23 millert +2010-03-31 Todd C. Miller - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: change ital - to bold + * src/script.c: + Fix a sizeof(ptr) vs. sizeof(*ptr) + [aa1bcf5afcce] -1999-10-20 11:23 millert + * src/script.c: + Unlike most operating systems, HP-UX select() is not interrupted by + SIGCHLD when the signal is registered with SA_RESTART. If we clear + SA_RESTART when calling sigaction() for SIGCHLD we get the expected + behavior and the code in the select() loops already handles EINTR + correctly. + [9eba0115e35a] - * RUNSON: update + * compat/getprogname.c: + progname should be const + [130228f062b7] + + * plugins/sudoers/Makefile.in: + Move --tag=disable-static to when we link sudoers.la, not when we + install. + [ceb5e6c3b78b] -1999-10-16 13:56 millert + * src/load_plugins.c: + Load the sudoers I/O plugin by default too now that it is hooked up. + [ea38befd0742] + +2010-03-30 Todd C. Miller + + * src/pty.c: + It looks like AIX doesn't need to push STREAMS modules for ptys. + [22da618ba0a1] + +2010-03-28 Todd C. Miller + + * src/parse_args.c, src/sudo.c: + Delay calling the I/O plugin open function until the policy plugin + returns success. + [f3297c325b48] + +2010-03-27 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add back io logging (transcript) support. Currently, the open + function runs too early and it is not possible to use the io module + independently of the policy module. + [9bd932f66226] + + * plugins/sudoers/set_perms.c: + Comment out dead code; will be removed when set_perms is rewritten. + [af7a995284f8] + +2010-03-23 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Fix off by one error when allocating user_groups. + [6281fcf9c3bb] + +2010-03-22 Todd C. Miller + + * configure, configure.in, plugins/sudoers/Makefile.in: + Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris. + [fbce3e9eda3a] + + * plugins/sudoers/sudoers.c: + Fix typo in preserve groups case + [1fd72024fb5a] + + * plugins/sudoers/sudoers.c: + In command_info it is "runas_groups" not "groups". + [5c64dce4f285] + + * src/sudo.c: + Fix iteration over runas_groups list. + [b3c45a0cd643] + + * configure, configure.in, plugins/sudoers/env.c, + plugins/sudoers/match.c, src/script.c: + Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch. + [a8108a0776c2] + + * compat/getgrouplist.c: + getgrouplist(3) for those without it + [4ab4d21e3b16] + + * plugins/sudoers/sudoers.c: + Set preserve_groups or groups list in command_info + [1266119ad654] + + * src/sudo.c: + Fix setting of groups list + [e75315e40bd4] + + * config.h.in, configure, configure.in, include/compat.h, + include/missing.h: + Add checks for getgrset and getgrouplist and use replacement + getgrouplist if the system doesn't support it. + [a62b8ba50863] + + * src/parse_args.c: + Pass in preserve_groups when the -P flag is specified as per the + design + [7420c5d15474] + + * plugins/sudoers/sudoers.c: + Check preserve_groups and ignore_ticket args with atobool instead of + assuming they are true if present. + [71c905702697] + +2010-03-21 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/error.c, + plugins/sudoers/plugin_error.c: + Rename plugin-specific error.c to plugin_error.c Wire up visudo, + sudoreplay and testsudoers in the build + [9d581d5fa4d4] + + * src/Makefile.in, src/term.c: + term.c does not needto include sudo.h + [f6683cdcd2dd] + + * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.pod: + Document the -2 return in the check_policy section too + [e9cb4c34bbcf] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/parse_args.c, src/sudo.c, src/sudo.h: + Fix the -s and -i flags and add support for the "implied_shell" + option. If the user does not specify a command, sudo will now pass + in the path to the user's shell and set impied_shell=true. The + plugin can them either check the command normally or return -2 to + cause sudo to print a usage message and exit. + [bf889c38f229] + +2010-03-19 Todd C. Miller + + * config.h.in, configure, configure.in, src/load_plugins.c: + Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for + Darwin where libraries end in .dylib but modules end in .so + [2c56aaa38e21] + + * plugins/sudoers/parse.c: + Better prefix determination now that we can't rely on len==0 to tell + the beginning on an entry. + [622bf18179e9] + + * plugins/sudoers/ldap.c: + display_bound_defaults() stub should return 0, not 1 since it is a + count, not a boolean. + [0327a6c3d55d] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document progname in settings + [42031d56a2e3] + + * compat/getprogname.c, include/compat.h, + plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, + src/parse_args.c, src/sudo.c: + Rewrite compat/getprogname.c and add setprogname(). The progname is + now passed to the plugin via the settings array. + [25d8663e6006] + + * configure, configure.in, plugins/sudoers/Makefile.in: + Fix --with-ldap + [b64b633f426d] + + * plugins/sudoers/sudo_nss.c: + Add missing whitespace for Runas and Command-specific defaults + [65f4ddf5545e] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sudo_nss.c: + Use embedded newlines in lbuf instead of multiple calls to + lbuf_print. + [eed3af9cc3e1] + + * src/lbuf.c: + Add support for embedded newlines. + [e11f79b18deb] + +2010-03-18 Todd C. Miller + + * compat/getprogname.c: + If system doesn't support getprogname or __programe and we are + building a shared object don't bother with Argc/Argv, just return + "sudo" + [aebde9062be7] + + * config.h.in, configure, configure.in, src/load_plugins.c: + Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool + appears to always install a shared object with the .so suffix. + [f9bbd0c0e9d3] + + * compat/Makefile.in, configure, configure.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Play more nicely with libtool and let it build libreplace (was + libmissing) for us. + [a4c6ebb2495c] + + * include/missing.h: + Include stdarg.h for va_list rather than requiring all consumers of + missing.h to include stdarg.h themselves. + [37382df948de] + + * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c, + src/parse_args.c: + Pass in output function to lbuf_init() instead of writing to stdout. + A side effect is that the usage info can now go to stderr as it + should. + [6d261261a072] + +2010-03-17 Todd C. Miller + + * include/lbuf.h, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c, + src/parse_args.c, src/sudo.c: + Use number of tty columns that is passed in user_info instead of + getting it directly in the lbuf code. + [8a16635c2638] + + * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/interfaces.h, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/match.c, + plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/visudo.c: + Kill __P in sudoers + [63601e6cb171] + + * config.h.in, configure, configure.in, src/load_plugins.c: + Set the sudoers plugin name in configure so we get the extension + right. + [edad89924cd1] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document lines/cols in user_info + [a808872394f3] + + * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c: + Add tty size to user info + [23f3d27e77a7] + + * src/script.c: + Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ + [a2208dd09051] + +2010-03-16 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error + out if we fail to lookup the user's name that is passed in + [e4e3728ed482] + + * plugins/sudoers/error.c: + Pass the error value back via siglongjmp. + [667b8ad575ce] + + * plugins/sudoers/check.c: + Use conversation function for lecture. + [1ab4719f509b] + + * plugins/sudoers/check.c: + Don't update ticket file if verify_user returns FALSE. + [2bbc46a39a2b] + +2010-03-15 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c: + Wire up invalidate and validate methods for sudoers + [c0630c7bca47] + + * plugins/sudoers/check.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add support for -k flag with a command. + [edad239b098b] + + * src/parse_args.c: + Allow -k to be specified with a command. + [43a45add9974] + + * plugins/sudoers/sudoers.c: + Wire up policy_list + [27cc35699eca] + + * plugins/sudoers/error.c: + Add newline at the end of message and space after the colon in + warning message + [5a591aa8e744] + + * plugins/sudoers/auth/sudo_auth.c: + Add missing newline after pass password warning + [337dba3870a7] + + * plugins/sudoers/sudoers.c: + Set user_groups and user_ngroups based on user_info + [61bee85128c8] + + * plugins/sudoers/error.c: + Make this compile + [7041c441e1c8] + + * plugins/sudoers/error.c, plugins/sudoers/sudoers.c: + Make _warning in error.c use the conversation function and remove + commented out warning/warningx in sudoers.c. + [7c9b09024b63] + + * plugins/sudoers/logging.c: + Use siglongjmp() in log_error for fatal errors + [b50e26f1c73f] + + * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in: + Quiet a libtool warning + [b2331fb006bc] + + * Makefile: + Build sudoers plugin + [5cdf06e66978] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Use warningx in yyerror() so the conversation function gets used + when built as part of sudoers. + [85f964215eef] + +2010-03-14 Todd C. Miller + + * plugins/sudoers/auth/pam.c: + Rename sudo_conv to conversation to avoid a namespace conflict. + [1ad359d36be9] + + * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/error.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c: + Initial bits of sudoers plugin; still needs work. + [af2a2c59a952] + + * config.h.in: + Add HAVE_STRDUP and HAVE_STRNDUP + [50a3c0dd510f] + + * compat/Makefile.in, configure, configure.in: + Build libmissing in two flavors (one PIC one non-PIC) and link with + the appropriate one. + [b62f411a4c18] + + * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c, + compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in: + Build libmissing in two flavors (one PIC one non-PIC) and link with + the appropriate one. + [e1e04972b5fe] + +2010-03-13 Todd C. Miller + + * include/missing.h: + Add strdup and strndup and fix strsignal + [c159babe2896] + +2010-03-12 Todd C. Miller + + * compat/strdup.c, compat/strndup.c, configure, configure.in, + plugins/sample/Makefile.in, src/Makefile.in: + Add strdup and strndup to compat + [25c9fd399a4d] + + * plugins/sample/sample_plugin.c: + Need to include compat.h before missing.h + [c94f7aad380f] + + * compat/strsignal.c: + Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if + it doesn't exist configure will set it to 0. + [384580566389] + + * compat/glob.c: + Fix botched ANSI C coversion of globexp2() + [4a344b8cbe49] + + * configure, configure.in: + Remove redundant getgroups check + [0b16ec210c81] + + * configure, configure.in, src/lbuf.c, src/script.c, src/term.c: + Require either termios or termio, no more sgtty. + [9b2fa2f17a1c] + + * compat/strsignal.c, config.h.in, configure, configure.in: + Change the sys_siglist check to use AC_CHECK_DECLS and also check + for _sys_siglist and__sys_siglist + [2e078fed2408] + +2010-03-11 Todd C. Miller + + * configure, configure.in, src/Makefile.in: + Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now + use SUDO_OBJS for the main driver as part of OBJS. + [9ae4a80a5ade] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Mention in the conversation function section that a newline is not + implicit. + [04a233b6c491] + + * include/compat.h: + Add definition of WCOREDUMP for systems without it. This is known + to work on AIX and SunOS 4, but may be incorrect on other systems + that lack WCOREDUMP. + [c85b3ce6b77d] - * defaults.c: Error out if syslog parameters are given without a - value. For Ultrix or 4.2BSD "syslog" is allowed without a value - since there are no facilities in the 4.2BSD syslog. +2010-03-09 Todd C. Miller -1999-10-15 16:37 millert + * plugins/sample/sample_plugin.c, src/conversation.c: + conversation function no longer puts a newline at the end of info or + error messages. + [c534cae1ac4a] - * defaults.c: Ignore the syslog facility for systems w/ old syslog - like Ultrix. +2010-03-07 Todd C. Miller -1999-10-15 12:51 millert + * src/script.c: + Use parent process group id instead of parent process id when + checking foreground status and suspending parent. Fixes an issue + when running commands under /usr/bin/time and others. + [564f528c3bb7] - * TROUBLESHOOTING: people with "." early in their path can have - problems running sudo from the build dir ;-) +2010-03-06 Todd C. Miller -1999-10-13 00:18 millert + * aclocal.m4: + transcript option is now --with not --enable + [0646fac4cf93] - * sudo.man, sudo.pod, sudo.cat, sudo.html: Remove -r realm option + * plugins/sample/sample_plugin.c: + Add support to -u and -g flags Check fmt_string retval Add timeout + for debugging purposes + [cfefa4fa60b5] -1999-10-12 22:34 millert + * src/script.c, src/sudo.c: + Wire up SIGALRM handler Set close on exec flag for child side of the + socketpair Fix signal handling when not doing I/O logging + [379581ec7272] - * configure, configure.in, sudo.c, auth/kerb5.c, auth/sudo_auth.c, - auth/sudo_auth.h: New krb5 code from Frank Cusack - . + * src/sudo.c: + g/c unused SIGCHLD handler + [0afa03912dce] -1999-10-12 22:33 millert + * src/fmt_string.c, src/parse_args.c, src/sudo.c: + Don't use emalloc() in fmt_string(); we want to be able to use it + from a plugin. + [ade64d368147] - * CHANGES: update to reality + * include/list.h: + tq_remove not list_remove + [0e0e1fd5c31c] -1999-10-11 20:53 millert + * configure, configure.in: + AUTH_OBJS should contain .lo files not .o files. + [c64c82c9d5a2] - * auth/fwtk.c: include to get function prototypes. +2010-03-05 Todd C. Miller + + * src/parse_args.c: + Simplify conversion of command line args to name=value pairs. + [75ab127c6a94] + + * plugins/sample/sample_plugin.c: + Handle NULL reply from conversation function + [6ce09b6cb204] + + * compat/getline.c: + Don't depend on emalloc/erealloc + [73df09e2109f] + + * plugins/sample/Makefile.in: + Use $(OBJS) instead of sample_plugin.lo + [2d995db9aa99] + + * plugins/sample/sample_plugin.c: + runas_user is in settings not user_info + [7ee12068bc57] + + * src/parse_args.c: + Fix a mismatch between sudo_settings and settings_pairs that causes + some settings to get the wrong values. + [b1bc6d81a65f] + +2010-03-04 Todd C. Miller + + * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c, + src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c, + src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c: + Convert to ANSI C + [d03b6e4a3b75] + + * src/load_plugins.c: + Fix strlcpy() return value check. + [7cd66999a374] + + * INSTALL, configure, configure.in: + No longer need to substitute in script.o and pty.o; I/O logging + support is always built. + [45250024c5dc] + +2010-02-28 Todd C. Miller + + * src/script.c: + Add fallback to /bin/sh when execve() fails with ENOEXEC. + [7684a15a1352] + + * include/alloc.h, src/alloc.c: + Add estrndup() + [47621c83bed9] + +2010-02-27 Todd C. Miller + + * src/script.c, src/sudo.c: + Refactor script_execve() a bit so that it can be used in non-script + mode. Needs more cleanup. + [f09e022d547c] + + * src/sudo.c: + Ignore empty entries in command_info list + [1eea9a8de21c] + + * include/list.h, src/list.c: + Add tq_remove + [40908a617cb2] + + * src/conversation.c: + Pass timeout to tgetpass() + [9e66c918b771] + + * Makefile: + Add ChangeLog target + [da4a39150838] + + * README, WHATSNEW: + Bump version and update things slightly for sudo 1.8.0 + [4b73cc45e2d4] + + * configure, configure.in: + Sudo now requires an ANSI/ISO C compiler + [1e51f72e6964] + + * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c, + src/sudo_noexec.c: + Convert to ANSI C + [5cbd315dbde8] + + * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h, + include/list.h, include/missing.h: + Convert to ANSI C + [3f5016ff64f4] + + * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c, + compat/fnmatch.h, compat/getcwd.c, compat/getline.c, + compat/getprogname.c, compat/glob.c, compat/glob.h, + compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, + compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c, + compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, + compat/strlcpy.c, compat/strsignal.c, compat/utime.h, + compat/utimes.c: + Convert to ANSI C + [0d635c85461c] + +2010-02-24 Todd C. Miller + + * src/sudo.c, src/tgetpass.c: + Make user_details extern so tgetpass can get at the uid and gid. Set + uid/gid to user before executing askpass program. Check environment + for SUDO_ASKPASS and use that if set. TODO: a way for the policy to + set the askpass program itself + [d33606396176] + + * src/sudo.c: + No longer need sudo_usage.h in sudo.c + [063e2946c382] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in, + doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c, + src/sudo_usage.h.in: + Document -D level command line flag which maps to the debug_level + setting. + [61f1e2ab3ac1] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document debug_level in plugin doc. Still need to document the -D + flag in sudo itself. + [8c62daea3e9b] + +2010-02-21 Todd C. Miller + + * plugins/sample/sample_plugin.c: + include missing,h for vasprintf + [92503de49b39] + + * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Rename plugin.pod -> sudo_plugin.pod and wire into Makefile + [14cfb4775238] + + * plugins/sample/sample_plugin.c: + Need to include limits.h + [bda7f74343d2] + + * compat/glob.c: + No more sudo_getpw* + [232e52907634] + + * plugins/sample/Makefile.in, src/Makefile.in: + Add missing compat bits + [4843dd000e08] + + * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in: + compat files should not include sudo.h wire up compat in sample + plugin + [a175b8185e0f] + + * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in: + Fix up compat dependencies. Fix distclean target in doc/Makefile.in + [57e49bc20857] + + * configure, configure.in: + Fix typo + [333655e3d5fe] + + * plugins/sample/sample_plugin.c: + Log input and output to temp files for proof of concept. + [ae1dfc34f7d6] + + * Makefile, configure, configure.in, doc/Makefile.in: + Add doc Makefile.in and wire it up + [6a310443c87d] + + * src/script.c: + Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with + suspending a shell with the "suspend" builtint. + [3d65f182819a] + + * src/script.c: + In child, handle parent side of the pipe going away. + [a29c14d78cd9] + + * src/script.c: + No longer need to check for explicit death of the child (process #2) + since if it dies we will get EPIPE from the socketpair. Fix a + sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to + sudo_debug. + [24c55dd4ff60] + + * src/sudo.c: + Make sudo_debug do a single vfprintf() which will result in a single + write call on most systems. Avoids problems with interleaved debug + printf from different processes. Also remove an extraneous error + case since recv() can't return a short read and add some more XXX. + [b37a8533ef1e] + +2010-02-20 Todd C. Miller + + * src/script.c: + Fix uninitialized variable. + [e012a0a30890] + + * src/Makefile.in: + Fix sudo install target + [1417fa4b4ab9] + + * src/parse_args.c, src/sudo.c, src/sudo.h: + Wire up debug_level + [144fab289c73] + + * src/Makefile.in: + Fix dependencies + [5170940af2ce] + + * configure, configure.in: + Fix setting of plugin dir + [144eda170a72] + + * Makefile: + add clean targets + [d53f6f6f5c3a] + + * src/atobool.c: + Add missing source for sudo front end + [42487de9c489] + + * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c: + Sample plugin demonstrating the sudo plugin API + [f1fd62d7644f] + + * Makefile, configure, configure.in, install-sh, pathnames.h.in, + plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c, + src/fileops.c, src/fmt_string.c, src/load_plugins.c, + src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c, + sudo_usage.h.in: + Modular sudo front-end which loads policy and I/O plugins that do + most the actual work. Currently relies on dynamic loading using + dlopen(). See doc/plugin.pod for the plugin API. + [924f6eb2fbba] + + * doc/plugin.pod, include/sudo_plugin.h: + Sudo plugin API + [374ccbbd24ae] + + * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c, + compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c, + plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/fileops.c, src/sudo_edit.c: + Replace emul/include.h with compat/include.h to match new source + tree layout. + [7eccd10449a1] + + * src/lbuf.c: + Include missing.h for memrchr() proto + [03abd63a8a33] + + * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING, + TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c, + alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c, + auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, + auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, + auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, + auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c, + closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c, + compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c, + compat/getline.c, compat/getprogname.c, compat/glob.c, + compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, + compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c, + compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, + compat/strlcpy.c, compat/strsignal.c, compat/timespec.h, + compat/utime.h, compat/utimes.c, def_data.c, def_data.h, + def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE, + doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod, + doc/license.pod, doc/sample.pam, doc/sample.sudoers, + doc/sample.syslog.conf, doc/schema.ActiveDirectory, + doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat, + doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, + doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h, + emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c, + error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c, + getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c, + gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod, + include/alloc.h, include/compat.h, include/error.h, include/lbuf.h, + include/list.h, include/missing.h, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c, + interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod, + list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h, + mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c, + nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in, + plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp, + plugins/sudoers/alias.c, plugins/sudoers/auth/API, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, + plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h, + plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h, + plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh, + plugins/sudoers/insults.h, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/match.c, plugins/sudoers/mkdefaults, + plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h, + plugins/sudoers/nonunix.h, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c, + plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h, + sample.pam, sample.sudoers, sample.syslog.conf, + schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c, + selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c, + src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h, + src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, + src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c, + src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c, + strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c, + sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c, + sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat, + sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, + sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif, + sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, + term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l, + tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat, + visudo.man.in, visudo.pod, zero_bytes.c: + Rework source layout in preparation for modular sudo. + [7fc1978c6ad5] + +2010-02-13 Todd C. Miller + + * Avoid a duplicate fclose() of the sudoers file. + [5dba851088c1] + + * Fix size arg when realloc()ing include stack. From Daniel Kopecek + [0a2935061e33] + + * Use setrlimit64(), if available, instead of setrlimit() when setting + AIX resource limits since rlim_t is 32bits. + [353db89bac61] + + * Fix use after free when sending error messages. From Timo Juhani + Lindfors + [e50dbd902382] + + * ChangeLog, Makefile.in: + Generate the ChangeLog as part of "make dist" instead of having it + in the repo. + [251b70964673] + +2010-01-17 Todd C. Miller + + * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h, + auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, + auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, + auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, + closefrom.c, compat.h, configure.in, defaults.c, defaults.h, + emul/charclass.h, emul/timespec.h, env.c, error.c, error.h, + fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c, + gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h, + isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c, + logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c, + mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in, + pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers, + sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c, + sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, + strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, + sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in, + sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod, + sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod, + term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l, + utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c: + Remove CVS $Sudo$ tags. + [de683a8b31f5] + +2010-01-18 convert-repo + + * .hgtags: + update tags + [9b7aa44ae436] + +2009-12-26 Todd C. Miller + + * sudo_usage.h.in: + make this match sudoers SYNOPSIS + [c74ba66944c2] + + * lbuf.c, parse.c: + Print a newline between Runas and Command-specific defaults in sudo + -l. + [b5bdfcc9ce4b] + + * term.c: + Use SET and CLR macros in term_raw + [50ca42609d6c] + + * sudoreplay.c: + Set stdin to non-blocking mode early instead of in check_input. Use + term_raw instead of term_cbreak since the data we get has already + been expanded via OPOST. + [51c47e803d62] + +2009-12-23 Todd C. Miller + + * script.c, term.c: + Enable/disable all postprocessing instead of just nl->crnl + processing since things like tab expansion matter too. However, if + stdout is a tty leave postprocessing on in the pty since we run into + problems doing it only on the real stdout with .e.g nvi. + [62666e309673] + +2009-12-19 Todd C. Miller + + * check.c: + If tty_tickets is enabled and there is no tty, prompt for a + password. Do not lecture user for "sudo -k command" if user has a + timestamp. + [5880200c5f6b] + + * INSTALL: + Document missing options: --with-efence and --with-bsm-audit + [d83afcdf9ff3] + + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod, + sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat, + visudo.man.in, visudo.pod: + username -> user name groupname -> group name hostname -> host name + [10c85646f45d] + + * INSTALL, README.LDAP, sudoers.pod: + filename -> file name like the rest of the docs + [1ef8ab5a9018] + +2009-12-17 Todd C. Miller + + * parse.c: + Fix printing of entries with multiple host entries on a single line. + [226ceaf91d8d] + +2009-12-14 Todd C. Miller + + * sudoers.pod: + Mention that targetpw affects the timestamp file name. + [a26e22e4f72e] + + * def_data.c, def_data.h, def_data.in, defaults.c, script.c, + sudoers.pod: + Add compress_transcript option. + [6e94f8cb9dfb] + +2009-12-13 Todd C. Miller + + * configure, configure.in: + bump to 1.7.3b2 + [906d7e347d15] + + * pwutil.c, set_perms.c, sudo.c, sudo_nss.c: + Better split of membership vs. traditional group check in + user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails. + [6ebc55d4716b] -1999-10-11 20:05 millert +2009-12-12 Todd C. Miller - * sudo.cat, sudo.html, sudo.man, sudo.pod: document -L flag + * pwutil.c: + Fix pasto and add default return value. + [7973b5e4599c] -1999-10-11 19:42 millert + * check.c, match.c, pwutil.c, sudo.h: + refactor group member checking into user_in_group() + [48ca8c2eddf8] - * sudo.c: in set_perms(), always call setuid(0) before changing the - ruid/euid so we always know it will succeed. + * check.c, config.h.in, configure, configure.in, match.c, sudo.c, + sudo.h: + Add support for mbr_check_membership() as present in darwin. + [5501aed02b9f] -1999-10-11 12:24 millert +2009-12-10 Todd C. Miller - * defaults.h: #undef T_FOO to avoid conflicts with system defines - (like on ULTRIX). + * match.c: + Rename label to be accurate + [3af17dd960f7] -1999-10-11 11:55 millert + * Makefile.in, boottime.c, check.c, config.h.in, configure, + configure.in, sudo.h: + Treat timestamp files from before we booted as old. Idea from and + Apple patch. + [5c96e484c05a] + +2009-12-09 Todd C. Miller - * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man, - sudoers.pod: Docuement "Defaults" lines in /etc/sudoers. Still - needs some fleshing out but this is a start. + * sudo.c, sudo.pod, sudo_usage.h.in: + Allow the -u flag to be used in conjunction with the -v flag as per + older versions of sudo. + [591e9fc13c1a] -1999-10-10 17:21 millert + * logging.c: + fix typo in last commit + [4fd0c692dcf0] - * defaults.c: use strtol, not strtoul since not everyone has not - strtoul +2009-12-08 Todd C. Miller -1999-10-10 15:01 millert + * logging.c: + Convert fmt_first and fmt_confd into macros. + [32e870158b29] - * lex.yy.c, parse.lex: last {WORD} rule should only apply in the - INITIAL state + * sudoers.pod: + timeouts can be floats now + [89de639a9679] -1999-10-10 14:38 millert + * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c, + defaults.h, mkdefaults: + Add support for floating point timeout values (e.g. 2.5 minutes). + [210ffa291733] - * lex.yy.c, parse.lex: o Add support for escaped characters in the - WORD macro o Modify fill() to squash escape chars +2009-12-07 Todd C. Miller -1999-10-10 13:56 millert + * sudo.pod: + The -L flag will be removed in sudo 1.7.4 + [ffd026084333] - * defaults.c, defaults.h: o Add T_PATH flag to allow simple sanity - checks for default values that are supposed to be pathnames. o - Fix a duplicate free when visudo finds an error. +2009-12-06 Todd C. Miller -1999-10-09 01:01 millert + * sudoreplay.c: + Fix a bug due to order of operators. + [938d34464283] - * defaults.c, defaults.h, logging.c: mail_if_foo -> mail_foo +2009-11-23 Todd C. Miller -1999-10-07 21:12 millert + * match.c: + cmnd_matches() already deals with negation so _cmndlist_matches() + does not need to do so itself. Fixes a bug with negated entries in + a Cmnd_List. + [71c845f6ce73] - * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c: o Add - requiretty option o Move O_NOCTTY to compat.h +2009-11-22 Todd C. Miller -1999-10-07 21:12 millert + * sudo.c: + Don't exit() from open_sudoers, just return NULL for all errors. + [8cfa832f972a] - * logging.c: The exit() in log_error() was mistakenly removed in a - previous version. Put it back... + * script.c: + Can't rely on the shell sending us SIGCONT when transitioning from + backgroup to foreground process. + [3c6c5b6cb4b3] -1999-10-07 17:20 millert + * toke.c, toke.l: + Add missing extern def for parse_error + [45b7b59d03b7] - * INSTALL, TODO, check.c, config.h.in, configure, configure.in, - defaults.c, defaults.h, find_path.c, getspwuid.c, lex.yy.c, - logging.c, parse.yacc, sudo.c, auth/aix_auth.c, auth/fwtk.c, - auth/pam.c, auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c: o - Change defaults stuff to put the value right in the struct. o - Implement mailer_flags o Store syslog stuff both in int and - string form. Setting the string form magically updates the int - version. o Add boolean attribute to strings where it makes sense - to say !foo +2009-11-21 Todd C. Miller -1999-10-07 17:13 millert + * toke.c, toke.l: + Avoid a parse error when #includedir doesn't find any files. Closes + bug #375 + [1ce1b850e9e6] - * tgetpass.c: add O_NOCTTY when opening /dev/tty just in case + * Makefile.in: + Include sudo.man.pl and sudoers.man.pl in the distribution tarball. + [6a22e32da108] -1999-10-06 00:48 millert +2009-11-15 Todd C. Miller - * auth/API: cleanup function no longer takes a status arg + * script.c: + Start command out in foreground mode if stdout is a tty. Works + around issues with some curses-based programs that don't handle + tcsetattr getting interrupted by a signal. Still allows us to avoid + hogging the tty if the command is part of a pipeline. + [1c32f2b94769] -1999-10-06 00:48 millert + * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c: + Use a socketpair to pass signals from parent to child. Child will + now pass command status change info back via the socketpair. This + allows the parent to distinguish between signals it has been sent + directly and signals the command has received. It also means the + parent can once again print the signal notifications to the tty so + all writes to the pty master occur in the parent. The command is + now always started in background mode with tty signals handled by + the parent. + [c6790b82986d] - * INSTALL: the the +2009-11-04 Todd C. Miller -1999-09-15 05:15 millert + * configure, configure.in: + Fix a few typos in the descriptions; from Jeff Makey Only do the + check for krb5_get_init_creds_opt_free() taking two arguments if we + find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false + positive when using our own krb5_get_init_creds_opt_free which takes + only a single argument. + [845a9ff6f93d] - * TODO, config.h.in, configure, configure.in, logging.c: Use - strftime() instead of ctime() if it is available. +2009-11-03 Todd C. Miller -1999-09-14 12:58 millert + * configure, configure.in: + Remove a spurious comma in the kerb5 bits. + [3433eab083db] - * defaults.c: fix copyright date + * auth/kerb5.c: + Call krb5_get_init_creds_opt_init() in our emulated + krb5_get_init_creds_opt_alloc() for MIT kerberos. + [7ffb40bf43e9] + +2009-11-01 Todd C. Miller + + * config.h.in: + Add HAVE_ZLIB + [9297bde61ecc] + + * script.c: + Need to ignore SIGTT{IN,OU} in child when running the command in the + background. Also some minor cleanup. + [dc208d982319] + +2009-10-31 Todd C. Miller -1999-09-14 12:57 millert + * script.c: + Instead of calling sigsuspend when waiting for SIGUSR[12] from + parent, install the signal handlers w/o SA_RESTART and let them + interrupt waitpid(). + [759c7d18203b] + + * script.c: + Pass along SIGHUP and SIGTERM from parent to child. + [035b0e254568] + + * script.c: + Close unused bits of script_fds in processes that don't need them. + Restore default SIGCONT handler in child. + [e037378ab0c1] + + * script.c: + Update foreground/background status in SIGCONT handler in parent + process. + [3f7f91333264] + +2009-10-25 Todd C. Miller + + * script.c: + Defer setting terminal into raw mode until just before we fork() and + only do it if sudo is the foreground process. If we get SIGTT{IN,OU} + and sudo is already in the foreground be sure to set raw mode before + continuing the child. + [1102ef40832c] + +2009-10-24 Todd C. Miller + + * script.c: + Fix handling of SIGTTOU/SIGTTIN in program being run. We now only + give the command the controlling tty if the main sudo process is the + foreground process. + [cf3a91cb5682] + + * script.c: + Don't bother with sudo_waitpid() here for now. + [9086de480c2d] + + * script.c: + fix non-zlib case + [a258bff0f9a6] + +2009-10-23 Todd C. Miller + + * script.c: + Remove non-wroking code that crept into rev 1.55 + [2802dd55cff5] + +2009-10-22 Todd C. Miller + + * INSTALL, configure, configure.in, script.c, sudoreplay.c: + First pass at zlib support for transcript data files + [5d10260807da] + + * Makefile.in: + remove vestiges of ZLDFLAGS + [1fa0caf1c0fb] + + * script.c: + Add missing variable declaration for when TIOCSCTTY is not defined. + Need to include sys/termio.h for TIOCSCTTY on some systems. + [ee7f41ac2709] - * RUNSON: update ReliantUNIX entry + * script.c: + when resuming command, send SIGCONT to its pgrp not just pid + [5cd63c1d565b] -1999-09-14 12:56 millert + * selinux.c: + remove unused variable + [df67df4be228] - * defaults.c, defaults.h, logging.c: add log_year option + * script.c: + include selinux.h for is_selinux_enabled() proto + [85ebaa880cc1] -1999-09-14 04:01 millert + * script.c: + Don't use log_error() in the child process. + [def65fe2a433] - * configure, configure.in: add --without-sendmail to help output + * script.c: + Do I/O in parent instead of child since the parent can have both + /dev/tty as well as the pty fds open. The child just sets things up + and waits for its grandchild and writes the signal description to + the pty master if the command was killed by a signal. + [95e473208982] + +2009-10-18 Todd C. Miller + + * missing.h, sudo.h: + Move two struct forward declarations from sudo.h to missing.h + [90ad28294a8c] + + * script.c: + Make comment at the top of script_exec() match reality. + [c5042d27dbe0] + + * sudo.c: + if neither stdin nor stdout is a tty, check stderr + [c532ff20c8d8] + + * Makefile.in: + Add back dependecy of gram.h on gram.y + [c58382b7fcca] + + * script.c: + Make transcript mode work as long as we can figure out our tty, even + if it is not stdin. We'd like to use /dev/tty but that won't be + valid after the setsid(). + [7b8bba8d99e7] + +2009-10-17 Todd C. Miller + + * config.h.in, configure, configure.in, pty.c: + Add support for IRIX-style dynamic ptys + [bedc9bac44c1] + + * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c: + Move alloc.c protos into alloc.h + [b6a90649617d] + + * missing.h: + Move prototypes for missing libc functions to missing.h + [dda9ae1ccaf8] + + * Makefile.in, sudo.h, sudoreplay.c: + Move prototypes for missing libc functions to missing.h + [7483166b577b] + +2009-10-16 Todd C. Miller + + * config.h.in, configure, configure.in: + Disable transcript support if no tcsetpgrp until we support older + BSD-style job control. + [27ac1d8163df] + + * configure, configure.in, pty.c, script.c: + Break out pty code into pty.c + [e85509b25d41] + + * compat.h, config.h.in, configure, configure.in: + add killpg macro if no killpg function + [3a125f4a51f0] + + * config.h.in, configure, configure.in, script.c: + Push ptem and ldterm for STERAMS-based systems when allocating a + pty. + [36bb39b30ff2] + +2009-10-15 Todd C. Miller + + * script.c: + Sprinkle some more O_NOCTTY and call grantpt() before unlockpt() + [d94bd5c9bf4e] + + * script.c: + Call tcgetpgrp() in the parent, not the child and have the child + spin until it is granted. Fixes a race on darwin. + [6e8d435339ce] + + * script.c: + Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just + reopen slave. + [0bdc63c019ca] + +2009-10-14 Todd C. Miller + + * script.c: + In script mode, if the command is killed by a signal, print the + signal description as well as a core dump notification like the + shell does. + [9df61738df07] + + * Makefile.in, config.h.in, configure, configure.in, strsignal.c, + sudo.h: + Add check for strsignal() and a simple implementation if it is not + there but sys_siglist is + [61421a188ef4] + + * script.c: + Add missing WUNTRACED and store the signal that stopped the + grandchild in suspended, not signo. + [df65042b200e] + + * script.c: + g/c unused code + [40d8cb5c9203] + + * script.c: + Associate the grandchild's pgrp with the tty instead of the child's + and just get suspend notifications via SIGCHLD instead of directly. + This fixes a hang with programs that try to set terminal attributes + and is more consistent with how the shell handles things. + [6865abff7e94] + +2009-10-12 Todd C. Miller + + * script.c: + Move setpgid() of child into the parent side of the fork() where it + belongs. + [3defa782777c] + +2009-10-11 Todd C. Miller + + * script.c: + fix typo + [b6a612b3622c] + + * script.c: + Run command in its own pgrp (like the shell does) for easier + signalling. No need to relay SIGINT or SIGQUIT to parent, just send + to grandchild. Don't want grandchild stopped events in the child + (only termination). Flush output after suspending grandchild before + signalling parent. + [db556bf2176f] + + * script.c: + Back out revision 1.34; the problem lies elsewhere. + [85f590a03275] + + * script.c: + Don't set stdout to blocking mode when flushing remaining output. + It can cause us to hang when trying to exit. Need to investigate + why. + [6f803a3e33ca] + + * script.c: + Handle SIGTTOU and remove some debugging. + [52d17279053e] + + * term.c: + Back out revision 1.10 as the signal that interrupts us may be + SIGTTOU or SIGTTIN which the caller must handle. + [7e2fa9107975] + + * script.c: + Apparently we need to send SIGSTOP to the command as well as ourself + when we get SIGTSTP, the kernel doesn't automatically stop the + process for us. + [1a936e9309c4] + + * script.c: + Use an extra process to act as the glue bewteen the sessions + associated with the user's controlling tty (what the shell uses) and + the tty that sudo is using to do its logging. Basically, this means + that if we get, e.g. SIGTSTP from the process sudo is running, we + relay the signal to the parent so it's shell can do the job control. + [6dd296988060] + + * term.c: + Handle getting/setting terminal attributes when the fd is in non- + blocking mode. + [ae5ae535ea7b] + +2009-10-07 Todd C. Miller + + * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: + Add support for pausing and changing the speed in interactive mode. + [72a2063780a7] + + * script.c: + Already define O_NOCTTY in compat.h, don't need it here + [b5d80ed3e5ce] + +2009-10-06 Todd C. Miller + + * sudoreplay.c: + Add missing protos + [c4cb4e7f4d8a] + +2009-09-30 Todd C. Miller + + * sudo_edit.c: + Always update the stashed mtime of the temp file instead of using + what we have for the original because the time resolution of the + filesystem the temporary is on may not match that of the filesystem + that holds the original. Should fix bz #371 found by Philippe Levan. + [c86ca4bec60c] + + * sudoreplay.c: + Use cbreak mode instead of raw mode and add signal handlers to + restore the tty on interrupt. + [84dd283da41c] + + * script.c, sudo.h, term.c: + Retain NL to NLCR conversion on the real tty and skip it on the pty + we allocate. That way, if stdout is not a pty there are no extra + carriage returns. + [32e4f570414e] + + * script.c: + Fix log_output(); just pass in a string and a length. + [ca980cc0a3fb] + +2009-09-28 Todd C. Miller + + * script.c: + do not use errno when complaining out lack of a tty + [8f9b8c55ab8e] + +2009-09-27 Todd C. Miller + + * Makefile.in, sudoreplay.c, term.c: + Instead of messing with line endings, just set terminal to raw mode + in sudoreplay. + [90943fa87acb] + + * term.c: + When copying the terminal attributes to the pty, be sure not to set + ONLCR. This prevents extra carriage returns from ending up in the + script output file. + [e6b5475ac2aa] + + * script.c: + Convert a do {} while into a while + [e461310d2c77] + + * Makefile.in: + Use if then instead of test && when installing binaries that may not + exist. + [ad4f9490d971] + + * script.c: + Add O_NOCTTY when opening a tty device. Explicitly disconnect from + old tty before associatng with new one. + [0e0ca634b80c] + + * script.c, selinux.c, sudo.c, sudo.h: + First cut at refactoring some of the selinux code so it can be used + in conjunction with sudo's transcript support. + [779b0d8f9d29] + +2009-09-26 Todd C. Miller + + * aclocal.m4, configure, configure.in: + Fix default case of transcript_enabled being unset. + [f8aa96186e6b] + + * script.c, sudoreplay.c: + Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR + [2844a7a851fa] + + * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c: + Hook up --disable-transcript and --enable-transcript=DIR + [b3fa7e6b2480] + +2009-09-25 Todd C. Miller + + * aclocal.m4, configure, configure.in, pathnames.h.in: + _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable- + transcript=DIR option to specify the directory + [b0bb76d43cda] -1999-09-14 03:42 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: + regen + [c7a8a0a9027c] + + * configure, configure.in, sudoers.man.pl, sudoers.pod: + Substitute in default value for secure_path + [c8f9ac6dbf93] + + * sudo.pod: + Mention that the password must be followed by a newline with the -S + option. + [2fc589a3ee7e] + +2009-09-20 Todd C. Miller + + * script.c: + Go back to dropping out of the select() loop when the process dies; + Linux ptys apparently don't behave the same as BSD in regards to + select(). No need to flush remaining output to the transcript, only + to stdout. Add back code to check the master pty for additional data + when we exit the main select loop. + [abed9a9cbc6b] + +2009-09-19 Todd C. Miller + + * Makefile.in: + Add getline.o to COMMON_OBJS + [04ef7643cbc2] + + * Makefile.in: + sudoreplay depends on libsudo.a + [142bd0472631] + + * Makefile.in: + More pwutil.o into COMMON_OBJS + [4a016b933629] - * configure, configure.in: enforce an otctal arg for - --with-suoders-mode + * pwutil.c, testsudoers.c, tsgetgrpw.c: + Remove my_* redirection in pwutil.c for testsudoers and just use the + normal libc get{pw,gr}* names. + [9b76d637d86b] + + * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: + More time and date examples + [c6ee0175ec56] + + * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c: + Move nanosleep() emulation into its own file Check librt.a for + nanosleep if we don't find it in libc + [4da0cc26aad7] + + * Makefile.in, configure, configure.in: + Build libsudo with the common bits and link things against that. + [2b53bc0b081a] + + * script.c: + Fix final flush. + [6da287d833da] + + * script.c: + Keep reading from the pty master -> log file until read returns <= + 0. Do our best to write everything to stdout when flushing any + remaining bits. + [2a45d4ae280c] + + * sudoreplay.c: + Use unbuffered I/O when writing to stdout and make sure we write the + entire buffer. + [f39ef9844a47] + +2009-09-18 Todd C. Miller + + * sudoreplay.c: + Only use max_wait if it is non-zero + [f6c10604d2e8] -1999-09-08 04:06 millert + * getdate.c, getdate.y, getline.c: + Need compat.h here + [5d6722e225a0] - * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, check.c, - config.h.in, configure, configure.in, defaults.c, defaults.h, - find_path.c, lex.yy.c, logging.c, parse.h, parse.lex, parse.yacc, - sudo.c, sudo.h, sudo.tab.h, testsudoers.c, version.c, visudo.c, - auth/aix_auth.c, auth/fwtk.c, auth/kerb5.c, auth/pam.c, - auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c: Add support for - "Defaults" line in sudoers to make configuration variables - changable at runtime (and on a global, per-host and per-user - basis). Both the names and the internal representation are still - subject to change. It was necessary to make sudo_user.runas but - a char ** instead of a char * since this value can be changed by - a Defaults line. There is a similar (but more complicated) issue - with sudo_user.prompt but it is handled differently at the - moment. + * sudoreplay.c: + Fix nanosleep emulation + [34e5e5d72a76] - Add a "-L" flag to list the name of options with their - descriptions. This may only be temporary. + * script.c: + Fix comment after #endif + [bd1347718b25] - Move some prototypes to parse.h + * sudoreplay.c: + Add protos for missing libc bits + [644f496427a2] - Be much less restrictive on what is allowed for a username. + * configure, configure.in: + add missing line continuation char + [db13c0d402cd] + + * config.h.in, configure, configure.in, getline.c: + Implement getline() in terms of fgetln() if we have it. + [3ab786eaadc5] -1999-09-08 04:01 millert + * sudoreplay.c: + Print year when formatting log line + [90be669e3443] - * sample.syslog.conf: Add more info + * sudoreplay.pod: + Document cwd, attempt to document time/date formats. + [6290fb9b65c6] -1999-09-04 03:09 millert + * sudoreplay.c: + Fix getline return value check. + [d696d6657261] - * fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c, - strcasecmp.c, LICENSE: UCB has dropped the advertising clause - from their license. + * Makefile.in, config.h.in, configure, configure.in, getline.c, + sudoreplay.c: + Use getline() if the system has it, else use provide our own for + sudoreplay. + [afca1d6fbe5e] -1999-08-31 05:39 millert + * script.c: + Refactor code to update output and timing files. + [361491332b1a] - * auth/sudo_auth.h: move dce_verofy proto to correct section +2009-09-17 Todd C. Miller -1999-08-31 05:39 millert + * sudoreplay.c: + Make sudo_getln() behave more like glibc getline. + [40c9f2ea29e6] - * auth/dce.c: remove XXX + * script.c: + When flushing remaining output, also update timing file. + [5a9a5a627549] -1999-08-28 06:00 millert + * sudoreplay.c: + Use get_timestr() and make the -l output look like the regular sudo + log. + [452ba9d436c9] - * emul/fnmatch.h: Add fnmatch() prototype + * logging.c, sudo.h, timestr.c: + Make get_timestr() take a time_t so we can use it properly in + sudoreplay. + [82e67cc53c9c] -1999-08-28 06:00 millert + * script.c: + Create session dir earlier now that we update the seq number early. + [797fe8d6dc61] - * fnmatch.c, parse.c, testsudoers.c: Move inclusion of - emul/fnmatch.h to be after sudo.h for __P +2009-09-16 Todd C. Miller -1999-08-28 05:59 millert + * sudoreplay.c: + Use fromdate and todate as the keywords instead of from and to; the + short forms will still be accepted. + [d14d9b116df4] - * sudo.h: add strcasecmp proto + * sudoreplay.c: + Fix reading long liensin sudo_getln() + [58dadd74118c] -1999-08-28 05:50 millert + * script.c, sudoreplay.c: + Log the cwd in the script log file. Add sudo_getln() to read + arbitrarily long lines. + [faceb802ab8f] - * auth/sudo_auth.c: add check for case where there are no auth - methods + * Makefile.in, logging.c, sudo.h, timestr.c: + Move get_timestr() into its own source file so sudoreplay can use + it. + [99b054bfa20a] -1999-08-28 05:36 millert +2009-09-15 Todd C. Miller - * configure, configure.in: Define _XOPEN_EXTENDED_SOURCE on AIX and - __USE_FIXED_PROTOTYPES__ on SunOS4 w/ gcc + * sudoreplay.c: + Add to and from perdicates (date ranges); needs documentation + [1d629174dcf4] -1999-08-28 05:24 millert +2009-09-14 Todd C. Miller - * getspwuid.c, lex.yy.c, parse.lex, parse.yacc: include strings.h - everywhere we include string.h + * Makefile.in, getdate.c, getdate.y: + Fix warning and add generated getdate.c + [b877a86b5a03] -1999-08-28 05:22 millert + * Makefile.in, getdate.y: + Add getdate.y to be used for sudoreplay date parsing. + [b8e26fbb7a40] - * version.c: nicer output when showing auth methods +2009-09-13 Todd C. Miller -1999-08-28 05:00 millert + * sudoreplay.c: + Check more than just the first character of a predicate + [4fe53728adb1] - * version.c: Add support for SEND_MAIL_WHEN_NO_HOST + * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: + Add examples, sort predicates + [70f8075cbccc] -1999-08-28 04:49 millert + * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, + sudoreplay.pod: + Implement search expressions in sudoreplay similar in concept to + what find or tcpdump uses. TODO: date ranges + [f7ce4fb4cf3a] - * config.h.in, configure.in, configure: Add _GNU_SOURCE for Linux +2009-09-07 Todd C. Miller -1999-08-28 04:22 millert + * script.c: + Remove vhangup as it was hanging up the wrong tty. Should really + vhangup in the child after it as set its tty. + [2eed9df73010] - * parse.lex, lex.yy.c: fix definition of OCTECT + * sudoers.pod: + Fix cut at documenting transcript support. + [e6c533a5568a] -1999-08-28 04:10 millert + * logging.c: + ID= -> TSID= for transcript ID + [1bf755a35333] - * configure, configure.in: aix_auth.o not authenticate.o +2009-09-06 Todd C. Miller -1999-08-27 17:02 millert + * sudoers.pod: + Move fast_glob description to where it belongs in sorted order + [5901cfb0d25f] - * sudo.c: Only block SIGINT, SIGQUIT, SIGTSTP (which can be - generated from the keyboard). Since we run with ruid/euid == 0 - the user can't really signal us in nasty ways. + * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, + parse.c, parse.h, sudo.c: + Rename script -> transcript + [e06cf823122c] -1999-08-27 17:01 millert +2009-09-03 Todd C. Miller - * visudo.c: Don't need to worry about catching too many signals - since we do locking on the tmp file. If a lockfile is really - stale, it will be detected and overwritten. + * compat.h: + Add timeradd and timersub for those without them + [929f8aa06c2b] -1999-08-27 16:09 millert + * script.c: + Sanity check sessid before using it. + [aa8ca5211d43] - * INSTALL, Makefile.in: include auth/API in tarball + * sudo.c: + Only set the session id if we are running a command or editing a + file. + [7205d717c098] -1999-08-27 16:09 millert + * script.c: + Actually. qsort is fine since most versions fal back to a cheaper + sort when the number of elements to sort is small (like in our + case). + [d11c7cd352fe] - * auth/sudo_auth.c: move memset() of plaintext pw outside of verify - loop and only do the memset if we are *not* in standalone mode. + * config.h.in, configure, configure.in, script.c: + Check for dup2 and use dup instead if we don't have it. + [98bd89830f8a] -1999-08-27 13:46 millert + * script.c, sudo.c, sudo.h: + Move the code to dup2 the script fds to low numbered descriptors + into script_duplow() and fix the fd sorting. + [9453fdc5fba6] - * auth/: sudo_auth.c, sudo_auth.h: DCE is not a standalone method + * script.c, sudo.c, sudo.h: + Move script_setup() back to immediately before we drop privs and + call the new script_nextid() in its place, which will set + sudo_user.sessid for the logging functions. + [8434d0c8ff08] -1999-08-27 11:53 millert +2009-09-01 Todd C. Miller - * sudo.c: fix --enable-noargs-shell + * Makefile.in: + Install sudoreplay + [6acf2cdb4d3f] -1999-08-27 11:06 millert + * sudoreplay.c: + remove unused variable + [2316360bb992] - * snprintf.c: "#ifdef __STDC__" not "#if __STDC__" (I missed one) +2009-08-30 Todd C. Miller -1999-08-27 10:54 millert + * logging.c, script.c, sudo.c, sudo.h: + Log the session ID, if there is one. Currently logs ID=XXXXXX, + perhaps should be SESSIONID or SESSID. + [53976905b0a6] - * auth/: fwtk.c, sia.c: _cleanup() function returns an int. + * Makefile.in, configure, configure.in, sudoreplay.cat, + sudoreplay.man.in, sudoreplay.pod: + Add sudoreplay docs + [da4f14f0e64c] -1999-08-27 10:50 millert + * sudoreplay.c: + add -V (version) flag + [b5e743639ee3] - * auth/dce.c: there were still some return(0)'s hanging around, - make them AUTH_FAILURE + * sudoreplay.c: + Hook up max_wait. + [2ec5697a92ba] -1999-08-27 10:39 millert + * script.c, sudoreplay.c: + Use base36 number for the ID and store script files with paths like + /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6 + (2,176,782,336) unique IDs. + [6aab019d07aa] - * parse.c: typo in comment +2009-08-23 Todd C. Miller -1999-08-27 10:03 millert + * config.h.in, configure.in: + Add check for regcomp + [44c3ebd7ff34] - * version.c: add missing semicolon + * sudoreplay.c: + Add support for selecting by pattern and tty when listing. + [66189f840c52] -1999-08-27 08:31 millert +2009-08-17 Todd C. Miller - * auth/sudo_auth.h: missing backslash + * sudoreplay.c: + The beginnings of a list mode. + [8d0150b4a52c] -1999-08-26 17:24 millert +2009-08-16 Todd C. Miller - * CHANGES, config.h.in, configure, configure.in: Kill - _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes + * Makefile.in: + fix pasto + [616b4640b8a8] -1999-08-26 09:21 millert + * Makefile.in, config.h.in, configure.in: + Add scaffolding for building sudoreplay + [a32958505dbe] - * Makefile.in: add parse.h to HDRS + * sudoreplay.c: + include error.h first arg to nanotime is const + [fe5a7bb31bc5] -1999-08-26 09:16 millert + * sudoreplay.c: + Initial cut at sudoreplay; replay a sudo session. + [f149fba372bd] - * Makefile.in, configure, configure.in: Kill VISUDO_LIBS and - VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and LDFLAGS. Common libs go - in LIBS, commong ld flags go in LDFLAGS and network libs like - -lsocket, -lnsl go in NET_LIBS. This allows testsudoers to build - on Solaris and is a bit cleaner in general. +2009-08-08 Todd C. Miller -1999-08-26 06:56 millert + * script.c: + Fix wait() usage and use correct wait status. + [f4745ed7ad05] - * UPGRADE: mention ptmp -> sudoers.tmp + * sudo.c, sudo.h, tgetpass.c: + Add protos for term_* to sudo.h + [14fe1abd7e7b] -1999-08-26 06:12 millert + * script.c: + Fix detection of the child process exiting. Since the child is in + its own session we should only ever get SIGCHLD for that process but + better safe than sorry. + [7edfdadd8505] - * configure.in, configure, config.h.in: Define - _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE + * config.h.in: + Add UNIX98 pty support. + [82f4b53a0e8f] -1999-08-26 05:37 millert + * configure, configure.in, script.c: + Add UNIX98 pty support. + [795b8bb0a3a1] - * RUNSON: add 2 reports +2009-08-07 Todd C. Miller -1999-08-26 05:20 millert + * term.c: + For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC + if it is defined. + [40f8b83baf69] - * auth/kerb5.c: Minor changes, mostly cosmetic. - verify_krb_v5_tgt() changed to return a value more like a system - function + * auth/pam.c: + Set PAM_RUSER and PAM_RHOST early so they can be used during + authentication. Based on a patch from Jamie Beverly. + [3d567b453a6a] -1999-08-26 05:19 millert + * match.c: + Close dir before returning if strlcpy() reports overflow. From + Martynas Venckus. + [6a82f96473e5] - * auth/dce.c: Add an XXX + * config.h.in, configure, configure.in, script.c: + On Linux, the openpty proto libes in pty.h + [98643a018d1c] -1999-08-26 05:19 millert + * script.c: + Call vhangup on exit if the system has it Use setpgrp() if no + setsid() + [3a9e13149829] - * TODO: more things todo! +2009-08-06 Todd C. Miller -1999-08-26 05:18 millert + * config.h.in, configure, configure.in: + Add checks for revoke and vhangup if we don't have openpty + [fcb04572e994] - * sample.sudoers: update based on what is in the man page + * script.c: + Session logging guts that got forgotten in the previous commit. + [c2af08a63ea9] -1999-08-26 05:10 millert + * Makefile.in, aclocal.m4, compat.h, config.h.in, configure, + configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, + gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c, + tgetpass.c: + First cut at session logging for sudo. Still need to write + get_pty() for Unix 98 and old-style BSD ptys. Also needs + documentation and general cleanup. + [77e3f5e25738] - * parse.yacc: minor change to first line printed in -l mode +2009-08-05 Todd C. Miller -1999-08-26 05:10 millert + * sudo.c, sudo_edit.c: + Fix a bug introduced with def_closefrom. The value of def_closefrom + already includes the +1. + [7291c136300d] - * sudo.cat, sudo.html, sudo.man, sudo.pod: rename "ENVIRONMENT - VARIABLES" section to "ENVIRONMENT" to be more standard and add - "EXAMPLES" section +2009-07-29 Todd C. Miller -1999-08-26 05:08 millert + * Makefile.in: + Generate sudo distributions with pax in ustar mode. No longer need + to use a temp file or have the source dir name match the version. + [9778177a8272] - * visudo.cat, visudo.html, visudo.man, visudo.pod: rename - "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more - standard +2009-07-18 Todd C. Miller -1999-08-26 05:06 millert + * toke.c, toke.l: + Fix expansion of %h in #include names. Fixes bugzilla 363 + [6e346879ba24] - * logging.c, parse.c, sudo.h: add FLAG_NO_CHECK +2009-07-12 Todd C. Miller -1999-08-26 05:05 millert + * mkdefaults: + If no arg assume def_data.in + [c1dd28c0e675] - * parse.lex, lex.yy.c: make an OCTET really be limited to 0-255 + * README, WHATSNEW: + Update for 1.7.2 + [f5ad45f69f05] [SUDO_1_7_2] -1999-08-26 05:04 millert + * ChangeLog: + sync + [6283549396ff] - * UPGRADE: mention timestamp changes +2009-06-30 Todd C. Miller -1999-08-26 05:04 millert + * sudoers.cat, sudoers.man.in, sudoers.pod: + Add missing single quotes around a colon in Runas_Spec definition. + From Elias Benali. + [ccc6ee4fca83] - * PORTING: cosmetic cleanup +2009-06-29 Todd C. Miller -1999-08-26 05:00 millert + * sudo.man.in, sudoers.man.in: + regen + [546e75304ebf] - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: new - sudoers(8) man page + * redblack.c: + In rbrepair, re-color the root or the first non-block node we find + to be black. Re-coloring the root is probably not needed but won't + hurt. + [34d01ebe241b] -1999-08-24 13:45 millert + * sudo.cat, sudoers.cat: + regen + [bebf5a39f54f] - * version.c: Update comments about syslog name tables +2009-06-26 Todd C. Miller -1999-08-24 13:37 millert + * redblack.c: + When repairing the tree, don't touch the root node. + [9841f0d5d789] - * CHANGES, LICENSE, Makefile.in, configure, strcasecmp.c, - configure.in, parse.yacc: include strcasecmp() for those without - it +2009-06-25 Todd C. Miller -1999-08-24 12:43 millert + * set_perms.c: + Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID. + Reported by Josef Schmid. + [ed044b1eb879] - * sample.sudoers: Use the : operator some more and fix a typo +2009-06-23 Todd C. Miller -1999-08-24 12:43 millert + * sudoers.pod: + Document that we accept env_pam-style environment files + [e3b545456352] - * HISTORY: update the history of sudo + * env.c: + Adapt to accept pam_env-style /etc/environment which allows shell- + style lines such as: export EDITOR="/usr/bin/vi" + [752eb75bf007] -1999-08-24 12:42 millert + * sudoers.pod: + Make it clear that env_delete only works when !env_reset. From Lo??c + Minier + [3bd3f8e351ba] - * parse.c, parse.lex, testsudoers.c: CIDR-style netmask support +2009-06-15 Todd C. Miller -1999-08-24 12:41 millert + * sudo.pod, sudoers.pod: + Add non-unix group bits, adapted from Quest + [8ce427de8dea] - * CHANGES: recent changes + * Makefile.in: + build the .cat page in the current working dir, not the src dir + [00e87a307674] -1999-08-24 12:40 millert + * env.c: + Return EINVAL in setenv() if var is NULL or the empty string to + match glibc behavior. + [23fd7c247142] - * sudo.tab.h: these should be generated with byacc, not bison +2009-06-13 Todd C. Miller -1999-08-24 12:40 millert + * configure, configure.in: + Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE + [fedd4a3e2a85] - * lex.yy.c: regen +2009-06-11 Todd C. Miller -1999-08-24 11:58 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen + [7b9f461a40b3] - * parse.h, parse.yacc, sudo.tab.h: In "sudo -l" mode, the type of - the stored (expanded) alias was not stored with the contents. - This could lead to incorrect output if the sudoers file had - different alias types with the same name. Normal parsing (ie: - not in '-l' mode) is unaffected. +2009-06-09 Todd C. Miller -1999-08-23 12:47 millert + * INSTALL: + Document --with-libvas and --with-libvas-rpath + [a071e6d96c89] - * configure, configure.in: define _XOPEN_SOURCE to get at crypt() - proto on some systems +2009-05-29 Todd C. Miller -1999-08-22 13:10 millert + * ldap.c, sudoers.ldap.pod: + For netscape-derived LDAP SDKs the cert and key paths may be a + directory or a file. However, version 5.0 of the SDK only seems to + support using a directory. If ldapssl_clientauth_init fails and the + cert or key paths look like they could be files, strip off the last + path element and try again. + [ac4e49d83043] - * snprintf.c: fix comment + * Makefile.in: + Add non-Unix group .o to COMMON_OBJS and substitute in path to flex. + [4547cc1a335f] -1999-08-22 13:09 millert +2009-05-27 Todd C. Miller - * tgetpass.c: don't need limits.h + * configure, configure.in, match.c, sudo.c, vasgroups.c: + Update non-Unix group support from Quest, as reworked by me. + [1abafce29dc6] -1999-08-22 07:36 millert + * toke.c: + regen + [01bfca9148b7] - * snprintf.c: kill bogus reference to vfprintf + * toke.l: + Add support for escaped hex chars in names, e.g. \x20 for space. + [3c7be8e58a39] -1999-08-22 07:26 millert +2009-05-25 Todd C. Miller - * sample.sudoers, sudoers: better examples + * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c, + auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c, + fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c, + logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c, + set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h, + sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c, + tgetpass.c, toke.l, visudo.c: + Update copyright years. + [e615f676c764] -1999-08-22 07:23 millert +2009-05-24 Todd C. Miller - * snprintf.c: Add some const in the K&R defs. This is safe since - we define const away if the compiler doesn't grok it. + * interfaces.c, lbuf.c: + Minor fixes for Minix-3 + [898c510d23f9] -1999-08-22 07:22 millert +2009-05-22 Todd C. Miller - * aclocal.m4, configure: Better test for working long long support. - Ultrix compiler supports basic long long but not all operations - on them. + * set_perms.c: + Handle getgroups() returning 0. Also add missing check for + HAVE_GETGROUPS. + [d73b958f9ffd] -1999-08-22 05:59 millert +2009-05-19 Todd C. Miller - * aclocal.m4, config.h.in, configure, getspwuid.c, snprintf.c, - sudo.c, auth/secureware.c: Add check for LONG_IS_QUAD #undef - MAXINT before including hpsecurity.h to silence an HP-UX warning - Check for U?LONG_LONG_MAX in snprintf.c and use LONG_IS_QUAD + * Makefile.in, config.h.in, configure, configure.in, sudo.c, + version.h, visudo.c: + Replace version.h with PACKAGE_VERSION set via AC_INIT in configure. + [5050579a264d] -1999-08-21 15:00 millert +2009-05-18 Todd C. Miller - * LICENSE, aclocal.m4, config.h.in, configure, configure.in, - snprintf.c: UCB-derived snprintf + asprintf support. Supports - quads if the compiler does. No floating point yet, perhaps - later... + * set_perms.c: + Remove group setting code in setusercontext case, we will do it + ourselves later on in runas_setup. Set the gid after + initgroups/setgroups is called, since on Mac OS X it seems to change + the egid. + [09dc21d8b42d] -1999-08-20 16:37 millert +2009-05-17 Todd C. Miller - * check.c, find_path.c, goodpath.c, logging.c, parse.c, sudo.c, - auth/API, auth/sudo_auth.c, auth/sudo_auth.h: Run most of the - code as root, not the invoking user. It doesn't really gain us - anything to run as the user since an attacker can just have an - setuid(0) in their egg. Running as root solves potential - problems wrt signalling. + * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c, + vasgroups.c: + Initial bits of non-unix group support using Quest Authentication + Services + [1eecab0ff27e] -1999-08-19 13:45 millert + * toke.c, toke.l: + Accept %:foo as a non-Unix group + [4c4b5dd899a6] - * logging.c, sudo.c: Don't wait for child to finish in log_error(), - let the signal handler get it if we are still running, else let - init reap it for us. The extra time it takes to wait lets the - user know that mail is being sent. + * toke.c, toke.l: + Allow user/group to be double quoted in the case of non-Unix groups + which contain spaces. + [47a3d568b7e8] - Install SIGCHLD handler in main() and for POSIX signals, block - everything *except* SIGCHLD. +2009-05-11 Todd C. Miller -1999-08-19 12:30 millert + * match.c: + Don't allow the user to specify the default runas user if their + sudoers entry only allows them to run as a group. + [4d726177227c] - * logging.c, parse.c, parse.yacc, sudo.c, configure, sudo.h, - INSTALL, config.h.in, configure.in: sudoers_lookup() now returns - a bitmap instead of an int. This makes it possible to express - things like "failed to validate because user not listed for this - host". Some thigns that were previously VALIDATE_FOO are now - FLAG_FOO. This may change later on. +2009-05-10 Todd C. Miller - Reorganized code in log_auth() and sudo.c to deal with above - changes. + * sudo.c: + Must call audit_success before we change uids. + [04a9e6ce6e55] - Safer versions of push/pushcp with in the do { ... } while (0) - style + * logging.c, set_perms.c, sudo.h, testsudoers.c: + Add option for set_perm to not exit on failure and use this in the + logging routines. + [833dce7b7f42] - parse.yacc now saves info on the stack to allow parse.c to - determine if a user was listed, but not for the host he/she tried - to run on. + * parse.c: + In -l mode, if the user is only allowed to run as a group, display + the user's name, not root's before the allowed group. + [ef92ff99d265] - Added --with-mail-if-no-host option + * sudo.c: + Fix -g mode, broken by rev 1.503 which had the side effect of + setting the runas user to root unilaterally. + [50a2f7df4385] -1999-08-17 11:29 millert +2009-05-08 Todd C. Miller - * parse.yacc, sudo.h, visudo.c, visudo.cat, visudo.html, - visudo.man, visudo.pod: o NewArgv and NewArgc don't need to be - externally visible. o If pedantic > 1, it is a parse error. o - Add -s (strict) option to visudo which sets pedantic to 2. + * fileops.c: + When unlocking a file with fcntl, use F_SETLK, not F_SETLKW. + [30fbe832dcf3] -1999-08-17 11:26 millert + * pwutil.c: + Only cache by the method we fetched for pwd and grp lookups. + Previously we cached both by namd and id but this can cause problems + for entries that share the same id. Also add more info in the error + message in case the insert fails (which should now be impossible). + [ef95a4f0bab5] - * HISTORY, INSTALL: Just have sudo-bugs contact info in one place +2009-04-30 Todd C. Miller -1999-08-17 11:20 millert + * sudoers.pod: + Add a clarification from Nick Sieger + [1eadad329561] - * sudo.cat, sudo.html, sudo.man, sudo.pod: Add BUGS section +2009-04-25 Todd C. Miller -1999-08-17 10:29 millert + * env.c: + Inline the setting of the environment string. + [9515d11c6295] - * configure, configure.in, Makefile.in: Add testsudoers to default - build target if --with-devel Don't clean generated parser files - unless "distclean". +2009-04-24 Todd C. Miller -1999-08-17 08:47 millert + * env.c: + setenv(3) in Linux treats a NUL value as the empty string setenv(3) + in BSD doesn't return an error if the name has '=' in it, it just + treats the '=' as end of string. + [941260bf94d2] - * parse.yacc: In pedantic mode we need to save *all* the aliases, - not just those that match, or we get spurious warnings. +2009-04-22 Todd C. Miller -1999-08-17 05:32 millert + * toke.c, toke.l: + Not all systems have d_namlen + [e377b18d8e2d] - * TROUBLESHOOTING: reference samples.sylog.conf +2009-04-20 Todd C. Miller -1999-08-14 11:50 millert + * sudoers.pod: + Fix up some pod2html issues. + [823a1f10ab60] - * sample.syslog.conf: Sample entries for syslog.conf +2009-04-19 Todd C. Miller -1999-08-14 11:40 millert + * interfaces.c: + Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from + Quest Software. + [73de36653131] - * CHANGES: recent changes + * sudoers.pod: + Ignore files ending in '~' in sudo.d (emacs backup files) + [7871fad702db] -1999-08-14 11:36 millert + * toke.c, toke.l: + Ignore files ending in '~' in sudo.d (emacs backup files) + [53fded2a469f] - * auth/: API, afs.c, aix_auth.c, dce.c, fwtk.c, kerb4.c, kerb5.c, - pam.c, passwd.c, rfc1938.c, secureware.c, securid.c, sia.c, - sudo_auth.c, sudo_auth.h: In struct sudo_auth, turn need_root and - configured into flags and add a flag to specify an auth method is - running alone (the only one). Pass auth methods their sudo_auth - pointer, not the data pointer. This allows us to get at the - flags and tell if we are the only auth method. That, in turn, - allows the method to be able to decide what should/should not be - a fatal error. Currently only rfc1938 uses it this way, which - allows us to kill the OTP_ONLY define and te hackery that went - with it. With access to the sudo_auth struct, methods can also - get at a string holding their cannonical name (useful in error - messages). +2009-04-18 Todd C. Miller -1999-08-14 11:34 millert + * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l: + For #includedir, ignore any file containing a dot + [a7daa1bce6c2] - * Makefile.in, INSTALL, README, config.h.in, configure, - configure.in, getspwuid.c, lex.yy.c, parse.lex, parse.yacc, - sudo.tab.h: o --with-otp deprecated, use --without-passwd instead - o real dependencies in the Makefile o --with-devel option to - enable yacc, lex, and -Wall o style -- "foo -> bar" becomes - "foo->bar" o ALL goes back to being a token, not a string but - don't leak memory o rename hsotspec -> host in parse.yacc + * Makefile.in, version.h: + Bump version + [ef60f14ffc44] -1999-08-12 12:26 millert + * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat, + sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l, + visudo.c: + Implement #includedir directive. Files in an includedir are not + edited by visudo unless they contain a syntax error. + [3923d85a6c79] - * BUGS, CHANGES: recent changes + * ChangeLog: + sync + [8741ed61a78b] [SUDO_1_7_1] -1999-08-12 12:24 millert + * WHATSNEW: + Forgot umask_override + [7c86a21a5504] - * configure, configure.in, interfaces.c, snprintf.c, sudo.c, - sudo.h, auth/sudo_auth.c: o Digital UNIX needs to check for - *snprintf() before -ldb is added to LIBS since -ldb includes a - bogus snprintf(). o Add forward refs for struct mbuf and struct - rtentry for Digital UNIX. o Reorder some functions in snprintf.c - to fix -Wall o Add missing includes to fix more -Wall + * ChangeLog, TODO: + sync + [57339ca6bccf] -1999-08-12 10:37 millert +2009-04-16 Todd C. Miller - * INSTALL, check.c, config.h.in, configure, configure.in, - parse.yacc, testsudoers.c, version.c, visudo.c, auth/sudo_auth.c: - o Add a "pedentic" flag to the parser. This makes sudo warn in - cases where an alias may be used before it is defined. Only - turned on for visudo and testsudoers. o Add - --disable-authentication option that makes sudo not require - authentication by default. The PASSWD tag can be used to require - authentication for an entry. We no longer overload - --without-passwd. + * visudo.c: + Rewind stream if we fdopen sudoers since it may not be at the + beginning. Set the keepopen flag on already-open files too so the + lexer doesn't close them out from under us. + [61292d819aff] -1999-08-12 10:29 millert + * visudo.c: + Print the proper file name when there is a parse error in an include + file. + [b0e85d4aedde] - * lex.yy.c, parse.lex: Break 'WORD' regexp def into HOSTNAME and - USERNAME. These days a username can contain just about anything - so be very permissive. Also drop the unused \. punctuation. +2009-04-11 Todd C. Miller -1999-08-09 18:25 millert + * WHATSNEW: + Sync + [997e5d485ea3] - * parse.yacc: o add a 'val' element to aliasinfo struct and move -> - parse.h o find_alias() now returns an aliasinfo * instead of - boolean o add_alias() now takes a value parameter to store in the - aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now - return: 1) positive match 0) negative match (due to '!') -1) no - match This means setting $$ explicitly in all cases, which I - should have done in the first place. It also means that we - always store a value that is != -1 and when we see a '!' we can - set *_matches to !rv if rv != -1. The upshot of all of this is - that '!' now works the way it should in lists and some of the - rules are more uniform and sensible. +2009-04-10 Todd C. Miller -1999-08-09 18:17 millert + * configure, configure.in: + Fix a warning when --without-ldap is specified. + [d91fd9481b30] - * Makefile.in: add parse.h dependency +2009-04-05 Todd C. Miller -1999-08-09 18:17 millert + * alias.c, parse.h, visudo.c: + Store aliases that we remove during check_aliases in a freelist and + free them at the end so we don't leak memory. + [805e2272f6a3] - * parse.h: kill unused *_matched macros +2009-03-28 Todd C. Miller -1999-08-09 10:35 millert + * visudo.c: + Check aliases in -c mode too. + [9199e188d9f2] - * parse.yacc: Allow a list of users as the first thing in a user - spec, not just a single entry. This makes things more uniform, - though it does allow you to write user specs that are hard to - read. + * alias.c, parse.h, visudo.c: + Make alias_remove return the alias struct instead of freeing it + directly. Fixes a use after free in alias_remove_recursive, the only + consumer. + [a04b61804800] -1999-08-09 10:08 millert + * alias.c, match.c, parse.c, parse.h, visudo.c: + Rename find_alias -> alias_find for consistency. + [48b0a82924f3] - * configure: regen +2009-03-27 Todd C. Miller -1999-08-09 10:08 millert + * visudo.c: + When checking for unused aliases, recurse if the alias points to + another alias. + [2d4d1a7f3a41] - * configure.in: fix check for crypt() in libufc +2009-03-16 Todd C. Miller -1999-08-07 14:03 millert + * ldap.c: + Back out rev 1.105 for now. Real ldapux_client.conf support will be + done later after some refactoring. + [8ad72e69b277] - * README: sudo-users list now exists +2009-03-14 Todd C. Miller -1999-08-07 07:46 millert + * ldap.c: + Treat ldap_hostport the same as "host" for ldapux. + [3281dcc66da8] - * INSTALL, PORTING, README, TODO, TROUBLESHOOTING: Update to - reality. + * configure, configure.in: + Only check for ldap_sasl_interactive_bind_s if we can find sasl.h. + Fixes compilation with ldapux. + [ca1ed585ef0e] -1999-08-07 05:59 millert +2009-03-12 Todd C. Miller - * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h, - config.h.in, configure.in, logging.c, sudo.h, version.c, - visudo.c, configure, fileops.c: o Move lock_file() and touch() - into fileops.c so visudo can use them o Visudo now locks the - sudoers temp file instead of bailing when the temp file already - exists. This fixes the problem of stale temp files but it does - *require* that you not try to put the temp file in a - world-writable directory. This shoud not be an issue as the temp - file should live in the same dir as sudoers. o Visudo now only - installs the temp file as sudoers if it changed. + * fileops.c: + fix char subscript + [41e51f080d00] -1999-08-06 09:49 millert +2009-03-11 Todd C. Miller - * logging.c: add fcntl locking + * Makefile.in: + remove errant carriage returns + [e9e258a31c7b] -1999-08-06 09:33 millert + * audit.c, env.c: + fix K&R compilation + [d182e8920f13] - * configure, config.h.in, configure.in, logging.c: Lock the log - file. + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen + [791a5cbf04e5] -1999-08-06 05:36 millert +2009-03-10 Todd C. Miller - * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c, - visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: o - /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow - temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and - _PATH_SUDO_STMP -> _PATH_SUDOERS_TMP + * config.h.in: + Add missing HAVE_BSM_AUDIT + [49ad1bb96f04] -1999-08-05 17:38 millert + * WHATSNEW: + Add 1.7.1 features + [f107f1604c61] - * INSTALL, check.c, config.h.in, configure, configure.in, - version.c: o Kill *_MESSAGE and replace with NO_LECTURE o Add - more things to root sudo -V config reporting + * INSTALL: + Mention --with-netsvc + [d1e90d147795] -1999-08-05 10:56 millert + * sudoers.ldap.pod: + Document netsvc.conf support + [e78f8abce6af] - * configure, configure.in: aix_auth.o not authenticate.o + * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c, + sudo_nss.h: + Add support for AIX netsvc.conf (like nsswitch.conf). + [1df56a84dee5] -1999-08-05 10:48 millert +2009-03-08 Todd C. Miller - * config.h.in: Add --with-goodpri and --with-badpri configure - options to specify the syslog priority to use. + * config.h.in, configure, configure.in, env.c: + Add --enable-env-debug flag to enable environment sanity checks. + [128cdd8832e7] -1999-08-05 10:30 millert + * sudoers.ldap.pod, sudoers.pod: + Work around some pod2html issue. + [e733b9609bd2] - * INSTALL, configure.in, logging.h, configure: Add --with-goodpri - and --with-badpri configure options to specify the syslog - priority to use. +2009-03-07 Todd C. Miller -1999-08-05 10:25 millert + * env.c: + Only sync environ for putenv, setenv, and unsetenv. We need to make + sure that sudo_putenv and sudo_setenv only modify env.envp, not + environ. + [be3ac732243c] - * compat.h: kill crufty AIX stuff +2009-03-02 Todd C. Miller -1999-08-05 06:55 millert + * env.c: + Really fix UNSETENV_VOID + [08ab7e882507] - * Makefile.in: Sigh, some versions of make (like Solaris's) don't - deal with $< like I would expect. Both GNU and BSD makes get - this right but... So, we just expand $< inline at the cost of - some ugliness. + * env.c: + Fix unsetenv when UNSETENV_VOID + [d3038b3f2f15] -1999-08-05 06:52 millert + * aclocal.m4, configure: + Fix SUDO_FUNC_PUTENV_CONST + [de35569c572b] - * version.c: If the invoking user is root, sudo will now print - configure info in -V mode. Currently just prints logging info, - to be expanded later. + * ldap.c: + tivoli-based ldap does not have ldapssl_err2string + [c63fd90d5e99] -1999-08-05 06:51 millert + * configure: + regen + [f38f1ee828ad] - * logging.c, logging.h, sudo.c, sudo.h: o new defines for syslog - facility and priority o use new print_version() functino for -V - mode +2009-03-01 Todd C. Miller -1999-08-05 06:49 millert + * config.h.in, configure, configure.in, ldap.c: + Add support for Tivoli-based LDAP start TLS as seen in AIX. + Untested. + [8f8771829f85] - * check.c: Don't need version.c + * env.c: + Add sanity checks for setenv/unsetenv + [adbd1d95856b] -1999-08-05 06:21 millert + * Makefile.in: + Include bsm_audit.h in the tarball + [4a4aa02b2c32] - * configure, configure.in, aclocal.m4, config.h.in: Add check for - syslog facilities and priorities tables in syslog.h + * Makefile.in, version.h: + bump version for sudo 1.7.1 + [362c71d21595] -1999-08-05 05:23 millert + * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in, + env.c, ldap.c, sudo.h: + Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and + provide our own setenv/unsetenv/putenv that operates on own env + pointer. Make sync_env() inline in setenv/unsetenv/putenv functions. + [276edcd23032] - * Makefile.in: o authenticate -> aix_auth o add version.c +2009-02-25 Todd C. Miller -1999-08-05 05:21 millert + * sudo.c: + Make "sudoedit -h" work as expected + [2bcbbb45d389] - * auth/sudo_auth.c: Missed a prompt -> user_prompt conversion + * auth/pam.c: + Make sure def_prompt is always defined. This is a workaround for + pam configs that prompt for a password in the session but don't have + an auth line. A better fix is to expand the sudo prompt earlier and + set def_prompt to that when initializing. + [ee073c04aec3] -1999-08-04 13:32 millert + * sudo.pod: + Mention that the helper for -A may be graphical. + [b64a940c4082] - * TODO: sudo should lock its logfile + * TROUBLESHOOTING: + Document what happens if there is no tty. + [313d58a856a5] -1999-08-04 13:28 millert + * sudo.c: + cosmetic changes + [894f5e3b0c3e] - * parse.yacc: o Add '!' correctly when expanding Aliases. o Add - shortcut macros for append() to make things more readable. o The - separator in append() is now a string instead of a char. o In - append(), only prepend the separator if the last char is not a - '!'. This is a hack but it greatly simplifies '!' handling. o - In -l mode, Runas lists and NOPASSWD/PASSWD tags are now - inherited across entries in a list (matches current behavior). - o Fix formatting in -l mode such that items in a list are - separated by a space. Greatlt improves readability. o Space - for name field in struct aliasinfo is now allocated dyanically - instead of using a (big) buffer. o In add_alias(), only search - the list once (lsearch instead of lfind + lsearch) + * term.c: + Fix term_restore + [6c6315ff14bc] -1999-08-04 11:31 millert + * sudo.c: + Fix "sudo -k" with no other args + [59e94dc419c6] - * lex.yy.c, sudo.tab.h: regen +2009-02-24 Todd C. Miller -1999-08-04 10:54 millert + * check.c, sudo.c, sudo.pod, sudo_usage.h.in: + Allow the -k flag to be specified in conjunction with a command or + another option that may require authentication. + [5960ff20355d] - * configure, configure.in: Solais pam doesn't require anye xtra - setup +2009-02-23 Todd C. Miller -1999-08-04 05:35 millert + * configure, configure.in: + Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes' + [e86ab69c4a57] - * parse.yacc: o Simpler '!' support now that the lexer deals with - multiple !'s for us. o In the case of opFOO, have FOO give a - boolean return value and set foo_matches in opFOO, not FOO. o - Treat 'ALL' as a string since it gets fill()'d in - parse.lex--fixes a small memory leak. In the long run it may - be better to just fix parse.lex and make ALL back into a token. - However, having it be a string is useful since it can be - easily passed back to the parent rule if we so desire. + * Makefile.in: + Parallel make fix. From Diego E. 'Flameeyes' + [1289d7ee27db] -1999-08-04 03:54 millert +2009-02-21 Todd C. Miller - * parse.lex: o Remove some unnecessary backslashes o collapse - multiple !'s by using !+ and checking if yyleng is even or odd. - this allows us to simplify ! handling in parse.yacc + * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: + Implement umask_override + [8b87a3f7c5aa] -1999-08-04 03:53 millert + * toke.c: + regen + [79d7ca9ac873] - * sudo.c: -u flag was being ignored + * sudoers.pod, toke.l, visudo.c: + Implement %h escape in sudoers include filenames. + [a7f288dd64f0] -1999-08-01 13:04 millert + * audit.c: + Need to include compat.h + [c0dc07ce2f70] - * Makefile.in: correct fix + * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c: + Make audit_success and audit_failure generic functions in + preparation for integrating linux audit support. + [7df020a8fd6f] -1999-08-01 12:37 millert + * term.c: + remove duplicate include + [1dfcd01a7e46] - * Makefile.in: work around pod2man stupididy +2009-02-20 Todd C. Miller -1999-08-01 12:35 millert + * bsm_audit.c: + Add missing include + [fb56e08c37ee] - * Makefile.in: correct dependencies for .cat + * sudo.c: + May need to update the runas user after parsing command-based + defaults. + [246f130d7802] -1999-08-01 12:26 millert +2009-02-18 Todd C. Miller - * sudo.cat, sudo.man, visudo.cat, visudo.man: regen + * glob.c: + Add missing pair of braces introduced with character class support. + [0e2afa2e03e9] -1999-08-01 12:25 millert +2009-02-15 Todd C. Miller - * sudo.pod, visudo.pod: Add copyright Update to reality + * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c: + Rename pwstars to pwfeedback + [a9f85a57ebac] -1999-08-01 11:42 millert +2009-02-11 Todd C. Miller - * parse.c, sudo.c, sudo.h: rename validate() to the more - descriptive sudoers_lookup() + * bsm_audit.c, bsm_audit.h: + Add const to make MacOS happy. + [4274432d6627] -1999-08-01 06:49 millert + * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure, + configure.in, sudo.c: + Add bsm audit support from Christian S.J. Peron + [bef61cd8693d] - * auth/aix_auth.c: use tgetpass + * term.c: + This is new code, no DARPA notice. + [ec6ad09b9c23] -1999-07-31 12:32 millert +2009-02-10 Todd C. Miller - * CHANGES: updates + * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: + Rename simple_glob -> fast_glob + [68d9ed803cc1] -1999-07-31 12:31 millert + * match.c: + g/c unused var + [693fa0464eb6] - * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING, - configure, configure.in, sudo.c: Sudo, not CU Sudo + * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: + Add simple_glob option to use fnmatch() instead of glob(). This is + useful when you need to specify patterns that reference network file + systems. + [77ba634f6949] -1999-07-31 12:19 millert + * tgetpass.c: + add term_* proto + [520f5149d073] - * Makefile.in, alloc.c, check.c, compat.h, config.h.in, - find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h, - lex.yy.c, logging.c, logging.h, parse.c, parse.h, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, - auth/sudo_auth.c, auth/sudo_auth.h, emul/search.h, emul/utime.h, - LICENSE: add 4th term to license similar to term 5 in the apache - license + * sudoers.pod: + mention glob() + [ddaab8e03c52] -1999-07-31 12:02 millert +2009-02-09 Todd C. Miller - * LICENSE, aclocal.m4, check.c, configure.in, insults.h, logging.c, - sudo.c, sudo.h, auth/rfc1938.c: there was a 1995 release too + * tgetpass.c: + Delete any pwstars we wrote after the user hits return. That way + there is no record on screen as to the user's password length. + [fae25cda762b] -1999-07-28 05:24 millert +2009-02-08 Todd C. Miller - * CHANGES: updates + * term.c: + Move terminal setting bits from tgetpass.c to term.c + [03d43325ee99] -1999-07-28 05:21 millert + * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod, + tgetpass.c: + Add pwstars sudoers option that causes sudo to print a star every + time the user presses a key. + [7aab417e184d] - * check.c: Use dirs instead of files for timestamp. This allows - tty and non-tty schemes to coexist reasonably. Note, however, - that when you update a tty ticket, the mtime on the user dir gets - updated as well. +2009-02-03 Todd C. Miller -1999-07-28 05:17 millert + * Makefile.in: + Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in. + [64f70e879816] - * configure.in, configure: Fix getprpwnam() checking on SCO. Need - to link with "-lprot -lx" when linking test program, not just - -lprot. Also add check for getspnam(). The SCO docs indicate - that /etc/shadow can be used but this may be a lie. +2009-01-27 Todd C. Miller -1999-07-24 03:35 millert + * ldap.c: + For ldap_search_ext_s() the sizelimit param should be 0, not -1, to + indicate no limit. From Mark Janssen. + [e2c5732d54f5] - * auth/API: first cut at auth API description +2009-01-17 Todd C. Miller -1999-07-22 15:48 millert + * toke.c, toke.l: + Comments that begin with #- should not be parsed as uids. + [a72a50f12f41] - * auth/: fwtk.c, kerb4.c, kerb5.c, pam.c, rfc1938.c, secureware.c, - securid.c, sudo_auth.c, sudo_auth.h: auth API change. There is - now an init method that gets run before the main loop. This - allows auth routines to differentiate between initialization that - happens once vs. setup that needs to run each time through the - loop. +2009-01-09 Todd C. Miller -1999-07-22 12:23 millert + * sudo.c: + Do not try to set the close on exec flag if we didn't actually open + sudoers. + [ece3ca256904] - * logging.c, auth/kerb5.c: use easprintf() and evasprintf() +2008-12-19 Todd C. Miller -1999-07-22 12:22 millert + * ChangeLog: + regen + [e11f0e4c1bdd] [SUDO_1_7_0] - * alloc.c, sudo.h: add easprintf() and evasprintf(), error checking - versions of asprintf() and vasprintf() +2008-12-14 Todd C. Miller -1999-07-22 09:14 millert + * TODO: + sync + [5b8954462bb3] - * TODO: remove 2 items. One done, one won't do. +2008-12-09 Todd C. Miller -1999-07-22 09:10 millert + * auth/pam.c: + Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the + password prompt. + [8563601cb3de] - * sudo.man, visudo.man, sudo.cat, sudo.html, sudoers.html, - visudo.cat, visudo.html, configure, lex.yy.c: regen + * configure, configure.in: + Don't try to build sudo_noexec.so on HP-UX with the bundled compiler + as it cannot generate shared objects. + [6d4262ef9669] -1999-07-22 09:06 millert + * emul/charclass.h, glob.c, lbuf.c, tgetpass.c: + K&R compilation fixes + [77921678d17c] - * CHANGES: new changes + * parse.c: + Use tq_foreach_fwd when checking pseudo-commands to make it clear + that we are not short-circuiting on last match. When pwcheck is + 'all', initialize nopass to TRUE and override it with the first non- + TRUE entry. + [96b209f4778f] -1999-07-22 09:01 millert +2008-12-08 Todd C. Miller - * sudo.pod: o Document -K flag and update meaning of -k flag. o - BSD-style copyright o Document clearing of BIND resolver - environment variables o Clarify bit about shared libs o suggest - rc files create /tmp/.odus if your OS gives away files + * parse.c: + Do not short circuit pseudo commands when we get a match since, + depending on the settings, we may need to examine all commands for + tags. + [fdbaf89d6f35] -1999-07-22 08:59 millert +2008-12-03 Todd C. Miller - * visudo.pod: BSD license + * sudoers.cat, sudoers.man.in: + regen + [1ecce7c1b841] -1999-07-22 08:58 millert + * sudoers.pod: + hostnames may also contain wildcards + [82b76695601c] - * tgetpass.c: o BSD copyright o no need to block signals, we now do - that in main() o cosmetic changes + * Makefile.in: + remove stamp-* files and linux core files in clean target + [22003f091467] -1999-07-22 08:57 millert +2008-12-02 Todd C. Miller - * testsudoers.c, visudo.c: o BSD-style copyright o Use "struct - sudo_user" instead of old globals. o some cometic cleanup + * auth/sudo_auth.h, config.h.in, configure, configure.in: + Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX + [6905bede8410] -1999-07-22 08:56 millert +2008-11-26 Todd C. Miller - * sudo_setenv.c, version.h: BSD-style copyright + * configure, configure.in: + correctly enable SIA on Digital UNIX + [a51881d13995] -1999-07-22 08:56 millert + * TODO: + checkpoint + [af0fe8d94d42] - * sudo.h: o BSD copyright o logging and parser bits moved to their - own .h files o new "struct sudo_user" to encapsulate many of the - old globals. + * ChangeLog: + sync + [831f623cf99c] -1999-07-22 08:55 millert +2008-11-25 Todd C. Miller - * sudo.c: o no longer contains sudo 1.1/1.2 code o BSD copyright o - use new logging routines o simplified flow of control o BIND - resolver additions to badenv_table + * check.c, sudo.h, tgetpass.c: + Even if neither stdin nor stdout are ttys we may still have /dev/tty + available to us. + [20f306ba883b] -1999-07-22 08:53 millert +2008-11-24 Todd C. Miller - * strerror.c: BSD-style copyright + * sudoers.cat, sudoers.man.in: + regen + [76d97c4c318f] -1999-07-22 08:53 millert + * sudoers.pod: + fix typos; Markus Lude + [bff8bc1e2066] - * snprintf.c: Now compiles on more K&R compilers + * ChangeLog: + sync + [f108552531cd] -1999-07-22 08:52 millert + * toke.c: + regen + [de828413c67e] - * putenv.c: BSD-style copyright, cosmetic changes + * toke.l: + Fix matching of a line that only consists of a comment char + [09c953d8d5ca] -1999-07-22 08:51 millert +2008-11-22 Todd C. Miller - * parse.c, parse.yacc, parse.h, parse.lex: BSD-style copyright. - Move parser-specific defines and structs into parse.h + other - cosmetic changes + * auth/pam.c: + MacOS pam will retry conversation function if it fails so just treat + ^C as an empty password. + [d056058930bc] -1999-07-22 08:51 millert + * visudo.c: + When checking for alias use, also check defaults bindings. + [2647f82c7dbd] - * logging.h: defines for logging routines + * redblack.c: + unused var + [b7ff71c17c18] -1999-07-22 08:49 millert + * redblack.c: + Replace my rbdelete with Emin's version (which actually works ;-) + [21b133dd0c72] - * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.h, pathnames.h.in: BSD-style copyright +2008-11-19 Todd C. Miller -1999-07-22 08:48 millert + * testsudoers.c: + malloc debugging + [0fb446fa3279] - * find_path.c, getspwuid.c, goodpath.c, interfaces.c: BSD-style - copyright, cosmetic changes + * visudo.c: + malloc options in devel mode for visudo too + [98d06c6afeef] -1999-07-22 08:46 millert +2008-11-18 Todd C. Miller - * configure.in: o tgetpass.c is no longer optional o kill DCE_OBJS, - add AUTH_OBJS o kill --disable-tgetpass o add --without-passwd o - changes to fill in AUTH_OBJS for new auth api o check for - strerror(), v?snprintf() and v?asprintf() o replace - --with-AuthSRV with --with-fwtk + * sudo.c: + fix compilation on non-C99; from Theo + [7c304e16c536] -1999-07-22 08:43 millert + * visudo.c: + fix check_aliases + [83f30a3b1765] - * config.h.in: BSD-style copyright. Remove USE_GETPASS and - HAVE_UTIME_NULL. Add HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, - HAVE_VSNPRINTF, HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and - NO_PASSWD + * alias.c: + when destroying an alias, free the correct data pointer + [6e1a8bd86c01] -1999-07-22 08:42 millert + * auth/sudo_auth.h: + add proto for aixauth_cleanup; from Dale King + [eba94ffc8f63] - * compat.h: BSD-style copyright; Add S_IFLNK and MIN/MAX id they - are missing. +2008-11-15 Todd C. Miller -1999-07-22 08:39 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [409fa57fff83] - * alloc.c: BSD-style copyright + * sudo.pod, sudoers.pod, visudo.pod: + standardize on the term 'option' for command line options (not flag) + [228caefc2e36] -1999-07-22 08:38 millert +2008-11-14 Todd C. Miller - * TROUBLESHOOTING: no more --with-getpass + * INSTALL: + Add note on configuring HP-UX pam + [f7674a581baf] -1999-07-22 08:34 millert +2008-11-11 Todd C. Miller - * TODO: Take out things I've done... + * check.c, sudo.c: + Move tty checks into check_user() so we only do them if we actually + need a password. + [7d997d7106d6] -1999-07-22 08:34 millert + * sudo.c: + Don't error out if no tty or askpass unless we actually need to + authenticate. + [9f23b83ed66c] - * README: Refer to LICENSE +2008-11-10 Todd C. Miller -1999-07-22 08:34 millert + * ChangeLog: + regen + [23f9aef32da6] - * PORTING: --with-getpass no longer exists + * pathnames.h.in, sudo.c: + s/overriden/overridden/; from Tobias Stoeckmann + [9f7459a8fac5] -1999-07-22 08:33 millert +2008-11-09 Todd C. Miller - * Makefile.in: BSD-style copyright. Update to reflect reality wrt - new files and new auth modules. + * WHATSNEW, visudo.c: + check sudoers owner and mode in strict mode + [a3468c5ac1c4] -1999-07-22 08:32 millert + * gram.c, toke.c: + regen + [7d6b515a5443] - * INSTALL: Remove --with-AuthSRV and --disable-tgetpass. Add - --with-fwtk and --without-passwd. + * sudo.man.in, sudoers.man.in, visudo.man.in: + Update copyright years. + [52d340cb8cba] -1999-07-22 08:31 millert + * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, + auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, + auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h, + closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c, + gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c, + interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h, + parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, + sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod, + testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c, + visudo.pod, zero_bytes.c: + Update copyright years. + [b4e6bf2beafa] - * HISTORY: Update history a bit + * emul/charclass.h, fnmatch.c, glob.c: + add my copyright + [28681385014a] -1999-07-22 08:29 millert +2008-11-08 Todd C. Miller - * COPYING, LICENSE: Now distributed under a BSD-style license + * toke.c, toke.l: + The loop in fill_cmnd() was going one byte too far past the end, + resulting in a NUL being written immediately after the buffer end. + [a5a49d603cd7] -1999-07-22 08:28 millert + * UPGRADE, WHATSNEW: + add sections on tgetpass changes + [2e6929b6a102] - * auth/sudo_auth.c: o BSD-style copyright o Add support for - NO_PASSWD/WITHOUT_PASSWD options. o skey/opie replaced by - rfc1938 code o new struct sudo_user global + * tgetpass.c: + Treat EOF w/o newline as an error. + [aa02b1db9240] -1999-07-22 08:25 millert +2008-11-07 Todd C. Miller - * auth/: pam.c, sia.c: BSD-style copyright and use new log - functions + * parse.c: + Fix "sudo -v" when NOPASSWD is set. + [f4914711ea80] -1999-07-22 08:24 millert + * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c, + auth/sudo_auth.h: + No longer treat an empty password at the prompt as special. To quit + out of sudo you now need to hit ^C at the password prompt. + [980f760ad419] - * auth/kerb5.c: o BSD-style copyright o Use new log functiongs o - Use asprintf() and snprintf() where sensible. + * sudoers.cat, sudoers.man.in: + regen + [6ca21a2cd869] -1999-07-22 08:19 millert + * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: + Sudo will now refuse to run if no tty is present unless the new + visiblepw sudoers flag is set. + [0cc56943252e] - * check.c: Rewrote all the old sudo 1.1/1.2 code. Timestamp - handling is now done more reasonably--better sanity checks and - tty-based stamps are now done as files in a directory with the - same name as the invoking user, eg. /var/run/sudo/millert/ttyp1. - It is not currently possible to mix tty and non-tty based ticket - schemes but this may change in the future (it requires sudo to - use a directory instead of a file in the non-tty case). Also, - ``sudo -k'' now sets the ticket back to the epoch and ``sudo -K'' - really deletes the file. That way you don't get the lecture - again just because you killed your ticket in .logout. BSD-style - copyright now. +2008-11-06 Todd C. Miller -1999-07-22 08:13 millert + * aix.c: + just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not + defined + [24fc6f712d5c] - * logging.c: o rewritten logging routines. log_error() now takes - printf-style varargs and log_auth() for the return value of - validate(). o BSD-style copyright + * aix.c: + fix fallback value for RLIM_SAVED_MAX + [e09e04e1af89] -1999-07-22 07:04 millert + * auth/aix_auth.c, auth/sudo_auth.h: + Move clearing of AUTHSTATE into aixauth_cleanup. + [e14ae7bd259c] - * auth.c, check_sia.c, dce_pwent.c, secureware.c: superceded by new - auth API + * auth/aix_auth.c, env.c: + Unset AUTHSTATE after calling authenticate() as it may not be + correct for the user we are running the command as. + [d14f68f1b0ab] -1999-07-22 07:02 millert + * isblank.c: + Add isblank() function for systems without it. Needed for POSIX + character class matching in fnmatch.c and glob.c. + [16cba30b283f] - * auth/fwtk.c: Use snprintf() where it makes sense and add a - BSD-style copyright +2008-11-05 Todd C. Miller -1999-07-22 07:00 millert + * TROUBLESHOOTING: + expound on sudo and cd + [8e0fa9033637] - * auth/: afs.c, aix_auth.c, dce.c, passwd.c, rfc1938.c, - secureware.c, securid.c, sudo_auth.h, kerb4.c: BSD-style - copyright +2008-11-04 Todd C. Miller -1999-07-22 06:57 millert + * ChangeLog: + regen + [40cf320a10fc] - * emul/utime.h, utime.c: BSD-style copyright + * sudoers.cat, sudoers.man.in: + regen + [7cac761ae2c6] -1999-07-22 06:57 millert + * sudoers.pod: + mention defauts parse order + [4e2ce86d1394] - * emul/search.h: this has been rewritten so use my BSD-style - copyright +2008-11-03 Todd C. Miller -1999-07-15 11:21 millert + * Makefile.in, aclocal.m4, compat.h, configure: + Add isblank() function for systems without it. Needed for POSIX + character class matching in fnmatch.c and glob.c. + [a1ab55da8424] - * snprintf.c: include malloc.h if no stdlib.h + * Makefile.in: + add emul/charclass.h to HDRS + [7e8a019dcaa4] -1999-07-15 10:21 millert +2008-11-02 Todd C. Miller - * snprintf.c: KTH snprintf()/asprintf() for systems w/o them + * TODO: + checkpoint + [afeb9bc1baed] -1999-07-15 10:20 millert + * defaults.c, parse.c, testsudoers.c, visudo.c: + Move update_defaults into defaults.c and call it properly from + visudo and testsudoers. + [f4dbb369461f] - * strerror.c: strerror() for systems w/o it + * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c, + tsgetgrpw.c: + use zero_bytes() instead of memset() for consistency + [4cee0465f4a8] -1999-07-12 06:53 millert + * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c, + visudo.c: + Zero out sigaction_t before use in case it has non-standard entries. + [120092225459] - * visudo.c: stylistic changes + * match.c: + quiet gcc + [098a1df49b23] -1999-07-12 06:25 millert + * match.c: + Short circuit glob() checks if basename(pattern) != + basename(command). Refactor code that checks for a command in a + directory and use it in the glob case if the resolved pattern ends + in a '/'. + [3c46fd317acb] - * parse.c, parse.lex, parse.yacc: Add contribution info in the main - comment +2008-11-01 Todd C. Miller -1999-07-11 16:10 millert + * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c: + Defer setting runas defaults until after runaspw/gr is setup. + [12e75ee49c0c] - * auth/pam.c: remove missed ref to PAM_nullpw +2008-10-29 Todd C. Miller -1999-07-11 16:10 millert + * match.c, sudo.c, testsudoers.c: + Use MAXHOSTNAMELEN+1 when allocating host/domain name since some + systems do not include space for the NUL in the size. Also manually + NUL-terminate buffer from gethostname() since POSIX is wishy-washy + on this. + [7266ab3296a3] - * auth/sudo_auth.h: pasto +2008-10-26 Todd C. Miller -1999-07-11 15:19 millert + * sudo.c, sudoers.pod: + When setting the umask, use the union of the user's umask and the + default value set in sudoers so that we never lower the user's umask + when running a command. + [4e804b004e38] - * auth/kerb5.c: more or less complete now--still untested + * sudo.c: + Don't try to read from a zero-length sudoers file. Remove the bogus + Solaris work-around for EAGAIN. Since we now use fgetc() it should + not be a problem. + [bb8e5f68d944] -1999-07-11 15:09 millert +2008-10-25 Todd C. Miller - * auth/: afs.c, pam.c: don't use user_name macro, it will go away + * parse.c: + In update_defaults() check the return value of user*_matches against + ALLOW so we don't inadvertantly match on UNSPEC. + [4e422fa1527e] -1999-07-11 14:42 millert +2008-10-24 Todd C. Miller - * auth/: opie.c, rfc1938.c, sudo_auth.h, skey.c: combine skey/opie - code into rfc1938.c + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen man pages; no more hyphenation + [15de4fe2fe01] -1999-07-11 07:22 millert + * sudo.c: + Don't error out on a zero-length sudoers file. With the advent of + #include the user could create a situation where sudo is unusable. + [6eb461319fa5] - * auth/: dce.c, sudo_auth.h: DCE authentication method; basically - unchanged from dce_pwent.c +2008-10-23 Todd C. Miller -1999-07-11 06:44 millert + * auth/kerb5.c, config.h.in, configure, configure.in: + Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT + krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at + all. Add configure tests to handle all the cases. + [4b554a98470d] - * auth/: aix_auth.c, sudo_auth.h: AIX authenticate() support. - Could probably be much better +2008-10-08 Todd C. Miller -1999-07-11 06:43 millert + * sudo.pod: + resort ENVIRONMENT + [f4f20f40653e] - * auth/sia.c: Fix an uninitialized variable and some cleanup. Now - works (tested) + * sudoers.pod: + document sudoers_locale + [0bffd2dbe806] -1999-07-11 05:37 millert + * sudo.pod, sudo_edit.c: + add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL + or EDITOR + [0ef8cb248cee] - * auth/: sia.c, sudo_auth.h: SIA support for digital unix + * toke.c, toke.l: + In fill_cmnd(), collapse any escaped sudo-specific characters. + Allows character classes to be used in pathnames. + [5685244c8e44] -1999-07-11 05:33 millert +2008-10-03 Todd C. Miller - * auth/pam.c: don't use prompt global, it will go away + * lbuf.c: + fix typo in non-C89 function declaration + [99a7113b3a05] -1999-07-11 05:32 millert + * sudoers.pod: + Mention POSIX characters classes now that out fnmatch() and glob() + support them. + [9c916f1230c3] - * auth/secureware.c: correct copyright years + * sample.sudoers, sudoers.pod: + Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is + locale agnostic. + [a60a62bec244] -1999-07-10 20:32 millert + * parse.h: + use __signed char if we are going to assign a negative value since + on Power, char is unsigned by default + [2877b319df17] - * auth/: afs.c, fwtk.c, kerb4.c, sudo_auth.h, kerb5.c, opie.c, - pam.c, passwd.c, secureware.c, securid.c, skey.c, sudo_auth.c: - New authentication API and methods + * config.h.in, configure, configure.in: + Add tests for __signed char and signed char. + [5eb874fdf1d4] -1999-07-08 06:46 millert + * aix.c: + Fix AIX limit setting. getuserattr() returns values in disk blocks + rather than bytes. The default hard stack size in newer AIX is + RLIM_SAVED_MAX. From Dale King. + [3db67415ecc3] - * parse.yacc: only save an entry if user_matches && host_matches, - even if the stack is empty (fix for previous commit) +2008-09-26 Todd C. Miller -1999-07-08 06:35 millert + * emul/charclass.h, fnmatch.c, glob.c: + Add character class support to included glob(3) and fnmatch(3). + [6b5b4ad77899] - * parse.yacc: 1) Always save an entry on the stack if it is empty. - This fixes the -l and -v flags that were broken by earlier parser - changes. +2008-09-16 Todd C. Miller - 2) In a Runas list, don't negate FALSE -> TRUE since that would - make !foo match any time the user specified a runas user (via -u) - other than foo. + * emul/fnmatch.h: + Remove UCB advertising clause and some compatibility defines. + [2ade7bee74e1] -1999-07-08 05:45 millert +2008-09-14 Todd C. Miller - * testsudoers.c: interfaces and num_interfaces are now auto, not - extern + * sudo_edit.c: + Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself + or sudo. This allows one to set EDITOR to sudoedit without getting + into an infinite loop of sudoedit running itself until the path gets + too big. + [aa49ab68f82d] -1999-07-07 14:09 millert + * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c: + Add sudoers_locale Defaults option to override the default sudoers + locale of "C". + [0639886a35bf] - * auth.c: use a static global to keep stae about empty passwords +2008-09-13 Todd C. Miller -1999-07-07 14:08 millert + * sudo.c: + Set locale to system default except for during sudoers parse. + [016dd2736728] - * check_sia.c: make PASSWORD_NOT_CORRECT logging consistent with - other modules +2008-09-12 Todd C. Miller -1999-07-05 16:53 millert + * match.c: + Redo change in 1.34 to use pointer arithmetic. + [f9e7b63bb450] - * auth.c: PAM prompt code was wrong, looks like we have to kludge - it after all. +2008-09-11 Todd C. Miller -1999-07-05 16:35 millert + * match.c: + Fix a dereference (read) of a freed pointer. Reported by Patrick + Williams. + [69877b633753] - * auth.c: In the PAM code, when a user hits return at the first - password prompt, exit without a warning just like the normal auth - code +2008-08-23 Todd C. Miller -1999-07-05 16:15 millert + * sudo.c: + Set locale to "C" to avoid interpretation issues with character + ranges in sudoers. May want to make the locale a sudoers option in + the future. + [098a95de1746] - * configure, configure.in: kludge around cross-compiler false - positives +2008-08-20 Todd C. Miller -1999-07-05 16:14 millert + * config.h.in: + we no longer use setproctitle + [c7f20fb747ea] - * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c: New - (correct) PAM code Tgetpass now takes an echo flag for use with - PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a - useless umask setting Change error from BAD_ALLOCATION -> - BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to - auth.c for consistency + * sudo.h: + remove #if 1 + [a368ee6816c6] -1999-07-05 16:11 millert + * LICENSE, mkstemp.c: + Use my replacement mkstemp() from the mktemp package. + [d07c2beb0f9e] - * sudo.c: Some -Wall and kill some trailing spaces +2008-07-12 Todd C. Miller -1999-07-05 16:10 millert + * gram.c: + regen with yacc skeleton bug fixed + [24784571cbb8] - * configure.in: define -D__EXTENSIONS__ for solaris so we get - crypt() proto + * sudoers.pod: + Remove duplicate "as root". From Martin Toft. + [97241acfee5e] -1999-06-22 09:42 millert +2008-07-02 Todd C. Miller - * RUNSON: add Dynix 4.4.4 + * pwutil.c, sudo.c, sudo.h, testsudoers.c: + Flesh out the fake passwd entry used for running commands as a uid + not listed in the passwd database. Fixes an issue with some PAM + modules. + [a6648227f3f2] -1999-06-22 09:30 millert +2008-07-01 Todd C. Miller - * INSTALL, config.h.in, configure.in, configure: for kerberos V < - version, fall back on old kerb4 auth code + * sudo.c: + Error out in -i mode if the user has no shell. This can happen when + running commands as a uid with no password entry. + [0c174bef36ff] -1999-06-22 06:41 millert +2008-06-26 Todd C. Miller - * INSTALL: clarify some things + * toke.c, toke.l: + Better fix for line continuation inside double quotes. Now accepts + whitespace between the backslash and the newline like the main + lexer. + [64efcdf86d31] -1999-06-22 06:38 millert +2008-06-25 Todd C. Miller - * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod: typos + * toke.c, toke.l: + Fix line continuation in strings. It was only being honored if + preceded by whitespace. + [96c21271a3e4] -1999-06-14 19:47 millert +2008-06-22 Todd C. Miller - * sudo.c: mention why DONT_LEAK_PATH_INFO is not the default + * config.h.in, configure, configure.in, logging.c: + Replace the double fork with a fork + daemonize. + [328505441e67] -1999-06-03 12:34 millert +2008-06-21 Todd C. Miller - * tgetpass.c: Fix open(2) return value checking, was NULL for - fopen, should be -1 for open + * env.c, sudo.c: + The -i flag should imply env_reset. This got broken in sudo 1.6.9. + [3caedfeaec87] -1999-06-03 12:06 millert + * logging.c, sudo.c, sudo_edit.c, visudo.c: + Change how the mailer is waited for. Instead of having a SIGCHLD + handler, use the double fork trick to orphan the child that opens + the pipe to sendmail. Fixes a problem running su on some Linux + distros. + [b59ce60a393d] - * configure: regen +2008-06-20 Todd C. Miller -1999-06-03 12:06 millert + * configure, configure.in: + Fix configure test for dirfd() on Linux where DIR is opaque. + [b8f729cdfecc] - * configure.in: better wording for solaris pam notice +2008-06-17 Todd C. Miller -1999-06-03 11:52 millert + * tgetpass.c: + Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has + this problem we'll need to revisit this again. + [c17fee8ad530] - * CHANGES: document recent changes +2008-06-11 Todd C. Miller -1999-06-03 11:52 millert + * logging.c: + Ignore SIGPIPE instead of blocking it when piping to the mailer. If + we only block the signal it may be delivered later when we unblock. + Also, there is no need to block SIGCHLD since we no longer do the + double fork. The normal SIGCHLD handler is sufficient. + [e94a49e992e5] - * TROUBLESHOOTING: Update shadow password section +2008-06-08 Todd C. Miller -1999-06-03 11:51 millert + * configure, configure.in: + Add description for NO_PAM_SESSION, from a redhat patch. + [b9e4c939ec09] - * auth.c: move authentication code from check.c to auth.c +2008-06-06 Todd C. Miller -1999-06-03 11:51 millert + * sudo.cat, sudo.man.in, sudo.pod: + Fix typos in -i usage + [2d7ce5de0235] - * Makefile.in, check.c, sudo.h: move authentication code to auth.c +2008-05-18 Todd C. Miller -1999-05-16 21:36 millert + * configure, configure.in: + Redo the test for dgettext() in a way that hopefully will work + around the libintl_dgettext() undefined problem. + [d27beb0cf85e] - * Makefile.in, check.c, check_sia.c, compat.h, find_path.c, - getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c, - logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c, - sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, visudo.c: Move - interface-related defines to interfaces.h so we don't have to - include everywhere. +2008-05-11 Todd C. Miller -1999-05-14 12:30 millert + * schema.ActiveDirectory: + change filename in comment + [733da4ee9ac5] - * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, - logging.c, parse.yacc, sudo.c, tgetpass.c: o Replace _PASSWD_LEN - braindeath with our own SUDO_MAX_PASS. - It turns out the old DES crypt does the right thing with - passwords - longert than 8 characters. - o Fix common typo (necesary -> necessary) - o Update TODO list +2008-05-10 Todd C. Miller -1999-05-03 12:00 millert + * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in, + sudoers.ldap.pod: + Reference schema.ActiveDirectory + [d6aec537800e] - * sudo.c: set $LOGNAME when we set $USER +2008-05-09 Todd C. Miller -1999-04-27 00:00 millert + * schema.OpenLDAP, schema.iPlanet: + Mark sudoRunAs as deprecated. + [00c50df807af] - * INSTALL: add comment about digital unix and interfaces.c warning - with gcc + * schema.ActiveDirectory: + add sudoRunAsUser and sudoRunAsGroup + [19bcce6f72fb] -1999-04-15 01:12 millert + * schema.ActiveDirectory: + Active Directory schema by Chantal Paradis and Eric Paquet + [06a09c92c6a5] - * sample.sudoers: use modern paths and give examples for some of - the new parser features +2008-05-08 Todd C. Miller -1999-04-10 13:03 millert + * parse.c: + remove an XXX that was fixed + [b88038062fa2] - * parse.c: fix comment + * ChangeLog: + sync + [8fc27c17270e] -1999-04-10 00:49 millert + * parse.c: + Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This + fixes a problem where the tag value printed was influenced by + defaults set in the first pass through the parser. + [588ccd630367] - * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c, - getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, - parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - Function names should be flush with the start of the line so they - can be found trivially in an editor and with grep +2008-05-04 Todd C. Miller -1999-04-10 00:40 millert + * Makefile.in, sudo.psf: + No point in packaging the TODO file + [9590248fffe1] - * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, - parse.yacc, sudo.c, testsudoers.c, tgetpass.c, visudo.c: free(3) - is already void, no need to cast it + * ChangeLog: + sync + [152acf4c6813] -1999-04-10 00:37 millert +2008-05-03 Todd C. Miller - * logging.c, sudo.c, sudo.h: catch case where cmnd_safe is not set - (this should not be possible) + * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c, + sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod: + Add env_file Defaults option that is similar to /etc/environment on + some systems. + [1daf53d51e18] -1999-04-10 00:10 millert +2008-05-02 Todd C. Miller - * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, - testsudoers.c, visudo.c: Stash the "safe" path (ie: the one - listed in sudoers) to the command instead of stashing the struct - stat. Should be safer. + * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in, + sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, + version.h, visudo.cat, visudo.man.in: + change version to 1.7.0 + [d41d126b9bd8] -1999-04-08 19:56 millert + * UPGRADE: + initial valgrind pass done + [c59c3876d8ca] - * INSTALL, Makefile.in, UPGRADE: notes on updating from an earlier - release +2008-04-23 Todd C. Miller -1999-04-07 20:20 millert + * ldap.c: + Fix typo/think in sudo_ldap_read_secret() when storing the secret. + [830d246c09b0] - * CHANGES: updated +2008-04-11 Todd C. Miller -1999-04-07 19:18 millert + * ldap.c: + define LDAPS_PORT if the system headers do not + [247b12325701] - * parse.yacc, sudo.tab.h, sudoers.cat, sudoers.html, sudoers.man, - sudoers.pod: You can now specifiy a host list instead of just a - host or alias. Ie: user = host1,host2,ALIAS,!host3 my_command - now works. +2008-04-10 Todd C. Miller -1999-04-07 02:59 millert + * gram.c, gram.y: + Fix another memory leak in init_parser(). + [7bba47deba11] - * testsudoers.c: Quiet -Wall + * configure, configure.in: + There was a missing space before the ldap libs in SUDO_LIBS for some + configurations. + [7524cfc93759] -1999-04-07 02:50 millert + * alias.c, gram.c, gram.y, toke.c, toke.l: + Clean up some memory leaks pointed out by valgrind. + [a965866ece1a] - * parse.yacc: Move the push from the beginning of cmndspec to the - end. This means we no longer have to do a push at the end of - privilege, just reset some values. +2008-04-07 Todd C. Miller -1999-04-06 20:24 millert + * sudo.c: + fix "sudo -s" broken by mode/flags breakout + [acffe984d408] - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: runas-lists - and NOPASSWD/PASSWD modifiers are now sticky and you can use "!" - most everywhere + * configure, configure.in: + remove duplicate check for dgettext + [58145529133c] -1999-04-06 14:12 millert +2008-04-05 Todd C. Miller - * sudoers.pod: modernize paths and update su example based on - sample.sudoers one + * aix.c: + Fall back to default stanza if no user-specific limit is found. + [7b8cb29123ee] -1999-04-06 14:06 millert +2008-04-02 Todd C. Miller - * sample.sudoers: New runas semantics + * snprintf.c: + include stdint.h if present + [f0ec38529306] -1999-04-06 13:54 millert + * snprintf.c: + Use LLONG_MAX, not the old QUAD_MAX + [01041ce508fb] - * CHANGES, Makefile.in, alloc.c, config.h.in, configure, - configure.in, strdup.c, sudo.h: In estrdup(), do the malloc - ourselves so we don't need to rely on the system strdup(3) which - may or may not exist. There is now no need to provide strdup() - for those w/o it. Also, the prototype for estrdup() was wrong, - it returns char * and its param is const. +2008-04-01 Todd C. Miller -1999-04-06 13:40 millert + * sudoers.ldap.pod: + fix cut and pasto + [34240fdef5ab] - * getcwd.c: $Sudo tag +2008-03-31 Todd C. Miller -1999-04-06 13:20 millert + * pwutil.c: + Add #ifdef PURITY + [ce1b571ad526] - * check.c: buf should be prompt; Michael Robokoff - +2008-03-30 Todd C. Miller -1999-04-06 01:40 millert + * auth/bsdauth.c: + remove useless cast + [494f8a862e1d] - * CHANGES, TODO, parse.yacc: It is now possible to use the '!' - operator in a runas list as well as in a Cmnd_Alias, Host_Alias - and User_Alias. +2008-03-27 Todd C. Miller -1999-04-06 01:38 millert + * ChangeLog: + sync + [f5c97ffaabcc] - * logging.c, sudo.h: Kill GLOBAL_NO_SPW_ENT (not used) and crank - GLOBAL_PROBLEM + * TODO: + sync + [96ff1c44c182] -1999-04-06 01:08 millert + * sudo.h: + Split MODE_* defines into primary and flags. + [c02ee3027cb9] - * sudo.h: Definitions of *_matched were wrong--user top, not top-2 - as subscript. +2008-03-26 Todd C. Miller -1999-04-06 01:00 millert + * aix.c: + It turns out the logic for getting AIX limits is more convoluted + than I realized and differs depending on whether the soft and/or + hard limits are defined. + [cf8d3f85d395] - * logging.c, parse.c, parse.yacc, sudo.c, sudo.h: Add - VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a - command but the NOPASSWD flag was set. Make runasspec, - runaslist, runasuser, and nopasswd typeless in parse.yacc Add - support for '!' in the runas list Fix double printing of '%' and - '+' for groups and netgroups respectively Add *_matched macros - (no need for local stack variable). Should only be used directly - after a pop (since top must be >= 2). +2008-03-23 Todd C. Miller -1999-04-05 23:25 millert + * Makefile.in, configure, configure.in: + Back out AIX-specific change to set the sudo_noexec path to the .a + file, we do really want to use the .so file. Since libtool doesn't + do that correctly, just install the .so file ourselves in the + Makefile. + [05c6f33177d9] - * aclocal.m4, configure.in: Add copyright, somewhat silly + * install-sh: + If the file given to install is a path, only use the basename of the + file when building the destination path. + [695ba4e429ce] -1999-04-05 16:57 millert +2008-03-18 Todd C. Miller - * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, - check_sia.c, compat.h, config.h.in, configure, configure.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, - sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat, - sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, visudo.cat, visudo.man, emul/utime.h: Crank version to - 1.6 and combine copyright statements + * sudo.c: + parse_args() cleanup: Sort command line options in the getopt() + switch The -U option requires a parameter Normalize a few ISSET + calls Split mode into mode and flags and retire the now-obsolete + excl variable + [0d156835f861] -1999-04-05 16:30 millert + * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, + sudo_usage.h.in: + Add -n (non-interactive) flag. + [e3e50400d32d] - * sample.sudoers: Use ! not ^ to do negation + * sudo.c: + Move version printing, etc. into a separate function. + [18c91b476e2c] -1999-04-05 16:29 millert + * sudo.c: + Don't try to cleanup nsswitch if it has not been initialized. + [aeb1ca1b399d] - * lex.yy.c: regen +2008-03-17 Todd C. Miller -1999-04-05 16:28 millert + * logging.c: + Block SIGPIPE in send_mail() so sudo is not killed by a problem + executing the mailer. + [f130e7924cca] - * parse.yacc, parse.lex: Make runas and NOPASSWD tags persistent - across entris in a command list. Add a PASSWD tag to reverse - NOPASSWD. When you override a runas or *PASSWD tag the value - given becomes the new default for the rest of the command list. +2008-03-14 Todd C. Miller -1999-04-02 16:03 millert + * configure, configure.in: + AIX shared libs end in .a, not .so. + [a5deb07020d8] - * CHANGES, RUNSON: update for 1.5.9 +2008-03-13 Todd C. Miller -1999-04-02 16:02 millert + * env.c: + Preserve HOME by default too. Matches documentation and previous + behavior. + [c16f17f1047c] - * visudo.c: Shift return value of system(3) by 8 to get real exit - value and if it is not 1 or 0 print the retval along with the - error message. +2008-03-12 Todd C. Miller -1999-03-30 16:45 millert + * sudo.c: + Use getopt() to parse the command line. We need to be able to + intersperse env variables and options yet still honor "--"" which + complicates things slightly. + [60f271ce5c16] - * Makefile.in: testsudoers needs LIBOBJS too +2008-03-06 Todd C. Miller -1999-03-30 12:17 millert + * ChangeLog: + sync + [685e67964eda] - * parse.c, parse.yacc: Fix another parser bug. For a sudoers entry - like this: millert ALL=/bin/ls,(daemon) !/bin/ls sudo - would not allow millert to run ls as root. + * acsite.m4, configure, ltmain.sh: + update to libtool-1.5.26 + [4c9a8c3d3b40] -1999-03-30 01:08 millert + * config.guess, config.sub: + update from libtool-1.5.26 distribution + [c6641aef2527] - * CHANGES: new change + * aix.c, sudo.h: + attempt to fix compilation errors on AIX + [edb13e5b2184] -1999-03-30 01:03 millert + * Makefile.in: + fix typo in last commit + [25ba7f7ceae4] - * parse.yacc: Save entries that match a ! command on the matching - stack too + * Makefile.in: + Add WHATSNEW file to the distribution + [213f4115de8f] -1999-03-30 01:01 millert + * visudo.c: + use warningx instead of fprintf(stderr, ...) + [a3494b8ccb19] - * sudo.c: Make sudo's usage info better when mutually exclusive - args are given and don't rely on argument order to detect this; - nick@zeta.org.au + * list.c: + add DEBUG to list2tq + [115d24a3000c] -1999-03-29 15:03 millert + * ChangeLog, TODO: + sync + [60e6f4d1fac0] - * CHANGES, Makefile.in, RUNSON: updates from CU + * WHATSNEW: + mention mailfrom + [e2498f9e18d6] -1999-03-28 23:38 millert + * Makefile.in, aix.c, config.h.in, configure, configure.in, + set_perms.c, sudo.h: + Add aix_setlimits() to set resource limits on AIX using a + combination of getuserattr() and setrlimit(). Currently untested. + [9b1441fd89ca] - * Makefile.in: use gzip +2008-03-05 Todd C. Miller -1999-03-28 23:31 millert + * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat, + sudoers.man.in, sudoers.pod: + Add mailfrom Defaults option that sets the value of the From: field + in the warning/error mail. If unset the login name of the invoking + user is used. + [029b9f05d3d9] + + * defaults.c: + store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable + [a90e407d5e00] + + * gram.c, gram.y: + When adding a default, only call list2tq() once to do the list to tq + conversion. It is not legal to call list2tq multiple times on the + same list since list2tq consumes and modifies the list argument. + [fbc25d245c4a] - * parse.yacc: Fix off by one error introduced in *alloc changes + * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: + comment out XXXs for now + [595a1d43309d] -1999-03-28 23:05 millert + * WHATSNEW: + mention askpass + [b993e0837c22] - * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c, - check_sia.c, compat.h, config.h.in, configure, configure.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, - sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat, - sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod, - emul/utime.h: ++version - -1999-03-28 21:59 millert +2008-03-04 Todd C. Miller - * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c, - interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, - parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, utime.c, visudo.c: Use - emalloc/erealloc/estrdup + * sudo.c: + Error out if both -A and -S are specified Error out if -A is + specified but no askpass is configured + [24f1df2638f6] -1999-03-28 20:29 millert + * configure, configure.in: + we are not going to ship a sudo-specific askpass + [61949e7a3943] - * alloc.c: error checking memory allocation routines +2008-03-03 Todd C. Miller -1999-03-28 19:23 millert + * sudo.h: + fix definition of TGP_ASKPASS + [0447c57ba4c3] - * parse.yacc: Still not right, this fixes it for real + * def_data.c, def_data.in: + make askpass boolean-capable + [e0885893a325] -1999-03-28 19:08 millert + * INSTALL: + document --with-askpass + [c76e15ba97cf] - * parse.yacc: Fix for previous commit + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.man.in, visudo.cat: + regen + [8d16242980b7] -1999-03-28 19:05 millert +2008-03-02 Todd C. Miller - * CHANGES, INSTALL, parse.yacc: Fix a parser bug that was exposed - when mixing different runas specs and ! commands. For example: - millert ALL=(daemon) /usr/bin/whoami,!/bin/ls would - allow millert to run whoami as root as well as daemon when it - should just allow daemon. The problem was that comma-separated - commands in a list shared the same entry on the matching stack. - Now they get their own entry iff there is a full match. It may - be better to just make the runas spec persistent across all - commands in a list like the user and host entries of the matching - stack. However, since that is a fairly major change it should - gets its own minor rev increase. + * sudo.pod, sudo_usage.h.in, sudoers.pod: + document -A and askpass + [02c07505a78c] -1999-03-28 13:50 millert + * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c, + def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h, + sudo_usage.h.in, tgetpass.c: + Add support for running a helper program to read the password when + no tty is present (or when specified with the -A flag). TODO: docs. + [05780f5f71fd] - * check.c, config.h.in: Simplify PAM code and fix a PAM-related - warning on Linux + * def_data.c, def_data.in: + add missing printf format to SELinux role and type strings + [2b32774715e7] -1999-03-26 13:17 millert +2008-02-27 Todd C. Miller - * CHANGES: updates + * INSTALL, configure, configure.in: + Disable use of gss_krb5_ccache_name() by default and add + --enable-gss-krb5-ccache-name configure option to enable it. It + seems that gss_krb5_ccache_name() doesn't work properly with some + combinations of Heimdal and OpenLDAP. + [f61ebd3b19bd] -1999-03-26 13:12 millert +2008-02-22 Todd C. Miller - * sample.sudoers: better su entry + * selinux.c: + Ignore setexeccon() failing in permissive mode. Also add a call to + setkeycreatecon() (though this is probably insufficient). From Dan + Walsh. + [52564fc1c069] -1999-03-26 13:10 millert + * auth/pam.c: + Only set std_prompt for the PAM_PROMPT_* cases. The conversation + function may be called for non-password reading purposes so we must + be careful not to use def_prompt in cases where it may not be set. + [29d88ca575ba] - * configure: regen +2008-02-20 Todd C. Miller -1999-03-26 13:09 millert + * selinux.c: + Don't free the new tty context, we need to keep it around when we + restore the tty context after the command completes + [5b4bd39b6ea8] - * check.c, configure.in: new pam code that works on solaris, should - work on linux too; aelberg@home.com +2008-02-19 Todd C. Miller -1999-03-19 14:44 millert + * selinux.c: + s/newrole/sudo/ + [21b8a96ff8df] - * RUNSON: more entries + * sudo.man.pl, sudo.pod: + Only put login_cap(3) in SEE ALSO section if we have login.conf + support + [05250ddff2c0] -1999-03-19 14:43 millert +2008-02-18 Todd C. Miller - * config.h.in: only include strings.h if there is no string.h + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen + [301e5c5ccdbe] + + * sudoers.pod: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [c1c98fa163ce] + + * sudoers.man.pl: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [6c88f30b878a] + + * sudo.pod: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [acdbdfd24e1d] + + * sudo.man.pl: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [0c56d4750ac3] + + * Makefile.in, configure, configure.in: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [9a02bd6a6658] -1999-03-17 15:25 millert + * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod: + Remove the =cut on the first line (above the copyright notice) to + quiet pod2man. Also remove the hackery in the FILES section and + just deal with the fact that there will a newline between each + pathname. + [2ac1ab191835] - * config.guess: Sinix is now being called ReliantUNIX; - bjjackso@us.oracle.com +2008-02-17 Todd C. Miller -1999-03-13 13:37 millert + * Makefile.in: + run sudo.man.pl when generating sudo.man.in + [859727369168] - * sudo.c: shost must be set before log functions are called #ifdef - HOST_IN_LOG + * configure, configure.in, sudo.man.pl: + comment out SELinux manual bits unless --with-selinux was specified + [97ff4212b649] -1999-03-07 18:34 millert + * sudoers.pod: + document role and type defaults for SELinux + [870f303366b3] - * CHANGES, lex.yy.c, parse.lex: Fix a bug wrt quoting characters in - command args. Stop processing an arg when you hit a backslash so - the quoted-character detection can catch it. + * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in: + Document "sudo -ll" and make "sudo -l -l" be equivalent. + [3ce6dc429ea3] + +2008-02-15 Todd C. Miller + + * configure, configure.in: + Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on + Debian GNU/kFreeBSD. + [c4efa567a328] + +2008-02-13 Todd C. Miller + + * auth/kerb5.c: + Avoid Heimdal'isms introduced in the rev 1.32 rewrite of + verify_krb_v5_tgt() + [f80538e5a6fa] + + * logging.c, logging.h, sudo.c: + Remove dependence on VALIDATE_NOT_OK in logging functions. Split + log_auth() into log_allowed() and log_denial() Replace mail_auth() + with should_mail() and a call to send_mail() + [58aac9997557] + +2008-02-10 Todd C. Miller + + * ldap.c: + Add debugging so we can tell if the krb5 ccache is accessible + [c679322527bb] + + * INSTALL: + mention --with-selinux + [9efbe0b52194] + +2008-02-09 Todd C. Miller + + * configure: + regen + [467a834f867c] + + * selinux.c: + add Sudo tag + [d004ee669bed] + + * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in, + sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, + testsudoers.c, toke.c, toke.l: + Add support for SELinux RBAC. Sudoers entries may specify a role + and type. There are also role and type defaults that may be used. + To make sure a transition occurs, when using RBAC commands are + executed via the new sesh binary. Based on initial changes from Dan + Walsh. + [1d4abfe2c004] + + * sesh.c: + Add support for SELinux RBAC. Sudoers entries may specify a role + and type. There are also role and type defaults that may be used. + To make sure a transition occurs, when using RBAC commands are + executed via the new sesh binary. Based on initial changes from Dan + Walsh. + [1e3b395ce049] -1999-02-26 01:19 millert + * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h, + def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h, + pathnames.h.in, selinux.c: + Add support for SELinux RBAC. Sudoers entries may specify a role + and type. There are also role and type defaults that may be used. + To make sure a transition occurs, when using RBAC commands are + executed via the new sesh binary. Based on initial changes from Dan + Walsh. + [6b421948286e] + +2008-02-08 Todd C. Miller + + * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c: + Add long list (sudo -ll) support for printing verbose LDAP and + sudoers file entries. Still need to update manual. + [2875be37935c] + +2008-02-03 Todd C. Miller + + * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h: + Unify the -l output for file and ldap based sudoers and use lbufs + for both. The ldap output does not currently include options that + cannot be represented as tags. This will be remedied in a long list + output mode to come. + [b2e429456596] + +2008-01-27 Todd C. Miller + + * set_perms.c: + Use a specific error message for errno == EAGAIN when setuid() et al + fails. On Linux systems setuid() will fail with errno set to EAGAIN + if changing to the new uid would result in a resource limit + violation. + [08d0aecd9f03] + + * sudo.c: + Unlimit nproc on Linux systems where calling the setuid() family of + syscalls causes the nroc resource limit to be checked. The limits + will be reset by pam_limits.so when PAM is used. In the non-PAM + case the nproc limit will remain unlimited but there doesn't seem to + be a way around that other than having sudo parse + /etc/security/limits.conf directly. + [df024b415a8d] + + * env.c, sudo.c, sudo.pod: + Only read /etc/environment on Linux and AIX + [90669e2aefdb] + +2008-01-23 Todd C. Miller + + * configure, configure.in: + Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent + ldap.conf and ldap.secret paths from going into config.h. Avoid + single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED + since in some versions of bash they will end up literally in the + resulting define. + [25390f3ef10a] + +2008-01-21 Todd C. Miller + + * README.LDAP: + mention --with-nsswitch=no + [c509df927263] + + * configure, configure.in: + ldap_ssl.h depends on ldap.h being included first + [d96d90e9b21f] + + * config.h.in, configure, configure.in, ldap.c: + Include ldap_ssl.h if we can find it. Needed for the + ldapssl_set_strength defines on HP-UX at least. + [9e530470948a] + + * sudoers.ldap.pod: + sync + [b9d101f4673a] + + * TODO: + sync + [2ce951b2ecd0] - * interfaces.c: include sys/time.h; aparently AIX needs it. - ppz@cdu.elektra.ru + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen + [b61d793987e0] -1999-02-23 19:43 millert + * Makefile.in: + Use 78n line length when formatting cat pages. + [761bee9d5759] - * configure, configure.in: add missing case statement so - --without-sendmail works + * README.LDAP: + Remove redundant info that is now in sudoers.ldap.pod + [01828dcce59e] -1999-02-22 21:51 millert +2008-01-20 Todd C. Miller - * CHANGES: more + * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: + Reorganize the first section a bit. Substitute the proper path for + /etc/sudoers. + [11ae165e065d] -1999-02-22 15:10 millert + * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: + Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move + schema into EXAMPLES + [ab6509d1dde7] - * configure, configure.in: only search for -lsun in irix <= 4.x + * configure, configure.in: + Substitute values for ldap.conf, ldap.secret and nsswitch.conf into + sudoers.ldap.man. + [6e689972f465] -1999-02-22 15:01 millert + * configure, configure.in: + substitute for sudoers.ldap.man + [5a4a25766dee] - * configure, configure.in: back out last configure.in change now - that I've hacked autoconf to fix the real problem and add a - missing newline + * Makefile.in: + Fix cut & pasto introduced when adding sudoers.ldap man page. + [a7b069af8894] -1999-02-22 14:32 millert + * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: + Fill in some of the missing pieces. Still needs some reorganization + and editing. + [5e7331722166] - * CHANGES: updated +2008-01-19 Todd C. Miller -1999-02-22 14:05 millert + * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in, + sudoers.ldap.pod: + Beginnings of a sudoers.ldap man page. Currently, much of the + information is adapted from README.LDAP. + [aad28c8a922d] - * getcwd.c: add def of dirfd() for those without it +2008-01-18 Todd C. Miller -1999-02-22 10:58 millert + * pwutil.c: + When copying gr_mem we must guarantee that the storage space for + gr_mem is properly aligned. The simplest way to do this is to + simply store gr_mem directly after struct group. This is not a + problem for gr_passwd or gr_name as they are simple strings. + [af58fc76f1ed] - * configure.in, configure: When falling back to checking for - socket() when linking with "-lsocket -lnsl" check for main() - instead since autoconf has already cached the results of checking - for socket() in -lsocket. This is really an autoconf bug as it - should use the extra libs as part of the cache variable name. + * ldap.c: + Fix a typo/thinko in one of the calls to + sudo_ldap_check_user_netgroup(). From Marco van Wieringen. + [70b2eb8097f5] -1999-02-22 10:47 millert +2008-01-17 Todd C. Miller - * configure.in: typo + * config.h.in, configure, configure.in, ldap.c: + include in ldap.c if available + [34346206ef16] -1999-02-21 15:18 millert +2008-01-16 Todd C. Miller - * configure.in: fix occurrence of $with_timeout that should be - $with_password_timeout; - Michael.Neef@neuroinformatik.ruhr-uni-bochum.de + * gram.c, gram.y: + Make sure we define SIZE_MAX for yacc's skeleton.c + [d8a45c7a3c42] -1999-02-17 11:40 millert + * tgetpass.c: + Use TCSAFLUSH when restoring terminal settings (and echo) to + guarantee that any pending output is discarded + [549a184479e5] - * sudo.cat, sudo.html, sudo.man, sudo.pod: fix grammar; - espie@openbsd.org +2008-01-15 Todd C. Miller -1999-02-11 01:41 millert + * sudoers: + no longer need to specify SETENV when user has sudo ALL + [3051b41f8032] - * parse.yacc, sudo.c, testsudoers.c: add cast for strdup in places - it does not have it + * testsudoers.c: + sync user_args size calculation with sudo.c Add -g group option, + renaming old -g to -G Add set_runasgr() and set_runaspw() and use + them + [0850325180f0] -1999-02-09 13:11 millert + * sudo.c, sudo.h: + Make set_runaspw static void + [5d44d7a340ce] - * configure, configure.in: define for_BSD_TYPES irix + * testsudoers.c, visudo.c: + g/c set_runaspw stub + [79ebb5e2cc38] -1999-02-06 19:47 millert + * configure, configure.in: + Don't add -llber twice. + [4356d302eef4] - * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod: Make it - clear that it is the user's password, not root's, that we want. +2008-01-14 Todd C. Miller -1999-02-06 19:43 millert + * ldap.c: + fix typo + [249cecc557e9] - * check.c, sudo.h: If the user enters an empty password and really - has no password, accept the empty password they entered. - Perviously, they could enter anything *but* an empty password. - Also, add GETPASS macro that calls either tgetpass() or getpass() - depending on how sudo was configured. Problem noted by - jdg@maths.qmw.ac.uk +2008-01-13 Todd C. Miller -1999-02-02 23:32 millert + * gram.c: + regen + [2f94ea375b67] - * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, - testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, - emul/utime.h: add explicate copyright + * configure, configure.in: + Fix check that determines whether -llber is required. + [6afa99523379] -1999-02-02 23:16 millert + * README.LDAP, config.h.in, configure, configure.in, ldap.c: + For netscape-based LDAP, use ldapssl_set_strength() to implement the + checkpeer ldap.conf option. + [16ae24d73795] - * CHANGES: mention -lsocket, -lnsl configure changes + * auth/kerb5.c: + Delay krb5_cc_initialize() until we actually need to use the cred + cache, which is what krb5_verify_user() does. Better cleanup on + failure. + [d12e5f1695b8] -1999-02-02 17:54 millert +2008-01-12 Todd C. Miller - * sudo.c: Don't clobber errno after calling check_sudoers(). + * auth/kerb5.c: + Rewrite verify_krb_v5_tgt() based on what heimdal's + krb5_verify_user() does. + [05b5815f86c9] -1999-01-31 19:46 millert +2008-01-09 Todd C. Miller - * configure.in, configure: When linking with both -lsocket and - -lnsl be sure to do so in that order. Also, when we can't find - socket() or inet_addr() and have to try linking with both libs, - issue a warning. + * gram.c: + The U suffix on constants is an ANSI feature + [c6dfce3167f1] -1999-01-31 19:45 millert + * configure, configure.in: + Add check for ber_set_option() in -llber + [43d0c0566074] - * sudo.cat, sudo.man, sudo.pod: clarify bad timestamp and fmt +2008-01-07 Todd C. Miller -1999-01-23 12:18 millert + * README.LDAP: + default if no nsswitch.conf is files only + [c13001d9c998] - * INSTALL, RUNSON: be clear that pam is linux-only and add a RUNSON - entry +2008-01-06 Todd C. Miller -1999-01-22 13:13 millert + * README.LDAP: + don't tell people to mail aaron about LDAP stuff + [8165ec1ef0c6] - * configure, CHANGES, INSTALL, configure.in: fix and correctly - document --with-umask; problem noted by adap@adap.org + * README.LDAP: + timelimit and bind_timelimit + [44f74cbed167] -1999-01-19 20:38 millert + * ChangeLog: + sync + [aba1a0ab02bd] - * configure.in, configure: only use /usr/{man,catman}/local to - store man pages if suer didn't override prefix or mandir + * ldap.c: + Move ldap.secret reading into a separate function. + [1948acc9f7a4] -1999-01-19 20:24 millert + * check.c: + user_runas -> runas_pw + [334490fc2bae] - * configure, INSTALL, configure.in: fix typo, make --with-SecurID - take an arg +2008-01-05 Todd C. Miller -1999-01-18 21:53 millert + * TODO: + sync + [c7b165cc47c6] - * RUNSON: updates from users + * check.c, sudo.pod, sudoers.pod: + Add and document the %p escape in the password prompt. Based on a + patch from Patrick Schoenfeld. + [3972d4f31ffa] -1999-01-18 21:04 millert + * ldap.c: + Check strlcpy() return values. + [9b42f3ae8ff1] - * CHANGES, INSTALL, check.c, configure, configure.in: FWTK - 'authsrv' support from Kevin Kadow + * ldap.c: + refactor ldap binding code into sudo_ldap_bind_s() + [cb0c66a4d955] -1999-01-18 20:00 millert + * README.LDAP: + Make it clear that host and uri can take multiple parameters. URI is + now supported for more than just openldap nsswitch.conf does't + accept "compat" + [f610dea656d6] - * configure, configure.in: better fix for the problem of unresolved - symbols in -lnsl or -lsocket + * sudo.c: + comment cleanup and update (c) year + [6cd69c810ca5] -1999-01-18 19:39 millert + * parse.c, sudo_nss.c: + Move display_privs() and display_cmnd() from parse.c to sudo_nss.c. + This should make it possible to build an LDAP-only sudo binary. + [61c3f27066a0] - * configure, configure.in: when checking for functions in -lnsl and - -lsocket link with both of them to avoid unresolved symbols on - some weirdo systems + * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h: + Improve chaining of multiple sudoers sources by passing in the + previous return value to the next in the chain + [2c0b722b1b2d] -1999-01-17 20:49 millert + * gram.y: + Free up parser data structures in sudo_file_close(). + [2251531d4519] - * BUGS, CHANGES, RUNSON, TODO: old changes that didn't make it into - RCS before the RCS->CVS switch + * gram.c, parse.c: + Free up parser data structures in sudo_file_close(). + [8371f130f401] -1999-01-17 18:16 millert + * ldap.c: + Parse uri ourself if no ldap_initialize() is present Use + ldap_create() instead of deprecated ldap_init() Use + ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s() + [85d3825b1953] - * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, - configure.in, dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, lex.yy.c, logging.c, lsearch.c, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, - sudo.c, sudo.pod, sudo_setenv.c, sudoers.pod, testsudoers.c, - tgetpass.c, utime.c, visudo.c, visudo.pod, emul/search.h, - emul/utime.h: add sudo tags + * config.h.in, configure, configure.in: + Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from + CFLAGS + [240524512bc5] -1999-01-17 17:53 millert +2008-01-04 Todd C. Miller - * version.h, sudo.h: testing Sudo tag + * config.h.in, configure, configure.in: + add check for ldap_create + [3089badd73b8] -1999-01-17 17:40 millert +2008-01-03 Todd C. Miller - * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, - compat.h, config.h.in, configure, configure.in, dce_pwent.c, - find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, - logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, - sudo.man, sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, - tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, visudo.man, - emul/utime.h: crank version and regen files + * config.h.in, configure, configure.in, ldap.c: + Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's + dn using the mechanism appropriate for the LDAP SDK in use. Use + ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate + ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them. + [6deeca3d00cc] -1999-01-17 17:27 millert + * lbuf.c: + include unistd.h + [8419ed0bae7f] - * Makefile.in: kill rcs goop in update_version and fix now that - version is a const + * config.h.in, configure.in: + fix typo in mtim_getnsec + [2d5f21230a60] + +2008-01-02 Todd C. Miller + + * config.h.in, configure, configure.in: + add check for st__tim in struct stat as used by SCO + [587060ea2a89] + + * ldap.c: + use ldap_search_ext_s instead of deprecated ldap_search_s + [5fc44fe3b44c] + + * Makefile.in, TODO, sudo.cat, sudo.man.in: + add sudo_nss.h to HDRS + [86f01a70ff29] + + * ldap.c: + Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and + ldap_rdn2str(). + [aa217002cfae] + +2008-01-01 Todd C. Miller + + * ldap.c: + Use ldap_get_values_len()/ldap_value_free_len() instead of the + deprecated ldap_get_values()/ldap_value_free(). + [e22dceb85e57] + + * ChangeLog: + sync + [adad27b36107] + + * TODO: + sync + [c449eb47e0ef] + + * gettime.c, sudo.c: + Remove some already fixed XXXs + [532788d0e6da] + + * ldap.c: + Same return value as non-existent sudoers if LDAP was unable to + connect. + [5819810e8e4e] + + * sudo.pod: + mention /etc/environment + [ea8e6102f853] + + * README.LDAP, UPGRADE, WHATSNEW: + Update to reflect recent developments. + [ed1fb026fe77] + + * sudo.c: + Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output. + [55b68a58260d] + + * ldap.c: + When building up a query don't list groups in the aux group vector + that are the same as the passwd file group. On most systems the + first gid in the group vector is the same as the passwd entry gid. + [4bb51e297e0d] -1999-01-17 17:08 millert + * env.c, ldap.c: + Define LDAPNOINIT before calling ldap_init(), etc. to disable user + ldaprc and system defaults that could affect how LDAP works. + [ce5036440db2] - * INSTALL, check.c, config.h.in, configure, configure.in, - logging.c, sudo.c, sudo.h, sudo.pod: kerb5 support from - fcusack@iconnet.net + * INSTALL, configure, configure.in, pathnames.h.in, sudo.c, + sudo_nss.c, sudo_nss.h: + Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users + to specify nsswitch.conf path or disable it. If --with-nsswitch=no + but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf- + file and --with-ldap-secret-file + [ea5d7704381f] + + * parse.c: + Honor def_ignore_local_sudoers + [f38e1121fae1] + +2007-12-31 Todd C. Miller + + * ldap.c: + no longer need to check def_ignore_local_sudoers here + [fce2a72f96fb] + + * parse.c: + Refactor group vector resetting into a function and also call it + from display_cmnd. Stop after the first sucessful match in + display_cmnd. Print a newline between each display_privs method. + [981b37b5adff] + + * parse.c: + fix double free introduced in rev 1.218 + [c574b02d8747] + + * ldap.c: + belt and suspenders; zero out result after freeing it + [7732988d4620] + + * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c: + Refactor line reading into a separate function, sudo_parseln(), + which removes comments, leading/trailing whitespace and newlines. + May want to rethink the use of sudo_parseln() for /etc/ldap.secret + [61d9068f0645] + + * parse.c, sudo.c: + Make the inability to read the sudoers file a non-fatal error if + there are other sudoers sources available. sudoers_file_lookup now + returns "not OK" if sudoers was not present + [643babf597a8] + + * ldap.c: + make it clear that the global options are from LDAP + [9ff950349463] + + * logging.c: + allocate proper amount of space for error string + [8bebb7d46d19] + + * sudo_nss.c, sudo_nss.h: + actual sudo nss code + [5bd7d52d7738] + + * ldap.c, parse.c, sudo.c, sudo.h: + nss-ify display_privs and display_cmnd. + [cccfdd3253f2] + + * defaults.c, parse.c, testsudoers.c, visudo.c: + move update_defaults() to parse.c + [ace144b958a9] -1999-01-17 16:45 millert + * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h: + Use nsswitch to hide some sudoers vs. ldap implementation details + and reduce the number of #ifdef LDAP TODO: fix display routines and + error handling + [6225edde89a6] - * realpath.c, sudo_realpath.c: we no longer use realpath +2007-12-28 Todd C. Miller -1999-01-17 16:44 millert + * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h: + First cut at nsswitch.conf support. Further reorganizaton and + related changes are forthcoming. + [717f59d0790b] - * qualify.c: replaced by find_path.c +2007-12-21 Todd C. Miller -1999-01-17 16:43 millert + * env.c, pathnames.h.in, sudo.c, sudo.h: + Add support for reading and /etc/environment file. Still needs to + be documented and should probably only applies to OSes that have it + (AIX and Linux, maybe others). + [15d3edae27e4] - * options.h: all options are now configure flags + * ldap.c: + include limits.h + [e19875ef0f82] -1999-01-17 16:42 millert +2007-12-20 Todd C. Miller - * lex.yy.c: regen + * WHATSNEW: + reword LDAP SASL + [7ec3c4ec31b5] -1999-01-17 16:41 millert +2007-12-19 Todd C. Miller - * getwd.c: superceded by getcwd.c + * TODO: + sync + [87c5a7aea7bf] -1999-01-17 16:36 millert + * README.LDAP: + Add an example sudoRole, clarify netscape vs. openldap a bit more + [6f96c0ca8107] - * getpass.c: superceded by tgetpass.c + * README.LDAP: + Be clear on what is OpenLDAP vs. Netscape-derived + [a33c8314dec5] -1999-01-17 16:36 millert + * config.h.in, configure, configure.in, ldap.c: + Use ldapssl_init() for ldaps support instead of trying to do it + manually with ldap_init() + ldapssl_install_routines(). Use tls_cert + and tls_key for cert7.db and key3.db respectively. Don't print + debugging info for options that are not set. Add warning if + start_tls specified when not supported. + [abb62dc7e4a3] - * SUPPORTED: superceded by RUNSON + * ldap.c: + fix compilation on solaris + [03d449684e80] -1999-01-17 16:33 millert + * Makefile.in: + add missing .h and .c files for missing lib objs + [8b37825bdfc7] - * OPTIONS: No longer used now that we have configure options for - everything. +2007-12-18 Todd C. Miller -1999-01-17 16:32 millert + * ldap.c: + fix LDAP_OPT_NETWORK_TIMEOUT setting + [226eba89c0ad] - * configure: regen based on configure.in + * ldap.c: + fix compilation on Solaris + [917d47639eb6] -1999-01-17 16:31 millert +2007-12-17 Todd C. Miller - * sudo.man, sudoers.man, visudo.man, sudo.cat, sudo.html, - sudoers.cat, visudo.cat, sudoers.html, visudo.html: regen based - on sudo.pod, sudoers.pod, and visudo.pod + * configure, configure.in: + fix typo + [009d5c81b225] -1998-12-11 12:16 millert + * README.LDAP: + try to clear up which variables are for OpenLDAP and which are for + netscape-derived SDKs + [f8d9823ee73c] - * check.c: fix tty tickets in remove_timestamp (didn't use ':') + * config.h.in, configure, configure.in, ldap.c: + Add support for "ssl on" in both netscape and openldap flavors. Only + the OpenLDAP flavor has been tested. + [952745829ec5] -1998-12-07 16:16 millert + * logging.c, sudo.c, sudo.h: + Call cleanup() before exit in log_error() instead of calling + sudo_ldap_close() directly. ldap_conn can now be static to sudo.c + [da02d1b67a2c] - * interfaces.c: close sock when we are done with it + * sudo.c: + ld -> ldap_conn + [01afa6d927cc] -1998-11-27 19:37 millert +2007-12-16 Todd C. Miller - * parse.yacc: never say "error on line -1" + * logging.c, sudo.c, sudo.h: + Better ldap cleanup. + [25b9abe2d617] -1998-11-23 23:38 millert + * ldap.c: + Distinguish between LDAP conf settings that are connection-specific + (which take an ld pointer) and those that are default settings + (which do not). + [d48dc6c9c3b4] - * configure.in: check for -lnsl before -lsocket +2007-12-14 Todd C. Miller -1998-11-23 23:29 millert + * ldap.c: + Improved warnings on error. + [c8dce7b4feb4] - * configure.in: quote '[', ']' used in ranges correctly + * ldap.c: + Make ldap config table driven and set the config *after* we open the + connection. + [d9698b5a2681] -1998-11-21 17:54 millert +2007-12-13 Todd C. Miller - * config.h.in: add missing NO_ROOT_SUDO noted by drno@tsd.edu + * ldap.c: + fix LDAP_OPT_X_CONNECT_TIMEOUT compat define + [598c6df06660] -1998-11-20 18:33 millert + * configure, configure.in: + some operating systems need to link with -lkrb5support when using + krb5 + [8896365dde9e] - * version.h: 1.5.7 +2007-12-10 Todd C. Miller -1998-11-20 18:33 millert + * WHATSNEW: + minor update + [acfeeb7f4886] - * INSTALL: more info for 1.5.7 + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: + regen + [a3c6699674f9] -1998-11-20 18:30 millert +2007-12-08 Todd C. Miller + + * ChangeLog, TODO: + sync + [138e99b925ee] + + * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif: + add -g support for LDAP + [8fc27dbe9287] - * README: update for 1.5.7 +2007-12-03 Todd C. Miller -1998-11-20 14:26 millert + * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in: + The -i and -s flags can now take an optional command. + [6afec104ee77] - * parse.yacc: make increases of cm_list_size and ga_list_size be - similar to increases of stacksize (ie: >= not > in initial - compare). +2007-12-02 Todd C. Miller -1998-11-20 14:22 millert + * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod, + sudoers.pod: + Add passprompt_override flag to sudoers that will cause the prompt + to be overridden in all cases. This flag is also set when the user + specifies the -p flag. + [e4c5402131a6] - * parse.yacc: when we get a syntax error, report it for the - previous line since that's generally where the error occurred. + * sudo.c: + Move setting of login class until after sudoers has been parsed. Set + NewArgv[0] for -i after runas_pw has been set. + [62a48c8c56fa] -1998-11-18 15:31 millert + * configure, configure.in: + Move the dgettext check. + [5fd8a4712d1c] + +2007-12-01 Todd C. Miller - * config.h.in, configure.in, interfaces.c: add back check for - sys/sockio.h but only use it if SIOCGIFCONF is not defined + * auth/pam.c, config.h.in, configure, configure.in: + Add basic support for looking up the string "Password: " in the PAM + localized text db. This allows us to determine whether the PAM + prompt is the default "Password: " one even if it has been + localized. -1998-11-18 15:25 millert + TODO: concatenate non-std PAM prompts and user-specified sudo + prompts. + [81c25a415d41] - * config.h.in: define BSD_COMP for svr4 +2007-11-27 Todd C. Miller -1998-11-17 23:16 millert + * Makefile.in, config.h.in, configure, configure.in, parse.c, + set_perms.c, sudo.c, sudo.h: + Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was + insufficient. + [1cce6ec1a91e] - * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, - goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, - parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: more - -Wall + * acsite.m4, configure, interfaces.c, memrchr.c: + Fix typos; Martynas Venckus + [be1233cca11a] -1998-11-17 23:10 millert +2007-11-26 Todd C. Miller - * configure.in: kill check for sockio,h + * set_perms.c: + Don't assume runas_pw is set; it may not be in the -g case. + [aa11bd2193ac] -1998-11-17 23:10 millert +2007-11-25 Todd C. Miller - * config.h.in: no more HAVE_SYS_SOCKIO_H + * logging.c, set_perms.c: + Set aux group vector for PERM_RUNAS and restore group vector for + PERM_ROOT if we previously changed it. Stash the runas group vector + so we don't have to call initgroups more than once. Also add no-op + check to check_perms. + [53837fc755f7] -1998-11-17 22:51 millert +2007-11-21 Todd C. Miller - * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, - goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, - parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - -Wall + * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y, + ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h, + pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, + sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod, + testsudoers.c, visudo.c, visudo.cat, visudo.man.in: + Add support for runas groups. This allows the user to run a command + with a different effective group. If the -g option is specified + without -u the command will be run as the current user (only the + group will change). the -g and -u options may be used together. + TODO: implement runas group for ldap improve runas group + documentation add testsudoers support + [9019309df6d0] -1998-11-16 17:38 millert + * configure, configure.in: + fix setting of mandir + [2c60f269399f] - * sudo.c: add missing inform_user() + * sudo.pod, sudoers.pod: + document that ALL implies SETENV + [bcc8e5b703b9] -1998-11-13 19:21 millert + * ldap.c: + s/setenv_ok/setenv_implied/g + [f005df2c2eea] - * find_path.c: return NOT_FOUND if given fully qualified path and - it does not exist previously it would perror(ENOENT) which - bypasses the option to not leak path info + * ldap.c: + hostname_matches() returns TRUE on match in sudo 1.7. + [c3d4377b6e8b] -1998-11-13 19:20 millert + * ldap.c: + use strcmp, not strcasecmp when comparing ALL + [e486024574a1] - * configure.in: for kerb5, check for -lkerb4, fall back on -lkrb - for kerb, check for -ldes + * ldap.c: + Make sudo ALL imply setenv. Note that unlike with file-based + sudoers this does affect all the commands in the sudoRole. + [bc12f54321d1] -1998-11-13 14:19 millert + * gram.c, gram.y, parse.c, parse.h: + sudo "ALL" now implies the SETENV tag but, unlike an explicit tag, + it is not passed on to other commands in the list. + [026e2cb40680] - * INSTALL: tty tickets are user:tty now + * visudo.c: + Add missing sudo_setpwent() and sudo_setgrent() calls. Also use + sudo_getpwuid() instead of getpwuid(). + [86f30a8fbd49] -1998-11-13 14:10 millert +2007-11-15 Todd C. Miller - * check.c: when using tty tickets make it user:tty not user.tty as - a username could have a '.' in it + * sudoers: + Expand on the dangers of not using visudo to edit sudoers. + [e434e8057d02] -1998-11-09 19:15 millert +2007-11-08 Todd C. Miller - * sudo.c: add "ignoring foo found in ." for auth successful case + * parse.c: + Don't quote *?[]! on output since the lexer does not strip off the + backslash when reading those in. + [561da4a13afa] -1998-11-09 17:57 millert +2007-11-07 Todd C. Miller - * sudo.c: add missing printf param + * glob.c: + expand "u_foo" types to "unsigned foo" to avoid compatibility + issues. + [b0d7c64d78c3] -1998-11-08 15:56 millert +2007-11-04 Todd C. Miller - * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h: - go back to printing "command not found" unless - --disable-path-info specified. Also, tell user when we ignore - '.' in their path and it would have been used but for - --with-ignore-dot. + * logging.c: + Refactor log line generation in to new_logline(). + [6a9b9730615d] -1998-11-08 13:51 millert +2007-10-25 Todd C. Miller - * check.c, sudo.c: Only one space after a colon, not two, in - printf's + * TROUBLESHOOTING: + fix typo + [9e19d4f86e47] -1998-11-05 12:59 millert +2007-10-24 Todd C. Miller - * sudo.pod: document setting $USER + * config.h.in, configure, configure.in, interfaces.c, interfaces.h, + match.c: + Add configure check for struct in6_addr instead of relying on + AF_INET6 since some systems define AF_INET6 but do not include IPv6 + support. + [e24082c416bd] -1998-11-04 22:24 millert +2007-10-21 Todd C. Miller - * check.c: fix bugs with prompt expansion + * configure, configure.in: + Fix block to add -lutil for FreeBSD and NetBSD when logincap is in + use. + [76a9df4a63be] -1998-11-04 21:21 millert +2007-10-20 Todd C. Miller - * sudo.c: set $USER for root too + * configure, configure.in: + POSIX states that struct timespec be declared in time.h so check + there regardless of the value of TIME_WITH_SYS_TIME. + [e42c55ec9daf] -1998-11-04 17:13 millert +2007-10-17 Todd C. Miller - * getspwuid.c: typo + * tgetpass.c: + Instead of defining a macro to call the appropriate method for + turning on/off echo, just define tc[gs]etattr() and the related + defines that use the correct terminal ioctls if needed. Also go back + to using TCSAFLUSH instead of TCSADRAIN on all but QNX. + [5dfb2379d995] -1998-11-04 17:07 millert +2007-10-09 Todd C. Miller - * configure.in: HP-UX's iscomsec is in -lsec, not libc + * Makefile.in: + g/c @ALLOCA@ + [e6946c2e3820] -1998-11-03 22:24 millert + * configure: + regen + [9bac7159a138] - * configure.in: remove some entries in the OS case statement that - did nothing + * INSTALL, auth/pam.c, config.h.in, configure.in: + Add --disable-pam-session configure option to disable calling + pam_{open,close}_session. May work around bugs in some PAM + implementations. + [273d0fdb4a9d] -1998-11-03 22:19 millert +2007-10-08 Todd C. Miller - * TROUBLESHOOTING: add "cd" section and flush out syslog section + * tgetpass.c: + quiet gcc warnings + [325565c5a579] -1998-11-03 20:51 millert + * tgetpass.c: + Avoid printing the prompt if we are already backgrounded. E.g. if + the user runs "sudo foo &" from the shell. In this case, the call + to tcsetattr() will cause SIGTTOU to be delivered. + [db2139a8d8b8] - * Makefile.in: no more sudo-lex.yy.c +2007-09-15 Todd C. Miller -1998-11-03 20:50 millert + * def_data.c, def_data.h, def_data.in: + Reorder things such that the definition of env_reset come right + before the env variable lists. + [e0d8e22a581a] - * check_sia.c: add custom prompt support + * parse.h: + Shrink type and seqno in struct alias from int to u_short + [9425263dd565] -1998-11-03 20:40 millert + * alias.c, match.c, parse.c, parse.h: + Add a sequence number in the aliases for loop detection. If we find + an alias with the seqno already set to the current (global) value we + know we've visited it before so ignore it. + [301a0548ffff] - * sudo.c: kill perror("malloc") since we already have a good error - messages pw_ent -> pw for brevity set $USER if -u specified +2007-09-13 Todd C. Miller -1998-11-03 20:39 millert + * TODO, auth/pam.c, sudo.c, sudo.h: + PAM wants the full tty path so add user_ttypath which holds the full + path to the tty or is NULL if no tty was present. + [c7c1dd4b36c8] - * parse.c: kill perror("malloc") since we already have a good error - messages pw_ent -> pw for brevity when checking if %group - matches, look up user in password file so that %groups works in a - RunAs spec. + * auth/pam.c: + Set PAM_RHOST to work around a bug in Solaris 7 and lower that + results in a segv. + [3a8865b3a357] -1998-11-03 20:39 millert +2007-09-11 Todd C. Miller - * logging.c, parse.yacc: kill perror("malloc") since we already - have a good error messages + * gram.c: + regen + [5647be127950] -1998-11-03 20:38 millert + * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c, + parse.h, testsudoers.c, visudo.c: + rename lh_ -> tq_ + [8f500c542c4a] - * check.c, getspwuid.c, interfaces.c, testsudoers.c: kill - perror("malloc") since we already have a good error messages - pw_ent -> pw for brevity +2007-09-10 Todd C. Miller -1998-11-03 15:03 millert + * alloc.c: + remove some useless casts + [409a448b23f5] - * tgetpass.c: the prompt is expanded before tgetpass is called + * alloc.c: + pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h + predates the final C99 spec and the standard specifies that it shall + include stdint.h anyway + [ae478fdef61a] -1998-11-03 15:03 millert +2007-09-06 Todd C. Miller - * sudo.h: tgetpass now has the same args as getpass again + * Makefile.in, alloca.c, configure.in: + Since we ship with a pre-generated parser there is no need to ship a + bogus alloca implementation. + [3f611a7cc0e5] -1998-11-03 15:02 millert + * configure: + regen + [771eccf5269c] - * getspwuid.c: add iscomsec, issecure support + * configure.in: + remove initial setting of CHECKSIA, we require that it be unset if + not used + [a2e91adc5aa2] -1998-11-03 15:02 millert + * Makefile.in: + add list.c to SRCS + [7db0e56cf5b9] - * check.c: we now expand any %h or %u in the prompt before passing - to tgetpass + * configure: + regen + [3716ec30172e] -1998-11-03 14:58 millert + * configure.in: + only do SIA checks on Digital Unix + [6a96e1af2597] - * configure.in: add check for syslog(3) in -lsocket, -lnsl, -linet +2007-09-05 Todd C. Miller -1998-11-03 14:56 millert + * sudoers.cat, sudoers.man.in: + regen + [ac1dc29de72b] - * config.h.in: add HAVE_ISCOMSEC and HAVE_ISSECURE + * ChangeLog, TODO: + sync + [781effce0a2d] -1998-11-03 14:55 millert + * auth/kerb5.c: + Remove call to krb5_cc_register() as it is not needed for modern + kerb5. + [351b8b764f16] - * configure.in: add check for iscomsec in HP-UX + * configure: + regen + [ac21dbcc9c2c] -1998-11-03 14:51 millert + * aclocal.m4, configure.in: + New method for setting the default authentication type and avoiding + conflicts in auth types. + [5fb15be11f78] - * configure.in: check for issecure if we have getpwanam on SunOS - some options are incompatible with DUNIX SIA check for dispcrypt - on DUNIX + * match.c, parse.c, testsudoers.c: + Each entry in a cmndlist now has an associated runaslist so no need + to keep track of the most recent non-NULL one. + [582e015786b0] -1998-10-25 15:21 millert +2007-09-04 Todd C. Miller - * config.h.in: add HAVE_DISPCRYPT + * ldap.c: + back out partial ldaps support mistakenly committed + [357703e94b2d] -1998-10-25 15:21 millert + * ldap.c: + Add support for unix groups and netgroups in sudoRunas + [2f04eb91c6d0] - * secureware.c: add back support for non-dispcrypt based checking - for older DUNIX +2007-09-03 Todd C. Miller -1998-10-25 00:51 millert + * sudo_edit.c: + Fix sudoedit of a non-existent file. From Tilo Stritzky. + [a5488a03bddd] - * INSTALL: sia changes +2007-09-02 Todd C. Miller -1998-10-25 00:48 millert + * configure: + regen + [541177376ee1] - * configure.in: SIA becomes the default on Digital UNIX now havbe - --disable-sia to turn it off... + * INSTALL: + update --passprompt escape info + [6d57db4cd538] -1998-10-24 23:52 millert + * configure.in: + remove now-bogus comment and update copyright date + [6a4af45fa331] - * check.c: move local includes after system ones + * configure.in: + Fix up use of with_passwd + [7c79d8640f77] -1998-10-24 19:28 millert + * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh: + Update to autoconf-2.61 andf libtool-1.5.24 + [045259b0b439] + + * Makefile.in: + "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61 + [f5b6a7afb817] + +2007-09-01 Todd C. Miller + + * gram.c: + regen + [b5b78e71d2cb] + + * gram.y: + move tags and runaslist propagation to be earlier + [94f7805f4489] + + * visudo.c: + If -f flag given use the permissions of the original file as a + template + [9303d22bddb0] + + * gram.y: + prevent a double free() when re-initing the parser + [5b3907c4de5a] + +2007-08-31 Todd C. Miller + + * configure: + regen + [49a90b19a17d] + + * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in, + configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c, + parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c, + sudo.h, testsudoers.c, visudo.c, zero_bytes.c: + Remove support for compilers that don't support void * + [35e1d01ae197] + + * gram.c: + regen + [70ce412a458a] + + * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c, + parse.c, parse.h, testsudoers.c, visudo.c: + Move list manipulation macros to list.h and create C versions of the + more complex ones in list.c. The names have been down-cased so they + appear more like normal functions. + [9cea0e281148] + + * Makefile.in: + Fix cmp command when regenerating parser. Make gram.o the first + dependency for all programs so gram.h will be generated before + anything that needs it. + [429ea065abf1] + + * gram.y, parse.h: + Convert NEW_DEFAULT anf NEW_MEMBER into static functions. + [2f3433833589] + + * match.c, parse.c, testsudoers.c: + Use LH_FOREACH_REV when checking permission and short-circuit on the + first non-UNSPEC hit we get for the command. This means that + instead of cycling through the all the parsed sudoers entries we + start at the end and work backwards and quit after the first + positive or negative match. + [881474532f3e] + + * gram.c: + regen + [9152a19d4188] - * check.c, check_sia.c, sudo.h: add pass_warn() which prints out - INCORRECT_PASSWORD or an insult to stderr + * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c: + Change list head macros to take a pointer, not a struct. + [054f1dcce4cc] -1998-10-24 19:07 millert + * gram.c: + regen + [be154aae6235] - * check_sia.c: fix while loop in sia_attempt_auth() that checks the - password. Only the first iteration was working. + * gram.y: + Propagate the runasspec from one command to the next in a cmndspec. + [4957b1cb03a3] -1998-10-21 21:00 millert +2007-08-30 Todd C. Miller - * aclocal.m4: don't trust UID_MAX or MAXUID + * match.c: + Replace has_meta() with a macro that calls strpbrk(). + [a2e58846a542] -1998-10-21 20:35 millert + * regen + [5a932a5c9451] - * configure.in: fix two pastos + * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h, + testsudoers.c, visudo.c: + Use a list head struct when storing the semi-circular lists and + convert to tail queues in the process. This will allow us to + reverse foreach loops more easily and it makes it clearer which + functions expect a list as opposed to a single member. -1998-10-21 20:30 millert + Add macros for manipulating lists. Some of these should become + functions. - * configure.in: fix typo + When freeing up a list, just pop off the last item in the queue + instead of going from head to tail. This is simpler since we don't + have to stash a pointer to the next member, we always just use the + last one in the queue until the queue is empty. -1998-10-21 20:19 millert + Rename match functions that take a list to have list in the name. + Break cmnd_matches() into cmnd_matches() and cmndlist_matches. + [7c37b271607a] - * getspwuid.c, secureware.c: init crypt_type to INT_MAX since it is - legal to be negative in DUNX 5.0 + * parse.c: + Fix pasto, append "!" not negated (which is an int) for sudo -l + output. + [93a444c3997f] -1998-10-21 20:15 millert + * Makefile.in: + Remove the dependency of gram .h on gram.y, the .c dependency is + enough. Only move y.tab.h to gram.h if it is different; avoids + needless rebuilding. + [67bf4ea2a2e5] + +2007-08-27 Todd C. Miller + + * sudoers.pod: + Defaults lines may be associated with lists of users, hosts, + commands and runas users, not just single entries. + [795effacb6be] + +2007-08-26 Todd C. Miller + + * Makefile.in: + Revert the "cmp" portion of the last diff, it doesn't make sense. + [26f34bf4e2e3] + + * Makefile.in: + Remove *.lo for clean: When generating the parser, only move the + generated files into place if they differ from the existing ones. + [84673fea371b] + +2007-08-25 Todd C. Miller + + * toke.c, toke.l: + Replace IPV6 regexp with a much simpler (readable) one and add an + extra check when it matches to make sure we have a valid address. + [592e9f690556] + + * match.c: + Fix thinko introduced when merging IPV6 support. + [da38cd5eb8c7] + +2007-08-24 Todd C. Miller + + * HISTORY, LICENSE: + regen + [0d7b27b90634] + + * license.pod: + add 2007 + [510e5048ae1a] + + * UPGRADE: + mention #uid vs. comment pitfall + [4d2861898bcc] + + * acsite.m4: + Merge in a patch from the libtool cvs that fixes a problem with the + latest autoconf. From Stepan Kasal. + [0c279ae7df3e] + + * parse.h: + Back out he XOR swap trick, it is slower than a temp variable on + modern CPUs. + [91c4b024e317] + + * gram.c: + regen + [cb6d4106fb74] + + * gram.y, parse.h: + Convert the tail queue to a semi-circle queue and use the XOR swap + trick to swap the prev pointers during append. + [8bf4d9fbee58] + +2007-08-23 Todd C. Miller + + * parse.h: + remove useless statement + [421ec1dd73e6] + + * toke.c, toke.l: + Refactor #include parsing into a separate function and return + unparsed chars (such as newline or comment) back to the lexer. + [64166917aa3d] - * configure.in: for secureware on dunix, use -lsecurity -ldb -laud - -lm but check for -ldb since DUNX < 4.0 lacks it +2007-08-22 Todd C. Miller -1998-10-21 19:50 millert + * WHATSNEW: + mention better uid support + [56f510e7f2ec] - * check.c, compat.h, config.h.in, configure.in, getspwuid.c, - secureware.c, sudo.c, tgetpass.c: getprpwuid is broken in HP-UX - 10.20 at least (it sleeps for 2 minutes if the shadow files don't - exist). + * sudoers.pod: + Users may now consist of a uid. + [5fd31b2c55ed] -1998-10-20 17:22 millert + * gram.c, gram.h, toke.c: + regen + [599e58af6dc1] - * INSTALL: updated --with-editor blurb + * parse.c: + Use lbuf_append_quoted() for sudo -l output to quote characters that + would require quoting in sudoers. + [3132d05c990a] -1998-10-20 17:21 millert + * lbuf.c, lbuf.h: + Add lbuf_append_quoted() which takes a set of characters which + should be quoted with a backslash when displayed. + [ab09bebb1d65] - * TROUBLESHOOTING: tell how to put sudoers in a different dir + * toke.l: + Require that the first character after a comment not be a digit or a + dash. This allows us to remove the GOTRUNAS state and treat + uid/gids similar to other words. It also means that we can now + specify uids in User_Lists and a User_Spec may now contain a uid. + [461fe01f8392] -1998-10-20 16:22 millert + * gram.y, toke.l: + Replace RUNAS token with '(' and ')' tokens to make the runas + portion of the grammar more natural. + [e0c383b4684d] - * configure.in: add missing quotes around $with_editor + * BUGS: + The BUGS file is history + [4d9a809585c7] -1998-10-20 14:00 millert + * Makefile.in, README: + The BUGS file is history + [d9500e261172] - * configure.in: typo in --with-editor bits +2007-08-21 Todd C. Miller -1998-10-20 01:24 millert + * toke.c, toke.l: + Allow comments after a RunasAlias as long as the character after the + pound sign isn't a digit or a dash. + [d7f3bd94eeda] - * INSTALL: I don't expect it to work on Solaris + * WHATSNEW: + Glob support was back-ported to 1.6.9 + [d1d5cfd46228] -1998-10-20 01:24 millert +2007-08-20 Todd C. Miller - * check.c: add back security/pam_misc.h + * Makefile.in: + remove sudo_usage.h in distclean + [df05ce9c4127] -1998-10-19 17:13 millert + * parse.c: + If a Defaults value contains a blank, double-quote the string. + [9057a910daad] - * INSTALL: remove dunix note since configure checks for this now + * toke.c, toke.l: + Properly deal with Defaults double-quoted strings that span multiple + lines using the line continuation char. Previously, the entire + thing, including the continuation char, newline, and spaces was + stored as-is. + [4a4e8eacefe6] -1998-10-19 16:30 millert + * sudo.c: + Be consistent when using single quotes and backticks. + [d010b83a0fa1] - * configure.in: add check for broken dunix prot.h (4.0 < 4.0D is - bad) +2007-08-19 Todd C. Miller -1998-10-19 14:32 millert + * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c, + sudo.c, sudo_usage.h.in: + Add new linebuf code to do appends of dynamically allocated strings + and word-wrapped output. Currently used for sudo's usage() and sudo + -l output. Sudo usage strings are now in sudo_usage.h which is + generated at configure time. + [4dfd0ee8d961] - * getspwuid.c, secureware.c, tgetpass.c: new dunix shadow code, use - dispcrypt(3) +2007-08-18 Todd C. Miller -1998-10-19 14:32 millert + * parse.c, sudo.c, sudo.h: + Fix line wrapping in usage() and use the actual tty width instead of + assuming 80. + [700eab37c5a6] - * config.h.in: add HAVE_INITPRIVS +2007-08-17 Todd C. Miller -1998-10-19 14:31 millert + * history.pod: + some more info + [8140112a8ae1] - * sudo.c: call initprivs() if we have it for getprpwuid later on + * history.pod: + Mentioned Chris Jepeway's parser and also the new one that is in + sudo 1.7. + [2132d00f0597] -1998-10-19 14:30 millert +2007-08-16 Todd C. Miller - * Makefile.in: clean pathnames.h too + * sudo.pod, visudo.pod: + For the options list, add flag args where appropriate and increase + the indent level so there is room for them. + [2b60fb572e12] -1998-10-19 14:28 millert +2007-08-15 Todd C. Miller - * configure.in: quote "Sorry, try again." with [] since it has a - comma in it set LIBS when we add stuff to SUDO_LIBS set - SECUREWARE when we find getprpwuid() so we can check for - bigcrypt, set_auth_parameters, and initprivs later. + * parse.c: + Fix some spacing in "sudo -l" and add a comment about some bogosity + in the line wrapping. + [b59b056f5ee2] -1998-10-19 13:48 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [5fb719f18ebc] - * INSTALL: update Digital UNIX note about acl.h + * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in, + def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, + parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod, + testsudoers.c, toke.c, toke.l: + Remove monitor support until there is a versino of systrace that + uses a lookaside buffer (or we have a better mechanism to use). + [61ff76878e4a] -1998-10-18 20:26 millert + * config.h.in, configure, configure.in, sudo.c: + use getaddrinfo() instead of gethostbyname() if it is available + [cc33c136aa6a] - * INSTALL: add --with-sia --without-root-sudo -> - --disable-root-sudo some reordering +2007-08-14 Todd C. Miller -1998-10-18 20:22 millert + * parse.c, sudo.c: + Deal with OSes where sizeof(gid_t) < sizeof(int). + [130a89cbdfba] - * secureware.c: add whitespace + * interfaces.c: + repair non-getifaddrs() code after ipv6 integration + [7ae7a89e2236] -1998-10-18 20:22 millert + * sudo.c: + If we can open sudoers but fail to read the first byte, close the + file stream before trying again. + [6f31272fae7b] - * Makefile.in, check.c, config.h.in, configure.in, logging.c, - sudo.h: add SIA support +2007-08-13 Todd C. Miller -1998-10-18 20:21 millert + * toke.c: + regen + [4d7afe0aa6fa] - * check_sia.c: Initial revision + * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l: + Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki + [4e6ff2965a42] -1998-10-18 19:42 millert + * sudo.pod, sudoers.pod, visudo.pod: + Add some missing markup Update copyright + [7e6d3c686b5e] - * configure.in: when checking for -lsocket, -lnsl, and -linet, - check for the specific functions we need from them. +2007-08-12 Todd C. Miller -1998-10-18 19:10 millert + * configure, configure.in: + fix sudo_noexec extension which got broken in the libtool update + [3a5b447df861] - * config.h.in, sudo.h: move Syslog_* defs into sudo.h +2007-08-10 Todd C. Miller -1998-10-18 18:15 millert + * Makefile.in: + explicitly specify -Tascii to nroff + [45c8da4cbefe] - * sudo.h, Makefile.in: added check_secureware +2007-08-08 Todd C. Miller -1998-10-18 18:12 millert + * logging.c: + remove an ANSI-ism that crept in + [29086f87b2ca] - * configure.in: finished adding AC_MSG_CHECKING and AC_MSG_RESULT - bits +2007-08-07 Todd C. Miller -1998-10-18 18:00 millert + * sudo.pod: + Adjust list indents Prevent -- from being turned into an em dash Use + a list for the environment instead of a literal paragraph + [c3abcd8f76f4] - * insults.h: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no - other sets defined. configure now does that for us + * visudo.pod: + Use a list for the environment instead of an indented literal + paragraph. + [0ffcfcb7349f] -1998-10-18 17:45 millert + * sudoers.pod: + Adjust list indentation + [615c89e3123a] - * configure.in: move some --with options around change a bunch of - echo's to AC_MSG_CHECKING, AC_MSG_RESULT pairs + * license.pod: + add =head3 + [8b2e0d38c0bd] -1998-10-18 01:09 millert +2007-08-06 Todd C. Miller - * configure.in: change $with_foo-bar -> $with_foo_bar kill extra " - that caused a syntax error add some echo verbage + * sudo.pod: + mention that when specifying a uid for the -u option the shell may + require that the # be escaped + [3e3a17bff150] -1998-10-17 18:08 millert +2007-08-02 Todd C. Miller - * check.c: moved SecureWare stuff into secureware.c + * match.c: + Fix off by one in group matching. + [b529602b7fba] -1998-10-17 18:07 millert +2007-07-31 Todd C. Miller - * secureware.c: Initial revision + * env.c: + Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause. + [ffbf8907c6e7] -1998-10-17 17:02 millert +2007-07-30 Todd C. Miller - * INSTALL: update url to solaris gcc bins + * configure, configure.in: + Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the + -lgssapi_krb5 case. + [2b85a89c2252] -1998-10-17 16:39 millert + * aclocal.m4, configure, configure.in: + Fix link tests such that new gcc doesn't optimize away the test. + [83484ec95cba] - * INSTALL: change option formatter and flesh out someentries +2007-07-29 Todd C. Miller -1998-10-17 16:18 millert + * sudo.pod, sudoers.pod, visudo.pod: + add missing over/back + [251a12c89b91] - * sudo.pod, visudo.pod, TROUBLESHOOTING: environmental variable -> - environment variable + * sudo.pod, sudoers.pod, visudo.pod: + Change FILES section to use =item + [60b9efc3a0b2] -1998-10-17 16:01 millert + * env.c: + Add back allocation of the env struct in rebuild_env but save a copy + of the old pointer and free it before returning. + [1100cd4fa997] - * BUGS: everything is now done via configure + * env.c: + Don't init the private environment in rebuild_env() since it may + have already been done implicitly sudo_setenv/sudo_unsetenv. -1998-10-17 16:00 millert + Multiply length by sizeof(char *) in memcpy/memmove when copying the + environment so we copy the full thing. - * README: prev rev was 1.5.6 + Add missing set of parens so we deref the right pointer in + sudo_unsetenv when searching for a matching variable. + [9086a8f756b1] -1998-10-17 00:33 millert +2007-07-26 Todd C. Miller - * Makefile.in: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID - correctly + * sudo.pod, sudoers.pod, visudo.pod: + Use file markup for paths in the FILES section + [940d99f731f2] -1998-10-17 00:32 millert + * sudo.pod, sudoers.pod, visudo.pod: + Don't capitalize sudo/visudo + [f067a455d44b] - * config.h.in: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from - the Makefile + * sudoers.pod: + Sort sudoers options; based on a diff from Igor Sobrado. + [a9b9befe85ac] -1998-10-17 00:31 millert +2007-07-25 Todd C. Miller - * Makefile.in: merge OSDEFS and OPTIONS into DEFS get sudoers_uid, - sudoers_gid, sudoers_mode from configure + * sudo.pod, sudoers.pod, visudo.pod: + Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the + latter confuses pod2man. The Makefile rules for the .man.in file + will add @mansectsu@ and @mansectform@ back in after pod2man is done + anyway. + [b50ea0db727c] -1998-10-17 00:30 millert +2007-07-22 Todd C. Miller - * configure.in: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get - substituted into the Makefile, not config.h + * LICENSE, Makefile.in, license.pod: + Move license info to pod format + [25bdd82e592b] -1998-10-17 00:30 millert + * configure, configure.in, sudoers.pod: + Substitute value of path_info into sudoers man page. + [9ba661a82798] - * INSTALL: document all --with/--enable options + * WHATSNEW: + remove features that were back-ported to 1.6.9 + [e76d756cbe65] -1998-10-15 02:25 millert + * sudo.c, sudo.pod, visudo.c, visudo.pod: + Sort SYNOPSIS and sync usage. From Igor Sobrado. + [4970386c9e54] - * insults.h: options.h is no more + * env.c: + Only need sudo_setenv/sudo_unsetenv if we are going to use + ldap_sasl_interactive_bind_s() but don't have + gss_krb5_ccache_name(). + [f1a73d8b35c5] -1998-10-15 02:25 millert + * ChangeLog: + rebuild without branch info + [5d5a33494677] - * config.h.in: assimilated options.h + * Makefile.in: + Add ChangeLog target + [a702034fdd89] -1998-10-15 02:24 millert + * auth/pam.c: + Run cleanup code if the user hits ^C at the password prompt. + [9cf87768e921] - * configure.in: moved options from options.h to configure + * auth/pam.c: + Some versions of pam_lastlog have a bug that will cause a crash if + PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty + string. + [5b63f6c88866] -1998-10-15 01:41 millert +2007-07-20 Todd C. Miller - * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, - logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod, - sudo_setenv.c, visudo.c: no more options.h + * Makefile.in: + ChageLog not Changelog + [1243d8473ceb] -1998-10-15 01:39 millert + * ChangeLog: + sync + [d887df98c6b0] - * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING: remove references - to options.h + * Makefile.in: + CHANGE -> Changelog + [917738df30dd] -1998-10-15 01:32 millert + * TODO: + sync + [cd382f7d1948] - * interfaces.c, dce_pwent.c, sudo.c: kill sys/time.h +2007-07-19 Todd C. Miller -1998-10-15 00:10 millert + * config.h.in, configure, configure.in, ldap.c: + Add configure hooks for gss_krb5_ccache_name() and the gssapi + headers. + [139606209991] - * tgetpass.c: if select return < -1 still prompt for pw +2007-07-18 Todd C. Miller -1998-10-15 00:03 millert + * env.c, sudo.c: + rebuild_env() and insert_env_vars() no longer return environment + pointer, they set environ directly. - * options.h: convert LOGGING, LOGFAC, MAXLOGFILELEN, - IGNORE_DOT_PATH into configure options + No longer need to pass around an envp pointer since we just operate + on environ now. -1998-10-14 23:57 millert + Add dosync argument to insert_env() that indicates whether it should + reset environ when realloc()ing env.envp. - * parse.c: FAST_MATCH is no longer an optino + Use an initial size of 128 for the environment. + [4735fd5fddb8] -1998-10-14 23:52 millert + * env.c: + Split sudo_setenv() into an external version and a version only for + use by rebuild_env(). + [fda7d655adb1] - * check.c: remove_timestamp() if timestamp is preposterous +2007-07-16 Todd C. Miller + + * ldap.c: + Add support for using gss_krb5_ccache_name() instead of setting + KRB5CCNAME. Also use sudo_unsetenv() in the non- + gss_krb5_ccache_name() case if there was no KRB5CCNAME in the + original environment. TODO: configure setup for + gss_krb5_ccache_name() + [fcafa5a49caf] + + * README.LDAP: + add krb5_ccname + [fceb8f883886] + + * README.LDAP, ldap.c: + Add support for sasl_secprops in ldap.conf + [1f06f4bf7347] + + * env.c, sudo.h: + Add sudo_unsetenv() and refactor private env syncing code into + sync_env(). + [045ecb3fd22b] + + * README.LDAP, ldap.c: + The ldap.conf variable is sasl_auth_id not sasl_authid. + [a5f98491311b] + +2007-07-15 Todd C. Miller + + * ldap.c, sudo.c, sudo.h: + Add support for krb5_ccname in ldap.conf. If specified, it will + override the default value of KRB5CCNAME in the environment for the + duration of the call to ldap_sasl_interactive_bind_s(). + [b08a10c3045b] + + * env.c, sudo.h: + Remove format_env() Add sudo_setenv() to replace most format_env() + + insert_env() combinations. insert_env() no longer takes a struct + environment * + [131da52f43f3] + + * ldap.c: + Fix use_sasl vs. rootuse_sasl logic. + [0c0417b6918c] + + * README.LDAP, config.h.in, configure, configure.in, ldap.c: + Add support for SASL auth when connecting to an LDAP server. Adapted + from a diff by Tom McLaughlin. + [a6285f1356ea] + +2007-07-14 Todd C. Miller + + * configure, configure.in: + Only enable AIX or BSD auth if no other exclusive auth method has + been chosen. Allows people to e.g., use PAM on AIX without adding + --without-aixauth. A better solution is needed to deal with default + authentication since if a non-exclusive method is chosen we will + still get an error. + [83f7afdc0ec3] + +2007-07-11 Todd C. Miller + + * HISTORY, Makefile.in, history.pod: + Generate HISTORY from history.pod (which is also used for web pages) + [60bcd5164931] + +2007-07-09 Todd C. Miller + + * sudo.man.in, sudoers.man.in: + regen + [63956a366191] + + * sudo.pod: + Better explanation of environment handling in the sudo man page. + [6c247742f7ee] + + * env.c, sudo.c: + Defer setting user-specified env vars until after authentication. + [4750b79323ee] + + * env.c: + honor def_default_path for PATH set on the command line + [6db31d9b6d65] + + * env.c, sudo.c, sudo.pod, sudoers.pod: + Allow user to set environment variables on the command line as long + as they are allowed by env_keep and env_check. Ie: apply the same + restrictions as normal environment variables. TODO: deal with + secure_path + [26c0da3840cf] + +2007-07-08 Todd C. Miller + + * sudo.c, sudo_edit.c: + Call rebuild_env() in call cases. Pass original envp to sudo_edit(). + Don't allow -E or env var setting in sudoedit mode. More accurate + usage() when called as sudoedit. + [a4af20658361] + + * ldap.c: + warn -> warning + [d87d1192b048] + + * sudo.pod: + add -c option to sudoedit synopsis + [15b596a7e2db] + + * TODO: + udpate to reality + [e2f8fde89db1] + + * parse.c: + Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return + value from {user,host,runas,cmnd}_matches(). Rename *matches + variables -> *match. Purely cosmetic. + [e54a44c00a88] -1998-10-14 23:36 millert + * parse.c: + Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change + in behavior. + [c6272b4f2127] - * options.h: convert more options to --with/--enable + * sudoers: + add SETENV tag + [3a3066bb6788] -1998-10-14 23:36 millert +2007-07-06 Todd C. Miller - * INSTALL, aclocal.m4: logfile -> logpath + * parse.c: + Make pwcheck local to the pwflag block. Use pwcheck even if user + didn't match since Defaults options may still apply. + [45da9efbbafd] -1998-10-14 23:31 millert + * check.c, sudo.c: + Do not update timestamp if user not validated by sudoers. + [a4a9d4364827] - * configure.in: convert more options into --with and --enable + * set_perms.c: + for PERM_RUNAS, set the egid to the runas user's gid and restore to + the user's original in PERM_ROOT + [1514bfb32847] -1998-10-14 23:28 millert + * logging.c, mon_systrace.c, set_perms.c, sudo.h: + PERM_FULL_ROOT is now no different than PERM_ROOT so remove + PERM_FULL_ROOT + [b9d047a3178c] - * tgetpass.c: catch EINTR in select and restart + * check.c: + don't check timestamp mtime if we are just going to remove it + [5d2470bc6cbd] -1998-10-14 23:15 millert + * sudoers.pod: + Move sudoers defaults parameters into their own section. + [54701fbc0ff3] - * logging.c: sys/errno -> errno + * testsudoers.c: + Reduce a level of indent by a few placed continue statements. + [5d5a9838c8ef] -1998-09-24 11:40 millert + * parse.c: + Make matching but negated commands/hosts/runas entries override a + previous match as expected. Also reduce some levels of indent by a + few placed continue statements. + [dd59fa4b91a1] - * sudo.c: UMASK -> SUDO_UMASK. +2007-07-05 Todd C. Miller -1998-09-24 11:36 millert + * parse.c: + Print default runas in "sudo -l" if sudoers don't specify one. + [07d408c400bd] - * check.c, logging.c: time.h, not sys/time.h + * match.c: + Less hacky way of testing whether the domain was set. + [a537059776e5] -1998-09-21 19:52 millert +2007-07-04 Todd C. Miller - * logging.c: MAILER -> _PATH_SENDMAIL + * INSTALL: + Mention pam-devel and openldap-devel for Linux + [9e708c54ecc3] -1998-09-21 00:06 millert +2007-07-03 Todd C. Miller - * INSTALL, configure.in: no more --with-C2, now it is - --disable-shadow + * README.LDAP: + or vs. are + [abe8c0f3a410] -1998-09-21 00:00 millert +2007-07-01 Todd C. Miller - * aclocal.m4, check.c, compat.h, config.h.in, configure.in, - getspwuid.c, sudo.c, tgetpass.c: new shadow password scheme. - Always include shadow support if the platform supports it and the - user did not disable it via configure + * sudo.c: + fix typo in Solaris project support + [2ffeb2d80959] -1998-09-20 19:48 millert + * HISTORY: + update + [df162b36f120] - * configure.in: --with-getpass -> --{enable,disable}-tgetpass + * sudo.c: + Make -- on the command line match the manual page. The implied shell + case has been simplified as a result. + [cd217a1f6694] -1998-09-20 19:16 millert +2007-06-28 Todd C. Miller - * Makefile.in: pathnames.h -> pathnames.h.in + * sudoers2ldif: + add simplistic support for sudoRunas; note that if a sudoers entry + contains multiple Runas users, all will apply to the sudoRole + [65b11421f5c8] -1998-09-20 19:14 millert + * sudoers2ldif: + honor SETENV and NOSETENV tags + [2c0d5ba7a09b] - * check.c: fix version string +2007-06-24 Todd C. Miller -1998-09-20 19:12 millert + * mon_systrace.c: + Redo setting of user_args. We now build up a private copy of argv + first and then replace the NULs?with spaces. + [ccbba72ea112] - * check.c: move pam_conv to be static to auth function remove - pam_misc.h (solaris doesn't have one) + * mon_systrace.c: + getcwd() returns NULL on failure, not 0 on success + [88cd9e66e530] -1998-09-20 19:10 millert + * mon_systrace.c: + allow chunksiz to reach 1 before erroring out + [619d68f14964] - * aclocal.m4: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill - SUDO_PROG_PWD + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [8db512d3caf0] -1998-09-20 19:10 millert +2007-06-23 Todd C. Miller - * configure.in: munge pathnames.h.in -> pathnames.h kill - SUDO_PROG_PWD + * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y, + logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod, + toke.c, toke.l: + Add support for setting environment variables on the command line. + This is only allowed if the setenv sudoers options is enabled or if + the command is prefixed with the SETENV tag. + [5744caebd969] -1998-09-20 19:10 millert + * README.LDAP: + replace Aaron's email address with the sudo-workers list + [2ffce5f9afc0] - * pathnames.h.in: convert to pathnames.h.in + * configure: + regen + [8013dff82c0c] -1998-09-18 20:20 millert +2007-06-22 Todd C. Miller - * configure.in: fix typo in sysv4 matching case /. + * schema.OpenLDAP, schema.iPlanet: + Break schema out into separate files. + [15e598e4c60b] -1998-09-18 01:29 millert + * Makefile.in, README.LDAP: + Break schema out into separate files. + [1a53966ca1fa] - * check.c: pam stuff needs to run as root, not user, for shadow - passwords +2007-06-21 Todd C. Miller -1998-09-17 12:26 millert + * auth/aix_auth.c: + free message if set by authenticate() + [849c220c1236] - * Makefile.in, emul/utime.h, check.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c, - BUGS, INSTALL, README, configure.in: updated version + * match.c: + deal with NULL gr_mem + [49e4d74f0bbe] -1998-09-17 12:13 millert +2007-06-20 Todd C. Miller - * check.c: user version.h for long message + * config.h.in: + regen + [fead999ad3e9] -1998-09-17 11:53 millert + * configure.in: + add template for HAVE_PROJECT_H + [e6c42c2eaad1] - * check.c: this is version 1.5.6 + * closefrom.c: + include fcntl.h + [54d98b382f03] -1998-09-16 13:42 millert +2007-06-19 Todd C. Miller - * Makefile.in: remove errant backslash + * INSTALL: + mention --with-project + [d3ea3baad7c5] -1998-09-14 22:25 millert + * config.h.in, configure.in, sudo.c: + Add Solaris 10 "project" support. From Michael Brantley. + [f14f3c8c6554] - * options.h, parse.yacc, pathnames.h.in: fix version string + * sudoers.pod: + fix typo + [50db81a19787] -1998-09-14 22:02 millert + * configure: + regen + [ea71afd3e564] - * BUGS, CHANGES, TODO: updtaed for 1.5.6 + * configure.in: + Fix preservation of LDFLAGS in the LDAP case. + [40a3a47e8059] -1998-09-14 22:02 millert + * memrchr.c: + Remove dependecy on NULL + [c957ae5e1733] - * RUNSON: updated for 1.5.6 + * configure: + regen + [4955ce0c6912] -1998-09-14 11:48 millert + * aclocal.m4, configure.in: + Can't use the regular autoconf fnmatch() check since we need + FNM_CASEFOLD so go back to our custom one. + [f10d76237486] - * interfaces.c: kill unused localhost_mask var copy if name to - ifr_tmp after we zero it + * env.c: + Fix preserving of variables in env_keep. + [d040049d6b84] -1998-09-13 15:50 millert + * env.c: + add XAUTHORIZATION + [0d589a5fe015] - * INSTALL: Better description of new vs. old sudoers modes fix some - typos better description of /usr/ucb/cc gotchas on slowaris + * UPGRADE: + expand upon env resetting and mention that it began in 1.6.9 not + 1.7. + [dba251655c76] -1998-09-13 15:49 millert + * sudoers.pod: + Update descriptions of env_keep and env_check to match current + reality. + [dba77357954b] - * Makefile.in: add sample.pam +2007-06-18 Todd C. Miller -1998-09-13 15:32 millert + * env.c: + Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME, + LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table. + [eec4632bd190] - * sudo.c: set NewArgv[0] to user_shell, not basename(user_shell) + * env.c, logging.c: + Treat USERNAME environemnt variable like LOGNAME/USER + [09f52dcfd70c] -1998-09-12 11:10 millert + * env.c: + Don't need to populate keepenv table with the contents of the + checkenv table. + [527a14afd973] - * README: mention TROUBLESHOOTING more fix some typos + * sudo.c: + Don't force sudo into the C locale. + [8a5bd301ef96] -1998-09-11 20:30 millert + * env.c: + Make env_check apply when env_reset it true. Environment variables + are passed through unless they contain '/' or '%'. There is no need + to have a variable in both env_check and env_keep. + [840c802721e4] - * configure.in: move --enable/--disable to be after --with +2007-06-16 Todd C. Miller -1998-09-11 20:30 millert + * visudo.c: + Remove an duplicate lock_file() call and add a comment. + [5af9dcdf0eb6] - * INSTALL: document --enable/--disable + * UPGRADE: + Add sudo 1.6.9 upgrade note. + [1585149f2914] -1998-09-11 20:26 millert +2007-06-14 Todd C. Miller - * INSTALL: document --with-pam + * interfaces.c: + Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too + small. From Klaus Wagner. + [d6899fc44f77] -1998-09-11 19:47 millert + * logging.c, sudo.h: + Redo the long syslog line splitting based on a patch from Eygene + Ryabinkin. Include memrchr() for systems without it. + [66a50e8d553a] - * configure.in: Add message for pam users + * memrchr.c: + Redo the long syslog line splitting based on a patch from Eygene + Ryabinkin. Include memrchr() for systems without it. + [2f6702b7d41b] -1998-09-11 19:27 millert + * Makefile.in, config.h.in, configure, configure.in: + Redo the long syslog line splitting based on a patch from Eygene + Ryabinkin. Include memrchr() for systems without it. + [407a46190921] - * sample.pam: Initial revision + * configure.in: + Since we need to be able to convert timespec to timeval for utimes() + the last 3 digits in the tv_nsec are not significant. This makes the + sudoedit file date comparison work again. + [9d0258849fa9] -1998-09-11 19:23 millert +2007-06-13 Todd C. Miller - * config.h.in: fix HAVE_PAM + * aclocal.m4, configure, configure.in: + Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS. + This deals with exclusive authentication methods in a simple way. + [7d70072c0f35] -1998-09-11 19:19 millert +2007-06-12 Todd C. Miller - * check.c, config.h.in, configure.in: pam support, from Gary Calvin - + * LICENSE: + mkstemp.c is BSD code too. + [29e236d98162] -1998-09-10 18:51 millert + * sudo.pod, sudoers.pod, visudo.pod: + No commercial support for now. + [7c76b3e192dd] - * config.h.in: add HOST_IN_LOG and WRAP_LOG +2007-06-11 Todd C. Miller -1998-09-10 18:51 millert + * sudo.c: + cleanenv() is no more. + [518080514408] - * logging.c: add WRAP_LOG and HOST_IN_LOG +2007-06-10 Todd C. Miller -1998-09-10 18:37 millert + * ChangeLog: + Display branch info in Changelog + [44e3b27427c7] - * configure.in: add --enable-log-host and --enable-log-wrap + * utimes.c: + Include config.h early so we have it for TIME_WITH_SYS_TIME + [4bf1a00d0703] -1998-09-10 18:32 millert + * ChangeLog: + Fix Changelog generation and update. + [6e960dbcbece] - * aclocal.m4: use AC_DEFINE_UNQUOTED for --with-logfile and - --with-timedir +2007-06-09 Todd C. Miller -1998-09-08 20:45 millert + * closefrom.c: + Use /proc/self/fd instead of /proc/$$/fd - * compat.h: add howmany macro + Move old-style fd closing into closefrom_fallback() and call that if + /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails + [faa7e4810758] -1998-09-08 20:43 millert + * auth/kerb5.c, config.h.in, configure.in: + o use krb5_verify_user() if available instead of doing it by hand o + use krb5_init_secure_context() if we have it o pass an encryption + type of 0 to krb5_kt_read_service_key() instead of + ENCTYPE_DES_CBC_MD5 to let kerberos choose. + [df7acf72bd7c] - * tgetpass.c: include sys/param.h to get howmany macro + * env.c: + Check TERM and COLORTERM for '%' and '/' characters. From Debian. + [f92d05197e40] -1998-09-07 20:42 millert + * configure.in: + Fix closefrom() substitution in the Makefile + [b642b13fcc5c] - * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: - add RUNAS_DEFAULT + * TROUBLESHOOTING: + Mention alternate sudo pronunciation. + [7c71dc73409f] -1998-09-07 12:51 millert +2007-06-07 Todd C. Miller - * fnmatch.c: bring in stdio.h for NULL + * env.c: + Remove KRB5_KTNAME from environment. Allow COLORTERM. + [70f35a79f780] -1998-09-07 12:50 millert + * auth/kerb5.c: + If we cannot get a valid service key using the default keytab it is + a fatal error. Fixes a bug where sudo could be tricked into + allowing access when it should not by a fake KDC. From Thor Lancelot + Simon. + [a3ae6a47cb23] - * aclocal.m4: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh +2007-05-12 Todd C. Miller -1998-09-07 12:43 millert + * aclocal.m4, configure, configure.in: + Update long long checks to use AC_CHECK_TYPES and to cache values. + [047318eaaeb2] - * sudo.c: use HAVE_SET_AUTH_PARAMETERS + * aclocal.m4, configure.in: + Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't + use AC_REPLACE_FNMATCH since that assumes replacing with GNU + fnmatch. + [80513a1003ea] -1998-09-07 12:42 millert +2007-05-11 Todd C. Miller - * config.h.in: add HAVE_SET_AUTH_PARAMETERS + * configure, configure.in: + Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we + need it for visudo now too. + [50837c7c2b5e] -1998-09-07 12:41 millert +2007-04-24 Todd C. Miller - * configure.in: add *-*-hiuxmpp* add test for set_auth_parameters() - if secureware + * sudoers.pod: + Attempt to clarify the bit talking about network numbers w/o + netmasks. + [211e68c1d034] -1998-09-07 12:39 millert + * sudo.pod: + Clarify timestamp dir ownership sentence. + [9178f132c7f7] - * config.sub: add support for HI-UX/MPP SR220001 02-03 0 SR2201 +2007-04-20 Todd C. Miller -1998-09-07 12:06 millert + * auth/pam.c: + Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From + Dmitry V. Levin. + [81fce91667bc] - * interfaces.c: initialize previfname +2007-04-16 Todd C. Miller -1998-09-07 11:51 millert + * sudo.c: + -i is also one of the mutually exclusive options to list it in the + warning message. Noted by Chris Pepper. + [7da73fb248e9] - * interfaces.c: Don't use SIOCGIFADDR, we don't need it Use - SIOCGIFFLAGS if we have it check ifr_flags against IFF_UP and - IFF_LOOPBACK instead of kludging it +2007-04-12 Todd C. Miller -1998-09-07 11:49 millert + * visudo.pod: + The sudoers variable is env_editor, not enveditor. From Jean- + Francois Saucier. + [2a86ec09a6db] - * configure.in: typo +2007-03-29 Todd C. Miller -1998-09-07 00:01 millert + * redblack.c: + I tracked down the original author so credit him and include his + license info. + [3733553a1bba] - * Makefile.in: don't need special build line for sudo.tab.o +2007-02-06 Todd C. Miller -1998-09-06 23:58 millert + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, + sudoers.pod: + Fix typos; from Jason McIntyre. + [1ee4ce2512f2] - * Makefile.in: don't clean sudo.tab.[ch] + * logging.c: + Restore signal mask before calling reapchild(). Fixes a possible + race condition that could prevent sudo from properly waiting for the + child. + [9ee4192385dc] -1998-09-06 23:48 millert +2007-01-31 Todd C. Miller - * sudo.c: Sudo should prompt for a password before telling the user - that a command could not be found. + * pwutil.c: + Don't declare pw_free() if we are not going to use it. + [adb79a4289ca] -1998-09-06 23:47 millert + * env.c: + Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and + LDR_PRELOAD64. The 64-bit version is not currently supported. + Remove zero_env() prototype as it no longer exists. + [b4fe65027fb6] - * BUGS: for 1.5.6 +2006-12-11 Todd C. Miller -1998-09-06 23:25 millert + * logging.c: + Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834. + [78002ad90f7b] - * INSTALL, README: no longer require yacc +2006-09-29 Todd C. Miller -1998-09-06 23:19 millert + * auth/pam.c: + If the user enters ^C at the password prompt, abort instead of + trying to authenticate with an empty password (which causes an + annoying delay). + [da3f27b747c7] - * Makefile.in: typo +2006-08-17 Todd C. Miller -1998-09-06 23:18 millert + * closefrom.c, config.h.in, configure, configure.in: + Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by + Darren Tucker. + [0331b7780759] - * Makefile.in: y.tab -> sudo.tab include pre-yacc'd parse.yacc + * pwutil.c: + pw_free() is only used by sudo_freepwcache() so ifdef it out too. + [0014c0d9eeba] -1998-09-06 23:09 millert +2006-08-04 Todd C. Miller - * parse.lex: include sudo.tab.h, not y.tab.h don't break out of - command args if you get a '=' + * config.guess, config.sub: + Update to latest versions from cvs.savannah.gnu.org + [aa0143101c20] -1998-09-06 22:59 millert +2006-07-31 Todd C. Miller - * insults.h: fix version , + * pwutil.c, sudo_edit.c: + Move password/group cache cleaning out of sudo_end{pw,grp}ent() so + we can close the passwd/group files early. + [559074bd7eb7] -1998-09-06 22:57 millert + * config.h.in, configure, configure.in, set_perms.c: + Add seteuid() flavor of set_perms() for systems without setreuid() + or setresuid() that have a working seteuid(). Tested on Darwin. + [508d8da99189] - * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: - fix version +2006-07-30 Todd C. Miller -1998-09-06 22:55 millert + * mon_systrace.c: + systrace_read() returns ssize_t + [9f97d1d1a59d] - * getcwd.c: getcwd(3) from OpenBSD for those without it. + * configure, configure.in: + Fix typo, -lldap vs. -ldap; from Tim Knox. + [a8cc43c3bb2a] -1998-09-06 22:51 millert +2006-07-28 Todd C. Miller - * sudo.h: HAVE_GETWD -> HAVE_GETCWD + * HISTORY: + Fix typo; Matt Ackeret + [86964ee3dfbd] -1998-09-06 22:49 millert +2006-07-17 Todd C. Miller - * configure.in: pretend sunos doesn't have getcwd(3) since it opens - a pipe to getpwd! + * sudo.c: + Print sudoers path in -V mode for root. + [dc43f2d75bd9] -1998-09-06 22:41 millert +2006-06-15 Todd C. Miller - * parse.c: use NAMLEN() macro + * ldap.c: + Do a sub tree search instead of a base search (one level in the tree + only) for sudo right objects. This allows system administrators to + categorize the rights in a tree to make them easier to manage. + [6d2d9abf996e] -1998-09-06 22:34 millert +2005-12-28 Todd C. Miller - * fnmatch.c: remove duplicate include of string.h + * sudo.pod: + fix typo + [1473413bcbda] -1998-09-06 22:28 millert +2005-12-04 Todd C. Miller - * configure.in: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T + * ldap.c: + Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and + bind_timelimit support; adapted from gentoo. + [afc816093026] -1998-09-06 22:28 millert +2005-11-23 Todd C. Miller - * aclocal.m4: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T + * ldap.c: + Support comments that start in the middle of a line + [c25df6ee3db8] -1998-09-06 22:28 millert + * configure, configure.in: + Define LDAP_DEPRECATED until we start using ldap_get_values_len() + [ee249bfe230a] - * config.h.in: add dev_t and ino_t +2005-11-18 Todd C. Miller -1998-07-28 12:44 millert + * closefrom.c: + Silence gcc -Wsign-compare; djm@openbsd.org + [28769ce6418d] - * check.c: fix OTP_ONLY for opie + * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c: + cleanup() now takes an int as an arg so it can be used as a signal + handler too. + [2bb0df34d09c] -1998-06-24 12:22 millert + * sudo.c: + Make a copy of the shell field in the passwd struct for NewArgv to + avoid a use after free situation after sudo_endpwent() is called. + [5dcc9ffd362e] - * testsudoers.c, tgetpass.c: include stdlib.h for malloc proto +2005-11-17 Todd C. Miller -1998-05-19 00:10 millert + * config.h.in, configure, configure.in: + Add mkstemp() for those poor souls without it. + [5fdd02e863e0] - * Makefile.in: make update_version saner + * mkstemp.c: + Add mkstemp() for those poor souls without it. + [c99401207860] -1998-05-18 23:32 millert + * Makefile.in: + Add mkstemp() for those poor souls without it. + [9c1cf2678f24] - * config.h.in: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid() +2005-11-15 Todd C. Miller -1998-05-18 23:32 millert + * env.c: + Add PERL5DB to list of environment variables to remove. + [7375c27ecf75] - * configure.in: check for waitpid and wait3 or no waitpid +2005-11-13 Todd C. Miller -1998-05-18 23:31 millert + * mon_systrace.c, mon_systrace.h: + Instead of calling the check function twice with a state cookie use + separate check/log functions. - * logging.c: used waitpid or wait3 if we have 'em + Check more ioctl() calls for failure. -1998-05-02 14:16 millert + systrace_{read,write} now return the number of bytes read/written or + -1 on error. + [3dc8946d90e9] - * visudo.c: fix some fprintf args, ariel@oz.engr.sgi.com (Ariel - Faigon) + * env.c: + Add more environment variables to remove; from gentoo linux Add some + comments about what bad env variables go to what (more to do) + [6918110a6b82] -1998-04-27 20:09 millert +2005-11-11 Todd C. Miller - * configure.in: don't need to explicately mention -lsocket -lnsl - for sequent + * sudo.c, sudo_edit.c: + Move sudo_end{gr,pw}ent() until just before the exec since they free + up our cached copy of the passwd structs, including sudo_user and + sudo_runas. Fixes a use-after-free bug. + [54de3778bad0] -1998-04-25 01:56 millert + * visudo.c: + Close all fd's before executing editor. + [4fcc05e1bec8] - * configure.in: dynix should not link with -linet + * sudo.c: + Enable malloc debugging on OpenBSD when SUDO_DEVEL is set. + [ef0e8ffa5c9f] -1998-04-10 15:32 millert + * check.c: + Fix fd leak when lecture file option is enabled. From Jerry Brown + [ce97f9207cd8] - * INSTALL: mention that HP-UX doesn't ship with yacc +2005-11-07 Todd C. Miller -1998-04-06 22:35 millert + * env.c: + Add PERLLIB, PERL5LIB and PERL5OPT to the default list of + environment variables to remove. From Charles Morris + [c96e1367d1c1] - * check.c: ignore kerberos if we can't get the local realm +2005-11-01 Todd C. Miller -1998-04-05 23:37 millert + * env.c: + add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5 + [72a6a1571226] - * configure.in, BUGS, INSTALL, README: ++version +2005-10-28 Todd C. Miller -1998-04-05 23:36 millert + * env.c: + add PS4 and SHELLOPTS to initial_badenv_table for bash + [89dfb3f318f3] - * version.h: ++ +2005-08-15 Todd C. Miller -1998-04-05 23:35 millert + * sudoers.pod: + Fix typo; Toby Peterson + [b7a3222b23f4] - * Makefile.in, emul/utime.h, check.c, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getcwd.c, goodpath.c, interfaces.c, - logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, - sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, - visudo.c: updated version +2005-08-02 Todd C. Miller -1998-04-05 23:34 millert + * tsgetgrpw.c: + Make return buffers static so they don't get clobbered + [13323a39b9f5] - * check.c, sudo.h: fix version +2005-07-28 Todd C. Miller -1998-04-05 23:33 millert + * auth/securid5.c: + Fix securid5 authentication, was not checking for ACM_OK. Also add + default cases for the two switch()es. Problem noted by ccon at + worldbank + [14091e418333] - * getcwd.c: don't use popen/pclose. Do it inline. +2005-06-27 Todd C. Miller -1998-04-05 23:25 millert + * ldap.c: + Remove ncat() in favor of just counting bytes and pre-allocating + what is needed. + [25b8712adb61] - * lsearch.c: add rcsid +2005-06-26 Todd C. Miller -1998-04-05 23:21 millert + * ldap.c: + Fix up some comments Add missing fclose() for the rootbinddn case + [ae95c8a89711] - * sudo.c: typo + * ldap.c: + align struct ldap_config + [35d0d64c76f8] -1998-04-05 23:17 millert + * ldap.c: + use LINE_MAX for max conf file line size + [da116cb8853d] - * sudo.h, pathnames.h.in, compat.h, options.h, ins_2001.h, - insults.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc, - check.c: updated version + * pathnames.h.in: + add _PATH_LDAP_SECRET + [128b04ecfab7] -1998-04-05 23:15 millert + * README.LDAP: + Mention rootbinddn Give example ou=SUDOers container + [852edc69bd1c] - * check.c, find_path.c, parse.c, sudo.c, testsudoers.c: MAX* + 1 -> - MAX* +2005-06-25 Todd C. Miller -1998-04-05 23:14 millert + * INSTALL, configure, configure.in, ldap.c: + Support rootbinddn in ldap.conf + [1615c91522a1] - * Makefile.in: getwd.c -> getcwd.c + * env.c, sudo.pod, sudoers.pod: + Preserve DISPLAY environment variable by default. + [05f503d5f438] -1998-04-05 22:49 millert + * acsite.m4, configure: + set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD + [18a04dea8d05] - * config.h.in: kill HAVE_GETWD + * acsite.m4, configure: + set need_version=no for all cases; this is safe for LD_PRELOAD + [b542560e1a73] -1998-04-05 22:49 millert + * aclocal.m4: + typo + [c040df0fcd5a] - * configure.in: getcwd, not getwd + * configure, configure.in: + Add dragonfly + [f13794618636] -1998-04-05 22:48 millert + * auth/pam.c: + Fix call to pam_end() when pam_open_session() fails. + [0be47cdfdef1] - * getcwd.c: use MAX* not MAX* + 1 always run pwd as using getwd() - defeats the purpose + * configure: + regen + [7f5c13b4b800] -1998-03-31 00:15 millert + * acsite.m4: + rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4 + ltsugar.m4 ltversion.m4 + [a7ba9fd1a2ab] - * OPTIONS, options.h: add STUB_LOAD_INTERFACES + * config.guess, config.sub, ltmain.sh: + merge in local changes: config.guess: o better openbsd support + config.sub: o hiuxmpp support ltmain.sh o remove requirement that + libs must begin with "lib" o don't print a bunch of crap about + library installs o don't run ldconfig + [f4149f2c720f] -1998-03-31 00:05 millert + * config.guess, config.sub, ltmain.sh: + libtool 1.9f + [82a534e7121f] - * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - updated version + * configure.in: + Update with autoupdate and make minor changes for libtool 1.9f + [11b5ae5c1428] + +2005-06-23 Todd C. Miller -1998-03-30 23:54 millert + * parse.c: + don't call sudo_ldap_display_cmnd if ldap not setup + [8bcf6c094ffe] + + * sudo_edit.c, visudo.c: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [b95c333299a0] - * configure.in: support *-ccur-sysv4 and fix two typos + * gettime.c: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [021b4569cc0c] -1998-03-27 19:52 millert + * fileops.c: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [dd8573b2ee7d] - * configure.in: don't echo about with_logfile and with_timedir + * emul/timespec.h: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [f95137771564] -1998-03-27 19:49 millert + * check.c, compat.h: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [2ef2ace8fe85] + + * ldap.c: + Don't set safe_cmnd for the "sudo ALL" case. + [ad7fa9e07da0] - * INSTALL: document --with-logfile and --with-timedir +2005-05-27 Todd C. Miller -1998-03-27 19:46 millert + * auth/pam.c: + Call pam_open_session() and pam_close_session() to give pam_limits a + chance to run. Idea from Karel Zak. + [fed46d471350] - * aclocal.m4: support --with-logfile and --with-timedir +2005-04-24 Todd C. Miller -1998-03-27 19:46 millert + * check.c, sudo.c: + Add explicit cast from mode_t -> u_int in printf to silence warnings + on Solaris + [17bb961fe22d] - * configure.in: Add --with-logfile and --with-timedir + * parse.c: + include grp.h to silence a warning on Solaris + [14386fbab640] + +2005-04-23 Todd C. Miller + + * parse.c: + Fix printing of += and -= defaults. + [a667604c56cd] + +2005-04-17 Todd C. Miller + + * mon_systrace.c: + Sanity check number of syscall args with argsize. Not really needed + but a little paranoia never hurts. + [6bb455a2c2d6] + + * mon_systrace.c, mon_systrace.h: + Don't do pointer arithmetic on void * Use int, not size_t/ssize_t + for systrace lengths (since it uses int) + [3cafccffcffd] + +2005-04-16 Todd C. Miller + + * mon_systrace.c: + Add some memsets for paranoia Fix namespace collsion w/ error Check + rval of decode_args() and update_env() Remove improper setting of + validated variable + [3d385158354d] -1998-03-27 19:27 millert +2005-04-12 Todd C. Miller - * sudo.c: change size computation of NewArgv for UNICOS + * parse.c, sudo.c, sudo.h: + In -l mode, only check local sudoers file if def_ignore_sudoers is + not set and call LDAP versions from display_privs() and + display_cmnd() instead of directly from main(). Because of this we + need to defer closing the ldap connection until after -l processing + has ocurred and we must pass in the ldap pointer to display_privs() + and display_cmnd(). + [1dfc2e8c9f2b] -1998-02-18 20:10 millert + * ldap.c: + Reorganize LDAP code to better match normal sudoers parsing. + Instead of storing strings for later printing in -l mode we do + another query since the authenticating user and the user being + listed may not be the same (the new -U flag). Also add support for + "sudo -l command". - * configure.in: treate -*-sysv4* like *-*-svr4 + There is still a fair bit if duplicated code that can probably be + refactored. + [e9568f19bde5] -1998-02-18 18:19 millert +2005-04-11 Todd C. Miller - * configure.in: fix spacing for --with-authenticate help + * ldap.c: + Replace pass variable with do_netgr for better readability. + [1bba841b6e79] -1998-02-18 16:39 millert + * ldap.c: + use DPRINTF macro + [02b159b66bb5] - * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - updated version + * ldap.c: + estrdup, not strdup + [22cdee7973c1] -1998-02-18 16:23 millert +2005-04-10 Todd C. Miller - * parse.yacc: fix off by one error in push macro + * parse.c: + Add macro to test if the tag changed to improve readability. + [4e11b4819556] -1998-02-17 01:15 millert + * parse.c: + Avoid printing defaults header if there are no defaults to print... + [41a28627df03] - * configure.in: removed bogus alloca hack + * glob.c: + Fix a warning on systems without strlcpy(). + [6814e0f0e4f4] -1998-02-17 01:15 millert + * pwutil.c: + Use macros where possible for sudo_grdup() like sudo_pwdup(). + [30f201ff35cd] - * check.c: added AIX 4.x authenticate() support +2005-04-08 Todd C. Miller -1998-02-17 01:11 millert + * utimes.c: + It is possible for tv_usec to hold >= 1000000 usecs so add in + tv_usec / 1000000. + [794ac4d53a65] - * parse.yacc: include alloca.h if using bison and not gcc and it - exists. fixes an alloca problem on hpux 10.x +2005-03-30 Todd C. Miller -1998-02-17 00:39 millert + * auth/kerb5.c: + The component in krb5_principal_get_comp_string() should be 1, not 0 + for Heimdal. From Alex Plotnick. + [fefa351c5044] - * INSTALL: mention --with-authenticate +2005-03-29 Todd C. Miller -1998-02-17 00:37 millert + * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y, + interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c, + redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c: + Add efree() for consistency with emalloc() et al. Allows us to rely + on C89 behavior (free(NULL) is valid) even on K&R. + [7876bb80d87c] - * configure.in: added AIX authenticate() support + * parse.c, sudo.c: + Move initgroups() for -U option into display_privs() so group + matching in sudoers works correctly. + [b074428ad2ca] -1998-02-17 00:22 millert +2005-03-27 Todd C. Miller - * config.h.in: add HAVE_AUTHENTICATE + * ldap.c: + Removed duplicate call to ldap_unbind_s introduced along with + sudo_ldap_close. + [19acc1c20f7c] -1998-02-16 23:58 millert + * parse.c: + Add missing space in Defaults printing + [95d2935bf6d4] - * interfaces.c: dynamically size ifconf buffer +2005-03-25 Todd C. Miller -1998-02-16 23:56 millert + * pwutil.c: + Sync sudo_pwdup with OpenBSD changes: use macros for size computaton + and string copies. + [6b6b241495e5] - * configure.in: quote '[' and ']' +2005-03-19 Todd C. Miller -1998-02-16 21:42 millert + * pwutil.c: + Zero old pw_passwd before replacing with version from shadow file. + [3251b349dfe1] - * Makefile.in, emul/utime.h, check.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - updated version + * configure, configure.in: + Only attempt shadow password detection if PAM is not being used Add + shadow_* variables to make shadow password detection more generic. + [d498a3423ac9] -1998-02-16 19:06 millert + * configure.in: + Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS + [04d55bbd5e35] - * visudo.pod: add ERRORS section +2005-03-13 Todd C. Miller -1998-02-16 18:57 millert + * sudoers.pod: + use a non-breaking space to avoid a double space after e.g. + [11cdb54bdf7b] - * TROUBLESHOOTING: add busy stmp file explanation + * sudo.pod: + commna, not colon after e.g. + [8d5875ff72e0] -1998-02-15 18:49 millert +2005-03-12 Todd C. Miller - * configure.in: the name of the cached var that signals whether or - not you are cross compiling changed. It is now - ac_cv_prog_cc_cross + * sudo_noexec.c: + Add __ variants of the exec functions. GNU libc at least uses + __execve() internally. + [d1880473d790] -1998-02-11 16:26 millert + * indent.pro: + Match reality a bit more. + [633e3fa875a7] - * INSTALL: mention glibc 2.07 is fixed wrt lsearch()\. + * pwutil.c: + Missed piece from rev. 1.6, fix sudo_getpwnam() too. + [128f7b21c2ee] -1998-02-06 21:55 millert + * pwutil.c: + Store shadow password after making a local copy of struct passwd in + case normal and shadow routines use the same internal buffer in + libc. + [f806052a6ffc] - * sample.sudoers, sudoers.pod: better example of su but not root su +2005-03-11 Todd C. Miller -1998-02-06 15:49 millert + * alloc.c, logging.c: + Make varargs usage consistent with the rest of the code. + [3d45affc9851] - * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - updated version +2005-03-10 Todd C. Miller -1998-02-06 15:48 millert + * sudo_noexec.c: + Wrap more of the exec family since on Linux the others do not appear + to go through the normal execve() path. + [8167769b4e19] - * Makefile.in: correct regexp for updating version + * visudo.c: + make print_unused static like proto says + [ecf10e1bae55] -1998-02-06 14:05 millert + * glob.c: + silence a warning on K&R systems + [2e00425f1a5c] - * tgetpass.c: remove bogus flush of stderr spew prompt before - turning off echo. Seems to fix a weird problem where if sudo - complained about a bogus stamp file the user would sometimes not - have a chance to enter a password + * alias.c, error.c: + make this build in K&R land + [156f65f8525a] -1998-02-06 14:05 millert + * parse.c: + make this build in K&R land + [6fc9276889cb] - * check.c: fix bogus flush of stderr +2005-03-08 Todd C. Miller -1998-02-05 19:19 millert + * toke.c: + regen + [3b349748cd21] - * sudo.c: close fd's <=2 not <=3 and move that chunk of code up +2005-03-06 Todd C. Miller -1998-02-05 19:18 millert + * ldap.c: + return(foo) not return foo optimize _atobool() slightly + [11d09d154ed5] - * configure.in: support hpux1[0-9] not just hpux10 + * ldap.c: + Use TRUE/FALSE + [53999320d98f] -1998-01-30 14:59 millert + * ldap.c: + Reformat to match the rest of sudo's code. + [1bd0f2afa0e7] - * parse.c: set sudoers_fp to nil after closing + * sudo.pod: + I am the primary author + [5d311ecd85c6] -1998-01-24 01:05 millert +2005-02-23 Todd C. Miller - * config.guess, config.sub: updated from autoconf 2.12 + * Makefile.in, README, RUNSON: + The RUNSON file is toast--it confused too many people and really + isn't needed in a configure-oriented world. + [96a6ef7bbc08] -1998-01-24 00:50 millert + * INSTALL: + alternate -> alternative + [b65015c5d0a2] - * configure.in: add *-*-svr4 rule + * tgetpass.c: + Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with + TCSAFLUSH. + [c66b4763ffdc] -1998-01-22 22:53 millert + * toke.l: + Allow leading blanks before Defaults and Foo_Alias definitions + [2add513d9277] - * tgetpass.c: fix select usage for high fd's (dynamically allocate - readfds) + * Makefile.in: + fix rules to build toke.o and gram.o in devel mode + [96cbb414ebd3] -1998-01-22 22:49 millert +2005-02-20 Todd C. Miller - * check.c: kill extra whitespace + * sudoers.pod: + env_keep overrides set_logname + [401877193a15] + + * env.c: + Fix disabling set_logname and make env_keep override set_logname. + [0906e7a5ed93] + + * compat.h, config.h.in, configure, configure.in: + No longer need memmove() + [43bdb6efe3f2] + + * env.c, sudo.c: + Just clean the environment once. This assumes that any further + setenv/putenv will be able to handle the fact that we replaced + environ with our own malloc'd copy but all the implementations I've + checked do. + [11658fe92ba2] -1998-01-22 19:28 millert +2005-02-16 Todd C. Miller - * sudo.c: do an initgroups() before running a command, unless the - target user is root. + * env.c, sudo.c: + In -i mode, base the value of insert_env()'s dupcheck flag on + DID_FOO flags. Move checks for $HOME resetting into rebuild_env() + [8365b0bd0c71] -1998-01-22 12:22 millert +2005-02-13 Todd C. Miller + + * env.c, sudo.c: + Move setting of user_path, user_shell, user_prompt and prev_user + into init_vars() since user_shell at least is needed there. + [37e22dce66e9] + +2005-02-12 Todd C. Miller + + * Makefile.in: + fix devel builds + [9fbb15ef164c] + + * sudo.c: + Fix some printf format mismatches on error. + [ffc1c3f11740] + + * check.c: + Fix some printf format mismatches on error. + [7b3b508adf50] + + * configure, gram.c, toke.c: + regen + [aa76f9d8b02a] + + * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c, + auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, + auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, + closefrom.c, compat.h, configure.in, defaults.c, defaults.h, + emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c, + getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c, + interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c, + parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c, + snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, + sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod, + testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c, + visudo.pod, zero_bytes.c: + Update copyright years. + [0610c3654739] + + * Makefile.binary.in: + Update copyright years. + [d78ffc9f2e2b] + + * LICENSE: + Update copyright years. + [f60473bca4b1] - * TROUBLESHOOTING: tell people to use tabs, not spaces, in - syslog.conf + * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in: + version 1.7 + [aa977a544ca1] -1998-01-21 01:56 millert + * WHATSNEW: + What's new in sudo 1.7, based on the 1.7 CHANGES entries. + [ecfcf7269c14] - * parse.lex, Makefile.in, config.h.in, getwd.c, strdup.c, putenv.c, - emul/utime.h, testsudoers.c, utime.c, dce_pwent.c: updated - version +2005-02-11 Todd C. Miller -1998-01-21 01:32 millert + * compat.h, logging.h, sudo.h: + Add __printflike and use it with gcc to warn about printf-like + format mismatches + [b192ad4a0548] - * goodpath.c, sudo_setenv.c, interfaces.c, tgetpass.c, visudo.c: - updated version +2005-02-10 Todd C. Miller -1998-01-21 01:29 millert + * CHANGES, ChangeLog: + Replaced CHANGES file with ChangeLog generated from cvs logs + [d9ace9dab98f] - * sudo.h, pathnames.h.in, options.h, compat.h, insults.h, - ins_2001.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc, - check.c, getspwuid.c, find_path.c, logging.c, parse.c, sudo.c: - updated version + * set_perms.c: + Use warning/error instead of perror/fatal. + [e33259df7738] -1998-01-21 01:20 millert + * config.guess: + Update OpenBSD section + [9d2c23de6801] - * Makefile.in: more tweaks to update_version + * UPGRADE: + Add upgrading noted for 1.7 + [1fb6b6d6df07] -1998-01-21 01:19 millert + * env.c, sudo.c, sudoers.pod: + Instead of zeroing out the environment, just prune out entries based + on the env_delete and env_check lists. Base building up the new + environment on the current environment and the variables we removed + initially. + [fc192df8fd15] - * Makefile.in: fixed up update_version rule + * config.h.in, configure, configure.in, sudo.c: + Set locale to "C" if locales are supported, just to be safe. + [91fbaa98f02e] -1998-01-21 00:55 millert + * toke.c, toke.l: + Cast?argument to ctype functions to unsigned char. + [e096b4d65796] + +2005-02-08 Todd C. Miller + + * env.c: + correct value for DID_USER + [b5b05d36ec15] + + * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c: + #include not "compat.h" + [7a0ad9a0ccd7] + + * defaults.c: + Reset the environment by default. + [4ecc6423e0f0] + + * sudo.c: + Alloc an extra slot in NewArgv. Removes the need to malloc an new + vector if execve() fails. + [83dfb6f584a7] + +2005-02-07 Todd C. Miller + + * INSTALL, config.h.in, configure, configure.in, sudo.c: + Use execve(2) and wrap the command in sh if we get ENOEXEC. + [c0c6af4e2a21] + +2005-02-06 Todd C. Miller + + * sudo_noexec.c: + Only include time.h on systems that lack struct timespec which gets + defind in compat.h (using time_t). + [e373e518b4cb] + + * sudo_noexec.c: + Include time.h for time_t in compat.h for systems w/o struct + timespec. + [a34b5637e458] + + * compat.h, config.h.in, configure, configure.in: + use bcopy on systems w/o memmove + [f835eafd78c6] + + * compat.h: + __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its + use to gcc >= 2.8. + [1cb9a4e58566] + + * Makefile.in: + Add explicit rule to build sudo_noexec.lo + [df1dfcf8dd77] - * configure.in: ++version +2005-02-05 Todd C. Miller -1998-01-21 00:53 millert + * INSTALL.configure, Makefile.in: + No longer depend on VPATH; pointed out a bunch of missed + dependencies. + [601a45d4af6b] + + * TROUBLESHOOTING: + Help for PAM when account section is missing + [9b8221256756] - * Makefile.in: removed supe of check.c + * auth/pam.c: + Give user a clue when there is a missing "account" section in the + PAM config. + [2529625c0495] -1998-01-21 00:51 millert + * auth/pam.c: + Better error handling. + [518c9bda23d8] + + * config.h.in, configure, configure.in: + Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as + possible. Silences a warning about isblank() on linux. + [19c94d7ecdc8] + + * auth/pam.c: + Fix typo (missing comma) that caused an incorrect number of args to + be passed to log_error(). + [0099dfec560f] + +2005-02-01 Todd C. Miller + + * pwutil.c: + Don't try to destroy a tree we didn't create. + [d43c4fe03aa4] + +2005-01-27 Todd C. Miller + + * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, + auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, + auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c, + compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c, + fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c, + goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c, + match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c, + sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, + strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c, + tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c: + Add __unused to rcsids + [ad6b4ac45705] + +2005-01-21 Todd C. Miller + + * configure, configure.in: + Fix error message when mixing invalid auth types + [68069b3ff5bc] + + * INSTALL: + PAM, AIX auth, BSD auth and login_cap are now on by default if the + OS supports them. + [4e44e9098cf0] + + * auth/sudo_auth.h, config.h.in: + s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g + [2d569b43b23e] + + * configure.in: + Better checking for conflicting authentication methods Display the + authentication methods used at the end of configure Rename --with- + authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth, + --with-pam, --with-logincap by default on systems that support them + unless disabled. Add OSMAJOR variable that replaces old OSREV; now + OSREV has full version number + [a21115b6fe9f] + +2005-01-18 Todd C. Miller + + * def_data.c, def_data.in, sudo.c, sudoers.pod: + s/-O/-C/ + [ee73f1b81923] + +2005-01-14 Todd C. Miller + + * configure.in: + Replace: test -n "$FOO" || FOO="bar" + + With: : ${FOO='bar'} + [37552d9054fc] + +2005-01-09 Todd C. Miller + + * pwutil.c, testsudoers.c, tsgetgrpw.c: + Use function pointers to only call private passwd/group routines + when using a nonstandard passwd/group file. + [215908681dfb] + +2005-01-06 Todd C. Miller + + * CHANGES: + sync + [2e55c03f5790] + + * tsgetgrpw.c: + Can't use strtok() since it doesn't handle empty fields so add + getpwent()/getgrent() functions and call those. + [bdaa5b0db70e] + +2005-01-05 Todd C. Miller + + * Makefile.in: + Fix dummied out toke.c and gram.c dependencies. + [4b909c8b2ebe] + + * Makefile.in: + Rename PARSESRCS -> GENERATED since it is only used in the clean + target Add devdir variable and use it to specify the path to parser + sources + [f27b3f41ca23] + + * configure: + regen + [22c6435dbd46] + + * configure.in: + Add a devdir variables that defaults to $(srcdir) and is set to . if + --devel was specified. Allows for proper dependecies building the + parser. + [a36d694c6d21] + + * testsudoers.c: + Add support for custom passwd/group files. + [296549ff4b87] + + * Makefile.in: + Build private copy of pwutil.o for testsudoers with MYPW defined so + it uses our own passwd/group routines. + [bafa54ec78ca] + + * visudo.c: + Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent + stubs instead. We can now just use the caching sudo_*{pw,gr}* + functions in pwutil.c Add comment about wanting to call + sudo_endpwent/sudo_endgrent in cleanup() + [7e59d6b5510d] + + * tsgetgrpw.c: + Remove caching; we will just use what is in pwutil.c Use global + buffers for passwd/group structs Rename functions from sudo_* to + my_* + [8c1e068f574c] + + * logging.c, sudo.c: + g/c pwcache_init/pwcache_destroy + [60a24909b947] + + * sudo.h: + Undo last commit and add sudo_setspent and sudo_endspent instead. + [bac80db08296] + + * getspwuid.c, pwutil.c: + Move all but the shadow stuff from getspwuid.c to pwutil.c and + pwcache_get and pwcache_put as they are no longer needed. Also add + preprocessor magic to use private versions of the passwd and group + routines if MYPW is defined (for use by testsudoers). + [a16b8678a426] + + * tsgetgrpw.c: + zero out struct passwd/group before filling it in so if there are + fields we don't handle they end up as 0. + [274cb6a93301] - * INSTALL: ++version I missed + * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c: + Adapt to pwutil.c + [43ebd04c8b82] -1998-01-21 00:51 millert + * Makefile.in: + Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better + readability. + [7f88c6061e2d] - * RUNSON: updated + * tsgetgrpw.c: + Passwd and group lookup routines for testsudoers that support + alternate passwd and group files. + [d7803101d34e] + + * getspwuid.c, pwutil.c: + Split off pw/gr cache and dup code into its own file. This allows + visudo and testsudoers to use the pw/gr cache too. + [ef333d3ffedf] + +2005-01-02 Todd C. Miller + + * parse.c: + Print Defaults info in "sudo -l" output and wrap lines based on the + terminal width. + [e559eae4250e] + +2005-01-01 Todd C. Miller + + * match.c, testsudoers.c, visudo.c: + Only check group vector in usergr_matches() if we are matching the + invoking or list user. Always check the group members, even if + there was a group vector. + [d0c7ceb2a041] + +2004-12-17 Todd C. Miller + + * LICENSE, Makefile.in, fnmatch.3: + No longer bundle fnmatch.3 + [72db4a4ff4e1] + + * CHANGES, TODO: + checkpoint + [e92781bfd99c] + +2004-12-16 Todd C. Miller + + * sudo.c: + sort usage + [15e3b876ec2c] + + * sudo.pod: + Sort command line options + [c1fa56584bc4] + + * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c, + sudo.pod, sudoers.pod: + Add closefrom sudoers option to start closing at a point other than + 3. Add closefrom_override sudoers option and -C sudo flag to allow + the user to specify a different closefrom starting point. + [370652b099d1] + + * pathnames.h.in: + Add _PATH_DEVNULL for those without it. + [0c4c3e0ceb8b] + + * LICENSE: + no more UCB strcasecmp + [397a6298e07f] + + * strcasecmp.c: + replace BSD licensed one with version derived from pdksh + [d7cfda8c57a2] -1998-01-21 00:48 millert +2004-12-10 Todd C. Miller + + * sudo.c: + Fix last commit. + [7afb9a180532] - * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, emul/utime.h, BUGS, INSTALL, README: updated version + * sudo.c: + Make sure stdin, stdout and stderr are open and dup them to + /dev/null if not. + [590f387068bd] -1998-01-21 00:47 millert +2004-12-03 Todd C. Miller - * CHANGES: updated for 1.5.5 + * ldap.c, mon_systrace.c, sudo.c, sudo.h: + add sudo_ldap_close + [4273a36765a7] -1998-01-21 00:35 millert + * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c: + Use TIME_WITH_SYS_TIME + [c32b59bf15fb] - * Makefile.in: add rules to update version stuff in files so I - don't need to do it by hand + * config.h.in, configure, configure.in: + Add TIME_WITH_SYS_TIME_H + [57cb146f451d] -1998-01-21 00:04 millert +2004-12-02 Todd C. Miller - * sudo.h: sudoers_fp is now extern + * env.c: + Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set + unconditionally on darwin. From Toby Peterson. + [d69959681c87] -1998-01-21 00:03 millert + * getspwuid.c: + Check rbinsert() return value. In the case of faked up entries + there is usually a negative response cached that we need to + overwrite. - * sudo.c: in check_sudoers, cache the sudoers file handle in - sudoers_fp so we don't have to open it again in the parse. This - may help with weird solaris problems where EAGAIN sometime - occurrs. + In pwfree() don't try to zero out a NULL pw_passwd pointer. + [00b32d1a48c1] -1998-01-21 00:02 millert + * mon_systrace.c: + Use the double fork trick to avoid the monitor process being waited + for by the main program run through sudo. + [e0ce556712ff] - * parse.c: sudoers file open is now done only in check_sudoers() so - we just do a rewind() instead of an open. May help people on - solaris who were getting EAGAIN. +2004-11-29 Todd C. Miller -1998-01-16 11:43 millert + * sudo.c: + Call initgroups() in -U mode so group matches work normally. + [2235bea15283] - * INSTALL: mention that newer glibc is fixed + * def_data.h, mkdefaults: + Don't print a trailing comma for the last entry in enum def_tupple + [c43a96bb31df] -1998-01-13 12:58 millert +2004-11-28 Todd C. Miller - * sudo.c: newer irix uses _RLDN32_* envariables for 32-bit binaries - so ignore _RLD* instead of _RLD_* + * sudoers.cat, sudoers.man.in, sudoers.pod: + Mention values when lecture, listpw and verifypw are used in boolean + context. + [a0b5c0abaccf] -1998-01-13 10:32 millert + * def_data.c, def_data.in: + verifypw when used in a boolean TRUE context should be "all", not + "any". + [2eb076ddd5e2] - * parse.c: typo +2004-11-26 Todd C. Miller -1998-01-13 10:19 millert + * def_data.in, defaults.c: + Allow tuples that can be used as booleans to be used as boolean + TRUE. In this case the 2nd possible value of the tuple is used for + TRUE. + [bd99aa77e88b] - * parse.c: fix that bug for real +2004-11-25 Todd C. Miller -1998-01-13 02:39 millert + * configure, configure.in: + Correct the test for 2-parameter timespecsub + [d41c9cb26b97] - * INSTALL: document Linux's libc6 brokenness. + * sudo.h: + Add strub struct definitions for passwd, timeval and timespec + [c4ce5c43d8c5] -1998-01-13 02:00 millert + * config.h.in, configure, configure.in, sudo_edit.c, visudo.c: + Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS) + and fix a typo in the gettimeofday check. + [8ac9893057ce] - * parse.yacc: -Wall +2004-11-24 Todd C. Miller -1998-01-13 01:22 millert + * match.c, testsudoers.c: + Deal with user_stat being NULL as it is for visudo and testsudoers. + [3605a6ff64d0] - * RUNSON: updated + * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod: + Add -U option to use in conjunction with -l instead of -u. Add + support for "sudo -l command" to test a specific command. + [99638789d415] -1998-01-13 00:50 millert + * gram.c, gram.y, sudo.c: + Set safe_cmnd after sudoers_lookup() if it has not been set. + Previously it was set by sudo "ALL" in the parser but at that point + the fully-qualified pathname has not yet been found. + [ac30d98f8225] - * TROUBLESHOOTING: remind people to HUP syslogd +2004-11-23 Todd C. Miller -1998-01-13 00:05 millert + * parse.c, testsudoers.c: + Correctly handle multiple privileges per userspec and runas + inheritence. + [a98a965181af] - * Makefile.in: add -O flag to tar +2004-11-21 Todd C. Miller -1998-01-13 00:00 millert + * defaults.c: + Zero out sd_un for each entry in sudo_defs_table in init_defaults. + [031d3cd4a848] - * TODO, RUNSON: updated +2004-11-19 Todd C. Miller -1998-01-12 23:59 millert + * toke.c, toke.l: + make per-command defaults work with sudoedit + [e56fe33db916] - * sudo.pod: remove author's email addr. people should mail - sudo-bugs + * ldap.c, parse.c, sudo.c, sudo.h: + Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. + Instead, we just set the approriate defaults variable. + [756eeecc1d86] -1998-01-12 23:49 millert + * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod: + Document per-command Defaults. + [92a0f84b91c1] - * INSTALL: fix version + * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c, + sudo.c, testsudoers.c, toke.c, toke.l, visudo.c: + Add support for command-specific Defaults entries. E.g. + Defaults!/usr/bin/vi noexec + [be3d52bf01cf] + + * defaults.c, match.c, parse.c, parse.h, testsudoers.c: + Change an occurence of user_matches() -> runas_matches() missed + previously runas_matches(), host_matches() and cmnd_matches() only + really need to pass in a list of members. user_matches() still + needs to pass in a passwd struct because of "sudo -l" + [833b22fc6fa0] + + * parse.c: + Check def_authenticate, def_noexec and def_monitor when setting + return flags. XXX May be better to just set the defaults directly + and get rid of those flags. + [b6db22b59d69] + + * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, + auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, + auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c, + defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c, + getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c, + gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c, + mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c, + strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c, + sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c, + visudo.c, zero_bytes.c: + Use: #include Not: #include "config.h" That way we get + the correct config.h when build dir != src dir + [97e5670a442b] + + * Makefile.in: + Back out part of rev 1.263; fix -I order + [197ea01cad5d] + + * toke.c, toke.l: + More robust parsing if #include; could be much better still. + [31bc3cd8f045] + + * sudo_edit.c, visudo.c: + Make arg splitting in visudo and sudoedit consistent. + [7bc74485f246] + + * Makefile.in, alias.c, gram.c, gram.y, parse.h: + Split alias routines out into their own file. + [d90f633cf9ae] + + * error.h: + __attribute__ is already defined in compat.h + [676ed3fe9203] + + * visudo.c: + quit() should not be __noreturn__ as it is non-void on some + platforms. + [e528c2b6ba10] + + * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c: + Add local error/warning functions like err/warn but that call an + additional cleanup routine in the error case. This means we no + longer need to compile a special version of alloc.o for visudo. + [e78e8aae882e] + + * parse.h: + Clarify comments about the data structures + [ae894e266701] + +2004-11-18 Todd C. Miller + + * visudo.c: + Add support for VISUAL and EDITOR containing command line args. If + env_editor is not set any args in VISUAL and EDITOR are ignored. + Arguments are also now supported in def_editor. + [ff7303b8e298] + +2004-11-17 Todd C. Miller + + * parse.h: + alias_matches() is no more + [b59825e28084] + + * CHANGES, TODO: + sync + [2b8f5f63c1de] + + * Makefile.in: + When regenerating the parser, don't replace gram.h unless it has + changed. + [819949668018] + + * Makefile.in: + remove Makefile.binary for distclean + [351eec8d00b2] + + * env.c: + Preserve KRB5CCNAME in zero_env() and add a paranoia check to make + sure we can't overflow new_env. + [3284d17b9c6d] + + * sudo_edit.c: + paranoia when stripping trailing slashes from tempdir. + [012f1aa2b81f] + + * sudo.c: + Set user_ngroups to 0 if getgroups() returns an error. + [c46d43e9449a] + +2004-11-16 Todd C. Miller + + * config.h.in, configure, configure.in, sudo.c: + Add configure check for getgroups() + [5d8a214e2cef] + + * ldap.c: + Use supplementary group vector in struct sudo_user. + [3d0c463c034d] + + * match.c: + Only do string comparisons on the group members if there is no + supplemental group list. + [be1c8362f7ef] + + * CHANGES, TODO: + sync + [db188bc5b975] + + * sudo_edit.c: + On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so + chop off any trailing slashes we see and add an explicit one. + [e1b477dafee1] -1998-01-12 23:48 millert + * match.c: + remove bogus XXX comment + [8aecb8a28d40] - * README, check.c, compat.h, config.h.in, configure.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c: ++version + * match.c: + Get rid of alias_matches and correctly fall through to the non-alias + cases when there is no alias with the specified name. + [2cd555246f09] -1998-01-12 23:44 millert + * getspwuid.c: + Cache non-existent passwd/group entries too. + [8de9a467d271] - * RUNSON: updated + * gram.c: + regen + [9ece18c58f36] -1998-01-12 23:42 millert + * getspwuid.c: + fix typo + [9a7ae371eac1] - * INSTALL, Makefile.in: ++version + * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c, + mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c: + Implement group caching and use the passwd and group caches + throughout. + [f1d8c5015169] + +2004-11-15 Todd C. Miller + + * match.c: + Properly negate the return value of alias_matches() when + appropriate. + [ce59c4ce77ad] + + * match.c: + Make hostname_matches() return TRUE for a match, else FALSE like the + caller expects. + [1dc03902d3a2] + + * Makefile.in: + Add missing dependencies on gram.h + [4f94bbb1d50c] + + * match.c: + Use runas_matches in alias_matches() now that we have it. + [284d22e91178] + + * parse.c, parse.h: + Expand aliases in "sudo -l" mode + [f67a38b79c44] + + * gram.y, match.c: + Use ALIAS for the member type when storing an alias instead of + HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the + more generic type. Expand runas_matches instead of calling + user_matches() inside of it since user_matches() looks up + USERALIASes, not RUNASALIASes. + [52004d75232b] + + * CHANGES, getspwuid.c: + Paranoia; zero out pw_passwd before freeing passwd entry. + [bd1b22638f00] -1998-01-12 23:41 millert + * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure, + configure.in, defaults.c, emul/err.h, env.c, err.c, error.c, + error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c, + sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c: + Add local error/warning functions like err/warn but that call an + additional cleanup routine in the error case. This means we no + longer need to compile a special version of alloc.o for visudo. + [25000b676cfe] + + * match.c: + Use userpw_matches() to compare usernames, not strcmp(), since the + latter checks for "#uid". + [fcbe4b859f66] + + * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c: + Cache passwd db entries in 2 reb-black trees; one indexed by uid, + the other by user name. The data returned from the cache should be + considered read-only and is destroyed by sudo_endpwent(). + [ee2418ff3f86] + + * match.c: + add cast to uid_t + [eb6415302d84] + + * gram.y: + missing free in alias_destroy + [572ecb680ad8] + + * redblack.c: + Can't use rbapply() for rbdestroy since the destructor is passed a + data pointer, not a node pointer. + [11ce713830c0] + + * getspwuid.c, logging.c, sudo.c, sudo.h: + Create and use private versions of setpwent() and endpwent() that + set/end the shadow password file too. + [616bc76d23bf] + + * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c: + Store aliases in a red-black tree. + [ce017d540416] + + * Makefile.in, redblack.c, redblack.h: + red-black tree implementation + [cd5586e8f48b] + + * visudo.c: + Edit all sudoers file if there were unused or undefined aliases and + we are in strict mode. + [b6d5f5bb7262] + +2004-11-12 Todd C. Miller - * CHANGES: updated fort 1.5.4 + * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c, + find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c: + Bring back the "secure_path" Defaults option now that Defaults take + effect before the path is searched. + [2e52c0e27606] + +2004-11-11 Todd C. Miller + + * logging.c, parse.c: + A user can always list their own entries, even with -u. Better error + message when failing to list another user's entries. + [e2e24deb0071] + + * parse.c, sudo.c, sudo.h: + The syntax to list another user's entries is now "-u otheruser -l". + Only root or users with sudo "ALL" may list other user's entries. + [3c0657e8f5fe] + + * sudo.cat, sudo.man.in, sudo.pod: + Update env variable info in SECURITY NOTES + [299716071024] + + * env.c: + strip CDPATH too + [9b97643b26f9] + + * env.c: + strip exported bash functions from the environment. + [9e5090c8284f] + +2004-10-27 Todd C. Miller + + * sudo.c: + Only reset sudo_user.pw based on SUDO_USER environment variables for + real commands and sudoedit. This avoids a confusing message when a + user tries "sudo -l" or "sudo -v" and is denied. + [3ea6d0053274] + + * gram.c, gram.y, parse.h: + Extend LIST_APPEND to deal with appending lists too + [d963e42f622f] + +2004-10-26 Todd C. Miller + + * logging.c: + Convert some bitwise AND to ISSET + [130dc40d268e] + + * lex.yy.c, toke.c: + toke.c replaces lex.yy.c + [048858df79e7] + + * CHANGES, TODO: + sync + [d19e7abf251c] + + * BUGS: + new parser fixes most of the outstanding bugs + [0891f66e3758] + + * configure: + regen + [1a3358cc7283] + + * visudo.c: + Rework for the new parser. Now checks for unused aliases in sudoers. + [ad462ede3094] + + * testsudoers.c: + Rewrite for the new parser. Now supports a -d flag (dump) and adds + a -h flag (host). It now defaults to the local hostname unless + otherwise specified. + [1b69685cc601] + + * sudo.h: + Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h) + [2e4fb3abfef0] + + * sudo.c: + Update for new parse. We now call find_path() *after* we have + updated the global defaults based on sudoers. Also adds support for + listing other user's privs if you are root. + [cf3db9fc3024] + + * mon_systrace.c: + Working LDAP support; also remove a now-unneeded rewind(). + [649ecf1baf6b] + + * logging.c, logging.h: + Add NO_STDERR flag. + [6cb935af94e0] + + * ldap.c: + Split sudo_ldap_check() into three pieces: sudo_ldap_open(), + udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to + connecto to LDAP, apply the default options, find the command in the + user's path, and then check whether the user is allowed to run it. + The important thing here is that the default runas user may be + specified as a default option and that needs to be set before we + search for the command. + [fc0426abc6f1] + + * ldap.c: + Add casts to unsigned char for isspace() to quiet a gcc warning. + [e5358e3df439] + + * defaults.h: + Add prototype for update_defaults() + [564dac3db74e] + + * defaults.c: + Don't warn about line numbers now that we operate on a set of data + structures (or LDAP) and not a file. + [bcd9ffb9b67c] + + * config.h.in: + No long use lsearch() + [9d048c587319] + + * Makefile.in: + Update for new and changed file names. + [6f424a7c4515] + + * LICENSE: + no more BSD lsearch.c + [463a96d89026] + + * match.c: + foo_matches() routines now live in match.c Added user_matches(), + runas_matches(), host_matches(), cmnd_matches() and alias_matches() + that operate on the parsed sudoers file. + [b14da8a0567e] + + * parse.lex, toke.l: + Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer() + WORD no longer needs to exclude '@' kill yywrap() + [a922294eb7b7] + + * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c, + sudo.tab.h: + Rewritten parser that converts sudoers into a set of data + structures. This eliminates ordering issues and makes it possible to + apply sudoers Defaults entries before searching for the command. + [30d2ec4d203c] + + * configure.in, emul/search.h, lsearch.c: + We won't be using lsearch() any longer. + [29c4d54bfac0] + + * ldap.c: + sudo should not send mail if someone who runs 'sudo -l' has no + entry. + [6fc27a69fd9c] -1998-01-12 23:41 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [8166347917f3] - * check.c: exit(1) if user enters no passwd + * visudo.pod: + Update warnings to match new visudo + [004c0766798f] -1998-01-12 23:37 millert + * sudoers.pod: + The new parser doesn't have the old ordering constraints. + [ffd43bd08661] - * BUGS: ++version + * sudo.pod: + Document that -l now takes an optional username argument + [278f9557de8b] -1998-01-12 23:10 millert +2004-10-25 Todd C. Miller - * parse.c: commands can start with ./* not just /* -- fixes a - serious security hole. + * RUNSON: + AIX 5.2.0.0 works + [523acd29d858] -1997-12-21 18:17 millert + * ldap.c: + If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes + a compilation problem with Solaris 9's native LDAP. - * sudo.c: Don't set the tty variable to NULL when we lack a tty, - leave it as "unknown". + Set FLAG_MONITOR when needed. + [35824ade672d] -1997-11-23 13:29 millert +2004-10-23 Todd C. Miller - * sample.sudoers: fix usage of (username) in conjunction with , and - ! + * mon_systrace.c: + Call sudo_goodpath() *after* changing the cwd to match the traced + process. Fixes relative paths. + [12ee111d0ad7] -1997-11-23 13:28 millert +2004-10-21 Todd C. Miller - * visudo.c: catch the case where the user is not in the passwd file + * testsudoers.c: + Kill set_perms() stub--it is no longer needed. + [116ed702935d] -1997-11-23 13:24 millert +2004-10-13 Todd C. Miller - * tgetpass.c: use fileno(input) + 1 instead of getdtablesize() as - the nfds arg to select(2) + * sudoers.cat, sudoers.man.in, sudoers.pod: + stay_setuid now requires set_reuid() or setresuid() + [8511f67e25d5] -1997-11-23 01:53 millert + * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure, + configure.in, set_perms.c, sudo.c, sudo.h: + Kill use of POSIX saved uids; they aren't worth bothering with. + [b3b1f19f18c1] + +2004-10-07 Todd C. Miller + + * glob.c: + remove call to issetugid() + [63f2e492c08f] + + * sudoers.cat, sudoers.man.in, sudoers.pod: + Remove warning about wildcards. Now that we use glob() the bug is + fixed. + [b15729d32266] + + * parse.c: + Use glob(3) instead of fnmatch(3) for matching pathnames and stat + each result that matches the basename of the user's command. This + makes "cd /usr/bin ; sudo ./blah" work when sudoers allows + /usr/bin/blah. Fixes bug #143. + [e31eb6310340] + + * config.h.in, configure, configure.in: + Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and + GLOB_BRACE) + [677ed6661e17] + + * config.h.in, configure, configure.in: + Check for a glob() that supports GLOB_BRACE and GLOB_TILDE + [aaa2329dd266] + + * LICENSE: + reference glob + [bedc9a923423] + + * glob.c: + 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions + removed. + [81799451473c] + + * emul/glob.h: + 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions + removed. + [0335cf31fb1e] + +2004-10-05 Todd C. Miller + + * mon_systrace.c: + Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably + means we are out of space in the stack gap... + [5b02b702021e] + + * CHANGES: + sync + [be3826273e56] + + * mon_systrace.c: + Take a stab at ldap sudoers support here. + [9d023695b0de] + + * mon_systrace.c, mon_systrace.h: + Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot" + doesn't cause reboot to inadvertanly kill itself. + [d4aab2365610] + + * mon_systrace.c: + put "monitor" in the proctitle, not "systrace" + [9a9025767d86] + + * mon_systrace.c: + When modifying the environment, don't replace envp when we can get + away with just rewriting pointers in the traced process. + [c03622f7a2e2] + + * mon_systrace.c, mon_systrace.h: + Add environment updating via STRIOCINJECT (if available). + [037291016870] + + * sudoers.cat, sudoers.man.in: + regen + [869acc511046] + +2004-10-04 Todd C. Miller + + * lex.yy.c: + regen + [4e61a9bd3c97] + + * parse.lex: + Fix bug introduced in unput() removal; want yyless(0) not yyless(1) + [b70d7bd6e147] + + * mon_systrace.c: + Include file is now mon_systrace.h + [ead4e36d92ae] - * sudo.c: define tty global to an initial value to avoid dumping - core in logging functions when passwd file is unavailable. + * Makefile.in, configure, configure.in, def_data.c, def_data.h, + def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, + sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod: + No longer call it tracing, it is now "monitoring" which should be + more a obvious name to non-hackers. + [aa811ded0789] -1997-11-23 01:51 millert +2004-10-01 Todd C. Miller - * sudo.c: do the set_perms(PERM_USER, sudo_mode) after we have - gotten the passwd entry + * mon_systrace.c, mon_systrace.h: + Fix some XXX + [a271072dacc6] -1997-11-23 00:21 millert + * mon_systrace.c, mon_systrace.h: + No need to include syscall.h, use 1024 as the max # of entries (the + max that systrace(4) allows). - * sudo.pod: talk about problem of ALL + Only need to use SYSTR_POLICY_ASSIGN once -1997-10-10 00:54 millert + Change check_syscall() -> find_handler() and have it return the + handler instead of just running it. We need this since handler now + have two parts: one part that generates and answer and another that + gets called after the answer is accepted (to do logging). - * README: new web location + Add some missing check_exec for emul execv + [a89d243f0525] -1997-10-10 00:54 millert + * sample.pam, sample.sudoers, sample.syslog.conf, sudoers: + Add $Sudo$ tags. + [6f3fedb0daba] - * INSTALL: fdesc bug is fixed in Open/Net BSD + * config.h.in: + Add missing HAVE_LINUX_SYSTRACE_H + [ff75ab7bfc53] -1997-10-10 00:52 millert + * Makefile.in: + add trace_systrace.o dependency + [88a408668ab2] - * HISTORY: updates from Nieusma +2004-09-30 Todd C. Miller -1997-10-09 18:37 millert + * configure, configure.in: + Also look for systrace.h in /usr/include/linux + [98b98b436cf3] - * dce_pwent.c: move compat.h after the system includes + * mon_systrace.c, mon_systrace.h: + Move all struct defs and prototypes into trace_systrace.h and mark + all but systace_attach() static. + [85511253b570] -1997-08-06 14:58 millert + * mon_systrace.c, mon_systrace.h: + Add support for tracing emulations. At the moment, all emulations + are compiled in. It might make sense to #ifdef them in the future, + though this impeeds readability. + [87bb50abf277] - * logging.c: save errno from being clobbered by wait(). From Theo + * Makefile.in, configure, configure.in: + rename systrace.c -> trace_systrace.c + [31cfa4407d93] -1997-05-21 11:57 millert + * parse.yacc, sudo.tab.c: + Allow this to build with a K&R compiler again + [32876af5bb98] - * compat.h: fix an occurence of setresuid -> setreuid (typo) + * TODO: + sync + [46865bd70f7c] -1997-03-19 17:45 millert + * compat.h, sudo.c, visudo.c: + Use __attribute__((__noreturn__)) + [65bbad71fe89] - * install-sh: check for path to strip + * visudo.c: + Exit() takes a negative value to indicate it was not called via + signal. + [b93032ed7b60] -1997-01-15 19:05 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [45bcf4661558] + + * Makefile.in, visudo.c: + Define Err() and Errx() that are like err() and errx() but call + Exit() instead of exit(). Build private copy of alloc.o for visudo + that calls Err() and Errx(). + [c6d02bf42edd] + +2004-09-29 Todd C. Miller + + * lex.yy.c, sudo.tab.c: + regen + [39de7e7c59da] + + * CHANGES: + sync + [ba481d9ed1aa] + + * visudo.c: + Overhaul visudo for editing multiple files: o visudo has been + broken out into functions (more work needed here) o each file is + now edited before sudoers is re-parsed o if a #include line is + added that file will be edited too + + TODO: o cleanup temp files when exiting via err() or errx() o + continue breaking things out into separate functions + [80c35cf534eb] + + * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c: + Add keepopen arg to open_sudoers that open_sudoers can use to + indicate to the caller that the fd should not be closed when it is + done with it. To be used by visudo to keep locked fds from being + closed prematurely (and thus losing the lock). + [f330fe632470] + + * parse.yacc, sudo.c: + Add errorfile global that contains the name of the file that caused + the error. + [98079c7a37ed] + + * parse.lex: + return COMMENT to yacc grammar for a #include line + [2024a8de4fa8] + + * parse.lex: + Remove us of unput() in favor of yyless() which is cheaper. + [c61291902beb] + + * parse.yacc: + Allow an empty sudoers file. + [62fb111db2e7] + +2004-09-28 Todd C. Miller + + * mon_systrace.c: + Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us. + [9e15869ef597] + + * lex.yy.c, sudo.tab.c: + regen + [c29bdd43bfad] + + * visudo.c: + Do signal setup before calling edit_sudoers(). Don't shadow the + "quiet" global. + [74252efd09ff] + + * visudo.c: + If a sudoers file includes other files, edit those too. Does not yes + deal with creating the new includes files itself. + [06af7b9c173f] + + * testsudoers.c: + init_parser now takes a path + [b5ee186eb192] + + * parse.c, parse.h, parse.lex, parse.yacc: + More scaffolding for dealing with multiple sudoers files: o + init_parser() now takes a path used to populate the sudoers global + o the sudoers global is used to print the correct file in yyerror() + o when switching to a new sudoers file, perserve old file name and + line number + [d9be4970b8bd] + + * Makefile.in, pathnames.h.in: + Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have + multiple sudoers files. + [6ccc4e921c43] + + * parse.c, sudo.c: + Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so + we start at the right file position when reading include files. + [91fcb961e7a4] + + * sudoers.pod: + document #include + [fbb92a25a726] + + * lex.yy.c: + regen + [50cd7a4c9dff] + + * parse.lex: + Add max depth of 128 for the include stack to avoid loops. + + Since yyerror() doesn't stop parsing, pass return values back to + yylex and call yyterminate() on error. + [e79dbffb729d] + +2004-09-27 Todd C. Miller + + * sudoers.pod: + document tracing + [165a467eadd8] + + * sudo.pod: + Mention PREVENTING SHELL ESCAPES section of sudoers man page + [3217ccecd834] + + * lex.yy.c, sudo.tab.c: + regen + [fbd58d1d3a76] - * logging.c: deal with maxfilelen < 0 case + * parse.lex: + Add support for #include in sudoers (visudo support TBD) + [a78015ca81af] -1997-01-15 19:05 millert + * parse.yacc: + make yyerror()'s argument const + [7d8e168c019a] - * OPTIONS: fixed descriptin + * testsudoers.c, visudo.c: + Add open_sudoers() stubs. + [087466787198] -1996-12-11 23:10 millert + * sudo.c, sudo.h: + Rename check_sudoers() open_sudoers() and make it return a FILE * + [142fc511fc65] - * sudo.c: correct error message if mode/owner wrong and not - statable by owner but is statable by root. +2004-09-26 Todd C. Miller -1996-11-23 02:18 millert + * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, + version.h: + Crank version + [1adc3f839480] + + * Makefile.in, sudo.psf: + Better HP-UX depot construction + [2d952b000e63] + +2004-09-25 Todd C. Miller + + * mon_systrace.c: + o Made children global so check_exec() can lookup a child. o + Replaced uid in struct childinfo with struct passwd * (for runas) o + new_child() now takes a parent pid so the runas info can be + inherited o Added find_child() to lookup a child by its pid o + update_child() now fills in a struct passwd o Converted the big + if/else mess in set_policy to a switch o Syscalls that change uid + are now "ask" so we get SYSTR_MSG_UGID events + [29b9ea3f09a3] + + * getspwuid.c: + Add flag to sudo_pwdup that indicates whether or not to lookup the + shadow password. Will be used to a struct passwd that has the + shadow password already filled in. + [e19d43dd7238] + + * mon_systrace.c: + add missing increment of addr in read_string() + [f9eb0f060cb6] + + * mon_systrace.c: + Remove bogus call to update_child() and some cosmetic fixes + [701ab0b97fef] + + * mon_systrace.c: + Don't leak /dev/systrace fd to tracee Make initialized global for + simplicity If STRIOCATTACH returns EBUSY we are already being traced + Check for user_args == NULL in setproctitle() call Add missing calls + to STRIOCANSWER + [1956edf9bc3a] + + * sudo.c: + g/c sudo_pwdup proto + [b7c4d6249ecb] + + * Makefile.in, sudo.psf: + Add target for building a depot file + [357019efd99b] + + * mon_systrace.c: + trim includes + [501534428471] + +2004-09-24 Todd C. Miller + + * lex.yy.c, sudo.tab.c, sudo.tab.h: + regen + [52fd250c6986] + + * INSTALL: + document --with-systrace + [79623927c94e] + + * config.h.in, configure, configure.in: + Add check for setproctitle + [1730cf1c26ed] + + * mon_systrace.c: + pass struct str_msg_ask in to syscall checker so it can set the + error code + [1703fd2fdef6] + + * mon_systrace.c: + systrace(4) support for sudo. On systems with the systrace(4) + kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can + intercept exec calls and check the exec args against the sudoers + file. In other words, sudo can now control subcommands and shell + escapes. + [928c9217c386] + + * sudo.c, sudo.h: + Call systrace_attach() if FLAG_TRACE is set. + [014ba9402fa5] + + * parse.c, parse.h, parse.lex, parse.yacc, sudo.h: + Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE + [a99904db5e56] + + * parse.c, sudo.c: + Don't close sudoers_fp, keep it open and set close on exec flag + instead. + [43a9fec60bee] + + * def_data.c, def_data.h, def_data.in: + Add trace option + [5b643b86730a] + + * Makefile.in: + Add systrace + [47a0519c427c] + + * INSTALL: + SunOS /bin/sh blows up with configure + [005a23cc5615] + + * configure, configure.in: + Include sys/param.h before systrace.h + [9345bc8efecf] + + * configure: + regen + [a8f53fcbb254] + + * pathnames.h.in: + _PATH_DEV_SYSTRACE + [d2ad1e492a00] + + * configure.in: + line up options in --help + [fa51f2821d09] + + * config.h.in, configure.in: + Add --with-systrace + [a264d54bc413] - * config.guess, config.sub: autoconf 2.11 +2004-09-23 Todd C. Miller -1996-11-16 14:42 millert + * configure: + regen + [a4dad0bcc523] - * CHANGES, RUNSON, TODO: sudo 1.5.3. + * aclocal.m4, configure.in: + make this work with autoconf-2.59 + [c4a92b6a684a] -1996-11-14 15:08 millert +2004-09-16 Todd C. Miller - * sudo.h, parse.yacc: command_alias -> generic_alias + * sudo_edit.c: + Simplify logic around open & stat of files and do sanity on edited + file even if we lack fstat (still racable but worth doing). + [adda65ade70c] -1996-11-13 22:50 millert +2004-09-15 Todd C. Miller - * sample.sudoers: added Runas_Alias example and fixed syntax errors + * HISTORY: + Add support url + [bf6590fbde9f] -1996-11-13 22:50 millert + * Makefile.in: + versino 1.6.8p1 + [b84ebfaf1552] [SUDO_1_6_8p1] - * OPTIONS, options.h: updated MAILSUBJECT + * CHANGES: + more changes for 1.6.8p1 + [e23a9c0393b6] -1996-11-13 22:49 millert + * version.h: + 1.6.8p1 + [872f14504b5f] - * logging.c: added %h expansion + * CHANGES, sudo_edit.c: + Add sanity check so we don't try to edit something other than a + regular file. + [350134ec6d4e] -1996-11-13 21:37 millert +2004-09-15 Aaron Spangler - * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, INSTALL, README, configure.in: ++version + * CHANGES: + sync + [3091ca9eae00] -1996-11-13 20:01 millert + * INSTALL: + document --with-ldap-conf-file + [0e2cd6b896f1] - * emul/utime.h, BUGS: ++version +2004-09-14 Todd C. Miller -1996-11-13 19:45 millert + * CHANGES, ins_csops.h: + political correctness strikes again + [428e8bc77f55] - * sudoers.pod: document Runas_Alias + * RUNSON: + sync + [27f44bd423dc] -1996-11-13 19:22 millert +2004-09-12 Todd C. Miller - * visudo.pod: q (uid) -> Q + * Makefile.binary.in, Makefile.in: + Install sudoedit man link + [19a55234fc1f] -1996-11-13 19:21 millert + * INSTALL: + Update PAM note and mention where HP-UX users can download gcc + binaries. + [d37cdbbabfd4] - * visudo.c: buffer oflow checking q (uit) -> Q if yyparse() fails - drop into whatnow + * Makefile.in: + libtool wants to install stuff from .libs so fake one up for binary + installations. + [a681bc6fcfba] -1996-11-13 19:05 millert + * Makefile.binary.in: + rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly + [3e0c4b3372cc] - * parse.yacc: add size params to sprintf + * Makefile.in: + Deal with "uname -m" having slashes in it rm -f old sudoedit link + instead of using ln -f + [cff33fb97e5b] -1996-11-13 19:04 millert + * Makefile.binary, Makefile.binary.in: + Makefile.binary -> Makefile.binary.in for config.status substitution + Add support for installing noexec bits + [37d8bb3483c6] - * parse.lex: allow trailing space after '\\' but before '\n' + * Makefile.in: + Copy noexec bits into binary dists too No longer use my old arch + script for making binary dists + [e7058bab9e33] -1996-11-13 19:04 millert + * Makefile.binary: + Install sudoedit link. + [417d1e101711] - * find_path.c: off by one error in path size check +2004-09-11 Todd C. Miller -1996-11-13 19:03 millert + * emul/utime.h: + avoid __P so there is no need for compat.h to be included + [6d8d1f1abf7d] - * check.c: sprintf paranoia + * utimes.c: + Don't use HAVE_UTIME_H before including config.h. + [013b7bb61181] -1996-11-12 11:59 millert +2004-09-10 Todd C. Miller - * parse.yacc: fixed more_aliases + * compat.h: + Fix Solatis futimes macro + [d4eda2ca0d29] -1996-11-12 11:58 millert +2004-09-09 Todd C. Miller - * visudo.c: now warns if killed by signal ./ + * sudo_edit.c: + Rename ots -> omtim for improved readability. + [127ca5bb297c] -1996-11-11 10:49 millert +2004-09-08 Todd C. Miller - * parse.yacc: fix Runas_Alias stuff Alias's in runas list now get - expanded (but it is gross) + * sudo_edit.c: + Redo changes in revision 1.7. Don't really need to keep the temp + file open; re-opening it with the invoking user's euid is + sufficient. + [55a883165a95] -1996-11-10 20:32 millert + * CHANGES: + sync + [9015b291170d] - * sudo.c: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == - 0400 + * sudo.cat, sudo.man.in: + regen + [c0313f6ed783] -1996-11-10 20:08 millert + * sudo.pod: + back out revision 1.70; it is no long applicable + [b641d503aff6] - * parse.yacc: add Runas_Alias support change FOO to FOO_ALIAS (ie: - USER_ALIAS) + * env.c: + Let the loader initialize nep + [bec192139b02] -1996-11-10 20:02 millert + * config.h.in, configure, configure.in: + Removed unneed check for fchown Add check for gettimeofday Move + autoheader template stuff into separate AH_TEMPLATE lines + [bfc0edbd43f2] - * parse.lex: Add Runas_Alias and simplify a rule. + * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c: + Use timespec throughout. + [1a178a23b69b] -1996-11-10 19:15 millert + * Makefile.in: + gettime.[co] + [6aeb48a7ab7f] - * parse.yacc: always store User_Alias's since they can be used - inside of a runas list. Sigh. Really need a Runas_Alias - instead. + * gettime.c: + function to return the current time in a struct timespec + [bf8eb12cb63f] -1996-10-30 18:04 millert + * utimes.c: + Not a darpa-sponsored file. + [121ce5e2036c] - * visudo.c: deal with case where there is no sudoers file +2004-09-07 Todd C. Miller -1996-10-11 23:01 millert + * compat.h, config.h.in, configure, configure.in: + Add a check for struct timespec and provide it for those without. + [42124055030d] - * TROUBLESHOOTING: added one + * config.h.in, configure, configure.in, sudo_edit.c: + Add checks for st_mtim and st_mtimespec and add macros for pulling + the mtime sec and nsec out of struct stat. These are used in + sudo_edit() to better tell whether or not the file has changed. + [23debfbb3fab] -1996-10-10 22:11 millert + * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c: + Add an extra param to touch() for nsec + [56f7a4ba8ddb] - * HISTORY, testsudoers.c: developement -> development + * sudo_edit.c: + Call mkstemp() as the in invoking user so we don't have to chown the + file later. Only touch() the temp file if we can do it via the file + descriptor. Don't check for modification of the temp file if we lack + fstat(). Catch errors read()ing the temp file. + [665f52c70836] -1996-10-10 22:08 millert + * fileops.c: + If path is NULL and fd == -1 return -1. + [757a518a824c] - * INSTALL: added a note + * sudo_edit.c: + closefrom() is overkill, the only extra fds are the ones we opened + so just close those in the child. + [f361c9d2a1f4] -1996-10-10 20:36 millert + * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure, + configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c, + visudo.c: + Use utimes() and futimes() instead of utime() in touch(), emulating + as needed. Not all systems are able to support setting the times of + an fd so touch() takes both an fd and a file name as arguments. + [3d9276f29717] - * RUNSON: for 1.5.2 +2004-09-07 Aaron Spangler -1996-10-10 20:36 millert + * env.c: + Rare SEGV + [8995f828782d] - * CHANGES: updated +2004-09-06 Todd C. Miller -1996-10-10 00:56 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [b8e9406711c5] - * PORTING: removed seteuid() notes + * sudo.pod, sudoers.pod, visudo.pod: + Add SUPPORT section and re-order some of the sections to match the + order we use in OpenBSD. + [fa37bd917e2c] -1996-10-09 13:37 millert +2004-09-06 Aaron Spangler - * compat.h: better seteuid() emulatino + * env.c: + Openldap ~/.ldaprc fix + [1a37afe6850f] -1996-10-09 13:36 millert +2004-09-06 Todd C. Miller - * configure.in: added check for seteuid + * sudo.pod: + Talk about how the editor must write its changes to the original + file and not just use rename(2). + [c55ed91c5ee9] -1996-10-09 13:36 millert + * CHANGES: + sync + [62af26bd37a2] - * config.h.in: added HAVE_SETEUID + * sudo_edit.c: + Keep the temp file open instead of re-opening after the editor has + exited. + [de41eeb6dcf2] -1996-10-08 19:22 millert + * sample.pam: + Update for current redhat/fedora core. + [8cf083077333] - * configure.in: first stab at sequent support +2004-09-03 Aaron Spangler -1996-10-08 19:21 millert + * README.LDAP: + tls_ examples + [ba783d88a034] - * config.h.in: added HAVE_SYS_SELECT_H +2004-09-02 Aaron Spangler -1996-10-08 19:21 millert + * ldap.c: + config tls_* options + [0b0e0797b3b9] - * compat.h: sequent -> _SEQUENT_ +2004-08-29 Todd C. Miller -1996-10-08 19:11 millert + * configure, configure.in: + No need for -lcrypt when using pam. + [41fff3a53e68] - * compat.h: added seteuid() macro for DYNIX +2004-08-27 Todd C. Miller -1996-10-08 18:54 millert + * configure: + regen + [75820aecce2c] - * tgetpass.c: _AIX -> HAVE_SYS_SELECT_H +2004-08-27 Aaron Spangler -1996-10-07 01:05 millert + * configure.in, ldap.c, pathnames.h.in: + Allow --with-ldap-conf-file option to override LDAP_CONF + [c9909bc484a5] - * emul/utime.h, check.c, compat.h, dce_pwent.c, find_path.c, - getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h, - pathnames.h.in, version.h, BUGS, INSTALL, Makefile.in, OPTIONS, - README, config.h.in, logging.c, parse.c, parse.lex, parse.yacc, - putenv.c, strdup.c, sudo_setenv.c, testsudoers.c, utime.c, - visudo.c, tgetpass.c: ++version + * ldap.c: + cleanup debug message + [1f6ca4824d8d] -1996-10-07 00:59 millert +2004-08-26 Aaron Spangler - * sudo.pod: added -H and SUDO_PS1 + * README.LDAP: + more config info + [f2e7147fd507] -1996-10-07 00:55 millert +2004-08-24 Todd C. Miller - * configure.in: use SUDO_FUNC_FNMATCH + * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c: + Add cmnd_base to struct sudo_user and set it in init_vars(). Add + cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No + longer use gross statics in command_matches(). Also rename some + variables for improved clarity. + [7169a6c7bea4] -1996-10-07 00:54 millert +2004-08-21 Todd C. Miller - * aclocal.m4: added SUDO_FUNC_FNMATCH + * INSTALL: + document HP's crippled compiler deficiency. + [c405ea5a8d4c] -1996-10-07 00:53 millert + * INSTALL: + Fix some thinkos in --with-editor and --with-env-editor + descriptions. Noticed by Norihiko Murase. + [dd781de1c985] - * sudo.c: added -H flag + * configure, configure.in: + --with-noexec takes an optional PATH argument. + [8f6ab77f22cc] -1996-10-07 00:53 millert + * INSTALL: + document --with-noexec + [50cb1fc627ce] - * sudo.h: added MODE_RESET_HOME / +2004-08-17 Todd C. Miller -1996-10-05 00:00 millert + * RUNSON, TODO: + sync + [f2503bd13373] [SUDO_1_6_8] - * INSTALL: mention OPIE + * sudo_edit.c: + Better warning message when sudoedit is unable to write to the + destination file. + [f78c18f2ffa8] -1996-10-04 23:59 millert + * sudo.cat, sudo.man.in: + regen + [7e2bf63d6d9a] - * configure.in: added opie support + * sudo.pod: + Don't italicize the string "sudoedit" + [c691643bd269] -1996-10-04 23:59 millert +2004-08-16 Todd C. Miller - * check.c: added HAVE_OPIE and changed to *_OTP_* + * HISTORY: + Mention GratiSoft. + [dc53de581b2d] -1996-10-04 23:58 millert +2004-08-11 Todd C. Miller - * compat.h, config.h.in: added HAVE_OPIE + * sudo.tab.c: + regen + [8ae0484dfc38] -1996-10-04 23:58 millert + * parse.yacc: + Reset used_runas to FALSE when re-intializing the parser. + [b7403f353a02] - * OPTIONS, options.h: SKEY -> OTP +2004-08-09 Todd C. Miller -1996-10-03 23:27 millert + * config.guess: + Correct OpenBSD mips support + [314fc7afc165] - * check.c: moved fclose() in skey stuff. + * config.guess: + Add OpenBSD/mips + [ac87d0a773ef] -1996-10-03 19:53 millert +2004-08-07 Aaron Spangler - * putenv.c: index -> strchr remove unnecesary stuff + * README.LDAP: + More behavior notes + [13be1d212b47] -1996-10-03 19:43 millert + * README.LDAP: + Updates on current behavior + [d498a8866d6f] - * check.c: now call skeychallenge() to get challenge instead of - making one up ourselves. this way, we get extra goodies in the - prompt. +2004-08-06 Todd C. Miller -1996-09-10 00:32 millert + * sudoers.pod: + =back does not take an indentlevel (makes no difference to formatted + files). + [9c8523bb382a] - * CHANGES: added one + * sudo.pod: + =back does not take an indentlevel (makes no difference to formatted + files). + [e5f479e24fa8] -1996-09-10 00:18 millert + * CHANGES: + new + [2dbd9aba8b33] - * parse.lex: allow logins to start with a number (YUCK!) + * sudo.c: + Consistency. Use same error for bad -u #uid when targetpw is set as + we do when a bad -u username is specified. + [922961c4a9d6] -1996-09-08 15:18 millert + * TODO: + Add checksum idea from Steve Mancini + [e6ece1b766ba] - * TROUBLESHOOTING: added soalris 2.5 vs 2.4 note + * sudoers.cat, sudoers.man.in: + regen + [370d2317829f] -1996-09-08 15:15 millert + * sudo.cat, sudo.man.in: + regen + [f93d41fc38b1] - * configure.in: DUNIX doesn't need -lnsl + * sudo.pod, sudoers.pod: + Document the restriction on uids specified via -u when targetpw is + set. + [878fedb455db] -1996-09-07 20:22 millert + * sudo.c: + Error out when targetpw is enabled and sudo is run with -u #uid but + #uid does not exist in the passwd database. We can't do target + authentication when the target is not in passwd! + [27c5888c86eb] - * CHANGES: [no log message] + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: + regen + [ceb65711050c] -1996-09-07 20:21 millert + * TODO: + Some more todo for the next release. + [7b7417be7601] - * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c, - getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, - options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, - tgetpass.c, utime.c, version.h, visudo.c: courtesan + * INSTALL: + Make it clear that PAM should be used for DCE support when possible. + [7502029fd385] -1996-09-07 20:13 millert + * sudoers.pod: + o Document problems with wildcards and relative paths. o Make the + order requirements more prominent. o Change a "set" to "reset" for + clarity. + [bacdd181b33f] - * TROUBLESHOOTING, INSTALL, Makefile.in, PORTING, RUNSON, README: - courtesan +2004-08-05 Todd C. Miller -1996-09-07 20:12 millert + * sudo.pod: + Mention --with-secure-path, not SECURE_PATH. + [41283ddde5e1] - * visudo.pod: [no log message] +2004-08-03 Aaron Spangler -1996-09-07 20:00 millert + * ldap.c: + reflect changes to parse.c + [8880fe9b724d] - * sudo.pod, visudo.pod: courtesan +2004-08-02 Todd C. Miller -1996-09-07 19:45 millert + * sudo.tab.c: + regen + [a57658ca9177] - * HISTORY: added courtesan ./ + * parse.c, parse.h, testsudoers.c, visudo.c: + Don't pass user_cmnd and user_args to command_matches(), just use + the globals there. Since we keep state with statics anyway it is + misleading to pretend that passing in different cmnd and cmnd_args + will work. + [0a2544991fd6] -1996-09-06 00:12 millert + * parse.yacc: + Don't pass user_cmnd and user_args to command_matches(), just use + the globals there. Since we keep state with statics anyway it is + misleading to pretend that passing in different cmnd and cmnd_args + will work. + [a4910bf6032b] - * sudo.c: added $SUDO_PROMPT support + * parse.c: + Fix a bug introduced in rev. 1.149. When checking for pseudo- + commands check for a '/' anywhere in cmnd, not just the first + character. + [ce98142f03ca] -1996-09-04 17:19 millert +2004-07-31 Aaron Spangler - * check.c: print long skey challemged to stderr, not stdout + * sudo.man.in, sudo.pod: + Clarification thanks to Olivier Blin + [a91800e094b1] -1996-08-31 23:10 millert + * sudoers.man.in, sudoers.pod: + Add ignore_local_sudoers + [741ddcbf7083] - * CHANGES: updated for 1.5.1 + * README.LDAP: + Sun One schema definition by Andreas.Bussjaeger@t-systems.com and + janth@moldung.no + [742c02e07cd9] -1996-08-31 23:07 millert +2004-07-29 Todd C. Miller - * emul/utime.h: ++version + * CHANGES: + typo + [e7cdefbd7a9a] -1996-08-31 12:34 millert +2004-07-23 Todd C. Miller - * RUNSON: updated for 1.5.1 + * CHANGES: + sync + [734dafc4a85e] -1996-08-30 10:49 millert + * parse.c: + Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless + PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse. + [151b7f593568] - * check.c: use shost, not host for tgetpass +2004-07-08 Todd C. Miller -1996-08-30 00:21 millert + * CHANGES: + PAM change + [d8fb6d6a22d0] - * OPTIONS, sudo.pod: documented %u and %h +2004-07-08 Aaron Spangler -1996-08-29 20:40 millert + * ldap.c: + Better debugging of ALL command + [9db3e84029dc] - * configure.in: fixed typo +2004-07-08 Todd C. Miller -1996-08-29 20:37 millert + * parse.c: + When matching for "sudoedit" in sudoers check both the command the + user typed *and* the command that is listed in the sudoers entry. + [f36ca1f94095] - * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c: ++version +2004-07-04 Aaron Spangler -1996-08-29 20:30 millert + * ldap.c: + Added !command feature + [ed539574611b] - * BUGS: ++version +2004-06-28 Todd C. Miller -1996-08-29 18:32 millert + * auth/pam.c: + Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell + [2be8e0e8813a] - * configure.in, Makefile.in, version.h: ++version +2004-06-11 Todd C. Miller -1996-08-29 17:58 millert + * LICENSE: + License is ISC-style, not BSD-style + [ac0589e1dd5d] - * sudo.h: new tgetpass() params + * CHANGES: + sync + [16058a30f404] -1996-08-29 17:58 millert +2004-06-10 Todd C. Miller - * check.c: pass use and host to tgetpass + * sudo.cat, sudo.man.in: + regen + [8820eb9c809b] -1996-08-29 17:57 millert + * sudo.pod: + o Update some out of date bits to reality o Change the shell promt + in examples to bourne-shell style o Clarify some details o Add a + CAVEAT about "sudo cd /foo" + [b0af373214b6] - * tgetpass.c: added %u and %h escapes + * check.c: + Don't ask for a password if invoking user == target user. + [dd5c96141132] -1996-08-29 16:56 millert + * sudo.c: + typo in comment + [278d20f9b249] - * OPTIONS, options.h, check.c: added NO_MESSAGE +2004-06-08 Todd C. Miller -1996-08-29 16:23 millert + * sudoers.cat, sudoers.man.in: + regen + [9036c6f39eff] - * configure.in: added cray (unicos) support + * sudoers.pod: + Expand on NOEXEC a little. + [9a13756aebe4] -1996-08-27 11:36 millert + * TODO: + sync + [8d2c1af48de8] - * OPTIONS, options.h, sudo.c: added SHELL_SETS_HOME + * visudo.cat, visudo.man.in: + regen + [3921f01607c8] -1996-08-25 17:56 millert + * sudo.tab.c: + regen + [9338c3d68250] - * INSTALL: added note about "make install" + * visudo.pod: + Add a check in visudo for runas_default being set after it has + already been used. + [6700358d7ad8] -1996-08-25 17:50 millert + * CHANGES, parse.yacc, visudo.c: + Add a check in visudo for runas_default being set after it has + already been used. + [803560986a8a] - * parse.yacc: changed length/size params from int to size_t + * sudo.tab.c: + regen + [b60636e2cf63] -1996-08-25 13:35 millert + * parse.yacc: + Add a MATCHED macro for testing whether foo_matches has been set to + TRUE or FALSE. This is more readable than checking for >=0 or < 0. + Doesn't change the actual code generated. + [f376da8ccdc8] - * OPTIONS: now get CSOPS insults as well by default +2004-06-07 Todd C. Miller -1996-08-25 13:33 millert + * sudoers.cat: + regen + [6cceb6d6c9bd] - * insults.h: use csops insults too by default + * sudoers.man.in: + regen + [5acd12b730b3] -1996-08-25 13:31 millert + * sudoers.pod: + Correct description of where Defaults specs should go. + [6b11ff53d7ad] - * INSTALL, Makefile.in, README, config.h.in, configure.in, - version.h: version = 1.5 + * sudoers: + Correct description of where Defaults specs should go. + [868db857630d] -1996-08-25 13:27 millert + * testsudoers.c, visudo.c: + update (c) year + [272c8a53604c] - * sudo.c: added runas_homedir + * logging.h: + update (c) year + [3cec76d400ce] + + * ldap.c: + update (c) year + [f264632488a0] + + * find_path.c: + update (c) year + [40c227af9227] + + * auth/pam.c: + update (c) year + [87149e0eed50] + + * auth/bsdauth.c, auth/kerb5.c: + update (c) year + [d72eb434c068] + +2004-06-06 Todd C. Miller + + * sudo.tab.c: + regen + [83408d9e9d2e] + + * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c: + Remove trailing spaces, no actual code changes. + [4c3bf2819293] + + * tgetpass.c: + Remove trailing spaces, no actual code changes. + [96f6e0a24c26] + + * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c: + Remove trailing spaces, no actual code changes. + [c7075d1cbed5] + + * getcwd.c: + Remove trailing spaces, no actual code changes. + [776cc0374547] + + * find_path.c: + Remove trailing spaces, no actual code changes. + [7ed7099f3c71] + + * compat.h, defaults.c, env.c: + Remove trailing spaces, no actual code changes. + [893e83c33795] + + * check.c: + Remove trailing spaces, no actual code changes. + [f77750f8803b] + + * sudo.tab.c: + regen + [62e0ed883b31] + + * parse.yacc: + Fix a >=0 that should be <0 that was improperly converted when + UNSPEC was added. + [ad1531a55a49] + + * parse.yacc: + Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not + NOMATCH when resetting it. + [ae017a12870a] + + * parse.yacc: + Fix pastos introduced in SETNMATCH addition. + [6ea1c9d80681] + +2004-06-05 Todd C. Miller + + * README.LDAP: + Update for configure changes + [637a635da287] + + * sudo.tab.c: + regen + [4753c2788713] + + * sudo.h: + Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use + these in parse.yacc. Also in parse.yacc initialize the *_matches + vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use + when setting *_matches to a value that may be + NOMATCH/UNSPEC/TRUE/FALSE. + [2ba622e15a4d] + + * parse.yacc: + Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use + these in parse.yacc. Also in parse.yacc initialize the *_matches + vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use + when setting *_matches to a value that may be + NOMATCH/UNSPEC/TRUE/FALSE. + [746b519e41a6] + + * parse.yacc: + Initialize runas to -2, not -1 since we need to be able to + distinguish between the initialized value and the value of a non- + match when passing along the runas value to multiple commands. + + The result of this is that an unmatched runas is now set to -1, not + 0. This is required now that parse.c treats a FALSE value for runas + as being explicitly denied. + [7791ed3621f6] + +2004-06-03 Todd C. Miller + + * sudo.c, visudo.c: + Error out if argc < 1. + [ce6b2a9eda3c] + + * getprogname.c: + Error out if argc < 1. + [c566cce8dc78] + + * configure, configure.in: + Add tests for what libs we need to link with for ldap and for + whether or not lber.h needs to be explicitly included. + [b2e9729cc4e7] + +2004-06-03 Aaron Spangler + + * ldap.c: + Solaris native LDAP build fix + [39929e40eb11] + +2004-06-01 Todd C. Miller + + * ldap.c: + Set edn to NULL is ldap_get_dn() fails to avoid potential use of an + unset variable. + [6a4c20a66f98] + + * sudo.h: + Add prototype for sudo_ldap_list_matches + [443b007a8dab] + + * configure, configure.in: + Better check for dirfd macro--we now set HAVE_DIRFD for the macro + version too. Added check for dd_fd in `DIR' if no dirfd is found; + this is now used to confitionally define the dirfd macro in + compat.h. + [567656978f7e] + + * config.h.in: + Better check for dirfd macro--we now set HAVE_DIRFD for the macro + version too. Added check for dd_fd in `DIR' if no dirfd is found; + this is now used to confitionally define the dirfd macro in + compat.h. + [34eace4faec8] + + * compat.h: + Better check for dirfd macro--we now set HAVE_DIRFD for the macro + version too. Added check for dd_fd in `DIR' if no dirfd is found; + this is now used to confitionally define the dirfd macro in + compat.h. + [8d50ff1bbf2a] + + * closefrom.c: + Only check /proc/$$/fd if we have the dirfd function/macro. + [15e3ccce7553] + + * compat.h, config.h.in, configure, configure.in: + Add a check for a dirfd() function (like Linux) and add a dirfd + macro in compat.h if there is no dirfd() function or macro. + [1e95756edb50] + + * closefrom.c, getcwd.c: + dirfd() is now defined in compat.h as needed. + [bb1d79271188] + + * CHANGES: + Clarify closefrom() note. + [f4e4a5508dda] + + * parse.c: + When checking for a command in the directory, only copy the base dir + once. + [7a3276808b87] + + * closefrom.c: + If there is a /proc/$$/fd directory, behave like the Solaris + closefrom() and only close the descriptors listed therein. + [19de23779e84] + + * alloc.c: + compat.h guarantees INT_MAX is defined. + [1bf0c79d4606] + + * compat.h: + Add definitions of OPEN_MAX and INT_MAX for those without it and + remove definition of RLIM_INFINITY (now unused). + [f827d1ebf96e] + + * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c, + sudo.c, sudo.h, visudo.c: + Use PATH_MAX, not MAXPATHLEN since the former is standardized. + [59788f211c24] + +2004-05-31 Todd C. Miller + + * CHANGES: + sync + [d32fa124f1ad] + + * RUNSON: + Add some entries that were mailed in a while ago + [ff8d5bfec54e] + + * closefrom.c: + o sysconf returns a long, not an int. o check for negative return + value from sysconf/getdtablesize and use OPEN_MAX in this case. o + define OPEN_MAX to 256 for those without it (a fair guess...) + [ccf81ae6deb2] -1996-08-25 13:27 millert +2004-05-30 Todd C. Miller + + * UPGRADE: + Mention change in parse order for RunAs entries. + [dc73b0bca617] + + * configure: + regen + [07cce8e0534e] + +2004-05-29 Todd C. Miller + + * INSTALL, README.LDAP, config.h.in, configure.in: + o --with-ldap now takes an optional dir as a parameter o added + check for ldap_initialize() and start_tls_s() + [2b846c7974c6] + + * README.LDAP: + Fix some typos, word choice and formatting issues. + [00dc8ca84b10] + +2004-05-28 Todd C. Miller + + * tgetpass.c: + Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use + read/write as it is simpler. + [30f5446ee8b0] - * TODO: updated for 1.5 + * configure, configure.in: + Remove hack overriding cross-compiler check. It should no longer be + needed. + [22a6cbd88608] -1996-08-25 13:23 millert + * compat.h: + Remove select() compat bits since we no longer use select(). + [d7bbf7cd36f5] - * RUNSON: updated for 1.5 + * CHANGES, tgetpass.c: + Use alarm() instead of select() for the timeout for systems that + don't fully/properly implement select(). + [d7cc60f15800] -1996-08-25 13:19 millert +2004-05-27 Todd C. Miller - * CHANGES: 1.5 release + * CHANGES: + synbc + [132a39788e07] -1996-08-25 13:17 millert + * RUNSON: + update + [61ef508380c6] - * INSTALL: added "upgrading" notes + * set_perms.c: + Deal with systems that have no way of setting the effective uid such + as nsr-tandem-nsk. + [306e00e9b5a4] -1996-08-22 14:00 millert + * configure, configure.in: + Define NO_SAVED_IDS if we don't find seteuid() + [8588f18345cf] - * visudo.c: now do chmod and chown after edit of temp file and - before rename + * config.h.in, configure, configure.in: + Add back check for setreuid() since NSK doesn't have it. + [43127bd703d1] -1996-08-18 12:52 millert + * sudoers.cat, sudoers.man.in: + regen + [af4f4b20e422] - * Makefile.in: ++version added INSTALL.configure + * CHANGES: + sync + [29ca3b699c24] -1996-08-18 12:52 millert + * BUGS: + sync + [3593f17f72ed] - * version.h, configure.in: ++version + * parse.c: + In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was + explicitly denied and the command matched. This fixes a long- + standing bug and makes: foo machine = (ALL) /usr/bin/blah + foo machine = (!bar) /usr/bin/blah -1996-08-18 12:51 millert + equivalent to: foo machine = (ALL, !bar) /usr/bin/blah + [2f5ee244985a] - * TROUBLESHOOTING: [no log message] + * sudoers.pod: + Clarify mail_noperm + [3238b2d41989] -1996-08-18 12:50 millert +2004-05-20 Aaron Spangler - * parse.yacc: added missing cast + * Makefile.in: + Missing DESTDIR in make install for sudo_noexec.la + [91431e821525] -1996-08-17 20:37 millert +2004-05-17 Todd C. Miller - * sudo.c: sets $HOME to pw_dir of runas user + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [cdfde0dcb556] + + * TODO: + sync + [4799b7d8b62c] + + * sudoers.pod: + Remove fastboot/fasthalt (who still remembers these?) and add a + minimal sudoedit example. + [19d299f233cd] + + * sample.sudoers: + Remove fastboot/fasthalt (who still remembers these?) and add a + minimal sudoedit example. + [b1bca73d6250] + + * UPGRADE, sudo.c, visudo.c: + filesystem -> file system + [1e1afaf30469] + + * TROUBLESHOOTING: + filesystem -> file system + [39fb594e9338] + + * CHANGES, INSTALL: + filesystem -> file system + [85948b608ffe] + + * sudo.pod, sudoers.pod: + Fix some minor typos and formatting goofs + [e94d243a0b90] + + * lex.yy.c: + regen + [2eed0ab1f4c4] + + * visudo.pod: + remove my email addr + [b63262c0389b] + + * sudo.pod, sudoers.pod, visudo.pod: + Use @mansectform@ and @mansectsu@ everywhere Make man page + references links with L<> + [f459f4b9ddb9] + + * parse.lex: + Accept quoted globbing characters and pass them verbatim for + fnmatch() + [8248b86e9380] + + * UPGRADE: + Document that /tmp/.odus is gone. + [3667b66af5bb] + + * pathnames.h.in: + No longer use /tmp/.odus as a possible timestamp dir unless + specifically configured to do so. Instead, if no /var/run exists, + use /var/adm/sudo or /usr/adm/sudo. + [48d94c9f9ad4] + + * configure: + No longer use /tmp/.odus as a possible timestamp dir unless + specifically configured to do so. Instead, if no /var/run exists, + use /var/adm/sudo or /usr/adm/sudo. + [058d7b8cf07b] + + * aclocal.m4: + No longer use /tmp/.odus as a possible timestamp dir unless + specifically configured to do so. Instead, if no /var/run exists, + use /var/adm/sudo or /usr/adm/sudo. + [cf52c4c2803f] -1996-08-17 20:02 millert + * CHANGES: + No longer use /tmp/.odus as a possible timestamp dir unless + specifically configured to do so. Instead, if no /var/run exists, + use /var/adm/sudo or /usr/adm/sudo. + [6058c4cefcec] + + * set_perms.c, sudo.c, tgetpass.c, visudo.c: + Preliminary changes to support nsr-tandem-nsk. Based on patches + from Tom Bates. + [2e5f81834383] - * sudo.pod: document $HOME change + * logging.c: + Preliminary changes to support nsr-tandem-nsk. Based on patches + from Tom Bates. + [934bbe6872b6] -1996-08-17 19:43 millert + * check.c, compat.h: + Preliminary changes to support nsr-tandem-nsk. Based on patches + from Tom Bates. + [390b698b5924] - * sudo.pod: fixed up some wording +2004-05-16 Todd C. Miller -1996-08-17 19:25 millert + * CHANGES: + There was no 1.6.7p6. + [8013d2e6b062] - * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, - goodpath.c, interfaces.c, logging.c, parse.c, parse.lex, - parse.yacc, putenv.c, strdup.c, sudo.c, sudo_setenv.c, - testsudoers.c, tgetpass.c, utime.c, visudo.c: ++version + * BUGS, CHANGES: + sync + [c38b41f32857] -1996-08-17 19:19 millert + * Makefile.in: + add missing files to DISTFILES + [e6a80ad03039] - * emul/utime.h, compat.h, ins_2001.h, ins_classic.h, ins_csops.h, - ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h: - ++version + * sudo.cat, sudoers.cat, visudo.cat: + regen + [027bc9746dd5] -1996-08-17 19:18 millert + * sudoers.man.in: + regen + [f5e85ef686cf] - * sudo.h: name nad type changes + * Makefile.in: + Fix some line wrap and update (c) year + [bad1f46aa1ca] -1996-08-17 19:17 millert +2004-04-28 Aaron Spangler - * testsudoers.c: now works with new sudo + * README.LDAP: + Build Note + [7a061248249b] -1996-08-17 19:07 millert +2004-04-07 Aaron Spangler - * parse.yacc: fixed some XXX + * Makefile.in: + Fix install-dirs + [be0726dd92e7] -1996-08-17 18:52 millert +2004-04-05 Todd C. Miller - * parse.yacc: some variable name changes + comment headers for - functions. + * sudo.tab.c: + regen + [3f4f0d1ab8b9] -1996-08-17 18:41 millert + * visudo.c: + In Exit() when used as a signal handler, emsg is a pointer so + sizeof() is wrong so make it a #define instead. Also avoid using a + negative exit value. Found by Aaron Campbell + [78716a3a3fdc] - * tgetpass.c: added extra paren's to make compilers happy +2004-03-24 Todd C. Miller -1996-08-17 18:34 millert + * sudoers.pod: + Remove bogus sentence about uids in a User_List. Document usernames + vs. uid parsing in a Runas_List. + [7ca510b5031c] - * sudo.c: [no log message] + * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: + If the user specified a uid with the -u flag and the uid exists in + the passwd file, set runas_user to the name, not the uid. -1996-08-17 18:30 millert + When comparing usernames in sudoers, if a name is really a uid + (starts with '#') compare it numerically to pw_uid. + [8d6935d04673] - * parse.c: now uses init_parser() if not in sudoers and tries - "list" or "validate" scold but don't be nasty. +2004-03-22 Todd C. Miller -1996-08-17 18:29 millert + * auth/kerb5.c: + krb5_mcc_ops should be const; Johnny C. Lam + [aa8c753e426e] - * TROUBLESHOOTING: now can use upper case login names +2004-02-28 Aaron Spangler -1996-08-17 18:29 millert + * CHANGES, config.h.in, ldap.c: + Added start_tls support + [7ef864c15b69] - * visudo.c: now uses init_parser() +2004-02-14 Todd C. Miller -1996-08-17 18:28 millert + * Makefile.in: + Clean up libtool stuff for 'make distclean' and add def_data.c, + def_data.h to PARSESRCS. + [bf9bb6bb06ab] - * PORTING: added info about PASSWORD_TIMEOUT +2004-02-14 Aaron Spangler -1996-08-17 18:28 millert + * strlcat.c, strlcpy.c: + Un-Fix last license munge + [42654b77ac71] - * INSTALL, README: updated +2004-02-13 Todd C. Miller -1996-08-17 18:28 millert + * configure: + regen + [e4de6b23a4dc] - * INSTALL.configure: Initial revision + * CHANGES, RUNSON, TODO: + checkpoint + [94e1ace84d5c] -1996-08-17 18:27 millert + * lex.yy.c, sudo.tab.c: + regen + [8ce784505643] - * BUGS: fixed a bug , + * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, + emul/search.h, emul/utime.h: + More to a less restrictive, ISC-style license. + [a31b20e48003] -1996-08-17 18:27 millert + * auth/kerb5.c, auth/pam.c: + More to a less restrictive, ISC-style license. + [e41f92b41216] - * parse.yacc: now dynamically allocates memory for the stacks -- no - more overflows! + * auth/dce.c, auth/fwtk.c, auth/kerb4.c: + More to a less restrictive, ISC-style license. + [87534c164a52] -1996-08-17 18:26 millert + * auth/bsdauth.c: + More to a less restrictive, ISC-style license. + [e21be6594b58] - * sudo.pod: -l now explands command aliases + * auth/afs.c, auth/aix_auth.c, zero_bytes.c: + More to a less restrictive, ISC-style license. + [6d234be91c5e] -1996-08-17 13:22 millert + * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c, + visudo.man.in, visudo.pod: + More to a less restrictive, ISC-style license. + [b02aea324fd6] - * parse.yacc: hacks to expand command aliases for `sudo -l' + * sudo_noexec.c: + More to a less restrictive, ISC-style license. + [a6da7631e0b2] -1996-08-17 13:22 millert + * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, + sudo_edit.c: + More to a less restrictive, ISC-style license. + [71cdcc241e94] - * sudo.c: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, - and bash) + * sigaction.c, strerror.c: + More to a less restrictive, ISC-style license. + [4bccdedca58a] -1996-08-17 13:22 millert + * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in, + set_perms.c: + More to a less restrictive, ISC-style license. + [64d772d70ab3] - * sudo.h: added struct command_alias + * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, interfaces.c, interfaces.h: + More to a less restrictive, ISC-style license. + [520381c60a54] -1996-08-17 13:20 millert + * find_path.c, getprogname.c: + More to a less restrictive, ISC-style license. + [f605d5eab6f1] - * sudo.pod: fixed a bug + * fileops.c: + More to a less restrictive, ISC-style license. + [4129a8b38a67] -1996-08-17 13:15 millert + * env.c: + More to a less restrictive, ISC-style license. + [d5bd859757de] - * lsearch.c: in compar() key should be first arg + * defaults.h: + More to a less restrictive, ISC-style license. + [008f5d5743f5] -1996-08-15 15:48 millert + * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h, + defaults.c: + More to a less restrictive, ISC-style license. + [d8d7bfc8a18b] - * BUGS: fixed some bugs + * utime.c, version.h: + More to a less restrictive, ISC-style license. + [e2e038ad8209] -1996-08-15 15:47 millert + * parse.lex, parse.yacc: + More to a less restrictive, ISC-style license. + [2f5942e847a1] - * parse.yacc: can now deal with upcase HOST and USER names + * Makefile.binary: + More to a less restrictive, ISC-style license. + [1ed561734535] -1996-08-15 15:47 millert +2004-02-13 Aaron Spangler - * sudo.c: don't yell too loudly at non-sudoers if they do "sudo -l" + * sudoers2ldif: + Merged in LDAP Support + [3994c4d05947] -1996-08-15 15:46 millert + * ldap.c, sudo.c, sudo.h: + Merged in LDAP Support + [547eaa346fcc] - * sudo.pod: fixed thinko + * def_data.c, def_data.h, def_data.in: + Merged in LDAP Support + [8fb255280e42] -1996-08-15 15:46 millert + * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in: + Merged in LDAP Support + [1038092a161e] - * parse.c: fix comment +2004-02-08 Todd C. Miller -1996-08-09 18:07 millert + * sudo.h, sudo_noexec.c: + Only do "extern int errno" if errno is not a macro. + [b2e02a08be8b] - * parse.c, parse.yacc: added support for new `sudo -l' stuff +2004-02-06 Todd C. Miller -1996-08-09 18:06 millert + * set_perms.c: + setreuid(0, 0) fails on QNX if the euid is not already 0 so set the + euid first, then just call setuid(0) to set the real uid too. + [f08546e2e0ee] - * sudo.c: now uses list_matches() + * set_perms.c: + Use setresuid() and setreuid() for PERM_RUNAS when appropriate + instead of seteuid() which may not exist. + [ba508581befb] -1996-08-09 18:06 millert +2004-02-04 Todd C. Miller - * sudo.h: added struct sudo_match + * LICENSE: + 2004 + [37425513a342] -1996-08-09 17:37 millert + * INSTALL, config.h.in, configure, configure.in, ins_classic.h: + Add --with-pc-insults configure option + [7daa5294c17b] - * configure.in: now more -lgnumalloc + * visudo.man.in: + Prefer VISUAL over EDITOR like old vipw did. + [996252a4ab65] -1996-08-01 13:12 millert +2004-02-01 Todd C. Miller - * install-sh: added more paths for chown and whoami + * sudo.man.in, sudoers.man.in: + regen + [a247f1c52eb9] + + * sudoers.pod: + Add a note that noexec is not a cure-all. + [9e7fc535367d] + + * sudoers.pod: + Mention that disabling "root_sudo" is pretty pointless. + [f38a415afba0] + + * configure, configure.in: + Substitute for root_sudo in sudoers.pod + [ce483cfc86be] + + * sudo.pod: + Add sudoedit to the NAME section + [51bc453ec2f6] + + * sudoers.pod: + Document that fact that setting ignore_dot in sudoers has no effect + due to the fact that find_path() is called *before* sudoers is read. + [6808df7e417c] + +2004-01-30 Todd C. Miller -1996-07-31 10:41 millert + * sudo_edit.c: + Do not require _PATH_USRTMP to be set. + [546f3270dd10] - * check.c: typo + * BUGS, CHANGES, TODO: + sync + [4205ddeab781] -1996-07-30 13:45 millert + * sudo.man.in: + regen + [e2143690a88a] - * aclocal.m4: fixed DUNIX check for shadow pw + * sudo.pod: + Clarify that when sudo is run by root with the SUDO_USER variable + set, the sudoers lookup happens for root and not the SUDO_USER user. + [47207bec1bdf] + +2004-01-29 Todd C. Miller + + * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c, + set_perms.c, sigaction.c, sudo.c, tgetpass.c: + Use the SET, CLR and ISSET macros. + [a8b0d7f1e8fd] + + * fnmatch.c: + Use the SET, CLR and ISSET macros. + [1afbcba22ba6] + + * defaults.c, env.c: + Use the SET, CLR and ISSET macros. + [2f39431e0a49] + + * interfaces.h: + MAIN was replaced with _SUDO_MAIN some time ago. + [ea1b38f2ac9d] + + * sudo.c: + Don't look at prev_user until after we've parsed sudoers and done + the password check. That way, if sudo/sudoedit is run from a root + process that was invoked by sudo, we check sudoers for root, not the + previous user. This makes sudoedit much more useful and means that + for the sudo case, we get correct logging on who actually ran the + command. + [431dfbf20552] + +2004-01-23 Todd C. Miller + + * sudo_edit.c: + Add a comment describing why we need to be notified about our child + stopping. + [0bec3ce4b49d] + +2004-01-22 Todd C. Miller + + * def_data.c, def_data.in: + Update the noexec variable descriptions + [9cb7f1aa0e57] + + * sudoers.man.in, sudoers.pod: + noexec now replaces more than just execve() + [23cbdc0ee95c] + + * sudo_noexec.c: + Alas, all the world does not go through execve(2). Many systems + still have an execv(2) system call, Linux 2.6 provides fexecve(2) + and it is not uncommon for libc to have underscore ('_') versions of + the functions to be used internally by the library. Instead of + stubbing all these out by hand, define a macro and let it do the + work. Extra exec functions pointed out by Reznic Valery. + [9fa0cd871b0c] + + * sudo.c, sudo_edit.c: + Fix suspending the editor in -e mode. Because we do a fork() first + we need to be notified when the child has been stopped and then send + that same signal to ourself so the shell can do its job control + thing. + [773165eb6057] + + * visudo.c: + Use WIFEXITED and WEXITSTATUS macros. If there are systems out + there that want to run sudo that still don't support these we can + try to deal with that later. + [6af68e4aff60] + + * lex.yy.c: + regen + [403435317d5d] + + * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod: + Document sudo -e / sudoedit + [a80f6ea910af] + + * configure, configure.in: + fix typo + [5020fcdc27f4] + + * config.h.in, configure.in: + Add SET/CLR/ISSET + [03ff57286e7e] + +2004-01-21 Todd C. Miller + + * sudo.c: + Allow non-exclusive flags when invoked as sudoedit. Pretty print the + long usage() line to not wrap (assumes 80 char display) + [3941fa4004bb] + + * Makefile.in, sudo.c: + If sudo is invoked as "sudoedit" the -e flag is implied and no other + flags are permitted. + [929670b01293] + + * sudo.h: + Add a new flag, -e, that makes it possible to give users the ability + to edit files with the editor of their choice as the invoking user, + not the runas user. Temporary files are used for the actual edit + and the temp file is copied over the original after the editor is + done. + [c4051414c1f4] + + * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: + Add a new flag, -e, that makes it possible to give users the ability + to edit files with the editor of their choice as the invoking user, + not the runas user. Temporary files are used for the actual edit + and the temp file is copied over the original after the editor is + done. + [37ac05c8ac3c] + + * env.c, sudo.c: + If real uid == 0 and the SUDO_USER environment variables is set, use + that to determine the invoking user's true identity. That way the + proper info gets logged by someone who has done "sudo su" but still + uses sudo to as root. We can't do this for non-root users since + that would open up a security hole, though perhaps it would be + acceptable to use getlogin(2) on OSes where this a system call (and + doesn't just look in the utmp file). + [c2f9198708a1] + + * pathnames.h.in: + Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP + [7d9e5768df93] + + * config.h.in, configure, configure.in: + Add check for fchown(2) + [a85df18798ed] + +2004-01-20 Todd C. Miller + + * sudo.c: + Back out portions of the -i commit that set NewArgv[0] in + set_runaspw. It is far to late to set NewArgv[0] there and will have + no effect anyway as cmnd and safe_cmnd have already been set. + [c2d343430c1c] + + * visudo.c, visudo.pod: + Prefer VISUAL over EDITOR like old vipw did. + [ae32f477cea3] + +2004-01-19 Todd C. Miller + + * env.c, sudo.c: + In -i mode always set new environment based on the runas user's + passwd entry. + [fa653b7887a8] + +2004-01-18 Todd C. Miller + + * sudo.man.in, sudo.pod: + Document the new -i flag and sync SYNOPSIS section with usage() in + sudo.c. Also sort the flags in the OPTIONS section. + [6aabc0ffc47e] + + * sudo.c, sudo.h: + o Add -i that acts similar to "su -", based on patches from David J. + MacKenzie o Sort the flags in the usage message + [c0fe7d6beffd] + + * sudoers.man.in, sudoers.pod: + Add a missing @runas_default@ substitution. + [60516fe2d090] + +2004-01-17 Todd C. Miller + + * sudo.c: + Change euid to runas user before calling find_path(). + Unfortunately, though runas_user can be modified in sudoers we + haven't parsed sudoers yet. + [f469fdf2e313] + + * sudoers.man.in, sudoers.pod: + Add missing defintion of Parameter_List and use single pipes in the + Defaults EBNF definition. + [f7bed6e909bf] + + * sudo.c: + Fix a bug when set_runaspw() is used as a callback. We don't want + to reset the contents of runas_pw if the user specified a user via + the -u flag. + + Avoid unnecessary passwd lookups in set_authpw(). In most cases we + already have the info in runas_pw. + [efc35623ba09] + +2004-01-16 Todd C. Miller + + * check.c: + Add Stan Lee / Uncle Ben quote to the lecture from RedHat + [ebd5a76ccd7e] + + * sudo.h: + Update sudo_getepw() proto and add one for set_runaspw() + [6ed65795c17f] + + * parse.c: + If we can't stat the command as root, try as the runas user instead. + [ae713fca0e15] + + * testsudoers.c, visudo.c: + Add stub set_runaspw() function + [42aa37050053] + + * sudo.c: + Add set_runaspw() function to fill in runas_pw. This will be used + as a callback to update runas_pw when the runas user changes. + [e570aa0088d0] + + * env.c, sudo.c: + PERM_RUNAS -> PERM_FULL_RUNAS + [51eec6f9e89a] + + * set_perms.c, sudo.h: + Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just + changes the euid. + [877c6fe4d12c] + + * getspwuid.c: + Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in + one chunk for easy free()ing. Also change it from static to extern. + [ab503260a7ec] + + * defaults.c, defaults.h: + Add callback support + [a61c4ca983fb] + + * mkdefaults: + Add a callback field and use it for runas_default + [96b69c27df5e] + + * def_data.c, def_data.in: + Add a callback field and use it for runas_default + [d3e9f06872b8] + +2004-01-15 Todd C. Miller + + * auth/fwtk.c: + Add support for chalnecho and display server responses used by fwtk + >= 2.0 + [b1870f7aaf0d] + +2004-01-12 Todd C. Miller + + * sudoers.man.in, sudoers.pod: + ld.so is ld.so.1 on solaris + [2bf9a123fa4c] + + * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h: + Use closefrom() instead of doing the equivalent inline. + [7e3ef6072884] + + * closefrom.c: + closefrom(3) for systems w/o it + [35caf58bb636] + +2004-01-09 Todd C. Miller + + * sudoers.man.in: + Update from .pod file. + [d4c94fc0e0c9] + + * configure, configure.in: + Substitute noexec_file for the sudoers man page + [203d3376a551] + + * sudo.man.in, sudo.pod: + Mention noexec + [014375ddbb06] + + * sudoers.man.in, sudoers.pod: + Document noexec + [49a65d06201f] + + * auth/pam.c, config.h.in, configure.in: + Move PAM_CONST macro definition from config.h to pam.c where it + belongs. We can't have this in config.h since that gets included too + early. + [e64748071637] + + * auth/pam.c, config.h.in, configure, configure.in: + Some PAM implementations put their headers in /usr/include/pam + instead of /usr/include/security. + [8cc749e9575c] + + * configure.in: + I missed changing the EXEC macro -> EXECV here when I changed this + in config.h.in and sudo.c a while ago. + [6f5afac7789f] + + * acsite.m4: + OpenBSD vax/m88k/hppa don't do shared libs + [e4901d958bb7] + + * configure, configure.in: + o merge the hpux case entries into a single entry w/ its own sub- + case statement. o HP-UX >= 11 support getspnam(), use it in + preference to getprpwuid() + [0caad428894e] + + * configure, configure.in: + eval $shrext so that it expands nicely on MacOS X + [40419343eef8] + + * Makefile.in: + Don't lie about making a module, it does the wrong thing on mach + [7629b28f5688] + + * ltmain.sh: + Remove requirement that libs must begin with "lib". They don't when + we point directly at the lib using LD_PRELOAD or its equivalent. + [d66f3de6ec85] + + * acsite.m4: + Disable support for c++, f77 and java. We don't need it, it takes a + lot of time, and it hosed our check for shared lib support. + [4f5749c52ce4] + + * configure: + regen + [160865e9d15f] + + * configure.in: + Call AC_ENABLE_SHARED and check the status of enable_shared to know + when shared libs are available. + [42504c1668fc] + + * acsite.m4: + Duh, OpenBSD suports shared libs too + [8e3cd9417475] + + * config.h.in, configure.in: + Only OpenPAM and Linux PAM use const qualifiers. + [b2f76476e866] + + * configure, configure.in: + o No need to check for sed, libtool config does that for us o move + check for --with-noexec until after libtool magic is run so we can + use $can_build_shared and $shrext + [668c656e89cc] + + * ltmain.sh: + Don't print a bunch of crap about library installs since we are not + really installing a library. + [83fbcad29fe4] + + * env.c: + Make format_env() varargs Add noexec support for Darwin, MacOS X, + Irix, and Tru64 + [468885d75d10] + + * acsite.m4, ltconfig, ltmain.sh: + Update to libtool 1.5 with local changes: o no ldconfig in the + finish step o assume no libprefix or version is needed + [4961cffc3797] + + * sudo_noexec.c: + Fix compilation under K&R + [8b309bf0b1b2] + +2004-01-06 Todd C. Miller + + * CHANGES: + checkpoint + [3c368badab32] + + * sudo_noexec.c: + stub execve() that just returns EACCES; used for noexec + functionality + [1297acae283a] + + * sudo.tab.h: + Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with + generated code. + [dcab78c49273] + + * sudo.tab.c: + Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with + generated code. + [0a61c735eabe] + +2004-01-05 Todd C. Miller + + * def_data.c, def_data.h, def_data.in: + Move the environment defaults to the end and shorten a few of the + descriptions. + [66787b9c612c] + + * configure, configure.in: + no shared libs on ultris or convexos + [2c5f3c456e32] + + * Makefile.in, configure, configure.in: + Build sudo_noexec shared object using libtool; could use some + cleanup. + [373f483555dd] + + * acsite.m4, ltconfig, ltmain.sh: + libtool scaffolding + [c903a42e3d90] + + * parse.yacc, sudo.tab.c: + Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not + important. + [c6e8a34639a4] + + * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex, + parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c: + update copyright year + [a16372ae1711] + + * configure, configure.in, defaults.c, env.c, pathnames.h.in: + Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure + option. The default value of noexec_file is set to this. + [7d88e1d3c494] -1996-07-30 13:41 millert + * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c, + parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, + sudo.tab.h: + Add support for preloading a shared object containing a dummy + execve() function that just sets error and returns -1. This adds a + "noexec_file" option to load the filename as well as a "noexec" flag + to enable it unconditionally. There is also a NOEXEC tag that can + be attached to specific commands and an EXEC tag to disable it. + [c8b6712feb91] + + * mkdefaults: + add missing newline to usage statement + [e84746618362] + + * config.h.in, sudo.c: + Rename EXEC macro -> EXECV + [ddaa0c027299] + + * logging.c: + Don't truncate usernames to 8 characters in the log message. + [f62a20f27075] + + * check.c, sudoers.man.in, sudoers.pod: + Update copyright year + [ca9964054085] - * tgetpass.c: now only turn off echo if it is already on. this - fixes a race when you use sudo in a pipelin + * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in, + sudoers.pod: + Add a new option, lecture_file, that can be used to point to a + custom sudo lecture. + [940133231216] -1996-07-30 12:53 millert +2003-12-31 Todd C. Miller - * INSTALL: updated + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/sudo_auth.c: + Add a zero_bytes() function to do the equivalent of bzero in such a + way that will heopfully not be optimized away by sneaky compilers. + [161b6d74bfb4] -1996-07-29 22:29 millert + * zero_bytes.c: + Add a zero_bytes() function to do the equivalent of bzero in such a + way that will heopfully not be optimized away by sneaky compilers. + [d035abf0af94] - * configure.in: changed "test -z $foo && do_this" to if; then - construct + * Makefile.in, sudo.h: + Add a zero_bytes() function to do the equivalent of bzero in such a + way that will heopfully not be optimized away by sneaky compilers. + [ff136de3e255] -1996-07-28 22:47 millert + * err.c: + Use #ifdef __STDC__, not #if __STDC__. + [6889dd6bc51a] - * configure.in: added missing defines of SHADOW_TYPE +2003-12-30 Todd C. Miller -1996-07-26 14:10 millert + * mkdefaults: + Always put at least one space between the def_* macro name and its + definition. + [6b3ad0e6619a] - * check.c: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since - they are only in dunix 4.x + * configure, configure.in: + Adjust code for --without-lecture to match new values. + [062aa788a6b9] -1996-07-26 14:09 millert + * visudo.man.in: + regen after pasto fix + [3deec16906c0] - * getspwuid.c: added AUTH_CRYPT_C1CRYPT support + * sudoers.man.in, sudoers.pod: + Document that "lecture" has changed from a flag to a tuple. + [e2c03062b533] -1996-07-26 13:23 millert + * check.c, def_data.c, def_data.h, def_data.in, defaults.c, + defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h: + Add support for tuples in def_data.in; these are implemented as an + enum type. Currently there is only a single tuple enum but in the + future we may have one tuple enum per T_TUPLE entry in def_data.in. + Currently listpw, verifypw and lecture are tuples. This avoids the + need to have two entries (one ival, one str) for pwflags and syslog + values. + + lecture is now a tuple with the following values: never, once, + always + + We no longer use both an int and string entry for syslog facilities + and priorities. Instead, there are logfac2str() and logpri2str() + functions that get used when we need to print the string values. + [5293f946c836] + + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, + check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c, + logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c, + sudo.tab.c, visudo.c: + Create def_* macros for each defaults value so we no longer need the + def_{flag,ival,str,list,mode} macros (which have been removed). This + is a step toward more flexible data types in def_data.in. + [009c02934106] + + * TODO: + checkpoint + [0a99a4bb5d15] - * parse.c: no longer return VALIDATE_NOT_OK if there was a runas - that didn't match. Now we can have runas stuff on more than one - line. +2003-12-23 Todd C. Miller + + * sudo.c: + If we are in -k/-K mode, just spew to stderr. It is not unusual for + users to place "sudo -k" in a .logout file which can cause sudo to + be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died. + Previously, this would result in useless mail and logging. + [d282e7ed63af] -1996-07-25 23:45 millert +2003-12-16 Todd C. Miller - * configure.in: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always - defined to something + * visudo.pod: + fix pasto in VISUAL description + [1c6a6148b5f9] -1996-07-25 23:45 millert +2003-12-10 Todd C. Miller - * config.h.in: removed HAVE_C2_SECURITY added SPW_BSD + * configure: + regen + [f44312c63799] -1996-07-25 23:44 millert + * CHANGES: + checkpoint + [0c42e38f78d5] - * compat.h, getspwuid.c, sudo.c, tgetpass.c: use SHADOW_TYPE - instead of HAVE_C2_SECURITY + * TROUBLESHOOTING: + Some OSes (like Solaris) allow export w/ nosuid too + [973ce85ffa12] -1996-07-25 23:44 millert +2003-08-12 Todd C. Miller - * check.c: SHADOW_TYPE is always defined so just against its value + * compat.h: + We don't use FD_ZERO anymore so just define FD_SET (if not already + there). + [d1c8c11905cd] -1996-07-25 23:44 millert +2003-06-29 Todd C. Miller - * aclocal.m4: added SUDO_CHECK_SHADOW_DUNIX + * auth/pam.c: + Fix a core dump on Solaris by preserving the pam_handle_t we used + during authentication for pam_prep_user(). If we didn't + authenticate (ie: ticket still valid), we call pam_init() from + pam_prep_user(). This is something of a hack; it may be better to + change the auth API and add an auth_final() function that acts like + pam_prep_user(). + [f787de49b175] -1996-07-25 18:47 millert +2003-06-21 Todd C. Miller - * sudoers.pod: * -> ?* in one example added another instance of - (runas) and one of NOPASSWD: + * set_perms.c: + Add explicit declaration of printerr variable in function header + (was defaulting to int which is OK but oh so K&R :-). From Theo. + [492c2358783f] -1996-07-24 13:02 millert +2003-06-09 Todd C. Miller - * configure.in: added back check for config.cache from other host - type + * config.h.in, configure.in: + s/HAVE_STOW/USE_STOW/ + [4b99e1824ece] -1996-07-24 12:49 millert + * logging.c: + Also exit waitpid() loop when pid == 0. Fixes a problem where the + sudo process would spin eating up CPU until sendmail finished when + it has to send mail. + [ec3d5792b9b4] + +2003-05-30 Todd C. Miller - * parse.lex: removed an instance of \" + * fnmatch.c: + Remove advertising clause, UCB has disavowed it + [43a26bbd6628] -1996-07-24 12:49 millert + * fnmatch.3: + Remove advertising clause, UCB has disavowed it + [3ff24291bcfa] - * sample.sudoers: added an example +2003-05-22 Todd C. Miller -1996-07-24 12:44 millert + * parse.c: + Don't assume that getgrnam() calls don't modify contents of struct + passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen. + Based on a patch from Kirk Webb. + [5574c68f60f3] - * sudoers.pod: updated wrt new wildcard matching +2003-05-06 Todd C. Miller -1996-07-24 10:28 millert + * configure.in: + missing ;; + [22378f2a9d31] - * configure.in: new check for shadow passwords if we don't know - anything + * configure.in: + darwin has a broken setreuid() in at least some versions + [d572aed930d2] -1996-07-24 10:28 millert + * env.c: + Fix an off by one error when reallocating the environment; Kevin Pye + [3d98e7cf097a] - * aclocal.m4: new SUDO_CHECK_SHADOW_GENERIC +2003-04-30 Todd C. Miller -1996-07-24 02:19 millert + * sudoers.pod: + Fix User_Spec definition; SEKINE Tatsuo + [49b0da65e090] - * configure.in: added back check for -lsocket (oops) +2003-04-28 Todd C. Miller -1996-07-24 02:16 millert + * HISTORY: + More info on the early days from Coggs. + [9381ca10b06b] - * configure.in: better (working) check for shadow passwd type if we - know to use C2. +2003-04-21 Todd C. Miller -1996-07-24 01:59 millert + * auth/kerb5.c: + remove errant semicolon that prevented compilation under heimdal + [d2f2bb73a598] - * configure.in: now uses AC_CANONICAL_HOST to figure out os type +2003-04-16 Todd C. Miller -1996-07-24 01:59 millert + * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod: + add DARPA credit on affected files + [7020785ee50d] - * Makefile.in: added config.{guess,sub} + * sudoers.pod: + add DARPA credit on affected files + [83b46318750b] -1996-07-24 01:58 millert + * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, + sudoers.man.in: + add DARPA credit on affected files + [d8adf1c2ba22] - * aclocal.m4: removed unused stuff to figure out os type + * set_perms.c: + add DARPA credit on affected files + [3d79fdabb582] -1996-07-23 22:58 millert + * pathnames.h.in: + add DARPA credit on affected files + [e334cdda422f] - * config.sub: added openbsd + * logging.c, parse.c: + add DARPA credit on affected files + [8f75f822755b] -1996-07-23 22:54 millert + * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c, + find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c, + interfaces.h: + add DARPA credit on affected files + [da66e28fb3f5] - * config.sub: Initial revision + * auth/kerb5.c, auth/pam.c: + add DARPA credit on affected files + [15da3021b49c] -1996-07-23 22:40 millert + * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, + auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c, + version.h: + add DARPA credit on affected files + [868d54cbddea] - * config.guess: Initial revision + * env.c: + add DARPA credit on affected files + [90239f51ef0a] -1996-07-23 21:18 millert + * defaults.c, defaults.h: + add DARPA credit on affected files + [6a64205fd1eb] - * testsudoers.c: don't call fnmatch() with FNM_PATHNAME flag unless - it can only be a pathname. need to check against sudoers_args - even if user_args is nil + * compat.h: + add DARPA credit on affected files + [316a735783c4] -1996-07-23 21:18 millert + * Makefile.in, alloc.c, check.c: + add DARPA credit on affected files + [cd939e05c810] - * parse.c: don't call fnmatch() with FNM_PATHNAME flag unless it - can only be a pathname need to check against sudoers_args even if - user_args is nil + * LICENSE: + slightly different wording for the darpa credit + [e468909c4a21] -1996-07-23 18:52 millert +2003-04-15 Todd C. Miller - * check.c: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2 + * LICENSE: + Add DARPA credit + [8eb20e2cd63e] -1996-07-23 01:18 millert +2003-04-14 Todd C. Miller - * testsudoers.c: now takes command line args and uses cmnd_args + * auth/kerb5.c: + Use krb5_princ_component() instead of krb5_princ_realm() for MIT + Kerberos like we did before I messed things up ;-) -1996-07-23 01:10 millert + Use krb5_principal_get_comp_string() to do the same thing w/ + Heimdal. I'm not sure if the component should be 0 or 1 in this + case. - * parse.lex: fill_args was adding an extra leading space + #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since + older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there + should be a configure check for this I guess. + [74919a3933fe] -1996-07-22 15:50 millert +2003-04-13 Todd C. Miller - * visudo.c: fixed dummy command_matches() + * sample.sudoers: + builtin -> built-in; Jason McIntyre + [027f2187923e] + + * TROUBLESHOOTING, config.h.in, configure, configure.in: + builtin -> built-in; Jason McIntyre + [70b81ac48943] + + * sudoers.pod: + built in -> built-in; Jason McIntyre + [da658ef5138d] + +2003-04-09 Todd C. Miller + + * CHANGES: + checkpoint for 1.6.7p3 + [da85f989fadf] + + * HISTORY: + Update info on the early years @ SUNY-Buffalo from Cliff Spencer. + Amazingly, sudo source from 1985 is available via groups.google.com + [39e0fc85b89f] + + * sudo.c: + Don't change rl.rlim_max for RLIMIT_CORE. We need only set + rl.rlim_cur to 0 to turn off core dumps. This may be needed for the + RLIMIT_CORE restoration on some OSes. + [7e2c1a7adfd8] + +2003-04-04 Todd C. Miller + + * auth/kerb5.c: + Make this compile on Heimdal and MIT Kerberos 5 + [44c07d615868] + + * config.h.in, configure, configure.in: + Check for heimdal even if we found krb5-config and define + HAVE_HEIMDAL. + [aba0126f0059] -1996-07-22 15:50 millert + * auth/kerb5.c: + Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is + no longer defined by MIT kerb5 (though it used to be and indeed + remains so in Heimdal). + [e5a6c64d7cd5] - * parse.yacc: fixed prototype +2003-04-03 Todd C. Miller -1996-07-22 15:31 millert + * mkinstalldirs: + Remove newer stuff that passes multiple (possibly duplicate) + directories to "mkdir -p" since that seems to break on Tru64 Unix at + least. This basically brings back what shipped with sudo 1.6.6. + [f2a1abd872b3] - * sudo.h: added cmnd_args +2003-04-02 Todd C. Miller -1996-07-22 15:31 millert + * auth/kerb5.c: + Correct number of args to krb5_principal_get_realm() and fix an + unclosed comment that hid the bug. + [0b37f8ce7824] - * parse.yacc: now uses flat args string + * configure: + regen + [1876cb840fe0] -1996-07-22 15:30 millert + * configure.in: + ++version + [480aff7c048e] - * parse.c, parse.lex: now uses flat arg string + * README: + ++version + [488e0bbff613] -1996-07-22 15:29 millert + * Makefile.in: + ++version + [97ef63cedc38] - * visudo.c: added cmnd_args def + * INSTALL.binary: + ++version + [a506204e77d0] -1996-07-22 14:30 millert + * INSTALL: + ++version + [555aeba5c2bf] - * sudo.c: now sets cmnd_args global + * CHANGES, version.h: + ++version + [f66985a64063] -1996-07-22 14:30 millert + * BUGS: + ++version + [ea3573432412] - * logging.c: cmnd_args is now exported from sudo.[ch] + * configure.in: + use krb5-config to determine Kerberos V details if it exists + [7b46bbdaf774] + + * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c, + auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c, + find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h, + testsudoers.c, visudo.c: + Use warn/err and getprogname() throughout. The main exception is + openlog(). Since the admin may be filtering logs based on the + program name in the log files, hard code this to "sudo". + [9f180d015cfa] + + * Makefile.in: + Add getprogname.c and err.c + [d411c54a07dc] + + * configure: + regen + [6d585d391acc] + + * config.h.in, configure.in: + Add checks for getprognam(), __progname and err.h + [bcbccf61d34a] + + * emul/err.h: + For systems withour err/warn functions. + [1b33118884d9] + + * err.c: + For systems withour err/warn functions. + [26721f6b041f] + + * getprogname.c: + For systems neither getprogname() nor __progname; uses Argv[0]. + [841cf42af1eb] + +2003-04-01 Todd C. Miller + + * CHANGES: + checkpoint for 1.6.7p1 + [5bfdaf441dce] + + * sudo.c, testsudoers.c: + fix strlcpy() rval check (innocuous) + [e05ac7e0d1f3] + + * check.c: + oflow detection in expand_prompt() was faulty (false positives). The + count was based on strlcat() return value which includes the length + of the entire string. + [086c5a0acb25] + +2003-03-31 Todd C. Miller + + * RUNSON, TODO: + checkpoint for the sudo 1.6.7 release + [096bab4da29a] [SUDO_1_6_7] + + * CHANGES: + checkpoint for the sudo 1.6.7 release + [87322187ed78] + +2003-03-24 Todd C. Miller + + * logging.c: + g/c unused variable + [c57cd4a17765] + + * configure: + regen + [e7c1f581dfac] + + * configure.in: + use man sections 8 and 5 for csops + [87de581bda88] + +2003-03-21 Todd C. Miller + + * configure: + regen + [cb1433a9c7a1] + + * configure.in: + Add -lskey or -lopie directly to SUDO_LIBS instead of having + AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage. + [ac5667978939] + + * configure: + regen + [638459118a2a] + + * configure.in: + Add --with-blibpath for AIX. An alternate libpath may be specified + or + -blibpath support can be disabled. Also change conifgure such that + -blibpath is not specified if no -L libpaths were added to + SUDO_LDFLAGS. + [c7d17b480cad] + + * aclocal.m4: + Add --with-blibpath for AIX. An alternate libpath may be specified + or + -blibpath support can be disabled. Also change conifgure such that + -blibpath is not specified if no -L libpaths were added to + SUDO_LDFLAGS. + [37022e991575] + + * INSTALL: + Add --with-blibpath for AIX. An alternate libpath may be specified + or + -blibpath support can be disabled. Also change conifgure such that + -blibpath is not specified if no -L libpaths were added to + SUDO_LDFLAGS. + [4b4bbe5bbe1b] + + * configure.in: + add AIX blibpath support + [16ba788bf086] + + * INSTALL, configure.in: + --with-skey and --with-opie now take an option directory argument + This obsoletes a --with-csops hack (/tools/cs/skey) + + Also remove the remaining direct uses of "echo" + [5b4986a90c03] + +2003-03-20 Todd C. Miller + + * configure.in: + Detect KTH Kerberos IV and deal with it. Also make -lroken optional + for KTH Kerberos IV and V. + [119f97b48e18] + + * aclocal.m4: + Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and + -R/path/to/dir if $with_rpath) to the specified variable. + [e55e49d076ce] + + * INSTALL, configure.in: + Add -R/path/to/libs for Solaris and SVR4. There is a new configure + option, --with-rpath to control this behavior. + [d4730c5399ab] + + * configure.in: + for kerb4 put libdes after libkrb on the link line + [5c566100eab6] + + * auth/kerb4.c: + typo + [6541b72b64a3] + + * configure.in: + fix kerberos lib check when a path is specified + [ae833a914c6f] + + * logging.c: + Fix boolean thinko in SIGCHLD reaper and call reapchild after + sending mail instead of doing a conditional sudo_waitpid. + [86fa9a35df5a] + +2003-03-19 Todd C. Miller + + * configure: + regen + [e6275cf528ba] + + * configure.in: + replace =DIR with [=DIR] where sensible + [c39a59173b38] + + * configure.in: + o Use AC_MSG_* instead of "echo" o New Kerberos include/lib + detection based on openssh's configure.in + [5b7a340912df] + + * INSTALL: + --with-kerb4 and --with-kerb5 now take an optional argument. + [71ed87fc9c64] + +2003-03-16 Todd C. Miller + + * auth/securid.c: + Kill remaining strcpy(), the programmer's guide says username is 32 + bytes. + [bdba70fcd08d] + + * auth/kerb4.c: + trat uid_t as unsigned long for printf and use snprintf, not sprintf + [8072f5f8966d] + + * auth/rfc1938.c: + use snprintf + [fc0c70c665fe] + +2003-03-15 Todd C. Miller + + * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, + auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/sudo_auth.c: + update copyright year + [b0a10ccb1d0e] + + * sudo.man.in, sudoers.man.in, visudo.man.in: + update copyright year + [8fce0034eb51] + + * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h, + configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c, + parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod, + sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod: + update copyright year + [d541e75fe520] + + * check.c, env.c, sudo.c: + Cast [ug]ids to unsigned long and printf with %lu + [2ede64d3592b] -1996-07-21 18:41 millert + * configure: + regen + [c7c3245bdf3e] - * parse.yacc: can't rely on cmnd_matches as much as I thought -- - added some $$ stuff back in to prevent namespace pollution - problems. + * configure.in: + correct error messages for --with-sudoers-{mode,uid,gid} + [77fc15b1c9db] -1996-07-21 18:01 millert + * alloc.c: + make the malloc(0) error specific to each function to aid tracking + down bugs. + [a58c34374b4b] + + * alloc.c: + deal with platforms where size_t is signed and there is no SIZE_MAX + or SIZE_T_MAX + [7192abb4ab4e] + + * auth/kerb5.c: + Make this compile w/ Heimdal and fix some gcc warnings. + [f52f026f31c2] - * parse.yacc: Simplified parse rules wrt runas and NOPASSWD (more - consistent). + * sudo.c: + Use stat_sudoers macro so --with-stow can work + [c3674735c139] -1996-07-20 00:45 millert + * INSTALL, config.h.in, configure, configure.in: + Add support for --with-stow based on patches from Robert Uhl + [b274cc1dd52c] - * parse.lex: NOPASSWD may now have blanks before the ':' '(' only - starts a 'runas' if in the initial state to avoid collision with - command args + * env.c: + fix indentation + [110d9f1721b1] -1996-07-20 00:23 millert + * configure.in: + back out rev 1.352 + [1eee91c83f11] - * configure.in: added checks for specific shadow passwd schemes + * lex.yy.c: + regen + [72fba1c9590b] -1996-07-20 00:18 millert + * parse.lex: + use strlcpy, not strncpy + [4faccbaeccef] - * aclocal.m4: added routines to check for specific shadow passwd - types + * set_perms.c: + Fix typo; check pw_uid, not pw_gid after setusercontext() failure. + [33bf0d18fdc1] -1996-07-18 18:27 millert + * logging.c: + use pid_t + [3e0536993d2c] - * configure.in: added support for ncr boxen +2003-03-14 Todd C. Miller -1996-07-18 18:26 millert + * strlcat.c, strlcpy.c: + Make gcc shutup about unused rcsid + [1669a0c74e9e] - * aclocal.m4: added support for detecting ncr boxen + * interfaces.c: + Move the n == 0 check for the non-getifaddrs cas + [2460be061b2a] -1996-07-16 14:57 millert + * auth/rfc1938.c: + skeychallenge() on NetBSD take a size parameter + [05acc2012801] - * configure.in: added sinix support + * configure: + regen + [24bccf4749e8] -1996-07-13 22:29 millert + * configure.in: + put -ldl after -lpam, not before; fixes static linking on Linux + [7f06b7b2b4d8] - * TROUBLESHOOTING: added info about "config.cache from other other" - error. + * interfaces.c: + Avoid malloc(0) and fix the loop invariant for the getifaddrs() + case. + [239a55068646] + + * sudo.cat, sudoers.cat, visudo.cat: + regen + [4a2eed3981ca] -1996-07-13 22:22 millert + * sudo.man.in, sudoers.man.in, visudo.man.in: + regen + [2c96ea2cf930] - * aclocal.m4: now makes sure you don't have a config.cache file - from another OS + * Makefile.in: + Preserve copyright notice from .pod file in .man.in file + [519fbd09aebc] -1996-07-13 21:36 millert + * visudo.pod: + Add sudoers(5) to SEE ALSO + [77ecfe3aedf1] - * configure.in: now sets $LIBS when needed to configure links with - libs when doing tests hpux10 now uses SPW_SECUREWARE for C2 added - check for bigcrypt(3) if SPW_SECUREWARE +2003-03-13 Todd C. Miller -1996-07-13 21:30 millert + * lex.yy.c: + regen + [6f5751ce0b74] - * getspwuid.c: fixed typo + * parse.lex: + Don't assume libc can realloc() a NULL string. If malloc/realloc + fails, make sure we just return; yyerror() is not terminal. + [1b8618623708] -1996-07-13 21:05 millert + * lex.yy.c: + regen + [5d31b46191c6] - * tgetpass.c: now include stuff for SPW_SECUREWARE to get - AUTH_MAX_PASSWD_LENGTH + * parse.lex: + simplify fill_args a little and use strlcpy for paranoia + [0ea35a55542b] -1996-07-13 21:05 millert + * sudo.tab.c: + regen + [5a8d508d708b] - * getspwuid.c: no more SPW_HPUX10 + * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c, + testsudoers.c: + Use strlc{at,py} for paranoia's sake and exit on overflow. In all + cases the strings were either pre-allocated to the correct size of + length checks were done before the copy but a little paranoia can go + a long way. + [e73d28f1d14e] -1996-07-13 21:04 millert + * sudo.h: + Add strlc{at,py} protos + [748ffc7fc7f4] - * config.h.in: no more SPW_HPUX10 added HAVE_BIGCRYPT + * env.c, interfaces.c: + Use erealloc3() + [47f2cb46aba8] -1996-07-13 21:04 millert + * configure: + regen + [e7e2fb79f935] - * compat.h: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE + * alloc.c: + Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use + memcpy() instead of strcpy() in estrdup() so this is strcpy()-free. + [7e0fa4d6fc1d] -1996-07-13 21:04 millert + * sudo.c: + snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in + configure. + [09ea4d3959e9] - * check.c: SPW_SECUREWARE now uses bigcrypt + * aclocal.m4: + In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned. + [31b4fdfdb8bf] -1996-07-13 18:24 millert +2003-03-12 Todd C. Miller - * sample.sudoers: fixed 2 syntax errors + * sudo.c: + Use snprintf() for paranoia + [a2659ceb46de] -1996-07-13 18:24 millert + * parse.yacc: + Use emalloc2 and erealloc3 + [90a069842401] - * sudoers: root may now run ALL as ALL + * Makefile.in: + strlc{at,py} for those w/o it + [bac82dc916ee] -1996-07-11 20:59 millert + * strlcat.c, strlcpy.c: + stlc{at,py} for those w/o it. + [ce7254f5db09] - * interfaces.c: fixed a typo/thinko that broke BSD's with sa_len + * config.h.in, configure, configure.in: + Add stlc{at,py} for those w/o it. + [00f08219657a] -1996-07-08 16:08 millert + * alloc.c, sudo.h: + Add erealloc3(), a realloc() version of emalloc2(). + [c96eaf08bbed] - * check.c, configure.in: updated AFS support + * interfaces.c, sudo.c: + Use emalloc2() to allocate N things of a certain size. + [1e0aba365555] -1996-07-08 16:07 millert + * alloc.c, sudo.h: + Add emalloc2() -- like calloc() but w/o the bzero and with + error/oflow checking. + [292150bc4153] - * TROUBLESHOOTING: added entry about /usr/ucb/cc + * alloc.c: + Error out on malloc(0); suggested by theo + [995279e81326] -1996-07-08 16:06 millert +2003-03-10 Todd C. Miller - * INSTALL: prep no longer holds gcc binaries + * configure, configure.in: + fix a typo; David Krause + [f161213a17ab] -1996-07-08 15:48 millert +2003-03-07 Todd C. Miller - * INSTALL: updated AFS note + * sudo.pod: + fix typo + [3ae5ad9a351a] -1996-07-08 15:43 millert +2003-03-04 Todd C. Miller - * Makefile.in: added @AFS_LIBS@ + * env.c: + Remove DYLD_ from the environment for MacOS X; from bbraun + [38caad5a3935] -1996-07-08 15:33 millert +2003-03-01 Todd C. Miller - * compat.h: AFS allows long passwords + * config.h.in, configure.in: + not not; Anil Madhavapeddy + [d4f4f0bfc66b] -1996-07-08 14:16 millert +2003-01-23 Todd C. Miller - * testsudoers.c: fixed -u user support + * sudo.pod, sudoers.pod, visudo.pod: + typos; jmc@openbsd.org + [868c0f09bf9e] -1996-07-08 14:16 millert +2003-01-20 Todd C. Miller - * parse.c: sudo -v now groks VALIDATE_OK_NOPASS + * parse.yacc: + Add some missing ';' rule terminators that bison warns about. + [535b0b8dcce5] -1996-07-08 13:30 millert + * config.sub: + fix typo I introduced in last merge + [81db4e4f43fe] - * parse.yacc: fixed no_passwd vs. runas_matched + * configure: + regenerate with autoconf 2.57 + [ca0c1e9564f8] -1996-07-08 10:30 millert + * config.h.in: + Add missing "$HOME" + [209186197ad1] - * TROUBLESHOOTING: took out stuff about NFS-mounting since it is no - longer an issue + * configure.in: + Add some more square backets to make autoconf 2.57 happy + [b5639c14faf7] -1996-07-08 10:30 millert + * config.sub, mkinstalldirs: + Updates from autoconf-2.57 + [36be35eb331b] - * INSTALL: added --with-libraries > --with-libpath --with-incpath + * config.guess: + Updates from autoconf-2.57 + [ea0f8ca622af] -1996-07-08 10:21 millert +2003-01-17 Todd C. Miller - * parse.yacc: was setting runas_matches to -1 in wrong place + * sudo.tab.h: + regen + [13a65a421567] -1996-07-08 09:58 millert + * lex.yy.c, sudo.tab.c: + regen + [0b529db7cb6d] - * check.c: removed usersec.h which is not present in new AFS - versions + * parse.lex, parse.yacc, sudoers.pod: + Add support for Defaults>RunasUser + [20d726373175] -1996-07-08 09:55 millert +2003-01-07 Todd C. Miller - * tgetpass.c: now deals with timeout <= 0 + * visudo.c: + fclose() yyin after each yyparse() is done and use fopen() instead + of using freopen(). + [587f8a2df857] -1996-07-08 09:51 millert + * parse.lex: + Better fix for sudoers files w/o a newline before EOF. It looks + like the issue is that yyrestart() does not reset the start + condition to INITIAL which is an issue since we parse sudoers + multiple times. + [920f8326968a] - * OPTIONS: updated +2003-01-06 Todd C. Miller -1996-07-08 00:04 millert + * parse.lex: + Work around what appears to be a flex bug when dealing with files + that lack a final newline before EOF. This adds a rule to match EOF + in the non-initial states which resets the state to INITIAL and + throws an error. + [b94943bb1f81] - * configure.in: BSD/OS >= 2.0 now uses shlicc instead of just gcc + * visudo.c: + o The parser needs sudoers to end with a newline but some editors + (emacs) may not add one. Check for a missing newline at EOF and + add one if needed. o Set quiet flag during initial sudoers parse (to + get options) o Move yyrestart() call and always use freopen() to + open yyin after initial sudoers parse. + [12d12f9b07aa] -1996-07-07 22:30 millert +2002-12-15 Todd C. Miller - * sudo.c: fixed backwards compatibility with sudo 1.4 sudoers mode - for root readable/writable filesystems + * set_perms.c: + Fix pasto/thinko in setresgid()/setregid() usage. Want to set + effective gid, not real gid, when reading sudoers. + [c7d18b810fcd] -1996-07-07 20:49 millert + * set_perms.c: + don't compile set_perms_posix if we have setreuid or setresuid + [b9cea7a81a29] + +2002-12-14 Todd C. Miller + + * sudo.pod, sudoers.pod: + document new prompt escapes + [2f088076b640] + + * check.c: + Add %U and %H escapes and redo prompt rewriting. "%%" now gets + collapsed to "%" as was originally intended. This also gets rid of + lastchar (does lookahead instead of lookback) which should simplify + the logic slightly. + [4b707b77b3c7] + +2002-12-13 Todd C. Miller + + * tgetpass.c: + Write the prompt *after* turning off echo to avoid some password + characters being echoed on heavily-loaded machines with fast + typists. + [d38c57775915] + + * config.sub: + Add support for mipseb; wiz@danbala.tuwien.ac.at + [cfdac87ed5c8] + + * configure.in: + Fix IRIX fallout from name changes in man dir/sect Makefile + variables. Patch from erici AT motown DOT cc DOT utexas DOT edu + [9a7618755c23] + + * auth/pam.c: + Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to + the global copy. Problem noted by Peter Pentchev. + [d0a3e189cb06] + +2002-11-28 Todd C. Miller + + * sudo.tab.c: + regen + [23b931359087] + + * parse.yacc: + Add missing yyerror() calls; YYERROR does not seem to call this for + us. + [0be7aeb3ac57] + +2002-11-26 Todd C. Miller + + * sudo.c: + fix typo in comment; Pedro Bastos + [d7406c460e99] + +2002-11-22 Todd C. Miller + + * INSTALL: + document --disable-setresuid + [fbd03d03a027] + + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/sudo_auth.c: + Sprinkle some volatile qualifiers to prevent over-enthusiastic + optimizers from removing memset() calls. + [5370ac0e6129] + + * logging.c, parse.yacc: + minor sign fixes pointed out by gcc -Wsign-compare + [db872438337f] + + * set_perms.c, sudo.c, sudo.h: + Revamp set_perms. We now use a version based on setresuid() or + setreuid() when possible since that allows us to support the + stay_setuid option and we always know exactly what the semantics + will be (various Linux kernels have broken POSIX saved uid support). + [523bc212396c] + + * config.h.in, configure: + regen from configure.in + [351877ea2624] - * Makefile.in: now gives INSTALL -c flag + * configure.in: + Add checks for setresuid() and a way to disable using it + [a5b21653d169] -1996-07-07 20:34 millert + * compat.h: + No long need to emulate set*[ug]id() via setres[ug]id() or + setre[ug]id(). The new set_perms stuff only uses things it knows are + there. + [47884bd5d1d9] - * parse.yacc: slightly simpler initialization of no_passwd and - runas_matches + * sudo.c: + Before exec, restore state of signal handlers to be the same as when + we were initialy invoked instead of just reseting to SIG_DFL. Fixes + a problem when using sudo with nohup. Based on a patch from Paul + Markham. + [f8f5a1484faa] -1996-07-07 20:33 millert + * sudo.c: + o timestamp_uid should be uid_t, not int o clarify error message + when sudo is run by root and no_root_sudo is set + [19dda0734264] - * testsudoers.c: added -u username support +2002-09-19 Todd C. Miller -1996-07-07 20:32 millert + * README: + update ftp link for bison + [98bc191016e3] - * configure.in: improved --with-libraries support +2002-07-20 Todd C. Miller -1996-07-07 16:27 millert + * set_perms.c: + Error out if setusercontext() fails and the runas user is not root. + [089f9ade4686] - * configure.in: added --with-incpath, --with-libpath, - --with-libraries +2002-05-20 Todd C. Miller -1996-07-07 16:01 millert + * auth/securid5.c: + Fix rcsid + [07e9e85dcc2f] - * parse.yacc: now initializes some fields that weren't getting set - to -1 pretty gross -- need a rewrite. + * configure.in: + Fix SecurID API test + [5ec201f454a5] -1996-06-25 23:19 millert +2002-05-17 Todd C. Miller - * alloca.c: removed emacs'isms + * env.c: + typo in comment + [9d385c9ac533] -1996-06-25 22:29 millert + * configure.in: + securid5 stuff needs pthreads. Just adding -lpthread is suboptimal + but I don't see a better way at the moment. + [f89e55cbb313] - * configure.in: no longer add -lPW to *_LIBS since we include - alloca.c + * Makefile.in, auth/securid5.c: + SecurID API version 5 support from Michael Stroucken + [68500ac7e531] -1996-06-25 22:29 millert + * configure.in: + Add check for SecurID 5.0 API + [1ee242e6de6b] - * config.h.in: added HAVE_ALLOCA_H +2002-05-08 Todd C. Miller -1996-06-25 22:28 millert + * strerror.c: + We actually do still need config.h to get the 'const' definition for + K&R C. + [d9c982032d85] - * Makefile.in: added alloca.c +2002-05-05 Todd C. Miller -1996-06-25 22:18 millert + * configure: + regen with autoconf 2.5.3 + [c71fc086eef5] - * alloca.c: Initial revision + * configure.in: + Don't set sysconfdir to '/etc' if the user has specified a --prefix. + [d90da1efafd9] -1996-06-25 21:58 millert + * configure.in: + Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST + LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug + [dd67afefa90d] - * configure.in: ++version + * env.c, sudo.c, sudo.h: + No need for dump_badenv() now that dump_defaults() knows how to dump + lists. + [6bcda468501d] -1996-06-25 19:32 millert + * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, + version.h: + ++version + [44e3b8f95f0b] - * sudo.c: now set uid to 1 instead of nobody for PERM_SUDOERS since - nobody is not always set to a valid uid. + * sudoers.pod: + document timestampowner + [37ebd69e9dd1] -1996-06-25 19:31 millert + * check.c: + Don't call set_perms() when doing timestamp stuff unless + timestamp_uid != 0. + [63a63d41d18c] - * OPTIONS: fixed entry for SUDO_MODE + * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c, + sudo.h, testsudoers.c: + g/c second arg to set_perms--it is no longer used + [7ac4ce50c612] -1996-06-25 18:02 millert +2002-05-03 Todd C. Miller - * sudo.c: Fixed NFS-mounted sudoers file under solaris both uid - *and* gid were being set to -2. Now beat NFS to the punch and - set uid to "nobody" ourselves, preserving group 0 to read - sudoers. + * check.c, set_perms.c, sudo.c, sudo.h: + Add support for non-root timestamp dirs. This allows the timestamp + dir to be shared via NFS (though this is not recommended). + [faa83dd2b7fb] -1996-06-25 18:02 millert + * def_data.c, def_data.h, def_data.in: + Add timestampowner, "Owner of the authentication timestamp dir" + [d47640d4c86a] - * parse.c: moved set_perms(PERM_ROOT) to be before yyparse() +2002-05-02 Todd C. Miller -1996-06-25 18:00 millert + * env.c: + Don't try to pre-compute the size of the new envp, just allocate + space up front and realloc as needed. Changes to the new env + pointer must all be made through insert_env() which now keeps track + of spaced used and allocates as needed. + [39bc934a9f2c] - * logging.c: fixed a typo +2002-04-26 Todd C. Miller -1996-06-25 18:00 millert + * configure: + regen + [0e12c09bb790] - * configure.in: no longer need AC_PROG_INSTALL + * configure.in: + Fix two typo/pastos; from jrj@purdue.edu + [b718a4bf1181] -1996-06-25 17:59 millert +2002-04-25 Todd C. Miller - * Makefile.in: always use install-sh to avoid install(1)'s that use - get{pw,gr}nam + * INSTALL.binary, README: + ++version + [a1e33027278c] [SUDO_1_6_6] -1996-06-25 16:07 millert + * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, + visudo.cat, visudo.man.in: + regen + [19eb2be283ef] - * INSTALL: make clean -> make distclean + * CHANGES, RUNSON, TODO: + Sync with 1.6.6 + [2ff9a9087f63] -1996-06-20 01:17 millert + * check.c: + The the loop used to expand %h and %u, the lastchar variable was not + being initialized. This means that if the last char in the prompt + is '%' and the first char is 'h' or 'u' a extra copy of the host or + user name would be copied, for which space had not been allocated. + [b2e27197857d] - * parse.yacc: removed some unnecsary if's +2002-04-18 Todd C. Miller -1996-06-20 01:16 millert + * BUGS, INSTALL, Makefile.in, configure.in, version.h: + crank version to 1.6.6 + [cfd08689e597] - * Makefile.in, version.h: ++version + * auth/afs.c: + #undef VOID to get rid of an AFS warning + [b40760564dc1] -1996-06-20 01:16 millert + * env.c: + Use easprintf instead of emalloc + sprintf for some things. + [e7bfe2e69a03] - * parse.c, testsudoers.c: now includes netgroup.h +2002-03-16 Todd C. Miller -1996-06-20 00:45 millert + * lex.yy.c, sudo.tab.c: + regen + [35327104383d] - * interfaces.c: removed cats of ioctl to int since they didn't shut - up -Wall + * parse.c, parse.lex, parse.yacc, testsudoers.c: + Remove Chris Jepeway's email address so people don't bug him ;-) + [c03410747a69] -1996-06-20 00:43 millert +2002-03-12 Todd C. Miller - * interfaces.c: explicately cast ioctl() to int since it it not - always declared + * sudo.c: + Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call + endgrent() at the same time. + [28b6097d5d1a] -1996-06-20 00:41 millert +2002-02-22 Todd C. Miller - * sudo.h: added declarations for yyparse() and yylex() + * INSTALL: + Make it clear which configure options take arguments. + [38529e7efad0] -1996-06-20 00:27 millert +2002-01-25 Todd C. Miller - * parse.yacc: fixed an occurence of '==' -> '=' + * compat.h: + HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no + RLIM_INFINITY, just pretend it is -1. This works because we only + check for RLIM_INFINITY and do not set anything to that value. + [53173d34e6eb] -1996-06-20 00:22 millert +2002-01-22 Todd C. Miller - * config.h.in, configure.in: added check for netgroup.h + * auth/pam.c: + Zero and free allocated memory when there is a conversation error. + [e342133db579] -1996-06-20 00:20 millert + * auth/bsdauth.c: + Use sigaction() not signal() + [126c2790561f] - * sudo.c: fixed 2 compiler warnings + * INSTALL: + Mention that some linux kernels have broken POSIX saved ID support + [571ef1a893d3] -1996-06-20 00:08 millert + * CHANGES: + checkpoint for 1.6.5p2 + [9e9e456f7f43] - * sudo.c: SHELL_IF_NO_ARGS caused core dump since NewArg[cv] - weren't being initialized + * configure: + regen + [d53703a46708] -1996-06-19 13:53 millert + * configure.in: + Add --disable-setreuid flag + [3b9f2679cb55] - * sudo.pod: fixed a typo + * INSTALL: + Document new --disable-setreuid option and change description for + --disable-saved-ids to match new error message. + [14fd3e5f60a5] -1996-06-17 12:19 millert + * set_perms.c: + fatal() now takes an argument that determines whether or not to call + perror(). + [d826b25e62ff] - * parse.yacc: fixed a formatting thingie + * TROUBLESHOOTING: + Update for new error messages from set_perms() + [78007c3f76a9] -1996-06-17 12:16 millert + * PORTING: + Update for new error messages from set_perms() + [60c545a6bcff] - * parse.c, parse.yacc: fixed -u support with multiple user lists on - a line +2002-01-21 Todd C. Miller -1996-06-17 10:23 millert + * auth/pam.c: + Make this compile w/o warnings + [b90843a29af5] - * configure.in: unixware needs -lgen + * auth/pam.c: + Mention that we can't use pam_acct_mgmt() + [1dfc5a6e0479] -1996-06-17 10:23 millert + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c: + The user's password was not zeroed after use when AIX + authentication, BSD authentication, FWTK or PAM was in use. + [b18fff30b1e7] - * README: updated ftp location +2002-01-20 Todd C. Miller -1996-06-17 00:08 millert + * auth/pam.c: + Avoid giving PAM a NULL password response, use the empty string + instead. This avoids a log warning when the user hits ^C at the + password prompt when PAM is in use. + [c3315805e4e4] - * sudoers.pod: add net_addr/netmask support + * auth/pam.c: + Don't check the return value of pam_setcred(). In Linux-PAM 0.75 + pam_setcred() returns the last saved return code, not the return + code for the setcred module. Because we haven't called + pam_authenticate(), this is not set and so pam_setcred() returns + PAM_PERM_DENIED. + [73db145fa179] -1996-06-17 00:07 millert + * Makefile.in: + Don't need a '/' between $(DESTDIR) and a directory. + [0901ca618176] - * sample.sudoers: added net_addr/mask example + * Makefile.binary: + Don't need a '/' between $(DESTDIR) and a directory. + [cd7eb6098b87] -1996-06-17 00:02 millert +2002-01-18 Todd C. Miller - * parse.lex, parse.c: added support for net_addr/netmask + * configure: + regen + [41b12c039282] -1996-06-15 20:13 millert + * configure.in: + o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus + setreuid() o new NetBSD has a real setreuid() o add check for + freeifaddrs() if getifaddrs() exists. + [a82ee3b01733] + + * config.h.in, interfaces.c: + Older BSDi releases lack freeifaddrs() so add a test for that and if + it is not present just use free(). + [6270671ea9d5] - * sudoers.pod: ^ -> ! +2002-01-17 Todd C. Miller -1996-06-15 18:12 millert + * CHANGES, RUNSON: + Checkpoint for 1.6.5p1 + [26134ecf9b36] - * RUNSON: updated for 1.4.3 + * auth/passwd.c: + Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access + to normal passwords, not AUTH_FATAL (which just causes an exit). + [785e0f4bc0e2] + + * visudo.c: + Don't use memory after it has been freed. + [c60492739fdb] + + * auth/passwd.c: + skeyaccess() wants a struct passwd * not a char *; Patch from + Phillip E. Lobbes + [65a1d3806fcd] [SUDO_1_6_5] -1996-06-15 18:12 millert + * BUGS: + ++version + [b2e1825e692e] - * CHANGES: udpated for 1.4.3 + * CHANGES, RUNSON, TODO: + checkpoint for sudo 1.6.5 + [d730945622e7] -1996-06-15 18:11 millert +2002-01-16 Todd C. Miller - * TROUBLESHOOTING, TODO, BUGS: updated + * configure: + regen + [49744c403ac9] -1996-06-15 18:11 millert + * INSTALL, INSTALL.binary, Makefile.in, README, configure.in: + version 1.6.5 + [ec30a5f7fc45] - * sample.sudoers: updated with examples of new stuff + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + sudo version 1.6.5 + [458a3bed535d] -1996-06-15 18:10 millert + * logging.c: + o when invoking the mailer as root use a hard-coded environment that + doesn't include any info from the user's environment. Basically + paranoia. - * INSTALL, README: ++version + o Add support for the NO_ROOT_MAILER compile-time option and run the + mailer as the user and not root if NO_ROOT_MAILER is defined. + [4df351ec92ce] -1996-06-15 18:01 millert + * set_perms.c, sudo.h: + Bring back PERM_FULL_USER + [edb6039bb284] - * sudoers.pod: updated wrt -u and NOPASSWD + * configure: + regen + [3eb2943afa03] -1996-06-15 17:58 millert + * version.h: + version 1.6.5 + [044fc9a0c72b] - * sudo.pod: updated wrt -u and CAVEATS + * INSTALL, config.h.in, configure.in: + Add --disable-root-mailer option to run the mailer as the user and + not root. + [e9f805397963] -1996-06-08 23:15 millert + * CHANGES: + checkpoint for 1.6.4p2 + [b58aae5aa98a] - * sudo.c: fixed usage() + * PORTING: + Mention the "seteuid(0): Operation not permitted" problem here too + just for good measure. + [90135b37a691] -1996-06-08 22:57 millert +2002-01-15 Todd C. Miller - * parse.lex: now use :foo: character classes (makes no diff for - generated lexer) + * env.c, getspwuid.c, sudo.c: + The SHELL environment variable was preserved from the user's + environment instead of being reset based on the passwd database when + the "env_reset" option was used. Now it is reset as it should be. + [300066ef3c71] -1996-06-07 14:33 millert + * configure: + regen + [a47d779e6552] - * check.c: fixed LONG_SKEY_PROMPT stuff + * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c, + sudo.c: + Add a configure option to turn off use of POSIX saved IDs + [fb18cc8e94d0] + + * configure: + regen + [d4f2f20025b6] + + * configure.in: + add --with-efence option + [45c4f33a8e88] + + * sudo.c: + Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where + "sudo -l" would not work if always_set_home was set. + [c3a6de6c4800] + + * lex.yy.c: + regen + [417424452998] + + * parse.lex: + Quoted commas were not being treated correctly in command line + arguments. + [753415541b37] + + * sudo.c: + o Move the call to rebuild_env() until after MODE_RESET_HOME is set. + Otherwise, the set_home option has no effect. + + o Fix use of freed memory when the "fqdn" flag is set. This was + introduced by the fix for the "segv when gethostbynam() fails" bug. + Also, we no longer call set_fqdn() if the "fqdn" flag is not set so + there is no need to check the "fqdn" flag in set_fqdn() itself. + [4b6a4245c04e] + + * env.c: + Add 'continue' statements to optimize the switch statement. From + Solar. + [a82c76975ae5] + +2002-01-13 Todd C. Miller + + * sudoers.cat, sudoers.man.in: + Regen from new sudoers.pod + [6ecc07b3d0e1] [SUDO_1_6_4] + + * sudoers.pod: + Add caveat about stay_setuid flag + [9d228a7bea1b] + + * sudo.c: + If set_perms == set_perms_posix and the stay_setuid flag is not set, + set all uids to 0 and use set_perms_fallback(). + [c4e54d1ec86f] + + * set_perms.c, sudo.h: + Remove PERM_FULL_USER (which is no longer used) and add + PERM_FULL_ROOT (used when exec'ing the mailer). + [15406c522ea2] + + * logging.c: + Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we + never want to run the mailer setuid. + [2294853e0666] + +2002-01-12 Todd C. Miller -1996-06-06 15:35 millert + * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in, + visudo.pod: + Use sudo.ws instead of courtesan.com in URLs + [55204002a308] - * visudo.c: fixed a comment + * Makefile.binary, Makefile.in: + Fix mansect substitution + [b7b5cbc3aa91] -1996-06-06 15:03 millert + * Makefile.in: + Substitute man sections in Makefile.binary + [040deb785e56] - * lsearch.c: make more like NetBSD one -- now compiles w/o warnings + * Makefile.binary: + Sync install targets with Makefile.in and substitute in man + sections. + [77882a275281] -1996-06-06 15:02 millert + * INSTALL, INSTALL.binary: + version is 1.6.4 + [0f87aabbcb70] - * emul/search.h: fixed decls of lsearch() + * Makefile.in: + Repair bindist target + [8d43bfe7e2d1] -1996-06-05 22:20 millert + * CHANGES: + sync for 1.6.4 + [13ca3d4a0a72] - * config.h.in, configure.in, getspwuid.c: added SPW_HPUX10 +2002-01-10 Todd C. Miller -1996-06-05 22:20 millert + * install-sh: + Fix case where neither whoami nor id are found + [424dd270bc47] - * check.c: hpux 10 uses bigcrypt() if C2 +2002-01-09 Todd C. Miller -1996-06-04 19:57 millert + * install-sh: + If neither whoami nor id exists, just assume we are root. + [2d2644e42c53] - * parse.c: now always uses fnmatch to match args + * alloc.c: + Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed + on AIX which for some reason isn't pulling in the malloc prototype. + [231440d2ee3b] -1996-06-04 19:40 millert +2002-01-08 Todd C. Miller - * tgetpass.c: back to using stdio instead of raw i/o since that - caused some problems + * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c: + (c) 2002 + [700e3b41a68e] -1996-05-28 22:14 millert + * CHANGES: + checkpoint + [33e604bd8d5b] - * sudo.c: now give usage warning if use -l,-v,-k with args + * sudo.c: + Defer assigning new environment until right before the exec. + [f13c49e75c1c] -1996-05-28 18:22 millert + * parse.c: + kill extra blank line + [12ef22e9dae3] - * sudo.c: NewArgc is now set to 1 for -l, -v, -k +2002-01-07 Todd C. Miller -1996-05-28 12:50 millert + * configure: + regen + [a6cd2d788f74] - * sudo.c: now sets sudoers to correct group if mode is 0400 + * configure.in: + Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived + compiler doesn't recognise -O2. + [5234aa543692] -1996-05-28 12:02 millert + * HISTORY: + Clarify origins of Root Group sudo a bit based on info from + billp@rootgroup.com + [4deef01c4208] - * install-sh: updated to version used by inn and bind +2002-01-03 Todd C. Miller -1996-05-28 00:08 millert + * LICENSE: + 2002 + [6c8e089dbd1a] - * configure.in: now uses -lgnumalloc if it exists + * CHANGES: + checkpoint for 1.6.4rc1 + [3349eb87a49f] -1996-05-28 00:02 millert +2002-01-02 Todd C. Miller - * Makefile.in: "make install" now sets uid/gid and mode on sudoers - if it exists + * config.h.in: + now generated via autoheader + [84657d303cb9] -1996-05-28 00:01 millert + * configure: + regen + [207bfa6a13f6] - * sudo.c: rmeoved debugging statements + * compat.h: + Move in some stuff that was previously in config.h. + [e576d8b6480f] -1996-05-28 00:00 millert + * aclocal.m4, configure.in: + Add info for autoheader. + [0549cd5da27c] - * parse.yacc: added a missing free() +2002-01-01 Todd C. Miller -1996-05-27 23:58 millert + * Makefile.in: + o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and + -g to facilitate non-root installs + [619216038f56] - * sudo.c: now uses user_gid instead of getegid (which was wrong - anyway) to set SUDO_GID Now sets command line args in - SUDO_COMMAND envariabled (logging.c depends on args being in the - environment) + * install-sh: + Add -M option (like -m but only for root) If we can't find "whoami", + use "id" w/ some sed. + [b39121c8b792] -1996-05-27 23:57 millert + * configure: + regen + [b39b93ff9804] - * logging.c: now uses SUDO_COMMAND envariable to get command args - rather than building it up again. + * configure.in: + allow user to always override mansectsu and mansectform + [0fca5e63bd90] -1996-05-27 22:42 millert +2001-12-31 Todd C. Miller - * parse.c: now uses user_gid + * mkinstalldirs: + update from autoconf 2.52 + [07bd75a508c3] -1996-05-27 20:02 millert + * config.guess, config.sub: + Update from autoconf 2.52 + [857b90fe31b7] - * sudo.c: fixed off by one error in allocation NewArgv + * configure: + regen with autoconf 2.52 + [08e7d1ea2aeb] -1996-05-27 20:01 millert + * configure.in: + o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI + mode o Remove compiler-specific checks for HP-UX now that we use + AC_PROG_CC_STDC + [d433a70b6208] - * parse.c: in sudoers, 'command ""' now means command with no args + * RUNSON: + Checkpoint + [babf6d2235d1] -1996-05-27 20:01 millert + * auth/pam.c: + o Add pam_prep_user function to call pam_setcred() for the target + user; on Linux this often sets resource limits. o When calling + pam_end(), try to convert the auth->result to a PAM_FOO value. + This is a hack--we really need to stash the last PAM_FOO value + received and use that instead. + [6ad6f340dd2a] - * configure.in: added check for fnmatch(3) and fnmatch.h + * set_perms.c, sudo.h: + o Add pam_prep_user function to call pam_setcred() for the target + user; on Linux this often sets resource limits. + [67795421ac82] -1996-05-27 20:01 millert + * env.c: + Fix off by one error in number of bytes allocated via malloc (does + not affected any released version of sudo). + [5f5915360111] - * config.h.in: added HAVE_FNMATCH +2001-12-30 Todd C. Miller -1996-05-27 20:00 millert + * lex.yy.c: + regen + [8208c0277775] - * Makefile.in: replaced wildcat.* with fnmatch.* + * parse.lex: + Allow '@', '(', ')', ':' in arguments to a defaults variable w/o + requiring that they be quoted. + [ae59bc8f68dd] -1996-05-27 20:00 millert + * sudoers.cat, sudoers.man.in, sudoers.pod: + Mention that no double quotes are needed when + adding/deleting/assigning a single value to a list. + [25efc940a1f0] - * testsudoers.c: now uses fnmatch() + * Makefile.in: + Don't rely on mkdefaults being executable, call perl explicitly. + [6edc97ba5f1d] -1996-05-27 19:38 millert + * sudo.tab.c: + regen + [49130b2e7e4d] + + * parse.yacc: + Remove some XXX that are no longer relevant. + [d460ac0d3767] + + * defaults.c: + o Roll our own loop instead of using strpbrk() for better + grokability o When adding to a list we must malloc() and use + memcpy(), not strdup() since we must only copy len bytes from str. + [649bef08e1f0] - * parse.c: now uses fnmatch() instead of wildmat a trailing star - (*) by itself now matches multiple args added support for - wildcards in the pathname in sudoers +2001-12-21 Todd C. Miller + + * sudo.tab.c: + regen + [f0bbf2c38c0e] + + * parse.yacc: + typo in comment + [2563711ff593] + +2001-12-19 Todd C. Miller + + * CHANGES: + checkpoint + [a6d8a29fb30e] -1996-05-25 19:23 millert + * configure: + regen + [bdfcaaf3bd13] - * fnmatch.c: now includes compat.h and config.h + * configure.in: + avoid the -g flag unless --with-devel was specified + [a976707bef30] -1996-05-25 18:09 millert + * Makefile.in: + mkdefaults, def_data.in and sigaction.c were missing from the + tarball + [6917ffbaa412] + + * Makefile.in: + def_data.c was missing + [87c78b11453d] + +2001-12-18 Todd C. Miller + + * env.c: + Fix setting of $USER and $LOGNAME in the non-reset_env case. Also + allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env + [fc8698e6a45e] + + * TODO: + Another TODO item + [6f251d6cd466] + + * sudoers: + Add comment for Default section so folks know where it should go. + [7edba626f392] + +2001-12-17 Todd C. Miller + + * tgetpass.c: + Use TCSETAF, not TCSETA to set terminal in termio case + [fbd172f6c5d3] - * config.h.in: added HAVE_FNMATCH_H + * sudoers.cat, sudoers.man.in: + regen from sudoers.pod + [64edd2de816e] -1996-05-25 18:07 millert + * sudoers.pod: + o Typo, Runas_User_List should be Runas_List o a User_List can not + contain a uid o mention that the Defaults section should come after + Alias definitions but before the user specifications + [54070ba2092b] - * configure.in: now checks for alloca() (if needed by bison or dce) - and links with -lPW if it contains alloca() and libv and compiler - do not. +2001-12-15 Todd C. Miller -1996-05-25 18:03 millert + * sudoers.cat, sudoers.man.in: + regen + [e62d1d97693c] + + * sudoers.pod: + Fix listpw and verifypw sections, they were not being formatted + properly. + [123868c2f3e9] - * fnmatch.3, fnmatch.c, emul/fnmatch.h: Initial revision + * sudoers.cat, sudoers.man.in: + regen + [f94841f8b374] -1996-04-28 22:38 millert + * sudoers.pod: + fix typos + [f278f1c1184e] - * sudo.c: now fixes mode on sudoers if set to 0400 to aid in - upgrade + * configure: + regen + [d2270049ba9f] -1996-04-28 17:44 millert + * config.h.in, configure.in: + use AC_SYS_POSIX_TERMIOS instead of rolling our own + [c1a13f1354b9] - * Makefile.in: fixed pod2man usage + * README: + Reference sudo.ws not courtesan.com + [ca13be67ebd7] -1996-04-28 17:40 millert + * PORTING: + Add notes on shadow passwords + [aa13863f2314] - * configure.in, Makefile.in, version.h: ++version + * BUGS: + In list mode (sudo -l), characters escaped with a backslash are + shown verbatim with the backslash. + [1a75a2858be2] -1996-04-28 17:20 millert + * sudoers: + Add simple examples from OpenBSD (Marc Espie) + [3ae9a9ae4125] - * testsudoers.c, visudo.c: runas_user is now initialized to "root" + * tgetpass.c: + Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP. + [f8817699ee10] -1996-04-28 17:20 millert + * CHANGES: + minor prettyification + [f523587929b9] - * sudo.h: removed PERM_FULL_ROOT + * CHANGES: + Updated change log + [39d9010ee7a8] -1996-04-28 17:18 millert + * testsudoers.c: + Fix CIDR handling here too. + [c91db8344c32] - * sudo.c: runas_user defaults to "root" so no more need to - PERM_RUNAS + * auth/pam.c: + Apparently a NULL response is OK + [83bae61078d9] -1996-04-28 17:16 millert + * TODO: + Checkpoint for upcoming beta release + [efb95c09df2a] - * parse.c: will now only running commands as root if there was no - runas list (or if root is in the runas list) + * TROUBLESHOOTING: + Many people believe that adding a runas spec should obviate the need + for the -u flag. It does not. + [c698bad85b0e] + + * RUNSON: + checkpoint update for upcoming 1.6.4 beta + [009e465a0a45] + + * config.h.in: + o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even + if HAVE_STRING_H is defined -- this is safe now + [d27c035f4e14] -1996-04-28 17:15 millert + * PORTING: + Add signals section + [2d24c13cb3c8] - * logging.c: now logs "USER=%s" + * configure: + regen + [2b80a939e2ed] -1996-04-28 17:12 millert + * configure.in: + Fix check for sigaction_t + [6fa41c89ab20] - * parse.yacc: runas_matches is now set to false if we get a - negative match + * sudo.c: + XXX - should call find_path() as runas user, not root. Can't do + that until the parser changes though. + [f0b4f85651bd] -1996-04-28 15:01 millert + * sudo.c: + If find_path() fails as root, try again as the invoking user (useful + for NFS). Idea from Chip Capelik. + [e03fa7872692] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: + Regenerate after pod file changes + [48e4bd75ec21] - * parse.lex: make #uid work + some minor cleanup + * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h, + sudo.pod, sudoers.pod: + Add new sudoers option "preserve_groups". Previously sudo would not + call initgroups() if the target user was root. Now it always calls + initgroups() unless the -P command line option or the + "preserve_groups" sudoers option is set. Idea from TJ Saunders. + [4f730359f101] -1996-04-27 21:04 millert +2001-12-14 Todd C. Miller - * sample.sudoers: added support for NOPASSWD and "runas" from - garp@opustel.com / + * compat.h, config.h.in: + Use new HAVE_SIGACTION_T define + [dfb25f3cae5b] -1996-04-27 21:03 millert + * logging.c: + Fix compilation on K&C + [7355e3275e34] - * visudo.c: added support for "runas" from garp@opustel.com - replaced SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added - support for SUDOERS_MODE + * configure: + regen + [a710584f92f0] -1996-04-27 21:03 millert + * configure.in: + Add check for sigaction_t -- IRIX already defines this so don't + redefine it. + [df9c5737f6da] - * testsudoers.c: added support for "runas" from garp@opustel.com + * snprintf.c: + fix typo + [3d782b8134c8] -1996-04-27 21:02 millert + * interfaces.c: + need stdlib.h here too + [c789d8973ab2] - * sudo.h: added support for NO_PASSWD and runas from - garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and - SUDOERS_GID and added support fro SUDOERS_MODE + * configure: + regen + [44822856bf46] -1996-04-27 21:00 millert + * configure.in: + Remove redundant checks for string.h, strings.h and unistd.h + [933c94f8bbf4] - * sudo.c: added support for NO_PASSWD and runas from - garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and - SUDOERS_GID and added support fro SUDOERS_MODE + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + Regen from pod files + [ad18c590f638] -1996-04-27 21:00 millert + * BUGS: + Update for 1.6.4 + [26bc88b69d22] - * parse.yacc: added support for NO_PASSWD and runas from - garp@opustel.com + * configure, lex.yy.c, sudo.tab.c: + regen + [bef89fd6fa2d] -1996-04-27 20:58 millert + * strerror.c: + Return EINVAL if errnum > sys_nerr + [0512374e6661] - * parse.c, parse.lex: added support for NO_PASSWD and runas from - garp@opustel.com + * auth/sudo_auth.h: + o Update copyright year + [a877016db6e2] -1996-04-27 20:56 millert + * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h, + config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h, + sudo.pod: + o Update copyright year + [e15a1b39039f] + + * configure.in: + o Don't define STDC_HEADERS unconditionally for IRIX o Update + copyright year + [82a8cb819e07] + + * README: + update version + [d82e523a16b4] + + * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, + auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, + auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc, + set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c, + visudo.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [fe39f76b3795] + + * lsearch.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [764ba3d4fa13] + + * getspwuid.c, goodpath.c, interfaces.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [fb46d46140d4] + + * getcwd.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [b199d70ac7ab] - * logging.c: added support for SUDOERS_WRONG_MODE and "runas" + * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c, + fnmatch.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [dab8f192a3ed] + + * configure: + regen + [156658f25cea] + + * tgetpass.c: + flags set in signal handlers should be volatile sig_atomic_t + [c22931a5535e] + + * config.h.in, configure.in: + Add checks for volatile and sig_atomic_t + [b03b3341381d] + + * configure, lex.yy.c: + regen + [ed9daba88217] + + * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c, + sudo.c, sudoers.pod: + Remove "secure_path" Defaults option since it cannot work with the + existing parser. + [c9e54a0f5971] + + * find_path.c, sudo.c: + Unset "secure_path" if user_is_exempt() + [fb7544565ae8] + + * env.c, pathnames.h.in: + o Remove assumption that PATH and TERM are not listed in env_keep o + If no PATH is in the environment use a default value o If TERM is + not set in the non-reset case also give it a default value. + [c987eb7df268] -1996-04-27 20:40 millert + * aclocal.m4, configure.in, defaults.c, pathnames.h.in: + _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on + systems that define in paths.h + [51865b0cdebf] + + * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h: + Add support for skeyaccess(3) if it is present in libskey. + [8add77c7d3e7] + +2001-12-13 Todd C. Miller + + * sudo.c: + Only need to do 'lc = login_getclass(NULL)' if lc == NULL + [5a3d3cbf2c6d] + + * parse.lex: + '\\' is a perfectly legal character to have in a command line + argument. + [c15a466ef00e] + + * sudo.c: + o Defer call to set_fqdn() until it is safe to use log_error() o + Don't print errno string value if gethostbyname fails, it is not + relevant + [c0c6bcf08bcb] + + * parse.c: + Fix CIDR -> in_addr_t conversion. + [2f307ebeb63f] + +2001-12-12 Todd C. Miller + + * sudoers.pod: + Remove an extra "User_List" in the User_Spec definition From + ybertrand AT snoopymail.com + [97bde59ea280] + + * parse.c: + Make 'listpw=never' work for users who are not explicitly mentioned + in sudoers. + [258f0f30a428] + + * sudoers.pod: + Remove gratuitous '=' in EBNF grammar; era AT iki.fi + [4b0f03872ee1] + + * sudoers.pod: + Document new list Defaults type and convert env_keep and env_delete + to lists. Document new env_check option. + [a07f1f079fe3] + + * lex.yy.c, sudo.tab.c, sudo.tab.h: + regen parser + [e39ac6c6581b] + + * parse.lex: + Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec + to #[0-9-]+. + [69c5388908f3] + + * configure: + regen + [0f1877b88cb3] + + * aclocal.m4: + Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK + [6545503ae361] + + * config.h.in, configure.in: + Add check for skeyaccess(3) + [6caf69fe6359] + + * visudo.pod: + Document new -c, -f, and -q options + [13d0203c21d3] + + * visudo.c: + o Add -f option (alternate sudoers file) o Convert to use getopt(3) + [4c2b664d617d] + + * configure: + regen + [6d5bd932e7b5] + + * aclocal.m4, config.h.in, configure.in: + Add check for isblank and a replacement macro if it doesn't exist. + [b524f5e4f953] + +2001-12-11 Todd C. Miller + + * visudo.c: + In check-only mode, don't create sudoers if it does not already + exist. + [c748a2d5acad] + + * parse.yacc: + o Add a new token, DEFVAR, to indicate a Defaults variable name o + Add support for "+=" and "-=" list operators o replace some 1 and 0 + with TRUE and FALSE for greater legibility. + [554cb174b37e] + + * parse.lex: + o Use exclusive start conditions to remove some ambiguity in the + lexer. Also reorder some things for clarity. o Add support for + "+=" and "-=" list operators. o Use the new DEFVAR token to denote + a Defaults variable name. + [3a2cf8323e26] + + * sudo.h: + Prototype init_envtables() + [b74916469dab] + + * env.c: + o Convert environment handling to use lists instead of strings. + This greatly simplifies routines that need to do "foreach" type + operations. o Add new init_envtables() function to set env_check + and env_delete defaults based on initial_badenv_table and + initial_checkenv_table (formerly sudo_badenv_table). + [0a8b404658b6] + + * defaults.c, defaults.h: + o Add a new LIST type and functions to manipulate it. o This is for + use with environment handling variables. o Call new + init_envtables() routine inside init_defaults() to initialize the + environment lists. + [ae73e64f0902] + + * def_data.c, def_data.h, def_data.in: + Convert environment options to use the new LIST type and add a new + one, env_check that only deletes if the sanity check fails. + [3019503936de] + + * testsudoers.c: + Add dummy version of init_envtables() + [9d9e3ee609d9] + + * parse.yacc: + honor quiet mode + [8330fba6167c] + + * visudo.c: + Add check-only mode + [dab411bc8c35] + + * mkdefaults: + Fix generation of entries with NULL descriptions. + [ea75b9fed02e] + +2001-12-09 Todd C. Miller + + * tgetpass.c: + Use sigaction_t and quiet a gcc warning. + [6f67d719c452] + + * sudo.c: + Must reset signal handlers before we exec + [300418120e1a] + + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/sudo_auth.c: + Be carefule now that tgetpass() can return NULL (user hit ^C). PAM + version needs testing. Set SIGTSTP to SIG_DFL during password entry + so user can suspend us. + [00304aa58747] + + * tgetpass.c: + Add support for interrupting/suspending tgetpass via keyboard input. + If you suspend sudo from the password prompt and resume it will re- + prompt you. + [4af2b5101d32] + + * sudo.c: + Don't block keyboard interrupt signals, just set them to SIG_IGN. + [d46d7f67ef6b] + +2001-12-08 Todd C. Miller + + * config.h.in: + add back HAVE_SIGACTION + [c9c7702c603e] + + * configure: + regen + [09fe669d337f] + + * config.h.in, configure.in, logging.c, sudo.c, visudo.c: + Kill POSIX_SIGNALS define and old signal support now that we emulate + POSIX ones Also be sure to correctly initialize struct sigaction. + [4bc2a6dbb2be] + + * strerror.c: + Don't need config.h or "#ifndef HAVE_STRERROR" wrapper. + [1ad64a19f328] + + * compat.h: + Add scaffolding for POSIX signal emulation + [945861d4c93b] + + * sigaction.c: + o Add missing ';' so this compiles o Can't use NULL since we don't + include stdio.h + [04d0cac7438f] + + * sigaction.c: + Emulate sigaction() using sigvec() + [d0b54a989875] + +2001-11-13 Todd C. Miller + + * sudoers.pod: + Document new behavior of negative values of timestamp_timeout Fix a + typo + [4c0716570d01] + + * sudo.pod: + Add security note about command not being logged after 'sudo su' and + friends. + [43294851a33c] + + * sudo.pod: + Mention that -V prints default values when run as root, including + the list of environment variables to clear. + [d9e5e550a8c3] + + * Makefile.in: + Run pod2man with --quotes=none to avoid stupid quoting of C<> + entries. + [997b23c35dbe] + +2001-11-12 Todd C. Miller - * configure.in: added --with-CC only link with -lshadow on linux - (with shadow pw) if libc lacks getspnam() + * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod: + Add mail_badpass option Also modify mail_always behavior to also + send mail when the password is wrong + [838d40ccafce] -1996-04-27 20:39 millert + * env.c, sudo.c, sudo.h: + Dump default bad env table when 'sudo -V' is run by root. + [f67f1b8048b0] - * OPTIONS, options.h: removed NO_PASSWD since it is not possible to - do this in the sudoers file itself. Replaced SUDOERS_OWNER with - SUDOERS_UID and SUDOERS_GID. Added SUDOERS_MODE. + * sudoers.pod: + document env_delete + [d74f893663a2] -1996-04-27 20:26 millert + * env.c: + Add support for '*' in env_keep when not resetting the environment + (ie: the normal case). + [fd4fb62ea8fd] - * Makefile.in: now uses SUDOERS_UID and SUDOERS_GID + * env.c: + Add env_delete variable that lets the user replace/add to the + bad_env_table. Allow '*' wildcard in env_keep entries. + [aa728bc35e29] -1996-04-27 11:20 millert +2001-11-06 Todd C. Miller - * INSTALL: added --with-CC + * mkinstalldirs: + Force umask to 022 to guarantee sane directory permissions. + [9ab3cfe70569] -1996-04-06 16:31 millert +2001-11-02 Todd C. Miller - * parse.lex: added double quote support + * Makefile.in: + add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency + [671010465e6f] -1996-04-06 16:29 millert + * mkdefaults: + fix breakage in last commit + [8318f8851e56] - * sudoers.pod: documented double quoting + * Makefile.in: + acsite.m4 -> aclocal.m4 + [30c146873a01] -1996-04-05 16:53 millert + * check.c: + fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit + [4dc8b39954da] - * mkinstalldirs: Initial revision + * def_data.c: + regenerated from def_data.in + [915ea16ce1eb] -1996-04-05 16:53 millert + * check.c, defaults.c, defaults.h: + Add new T_UINT type that most things use instead of T_INT If + timestamp_timeout is < 0 then treat the ticket as never expiring (to + be expired manually by the user). + [3a3a636a2a5d] - * check.c: fixed some indentation + * def_data.in: + change most T_INT -> T_UINT + [a2228d2457af] -1996-04-05 16:48 millert + * mkdefaults: + fix warning when no args + [ca70a5394af5] - * Makefile.in: fixed a typo + * visudo.c: + Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if + we are a signal handler. We no longer print the signal number but + the user can just check the exit value for that. + [dc424f631fef] -1996-04-04 19:39 millert +2001-10-16 Todd C. Miller - * Makefile.in: added install-dirs . + * logging.c: + when setting up pipes in child process check for case where stdin == + pipe fd 0 + [518112d76184] -1996-04-04 14:16 millert +2001-10-11 Todd C. Miller - * dce_pwent.c: new version from "Jeff A. Earickson" - + * visudo.c: + Ignore editor exit value since XPG4 says vi's exit value is the + count of editing errors made (failed searches, etc). + [b9d952284865] -1996-04-03 13:40 millert +2001-10-05 Todd C. Miller - * configure.in: $CSOPS -> $with_csops (whoops, missed one) + * configure: + regen + [cb3aa586f03b] -1996-04-03 13:40 millert + * configure.in: + sco now is identified by config.guess as *-sco-* + [46664bbdea61] - * BUGS: updated + * configure.in: + Check for getspnam() in -lgen if not in -lc for UnixWare. + [0f152ad1ba93] -1996-04-03 13:36 millert +2001-09-18 Todd C. Miller - * parse.lex: FQHOST now has same constraints as non-FQHOST + * sudoers.pod, visudo.pod: + "upper case" -> "uppercase" + [f9151f232326] -1996-04-02 19:00 millert + * sudoers.pod: + fix typos and grammar; pjanzen@foatdi.harvard.edu + [2855d73d0237] - * INSTALL: added note about OS's w/ shadow passwords turned on by - default +2001-08-28 Todd C. Miller -1996-04-02 18:58 millert + * sudoers.pod: + Missing word (specify); krapht@secureops.com + [65523eb37a2c] - * configure.in: fixed a typo +2001-08-23 Todd C. Miller -1996-04-02 18:48 millert + * sudo.c: + If we fail to lookup a login class, apply the default one. + [d4869faa6816] - * configure.in: added support for --without-THING sanitized shadow - pw situtation by adding support for --without-C2 + * logging.c: + In log_error() free message, not logline unconditionally, then free + logline if it is not the same as message. No function change but + this mirrors how they are allocated. + [565e5f6cc643] -1996-04-02 16:42 millert +2001-07-17 Todd C. Miller - * tgetpass.c: fixed a typo wrt placement of an end paren + * configure: + regenerate + [834a48f548a2] -1996-04-02 14:57 millert + * configure.in: + remove some backslash quotes that are unneeded + [50d401d6e2ca] - * check.c: was closing an fd that may not have been opened + * configure.in: + o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ + instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we + can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have + to AC_DEFINE things manually. + [f502c5f15f92] -1996-03-21 19:55 millert + * config.guess, config.sub: + Updated from autoconf-2.50 + [6140205915ef] - * sudo.c, OPTIONS, options.h: added NO_PASSWD +2001-05-22 Todd C. Miller -1996-03-19 19:40 millert + * README: + Update mailing list section. We use mailman now, not majordomo. + [b9a8ca45e6dc] - * configure.in: now always use shadow pw on some arches +2001-05-10 Todd C. Miller -1996-03-19 17:07 millert + * getspwuid.c, logging.c, sudo.c: + Use setpwent()/endpwent() + all the shadow variants to make sure we + don't inadvertantly leak an fd to the child. Apparently Linux's + shadow routines leave the fd open even if you don't call setspent(). + Reported by mike@gistnet.com; different patch used. + [d33792ef6c01] - * configure.in: added pyramid support +2001-04-13 Todd C. Miller -1996-03-19 17:04 millert + * sudoers.pod: + s/eg./e.g./ + [bd32a0acaf93] - * configure.in: no longer check for C2 if alternate passwd method - is used no longer check for some libs twice + * tgetpass.c: + select() may return EAGAIN. If so, continue like we do for EINTR. + [5f202c943818] -1996-03-19 17:00 millert + * logging.c: + Fix a non-exploitable buffer overflow in the word splitting code. + This should really be rewritten. + [4c724363863a] - * parse.yacc: moved fqdn stuff into parse.lex (FQHOST) + * Makefile.in: + FAQ link goes away + [1d26dd6c8972] -1996-03-19 17:00 millert + * INSTALL: + Tell people to look in sample.syslog.conf for examples, not FAQ + [affcae3f43ca] - * parse.lex: added FQHOST rules + * TROUBLESHOOTING: + Update list of env vars that are cleared + [234e56f1435a] -1996-03-18 20:57 millert + * sudo.c: + remove struct env_table decl since that stuff has all moved to env.c + [5dd923148777] - * tgetpass.c: now define TCSASOFT in necesary +2001-04-04 Todd C. Miller -1996-03-18 20:31 millert + * fileops.c: + Fix a pasto in flock-style unlocking and include for + flock on older systems; twetzel@gwdg.de + [d5420d9d2861] - * tgetpass.c: now uses read/write instead of stdio string goop to - avoid problems with select(2) + * configure: + regen to get NeXT lockf/flock fix + [d3ba6ed70e15] -1996-03-18 19:37 millert + * configure.in: + force NeXT to use flock since lockf is broken + [bd5391dca1bb] - * OPTIONS, find_path.c, options.h: -DNO_DOT_PATH -> - -DIGNORE_DOT_PATH +2001-03-30 Todd C. Miller -1996-03-17 16:18 millert + * check.c: + Use stashed user_gid when checking against exempt gid since sudo + sets its gid to a a value that makes sudoers readable. Previously + if you used gid 0 as the exempt group everyone would be exempt. From + Paul Kranenburg + [0b140cc3a817] - * INSTALL: added note about no shadow auto-detect if using - alternate auth schemes +2001-03-29 Todd C. Miller -1996-03-17 15:33 millert + * configure: + regen + [cc455408f32b] - * configure.in: don't check for C2 if AFS or DCE (unless they said - --with-C2) + * aclocal.m4: + #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines + some types (such as ssize_t) therein. + [b6aee85ca331] -1996-03-17 15:08 millert +2001-03-02 Todd C. Miller - * testsudoers.c: now groks shost + * defaults.c: + Fix negation of paths in a boolean context. Problem found by + apt@UH.EDU + [8aee217a7cdf] -1996-03-17 15:01 millert +2001-02-23 Todd C. Miller - * options.h, OPTIONS, find_path.c: added NO_DOT_PATH + * visudo.c: + pasto + [ad32b277bf68] -1996-03-16 14:43 millert +2001-02-17 Todd C. Miller - * find_path.c: checkdot now works correctly + * visudo.c: + SA_RESETHAND means the opposite of what I was thinking--oops To + block all signals in old-style signals use ~0, not 0xffffffff + [6ecdd793590a] -1996-03-12 18:01 millert +2001-02-04 Todd C. Miller - * configure.in: can't have DCE and C2 passwords both... + * defaults.c: + coerce difference of pointers to int when used in a string length + printf format; deraadt@openbsd.org + [a9d10f07180d] -1996-03-11 14:05 millert +2001-01-17 Todd C. Miller - * parse.yacc, sudo.c, sudo.h, visudo.c: now uses shost even if not - FQDN + * visudo.c: + Block all signals in Exit() to avoid a signal race. There is still + a tiny window but I'm not going to worry about it. + [6661805c0458] -1996-03-11 14:04 millert +2001-01-07 Todd C. Miller - * configure.in: now looks for skey in /usr/lib and doesn't require - libskey to be in /usr/local/lib just because skey.h is (for my - netbsd box :-) + * env.c: + glibc uses the LANGUAGE env var so clear that too; Solar Designer + [d4ba95628afb] -1996-03-11 02:00 millert + * lex.yy.c: + Regenerate with a fix to flex.skl that preserves errno from + clobbering by isatty(). + [607eec736e19] - * aclocal.m4, config.h.in, pathnames.h.in: _SUDO_PATH_ -> - _CONFIG_PATH_ +2000-12-31 Todd C. Miller -1996-03-10 21:01 millert + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/sia.c, auth/sudo_auth.c: + Some defaults I_ defines got renamed. + [ec19b23caaf3] - * aclocal.m4, sudo.pod: /var/run/.odus -> /var/run/sudo + * Makefile.in, check.c, def_data.c, def_data.h, def_data.in, + defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc, + set_perms.c, sudo.c, sudo.tab.c: + Move defaults info into its own files from which we generate .h and + .c files. This makes adding or rearranging variables much simpler. + [e91b880b5043] + +2000-12-30 Todd C. Miller + + * configure, configure.in: + fix typo in last commit + [10a6ee2bae71] + + * compat.h, config.h.in, configure, configure.in: + Add check + emulation for setegid (like seteuid). + [29492092bd2f] + + * env.c: + Make env_keep override badenv_table as documented Fix traversal of + badenv_table (broken in last commit) + [37c9f0d22673] + + * set_perms.c, sudo.c, sudo.h: + Don't try and build saved uid version of set_perms on systems w/o + them. Rename set_perms_saved_uid() -> set_perms_posix() Make + set_perms_setreuid simply be set_perms_fallback() and simply include + the appropriate function at compile time (setreuid() vs. setuid()). + [3107333c062c] + + * sudoers.cat, sudoers.man.in, sudoers.pod: + PATH is also preserved when env_reset is in effect + [90e45c5711ff] + + * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure, + configure.in, defaults.c, defaults.h, env.c, find_path.c, + getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, + sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c, + visudo.c, visudo.cat, visudo.man.in: + New Defaults options: o stay_setuid - sudo will remain setuid if + system has saved uids or setreuid(2) o env_reset - reset the + environment to a sane default o env_keep - preserve environment + variables that would otherwise be cleared + + No longer use getenv/putenv/setenv functions--do environment munging + by hand. Potentially dangerous environment variables can be cleared + only if they contain '/' pr '%' characters to protect buggy + programs. Moved environment routines into env.c (new file) + [c2f97651db4c] + + * INSTALL: + Clear up --without-passwd description + [2f336dab6733] + + * putenv.c, sudo_setenv.c: + We now build up a new environment from scratch and assign it to + "environ". + [6ae6152f2238] + +2000-12-19 Todd C. Miller + + * sudo.pod, visudo.pod: + Grammatical fixes from Paul Janzen + [e03ead2e56f8] + +2000-12-15 Todd C. Miller + + * visudo.c: + If there was a syntax error and the user just wants to quit, unlink + sudoers if it is zero length. + [74ba7921f520] + + * visudo.c: + 'Q' means ignore parse error, not 'q' + [e8d0e4491fe6] + + * visudo.c: + Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric + + [b24990a72491] -1996-03-10 20:59 millert +2000-12-13 Todd C. Miller + + * set_perms.c: + Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org + [41a8db10e076] + +2000-12-09 Todd C. Miller + + * config.guess, config.sub: + Darwin / Mac OS X support from Wilfredo Sanchez + [6052da895d2e] - * pathnames.h.in: now uses _SUDO_PATH_TIMEDIR +2000-11-03 Todd C. Miller + + * sudo.c, visudo.c: + Use exit(127), not exit(-1) + [9ff0c3eada34] -1996-03-10 20:59 millert + * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c: + Move set_perms() to its own file and use POSIX saved uid or + setreuid() if available. - * OPTIONS: udpated FQDN + Added stay_setuid option for systems that have libraries that + perform extra paranoia checks in system libraries for setuid + programs (ie: anything with issetugid(2)). + [28960f842698] -1996-03-10 20:58 millert + * sudo.c: + strip more bits from the environment and add a facility for + stripping things only if they contain '/' or '%' to address printf + format string vulnerabilities in other programs. + [b98d6375f299] - * config.h.in: added _SUDO_PATH_TIMEDIR +2000-11-02 Todd C. Miller -1996-03-10 20:58 millert + * configure: + regen + [7e74e5c91049] - * aclocal.m4, configure.in: added SUDO_TIMEDIR + * configure.in: + For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of + strcasecmp(). + [a418e9e70442] -1996-03-10 20:58 millert + * configure: + regen + [bbff244a52bc] - * sudo.pod: updated wrt /var/run/sudo + * configure.in: + Check for strcasecmp(3) in -lc89 for NCR Unix + [361c99576681] -1996-03-10 20:16 millert +2000-11-01 Todd C. Miller - * sudo.c, sudo.h: added support for shost if FQDN + * config.h.in: + Define HAVE_INNETGR #ifdef HAVE__INNETGR + [473cdb92b6db] -1996-03-10 20:14 millert + * configure: + regen + [4e6364a195e0] - * parse.yacc, visudo.c: now uses shost if FQDN + * compat.h, config.h.in, configure.in: + Add check for _innetgr(3) since NCR systems have that instead of + innetgr(3). + [25e6852e7494] -1996-03-10 20:12 millert +2000-10-31 Todd C. Miller - * check.c: Now use skeylookup() instead off skeychallenge() + * auth/securid.c: + check return value of creadcfg() call sd_close() after sd_auth() + store username in sd->username so we don't rely on the USER env + variable + [d106b4f42722] -1996-02-27 20:41 millert +2000-10-30 Todd C. Miller - * logging.c: mail_argv should not contain ALERTMAIL as it includes - "-t" + * INSTALL: + document --with-bsdauth + [f1518ecc2ee9] -1996-02-22 17:06 millert + * configure: + regen + [dceb35071ea8] - * INSTALL, Makefile.in, README, version.h, configure.in: ++version + * configure.in: + --with-bsdauth assumes --with-logincap + [4200778083fd] -1996-02-22 16:27 millert + * auth/bsdauth.c, auth/fwtk.c: + When prompting for a response to a challenge, if the user just hits + return then reprompt with echo turned on. + [a539b6474a97] - * compat.h: added more _PASSWD_LEN stuff -- now uses PASS_MAX too +2000-10-29 Todd C. Miller -1996-02-22 16:27 millert + * sudo.c: + Remove debugging code that should not have been committed, oops. + [9862607b77a7] - * tgetpass.c: now includes limits.h moved _PASSWD_LEN -> compat.h + * auth/bsdauth.c: + Use lower-level routines and get the password ourselves. Checks for + a challenge and if there is one echo is not turned off. + [2d8fcd166baa] -1996-02-05 19:20 millert + * auth/pam.c, auth/sudo_auth.h: + minor housekeeping, no real code changes + [d0074a277fb4] - * README, INSTALL: ++version +2000-10-27 Todd C. Miller -1996-02-05 19:20 millert + * sudo.c: + Fix a coredump in the logging functions if gethostname(2) fails by + deferring the call to log_error() until things are better setup. - * Makefile.in: ++versoin + Fix return value of set_loginclass() in non-BSD-auth case. -1996-02-05 19:16 millert + Hard-code 'sudo' in the usage message so we can fit more options on + a line + [d9d1b7579818] - * Makefile.in: fixed a typo + * logging.c: + Fix errant ';' (typo) that broken MSG_ONLY + [849b2276a470] -1996-02-05 19:16 millert +2000-10-26 Todd C. Miller - * configure.in: ++version + * sudo.cat, sudo.man.in: + regen + [bb3c8c6704d1] -1996-02-05 18:53 millert + * sudo.pod: + Document -a flag + [e18316cebaac] - * RUNSON: updated + * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in, + configure, configure.in, getspwuid.c, sudo.c: + Add support for BSD authentication. + [f374cfd9ca0d] -1996-02-05 18:47 millert +2000-10-19 Todd C. Miller - * CHANGES: done for 1.4.1 (I hope) + * sudoers.pod: + Fix typo; from sato@complex.eng.hokudai.ac.jp + [3085fee9766e] -1996-02-05 18:45 millert +2000-10-12 Todd C. Miller - * sudoers.pod: added info on wildcards + * sudoers.pod: + Mention negating umask + [c9e410294dae] -1996-02-05 18:39 millert + * defaults.c: + Allow user to specify umask of 0777 (same as !umask) + [bb771daa96fe] - * sample.sudoers: added wildcard example +2000-10-09 Todd C. Miller -1996-02-05 17:03 millert + * sudo.pod, visudo.pod: + Fix a typo and give a URL for the sudo history. + [77f73199aedb] - * Makefile.in: now uses *.pod to build *.man and *.cat & *.html +2000-10-08 Todd C. Miller -1996-02-05 17:03 millert + * defaults.c, sudo.pod: + fix typos; pepper@reppep.com + [5532c7421340] - * configure.in: addedSUDO_PROG_BSHELL !ll +2000-09-14 Todd C. Miller -1996-02-05 16:10 millert + * sudo.c, sudo.h, sudo_setenv.c: + sudo_setenv() now exits on memory alloc failure instead of returning + -1. + [71f1cf18f47b] - * visudo.pod: fixed up some formatting +2000-09-07 Todd C. Miller -1996-02-05 16:10 millert + * sudo.c: + Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD + and possibly others. + [b69d985b0d22] - * sudoers.pod: redid section describing sample sudoers stuff + * logging.c: + Don't use vsyslog(3) since HP-UX (and others?) lack it. This means + that "%m" won't be expanded but we don't use that anyway since the + logging routines may splat to stderr as well. + [8d37a544d0c0] -1996-02-05 16:10 millert + * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in, + sudoers.pod: + Add always_set_home variable + [dbcaff646e07] - * sudo.pod: fixed some formatting + * configure, configure.in: + Have to hard code default values in help since the defaults are set + _after_ the help stuff. + [7b5d6d72f55c] -1996-02-04 22:50 millert +2000-08-31 Todd C. Miller - * getspwuid.c: now treats "" as bourne shell + * lex.yy.c, parse.lex: + Allow special characters (including '#') to be embedded in pathnames + if quoted by a '\\'. The quoted chars will be dealt with by + fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'. + [3ed33cf09977] -1996-02-04 22:49 millert +2000-08-13 Todd C. Miller - * Makefile.in: TESTOBJS nwo includes wildmat.o + * install-sh: + Better path searching for programs we need. + [60517cb1f0d6] -1996-02-04 22:48 millert + * TROUBLESHOOTING: + Add section on "C compiler cannot create executables" errors. + [e4ada6eaee59] - * testsudoers.c: now works with NewArg[cv] + * Makefile.binary, Makefile.in, version.h: + Crank version + [93d1bd5b7f5e] -1996-02-04 21:59 millert + * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in, + sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, + visudo.man.in, visudo.pod: + Substitute values from configure into man pages. + [619854c356c1] - * sudo.c: removed an XXX (fixed it in getspwuid.c) +2000-08-12 Todd C. Miller -1996-02-04 21:58 millert + * parse.c, sudo.c: + The listpw and verifypw sudoers options would not take effect + because the value of the default was checked *before* sudoers was + parsed. Instead of passing in the value of PWCHECK_* to + sudoers_lookup(), pass in the arg for def_ival() so the check can be + deferred until after sudoers is parsed. + [4f596e358f72] - * aclocal.m4: added check for bourne shell +2000-08-11 Todd C. Miller -1996-02-04 21:58 millert + * tgetpass.c: + When writing prompt, no need to write the NUL as well; + hag@linnaean.org + [fbcdd7b431ee] - * pathnames.h.in: added _PATH_BSHELL +2000-06-09 Todd C. Miller -1996-02-04 21:58 millert + * install-sh: + When looking for chown, check in /sbin too + [657ba6653f8c] - * config.h.in: added _SUDO_PATH_BSHELL +2000-06-05 Todd C. Miller -1996-02-04 16:36 millert + * visudo.c: + Remove extraneous call to init_defaults() and set runas_user to NULL + betweem parses so init_defaults will reset it each time, thus + avoiding a reference to free()d data. + [7421fcd692af] - * visudo.c: unixware vi returns 256 instead of 0 +2000-06-04 Todd C. Miller -1996-02-04 16:24 millert + * config.h.in, interfaces.c, interfaces.h, sudo.c: + Add support for using getifaddrs() to get the list of ip addr / + netmask pairs. Currently IPv4-only. + [a35bc4f7306d] - * INSTALL: added Linux note + * visudo.c: + Add a missing check for UserEditor == NULL Add missing '+' before + line number when invoking editor to fix a syntax error + [f0d4635f6082] -1996-02-04 16:13 millert +2000-05-12 Todd C. Miller - * logging.c: fixed up some XXX's. file log format now looks a - little more like real syslog(3) format. + * sudo.c: + Call clean_env very early in main() for paranoia's sake. Idea from + Marc Esipovich. + [f8d72ebd0115] -1996-02-04 16:13 millert +2000-05-10 Todd C. Miller - * README, TROUBLESHOOTING: updated wrt lex/flex + * sudo.h: + Update proto for evasprintf and easprintf + [d147d6e58419] -1996-02-04 16:11 millert + * alloc.c: + Make easprintf() and evasprintf() return an int. + [b2ca5d089667] - * Makefile.in: commented out rule to build lex.yy.c from parse.lex - since we ship with a pre-flex'd parser + * check.c: + If the targetpw flag is set, use target username as part of the + timestamp path. If tty tickets are in effect cat the tty and the + target username with a ':' as the separator. + [de11abc693c2] -1996-02-04 16:09 millert +2000-05-09 Todd C. Miller - * parse.c, parse.yacc, visudo.c: path_matches -> command_matches + * auth/pam.c: + Backout part of last change; setting PAM_USER to the invoking user + breaks things like targetpw. + [427218a7387f] -1996-02-04 02:28 millert + * auth/pam.c: + set tty and username via pam_set_item + [85d1922dbcc9] - * logging.c: eliminated some strcat()'s + * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h: + Fix root, runas, and target authentication for non-passwd file auth + methods. + [a14535e7b30c] -1996-02-04 02:10 millert +2000-04-22 Todd C. Miller - * configure.in: no longer checks for lex/flex (now assumes flex) + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, + sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: + Use B<-Z> not C<-Z> for command line flags in all places. This is + more consistent and works around a bug in Pod::Man. + [64b5a05f30c5] -1996-02-04 02:08 millert + * sudoers.cat, sudoers.man.in, sudoers.pod: + Fix an occurence of 'semicolon' that should be 'colon' + [4ea5aacae3fb] - * configure.in: now checks for $kerb_dir_candidate/krb.h instead of - just kerb_dir_candidate +2000-04-19 Todd C. Miller -1996-02-02 20:48 millert + * configure, configure.in: + Fix --with-badpri help line + [3cc40977c043] - * parse.yacc: now use a 'hook' expression instead of an iffy one - :-) +2000-04-17 Todd C. Miller -1996-02-02 01:14 millert + * defaults.c, logging.c, sudo.c: + Bracket calls to syslog with an openlog() and closelog() since some + authentication methods (like PAM) may do their own logging via + syslog. Since we don't use syslog much (usually just once per + session) this doesn't really incur a performance penalty. It also + Fixes a SEGV with pam_kafs. + [fe1cc28529f6] - * visudo.c: now works with new sudo arg stuff +2000-04-15 Todd C. Miller -1996-02-02 01:14 millert + * sudo.c: + Fix -H flag. runas_homedir is only valid after + set_perms(PERM_RUNAS, mode) + [ce9b1c6f68a6] - * parse.yacc: fixed dereferencing deadbeef +2000-04-12 Todd C. Miller -1996-02-01 23:53 millert + * INSTALL: + Clarify the fact that insults are not enabled just by including them + in the binary. + [d5a31d48320c] - * sudo.c: changed an occurrence of Argv to NewArgv +2000-04-07 Todd C. Miller -1996-02-01 23:53 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + Regenerated with perl 5.6.0 pod2man + [21751433768b] - * parse.lex: took out support for quoted commands since there is no - need... + * Makefile.in: + Give date string to pod2man since its default is ugly and it ain't + got no alibi. + [0080b2f6298f] -1996-02-01 23:52 millert + * Makefile.in: + Do section substitution on the output of pod2man and remove hack + needed for old pod2man. + [1ef843d5c78b] - * parse.c: fixed a typo in a for() loop + * sudo.pod, sudoers.pod, visudo.pod: + Put back real man sections, we will do the substitution later. + [f728c1abad7e] -1996-02-01 23:52 millert +2000-04-02 Todd C. Miller - * logging.c: protected against dereferencing rogue pointers + * configure, configure.in: + Don't bother checking for the path to vi if user specified --with- + editor + [bf698487e0d5] -1996-02-01 22:34 millert +2000-04-01 Todd C. Miller - * sudo.c: now uses NewArgv amd NewArgc so cmnd_aegs is no longer - needed this also allows us to eliminate some kludges in - parse_args() and eliminate superfluous code. + * CHANGES, visudo.c: + Visudo now does its own fork/exec instead of calling system(3). + [99bbcd88863b] -1996-02-01 22:34 millert + * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in, + sudoers.pod, visudo.c: + Visudo now checks for the existence of an editor and gives a + sensible error if it does not exist. - * logging.c: no longer uses cmnd_args, now uses NewArgv instead. + The path to the editor for visudo is now a colon-separated list of + allowable editors. If the user has $EDITOR set and it matches one + of the allowed editors that editor will be used. If not, the first + editor in the list that actually exists is used. + [cc86eb9f5440] -1996-02-01 22:32 millert + * sudo.cat, sudo.man.in, sudo.pod: + Clear up confusion wrt sudo's return value. + [9385b12d8e79] - * sudo.h: added struct sudo_command, NewArgc, and NewArgv removed - cmnd_args (no longer used) +2000-03-27 Todd C. Miller -1996-02-01 22:31 millert + * Makefile.in: + Strip sudo and visudo for bindist target + [a995ddd79177] - * Makefile.in: added wildmat.c to SRCS & SUDOBJS + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, + sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: + Use @mansectsu@ and @mansectform@ in the man page bodies as well. + [5eb9e60a726f] [SUDO_1_6_3] + + * visudo.cat, visudo.man.in, visudo.pod: + Typo: @sysconf@ -> @sysconfdir@ + [f07f52fcd099] + + * Makefile.in: + 'make dist' should not cause any files to be modified so remove its + dependencies. + [7f44a2666a9c] + + * CHANGES: + Whoops, forgot to add release marker + [16c0f16b35b8] + +2000-03-26 Todd C. Miller + + * CHANGES: + Final change for 1.6.3 (or so I hope) + [473c89da6123] + + * sudo.cat, sudoers.cat, visudo.cat: + Use SYSV man sections since BSD systems will have nroff... + [0a6bd154324e] + +2000-03-24 Todd C. Miller + + * parse.yacc, sudo.tab.c: + When checking to see if the host/user matches in a defaults spec, + check against TRUE, not just non-zero since it might be -1. + [41f2b7ad3fdd] + + * configure, configure.in: + OSF/1 puts file formats in section 4, not 5. + [d77c1301afa9] + + * CHANGES, INSTALL, sudo.c: + Make login class support work on BSD/OS + [e9bbe3c08ade] + + * RUNSON: + Update for 1.6.3 + [c40ce1d76c4d] + + * configure, configure.in: + If there is no inet_addr but there *is* an __inet_addr that's ok + since inet_addr is probably just a macro then. The better thing to + do would be to look for the macro, but this is fine for now. + [1b8865ae4d68] + + * configure, configure.in: + Don't use shlicc for BSD/OS 4.x + [83fbf6dedd2c] + + * Makefile.in, configure, configure.in: + *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@ + configure variable so we can deal with this. Also, only remove *.man + for 'distclean' not 'clean'. + [30d56e6de214] + + * sudo.c: + set_loginclass() should be static like the proto says + [d570a2d55fb8] + +2000-03-23 Todd C. Miller + + * fnmatch.c: + Add #ifdef __STDC__ around the rangematch function header to avoid + promotion of test to int, thus violating the prototype. Gcc handles + this gracefully but more std ANSI compilers will complain. + [7d98c3e332b2] + + * emul/fnmatch.h: + Pull in newer fnmatch(3) that supports FNM_CASEFOLD + [4e1320852f8b] + + * aclocal.m4, configure, fnmatch.3, fnmatch.c: + Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for + FNM_CASEFOLD in configure + [9ef952bf1896] + + * CHANGES, TODO: + update for 1.6.3 + [e4ba6368a0c5] + + * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c: + Fully qualified hosts w/ wildcards were not matching the FQHOST + token type. There's really no need for a separate token for fully- + qualified vs. unqualified anymore so FQHOST is now history and + hostname_matches now decides which hostname (short or long) to check + based on whether or not the pattern contains a '.'. + [fbd2887d9811] + + * parse.h: + Fully qualified hosts w/ wildcards were not matching the FQHOST + token type. There's really no need for a separate token for fully- + qualified vs. unqualified anymore so FQHOST is now history and + hostname_matches now decides which hostname (short or long) to check + based on whether or not the pattern contains a '.'. + [dd7bbe223461] + + * lex.yy.c, parse.c, parse.lex, parse.yacc: + Fully qualified hosts w/ wildcards were not matching the FQHOST + token type. There's really no need for a separate token for fully- + qualified vs. unqualified anymore so FQHOST is now history and + hostname_matches now decides which hostname (short or long) to check + based on whether or not the pattern contains a '.'. + [630d9d205397] + + * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat, + sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c: + Add support for wildcards in the hostname. + [d8d821ed4238] + + * Makefile.in: + Add targets for *.man.in, using config.status to generate *.man from + *.man.in + [640e50ede485] + + * sudoers.cat, sudoers.man.in, sudoers.pod: + Document set_logname option and enbolden refs to sudo and visudo. + [9622b3a48707] + + * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat, + sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, + visudo.cat, visudo.man.in, visudo.pod: + Add FreeBSD login.conf support (untested on BSD/OS) based on a patch + from Michael D. Marchionna. configure now does substitution on the + man pages, allowing us to fix up the paths and set the section + correctly. Based on an idea from Michael D. Marchionna. + [463e928a0a2f] + + * auth/passwd.c: + Better fix for handling HP-UX aging info. + [3950f42d8549] + + * sudo.c: + Add support for set_logname run-time default + [c6a7cc76b8b4] + + * sudo.man.in, sudoers.man.in, visudo.man.in: + configure does substitution on these to produce *.man + [b83fc3c1bfc9] + + * sudo.man, sudoers.man, visudo.man: + These files now get generated from *.man.in at configure time. + [c499061f79e0] + +2000-03-22 Todd C. Miller + + * defaults.c, defaults.h: + Add set_logname option so users can turn off setting of LOGNAME/USER + environment variables. + [6316869180b8] + + * lsearch.c, parse.c, testsudoers.c: + kill register + [6e104e653748] + +2000-03-13 Todd C. Miller + + * auth/passwd.c: + HP-UX adds extra info at the end for password aging so when + comparing the result of crypt to pw_passwd we only compare the first + len(epass) bytes *unless* the user entered an empty string for a + password. + [3d24d4e4e889] + + * logging.c: + Get rid of grandchild hack, it was causing problems and there is + really no need for it. This fixes a bug where we spin eating up CPU + when the user runs a long-running process like a shell. + [5743b10b1e81] + +2000-03-07 Todd C. Miller + + * sudo.c: + User can always specify a login class if he/she is already root. + [710d160cef9f] -1996-02-01 22:30 millert + * config.h.in, configure, configure.in, defaults.c, defaults.h, + sudo.c, sudo.h: + FreeBSD login class (login.conf) support. + [026b981d6328] - * parse.yacc: COMMAND is now a struct containing the path and args +2000-03-06 Todd C. Miller -1996-02-01 22:30 millert + * auth/sudo_auth.c: + HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support + [9cd4929f1a78] - * parse.lex: replaced append() with fill_cmnd() and fill_args. - command args from a sudoers entry are now stored in an arrary for - easy matching. +2000-03-03 Todd C. Miller -1996-02-01 22:28 millert + * auth/passwd.c: + Truncate unencrypted password to 8 chars if encrypted password is + exactly 13 characters (indicateing standard a DES password). Many + versions of crypt() do this for you, but not all (like HP-UX's). + [a9d0259cb193] - * parse.c: command line args from sudoers file are now in an array - like ones passed in from the command line +2000-03-02 Todd C. Miller -1996-01-31 20:59 millert + * INSTALL, RUNSON: + Mention that gcc on dynix may have problems + [77b97fa5bf1b] - * parse.c: wildwat stuff now works +2000-02-29 Todd C. Miller -1996-01-29 00:44 millert + * Makefile.in: + Link visudo with NET_LIBS since we now call syslog via defaults.c + [9e3830b277cc] - * version.h: ++version + * defaults.c: + Use Argv[0] as the first arg to openlog() since visudo uses this + too. + [e61078f328ec] -1996-01-29 00:44 millert +2000-02-28 Todd C. Miller - * Makefile.in: ++version added wildmat.* + * sudo.c: + Stash coredumpsize resource limit and retsore it before the exec() + Otherwise the child ends up with a coredumpsize of 0. + [f6a4783835a3] -1996-01-28 17:55 millert +2000-02-27 Todd C. Miller - * parse.lex: added support for quoted commands (w/ or w/o args) + * sudo.cat, sudo.man, sudo.pod: + document -S flag + [3ebd805b7142] -1996-01-22 01:55 millert + * sudo.c: + fix usage string + [66b2dfa47fe8] - * sudo.pod, visudo.pod: cleaned up formatting + * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c, + auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c: + Added -S flag (read passwd from stdin) and tgetpass_flags global + that holds flags to be passed in to tgetpass(). Change echo_off + param to tgetpass() into a flags field. There are currently 2 + possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In + tgetpass(), abstract the echo set/clear via macros and if (flags & + TGP_ECHO) but echo is not set on the terminal, but sure to set it. + [a4fcbb712cd0] -1996-01-21 20:53 millert + * tgetpass.c: + Fixed a bug that caused an infinite loop when the password timeout + was disabled. + [2be1ffc5a39f] - * sudo.pod, visudo.pod: Initial revision +2000-02-18 Todd C. Miller -1996-01-21 02:07 millert + * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h, + sudoers.cat, sudoers.man, sudoers.pod, visudo.c: + Add rootpw, runaspw, and targetpw options. + [2d4563e46df7] - * sudoers.pod: looks reasonable, could be mroe readable + * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod, + visudo.c: + enveditor -> env_editor + [ddc5f856e583] -1996-01-20 23:47 millert +2000-02-16 Todd C. Miller - * sudoers.pod: Initial revision + * BUGS, INSTALL, Makefile.in, README, configure, configure.in, + sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat, + visudo.man: + crank versino to 1.6.3 + [a5f7d3e74360] -1996-01-16 14:38 millert + * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man, + sudoers.pod, visudo.c: + Add 'editor' and 'enveditor' sudoers defaults and make visudo honor + them. This means that visudo will now parse the sudoers file + *before* it is edited so a bogus sudoers file will cause a warning + to go to stderr. Also, visudo checks the variables once--it does not + check them after each editor run since that could be confusing. + [9f5af18e9212] - * RUNSON: updated +2000-02-15 Todd C. Miller -1996-01-16 14:37 millert + * RUNSON: + 1.6.2 -> 1.6.2p1 + [e25b74f1d1af] - * OPTIONS: updated NO_ROOT_SUDO entry + * check.c, sudo.c, sudo.h: + Move user_is_exempt prototype into sudo.h + [daf26a6ded8a] -1996-01-15 11:37 millert +2000-02-13 Todd C. Miller - * RUNSON: [no log message] + * configure, configure.in: + Fix thinko, some && should have been || in the last commit + [4b9b2d487ded] -1996-01-15 11:34 millert + * configure, configure.in: + Don't initialized Makefile variables to be NULL since the user may + want to import variables from their environment. + [7be019f4422c] - * sudo.c: fixed SECURE_PATH +2000-02-04 Todd C. Miller -1996-01-14 20:55 millert + * configure, configure.in: + typo + [38f4d8971f0a] - * RUNSON: udpa`ted for 1.4 +2000-01-28 Todd C. Miller -1996-01-14 20:52 millert + * sudo.tab.c: + fix a yacc (skeleton.c) warning + [a2da228a937b] - * configure.in: AIX aixcrypt.exp now uses $(srcdir) +2000-01-27 Todd C. Miller -1996-01-14 20:32 millert + * INSTALL, RUNSON, configure, configure.in: + Make pam work on HP-UX 11.0;jaearick@colby.edu + [b94de0ff6f42] - * TROUBLESHOOTING: added entry for anal ansi compilers + * CHANGES: + recent changes; prepare for 1.6.2p1 + [b291635ea141] -1996-01-14 16:13 millert + * find_path.c: + Don't apply SECURE_PATH if user is example; jmknoble@pobox.com + [4306285c4f6e] - * INSTALL: added info on libcrypt_i for SCO +2000-01-26 Todd C. Miller -1996-01-14 16:05 millert + * sudo.tab.c: + Regen with yacc that has a memory leak plugged. + [e26383a04eb7] - * TODO: [no log message] + * sudoers.cat, sudoers.man, sudoers.pod: + Expanded docs on sudoers 'defaults' options based on INSTALL file + info. + [54c3d62d6c74] -1996-01-14 15:39 millert + * INSTALL: + Fix some while lies + [d15311782150] - * sample.sudoers: added comments +2000-01-24 Todd C. Miller -1996-01-14 15:25 millert + * Makefile.in: + When making a bindist, link FAQ to TROUBLESHOOTING instead of + copying. + [2d88a6ac88cf] - * TODO: 1.4 release + * sudoers.cat, sudoers.man, sudoers.pod: + Add netgroup caveat + [28d119f466e3] [SUDO_1_6_2] -1996-01-14 15:22 millert + * RUNSON: + Last minute updates + [89fb4ed22d52] - * README, config.h.in, configure.in, CHANGES: ++version + * TROUBLESHOOTING: + PAM entry + [a9fd59f39457] -1996-01-14 15:21 millert + * auth/pam.c: + correct a comment + [a29627225ba9] - * BUGS: ++version and fixed ISC + * CHANGES, RUNSON: + update for 1.6.2 + [b7f1c40ea732] -1996-01-14 15:19 millert + * auth/pam.c: + Better detection of PAM errors and fix custom prompts with PAM. + Based on patches from "Cloyce D. Spradling" + [ff69234b94a5] - * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, - getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, - ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h, - logging.c, putenv.c, strdup.c, sudo.c, sudo_setenv.c, - testsudoers.c, tgetpass.c, utime.c, visudo.c, INSTALL, OPTIONS: - ++version +2000-01-20 Todd C. Miller -1996-01-14 15:16 millert + * snprintf.c: + Cast ULONG_MAX to unsigned long long when comparing to an unsigned + long long value. + [9d918c3a2ecd] - * interfaces.c: added STUB_LOAD_INTERFACES ++version +2000-01-19 Todd C. Miller -1996-01-14 15:14 millert + * CHANGES, config.h.in, configure, configure.in, visudo.c: + Fix sudoers locking in visudo. We now lock the sudoers file itself, + not the temp file (since locking the temp file can foul up editors). + The previous locking scheme didn't work because the fd was closed + too early. + [de2011bb11ed] - * Makefile.in, version.h, parse.c, parse.lex, parse.yacc, - emul/utime.h: ++version + * config.h.in, configure, configure.in: + Don't need test for ftruncate() any more. + [e5f71c848104] -1996-01-14 15:13 millert + * configure, configure.in: + Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with + the unbundled HP-UX cc. + [2c373612c644] - * PORTING: added info about fd_set in tgetpass added info on - interfaces.c +2000-01-18 Todd C. Miller -1996-01-11 13:22 millert + * sudoers.cat, sudoers.man, sudoers.pod: + "a a" -> "a"; Aaron Campbell + [05360d2c314e] - * dce_pwent.c: added sudo header +2000-01-17 Todd C. Miller -1996-01-11 13:04 millert + * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h, + parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c, + version.h, visudo.c: + update copyright year on changed files + [5792a2a28a4c] - * tgetpass.c: fixed a typo + * RUNSON: + updates + [edf8f19aa403] -1996-01-11 13:01 millert + * CHANGES: + aix fix + [4d4a243b31e2] - * Makefile.in: tgetpass.o is now only linked in with sudo (not - visudo) + * INSTALL: + Crank version to 1.6.2 + [bcb5cb411624] -1996-01-09 12:56 millert + * configure: + Crank version to 1.6.2 + [32a19f33427f] - * BUGS, INSTALL, OPTIONS, README, Makefile.in, config.h.in, - configure.in: ++version + * sudo.c: + When using rlimit check for RLIM_INFINITY When computing the value + of maxfd, use min(getdtablesize(), RLIMIT_NOFILE) + [8c16166802e5] -1996-01-09 12:54 millert + * CHANGES: + recent changes + [09fc7112e44d] - * emul/utime.h: added copyright notice + * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man, + sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man: + Crank version to 1.6.2 + [055fa61a7c61] + + * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: + Add 'shell_noargs' runtime option back in. We have to defer + checking until after the sudoers file has been parsed but since + there are now other options that operate that way this one can too. + Based on a patch from bguillory@email.com. + [231db7a007a6] + + * defaults.c, defaults.h, parse.c, sudo.c, sudo.h: + Add "listpw" and "verifypw" options. + [190683bac878] + + * sudoers.cat, sudoers.man, sudoers.pod: + o Fix some typos/omissions o Add section on verifypw and listpw o + Define how NOPASSWD interacts with the -v and -l flags + [6feb7350eb79] + +2000-01-14 Todd C. Miller + + * configure, configure.in: + For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add + -D_HPUX_SOURCE to CPPFLAGS. + [06cc35d89dc8] + + * defaults.c, defaults.h: + In struct sudo_defs_types, move the union to the end and don't + initialize the union member since that only works with an ANSI + compiler. We set the value of the union by hand in init_defaults() + anyway. This allows sudo to compile on a K&R compiler again. + [623487e1fcfa] + +2000-01-11 Todd C. Miller + + * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c: + netgr_matches needs to check shost as well as host since they may be + different. + [3f43ace23d3e] + + * tgetpass.c: + End on \r as well as \n + [cb7c6e6f4202] + +2000-01-03 Todd C. Miller + + * sudo.c: + Update statbuf.st_mode based on SUDOERS_MODE when we are chaning + from 0400 to whatever SUDOERS_MODE is (converting from the old + sudoers mode). Assumes that SUDOERS_MODE is less restrictive than + 0400 which should always be the case. + [34cd83d49d20] + + * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c: + Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l + w/o a passwd if there is *any* entry for the user on the host with a + NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for + the user on the host w/ the specified runas user have the NOPASSWD + flag set. + [4b3b85697653] + + * Makefile.in: + add check target + [3d24d34a76fd] + +1999-12-16 Todd C. Miller + + * visudo.c: + Treat EOF at whatnow prompt like 'x' instead of looping. + [5deffc27114c] + +1999-12-10 Todd C. Miller + + * CHANGES: + recent changes + [5836a9452568] [SUDO_1_6_1] + +1999-12-09 Todd C. Miller + + * config.h.in, configure, configure.in, sudo.c: + Add check for initgroups() since old SYSV lacks this. + [657a6005a569] + + * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in, + parse.c, testsudoers.c: + o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if + exists. + [17d081e917d6] + +1999-12-06 Todd C. Miller + + * auth/sudo_auth.c: + Don't allow insults to be enabled if the insults[] array is empty. + Otherwise there would be division by zero. + [b20c14db6029] + + * insults.h: + Don't allow insults to be enabled if the insults[] array is empty. + Otherwise there would be division by zero. + [028f130204b0] + + * CHANGES, RUNSON: + Don't allow insults to be enabled if the insults[] array is empty. + Otherwise there would be division by zero. + [974f4780254b] + + * insults.h: + Don't care about USE_INSULTS #define since the insult stuff may be + overridden at runtime. + [b873df8b299c] + + * auth/sudo_auth.c: + Honor insults flag. + [756111640fdc] + + * CHANGES, parse.c: + Don't ask the user for a password if the user is not allowed to run + the command and the authenticate flag (in sudoers) is false. + [cea9fdc09c76] + + * CHANGES, RUNSON, lex.yy.c, parse.lex: + o Whenever we get a bare newline we change to the INITIAL state. o + Enter GOTRUNAS when we see Runas_Alias + + This allows #uid to work in a RunasAlias. + [a475513e7c7a] + +1999-12-05 Todd C. Miller + + * CHANGES, parse.yacc, sudo.tab.c: + fix parsing of runas lists: o oprunasuser and runaslist now return a + value o in a runasspec, if a runaslist does not return TRUE, set + runas_matches to FALSE. Normally, a runaslist only returns FALSE + for explicitly denied users. o since runaslist does not modify the + stack there is no need for a push/pop in runasalias. + [82b305b34a8c] + + * check.c, sudo.c: + Don't kill the user's tickets until after sudoers has been parsed + since tty_tickets and ticket_dir could be set in sudoers. + [f43e25367f3a] -1996-01-09 12:52 millert + * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON, + configure, configure.in, sudo.cat, sudo.man, sudoers.cat, + sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man: + crank version to 1.6 + [95f8bdcf9bb2] - * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c: ++version + * testsudoers.c: + add set_fqdn() stub + [bbc81af5b41a] -1996-01-09 12:46 millert +1999-12-02 Todd C. Miller - * tgetpass.c: minor cleanup and now includes sys/bsdtypes for - svr4'ish boxen + * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat, + sudoers.man, sudoers.pod, visudo.c: + o Kill shell_noargs option, it cannot work since the command needs + to be set before sudoers is parsed. o Fix the "set_home" sudoers + option (only worked at compile time). o Fix "fqdn" sudoers option. + We now set host/shost via set_fqdn which gets called when the + "fqdn" option is set in sudoers. o Move the openlog() to + store_syslogfac() so this gets overridden correctly from the + sudoers file. + [3dca861f0f5d] -1996-01-09 12:42 millert + * auth/securid.c: + SecurID support should compile now. + [a544e5c6ea34] - * configure.in: ISC now gets -lcrypt now check for sys/bsdtypes.h +1999-11-29 Todd C. Miller -1996-01-09 12:41 millert + * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat, + visudo.man, visudo.pod: + fix some syntactic goofs + [b3451f0d5239] - * config.h.in: added check for sys/bsdtypes.h +1999-11-28 Todd C. Miller -1996-01-07 16:00 millert + * Makefile.in, sudo.html, sudoers.html, visudo.html: + No longer need the .html files as they are generated automatically + on the web site. + [1b4aa4204584] - * parse.yacc: removed debugging stuff (setting freed ptr to NULL) + * CHANGES, LICENSE: + kill characters that made wml unhappy + [b988fbc6da56] -1996-01-07 15:55 millert + * HISTORY: + typo + [a418963f7fce] - * TROUBLESHOOTING: added 2 entries +1999-11-25 Todd C. Miller -1996-01-07 15:55 millert + * README: + majordomo@cs.colorado.edu -> majordomo@courtesan.com + [5d151e8ffd3b] - * Makefile.in: added FAQ + * Makefile.in, configure: + Wrap script execution w/ /bin/sh for the benefit of ctm + [3a9c4766b2c3] -1996-01-07 14:26 millert +1999-11-24 Todd C. Miller - * TROUBLESHOOTING: added section on syslog + * sudo.c: + Make the -s flag be exclusive too. Also reorder the flags in the + exclusive usage message so they are alphabetical. + [4c7af200db34] -1996-01-07 14:25 millert +1999-11-23 Todd C. Miller - * configure.in: added AC_ISC_POSIX for better ISC support + * auth/pam.c: + make pam errors other than PAM_PERM_DENIED fatal + [64bcb3fd2baf] -1996-01-07 14:25 millert + * auth/API: + fix typo + [f3134c88b12e] - * config.h.in: fixed typo + * INSTALL: + make it clear that /etc/pam.d/sudo is required on linux + [213cc3eaad82] -1996-01-07 14:25 millert + * auth/pam.c: + fix a warning on redhat and spew an error if pam_authenticate() + returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED + [7e46dd19da89] - * config.h.in: added define for _POSIX_SOURCE + * sudo.cat, sudo.html, sudo.man, sudo.pod: + Be very clear that the password required is the user's not root's + [a6da127347e5] -1996-01-04 00:41 millert +1999-11-20 Todd C. Miller - * configure.in: fixed check for lsearch() + * Makefile.in: + add sample.syslog.conf to DISTFILES and BINFILES + [8661c27c007e] -1995-12-21 21:53 millert +1999-11-19 Todd C. Miller - * interfaces.c: fixed for AIX now deal if num_interfaces == 0 - (should not happen) + * RUNSON: + updates from Brian Jackson + some formatting + [6d31c6fa63f8] -1995-12-20 17:02 millert +1999-11-18 Todd C. Miller - * configure.in: now only define HAVE_LSEARCH if there is a - corresponding search.h + * INSTALL.binary, Makefile.binary, README, RUNSON: + o One RUNSon update o Changes for automating real binary releases + [dd9585f4406c] -1995-12-20 15:52 millert + * Makefile.in: + Add bindist target + [546ed3fa94bb] - * interfaces.c: works on ISC again +1999-11-16 Todd C. Miller -1995-12-18 17:36 millert + * TROUBLESHOOTING: + talk about run-time options in addition to compile-time options + [1eb813ff0a9a] [SUDO_1_6_0] - * configure.in: now define HAVE_LSEARCH if we find lsearch() in - libcompat + * CHANGES: + fix typos + [65e92bb70a7b] -1995-12-18 17:32 millert + * sudo.c: + need sys/time.h if HAVE_SETRLIMIT + [ce31655a8a60] - * lsearch.c: char * -> const char * + * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man, + sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod: + get rid of references to sudo-bugs. Now mention the web site or the + sudo@ alias + [a9db861fd8c6] -1995-12-18 17:29 millert + * sudoers.html: + repair pod2html damage + [62ece4277f1f] - * configure.in: now looks in -lcompat for lsearch() + * RUNSON, TODO: + Update for 1.6 release + [98569c57ba2a] + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + Add warning about using ALL in a command context. + [6c77685ab280] + +1999-11-09 Todd C. Miller + + * visudo.c: + Call yyrestart() on a parse error to reset the lexer state. + [1370a27acdb2] -1995-12-18 17:23 millert + * lex.yy.c, parse.lex: + Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c + since it might not get called in yywrap if we get a parse error + (and we only reread the file on error anyway). + [37f4b449e28e] + + * lex.yy.c, parse.lex: + Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that + might still exist. Call yyrestart() instead of using the deprecated + YY_NEW_FILE macro. + [7d0d873046c6] - * Makefile.in: remove sudo.core visudo.core for clan target + * lex.yy.c, parse.lex: + flex doesn't need %N table size declarations + [268b020fd60a] -1995-12-17 22:53 millert + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + Mention what characters need to be escaped in names. + [72ccbb6b0f31] - * aclocal.m4: added UID_MAX support in check for MAX_UID_T_LEN +1999-11-08 Todd C. Miller -1995-12-17 22:36 millert + * configure: + regen + [65827abb5c7b] + + * INSTALL: + clarify Mac OS X entry + [8da1549a71f5] - * Makefile.in: fixed another occurence of sudo_getpwuid.* + * RUNSON: + update + [0cff8df7459f] -1995-12-17 22:30 millert + * configure.in: + o Use AC_MSG_ERROR throughout o Check syslog configure options for + danity + [4cb81e642e5c] - * getspwuid.c, Makefile.in: sudo_getpwuid.c -> getspwuid.c +1999-11-05 Todd C. Miller + + * defaults.c: + Fix printing of type T_MODE in dump_defaults() + [a868bb6f5515] -1995-12-17 22:22 millert + * strcasecmp.c: + missing sys/types.h + [ca694ca325b6] - * configure.in: moved the "echo" + * INSTALL: + Break out options that may be overridden at run time into their own + section. Add a not about Max OS X and correct some lies. + [d8bcfd120593] -1995-12-17 22:09 millert +1999-11-04 Todd C. Miller - * CHANGES, BUGS, INSTALL, Makefile.in, OPTIONS, README, check.c, - compat.h, config.h.in, configure.in, find_path.c, getspwuid.c, - getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, - ins_goons.h, insults.h, interfaces.c, logging.c, options.h, - parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, - strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, - tgetpass.c, utime.c, version.h, visudo.c: ++version + * CHANGES, config.h.in, configure, configure.in, sudo.c: + o Now use getrlimit to find the highest fd when closing all non-std + fd's o Turn off core dumps via setrlimit for the sake of paranoia + [dd9f651b6def] -1995-12-17 22:04 millert + * RUNSON: + updates + [f581841fe615] - * testsudoers.c: added group support +1999-11-01 Todd C. Miller -1995-12-17 22:00 millert + * CHANGES: + updates + [553baa1d44c7] - * sample.sudoers: added group entry + * tgetpass.c: + When read()'ing, do a single character at a time to be sure we don't + go oast the newline. + [907d33f55bb4] -1995-12-17 21:59 millert + * sudo.c: + For the sudo_root option, check against user_uid, not getuid() since + at this point, ruid == euid == 0. + [92d5c51939b4] - * sudoers.man: documented group support + * RUNSON: + some updates + [e3ed0c1f312b] -1995-12-17 21:50 millert + * logging.h: + Fix compilation problem when --with-logging=file was specified. + This means that syslog is now required to build sudo but that should + not be a problem. If it is it can be fixed trivially with a + configure check for syslog() or syslog.h. + [839a4b069190] - * parse.c, parse.lex, visudo.c, parse.yacc: added group support + * tgetpass.c: + Make this work again for things like "sudo echo hi | more" where the + tty gets put into character at a time mode. We read until we read + end of line or we run out of space (similar to fgets(3)). + [c8f746df2e63] -1995-12-15 17:45 millert +1999-10-20 Todd C. Miller - * check.c: tkfile was too short and overflowed the kerberos realm + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + change ital to bold + [f860978e530a] -1995-12-11 17:09 millert + * RUNSON: + update + [9bcfbb405568] - * sudo.c: now copy command args directly from Argv +1999-10-16 Todd C. Miller -1995-12-11 15:55 millert + * defaults.c: + Error out if syslog parameters are given without a value. For + Ultrix or 4.2BSD "syslog" is allowed without a value since there are + no facilities in the 4.2BSD syslog. + [69e7a686f5f0] - * sudo.c: replaced code to copy cmnd_args so that is does not use - realloc since most realloc()'s really stink +1999-10-15 Todd C. Miller -1995-12-08 14:11 millert + * defaults.c: + Ignore the syslog facility for systems w/ old syslog like Ultrix. + [5c250adbbb84] - * configure.in: syslog() fixed in hpux 10.01 + * TROUBLESHOOTING: + people with "." early in their path can have problems running sudo + from the build dir ;-) + [20a1744a24a4] -1995-12-06 17:45 millert +1999-10-13 Todd C. Miller - * configure.in: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS - if appropriate) + * sudo.cat, sudo.html, sudo.man, sudo.pod: + Remove -r realm option + [127caa537f95] -1995-12-06 17:30 millert + * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure, + configure.in, sudo.c: + New krb5 code from Frank Cusack . + [7177a3893a62] - * configure.in: better error if cannot find skey incs or libs + * CHANGES: + update to reality + [766cfbb512d6] -1995-12-06 17:26 millert +1999-10-12 Todd C. Miller - * aclocal.m4: now use a temp file for determining max len of uid_t - in string form. the old hacky way broke on netbsd + * auth/fwtk.c: + include to get function prototypes. + [d6c7c12d09fe] -1995-12-05 19:02 millert + * sudo.cat, sudo.html, sudo.man, sudo.pod: + document -L flag + [dc803e1ce0d7] - * sudo.c: added set of parens and a space +1999-10-11 Todd C. Miller -1995-12-05 18:58 millert + * sudo.c: + in set_perms(), always call setuid(0) before changing the ruid/euid + so we always know it will succeed. + [8cced1b862bf] - * dce_pwent.c: fixes from Jeff Earickson , + * defaults.h: + #undef T_FOO to avoid conflicts with system defines (like on + ULTRIX). + [d9f0aac092b0] -1995-12-05 18:58 millert + * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man, + sudoers.pod: + Docuement "Defaults" lines in /etc/sudoers. Still needs some + fleshing out but this is a start. + [521a1e629bbc] - * check.c: modified a comment +1999-10-10 Todd C. Miller -1995-12-05 18:57 millert + * use strtol, not strtoul since not everyone has not strtoul + [988462f093cc] - * Makefile.in: fixed up testsudoers target + * defaults.c: + use strtol, not strtoul since not everyone has not strtoul + [fce835ce62e3] + + * lex.yy.c, parse.lex: + last {WORD} rule should only apply in the INITIAL state + [9b57570bfa83] + + * lex.yy.c, parse.lex: + o Add support for escaped characters in the WORD macro o Modify + fill() to squash escape chars + [87572d59e4e0] -1995-12-05 18:56 millert + * defaults.c, defaults.h: + o Add T_PATH flag to allow simple sanity checks for default values + that are supposed to be pathnames. o Fix a duplicate free when + visudo finds an error. + [bdc6855a6c6d] - * configure.in: DCE changes from Jeff Earickson - LIBS -> SUDO_LIBS and VISUDO_LIBS LDFLAGS -> - SUDO_FDFLAGS and VISUDO_LDFLAGS +1999-10-09 Todd C. Miller -1995-12-05 18:17 millert + * defaults.c, defaults.h, logging.c: + mail_if_foo -> mail_foo + [cbee9415875d] - * Makefile.in: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> - SUDO_LDFLAGS, VISUDO_LDFLAGS +1999-10-08 Todd C. Miller -1995-11-27 23:32 millert + * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c: + o Add requiretty option o Move O_NOCTTY to compat.h + [65b8bf0e1795] - * configure.in: fix for C2 on hpux 10 now uses -linet if it exists + * logging.c: + The exit() in log_error() was mistakenly removed in a previous + version. Put it back... + [9473449130a4] -1995-11-27 23:17 millert +1999-10-07 Todd C. Miller - * check.c: LONG_SKEY_PROMPT is less of a klusge / + * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c, + auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in, + configure, configure.in, defaults.c, defaults.h, find_path.c, + getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c: + o Change defaults stuff to put the value right in the struct. o + Implement mailer_flags o Store syslog stuff both in int and string + form. Setting the string form magically updates the int version. + o Add boolean attribute to strings where it makes sense to say !foo + [4698953f9a36] -1995-11-27 23:17 millert + * tgetpass.c: + add O_NOCTTY when opening /dev/tty just in case + [4c6d1d1bb300] - * configure.in: fixed typos w/ dce stuff +1999-10-06 Todd C. Miller -1995-11-27 23:14 millert + * auth/API: + cleanup function no longer takes a status arg + [0819edbfe7f8] - * Makefile.in: added dce_pwent.c + * INSTALL: + the the + [19aadb65ea28] -1995-11-26 13:48 millert +1999-09-15 Todd C. Miller - * INSTALL: amended section on combining authentication mechanisms + * TODO, config.h.in, configure, configure.in, logging.c: + Use strftime() instead of ctime() if it is available. + [fb60ea63b514] -1995-11-26 13:48 millert +1999-09-14 Todd C. Miller - * PORTING: minor updates for 1.3.6 + * defaults.c: + fix copyright date + [4a53b54aa72f] -1995-11-26 13:47 millert + * RUNSON: + update ReliantUNIX entry + [de618a4f67d9] - * TROUBLESHOOTING: added 2 more entries + * defaults.c, defaults.h, logging.c: + add log_year option + [251a9e20568a] -1995-11-26 13:39 millert + * configure, configure.in: + add --without-sendmail to help output + [93162f199902] - * BUGS: updated for 1.3.6 + * configure, configure.in: + enforce an otctal arg for --with-suoders-mode + [45e1b04ccad3] -1995-11-26 13:39 millert +1999-09-08 Todd C. Miller - * README: overhauled + * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c, + auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c, + auth/sudo_auth.c, check.c, config.h.in, configure, configure.in, + defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h, + parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, + testsudoers.c, version.c, visudo.c: + Add support for "Defaults" line in sudoers to make configuration + variables changable at runtime (and on a global, per-host and per- + user basis). Both the names and the internal representation are + still subject to change. It was necessary to make sudo_user.runas + but a char ** instead of a char * since this value can be changed by + a Defaults line. There is a similar (but more complicated) issue + with sudo_user.prompt but it is handled differently at the moment. -1995-11-25 21:23 millert + Add a "-L" flag to list the name of options with their descriptions. + This may only be temporary. - * INSTALL: rewrote for sudo 1.3.6 + Move some prototypes to parse.h -1995-11-25 21:23 millert + Be much less restrictive on what is allowed for a username. + [f71abf7ba80c] - * TROUBLESHOOTING: added 3 entries + * sample.syslog.conf: + Add more info + [e952e6f42d4d] -1995-11-25 13:53 millert +1999-09-04 Todd C. Miller - * find_path.c, getspwuid.c, sudo.c: added explict casts for strdup - since many includes don't prototype it. gag me. + * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c, + strcasecmp.c: + UCB has dropped the advertising clause from their license. + [a5602b36a341] -1995-11-25 13:23 millert +1999-08-31 Todd C. Miller - * sudo.h: removed prototype for sudo_getpwuid() since convex C - compiler choked on it. + * auth/sudo_auth.h: + move dce_verofy proto to correct section + [972c815af558] -1995-11-25 13:23 millert + * auth/dce.c: + remove XXX + [820631855be0] - * sudo.c: added prototype for sudo_getpwuid() +1999-08-28 Todd C. Miller + + * emul/fnmatch.h: + Add fnmatch() prototype + [79e84576d92a] -1995-11-25 13:23 millert + * fnmatch.c, parse.c, testsudoers.c: + Move inclusion of emul/fnmatch.h to be after sudo.h for __P + [1182c89fa811] - * lsearch.c: now compiles on strict ANSI compilers + * sudo.h: + add strcasecmp proto + [512d1d8a6a0c] -1995-11-24 23:56 millert + * auth/sudo_auth.c: + add check for case where there are no auth methods + [e4af2b91b43e] - * check.c: added LONG_SKEY_PROMPT support + * configure, configure.in: + Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on + SunOS4 w/ gcc + [746ce8bcec23] -1995-11-24 23:55 millert + * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c: + include strings.h everywhere we include string.h + [6f7d5d437e7b] - * Makefile.in: added extra $'s for make to eat up, yum. + * version.c: + nicer output when showing auth methods + [0eac4b977f9d] + + * version.c: + Add support for SEND_MAIL_WHEN_NO_HOST + [9f20a3a3fae6] + + * config.h.in, configure, configure.in: + Add _GNU_SOURCE for Linux + [c7bd8c511847] + + * lex.yy.c, parse.lex: + fix definition of OCTECT + [4af30e63244d] + + * configure, configure.in: + aix_auth.o not authenticate.o + [fe95dfb08df4] + +1999-08-27 Todd C. Miller + + * sudo.c: + Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the + keyboard). Since we run with ruid/euid == 0 the user can't really + signal us in nasty ways. + [a7f6487c0f48] + + * visudo.c: + Don't need to worry about catching too many signals since we do + locking on the tmp file. If a lockfile is really stale, it will be + detected and overwritten. + [28983db3e749] + + * INSTALL, Makefile.in: + include auth/API in tarball + [014991600252] + + * auth/sudo_auth.c: + move memset() of plaintext pw outside of verify loop and only do the + memset if we are *not* in standalone mode. + [66f8e87567e2] -1995-11-24 23:38 millert + * auth/sudo_auth.c, auth/sudo_auth.h: + DCE is not a standalone method + [34963e2d8a1b] - * OPTIONS, options.h: added LONG_SKEY_PROMPT + * sudo.c: + fix --enable-noargs-shell + [4234062abbb0] + + * snprintf.c: + "#ifdef __STDC__" not "#if __STDC__" (I missed one) + [c430b80454c6] + + * auth/fwtk.c, auth/sia.c: + _cleanup() function returns an int. + [d1a1cc071ec1] + + * auth/dce.c: + there were still some return(0)'s hanging around, make them + AUTH_FAILURE + [1002aa1962c3] + + * parse.c: + typo in comment + [5abc410dbfd2] + + * version.c: + add missing semicolon + [a262283b52a5] + + * auth/sudo_auth.h: + missing backslash + [bf89f6bd2900] + +1999-08-26 Todd C. Miller + + * CHANGES, config.h.in, configure, configure.in: + Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes + [f1a9bca0cf67] + + * Makefile.in: + add parse.h to HDRS + [a3d054987766] + + * Makefile.in, configure, configure.in: + Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and + LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and + network libs like -lsocket, -lnsl go in NET_LIBS. This allows + testsudoers to build on Solaris and is a bit cleaner in general. + [4e6239e97002] + + * UPGRADE: + mention ptmp -> sudoers.tmp + [ec3baa0fe8a1] + + * config.h.in, configure, configure.in: + Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE + [6f93dc7f39f5] + + * RUNSON: + add 2 reports + [ce0fcc00ee4e] + + * auth/kerb5.c: + Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to + return a value more like a system function + [0dd56aa21424] + + * auth/dce.c: + Add an XXX + [58fc8562c212] + + * TODO: + more things todo! + [5a459d0cf339] + + * sample.sudoers: + update based on what is in the man page + [1a0477db96fa] + + * parse.yacc, sudo.tab.c: + minor change to first line printed in -l mode + [69eb57d96952] + + * sudo.cat, sudo.html, sudo.man, sudo.pod: + rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more + standard and add "EXAMPLES" section + [7e543335ebe1] + + * visudo.cat, visudo.html, visudo.man, visudo.pod: + rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more + standard + [f82d87ed65c2] + + * logging.c, parse.c, sudo.h: + add FLAG_NO_CHECK + [c7d69176a2d7] + + * lex.yy.c, parse.lex: + make an OCTET really be limited to 0-255 + [6ee568dd6a02] + + * UPGRADE: + mention timestamp changes + [e44d5302bf60] + + * PORTING: + cosmetic cleanup + [36fa3a2664dd] + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + new sudoers(8) man page + [e674d06283d0] + +1999-08-24 Todd C. Miller + + * version.c: + Update comments about syslog name tables + [63830a782dcb] + + * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc, + strcasecmp.c, sudo.tab.c: + include strcasecmp() for those without it + [a0d8e2488bbc] -1995-11-24 18:48 millert + * sample.sudoers: + Use the : operator some more and fix a typo + [18804c70da86] - * check.c: s/key support now works with normal s/key as well as - logdaemon + * HISTORY: + update the history of sudo + [9d9b3d5279b3] -1995-11-24 18:46 millert + * parse.c, parse.lex, testsudoers.c: + CIDR-style netmask support + [768644467353] + + * CHANGES: + recent changes + [a4319e9d07cb] + + * sudo.tab.c, sudo.tab.h: + these should be generated with byacc, not bison + [f57b9489b752] + + * lex.yy.c: + regen + [522461f95dfa] - * options.h, OPTIONS: added SKEY_ONLY + * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h: + In "sudo -l" mode, the type of the stored (expanded) alias was not + stored with the contents. This could lead to incorrect output if + the sudoers file had different alias types with the same name. + Normal parsing (ie: not in '-l' mode) is unaffected. + [823fe2bc4b79] + +1999-08-23 Todd C. Miller -1995-11-24 18:46 millert + * configure, configure.in: + define _XOPEN_SOURCE to get at crypt() proto on some systems + [1b3769b86fb9] - * compat.h: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY +1999-08-22 Todd C. Miller + + * snprintf.c: + fix comment + [fc1264df00f7] -1995-11-24 00:42 millert + * tgetpass.c: + don't need limits.h + [f1631829af45] - * INSTALL: added DCE note added more AIX notes + * snprintf.c: + kill bogus reference to vfprintf + [a0b99b25d389] -1995-11-24 00:39 millert + * sample.sudoers, sudoers: + better examples + [b4d87ea64cc8] - * sudo.c: now include pthread.h for DCE support + * snprintf.c: + Add some const in the K&R defs. This is safe since we define const + away if the compiler doesn't grok it. + [614d6e83d45e] -1995-11-23 22:22 millert + * aclocal.m4, configure: + Better test for working long long support. Ultrix compiler supports + basic long long but not all operations on them. + [5da1508710ed] - * check.c: dce_pwent() is ok after all ., + * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c, + snprintf.c, sudo.c: + Add check for LONG_IS_QUAD #undef MAXINT before including + hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX + in snprintf.c and use LONG_IS_QUAD + [a1f7993367fc] -1995-11-23 22:21 millert +1999-08-21 Todd C. Miller - * logging.c: now uses SYSLOG() macro that equates to either - syslog() or syslog_wrapper + * LICENSE, aclocal.m4, config.h.in, configure, configure.in, + snprintf.c: + UCB-derived snprintf + asprintf support. Supports quads if the + compiler does. No floating point yet, perhaps later... + [0caf05aba945] + +1999-08-20 Todd C. Miller + + * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c, + goodpath.c, logging.c, parse.c, sudo.c: + Run most of the code as root, not the invoking user. It doesn't + really gain us anything to run as the user since an attacker can + just have an setuid(0) in their egg. Running as root solves + potential problems wrt signalling. + [408e530dda01] + + * sudo.tab.c: + regen + [f8cfb37e37de] + +1999-08-19 Todd C. Miller + + * logging.c, sudo.c: + Don't wait for child to finish in log_error(), let the signal + handler get it if we are still running, else let init reap it for + us. The extra time it takes to wait lets the user know that mail is + being sent. + + Install SIGCHLD handler in main() and for POSIX signals, block + everything + *except* SIGCHLD. + [d2b6ab0ef3be] + + * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c, + parse.yacc, sudo.c, sudo.h: + sudoers_lookup() now returns a bitmap instead of an int. This makes + it possible to express things like "failed to validate because user + not listed for this host". Some thigns that were previously + VALIDATE_FOO are now FLAG_FOO. This may change later on. + + Reorganized code in log_auth() and sudo.c to deal with above + changes. + + Safer versions of push/pushcp with in the do { ... } while (0) style + + parse.yacc now saves info on the stack to allow parse.c to determine + if a user was listed, but not for the host he/she tried to run on. + + Added --with-mail-if-no-host option + [63326cb01efc] + +1999-08-17 Todd C. Miller + + * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html, + visudo.man, visudo.pod: + o NewArgv and NewArgc don't need to be externally visible. o If + pedantic > 1, it is a parse error. o Add -s (strict) option to + visudo which sets pedantic to 2. + [5d7d81b55cd5] + + * HISTORY, INSTALL: + Just have sudo-bugs contact info in one place + [e7f6588ea683] + + * sudo.cat, sudo.html, sudo.man, sudo.pod: + Add BUGS section + [6607d96ea510] + + * Makefile.in, configure, configure.in: + Add testsudoers to default build target if --with-devel Don't clean + generated parser files unless "distclean". + [5827b769dc57] + + * parse.yacc, sudo.tab.c: + In pedantic mode we need to save *all* the aliases, not just those + that match, or we get spurious warnings. + [24f5b1f0e1de] + + * TROUBLESHOOTING: + reference samples.sylog.conf + [11841668380a] + +1999-08-14 Todd C. Miller + + * sample.syslog.conf: + Sample entries for syslog.conf + [0f7697d878a1] + + * CHANGES: + recent changes + [8bca8810c6bd] + + * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, + auth/sudo_auth.c, auth/sudo_auth.h: + In struct sudo_auth, turn need_root and configured into flags and + add a flag to specify an auth method is running alone (the only + one). Pass auth methods their sudo_auth pointer, not the data + pointer. This allows us to get at the flags and tell if we are the + only auth method. That, in turn, allows the method to be able to + decide what should/should not be a fatal error. Currently only + rfc1938 uses it this way, which allows us to kill the OTP_ONLY + define and te hackery that went with it. With access to the + sudo_auth struct, methods can also get at a string holding their + cannonical name (useful in error messages). + [b7e320fc6511] + + * INSTALL, Makefile.in, README, config.h.in, configure, configure.in, + getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c, + sudo.tab.h: + o --with-otp deprecated, use --without-passwd instead o real + dependencies in the Makefile o --with-devel option to enable yacc, + lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes + back to being a token, not a string but don't leak memory o rename + hsotspec -> host in parse.yacc + [912c45226cb2] + +1999-08-12 Todd C. Miller + + * BUGS, CHANGES: + recent changes + [801fa6e55687] + + * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c, + sudo.c, sudo.h: + o Digital UNIX needs to check for *snprintf() before -ldb is added + to LIBS since -ldb includes a bogus snprintf(). o Add forward refs + for struct mbuf and struct rtentry for Digital UNIX. o Reorder some + functions in snprintf.c to fix -Wall o Add missing includes to fix + more -Wall + [8d207203e126] + + * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure, + configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c, + visudo.c: + o Add a "pedentic" flag to the parser. This makes sudo warn in + cases where an alias may be used before it is defined. Only turned + on for visudo and testsudoers. o Add --disable-authentication option + that makes sudo not require authentication by default. The PASSWD + tag can be used to require authentication for an entry. We no + longer overload --without-passwd. + [f307e09adf98] + + * lex.yy.c, parse.lex: + Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a + username can contain just about anything so be very permissive. Also + drop the unused \. punctuation. + [06a50614ff89] + +1999-08-09 Todd C. Miller + + * parse.yacc, sudo.tab.c: + o add a 'val' element to aliasinfo struct and move -> parse.h o + find_alias() now returns an aliasinfo * instead of boolean o + add_alias() now takes a value parameter to store in the + aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now + return: 1) positive match 0) negative match (due to '!') + -1) no match This means setting $$ explicitly in all cases, which I + should have done in the first place. It also means that we always + store a value that is != -1 and when we see a '!' we can set + *_matches to !rv if rv != -1. The upshot of all of this is that '!' + now works the way it should in lists and some of the rules are more + uniform and sensible. + [ad8e73b5d581] + + * Makefile.in: + add parse.h dependency + [4ccccd464d30] + + * parse.h: + kill unused *_matched macros + [02cba6dcb732] + + * parse.yacc: + Allow a list of users as the first thing in a user spec, not just a + single entry. This makes things more uniform, though it does allow + you to write user specs that are hard to read. + [3c4c91c508ca] + + * sudo.tab.c: + parse.yacc + [feca81881bb6] + + * configure: + regen + [6f247010bb3b] + + * configure.in: + fix check for crypt() in libufc + [82770736f4b0] + +1999-08-07 Todd C. Miller + + * README: + sudo-users list now exists + [4716d2bb0bbf] + + * INSTALL, PORTING, README, TODO, TROUBLESHOOTING: + Update to reality. + [1eda2d57e42a] -1995-11-23 21:44 millert + * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h, + config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h, + version.c, visudo.c: + o Move lock_file() and touch() into fileops.c so visudo can use them + o Visudo now locks the sudoers temp file instead of bailing when the + temp file already exists. This fixes the problem of stale temp + files but it does *require* that you not try to put the temp file in + a world-writable directory. This shoud not be an issue as the temp + file should live in the same dir as sudoers. o Visudo now only + installs the temp file as sudoers if it changed. + [2517cd06c070] + +1999-08-06 Todd C. Miller + + * logging.c: + add fcntl locking + [c304adeaf515] + + * config.h.in, configure, configure.in, logging.c: + Lock the log file. + [d8652704fbdf] - * dce_pwent.c: minor formatting changes. renamed check() to - somthing less generic + * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c, + visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: + o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow + temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP + -> _PATH_SUDOERS_TMP + [68cad8975807] + +1999-08-05 Todd C. Miller + + * INSTALL, check.c, config.h.in, configure, configure.in, version.c: + o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to + root sudo -V config reporting + [cdd2613a9dcf] + + * configure, configure.in: + aix_auth.o not authenticate.o + [d972e35f6730] + + * config.h.in: + Add --with-goodpri and --with-badpri configure options to specify + the syslog priority to use. + [2595ae50ab86] + + * INSTALL, configure, configure.in, logging.h: + Add --with-goodpri and --with-badpri configure options to specify + the syslog priority to use. + [8276ee9b2b49] + + * compat.h: + kill crufty AIX stuff + [a4f35ef9854e] + + * Makefile.in: + Sigh, some versions of make (like Solaris's) don't deal with $< like + I would expect. Both GNU and BSD makes get this right but... So, we + just expand $< inline at the cost of some ugliness. + [b1b456f8801f] + + * version.c: + If the invoking user is root, sudo will now print configure info in + -V mode. Currently just prints logging info, to be expanded later. + [392f7ed99267] + + * logging.c, logging.h, sudo.c, sudo.h: + o new defines for syslog facility and priority o use new + print_version() functino for -V mode + [78abc5142985] + + * check.c: + Don't need version.c + [db9a830ad893] + + * aclocal.m4, config.h.in, configure, configure.in: + Add check for syslog facilities and priorities tables in syslog.h + [b86213e5fc5c] + + * Makefile.in: + o authenticate -> aix_auth o add version.c + [44b6b9a8d0f5] + + * auth/sudo_auth.c: + Missed a prompt -> user_prompt conversion + [e4c60b1f210c] + +1999-08-04 Todd C. Miller + + * TODO: + sudo should lock its logfile + [6d2830b28b07] + + * parse.yacc, sudo.tab.c: + o Add '!' correctly when expanding Aliases. o Add shortcut macros + for append() to make things more readable. o The separator in + append() is now a string instead of a char. o In append(), only + prepend the separator if the last char is not a '!'. This is a + hack but it greatly simplifies '!' handling. o In -l mode, Runas + lists and NOPASSWD/PASSWD tags are now inherited across entries in + a list (matches current behavior). o Fix formatting in -l mode such + that items in a list are separated by a space. Greatlt improves + readability. o Space for name field in struct aliasinfo is now + allocated dyanically instead of using a (big) buffer. o In + add_alias(), only search the list once (lsearch instead of lfind + + lsearch) + [51f7e07addb9] + + * lex.yy.c, sudo.tab.c, sudo.tab.h: + regen + [5c19bb05dc21] + + * configure, configure.in: + Solais pam doesn't require anye xtra setup + [a25ba03d91d1] + + * parse.yacc: + o Simpler '!' support now that the lexer deals with multiple !'s for + us. o In the case of opFOO, have FOO give a boolean return value and + set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since + it gets fill()'d in parse.lex--fixes a small memory leak. In the + long run it may be better to just fix parse.lex and make ALL back + into a token. However, having it be a string is useful since it + can be easily passed back to the parent rule if we so desire. + [b3c64b443018] + + * parse.lex: + o Remove some unnecessary backslashes o collapse multiple !'s by + using !+ and checking if yyleng is even or odd. this allows us to + simplify ! handling in parse.yacc + [76330e8da8e3] + + * sudo.c: + -u flag was being ignored + [e30283207585] + +1999-08-01 Todd C. Miller + + * Makefile.in: + correct fix + [a0e2377dec8f] + + * Makefile.in: + work around pod2man stupididy + [7c755640b67f] + + * Makefile.in: + correct dependencies for .cat + [5ed7b0653b68] + + * sudo.cat, sudo.man, visudo.cat, visudo.man: + regen + [b74510dd6a0a] + + * sudo.pod, visudo.pod: + Add copyright Update to reality + [188e9b046c15] + + * parse.c, sudo.c, sudo.h: + rename validate() to the more descriptive sudoers_lookup() + [7a1cb652f379] + + * auth/aix_auth.c: + use tgetpass + [b8ba5daec40a] + +1999-07-31 Todd C. Miller + + * CHANGES: + updates + [e61460cdf4a0] -1995-11-23 21:27 millert + * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING, + configure, configure.in, sudo.c: + Sudo, not CU Sudo + [9061b3573c0c] + + * LICENSE: + add 4th term to license similar to term 5 in the apache license + [92712e895afb] + + * emul/search.h, emul/utime.h: + add 4th term to license similar to term 5 in the apache license + [4f93a8b9396e] + + * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, + auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, + auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c, + auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c, + logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: + add 4th term to license similar to term 5 in the apache license + [afae9f2bf9ec] + + * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: + add 4th term to license similar to term 5 in the apache license + [c389d3fdafac] + + * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c, + getspwuid.c, goodpath.c: + add 4th term to license similar to term 5 in the apache license + [969e63dbd38e] + + * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in, + insults.h, logging.c, sudo.c, sudo.h: + there was a 1995 release too + [5963fd89457a] + +1999-07-28 Todd C. Miller + + * CHANGES: + updates + [254b794f16ab] + + * check.c: + Use dirs instead of files for timestamp. This allows tty and non- + tty schemes to coexist reasonably. Note, however, that when you + update a tty ticket, the mtime on the user dir gets updated as well. + [44bfac32f799] + + * configure, configure.in: + Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx" + when linking test program, not just -lprot. Also add check for + getspnam(). The SCO docs indicate that /etc/shadow can be used but + this may be a lie. + [2ba21d36cc1e] + +1999-07-24 Todd C. Miller + + * auth/API: + first cut at auth API description + [3d10df021eb8] + +1999-07-22 Todd C. Miller + + * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, + auth/secureware.c, auth/securid.c, auth/sudo_auth.c, + auth/sudo_auth.h: + auth API change. There is now an init method that gets run before + the main loop. This allows auth routines to differentiate between + initialization that happens once vs. setup that needs to run each + time through the loop. + [76df1c0d3478] + + * auth/kerb5.c, logging.c: + use easprintf() and evasprintf() + [fd97d96dc12f] + + * alloc.c, sudo.h: + add easprintf() and evasprintf(), error checking versions of + asprintf() and vasprintf() + [f54385de20b7] + + * TODO: + remove 2 items. One done, one won't do. + [64513b47bc7a] + + * lex.yy.c, sudo.tab.c: + regen + [4aa299de2752] + + * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat, + visudo.html, visudo.man: + regen + [553c0d1209be] + + * CHANGES: + new changes + [d7be00b7e36b] + + * sudo.pod: + o Document -K flag and update meaning of -k flag. o BSD-style + copyright o Document clearing of BIND resolver environment variables + o Clarify bit about shared libs o suggest rc files create /tmp/.odus + if your OS gives away files + [4a4092be1455] + + * visudo.pod: + BSD license + [ad0bfd0a4630] + + * version.h: + BSD-style copyright + [ecc6479325be] + + * tgetpass.c: + o BSD copyright o no need to block signals, we now do that in main() + o cosmetic changes + [61958beda7ab] + + * testsudoers.c, visudo.c: + o BSD-style copyright o Use "struct sudo_user" instead of old + globals. o some cometic cleanup + [88c0c6924082] + + * sudo_setenv.c: + BSD-style copyright + [df20290129a0] + + * sudo.h: + o BSD copyright o logging and parser bits moved to their own .h + files o new "struct sudo_user" to encapsulate many of the old + globals. + [50fc86bf25cb] + + * sudo.c: + o no longer contains sudo 1.1/1.2 code o BSD copyright o use new + logging routines o simplified flow of control o BIND resolver + additions to badenv_table + [8c53f15bfcb0] + + * strerror.c: + BSD-style copyright + [7c906c3a82ac] + + * snprintf.c: + Now compiles on more K&R compilers + [07ab1d3231c7] + + * putenv.c: + BSD-style copyright, cosmetic changes + [c42371295881] + + * pathnames.h.in: + BSD-style copyright + [e5c34ebd4cf1] + + * parse.c, parse.h, parse.lex, parse.yacc: + BSD-style copyright. Move parser-specific defines and structs into + parse.h + other cosmetic changes + [d3088efb6228] + + * logging.h: + defines for logging routines + [13147941c02d] + + * find_path.c, getspwuid.c, goodpath.c, interfaces.c: + BSD-style copyright, cosmetic changes + [e8205e91a4fa] - * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c, - visudo.c: now uses user_pw_ent and simple macros to get at the - contents + * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.h: + BSD-style copyright + [b9499da7cdce] + + * configure.in: + o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o + kill --disable-tgetpass o add --without-passwd o changes to fill in + AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and + v?asprintf() o replace --with-AuthSRV with --with-fwtk + [9a3f39b9c128] + + * config.h.in: + BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add + HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF, + HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD + [9a09054db53a] + + * compat.h: + BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing. + [25509c566975] + + * alloc.c: + BSD-style copyright + [4967be892363] + + * TROUBLESHOOTING: + no more --with-getpass + [afd5b670c196] + + * TODO: + Take out things I've done... + [375420c8270e] + + * README: + Refer to LICENSE + [c486c8db30f6] + + * PORTING: + --with-getpass no longer exists + [db48202df1bb] + + * Makefile.in: + BSD-style copyright. Update to reflect reality wrt new files and + new auth modules. + [61a2ca7940fb] + + * INSTALL: + Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and + --without-passwd. + [64e8f9e1c05e] + + * HISTORY: + Update history a bit + [df60c0a871b8] + + * COPYING, LICENSE: + Now distributed under a BSD-style license + [d1a184ccabe1] + + * auth/sudo_auth.c: + o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD + options. o skey/opie replaced by rfc1938 code o new struct sudo_user + global + [891b57060868] + + * auth/pam.c, auth/sia.c: + BSD-style copyright and use new log functions + [65c44445ea84] + + * auth/kerb5.c: + o BSD-style copyright o Use new log functiongs o Use asprintf() and + snprintf() where sensible. + [1ff0feaacf95] + + * check.c: + Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now + done more reasonably--better sanity checks and tty-based stamps are + now done as files in a directory with the same name as the invoking + user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible + to mix tty and non-tty based ticket schemes but this may change in + the future (it requires sudo to use a directory instead of a file in + the non-tty case). Also, ``sudo -k'' now sets the ticket back to + the epoch and ``sudo -K'' really deletes the file. That way you + don't get the lecture again just because you killed your ticket in + .logout. BSD-style copyright now. + [ec3460f85be8] + + * logging.c: + o rewritten logging routines. log_error() now takes printf-style + varargs and log_auth() for the return value of validate(). o BSD- + style copyright + [438292025c4e] + + * auth.c, check_sia.c, dce_pwent.c, secureware.c: + superceded by new auth API + [412060590da7] + + * auth/kerb4.c: + BSD-style copyright + [cc4e800833c7] + + * auth/fwtk.c: + Use snprintf() where it makes sense and add a BSD-style copyright + [1b7502388a74] + + * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h: + BSD-style copyright + [42583bedae5c] + + * emul/utime.h, utime.c: + BSD-style copyright + [3985c90aba47] + + * emul/search.h: + this has been rewritten so use my BSD-style copyright + [176df1b0de6f] + +1999-07-15 Todd C. Miller + + * snprintf.c: + include malloc.h if no stdlib.h + [7b123f1d1d03] + + * snprintf.c: + KTH snprintf()/asprintf() for systems w/o them + [3ca9aefb9d01] + + * strerror.c: + strerror() for systems w/o it + [7f0bd8a1c1b4] + +1999-07-12 Todd C. Miller + + * visudo.c: + stylistic changes + [6f99aceb7170] + + * parse.c, parse.lex, parse.yacc: + Add contribution info in the main comment + [e50cec10acd6] + +1999-07-11 Todd C. Miller + + * auth/pam.c: + remove missed ref to PAM_nullpw + [a43e59692cdb] + + * auth/sudo_auth.h: + pasto + [891ff138ab89] + + * auth/kerb5.c: + more or less complete now--still untested + [21036732faa0] + + * auth/afs.c, auth/pam.c: + don't use user_name macro, it will go away + [def7cf727349] + + * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h: + combine skey/opie code into rfc1938.c + [44d88ca93d3e] + + * auth/dce.c, auth/sudo_auth.h: + DCE authentication method; basically unchanged from dce_pwent.c + [4d468473dd6f] + + * auth/aix_auth.c, auth/sudo_auth.h: + AIX authenticate() support. Could probably be much better + [000013321a33] + + * auth/sia.c: + Fix an uninitialized variable and some cleanup. Now works (tested) + [fd6ad88ff055] + + * auth/sia.c, auth/sudo_auth.h: + SIA support for digital unix + [5335f3e70eab] + + * auth/pam.c: + don't use prompt global, it will go away + [fadd22dd6ce4] -1995-11-22 20:35 millert + * auth/secureware.c: + correct copyright years + [6aa07c49f51b] - * check.c: simpler dec unix C2 support + * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c, + auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c, + auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h: + New authentication API and methods + [9debe9b59c79] -1995-11-22 20:35 millert +1999-07-08 Todd C. Miller - * getspwuid.c: now sets crypt_type for DEC unix C2 + * sudo.tab.c: + regen + [84578e82c1a6] -1995-11-21 18:00 millert + * parse.yacc: + only save an entry if user_matches && host_matches, even if the + stack is empty (fix for previous commit) + [00984b078d8a] - * configure.in: added csops paths for skey + * sudo.tab.c: + regen + [66acf160b4b7] -1995-11-21 16:27 millert + * parse.yacc: + 1) Always save an entry on the stack if it is empty. This fixes the + -l and -v flags that were broken by earlier parser changes. - * getspwuid.c: now includes string.h for strdup() prototype + 2) In a Runas list, don't negate FALSE -> TRUE since that would make + !foo match any time the user specified a runas user (via -u) other + than foo. + [f322eb54b015] -1995-11-21 01:47 millert + * testsudoers.c: + interfaces and num_interfaces are now auto, not extern + [113add5c6518] - * getspwuid.c: fixed a few typos +1999-07-07 Todd C. Miller -1995-11-20 22:59 millert + * auth.c: + use a static global to keep stae about empty passwords + [bc02e30807d8] - * check.c: now includes skey.h + * check_sia.c: + make PASSWORD_NOT_CORRECT logging consistent with other modules + [21962549d5fd] -1995-11-20 22:10 millert +1999-07-05 Todd C. Miller - * getspwuid.c: fixed up comments + * auth.c: + PAM prompt code was wrong, looks like we have to kludge it after + all. + [91f246155ead] -1995-11-20 22:04 millert + * auth.c: + In the PAM code, when a user hits return at the first password + prompt, exit without a warning just like the normal auth code + [918f59bacdb7] - * check.c: moved a lot of the shadow passwd crap to sudo_getpwuid() + * configure, configure.in: + kludge around cross-compiler false positives + [5e5fc8356400] -1995-11-20 22:01 millert + * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c: + New (correct) PAM code Tgetpass now takes an echo flag for use with + PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a + useless umask setting Change error from BAD_ALLOCATION -> + BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c + for consistency + [e71397f09dd8] - * sudo.c: now uses sudo_pw_ent + * sudo.c: + Some -Wall and kill some trailing spaces + [8229b43d5c4e] -1995-11-20 21:50 millert + * configure.in: + define -D__EXTENSIONS__ for solaris so we get crypt() proto + [7533e4436cab] - * testsudoers.c: now uses sudo_pw_ent +1999-06-22 Todd C. Miller -1995-11-20 21:40 millert + * RUNSON: + add Dynix 4.4.4 + [b69f773efbce] - * visudo.c: now sets sudo_pw_ent + * INSTALL, config.h.in, configure, configure.in: + for kerberos V < version, fall back on old kerb4 auth code + [d685ed3a1d8e] -1995-11-20 21:28 millert + * INSTALL: + clarify some things + [2f5ba2e8e53a] - * getspwuid.c: Initial revision + * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod: + typos + [8925a109c093] -1995-11-20 21:28 millert +1999-06-14 Todd C. Miller - * tgetpass.c: moved dce stuff into compat.h + * sudo.c: + mention why DONT_LEAK_PATH_INFO is not the default + [0346260cb4ec] -1995-11-20 21:27 millert +1999-06-03 Todd C. Miller - * sudo.h, logging.c: now uses sudo_pw_ent + * tgetpass.c: + Fix open(2) return value checking, was NULL for fopen, should be -1 + for open + [355878bf6d8a] -1995-11-20 21:27 millert + * configure: + regen + [68bf82871862] - * Makefile.in: added sudo_getpwuid.c + * configure.in: + better wording for solaris pam notice + [04e88c7a6c42] -1995-11-20 21:25 millert + * CHANGES: + document recent changes + [7c922c5622ef] - * compat.h: added dce support + * TROUBLESHOOTING: + Update shadow password section + [e8448bae7d66] -1995-11-20 21:13 millert + * auth.c: + move authentication code from check.c to auth.c + [e9f6ecae2399] - * parse.yacc: now uses sudo_pw_ent + * Makefile.in, check.c, sudo.h: + move authentication code to auth.c + [124cded85f46] -1995-11-20 14:40 millert +1999-05-17 Todd C. Miller - * check.c: fixed exempt_group stuff for OS's that don't put base - gid in group vector + * Makefile.in, check.c, check_sia.c, compat.h, find_path.c, + getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c, + logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c, + sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c, + visudo.c: + Move interface-related defines to interfaces.h so we don't have to + include everywhere. + [e7599d8ea0bf] -1995-11-20 01:39 millert +1999-05-14 Todd C. Miller - * check.c: S/Key support now works with sunos4 shadow passwords + * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c, + parse.yacc, sudo.c, sudo.tab.c, tgetpass.c: + o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It + turns out the old DES crypt does the right thing with passwords + longert than 8 characters. o Fix common typo (necesary -> + necessary) o Update TODO list + [ad75007a6f13] -1995-11-19 22:31 millert +1999-05-03 Todd C. Miller - * Makefile.in: fixed clean rule + * sudo.c: + set $LOGNAME when we set $USER + [391596210fd7] -1995-11-19 22:31 millert +1999-04-27 Todd C. Miller - * config.h.in, configure.in: added DCE support + * INSTALL: + add comment about digital unix and interfaces.c warning with gcc + [e20f815901cc] -1995-11-19 22:30 millert +1999-04-15 Todd C. Miller - * tgetpass.c: DCE & KERB support + * sample.sudoers: + use modern paths and give examples for some of the new parser + features + [e7b2e507c695] -1995-11-19 22:30 millert +1999-04-10 Todd C. Miller - * check.c: first stab at dce support + * parse.c: + fix comment + [5eb0d005a65f] -1995-11-19 22:24 millert + * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c, + getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c, + parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: + Function names should be flush with the start of the line so they + can be found trivially in an editor and with grep + [3c400abde574] + + * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc, + sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c: + free(3) is already void, no need to cast it + [6981e1ebda0f] + + * logging.c, sudo.c, sudo.h: + catch case where cmnd_safe is not set (this should not be possible) + [3e1e3038546c] + + * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c, + testsudoers.c, visudo.c: + Stash the "safe" path (ie: the one listed in sudoers) to the command + instead of stashing the struct stat. Should be safer. + [aa2883fcf57e] + +1999-04-08 Todd C. Miller + + * INSTALL, Makefile.in, UPGRADE: + notes on updating from an earlier release + [df9fffa4ab2c] + + * CHANGES: + updated + [574f5065d15a] + +1999-04-07 Todd C. Miller + + * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html, + sudoers.man, sudoers.pod: + You can now specifiy a host list instead of just a host or alias. + Ie: user = host1,host2,ALIAS,!host3 my_command now works. + [e3942bb78021] + + * testsudoers.c: + Quiet -Wall + [a3edc8b08c3a] + + * parse.yacc, sudo.tab.c: + Move the push from the beginning of cmndspec to the end. This means + we no longer have to do a push at the end of privilege, just reset + some values. + [8ea66e5860c6] + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can + use "!" most everywhere + [aadae4d1c9d5] + +1999-04-06 Todd C. Miller + + * sudoers.pod: + modernize paths and update su example based on sample.sudoers one + [3f6a37e16c83] + + * sample.sudoers: + New runas semantics + [756ee92865b7] + + * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in, + strdup.c, sudo.h: + In estrdup(), do the malloc ourselves so we don't need to rely on + the system strdup(3) which may or may not exist. There is now no + need to provide strdup() for those w/o it. Also, the prototype for + estrdup() was wrong, it returns char * and its param is const. + [5f1f984da8e3] + + * getcwd.c: + $Sudo tag + [e4188a35e68c] + + * check.c: + buf should be prompt; Michael Robokoff + [2aec87c86cde] + + * CHANGES, TODO, parse.yacc, sudo.tab.c: + It is now possible to use the '!' operator in a runas list as well + as in a Cmnd_Alias, Host_Alias and User_Alias. + [a4fdaabda990] + + * logging.c, sudo.h: + Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM + [73d0376785ae] + + * sudo.h: + Definitions of *_matched were wrong--user top, not top-2 as + subscript. + [5f8350a57362] + + * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c: + Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a + command but the NOPASSWD flag was set. Make runasspec, runaslist, + runasuser, and nopasswd typeless in parse.yacc Add support for '!' + in the runas list Fix double printing of '%' and '+' for groups and + netgroups respectively Add *_matched macros (no need for local stack + variable). Should only be used directly after a pop (since top must + be >= 2). + [392b1400c4e6] + + * aclocal.m4, configure.in: + Add copyright, somewhat silly + [55c2cdd82dca] + +1999-04-05 Todd C. Miller + + * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c, + compat.h, config.h.in, configure, configure.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, + putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, + sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man, + testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, + visudo.man: + Crank version to 1.6 and combine copyright statements + [0e1c791658ae] + + * sample.sudoers: + Use ! not ^ to do negation + [1480a0761730] + + * lex.yy.c, sudo.tab.c: + regen + [89ca5a46684b] + + * parse.lex, parse.yacc: + Make runas and NOPASSWD tags persistent across entris in a command + list. Add a PASSWD tag to reverse NOPASSWD. When you override a + runas or *PASSWD tag the value given becomes the new default for the + rest of the command list. + [f1bbb4066542] + +1999-04-02 Todd C. Miller + + * CHANGES, RUNSON: + update for 1.5.9 + [a1ae9d4a7d54] [SUDO_1_5_9] + + * visudo.c: + Shift return value of system(3) by 8 to get real exit value and if + it is not 1 or 0 print the retval along with the error message. + [c1ff50d743fb] + +1999-03-30 Todd C. Miller + + * Makefile.in: + testsudoers needs LIBOBJS too + [972571b4e4bf] + + * parse.c, parse.yacc, sudo.tab.c: + Fix another parser bug. For a sudoers entry like this: millert + ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls + as root. + [51968e1eb33d] + + * CHANGES: + new change + [271c6110bb62] + + * parse.yacc, sudo.tab.c: + Save entries that match a ! command on the matching stack too + [5afb5107116c] + + * sudo.c: + Make sudo's usage info better when mutually exclusive args are given + and don't rely on argument order to detect this; nick@zeta.org.au + [2422753c88fd] + +1999-03-29 Todd C. Miller + + * CHANGES, Makefile.in, RUNSON: + updates from CU + [b37381e3dafb] + + * Makefile.in: + use gzip + [94a64e52a166] + + * parse.yacc, sudo.tab.c: + Fix off by one error introduced in *alloc changes + [95ede581153a] - * dce_pwent.c: now smells like sudo + * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c, + check_sia.c, compat.h, config.h.in, configure, configure.in, + dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, + sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, + sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: + ++version + [c6d88f024e37] -1995-11-19 22:11 millert + * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c, + interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, + putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c, + sudo_setenv.c, testsudoers.c, utime.c, visudo.c: + Use emalloc/erealloc/estrdup + [44221d97361a] - * dce_pwent.c: Initial revision + * alloc.c: + error checking memory allocation routines + [5f8c1e7bbc71] -1995-11-19 21:36 millert + * parse.yacc, sudo.tab.c: + Still not right, this fixes it for real + [ad553b6f5339] - * check.c: skey'd sudo now works w/ normal password as well + * parse.yacc, sudo.tab.c: + Fix for previous commit + [4d6f989f9bf2] -1995-11-19 18:37 millert + * CHANGES, INSTALL, parse.yacc: + Fix a parser bug that was exposed when mixing different runas specs + and ! commands. For example: millert ALL=(daemon) + /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root + as well as daemon when it should just allow daemon. The problem was + that comma-separated commands in a list shared the same entry on the + matching stack. Now they get their own entry iff there is a full + match. It may be better to just make the runas spec persistent + across all commands in a list like the user and host entries of the + matching stack. However, since that is a fairly major change it + should gets its own minor rev increase. + [c4b939cdcc8e] - * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, - find_path.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, - options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, - tgetpass.c, utime.c, version.h, visudo.c: updated version number +1999-03-28 Todd C. Miller -1995-11-19 18:32 millert + * check.c, config.h.in: + Simplify PAM code and fix a PAM-related warning on Linux + [2468399523b6] - * README: updated to reflect version change +1999-03-26 Todd C. Miller -1995-11-19 18:27 millert + * CHANGES: + updates + [29d4a997769c] - * configure.in: --with options now line up ++version + * sample.sudoers: + better su entry + [76d8285a72ba] -1995-11-19 18:26 millert + * configure: + regen + [b7450cc6975d] - * sudo.h: removed unecesary S/Key stuff + * check.c, configure.in: + new pam code that works on solaris, should work on linux too; + aelberg@home.com + [84c16c0ff259] -1995-11-19 18:25 millert +1999-03-19 Todd C. Miller - * configure.in: fixed S/Key support + * RUNSON: + more entries + [b6bef8660759] -1995-11-19 18:24 millert + * config.h.in: + only include strings.h if there is no string.h + [b66054a32b00] - * Makefile.in: -I stuff now goes in CPPFLAGS +1999-03-17 Todd C. Miller -1995-11-19 18:23 millert + * config.guess: + Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com + [c086d2fe63af] - * check.c: fixed SKey support +1999-03-13 Todd C. Miller -1995-11-19 15:23 millert + * sudo.c: + shost must be set before log functions are called #ifdef HOST_IN_LOG + [d49a7944358f] - * README: updated version +1999-03-07 Todd C. Miller -1995-11-19 13:59 millert + * CHANGES, lex.yy.c, parse.lex: + Fix a bug wrt quoting characters in command args. Stop processing + an arg when you hit a backslash so the quoted-character detection + can catch it. + [2281438d7f41] - * OPTIONS: fixed description of EXEMPTGROUP +1999-02-26 Todd C. Miller -1995-11-19 10:47 millert + * interfaces.c: + include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru + [31118a9e9916] - * sudo.c: more people use _RLD_ than just alphas... +1999-02-24 Todd C. Miller -1995-11-18 21:35 millert + * configure, configure.in: + add missing case statement so --without-sendmail works + [ca25614f7dd9] - * Makefile.in: replaced $man_prefix with $mandir +1999-02-23 Todd C. Miller -1995-11-18 21:30 millert + * CHANGES: + more + [4d70e44f7f93] - * configure.in: fixed a typo +1999-02-22 Todd C. Miller -1995-11-18 21:28 millert + * configure, configure.in: + only search for -lsun in irix <= 4.x + [e604238317b1] - * Makefile.in: now use more GNU'ish dir names + * configure, configure.in: + back out last configure.in change now that I've hacked autoconf to + fix the real problem and add a missing newline + [2dabf59a79b5] -1995-11-18 21:27 millert + * CHANGES: + updated + [bb35d526552f] - * configure.in: now set *dir correctly (can override from command - line) + * getcwd.c: + add def of dirfd() for those without it + [95f0173d8441] -1995-11-18 19:17 millert + * configure, configure.in: + When falling back to checking for socket() when linking with + "-lsocket -lnsl" check for main() instead since autoconf has already + cached the results of checking for socket() in -lsocket. This is + really an autoconf bug as it should use the extra libs as part of + the cache variable name. + [a845f8b710ad] - * sudo.c: now deal with situations where we getwd() fails + * configure.in: + typo + [a7d62f62a478] -1995-11-17 00:37 millert +1999-02-21 Todd C. Miller - * Makefile.in: added etc_dir, bin_dir, sbin_dir + * configure.in: + fix occurrence of $with_timeout that should be + $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni- + bochum.de + [8c4da2cf73d1] -1995-11-17 00:37 millert +1999-02-17 Todd C. Miller - * configure.in: added sbin_dir + * sudo.cat, sudo.html, sudo.man, sudo.pod: + fix grammar; espie@openbsd.org + [7031d9dfbc3e] [SUDO_1_5_8] -1995-11-16 21:28 millert +1999-02-11 Todd C. Miller - * Makefile.in: now ship a flex-generated lex.yy.c + * parse.yacc, sudo.c, testsudoers.c: + add cast for strdup in places it does not have it + [7ce4478d3b0f] -1995-11-16 21:09 millert +1999-02-09 Todd C. Miller - * Makefile.in: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, - SUDOERS_OWNER + * configure, configure.in: + define for_BSD_TYPES irix + [858337ff4af8] -1995-11-16 21:06 millert +1999-02-07 Todd C. Miller - * pathnames.h.in: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now - overridden via Makefile + * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod: + Make it clear that it is the user's password, not root's, that we + want. + [ae0f51b35ee4] -1995-11-16 21:05 millert + * check.c, sudo.h: + If the user enters an empty password and really has no password, + accept the empty password they entered. Perviously, they could + enter anything + *but* an empty password. Also, add GETPASS macro that calls either + tgetpass() or getpass() depending on how sudo was configured. + Problem noted by jdg@maths.qmw.ac.uk + [2fde21ce94c1] - * options.h: no more error for redefining SUDOERS_OWNER +1999-02-03 Todd C. Miller -1995-11-16 21:05 millert + * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, + dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: + add explicate copyright + [d3b4449834a5] - * OPTIONS: expanded SUDOERS_OWNER section + * CHANGES: + mention -lsocket, -lnsl configure changes + [9140af4ad8ae] -1995-11-16 03:05 millert +1999-02-02 Todd C. Miller - * visudo.c: now warn if chown(2) failed + * sudo.c: + Don't clobber errno after calling check_sudoers(). + [59bd581b2654] -1995-11-16 02:55 millert +1999-02-01 Todd C. Miller - * logging.c: better default warning for NO_SUDOERS_FILE + * configure, configure.in: + When linking with both -lsocket and -lnsl be sure to do so in that + order. Also, when we can't find socket() or inet_addr() and have to + try linking with both libs, issue a warning. + [0ee547163067] -1995-11-16 02:54 millert + * sudo.cat, sudo.man, sudo.pod: + clarify bad timestamp and fmt + [70e42cf56c75] - * sudo.c: added missing set_perms() no more cryptic message if the - sudoers file is zero length, now just give a parse error +1999-01-23 Todd C. Miller -1995-11-16 02:42 millert + * INSTALL, RUNSON: + be clear that pam is linux-only and add a RUNSON entry + [7fdeab875e0d] - * logging.c: better diagnostics if NO_SUDOERS_FILE +1999-01-22 Todd C. Miller -1995-11-16 02:41 millert + * CHANGES, INSTALL, configure, configure.in: + fix and correctly document --with-umask; problem noted by + adap@adap.org + [11cd0481d63a] - * sudo.c: check_sudoers() now catches sudoers files that are not - readable (but are stat'able). +1999-01-20 Todd C. Miller -1995-11-13 01:12 millert + * configure, configure.in: + only use /usr/{man,catman}/local to store man pages if suer didn't + override prefix or mandir + [781ad2cbe9be] - * configure.in: now add -D__STDC__ for convex cc (not gcc) + * INSTALL, configure, configure.in: + fix typo, make --with-SecurID take an arg + [026a9b4014fc] -1995-11-13 00:52 millert +1999-01-19 Todd C. Miller - * configure.in: MAN_PREFIX -> man_prefix now sets prefix and - exec_prefix + * RUNSON: + updates from users + [2286982b31e6] -1995-11-13 00:52 millert + * CHANGES, INSTALL, check.c, configure, configure.in: + FWTK 'authsrv' support from Kevin Kadow + [23aa4e5c6b02] - * Makefile.in: now uses exec_prefix & prefix from configure + * configure, configure.in: + better fix for the problem of unresolved symbols in -lnsl or + -lsocket + [82fe70fc287f] -1995-11-13 00:16 millert + * configure, configure.in: + when checking for functions in -lnsl and -lsocket link with both of + them to avoid unresolved symbols on some weirdo systems + [1734a591808e] - * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, - parse.c, parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, - tgetpass.c, utime.c, visudo.c: options.h is now <> instead of "" - so shadow build trees can have a custom copy of options.h +1999-01-18 Todd C. Miller -1995-11-13 00:15 millert + * BUGS, CHANGES, RUNSON, TODO: + old changes that didn't make it into RCS before the RCS->CVS switch + [846eb2b8f9aa] - * check.c: user_is_exempt() is no longer a hack, it now uses - getgrnam() +1999-01-17 Todd C. Miller -1995-11-12 23:56 millert + * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, + configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c, + getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c, + lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, + secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c, + sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c, + visudo.pod: + add sudo tags + [962f81eaa5ab] + + * sudo.h: + testing Sudo tag + [e84cbc521129] + + * version.h: + testing Sudo tag + [a8c3a3998b88] + + * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h, + config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h, + find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, + logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, + secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man, + sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c, + utime.c, version.h, visudo.c, visudo.cat, visudo.man: + crank version and regen files + [23eacf00a1a4] + + * Makefile.in: + kill rcs goop in update_version and fix now that version is a const + [e6e50bd8d1e1] + + * INSTALL, check.c, config.h.in, configure, configure.in, logging.c, + sudo.c, sudo.h, sudo.pod: + kerb5 support from fcusack@iconnet.net + [8134027986e2] + + * realpath.c, sudo_realpath.c: + we no longer use realpath + [0f5f64abc646] + + * qualify.c: + replaced by find_path.c + [9e32a87e09c4] + + * options.h: + all options are now configure flags + [ee6bd9610102] + + * lex.yy.c: + regen + [bdbf8a18161f] + + * getwd.c: + superceded by getcwd.c + [1e54ee0990b4] + + * getpass.c: + superceded by tgetpass.c + [4e0d1edc30e3] + + * SUPPORTED: + superceded by RUNSON + [854c5a21cb53] + + * OPTIONS: + No longer used now that we have configure options for everything. + [9b1ae1c89259] + + * configure: + regen based on configure.in + [3a4d73936973] + + * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html, + sudoers.man, visudo.cat, visudo.html, visudo.man: + regen based on sudo.pod, sudoers.pod, and visudo.pod + [c267beb90778] + +1998-12-11 Todd C. Miller + + * check.c: + fix tty tickets in remove_timestamp (didn't use ':') + [fd964a74a32b] + +1998-12-07 Todd C. Miller + + * interfaces.c: + close sock when we are done with it + [95de0380f8a4] + +1998-11-28 Todd C. Miller + + * parse.yacc: + never say "error on line -1" + [361db1491121] + +1998-11-24 Todd C. Miller + + * configure.in: + check for -lnsl before -lsocket + [8e966d6bbcb5] - * options.h: EXEMPTGROUP is now "sudo" + * configure.in: + quote '[', ']' used in ranges correctly + [fa4f9c6ff651] -1995-11-12 22:25 millert +1998-11-21 Todd C. Miller - * configure.in: MAN_POSTINSTALL now contains a leading space + * config.h.in: + add missing NO_ROOT_SUDO noted by drno@tsd.edu + [c969f25d1667] -1995-11-12 22:25 millert +1998-11-20 Todd C. Miller - * Makefile.in: removed leading tab if @MAN_POSTINSTALL@ not defined - now removes testsudoers in clean: + * version.h: + 1.5.7 + [7a22de0bc148] -1995-11-12 22:24 millert + * INSTALL: + more info for 1.5.7 + [30ad9e784799] - * tgetpass.c: includes pwd.h to get _PASSWD_LEN definition + * README: + update for 1.5.7 + [cd03a0a27cd2] -1995-10-30 15:51 millert + * parse.yacc: + make increases of cm_list_size and ga_list_size be similar to + increases of stacksize (ie: >= not > in initial compare). + [6bd450a896c7] - * sudo.c: unset the KRB_CONF envariable if using kerberos so we - don't get spoofed into using a bogus server + * parse.yacc: + when we get a syntax error, report it for the previous line since + that's generally where the error occurred. + [c4ac84058f0b] -1995-09-29 17:50 millert +1998-11-18 Todd C. Miller - * parse.yacc: now explicately initialize match[] tp be FALSE + * config.h.in, configure.in, interfaces.c: + add back check for sys/sockio.h but only use it if SIOCGIFCONF is + not defined + [d197f31fd1e4] [SUDO_1_5_7] -1995-09-23 16:48 millert + * config.h.in: + define BSD_COMP for svr4 + [87ac1147ff79] - * sudo.c: removed unused variable now passes -Wall + * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, + goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex, + parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + more -Wall + [d98e2d32db2a] -1995-09-23 16:48 millert + * configure.in: + kill check for sockio,h + [4399779014c1] - * parse.yacc: yyerror and dumpaliases are now void's now passes - -Wall + * config.h.in: + no more HAVE_SYS_SOCKIO_H + [67484528e347] -1995-09-23 16:48 millert + * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, + goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex, + parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + -Wall + [2b7e83976788] - * parse.lex: added prototype for yyerror +1998-11-16 Todd C. Miller -1995-09-23 16:47 millert + * sudo.c: + add missing inform_user() + [8689528c6d55] - * interfaces.c: rmeoved unused cruft now passes -Wall +1998-11-14 Todd C. Miller -1995-09-23 16:47 millert + * find_path.c: + return NOT_FOUND if given fully qualified path and it does not exist + previously it would perror(ENOENT) which bypasses the option to not + leak path info + [ccbc3d0130ae] - * check.c, logging.c, parse.c: now passes -Wall + * configure.in: + for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for + -ldes + [c77d3b484ece] -1995-09-23 16:46 millert +1998-11-13 Todd C. Miller - * Makefile.in: fixed headers that moved to emul dir + * INSTALL: + tty tickets are user:tty now + [a53a303a614d] -1995-09-23 12:05 millert + * check.c: + when using tty tickets make it user:tty not user.tty as a username + could have a '.' in it + [3160b3f5c890] - * logging.c: fixed deref of nil pointer if no args +1998-11-10 Todd C. Miller -1995-09-15 19:18 millert + * sudo.c: + add "ignoring foo found in ." for auth successful case + [24257169e0bd] - * OPTIONS: added a caveat to FQDN section +1998-11-09 Todd C. Miller -1995-09-13 19:48 millert + * sudo.c: + add missing printf param + [8c905124f777] - * Makefile.in: more $srcdir support for install targets +1998-11-08 Todd C. Miller -1995-09-13 17:17 millert + * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h: + go back to printing "command not found" unless --disable-path-info + specified. Also, tell user when we ignore '.' in their path and it + would have been used but for --with-ignore-dot. + [066e118c11e4] - * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, - putenv.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, - visudo.c: don't include malloc.h if we include stdlib.h + * check.c, sudo.c: + Only one space after a colon, not two, in printf's + [38452f4c8007] -1995-09-12 21:44 millert +1998-11-05 Todd C. Miller - * parse.yacc: local search.h now lives in emul + * sudo.pod: + document setting $USER + [80557fe6aede] -1995-09-12 21:41 millert + * check.c: + fix bugs with prompt expansion + [44c4fca5f009] - * lsearch.c: local search.h now lives in emul + * sudo.c: + set $USER for root too + [4b525e1c6269] -1995-09-12 21:41 millert +1998-11-04 Todd C. Miller - * check.c, utime.c: local utime.h now lives in emul dir + * getspwuid.c: + typo + [5107446f43e0] -1995-09-12 21:38 millert + * configure.in: + HP-UX's iscomsec is in -lsec, not libc + [03c9f700b795] - * Makefile.in: added support for building in other than the - sourcedir + * configure.in: + remove some entries in the OS case statement that did nothing + [ea96e7e0f624] -1995-09-10 14:01 millert + * TROUBLESHOOTING: + add "cd" section and flush out syslog section + [5107f7363b78] - * OPTIONS: annotated CSOPS_INSULTS option + * Makefile.in: + no more sudo-lex.yy.c + [ed50826efbbc] -1995-09-10 13:56 millert + * check_sia.c: + add custom prompt support + [6a285cea10b7] - * TROUBLESHOOTING: updated shadow passwords blurb + * testsudoers.c: + kill perror("malloc") since we already have a good error messages + pw_ent -> pw for brevity + [eee31052921e] -1995-09-09 21:00 millert + * sudo.c: + kill perror("malloc") since we already have a good error messages + pw_ent -> pw for brevity set $USER if -u specified + [9f3753461f8a] - * sudo.c: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a - shell and passes along foo as the arguments + * parse.yacc: + kill perror("malloc") since we already have a good error messages + [849459088ac3] -1995-09-09 18:52 millert + * parse.c: + kill perror("malloc") since we already have a good error messages + pw_ent -> pw for brevity when checking if %group matches, look up + user in password file so that %groups works in a RunAs spec. + [0489b4ecc59a] - * parse.lex: collapsed pathname and dir sections into one -- its - now less expensive + * logging.c: + kill perror("malloc") since we already have a good error messages + [3191a18b3526] -1995-09-09 18:34 millert + * check.c, getspwuid.c, interfaces.c: + kill perror("malloc") since we already have a good error messages + pw_ent -> pw for brevity + [7193fdb38cf9] - * parse.lex: fixed spacing quoting [,:\\=] now works correctly - append() and fill() now take args to make the above work +1998-11-03 Todd C. Miller -1995-09-08 20:51 millert + * tgetpass.c: + the prompt is expanded before tgetpass is called + [0f408f508041] - * sudo.c: fixed a typo that caused commands with no tty on fd 0 but - a tty on fd 1 to erroneously have "none" as their tty + * sudo.h: + tgetpass now has the same args as getpass again + [b6778cd9d79f] -1995-09-04 15:35 millert + * getspwuid.c: + add iscomsec, issecure support + [007be7ec7ae7] - * check.c: timestampfile is now a global static removed decl of - timestampfile in remove_timestamp since we can just use the - global one + * check.c: + we now expand any %h or %u in the prompt before passing to tgetpass + [f3db8c9ee387] -1995-09-04 15:28 millert + * configure.in: + add check for syslog(3) in -lsocket, -lnsl, -linet + [5a96f902ce00] - * check.c: created touch() to update timestamps added - USE_TTY_TICKETS support (bit of a kludge) + * config.h.in: + add HAVE_ISCOMSEC and HAVE_ISSECURE + [f640b0d4cf05] -1995-09-04 15:28 millert + * configure.in: + add check for iscomsec in HP-UX + [b28b249040f0] - * compat.h: added _S_IFDIR and S_ISDIR + * configure.in: + check for issecure if we have getpwanam on SunOS some options are + incompatible with DUNIX SIA check for dispcrypt on DUNIX + [a49d05d9c913] -1995-09-04 15:22 millert +1998-10-25 Todd C. Miller - * OPTIONS, options.h: added USE_TTY_TICKETS + * config.h.in: + add HAVE_DISPCRYPT + [7376d543d8d6] -1995-09-04 00:38 millert + * secureware.c: + add back support for non-dispcrypt based checking for older DUNIX + [977b98e936be] - * parse.yacc: removed const from casts for lsearch() & lfind() to - placate irix 4.x C compiler + * INSTALL: + sia changes + [c5387c06e30f] -1995-09-03 14:12 millert + * configure.in: + SIA becomes the default on Digital UNIX now havbe --disable-sia to + turn it off... + [3b647558ea13] - * sudo.c: now only strip '/dev/' off of a tty if it starts with - '/dev/' + * check.c: + move local includes after system ones + [b2abad4c4aef] -1995-09-03 14:12 millert +1998-10-24 Todd C. Miller - * pathnames.h.in: added _PATH_DEV + * check.c, check_sia.c, sudo.h: + add pass_warn() which prints out INCORRECT_PASSWORD or an insult to + stderr + [547cbf299661] -1995-09-03 14:11 millert + * check_sia.c: + fix while loop in sia_attempt_auth() that checks the password. Only + the first iteration was working. + [1886fd1ac831] - * configure.in: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for - tcgetattr only if have termios.h +1998-10-22 Todd C. Miller -1995-09-03 14:09 millert + * aclocal.m4: + don't trust UID_MAX or MAXUID + [2aeddb1654d8] - * tgetpass.c: fixed incorrect #ifdef termio uses "unsigned short" - not int for c_?flag + * configure.in: + fix two pastos + [c18f0a10b75d] -1995-09-03 13:19 millert + * configure.in: + fix typo + [1eb3190ef12d] - * parse.lex, parse.yacc: fixed a spelling error + * getspwuid.c, secureware.c: + init crypt_type to INT_MAX since it is legal to be negative in DUNX + 5.0 + [cefbde04822d] -1995-09-03 13:17 millert + * configure.in: + for secureware on dunix, use -lsecurity -ldb -laud -lm but check for + -ldb since DUNX < 4.0 lacks it + [e6b11d971068] - * Makefile.in: fixed typo +1998-10-21 Todd C. Miller -1995-09-02 12:55 millert + * check.c, compat.h, config.h.in, configure.in, getspwuid.c, + secureware.c, sudo.c, tgetpass.c: + getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2 + minutes if the shadow files don't exist). + [2f297d095004] - * Makefile.in: fixed a comment +1998-10-20 Todd C. Miller -1995-09-02 12:54 millert + * INSTALL: + updated --with-editor blurb + [77d8a3ea7328] - * parse.yacc: added dotcat() to cat 2 strings w/ a dot effeciently - now that we dynamically allocate strings they need to be free()'d + * TROUBLESHOOTING: + tell how to put sudoers in a different dir + [456cd20eb1d0] -1995-09-02 12:46 millert + * configure.in: + add missing quotes around $with_editor + [22881748ab1b] - * parse.lex: dynamically allocates space for strings + * configure.in: + typo in --with-editor bits + [ab6964580681] -1995-09-02 12:34 millert + * INSTALL: + I don't expect it to work on Solaris + [1c2fceaaf56e] - * sudo.h: no more MAXCOMMANDLENGTH + * check.c: + add back security/pam_misc.h + [6ffd30033c1e] -1995-09-01 22:25 millert +1998-10-19 Todd C. Miller - * sudo.h: added decl of tty + * INSTALL: + remove dunix note since configure checks for this now + [e9904512b8e8] -1995-09-01 22:25 millert + * configure.in: + add check for broken dunix prot.h (4.0 < 4.0D is bad) + [8a4c1e6aef3b] - * logging.c, sudo.c: moved tty stuff into sudo.c + * getspwuid.c, secureware.c, tgetpass.c: + new dunix shadow code, use dispcrypt(3) + [1b936bc7268c] -1995-09-01 14:18 millert + * config.h.in: + add HAVE_INITPRIVS + [4369f4c4f914] - * parse.c: fixed a logic bug. Was denying a command if user gave - command line args but there were none in the sudoers file which - is wrong. + * sudo.c: + call initprivs() if we have it for getprpwuid later on + [11cf5915d826] -1995-09-01 01:18 millert + * Makefile.in: + clean pathnames.h too + [5f1df3262613] - * sudo.h: MAXCOMMMANDLEN dropped down to 1K + * configure.in: + quote "Sorry, try again." with [] since it has a comma in it set + LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find + getprpwuid() so we can check for bigcrypt, set_auth_parameters, and + initprivs later. + [e226b0a3f250] + + * INSTALL: + update Digital UNIX note about acl.h + [80132b71d73a] + + * INSTALL: + add --with-sia + --without-root-sudo -> --disable-root-sudo some reordering + [198386358818] -1995-09-01 01:13 millert + * secureware.c: + add whitespace + [4aadaf1a54b0] - * parse.lex: return foo; -> return(foo); + * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h: + add SIA support + [fa3ddbb9cc51] -1995-09-01 01:03 millert + * check_sia.c: + Initial revision + [2968551d40e4] - * parse.yacc: fixed netgr_matches() prototype +1998-10-18 Todd C. Miller -1995-09-01 01:02 millert + * configure.in: + when checking for -lsocket, -lnsl, and -linet, check for the + specific functions we need from them. + [8d33e64362a3] - * parse.lex: added support for escaping "termination" characters + * config.h.in, sudo.h: + move Syslog_* defs into sudo.h + [03d1774f25c7] -1995-09-01 00:55 millert + * Makefile.in, sudo.h: + added check_secureware + [e46e3cbb9a97] - * parse.c: buf is now of size MAXPATHLEN+1 since it never holds - command args + * configure.in: + finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits + [dbefe1856503] -1995-09-01 00:50 millert + * insults.h: + don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets + defined. configure now does that for us + [e4520ea0581f] - * sudo.c: fixed comments + * configure.in: + move some --with options around change a bunch of echo's to + AC_MSG_CHECKING, AC_MSG_RESULT pairs + [ffdf6869fdd7] -1995-09-01 00:49 millert + * configure.in: + change $with_foo-bar -> $with_foo_bar kill extra " that caused a + syntax error add some echo verbage + [3278c49bf74b] - * goodpath.c: fixed negation problem (doh!) +1998-10-17 Todd C. Miller -1995-09-01 00:25 millert + * check.c: + moved SecureWare stuff into secureware.c + [42d3d3ac35dc] - * parse.yacc: fixed 2nd parameter to lfind() + * secureware.c: + Initial revision + [aa7f72a249cf] -1995-09-01 00:24 millert + * INSTALL: + update url to solaris gcc bins + [36a3eb668777] - * parse.lex: now do bounds checking in fill() and append() + * INSTALL: + change option formatter and flesh out someentries + [6fbd1db4a8ad] -1995-09-01 00:23 millert + * TROUBLESHOOTING, sudo.pod, visudo.pod: + environmental variable -> environment variable + [6f14d708e32d] - * sudo.c: include netdb.h as we should added a missing void cast - added SHELL_IF_NO_ARGS support now use realloc() properly. would - fail if realloc actually moved the string instead of shrinking it + * BUGS: + everything is now done via configure + [c217858f58ab] -1995-09-01 00:17 millert + * README: + prev rev was 1.5.6 + [7b4177103c35] - * sample.sudoers: updated with examples of new features + * Makefile.in: + passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly + [31c6b0a5e0e2] -1995-09-01 00:05 millert + * config.h.in: + SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile + [d406a1ef6d25] - * goodpath.c: now set errno to EACCES if not a regular file or not - executable + * Makefile.in: + merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid, + sudoers_mode from configure + [1c509500655a] -1995-09-01 00:04 millert + * configure.in: + SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into + the Makefile, not config.h + [d4482f1492fe] - * find_path.c: if given a fully-qualified or relative path we now - check it with sudo_goodpath() and error out with the appropriate - error message if the file does not exist or is not executable + * INSTALL: + document all --with/--enable options + [22d81b312d7f] -1995-09-01 00:03 millert +1998-10-15 Todd C. Miller - * lsearch.c, emul/search.h: now use correct args for lfind + * insults.h: + options.h is no more + [560946a33f7f] -1995-09-01 00:03 millert + * config.h.in: + assimilated options.h + [dd8ce74613c1] - * logging.c: added a comment + * configure.in: + moved options from options.h to configure + [d39662f71b4e] -1995-08-31 23:52 millert + * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, + logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod, + sudo_setenv.c, visudo.c: + no more options.h + [43924bf0858d] - * insults.h: added in CSOps insults + * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING: + remove references to options.h + [ef3474295395] -1995-08-31 23:51 millert + * dce_pwent.c, interfaces.c, sudo.c: + kill sys/time.h + [4d833f0034e4] - * ins_csops.h: Initial revision + * tgetpass.c: + if select return < -1 still prompt for pw + [e0009e5c93a2] -1995-08-31 23:35 millert + * options.h: + convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into + configure options + [e60a1e546516] - * tgetpass.c: added RCS id + * parse.c: + FAST_MATCH is no longer an optino + [c448dbb3464b] -1995-08-31 22:56 millert + * check.c: + remove_timestamp() if timestamp is preposterous + [70d9a86c6ecd] - * sudo.h: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> - HAVE_GETWD + * options.h: + convert more options to --with/--enable + [34646d9b09dc] -1995-08-31 22:55 millert + * INSTALL, aclocal.m4: + logfile -> logpath + [42de502bc637] - * OPTIONS: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS + * configure.in: + convert more options into --with and --enable + [92d0898c9844] -1995-08-31 22:54 millert + * tgetpass.c: + catch EINTR in select and restart + [f045d2f234d7] - * sudo.c: fixed -k load_interfaces() now gets called if FQDN is set - -p now works with -s + * logging.c: + sys/errno -> errno + [7f0c5beab6f2] -1995-08-31 22:54 millert +1998-09-24 Todd C. Miller - * parse.c: don't try to stat() "pseudo commands" like "validate" + * sudo.c: + UMASK -> SUDO_UMASK. + [48f308661514] -1995-08-31 22:53 millert + * check.c, logging.c: + time.h, not sys/time.h + [91de049c79e4] - * options.h: added CLASSIC_INSULTS added CSOPS_INSULTS added - SHELL_IF_NO_ARGS +1998-09-21 Todd C. Miller -1995-08-31 22:53 millert + * logging.c: + MAILER -> _PATH_SENDMAIL + [df65d6896639] - * configure.in: added SecurID support added other insults to - --with-csops + * INSTALL, configure.in: + no more --with-C2, now it is --disable-shadow + [18bfcab3b9ab] -1995-08-31 22:52 millert + * aclocal.m4, check.c, compat.h, config.h.in, configure.in, + getspwuid.c, sudo.c, tgetpass.c: + new shadow password scheme. Always include shadow support if the + platform supports it and the user did not disable it via configure + [2135d93bb4a9] - * config.h.in: added HAVE_SECURID +1998-09-20 Todd C. Miller -1995-08-31 22:52 millert + * configure.in: + --with-getpass -> --{enable,disable}-tgetpass + [451b33fdd4c7] - * Makefile.in: added clobber target added ins_csops.h now gets - CFLAGS from configure + * Makefile.in: + pathnames.h -> pathnames.h.in + [b109022eca69] -1995-08-31 22:46 millert + * check.c: + fix version string + [761b25c314ea] - * aclocal.m4: relaxed SUDO_FULL_VOID + * check.c: + move pam_conv to be static to auth function remove pam_misc.h + (solaris doesn't have one) + [a682e4da987a] -1995-08-31 22:44 millert + * aclocal.m4: + _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD + [e6005d0599b5] - * visudo.c: function comment blocks are now in same style as rest - of code + * configure.in: + munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD + [24c0ac2155ef] -1995-08-31 22:44 millert + * pathnames.h.in: + convert to pathnames.h.in + [013bddf7f684] - * testsudoers.c: added support for command line args in - /etc/sudoers +1998-09-19 Todd C. Miller -1995-08-31 22:43 millert + * configure.in: + fix typo in sysv4 matching case /. + [2994c4f88cf5] - * sudoers.man: updated to have command args in the sudoers file +1998-09-18 Todd C. Miller -1995-08-31 22:42 millert + * check.c: + pam stuff needs to run as root, not user, for shadow passwords + [d94ff75de503] - * sudo.man: added -s and -- flags added SHELL to ENVIRONMENT - VARIABLES section +1998-09-17 Todd C. Miller -1995-08-19 19:32 millert + * BUGS, INSTALL, README, configure.in: + updated version + [775adc7de7ac] - * parse.yacc: PATH renamed to COMMAND + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [5ca599fb6b93] -1995-08-19 19:31 millert + * check.c: + user version.h for long message + [47a52ac7e542] - * parse.lex: it is now a parse error for directories to have args - attached to them + * check.c: + this is version 1.5.6 + [8451ac79eee2] -1995-08-19 19:30 millert +1998-09-16 Todd C. Miller - * logging.c: now say command args if telling user to buzz off + * Makefile.in: + remove errant backslash + [0222a8a650ff] -1995-08-19 19:30 millert +1998-09-15 Todd C. Miller - * sudo.c: -s no longer indicates end of args sped up loading on - cmnd_args in load_cmnd() + * options.h, parse.yacc, pathnames.h.in: + fix version string + [fdee73255d64] [SUDO_1_5_6] -1995-08-19 19:29 millert + * BUGS, CHANGES, TODO: + updtaed for 1.5.6 + [752443bf7f26] - * parse.c: removed an unreachable statement + * RUNSON: + updated for 1.5.6 + [0f878123fe6a] -1995-08-19 17:53 millert +1998-09-14 Todd C. Miller - * parse.lex: made more efficient by pulling out the terminators - when in GOTCMND state and making them their own rule + * interfaces.c: + kill unused localhost_mask var copy if name to ifr_tmp after we zero + it + [8e89c364cef2] -1995-08-14 00:07 millert +1998-09-13 Todd C. Miller - * sudo.h: removed MAXLOGLEN since it is no longer used + * INSTALL: + Better description of new vs. old sudoers modes fix some typos + better description of /usr/ucb/cc gotchas on slowaris + [c00b2a6fc1e8] -1995-08-14 00:07 millert + * Makefile.in: + add sample.pam + [ec7f6cc19b00] - * parse.lex: now allows command args + * sudo.c: + set NewArgv[0] to user_shell, not basename(user_shell) + [1e907cbc9f7b] -1995-08-14 00:06 millert +1998-09-12 Todd C. Miller - * parse.c: now groks command arguments + * README: + mention TROUBLESHOOTING more fix some typos + [2c2e6907d4a4] -1995-08-13 23:39 millert + * configure.in: + move --enable/--disable to be after --with + [9b30097f76c1] - * logging.c: now sets tty correctly when piped input + * INSTALL: + document --enable/--disable + [c522362e38a8] -1995-08-13 23:35 millert + * INSTALL: + document --with-pam + [7e38932c78ac] - * sudo.c: fixed loading of cmnd_args (was including command name - too) +1998-09-11 Todd C. Miller -1995-08-13 23:34 millert + * configure.in: + Add message for pam users + [d224f277e3cd] - * logging.c: fixed a core dump due to incorrect if construct + * sample.pam: + Initial revision + [3a84d7045f54] -1995-08-13 00:33 millert + * config.h.in: + fix HAVE_PAM + [2f0f303ebd88] - * configure.in: only add -lsun is irix < 5 don't look for -lnsl or - -lsocket if irix + * check.c, config.h.in, configure.in: + pam support, from Gary Calvin + [ea3e0a72d707] -1995-08-13 00:33 millert +1998-09-10 Todd C. Miller - * aclocal.m4: fixed check for ISC + * config.h.in: + add HOST_IN_LOG and WRAP_LOG + [822c36eeb6a8] -1995-08-13 00:32 millert + * logging.c: + add WRAP_LOG and HOST_IN_LOG + [3cf6052bd27e] - * sudo.c: now sets cmnd_args used by log_error() and that will be - used by the parse to check against command args + * configure.in: + add --enable-log-host and --enable-log-wrap + [c968cc12b353] -1995-08-13 00:32 millert + * aclocal.m4: + use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir + [915fef7e11a1] - * sudo.h: added cmnd_args +1998-09-09 Todd C. Miller -1995-08-13 00:31 millert + * compat.h: + add howmany macro + [9107a057a7c8] - * logging.c: now dynamically allocate logline since we can guess at - its size + * tgetpass.c: + include sys/param.h to get howmany macro + [7e908b5e1f32] -1995-08-05 13:52 millert +1998-09-08 Todd C. Miller - * logging.c: cleaned up a bunch of unnecesary #ifdef's eliminated a - buffer remove "register" since the compiler knows more than I do - now do a "basename" of the tty + * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: + add RUNAS_DEFAULT + [1e76398ea3fd] -1995-07-31 18:20 millert +1998-09-07 Todd C. Miller + + * fnmatch.c: + bring in stdio.h for NULL + [69c016610cbb] + + * aclocal.m4: + allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh + [15ab2972f8d0] + + * sudo.c: + use HAVE_SET_AUTH_PARAMETERS + [8abfdc8c80f7] + + * config.h.in: + add HAVE_SET_AUTH_PARAMETERS + [673a5ebd5539] + + * configure.in: + add *-*-hiuxmpp* add test for set_auth_parameters() if secureware + [a401f5a7469a] - * configure.in: ++version + * config.sub: + add support for HI-UX/MPP SR220001 02-03 0 SR2201 + [cb657b7acaae] -1995-07-30 22:37 millert + * interfaces.c: + initialize previfname + [26a1902f56dc] - * sudo.h: added shell extern changed MODE_* to be bit masks to - allow for several options together + * interfaces.c: + Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have + it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of + kludging it + [fa5c890c313b] -1995-07-30 22:36 millert + * configure.in: + typo + [bff579fbe95c] - * sudo.c: added -s (shell) option made MODE_* masks so we can do - bitwise & and | to see if multiple flags are set. + * Makefile.in: + don't need special build line for sudo.tab.o + [10c0a0a912e4] -1995-07-30 22:01 millert + * Makefile.in: + don't clean sudo.tab.[ch] + [c40d5968efbb] - * check.c: added securid support + * sudo.c: + Sudo should prompt for a password before telling the user that a + command could not be found. + [d718c85a0047] -1995-07-30 14:38 millert + * BUGS: + for 1.5.6 + [0cc1fe5b9129] - * logging.c: removed a bunch of unnecesary strncpy()'s and replaced - with strcat() + * INSTALL, README: + no longer require yacc + [d9096fc5b8b6] -1995-07-29 17:17 millert + * Makefile.in: + typo + [70feb1aefbd5] - * Makefile.in, version.h: ++version + * Makefile.in: + y.tab -> sudo.tab include pre-yacc'd parse.yacc + [cc802025fd44] -1995-07-27 06:52 millert + * parse.lex: + include sudo.tab.h, not y.tab.h don't break out of command args if + you get a '=' + [728ad26dbda5] - * parse.yacc: fixed free() of an uninitialized pointer (yuck) + * insults.h: + fix version , + [242bbce1b2d4] -1995-07-26 22:00 millert + * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: + fix version + [2bb9086fea1e] - * testsudoers.c: added netgr_matches + * compat.h: + fix version + [7e634d498ce6] -1995-07-26 21:29 millert + * getcwd.c: + getcwd(3) from OpenBSD for those without it. + [6c68d0df8f6c] - * parse.c: cleaned up netgr_matches + * sudo.h: + HAVE_GETWD -> HAVE_GETCWD + [2ad1e64d60c0] -1995-07-26 00:26 millert + * configure.in: + pretend sunos doesn't have getcwd(3) since it opens a pipe to + getpwd! + [677992ba5a6a] - * RUNSON: updated for 1.3.4 + * parse.c: + use NAMLEN() macro + [8f5685aa3165] -1995-07-24 21:51 millert + * fnmatch.c: + remove duplicate include of string.h + [6024f3051ac3] - * Makefile.in: now installs sudoers.man -- really should clean this - up though. + * configure.in: + call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T + [3d82a9c22cc2] -1995-07-24 21:18 millert + * aclocal.m4: + add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T + [53fbc47282f9] - * Makefile.in: added sudoers.cat and sudoers.man + * config.h.in: + add dev_t and ino_t + [5929bb0c7e1a] -1995-07-24 21:15 millert +1998-07-28 Todd C. Miller - * sudo.man: pulled out stuff on the sudoers file format into a - separate man page + * check.c: + fix OTP_ONLY for opie + [7edcfa78f2ec] -1995-07-24 21:14 millert +1998-06-24 Todd C. Miller - * sudoers.man: Initial revision + * testsudoers.c, tgetpass.c: + include stdlib.h for malloc proto + [c9f4b99a2fe9] -1995-07-24 21:04 millert +1998-05-19 Todd C. Miller - * HISTORY: fixed up my email address + * Makefile.in: + make update_version saner + [d522f93ee04a] -1995-07-24 20:03 millert + * config.h.in: + add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid() + [c9a2d21dc608] - * configure.in: added checks for innetgr and getdomainname + * configure.in: + check for waitpid and wait3 or no waitpid + [1f18c3224184] -1995-07-24 20:02 millert + * logging.c: + used waitpid or wait3 if we have 'em + [391c3279ee65] - * visudo.c: added dummy netgr_matches function +1998-05-02 Todd C. Miller -1995-07-24 20:01 millert + * visudo.c: + fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon) + [fbf53b18178f] - * parse.c: added netgr_matches +1998-04-28 Todd C. Miller -1995-07-24 20:01 millert + * configure.in: + don't need to explicately mention -lsocket -lnsl for sequent + [1898dc055352] - * parse.lex, parse.yacc: added NETGROUP support +1998-04-25 Todd C. Miller -1995-07-24 20:01 millert + * configure.in: + dynix should not link with -linet + [278a4b9cfe2a] - * config.h.in: added HAVE_INNETGR & HAVE_GETDOMAINNAME +1998-04-10 Todd C. Miller -1995-07-24 18:07 millert + * INSTALL: + mention that HP-UX doesn't ship with yacc + [bde5147198c0] - * sudo.c: rewrote clean_env() that has rm_env() builtin +1998-04-07 Todd C. Miller -1995-07-23 19:58 millert + * check.c: + ignore kerberos if we can't get the local realm + [1e311a091a27] - * check.c: now cast uid to long in sprintf +1998-04-06 Todd C. Miller -1995-07-23 19:58 millert + * BUGS, INSTALL, README, configure.in: + ++version + [499ffc746018] - * OPTIONS: added _INSULTS suffix to HAL & GOONS end + * version.h: + ++ + [35ba1ee01bd3] -1995-07-23 19:57 millert + * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h, + find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, + logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [b4990a513f31] - * options.h: added _INSULTS suffix to HAL & GOONS + * check.c, sudo.h: + fix version + [5710795834e8] -1995-07-23 19:35 millert + * getcwd.c: + don't use popen/pclose. Do it inline. + [29e57b0646a4] - * ins_2001.h, ins_classic.h, ins_goons.h, insults.h: converted to - new scheme of insult "unions" end + * lsearch.c: + add rcsid + [b2b55c39858d] -1995-07-23 17:48 millert + * sudo.c: + typo + [d381ac39ed0f] - * sudo.c: now uses MAX_UID_T_LEN + * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in, + sudo.h: + updated version + [462d6e1a2d75] -1995-07-23 17:48 millert + * check.c, find_path.c, parse.c, sudo.c, testsudoers.c: + MAX* + 1 -> MAX* + [2c2eeb78d34f] - * configure.in: added SUDO_UID_T_LEN !l + * Makefile.in: + getwd.c -> getcwd.c + [7d718c32fc02] -1995-07-23 17:48 millert + * config.h.in: + kill HAVE_GETWD + [6ad3d702343f] - * config.h.in: added MAX_UID_T_LEN + * configure.in: + getcwd, not getwd + [33e5b9841f58] -1995-07-23 17:47 millert + * getcwd.c: + use MAX* not MAX* + 1 always run pwd as using getwd() defeats the + purpose + [24e58d340161] - * check.c: now use MAX_UID_T_LEN +1998-03-31 Todd C. Miller -1995-07-23 17:47 millert + * OPTIONS, options.h: + add STUB_LOAD_INTERFACES + [d747cb23ca83] - * aclocal.m4: added check for max len of uid_t fixed sco vs. isc - check + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [0798229312cc] -1995-07-19 19:05 millert + * configure.in: + support *-ccur-sysv4 and fix two typos + [24a823ad7cc9] - * configure.in: corrected version +1998-03-28 Todd C. Miller -1995-07-19 17:29 millert + * configure.in: + don't echo about with_logfile and with_timedir + [31e4a1e2d9ad] - * configure.in: added sco support + * INSTALL: + document --with-logfile and --with-timedir + [674f811a40e0] -1995-07-19 17:29 millert + * aclocal.m4: + support --with-logfile and --with-timedir + [2fc36b35db12] - * aclocal.m4: hack to check for sco + * configure.in: + Add --with-logfile and --with-timedir + [09045bf07e29] -1995-07-18 21:27 millert + * sudo.c: + change size computation of NewArgv for UNICOS + [b50df07da3a1] - * interfaces.c: removed #include since it was hosing - some OS's +1998-02-19 Todd C. Miller -1995-07-18 13:35 millert + * configure.in: + treate -*-sysv4* like *-*-svr4 + [471b7ef4dbf2] - * find_path.c: fixed prreadlink() prototype +1998-02-18 Todd C. Miller -1995-07-17 23:54 millert + * configure.in: + fix spacing for --with-authenticate help + [8321cb37c410] - * check.c: added parens in #if's + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [dc1ab97312eb] -1995-07-17 23:53 millert + * parse.yacc: + fix off by one error in push macro + [bece59c8c3a9] - * configure.in: added SPW_ prefix +1998-02-17 Todd C. Miller -1995-07-17 23:20 millert + * configure.in: + removed bogus alloca hack + [a68dd720462d] - * sudo.h: moved SPW_* to config.h.in + * check.c: + added AIX 4.x authenticate() support + [12985eb448a0] -1995-07-17 23:19 millert + * parse.yacc: + include alloca.h if using bison and not gcc and it exists. fixes an + alloca problem on hpux 10.x + [e3b5c4f26072] - * sudo.c: added a set of parens + * INSTALL: + mention --with-authenticate + [78a1c96820e7] -1995-07-17 23:19 millert + * configure.in: + added AIX authenticate() support + [c983193ec252] - * config.h.in: added SPW_* + * config.h.in: + add HAVE_AUTHENTICATE + [7b0e5f5db5d9] -1995-07-17 22:50 millert + * interfaces.c: + dynamically size ifconf buffer + [10afb0e9b2f9] - * sudo.h: added SPW_* reordered error codes + * configure.in: + quote '[' and ']' + [8fc38a4defad] -1995-07-17 22:49 millert + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [5f66de71ec61] - * check.c: moved SPW_* to sudo.h + * visudo.pod: + add ERRORS section + [3df3edb73cf6] -1995-07-17 14:29 millert +1998-02-16 Todd C. Miller - * logging.c: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT + * TROUBLESHOOTING: + add busy stmp file explanation + [6c555d469b6f] -1995-07-17 14:29 millert +1998-02-15 Todd C. Miller - * configure.in: AUTH -> SECUREWARE + * configure.in: + the name of the cached var that signals whether or not you are cross + compiling changed. It is now ac_cv_prog_cc_cross + [123911c0658c] -1995-07-17 14:29 millert +1998-02-11 Todd C. Miller - * check.c, sudo.c: SPW_AUTH -> SPW_SECUREWARE + * INSTALL: + mention glibc 2.07 is fixed wrt lsearch()\. + [ded758524582] -1995-07-17 00:22 millert +1998-02-07 Todd C. Miller - * check.c: now uses SHADOW_TYPE to make shadow pw support more - readable and modular. It's a start... + * sample.sudoers, sudoers.pod: + better example of su but not root su + [b3199610be21] -1995-07-17 00:21 millert +1998-02-06 Todd C. Miller - * configure.in: added autodetection of shadow passwords + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [46922b84e86b] -1995-07-17 00:20 millert + * Makefile.in: + correct regexp for updating version + [8032728b2a8a] - * sudo.c: now uses SHADOW_TYPE define + * tgetpass.c: + remove bogus flush of stderr spew prompt before turning off echo. + Seems to fix a weird problem where if sudo complained about a bogus + stamp file the user would sometimes not have a chance to enter a + password + [7aa1493cc141] -1995-07-17 00:19 millert + * check.c: + fix bogus flush of stderr + [6d047871c5e8] - * config.h.in: added SHADOW_TYPE which replaces SUNOS4 & __svr4__ - defines + * sudo.c: + close fd's <=2 not <=3 and move that chunk of code up + [553e4faac195] -1995-07-17 00:19 millert + * configure.in: + support hpux1[0-9] not just hpux10 + [5a34a000ff8a] - * aclocal.m4: added SUDO_CHECK_SHADOW +1998-01-30 Todd C. Miller -1995-07-12 17:09 millert + * parse.c: + set sudoers_fp to nil after closing + [221a8b4bbf34] - * configure.in: define SVR4 for ISC define BROKEN_SYSLOG for hpux - took out test for memmove() since we dno longer use it... +1998-01-24 Todd C. Miller -1995-07-12 17:08 millert + * config.guess, config.sub: + updated from autoconf 2.12 + [6fc86a0fc61b] - * CHANGES: updated + * configure.in: + add *-*-svr4 rule + [38f0427f7c9d] -1995-07-12 17:05 millert +1998-01-23 Todd C. Miller - * logging.c: added BROKEN_SYSLOG support + * tgetpass.c: + fix select usage for high fd's (dynamically allocate readfds) + [c2d1f76e0321] -1995-07-12 17:05 millert + * check.c: + kill extra whitespace + [d784b6c9c514] - * config.h.in: added BROKEN_SYSLOG + * sudo.c: + do an initgroups() before running a command, unless the target user + is root. + [4ca561287480] -1995-07-12 17:04 millert +1998-01-22 Todd C. Miller - * check.c: now only bitch it timestamp > time_now + 2 * timeout to - allow for a machine udpating its time from a server + * TROUBLESHOOTING: + tell people to use tabs, not spaces, in syslog.conf + [8ae90a205134] -1995-07-12 17:04 millert +1998-01-21 Todd C. Miller - * sudo.man: added 2 security notes updated Nieusma's email addr + * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c, + parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c: + updated version + [4d855ff5de26] -1995-07-12 14:18 millert + * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, + logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c: + updated version + [8e007e178b33] + + * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h: + updated version + [9ddea5c8814d] + + * Makefile.in: + more tweaks to update_version + [047698752855] + + * Makefile.in: + fixed up update_version rule + [47b6fa34b77f] + + * configure.in: + ++version + [c1ca664e30b7] + + * Makefile.in: + removed supe of check.c + [8f340a05296a] + + * INSTALL: + ++version I missed + [a298e6c17491] + + * RUNSON: + updated + [a14f6057bc15] + + * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, + dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, + goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: + updated version + [02231b1a3ab3] + + * CHANGES: + updated for 1.5.5 + [634e5fcaf40b] + + * Makefile.in: + add rules to update version stuff in files so I don't need to do it + by hand + [3620ad60485a] + + * sudo.h: + sudoers_fp is now extern + [88c6e9b9ea84] + + * sudo.c: + in check_sudoers, cache the sudoers file handle in sudoers_fp so we + don't have to open it again in the parse. This may help with weird + solaris problems where EAGAIN sometime occurrs. + [d3c26451ed1d] + + * parse.c: + sudoers file open is now done only in check_sudoers() so we just do + a rewind() instead of an open. May help people on solaris who were + getting EAGAIN. + [c8b8c7722fa5] + +1998-01-16 Todd C. Miller + + * INSTALL: + mention that newer glibc is fixed + [20f06f5d3ef3] + +1998-01-13 Todd C. Miller + + * sudo.c: + newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore + _RLD* instead of _RLD_* + [1e22c588d602] + + * parse.c: + typo + [d0b7cb85f08a] + + * parse.c: + fix that bug for real + [5a6eeca6d04b] + + * INSTALL: + document Linux's libc6 brokenness. + [0246c1aa64ee] + + * parse.yacc: + -Wall + [d0e452fb1e2d] + + * RUNSON: + updated + [4949a1bbd0a9] [SUDO_1_5_4] + + * TROUBLESHOOTING: + remind people to HUP syslogd + [590962faa4f0] + + * Makefile.in: + add -O flag to tar + [622d02de339d] + + * RUNSON: + updated + [a72930d6e615] + + * TODO: + updated + [4a51bd458390] + + * sudo.pod: + remove author's email addr. people should mail sudo-bugs + [9b6bbdb3a6d9] + + * INSTALL: + fix version + [246274c6c8af] + + * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c, + find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: + ++version + [f532ff4ee766] + + * RUNSON: + updated + [62d5c71358b5] - * lsearch.c: changed a memmove() to memcpy() since we don't have to - worry about overlapping segments. + * INSTALL, Makefile.in: + ++version + [1a7c7628edfc] -1995-07-11 15:41 millert + * CHANGES: + updated fort 1.5.4 + [7e4873508c99] - * interfaces.c: cleanup up the loop when interfaces are groped in - so that it is readable + * check.c: + exit(1) if user enters no passwd + [f382c0e35e4e] -1995-07-11 14:52 millert + * BUGS: + ++version + [fab6a867ab67] - * Makefile.in, version.h: ++version + * parse.c: + commands can start with ./* not just /* -- fixes a serious security + hole. + [244d2fe35ee3] -1995-07-09 18:17 millert +1997-12-21 Todd C. Miller - * CHANGES: annotated 124-126 + * sudo.c: + Don't set the tty variable to NULL when we lack a tty, leave it as + "unknown". + [193b26daba03] -1995-07-07 16:06 millert +1997-11-23 Todd C. Miller - * check.c: fixed permissions check on /tmp/.odus + * sample.sudoers: + fix usage of (username) in conjunction with , and ! + [7ae68607f68f] -1995-07-06 19:35 millert + * visudo.c: + catch the case where the user is not in the passwd file + [31650258deb0] - * check.c: fixed some comments + * tgetpass.c: + use fileno(input) + 1 instead of getdtablesize() as the nfds arg to + select(2) + [60ab2d9a9ee8] -1995-07-06 14:49 millert + * sudo.c: + define tty global to an initial value to avoid dumping core in + logging functions when passwd file is unavailable. + [77056c7bc908] - * check.c: now checks owner & mode of timedir also checks for bogus - dates on timestamp file + * sudo.c: + do the set_perms(PERM_USER, sudo_mode) after we have gotten the + passwd entry + [1fdb8e579a5a] -1995-07-06 14:49 millert + * sudo.pod: + talk about problem of ALL + [1cd1905c9f6f] - * OPTIONS: updated TIMEOUT info +1997-10-10 Todd C. Miller -1995-07-06 14:48 millert + * README: + new web location + [d24dc26f6da5] - * logging.c, sudo.h: added BAD_STAMPDIR and BAD_STAMPFILE + * INSTALL: + fdesc bug is fixed in Open/Net BSD + [7d4d81b08ac3] -1995-07-06 14:47 millert + * HISTORY: + updates from Nieusma + [3a43769a1b78] - * compat.h: added definition of S_IRWXU +1997-10-09 Todd C. Miller -1995-07-06 14:47 millert + * dce_pwent.c: + move compat.h after the system includes + [5ea43a5968ac] - * CHANGES: updated +1997-08-06 Todd C. Miller -1995-07-03 14:16 millert + * logging.c: + save errno from being clobbered by wait(). From Theo + [f2d1c48cd592] - * interfaces.c: added #ifdef to make it compile on strange arches +1997-05-21 Todd C. Miller -1995-07-02 18:13 millert + * compat.h: + fix an occurence of setresuid -> setreuid (typo) + [394de35c9b1c] - * aclocal.m4: fixed check for fulkl void impl. +1997-03-19 Todd C. Miller -1995-07-02 09:56 millert + * install-sh: + check for path to strip + [2b7ef824bd55] - * check.c: added mssing "static" +1997-01-16 Todd C. Miller -1995-07-01 20:41 millert + * logging.c: + deal with maxfilelen < 0 case + [f0af095178d7] - * insults.h: replaced #elif with #else #if constructs for ancient C - compilers + * OPTIONS: + fixed descriptin + [629f60bd4b5f] -1995-07-01 20:18 millert +1996-12-12 Todd C. Miller - * INSTALL: updated irix c2 & kerb5 info + * sudo.c: + correct error message if mode/owner wrong and not statable by owner + but is statable by root. + [cb631ce2e85e] -1995-07-01 20:15 millert +1996-11-23 Todd C. Miller - * configure.in: added shadow pw support for irix + * config.guess, config.sub: + autoconf 2.11 + [f3cbe59e0756] -1995-07-01 16:07 millert +1996-11-16 Todd C. Miller - * CHANGES: last changes for sudo 1.3.3 + * CHANGES, RUNSON, TODO: + sudo 1.5.3. + [2be3229b8626] -1995-07-01 16:07 millert +1996-11-14 Todd C. Miller - * TODO, BUGS: updated + * parse.yacc, sudo.h: + command_alias -> generic_alias + [c404ca8c510d] [SUDO_1_5_3] -1995-07-01 16:04 millert + * sample.sudoers: + added Runas_Alias example and fixed syntax errors + [c304053f4a8a] - * configure.in: now calls SUDO_SOCK_SA_LEN + * OPTIONS, options.h: + updated MAILSUBJECT + [18d1573fcd2a] -1995-07-01 16:04 millert + * logging.c: + added %h expansion + [a4bff9b284fd] - * config.h.in: added HAVE_SA_LEN + * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, + configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, + goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: + ++version + [211ff20f956f] -1995-07-01 16:04 millert + * BUGS, emul/utime.h: + ++version + [cde5376579e3] - * aclocal.m4: added SUDO_SOCK_SA_LEN + * sudoers.pod: + document Runas_Alias + [b1a58f28fb2c] -1995-07-01 15:49 millert + * visudo.pod: + q (uid) -> Q + [d256649a0e6b] - * interfaces.c: now works with ip implementations that use sa_len - in sockaddr + * visudo.c: + buffer oflow checking q (uit) -> Q if yyparse() fails drop into + whatnow + [1cb183d15626] -1995-07-01 14:26 millert + * parse.yacc: + add size params to sprintf + [9228f698921f] - * INSTALL: added note about buggy AIX compiler + * parse.lex: + allow trailing space after '\\' but before '\n' + [f51dbbf69fdf] -1995-07-01 14:24 millert + * find_path.c: + off by one error in path size check + [a6d75ccd7632] - * interfaces.c: now include sys/time.h for AIX + * check.c: + sprintf paranoia + [3ffb12d198dd] -1995-06-27 22:35 millert +1996-11-12 Todd C. Miller - * Makefile.in: getcwd -> getwd + * parse.yacc: + fixed more_aliases + [aab12f2a50af] -1995-06-27 21:28 millert + * visudo.c: + now warns if killed by signal ./ + [310c186a0fd7] - * interfaces.c: now works for ISC and others. yay. +1996-11-11 Todd C. Miller -1995-06-26 14:24 millert + * parse.yacc: + fix Runas_Alias stuff Alias's in runas list now get expanded (but it + is gross) + [45590b83120f] - * Makefile.in, version.h: version++ + * sudo.c: + Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400 + [d53e01c14c58] -1995-06-22 20:26 millert + * parse.yacc: + add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS) + [7a4a040aae2d] - * aclocal.m4: fixed test for full void impl + * parse.lex: + Add Runas_Alias and simplify a rule. + [6f794a769a37] -1995-06-22 20:25 millert + * parse.yacc: + always store User_Alias's since they can be used inside of a runas + list. Sigh. Really need a Runas_Alias instead. + [3bab058a873e] - * sudo.c: now check to see that st_dev is non-zero before assuming - that we are being spoofed +1996-10-30 Todd C. Miller -1995-06-20 16:56 millert + * visudo.c: + deal with case where there is no sudoers file + [fa38b3bb244d] - * aclocal.m4, configure.in: SUDO_FUNC_UTIME_NULL -> - AC_FUNC_UTIME_NULL +1996-10-12 Todd C. Miller -1995-06-19 16:32 millert + * TROUBLESHOOTING: + added one + [e61346d06725] - * aclocal.m4: fixed include file order for SUDO_FUNC_UTIME_POSIX +1996-10-11 Todd C. Miller -1995-06-19 16:10 millert + * HISTORY, testsudoers.c: + developement -> development + [4df55e293941] - * logging.c: added cast for ttyname() + * INSTALL: + added a note + [3845fb83dbc0] -1995-06-19 15:23 millert + * RUNSON: + for 1.5.2 + [5489b7298942] - * configure.in: fixed typo + * CHANGES: + updated + [0741834929e6] -1995-06-19 15:19 millert +1996-10-10 Todd C. Miller - * check.c: now deal correctly with all known variation of utime() - -- yippe + * PORTING: + removed seteuid() notes + [1010a60f281d] [SUDO_1_5_2] -1995-06-19 15:19 millert +1996-10-09 Todd C. Miller - * configure.in: added SUDO_FUNC_UTIME_POSIX + * compat.h: + better seteuid() emulatino + [e807623b662c] -1995-06-19 15:19 millert + * configure.in: + added check for seteuid + [8cf9fabc6f4f] - * aclocal.m4: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX + * config.h.in: + added HAVE_SETEUID + [596db46aa828] -1995-06-19 15:14 millert +1996-10-08 Todd C. Miller - * config.h.in: added HAVE_UTIME_POSIX + * configure.in: + first stab at sequent support + [b85a7bfcac76] -1995-06-19 13:38 millert + * config.h.in: + added HAVE_SYS_SELECT_H + [93ecdd042463] - * check.c: fixed a typo + * compat.h: + sequent -> _SEQUENT_ + [63a38b6da98c] -1995-06-19 13:29 millert + * compat.h: + added seteuid() macro for DYNIX + [695bd63c5ea6] - * check.c: no longer assume !HAVE_UTIME_NULL means old BSD utime() + * tgetpass.c: + _AIX -> HAVE_SYS_SELECT_H + [b31221211bc2] -1995-06-19 13:20 millert +1996-10-07 Todd C. Miller - * check.c: fixed fascist C compiler warning + * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c, + parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + ++version + [8052992fd453] -1995-06-18 23:14 millert + * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c, + getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h, + pathnames.h.in, version.h: + ++version + [f7ad15e1598a] - * interfaces.c: now set strioctl.ic_timout in STRSET() now - initialize num_interfaces to 0 (just to be anal) + * sudo.pod: + added -H and SUDO_PS1 + [bb965241e30c] -1995-06-18 18:06 millert + * configure.in: + use SUDO_FUNC_FNMATCH + [6a8350d85fb2] - * sudo.h: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname + * aclocal.m4: + added SUDO_FUNC_FNMATCH + [45b32c91c4ba] -1995-06-18 18:05 millert + * sudo.c: + added -H flag + [11ebc6872fd6] - * logging.c: added tty logging + * sudo.h: + added MODE_RESET_HOME / + [67a7f8bcbbd6] -1995-06-18 16:04 millert +1996-10-05 Todd C. Miller - * interfaces.c: reworked the ISC code + * INSTALL: + mention OPIE + [5723515d5bbd] -1995-06-18 15:27 millert + * options.h: + SKEY -> OTP + [c1d268130bc4] - * Makefile.in, version.h: updated version + * configure.in: + added opie support + [123872b41b20] -1995-06-18 15:24 millert + * compat.h, config.h.in: + added HAVE_OPIE + [528c71afc1e5] - * check.c: now expect old-style utime(3) if utime() can't take NULL - as an arg + * check.c: + added HAVE_OPIE and changed to *_OTP_* + [4c62f5db872a] -1995-06-18 15:08 millert + * OPTIONS: + SKEY -> OTP + [bd858e5e9652] - * configure.in: added check for utime.h +1996-10-04 Todd C. Miller -1995-06-18 15:08 millert + * check.c: + moved fclose() in skey stuff. + [11f7dc8431a6] - * config.h.in: added HAVE_UTIME_H +1996-10-03 Todd C. Miller -1995-06-18 14:48 millert + * putenv.c: + index -> strchr remove unnecesary stuff + [af2d05238062] - * Makefile.in: added CPPFLAGS STATIC_FLAGS -> LDFLAGS + * check.c: + now call skeychallenge() to get challenge instead of making one up + ourselves. this way, we get extra goodies in the prompt. + [49b770d98d3a] -1995-06-18 13:58 millert +1996-09-10 Todd C. Miller - * configure.in: now search for kerb libs and includes + * CHANGES: + added one + [3f5149357e2a] [SUDO_1_5_1] -1995-06-18 13:03 millert + * parse.lex: + allow logins to start with a number (YUCK!) + [7ed7ef324741] - * check.c: added support for utime(2)'s that can't take a NULL - parameter +1996-09-08 Todd C. Miller -1995-06-18 13:03 millert + * TROUBLESHOOTING: + added soalris 2.5 vs 2.4 note + [16160a251aae] - * utime.c: moved HAVE_UTIME_NULL stuff to update_timestamp() where - t belongs + * configure.in: + DUNIX doesn't need -lnsl + [be924cc322c3] -1995-06-17 20:46 millert + * CHANGES: + *** empty log message *** + [1b2937521981] - * configure.in: added utime(s) stuff + * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c, + getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, + options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, + strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, + utime.c, version.h, visudo.c: + courtesan + [5f203589bbfe] -1995-06-17 20:46 millert + * PORTING, README, RUNSON: + courtesan + [d72517f4937e] - * check.c: now use utime() + * INSTALL, Makefile.in, TROUBLESHOOTING: + courtesan + [5c007e3c7a71] -1995-06-17 20:46 millert + * visudo.pod: + *** empty log message *** + [37ebe85bd4e1] - * config.h.in: added HAVE_UTIME and HAVE_UTIME_NULL + * sudo.pod, visudo.pod: + courtesan + [37f02e2130ea] -1995-06-17 19:12 millert +1996-09-07 Todd C. Miller - * utime.c: now use HAVE_UTIME_NULL + * HISTORY: + added courtesan ./ + [b01435226276] -1995-06-17 19:02 millert +1996-09-06 Todd C. Miller - * utime.c, emul/utime.h: Initial revision + * sudo.c: + added $SUDO_PROMPT support + [cb1fa72c093d] -1995-06-17 18:24 millert +1996-09-04 Todd C. Miller - * check.c: need to setuid(0) to make kerb4 stuff work. + * check.c: + print long skey challemged to stderr, not stdout + [750fc775b3b2] -1995-06-17 18:14 millert +1996-09-01 Todd C. Miller - * tgetpass.c: no more special case for kerberos + * CHANGES: + updated for 1.5.1 + [9b615f393057] -1995-06-17 18:13 millert + * emul/utime.h: + ++version + [a94de18deafb] - * config.h.in: took out setreuid and setresuid stuff added kerb5 - stuff (use kerb4 emulation) +1996-08-31 Todd C. Miller -1995-06-17 18:13 millert + * RUNSON: + updated for 1.5.1 + [4092f20ab634] - * compat.h: no longer need setreuid() emulation now set _PASSWD_LEN - to 128 if kerberos +1996-08-30 Todd C. Miller -1995-06-17 18:12 millert + * check.c: + use shost, not host for tgetpass + [6061c49ff9be] - * check.c: now use private ticket file for kerberos support to - avoid trouncing on system one + * sudo.pod: + documented %u and %h + [6d2922d29897] -1995-06-15 00:48 millert + * OPTIONS: + documented %u and %h + [1a71da13a864] - * sudo.h: added SPOOF_ATTEMPT & cmnd_st + * configure.in: + fixed typo + [1230dec2b062] -1995-06-15 00:47 millert + * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, + dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: + ++version + [65ce8eabf77a] - * sudo.c: added anti-spoofing support + * BUGS: + ++version + [afecab53aab7] -1995-06-15 00:47 millert +1996-08-29 Todd C. Miller - * parse.c: now use global cmnd_st + * Makefile.in, configure.in, version.h: + ++version + [fb3ff940d672] -1995-06-15 00:47 millert + * sudo.h: + new tgetpass() params + [9eccc5b0f8ae] - * logging.c: added SPOOF_ATTEMPT suypport + * check.c: + pass use and host to tgetpass + [c56d9d13c401] -1995-06-14 23:41 millert + * tgetpass.c: + added %u and %h escapes + [04ae775d3e5d] - * testsudoers.c, visudo.c: added void casts where appropriate + * OPTIONS, check.c, options.h: + added NO_MESSAGE + [3927dad19057] -1995-06-14 23:40 millert + * configure.in: + added cray (unicos) support + [1122210c5fb1] - * parse.yacc: fixed up spacing and added void casts where - appropriate +1996-08-27 Todd C. Miller -1995-06-14 23:27 millert + * OPTIONS, options.h, sudo.c: + added SHELL_SETS_HOME + [0b26909b0929] - * sudo.c: fixed problem with "-p prompt" but no args +1996-08-25 Todd C. Miller -1995-06-14 04:43 millert + * INSTALL: + added note about "make install" + [7e56ea76d4b4] - * sudo.man: added BUGS and annotated -l description + * parse.yacc: + changed length/size params from int to size_t + [5654e5ceb1b3] -1995-06-14 04:43 millert + * OPTIONS: + now get CSOPS insults as well by default + [297323d0179a] - * sudo.h: validate() now takes a flag + * insults.h: + use csops insults too by default + [07fafc136169] -1995-06-14 04:43 millert + * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h: + version = 1.5 + [4b8772b11e3b] - * sudo.c: validate() now takes a flag added -l + * sudo.c: + added runas_homedir + [b0e0d4417a15] -1995-06-14 04:42 millert + * TODO: + updated for 1.5 + [66259df825d5] - * parse.yacc: added support for -l + * RUNSON: + updated for 1.5 + [e08bc9ebfe95] -1995-06-14 04:41 millert + * CHANGES: + 1.5 release + [8c16942fea41] - * parse.c: validate() now takes a flag that says whether or not to - check the command + * INSTALL: + added "upgrading" notes + [210d968964ff] -1995-06-07 21:36 millert +1996-08-22 Todd C. Miller - * logging.c: now deals with Argv == 1 + * visudo.c: + now do chmod and chown after edit of temp file and before rename + [de174e34faa7] [SUDO_1_5_0] -1995-06-07 21:34 millert +1996-08-18 Todd C. Miller - * sudo.man: added -p option + * Makefile.in: + ++version added INSTALL.configure + [c9e9214f52ae] -1995-06-07 21:27 millert + * configure.in, version.h: + ++version + [5985abed3eb2] - * sudo.c: added prompt support reworked parse_args() + * TROUBLESHOOTING: + *** empty log message *** + [d65c540ec52e] -1995-06-07 20:49 millert + * parse.yacc: + added missing cast + [e7247319a7d5] - * sudo.h: added prompt + * sudo.c: + sets $HOME to pw_dir of runas user + [d3f7f4d05752] -1995-06-07 20:49 millert + * sudo.pod: + document $HOME change + [854454d458c4] - * options.h: added PASSPROMPT +1996-08-17 Todd C. Miller -1995-06-07 20:48 millert + * sudo.pod: + fixed up some wording + [b0c8582f2c97] - * check.c: now use BUFSIZ as length of kerb password added kpass so - pass is always a char * now use prompt global when asking for a - password + * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, + interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c, + strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, + visudo.c: + ++version + [748be723fd8b] -1995-06-07 20:47 millert + * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, options.h, pathnames.h.in, sudo.h: + ++version + [acdf8b1b2a1b] - * tgetpass.c: now use BUFSIZ as _PASSWD_LEN if using kerberos + * emul/utime.h: + ++version + [b3f35298ab8d] -1995-06-07 20:43 millert + * sudo.h: + name nad type changes + [db24ab3da141] - * OPTIONS: added PASSPROMPT + * testsudoers.c: + now works with new sudo + [379346c42cc2] -1995-06-07 01:44 millert + * parse.yacc: + fixed some XXX + [f5fe4c990052] - * configure.in: only look for -lufc or -lcrypt if crypt() not in - libc + * parse.yacc: + some variable name changes + comment headers for functions. + [3dc3bd9aa73d] -1995-06-07 01:43 millert + * tgetpass.c: + added extra paren's to make compilers happy + [9e4968a34d56] - * check.c: don't exit on kerb error, just warn if k_errno == - KDC_PR_UNKNOWN (unknown user) silently fail + * sudo.c: + *** empty log message *** + [70c924c1ed69] -1995-06-06 22:44 millert + * parse.c: + now uses init_parser() if not in sudoers and tries "list" or + "validate" scold but don't be nasty. + [c0d8fb3f8c9e] - * INSTALL: added kerb4 note + * TROUBLESHOOTING: + now can use upper case login names + [c772fffcefe5] -1995-06-06 22:43 millert + * visudo.c: + now uses init_parser() + [b9efae7243fd] - * tgetpass.c: HAVE_KERBEROS -> HAVE_KERB4 + * INSTALL, README: + updated + [27dc8283fdc8] -1995-06-06 22:41 millert + * PORTING: + added info about PASSWORD_TIMEOUT + [980e15d892f8] - * check.c: removed debugging printf + * INSTALL.configure: + Initial revision + [8292e89a08d3] -1995-06-06 22:33 millert + * BUGS: + fixed a bug , + [c6e46f5624f9] - * configure.in: KERBEROS -> KERB4 added checks for setreuid & - setresuid + * parse.yacc: + now dynamically allocates memory for the stacks -- no more + overflows! + [8615c35b6ad3] -1995-06-06 22:32 millert + * sudo.pod: + -l now explands command aliases + [39f45605935d] - * config.h.in: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and - HAVE_SETRESUID + * parse.yacc: + hacks to expand command aliases for `sudo -l' + [e4eb752608f9] -1995-06-06 22:32 millert + * sudo.c: + remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash) + [01327ca5084b] - * compat.h: added deif of UID_NO_CHANGE & GID_NO_CHANGE added - setreuid emulation with setresuid if applic + * sudo.h: + added struct command_alias + [dd2f32764082] -1995-06-06 22:31 millert + * sudo.pod: + fixed a bug + [e708ff08d2eb] - * check.c: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid - chown() hack if no setreuid() or a broken one + * lsearch.c: + in compar() key should be first arg + [fc14c3fa62ee] -1995-06-05 23:44 millert +1996-08-15 Todd C. Miller - * config.h.in: added HAVE_KERBEROS + * BUGS: + fixed some bugs + [639dfe425bd5] -1995-06-05 23:43 millert + * parse.yacc: + can now deal with upcase HOST and USER names + [c6aa7bcfb00d] - * tgetpass.c: added KERBEROS support (long passwords) + * sudo.c: + don't yell too loudly at non-sudoers if they do "sudo -l" + [4ef146128d89] -1995-06-05 23:42 millert + * sudo.pod: + fixed thinko + [830f2f0f22e7] - * check.c, configure.in: added kerberos support + * parse.c: + fix comment + [d20ce9e17ddc] -1995-06-03 19:36 millert +1996-08-09 Todd C. Miller - * sudo.h: added MODE_BACKGROUND + * parse.c, parse.yacc: + added support for new `sudo -l' stuff + [7dceaef3c733] -1995-06-03 19:36 millert + * sudo.c: + now uses list_matches() + [293364821b61] - * sudo.man: escaped dashes added -b option + * sudo.h: + added struct sudo_match + [b2684179d179] -1995-06-03 19:34 millert + * configure.in: + now more -lgnumalloc + [4f8ae42617d8] - * sudo.c: added -b option +1996-08-01 Todd C. Miller -1995-06-03 18:52 millert + * install-sh: + added more paths for chown and whoami + [6e685a19426c] - * check.c: added crypt() for osf/1 3.x enhanced secuiry +1996-07-31 Todd C. Miller -1995-06-03 18:18 millert + * check.c: + typo + [3adfa01c04bc] - * configure.in: now check for -lcrypt +1996-07-30 Todd C. Miller -1995-06-03 18:00 millert + * aclocal.m4: + fixed DUNIX check for shadow pw + [c25324bcd27b] - * interfaces.c: added ENXIO like EADDRNOTAVAIL + * tgetpass.c: + now only turn off echo if it is already on. this fixes a race when + you use sudo in a pipelin + [28388c2de21c] -1995-05-07 23:14 millert + * INSTALL: + updated + [b45ac9366b7e] - * configure.in: now emulate getwd(), not getcwd() + * configure.in: + changed "test -z $foo && do_this" to if; then construct + [2183c4426bca] -1995-05-07 23:13 millert +1996-07-29 Todd C. Miller - * sudo.c: getcwd() -> getwd() + * configure.in: + added missing defines of SHADOW_TYPE + [be89ea68a7f3] -1995-05-07 23:12 millert +1996-07-26 Todd C. Miller - * getwd.c: getcwd -> getwd + * check.c: + protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are + only in dunix 4.x + [1e7c1c677263] -1995-05-02 01:34 millert + * getspwuid.c: + added AUTH_CRYPT_C1CRYPT support + [88d6b0058b20] - * ins_2001.h, ins_classic.h, ins_goons.h: Initial revision + * parse.c: + no longer return VALIDATE_NOT_OK if there was a runas that didn't + match. Now we can have runas stuff on more than one line. + [52b68920d7b7] -1995-05-02 01:34 millert + * getspwuid.c, sudo.c, tgetpass.c: + use SHADOW_TYPE instead of HAVE_C2_SECURITY + [cf401dfcbc06] - * insults.h: broke out insults into separate include files + * configure.in: + got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to + something + [c7a233c4dd93] -1995-05-02 01:32 millert + * config.h.in: + removed HAVE_C2_SECURITY added SPW_BSD + [8314405e9754] - * options.h, OPTIONS: added GOONS + * compat.h: + use SHADOW_TYPE instead of HAVE_C2_SECURITY + [6f94870df17f] -1995-05-02 01:32 millert + * check.c: + SHADOW_TYPE is always defined so just against its value + [72c69a55d02f] - * Makefile.in: added ins_2001.h ins_classic.h ins_goons.h + * aclocal.m4: + added SUDO_CHECK_SHADOW_DUNIX + [ef025ae9d496] -1995-05-01 23:34 millert +1996-07-25 Todd C. Miller - * Makefile.in, version.h: ++version + * sudoers.pod: + * -> ?* in one example added another instance of (runas) and one of + NOPASSWD: + [d74fe1dcbe7d] -1995-05-01 23:34 millert +1996-07-24 Todd C. Miller - * visudo.c: moved signal handler setup to setup_signals() + * configure.in: + added back check for config.cache from other host type + [0ba87871f585] -1995-05-01 23:33 millert + * parse.lex: + removed an instance of \" + [1e008d3709f6] - * sudo.h: added load_interfaces() + * sample.sudoers: + added an example + [dbfcf68ee330] -1995-05-01 23:33 millert + * sudoers.pod: + updated wrt new wildcard matching + [193fa44a475b] - * sudo.c: moved load_interfaces to interfaces.c + * configure.in: + new check for shadow passwords if we don't know anything + [67465df7dc9a] -1995-05-01 23:33 millert + * aclocal.m4: + new SUDO_CHECK_SHADOW_GENERIC + [3563b16a41b8] - * parse.yacc: added clearaliases + * configure.in: + added back check for -lsocket (oops) + [a80882ee1cb6] -1995-05-01 23:33 millert + * configure.in: + better (working) check for shadow passwd type if we know to use C2. + [3cdd2a59a641] - * OPTIONS, options.h: added FAST_MATCH + * configure.in: + now uses AC_CANONICAL_HOST to figure out os type + [80db7fe6e704] -1995-05-01 23:32 millert + * Makefile.in: + added config.{guess,sub} + [c6be7e3ca384] - * parse.lex: now uses clearaliases variable + * aclocal.m4: + removed unused stuff to figure out os type + [c9a0f3b57123] -1995-05-01 23:31 millert + * config.sub: + added openbsd + [bfc6bfec3668] - * interfaces.c: Initial revision + * config.sub: + Initial revision + [e6e06ce0d17d] -1995-05-01 23:31 millert + * config.guess: + Initial revision + [99dd06f79199] - * Makefile.in: added interfaces.[co] + * testsudoers.c: + don't call fnmatch() with FNM_PATHNAME flag unless it can only be a + pathname. need to check against sudoers_args even if user_args is + nil + [66e6cf77f5d6] -1995-05-01 23:30 millert + * parse.c: + don't call fnmatch() with FNM_PATHNAME flag unless it can only be a + pathname need to check against sudoers_args even if user_args is nil + [74374df17311] - * testsudoers.c: now uses ip addrs and netmasks via - load_interfaces() +1996-07-23 Todd C. Miller -1995-05-01 22:47 millert + * check.c: + added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2 + [cbb00261c415] - * sudo.c: now remove IFS instead of setting to "sane" value + * testsudoers.c: + now takes command line args and uses cmnd_args + [f0c2fd35a527] -1995-05-01 16:30 millert + * parse.lex: + fill_args was adding an extra leading space + [692fc999b2e8] - * parse.c: added FAST_MATCH +1996-07-22 Todd C. Miller -1995-04-29 20:19 millert + * visudo.c: + fixed dummy command_matches() + [93d9543db6e2] - * Makefile.in: sudo_goodpath.c-> goodpath.c + * parse.yacc: + fixed prototype + [7b0addfbd429] -1995-04-29 20:15 millert + * sudo.h: + added cmnd_args + [8f47c4ae65ef] - * sudo.c: added Andy's new ISC changes + * parse.yacc: + now uses flat args string + [016e65877da3] -1995-04-14 14:06 millert + * parse.c, parse.lex: + now uses flat arg string + [5b5f2e3f4c09] - * OPTIONS: added a sentence to SECURE_PATH info + * visudo.c: + added cmnd_args def + [876867134775] -1995-04-14 13:57 millert + * sudo.c: + now sets cmnd_args global + [e6fee70cb59b] - * BUGS: added one + * logging.c: + cmnd_args is now exported from sudo.[ch] + [7a9cd36e356f] -1995-04-14 13:54 millert +1996-07-21 Todd C. Miller - * RUNSON, CHANGES: updated + * parse.yacc: + can't rely on cmnd_matches as much as I thought -- added some $$ + stuff back in to prevent namespace pollution problems. + [3c45fedb5af3] -1995-04-13 17:04 millert + * parse.yacc: + Simplified parse rules wrt runas and NOPASSWD (more consistent). + [e6d838c8a4c7] - * RUNSON: updated for beta3 +1996-07-20 Todd C. Miller -1995-04-13 14:32 millert + * parse.lex: + NOPASSWD may now have blanks before the ':' '(' only starts a + 'runas' if in the initial state to avoid collision with command args + [c5c01172f499] - * Makefile.in, version.h: ++version + * configure.in: + added checks for specific shadow passwd schemes + [b7e3d1f7b84f] -1995-04-13 13:56 millert + * aclocal.m4: + added routines to check for specific shadow passwd types + [e5e1d19960a6] - * aclocal.m4: sendmail is now looked for in /usr/ucblib +1996-07-18 Todd C. Miller -1995-04-13 13:54 millert + * configure.in: + added support for ncr boxen + [bea9dc5aae7f] - * sudo.c: fixed indentation + * aclocal.m4: + added support for detecting ncr boxen + [8653a158a924] -1995-04-13 13:35 millert +1996-07-16 Todd C. Miller - * aclocal.m4: fixed a typo + * configure.in: + added sinix support + [5de2b2173ee1] -1995-04-13 13:19 millert +1996-07-14 Todd C. Miller - * sudo.c: updated ISC mods + * TROUBLESHOOTING: + added info about "config.cache from other other" error. + [845b10198e0b] -1995-04-13 13:19 millert + * aclocal.m4: + now makes sure you don't have a config.cache file from another OS + [4fe32571c021] - * configure.in: added unixware case + * configure.in: + now sets $LIBS when needed to configure links with libs when doing + tests hpux10 now uses SPW_SECUREWARE for C2 added check for + bigcrypt(3) if SPW_SECUREWARE + [2df6b8ca538f] -1995-04-13 13:19 millert + * getspwuid.c: + fixed typo + [fe1cb1d792d6] - * check.c: user_is_exempt is no longer hidden + * tgetpass.c: + now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH + [f71138372c07] -1995-04-13 13:19 millert + * getspwuid.c: + no more SPW_HPUX10 + [cfdeb18bc16b] - * RUNSON: updated + * config.h.in: + no more SPW_HPUX10 added HAVE_BIGCRYPT + [00d296479a61] -1995-04-13 13:19 millert + * compat.h: + now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE + [6c6d9e680417] - * aclocal.m4: isc and riscos changes + * check.c: + SPW_SECUREWARE now uses bigcrypt + [be71fc66690f] -1995-04-13 13:18 millert +1996-07-13 Todd C. Miller - * OPTIONS: added NOTE about new interaction of EXEMPTGROUP and - SECURE_PATH + * sample.sudoers: + fixed 2 syntax errors + [45eee19ef4ac] -1995-04-13 13:18 millert + * sudoers: + root may now run ALL as ALL + [1b54c6b9b212] - * Makefile.in: fixed a typo and added testsudoers stuff +1996-07-12 Todd C. Miller -1995-04-13 12:34 millert + * interfaces.c: + fixed a typo/thinko that broke BSD's with sa_len + [603438360126] - * testsudoers.c: Initial revision +1996-07-08 Todd C. Miller -1995-04-12 19:31 millert + * check.c, configure.in: + updated AFS support + [e572eb8d177a] - * parse.yacc: applied fixed patch from Chris + * TROUBLESHOOTING: + added entry about /usr/ucb/cc + [025b353aa9d3] -1995-04-11 14:30 millert + * INSTALL: + prep no longer holds gcc binaries + [8b0942958049] - * Makefile.in: fixed a typo + * INSTALL: + updated AFS note + [7af6efd5abe4] -1995-04-11 14:14 millert + * Makefile.in: + added @AFS_LIBS@ + [97b6fe6ad7d6] - * parse.yacc: added a set of braces for bison + * compat.h: + AFS allows long passwords + [5fb17122c302] -1995-04-11 14:01 millert + * testsudoers.c: + fixed -u user support + [b1a0c1648639] - * parse.yacc: merged in Chris' changes to dekludge the parser. + * parse.c: + sudo -v now groks VALIDATE_OK_NOPASS + [74fc03fffe7e] -1995-04-11 00:38 millert + * parse.yacc: + fixed no_passwd vs. runas_matched + [549a9b791a6a] - * logging.c: send_mail() was calling find_path() which is wrong - since find_path() stores cmnd in a static var. Anyhow, it - doesn't make much sense since MAILER should always be fully - qualified + * TROUBLESHOOTING: + took out stuff about NFS-mounting since it is no longer an issue + [d95ab7fbbc61] -1995-04-10 19:51 millert + * INSTALL: + added --with-libraries > --with-libpath --with-incpath + [d5d15a7a0f4c] - * sample.sudoers: added User_Alias stuff + * parse.yacc: + was setting runas_matches to -1 in wrong place + [db2b1deb8d33] -1995-04-10 19:50 millert + * check.c: + removed usersec.h which is not present in new AFS versions + [618b016dd17f] - * aclocal.m4: SUDO_NEXT now looks for - /usr/lib/NextStep/software_version + * tgetpass.c: + now deals with timeout <= 0 + [ba53a1257255] -1995-04-10 19:50 millert + * OPTIONS: + updated + [75093bd8fdca] - * RUNSON: added DEC UNIX 3.0 w/ gcc + * configure.in: + BSD/OS >= 2.0 now uses shlicc instead of just gcc + [ff6dbf7825c2] -1995-04-10 19:49 millert + * sudo.c: + fixed backwards compatibility with sudo 1.4 sudoers mode for root + readable/writable filesystems + [2694ed627221] - * visudo.c: Exit was being used in places where exit should be used + * Makefile.in: + now gives INSTALL -c flag + [63db055a2fd1] -1995-04-10 19:44 millert + * parse.yacc: + slightly simpler initialization of no_passwd and runas_matches + [463a1b5fa323] - * sudoers: added "User alias specification" + * testsudoers.c: + added -u username support + [38b072fcd6b3] -1995-04-10 18:04 millert + * configure.in: + improved --with-libraries support + [047dbc5f0af2] - * parse.yacc: fixed probs caused by making nslots and naliases a - size_t +1996-07-07 Todd C. Miller -1995-04-10 15:09 millert + * configure.in: + added --with-incpath, --with-libpath, --with-libraries + [20f20d6c718c] - * RUNSON: added KSR, upped rev to 1.3.1b2 + * parse.yacc: + now initializes some fields that weren't getting set to -1 pretty + gross -- need a rewrite. + [021c160390c6] -1995-04-10 15:07 millert +1996-06-26 Todd C. Miller - * logging.c, parse.yacc: 1024 -> BUFSIZ + * alloca.c: + removed emacs'isms + [9d4ec2efe057] -1995-04-10 15:05 millert + * configure.in: + no longer add -lPW to *_LIBS since we include alloca.c + [a626d1bbea80] - * parse.yacc: void * -> VOID * naliases and nslots are now size_t - to appease lsearch on 64-bit machines + * config.h.in: + added HAVE_ALLOCA_H + [15491e2a6cff] -1995-04-09 19:30 millert + * Makefile.in: + added alloca.c + [0400f25e1fe4] - * TODO: did a bunch of things and added a bunch :-) + * alloca.c: + Initial revision + [06d033aa4882] -1995-04-09 19:30 millert + * configure.in: + ++version + [f52c0fb98f90] - * PORTING: updated +1996-06-25 Todd C. Miller -1995-04-09 19:24 millert + * sudo.c: + now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is + not always set to a valid uid. + [c2669f77704d] - * visudo.man: closer to BSD manpage style + * OPTIONS: + fixed entry for SUDO_MODE + [d7272f6035b8] -1995-04-09 19:15 millert + * sudo.c: + Fixed NFS-mounted sudoers file under solaris both uid *and* gid were + being set to -2. Now beat NFS to the punch and set uid to "nobody" + ourselves, preserving group 0 to read sudoers. + [b1fbc5dd1e34] - * sudo.man: closer to standard BSD man format + * parse.c: + moved set_perms(PERM_ROOT) to be before yyparse() + [7619d8080735] -1995-04-09 18:58 millert + * logging.c: + fixed a typo + [318acc48cde0] - * compat.h, config.h.in, insults.h, options.h, pathnames.h.in, - sudo.h, version.h, emul/search.h: added RCS id + * configure.in: + no longer need AC_PROG_INSTALL + [de01b1336dc8] -1995-04-09 17:35 millert + * Makefile.in: + always use install-sh to avoid install(1)'s that use get{pw,gr}nam + [ea2351986406] - * sudo.h: removed crufty #defines that are no longer used + * INSTALL: + make clean -> make distclean + [704a98e8ba10] -1995-04-09 17:13 millert +1996-06-20 Todd C. Miller - * BUGS: fixed a bug + * parse.yacc: + removed some unnecsary if's + [f00db6508132] -1995-04-09 17:12 millert + * Makefile.in, version.h: + ++version + [bdb6740b24c8] - * sudo.man: updated based on sudo changes + * parse.c, testsudoers.c: + now includes netgroup.h + [93f5a06352bc] -1995-04-09 17:11 millert + * interfaces.c: + removed cats of ioctl to int since they didn't shut up -Wall + [83e9f912cd7a] - * parse.yacc: now allow ALL keyword in User_Aliases now allow ALL - keyword as well as a NAME or ALIAS + * interfaces.c: + explicately cast ioctl() to int since it it not always declared + [2ff9294e469e] -1995-04-09 17:11 millert + * sudo.h: + added declarations for yyparse() and yylex() + [6071321ab771] - * CHANGES: updated + * parse.yacc: + fixed an occurence of '==' -> '=' + [2c46d2e11d57] -1995-04-09 17:04 millert + * config.h.in, configure.in: + added check for netgroup.h + [73403050f4e3] - * sudo.c: now sets SUDO_COMMAND and SUDO_GID envariables. + * sudo.c: + fixed 2 compiler warnings + [680929b0bd97] -1995-04-09 15:24 millert + * sudo.c: + SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being + initialized + [18707ecd07c2] - * aclocal.m4: fixed bug with full void impl check +1996-06-19 Todd C. Miller -1995-04-08 23:11 millert + * sudo.pod: + fixed a typo + [e4b5c12aa130] - * parse.yacc: fixed User_Alias supoprt +1996-06-17 Todd C. Miller -1995-04-08 22:27 millert + * parse.yacc: + fixed a formatting thingie + [c79327b6f19b] - * parse.yacc: added stubs for User_Alias support + * parse.c, parse.yacc: + fixed -u support with multiple user lists on a line + [e4d1066adca2] -1995-04-08 22:27 millert + * configure.in: + unixware needs -lgen + [b5bf9bca63cc] - * sudo.c: now sets removes # bogus interfaces from num_interfaces + * README: + updated ftp location + [b25a033f7921] -1995-04-08 22:26 millert + * sudoers.pod: + add net_addr/netmask support + [674e83516d1e] - * parse.lex: added User_Alias support + * sample.sudoers: + added net_addr/mask example + [774878e89b28] -1995-04-07 21:10 millert + * parse.c, parse.lex: + added support for net_addr/netmask + [e33de27325d8] - * Makefile.in: removed extraneous TODO +1996-06-16 Todd C. Miller -1995-04-07 19:48 millert + * sudoers.pod: + ^ -> ! + [1a084950d6ef] - * visudo.c: ntwk_matches -> addr_matches +1996-06-15 Todd C. Miller -1995-04-07 15:38 millert + * RUNSON: + updated for 1.4.3 + [c82019025d09] - * parse.yacc: ntwk_matches -> addr_matches + * CHANGES: + udpated for 1.4.3 + [ceaa81adb8f0] -1995-04-07 15:37 millert + * BUGS, TODO, TROUBLESHOOTING: + updated + [ff94fae4b853] - * parse.c: ntwk_matches -> addr_matches now use inet_addr() not - inet_network() (which expects octet boundaries) fixes for OSF - (sizeof(int) != sizeof(long)) + * sample.sudoers: + updated with examples of new stuff + [99d0b4cb4c9c] -1995-04-07 15:08 millert + * INSTALL, README: + ++version + [b763b80fe836] - * sudo.c: took out debugging info + * sudoers.pod: + updated wrt -u and NOPASSWD + [0b5b722ea0f4] -1995-04-06 23:45 millert + * sudo.pod: + updated wrt -u and CAVEATS + [71d5d53b5d18] - * aclocal.m4: OS was being set to unknown before non-uname based - host checks. This caused no checks to happen since $OS was not - zero-length. +1996-06-09 Todd C. Miller -1995-04-06 23:30 millert + * sudo.c: + fixed usage() + [114c7d09b550] - * sudo.c: fixed loading of interfaces struct still has debugging - info in though + * parse.lex: + now use :foo: character classes (makes no diff for generated lexer) + [7b0aeb737a02] -1995-04-06 22:23 millert +1996-06-07 Todd C. Miller - * parse.c: fixed typo + * check.c: + fixed LONG_SKEY_PROMPT stuff + [0efe78b4bdda] -1995-04-06 16:17 millert +1996-06-06 Todd C. Miller - * Makefile.in: ++version + * visudo.c: + fixed a comment + [3d289017104b] -1995-04-06 16:16 millert + * lsearch.c: + make more like NetBSD one -- now compiles w/o warnings + [932206296a54] - * version.h: ++ + * emul/search.h: + fixed decls of lsearch() + [c58cf4584c45] -1995-04-06 16:16 millert + * config.h.in, configure.in, getspwuid.c: + added SPW_HPUX10 + [d74e5eaa5f17] - * visudo.c: removed extraneous extern decl of "top + * check.c: + hpux 10 uses bigcrypt() if C2 + [359eb63f4021] -1995-04-06 16:14 millert +1996-06-04 Todd C. Miller - * visudo.c: now zeros "top" + * parse.c: + now always uses fnmatch to match args + [a9d91f35256a] -1995-04-06 16:13 millert + * tgetpass.c: + back to using stdio instead of raw i/o since that caused some + problems + [e7ce2bc92974] - * parse.yacc: removed parser_cleanup (no need for it now) +1996-05-29 Todd C. Miller -1995-04-06 16:13 millert + * sudo.c: + now give usage warning if use -l,-v,-k with args + [6b48180c4fea] - * parse.lex: now calls reset_aliases() directly +1996-05-28 Todd C. Miller -1995-04-04 18:21 millert + * sudo.c: + NewArgc is now set to 1 for -l, -v, -k + [7497cb1416a8] - * OPTIONS: added a sentence to SECURE_PATH description + * sudo.c: + now sets sudoers to correct group if mode is 0400 + [484c43d99718] -1995-04-04 18:17 millert + * install-sh: + updated to version used by inn and bind + [28683ad8725a] - * parse.c: fixed my stupid bug where I used NAMLEN on something I - wanted to just get the name from. argh. + * configure.in: + now uses -lgnumalloc if it exists + [3651ca4415a2] -1995-04-03 16:58 millert + * Makefile.in: + "make install" now sets uid/gid and mode on sudoers if it exists + [1f5216191ae9] - * lsearch.c: fixed argument order of memmove() that i hosed when - converting from bcopy(). arghh. + * sudo.c: + rmeoved debugging statements + [aeda278e2c26] -1995-04-03 15:33 millert + * parse.yacc: + added a missing free() + [592c9482a159] - * Makefile.in: finally fixed DISTFILES line + * sudo.c: + now uses user_gid instead of getegid (which was wrong anyway) to set + SUDO_GID Now sets command line args in SUDO_COMMAND envariabled + (logging.c depends on args being in the environment) + [9f5328a3b942] -1995-04-03 15:21 millert + * logging.c: + now uses SUDO_COMMAND envariable to get command args rather than + building it up again. + [7f8edc5bccb7] - * Makefile.in: tabs -> spaces + * parse.c: + now uses user_gid + [4b9303ae45fe] -1995-04-03 15:15 millert + * sudo.c: + fixed off by one error in allocation NewArgv + [921ea1a4e7c6] - * Makefile.in: added missing files to DISTFILES + * parse.c: + in sudoers, 'command ""' now means command with no args + [a5273648ace2] -1995-04-03 14:50 millert + * configure.in: + added check for fnmatch(3) and fnmatch.h + [258916a7866f] - * Makefile.in: SUPPORTED -> RUNSON + * config.h.in: + added HAVE_FNMATCH + [b9860d361e93] -1995-04-01 03:12 millert + * Makefile.in: + replaced wildcat.* with fnmatch.* + [03ad9ee21a1c] - * TODO: updated + * testsudoers.c: + now uses fnmatch() + [5a7f7de987a9] -1995-04-01 01:54 millert +1996-05-27 Todd C. Miller - * RUNSON: updated for pl5b1 release + * parse.c: + now uses fnmatch() instead of wildmat a trailing star (*) by itself + now matches multiple args added support for wildcards in the + pathname in sudoers + [1f7fb950b868] -1995-04-01 01:53 millert +1996-05-25 Todd C. Miller - * BUGS, TODO: updated + * fnmatch.c: + now includes compat.h and config.h + [090206b95cf8] -1995-04-01 01:52 millert + * config.h.in: + added HAVE_FNMATCH_H + [90eb42150173] + + * configure.in: + now checks for alloca() (if needed by bison or dce) and links with + -lPW if it contains alloca() and libv and compiler do not. + [cfa2b3cef49a] + + * emul/fnmatch.h, fnmatch.3, fnmatch.c: + Initial revision + [20b1f762a32a] - * check.c: fixed bug where if you hit return at first sudo prompt - it would still log as a failure +1996-04-29 Todd C. Miller + + * sudo.c: + now fixes mode on sudoers if set to 0400 to aid in upgrade + [d4bdfd521820] -1995-04-01 01:29 millert +1996-04-28 Todd C. Miller + + * Makefile.in: + fixed pod2man usage + [5adf2ec77b27] + + * Makefile.in, configure.in, version.h: + ++version + [b4029de876d0] - * CHANGES: updated + * testsudoers.c, visudo.c: + runas_user is now initialized to "root" + [8537d97bff39] -1995-04-01 01:25 millert + * sudo.h: + removed PERM_FULL_ROOT + [241f8bbf647f] - * aclocal.m4: better test for bogus void * implementation + * sudo.c: + runas_user defaults to "root" so no more need to PERM_RUNAS + [fc0c0dfc72ba] -1995-03-31 20:33 millert + * parse.c: + will now only running commands as root if there was no runas list + (or if root is in the runas list) + [40c587666c81] - * logging.c: added PASSWORDS_NOT_CORRECT + * logging.c: + now logs "USER=%s" + [b733504c87fd] -1995-03-31 20:32 millert + * parse.yacc: + runas_matches is now set to false if we get a negative match + [5495b150b300] - * check.c: added PASSWORDS_NOT_CORRECT stuff] + * parse.lex: + make #uid work + some minor cleanup + [07851bbce03a] -1995-03-31 20:30 millert + * sample.sudoers: + added support for NOPASSWD and "runas" from garp@opustel.com / + [7a9c67b51fa5] - * sudo.h: added PASSWORDS_NOT_CORRECT + * visudo.c: + added support for "runas" from garp@opustel.com replaced + SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for + SUDOERS_MODE + [e714209b9885] -1995-03-31 19:16 millert + * testsudoers.c: + added support for "runas" from garp@opustel.com + [b837f856da10] - * tgetpass.c: moved pathnames.h + * sudo.h: + added support for NO_PASSWD and runas from garp@opustel.com replaced + SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support + fro SUDOERS_MODE + [cea6f26679b7] -1995-03-31 19:16 millert + * sudo.c: + added support for NO_PASSWD and runas from garp@opustel.com replaced + SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro + SUDOERS_MODE + [61b5434237c5] - * sudo.c: removed some unused vars and fixed up uid2str + * parse.yacc: + added support for NO_PASSWD and runas from garp@opustel.com + [72ebd3056f22] -1995-03-31 19:15 millert + * parse.c, parse.lex: + added support for NO_PASSWD and runas from garp@opustel.com + [fef6dbdd114d] - * putenv.c: moved compat.h + * logging.c: + added support for SUDOERS_WRONG_MODE and "runas" + [e794efc2b443] -1995-03-31 19:14 millert + * configure.in: + added --with-CC only link with -lshadow on linux (with shadow pw) if + libc lacks getspnam() + [3ecf4ae21002] - * getcwd.c, getwd.c: added pathnames.h + * OPTIONS, options.h: + removed NO_PASSWD since it is not possible to do this in the sudoers + file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and + SUDOERS_GID. Added SUDOERS_MODE. + [2eaa4891ef48] -1995-03-31 18:18 millert + * Makefile.in: + now uses SUDOERS_UID and SUDOERS_GID + [8d615f0fdb2a] - * parse.yacc: fixed a typo I introduced in the last checkin :-( +1996-04-27 Todd C. Miller -1995-03-31 18:11 millert + * INSTALL: + added --with-CC + [a1b8286a81b8] - * parse.lex: can't have #ifdef's where N is defined so just do this - the broken way for AIX +1996-04-06 Todd C. Miller -1995-03-31 18:08 millert + * parse.lex: + added double quote support + [a5e4fc7e3a2b] - * parse.yacc: better hack from Chris (but still a hack) + * sudoers.pod: + documented double quoting + [c6ea47969a44] -1995-03-31 18:05 millert +1996-04-05 Todd C. Miller - * parse.lex: stupid hack for broken aix lex + * mkinstalldirs: + Initial revision + [dcb86d65ad8f] -1995-03-31 17:47 millert + * check.c: + fixed some indentation + [4d1c5ab8072b] - * tgetpass.c: now includes compat.h  + * Makefile.in: + fixed a typo + [0d27eebc7227] -1995-03-31 17:27 millert + * Makefile.in: + added install-dirs . + [f499b99b8be7] - * visudo.c: now includes fcntl.h +1996-04-04 Todd C. Miller -1995-03-31 17:27 millert + * dce_pwent.c: + new version from "Jeff A. Earickson" + [422481be5fbd] - * compat.h: added FD_SET and FD_ZERO for 4.2BSD +1996-04-03 Todd C. Miller -1995-03-31 16:12 millert + * configure.in: + $CSOPS -> $with_csops (whoops, missed one) + [b04c6948130e] - * parse.yacc: dirty hack to fix parser bug. i don't really like - this but it works for now... + * BUGS: + updated + [c4d5713e227d] -1995-03-31 16:12 millert + * parse.lex: + FQHOST now has same constraints as non-FQHOST + [e1c3bf2381d1] - * sudo.c: uid2str is now static like the prototype says + * INSTALL: + added note about OS's w/ shadow passwords turned on by default + [166257f43be4] -1995-03-29 23:48 millert +1996-04-02 Todd C. Miller - * RUNSON: Initial revision + * configure.in: + fixed a typo + [e5c3e2e9a359] -1995-03-29 23:47 millert + * configure.in: + added support for --without-THING sanitized shadow pw situtation by + adding support for + --without-C2 + [65dc6bf64cce] - * TODO, CHANGES, SUPPORTED, TROUBLESHOOTING: updated + * tgetpass.c: + fixed a typo wrt placement of an end paren + [a8780f818231] -1995-03-29 23:46 millert + * check.c: + was closing an fd that may not have been opened + [760271c7bdc9] - * sudo.c: check_sudoers now returns an error code and sudo calls - inform_user and log_error based on the return value. +1996-03-22 Todd C. Miller -1995-03-29 23:45 millert + * OPTIONS, options.h, sudo.c: + added NO_PASSWD + [28ff1dc93d7a] - * logging.c, sudo.h: added entries for new errors +1996-03-20 Todd C. Miller -1995-03-29 23:03 millert + * configure.in: + now always use shadow pw on some arches + [069161ccffda] - * parse.c: now set uid to that of SUDOERS_OWNER while parsing - sudoers file +1996-03-19 Todd C. Miller -1995-03-29 22:52 millert + * configure.in: + added pyramid support + [a0eb57a3a531] - * Makefile.in: took out testsudoers  + * configure.in: + no longer check for C2 if alternate passwd method is used no longer + check for some libs twice + [2d0c3c902b40] -1995-03-29 22:36 millert + * parse.yacc: + moved fqdn stuff into parse.lex (FQHOST) + [d9c9abd481d8] - * sudo.c: now explicately checks that it is setuid root + * parse.lex: + added FQHOST rules + [4a1695acff6d] -1995-03-29 22:28 millert + * tgetpass.c: + now define TCSASOFT in necesary + [3fac2e21c9ab] - * sudo.c: If a user has no passwd entry sudo would segv (writing to - a garbage pointer). Now allocate space before writing :-) + * tgetpass.c: + now uses read/write instead of stdio string goop to avoid problems + with select(2) + [67fd174e518c] -1995-03-29 22:06 millert + * OPTIONS, find_path.c, options.h: + -DNO_DOT_PATH -> -DIGNORE_DOT_PATH + [d05ba5100d28] - * configure.in: reordered AC_CHECK_FUNCS +1996-03-17 Todd C. Miller -1995-03-29 22:06 millert + * INSTALL: + added note about no shadow auto-detect if using alternate auth + schemes + [b425592232a3] - * config.h.in: fixed memset macro + * configure.in: + don't check for C2 if AFS or DCE (unless they said --with-C2) + [61342962171a] -1995-03-29 21:47 millert + * testsudoers.c: + now groks shost + [85dda17303f6] - * logging.c: bzero -> memset when a parse error is logged the line - number of the error is now logged too + * OPTIONS, find_path.c, options.h: + added NO_DOT_PATH + [c261ca1fb196] -1995-03-29 21:46 millert +1996-03-16 Todd C. Miller - * tgetpass.c, visudo.c: bzero -> memset + * find_path.c: + checkdot now works correctly + [3bc4835bb3e9] -1995-03-29 21:46 millert +1996-03-12 Todd C. Miller - * INSTALL: added Sunos to blurb about c2 security + * configure.in: + can't have DCE and C2 passwords both... + [fb9a8ab7ca66] -1995-03-29 21:45 millert +1996-03-11 Todd C. Miller - * configure.in: added a SUN4 define for C2 security + * parse.yacc, sudo.c, sudo.h, visudo.c: + now uses shost even if not FQDN + [87f7498b3a1f] -1995-03-29 21:44 millert + * configure.in: + now looks for skey in /usr/lib and doesn't require libskey to be in + /usr/local/lib just because skey.h is (for my netbsd box :-) + [ceb1763e37d2] - * config.h.in: bcopy -> memmove bzero -> memset + * aclocal.m4, config.h.in, pathnames.h.in: + _SUDO_PATH_ -> _CONFIG_PATH_ + [84d97ad13d75] -1995-03-29 21:43 millert + * aclocal.m4, sudo.pod: + /var/run/.odus -> /var/run/sudo + [922da220b8f5] - * lsearch.c: bcopy -> memmove char * -> VOID * + * pathnames.h.in: + now uses _SUDO_PATH_TIMEDIR + [5ecab0155fdf] -1995-03-29 21:30 millert + * OPTIONS: + udpated FQDN + [361b6f7440c0] - * check.c: added support for sunos with C2 security + * aclocal.m4, configure.in: + added SUDO_TIMEDIR + [368c95c8c950] -1995-03-29 21:12 millert + * config.h.in: + added _SUDO_PATH_TIMEDIR + [3879864d808c] - * OPTIONS, options.h: reordered + * sudo.pod: + updated wrt /var/run/sudo + [9e14f2a429d3] -1995-03-29 21:12 millert + * sudo.c, sudo.h: + added support for shost if FQDN + [51a3f51a09a1] - * pathnames.h.in: _PATH_SUDO_LOGFILE now set based on configure + * parse.yacc, visudo.c: + now uses shost if FQDN + [d19da2e92b42] -1995-03-29 21:12 millert + * check.c: + Now use skeylookup() instead off skeychallenge() + [4c7438bb2ae0] - * configure.in: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T +1996-02-28 Todd C. Miller -1995-03-29 21:12 millert + * logging.c: + mail_argv should not contain ALERTMAIL as it includes "-t" + [67ffaaa8f843] - * config.h.in: added _SUDO_PATH_LOGFILE +1996-02-22 Todd C. Miller -1995-03-29 21:11 millert + * INSTALL, Makefile.in, README, configure.in, version.h: + ++version + [e08fd4a809fc] - * aclocal.m4: added SUDO_LOGFILE to find where to put sudo.log - added SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h - too) added SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE) + * compat.h: + added more _PASSWD_LEN stuff -- now uses PASS_MAX too + [2f20c3153689] -1995-03-29 18:17 millert + * tgetpass.c: + now includes limits.h moved _PASSWD_LEN -> compat.h + [b1ca3cafdacc] - * TROUBLESHOOTING: Initial revision +1996-02-06 Todd C. Miller -1995-03-29 17:59 millert + * INSTALL, README: + ++version + [3eacf32803f5] - * sudo.c: now do set_perms(PERM_ROOT) before the getpwuid() in - load_global() to work around a problem is trusted hpux shadow - passwords. yuck. + * Makefile.in: + ++versoin + [3b91c317630a] -1995-03-29 17:41 millert + * Makefile.in: + fixed a typo + [3661ac4a7803] - * parse.yacc: backed out a change in malloc/realloc + * configure.in: + ++version + [60e842973745] -1995-03-29 17:38 millert +1996-02-05 Todd C. Miller - * parse.yacc: now include stdlib.h + * RUNSON: + updated + [def2c3c24195] -1995-03-29 17:22 millert + * CHANGES: + done for 1.4.1 (I hope) + [2ab543769a40] - * visudo.c: now do an freopen() of the stmp file so that yyin will - always point to the same thing. This is important for flex since - we are doing a YY_NEWFILE + * sudoers.pod: + added info on wildcards + [ce3bd41bc063] -1995-03-29 17:20 millert + * sample.sudoers: + added wildcard example + [762feb0577bd] - * parse.yacc: replaced yywrap() with parser_cleanup() since - yywrap() needs to be in parse.lex to be able to use YY_NEW_FILE. - sigh. + * Makefile.in: + now uses *.pod to build *.man and *.cat & *.html + [3ec14962028b] -1995-03-29 17:18 millert + * configure.in: + addedSUDO_PROG_BSHELL !ll + [3c80b320bf16] - * parse.lex: now have a rule that matches anything that doesn't - match an explicite rule. well, you know what i mean (. matches - anything not yet matched). However, this means that there is - input still queued up so we need to do a YY_NEW_FILE; in yywrap. - So, yywrap has moved into parse.lex and it calls parser_cleanup() - which is most of the old yywrap() sigh. + * visudo.pod: + fixed up some formatting + [12166c434526] -1995-03-29 17:17 millert + * sudoers.pod: + redid section describing sample sudoers stuff + [b8065cceec71] - * SUPPORTED: no longer used + * sudo.pod: + fixed some formatting + [aa9a681add0f] -1995-03-29 16:13 millert + * getspwuid.c: + now treats "" as bourne shell + [30194a72ad56] - * getcwd.c, getwd.c: moved compat.h to be the last include file + * Makefile.in: + TESTOBJS nwo includes wildmat.o + [86cc6500f84d] -1995-03-29 16:11 millert + * testsudoers.c: + now works with NewArg[cv] + [2f72674ce942] - * parse.yacc: fixed type of aliascmp() args + * sudo.c: + removed an XXX (fixed it in getspwuid.c) + [e791ee0d1a68] -1995-03-29 15:58 millert + * aclocal.m4: + added check for bourne shell + [a2fd51676b8a] - * find_path.c: NULL -> '\0' + * pathnames.h.in: + added _PATH_BSHELL + [e7c10011d47b] -1995-03-29 15:42 millert + * config.h.in: + added _SUDO_PATH_BSHELL + [6a1182898de9] - * parse.yacc: added casts to lfind and lsearch args for irix +1996-02-04 Todd C. Miller -1995-03-29 08:20 millert + * visudo.c: + unixware vi returns 256 instead of 0 + [234ffc7c6786] - * Makefile.in: bsdinstall -> install-sh + * INSTALL: + added Linux note + [5f85efcd2b58] -1995-03-29 08:20 millert + * logging.c: + fixed up some XXX's. file log format now looks a little more like + real syslog(3) format. + [6df55707bfc3] - * INSTALL: added info about make realclean + * README, TROUBLESHOOTING: + updated wrt lex/flex + [eb787d69156b] -1995-03-29 08:17 millert + * Makefile.in: + commented out rule to build lex.yy.c from parse.lex since we ship + with a pre-flex'd parser + [7507e2ce4a95] - * Makefile.in: updated VERSION added dependencies for visudo.cat + * parse.c, parse.yacc, visudo.c: + path_matches -> command_matches + [0bd469424f86] -1995-03-29 08:17 millert + * logging.c: + eliminated some strcat()'s + [9878a79bc374] - * version.h: -> pl5b1 + * configure.in: + no longer checks for lex/flex (now assumes flex) + [a086ccc73798] -1995-03-29 08:16 millert + * configure.in: + now checks for $kerb_dir_candidate/krb.h instead of just + kerb_dir_candidate + [9133bc3c5208] - * sudo.c: took out -l +1996-02-03 Todd C. Miller -1995-03-29 00:03 millert + * parse.yacc: + now use a 'hook' expression instead of an iffy one :-) + [9560df01b8c0] - * Makefile.in: now there is a real visudo.man and visudo.cat +1996-02-02 Todd C. Miller -1995-03-28 23:54 millert + * visudo.c: + now works with new sudo arg stuff + [310a0d43ddad] - * sudo.man: took out visudo stuff + * parse.yacc: + fixed dereferencing deadbeef + [474ef8a8006b] -1995-03-28 23:54 millert + * sudo.c: + changed an occurrence of Argv to NewArgv + [205b012b7691] - * visudo.man: Initial revision + * parse.lex: + took out support for quoted commands since there is no need... + [5c5036d353b1] -1995-03-28 23:12 millert + * parse.c: + fixed a typo in a for() loop + [7e8d5283c43b] - * parse.c, parse.lex, parse.yacc: updated copyright + * logging.c: + protected against dereferencing rogue pointers + [56debd517717] -1995-03-28 23:05 millert + * sudo.c: + now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this + also allows us to eliminate some kludges in parse_args() and + eliminate superfluous code. + [5122f66ad150] - * README: updated for pl5 + * logging.c: + no longer uses cmnd_args, now uses NewArgv instead. + [abddd23cf068] -1995-03-28 20:02 millert + * sudo.h: + added struct sudo_command, NewArgc, and NewArgv removed cmnd_args + (no longer used) + [78410984fb05] - * sudo.man: updated Nieusma & Hieb email addresses + * Makefile.in: + added wildmat.c to SRCS & SUDOBJS + [3800efb41794] -1995-03-28 19:57 millert + * parse.yacc: + COMMAND is now a struct containing the path and args + [5c32822c5b94] - * INSTALL: updated to include options.h and OPTIONS + * parse.lex: + replaced append() with fill_cmnd() and fill_args. command args from + a sudoers entry are now stored in an arrary for easy matching. + [a981d7f4eb0d] -1995-03-28 19:35 millert + * parse.c: + command line args from sudoers file are now in an array like ones + passed in from the command line + [1d9e37e84519] - * CHANGES, TODO: updated +1996-02-01 Todd C. Miller -1995-03-28 19:35 millert + * parse.c: + wildwat stuff now works + [49d16488531f] - * BUGS: eliminated bug #1 (yay) +1996-01-29 Todd C. Miller -1995-03-28 19:31 millert + * version.h: + ++version + [53e55463ef89] - * configure.in: sunos no longer gets linked statically + * Makefile.in: + ++version added wildmat.* + [0508297a4711] -1995-03-28 18:58 millert +1996-01-28 Todd C. Miller - * parse.lex: prototype now uses __P() + * parse.lex: + added support for quoted commands (w/ or w/o args) + [b9a637155673] -1995-03-28 18:49 millert +1996-01-22 Todd C. Miller - * parse.lex: make fill() non-ansi + * sudo.pod, visudo.pod: + cleaned up formatting + [4591d4195437] -1995-03-28 15:26 millert + * sudo.pod, visudo.pod: + Initial revision + [7564a8242750] - * parse.c: made -v (validate) work +1996-01-21 Todd C. Miller -1995-03-28 15:26 millert + * sudoers.pod: + looks reasonable, could be mroe readable + [a5be2d19d9e0] - * logging.c: now gives host + * sudoers.pod: + Initial revision + [957888be31a6] -1995-03-28 10:34 millert +1996-01-16 Todd C. Miller - * find_path.c: don't check for execute/statable if fq or relative - path given + * RUNSON: + updated + [633743aa924b] -1995-03-28 01:07 millert + * OPTIONS: + updated NO_ROOT_SUDO entry + [f1c15b1dec9e] - * parse.c: added a cast +1996-01-15 Todd C. Miller -1995-03-28 00:49 millert + * RUNSON: + *** empty log message *** + [5b63de579ff7] [SUDO_1_4_0] - * visudo.c: now include ctype.h for islower and tolower macros + * sudo.c: + fixed SECURE_PATH + [6002889f606d] -1995-03-28 00:48 millert + * RUNSON: + udpa`ted for 1.4 + [6014a8592815] - * goodpath.c: moved _S_IFMT & _S_ISREG to compat.h + * configure.in: + AIX aixcrypt.exp now uses $(srcdir) + [b0d57674fef4] -1995-03-28 00:48 millert + * TROUBLESHOOTING: + added entry for anal ansi compilers + [4193cec1c6b1] - * sudo.c: moved a set of parens +1996-01-14 Todd C. Miller -1995-03-28 00:48 millert + * INSTALL: + added info on libcrypt_i for SCO + [575497d56698] - * strdup.c: now include compat.h + * TODO: + *** empty log message *** + [d0aaf67b9913] -1995-03-28 00:47 millert + * sample.sudoers: + added comments + [a7773f7eda8d] - * parse.yacc: now cast malloc & realloc return vals added search - for HAVE_LSEARCH now use strcmp if no strcasecmp available + * TODO: + 1.4 release + [1dade29e9fd9] -1995-03-28 00:46 millert + * CHANGES: + ++version + [67241be40780] - * lsearch.c, emul/search.h: void * -> VOID * + * INSTALL, OPTIONS, README, config.h.in, configure.in: + ++version + [2e0a37897f68] -1995-03-28 00:45 millert + * BUGS: + ++version and fixed ISC + [78963f01a0e3] - * config.h.in: removed HAVE_FLEX added VOID added HAVE_DIRENT_H, - HAVE_SYS_NDIR_H, HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH + * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, + goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c, + sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, + visudo.c: + ++version + [b6227f29b3d9] -1995-03-28 00:44 millert + * interfaces.c: + added STUB_LOAD_INTERFACES ++version + [d8150a3fd577] - * compat.h: added _S_IFMT, _S_IFREG, and S_ISREG + * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc, + version.h: + ++version + [da9e90e69bdc] -1995-03-28 00:44 millert + * PORTING: + added info about fd_set in tgetpass added info on interfaces.c + [a39902febd17] - * aclocal.m4: took out SUDO_PROG_INSTALL 1.x to 2.x changes added - echo and results to most SUDO_* macros +1996-01-11 Todd C. Miller -1995-03-28 00:43 millert + * dce_pwent.c: + added sudo header + [fc0f2c48682e] - * Makefile.in: no more -I. + * tgetpass.c: + fixed a typo + [43d40b72ee8f] -1995-03-28 00:22 millert + * Makefile.in: + tgetpass.o is now only linked in with sudo (not visudo) + [7407c5ff11f8] - * configure.in: various 1.x ro 2.x autoconf changes now check for - strcasecmp now use AC_INSTALL_PROG instead of custom one added - check for fully woorking void implementation +1996-01-09 Todd C. Miller -1995-03-28 00:02 millert + * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, + configure.in: + ++version + [9b82ad805d6b] - * Makefile.in: added lsearch & search.h visudo links into - $(LIBOBJS) + * emul/utime.h: + added copyright notice + [4380f16cd075] -1995-03-27 23:43 millert + * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: + ++version + [32717fdb5d05] - * aclocal.m4: partial 1.x to 2.x changes added SUDO_FULL_VOID + * tgetpass.c: + minor cleanup and now includes sys/bsdtypes for svr4'ish boxen + [326864428da2] -1995-03-27 23:40 millert + * configure.in: + ISC now gets -lcrypt now check for sys/bsdtypes.h + [e064799c054b] - * visudo.c: whatnow_help was prototyped to be static be was not - declared as such + * config.h.in: + added check for sys/bsdtypes.h + [9adb9533c363] -1995-03-27 21:15 millert +1996-01-07 Todd C. Miller - * configure.in: autoconf 2.x changes took out HAVE_FLEX (no longer - used) added check for dirent/dir/ndir.h + * parse.yacc: + removed debugging stuff (setting freed ptr to NULL) + [02fe8eec63a0] -1995-03-27 21:09 millert + * TROUBLESHOOTING: + added 2 entries + [02884e2733e2] - * parse.c: now use groovy gnu autoconf macro AC_HEADER_DIRENT + * Makefile.in: + added FAQ + [074d8dfcf28d] -1995-03-27 20:38 millert + * TROUBLESHOOTING: + added section on syslog + [e6bc02a22b86] - * getcwd.c, getwd.c: MAXPATHLEN -> MAXPATHLEN+1 + * configure.in: + added AC_ISC_POSIX for better ISC support + [8436b3e12af2] -1995-03-27 20:23 millert + * config.h.in: + fixed typo + [f1b3922babf4] - * emul/search.h, lsearch.c: Initial revision + * config.h.in: + added define for _POSIX_SOURCE + [ded6d92b34f9] -1995-03-27 18:26 millert +1996-01-04 Todd C. Miller - * parse.yacc: eliminated bison warnings + * configure.in: + fixed check for lsearch() + [75baa5bc28a3] -1995-03-27 17:10 millert +1995-12-22 Todd C. Miller - * parse.lex: added missing case + * interfaces.c: + fixed for AIX now deal if num_interfaces == 0 (should not happen) + [ae450e859227] -1995-03-27 17:04 millert +1995-12-20 Todd C. Miller - * visudo.c: now iincludes signal.h + * configure.in: + now only define HAVE_LSEARCH if there is a corresponding search.h + [8ce645c5d17f] -1995-03-27 15:16 millert + * interfaces.c: + works on ISC again + [ccac920d424c] - * parse.yacc: only clear data structures on a parse error +1995-12-18 Todd C. Miller -1995-03-27 15:01 millert + * configure.in: + now define HAVE_LSEARCH if we find lsearch() in libcompat + [7343e4313a87] - * visudo.c: whatnow() now gives help on invalid input + * lsearch.c: + char * -> const char * + [1c0b11c2300a] -1995-03-27 14:54 millert + * configure.in: + now looks in -lcompat for lsearch() + [a1cc1d6fcd09] - * visudo.c: added a whatnow() function (sort of like mh) + * Makefile.in: + remove sudo.core visudo.core for clan target + [b523456a85df] -1995-03-27 14:53 millert + * aclocal.m4: + added UID_MAX support in check for MAX_UID_T_LEN + [7ab262b1173f] - * parse.yacc: kill_aliases -> reset_aliases yywrap() now cleans up - by calling reset_aliases() and clearing top took reset stuff out - of yyerror() since it doesn't beling there (and doesn't work - anyway). errorlineno is now initially set to -1 so we can set it - to the first error that occurrs (it was getting set to the last) + * Makefile.in: + fixed another occurence of sudo_getpwuid.* + [fb5809c07da2] -1995-03-27 14:53 millert + * Makefile.in, getspwuid.c: + sudo_getpwuid.c -> getspwuid.c + [875f2ef808b4] - * parse.lex: added a void cast + * configure.in: + moved the "echo" + [ad7b8f966076] -1995-03-27 13:26 millert + * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c, + compat.h, config.h.in, configure.in, find_path.c, getspwuid.c, + getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, + parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, + sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, + version.h, visudo.c: + ++version + [ee57c6410ffa] - * visudo.c: rewrote from scratch based on 4.3BSD vipw.c + * testsudoers.c: + added group support + [54d8097df8bd] -1995-03-26 01:33 millert + * sample.sudoers: + added group entry + [50994d31fd49] - * sudo.c, sudo.h: removed ocmnd + * sudoers.man: + documented group support + [0a16707f8fed] -1995-03-26 01:19 millert + * parse.c, parse.lex, parse.yacc, visudo.c: + added group support + [427218c879c8] - * sudo.h: no more sudo_realpath() and find_path() changed params +1995-12-15 Todd C. Miller -1995-03-26 01:19 millert + * check.c: + tkfile was too short and overflowed the kerberos realm + [53823a1ff5af] - * sudo.c: find_path() changed since no more realpath() +1995-12-11 Todd C. Miller -1995-03-26 01:18 millert + * sudo.c: + now copy command args directly from Argv + [77408278b6fd] - * parse.yacc: on error, errorlineno is set to the line where the - error occurred added kill_aliases() to free the aliases struct - now clean up in yyerror() so we can reparse cleanly + * sudo.c: + replaced code to copy cmnd_args so that is does not use realloc + since most realloc()'s really stink + [b29a0ff73fb6] -1995-03-26 01:17 millert +1995-12-08 Todd C. Miller - * logging.c: changed to use new find_path() + * configure.in: + syslog() fixed in hpux 10.01 + [2648e6f0cdb0] -1995-03-26 01:17 millert +1995-12-06 Todd C. Miller - * options.h, parse.c: no more USE_REALPATH + * configure.in: + AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate) + [8f108b8d8711] -1995-03-26 01:16 millert + * configure.in: + better error if cannot find skey incs or libs + [5887662ee9d3] - * find_path.c: removed all the realpath() stuff + * aclocal.m4: + now use a temp file for determining max len of uid_t in string form. + the old hacky way broke on netbsd + [b68f470fa9f8] -1995-03-26 01:16 millert + * sudo.c: + added set of parens and a space + [8a3d4826d022] - * Makefile.in: sudo_realpath.c -> sudo_goodpath.c +1995-12-05 Todd C. Miller -1995-03-26 01:12 millert + * dce_pwent.c: + fixes from Jeff Earickson , + [bde0f0b756ec] - * visudo.c: now works correctly with utk parser + * check.c: + modified a comment + [e2a97f1afbbe] -1995-03-26 00:04 millert + * Makefile.in: + fixed up testsudoers target + [d39c4e7bb609] - * goodpath.c: Initial revision + * configure.in: + DCE changes from Jeff Earickson LIBS -> + SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS + [da7a1c433828] -1995-03-25 23:23 millert + * Makefile.in: + LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS, + VISUDO_LDFLAGS + [4b69503e8487] - * sudo_realpath.c: eliminated a compiler warning +1995-11-28 Todd C. Miller -1995-03-25 21:56 millert + * configure.in: + fix for C2 on hpux 10 now uses -linet if it exists + [8d300112263d] - * sudo.c: elinated compiler warning + * check.c: + LONG_SKEY_PROMPT is less of a klusge / + [dcc144abaac3] -1995-03-25 20:40 millert + * configure.in: + fixed typos w/ dce stuff + [f7dfd6d4e149] - * sudo_realpath.c: added sudo_goodpath() + * Makefile.in: + added dce_pwent.c + [79047acdc516] -1995-03-25 20:40 millert +1995-11-26 Todd C. Miller - * sudo.h: added prototype for sudo_goodpath + * INSTALL: + amended section on combining authentication mechanisms + [dc5138c7c716] -1995-03-25 20:39 millert + * PORTING: + minor updates for 1.3.6 + [fe80c13bd994] - * parse.c: added support for /sys/dir.h + * TROUBLESHOOTING: + added 2 more entries + [c7201439a0f5] -1995-03-25 20:39 millert + * BUGS: + updated for 1.3.6 + [979b414d2a2d] - * options.h: USE_REALPATH turned off + * README: + overhauled + [3af8b60eb594] -1995-03-25 20:39 millert + * INSTALL: + rewrote for sudo 1.3.6 + [b16027b9c726] - * find_path.c: added calls to sudo_goodpath() + * TROUBLESHOOTING: + added 3 entries + [934c9ee3f153] -1995-03-25 20:39 millert +1995-11-25 Todd C. Miller - * configure.in: added check for dirent.h + * find_path.c, getspwuid.c, sudo.c: + added explict casts for strdup since many includes don't prototype + it. gag me. + [3e19a11f2fcc] -1995-03-25 20:38 millert + * sudo.h: + removed prototype for sudo_getpwuid() since convex C compiler choked + on it. + [c3ea74ca67b0] - * config.h.in: added HAVE_DIRENT_H + * sudo.c: + added prototype for sudo_getpwuid() + [4a8e3cdc2b98] -1995-03-25 19:27 millert + * lsearch.c: + now compiles on strict ANSI compilers + [3ce5d72d0b08] - * configure.in: added in linux shadow pass stuff  + * check.c: + added LONG_SKEY_PROMPT support + [48a18b8a2332] -1995-03-24 14:43 millert + * Makefile.in: + added extra $'s for make to eat up, yum. + [2995b214e12b] - * visudo.c: added back host, user, cmnd, parse_error + * OPTIONS, options.h: + added LONG_SKEY_PROMPT + [f23ae799b5a4] -1995-03-24 14:19 millert +1995-11-24 Todd C. Miller - * visudo.c: added in utk changes plus some minor cosmetic changes + * check.c: + s/key support now works with normal s/key as well as logdaemon + [d67573f523bf] -1995-03-24 14:17 millert + * OPTIONS, options.h: + added SKEY_ONLY + [bbf07654e0de] - * sudo.c, sudo_realpath.c: added void casts for printf's + * compat.h: + set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY + [205895b96a36] -1995-03-24 14:17 millert + * INSTALL: + added DCE note added more AIX notes + [6345403b3522] - * options.h: added a define of USE_REALPATH + * sudo.c: + now include pthread.h for DCE support + [6fe02865f679] -1995-03-24 14:17 millert + * check.c: + dce_pwent() is ok after all ., + [d26a8746a55d] - * configure.in: there is no more visudoers/Makefile + * logging.c: + now uses SYSLOG() macro that equates to either syslog() or + syslog_wrapper + [42ac4cff8045] -1995-03-24 14:16 millert + * dce_pwent.c: + minor formatting changes. renamed check() to somthing less generic + [71859f217be1] - * Makefile.in: added in utk changes (visudo is now built from the - toplevel) + * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c, + visudo.c: + now uses user_pw_ent and simple macros to get at the contents + [f4cbf3e7145a] -1995-03-24 14:15 millert +1995-11-23 Todd C. Miller - * find_path.c: added (void) casts to printf's + * check.c: + simpler dec unix C2 support + [86bc8f75250e] -1995-03-23 22:32 millert + * getspwuid.c: + now sets crypt_type for DEC unix C2 + [99aeadd18266] - * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c: merged - in utk changes +1995-11-21 Todd C. Miller -1995-03-22 23:13 millert + * configure.in: + added csops paths for skey + [b8ca672e2117] - * find_path.c: now check to see that what we are trying to run is a - file (or a link to a file, we do a stat(2) so there is no diff) + * getspwuid.c: + now includes string.h for strdup() prototype + [3605259c3620] -1995-03-13 15:56 millert + * getspwuid.c: + fixed a few typos + [46c97e4ea417] - * CHANGES: updated + * check.c: + now includes skey.h + [11e611ce1b61] -1995-03-13 15:56 millert + * getspwuid.c: + fixed up comments + [223dac56f0c8] - * Makefile.in: aclocal.m4 -> acsite.m4 make realclean updated for - new autoconf  + * check.c: + moved a lot of the shadow passwd crap to sudo_getpwuid() + [97d8887fb7d3] -1995-03-13 15:11 millert + * sudo.c: + now uses sudo_pw_ent + [d014dadbef48] - * sudo.man: added myself as maintainer + * testsudoers.c: + now uses sudo_pw_ent + [d92936ed7e34] -1995-02-16 23:31 millert + * visudo.c: + now sets sudo_pw_ent + [ff75cdfcf8b3] - * sudo.c: changed setegid -> setgid + * getspwuid.c: + Initial revision + [6deb6df9d7bc] -1995-02-06 17:43 millert + * tgetpass.c: + moved dce stuff into compat.h + [1124284396e7] - * configure.in: fixed the test for irix 5.x to skip bad libs + * logging.c, sudo.h: + now uses sudo_pw_ent + [404ff20a5067] -1995-02-06 17:43 millert + * Makefile.in: + added sudo_getpwuid.c + [6666d0644512] - * aclocal.m4: now initialize OS and OSREV + * compat.h: + added dce support + [3c3b36a7ce0e] -1995-01-26 20:52 millert + * parse.yacc: + now uses sudo_pw_ent + [9f5e8d11bd68] - * configure.in: irix5 changes +1995-11-20 Todd C. Miller -1995-01-26 20:28 millert + * check.c: + fixed exempt_group stuff for OS's that don't put base gid in group + vector + [003f153bd396] - * configure.in: AC_WITH -> AC_ARG_WITH changes other misc changes - for autoconf 2.1 compatibility + * check.c: + S/Key support now works with sunos4 shadow passwords + [1eb64a5efff1] -1995-01-18 19:49 millert + * Makefile.in: + fixed clean rule + [5695a2c62816] - * visudo.c: use YY_NEW_FILE, not yyrestart since OSF flex doesn't - do the righ thing wrt yyrestart (grrrr) + * config.h.in, configure.in: + added DCE support + [f53c766c1947] -1995-01-16 18:44 millert + * tgetpass.c: + DCE & KERB support + [904cf436506a] - * Makefile.in: added visudoers/compat.h to DISTFILES + * check.c: + first stab at dce support + [aea5ca07b1e3] -1995-01-16 17:01 millert + * dce_pwent.c: + now smells like sudo + [8b3d609b49cd] - * configure.in: fixed an echo + * dce_pwent.c: + Initial revision + [b573555f2399] -1995-01-16 16:36 millert + * check.c: + skey'd sudo now works w/ normal password as well + [8d038f9f6e94] - * sudo.c: added ocmnd declaration adjusted for find_path()'s new - parameters +1995-11-19 Todd C. Miller -1995-01-16 16:35 millert + * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c, + getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, + parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, + sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, + version.h, visudo.c: + updated version number + [ba7e346d7904] - * sudo.h: added ocmnd extern adjusted find_path() prototype + * README: + updated to reflect version change + [1d15cf1d8cc8] -1995-01-16 16:34 millert + * configure.in: + --with options now line up ++version + [08ebf625fbca] - * parse.c: cmndcmp() now takes 3 arguments and checks against the - qualified as well as the unqualified pathname. more code that - should use cmndcmp() but did not, now does + * sudo.h: + removed unecesary S/Key stuff + [68188cba90af] -1995-01-16 16:34 millert + * configure.in: + fixed S/Key support + [f6d9cbc36618] - * options.h: added to a comment + * Makefile.in: + -I stuff now goes in CPPFLAGS + [7b8e53c5b046] -1995-01-16 16:33 millert + * check.c: + fixed SKey support + [52c1a5cf4435] - * logging.c: changed to use new find_path() parameter passing + * README: + updated version + [bed6498a10bb] -1995-01-16 16:32 millert + * OPTIONS: + fixed description of EXEMPTGROUP + [cfeead55edc2] - * find_path.c: find_path() now takes 2 copyout parameters (one for - the qualified pathname and one for the unqualified pathname). - The third parameter may be NULL. + * sudo.c: + more people use _RLD_ than just alphas... + [6a3c7090a6f6] -1995-01-16 16:31 millert + * Makefile.in: + replaced $man_prefix with $mandir + [dc4b36a550e2] - * configure.in: no longer munge pathnames.h + * configure.in: + fixed a typo + [a38a4acddcaf] -1995-01-16 16:30 millert + * Makefile.in: + now use more GNU'ish dir names + [c5498391a520] - * pathnames.h.in: changed _PATH_* to use _SUDO_PATH_* (which are - defined in config.h) as a result, pathnames.h does not need to be - run through configure and the user can override the configured - values easily. + * configure.in: + now set *dir correctly (can override from command line) + [523ff98fd438] -1995-01-16 16:30 millert + * sudo.c: + now deal with situations where we getwd() fails + [88a9e61dccbb] - * config.h.in: added _SUDO_PATH_* entries +1995-11-17 Todd C. Miller + + * Makefile.in: + added etc_dir, bin_dir, sbin_dir + [75fd08d92842] -1995-01-16 16:30 millert + * configure.in: + added sbin_dir + [3cb318c0d8d1] - * aclocal.m4: _PATH* -> _SUDO_PATH_* + * Makefile.in: + now ship a flex-generated lex.yy.c + [4d083ed70dce] -1995-01-16 16:28 millert + * Makefile.in: + now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER + [4d51dc9c3780] - * Makefile.in: updated DISTFILES and HDRS .o's now depend on - config.h + * pathnames.h.in: + _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile + [773fd163d52f] -1995-01-13 12:52 millert + * options.h: + no more error for redefining SUDOERS_OWNER + [4ba336644c6a] - * compat.h: removed extraneous #endif + * OPTIONS: + expanded SUDOERS_OWNER section + [12fae405759e] -1995-01-13 12:48 millert +1995-11-16 Todd C. Miller - * aclocal.m4: added SUDO_PROG_MV + * visudo.c: + now warn if chown(2) failed + [d0d1db6e3a1f] -1995-01-13 12:47 millert + * logging.c: + better default warning for NO_SUDOERS_FILE + [5260b458ac64] - * configure.in: added SUDO_PROG_MV added riscos and isc os types - took out -DSHORT_MESSAGE from --with-csops since it is now the - default + * sudo.c: + added missing set_perms() no more cryptic message if the sudoers + file is zero length, now just give a parse error + [b81ea724838a] -1995-01-13 12:46 millert + * logging.c: + better diagnostics if NO_SUDOERS_FILE + [877e878663c5] - * sudo.c: move the include of id.h to compat.h now includes - options.h + * sudo.c: + check_sudoers() now catches sudoers files that are not readable (but + are stat'able). + [fea05663b3de] -1995-01-13 12:45 millert +1995-11-13 Todd C. Miller - * sudo.h: moved compatibility #defines to compat.h + * configure.in: + now add -D__STDC__ for convex cc (not gcc) + [c80fc53ff51b] -1995-01-13 12:45 millert + * configure.in: + MAN_PREFIX -> man_prefix now sets prefix and exec_prefix + [fe238226a057] - * pathnames.h.in: added _PATH_MV + * Makefile.in: + now uses exec_prefix & prefix from configure + [f62fca5f56bd] -1995-01-13 12:43 millert + * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c, + parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c, + utime.c, visudo.c: + options.h is now <> instead of "" so shadow build trees can have a + custom copy of options.h + [e6782676099c] - * config.h.in: move __P to compat.h + * check.c: + user_is_exempt() is no longer a hack, it now uses getgrnam() + [287f8d5356f7] -1995-01-13 12:39 millert + * options.h: + EXEMPTGROUP is now "sudo" + [61487304dbe1] - * getcwd.c, getwd.c, putenv.c: now includes compat.h + * configure.in: + MAN_POSTINSTALL now contains a leading space + [eaad4ac34012] -1995-01-13 12:39 millert + * Makefile.in: + removed leading tab if @MAN_POSTINSTALL@ not defined now removes + testsudoers in clean: + [e01711baceb8] - * compat.h: Initial revision + * tgetpass.c: + includes pwd.h to get _PASSWD_LEN definition + [8ec174f263f1] -1995-01-11 19:11 millert +1995-10-30 Todd C. Miller - * sudo.h: pull user-configurable stuff out and put in options.h + * sudo.c: + unset the KRB_CONF envariable if using kerberos so we don't get + spoofed into using a bogus server + [2561a0274fca] -1995-01-11 18:43 millert +1995-09-29 Todd C. Miller - * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c, - sudo_setenv.c, parse.lex, parse.yacc, visudo.c: now includes - options.h + * parse.yacc: + now explicately initialize match[] tp be FALSE + [0e45e5c47766] -1995-01-11 18:41 millert +1995-09-23 Todd C. Miller - * Makefile.in: added visudoers/options.h + * sudo.c: + removed unused variable now passes -Wall + [3452508bc16d] -1995-01-11 18:40 millert + * parse.yacc: + yyerror and dumpaliases are now void's now passes -Wall + [2769dfb51993] - * options.h, OPTIONS: Initial revision + * parse.lex: + added prototype for yyerror + [1f3f0c1b4ab4] -1995-01-11 18:39 millert + * check.c, logging.c, parse.c: + now passes -Wall + [eab57e5e81d2] - * Makefile.in: added OPTIONS and options.h + * interfaces.c: + rmeoved unused cruft now passes -Wall + [7a47e1866f4b] -1995-01-11 18:36 millert + * Makefile.in: + fixed headers that moved to emul dir + [e680c1e5049b] - * logging.c: changed #ifdef's to use LOGGING and - SLOG_SYSLOG/SLOG_FILE + * logging.c: + fixed deref of nil pointer if no args + [973b9bea432f] -1995-01-11 11:02 millert +1995-09-15 Todd C. Miller - * check.c, sudo.h: changed PASSWORD_TIMEOUT to minutes + * OPTIONS: + added a caveat to FQDN section + [dcf6e2a5fff4] -1994-12-17 18:18 millert +1995-09-13 Todd C. Miller - * visudo.c: now only do Editor +line_num if line_num != 0 + * Makefile.in: + more $srcdir support for install targets + [f6eac78436dd] -1994-12-15 21:06 millert + * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c, + strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c: + don't include malloc.h if we include stdlib.h + [fca2ff307cd8] - * visudo.c: now use mv if rename(2) fails + * parse.yacc: + local search.h now lives in emul + [51c458904424] -1994-12-15 20:32 millert + * check.c, utime.c: + local utime.h now lives in emul dir + [f92fc9e8c8de] - * BUGS: added a visudo bug + * lsearch.c: + local search.h now lives in emul + [579efc407439] -1994-12-15 19:46 millert + * Makefile.in: + added support for building in other than the sourcedir + [2ab53a43f7d4] - * check.c: expanded comment +1995-09-10 Todd C. Miller -1994-11-12 18:33 millert + * OPTIONS: + annotated CSOPS_INSULTS option + [9e57d45a0afa] - * check.c: fixed user_is_exempt to return 0 if EXEMPTGROUP is not - set + * TROUBLESHOOTING: + updated shadow passwords blurb + [39b785bc7253] -1994-11-09 19:49 millert + * sudo.c: + if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and + passes along foo as the arguments + [a91077aa8fc5] - * sudo.c: added mips & isc support +1995-09-09 Todd C. Miller -1994-11-09 19:49 millert + * parse.lex: + collapsed pathname and dir sections into one -- its now less + expensive + [89caa03bec25] - * parse.c: added support for non-root owned sudoers file + * parse.lex: + fixed spacing quoting [,:\\=] now works correctly append() and + fill() now take args to make the above work + [09d023d9ef3a] -1994-11-09 19:48 millert + * sudo.c: + fixed a typo that caused commands with no tty on fd 0 but a tty on + fd 1 to erroneously have "none" as their tty + [07d2c0e7977c] - * check.c: added exempt group support +1995-09-04 Todd C. Miller -1994-11-09 19:47 millert + * check.c: + timestampfile is now a global static removed decl of timestampfile + in remove_timestamp since we can just use the global one + [f0cbdc6aab1c] - * sudo.h: added set_perms() support added SUDOERS_OWNER so can have - non-root own sudoers file added exempt group support added isc - support + * check.c: + created touch() to update timestamps added USE_TTY_TICKETS support + (bit of a kludge) + [cee1dd0318f8] -1994-11-09 19:46 millert + * compat.h: + added _S_IFDIR and S_ISDIR + [b4a51cc9628e] - * visudo.c: now copy sudoers to temp file via read/write (not - stdio) now chown new sudoers file to SUDOERS_OWNER + * OPTIONS, options.h: + added USE_TTY_TICKETS + [b4e22f81f25e] -1994-11-07 20:40 millert + * parse.yacc: + removed const from casts for lsearch() & lfind() to placate irix 4.x + C compiler + [5003081f76ea] - * configure.in: added skey support +1995-09-03 Todd C. Miller -1994-11-07 20:39 millert + * sudo.c: + now only strip '/dev/' off of a tty if it starts with '/dev/' + [7f62bcd24039] - * sudo.h: fixed typo added set_perms support added skey support - added seteuid()/setegid() emulation for AIX + * pathnames.h.in: + added _PATH_DEV + [6375f44d1910] -1994-11-07 20:38 millert + * configure.in: + AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if + have termios.h + [9c60391235fd] - * sudo.c: be_* -> setperms() now check to make sure sudoers file is - owned by root nread/write by only root + * tgetpass.c: + fixed incorrect #ifdef termio uses "unsigned short" not int for + c_?flag + [d032e6a29845] + + * parse.lex, parse.yacc: + fixed a spelling error + [cad6a944c7b1] + + * Makefile.in: + fixed typo + [204a65403e7c] + +1995-09-02 Todd C. Miller -1994-11-07 20:38 millert + * Makefile.in: + fixed a comment + [268f760e57ad] - * logging.c, parse.c, sudo_realpath.c: be_* -> setperms() + * parse.yacc: + added dotcat() to cat 2 strings w/ a dot effeciently now that we + dynamically allocate strings they need to be free()'d + [ec2e2152f415] -1994-11-07 20:38 millert + * parse.lex: + dynamically allocates space for strings + [d10ac3533d66] - * check.c: be_* -> set_perms() added skey support + * sudo.h: + no more MAXCOMMANDLENGTH + [e2e1219bff8a] + + * sudo.h: + added decl of tty + [c8ae81303ee5] + + * logging.c, sudo.c: + moved tty stuff into sudo.c + [e028abefeb07] + +1995-09-01 Todd C. Miller + + * parse.c: + fixed a logic bug. Was denying a command if user gave command line + args but there were none in the sudoers file which is wrong. + [7489a99b8e8a] + + * sudo.h: + MAXCOMMMANDLEN dropped down to 1K + [38ef54ba290b] + + * parse.lex: + return foo; -> return(foo); + [0e8be1b57001] + + * parse.yacc: + fixed netgr_matches() prototype + [e69f15910464] + + * parse.lex: + added support for escaping "termination" characters + [8bd4ef50f35c] + + * parse.c: + buf is now of size MAXPATHLEN+1 since it never holds command args + [2ce4b763058c] + + * sudo.c: + fixed comments + [0c74a3d2ebb0] + + * goodpath.c: + fixed negation problem (doh!) + [782814e3a2d1] + + * parse.yacc: + fixed 2nd parameter to lfind() + [63d7b1623c08] -1994-11-06 18:59 millert + * parse.lex: + now do bounds checking in fill() and append() + [54381b563251] - * Makefile.in: ++version + * sudo.c: + include netdb.h as we should added a missing void cast added + SHELL_IF_NO_ARGS support now use realloc() properly. would fail if + realloc actually moved the string instead of shrinking it + [897ccdec9c06] + + * sample.sudoers: + updated with examples of new features + [9b3ed00e8aa6] + + * goodpath.c: + now set errno to EACCES if not a regular file or not executable + [2d069548a5ea] + + * find_path.c: + if given a fully-qualified or relative path we now check it with + sudo_goodpath() and error out with the appropriate error message if + the file does not exist or is not executable + [590f89dd8dec] + + * emul/search.h, lsearch.c: + now use correct args for lfind + [fccdcdbf020e] + + * logging.c: + added a comment + [fab9f49708ea] + + * insults.h: + added in CSOps insults + [ad8eb1862adc] + + * ins_csops.h: + Initial revision + [de5a475ec018] + + * tgetpass.c: + added RCS id + [c3ffd550a482] + + * sudo.h: + increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD + [aba25c90d08a] + + * OPTIONS: + added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS + [e27bd62e9ccf] + + * sudo.c: + fixed -k load_interfaces() now gets called if FQDN is set + -p now works with -s + [07ca2a34bae8] -1994-11-06 18:59 millert + * parse.c: + don't try to stat() "pseudo commands" like "validate" + [75527045984b] - * version.h: ++ + * options.h: + added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS + [07b157a0eafd] + + * configure.in: + added SecurID support added other insults to --with-csops + [6c992ceb244c] + + * config.h.in: + added HAVE_SECURID + [e734ff617fe8] + + * Makefile.in: + added clobber target added ins_csops.h now gets CFLAGS from + configure + [d1e29c7cec25] -1994-10-21 13:16 millert + * aclocal.m4: + relaxed SUDO_FULL_VOID + [fb4084f27406] + + * visudo.c: + function comment blocks are now in same style as rest of code + [04a2931354c5] - * sudo.c: now sets IFS + * testsudoers.c: + added support for command line args in /etc/sudoers + [bfe4e1bcc655] -1994-10-21 12:02 millert + * sudoers.man: + updated to have command args in the sudoers file + [1cd34355e9ea] + + * sudo.man: + added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section + [930b48023b68] + +1995-08-19 Todd C. Miller - * insults.h: fixed typo + * parse.yacc: + PATH renamed to COMMAND + [4e109a6de3cd] -1994-10-15 15:48 millert + * parse.lex: + it is now a parse error for directories to have args attached to + them + [2ab10a146b54] - * config.h.in: added HAVE_SKEY + * logging.c: + now say command args if telling user to buzz off + [933de26ded8b] -1994-10-04 13:00 millert + * sudo.c: + -s no longer indicates end of args sped up loading on cmnd_args in + load_cmnd() + [eac99a4da862] - * CHANGES: updated + * parse.c: + removed an unreachable statement + [634302623c49] -1994-10-04 12:57 millert + * parse.lex: + made more efficient by pulling out the terminators when in GOTCMND + state and making them their own rule + [80798f1e1166] - * Makefile.in: ++version +1995-08-14 Todd C. Miller -1994-10-04 12:57 millert + * sudo.h: + removed MAXLOGLEN since it is no longer used + [102824196b71] - * version.h: ++ + * parse.lex: + now allows command args + [d29dfa1e5254] -1994-10-04 12:56 millert + * parse.c: + now groks command arguments + [6c414cb7f105] - * sudo.c: now bail if ARgv[1] > MAXPATHLEN + * logging.c: + now sets tty correctly when piped input + [de46a30c0406] -1994-10-04 12:56 millert + * sudo.c: + fixed loading of cmnd_args (was including command name too) + [15319a425ea6] - * configure.in: added function check for tcgetattr(3) + * logging.c: + fixed a core dump due to incorrect if construct + [582363c7d7fa] -1994-10-04 12:55 millert +1995-08-13 Todd C. Miller - * config.h.in: only define HAVE_TERMIOS_H if you have tcgetattr(3) + * configure.in: + only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix + [da591fe9b931] -1994-10-04 12:53 millert + * aclocal.m4: + fixed check for ISC + [52e59f2082a7] - * config.h.in: added check for tcgetattr + * sudo.c: + now sets cmnd_args used by log_error() and that will be used by the + parse to check against command args + [c6804389723b] -1994-09-26 17:38 millert + * sudo.h: + added cmnd_args + [4d00446b4a8d] - * CHANGES: updated + * logging.c: + now dynamically allocate logline since we can guess at its size + [4bed8c8446aa] -1994-09-22 13:30 millert +1995-08-05 Todd C. Miller - * parse.lex: now only include unistd.h for linux + * logging.c: + cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove + "register" since the compiler knows more than I do now do a + "basename" of the tty + [3b1bbf0b3da1] -1994-09-21 14:29 millert +1995-07-31 Todd C. Miller - * Makefile.in: added visudo.8 generation + * configure.in: + ++version + [5ce552f9a5f1] -1994-09-21 14:07 millert + * sudo.h: + added shell extern changed MODE_* to be bit masks to allow for + several options together + [06f9dc4f400c] - * configure.in: added -Wl,-bI:./aixcrypt.exp to aix flags + * sudo.c: + added -s (shell) option made MODE_* masks so we can do bitwise & and + | to see if multiple flags are set. + [01f8143010ad] -1994-09-20 19:39 millert + * check.c: + added securid support + [909e078005fe] - * BUGS: added one +1995-07-30 Todd C. Miller -1994-09-20 19:39 millert + * logging.c: + removed a bunch of unnecesary strncpy()'s and replaced with strcat() + [644506b57d61] - * CHANGES: updated +1995-07-29 Todd C. Miller -1994-09-20 19:38 millert + * Makefile.in, version.h: + ++version + [3cd6f1fbc3d9] - * README: added mailing list info +1995-07-27 Todd C. Miller -1994-09-20 19:37 millert + * parse.yacc: + fixed free() of an uninitialized pointer (yuck) + [8c404ee502ee] - * parse.yacc: now use sudolineno instead of yylineno fixed bison - warnings + * testsudoers.c: + added netgr_matches + [e7c9fa2f774c] -1994-09-20 19:37 millert + * parse.c: + cleaned up netgr_matches + [8108f00b810e] - * configure.in: now use -no_library_replacement for osf don't make - a static binary for hpux >= 9.0 +1995-07-26 Todd C. Miller -1994-09-20 19:21 millert + * RUNSON: + updated for 1.3.4 + [4741704310a1] - * tgetpass.c: added string.h/strings.h inclusion +1995-07-25 Todd C. Miller -1994-09-20 19:21 millert + * Makefile.in: + now installs sudoers.man -- really should clean this up though. + [455631d45a1d] - * config.h.in: added ssize_t def + * Makefile.in: + added sudoers.cat and sudoers.man + [0bdedd6c7363] -1994-09-20 19:18 millert + * sudo.man: + pulled out stuff on the sudoers file format into a separate man page + [de215d999cb9] - * parse.lex: added inclusion of string.h/strings.h + * sudoers.man: + Initial revision + [f25eafbb7095] -1994-09-20 18:48 millert + * HISTORY: + fixed up my email address + [254fbf80be74] - * aclocal.m4: fixed uname | sed (needed to quote the '[') + * configure.in: + added checks for innetgr and getdomainname + [24a99cb7e97e] -1994-09-20 18:42 millert + * visudo.c: + added dummy netgr_matches function + [1841ff2c01da] - * parse.lex: replaced yylineno with sudolineno fixed bison syntax - errors + * parse.c: + added netgr_matches + [ec90db6a97b8] -1994-09-20 18:13 millert + * parse.lex, parse.yacc: + added NETGROUP support + [c9dd93e3bc4b] - * visudo.c: changed yylineno to sudolineno since yylineno cannot be - counted upon. + * config.h.in: + added HAVE_INNETGR & HAVE_GETDOMAINNAME + [14abd494d875] -1994-09-20 18:10 millert +1995-07-24 Todd C. Miller - * TODO: updated + * sudo.c: + rewrote clean_env() that has rm_env() builtin + [55cb43818a95] -1994-09-20 17:52 millert +1995-07-23 Todd C. Miller - * parse.c: added code to support command listings + * check.c: + now cast uid to long in sprintf + [b549eea40aeb] -1994-09-20 17:36 millert + * OPTIONS: + added _INSULTS suffix to HAL & GOONS end + [ed620d0aad30] - * sudo.c: added code for -l flag + * options.h: + added _INSULTS suffix to HAL & GOONS + [9f72e9b83afd] -1994-09-20 17:35 millert + * ins_2001.h, ins_classic.h, ins_goons.h, insults.h: + converted to new scheme of insult "unions" end + [2f6d2b412132] - * sudo.man: fixed typo added info for -l flag + * sudo.c: + now uses MAX_UID_T_LEN + [c1df79e0f389] -1994-09-20 14:45 millert + * configure.in: + added SUDO_UID_T_LEN !l + [195f0b9f5f84] - * configure.in: AC_SSIZE_T -> SUDO_SSIZE_T + * config.h.in: + added MAX_UID_T_LEN + [73f42ae4f14d] -1994-09-20 14:45 millert + * check.c: + now use MAX_UID_T_LEN + [df9c063234cb] - * aclocal.m4: added SUDO_SSIZE_T + * aclocal.m4: + added check for max len of uid_t fixed sco vs. isc check + [d558f36d2223] -1994-09-20 14:44 millert +1995-07-19 Todd C. Miller - * sudo.h: added MODE_LIST + * configure.in: + corrected version + [828dd1571e86] -1994-09-20 14:43 millert + * configure.in: + added sco support + [af1e2f616638] - * configure.in: added AC_SSIZE_T + * aclocal.m4: + hack to check for sco + [549ab99a9a43] -1994-09-19 20:53 millert + * interfaces.c: + removed #include since it was hosing some OS's + [ac78a7c04005] - * find_path.c, sudo_realpath.c: readlink() is now declared as - returning ssize~_t +1995-07-18 Todd C. Miller -1994-09-19 20:44 millert + * find_path.c: + fixed prreadlink() prototype + [b380fe1f2b11] - * configure.in: added -laud for OSF c2 + * check.c: + added parens in #if's + [e96ade691b82] -1994-09-02 15:55 millert + * configure.in: + added SPW_ prefix + [a302683a1483] - * config.h.in, parse.lex, parse.yacc, pathnames.h.in, visudo.c, - Makefile.in: changed sudo-bugs.cs.colorado.edu -> - sudo-bugs@cs.colorado.edu + * sudo.h: + moved SPW_* to config.h.in + [6b3be70e34cf] -1994-09-02 15:54 millert + * sudo.c: + added a set of parens + [8188d735d695] - * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c, - parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c, - sudo_setenv.c, tgetpass.c, version.h: changed - sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed + * config.h.in: + added SPW_* + [5ead6371cf60] -1994-09-01 15:56 millert + * sudo.h: + added SPW_* reordered error codes + [dead25b4ed0a] - * Makefile.in: ++version + * check.c: + moved SPW_* to sudo.h + [ca51fb04caf4] -1994-09-01 15:55 millert +1995-07-17 Todd C. Miller - * version.h: ++ + * sudo.c: + SPW_AUTH -> SPW_SECUREWARE + [6b512b2bc5dc] -1994-09-01 15:55 millert + * logging.c: + GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT + [defdd0944e2f] - * logging.c: added host to alertmail messages + * configure.in: + AUTH -> SECUREWARE + [d1f8a17001dd] -1994-09-01 15:55 millert + * check.c: + SPW_AUTH -> SPW_SECUREWARE + [af0e8d8b89b2] - * CHANGES, TODO: udpated + * check.c: + now uses SHADOW_TYPE to make shadow pw support more readable and + modular. It's a start... + [8c2a59667014] -1994-09-01 15:26 millert + * configure.in: + added autodetection of shadow passwords + [85f81fa54b1b] - * logging.c: fixed logging problem where mail would not say which - user it was + * sudo.c: + now uses SHADOW_TYPE define + [355e5dc09b07] -1994-09-01 13:45 millert + * config.h.in: + added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines + [c0c06e83e483] - * configure.in: added -laud for gcc if osf & c2 + * aclocal.m4: + added SUDO_CHECK_SHADOW + [464301301639] -1994-09-01 13:39 millert +1995-07-12 Todd C. Miller - * check.c: moved set_auth_parameters to sudo.c + * configure.in: + define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for + memmove() since we dno longer use it... + [8aefa87d7d31] -1994-09-01 13:38 millert + * CHANGES: + updated + [ce97b3fd7182] - * sudo.c: added set_auth_parameters for osf + * logging.c: + added BROKEN_SYSLOG support + [a45c3bca36f6] -1994-09-01 13:22 millert + * config.h.in: + added BROKEN_SYSLOG + [6f6abf0a6268] - * configure.in: cleaned up -static stuff + * check.c: + now only bitch it timestamp > time_now + 2 * timeout to allow for a + machine udpating its time from a server + [546bc8d35325] -1994-09-01 13:15 millert + * sudo.man: + added 2 security notes updated Nieusma's email addr + [616756c56977] - * Makefile.in: ++version + * lsearch.c: + changed a memmove() to memcpy() since we don't have to worry about + overlapping segments. + [30baa478526b] -1994-09-01 13:15 millert +1995-07-11 Todd C. Miller - * version.h: ++ + * interfaces.c: + cleanup up the loop when interfaces are groped in so that it is + readable + [1fa39446bd69] -1994-09-01 13:15 millert + * Makefile.in, version.h: + ++version + [b46bd2b1770f] - * sudo.c: changed setenv() to sudo_setenv() +1995-07-09 Todd C. Miller -1994-09-01 13:12 millert + * CHANGES: + annotated 124-126 + [b82a2b3ec7ce] - * check.c: fixed osf problem +1995-07-07 Todd C. Miller -1994-08-31 22:17 millert + * check.c: + fixed permissions check on /tmp/.odus + [cc2431a65468] - * configure.in: added OSF C2 stuff +1995-07-06 Todd C. Miller -1994-08-31 22:00 millert + * check.c: + fixed some comments + [8896d09b4fda] - * CHANGES: updated + * check.c: + now checks owner & mode of timedir also checks for bogus dates on + timestamp file + [a0fad5df5b0a] -1994-08-31 21:56 millert + * OPTIONS: + updated TIMEOUT info + [033cc22d9e04] - * check.c: added osf auth support & removed some extra spaces + * logging.c, sudo.h: + added BAD_STAMPDIR and BAD_STAMPFILE + [31d9ce691101] -1994-08-31 21:52 millert + * compat.h: + added definition of S_IRWXU + [ff2dab091a9b] - * INSTALL, SUPPORTED: added osf C2 stuff + * CHANGES: + updated + [a40df90284f1] -1994-08-31 19:52 millert +1995-07-03 Todd C. Miller - * TODO: added 2 suggestions + * interfaces.c: + added #ifdef to make it compile on strange arches + [4a127f12afce] -1994-08-31 19:33 millert +1995-07-02 Todd C. Miller - * Makefile.in: removed README.v1.3.1 and added VERSION stuff + * aclocal.m4: + fixed check for fulkl void impl. + [b6f2a4a361d8] -1994-08-31 18:48 millert + * check.c: + added mssing "static" + [520552f2772b] - * version.h: pl1 + * insults.h: + replaced #elif with #else #if constructs for ancient C compilers + [39ab2d365b57] -1994-08-30 18:31 millert + * INSTALL: + updated irix c2 & kerb5 info + [ae79b99b4905] - * version.h: 1.3.1final + * configure.in: + added shadow pw support for irix + [632469d9c528] -1994-08-30 18:30 millert +1995-07-01 Todd C. Miller - * Makefile.in: added HISTORY + * BUGS, TODO: + updated + [2a96bb18ac30] -1994-08-30 18:30 millert + * CHANGES: + last changes for sudo 1.3.3 + [c1c0cd1034b8] - * sudo.man: mention HISTPRY file + * configure.in: + now calls SUDO_SOCK_SA_LEN + [14ea78159d45] -1994-08-30 18:30 millert + * config.h.in: + added HAVE_SA_LEN + [cc2a346aa905] - * sudo.c: use sizeof instead of a constant in 1 place + * aclocal.m4: + added SUDO_SOCK_SA_LEN + [456a2025644a] -1994-08-30 18:30 millert + * interfaces.c: + now works with ip implementations that use sa_len in sockaddr + [90be6e028077] - * parse.yacc: added unistd.h + * INSTALL: + added note about buggy AIX compiler + [c0f6d427e4e4] -1994-08-30 18:29 millert + * interfaces.c: + now include sys/time.h for AIX + [2510858ab38b] - * parse.lex: added unistd.h +1995-06-28 Todd C. Miller -1994-08-30 18:27 millert + * Makefile.in: + getcwd -> getwd + [66085ebca98e] - * README: udpated + * interfaces.c: + now works for ISC and others. yay. + [f336d4ffc927] -1994-08-30 18:15 millert +1995-06-26 Todd C. Miller - * HISTORY: Initial revision + * Makefile.in, version.h: + version++ + [836cffc2078d] -1994-08-17 12:45 millert +1995-06-23 Todd C. Miller - * version.h: ++ + * aclocal.m4: + fixed test for full void impl + [fb004107e7b9] -1994-08-17 12:39 millert + * sudo.c: + now check to see that st_dev is non-zero before assuming that we are + being spoofed + [1b0e1c30c506] - * CHANGES: updated +1995-06-20 Todd C. Miller -1994-08-17 12:36 millert + * aclocal.m4, configure.in: + SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL + [4953379bfb01] - * sudo_setenv.c: added unistd.h include +1995-06-19 Todd C. Miller -1994-08-16 15:46 millert + * aclocal.m4: + fixed include file order for SUDO_FUNC_UTIME_POSIX + [ff64ab7df44f] - * sudo.c: added sys/time.h for AIX + * logging.c: + added cast for ttyname() + [444f05f56758] -1994-08-14 21:22 millert + * configure.in: + fixed typo + [de068e748431] - * configure.in: added check for -lsocket and sys/sockio.h + * check.c: + now deal correctly with all known variation of utime() -- yippe + [b778a4195a89] -1994-08-14 21:21 millert + * configure.in: + added SUDO_FUNC_UTIME_POSIX + [cf635f2269d6] - * config.h.in: took out libshadow check and added in sys/sockio.h - check + * aclocal.m4: + added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX + [d79593be4b73] -1994-08-14 21:21 millert + * config.h.in: + added HAVE_UTIME_POSIX + [c67b4ac0dca5] - * sudo.c: now include sockio.h instead of ioctl.h if it exists - "sudo -" now gets a better error message + * check.c: + fixed a typo + [b14df5680f59] -1994-08-14 20:47 millert + * check.c: + no longer assume !HAVE_UTIME_NULL means old BSD utime() + [0aeaf4b2f38b] - * sample.sudoers: now has a dir and subnet entry + * check.c: + fixed fascist C compiler warning + [c61ddf2f1f93] -1994-08-13 18:15 millert + * interfaces.c: + now set strioctl.ic_timout in STRSET() now initialize num_interfaces + to 0 (just to be anal) + [c54cc2ba0052] - * sudo.c: removed if_ether.h +1995-06-18 Todd C. Miller -1994-08-13 17:16 millert + * sudo.h: + increaed MAXLOGLEN by MAXPATHLEN to account for ttyname + [74cf585a54fb] - * TODO: added an item + * logging.c: + added tty logging + [e27d8dcfbd78] -1994-08-13 17:15 millert + * interfaces.c: + reworked the ISC code + [bcf57ce8ae69] - * sudo.man: added network and ip addresses to man page + * Makefile.in, version.h: + updated version + [032941c9b94d] -1994-08-13 17:09 millert + * check.c: + now expect old-style utime(3) if utime() can't take NULL as an arg + [018dd4a73030] - * sudo.c: no error if can't get interfaces or netmask since - networking may not be in the kernel. + * configure.in: + added check for utime.h + [0b76e8feb618] -1994-08-13 17:08 millert + * config.h.in: + added HAVE_UTIME_H + [62ee42feda46] - * parse.c: nwo check for interfaces == NULL + * Makefile.in: + added CPPFLAGS STATIC_FLAGS -> LDFLAGS + [fa3201d294e1] -1994-08-12 21:22 millert + * configure.in: + now search for kerb libs and includes + [cc332401e571] - * parse.c: fixed a bug that caused directory specs in a Cmnd_Alias - to fail if the last entry in the spec failed (ie: it was only - looking at the last entry). CLeaned things up by adding the - cmndcmp() function--all neat & tidy + * check.c: + added support for utime(2)'s that can't take a NULL parameter + [98797fedf69f] -1994-08-12 21:21 millert + * utime.c: + moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs + [6ce6d825fb44] - * CHANGES: added one + * configure.in: + added utime(s) stuff + [a2afb744403e] -1994-08-11 23:42 millert + * check.c: + now use utime() + [48902240a51e] - * sudo.c: now do two passes to skip bogus interfaces (lo0, etc) + * config.h.in: + added HAVE_UTIME and HAVE_UTIME_NULL + [9a56ab65d4f4] -1994-08-11 21:58 millert +1995-06-17 Todd C. Miller - * logging.c, sudo_realpath.c, sudo_setenv.c: added ninclude of - netinet/in.h + * utime.c: + now use HAVE_UTIME_NULL + [e3944de09a92] -1994-08-11 21:58 millert + * emul/utime.h, utime.c: + Initial revision + [a2cbf2ef3427] - * check.c, find_path.c, getcwd.c, getwd.c, parse.lex, parse.yacc, - visudo.c: added include of netinet/in.h + * check.c: + need to setuid(0) to make kerb4 stuff work. + [c6cfda4039d7] -1994-08-11 21:57 millert + * tgetpass.c: + no more special case for kerberos + [4a5c33145be9] - * version.h: ++ + * config.h.in: + took out setreuid and setresuid stuff added kerb5 stuff (use kerb4 + emulation) + [a607ee43e650] -1994-08-11 21:57 millert + * compat.h: + no longer need setreuid() emulation now set _PASSWD_LEN to 128 if + kerberos + [02fb274cc136] - * sudo.h: added interfaces global + * check.c: + now use private ticket file for kerberos support to avoid trouncing + on system one + [28d8b6b812c7] -1994-08-11 21:56 millert +1995-06-15 Todd C. Miller - * parse.c: now uses new interfaces global + * sudo.h: + added SPOOF_ATTEMPT & cmnd_st + [d3b42a1f4d0d] -1994-08-11 21:56 millert + * sudo.c: + added anti-spoofing support + [ab1e2aa44a57] - * sudo.c: now ip addresses are gleaned fw/o dns + * parse.c: + now use global cmnd_st + [47018265a1a6] -1994-08-10 19:21 millert + * logging.c: + added SPOOF_ATTEMPT suypport + [7bbe9dd2a021] - * sudo.c: added load_ip_addrs() to load the ip_addrs global var + * testsudoers.c, visudo.c: + added void casts where appropriate + [f191441ba333] -1994-08-10 19:21 millert + * parse.yacc: + fixed up spacing and added void casts where appropriate + [15d886fc809c] - * parse.c: added hostcmp() to compare hostnames, ip addrs, and - network addrs + * sudo.c: + fixed problem with "-p prompt" but no args + [6fc048261a3e] -1994-08-10 19:20 millert +1995-06-14 Todd C. Miller - * sudo.h: added ip_addrs def added load_ip_addrs prototype + * sudo.man: + added BUGS and annotated -l description + [e5c506de2603] -1994-08-08 16:03 millert + * sudo.h: + validate() now takes a flag + [26627becc60a] - * CHANGES: updated + * sudo.c: + validate() now takes a flag added -l + [a4f7bb97fe54] -1994-08-08 15:57 millert + * parse.yacc: + added support for -l + [e7a9b10b0ad3] - * Makefile.in: removed multiple entries in DISTFILES + * parse.c: + validate() now takes a flag that says whether or not to check the + command + [9e1e67f4e281] -1994-08-08 13:05 millert +1995-06-08 Todd C. Miller - * visudo.c: ansified the !STDC_HEADERS decls + * logging.c: + now deals with Argv == 1 + [0acb637ab635] -1994-08-08 13:05 millert + * sudo.man: + added -p option + [e60382fc0561] - * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c: don't do - malloc decl if gnuc + * sudo.c: + added prompt support reworked parse_args() + [2f605267ed4a] -1994-08-08 13:04 millert + * sudo.h: + added prompt + [5ab021bdb419] - * sudo.c: can't use getopt(3) since it munges args to the command - to be run as root don't do malloc decl if gnuc + * options.h: + added PASSPROMPT + [614727ff44a2] -1994-08-08 00:41 millert + * check.c: + now use BUFSIZ as length of kerb password added kpass so pass is + always a char * now use prompt global when asking for a password + [76be09af784f] - * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c, - sudo_realpath.c, sudo_setenv.c: ansi-fied !STDC_HEADER function - prottypes + * tgetpass.c: + now use BUFSIZ as _PASSWD_LEN if using kerberos + [1e907eed312b] -1994-08-08 00:27 millert + * OPTIONS: + added PASSPROMPT + [ddb2f405ce40] - * getcwd.c, getwd.c: added missing paren +1995-06-07 Todd C. Miller -1994-08-08 00:23 millert + * configure.in: + only look for -lufc or -lcrypt if crypt() not in libc + [9717d315661f] - * Makefile.in: added putenv.c to DISTFILES + * check.c: + don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN + (unknown user) silently fail + [2b48693d4ee9] -1994-08-08 00:08 millert + * INSTALL: + added kerb4 note + [986e393f740c] - * sudo_setenv.c: added params to func decls when STDC_HEADERS is - not defined now can count on putenv() being there + * tgetpass.c: + HAVE_KERBEROS -> HAVE_KERB4 + [e438bfb5e6aa] -1994-08-08 00:08 millert + * check.c: + removed debugging printf + [1cf9f5cbffa5] - * sudo_realpath.c: took out errno decl since sudo.h does it for us - fixed up a next cc warning added params to func decls when - STDC_HEADERS is not defined + * configure.in: + KERBEROS -> KERB4 added checks for setreuid & setresuid + [01e9945beb1e] -1994-08-08 00:07 millert + * config.h.in: + HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID + [0e0bb5b8ac3e] - * sudo.h: took out environ extern added local declaratio of - putenv() if local version is needed + * compat.h: + added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation + with setresuid if applic + [9dae24c47696] -1994-08-08 00:05 millert + * check.c: + HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if + no setreuid() or a broken one + [1fca642bdb8e] - * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c: added params to - func decls when STDC_HEADERS is not defined +1995-06-06 Todd C. Miller -1994-08-08 00:04 millert + * configure.in: + added kerberos support + [da5639b9b8e7] - * config.h.in: added memcpy check check to see that ansi vs bsd - macros are ntot already defiend before defining (ie: avoid - redefinition) + * config.h.in: + added HAVE_KERBEROS + [fcc5be550e65] -1994-08-08 00:03 millert + * tgetpass.c: + added KERBEROS support (long passwords) + [303ba6924dd2] - * configure.in: removed fluff setenv check plus check w/ replace - for putenv if also no setenv + * check.c: + added kerberos support + [e40afe98fc1d] -1994-08-08 00:01 millert +1995-06-03 Todd C. Miller - * putenv.c: Initial revision + * sudo.h: + added MODE_BACKGROUND + [9b483c932016] -1994-08-06 19:19 millert + * sudo.man: + escaped dashes added -b option + [62e84f1a7714] - * sudo_setenv.c: Initial revision + * sudo.c: + added -b option + [7e78aaefeb95] -1994-08-06 19:19 millert + * check.c: + added crypt() for osf/1 3.x enhanced secuiry + [e9aa5abdb7d5] - * sudo.h: rm'd s realp[ath added sudo_realpath and sudo_setenv + * configure.in: + now check for -lcrypt + [5cb9c67e9fa2] -1994-08-06 19:19 millert + * interfaces.c: + added ENXIO like EADDRNOTAVAIL + [74223bb1ba75] - * sudo.c: now use sudo_setenvc +1995-05-08 Todd C. Miller -1994-08-06 19:18 millert + * configure.in: + now emulate getwd(), not getcwd() + [3e5439d9a5f4] - * configure.in: added puteenv and setenv, removed realpath + * sudo.c: + getcwd() -> getwd() + [6392a96a658e] -1994-08-06 19:18 millert + * getwd.c: + getcwd -> getwd + [1b0ab9bae11e] - * config.h.in: added putenv & setenv +1995-05-02 Todd C. Miller -1994-08-06 19:18 millert + * ins_2001.h, ins_classic.h, ins_goons.h: + Initial revision + [86db60d8cf00] - * Makefile.in: added sudo_setenv + * insults.h: + broke out insults into separate include files + [0a01993bd38a] -1994-08-06 19:16 millert + * OPTIONS, options.h: + added GOONS + [e283203c6515] - * version.h: ++ + * Makefile.in: + added ins_2001.h ins_classic.h ins_goons.h + [2a39cd6a4cd2] -1994-08-05 19:43 millert + * Makefile.in, version.h: + ++version + [05ebf4f5e41a] - * configure.in: added MAN_POSTINSTALL and /usr/share/catman for - irix + * visudo.c: + moved signal handler setup to setup_signals() + [3dd976c04540] -1994-08-05 19:43 millert + * sudo.h: + added load_interfaces() + [af2d473b09e2] - * Makefile.in: added MAN_POSTINSTALL + * sudo.c: + moved load_interfaces to interfaces.c + [5c8c138e5d4c] -1994-08-05 19:43 millert + * parse.yacc: + added clearaliases + [aeb4ff301daa] - * CHANGES: added + * OPTIONS, options.h: + added FAST_MATCH + [f49ea3d1b525] -1994-08-05 19:10 millert + * parse.lex: + now uses clearaliases variable + [a2dda415bf61] - * sudo.man: added SUDO_* plus new options + * interfaces.c: + Initial revision + [a1990e3f5c69] -1994-08-05 19:10 millert + * Makefile.in: + added interfaces.[co] + [1e8e5984de97] - * CHANGES: added one + * testsudoers.c: + now uses ip addrs and netmasks via load_interfaces() + [54b8f7a6835e] -1994-08-05 19:07 millert + * sudo.c: + now remove IFS instead of setting to "sane" value + [ce7eec9f115e] - * configure.in: took out shadow lib +1995-05-01 Todd C. Miller -1994-08-05 18:35 millert + * parse.c: + added FAST_MATCH + [816d4f5fe81a] - * TODO: adde done +1995-04-30 Todd C. Miller -1994-08-05 17:52 millert + * Makefile.in: + sudo_goodpath.c-> goodpath.c + [a5072c4e1de2] - * visudo.c: now use yyrestart() if flex now reset yylineno to 0 + * sudo.c: + added Andy's new ISC changes + [caa6bbee358e] -1994-08-05 17:49 millert +1995-04-14 Todd C. Miller - * Makefile.in: support for installing a cat page instead of a man - page if no nroff + * OPTIONS: + added a sentence to SECURE_PATH info + [cad6e1569d15] -1994-08-05 17:48 millert + * BUGS: + added one + [4b35cf699a83] - * configure.in: now defines HAVE_FLEX fixed up man stuff so that it - looks for nroff to determine whether or not to install a cat or - man page + * CHANGES: + updated + [5fded9dc62f0] -1994-08-05 17:48 millert + * RUNSON: + updated + [33cb993cfd39] - * config.h.in: added HAVE_FLEX +1995-04-13 Todd C. Miller -1994-08-05 16:14 millert + * RUNSON: + updated for beta3 + [a05dc6a91995] - * sudo.c: not set ret to MODE_RUN initially + * Makefile.in, version.h: + ++version + [54aaf3fadc75] -1994-08-05 16:12 millert + * aclocal.m4: + sendmail is now looked for in /usr/ucblib + [231ac1a4662f] - * find_path.c: made command (and therefor cmnd dynamically - allocated) + * sudo.c: + fixed indentation + [fb137400c8c2] -1994-08-04 20:25 millert + * aclocal.m4: + fixed a typo + [e03f1acc468b] - * TODO: did #8 + * sudo.c: + updated ISC mods + [070290d4754b] -1994-08-04 20:24 millert + * configure.in: + added unixware case + [e90250bae0d9] - * version.h: ++ + * check.c: + user_is_exempt is no longer hidden + [1a341765b8af] -1994-08-04 20:24 millert + * RUNSON: + updated + [a9c4898b26dd] - * sudo_realpath.c: changed bufs from MAXPATHLEN to MAXPATHLEN+1 + * aclocal.m4: + isc and riscos changes + [98b5d86585d1] -1994-08-04 20:24 millert + * OPTIONS: + added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH + [e1ecc464ce4b] - * sudo.h: added MODE_ removed validate_only and added - remove_timestamp() + * Makefile.in: + fixed a typo and added testsudoers stuff + [435d60e163dc] -1994-08-04 20:22 millert + * testsudoers.c: + Initial revision + [6ce14a448662] - * sudo.c: usage() now takes an int (exit value) added parse_args() - to parse command line arguments moved call to find_path() from - load_globals to new function load_cmnd() removed validate_only - global -- now use the concept of "modes" added -h and -k options +1995-04-12 Todd C. Miller -1994-08-04 20:21 millert + * parse.yacc: + applied fixed patch from Chris + [cd6144203d13] - * parse.c: no longer use global validate_only now checks for - command called "validate" removed check for non-fully qualified - commands since that is done by find_path +1995-04-11 Todd C. Miller -1994-08-04 20:20 millert + * Makefile.in: + fixed a typo + [34f8a54ba041] - * find_path.c: changed MAXPATHLEN r to MAXPATHLEN+1 + * parse.yacc: + added a set of braces for bison + [f0e43b938914] -1994-08-04 20:17 millert + * parse.yacc: + merged in Chris' changes to dekludge the parser. + [82d6e373ab1c] - * find_path.c: fixed off by one error with MAXPATHLEN and fixed a - comment + * logging.c: + send_mail() was calling find_path() which is wrong since find_path() + stores cmnd in a static var. Anyhow, it doesn't make much sense + since MAILER should always be fully qualified + [6eae6a0b8098] -1994-08-04 20:17 millert +1995-04-10 Todd C. Miller - * check.c: check_timestamp no longer runs reminder(), it is implied - in the return val added remove_timestamp() + * sample.sudoers: + added User_Alias stuff + [aaba8c8e918d] -1994-08-04 20:16 millert + * aclocal.m4: + SUDO_NEXT now looks for /usr/lib/NextStep/software_version + [52bd81f34b32] - * CHANGES: updated + * RUNSON: + added DEC UNIX 3.0 w/ gcc + [7daf570775b5] -1994-08-04 16:38 millert + * visudo.c: + Exit was being used in places where exit should be used + [6026a89c07ed] - * BUGS: fixed on + * sudoers: + added "User alias specification" + [a487b6e234f8] -1994-08-04 16:38 millert + * parse.yacc: + fixed probs caused by making nslots and naliases a size_t + [0be919384f3f] - * sudo_realpath.c: took out old_errno + * RUNSON: + added KSR, upped rev to 1.3.1b2 + [ce04ee6faadf] -1994-08-04 16:37 millert + * logging.c, parse.yacc: + 1024 -> BUFSIZ + [cd6dda45fa11] - * CHANGES: updated + * parse.yacc: + void * -> VOID * naliases and nslots are now size_t to appease + lsearch on 64-bit machines + [bf2f807c0dc1] -1994-08-03 12:08 millert +1995-04-09 Todd C. Miller - * logging.c: moved send_mail to after syslog + * TODO: + did a bunch of things and added a bunch :-) + [42afd957b829] -1994-08-02 22:41 millert + * PORTING: + updated + [972f95c85776] - * sudo.c: now set SUDO_ envariables + * visudo.man: + closer to BSD manpage style + [07ae88f50325] -1994-08-01 13:40 millert + * sudo.man: + closer to standard BSD man format + [372c28dcc135] - * version.h: ++ + * compat.h, config.h.in, emul/search.h, insults.h, options.h, + pathnames.h.in, sudo.h, version.h: + added RCS id + [c0ec90b81002] -1994-08-01 13:39 millert + * sudo.h: + removed crufty #defines that are no longer used + [35e2b4b477f0] - * sudo_realpath.c: now print error if chdir fails + * BUGS: + fixed a bug + [5bb3e1bee85e] -1994-08-01 13:39 millert + * sudo.man: + updated based on sudo changes + [e65de1cae438] - * find_path.c: removed an XXX + * parse.yacc: + now allow ALL keyword in User_Aliases now allow ALL keyword as well + as a NAME or ALIAS + [1fb31404dd0f] -1994-07-25 20:40 millert + * CHANGES: + updated + [b24018ac610b] - * CHANGES: updated + * sudo.c: + now sets SUDO_COMMAND and SUDO_GID envariables. + [e9d791557fb7] -1994-07-25 20:36 millert + * aclocal.m4: + fixed bug with full void impl check + [35715301023c] - * configure.in: no more static binaries for aix + * parse.yacc: + fixed User_Alias supoprt + [4c30dfbaaa07] -1994-07-25 18:37 millert + * parse.yacc: + added stubs for User_Alias support + [f4afbd247edf] - * INSTALL: fixed typo + * sudo.c: + now sets removes # bogus interfaces from num_interfaces + [6f077fac9ab1] -1994-07-25 18:33 millert + * parse.lex: + added User_Alias support + [bc7997e5df85] - * sudo_realpath.c: took out stuff not needed for sudo now does - be_root/be_user itself now uses cwd global +1995-04-08 Todd C. Miller -1994-07-25 18:32 millert + * Makefile.in: + removed extraneous TODO + [bc87a3b14d6d] - * version.h: +=2 +1995-04-07 Todd C. Miller -1994-07-25 18:31 millert + * visudo.c: + ntwk_matches -> addr_matches + [475044e288b8] - * logging.c, sudo.c: be_root/be_user is now down in sudo_realpath() + * parse.yacc: + ntwk_matches -> addr_matches + [dd1f4093fd2d] -1994-07-25 18:26 millert + * parse.c: + ntwk_matches -> addr_matches now use inet_addr() not inet_network() + (which expects octet boundaries) fixes for OSF (sizeof(int) != + sizeof(long)) + [acd2f556940f] - * logging.c, sudo.h: now works with 4.2BSD syslog (blech) + * sudo.c: + took out debugging info + [044023063eca] -1994-07-25 18:25 millert + * aclocal.m4: + OS was being set to unknown before non-uname based host checks. + This caused no checks to happen since $OS was not zero-length. + [335a7267479d] - * find_path.c: now use sudo_realpath() + * sudo.c: + fixed loading of interfaces struct still has debugging info in + though + [2d1a18998c1e] -1994-07-25 18:25 millert + * parse.c: + fixed typo + [175674a3a9fa] - * config.h.in: took out realpth() stuff since we now use - sudo_realpath() +1995-04-06 Todd C. Miller -1994-07-25 18:25 millert + * Makefile.in: + ++version + [55d191b5daa3] - * configure.in: ultrix enhanced sec + * version.h: + ++ + [d7d1f115696a] -1994-07-25 18:25 millert + * visudo.c: + removed extraneous extern decl of "top + [50355621047d] - * SUPPORTED: added ultrix enhanced sec. + * visudo.c: + now zeros "top" + [4e683210345b] -1994-07-25 18:24 millert + * parse.yacc: + removed parser_cleanup (no need for it now) + [afa59f222b6c] - * INSTALL: updated + * parse.lex: + now calls reset_aliases() directly + [3a23cbd60fc0] -1994-07-25 18:21 millert +1995-04-04 Todd C. Miller - * check.c: ultrix enhanced security suport + * OPTIONS: + added a sentence to SECURE_PATH description + [c5bf75b85af0] -1994-07-25 18:20 millert + * parse.c: + fixed my stupid bug where I used NAMLEN on something I wanted to + just get the name from. argh. + [111f460f6540] - * Makefile.in: added sudo_realpath.c +1995-04-03 Todd C. Miller -1994-07-25 18:18 millert + * lsearch.c: + fixed argument order of memmove() that i hosed when converting from + bcopy(). arghh. + [2f5336045c8b] - * CHANGES: updated + * Makefile.in: + finally fixed DISTFILES line + [a1b419e73a63] -1994-07-25 14:28 millert + * Makefile.in: + tabs -> spaces + [280fb03e5764] - * tgetpass.c: increased passwd len to 24 for c2 security + * Makefile.in: + added missing files to DISTFILES + [991fc1cd2263] -1994-07-25 13:17 millert + * Makefile.in: + SUPPORTED -> RUNSON + [7580e65b05fb] - * BUGS: updated BUGS +1995-04-01 Todd C. Miller -1994-07-15 11:49 millert + * TODO: + updated + [fe764a29c1cc] - * check.c: now use user global var + * RUNSON: + updated for pl5b1 release + [aefc35bd2291] -1994-07-15 11:48 millert + * BUGS, TODO: + updated + [8f0ea249b687] - * configure.in: took out -ls + * check.c: + fixed bug where if you hit return at first sudo prompt it would + still log as a failure + [24539c854692] -1994-07-14 19:11 millert + * CHANGES: + updated + [251cc7b3ede4] - * configure.in: added AFS libs + * aclocal.m4: + better test for bogus void * implementation + [efe23180cb88] -1994-07-14 17:45 millert + * logging.c: + added PASSWORDS_NOT_CORRECT + [bd12c73f83f7] - * sudo.h: user is now a char * added epasswd + * check.c: + added PASSWORDS_NOT_CORRECT stuff] + [90de391a979f] -1994-07-14 17:43 millert + * sudo.h: + added PASSWORDS_NOT_CORRECT + [727fbeb76fc5] - * sudo.c: added tzset() to load_globals added epasswd (encrypted - password) global made user dynamically allocated + * tgetpass.c: + moved pathnames.h + [4f910e5a8df7] -1994-07-14 17:43 millert + * sudo.c: + removed some unused vars and fixed up uid2str + [70e92c7f9076] - * configure.in: added tzset test + * putenv.c: + moved compat.h + [b271091586f6] -1994-07-14 17:43 millert + * getcwd.c, getwd.c: + added pathnames.h + [6f25218f133f] - * config.h.in: added HAVE_TZSET +1995-03-31 Todd C. Miller -1994-07-14 17:42 millert + * parse.yacc: + fixed a typo I introduced in the last checkin :-( + [62c3af75c4fe] - * check.c: cleaned up encrypted passwd grab somewhat + * parse.lex: + can't have #ifdef's where N is defined so just do this the broken + way for AIX + [c5648a5594e4] -1994-07-14 12:34 millert + * parse.yacc: + better hack from Chris (but still a hack) + [6b6d8aed93f3] - * configure.in: fixed AFS typo + * parse.lex: + stupid hack for broken aix lex + [efc3f9e5280e] -1994-07-14 12:34 millert + * tgetpass.c: + now includes compat.h  + [401822173f77] - * INSTALL: added AFS not + * visudo.c: + now includes fcntl.h + [63865c2f8ac6] -1994-07-14 12:34 millert + * compat.h: + added FD_SET and FD_ZERO for 4.2BSD + [00c5597c0bb0] - * CHANGES: udpated + * parse.yacc: + dirty hack to fix parser bug. i don't really like this but it works + for now... + [5b8bbdc81569] -1994-07-14 12:33 millert + * sudo.c: + uid2str is now static like the prototype says + [f2a97b5cb870] - * logging.c: can now log to both syslog & a file +1995-03-30 Todd C. Miller -1994-07-14 12:12 millert + * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING: + updated + [6f79c3e92716] - * sudo.h: added BOTH_LOGS + * RUNSON: + Initial revision + [12a09ef9e884] -1994-07-14 11:34 millert + * sudo.c: + check_sudoers now returns an error code and sudo calls inform_user + and log_error based on the return value. + [340eca188d9a] - * CHANGES: updated + * logging.c, sudo.h: + added entries for new errors + [6050d8542e1f] + + * parse.c: + now set uid to that of SUDOERS_OWNER while parsing sudoers file + [3683c42bc9b0] + + * Makefile.in: + took out testsudoers  + [65317d49db48] + + * sudo.c: + now explicately checks that it is setuid root + [2fe1be60ef6a] + + * sudo.c: + If a user has no passwd entry sudo would segv (writing to a garbage + pointer). Now allocate space before writing :-) + [d08e7eb5e5ef] + + * configure.in: + reordered AC_CHECK_FUNCS + [4c82e56c6f4f] + + * config.h.in: + fixed memset macro + [77ede6b714ab] + + * tgetpass.c, visudo.c: + bzero -> memset + [1a005bb322c8] + + * logging.c: + bzero -> memset when a parse error is logged the line number of the + error is now logged too + [a42d68047723] + + * INSTALL: + added Sunos to blurb about c2 security + [af750a1d131e] + + * configure.in: + added a SUN4 define for C2 security + [6ad5b23a3eb0] + + * config.h.in: + bcopy -> memmove bzero -> memset + [5494460c8464] + + * lsearch.c: + bcopy -> memmove char * -> VOID * + [a15f5c316e16] + + * check.c: + added support for sunos with C2 security + [03fea5bb21e6] + + * OPTIONS, options.h: + reordered + [1686265af3e1] + + * pathnames.h.in: + _PATH_SUDO_LOGFILE now set based on configure + [5867b58e4a04] + + * configure.in: + added SUDO_LOGFILE and SUDO_TYPE_SIZE_T + [1984d9fd1b5c] + + * config.h.in: + added _SUDO_PATH_LOGFILE + [dd3eebe62580] + + * aclocal.m4: + added SUDO_LOGFILE to find where to put sudo.log added + SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added + SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE) + [c589a515a99a] + +1995-03-29 Todd C. Miller + + * TROUBLESHOOTING: + Initial revision + [f42f1baba3a8] + + * sudo.c: + now do set_perms(PERM_ROOT) before the getpwuid() in load_global() + to work around a problem is trusted hpux shadow passwords. yuck. + [ae1f13b54687] + + * parse.yacc: + backed out a change in malloc/realloc + [ab868db0ad69] + + * parse.yacc: + now include stdlib.h + [957eef0631eb] + + * visudo.c: + now do an freopen() of the stmp file so that yyin will always point + to the same thing. This is important for flex since we are doing a + YY_NEWFILE + [44558922fd3e] + + * parse.yacc: + replaced yywrap() with parser_cleanup() since yywrap() needs to be + in parse.lex to be able to use YY_NEW_FILE. sigh. + [12dd09921074] + + * parse.lex: + now have a rule that matches anything that doesn't match an + explicite rule. well, you know what i mean (. matches anything not + yet matched). However, this means that there is input still queued + up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved + into parse.lex and it calls parser_cleanup() which is most of the + old yywrap() sigh. + [7f4042bc48d6] + + * SUPPORTED: + no longer used + [8f220be4da94] + + * getcwd.c, getwd.c: + moved compat.h to be the last include file + [9f3a65e2d485] + + * parse.yacc: + fixed type of aliascmp() args + [1c27eb989bdf] + + * find_path.c: + NULL -> '\0' + [5c8d8cf1692e] + + * parse.yacc: + added casts to lfind and lsearch args for irix + [61027ddeecf8] + + * Makefile.in: + bsdinstall -> install-sh + [61de6612c5a5] + + * INSTALL: + added info about make realclean + [29c6324d727f] + + * Makefile.in: + updated VERSION added dependencies for visudo.cat + [09077d7229d4] + + * version.h: + -> pl5b1 + [5d21c7ad1a41] + + * sudo.c: + took out -l + [fc1478d81b38] + + * Makefile.in: + now there is a real visudo.man and visudo.cat + [58aeac43a6dd] + + * sudo.man: + took out visudo stuff + [4a6ac4393343] + + * visudo.man: + Initial revision + [cba348843db8] + + * parse.c, parse.lex, parse.yacc: + updated copyright + [ffa16b70944a] + + * README: + updated for pl5 + [a26e423e9e5f] + + * sudo.man: + updated Nieusma & Hieb email addresses + [f0083e71989d] + + * INSTALL: + updated to include options.h and OPTIONS + [ee59e2b76c94] + + * CHANGES, TODO: + updated + [51e011ad5220] + + * BUGS: + eliminated bug #1 (yay) + [e7e88515494e] + + * configure.in: + sunos no longer gets linked statically + [2e5b3ff3108f] + +1995-03-28 Todd C. Miller + + * parse.lex: + prototype now uses __P() + [68ecdcab4c70] + + * parse.lex: + make fill() non-ansi + [d6509972260b] + + * parse.c: + made -v (validate) work + [13c9d520638c] + + * logging.c: + now gives host + [f04859cdba5a] + + * find_path.c: + don't check for execute/statable if fq or relative path given + [4bbe851f3973] + + * parse.c: + added a cast + [345c308f72f3] + + * visudo.c: + now include ctype.h for islower and tolower macros + [582c0aa332d5] + + * goodpath.c: + moved _S_IFMT & _S_ISREG to compat.h + [828e4ca4e7b4] + + * sudo.c: + moved a set of parens + [5783474ecf37] + + * strdup.c: + now include compat.h + [75e2036b94af] + + * emul/search.h: + void * -> VOID * + [cedcfaf04161] + + * parse.yacc: + now cast malloc & realloc return vals added search for HAVE_LSEARCH + now use strcmp if no strcasecmp available + [d6a42bc3d4ae] + + * lsearch.c: + void * -> VOID * + [886adc44f607] + + * config.h.in: + removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H, + HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH + [3b50d7fb4349] + + * compat.h: + added _S_IFMT, _S_IFREG, and S_ISREG + [73d506c7d53c] + + * aclocal.m4: + took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results + to most SUDO_* macros + [8442155f5936] + + * Makefile.in: + no more -I. + [63462f195bd4] + + * configure.in: + various 1.x ro 2.x autoconf changes now check for strcasecmp now use + AC_INSTALL_PROG instead of custom one added check for fully woorking + void implementation + [5ac6b6e6230f] + + * Makefile.in: + added lsearch & search.h visudo links into $(LIBOBJS) + [bc119cda4598] + + * aclocal.m4: + partial 1.x to 2.x changes added SUDO_FULL_VOID + [1194d01fa5c5] + + * visudo.c: + whatnow_help was prototyped to be static be was not declared as + such + [0f85489dd426] + + * configure.in: + autoconf 2.x changes took out HAVE_FLEX (no longer used) added check + for dirent/dir/ndir.h + [7408f3854948] + + * parse.c: + now use groovy gnu autoconf macro AC_HEADER_DIRENT + [e465db9f5dfa] + + * getcwd.c, getwd.c: + MAXPATHLEN -> MAXPATHLEN+1 + [714d87424e21] + + * emul/search.h, lsearch.c: + Initial revision + [55d79482c535] + +1995-03-27 Todd C. Miller + + * parse.yacc: + eliminated bison warnings + [61ca0a96da22] + + * parse.lex: + added missing case + [6be0f849747c] + + * visudo.c: + now iincludes signal.h + [221e0fcc144f] + + * parse.yacc: + only clear data structures on a parse error + [7b1c0f1a4527] + + * visudo.c: + whatnow() now gives help on invalid input + [e5a4cd88c587] + + * visudo.c: + added a whatnow() function (sort of like mh) + [932d9b145f1c] + + * parse.yacc: + kill_aliases -> reset_aliases yywrap() now cleans up by calling + reset_aliases() and clearing top took reset stuff out of yyerror() + since it doesn't beling there (and doesn't work anyway). errorlineno + is now initially set to -1 so we can set it to the first error that + occurrs (it was getting set to the last) + [2f71f95a974c] + + * parse.lex: + added a void cast + [18ae6042dce4] + + * visudo.c: + rewrote from scratch based on 4.3BSD vipw.c + [2f6814f18576] + +1995-03-26 Todd C. Miller + + * sudo.c, sudo.h: + removed ocmnd + [a31735f41ad4] + + * sudo.h: + no more sudo_realpath() and find_path() changed params + [8e85c3b39159] + + * sudo.c: + find_path() changed since no more realpath() + [b25366c7f2ee] + + * parse.yacc: + on error, errorlineno is set to the line where the error occurred + added kill_aliases() to free the aliases struct now clean up in + yyerror() so we can reparse cleanly + [2342f578c27a] -1994-07-14 11:32 millert + * options.h, parse.c: + no more USE_REALPATH + [cfc59babeaff] + + * logging.c: + changed to use new find_path() + [91c7a38e7751] - * configure.in: --with-AFS + * find_path.c: + removed all the realpath() stuff + [cc21a43a8562] -1994-07-14 11:32 millert + * Makefile.in: + sudo_realpath.c -> sudo_goodpath.c + [03a9b1ddec2f] - * config.h.in: added HAVE_AFS + * visudo.c: + now works correctly with utk parser + [08aa554a0ce8] -1994-07-14 11:31 millert + * goodpath.c: + Initial revision + [1ea607e1ffb2] - * check.c: added afs changes + * sudo_realpath.c: + eliminated a compiler warning + [198bcccc55b6] -1994-07-14 11:21 millert + * sudo.c: + elinated compiler warning + [e2384f9a878b] - * sudo.h: removed AFS stuff :-) + * sudo_realpath.c: + added sudo_goodpath() + [43878c4cc540] -1994-07-14 11:19 millert + * sudo.h: + added prototype for sudo_goodpath + [23e8627a2265] - * tgetpass.c: include sys/select for AIX + * parse.c: + added support for /sys/dir.h + [eca897087741] -1994-07-14 11:17 millert + * options.h: + USE_REALPATH turned off + [620ac8b63d85] - * sudo.h: added AFS + * find_path.c: + added calls to sudo_goodpath() + [ad170904fbcd] -1994-07-14 11:16 millert + * configure.in: + added check for dirent.h + [7964a8c26855] - * version.h: ++ + * config.h.in: + added HAVE_DIRENT_H + [1f785fec7e19] -1994-07-07 14:45 millert + * configure.in: + added in linux shadow pass stuff  + [e585a5785f50] - * SUPPORTED, CHANGES: updated +1995-03-24 Todd C. Miller -1994-07-07 14:44 millert + * visudo.c: + added back host, user, cmnd, parse_error + [0ec19f3d64f4] - * logging.c: can now have MAILER undefined + * visudo.c: + added in utk changes plus some minor cosmetic changes + [c5c1921c8a58] -1994-07-07 14:37 millert + * sudo.c, sudo_realpath.c: + added void casts for printf's + [9c6ff11c0082] - * INSTALL: new sub-note about MAILER + * options.h: + added a define of USE_REALPATH + [db3711c9efc5] -1994-07-06 23:11 millert + * configure.in: + there is no more visudoers/Makefile + [36e1bc1f78d0] - * sudo.man: added blurb about password timeout + * Makefile.in: + added in utk changes (visudo is now built from the toplevel) + [76203d4b345d] -1994-07-06 20:52 millert + * find_path.c: + added (void) casts to printf's + [dd5cb1e060ac] - * configure.in: convex c2 changes + * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c: + merged in utk changes + [35563307fd8e] -1994-07-06 20:52 millert +1995-03-23 Todd C. Miller - * aclocal.m4: took out duplicate define of _CONVEX_SOURCE + * find_path.c: + now check to see that what we are trying to run is a file (or a link + to a file, we do a stat(2) so there is no diff) + [05889c4bcace] -1994-07-06 20:51 millert +1995-03-13 Todd C. Miller - * Makefile.in: added OSDEFS + * CHANGES: + updated + [3e8047bb26fb] -1994-07-06 20:46 millert + * Makefile.in: + aclocal.m4 -> acsite.m4 make realclean updated for new autoconf  + [0bdbaa7c4c7d] - * config.h.in: added spaces + * sudo.man: + added myself as maintainer + [77a9d75aab84] -1994-07-06 20:08 millert +1995-02-17 Todd C. Miller - * tgetpass.c: added a goto if fgets fails + * sudo.c: + changed setegid -> setgid + [7f4788d73b6f] -1994-07-06 20:08 millert +1995-02-06 Todd C. Miller - * sudo.h: use __hpux not hpux convex c2 stuff + * configure.in: + fixed the test for irix 5.x to skip bad libs + [bfef896de013] -1994-07-06 20:08 millert + * aclocal.m4: + now initialize OS and OSREV + [cc302756e440] - * sudo.c: use __hpux not hpux +1995-01-27 Todd C. Miller -1994-07-06 20:08 millert + * configure.in: + irix5 changes + [ac985b23f5f2] - * logging.c: convex c2 stuff + * configure.in: + AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1 + compatibility + [0cf8c92a06d7] -1994-07-06 20:07 millert +1995-01-19 Todd C. Miller - * config.h.in: define ansi-ish cpp os defines if non-ansi are - defined for hpux & convex + * visudo.c: + use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ + thing wrt yyrestart (grrrr) + [18e8eabfbb82] -1994-07-06 20:07 millert +1995-01-16 Todd C. Miller - * INSTALL: updated to say we support sonvex C2 + * Makefile.in: + added visudoers/compat.h to DISTFILES + [db23b574b034] -1994-07-06 20:05 millert + * configure.in: + fixed an echo + [7cbc0462b89d] - * check.c: added convex c2 support + * sudo.c: + added ocmnd declaration adjusted for find_path()'s new parameters + [d929cd156474] -1994-07-01 12:06 millert + * sudo.h: + added ocmnd extern adjusted find_path() prototype + [e0004daf5d3c] - * tgetpass.c: no more ioctl never returns NULL uses fgets() and - select() to timeout + * parse.c: + cmndcmp() now takes 3 arguments and checks against the qualified as + well as the unqualified pathname. more code that should use + cmndcmp() but did not, now does + [6f70a8c17bee] -1994-06-29 17:04 millert + * options.h: + added to a comment + [7a78680426b2] - * configure.in: things were testing -n "$GCC" instead of -z "$GCC" + * logging.c: + changed to use new find_path() parameter passing + [840981d30db4] -1994-06-29 16:39 millert + * find_path.c: + find_path() now takes 2 copyout parameters (one for the qualified + pathname and one for the unqualified pathname). The third parameter + may be NULL. + [851503b005e9] - * tgetpass.c: now works + uses fgets() + * configure.in: + no longer munge pathnames.h + [427d8796c5a9] -1994-06-28 18:25 millert + * pathnames.h.in: + changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h) + as a result, pathnames.h does not need to be run through configure + and the user can override the configured values easily. + [2e378f2ebe88] - * tgetpass.c: select doesn't seem to recognize a single '\n' as - input waiting so we can;t use it, sigh. + * config.h.in: + added _SUDO_PATH_* entries + [0857de7cebab] -1994-06-26 16:38 millert + * aclocal.m4: + _PATH* -> _SUDO_PATH_* + [7601193f56cc] - * PORTING: updated tgetpass() blurb + * Makefile.in: + updated DISTFILES and HDRS .o's now depend on config.h + [39d8601965cf] -1994-06-26 16:35 millert +1995-01-13 Todd C. Miller - * configure.in: added --with-getpass + * compat.h: + removed extraneous #endif + [27d4c5f2ce7e] -1994-06-26 16:35 millert + * aclocal.m4: + added SUDO_PROG_MV + [76dda3bdd816] - * Makefile.in: added tgetpass stuff + * configure.in: + added SUDO_PROG_MV added riscos and isc os types took out + -DSHORT_MESSAGE from --with-csops since it is now the default + [68c206ad976e] -1994-06-26 15:25 millert + * sudo.c: + move the include of id.h to compat.h now includes options.h + [45a1eaafb3a8] - * tgetpass.c: now uses stdio + * sudo.h: + moved compatibility #defines to compat.h + [0eee27057698] -1994-06-26 15:17 millert + * pathnames.h.in: + added _PATH_MV + [e830797ab320] - * version.h: ++ + * config.h.in: + move __P to compat.h + [188e12e0ba93] -1994-06-24 19:48 millert + * getcwd.c, getwd.c, putenv.c: + now includes compat.h + [c72cb6d73981] - * PORTING: updated ,. + * compat.h: + Initial revision + [d4d2f359ae03] -1994-06-24 19:46 millert +1995-01-12 Todd C. Miller - * config.h.in: added USE_GETPASS && HAVE_C2_SECURITY + * sudo.h: + pull user-configurable stuff out and put in options.h + [ef929467b070] -1994-06-24 19:45 millert +1995-01-11 Todd C. Miller - * configure.in: fixed a test aded --with-C2 and --with-tgetpass + * parse.lex, parse.yacc, visudo.c: + now includes options.h + [e36d7c82add1] -1994-06-24 19:45 millert + * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c, + sudo_setenv.c: + now includes options.h + [f186ba03de07] - * check.c: added hpux C2 shit + * Makefile.in: + added visudoers/options.h + [e5350c476494] -1994-06-24 19:45 millert + * OPTIONS, options.h: + Initial revision + [9b6b5001e318] - * Makefile.in: took out tgetpass.* + * Makefile.in: + added OPTIONS and options.h + [25448341e16a] -1994-06-24 19:45 millert + * logging.c: + changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE + [5dd6385dd1d3] - * INSTALL: added C2 blurb + * check.c, sudo.h: + changed PASSWORD_TIMEOUT to minutes + [0ec6aab98738] -1994-06-13 15:54 millert +1994-12-17 Todd C. Miller - * configure.in: no termio(s) for ultrix since it is broken + * visudo.c: + now only do Editor +line_num if line_num != 0 + [b69f04b5e3c7] -1994-06-13 15:41 millert +1994-12-16 Todd C. Miller - * check.c: added a space (yeah, anal) + * visudo.c: + now use mv if rename(2) fails + [83210dca1bab] -1994-06-13 15:17 millert + * BUGS: + added a visudo bug + [d61a806f9aa7] - * realpath.c, sudo_realpath.c: fixed it (duh, rtfm) + * check.c: + expanded comment + [641f2cba94cb] -1994-06-08 14:34 millert +1994-11-12 Todd C. Miller - * config.h.in: took out bsd signal stuff for irix + * check.c: + fixed user_is_exempt to return 0 if EXEMPTGROUP is not set + [7a11135039a8] -1994-06-08 14:26 millert +1994-11-10 Todd C. Miller - * visudo.c: comments in #endif + * sudo.c: + added mips & isc support + [e258dc053119] -1994-06-08 14:09 millert + * parse.c: + added support for non-root owned sudoers file + [fea07e65a0fc] - * configure.in: don't define BSD signals for irix + * check.c: + added exempt group support + [928fb4bd9ad5] -1994-06-08 12:57 millert + * sudo.h: + added set_perms() support added SUDOERS_OWNER so can have non-root + own sudoers file added exempt group support added isc support + [61c578d31fc1] - * TODO: did some... + * visudo.c: + now copy sudoers to temp file via read/write (not stdio) now chown + new sudoers file to SUDOERS_OWNER + [a5176c59df70] -1994-06-08 12:57 millert +1994-11-08 Todd C. Miller - * CHANGES: updated + * configure.in: + added skey support + [35a8d2fabdb7] -1994-06-08 12:56 millert + * sudo_realpath.c: + be_* -> setperms() + [a1631d686e1c] - * realpath.c, sudo_realpath.c: took out unneeded code by changing - where a strings was terminated + * sudo.h: + fixed typo added set_perms support added skey support added + seteuid()/setegid() emulation for AIX + [c0c8d6771406] -1994-06-07 19:21 millert + * sudo.c: + be_* -> setperms() now check to make sure sudoers file is owned by + root nread/write by only root + [13ab1e261f1a] - * realpath.c, sudo_realpath.c: fix bug where /dirname would return - NULL + * logging.c, parse.c: + be_* -> setperms() + [21499d845c8f] -1994-06-07 17:40 millert + * check.c: + be_* -> set_perms() added skey support + [df51b56871c1] - * sudo.h: move __P to config.h +1994-11-06 Todd C. Miller -1994-06-07 17:40 millert + * Makefile.in: + ++version + [3c1abbe4e43c] - * getcwd.c, getwd.c, realpath.c, sudo_realpath.c: added errno - definition + * version.h: + ++ + [1d2f9b540a95] -1994-06-07 17:40 millert +1994-10-21 Todd C. Miller - * config.h.in: added __P + * sudo.c: + now sets IFS + [eabbb41b9f08] -1994-06-07 17:21 millert + * insults.h: + fixed typo + [c7997f19216e] - * config.h.in: added HAVE_FCHDIR +1994-10-15 Todd C. Miller -1994-06-07 17:18 millert + * config.h.in: + added HAVE_SKEY + [da948ec4186b] - * strdup.c: now include stdio +1994-10-04 Todd C. Miller -1994-06-07 14:55 millert + * CHANGES: + updated + [f4b55ab007ea] - * realpath.c, sudo_realpath.c: now works if no fchdir + * Makefile.in: + ++version + [0489068b8c95] -1994-06-07 14:55 millert + * version.h: + ++ + [d189faedf423] - * visudo.c: define SA_RESETHAND to null if not defined + * sudo.c: + now bail if ARgv[1] > MAXPATHLEN + [0cea8ecc9dc2] -1994-06-07 14:54 millert + * configure.in: + added function check for tcgetattr(3) + [e03289b22c2f] - * configure.in: added check & replace + * config.h.in: + only define HAVE_TERMIOS_H if you have tcgetattr(3) + [757eab83d1a2] -1994-06-06 20:05 millert + * config.h.in: + added check for tcgetattr + [c5ae92715930] - * configure.in: took out -static for nextstep -- it doesn't work +1994-09-26 Todd C. Miller -1994-06-06 19:59 millert + * CHANGES: + updated + [cbc419883108] - * logging.c: moved #endif to where it belongs +1994-09-22 Todd C. Miller -1994-06-06 19:54 millert + * parse.lex: + now only include unistd.h for linux + [e9adeab95ef0] - * SUPPORTED: correction +1994-09-21 Todd C. Miller -1994-06-06 19:42 millert + * Makefile.in: + added visudo.8 generation + [d6a3f0f887f8] - * configure.in: now checks for strdup realpath getcwd bzero + * configure.in: + added -Wl,-bI:./aixcrypt.exp to aix flags + [72594a21edcf] -1994-06-06 19:31 millert +1994-09-20 Todd C. Miller - * config.h.in: emulate bzero + * BUGS: + added one + [9993a349e096] -1994-06-06 16:57 millert + * CHANGES: + updated + [297b31ec4cdd] - * visudo.c: added posic signals + * README: + added mailing list info + [10372f94a2b2] -1994-06-06 16:57 millert + * parse.yacc: + now use sudolineno instead of yylineno fixed bison warnings + [25a83e62057b] - * tgetpass.c: bzero cast + * configure.in: + now use -no_library_replacement for osf don't make a static binary + for hpux >= 9.0 + [1fa7b892f1a3] -1994-06-06 16:57 millert + * tgetpass.c: + added string.h/strings.h inclusion + [71faa98fc0a1] - * logging.c: added posix signals + * config.h.in: + added ssize_t def + [406284bd1ac0] -1994-06-06 16:56 millert + * parse.lex: + added inclusion of string.h/strings.h + [6985b1df5d09] - * configure.in: removed BROKEN_GETPASS added new srcs toreplace - missing functions + * aclocal.m4: + fixed uname | sed (needed to quote the '[') + [4cd2d3415c1a] -1994-06-06 16:56 millert + * parse.lex: + replaced yylineno with sudolineno fixed bison syntax errors + [0bd31a5fab26] - * config.h.in: added posix signal stuff + * visudo.c: + changed yylineno to sudolineno since yylineno cannot be counted + upon. + [38c30104d0ae] -1994-06-06 16:56 millert + * TODO: + updated + [5d4746f1a752] - * Makefile.in: added new srcs + * parse.c: + added code to support command listings + [030172e133fd] -1994-06-06 12:53 millert + * sudo.c: + added code for -l flag + [801dbbc82778] - * visudo.c: updated useag + * sudo.man: + fixed typo added info for -l flag + [8916ca945d65] -1994-06-06 12:39 millert + * configure.in: + AC_SSIZE_T -> SUDO_SSIZE_T + [c61f7f47013f] - * tgetpass.c: now uses posix signals + * aclocal.m4: + added SUDO_SSIZE_T + [0ccdb77be84d] -1994-06-05 20:17 millert + * sudo.h: + added MODE_LIST + [9b2bd844c76c] - * PORTING: updated sto reflect major changes + * configure.in: + added AC_SSIZE_T + [35cca208f9b5] -1994-06-05 20:05 millert + * find_path.c, sudo_realpath.c: + readlink() is now declared as returning ssize~_t + [0640a08d1407] - * TODO, CHANGES: updated + * configure.in: + added -laud for OSF c2 + [b7539c905efc] -1994-06-05 20:04 millert +1994-09-02 Todd C. Miller - * tgetpass.c: uses sysconf() if available + * Makefile.in, visudo.c: + changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu + [067fd9bcb5e1] -1994-06-05 20:04 millert + * config.h.in, parse.lex, parse.yacc, pathnames.h.in: + changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu + [fc46e7c7110a] - * sudo.h: added PASSWORD_TIMEOUT + prototypes for new functions + * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c, + parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c, + sudo_setenv.c, tgetpass.c, version.h: + changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed + [d1d4fbc53a98] -1994-06-05 20:04 millert +1994-09-01 Todd C. Miller - * realpath.c, sudo_realpath.c: for those w/o this in libc + * Makefile.in: + ++version + [b7066d97633f] -1994-06-05 20:03 millert + * version.h: + ++ + [65ec69d88110] - * getcwd.c, getwd.c: Initial revision + * logging.c: + added host to alertmail messages + [d973c19ce777] -1994-06-05 20:03 millert + * CHANGES, TODO: + udpated + [5a65eb16faeb] - * find_path.c: rewrote to use realpath(3) - nis now all my code + * logging.c: + fixed logging problem where mail would not say which user it was + [35723edcc5d2] -1994-06-05 20:02 millert + * configure.in: + added -laud for gcc if osf & c2 + [18f1e0ae5548] - * config.h.in: added HAVE_REALPATH + * check.c: + moved set_auth_parameters to sudo.c + [d23112fe01db] -1994-06-05 20:02 millert + * sudo.c: + added set_auth_parameters for osf + [eb70f65214ac] - * check.c: now use tgetpass + * configure.in: + cleaned up -static stuff + [01e9575f0422] -1994-06-05 20:02 millert + * Makefile.in: + ++version + [7ac3bff5c770] - * Makefile.in: added LIBOBJS use tgetpass.c + * version.h: + ++ + [10a4ff478469] -1994-06-05 18:55 millert + * sudo.c: + changed setenv() to sudo_setenv() + [40a78abb9946] - * tgetpass.c: works now :-) + * check.c: + fixed osf problem + [3d69b118efb8] -1994-06-05 18:27 millert + * configure.in: + added OSF C2 stuff + [38cff3ad4093] - * tgetpass.c: Initial revision + * CHANGES: + updated + [cd341dd0581a] -1994-06-05 17:17 millert + * check.c: + added osf auth support & removed some extra spaces + [a448cdd81514] - * pathnames.h.in: added /dev/tty + * INSTALL, SUPPORTED: + added osf C2 stuff + [f70484796146] -1994-06-04 17:12 millert +1994-08-31 Todd C. Miller - * version.h: incremented + * TODO: + added 2 suggestions + [695fbdbd86e6] -1994-06-04 15:29 millert + * Makefile.in: + removed README.v1.3.1 and added VERSION stuff + [f69403eb04c6] - * sudo.c: always use getcwd + * version.h: + pl1 + [21580c0f8cb1] -1994-06-04 14:49 millert +1994-08-30 Todd C. Miller - * config.h.in: added check for getwd + * version.h: + 1.3.1final + [630114970298] -1994-06-04 14:48 millert + * Makefile.in: + added HISTORY + [901bff251614] - * configure.in: replace strdup & realpath & getcwd if missing + * sudo.man: + mention HISTPRY file + [86dbcfd4326e] -1994-06-04 14:47 millert + * sudo.c: + use sizeof instead of a constant in 1 place + [d819604c68ca] - * pathnames.h.in: added _PATH_PWD + * parse.yacc: + added unistd.h + [6f9500f9fe7e] -1994-06-04 14:46 millert + * parse.lex: + added unistd.h + [468b81a276eb] - * aclocal.m4: added SUDO_PROG_PWD + * README: + udpated + [7e275618923a] -1994-06-04 14:37 millert + * HISTORY: + Initial revision + [5db1b0a3939b] - * realpath.c, sudo_realpath.c, strdup.c: Initial revision +1994-08-17 Todd C. Miller -1994-06-03 11:31 millert + * version.h: + ++ + [7dfbb4a810bb] [SUDO_1_3_1] - * configure.in: quoted quare brackets + * CHANGES: + updated + [7820ee610bf8] -1994-06-02 17:49 millert + * sudo_setenv.c: + added unistd.h include + [30cf2b654525] - * sudo.c: no need to strdup() a constant +1994-08-16 Todd C. Miller -1994-06-02 15:45 millert + * sudo.c: + added sys/time.h for AIX + [199fc8caf3a3] - * CHANGES: updated +1994-08-15 Todd C. Miller -1994-06-02 15:44 millert + * configure.in: + added check for -lsocket and sys/sockio.h + [f9abfbb31031] - * sudo.man: added validate + * config.h.in: + took out libshadow check and added in sys/sockio.h check + [0c4b0393ac80] -1994-06-02 15:42 millert + * sudo.c: + now include sockio.h instead of ioctl.h if it exists "sudo -" now + gets a better error message + [53041bea5483] - * sudo.c: added -v to usage + * sample.sudoers: + now has a dir and subnet entry + [56b820f65438] -1994-06-02 15:41 millert +1994-08-13 Todd C. Miller - * parse.c, sudo.c, sudo.h: added validate_only stuff + * sudo.c: + removed if_ether.h + [b4f64507493e] -1994-05-29 21:29 millert + * TODO: + added an item + [ea2a1bb6922a] - * configure.in: now finds sed + * sudo.man: + added network and ip addresses to man page + [01c85016511f] -1994-05-29 21:28 millert + * sudo.c: + no error if can't get interfaces or netmask since networking may not + be in the kernel. + [50b8890e2134] - * aclocal.m4: $OSREV is now an int + * parse.c: + nwo check for interfaces == NULL + [dc1b3eef0db2] -1994-05-29 19:13 millert + * parse.c: + fixed a bug that caused directory specs in a Cmnd_Alias to fail if + the last entry in the spec failed (ie: it was only looking at the + last entry). CLeaned things up by adding the cmndcmp() function--all + neat & tidy + [007e93578e5e] - * configure.in: added mtxinu to caser + * CHANGES: + added one + [40e8a2cef497] -1994-05-29 18:37 millert +1994-08-12 Todd C. Miller - * sudo.h: added EXEC macro + * sudo.c: + now do two passes to skip bogus interfaces (lo0, etc) + [465e30aecaf7] -1994-05-29 18:36 millert + * parse.lex, parse.yacc, visudo.c: + added include of netinet/in.h + [11e3816ed362] - * sudo.c: now use the EXEC nmacro now only do a gethostbyname() if - FQDN is set + * logging.c, sudo_realpath.c, sudo_setenv.c: + added ninclude of netinet/in.h + [daccfa40fe1e] -1994-05-29 18:36 millert + * check.c, find_path.c, getcwd.c, getwd.c: + added include of netinet/in.h + [0222f95e06ad] - * logging.c: changed mail_argv[] def now use EXEC() macro + * version.h: + ++ + [d6b0cfa35a38] -1994-05-29 18:35 millert + * sudo.h: + added interfaces global + [ba52fa8ad75e] - * check.c: took out crypt() definition + * parse.c: + now uses new interfaces global + [17473ad5ecba] -1994-05-29 17:23 millert + * sudo.c: + now ip addresses are gleaned fw/o dns + [8828bb2007e0] - * version.h: upped the version +1994-08-10 Todd C. Miller -1994-05-29 15:52 millert + * sudo.c: + added load_ip_addrs() to load the ip_addrs global var + [60c825f04238] - * configure.in: always look for -lnsl + * parse.c: + added hostcmp() to compare hostnames, ip addrs, and network addrs + [ab0e40e37537] -1994-05-29 15:29 millert + * sudo.h: + added ip_addrs def added load_ip_addrs prototype + [c41c565d0777] - * aclocal.m4: added an echo +1994-08-08 Todd C. Miller -1994-05-29 15:25 millert + * CHANGES: + updated + [2a128dbe9bcb] - * sudo.h: SHORT_MESSAGE is now the default + * Makefile.in: + removed multiple entries in DISTFILES + [2490f4f371e6] -1994-05-29 15:18 millert + * visudo.c: + ansified the !STDC_HEADERS decls + [646ba06d17ae] - * config.h.in: fixed typo + * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c: + don't do malloc decl if gnuc + [f1bad1925f98] -1994-05-29 01:29 millert + * sudo.c: + can't use getopt(3) since it munges args to the command to be run as + root don't do malloc decl if gnuc + [38e78f6da14e] - * configure.in: added missing AC_DEFINE(SVR4) for solaris + * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c, + sudo_realpath.c, sudo_setenv.c: + ansi-fied !STDC_HEADER function prottypes + [51d8cad89976] + + * getcwd.c, getwd.c: + added missing paren + [6a1fae70e27e] + + * Makefile.in: + added putenv.c to DISTFILES + [a5e4523eabbb] + + * sudo_setenv.c: + added params to func decls when STDC_HEADERS is not defined now can + count on putenv() being there + [fd587796189b] + + * sudo_realpath.c: + took out errno decl since sudo.h does it for us fixed up a next cc + warning added params to func decls when STDC_HEADERS is not defined + [70fa5152ace6] -1994-05-28 20:42 millert + * sudo.h: + took out environ extern added local declaratio of putenv() if local + version is needed + [a84bae6c020d] - * sudo.man: documented the -v flag + * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c: + added params to func decls when STDC_HEADERS is not defined + [f406f0e47ac0] -1994-05-28 20:34 millert + * config.h.in: + added memcpy check check to see that ansi vs bsd macros are ntot + already defiend before defining (ie: avoid redefinition) + [879ae026e19f] + + * configure.in: + removed fluff setenv check plus check w/ replace for putenv if also + no setenv + [e3c03814ad4b] + + * putenv.c: + Initial revision + [3cff63e2dc1b] + +1994-08-06 Todd C. Miller - * SUPPORTED: updated + * sudo_setenv.c: + Initial revision + [4d637631fa6b] + + * sudo.h: + rm'd s realp[ath added sudo_realpath and sudo_setenv + [07ba001ff57e] + + * sudo.c: + now use sudo_setenvc + [fd81e04d5ef0] + + * configure.in: + added puteenv and setenv, removed realpath + [27bfacfb513b] + + * config.h.in: + added putenv & setenv + [515f14eaf6e4] + + * Makefile.in: + added sudo_setenv + [217731a717c5] + + * version.h: + ++ + [eadb346d7129] + +1994-08-05 Todd C. Miller + + * configure.in: + added MAN_POSTINSTALL and /usr/share/catman for irix + [2a9496c1bdba] + + * Makefile.in: + added MAN_POSTINSTALL + [89b0d4695529] + + * CHANGES: + added + [48c021ba8a70] + + * sudo.man: + added SUDO_* plus new options + [c0759cff5683] + + * CHANGES: + added one + [7d44a3922d56] + + * configure.in: + took out shadow lib + [07cf3de18701] + + * TODO: + adde done + [a27a578e8afe] + + * visudo.c: + now use yyrestart() if flex now reset yylineno to 0 + [77d67ce0b677] + + * Makefile.in: + support for installing a cat page instead of a man page if no nroff + [44671c0fc0fa] + + * configure.in: + now defines HAVE_FLEX fixed up man stuff so that it looks for nroff + to determine whether or not to install a cat or man page + [0562d069c135] -1994-05-28 20:31 millert + * config.h.in: + added HAVE_FLEX + [c5490bae39d3] - * check.c: proto-ized crypt() + * sudo.c: + not set ret to MODE_RUN initially + [88b4983c195b] -1994-05-28 20:28 millert + * find_path.c: + made command (and therefor cmnd dynamically allocated) + [95b82e32b6de] - * config.h.in: added LIBSHADOW undef + * TODO: + did #8 + [fb6f41308cdf] -1994-05-28 20:18 millert + * version.h: + ++ + [14112ecab5ae] - * configure.in: nwo set OS to be lowercase + * sudo_realpath.c: + changed bufs from MAXPATHLEN to MAXPATHLEN+1 + [0ad4f34e55c0] -1994-05-28 19:36 millert + * sudo.h: + added MODE_ removed validate_only and added remove_timestamp() + [dd5f99c57728] - * configure.in: now use SUDO_OSTYPE to set $OS + * sudo.c: + usage() now takes an int (exit value) added parse_args() to parse + command line arguments moved call to find_path() from load_globals + to new function load_cmnd() removed validate_only global -- now use + the concept of "modes" added -h and -k options + [c3887090b28a] -1994-05-28 19:36 millert + * parse.c: + no longer use global validate_only now checks for command called + "validate" removed check for non-fully qualified commands since that + is done by find_path + [7d56fbd26369] - * aclocal.m4: now use uname to determine os + * find_path.c: + changed MAXPATHLEN r to MAXPATHLEN+1 + [a86e8664d971] -1994-05-28 16:23 millert + * find_path.c: + fixed off by one error with MAXPATHLEN and fixed a comment + [58adcef8c981] - * visudo.c: added prototypes & moved sig handler around + * check.c: + check_timestamp no longer runs reminder(), it is implied in the + return val added remove_timestamp() + [42ab5a77066f] -1994-05-28 15:13 millert + * CHANGES: + updated + [8e69b31df024] - * sudo.h: added prototyppes +1994-08-04 Todd C. Miller -1994-05-28 15:13 millert + * BUGS: + fixed on + [bc34f1ac4280] - * parse.c: added comment + * sudo_realpath.c: + took out old_errno + [a168d00a0768] -1994-05-28 15:12 millert + * CHANGES: + updated + [04ba80922df7] - * config.h.in: nwo use _BSD_SIGNALS not _BSD_COMPAT +1994-08-03 Todd C. Miller -1994-05-28 15:11 millert + * logging.c: + moved send_mail to after syslog + [4d4188087834] - * check.c, logging.c, sudo.c: added prototypes + * sudo.c: + now set SUDO_ envariables + [e5963f1bd3bb] -1994-05-28 15:11 millert +1994-08-01 Todd C. Miller - * aixcrypt.exp: Initial revision + * version.h: + ++ + [2a4534845d8c] -1994-05-28 15:11 millert + * sudo_realpath.c: + now print error if chdir fails + [0d75c8973d49] - * Makefile.in: added aixcrypt.exp + * find_path.c: + removed an XXX + [e2077bcb35aa] -1994-05-28 13:21 millert +1994-07-26 Todd C. Miller - * parse.lex, parse.yacc: moved config.h to top of includes + * CHANGES: + updated + [e30a2b39b41a] -1994-05-25 15:48 millert + * configure.in: + no more static binaries for aix + [77a0beb6bd80] - * find_path.c: now don't bitch if get EACCESS (treat like EPERM) +1994-07-25 Todd C. Miller -1994-05-24 23:08 millert + * INSTALL: + fixed typo + [ba5e0d391bc4] - * visudo.c: added -v flag and usage() + * sudo_realpath.c: + took out stuff not needed for sudo now does be_root/be_user itself + now uses cwd global + [4f6d4641d793] -1994-05-24 23:08 millert + * version.h: + +=2 + [97da927b297c] - * version.h: fixed a typo + * logging.c, sudo.c: + be_root/be_user is now down in sudo_realpath() + [f331662fa50f] -1994-05-24 23:08 millert + * logging.c, sudo.h: + now works with 4.2BSD syslog (blech) + [98e39d89dd36] - * sudo.c: cast Argv to a const for exec added -v flag + * find_path.c: + now use sudo_realpath() + [ab436a8ebd02] -1994-05-24 23:07 millert + * config.h.in: + took out realpth() stuff since we now use sudo_realpath() + [8de5ef9f6044] - * logging.c: mail_argv is now a const + * configure.in: + ultrix enhanced sec + [815fb7fffcc0] -1994-05-24 23:07 millert + * SUPPORTED: + added ultrix enhanced sec. + [6466766c8062] - * configure.in: only set RETSIGTYPE if it is not set already + * INSTALL: + updated + [d681a634297a] -1994-05-24 23:07 millert + * check.c: + ultrix enhanced security suport + [f10c8decbcc2] - * aclocal.m4: now defines & STDC_HEADERS for Irix + * Makefile.in: + added sudo_realpath.c + [6b9bcd3be022] -1994-05-24 23:07 millert + * CHANGES: + updated + [2fa8084c1b53] - * Makefile.in: added version.h + * tgetpass.c: + increased passwd len to 24 for c2 security + [ec64838be62d] -1994-05-24 21:25 millert + * BUGS: + updated BUGS + [ca00d8fec2ce] - * insults.h, sudo.h: prevent multiple inclusion +1994-07-15 Todd C. Miller -1994-05-24 21:20 millert + * check.c: + now use user global var + [568769719013] - * version.h: Initial revision + * configure.in: + took out -ls + [490a44180d5f] -1994-05-24 21:09 millert +1994-07-14 Todd C. Miller - * parse.lex, parse.yacc: now includes config.h + * configure.in: + added AFS libs + [4fb40c8c01ba] -1994-05-24 20:54 millert + * sudo.h: + user is now a char * added epasswd + [27a919fafdfb] - * aclocal.m4: now talks about sunos 4.x + * sudo.c: + added tzset() to load_globals added epasswd (encrypted password) + global made user dynamically allocated + [b99ef9bdbfce] -1994-05-24 20:23 millert + * configure.in: + added tzset test + [27592dd1214b] - * visudo.c: calls to Exit now pass an arg + * config.h.in: + added HAVE_TZSET + [b13f4213f3d0] -1994-05-24 18:00 millert + * check.c: + cleaned up encrypted passwd grab somewhat + [c8ba9a4db38a] - * visudo.c: signal handler now takes an int argument + * configure.in: + fixed AFS typo + [2bfcbce237b6] -1994-05-24 18:00 millert + * INSTALL: + added AFS not + [80c67329393c] - * CHANGES: updated + * CHANGES: + udpated + [2f09ecdd5d31] -1994-05-24 17:44 millert + * logging.c: + can now log to both syslog & a file + [4d5c0932bc01] - * sudo.c: ok, the getcwd() is now *really* done as the user + * sudo.h: + added BOTH_LOGS + [623c539be824] -1994-05-24 17:44 millert + * CHANGES: + updated + [a1c7f5ef3616] - * configure.in: changed AIX STATIC_FLAGS + * configure.in: + --with-AFS + [28718d8f5daf] -1994-05-24 16:27 millert + * config.h.in: + added HAVE_AFS + [2e32bb4e63e4] - * aclocal.m4: solaris now defines SVR4 + * check.c: + added afs changes + [fe4d0ff320a2] -1994-05-24 16:18 millert + * sudo.h: + removed AFS stuff :-) + [a40387e6fa27] - * sudo.h: added cwd and fixed stupid core dump that makes no sense. - sigh. + * tgetpass.c: + include sys/select for AIX + [f32c5a8f2c84] -1994-05-24 16:18 millert + * sudo.h: + added AFS + [da2ab3dd0348] - * sudo.c: moved getcwd stuff into load_globals + * version.h: + ++ + [452d4dfe25af] -1994-05-24 16:18 millert +1994-07-07 Todd C. Miller - * parse.c: took out externs that are in suod.h + * CHANGES, SUPPORTED: + updated + [e7dfe6f23a37] -1994-05-24 16:18 millert + * logging.c: + can now have MAILER undefined + [1d33b98b35e1] - * logging.c: moved cwd into load_globals + * INSTALL: + new sub-note about MAILER + [d35c636a0574] -1994-05-24 16:17 millert + * sudo.man: + added blurb about password timeout + [70c2ee50de20] - * find_path.c: moved cwd stuff + * configure.in: + convex c2 changes + [367138a6232e] -1994-05-24 15:55 millert + * aclocal.m4: + took out duplicate define of _CONVEX_SOURCE + [647182138450] - * Makefile.in: fixed make distclean & realclean + * Makefile.in: + added OSDEFS + [7fdcd50602d1] -1994-05-24 12:51 millert + * config.h.in: + added spaces + [f2b8a05e48f3] - * TODO: updated ., + * tgetpass.c: + added a goto if fgets fails + [68a6586d9c45] -1994-05-24 12:51 millert + * sudo.h: + use __hpux not hpux convex c2 stuff + [5c377a8d5f34] - * CHANGES: added solaris changes + * sudo.c: + use __hpux not hpux + [9363bc0f9f9e] -1994-05-24 12:51 millert + * logging.c: + convex c2 stuff + [ea5630975ac4] - * aclocal.m4: added solaris changes, need to rework + * config.h.in: + define ansi-ish cpp os defines if non-ansi are defined for hpux & + convex + [664f53a5e786] -1994-05-24 12:50 millert + * INSTALL: + updated to say we support sonvex C2 + [5f2f8b87013e] - * configure.in: cleaned up for solaris + * check.c: + added convex c2 support + [9a665d4918fa] -1994-05-24 12:13 millert +1994-07-01 Todd C. Miller - * logging.c: reinstall reapchild signal handler for non-bsd signals + * tgetpass.c: + no more ioctl never returns NULL uses fgets() and select() to + timeout + [b333e6d63e97] -1994-05-24 12:03 millert +1994-06-29 Todd C. Miller - * sudo.h: took out getdtablesize() emulation for HP-UX (no longer - needed) + * configure.in: + things were testing -n "$GCC" instead of -z "$GCC" + [059a9b15ede2] -1994-05-24 12:03 millert + * tgetpass.c: + now works + uses fgets() + [353d7ebcb7bb] - * sudo.c: support for HAVE_SYSCONF +1994-06-28 Todd C. Miller -1994-05-24 12:02 millert + * tgetpass.c: + select doesn't seem to recognize a single '\n' as input waiting so + we can;t use it, sigh. + [f76e3218b835] - * visudo.c: added for solaris & reorg'd the includes + - minor prettying up / +1994-06-26 Todd C. Miller -1994-05-23 20:26 millert + * PORTING: + updated tgetpass() blurb + [95baac736b49] - * config.h.in: added HAVE_SYSCONF + * configure.in: + added --with-getpass + [42ac0bdf58ed] -1994-05-16 18:57 millert + * Makefile.in: + added tgetpass stuff + [e2b38c635663] - * configure.in: now tells you what os you are running /. + * tgetpass.c: + now uses stdio + [36af8ff66e35] -1994-05-16 18:56 millert + * version.h: + ++ + [4e81c9db19bd] - * aclocal.m4: took out extra ',' +1994-06-24 Todd C. Miller -1994-05-14 17:56 millert + * PORTING: + updated ,. + [54f523770a05] - * config.h.in: added _BSD_COMPAT + * config.h.in: + added USE_GETPASS && HAVE_C2_SECURITY + [86b355cb2953] -1994-05-14 17:56 millert + * configure.in: + fixed a test aded --with-C2 and --with-tgetpass + [abf6181588ef] - * aclocal.m4: fixed for irix5 + * check.c: + added hpux C2 shit + [20d4177ffa88] -1994-05-14 17:55 millert + * Makefile.in: + took out tgetpass.* + [cc82fd9984b4] - * CHANGES: updated + * INSTALL: + added C2 blurb + [1d2bfc35e4b6] -1994-05-14 17:27 millert +1994-06-13 Todd C. Miller - * sudo.c: uid seinitialized to -2 + * configure.in: + no termio(s) for ultrix since it is broken + [d3e82e835350] -1994-04-28 12:36 millert + * check.c: + added a space (yeah, anal) + [05e4b31ca68c] - * sudo.c: now removes LIBPATH for AIX + * realpath.c, sudo_realpath.c: + fixed it (duh, rtfm) + [f13097cb8cb6] -1994-03-12 20:41 millert +1994-06-08 Todd C. Miller - * configure.in: now uses ufc if it finds it + * config.h.in: + took out bsd signal stuff for irix + [e179cdafc97a] -1994-03-12 17:42 millert + * visudo.c: + comments in #endif + [e3a629190f5e] - * sudo.h: no longer define yyval & yylval since yacc does it + * configure.in: + don't define BSD signals for irix + [3ce57bffb7f0] -1994-03-12 17:42 millert + * TODO: + did some... + [274241cd0f74] - * parse.lex: now defines yylval as extenr + * CHANGES: + updated + [8f29fc755faf] -1994-03-12 17:41 millert + * realpath.c, sudo_realpath.c: + took out unneeded code by changing where a strings was terminated + [b5564d62d30e] - * configure.in: BROKEN_GETPASS is now an OPTION +1994-06-07 Todd C. Miller -1994-03-12 17:41 millert + * realpath.c, sudo_realpath.c: + fix bug where /dirname would return NULL + [b85f470daf26] - * config.h.in: took out BROKEN_GETPASS + * sudo.h: + move __P to config.h + [7763c0ff3f28] -1994-03-12 17:20 millert + * getcwd.c, getwd.c, realpath.c, sudo_realpath.c: + added errno definition + [4cc9d2d9782a] - * Makefile.in: took out big comment + * config.h.in: + added __P + [ca06f5aa58f3] -1994-03-12 16:24 millert + * config.h.in: + added HAVE_FCHDIR + [206d714641e0] - * README: updated + * strdup.c: + now include stdio + [0d8458da0e1d] -1994-03-12 16:20 millert + * realpath.c, sudo_realpath.c: + now works if no fchdir + [e035911b6722] - * Makefile.in: took out README.beta + * visudo.c: + define SA_RESETHAND to null if not defined + [afec03e84342] -1994-03-12 16:19 millert + * configure.in: + added check & replace + [c1a65481441c] - * SUPPORTED: Initial revision + * configure.in: + took out -static for nextstep -- it doesn't work + [fa1a1a611743] -1994-03-12 16:19 millert +1994-06-06 Todd C. Miller - * INSTALL: now reference SUPPORTED ., + * logging.c: + moved #endif to where it belongs + [07d3a8972097] -1994-03-12 16:17 millert + * SUPPORTED: + correction + [0c1ecba3e5a3] - * config.h.in: now check for convex OR __convex__ + * configure.in: + now checks for strdup realpath getcwd bzero + [f029a1917515] -1994-03-12 16:16 millert + * config.h.in: + emulate bzero + [d792352e44a3] - * aclocal.m4: now check for convex or __convex__ + * visudo.c: + added posic signals + [2ed0005f90fc] -1994-03-12 16:15 millert + * tgetpass.c: + bzero cast + [6d91b1a1526f] - * Makefile.in: added dist target + * logging.c: + added posix signals + [67ede9c22a05] -1994-03-12 15:19 millert + * configure.in: + removed BROKEN_GETPASS added new srcs toreplace missing functions + [cf44274bb1c8] - * aclocal.m4: use __convex__ + * config.h.in: + added posix signal stuff + [a3c1c98fe8ef] -1994-03-12 14:33 millert + * Makefile.in: + added new srcs + [b6a079afee47] - * find_path.c: now use _S_* stat stuff to be ansi-like + * visudo.c: + updated useag + [589ed091c44f] -1994-03-12 14:11 millert + * tgetpass.c: + now uses posix signals + [30f74964074f] - * INSTALL: updated for configure directions + * PORTING: + updated sto reflect major changes + [bcfc309e017b] -1994-03-12 14:05 millert + * CHANGES, TODO: + updated + [23aacbd54278] - * Makefile.in: distclean now removes config.h and pathnames.h + * tgetpass.c: + uses sysconf() if available + [a27431c90bab] -1994-03-12 14:03 millert + * sudo.h: + added PASSWORD_TIMEOUT + prototypes for new functions + [d7473c2f77c4] - * CHANGES: updated + * realpath.c, sudo_realpath.c: + for those w/o this in libc + [1e47aa7a9d46] -1994-03-12 14:00 millert + * getcwd.c, getwd.c: + Initial revision + [c90dea57a84f] - * TODO: fixed typoe + * find_path.c: + rewrote to use realpath(3) - nis now all my code + [d2c3bb8fb37d] -1994-03-12 13:57 millert + * config.h.in: + added HAVE_REALPATH + [02c10352a8c7] - * Makefile.in, visudo.c: updated version + * check.c: + now use tgetpass + [b5c021fc179f] -1994-03-12 13:57 millert + * Makefile.in: + added LIBOBJS use tgetpass.c + [230a7b3eeaa3] - * config.h.in, pathnames.h.in: added copyright header +1994-06-05 Todd C. Miller -1994-03-12 13:55 millert + * tgetpass.c: + works now :-) + [025e7a3875ba] - * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex, - parse.yacc, sudo.c, sudo.h: udpated version + * tgetpass.c: + Initial revision + [3316ab33b230] -1994-03-12 13:39 millert + * pathnames.h.in: + added /dev/tty + [29242585e53f] - * visudo.c: udpated to use configure + pathnames.h +1994-06-04 Todd C. Miller -1994-03-12 13:37 millert + * version.h: + incremented + [f2e54b48280f] - * Makefile.in, config.h.in, configure.in, aclocal.m4: updated + * sudo.c: + always use getcwd + [c6068e8a4029] -1994-03-12 13:37 millert + * config.h.in: + added check for getwd + [ab1e102ad673] - * sudo.h: now works with configure + * configure.in: + replace strdup & realpath & getcwd if missing + [b0eb14f2a1c3] -1994-03-12 13:36 millert + * pathnames.h.in: + added _PATH_PWD + [309d2388f69a] - * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c: - updated to work with configure + pathnames.h + * aclocal.m4: + added SUDO_PROG_PWD + [e16e85deb96c] -1994-03-12 10:40 millert + * strdup.c: + Initial revision + [810efdc15007] - * Makefile.in: added LEXLIB + * realpath.c, sudo_realpath.c: + Initial revision + [d85eee438e09] -1994-03-10 03:18 millert +1994-06-03 Todd C. Miller - * COPYING: updated gnu general licence to versio 2 + * configure.in: + quoted quare brackets + [d0e7ca111d98] -1994-03-10 02:44 millert +1994-06-02 Todd C. Miller - * pathnames.h.in, config.h.in: Initial revision + * sudo.c: + no need to strdup() a constant + [a8c44712df9a] -1994-03-10 01:43 millert + * CHANGES: + updated + [71364129cca0] - * sudo.h: changed to work with configure + * sudo.man: + added validate + [0bb198095a26] -1994-03-09 18:51 millert + * sudo.c: + added -v to usage + [31ea71f11dbb] - * Makefile.in, aclocal.m4, configure.in: Initial revision + * parse.c, sudo.c, sudo.h: + added validate_only stuff + [9bcd853d3c90] -1994-03-09 17:36 millert +1994-05-30 Todd C. Miller - * visudo.c: now uses defines used by configure + * configure.in: + now finds sed + [6374bb0d3f28] -1994-03-01 16:31 millert + * aclocal.m4: + $OSREV is now an int + [ace0666d66cf] - * find_path.c: sudo won't bitch about EPERM now, for real +1994-05-29 Todd C. Miller -1994-02-28 00:36 millert + * configure.in: + added mtxinu to caser + [73a776887b16] - * logging.c: renamed exec_argv to eliminate a libc name clash with - ksros + * sudo.h: + added EXEC macro + [2e8eb28b710a] -1994-02-28 00:28 millert + * sudo.c: + now use the EXEC nmacro now only do a gethostbyname() if FQDN is set + [56afb4f658d5] - * CHANGES: corrected + * logging.c: + changed mail_argv[] def now use EXEC() macro + [ddcabd28edb1] -1994-02-28 00:27 millert + * check.c: + took out crypt() definition + [0e657724cf5f] - * logging.c, sudo.c, sudo.h: execve -> execv + * version.h: + upped the version + [62c5d66119fc] -1994-02-27 23:27 millert + * configure.in: + always look for -lnsl + [d7b594f0313b] - * TODO: upated + * aclocal.m4: + added an echo + [1caae3491dc5] -1994-02-27 23:19 millert + * sudo.h: + SHORT_MESSAGE is now the default + [cfce35c3119a] - * PORTING: added 2 mroe items + * config.h.in: + fixed typo + [6499a564bf75] -1994-02-27 23:12 millert + * configure.in: + added missing AC_DEFINE(SVR4) for solaris + [feef0b17b94f] - * CHANGES: updated + * sudo.man: + documented the -v flag + [a6429f2bc2cf] -1994-02-27 23:11 millert + * SUPPORTED: + updated + [088886e79540] - * sudo.h: added UMASK and mode_t declaration + * check.c: + proto-ized crypt() + [801e4ff5b121] -1994-02-27 23:11 millert + * config.h.in: + added LIBSHADOW undef + [8df588e9ee2b] - * sudo.c: added UMASK + * configure.in: + nwo set OS to be lowercase + [561ebed833e4] -1994-02-27 20:55 millert +1994-05-28 Todd C. Miller - * logging.c: now opens log file with mode 077 + * configure.in: + now use SUDO_OSTYPE to set $OS + [0e60aee23098] -1994-02-27 20:55 millert + * aclocal.m4: + now use uname to determine os + [99705e58d400] - * check.c: saved current umask ans restores it + * visudo.c: + added prototypes & moved sig handler around + [1f0bc8d23b51] -1994-02-27 20:36 millert + * sudo.h: + added prototyppes + [be3935a2b163] - * sudo.h: added MAXLOGFILELEN + * check.c, logging.c, sudo.c: + added prototypes + [2079b4605ab8] -1994-02-27 20:35 millert + * parse.c: + added comment + [a34d147d8399] - * logging.c: split long log lines. FOr syslog, split into multiple - entries, for a log file, indent the extra for readability + * config.h.in: + nwo use _BSD_SIGNALS not _BSD_COMPAT + [63663195f047] -1994-02-27 17:22 millert + * aixcrypt.exp: + Initial revision + [890aed08357e] - * CHANGES: added changes + * Makefile.in: + added aixcrypt.exp + [1005a183105f] -1994-02-27 17:18 millert + * parse.lex, parse.yacc: + moved config.h to top of includes + [9569c49aa5f3] - * sudo.h: MAXLOGLEN & MAXSYSLOGLEN are now different (as they - should be) +1994-05-25 Todd C. Miller -1994-02-25 16:04 millert + * find_path.c: + now don't bitch if get EACCESS (treat like EPERM) + [dbeffb638de4] - * TODO: added input from Brett M Hogden + * visudo.c: + added -v flag and usage() + [4d44ed60ed75] -1994-02-16 13:35 millert + * version.h: + fixed a typo + [cf3f9347ae41] - * sudo.c: added rmenv() to remove stuff from environ. can now uses - execvp() OR execve() becuase of this. + * sudo.c: + cast Argv to a const for exec added -v flag + [d11b6efc0e45] -1994-02-16 13:35 millert + * logging.c: + mail_argv is now a const + [93bb5d90bb6f] - * logging.c: now uses execvp() OR execve() + * configure.in: + only set RETSIGTYPE if it is not set already + [c97aac260b77] -1994-02-16 13:31 millert + * aclocal.m4: + now defines & STDC_HEADERS for Irix + [9c2b24ad1fc5] - * sudo.h: added USE_EXECVE + * Makefile.in: + added version.h + [9f79e880229a] -1994-02-16 13:27 millert + * insults.h, sudo.h: + prevent multiple inclusion + [d68c8a9243ce] - * sudo.h: added environ + * version.h: + Initial revision + [dbb39c5ef8d9] -1994-02-16 12:53 millert + * parse.lex, parse.yacc: + now includes config.h + [f117e036a56b] - * find_path.c: now ignore EPERM + * aclocal.m4: + now talks about sunos 4.x + [c9054aa92d4e] -1994-02-15 23:52 millert + * visudo.c: + calls to Exit now pass an arg + [a92104670551] - * sudo.h: moved some func decls out of sudo.h and into sudo.c as - statics /. +1994-05-24 Todd C. Miller -1994-02-15 23:52 millert + * visudo.c: + signal handler now takes an int argument + [26f480c41523] - * CHANGES: updated + * CHANGES: + updated + [8c166a9d796b] -1994-02-15 23:40 millert + * sudo.c: + ok, the getcwd() is now *really* done as the user + [ab86cf85134a] - * sudo.h: took out Envp + * configure.in: + changed AIX STATIC_FLAGS + [b9c0a3ba5663] -1994-02-14 12:28 millert + * aclocal.m4: + solaris now defines SVR4 + [c3e20cac96f5] - * BUGS: Initial revision + * sudo.h: + added cwd and fixed stupid core dump that makes no sense. sigh. + [7a9755436dbb] -1994-02-10 14:29 millert + * sudo.c: + moved getcwd stuff into load_globals + [ec2bc90df1f3] - * sudo.c, sudo.h, CHANGES: added SECURE_PATH + * parse.c: + took out externs that are in suod.h + [93c4b3f856d7] -1994-02-10 14:05 millert + * logging.c: + moved cwd into load_globals + [050de754d228] - * sudo.h: added SECURE_PATH + * find_path.c: + moved cwd stuff + [22f3f3b4c34d] -1994-02-10 13:50 millert + * Makefile.in: + fixed make distclean & realclean + [c9964d89bcef] - * INSTALL: added sample.sudoers note + * TODO: + updated ., + [e513581ef0e3] -1994-02-10 13:47 millert + * CHANGES: + added solaris changes + [505d930daf27] - * sudoers: Initial revision + * aclocal.m4: + added solaris changes, need to rework + [33f20fb16c49] -1994-02-09 14:54 millert + * configure.in: + cleaned up for solaris + [2fb8cfa05d0f] - * find_path.c: fixed typo + * logging.c: + reinstall reapchild signal handler for non-bsd signals + [3d1dc545113d] -1994-02-08 23:06 millert + * sudo.h: + took out getdtablesize() emulation for HP-UX (no longer needed) + [1fc83d170f34] - * PORTING: took out SAVED_UID garbage + * sudo.c: + support for HAVE_SYSCONF + [50ca2a7a224a] -1994-02-08 22:55 millert + * visudo.c: + added for solaris & reorg'd the includes + minor prettying + up / + [0a570e826dd4] - * INSTALL: mentioned HAL + * config.h.in: + added HAVE_SYSCONF + [2b9a9f3a4e94] -1994-02-08 22:50 millert +1994-05-16 Todd C. Miller - * sudo.h: added HAL line + * configure.in: + now tells you what os you are running /. + [06c6332a895b] -1994-02-08 22:48 millert + * aclocal.m4: + took out extra ',' + [e8c75ce59f4a] - * insults.h: added HAL insults +1994-05-14 Todd C. Miller -1994-02-08 22:48 millert + * config.h.in: + added _BSD_COMPAT + [73c5099806c2] - * TODO: updated + * aclocal.m4: + fixed for irix5 + [1047d1f6c0eb] -1994-02-08 22:02 millert + * CHANGES: + updated + [1bc4969fee96] - * logging.c: more verbose error if mailer not found + * sudo.c: + uid seinitialized to -2 + [8d7812b1878b] -1994-02-08 22:02 millert +1994-04-28 Todd C. Miller - * check.c: now do getpwent as root for soem shadow password systems - (bsdi) + * sudo.c: + now removes LIBPATH for AIX + [075392eb1dd9] -1994-02-08 13:22 millert +1994-03-13 Todd C. Miller - * sudo.h: took out SAVED_UID garbade + * configure.in: + now uses ufc if it finds it + [ab6ce30a5958] -1994-02-08 13:21 millert +1994-03-12 Todd C. Miller - * sudo.c: took out SAVED_UID garbage since it don't work + * sudo.h: + no longer define yyval & yylval since yacc does it + [09d250aea50a] -1994-02-06 17:43 millert + * parse.lex: + now defines yylval as extenr + [8ec2b88952bc] - * README: updated + * configure.in: + BROKEN_GETPASS is now an OPTION + [3714f4bb8312] -1994-02-06 17:40 millert + * config.h.in: + took out BROKEN_GETPASS + [9c4f6aa50137] - * insults.h: added a missing space :-) + * Makefile.in: + took out big comment + [4c13cff0e556] -1994-02-05 19:48 millert + * README: + updated + [b8b9902b620d] - * sudo.c, sudo.h: took out multimax cruft + * Makefile.in: + took out README.beta + [ed2cd861e82b] -1994-02-05 19:30 millert + * SUPPORTED: + Initial revision + [2fffc51e6606] - * INSTALL: minor update + * INSTALL: + now reference SUPPORTED ., + [d112c30be1f2] -1994-02-05 19:30 millert + * config.h.in: + now check for convex OR __convex__ + [a0e5701a3069] - * PORTING: finished + * aclocal.m4: + now check for convex or __convex__ + [5dae2bfbe3bc] -1994-02-05 19:19 millert + * Makefile.in: + added dist target + [400a54de57db] - * sudo.c: fixed a typo + indentation + * aclocal.m4: + use __convex__ + [58a19470ed0b] -1994-02-05 18:43 millert + * find_path.c: + now use _S_* stat stuff to be ansi-like + [28cce560e048] - * sudo.h: took outumoved some defines to the config file ,. ,. + * INSTALL: + updated for configure directions + [a034ccc7c30a] -1994-02-05 15:17 millert + * Makefile.in: + distclean now removes config.h and pathnames.h + [300f2349b4ab] - * PORTING: Initial revision + * CHANGES: + updated + [646f7e9430c1] -1994-02-05 15:17 millert + * TODO: + fixed typoe + [70fd6361b2bc] - * TODO: did #6 + * visudo.c: + updated version + [cf13d87d789f] -1994-02-05 15:16 millert + * Makefile.in: + updated version + [8c5dacc27a7a] - * sudo.h: added HAS_SAVED_UID + * config.h.in, pathnames.h.in: + added copyright header + [747ce3d3d6b7] -1994-02-05 15:16 millert + * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex, + parse.yacc, sudo.c, sudo.h: + udpated version + [4751c39bad18] - * sudo.c: put back AIX cruft + * visudo.c: + udpated to use configure + pathnames.h + [d45dff76a1cd] -1994-02-03 00:44 millert + * aclocal.m4: + updated + [f05a367a55be] - * sudo.c: aix changes + * Makefile.in, config.h.in, configure.in: + updated + [524778598879] -1994-02-02 01:31 millert + * sudo.h: + now works with configure + [83fc40e533f4] - * CHANGES: updated + * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c: + updated to work with configure + pathnames.h + [cb67fa6ab52d] -1994-02-02 01:30 millert + * Makefile.in: + added LEXLIB + [f43cad4ab0a2] - * check.c, logging.c, parse.c, sudo.c, sudo.h: now is only root - when abs necesary +1994-03-10 Todd C. Miller -1994-02-01 22:21 millert + * COPYING: + updated gnu general licence to versio 2 + [2b0b56112ddc] - * check.c: added missing %s\n + * config.h.in, pathnames.h.in: + Initial revision + [4b586f39ec2d] -1994-01-31 02:06 millert + * sudo.h: + changed to work with configure + [13f3506ddf16] - * install-sh: Initial revision +1994-03-09 Todd C. Miller -1994-01-31 01:58 millert + * Makefile.in, aclocal.m4, configure.in: + Initial revision + [a8636ae77371] - * CHANGES, TODO: updated + * visudo.c: + now uses defines used by configure + [de438d118993] -1994-01-31 01:56 millert +1994-03-01 Todd C. Miller - * sudo.c: now removed _RLD_* for alphas + * find_path.c: + sudo won't bitch about EPERM now, for real + [ce26d9ef7e3f] -1994-01-31 01:50 millert +1994-02-28 Todd C. Miller - * INSTALL: updated for new config scheme + * logging.c: + renamed exec_argv to eliminate a libc name clash with ksros + [bcb4350d8411] -1994-01-30 19:42 millert + * CHANGES: + corrected + [dae68d422efd] - * find_path.c: more verbose eror messages + * logging.c, sudo.c, sudo.h: + execve -> execv + [40cc2c4bdb15] -1994-01-27 14:08 millert + * TODO: + upated + [9275a8b8fc45] - * TODO: now have solaris + * PORTING: + added 2 mroe items + [6cbb5c56993c] -1994-01-27 14:07 millert + * CHANGES: + updated + [73f34f8e571a] - * sudo.h: define __svr4__ for SOLARIS + * sudo.h: + added UMASK and mode_t declaration + [7c2015e1d171] -1994-01-27 14:07 millert + * sudo.c: + added UMASK + [d37be7523680] - * check.c: added svr4 junk for shadow pws for solaris 2.x + * logging.c: + now opens log file with mode 077 + [0825cc3ee841] -1994-01-27 13:19 millert + * check.c: + saved current umask ans restores it + [659c1aaae8e8] - * check.c, sudo.c: took out setuid(0) and setreuid(udi) garbage. - Its not needed since we start out setuid with the correct perms. + * sudo.h: + added MAXLOGFILELEN + [34331c7dee90] -1994-01-26 19:51 millert + * logging.c: + split long log lines. FOr syslog, split into multiple entries, for + a log file, indent the extra for readability + [72c9e4cdba6e] - * check.c, sudo.c, sudo.h: now use setreuid() +1994-02-27 Todd C. Miller -1994-01-26 18:58 millert + * CHANGES: + added changes + [81196833673d] - * sudo.man: revised AUTHORS secrtion & added ENV_EDITOR stuff to - VARIABLES sectoin + * sudo.h: + MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be) + [1aa69e903840] -1994-01-26 18:52 millert +1994-02-25 Todd C. Miller - * visudo.c: now uses ENV_EDITOR if you want to use the EDITOR envar + * TODO: + added input from Brett M Hogden + [80f01fc88ce9] -1994-01-26 18:52 millert +1994-02-16 Todd C. Miller - * sudo.h: now uses ENV_EDITOR if you want to use the EDITOR envar - >> . + * sudo.c: + added rmenv() to remove stuff from environ. can now uses execvp() + OR execve() becuase of this. + [e7fc2535bd67] -1993-12-07 01:33 millert + * logging.c: + now uses execvp() OR execve() + [56391aa1f99d] - * README: minor update + spell fix + * sudo.h: + added USE_EXECVE + [f21f38050b95] -1993-12-07 01:33 millert + * sudo.h: + added environ + [6b805e23c6f6] - * INSTALL: rewrote most of this + * find_path.c: + now ignore EPERM + [c8fd7117a1d7] -1993-12-07 01:13 millert + * sudo.h: + moved some func decls out of sudo.h and into sudo.c as statics /. + [5f555c267d27] - * sudo.h: added all options that are in the Makefile + * CHANGES: + updated + [431f478af320] -1993-12-07 00:23 millert + * sudo.h: + took out Envp + [6f722be7793d] - * getpass.c: now use USE_TERMIO #define for sgi & hpux +1994-02-14 Todd C. Miller -1993-12-06 23:19 millert + * BUGS: + Initial revision + [4a8ecf0da95c] - * TODO: todo: posix sigs +1994-02-10 Todd C. Miller -1993-12-06 01:12 millert + * CHANGES: + added SECURE_PATH + [1c72cb222609] - * check.c, find_path.c: always include strings.h + * sudo.c, sudo.h: + added SECURE_PATH + [5bf5357a63c5] -1993-12-05 20:34 millert + * sudo.h: + added SECURE_PATH + [3976a74405ac] - * visudo.c: added STATICEDITOR + * INSTALL: + added sample.sudoers note + [1b395d29aaeb] -1993-12-05 20:30 millert + * sudoers: + Initial revision + [485888d07477] - * sudo.h: sgi has vi in /usr/bin too +1994-02-09 Todd C. Miller -1993-12-05 20:23 millert + * find_path.c: + fixed typo + [bfc3cc4d41ca] - * sudo.man: added VISUAL + * PORTING: + took out SAVED_UID garbage + [b7c2d3469661] [SUDO_1_3_0] -1993-12-02 22:20 millert + * INSTALL: + mentioned HAL + [253d6695df90] - * sudo.h: sue /usr/bin/vi on some systems + * sudo.h: + added HAL line + [29ec1a4ac6de] -1993-12-02 22:19 millert + * insults.h: + added HAL insults + [7d7c96d77c74] - * sudo.c: fixed warning (include strings.h) + * TODO: + updated + [aa2ed9790586] -1993-12-02 22:06 millert + * logging.c: + more verbose error if mailer not found + [fca47fd00cb6] - * sudo.man: added John_Rouillard@dl5000.bc.edu's changes (new - features) + * check.c: + now do getpwent as root for soem shadow password systems (bsdi) + [e0339e110d46] -1993-12-02 21:38 millert +1994-02-08 Todd C. Miller - * CHANGES: changes from John_Rouillard@dl5000.bc.edu + * sudo.h: + took out SAVED_UID garbade + [fcb0e81dcdb5] -1993-12-02 21:35 millert + * sudo.c: + took out SAVED_UID garbage since it don't work + [507e9513e9c2] - * visudo.c: added EDITOR envar +1994-02-06 Todd C. Miller -1993-12-02 21:34 millert + * README: + updated + [d2b6b253dae5] - * check.c, find_path.c, parse.c, sudo.c: added patches from - John_Rouillard directory spec uses EDITOR + * insults.h: + added a missing space :-) + [8940ea991f87] -1993-12-01 19:32 millert + * sudo.c, sudo.h: + took out multimax cruft + [c2606b365181] - * getpass.c: added flush for hpux + * INSTALL: + minor update + [05fb6ee73131] -1993-11-30 13:37 millert + * PORTING: + finished + [c4ac47c84dc5] - * sudo.c: no longer assume malloc returns a char * + * sudo.c: + fixed a typo + indentation + [7eab40aae8fa] -1993-11-29 20:35 millert +1994-02-05 Todd C. Miller - * sudo.c: alpha change to remove LD_-like thing fixed SHLIB_PATH - stuff -- now gets removed correctly + * sudo.h: + took outumoved some defines to the config file ,. ,. + [defff05beb52] -1993-11-29 19:31 millert + * PORTING: + Initial revision + [c803e9127959] - * sudo.h: added STD_HEADERS macro + * TODO: + did #6 + [c6fa1c946c31] -1993-11-29 19:14 millert + * sudo.h: + added HAS_SAVED_UID + [6a88a39c0a07] - * sudo.c: now uses STD_HEADERS macor for ansi + * sudo.c: + put back AIX cruft + [a24d2507ddd4] -1993-11-29 19:14 millert +1994-02-03 Todd C. Miller - * find_path.c: now uses STD_HEADERS macro + * sudo.c: + aix changes + [1663915f754a] -1993-11-29 19:13 millert +1994-02-02 Todd C. Miller - * check.c: niceties for C compiler bitches -- no real change + * CHANGES: + updated + [a8cc73747cae] -1993-11-29 13:04 millert + * check.c, logging.c, parse.c, sudo.c, sudo.h: + now is only root when abs necesary + [3c9d12c5cdfe] - * visudo.c: now doesn't fclose a file never opened. + * check.c: + added missing %s\n + [609320b72d89] -1993-11-28 16:35 millert +1994-01-31 Todd C. Miller - * sudo.man: added visudo line + * install-sh: + Initial revision + [b5bba140a175] -1993-11-28 16:31 millert + * TODO: + updated + [c9d2eba602af] - * sudo.man: added error stuff added me in there... + * CHANGES: + updated + [932f1fc3bb14] -1993-11-28 03:12 millert + * sudo.c: + now removed _RLD_* for alphas + [54a36e648158] - * CHANGES: noted insults + * INSTALL: + updated for new config scheme + [61c8ae800444] -1993-11-28 03:01 millert + * find_path.c: + more verbose eror messages + [b4fd123db42d] - * INSTALL: added blurb about reading stuff +1994-01-27 Todd C. Miller -1993-11-28 03:00 millert + * TODO: + now have solaris + [371002fbf266] - * sudo.h: added insults + * sudo.h: + define __svr4__ for SOLARIS + [0b5cf5ed936d] -1993-11-28 03:00 millert + * check.c: + added svr4 junk for shadow pws for solaris 2.x + [91ed58f21618] - * insults.h: corrected somments and removed newlines + * check.c, sudo.c: + took out setuid(0) and setreuid(udi) garbage. Its not needed since + we start out setuid with the correct perms. + [07689e782b0b] -1993-11-28 03:00 millert + * check.c, sudo.c, sudo.h: + now use setreuid() + [7d64d685d78e] - * check.c: now uses insults +1994-01-26 Todd C. Miller -1993-11-28 02:45 millert + * sudo.man: + revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES + sectoin + [b26967b1e19b] - * insults.h: Initial revision + * visudo.c: + now uses ENV_EDITOR if you want to use the EDITOR envar + [a4f8fcb9bd1d] -1993-11-27 19:46 millert + * sudo.h: + now uses ENV_EDITOR if you want to use the EDITOR envar >> . + [028cc55c4328] - * INSTALL: added dec syslog note +1993-12-07 Todd C. Miller -1993-11-27 19:25 millert + * INSTALL: + rewrote most of this + [a6750923f9c9] - * sample.sudoers: added real stuff in there + * README: + minor update + spell fix + [a411717a7249] -1993-11-27 19:24 millert + * sudo.h: + added all options that are in the Makefile + [6db3b3b841b3] - * TODO: added a todo + * getpass.c: + now use USE_TERMIO #define for sgi & hpux + [b91f89ae6be1] -1993-11-27 19:10 millert + * TODO: + todo: posix sigs + [4548a56eb2ef] - * TODO: added one +1993-12-06 Todd C. Miller -1993-11-27 18:59 millert + * check.c, find_path.c: + always include strings.h + [1fc20bda92c0] - * sample.sudoers: Initial revision + * visudo.c: + added STATICEDITOR + [0596f820716e] -1993-11-27 18:59 millert + * sudo.h: + sgi has vi in /usr/bin too + [94203b62bfd9] - * sudo.man: updated with changes + * sudo.man: + added VISUAL + [87c2844c4cac] -1993-11-27 18:52 millert +1993-12-03 Todd C. Miller - * sudo.man: Initial revision + * sudo.h: + sue /usr/bin/vi on some systems + [e3ad9190f35e] -1993-11-27 18:48 millert + * sudo.c: + fixed warning (include strings.h) + [0b896de4d8a0] - * CHANGES, COPYING, INSTALL, README, TODO, indent.pro: Initial - revision + * sudo.man: + added John_Rouillard@dl5000.bc.edu's changes (new features) + [f41b4205a8cf] -1993-11-27 18:46 millert + * CHANGES: + changes from John_Rouillard@dl5000.bc.edu + [6bdef8e948d5] - * visudo.c: updated version number and took out jeff's old addr - since it is no good + * visudo.c: + added EDITOR envar + [5c4bf716de21] -1993-11-27 18:42 millert + * check.c, find_path.c, parse.c, sudo.c: + added patches from John_Rouillard directory spec + uses EDITOR + [f62a435f8c41] - * sudo.h, check.c, find_path.c, logging.c, parse.c, parse.lex, - parse.yacc, sudo.c: updated version number and took out jeff's - email (since it is invalid) +1993-12-02 Todd C. Miller -1993-10-28 09:36 millert + * getpass.c: + added flush for hpux + [07cfdd6a7b55] - * check.c: added fflush() +1993-11-30 Todd C. Miller -1993-10-22 20:46 millert + * sudo.c: + no longer assume malloc returns a char * + [7480bd2756f3] - * find_path.c: now return NULL instead pfof exiting for - nopnn-fatal errors + * sudo.c: + alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now + gets removed correctly + [8587166c6ac8] -1993-10-21 16:57 millert + * sudo.h: + added STD_HEADERS macro + [480f5a9a516c] - * check.c: new banner + * sudo.c: + now uses STD_HEADERS macor for ansi + [c5018806fd59] -1993-10-21 16:42 millert + * find_path.c: + now uses STD_HEADERS macro + [ad821e0788ea] - * parse.lex: now sudo.h gets included first + * check.c: + niceties for C compiler bitches -- no real change + [0fc0b1a5fb64] -1993-10-17 20:31 millert +1993-11-29 Todd C. Miller - * parse.lex: now can use flex + * visudo.c: + now doesn't fclose a file never opened. + [ee888ec9427d] -1993-10-17 20:31 millert +1993-11-28 Todd C. Miller - * sudo.h: linux patch + * sudo.man: + added visudo line + [698d51c66407] -1993-10-17 20:30 millert + * sudo.man: + added error stuff added me in there... + [d202fd34b906] - * sudo.c: hpux 9 fix, removes SHLIB_PATH linux patch + * CHANGES: + noted insults + [998a22c2230c] -1993-10-17 20:30 millert + * INSTALL: + added blurb about reading stuff + [e71db100798f] - * check.c: linux diff + * sudo.h: + added insults + [c110431cec56] -1993-10-15 16:03 millert + * insults.h: + corrected somments and removed newlines + [493706fd488c] - * find_path.c: stat now ignores EINVAL + * check.c: + now uses insults + [6d23cf06a0ef] -1993-10-05 21:48 millert + * insults.h: + Initial revision + [83153c26b4a3] - * find_path.c, sudo.c: now declare strdup as extern + * INSTALL: + added dec syslog note + [555437273237] -1993-10-04 15:23 millert + * sample.sudoers: + added real stuff in there + [53442a7fba78] - * visudo.c: reformatted with indent + by hand + * TODO: + added a todo + [c630472bd4dc] -1993-10-04 15:10 millert + * TODO: + added one + [806464453284] - * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, - sudo.h: used indent to "fix" coding style +1993-11-27 Todd C. Miller -1993-10-03 20:12 millert + * sample.sudoers: + Initial revision + [7db0a9f1ca8f] - * find_path.c: now checks '.' or '.' or '' in PATH -- but does it - LAST should maybe move the code that does this into the loop - body. makes it messier tho. hmmm. + * sudo.man: + updated with changes + [d9bf254c6c08] -1993-09-08 11:53 millert + * sudo.man: + Initial revision + [dd6f11174ac6] - * find_path.c: redid the fix for non-executable files in an easier - to read way plus some minor aethetic changes + * indent.pro: + Initial revision + [dbfbb494fad9] -1993-09-08 11:39 millert + * CHANGES, COPYING, INSTALL, README, TODO: + Initial revision + [6d98f489a079] - * find_path.c: fixed bug with non-executable tings of same name in - path introduced by checkig errno after stat(2). + * visudo.c: + updated version number and took out jeff's old addr since it is no + good + [ee47c24818cb] -1993-09-05 10:02 millert + * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc, + sudo.c, sudo.h: + updated version number and took out jeff's email (since it is + invalid) + [54616458a52e] - * sudo.c: fixed off by one error +1993-10-28 Todd C. Miller -1993-09-05 09:55 millert + * check.c: + added fflush() + [145c881f4fb4] - * find_path.c: now handles decending below '/' correctly +1993-10-23 Todd C. Miller -1993-09-05 08:35 millert + * find_path.c: + now return NULL instead pfof exiting for nopnn-fatal errors + [8bc74f8cb1ae] - * sudo.c: now actually builds Envp instead of munging envp +1993-10-21 Todd C. Miller -1993-09-04 15:42 millert + * check.c: + new banner + [5387ab2af516] - * parse.yacc: now includes sys/param.h + * parse.lex: + now sudo.h gets included first + [2acb01c18e18] -1993-09-04 15:41 millert +1993-10-18 Todd C. Miller - * visudo.c: now includes sys/param.h + * parse.lex: + now can use flex + [164d3839adf0] -1993-09-04 15:30 millert + * sudo.h: + linux patch + [f1b6b1b1a2ca] - * sudo.h: fixed ifndef -> ifdef + * sudo.c: + hpux 9 fix, removes SHLIB_PATH linux patch + [67611dc1737f] -1993-09-04 15:19 millert + * check.c: + linux diff + [c24536682397] - * qualify.c: make more like find_path.c +1993-10-15 Todd C. Miller -1993-09-04 15:18 millert + * find_path.c: + stat now ignores EINVAL + [c7761a5dc642] - * find_path.c: rewritten by millert +1993-10-06 Todd C. Miller -1993-09-04 15:17 millert + * find_path.c, sudo.c: + now declare strdup as extern + [6b7d6f8784b5] - * sudo.h: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP - added info about new defines in the comment +1993-10-04 Todd C. Miller -1993-09-04 15:15 millert + * visudo.c: + reformatted with indent + by hand + [9d43084e4990] - * logging.c: now uses USE_CWD + * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h: + used indent to "fix" coding style + [489ffacbdc70] -1993-09-04 14:10 millert + * find_path.c: + now checks '.' or '.' or '' in PATH -- but does it LAST should maybe + move the code that does this into the loop body. makes it messier + tho. hmmm. + [c4d22b48da9a] - * sudo.h: added delc for clean_envp() and Envp +1993-09-08 Todd C. Miller -1993-09-04 14:09 millert + * find_path.c: + redid the fix for non-executable files in an easier to read way plus + some minor aethetic changes + [84fe337f1426] - * sudo.c: now rips LD_* env vars out of envp and passed sanitized - Envp to exec + * find_path.c: + fixed bug with non-executable tings of same name in path introduced + by checkig errno after stat(2). + [c2a812cfcbc1] -1993-09-04 14:09 millert +1993-09-05 Todd C. Miller - * logging.c: now uses execve() + * sudo.c: + fixed off by one error + [fabb7cee0041] -1993-09-04 14:08 millert + * find_path.c: + now handles decending below '/' correctly + [5d2ddfc0b220] - * find_path.c: ENOTDIR is ok now too (in case part of the path is - bogus) + * sudo.c: + now actually builds Envp instead of munging envp + [bdc4b08f6898] -1993-09-04 08:17 millert +1993-09-04 Todd C. Miller - * qualify.c: now works correctly (ttaltotal rewrite) + * parse.yacc: + now includes sys/param.h + [efbb494ab4de] -1993-09-04 07:59 millert + * visudo.c: + now includes sys/param.h + [ad6c91d59958] - * parse.lex: now includes sys/param.h didn't match trailing / -- - fix from rouilj@cs.umb.edu + * sudo.h: + fixed ifndef -> ifdef + [7aebe822d863] -1993-06-11 18:04 millert + * qualify.c: + make more like find_path.c + [853b2dab2e03] - * sudo.c: moved around the #ifndef _AIX + * find_path.c: + rewritten by millert + [c6a043cc11b3] -1993-06-11 18:03 millert + * sudo.h: + fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info + about new defines in the comment + [39ffefce3aec] - * check.c, logging.c, parse.c: Initial revision + * logging.c: + now uses USE_CWD + [fa0f3b118bb3] -1993-03-20 07:57 millert + * sudo.h: + added delc for clean_envp() and Envp + [a12034e300c2] - * qualify.c: Initial revision + * sudo.c: + now rips LD_* env vars out of envp and passed sanitized Envp to exec + [d201a218e056] -1993-03-13 15:09 millert + * logging.c: + now uses execve() + [f3e01032cd33] - * find_path.c: now works if you do sudo bin/test + * find_path.c: + ENOTDIR is ok now too (in case part of the path is bogus) + [b5cbbb201bb5] -1993-03-13 14:20 millert + * qualify.c: + now works correctly (ttaltotal rewrite) + [0c25d64a5c68] - * find_path.c: works + * parse.lex: + now includes sys/param.h didn't match trailing / -- fix from + rouilj@cs.umb.edu + [b6363ba110af] -1993-03-02 18:28 millert +1993-06-11 Todd C. Miller - * sudo.h: Initial revision + * sudo.c: + moved around the #ifndef _AIX + [7d4330950c20] -1993-03-02 11:35 millert + * check.c, logging.c, parse.c: + Initial revision + [c101e9572d7f] - * visudo.c: Initial revision +1993-03-20 Todd C. Miller -1993-03-02 11:32 millert + * qualify.c: + Initial revision + [5a5f21d0e0bf] - * parse.lex, parse.yacc: Initial revision +1993-03-13 Todd C. Miller -1993-02-16 13:24 millert + * find_path.c: + now works if you do sudo bin/test + [07835120ce43] - * sudo.c: took out errno.h + * find_path.c: + works + [c3da8b5efa20] -1993-02-16 13:22 millert +1993-03-02 Todd C. Miller - * sudo.c: now spews error if exec fails and exits with -1 + * sudo.h: + Initial revision + [28a1caa38b72] -1993-02-16 12:07 millert + * visudo.c: + Initial revision + [0e5cd7c3cdbe] - * sudo.c: Initial revision + * parse.lex, parse.yacc: + Initial revision + [5f2d0cccb06b] -1993-02-15 22:27 millert +1993-02-16 Todd C. Miller - * find_path.c: now only execs files with (an) executable bit set. + * sudo.c: + took out errno.h + [7466431a2655] -1993-02-15 22:01 millert + * sudo.c: + now spews error if exec fails and exits with -1 + [e5c41ea725c1] - * find_path.c: Initial revision + * sudo.c: + Initial revision + [8aeabe39a0c2] -1993-02-15 14:32 millert + * find_path.c: + now only execs files with (an) executable bit set. + [0a451f9c0e58] - * getpass.c: added nice comment + * find_path.c: + Initial revision + [02a534891a35] -1993-02-15 14:19 millert +1993-02-15 Todd C. Miller - * getpass.c: now works on sgi's + * getpass.c: + added nice comment + [ea8b2aaa9389] -1993-02-15 13:57 millert + * getpass.c: + now works on sgi's + [bf2b7c6d0960] - * getpass.c: Initial revision + * getpass.c: + Initial revision + [9f4de251c1b5]