X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=ChangeLog;h=732fa25a62a43faa5b6295e423face335b847d5e;hb=2d23f390f17883b0a39e4bba210354a329cf0fc8;hp=f513fa2a4df8cbffd4263b3700ed9e5fe0422638;hpb=abffa756f90bac83386a0677f18518136710b22a;p=debian%2Fsudo diff --git a/ChangeLog b/ChangeLog index f513fa2..732fa25 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,20239 +1,36719 @@ -2009-07-18 09:55 millert +2013-06-12 Todd C. Miller - * toke.c, toke.l: Fix expansion of %h in #include names. Fixes - bugzilla 363 + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Fix typo; bug 605 + [41f7b46a6e51] -2009-07-12 17:17 millert +2013-06-04 Todd C. Miller - * mkdefaults: If no arg assume def_data.in + * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo, + src/po/tr.mo: + Regen .mo files that were out of date. + [9e25a254f9db] -2009-07-11 21:27 millert +2013-05-30 Todd C. Miller - * README, WHATSNEW: Update for 1.7.2 + * NEWS, configure, configure.in: + On Solaris 11 and higher, tag binaries for ASLR if supported by the + linker. + [a2a6cafa3e60] -2009-07-11 21:12 millert + * mkpkg: + No longer need to disable PIE on Solaris. + [cf90019ae67e] - * ChangeLog: sync +2013-05-28 Todd C. Miller -2009-06-30 08:41 millert + * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING: + Restrict default creation of PIE binaries (-fPIE and -pie) to Linux. + OpenBSD also supports PIE but enables it by default so we don't need + to do anything. This fixes problems on systems with a version of + GNU ld that accepts -pie but where the run-time linker doesn't + actually support PIE. Also verify that a trivial PIE binary works + unless PIE is explicitly enabled. + [3c5f125efeb1] - * sudoers.cat, sudoers.man.in, sudoers.pod: Add missing single - quotes around a colon in Runas_Spec definition. From Elias - Benali. +2013-05-24 Todd C. Miller -2009-06-29 09:36 millert + * aclocal.m4, configure, configure.in: + Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld + where we can end up crashing due to malloc() failures. Sems OK when + Using Sun as and ld. + [b8ba412102ab] - * redblack.c: In rbrepair, re-color the root or the first non-block - node we find to be black. Re-coloring the root is probably not - needed but won't hurt. + * NEWS: + Update with final changes. + [78ff6d2ed47a] -2009-06-29 09:35 millert +2013-05-23 Todd C. Miller - * sudo.cat, sudoers.cat, sudo.man.in, sudoers.man.in: regen + * configure, configure.in: + Add -fPIE to PIE_LDFLAGS as per gcc manual. + [fe900cbb0780] -2009-06-26 16:40 millert +2013-05-22 Todd C. Miller - * redblack.c: When repairing the tree, don't touch the root node. + * common/Makefile.in, compat/Makefile.in: + Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs + [f84bc7482b78] -2009-06-25 08:44 millert + * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/visudo/test4.out.ok, + plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c: + Replace sequence number-based cycle detection in visudo with a + "used" flag in struct alias. The caller is required to call + alias_put() when it is done with the alias. Inspired by a patch + from Daniel Kopecek. + [0bdbac1b3b39] + +2013-05-20 Todd C. Miller + + * plugins/sudoers/iolog.c: + Eliminate a few relocations related to sudoers_io. + [18e9e2cc3367] + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po: + Sync with translationproject.org + [f38cc128a2ad] + +2013-05-18 Todd C. Miller + + * src/ttyname.c: + Clarify a comment. + [7a045ee06e95] + +2013-05-16 Todd C. Miller + + * src/ttyname.c: + Handle d_type == DT_UNKNOWN when resolving the device to a name and + sprinkle some more debugging. + [8774133747d9] + +2013-05-03 Todd C. Miller + + * doc/TROUBLESHOOTING: + Add message about disabling PIE if sudo gets SIGSEGV. + [c786af2a6751] + + * plugins/sudoers/check.h, plugins/sudoers/timestamp.c: + No longer store the ctime of a devpts tty. The handling of ctime on + devpts in Linux has been changed to conform to POSIX. As a result + we can no longer assume that the ctime will stay unchanged + throughout the life of the session. We store the session ID in the + time stamp file so there is a much smaller chance of the time stamp + file being reused by a new login. While here, store the uid/gid in + the timestamp file too for good measure. + [7028b21f7a9b] + + * configure, configure.in: + PIE is broken on FreeBSD/arm + [f232c60d6229] + + * mkpkg: + Add explicit sendmail path for Linux since we may not have sendmail + installed in the build chroot. + [1ba2f84f4ff0] + +2013-05-01 Todd C. Miller + + * common/sudo_debug.c, plugins/sudoers/iolog.c, + plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c: + Quiet a few -Wunused-result compiler warnings. + [ef12afb61423] + +2013-04-30 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention what SHA-2 formats are supported. + [bf298d0fdf8a] + + * doc/CONTRIBUTORS: + List code and translations separately. + [826547bc1295] + +2013-04-29 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: + Sync with translationproject.org + [9499a6f438b8] + + * plugins/sudoers/po/sudoers.pot: + regen + [cce449e284a6] + + * Makefile.in: + Fix c-format for fatal/fatalx + [4ad81d3faaeb] + +2013-04-26 Todd C. Miller + + * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h: + Change some error/errorx -> fatal/fatalx in comments and xgettext + flags. + [9d9b64fa2ec9] + + * NEWS: + There is now a Turkish translation of sudoers. + [701c5af6aa76] + + * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + Updated translations from translationproject.org including new + Turkish translation. + [9cedbb50d90f] + +2013-04-25 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that sudoers will re-use existing I/O log paths unless they + are mktemp-style with trailing X's. + [4f43bd13d9e7] + + * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: + Allow ldap_conf and ldap_secret to be specified as plugin arguments + in sudo.conf + [37c6c425b565] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + sudoers_debug is now deprecated in favor of the sudo debugging + framework. + [1195be1ec254] + + * plugins/sudoers/ldap.c: + Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use + SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the + debug file with the ldap subsystem. The sudoers_debug setting in + ldap.conf is still honored for now but will be removed in a future + release. + [cfa42b4b913e] + +2013-04-24 Todd C. Miller + + * plugins/sudoers/sudoers2ldif: + Add support for converting sudoers files with SHA-2 command digests. + [dc0d03485946] + + * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg, + plugins/sudoers/sudoers2ldif: + Add copyright notice to scripts + [5e8bd4e6083f] + + * MANIFEST, plugins/sudoers/regress/sudoers/test14.in, + plugins/sudoers/regress/sudoers/test14.out.ok, + plugins/sudoers/regress/sudoers/test14.toke.ok: + Add regress for SHA-2 digests. + [0b258c2a2a95] + + * compat/getgrouplist.c: + Solaris maps negative gids to GID_NOBODY. + [57050e5c750f] + + * plugins/sudoers/visudo.c: + Clear up an llvm checker warning which appears to be a false + positive and fix an old XXX while I'm at it. + [9ee13133e596] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Correct last change date + [3bc1fa5b0f76] + + * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c: + No need to translate this error message. + [4d9941970a26] + + * doc/UPGRADE: + Mention .sl vs. .so extension handling on HP-UX Mention group + membership changes Fix typos + [40ac0efbdb2b] + + * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c, + common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c, + common/setgroups.c, common/term.c, common/ttysize.c, + compat/Makefile.in, compat/dlopen.c, compat/endian.h, + compat/getline.c, compat/getprogname.c, compat/isblank.c, + compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c, + compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, + compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, + compat/strsignal.c, compat/utimes.c, doc/Makefile.in, + include/Makefile.in, include/alloc.h, include/fileops.h, + include/gettext.h, include/lbuf.h, include/missing.h, + include/sudo_plugin.h, pathnames.h.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, + plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c, + plugins/sudoers/logging.h, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c, + plugins/sudoers/redblack.h, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/visudo.c, plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, src/Makefile.in, + src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c, + src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c, + src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h, + src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c, + src/utmp.c: + Update copyright years. + [5c6d72661bad] + + * plugins/sudoers/mon_systrace.h: + Systrace support was removed long ago. + [10a038a2da77] + +2013-04-23 Todd C. Miller + + * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok, + plugins/sudoers/regress/sudoers/test9.toke.out.ok: + Remove some files that were mistakenly added. + [833502da26de] + + * common/sudo_debug.c, config.h.in, configure, configure.in, + plugins/sudoers/boottime.c, plugins/sudoers/iolog.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c: + Use time(&now) instead of now = time(NULL) when storing the current + time in a time_t (better compiler error checking). Better parsing + and printing of 64-bit time_t on 32-bit platforms. + [c227dc72c04e] + +2013-04-21 Todd C. Miller + + * src/ttyname.c: + Don't check the tty of the parent process. Now that we get the + controlling tty device number from the kernel there is no need. If + the process has really disassociated from the tty then reporting + "unknown" is appropriate. + [62fb66e565db] + +2013-04-20 Todd C. Miller + + * common/error.c: + Use EXIT_FAILURE instead of 1 as the fatal() exit value. + [ed94c2c5e88a] + + * src/sesh.c: + Change remaining errorx -> fatalx + [3f6d70e19303] + +2013-04-19 Todd C. Miller + + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an + error if the entry already exists in the cache. + [94d45970400a] + + * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot: + Change "foo: failed" to just "foo" since we print the string form of + errno. Gets rids of some useless translations. + [476f37349dbc] + +2013-04-18 Todd C. Miller + + * plugins/sudoers/match.c: + Fix pasto in debug_decl + [08650186a239] + + * plugins/sudoers/Makefile.in: + regen + [acf4c34fba2c] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: + Rename log_error() -> log_warning() for consistency with + warning()/fatal() + [474ed5a0e335] + + * plugins/sudoers/auth/API: + The NO_EXIT flag was removed a while ago. + [e0a4be270226] + + * common/aix.c, common/alloc.c, common/error.c, include/error.h, + plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c, + src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, + src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, + src/utmp.c: + Rename error/errorx -> fatal/fatalx and remove the exit value as it + was always 1. + [ea66f58c4da5] + + * NEWS: + digests are supported in sudoers ldap too + [77d6c25f7653] + + * plugins/sudoers/regress/check_symbols/check_symbols.c: + Print test failures to stdout like the final count so the outputis + not displayed out of order. + [f541b78ecb93] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo, + src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po, + src/po/it.po, src/po/tr.po: + Sync with translationproject.org + [cbd70678b99f] + + * Makefile.in: + Check for any uncommitted changes in dist target and add force-dist + target that omit check-dist. + [78dc3f41e37e] + +2013-04-17 Todd C. Miller + + * src/regress/ttyname/check_ttyname.c: + Fix logic bug when checking tty via ttyname(). + [279aee076194] + + * compat/endian.h: + Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and + __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX) + [fe35e0b04502] + + * plugins/sudoers/po/sudoers.pot: + regen + [0ddebccd3045] + + * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document digest support. + [d794c7b9a7bc] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_base64.c: + Simple bas64 decode unit test. + [344b0df0fe50] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h: + Move base64_decode into its own source file. + [30497e7f88bc] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Only check year against 2038 if time_t is 32-bit. + [9c1f2e3fc3ba] + +2013-04-16 Todd C. Miller + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c: + Add digest support for sudoers in ldap and sss. + [314937b5e59e] + + * INSTALL, configure, configure.in: + Error out in configure if the compiler doesn't support "long long". + [d3645c1d50d1] + + * plugins/sudoers/match.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Include stdint.h or inttypes.h before sha2.h + [20ad1c20313d] + + * common/lbuf.c: + Simplify lbuf append functions by moving the realloc code into + lbuf_expand(). We now expand as needed each time bytes need to be + written to the lbuf. Also handle a NULL pointer being passed in for + paranoia's sake. + [6283ee562ef4] + + * plugins/sudoers/iolog.c: + Zero out struct iolog_details early to avoid a potential (though + unlikely) dereference of stack garbage if we hit a fatal error + before iolog_deserialize_info() is called. + [2eeca8be05fb] + +2013-04-15 Todd C. Miller + + * sudo.pp: + Update copyright year. + [b843c6a43238] + + * plugins/sudoers/sudoers_version.h: + Bump SUDOERS_GRAMMAR_VERSION for new digest support. + [188556fb8156] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Sanity check digest in parser so visudo can catch errors. Add base64 + support + [b8586d5cc7ed] + + * MANIFEST, compat/endian.h, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c: + For big endian architectures just use memcpy() instead of BE macros + in a loop. + [c71a0f4a8a8e] + +2013-04-14 Todd C. Miller + + * MANIFEST, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_digest.out.ok, + plugins/sudoers/sha2.h, plugins/sudoers/sssd.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Initial implementation of checksum support in sudoers. Currently + supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format + validation in parser and base64 support. checksum support for + ldap sudoers + [b8f196346eca] + +2013-04-13 Todd C. Miller + + * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h: + SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public + domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai + respectively. + [7511d07c0a83] + +2013-04-11 Todd C. Miller + + * NEWS: + Add sudo 1.8.6p8 + [0666fd0321ae] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot: + Add missing "not" in error message when mixing standalone and non- + standalone authentication methods. + [7eba4439db73] + + * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: + Check for crypt() returning NULL. Traditionally, crypt() never + returned NULL but newer versions of eglibc have a crypt() that does. + Bug #598 + [887b9df243df] + + * plugins/sudoers/auth/pam.c: + Better PAM error messages + [fd7eda53cdd7] + + * plugins/sudoers/auth/kerb5.c: + Better error messages + [98142874a2f4] + + * plugins/sudoers/bsm_audit.c: + Use same error message for getauid() failure. + [07f0d88cb1df] + + * plugins/sudoers/sssd.c: + Start warning with a lower case letter for consistency and to match + existing translated strings. + [b719ac52c9e3] + +2013-04-10 Todd C. Miller + + * mkpkg: + Disable PIE on Solaris where it is not really supported. + [c36c84cdcc7a] + + * src/ttyname.c: + AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit + before we try to match it against st_rdev. + [5dab449fb962] + + * src/ttyname.c: + Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes + a problem finding the tty name when it is not in /dev/pts. + [6c205d087fa0] + + * compat/snprintf.c: + Support %lld and %llu + [feabfa06c954] + + * .hgignore, MANIFEST, src/Makefile.in, + src/regress/ttyname/check_ttyname.c: + Add ttyname test. + [e987038f8c07] + +2013-04-09 Todd C. Miller + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po, + src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, + src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po, + src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: + Sync with translationproject.org + [4d7b73b22079] + + * plugins/sudoers/timestamp.c: + Log timestampfile to debug file. + [e997281146c0] + + * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot: + Don't add the "Password: " string we look up in the PAM text domain + to the sudoers.pot file. + [771b52244abf] + +2013-04-08 Todd C. Miller + + * plugins/sudoers/po/sudoers.pot: + Synce with regcomp() error message change. + [fc6d3dfb8eb8] + + * plugins/sudoers/sudoreplay.c: + Be consistent with error message when regcomp() fails. + [de6c69ba04e4] + +2013-04-05 Todd C. Miller + + * plugins/sudoers/regress/testsudoers/test5.out.ok, + plugins/sudoers/regress/testsudoers/test5.sh: + Use group -1 instead of 1 as the invalid group since the running + user might have group 1 as their default group. + [71404a9fa75d] + + * plugins/sudoers/Makefile.in: + PWD may be a shell builtin, use CWD instead. + [c443105c5091] + +2013-04-04 Todd C. Miller + + * plugins/sudoers/check.c: + Split up check_user(). + [ce7cc0767589] + +2013-04-03 Todd C. Miller + + * config.h.in, configure.in: + Cosmetic fixes in the comments. + [640abee43c14] + +2013-04-02 Todd C. Miller + + * configure, configure.in: + Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status + message for visibility checks when the test fails. + [99665477ee55] + + * config.h.in: + regen + [00c22606719a] + + * configure, configure.in: + We no longer use mbr_check_membership() and setrlimit64() is AIX- + specific. + [43caf685a1f1] + + * Makefile.in: + The first (all) target must be by itself or some makes will choose + the run the entire target list. + [16cf3def49f5] + + * configure, configure.in: + Do exec_prefix expansion when enable_shared even if noexec is not + enabled. + [7ed28cb32d8d] + + * compat/getgrouplist.c: + Use free() not efree() since we don't include alloc.h here + [1a008737be24] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [b939f941346f] + + * plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test5.sh: + Pass in expected gid to testsudoers in addition to the uid that + matches the test sudoers files. + [6a1710e8cac1] + +2013-04-01 Todd C. Miller + + * include/missing.h: + Tru64 5.x does declare innetgr() and getdomainname(). + [c75598e69c7e] + + * plugins/sudoers/match.c: + Fix compilation when getdomainame() is not present. + [e831b017a962] + + * config.h.in, configure.in, include/missing.h: + Move SET/CLR/ISSET from config.h.in to missing.h + [3a3dd29fd7f0] + + * configure, configure.in: + Fix getgrouplist() check. + [12a2adf60e98] + + * MANIFEST: + No more timestamp.h + [5677e26afc0f] + + * plugins/sudoers/check.c: + Neded sys/time.h for struct timeval in struct sudo_tty_info. + [aceaadd8c400] + + * plugins/sudoers/Makefile.in: + regen depends + [21675a8b67e5] + + * NEWS: + Mention libibmldap on HP-UX + [75b4e4b22950] + + * NEWS, plugins/sudoers/match.c: + Instead of checking the domain name explicitly for "(none)", just + check for illegal characters. + [ce35dda811db] + + * plugins/sudoers/visudo.c: + Only warn once when we are unable to open the sudoers file. + [9e27e3aa5b10] + + * plugins/sudoers/sudoers.c: + Fall back to opening /dev/tty to determine whether there is a tty if + the system doesn't have kernel support for determing the tty. + [2775bcf9a9b5] + + * compat/getprogname.c: + Update guard to take __progname into account + [60eae3f20232] + + * compat/snprintf.c: + Some older systems have inttypes.h but not stdint.h + [ed1ef160015f] + + * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c, + compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c, + compat/getline.c, compat/getprogname.c, compat/glob.c, + compat/isblank.c, compat/memrchr.c, compat/mktemp.c, + compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, + compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, + compat/strsignal.c, compat/utimes.c: + Add guards in compat source files. Not really needed since we only + include them in the Makefile if they are needed but should not hurt + either. + [8cbd3b4595b9] + +2013-03-31 Todd C. Miller + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Don't include gram.h in gram.y, its contents are already included. + Move sudoerserror to the end of gram.y so COMMENT is declared when + we need to use it. + [7d72ebdd7222] + +2013-03-29 Todd C. Miller + + * config.h.in, configure.in: + Remove some pre-ANSI cruft. + [6a95704b2116] + + * plugins/sudoers/match.c: + Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h + when it is set. + [da40c550ffed] + + * NEWS, plugins/sudoers/iolog_path.c: + We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but + just leave it as-is. + [9a22de140d28] + +2013-03-28 Todd C. Miller + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Add missing semicolon in rule. + [817d3f1b2a21] + + * plugins/sudoers/sudoers.c: + Now that we can determine the terminal even when file descriptors + are redirected we can check user_ttypath rather than opening + /dev/tty when enforcing requiretty. + [56a28bc09041] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Stash umask in struct sudo_user so we don't need to look it up + later. + [9f85749199dc] + + * plugins/sudoers/sudoers.c: + Minor cosmetic change + [c373e106ed49] + + * plugins/sudoers/regress/parser/check_addr.c: + No longer need to declare interfaces + [d7ff7e579557] + + * plugins/sudoers/logging.c: + Fix compilation in SUDOERS_NO_SEQ case + [9a6db9247534] + + * plugins/sudoers/regress/parser/check_addr.c: + No longer need to define sudo_printf + [578ad13c3546] + + * plugins/sudoers/check.c, plugins/sudoers/check.h, + plugins/sudoers/timestamp.c: + Pass auth_pw to the timestamp functions. + [f603649177d6] + + * plugins/sudoers/iolog_path.c: + Fix SUDOERS_NO_SEQ + [17881f9bcd68] + + * plugins/sudoers/locale.c: + Don't need all of sudoers.h in here + [c518150c6483] + + * plugins/sudoers/sudoers.c: + Don't need to include sudoers_version.h here. + [8abb31102119] + +2013-03-27 Todd C. Miller + + * plugins/sudoers/check.c: + DEFAULT_LECTURE is no longer used. + [f565c00a68c1] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Move sudo_conv into policy.c + [f699aee7136b] + + * plugins/sudoers/pwutil.c: + cosmetic fixes + [930e60389ca8] + + * plugins/sudoers/match.c: + RHEL (and perhaps other Linux distros) use the string "(none)" + instead of an empty string when there is no actual NIS-style domain + name. Bug #596 + [11aec11489ac] + + * plugins/sudoers/match.c: + Fix return values when NAME_MATCH is defined. + [ce030be9ccef] + +2013-03-26 Todd C. Miller + + * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h: + Update copyright year. + [7e4b8d49addd] + + * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h: + Add sudo_set_grlist(), currently unused by the back end. + [b37ac1d0e8fc] + + * plugins/sudoers/pwutil.c: + Remove unused macros, fix a debug_decl + [6136fb4a0d3b] + + * include/missing.h: + Tru64 Unix doesn't prototype innetgr() or getdomainname(). + [585ac1874dfe] + + * include/missing.h: + Whitespace fixes + [0bb28cd91d97] + + * common/error.c: + Don't need to include setjmp.h here, error.h already includes it. + [fd05ab00e186] + +2013-03-25 Todd C. Miller + + * compat/Makefile.in, plugins/sudoers/Makefile.in: + regen depends + [57991f5e16b4] + + * plugins/sudoers/check.h: + Rename guard define. + [ccf4dba241d6] + + * plugins/sudoers/check.c, plugins/sudoers/check.h, + plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: + Move contents of timestamp.h into check.h. + [c139757a9283] + + * plugins/sudoers/sudoers.h: + expand_prompt() is now in prompt.c sudo_printf extern is now in + error.h + [219bd74ca62b] + + * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h, + plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, + plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, + plugins/sudoers/insults.h, plugins/sudoers/interfaces.h, + plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.h, + plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h, + plugins/sudoers/toke.h: + Change multiple inclusion guards to be _SUDOERS_FOO_H + [faace6d55e78] + +2013-03-23 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po: + New Dutch translation for sudo and sudoers New Turkish translation + for sudo From translationproject.org + [bc918b7b23a4] + +2013-03-21 Todd C. Miller + + * config.h.in, configure, configure.in: + Fix a typo in a comment and make sure we don't mistakenly include + _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in + [694d12ac70ec] + +2013-03-19 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Don't build check_symbols if we are linking sudoers in statically. + [f6602723bab7] + + * configure, configure.in: + Use $host_os not $host when we only care about the os name and + version. + [05e4f4fcba06] + + * aclocal.m4, configure, configure.in: + Suppress duplicate -L and -I flags. + [228f2f581aed] + + * common/Makefile.in, compat/regress/fnmatch/fnm_test.c: + Fix regress tests on non-OpenBSD platforms. + [9d91bc859c50] + + * configure, configure.in: + If we find sasl/sasl.h there's no need to check for sasl.h too + [889efaa86012] + + * aclocal.m4, configure, configure.in: + Add -R flags at the very end after configure link tests are done + since we can only count on libtool to accept -R, the compiler front + end may not. Also unify the libldap and libibmldap tests using + AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by + libibmldap (but is not an explicit dependency). + [ab1451894351] + +2013-03-18 Todd C. Miller + + * configure, configure.in: + Back out changes that broke detection of skey, opie and ldap + libraries. + [ffa82b8f8641] + + * plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test4.sh, + plugins/sudoers/regress/testsudoers/test5.sh, + plugins/sudoers/regress/visudo/test1.sh, + plugins/sudoers/regress/visudo/test2.sh, + plugins/sudoers/regress/visudo/test3.sh: + Add explicit "exit 0" to prevent the check target from ending + prematurely. + [cca411b492bd] + + * plugins/sudoers/Makefile.in: + Fix exit values in check target so we don't have to ignore errors. + [cbc429c409e9] + + * plugins/sudoers/Makefile.in: + Fail a test if there is unexpected stderr output. + [4fc24d536bec] + + * MANIFEST: + Fix path to sudo.conf manuals; remove non-existant test2.err.ok + [6b8bcd60dd85] + + * src/load_plugins.c: + Fix compilation in dynamic mode. + [679856fa0774] + + * configure, configure.in: + On HP-UX, libibmldap has a hidden dependency on libCsup + [22994709d77c] + + * compat/dlopen.c: + Pass BIND_VERBOSE to shl_load() + [0060b9cfa9ab] + + * configure, configure.in: + Only create static helper libs when --disable-shared is specified. + [1fcdb1a437e0] + + * src/load_plugins.c: + Ubreak static build. + [4ac9f96be285] + + * INSTALL, aclocal.m4, configure, configure.in: + Replace --with-rpath and --with-blibpath with --disable-rpath. Now + that we use libtool for linking we can just use the -R flag and have + libtool translate it to the proper linker flag. + [09798fad6888] + +2013-03-15 Todd C. Miller + + * src/exec_pty.c: + Bump I/O buffer size 32K + [4ef793225309] + +2013-03-14 Todd C. Miller + + * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in: + Document sesh Path setting. + [34b0b903b4f8] + + * src/exec.c, src/exec_common.c: + Move exec_cmnd to exec.c to fix a compilation issue with sesh.c + [06aa1956f38d] + + * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h, + src/selinux.c: + Make sesh path configurable in sudo.conf + [91d331f273b7] + + * configure, configure.in: + Use -fno-pie and -nopie if supported when --disable-pie is + specified. + [777138c04dcc] + +2013-03-13 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document direct execution of the command if the policy plugin has no + close function. + [6a14145c6e80] + +2013-03-07 Todd C. Miller + + * plugins/sudoers/auth/pam.c: + Only delete creds if we actually established them. Print an error if + pam_setcred() fails and we actually authenticated. + [1e015314903b] + + * common/Makefile.in, plugins/group_file/Makefile.in: + regen + [dd8cee2a5e1b] + + * common/alloc.c, include/alloc.h: + Convert efree() to a macro that just casts to void * and does + free(). If the system free() can't handle free(NULL) this may crash + but C89 was a long time ago. + [efd0ff9270fb] + + * configure, configure.in: + Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS. + Fixes a problem with errno sometimes not being set on error on HP- + UX. + [54b419d58320] + + * common/sudo_debug.c: + Fix debug logging from the plugin when there is no error number. + This was broken in the big debugging reorg for 1.8.7. + [2ea7e145e928] + +2013-03-06 Todd C. Miller + + * configure, configure.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/load_plugins.c: + Always install plugins with a .so extension regardless of what + extension the system uses for shared libraries. That way the + group_plugin sudoers setting can be shared between heterogenous + systems. + [a7e6ecff6fdf] + + * plugins/sudoers/match.c: + Mac OS X has netgroup functions in netdb.h. + [243881a974aa] + + * plugins/sudoers/parse.h: + Tags in struct cmndtag can be set to IMPLIED as well. + [cb6926988cc8] + + * plugins/sudoers/parse.c: + Quiet a compiler warning. + [14e608c2001d] + + * plugins/sudoers/testsudoers.c: + Quiet an llvm checker warning. + [2eeb9f3d08f3] + + * plugins/sudoers/parse.c: + Quiet gcc -Wuninitialized false positive + [643ad987503d] + +2013-03-05 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Document group_file and system_group plugins. + [b56511e79230] + + * NEWS: + Sudo 1.8.7 + [e95183b8fa27] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Try to clarify that sudoedit in sudoers should not include a leading + pathname. + [7b2beac92a9c] + + * plugins/sudoers/pwutil_impl.c: + Make sure groupname_len is at least 32 just to be on the safe side. + It is better to allocate a little extra and not need it than to have + to reallocate and start over. + [6d3e1ba47de9] + + * include/alloc.h, include/missing.h: + Add __malloc_like macro to apply __malloc__ attribute to emalloc, + ecalloc and estrdup. It cannot be applied to realloc since that may + return the same pointer. + [8d70cb81d1f1] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix potential double free in an error path. + [657573feb6a4] + + * src/exec_pty.c: + When running the command in a pty, defer the call to exec_setup() + until just before we exec the command. This is consistent with the + non-pty path. As a side effect, the monitor process runs as root + and not the runas user. + [e2a7f8c7ee4c] + +2013-03-02 Todd C. Miller + + * compat/closefrom.c: + Update copyright year. + [9b652af4dfc0] + +2013-03-01 Todd C. Miller + + * compat/closefrom.c: + Use pst_highestfd from pstat_getproc() on HP-UX. + [09f3fea46a3d] + +2013-02-28 Todd C. Miller + + * Makefile.in, common/Makefile.in, doc/Makefile.in, + plugins/sudoers/Makefile.in: + Clean up generated test files and other minor housekeeping. + [f5f4fdd908e1] + + * plugins/sudoers/iolog.c: + Add back gettimeofday() call inadvertantly removed in e1abb9810a83 + [675cce8401ae] + + * config.h.in, configure, configure.in, src/ttyname.c: + Use pstat() on HP-UX to determine the tty device. + [2884af22a9df] + + * plugins/sudoers/auth/pam.c: + Fix PAM compilation: def_pam_session, not just pam_session. + [5417d7acc6ea] + + * doc/fixmdoc.sh: + Don't remove the -S option description when trimming out selinux. + Bug #592 + [8a94f2cfa0a0] + +2013-02-25 Todd C. Miller + + * NEWS: + Update for Sudo 1.8.6p7 + [0858a73e9c40] + +2013-02-24 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document when sudo may exec the command directly instead of forking. + [da41951edc28] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document that close and version be NULL for plugin API >= 1.3 and + that sudo may execute the command directly if there is no close, or + pty or timeout needed. + [e5f929ddeaf8] + + * plugins/sudoers/auth/sudo_auth.c: + Fix debug_decl for sudo_auth_begin_session and + sudo_auth_end_session. + [58243392c0df] + + * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: + Add pam_session sudoers option. + [d994465db9f1] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h: + Dummy out close function if there is no end_session for the auth + method and the front-end can handle a NULL close function. Avoids + the extra sudo process when we don't actually need it. + [74886d5b0fb6] + +2013-02-23 Todd C. Miller + + * Makefile.in, aclocal.m4: + Add m4/ to paths m4_include parameters so we don't need to use + autoconf's -I flag. + [4fd86e7a84f3] + + * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h, + src/sudo_plugin_int.h: + If the policy plugin does not provide a close function, there is no + command timeout and no pty is required, skip the event loop and just + exec the command directly. + [ad532f107170] + + * src/sudo.c: + Do not crash if the plugin close and version functions are not + defined. If there is no policy close function, simply print a + warning that the command was not found. + [c789a9dd54e8] + +2013-02-21 Todd C. Miller + + * plugins/sudoers/parse.c: + Fix typos in selinux/solaris privs specific code. + [9af3999361b4] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, src/parse_args.c: + Pass the default plugin directory to the plugin via the settings + list. Could be used by a stacking plugin. + [688e771fc145] + + * plugins/sudoers/timestamp.c: + Completely ignore time stamp file if it is set to the epoch, + regardless of what gettimeofday() returns. + [df58842af660] + + * doc/CONTRIBUTORS: + Add Nikolai Kondrashov + [df59791438f9] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Use userpw_matches() for username matching so #uid works for + sudoRunAsUser. + [a124062334df] + + * plugins/sudoers/sssd.c: + Avoid calling realloc3() with a zero size parameter when all + retrieved sssd rules fail. Otherwise we'll get a run-time error due + to malloc(0) checking. + [84dfcb73ebd7] + + * plugins/sudoers/sssd.c: + Do not send error mail if a user is not found in SSSD. Local users + can run sudo too. From Nikolai Kondrashov + [3d2ae99ee468] + +2013-02-20 Todd C. Miller + + * MANIFEST, common/regress/sudo_conf/test4.in, + common/regress/sudo_conf/test4.out.ok: + Test setting disable_coredump to illegal value. + [3c71c6c49027] + + * common/sudo_conf.c: + Fix atobool() usage. + [d40c9f4d06b0] + + * common/regress/sudo_conf/conf_test.c: + Remove unused variable. + [328b524b365b] + + * plugins/sudoers/sudoers.c: + Make "sudo -l non_existent_command" warn that non_existent_command + doesn't exist, not the "list" pseudo-command. + [9dc0388fc4f3] + + * plugins/sudoers/parse.c: + Make sudoers file long list output better match the format used by + ldap sudoers. Tags are now converted to options and there is a + single command per line. + [6e6dc3f20d84] + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use the correct the sudoers policy symbol names and undo an editor + goof committed when adding max_groups to sudo.conf. + [2a6f7ddf5cc3] + + * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: + For "sudo -l" start a new line if the runas list changes to make the + output easier to read. + [7dc3d724c924] + +2013-02-19 Todd C. Miller + + * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: + For "sudo -l" and "sudo -ll" only print the runas info for + subsequent commands in a list if the runas info has changed. If we + have new runas info, print out the tags again so as to be less + confusing to the user. For "sudo -ll" set the line continuation + indent to 8. + [b5ec02fe7fc1] + +2013-02-18 Todd C. Miller + + * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/group_file/group_file.exp, + plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in, + plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, + plugins/sample_group/sample_group.c, + plugins/sample_group/sample_group.exp: + Rename sample_group plugin to group_file. Install group_file and + system_group plugins by default. + [951b3e446fae] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/iolog.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add maxseq sudoers option to limit the max number of I/O log files. + [e1abb9810a83] + +2013-02-16 Todd C. Miller + + * plugins/sudoers/iolog.c: + Log lines and columns in the iolog file. + [03adb6230e05] + +2013-02-15 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c, + common/regress/sudo_conf/test1.in, + common/regress/sudo_conf/test1.out.ok, + common/regress/sudo_conf/test2.in, + common/regress/sudo_conf/test2.out.ok, + common/regress/sudo_conf/test3.in, + common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c, + include/sudo_conf.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c, + src/sudo.c: + Add simple regress tests for sudo.conf parsing. + [3c36b61bf61c] + + * src/sudo.c: + Always display the I/O plugin version as long as its open functions + doesn't return an error. Previously it was only displayed if the + plugin open returned 1. + [4b0277db3f8c] + + * plugins/sudoers/pwutil_impl.c: + Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead + of poking around in struct utmpx. + [2c0cc5c42958] + + * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c: + #include "sudo_usage.h" not so we get the one in the + build directory and not the src dir when using a separate build + directory. + [1fcb7ba13018] + +2013-02-14 Todd C. Miller + + * common/fileops.c: + If a line was longer that 0x80000000 the bit hack to round to the + next power of two would roll over to zero. + [f4f729cf6f0f] + + * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/sudoers.h, src/sudo.c: + Use max_groups in front-end and plugin. + [bf1e74166831] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, src/parse_args.c: + Pass max_groups to plugin in settings list. + [d7d76e8651f4] + + * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, include/sudo_conf.h: + Add max_groups setting to sudo.conf (currently unused) and remove + unused return value from setters. + [f6494f71e1f0] + +2013-02-12 Todd C. Miller + + * INSTALL: + Reorganize configure options + [23475de8039f] + +2013-02-11 Todd C. Miller + + * NEWS: + Add Sudo 1.8.6p7 + [5192fc511cbe] + +2013-02-10 Todd C. Miller + + * INSTALL.configure: + Sync with autoconf 2.68 + [985e5c8efa4e] + + * INSTALL, README: + Remove obsolete OS notes and move build requirements to INSTALL. + [bf0dd53ca164] + +2013-02-08 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Sort elements of the settings, user_info and command_info lists. + [663062ada5b7] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Remove trailing white space + [027916a6c8e7] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: + Store the session ID in the tty ticket file too. A tty may only be + in one session at a time so if the session ID doesn't match we + ignore the ticket. + [4eb2cb8df48b] + +2013-02-07 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c: + Move tzset() call from sudoers plugin to sudo front end. + [3c058dad8772] + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Mention line continuation + [399873f8c805] + + * MANIFEST, common/Makefile.in, common/fileops.c, + common/regress/sudo_parseln/parseln_test.c, + common/regress/sudo_parseln/test1.in, + common/regress/sudo_parseln/test1.out.ok, + common/regress/sudo_parseln/test2.in, + common/regress/sudo_parseln/test2.out.ok, + common/regress/sudo_parseln/test3.in, + common/regress/sudo_parseln/test3.out.ok, + common/regress/sudo_parseln/test4.in, + common/regress/sudo_parseln/test4.out.ok, + common/regress/sudo_parseln/test5.in, + common/regress/sudo_parseln/test5.out.ok, + common/regress/sudo_parseln/test6.in, + common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c, + include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudo_nss.c: + Add line continuation support to sudo_parseln() and make it use + getline() instead of fgets() internally. + [d02bf3973fc5] + +2013-02-06 Todd C. Miller + + * plugins/sample/sample_plugin.c: + Fix memory leak in error path; found by llvm checker + [d090c26a5b00] + + * plugins/sudoers/sudoreplay.c: + Remove useless store detected by llvm checker. + [12a4db91651a] + + * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in, + src/load_plugins.c, sudo.pp: + Sudo now stores its libexec files in a "sudo" subdirectory instead + of in libexec itself. For backwards compatibility, if the plugin is + not found in the default plugin directory, sudo will check the + parent directory default directory ends in "/sudo". + [5de67de76489] + + * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c, + plugins/system_group/system_group.c: + Add missing __dso_public to plugin structs so they are exported. + [dde703577621] + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Mention that sudoers has its own plugins too. + [0a6c6203b512] + +2013-02-05 Todd C. Miller + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Correct last change date. + [45894291d792] + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Remove duplicated sudo.conf info in the sudo, sudoers and + sudo_plugin manuals and cross-reference the new sudo.conf manual. + [b808ba29cf3a] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Fix typos + [0e70964150c6] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Fix some typos. + [94ae045cfbc6] + + * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in: + Add standalone sudo.conf manual page. + [d64d949b700c] + + * doc/sample.sudo.conf: + add group_source example + [118c1ba1c014] + + * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in, + doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf. + [f5bd6006dc1c] + + * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo, + src/po/it.po: + Sync with translationproject.org + [a6f2b9aac371] + +2013-02-03 Todd C. Miller + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo, + src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo, + src/po/vi.po: + Sync with translationproject.org + [ba546666969d] + +2013-02-01 Todd C. Miller + + * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, + plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po, + src/po/es.po, src/po/gl.po: + Sync with translationproject.org + [cdc454e34c03] + +2013-01-31 Todd C. Miller + + * NEWS: + Clarify ttyname changes. + [cbf2f80fe582] + + * NEWS: + Add 1.8.6p6 + [3aa591e98b3b] + + * src/ttyname.c: + Remove ttyname() fall back code on systems where we can query the + kernel for the tty device via /proc or sysctl(). If there is no + controlling tty, it is better to just treat the tty as unknown + rather than to blindly use what is hooked up to std{in,out,err}. + [b2bd3005d2e4] + +2013-01-27 Todd C. Miller + + * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c: + Add group_source setting in sudo.conf to allow the admin to specify + how a user's groups are looked up. Legal values are static (just + the kernel list from getgroups), dynamic (whatever the group + database includes) and adaptive (only use group db if kernel group + list is full). + [87a5b02e22ad] + + * plugins/sudoers/policy.c: + Pass back exec_background to front end if it is enabled in sudoers. + [8230e1cd0bbd] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention that exec_background is for 1.8.7 and higher only. + [fdf0d5a3e182] + +2013-01-24 Todd C. Miller + + * MANIFEST: + Add missing test files. + [1165389aa5e6] + + * plugins/sudoers/regress/visudo/test3.err.ok, + plugins/sudoers/regress/visudo/test3.out.ok, + plugins/sudoers/regress/visudo/test3.sh: + Add regress test for bug 361 + [54c7fb61b82d] + + * plugins/sudoers/iolog.c: + Add __dso_public to extern declaration of declaration to match + actual definition. + [4695ded501e6] + + * NEWS: + Add 1.8.6p5 + [b07b28c5c4d7] + +2013-01-23 Todd C. Miller + + * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok, + plugins/sudoers/regress/visudo/test2.out.ok, + plugins/sudoers/regress/visudo/test2.sh: + Add test for visudo cycle check core dump; test case from Daniel + Kopecek + [41074541147a] + + * plugins/sudoers/visudo.c: + Fix potential stack overflow due to infinite recursion in alias + cycle detection. From Daniel Kopecek. + [d7e018a87434] + + * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c: + Ignore duplicate entries in sudo.conf and report the line number + when there is an error. Warn, don't abort if there is more than one + policy plugin. + [dfcb5a698f0a] + + * plugins/sudoers/tsgetgrpw.c: + Use strtoul() not atoi(). + [58a52cf9b6b8] + +2013-01-22 Todd C. Miller + + * compat/Makefile.in: + regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo + [9b44e9d26d16] + + * compat/nss_dbdefs.h: + Fix typo that breaks the build on HP-UX. + [b9ab6ba23485] + + * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in, + configure, configure.in: + Use nss_search() to implement getgrouplist() where available. + Tested on Solaris and HP-UX. We need to include a compatibility + header for HP-UX which uses the Solaris nsswitch implementation but + doesn't ship nss_dbdefs.h. + [d29dbc4dc06d] + +2013-01-19 Todd C. Miller + + * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h: + Remove extra flag to sudo_sigaction(). We want to trap the signal + regardless of whether or not it is ignored by the underlying command + since there's no way to know what signal handlers the command will + install. Now we just use sudo_sigaction() to set a flag in + saved_signals[] to indicate whether a signal needs to be restored + before exec. + [c042d52c7192] + +2013-01-18 Todd C. Miller + + * compat/getgrouplist.c, config.h.in, configure, configure.in: + Use _getgroupsbymember() on Solaris to get the groups list. Fixes + performance problems with the getgroupslist() compat on Solaris + systems with network-based group databases. + [287d3ae2ce8d] + +2013-01-17 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document signal handler behavior in plugin API 1.3 + [20dc9d1c105f] + + * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c, + src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h: + Move signal code into its own source file and add sudo_sigaction() + wrapper that has an extra flag to check the saved_signals list to + only install the handler if the signal is not already ignored. Bump + plugin API version for the new front-end signal behavior. + [5d2f27a1b404] + + * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h, + src/sudo_exec.h: + Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute + the command. If we get SIGINT or SIGQUIT, call the plugin close() + functions as if the command was interrupted. If we get SIGTSTP, + uninstall the handler and deliver SIGTSTP to ourselves. + [332baf3a81b7] + + * src/exec.c, src/exec_pty.c: + Rename handle_signals() to dispatch_signals(). Block other signals + in handler() so we don't have to worry about the write() being + interrupted. + [666e95c9a0f1] + +2013-01-16 Todd C. Miller + + * src/tgetpass.c: + Rename signal handler to avoid name clash with one in exec.c + [8913101a29b6] + +2013-01-13 Todd C. Miller + + * src/sudo.c: + Add missing call to save_signals(). + [47d075d7326b] + +2013-01-11 Todd C. Miller + + * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Fill in the comment block at the top of the .pot files and preserve + it when regenerating them. + [6449497b76db] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Add exec_background option in plugin command info and a sudoers + option to match. When set, commands are started in the background + and automatically foregrounded as needed. There are issues with + some ill-mannered programs (like Linux su) so this is not the + default. + [c0b32b0938f2] + + * common/Makefile.in: + regen + [2b2b220e7aea] + + * src/Makefile.in: + Add SESH_OBJS variable for sesh object files. + [d3e04ae8fd1f] + + * configure.in, doc/LICENSE, plugins/sudoers/redblack.c: + Update copyright year. + [61a0f0cedb13] + + * src/exec_pty.c: + Always resume the command in the foreground if sudo itself is the + foreground process. This helps work around poorly behaved programs + that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At + worst, sudo will go into the background but upon resume the command + will be runnable. Otherwise, we can get into a situation where the + command will immediately suspend itself. + [c368ac3eb2e4] + + * configure, configure.in: + Use -fstack-protector-all in preference to -fstack-protector where + supported. + [f930c95ceb51] + +2013-01-10 Todd C. Miller + + * configure, configure.in: + Only test for -fstack-protector and -fvisibility=hidden on GNU + compatible compilers. + [796f4696d863] + +2013-01-03 Todd C. Miller + + * NEWS: + Add Sudo 1.8.6p4 + [8a928de8e717] + + * common/Makefile.in, compat/Makefile.in, configure, configure.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Break out stack smashing protector options into SSP_CFLAGS and + SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS). + [01be114fc9fb] + +2013-01-01 Todd C. Miller + + * doc/CONTRIBUTORS, plugins/sudoers/redblack.c: + In rbrepair(), make sure we never try to change the color of the + sentinel node, which is the first entry, not the root. From Michael + King + [3fc4dc4004ec] + +2012-12-28 Todd C. Miller + + * src/exec_pty.c: + No need to restore default signal handler for SIGSTOP as it is not + catchable. Attempting to do so is harmless but sigaction() will + fail and set errno to EINVAL which makes it looks like there is an + error. + [be7c0b759e9a] + + * src/exec.c: + Print SIGCONT_FG and SIGCONT_BG properly in debug output. + [93e59e301c8f] + +2012-12-27 Todd C. Miller + + * configure, configure.in: + Disable PIE on FreeBSD/ia64, otherwise sudo will segfault. + [9ed48f696595] + +2012-12-20 Todd C. Miller + + * include/missing.h: + Add howmany() macro since some systems have this in sys/param.h + which we no longer include. + [2c5efaa16c45] + +2012-12-07 Todd C. Miller + + * plugins/sudoers/regress/sudoers/test11.toke.out.ok: + Remove errant file. + [a91699beffc6] + +2012-12-04 Todd C. Miller + + * plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c: + Remove obsolete sudoers_cleanup() stubs. + [89153025a2ae] + + * common/alloc.c, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/lbuf.c, common/secure_path.c, + common/sudo_conf.c, common/sudo_debug.c, common/term.c, + compat/closefrom.c, compat/getcwd.c, compat/glob.c, + compat/snprintf.c, include/missing.h, + plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, + plugins/sample_group/plugin_test.c, + plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/redblack.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + plugins/system_group/system_group.c, src/conversation.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/get_pty.c, + src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c, + src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c: + Don't include . We only needed it for MAXPATHLEN, + MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and + HOST_NAME_MAX throughout without falling back on MAXPATHLEN or + MAXHOSTNAMELEN and define our own MIN/MAX macros as needed. + [f4807d46f504] + + * include/missing.h, plugins/sudoers/match.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c: + Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN + (sys/param.h or netdb.h). + [2544f5e306dd] + +2012-11-30 Todd C. Miller + + * plugins/sudoers/logging.c: + Move debug_decl() in log_failure() to be after the variable + declarations for C89. + [f48d2035ab44] + +2012-11-29 Todd C. Miller + + * common/error.c, include/error.h, plugins/sudoers/iolog.c, + plugins/sudoers/logging.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Cannot wrap sigsetjmp() or we end up returning to the wrong place. + Use a macro instead. + [749ee6acdad8] + +2012-11-28 Todd C. Miller + + * plugins/sudoers/policy.c: + Fix return in sudoers_policy_open that should be debug_return. + [a78b795b6846] + +2012-11-27 Todd C. Miller + + * src/ttyname.c: + Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case + too. + [acfa891c229e] + + * src/solaris.c: + Quiet a gcc warning and add comment about needing to keep the handle + open. + [f954f228960f] + +2012-11-26 Todd C. Miller + + * INSTALL: + mention --disable-shared + [6954d39e2d0f] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Add missing command_info argument in I/O plugin open() prototype. + Bug #579 + [72beb07aba0e] + +2012-11-25 Todd C. Miller + + * plugins/sudoers/gram.c: + Regen for proper line numbers. + [6cf6e132e764] + + * configure, configure.in: + Add locale_stub.o to SUDO_OBJS, not locale_stub.lo. + [d604dc8ca38a] + + * common/sudo_printf.c: + Include missing.h for __printflike. + [a33640600faf] + + * plugins/sudoers/iolog.c: + Saner loop invariant in io_mkdirs (cosmetic only). + [dc30274afe38] + + * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c, + configure, configure.in, include/error.h, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c, + src/sesh.c: + Move warn/error into common and make static builds work. + [4d3f374f4e4c] + + * MANIFEST, common/Makefile.in, common/sudo_debug.c, + common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/conversation.c, src/sesh.c: + Move _sudo_printf from src/conversation.c to common/sudo_printf.c. + Add sudo_printf function pointer that is initialized to + _sudo_printf() instead of requiring a sudo_conv function pointer + everywhere. The plugin will reset sudo_printf to point to the + version passed in via the plugin open function. Now plugin_error.c + can just call sudo_printf in all cases. The sudoers binaries no + longer need their own version of sudo_printf. + [9b09d3f63790] + + * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't + need error_jmp to be extern. Also add plugin_clearjmp() that clears + a flag so error()/errorx() knows when to call exit() vs. longjmp(). + [5a4617148e70] + + * plugins/sudoers/set_perms.c: + Let warning() call gettext() for us. + [ab8d502ba4ac] + + * include/error.h, plugins/sudoers/plugin_error.c, src/error.c: + Do locale swapping in the warning()/error() macros themselves + instead of in the underlying functions. + [4cd205540e17] + + * common/alloc.c, common/list.c, include/error.h, + plugins/sudoers/env.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, + src/hooks.c: + Rename warning2()/error2() -> warning_nodebug()/error_nodebug(). + [48346393634d] + + * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c, + src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c, + src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, + src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c: + Call gettext() on parameters for warning()/warningx() instead of + having warning() do it for us. + [c71088bc9d3e] + + * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: + Call gettext() in sudoerserror() in the user's locale and pass the + untranslated string to it. + [cdbfc231b848] + + * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Allow sudoers programs (visudo, sudoreplay, visudo) to use + plugin_error.c instead of the error.c from the front-end. This + means sudoers_setlocale() needs to be independent of the sudo_user + struct and the defaults table. The sudoers locale is now updated + via a callback. + [e356f5f8cd6a] + + * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c + Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers + warning/error functions work when sudo_conv is NULL + [7365ee24a779] + + * src/error.c: + No need to change locale in front-end warning()/error(). + [23dc1df7f93b] + + * plugins/sudoers/tsgetgrpw.c: + Ignore bad lines in passwd/group file instead if stopping processing + when we hit one. + [79b790559075] + + * plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test5.sh: + Bash doesn't let you set UID to use MYUID instead. + [5be56335f059] + + * plugins/sudoers/visudo.c: + Avoid NULL deref for unknown Defaults in strict mode. + [545c21c1e7d6] + + * common/sudo_conf.c, common/sudo_debug.c: + See DEFAULT_TEXT_DOMAIN + [3d723e1d27db] + +2012-11-13 Todd C. Miller + + * .hgignore: + Add signame.c and mksigname. + [d59bbf423f00] + + * plugins/sudoers/Makefile.in: + Fold preinstall into install-plugin and pass the path to the plugin + binary to the preinstall command. + [2c2205af8bb7] + + * pp: + sync with upstream + [a4b7336b3256] + + * src/sudo.h: + repair spacing + [f5c1255ce514] + +2012-11-12 Todd C. Miller + + * common/sudo_debug.c: + Set group on sudo_debug when creating it to gid 0 so systems without + BSD group semantics don't get the invoking user's group. + [7dda01196554] + + * plugins/sudoers/iolog.c: + Rename mkdir_parents() io_mkdirs() and add a flag to specify whether + path is a temporary, in which case the final component is created + via mkdtemp() instead of mkdir(). + [79c0c4e7ed58] + + * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h: + For PERM_ROOT set egid to 0 so log files are not created with the + gid of the user. + [5b964ea43474] + + * plugins/sudoers/logging.c: + Add calls to set_perms(PERM_ROOT) becore logging to a file. We + should already be root but since we cache the current permission + status it is basically free. That way, if more of sudoers runs as + non-root in the future logging will still work correctly. + [c591d4973f41] + + * common/sudo_conf.c, config.h.in, configure, configure.in, + include/gettext.h, plugins/sudoers/locale.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/error.c, src/exec.c, src/sesh.c, src/sudo.c: + #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it. + [41f6bb4926f4] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Mention that sudo.conf is parsed in the C locale. + [f711c416e30c] + + * common/sudo_conf.c: + Parse sudo.conf in the "C" locale. + [776658f651ea] + + * plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.h: + Fix compilation on systems w/o setlocale() + [6940d1c1c1ce] + + * doc/TROUBLESHOOTING: + Sudo now includes a workaround for the Solaris 11 locale issue. + [ab93787a552c] + +2012-11-11 Todd C. Miller + + * include/gettext.h, plugins/sudoers/iolog_path.c, + plugins/sudoers/locale.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h: + Always include locale.h from gettext.h so we no longer need to + include locale.h from the .c files. + [93d39182ccfa] + + * MANIFEST, config.h.in, configure, configure.in, mkdep.pl, + plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c, + src/solaris.c, src/sudo.c, src/sudo.h: + Add os-specific initialization functions for solaris (workaround + setuid locale problem in Solaris 11) and openbsd (set malloc_options + if SUDO_DEVEL). Also move set_project() to solaris.c. + [1d6581afbaf4] + +2012-11-09 Todd C. Miller + + * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: + Avoid strerror() when possible and just rely on warning/error to + handle errno in the proper locale. + [bf612caae97c] + + * plugins/sudoers/logging.c: + Set sudoers locale in log_allowed() + [2dd0ac704cae] + + * plugins/sudoers/check.c: + Make the sudo lecture translatable. + [3cdfc183d72d] + + * Makefile.in: + Add the values of badpass_message, passprompt and mailsub to + sudoers.pot so they can be translated. + [51cbe8adcb94] + + * plugins/sudoers/logging.c: + Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked + up by xgettext. + [c5b74115caf0] + +2012-11-08 Todd C. Miller + + * plugins/sudoers/check.c, plugins/sudoers/prompt.c, + plugins/sudoers/sudoers.h: + Make expand_prompt() args const and free the prompt when we are done + with it. + [995ef8519fe6] + + * plugins/sudoers/policy.c: + Fix cut and pasto + [e002921c1d15] + + * plugins/sudoers/defaults.c, plugins/sudoers/logging.c: + Expand def_mailsub in the sudoers locale, not the user's. + [a4775f2fb385] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/iolog.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/timestamp.c: + Call gettext inside log_error et al instead of having the caller do + it. This way we can display any messages to the user in their own + locale but log in the sudoers local. + [286e0444f785] + + * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c, src/error.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/load_plugins.c, + src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, + src/sudo.c, src/sudo_edit.c, src/tgetpass.c: + Display warning/error messages in the user's locale. + [00a04165c0cf] + + * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: + audit_failure() now calls gettext itself using the sudoers locale. + [d77f1d78799a] + + * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c: + Convert setlocale() to sudoers_setlocale() in the sudoers module. + This only converts existing uses, there are more places where we + need to sprinkle sudoers_setlocale() calls. + [8ee0cbf0d0a9] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add simple locale switching to make it easy to switch from the + user's locale to the sudoers locale without making excessive + setlocale() calls when we don't need to. + [5c61582fdeee] + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + plugins/sudoers/plugin_error.c, src/error.c: + Add variants of warn/error and sudo_debug_printf that take a va_list + instead of a variable number of args. + [00392bdc063c] + + * INSTALL, doc/TROUBLESHOOTING: + Document Solaris 11 locale issues and workarounds. + [05f7d34af3ae] + + * Makefile.in, configure, configure.in: + Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8 + locales. Make links from localdir/lang -> localdir/lang.UTF-8 + [5ca9326480e2] + +2012-11-06 Todd C. Miller + + * plugins/sudoers/audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: + Do not inform the user that the command was not permitted by the + policy if they do not successfully authenticate. This is a + regression introduced in sudo 1.8.6. + [c1279df08bfb] + + * plugins/sudoers/Makefile.in: + Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup + the rpath in HP-UX SOM shared libraries for the LDAP libs. + [b07185657b42] + + * src/parse_args.c: + The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A. + [22c73cbe3ff9] + +2012-10-28 Todd C. Miller + + * INSTALL, configure, configure.in: + Allow the user to specify and alternate libtool + [c9d6fc9521fd] + +2012-10-26 Todd C. Miller + + * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c: + Allow sudo to be build with sss support without also including ldap + support. From Stephane Graber. + [b992a80ebea1] + +2012-10-25 Todd C. Miller + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Refactor policy plugin interface code from sudoers.c into policy.c + [393e62910b8a] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Refactor command_info setting into its own function. + [a952b948324c] + + * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, + plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Make interfaces pointer private to interfaces.c and add + get_interfaces() accessor. + [b69b9334ed3c] + +2012-10-24 Todd C. Miller + + * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.h: + Make user_cwd const since it is either a string literal or passed in + from the front-end. + [90751b81e8bc] + + * configure, configure.in: + sudo 1.8.7 + [bf727adb8af0] + + * plugins/sudoers/sudoers.c: + Avoid nested strtok() calls. + [9d9f22ab52a9] + +2012-10-23 Todd C. Miller + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, + plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h: + Move expand_prompt() into its own source file for easier unit + testing. + [b419b48a436f] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, + plugins/sudoers/check.h, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: + Make check.c independent of the underlying timestamp implementation. + [895071bd6065] + + * plugins/sudoers/iolog_path.c: + Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled. + [8ac38f02dd6d] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use a list for the possible values of Tag_Spec with a minimal indent + to improve readability. In the pod version, these were =head3. Also + use .St -p1003.1 instead of just POSIX when talking about glob() and + fnmatch(). + [361a6f7a5c44] + +2012-10-02 Todd C. Miller + + * src/ttyname.c: + sudo_ttyname_dev() is unused if there is no /proc or sysctl(). + [6598dbf81e16] + + * compat/mksiglist.c, compat/mksigname.c, + compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c, + plugins/sample_group/plugin_test.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: + Explicitly mark main() as public in executables to avoid an HP-UX ld + warning. + [72a40ce218be] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Remove grep from SEE ALSO section. + [c7cafee1621f] + + * common/alloc.c: + If vasprintf() fails, just use the errno it sets instead of assuming + ENOMEM. + [1be5bfdc0cab] + +2012-09-28 Todd C. Miller + + * doc/TROUBLESHOOTING: + Mention HP-UX pam.conf settings. + [8b8e745b49fd] + +2012-09-27 Todd C. Miller + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c, + plugins/sudoers/timestamp.h: + Split off timestamp functions into their own source file. + [d5833332511d] + +2012-09-26 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention how !foo is not the same as ALL,!foo + [51f8e470757d] + +2012-09-25 Todd C. Miller + + * src/exec_pty.c: + Start commands in the background when I/O logging is enabled. We + can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2) + which returns EINTR on signal instead of restarting automatically. + [83b1d59146f7] + + * src/exec_pty.c: + Handle SIGCONT_FG and SIGCONT_BG when converting signal number to + string in deliver_signal(). + [2cefea7a976e] + +2012-09-24 Todd C. Miller + + * src/exec_pty.c: + Fix running commands that need the terminal in the background when + I/O logging is enabled. E.g. "sudo vi &". When the command is + foregrounded, it will now resume properly. + [0bc13a253429] + + * plugins/sudoers/match.c: + Add rudimentary support for name-based matching as a compile-time + option. This unsafe when used in conjunction with the '!' operator. + [f93bc8e6db15] + +2012-09-21 Todd C. Miller + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c: + Split out implementation-specific back end code out of pwutil.c into + pwutil_impl.c. This will allow the main pwutil code to be used for + lookup methods other than getpw* and getgr*. + [999c2dde60e4] + +2012-09-18 Todd C. Miller + + * NEWS, configure, configure.in: + sudo 1.8.6p3 + [97fef3d9ed65] + +2012-09-17 Todd C. Miller + + * doc/fixman.sh: + Don't use embedded newline when matching, use \n. This got expanded + at some point. Bug #573 + [6652f834b8f5] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Rename yyerror() to sudoerserror() to match yacc prefix changes. Not + really needed due to the #defines that yacc makes but it is less + confusing this way as the lexer calls sudoerserror(). + [a0577be6527d] + + * common/alloc.c, plugins/sample_group/plugin_test.c, + plugins/sudoers/env.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + src/exec_common.c, src/parse_args.c, src/sudo.c: + No need to translate "unable to allocate memory" when we can just + use the system translation via strerror(). + [377499e5827c] + + * plugins/sudoers/sudoreplay.c: + Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not + all file systems support d_type. Bug #572 + [8b861c62945f] + + * plugins/sudoers/sudoreplay.c: + Avoid calling fclose(NULL) in the error path when we cannot open an + I/O log file. + [9401d5c4bb05] + +2012-09-16 Todd C. Miller + + * NEWS, configure, configure.in: + Sudo 1.8.6p2 + [6e32496280f2] + + * src/exec.c: + When setting the signal handler for SIGTSTP to the default value in + non-I/O log mode, store the old handler value for when we restore it + after resume. + [242628694e42] + + * plugins/sudoers/env.c: + Replace the guts of sudo_setenv_nodebug() with our old setenv.c + which supports non-standard BSD and glibc semantics. sudo_setenv() + now simply calls sudo_setenv2(). + [57ffb6c9efaa] + +2012-09-15 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document non-Unix group support in LDAP sudoers. + [33c89f3aeee6] + + * plugins/sudoers/ldap.c: + Enable non-Unix group support for LDAP sudoers. We now check for + non-Unix groups and netgroups with the same query in the second + pass. Bug #571 + [eb98fdff54d9] + +2012-09-14 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/parse.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c: + Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers. + [cb6c0d93215e] + +2012-09-12 Todd C. Miller + + * NEWS: + Mention support for SUCCESS=return in /etc/nsswitch.conf + [ef1f35aa0863] + + * NEWS, configure, configure.in: + sudo 1.8.6p1 + [73a5e1f004b3] + +2012-09-11 Todd C. Miller + + * plugins/sudoers/env.c: + Avoid setting LOGNAME, USER and USERNAME variables twice when + set_logname is enabled. + [0de4f5fbd1d4] + + * plugins/sudoers/env.c: + Fix duplicate detection in sudo_putenv(), do not prune out the + variable we just set when overwriting an existing instance. Fixes + bug #570 + [854ee714c831] + + * plugins/sudoers/env.c: + Add some debuggging + [a25cd3305823] + +2012-09-04 Todd C. Miller + + * plugins/sudoers/sudo_nss.c: + Disable word wrap in list mode when stdout is a pipe to make "sudo + -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek. + [65ade04511fd] + + * common/lbuf.c: + Print a trailing newline in lbuf_print() when there is not enough + space to do word wrapping and the lbuf does not end with a newline. + [c0200e19cd09] + + * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: + Add support for [SUCCESS=return] in nsswitch.conf; from Daniel + Kopecek + [5c480316e3ce] + + * MANIFEST: + Add sssd.c + [9cadd014ef97] + +2012-09-01 Todd C. Miller + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo, + plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo, + src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo: + regen .po files + [62423d4d143d] + + * MANIFEST, plugins/sudoers/po/vi.mo: + Add Vietnamese sudoers translation from translationproject.org + [33666a605525] + + * NEWS: + mention PIE + [05032e5304c6] + + * MANIFEST, plugins/sudoers/po/vi.po: + Add Vietnamese sudoers translation from translationproject.org + [015c2204bae2] + +2012-08-29 Todd C. Miller + + * Makefile.in, compat/Makefile.in, mkdep.pl: + Add missing signame dependency + [e493bfb01929] + + * src/exec.c, src/ttyname.c: + Silence compiler warnings. + [1c5374b66d9b] + + * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c, + config.h.in, configure, configure.in, include/missing.h, mkdep.pl, + src/exec.c, src/exec_pty.c: + Replace strsigname() with sig2str(), emulating it as needed. + [1e348cca1fa6] + + * config.h.in, configure, configure.in, src/utmp.c: + Use fseeko() for legacy utmp handling if available. + [b4bbd8d2c0e9] + +2012-08-28 Todd C. Miller + + * compat/strsigname.c, config.h.in, configure, configure.in: + Detect sys_sigabbrev[] and use it in place of sys_signame[] if + present. For some reason glibc does not declare sys_sigabbrev so we + must add an extern definition of our own. + [b38f3fbd7078] + + * compat/strsignal.c, compat/strsigname.c: + Handle NULL entries in sys_siglist and sys_signame. + [a388959d9654] + + * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c, + compat/mksigname.h, compat/strsignal.c, compat/strsigname.c: + Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name} + [711e41aba59a] + +2012-08-27 Todd C. Miller + + * NEWS: + sync + [5a2522488754] + + * src/exec.c: + Pass on SIGTSTP to the command if it was sent by a user process (not + the kernel or the terminal) when we are not I/O logging and set the + default SIGTSTP handler when we re-send the signal to ourself, + restoring our handler after we resume. + [4259c47e31c0] + + * src/exec.c: + Shells typically change their process group when they start up so + that they can implement job control. Most well-behaved shells + change the pgrp back to its original value before suspending so we + must not try to restore in that case, lest we race with the child + upon resume, potentially stopping sudo with SIGTTOU while the + command continues to run. Some shells, such as pdksh, just suspend + the shell by sending SIGSTOP to themselves without restoring the + pgrp. In this case we need to change the pgrp back for them. Should + fix bug #568 + [6ac6751ffd17] + +2012-08-26 Todd C. Miller + + * MANIFEST, compat/Makefile.in, compat/mksigname.c, + compat/mksigname.h, compat/strsignal.c, compat/strsigname.c, + config.h.in, configure, configure.in, include/missing.h, mkdep.pl, + src/exec.c, src/exec_pty.c: + Use strsigname() to print signal names in the debug output. If the + system has no strsigname(), use our own. + [0735f18906b9] + +2012-08-23 Todd C. Miller + + * plugins/sudoers/regress/testsudoers/test5.inc, + plugins/sudoers/regress/testsudoers/test5.sh: + Remove generated file and change path for temporary include file. + [4e9fa830c6b5] + + * plugins/sudoers/Makefile.in: + When running regress tests, list pass/fail rate for each dir + (testsudoers and visudo) instead of the total. Also prevent the + result files from clobbering each other by keeping them in the + relevant directories. + [6aac53baff7d] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Don't print an error message in yyerror() if open_sudoers() fails, + we've already printed an error message. Also restore the check for + sudoers_warnings in yyerror(). + [aa6036df5fb2] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Avoid printing the >>> parse error <<< message for testsudoers when + the -t flag is specified. + [76f3433c8992] + +2012-08-22 Todd C. Miller + + * plugins/sudoers/parse.c: + Fix NULL deref when an entry has no Runas_Entry + [4b14983ff6e7] + + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [440e9c9b37de] + + * NEWS: + sync + [3142ba2dce60] + + * plugins/sudoers/check.c: + Correct the check_user() comment header. + [73da30308fff] + + * plugins/sudoers/auth/sudo_auth.c: + Change a log_fatal() into log_error() when no auth methods are + configured. The caller already checks the return value. + [05f5c39793a7] + + * plugins/sudoers/logging.c: + Add missing debug_return + [3a76bb7c2fe7] + +2012-08-21 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Make the capitalization consistent for .Ss and .Sx + [5c5735ee4b2f] + + * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat, + doc/sudo.man.in, doc/sudo.mdoc.in: + Add COMMAND EXECUTION section that describes how sudo runs the + command, the extra sudo processes and signal handling. + [dff2d88e984e] + +2012-08-18 Todd C. Miller + + * Makefile.in: + Happy Easter + [4b9d697c6b83] + +2012-08-17 Todd C. Miller + + * compat/Makefile.in: + Don't echo the awk command when building siglist.in + [21daa72921e6] + + * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Cosmetic changes. + [19259528e9ad] + + * doc/Makefile.in: + The HISTORY, LICENSE and CONTRIBUTORS files are not longer + generated. + [ea6ac9e981e6] + + * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po, + plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo, + plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po, + plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po, + src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po, + src/po/uk.po, src/po/vi.po: + Sync with translationproject.org and add Italian sudoers + translation. + [9276740aea59] + +2012-08-16 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Expand description of fqdn to talk about systems where the hosts + file is searched before DNS. + [4ee812ca6116] + +2012-08-15 Todd C. Miller + + * doc/Makefile.in: + For cat pages there is nothing to make unless DEVEL is set. + [fab4a5b68708] + + * configure, configure.in, doc/Makefile.in: + Always use mandoc to format cat pages and remove now-extraneous + nroff configure tests. + [5747f4ed5762] + + * pp: + sync polypkg from git + [89ddf6ea3e3f] + + * plugins/sudoers/sudoers.c: + Use AI_FQDN instead of AI_CANONNAME if available since "canonical" + is not always the same as "fully qualified". + [7c1d9c098386] + +2012-08-14 Todd C. Miller + + * doc/sudoers.mdoc.in: + Fix some typos. Describe error messages not related to policy + permissions. + [f5ebf9030d85] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/visudo.c: + Add new check_defaults() function to check (but not update) the + Defaults entries. Visudo can now use this instead of + update_defaults to check all the defaults regardless instead of just + the global Defaults entries. + [3fa879ce1b65] + +2012-08-13 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document sudoers log format. + [08998a7061ab] + + * NEWS: + Update for sudo 1.8.5p3 + [6e102a5d4e8d] + + * src/load_plugins.c: + Add missing check for I/O plugin API version when checking for the + presence of I/O plugin hooks. + [ef05c7eeaf81] + + * src/hooks.c: + Can't call debug code in the process_hooks_xxx functions() since + ctime() may look up the timezone via the TZ environment variable. + [2179fb26bd8e] + +2012-08-10 Todd C. Miller + + * src/exec_common.c, src/sesh.c, src/utmp.c: + Include signal.h before sudo_exec.h since it uses sigset_t * in the + fork_pty prototype. + [94fc0d859600] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Remove OPTIONS section; options now go inside DESCRIPTION + [a619fc58a746] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [44719d80bc06] + + * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po, + src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po: + Sync with translationproject.org and add new Slovenian translation. + [34b4b966bbac] + + * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c: + Reduce the number of "internal error, foo overflow" messages that + need to be translated. + [93ffa2b3d53f] + + * NEWS: + Mention HP-UX reboot fix. + [1e39b5aa32ac] + + * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in, + doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in, + plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: + Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers + data source. From Daniel Kopecek and Pavel Brezina. + [3f85e95d6928] + +2012-08-09 Todd C. Miller + + * common/sudo_conf.c, src/load_plugins.c: + If sudo.conf contains an I/O plugin but no policy plugin, use + sudoers for the policy plugin. If a policy plugin is specified + without an I/O plugin, only the policy plugin will be loaded. + [ea192df2439d] + + * doc/Makefile.in, doc/sudoers.man.in: + Do not modify the .Os section when building the .man.in file from + .mdoc.in. + [a9f9628e147f] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add a note about wildcards matching multiple words and include an + example. Also mention that for sudoedit, a wildcard in command line + args does not match a slash. + [fcb9fbac14e0] + +2012-08-07 Todd C. Miller + + * src/exec_pty.c, src/sudo_exec.h: + Fix a comment, update a variable name in a prototype; all cosmetic. + [e89f10cbd6e1] + + * plugins/sudoers/iolog.c: + Cast 2nd argument of lseek() to off_t if it is a constant for + systems with 64-bit off_t but without a proper lseek() prototype. + [d8779da135d0] + + * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/visudo.c: + Fix some warnings from clang checker-267 + [1e44ef7860b5] + + * plugins/sample/sample_plugin.c: + Fix memory leak found by clang checker-267 + [f8a43617fdfb] + +2012-08-06 Todd C. Miller + + * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h: + If we receive a signal from the command we executed, do not forward + it back to the command. This fixes a problem with BSD-derived + versions of the reboot command which send SIGTERM to all other + processes, including the sudo process. Sudo would then deliver + SIGTERM to reboot which would die before calling the reboot() system + call, effectively leaving the system in single user mode. + [4ffab9ab9e98] + +2012-08-03 Todd C. Miller + + * doc/fixman.sh, doc/fixmdoc.sh: + Remove section about Solaris 10 on other systems. Add missing + sudoers.man.in bit to fixman.sh. + [176559199ba7] + +2012-08-02 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Expand section on Solaris privileges. + [3a1bfa2f1743] + + * NEWS: + Expand a bit on the Solaris priv set changes. + [bffb78b4a520] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + The second argument to init_parser() is now bool. + [fb727a4fb651] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Fix printing of parse error message to stderr. + [dea6b420b84f] + + * plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: + If a command matches using an empty Runas_List (i.e. Runas_List is + present but empty) and the -u option was not specified, set runas_pw + to user_pw instead of using runas_default. This is intended to be + used in conjunction with the Solaris Privilege Set support for rules + that grant privileges without changing the user. + [e84a081f3c11] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h: + Add support for parsing an empty Runas_List, which only allows the + command to be run as the invoking user. This can be used in + conjunction with the Solaris Privilege Set support to grant + privileges without changing the user. + [dc34373792fc] + +2012-08-01 Todd C. Miller + + * doc/fixman.sh: + Fix HP-UX, just use ".TH name section" like the vendor manuals. + [559738237c92] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix compilation on Solaris + [2d310302207c] + + * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, + doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh, + doc/sudoers.mdoc.sh: + Generate a sed script file when munging *.mdoc or *.man instead of + passing sed expressions on the command line. Older seds do not + support \n in a replacement so generate and run a sed script + instead. + [0bcce3f1ca18] + + * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in, + doc/visudo.man.in: + Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION" + [fe0f10b63776] + +2012-07-31 Todd C. Miller + + * src/exec.c: + When checking whether a signal is user-generated, compare si_code + against SI_USER instead of <= 0 since on HP-UX, terminal-related + signals get a code of 0. + [4e9021243343] + + * src/sudo.c: + SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX + interchangably. This causes problems when setting RLIMIT_NPROC to + RLIM_INFINITY due to a bug in bash where bash tries to honor the + value of _SC_CHILD_MAX but treats a value of -1 as an error, and + uses a default value of 32 instead. + + Previously, we just checked RLIMIT_NPROC and, if it was unlimited, + restored the previous value of RLIMIT_NPROC. However, that makes it + impossible to set nproc to unlimited. We now only restore the nproc + resource limit if sysconf(_SC_CHILD_MAX) is negative. In most + cases, pam_limits will set RLIMIT_NPROC for us. + [cb71cc8d0b08] + +2012-07-30 Todd C. Miller + + * plugins/sudoers/ldap.c: + Active Directory apparently requires that tenths of a second be + present in a date so append .0 to the "now" value in the time + filter. Also remove space for the global AND from TIMEFILTER_LENGTH + since it was not being used consistently. Buffers of + TIMEFILTER_LENGTH now need to account for the terminating NUL byte. + [d28619ff6e45] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix SELinux build + [cc0d1f4e851b] + +2012-07-29 Todd C. Miller + + * MANIFEST: + Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they + were not being kept in sync. + [fc3ad1847cb1] + + * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod, + doc/license.pod: + Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they + were not being kept in sync. + [950363dffe3a] + +2012-07-27 Todd C. Miller + + * plugins/sudoers/logging.c: + Fix printing of the permission denied message to standard error when + a user is not allowed to run a command. This got broken by the + recent logging changes. + [b7af63da3ca1] + + * plugins/sudoers/sudoers_version.h: + Bump grammar version for Solaris privs. + [2a2baf024477] + + * doc/schema.ActiveDirectory: + Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder + were added. From David Hicks. + [3fc432a8edb4] + +2012-07-26 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Remove lex.yy.c when building toke.c + [72bb9e62b289] + + * doc/Makefile.in: + Fix building docs in a build dir. + [7a6f435af022] + + * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod, + doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod, + doc/sudoreplay.pod, doc/visudo.pod: + Remove pod versions of the manual; we now use mdoc. + [5c967d2dd5db] + + * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh, + doc/sudoers.man.sh, doc/sudoers.mdoc.sh: + Add post-processing scripts to strip out login class, BSD auth, + SELinux and privilege set bits when they are not supported. + [d0d51f72f597] + + * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in, + doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, src/sudo.c, src/sudo.h: + Merge in Solaris privilege support by Darren Moffat and John + Zolnowsky + [3aa0a64f2f5c] + +2012-07-25 Todd C. Miller + + * doc/contributors.pod: + Sync with CONTRIBUTORS file + [9a0852306ad9] + + * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoreplay.man.in: + Regen .man.in files with my private mandoc. + [dc3c9fc449eb] + + * doc/Makefile.in: + add MANDOC variable + [35527e66afc5] + +2012-07-20 Todd C. Miller + + * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in: + Regen .man.in files with hacked mandoc to avoid issues with historic + nroff. + [d45cfa7d665f] + +2012-07-19 Todd C. Miller + + * doc/sudo.mdoc.in, doc/sudoers.mdoc.in: + Fix groff warnings. + [111d522ca807] + + * doc/Makefile.in: + Fix dependencies for .man.in files. + [aefeffe1af2b] + + * .hgignore: + Add doc/*.mdoc to ignore file + [1e4de6ef2ad8] + + * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in, + doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Build .man.in and .cat files from .mdoc.in files. Add new --with-man + and --with-mdoc configure options. + [c963fd7e8f80] + +2012-07-18 Todd C. Miller + + * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: + Sudo manuals formatted in mdoc, to replace the pod versions. + [e6dca4030451] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod: + More minor costmetic fixes. + [a7287a68385a] + +2012-07-12 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: + Minor cosmetic fixes. + [9c48bdaf3946] + +2012-07-11 Todd C. Miller + + * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot: + Use "a password is required" instead of "password required" when the + -n flag is used and we need to read a password. + [a3c30fc41648] + +2012-07-10 Todd C. Miller + + * NEWS: + Mention logging changes. + [8238fd6e02e8] + + * plugins/sudoers/po/sudoers.pot: + regen + [e2cf634ba63b] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document that other mail_* flags have precedence over mail_badpass. + [9f4cc9188f40] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Move log_denial() calls and logic to log_failure(). Move + authentication failure logging to log_auth_failure(). Both of these + call audit_failure() for us. + + This subtly changes logging for commands that are denied by sudoers + but where the user failed to enter the correct password. + Previously, these would be logged as "N incorrect password attempts" + but now are logged as "command not allowed". Fixes bug #563 + [cad35f0b3ad7] + +2012-07-06 Todd C. Miller + + * common/aix.c: + Do not set a resource limit to zero when we are unable to fetch a + value from /etc/security/limits. + [62bfb0a7895e] + +2012-07-05 Todd C. Miller + + * sudo.pp: + Add "Provides: sudo" to debian sudo-ldap package + [beb8afa0beb2] + +2012-07-02 Todd C. Miller + + * configure, configure.in, zlib/Makefile.in: + Define NO_VIZ for zlib when gcc doesn't support symbol visibility + attributes. + [9fdcbf526386] + + * configure, configure.in: + Use the autoconf cache when checking for symbol export control + support. + [03c2cce8711f] + + * INSTALL, common/Makefile.in, compat/Makefile.in, configure, + configure.in, mkpkg, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Add configure check for building PIE executables instead of doing it + in mkpkg. + [02b5b78ef258] + + * sudo.pp: + MacOS pp backend doesn't like modes longer than 4 characters. + [01b49022bf01] + +2012-07-01 Todd C. Miller + + * configure, configure.in: + Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding + -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool + will strip -fstack-protector from the linker flags and we always + link with libtool. + [0a0a0250ac2b] + +2012-06-29 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + Regen for sudo 1.8.6 + [1657ee28b496] + + * NEWS, doc/sudoers.ldap.pod: + Document improved Tivoli Directory Server support. + [fb411edf4687] + + * config.h.in, configure, configure.in, plugins/sudoers/ldap.c: + Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf + option to specify Tivoli key db password. Allow TLS ciphers to be + configured for Tivoli. + [737e17c91e60] + +2012-06-28 Todd C. Miller + + * plugins/sudoers/ldap.c: + Tivoli Directory Server 6.3 libs always return a (bogus) error when + setting LDAP_OPT_CONNECT_TIMEOUT. + [504406637c38] + + * NEWS: + Update + [687a755604e8] + + * plugins/sudoers/ldap.c: + Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the + same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a + set an ldap option fatal. + [17cf93ae3304] + +2012-06-27 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Zero pointers in sudo_user struct after freeing, just in case. + [8eff1f80b943] + + * plugins/sudoers/sudoers.c: + Free user_gids in close function if it has not already been freed. + [cbce28877f37] + + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Defer group ID to name resolution until we actually need it. + [463e75b81e89] + + * src/sudo.c: + It is safe to read in sudo.conf before calling user_info(). + [3290b6434e3c] + + * plugins/sudoers/env.c, plugins/sudoers/ldap.c: + Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to + prevent potential truncation. Bug #562. + [29d9fc4e0c4e] + +2012-06-25 Todd C. Miller + + * sudo.pp: + If installing with installp, error out if there is already an + instance of the rpm package installed. + [ec24c6faba22] + + * mkpkg: + Add --disable-nls for AIX + [192ac2f7d65e] + +2012-06-22 Todd C. Miller + + * sudo.pp: + Debian sudo-ldap packages should now depend on libldap-2.4-2, not + libldap2. + [cbcec71e6b58] + +2012-06-21 Todd C. Miller + + * sudo.pp: + Add Homepage and Bugs to debian control file. + [0f19d7d14e66] + +2012-06-20 Todd C. Miller + + * mkpkg: + fix typo when setting aix_freeware + [2fd6feb50195] + + * common/Makefile.in, compat/Makefile.in, configure, configure.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in: + Don't run regress tests or sudoers sanity check (using the newly- + built visudo) when cross compiling. Bug #560 + [0c4e3f68b2f5] + + * MANIFEST, configure, configure.in, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map, + plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in, + plugins/sample_group/sample_group.exp, + plugins/sample_group/sample_group.map, + plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map, + plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in, + plugins/system_group/system_group.exp, + plugins/system_group/system_group.map, + plugins/system_group/system_group.sym: + Rename foo.sym -> foo.exp Remove foo.map from the repo and generate + it on demand Use a loader option file for HP-UX ld to explicitly + export symbols + [2402ff5302ab] + + * src/Makefile.in: + Remove extraneous backslash + [8ca054de138c] + + * plugins/sudoers/regress/check_symbols/check_symbols.c: + Don't check for errorx as an exported symbols as it is now a macro. + Check for user_in_group() instead. + [7b02c8ecd3ea] + +2012-06-19 Todd C. Miller + + * configure, configure.in: + Adjust ld map file support to use an anonymous scope to match the + updated .map files. + [49be44282d9e] + +2012-06-18 Todd C. Miller + + * config.h.in, configure, configure.in, include/gettext.h: + Older versions of Solaris lack ngettext() + [028af10dfa5f] + + * configure, configure.in: + Move the check for -static-libgcc until after AC_LANG_WERROR has + been called and use AX_CHECK_COMPILE_FLAG(). + [a7b09120e7ff] + + * include/gettext.h: + Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H + [3aa2780d4a4e] + + * include/error.h, include/sudo_debug.h: + Fix gcc 2.x variant macro support. + [8e71c2370997] + + * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c: + Fix compilation on gcc 2.95 and other compilers that only allow + variable declarations at the beginning of a block. + [9d80c802bb46] + + * configure, configure.in, plugins/sudoers/Makefile.in: + Link check_symbols with SUDO_LIBS to make sure we link with the + requisite libraries to successfully dlopen sudoers.so. This is + needed on HP-UX where a program dlopen()ing a shared object that + uses pthreads must also be linked with pthreads (and HP-UX LDAP uses + pthreads). + [b8961cd82337] + + * plugins/sudoers/regress/check_symbols/check_symbols.c: + Add check for exported local symbols. This will cause a "make + check" failure on systems where we don't support symbol hiding. + [8aa549389bb1] + + * configure, configure.in: + Additional ${foo} -> $(foo) Makefile tweaks. + [046bbde18f52] + + * plugins/sample/sample_plugin.map, + plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map, + plugins/system_group/system_group.map: + No need to provide a name for the scope in the map file since we + don't use the it for versioning. + [5ed4b997560d] + +2012-06-17 Todd C. Miller + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/check_symbols/check_symbols.c: + Add regress test for symbol visibility. + [9adddd4e0518] + +2012-06-15 Todd C. Miller + + * NEWS, configure, configure.in: + sudo 1.8.6 + [57008a7afb77] + + * configure, configure.in, include/missing.h: + Add support for controlling symbol visibility using the HP and + Solaris C compilers. + [46d5b468979e] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.h: + Use the expanded io log dir when updating the sequence number. + Includes a workaround for older versions of sudo where the sequence + number was stored in the unexpanded io log dir. + [210797dab9a8] + +2012-06-14 Todd C. Miller + + * src/parse_args.c: + Simplify "sudo -s" argv rewriting. + [7be143dae7c5] + + * MANIFEST, configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in, + src/sudo_noexec.map: + Don't use a map file for sudo_noexec.so since Solaris ld doesn't + allow '*' in the global section. The libtool export flag is now + added to LT_LDFLAGS instead of commenting/uncommenting lines. + [38fc37a66b04] + +2012-06-13 Todd C. Miller + + * config.h.in, configure, configure.in, include/missing.h: + The visibility attribute was actually added in gcc 3.3.x, not 4.0. + Just assume that if -fvisibility=hidden works that the attribute is + usable. + [d3904d6faf14] + + * plugins/sudoers/check.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/pwutil.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map, + plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c, + plugins/system_group/system_group.c: + Export group cache from sudoers.so for system_group.so to use. + [16695d207fc5] + + * MANIFEST, configure, configure.in, include/missing.h, + plugins/sample/Makefile.in, plugins/sample/sample_plugin.map, + plugins/sample_group/Makefile.in, + plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in, + plugins/system_group/system_group.map, src/sudo_noexec.c, + src/sudo_noexec.map: + Use gcc's visibility attribute to specify when symbols are visible + or hidden, if available. If not available, use an ELF version + script if it is supported. If all else fails, fall back to using + libtool's -export-symbols. + [64e889921727] + +2012-06-12 Todd C. Miller + + * sudo.pp: + Add mode for installed locale files but leave the directories with + default mode and owner. + [142237dbb31f] + +2012-06-11 Todd C. Miller + + * mkpkg, sudo.pp: + Install AIX packages under /opt/freeware with links in /usr/bin and + /usr/sbin. This matches the layout of the sudo package from AIX + freeware. + [0b79d47bbe01] + + * Makefile.in, configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp: + Install shared objects with mode 0644 except on HP-UX which needs + the executable bit set. + [ae416af0ba6c] + + * Makefile.in, doc/Makefile.in, include/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Make installed file modes consistent with the file modes in the sudo + package. + [307386373289] + +2012-06-08 Todd C. Miller + + * doc/sudoers.pod: + Add "%:" prefix when talking about QAS non-Unix group support. + [7cb25f6861f8] + + * pp, sudo.pp: + Fix packaging of symbolic links on HP-UX when the link source + already exists in the filesystem. + [c9bb48031596] + + * mkpkg: + Only specify prefix if we are overriding the default value. Fixes + the man dir (/usr/local/man vs. /usr/local/share/man). + [65351b6c1697] + + * sudo.pp: + Fix setting of sudoedit_man variable. + [9beed9ae5bba] + + * doc/Makefile.in: + Echo the command when linking the sudoedit manual. + [6c83b5657b55] + +2012-06-07 Todd C. Miller + + * mkpkg, sudo.pp: + Build .deb packages with selinux support. + [3fd9cb1b4526] + +2012-06-04 Todd C. Miller + + * sudo.pp: + Don't list paths for unstripped binaries in the lintial overrides. + [4c8e16f1773b] + + * pp: + Add support for Installed-Size header in control file, required by + newer debian versions. + [e97d76234bee] + + * pp: + Fix extended description in .deb files. + [d35e27ace146] + + * sudo.pp: + Add Depends, Replaces and Conflicts headers for .deb packages. + [76eb6c4b3278] + +2012-06-01 Todd C. Miller + + * plugins/sudoers/sudo_nss.c: + If there are no privs to print, write the message to the lbuf + instead of printing it directly. + [ecd56226abb7] + +2012-05-31 Todd C. Miller + + * sudo.pp: + Set -e in %pos and %preun for debian to quiet a lintian warning. + [8bb908514df9] + + * doc/Makefile.in, src/Makefile.in, sudo.pp: + Install sudoedit and the sudoedit manual as symbolic links, not hard + links and package them as such. + [f317ff3cf3e7] + + * sudo.pp: + Make sudo binary permissions 755 instead of 111 Add lintian + overrides file for .deb files. + [991cd7d7f0e1] + + * configure, configure.in, doc/Makefile.in, mkpkg: + Replace out of date MAN_POSTINSTALL with MANCOMPRESS and + MANCOMPRESSEXT which can be used to compress the installed manual + pages. Compress the man pages for .deb files to appease lintian. + [4e34083b41d2] + + * sudo.pp: + Debian fixes: + * fix modes to be more in line with what Debian expects + * add section + * install LICENSE as copyright and ChangeLog as changelog + * create stub changelog.debian + [7f6c5647f588] + + * pp: + Fix find command to properly skip files in the DEBIAN dir when + building md5sums. + [8918bde941fa] + + * pp, sudo.pp: + Use a debian-compliant package maintainer field. + [fc51a94170eb] + +2012-05-30 Todd C. Miller + + * plugins/sudoers/sudoreplay.c: + No need to loop over atomic_writev(), it guarantees to write all + data or return an error. + + Fix handling of stdout/stderr that contains "\r\n" and handle a + "\r\n" pair that spans a buffer. + [8aaf02d90c45] + +2012-05-29 Todd C. Miller + + * NEWS: + Update for sudo 1.8.5p2 + [d369d4d40a19] + + * plugins/sudoers/sudoreplay.c: + Instead of doing extra write()s when replaying stdout, build up a + vector for writev() instead. This results in far fewer system + calls. + [303d866c025c] + +2012-05-27 Todd C. Miller + + * src/env_hooks.c, src/sudo.h, src/tgetpass.c: + Provide unhooked version of getenv() and use it when looking up + DISPLAY and SUDO_ASKPASS in the environment. + [04dbdccf4a14] + +2012-05-25 Todd C. Miller + + * plugins/sudoers/sudoreplay.c: + When replaying a log of stdout or stderr, do newline to carriage + return + linefeed conversion. We cannot have termios do this for us + since we've disabled output postprocessing (POST) when setting raw + mode. + [61352a7d996f] + +2012-05-24 Todd C. Miller + + * configure, configure.in: + When checking for -fstack-protector, treat warnings as fatal errors. + [4124cd12d511] + +2012-05-22 Todd C. Miller + + * configure, configure.in: + Fix test for -z relro + [548bdb6f5c4a] + + * MANIFEST: + Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4 + [ed063264a2a1] + + * INSTALL, aclocal.m4, configure, configure.in, + m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4: + Build with -fstack-protector and link with -zrelo where supported. + Added --disable-hardening option to disable hardening options. + [0b6c1a1ceb03] + +2012-05-21 Todd C. Miller + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test4.out.ok, + plugins/sudoers/regress/testsudoers/test4.sh, + plugins/sudoers/regress/testsudoers/test5.inc, + plugins/sudoers/regress/testsudoers/test5.out.ok, + plugins/sudoers/regress/testsudoers/test5.sh, + plugins/sudoers/testsudoers.c: + Add tests for sudoers mode, owner and group checks. + [a7607443aba0] + + * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: + If sudoers_mode is group-readable but the actual sudoers file is + not, open the file as uid 0, not uid 1. This fixes a problem when + sudoers has a more restrictive mode than what sudo expects to find. + In older versions, sudo would silently chmod the file to add the + group-readable bit. + [c056b6003e6f] + + * INSTALL, common/secure_path.c, config.h.in, configure, configure.in: + No longer throw an error if sudoers is a symbolic link. Deprecated + the --with-stow option as that is now (effectively) the default. + [8ce783e54886] + +2012-05-18 Todd C. Miller + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test2.inc, + plugins/sudoers/regress/testsudoers/test2.out.ok, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.d/root, + plugins/sudoers/regress/testsudoers/test3.out.ok, + plugins/sudoers/regress/testsudoers/test3.sh: + Add basic tests for #include and #includedir + [b303e4218951] + + * plugins/sudoers/testsudoers.c: + Add -U sudoers_uid option to testsudoers. + [3f8ed13501ba] + +2012-05-17 Todd C. Miller + + * NEWS, configure, configure.in: + Update for 1.8.5p1 + [c33c49bf5b4b] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix #includedir; from Mike Frysinger + [d4833d4e39a0] + + * plugins/sudoers/check.c: + Don't prompt for a password if the user is in the exempt group, is + root, or is running the command as themselves even if the -k option + was specified. This makes "sudo -k command" consistent with the + behavior one would get if the user ran "sudo -k" immediately before + running the command. + [632b3961df00] + +2012-05-15 Todd C. Miller + + * INSTALL: + Fix capitalization + [7258aa977caf] + + * mkpkg: + Build PIE executable on Mac OS X 10.5 and above. + [2a5c7ef92182] + +2012-05-14 Todd C. Miller + + * NEWS: + Update for sudo 1.8.4p5 + [21164f508b68] + + * plugins/sudoers/match_addr.c: + Add missing break between AF_INET and AF_INET6 in + addr_matches_if_netmask() + [672a4793931a] + + * plugins/sudoers/mon_systrace.c: + Move systrace monitor code to the attic + [d6faf4754e9c] + +2012-05-11 Todd C. Miller + + * src/exec.c: + The pointer to the siginfo_t struct in a signal handler may be NULL. + [41a4ee934b53] + +2012-05-10 Todd C. Miller + + * plugins/sudoers/pwutil.c: + Fix an alignment problem on NetBSD systems with a 64-bit time_t and + strict alignment. Based on a patch from Martin Husemann. + [1e5ba3c18f17] + + * include/missing.h: + Add offsetof macro for those without it. + [e44cb51d2587] + + * MANIFEST: + add system_group plugin + [6169793b510c] + +2012-05-09 Todd C. Miller + + * compat/dlopen.c: + Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX. + [85bd03bc5d94] + +2012-05-08 Todd C. Miller + + * NEWS: + Mention system_group plugin + [05393dd4bdb8] + + * Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in: + update depends + [6feb0b824fc4] + + * plugins/system_group/system_group.c: + Only call gr_delref() when use sudo's password caching functions. + [1103442e21fa] + + * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in: + Add missing dependency on libreplace.la + [05bfd9d4657f] + + * compat/dlopen.c: + Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and + PROG_HANDLE. + [2382d0693acc] + + * Makefile.in, configure, configure.in, + plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, + plugins/system_group/system_group.sym: + Add group plugin that does lookups by name using the system group + database. + [2ddbb604112f] + + * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo, + src/po/pl.po: + sync with translationproject.org + [4ef05df4226d] + +2012-05-03 Todd C. Miller + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po, + src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, + src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po, + src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [115c3f828fc5] + +2012-05-01 Todd C. Miller + + * sudo.pp: + Add mode for docdir and use '-' (default) for localedir mode. Fixes + a problem on Linux when building in a directory with the setgid bit + set. + [582279c8bcb1] + +2012-04-30 Todd C. Miller + + * pp: + Match CentOS 6.0 + [1e99ef210f98] + +2012-04-24 Todd C. Miller + + * NEWS: + Update with recent changes + [c5fc220ba696] + + * pp: + Fix version check on AIX + [d272e39112f4] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [72b23509465a] + + * plugins/sudoers/ldap.c: + Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP + SDK. + [87b685e70b9a] + + * plugins/sudoers/ldap.c: + Fix printing of invalid uri + [645aa53acdde] + + * plugins/sudoers/auth/pam.c: + Pass PAM_SILENT when deleting creds to remove an annoying warning + message on Solaris. + [1dd0301ef293] + +2012-04-23 Todd C. Miller + + * src/utmp.c: + Fix the setutxent and endutxent compatibility defines (this time + correctly) when only setutent and endutent are available. + [d136d2867db9] + + * plugins/sudoers/ldap.c: + sudo_ldap_set_options_global() should not take an LDAP handle as an + argument since the options affect the global settings. + [1dc39b9d20f2] + + * mkpkg: + Debian sudo has not been built with --with-exempt=sudo since 1.6.8. + [c7716291a856] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c, + src/sudo.h: + Call the policy's init_session() function before we fork the child. + That way, the session is created and destroyed in the same process, + which is needed by some modules, such as pam_mount. + [ece552ba002e] + + * doc/TROUBLESHOOTING: + Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is + not specified. + [bd293e100b28] + + * plugins/sudoers/auth/pam.c: + Delete creds after closing the PAM session. + [5158d726d6a5] + + * plugins/sudoers/ldap.c: + Provide a more useful error message if using a Mozilla-style LDAP + SDK and you forgot to specify TLS_CERT in ldap.conf. + [7cb78feb899c] + + * src/exec_pty.c: + Add missing initialization of a sigaction structure when I/O + logging. Fixes a potential problem when suspending the command. + [f4480f2ba816] + + * plugins/sudoers/ldap.c: + Split global and per-connection LDAP options into separate arrays. + Set global LDAP options before calling ldap_initialize() or + ldap_init(). After we have an LDAP handle, set the per-connection + options. Fixes a problem with OpenLDAP using the nss crypto backend; + bug #342 + [265c9d2dc12b] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po, + src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [6d7fe44be21e] + +2012-04-21 Todd C. Miller + + * src/sudo.c, src/sudo.h: + Move struct passwd pointer into struct command details. + [d6fb1eff2065] + +2012-04-20 Todd C. Miller + + * pp: + Sync with upstream for Mac OS X (and other) fixes. + [c2f4998d01b0] + + * mkpkg: + Only built Mac intel universal binary on an intel machine. + [0009e0b7e5a8] + + * src/Makefile.in: + Do not pass libtool the -static-libtool-libs option when building + sudo and sesh. Otherwise, libtool may prefer a static version of an + installed library over a dynamic one when linking. + [6fbac9adc885] + +2012-04-19 Todd C. Miller + + * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po: + Add German translation for sudo Add Croatian translation for sudoers + [fa4da1a6530c] + + * plugins/sudoers/iolog.c: + typo fix in comment + [abd721d1288e] + +2012-04-16 Todd C. Miller + + * NEWS: + Update with recent changes + [6fa11e8448b9] + + * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Sort xgettext output by file name. + [f650841810f0] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: + Clarify what "sudoreplay -l" displays and mention that it is sorted. + [84031c117bd6] + + * config.h.in, configure, configure.in, src/ttyname.c: + Use AC_HEADER_MAJOR to determine where major/minor are defined. + [3c949650a223] + + * config.h.in, configure, configure.in, src/ttyname.c: + Include sys/mkdev.h if present instead of sys/sysmacros.h for + minor(). This is needed on Solaris (at least) where the makedev + macros in sysmacros.h are obsolete and library functions should be + used instead. + [343928acf81e] + + * mkpkg: + When building on Mac OS X, only set SDK_FLAGS if specified osversion + doesn't match host. + [d84c6efac872] + +2012-04-15 Todd C. Miller + + * src/ttyname.c: + Add back buf and tty variables for _ttyname() case that were + inadvertantly removed. + [a4a820b22a44] + +2012-04-13 Todd C. Miller + + * plugins/sudoers/po/sudoers.pot: + regen + [5446b12c1250] + + * configure, configure.in: + Remove b8 from version number. + [5adc4dcec061] + + * src/ttyname.c: + remove some XXX + [187579a5f593] + + * src/ttyname.c: + When looking for a device match, do a breadth-first search instead + of depth-first. We already special case /dev/pts/ so chances are + good that if it is not a pseudo-tty it is in the base of /dev/. Also + avoid a stat(2) when possible if struct dirent has d_type. + [0183f8a1b278] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + src/sudo.c, src/sudo.h: + Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list. + [f0574d878491] + + * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo, + src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo, + src/po/vi.mo: + sync with translationproject.org + [4527ea78fbd5] + + * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po, + src/po/hr.mo, src/po/hr.po: + New Croatian and Galician translations from translationproject.org + [ad4bd924b4de] + + * src/ttyname.c: + Add depth-first traversal of /dev/ for the /proc case when not + /dev/pts/N + [499bd3456774] + + * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c: + If struct dirent has d_type, use it to avoid an extra stat(). + [741dabbe4bcd] + + * plugins/sudoers/sudoreplay.c: + Sort output of "sudoreplay -l" + [c0615795bd4b] + +2012-04-12 Todd C. Miller + + * plugins/sudoers/sudoreplay.c: + Fix duplicate free introduced in last rev + [efdaabe69d75] + +2012-04-11 Todd C. Miller + + * plugins/sudoers/auth/pam.c: + Instead of treating ^C from tgetpass() specially, always return + AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL + like PAM_AUTH_ERR which Mac OS X returns this when there is no tty. + [a3b17298d4d0] + + * config.h.in, configure, configure.in, src/ttyname.c: + Rototill code to determine the tty. For Linux, we now look up the + tty device in /proc/pid/stat instead of trying to open + /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given + device number to a string. On BSD, we can use devname(). On + Solaris, _ttyname_dev() does what we want. TODO: write /dev/ + traversal code for the generic sudo_ttyname_dev(). + [6b22be4d09f0] + +2012-04-10 Todd C. Miller + + * src/ttyname.c: + Define PRNODEV for those w/o it. + [f17290e64559] + + * config.h.in, configure, configure.in, src/ttyname.c: + Check for SVR4-style struct psinfo.pr_ttydev and use that to + determine the tty if std{in,out,err} are not ttys. + [76ad33a91f4b] + + * src/ttyname.c: + Better support for SVR4-style /proc entries where we can't use + ttyname() on the /proc/pid/fd/[0-2] entries. We can, however, + attempt to map the device number back to the correct pseudo-tty + slave device. + [4f9f48cc79eb] + + * src/ttyname.c: + When trying to determine the tty name, check parent's stderr in + addition to its stdin and stdout. + [604644056c7d] + + * src/exec_pty.c: + Treat a tty read failure like EOF as it usually means the pty has + gone away. Handle write() on the tty returning EIO. + [16957f4a706f] + + * src/exec.c, src/exec_pty.c: + Linux select() may return ENOMEM if there is a kernel resource + shortage. Older Solaris select() may return EIO instead of EBADF + when the tty goes away. If we get an unhandled select() failure, + kill the child and exit cleanly. + [d93940a311ab] + + * src/ttyname.c: + Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might + block in open. + [a9f809d09d52] + +2012-04-09 Todd C. Miller + + * plugins/sudoers/set_perms.c: + Fix restoration of AIX permissions. + [30c717115988] + + * src/parse_args.c: + Allow the -k flag to be used along with the -i and -s flags. + [0653b17c97f1] + + * plugins/sudoers/sudoreplay.c: + Plug memory leak in parse_logfile() in the error path. + [9cce86fa833b] + + * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po, + src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po, + src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [14af43d0b170] + +2012-04-08 Todd C. Miller + + * compat/regress/glob/globtest.c, config.h.in, configure, + configure.in, plugins/sudoers/match.c: + Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the + glob() and fnmatch() results to be consistent. + [4226750d73c2] + +2012-04-06 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in, + src/ttysize.c: + Move ttysize.c to common so sudoreplay can use it. + [b4a0aa514cd4] + + * plugins/sudoers/sudoreplay.c: + If I/O log file includes rows + cols, warn if the user's tty is not + big enough. + [b980ef89efff] + + * plugins/sudoers/sudoreplay.c: + Fix printing of TSID in "sudoreplay -l" + [4221e3e108b4] + + * common/sudo_debug.c, include/sudo_debug.h, + plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_pty.c: + Log the process id in the debug file output. Since we don't want to + keep calling getpid(), stash the value at init time and when we + fork(). + [2782d30c024d] + + * src/exec_pty.c: + Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It + is better to receive EIO from read()/write() than to be suspended + when we don't expect it. Fixes a problem when our terminal is + revoked which can happen when, e.g. our sshd is killed + unceremoniously. Also, only change the value of "alive" from true to + false, never from false to true. It is possible for us to receive + notification of the child having stopped after it is already dead. + This does not mean it has risen from the grave. + [26c9fe8ce0f9] + + * src/exec_pty.c: + Distinguish between signals we received from the parent vs. those + delivered explicitly to the monitor process in debugging info. + [40716cb180e5] + +2012-04-05 Todd C. Miller + + * plugins/sudoers/check.c: + In Solaris 11, /dev/pts under the "dev" filesystem, not "devices". + Update tty_is_devpts() to match so we can determine when the tty has + been reused. + [2689665df027] + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h: + Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf() + and use a new flag, SUDO_DEBUG_FILENO to specify when to use it. + This allows consumers of sudo_debug_printf() to log that data + without having to specify it manually. + [7c94c4879208] + + * src/exec_pty.c: + Make this compile after last change. + [ee09034f3266] + + * src/exec_pty.c: + Don't try to restore the terminal if we are not the foreground + process. Otherwise, we may be stopped by SIGTTOU when we try to + update the terminal settings when cleaning up. + [c48b24335456] + + * src/exec.c: + If select() return EBADF in the main event loop, one of the ttys + must have gone away so perform any I/O we can and close the bad fds. + [3bc8678c03ce] + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the + function, file and line number in the debug log for warning() and + error(). + [894cd131f11d] + +2012-04-04 Todd C. Miller + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + src/conversation.c: + Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno. + Use this flag when wrapping error() and warning() so the debug + output includes the error string. + [1e2c67adaf1f] + +2012-03-30 Todd C. Miller + + * NEWS: + Update for sudo 1.8.5 + [7d2b62b823fe] + + * plugins/sudoers/po/sudoers.pot: + regen + [718ad9de92cd] + + * doc/CONTRIBUTORS: + sync + [f48013aea641] + + * plugins/sudoers/pwutil.c: + Use ecalloc() + [fabd23c1f271] + + * src/exec_pty.c: + Don't need zero_bytes() after ecalloc() + [1a9d95cd10ef] + + * config.h.in, configure, configure.in, src/sudo_noexec.c: + Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to + sudo_noexec.c. + [cbaa1d4b0f8a] + + * src/utmp.c: + Fix compat setutxent and endutxent macros for systems with + setutent() but not setutxent(). From Gustavo Zacarias + [d7ce622fc5f2] + +2012-03-29 Todd C. Miller + + * configure.in: + Add ignore_result definition to AH_BOTTOM + [8d4096838a98] + + * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c, + src/exec.c, src/exec_pty.c, src/tgetpass.c: + Fix compiler warnings on some platforms and provide a better method + of defeating gcc's warn_unused_result attribute. + [9a8f804fcc75] + + * configure, configure.in: + Fix building the builtin zlib from a build dir. When a zlib dir was + specified, prepend its include path instead of appending so we get + the right zlib headers. + [5f61d591b186] + + * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h, + zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c, + zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h, + zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in, + zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: + Update zlib to version 1.2.6 + [173c4bc4d4fc] + +2012-03-28 Todd C. Miller + + * include/missing.h: + g/c __unused which is no longer used + [7ef3f23edcd6] + + * src/env_hooks.c: + Fix compilation if RTLD_NEXT is not defined. + [d5605f468b71] + + * src/po/sr.mo, src/po/sr.po: + sync with translationproject.org + [27d559f7985d] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, + doc/sudoers.man.in: + regen + [f9f63ce478b6] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [59035d82d15a] + + * Makefile.in: + Ignore Project-Id-Version when comparing pot files. + [22feb9ede46b] + + * plugins/sudoers/bsm_audit.c: + Use error() instead of log_fatal() + [54130bda4b50] + + * plugins/sudoers/env.c: + Fix signedness of didvar in env_update_didvar() + [77048a80b3e4] + + * plugins/sudoers/iolog.c: + Quiet a compiler warning on some platforms. + [8fdcaece0400] + + * compat/fnmatch.c: + cast ctype(3) function/macro arguments from char to unsigned char to + avoid potential negative subscripting. + [bdcf7eef21ef] + + * common/setgroups.c: + Quiet a warning on systems where the gids array in setgroups() is + not prototyped as being const, even though it really is. + [fdd758c6302d] + + * src/env_hooks.c: + Quiet a compiler warning on systems where the argument to putenv(3) + is const. + [51bae2193b53] + + * plugins/sudoers/sudoreplay.c: + Undo an incorrect int -> bool conversion. + [b9a4ce320f14] + + * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + src/po/sv.mo, src/po/sv.po: + Add Swedish sudo and sudoers translations from + translationproject.org + [f7ce1de9073f] + + * plugins/sudoers/env.c: + No need to preserve ODMDIR on AIX now that we always read + /etc/environment. + [4aa04b2f0125] + +2012-03-27 Todd C. Miller + + * doc/sudoers.pod, plugins/sudoers/env.c: + When initializing the environment for env_reset, start out with the + contents of /etc/environment on AIX and login.conf on BSD. + [5717bdc321e2] + + * doc/TROUBLESHOOTING, src/sudo.c: + If we are not running with an effective uid of 0, try to give the + user enough information to debug the problem. + [fa4894896d8a] + + * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: + Quiet a clang-analyzer false positive. + [c4c0c1b9c8b0] + + * src/tgetpass.c: + If there is nothing to read from the askpass program, set errno to + EINTR. This makes the cancel button behave like the user entered ^C + at the password prompt when PAM is used. + [594302cb9caf] + + * src/sudo.h, src/tgetpass.c: + Fetch the value of "askpass" from the sudo conf struct. + [4593ee8f1bd3] + + * common/sudo_conf.c: + Fix matching of "Path askpass" and "Path noexec" + [4df28d62afb9] + +2012-03-26 Todd C. Miller + + * plugins/sudoers/visudo.c: + Quiet a clang-analyzer dead store warning. + [dd90bf385a3f] + + * plugins/sudoers/sudoers.c: + If the "timestampowner" user cannot be resolved, use ROOT_UID + instead of exiting with a fatal error. + [8d62aae99715] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/check.c, plugins/sudoers/env.c, + plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: + Remove the NO_EXIT flag to log_error() and add a log_fatal() + function that exits and is marked no_return. Fixes false positives + from static analyzers and is easier for humans to read too. + [a0fe785c2a3d] + +2012-03-24 Todd C. Miller + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, + src/po/eo.po: + sync with translationproject.org + [df5e8777de13] + +2012-03-20 Todd C. Miller + + * src/po/da.mo, src/po/da.po: + sync with translationproject.org + [629d99548b78] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: + sync with translationproject.org + [9d122a2860d6] + +2012-03-19 Todd C. Miller + + * src/po/it.mo, src/po/it.po: + sync with translationproject.org + [6397593b15cf] + + * common/sudo_conf.c, plugins/sudoers/alias.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c, + src/load_plugins.c: + Use ecalloc() when allocating structs. + [8b5888868db2] + + * common/alloc.c, include/alloc.h: + Add ecalloc() and commented out recalloc(). Use inline strnlen() + instead of strlen() in estrndup(). + [7fb9aa46c1e0] + +2012-03-18 Todd C. Miller + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, + src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, + src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [45a032c37334] + +2012-03-16 Todd C. Miller + + * plugins/sudoers/set_perms.c: + Remove unused label + [2660bb0c1313] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document what changed in each plugin API revision + [59b30a6fc4d1] + + * plugins/sudoers/set_perms.c: + Remove bogus optimization that could lead to a double free of the + group list. + [b0bfbd2a83a8] + +2012-03-15 Todd C. Miller + + * doc/TROUBLESHOOTING: + Expand AIX /etc/security/privcmds entry. + [9f3f072e034e] + + * NEWS: + Update for sudo 1.8.5 + [086049011f25] + + * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat, + doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h, + include/sudo_plugin.h, src/load_plugins.c, src/sudo.c, + src/sudo_plugin_int.h: + Rename plugin "args" to "options" + [f25624951bd2] + + * doc/CONTRIBUTORS: + Add Lithuanian and Vietnamese translators + [2b4c075b69e3] + + * Makefile.in: + Ignore comments when comparing new and old pot files. + [f872999347b3] + + * src/Makefile.in: + regen + [c8193b1b11c7] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in: + regen + [15e3c17e8a3a] + + * doc/sudo_plugin.pod, include/sudo_plugin.h, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c, + src/sudo.c, src/sudo.h: + Pass a pointer to user_env in to the init_session policy plugin + function so session setup can modify the user environment as needed. + For PAM authentication, merge the PAM environment with the user + environment at init_session time. We no longer need to swap in the + user_env for environ during session init, nor do we need to disable + the env hooks at init_session time. + [3f5277b359d8] + + * plugins/sample/sample_plugin.c: + Add explicit NULL entries for init_session, register_hooks and + deregister_hooks with appropriate comments. + [727a57978b40] + + * compat/pw_dup.c: + Quiet a gcc "used uninitialized in this function" false positive. + [f14b68379ce9] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + We should always call warning() with a format string or a string + literal. In this case, the argument (path) is not user-controlled. + [e9ef51224024] + +2012-03-14 Todd C. Miller + + * src/selinux.c: + Include sudo_exec.h for the sudo_execve() prototype. + [769e58065edc] + + * config.h.in, configure, configure.in: + Add check for pam_getenvlist() + [36bde3f26c60] + + * common/sudo_conf.c: + Set args to NULL in default plugin info struct when there is no + Plugin line in sudo.conf. + [93ec67708f01] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [a9287677795c] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + regen + [a242769d7962] + + * configure, configure.in: + Bump version to 1.8.5 + [e8618f0c2505] + + * doc/sudo_plugin.pod: + Document hooks API + [e6ad07d27958] + +2012-03-13 Todd C. Miller + + * sudo.pp: + Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris. + [fd72340042d3] + + * include/sudo_plugin.h: + Use sudo_hook_fn_t in struct sudo_hook. + [938f93112d6e] + + * doc/TROUBLESHOOTING: + If cross compiling, --host must include the OS in the tuple. E.g. + --host powerpc-unknown-linux + [b8c010070c1e] + +2012-03-12 Todd C. Miller + + * plugins/sudoers/parse.c: + Fix bogus int -> bool conversion; tags can have a value of -1. + [e63d6434a303] + + * plugins/sudoers/env.c: + Add env_should_keep() and env_should_delete() wrapper functions to + simplify things a bit and hide the fact that matches_env_check() is + not bool. + [7a03d7a12b50] + + * sudo.pp: + Fix application of debian-specific sudoers mods when building + packages as non-root. + [34bf4c52c425] + + * plugins/sudoers/env.c: + matches_env_check() returns int, not boolean + [0ad915b8d5cb] + + * src/sudo_edit.c: + Fix compilation when seteuid() is not available. + [8a722f998000] + + * src/ttyname.c: + Simply move the free of ki_proc outside the realloc() loop. + [217b786da760] + + * src/ttyname.c: + Bring back the erealloc() for the ENOMEM loop and just zero the + pointer after we free it. + [29a016e45127] + + * src/ttyname.c: + Don't try to erealloc() a potentially freed pointer; Mateusz Guzik + [266e08844065] + +2012-03-10 Todd C. Miller + + * plugins/sudoers/set_perms.c: + Use normal error path if unable to set sudoers gid. + [01c816918c99] + + * plugins/sudoers/set_perms.c: + Make this work again on systems w/o seteuid(). + [2e67f7421e97] + +2012-03-09 Todd C. Miller + + * plugins/sudoers/set_perms.c: + Fix compilation if no seteuid/setreuid/setresuid available. + [d0b3c1f88eb4] + + * plugins/sudoers/set_perms.c: + Better error messages, and added debugging throughout. Fixed + seteuid() version of set_perms()/restore_perms(). Fixed logic bug in + AIX version of restore_perms(). Added checks to avoid changing + uid/gid when we don't have to. Never set gid/uid state to -1, use + the old value instead. + [29188d469b5c] + + * src/exec_pty.c, src/ttyname.c: + Fix format string warning on Solaris with gcc 3.4.3. + [d1eeb6e1dd0f] + + * src/sudo.c: + Always declare environ now that we swap it around unilaterally. + [aaa3e92e7d0d] + + * src/Makefile.in: + Honor LDFLAGS when linking sesh; from Vita Cizek + [498b41438f6e] + + * src/sesh.c: + Include alloc.h for estrdup() prototype; from Vita Cizek + [93203655a320] + +2012-03-08 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Don't read /etc/environment on Linux when using PAM, PAM should set + the environment variables as needed via pam_env. + [b1ef62cb2d40] + + * INSTALL: + Fix editor goof. + [0c3dd3bb8b57] + + * src/hooks.c, src/sudo.c, src/sudo.h: + Disable environment hooks after we get user_env back to make sure a + plugin can't to modify user_env after we "own" it. This is kind of + a hack but we don't want the init_session plugin function to modify + user_env. + [8e6d119452a5] + + * src/hooks.c, src/sudo.c: + Add support for deregistering hooks. If an I/O log plugin fails to + initialize, deregister its hooks (if any). + [ac00c93900c5] + +2012-03-07 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c: + Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook + setenv. + [e75469dd9908] + + * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in, + compat/setenv.c, compat/unsetenv.c, config.h.in, configure, + configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c, + plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c, + src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h: + Initial cut at a hooks implementation. The plugin can register + hooks for getenv, putenv, setenv and unsetenv. This makes it + possible for the plugin to trap changes to the environment made by + authentication methods such as PAM or BSD auth so that such changes + are reflected in the environment passed back to sudo for execve(). + [61cffa06f863] + +2012-03-05 Todd C. Miller + + * MANIFEST, src/po/vi.mo, src/po/vi.po: + Add Vietnamese sudo translation from translationproject.org + [96df426790d5] + +2012-03-02 Todd C. Miller + + * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod, + doc/sudoers.pod: + List sudo_noexec.so not noexec.so in the sample sudo.conf + [53844e190ec5] + + * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, + doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h, + include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c, + src/sudo_plugin_int.h: + Add support for plugin args at the end of a Plugin line in + sudo.conf. Bump the minor number accordingly and update the + documentation. A plugin must check the sudo front end's version + before using the plugin_args parameter since it is only supported + for API version 1.2 and higher. + [587f1f819536] + +2012-03-01 Todd C. Miller + + * plugins/sudoers/Makefile.in: + update depends + [6d2da44e11e5] + + * MANIFEST: + secure_path.c is in common, not compat + [619c4a663dde] + + * configure, configure.in: + Add check for variadic macro support in cpp. + [756854caf675] + +2012-02-29 Todd C. Miller + + * common/secure_path.c, common/sudo_conf.c, include/secure_path.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add type param to sudo_secure_path() and add sudo_secure_file() and + sudo_secure_dir() wrappers which get by #includedir in sudoers. + [2ec2d3d8df04] + +2012-02-28 Todd C. Miller + + * doc/visudo.pod, plugins/sudoers/visudo.c: + Check the owner and mode in -c (check) mode unless the -f option is + specified. Previously, the owner and mode were checked on the main + sudoers file when the -s (strict) option was given, but this was not + documented. + [b2d6ee1e547a] + + * config.h.in, configure, configure.in, src/ttyname.c: + Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some + versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC. + [159f6a50456a] + +2012-02-27 Todd C. Miller + + * doc/CONTRIBUTORS: + Add Eric Lakin for patch in bug #538 + [490c29c234c6] + + * src/exec_pty.c: + Fix typo in safe_close() made while converting to debug framework + that prevented it from actually closing anything. + [a66422a62afd] + + * src/exec_pty.c: + Add some more debugging. + [b5667947dda9] + + * common/Makefile.in, compat/Makefile.in, doc/Makefile.in, + include/Makefile.in: + We need sysconfdir in compat/Makfile to get the proper sudo.conf + path. Add standard prefix and foodir expansion in all Makefiles to + avoid this problem in the future. + [62b6ce4ecae9] + +2012-02-25 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po: + New Lithuanian sudoers translation from translationproject.org + [10436b649035] + + * plugins/sudoers/po/ja.po: + Update from translationproject.org + [acb8db5f8ef1] + +2012-02-24 Todd C. Miller + + * plugins/sudoers/ldap.c: + When adding gids to the LDAP filter, only add the primary gid once. + This is consistent with the space computation/allocation. From Eric + Lakin + [35d9d99c92c6] + + * doc/TROUBLESHOOTING: + Add entry for AIX enhanced RBAC config. + [5e10b6f8def7] + + * mkpkg: + Target Mac OS X 10.5 when building packages. + [06fce9bbebee] + +2012-02-22 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/secure_path.c, + common/sudo_conf.c, include/secure_path.h, + plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c: + Relax the user/group/mode checks on sudoers files. As long as the + file is owned by the right user, not world-writable and not writable + by a group other than the one specified at configure time (gid 0 by + default), the file is considered OK. Note that visudo will still + set the mode to the value specified at configure time. + [241174babfcc] + +2012-02-21 Todd C. Miller + + * plugins/sudoers/set_perms.c: + Add AIX-specific version of permission setting code to make sure + that the saved uid gets restored properly. + [9a6f5d22c301] + + * config.h.in, configure, configure.in, src/exec_common.c: + Check for LD_PRELOAD variants in configure instead of checkign cpp + symbols. In disable_execute(), compute the length of the new envp + and allocate it once instead of reallocating on demand. Also append + old value of LD_PRELOAD (if any) to the new value. + [680266346917] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Fix the description of noexec. + [6a6d142f3c80] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + The "op" parameter to set_default() must be int, not bool since it + is set to '+' or '-' for list add and subtract. + [8da5b137bea2] + + * sudo.pp: + Make sure sudoers is writable before calling ed script. + [95352ab6336b] + +2012-02-17 Todd C. Miller + + * doc/CONTRIBUTORS, doc/contributors.pod: + Update contributors. Now includes translators and authors of compat + code. + [4fb5b616b50a] + +2012-02-16 Todd C. Miller + + * src/po/sudo.pot: + regen + [2c86e2c328fe] + + * pp, sudo.pp: + Build flat packages, not package bundles, on Mac OS X. + [57bda3cd5520] + +2012-02-10 Todd C. Miller + + * sudo.pp: + Move macos section to be with the other OS-specific sections. + [51423bb2973a] + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + Sync with translationproject.org + [8ce41cbb8da0] + + * configure, configure.in: + Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS + [fa979aa6fe7d] + + * sudo.pp: + Add Mac OS X support, printing the latest chunk of the NEWS file and + the license text in the installer. + [ffeab72387c0] + + * sudo.pp: + Add explicit file modes that match those used by "make install" + [7eb37242c920] + + * pp: + Sync with upstream for Mac OS X fixes. + [97cba179041e] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Got back to using "install-sh -M" for files installed as non- + readable by owner. This fixes "make install" as non-root for + package building. + [967804ee77d6] + +2012-02-09 Todd C. Miller + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: + Sync with translationproject.org + [0e53db12039a] + + * Makefile.in, doc/Makefile.in, include/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Use -m not -M for install-sh for everything except setuid. Install + locale .mo files mode 0444, not 0644. If timedir parent doesn't + exist, use default dir mode, not 0700. + [8b6f64c92090] + +2012-02-07 Todd C. Miller + + * pp: + Re-sync with upstream; no longer need a local patch. + [97a2c7be5e59] + + * mkpkg: + Add support for building Mac OS X packages. + [94d49ac223a4] + + * pp: + Sync with upstream + [1c97654fc841] + + * src/Makefile.in: + No longer need to define _PATH_SUDO_CONF here. + [2560905b7482] + + * src/exec_common.c: + Fix noexec for Mac OS X. + [b7a744bca2c0] + +2012-02-06 Todd C. Miller + + * common/Makefile.in: + Move _PATH_SUDO_CONF override to common to match sudo_debug.c + [f0788972a63a] + + * plugins/sudoers/set_perms.c: + More complete fix for LDR_PRELOAD on AIX. The addition of + set_perm(PERM_ROOT) before calling the nss open functions (needed to + avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective + and then real uid to 0 for PERM_ROOT works around the issue. + [5888eda051af] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [997fe403e219] + + * src/sudo.c: + Set real uid to root before calling sudo_edit() or run_command() so + that the monitor process is owned by root and not by the user. + Otherwise, on AIX at least, the monitor process shows up in ps as + belonging to the user (and can be killed by the user). + [d4772d7d2fc5] + + * plugins/sudoers/set_perms.c: + For PERM_ROOT when using setreuid(), only set the euid to 0 prior to + the call to setuid(0) if the current euid is non-zero. This + effectively restores the state of things prior to rev 7bfeb629fccb. + Fixes a problem on AIX where LDR_PRELOAD was not being honored for + the command being executed. + [b9b40325b4dc] + + * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in, + include/missing.h, src/sudo.c: + Make a copy of the struct passwd in exec_setup() to make sure + nothing in the policy init modifies it. + [b721261c921f] + +2012-02-05 Todd C. Miller + + * doc/sudoers.pod: + update copyright + [f9d229d1f65e] + + * common/sudo_debug.c, include/sudo_debug.h: + g/c now-unused debug subsystems + [8f21726e698f] + + * doc/sudo.pod, doc/sudoers.pod: + Enumerate the debug subsystems used by sudo and sudoers. + [ac4f84293d14] + +2012-02-03 Todd C. Miller + + * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, + include/sudo_conf.h, src/sudo.c: + Normally, sudo disables core dumps while it is running. This + behavior can now be modified at run time with a line in sudo.conf + like "Set disable_coredumps false" + [ad14e0508b0d] + + * NEWS: + Mention Spanish translation + [600f3205bd6e] + + * common/sudo_debug.c: + Make sure we don't try to fall back to using the conversation + function for debugging in the main sudo process if we are unable to + open the debug file. + [ffa329aa908c] + + * MANIFEST, src/po/es.mo, src/po/es.po: + Add sudo Spanish translation from translationproject.org + [c1906654e740] + +2012-02-02 Todd C. Miller + + * plugins/sudoers/iolog.c: + Better debug subsystem usage + [1a31f115743c] + + * src/sudo.c: + Remove duplicate function prototypes + [ae04b00532eb] + +2012-02-01 Todd C. Miller + + * configure, configure.in: + Error out if user specified --with-pam but we can't find the headers + or library. Also throw an error if the headers are present but the + library is not and vice versa. + [d6bf3e3d0aae] + +2012-01-31 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Fix the sudoers permission check when the expected sudoers mode is + owner-writable. + [8b0b7e770a22] + +2012-01-30 Todd C. Miller + + * configure, configure.in: + Verify that we can link executables built with -D_FORTIFY_SOURCE + before using it. + [7578215d1a95] + + * src/exec_common.c: + Fix potential off-by-one when making a copy of the environment for + LD_PRELOAD insertion. Fixes bug #534 + [cc699cd551b6] + + * configure, configure.in: + Add rudimentary check for _FORTIFY_SOURCE support by checking for + __sprintf_chk, one of the functions used by gcc to support it. + [a992673d2ef8] + + * compat/stdbool.h, config.h.in, configure, configure.in: + Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. + [8ba1370884b3] + +2012-01-29 Todd C. Miller + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [1e0b38397705] + +2012-01-25 Todd C. Miller + + * src/exec.c, src/sudo.c: + The change in 818e82ecbbfc that caused to exit when the monitor dies + created a race condition between the monitor exiting and the status + being read. All we really want to do is make sure that select() + notifies us that there is a status change when the monitor dies + unexpectedly so shutdown the socketpair connected to the monitor for + writing when it dies. That way we can still read the status that is + pending on the socket and select() on Linux will tell us that the fd + is ready. + [7fb5b30ea48d] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c, + src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, + src/sudo_exec.h: + Refactor disable_execute() and my_execve() into exec_common.c for + use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of + disabling exec in exec_setup(), disable it immediately before + executing the command. Adapted from a diff by Arno Schuring. + [ec4d8b53db6b] + +2012-01-20 Todd C. Miller + + * aclocal.m4, configure, configure.in: + Add custom version of AC_CHECK_LIB that uses the extra libs in the + cache value name. With this we no longer need to rely on a modified + version of autoconf. + [1c3b1d482d6c] + +2012-01-19 Todd C. Miller + + * configure, configure.in: + Better handling of network functions that need -lsocket -lnsl + [cc386342ec2b] + + * src/sudo.c: + When setting up the execution environment, set groups before + gid/egid like sudo 1.7 did. + [928e1c5fa6c1] + + * configure, configure.in: + Remove "WARNING: unable to find foo() trying -lsocket -lnsl" + [84b23cdf138f] + + * plugins/sudoers/sudoers.c: + For "sudo -g" prepend the specified group ID to the beginning of the + groups list. This matches BSD convention where the effective gid is + the first entry in the group list. This is required on newer + FreeBSD where the effective gid is not tracked separately and thus + setgroups() changes the egid if this convention is not followed. + Fixes bug #532 + [782d6909108b] + +2012-01-17 Todd C. Miller + + * configure, configure.in: + Fix sh warning; use "test" instead of "[" + [c6ee3407f65e] + + * src/exec.c: + When not logging I/O, use a signal handler that only forwards + SIGINT, SIGQUIT and SIGHUP when they are user-generated signals. + Fixes a race in the non-I/O logging path where the command may + receive two keyboard-generated signals; one from the kernel and one + from the sudo process. + [9638684e786a] + + * src/exec.c: + Back out change that put the command in its own pgrp when not + logging I/O. It causes problems with pipelines. + [4fc9c6e1e770] + +2012-01-16 Todd C. Miller + + * compat/Makefile.in, configure, configure.in: + Only run compat regress tests on compat objects we actually build. + Fixes "make check" in the compat dir for systems that don't + implement character classes in fnmatch() or glob(). Bug #531 + [a7addc305e83] + +2012-01-14 Todd C. Miller + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: + Update po files from translationproject.org + [5ea066af1356] + +2012-01-13 Todd C. Miller + + * sudo.pp: + Include parent directories in case they don't already exist. This + fixes a directory permissions problem with the AIX package when the + /usr/local directories don't already exist. + [a14f783dc827] + + * pp: + sync with git version + [2f79d0543661] + + * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: + regen dependencies + [24c92ca6c64d] + + * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c: + Move tty name lookup code to its own file. + [58faf072cbf4] + +2012-01-12 Todd C. Miller + + * NEWS: + Update with latest sudo 1.8.4 changes. + [a4ffe4f42528] + + * config.h.in, configure, configure.in: + Remove obsolete template for HAVE_TIMESPEC + [75709007c906] + + * src/sudo.c: + Add a check for devname() returning a fully-qualified pathname. None + of the devname() implementations do this today but you never know + when this might change. + [16813ace38f9] + +2012-01-11 Todd C. Miller + + * plugins/sudoers/visudo.c: + For "visudo -c" also list include files that were checked when + everything is OK. + [ad6f85b35c9c] + + * src/sudo.c: + The device name returned by devname() does not include the /dev/ + prefix so we need to add it ourselves. + [b55285abb7ed] + + * src/sudo.c: + Add debug warning if KERN_PROC sysctl fails or devname() can't + resolve the tty device to a name. + [b5a23916ba3a] + + * common/sudo_debug.c: + The result of writev() is never checked so just cast to NULL. + [4be4e9b58d5b] + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: + Update Esperanto, Finnish, Polish and Ukrainian translations from + translationproject.org. + [bb91bc6ad7e9] + +2012-01-10 Todd C. Miller - * set_perms.c: Protect call to setegid in runas_setup with #ifdef - HAVE_SETEUID. Reported by Josef Schmid. + * config.h.in, configure, configure.in, src/sudo.c: + Add support for determining tty via sysctl on other BSD variants. + [fd15f63f719a] + + * configure, configure.in: + Only check for struct kinfo_proc.ki_tdev on systems that support + sysctl. + [109b3f07a39d] + + * src/sudo.c: + For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on + ttyname() of std{in,out,err}. + [95969b70bd68] -2009-06-23 14:29 millert +2012-01-09 Todd C. Miller + + * config.h.in, configure, configure.in, src/sudo.c: + On newer FreeBSD we can get the parent's tty name via sysctl(). + [3207290501ee] + + * plugins/sudoers/testsudoers.c: + Include locale.h + [a602cd0b8c2d] + + * src/sudo.c: + Silence a gcc warning. + [8c6d0e3cd534] + + * plugins/sudoers/bsm_audit.c: + Need to include gettext.h and sudo_debug.h; from John Hein + [447912aa7300] + + * plugins/sudoers/iolog.c: + Initialize the debug framework from the I/O plugin too. + [ce1bf44d96d2] + +2012-01-08 Todd C. Miller + + * plugins/sudoers/testsudoers.c: + Enable debugging via sudo.conf. + [d85669c749d0] + +2012-01-07 Todd C. Miller + + * plugins/sudoers/visudo.c: + Use SUDO_DEBUG_ALIAS for alias checking functions. + [fb84af30dc76] + + * configure, configure.in: + More complete test for getaddrinfo() that doesn't rely on the + network libraries already being added to LIBS. + [cbaf2369f4f0] + +2012-01-06 Todd C. Miller + + * common/aix.c: + Add debug support. + [def1bdf24485] + + * configure, configure.in: + Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least. + [a2ea1c2eac61] + + * compat/getaddrinfo.c: + Include errno.h and missing.h + [7d15e17cc2f2] + + * .hgignore: + ignore doc/varsub + [417f9fc3231b] + + * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c, + src/parse_args.c, src/sudo.c, src/sudo.h: + Update copyright year. + [5d0ffc7dd567] + + * NEWS: + Update for sudo 1.8.4 + [841e3eff9844] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen pot files + [c509cb45b66a] + + * plugins/sudoers/sudoreplay.c: + Enable debugging via sudo.conf. + [5087aaee8484] + + * plugins/sudoers/visudo.c: + Enable debugging via sudo.conf. + [04b067c16ed3] + + * plugins/sudoers/visudo.c: + Allow "visudo -c" to work when we only have read-only access to the + sudoers include files. + [d8c6713fe5c1] + + * doc/sudo.pod, doc/visudo.pod: + Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add + HISTORY section in sudo that points to HISTORY file. + [d1f1bcb051c5] + + * doc/sudo.pod, doc/sudo_plugin.pod: + Document Debug setting in sudo.conf and debug_flags in plugin. + [acfc505aa4a9] + +2012-01-05 Todd C. Miller + + * plugins/sudoers/match.c: + Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a + bug where a pattern like "/usr/*" include /usr/bin/ in the results, + which would be incorrectly be interpreted as if the sudoers file had + specified a directory. From Vitezslav Cizek. + [0cdb6252188c] + + * INSTALL, config.h.in, configure, configure.in, + plugins/sudoers/auth/kerb5.c: + Add --enable-kerb5-instance configure option to allow people using + Kerberos V authentication to use a custom instance. Adapted from a + diff by Michael E Burr. + [e83af8bb7aa7] + + * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h: + Remove -D debug_level option. + [cbcd05094347] + + * doc/LICENSE: + Update copyright year. + [9f43dd7aa852] + +2012-01-04 Todd C. Miller + + * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + parse_error is now bool, not int + [5ea7fb6fda38] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c: + Print a more sensible error if yyparse() returns non-zero but + yyerror() was not called. + [d44ec88f1183] + + * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, + plugins/sudoers/gram.c: + Replace y.tab.c with the correct filename in #line directives. + [3c84fcb7e959] + +2012-01-03 Todd C. Miller + + * src/sudo.c: + When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2} + if the main process's fds 0-2 are not hooked up to a tty. Adapted + from a diff by Zdenek Behan. + [b9dfce12af85] + + * src/exec.c: + When not logging I/O, put command in its own pgrp and make that the + controlling pgrp if the command is in the foreground. Fixes a race + in the non-I/O logging path where the command may receive two + keyboard-generated signals; one from the kernel and one from the + sudo process. + [d0e263ce496c] + +2011-12-20 Todd C. Miller + + * src/sudo_edit.c: + Quiet a bogus gcc warning. + [2009669e0608] + + * src/parse_args.c, src/sudo.h: + Fix warnings related to sudo.conf accessors. + [08ddc29ba50b] + + * common/sudo_conf.c, include/sudo_conf.h: + Separate sudo.conf parsing from plugin loading and move the parse + functions into the common lib so that visudo, etc. can use them. + [f1fc659a8079] + + * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c, + src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h: + Separate sudo.conf parsing from plugin loading and move the parse + functions into the common lib so that visudo, etc. can use them. + [e1f2cf6bd57a] + + * doc/sudoers.pod, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/sudoers.c, src/sudo.c: + Remove support for noexec_file in sudoers and the plugin API + [3e2fd58879b5] + + * plugins/sudoers/sudoers.c: + Don't dump interfaces if there are none. + [9081bb4d3e9e] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Add missing %s printf escape to the group_plugin, iolog_dir and + iolog_file descriptions. + [7db03f2b737e] + +2011-12-18 Todd C. Miller + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c: + Fix typo in visiblepw description; from Joel Pickett + [2fb4b26d5c2c] + +2011-12-08 Todd C. Miller + + * MANIFEST, configure, configure.in, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/sudo.c: + When running a login shell with a login_class specified, use + LOGIN_SETENV instead of rolling our own login.conf setenv support + since FreeBSD's login.conf has more than just setenv capabilities. + This requires us to swap the plugin-provided envp for the global + environ before calling setusercontext() and then stash the resulting + environ pointer back into the command details, which is kind of a + hack. + [ad4f1190143b] + + * plugins/sudoers/Makefile.in: + If srcdir is "." just use the basename of the yacc/lex file when + generating the C version. This matches the generated files + currently in the repo. + [0b11c3df87a8] + + * doc/Makefile.in, plugins/sudoers/Makefile.in: + Clean up the DEVEL noise + [9de2afe457fd] + + * src/exec.c: + Handle different Unix domain socket (actually socketpair) semantics + in BSD vs. Linux. In BSD if one end of the socketpair goes away + select() returns the fd as readable and the read will fail with + ECONNRESET. This doesn't appear to happen on Linux so if we notice + that the monitor process has died when I/O logging is enabled, + behave like the command has exited. This means we log the wait + status of the monitor, not the command, but there is nothing else we + can do at that point. This should only be an issue if SIGKILL is + sent to the monitor process. + [818e82ecbbfc] + + * src/exec_pty.c: + Catch common signals in the monitor process so they get passed to + the command. Fixes a problem when the entire login session is + killed when ssh is disconnected or the terminal window is closed. + Previously, the monitor would exit and plugin's close method would + not be called. + [0e4658263138] + + * INSTALL, configure, configure.in: + Mention how to configure pam_hpsec on HP-UX to play nicely with + sudo. + [a7294cd8ce98] + +2011-12-07 Todd C. Miller + + * plugins/sudoers/ldap.c: + Escape values in the search expression as per RFC 4515. + [c2adbc5db92b] + + * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + No need for install target to depend explicitly on install-dirs, the + install-foo targets all depend on it. + [62a36ed98279] + +2011-12-05 Todd C. Miller + + * .hgignore: + ignore src/sesh + [463d492f6782] + + * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/Makefile.in: + Add support for setenv entries in login.conf. We can't use + LOGIN_SETENV since the plugin sets up the envp the command is + executed with. Also regen the Makefile.in files while here. Fixes + bug #527 + [088d507926e2] + +2011-12-02 Todd C. Miller + + * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h, + config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, + src/net_ifs.c: + Add getaddrinfo() for those without it, written by Russ Allbery + [4cf9ac831222] + + * doc/Makefile.in: + Restore PACKAGE_TARNAME, it is used in docdir + [9d65e893edb1] + + * MANIFEST, compat/stdbool.h: + SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to + the MANIFEST + [e67700dc5621] + + * common/atobool.c, common/term.c, src/exec.c: + Remove duplicate return statements. + [48a20d5215fd] + + * plugins/sudoers/auth/bsdauth.c: + Remove inaccurate comment + [e7f0265cf657] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c: + Fetch the login class for the user we authenticate specifically when + using BSD authentication. That user may have a different login + class than what we will use to run the command. When setting the + login class for the command, use the target user's struct passwd, + not the invoking user's. Fixes bug 526 + [21bf0af892f7] + + * compat/Makefile.in, configure, configure.in, doc/Makefile.in, + plugins/sudoers/Makefile.in: + Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1" + [8ee6e0891f27] + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c: + Fix "make check" fallout from the sudo_conv changes in sudo_debug. + [b0aaa63c9081] + + * common/fileops.c, common/sudo_debug.c, configure, configure.in, + include/fileops.h, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in, + plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, + src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, + src/sudo_plugin_int.h, src/utmp.c: + Use stdbool.h instead of rolling our own TRUE/FALSE macros. + [dcb0bbc42fc9] + +2011-12-01 Todd C. Miller + + * compat/stdbool.h, config.h.in, configure, configure.in: + Add stdbool.h for systems without it. + [18bd9dda1dcd] + + * aclocal.m4, config.h.in, configure, configure.in: + No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default + includes have unistd.h in them. Add check for socklen_t for + upcoming getaddrinfo compat. + [d705465bef69] + + * common/fileops.c, compat/nanosleep.c, config.h.in, configure, + configure.in, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c, + plugins/sudoers/sudoreplay.c, src/net_ifs.c: + Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of + HAVE_TIMESPEC and HAVE_IN6_ADDR respectively. + [fa187c9bd2be] + + * src/sudo_noexec.c: + No longer need to include time.h here as missing.h does not use + time_t. + [fa3a089bf5b1] + +2011-11-30 Todd C. Miller + + * plugins/sudoers/visudo.c: + Fix mode on sudoers as needed when the -f option is not specified. + [7a1c40b0dc03] + + * MANIFEST, src/po/sr.mo, src/po/sr.po: + Add Serbian translation for sudo from translationproject.org + [9a0c25e25cba] + + * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c, + src/parse_args.c: + No longer pass debug_file to plugin, plugins must now use + CONV_DEBUG_MSG + [810cda1abb0b] + + * mkpkg: + Build PIE executables for newer Debian and Ubuntu + [1c5f25f8904a] + + * common/sudo_debug.c: + Include time.h for ctime() prototype. + [10090cf3bca1] + +2011-11-29 Todd C. Miller + + * common/sudo_debug.c, include/sudo_debug.h, src/exec.c, + src/exec_pty.c: + Do not close error pipe or debug fd via closefrom() as we need them + to report an exec error should one occur. + [732f6587fafa] + + * doc/sudoers.ldap.pod: + Document that a sudoUser may now be a group ID. + [2fef46b9d3d3] + + * plugins/sudoers/ldap.c: + Add support for permitting access by group ID in addition to group + name. + [b9450fdf1f69] + + * plugins/sudoers/ldap.c: + Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() + [d62a1e7cff4f] + + * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE: + Replace UCB fnmatch.c with a non-recursive version written by + William A. Rowe Jr. + [354d3384adb8] + + * plugins/sudoers/auth/pam.c: + Fix typo, return_debug vs. debug_return + [1b522efcbb0d] + +2011-11-23 Todd C. Miller + + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: + Update Japanese sudoers translation from translationproject.org + [ec0f2beaad36] + + * doc/sudoers.pod: + Make the env_reset descriptions consistent. + [41c056f02688] + +2011-11-22 Todd C. Miller + + * configure, configure.in: + Do multiple expansion when expanding paths to the noexec file, sesh + and the plugin directory. Adapted from a diff by Mike Frysinger + [d7e16c876c66] + + * common/Makefile.in: + regen + [9d729e09c186] + +2011-11-21 Todd C. Miller + + * .hgignore: + Add ignore file; from Mike Frysinger + [1fa8d52425f8] + + * mkdep.pl: + no longer save old Makefile.in to .old + [378dd2395545] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + regen + [769faf517720] + + * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4, + m4/ltoptions.m4, m4/ltversion.m4: + Update to libtool 2.4.2 + [9dac78d84b4f] + +2011-11-18 Todd C. Miller + + * plugins/sudoers/sudoers_version.h: + Bump grammar version for #include and #includedir relative path + support. + [82a4f7cd8f71] + +2011-11-17 Todd C. Miller + + * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add support for relative paths in #include and #includedir + [4d6e3bd0c24f] + + * plugins/sudoers/Makefile.in: + Fix install-plugin when shared objects are unsupported or disabled. + [cbdd770a7a1b] + + * plugins/sudoers/goodpath.c: + Don't write to sbp if it is NULL + [fc438f8e8570] + +2011-11-16 Todd C. Miller + + * Makefile.in: + Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set, + only install matching .mo files + [c1dc30ab4ebc] + +2011-11-13 Todd C. Miller + + * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, src/conversation.c: + Fix non-dynamic (no dlopen) sudo build. + [b0bd3fa925a3] + + * configure, configure.in: + Don't error out if the user specified --disable-shared + [cf035dd1e5cc] + + * common/sudo_debug.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/conversation.c: + Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to + the debug file. + [640c62f83251] + + * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, + plugins/sudoers/sudoers.h: + Make sudo_goodpath() return value bolean + [fea2d59a6e55] + + * INSTALL, MANIFEST, configure, configure.in, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c: + Remove obsolete securid auth method. + [4e54f860214b] + + * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + Prefix authentication functions with a "sudo_" prefix to avoid + namespace problems. + [581d74063ea1] + + * INSTALL, MANIFEST, config.h.in, configure, configure.in, + doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c: + Remove the old Kerberos IV support + [2e4b4a44209d] + +2011-11-12 Todd C. Miller + + * plugins/sudoers/check.c: + Don't print garbage at the end of the custom lecture. + [44bb788fafaa] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add lexer tracing as debug@parser + [d850f3f9d414] + + * plugins/sudoers/alias.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/gram.c, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c: + Revert 003bdb078a15. We need to #include not "gram.h" and + and not "def_data.h" when generating the parser in a + build dir. + [7da701def753] + +2011-11-08 Todd C. Miller + + * mkdep.pl, plugins/sudoers/Makefile.in: + Better devdir support in mkdep.pl + [7dcec57bd155] + + * plugins/sudoers/Makefile.in: + Add devdir before srcdir in include path and fix up dependecies + accordingly. + [6e9958eca485] + + * plugins/sudoers/alias.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: + #include "gram.h" not and "def_data.h" and not + . + [003bdb078a15] + + * sudo.pp: + Mark libexec files as optional. If we build without shared object + support, libexec is not used. + [4bffcf482219] + + * src/load_plugins.c: + Change Debug sudo.conf setting to take a program name as the first + argument. In the future, this will allow visudo and sudoreplay to + use their own Debug entries. + [cfb8f7e4867c] + + * src/sudo.c: + fix sudo_debug_printf priority + [dcb67e965609] + + * plugins/sudoers/sudoers.c: + add missing debug_return_int + [d88ec450c592] + +2011-11-07 Todd C. Miller + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c: + Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR + [dcee8efc294f] + + * doc/UPGRADE: + Add missing word in HOME security note. + [fd844fdcc1ac] + + * plugins/sudoers/testsudoers.c: + Prevent "testsudoers -d username" from trying to malloc(0). + [839126e56e8c] + +2011-11-06 Todd C. Miller + + * plugins/sudoers/regress/sudoers/test10.in, + plugins/sudoers/regress/sudoers/test10.out.ok, + plugins/sudoers/regress/sudoers/test10.toke.ok, + plugins/sudoers/regress/sudoers/test10.toke.out.ok, + plugins/sudoers/regress/sudoers/test11.in, + plugins/sudoers/regress/sudoers/test11.out.ok, + plugins/sudoers/regress/sudoers/test11.toke.ok, + plugins/sudoers/regress/sudoers/test11.toke.out.ok, + plugins/sudoers/regress/sudoers/test12.in, + plugins/sudoers/regress/sudoers/test12.out.ok, + plugins/sudoers/regress/sudoers/test12.toke.ok, + plugins/sudoers/regress/sudoers/test13.in, + plugins/sudoers/regress/sudoers/test13.out.ok, + plugins/sudoers/regress/sudoers/test13.toke.ok, + plugins/sudoers/regress/sudoers/test9.in, + plugins/sudoers/regress/sudoers/test9.out.ok, + plugins/sudoers/regress/sudoers/test9.toke.ok, + plugins/sudoers/regress/sudoers/test9.toke.out.ok: + Tests for empty sudoers (should parse OK) and syntax errors within a + line (should report correct line number) both with and without the + trailing newline. + [d57c879c4718] + + * plugins/sudoers/regress/sudoers/test4.out.ok, + plugins/sudoers/regress/sudoers/test5.out.ok, + plugins/sudoers/regress/sudoers/test7.out.ok, + plugins/sudoers/regress/sudoers/test8.out.ok, + plugins/sudoers/testsudoers.c: + Print line number when there is a parser error. + [5444ef6ac6dc] + +2011-11-05 Todd C. Miller + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Keep track of the last token returned. On error, if the last token + was COMMENT, decrement sudolineno since the error most likely + occurred on the preceding line. Previously we always uses + sudolineno-1 which will give the wrong line number for errors within + a line. + [d661a03a64da] + +2011-11-03 Todd C. Miller + + * NEWS: + update with sudo 1.8.3p1 info + [0f79ff31f602] + + * plugins/sudoers/sudoers.c: + Fix crash when "sudo -g group -i" is run. Fixes bug 521 + [a3087ae337c4] + +2011-10-26 Todd C. Miller + + * plugins/sudoers/visudo.c: + Make alias_remove_recursive() return TRUE/FALSE as its callers + expect and remove two unused arguments. Fixes bug 519. + [2ee3b2882844] + + * plugins/sudoers/regress/visudo/test1.out.ok, + plugins/sudoers/regress/visudo/test1.sh: + Add regress test for bugzilla 519 + [48000ebedf97] + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c: + Disable warning/error wrapping in regress tests. + [373c589ba561] + +2011-10-25 Todd C. Miller + + * Makefile.in: + Do compile-po as part of sync-po so that the .mo files get rebuild + automatically when we sync with translationproject.org + [83f3cbfc2f33] + + * plugins/sudoers/Makefile.in: + check_addr needs to link with the network libraries on Solaris + [322bd70e316e] + + * plugins/sudoers/match.c: + When matching a RunasAlias for a runas group, pass the alias in as + the group_list, not the user_list. From Daniel Kopecek. + [766545edf141] + + * plugins/sudoers/check.c, plugins/sudoers/sudoers.c: + We need to init the auth system regardless of whether we need a + password since we will be closing the PAM session in the monitor + process. Fixes a crash in the monitor on Solaris; bugzilla #518 + [e82809f86fb3] + +2011-10-24 Todd C. Miller + + * src/exec.c: + Get rid of done: label. If the child exits we still need to close + the pty, update utmp and restore the SELinux tty context. + [cc127bf48405] + +2011-10-22 Todd C. Miller + + * common/Makefile.in, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/lbuf.c, common/list.c, + common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logwrap.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c, + src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, + src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, + src/tgetpass.c, src/ttysize.c, src/utmp.c: + Add debug_decl/debug_return (almost) everywhere. Remove old + sudo_debug() and convert users to sudo_debug_printf(). + [8f3bbf907b67] + + * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/error.c: + Wrap error/errorx and warning/warningx functions with debug + statements. Disable wrapping for standalone sudoers programs as well + as memory allocation functions (to avoid infinite recursion). + [562ed7b5ae8d] + + * README, config.h.in, configure, configure.in: + Add checks for __func__ and __FUNCTION__ and mention that we now + require a cpp that supports variadic macros. + [314cfe4c5d23] + + * MANIFEST, common/Makefile.in, common/sudo_debug.c, + include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c, + src/load_plugins.c, src/parse_args.c, src/sudo.c, + src/sudo_plugin_int.h: + New debug framework for sudo and plugins using /etc/sudo.conf that + also supports function call tracing. + [cded741e9f10] + +2011-10-21 Todd C. Miller + + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: + Update Japanese sudoers translation from translationproject.org + [c24725775e32] + +2011-10-12 Todd C. Miller + + * configure, configure.in: + Override and ignore the --disable-static option. Sudo already runs + libtool with -tag=disable-static where applicable and we need non- + PIC objects to build the executables. + [aff1227b853a] + +2011-10-10 Todd C. Miller + + * NEWS: + Add sudoedit fix + [74655c7ccad1] + + * plugins/sudoers/po/sudoers.pot: + regen pot files + [28d89a831ed3] + + * plugins/sudoers/env.c: + Ignore set_logname (which is now the default) for sudoedit since we + want the LOGNAME, USER and USERNAME environment variables to refer + to the calling user since that is who the editor runs as. This + allows the editor to find the user's startup files. Fixes bugzilla + #515 + [6c5dddf5ff05] + + * plugins/sudoers/pwutil.c: + Instead of trying to grow the buffer in make_grlist_item(), simply + increase the total length, free the old buffer and allocate a new + one. This is less error prone and saves us from having to adjust + all the pointers in the buffer. This code path is only taken when + there are groups longer than the length of the user field in struct + utmp or utmpx, which should be quite rare. + [5587dc8cffaf] + + * src/po/it.mo: + Add Italian translation for sudo from translationproject.org + [1b3dd886e7e3] + + * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + src/po/ja.mo, src/po/ja.po: + Japanese translation for sudo and sudoers from + translationproject.org + [c06dd866be6e] + +2011-10-07 Todd C. Miller + + * plugins/sudoers/Makefile.in: + sudoreplay depends on timestr.lo too; from Mike Frysinger + [b9e73214b2f1] + +2011-10-04 Todd C. Miller + + * plugins/sudoers/po/sudoers.pot: + Regen sudoers pot file. + [019588bafdb3] + + * NEWS: + Update with latest sudo 1.8.3 news + [6868042a88e9] + + * plugins/sudoers/sudoers.c: + It appears that LDAP or NSS may modify the euid so we need to be + root for the open(). We restore the old perms at the end of + sudoers_policy_open(). + [2da67a5497ef] + + * plugins/sudoers/set_perms.c: + Better warning message on setuid() failure for the setreuid() + version of set_perms(). + [07abcfe7bd9a] + +2011-09-27 Todd C. Miller + + * plugins/sudoers/check.c: + Delref auth_pw at the end of check_user() instead of getting a ref + twice. + [cb665f55e6a5] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c: + Make sudo_auth_{init,cleanup} return TRUE on success and check for + sudo_auth_init() return value in check_user(). + [92631c919356] + + * plugins/sudoers/auth/sudo_auth.c: + Do not return without restoring permissions. + [59ef40b6696a] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen pot files + [9f320a340b7c] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/check.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Modify the authentication API such that the init and cleanup + functions are always called, regardless of whether or not we are + going to verify a password. This is needed for proper PAM session + support. + [19a53f3fb596] + + * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: + Add missing dependency for getspwuid.lo and regen other depends. + [f7f70eae819a] + + * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c: + Fix a PAM_USER mismatch in session open/close. We update PAM_USER + to the target user immediately before setting resource limits, which + is after the monitor process has forked (so it has the old value). + Also, if the user did not authenticate, there is no pamh in the + monitor so we need to init pam here too. This means we end up + calling pam_start() twice, which should be fixed, but at least the + session is always properly closed now. + [fbc063a2a872] + + * src/utmp.c: + Add check for old being NULL in utmp_setid(); from Steven McDonald + [e87126442f2e] + +2011-09-25 Todd C. Miller + + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + If the invoking user cannot be resolved by uid fake the struct + passwd and store it in the cache so we can delref it on exit. + [a27e2f8b9f5e] + +2011-09-24 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Don't error out if the group plugin cannot be loaded, just warn. + [0fbfcd381e33] + +2011-09-23 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Quiet a false positive found by several static analysis tools. These + tools don't know that log_error() does not return (it longjmps to + error_jmp which returns to the sudo front-end). + [33d0469df21b] + +2011-09-22 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po: + Add Italian translation for sudo from translationproject.org Regen + .mo files + [c3c888a82be6] + +2011-09-21 Todd C. Miller + + * doc/TROUBLESHOOTING: + Update to current reality and add bit about ssh auth + [184a1e7c2eeb] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Make "verbose" static; fixes a namespace clash with + pam_ssh_agent_auth (and it doesn't need to be extern these days). + [cc38d2eb2f4c] + + * config.h.in, configure, configure.in, src/get_pty.c: + FreeBSD has libutil.h not util.h + [dab4c94b6d4f] + + * configure, configure.in: + Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD + [41c362f0a92a] + +2011-09-20 Todd C. Miller + + * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po: + Update po files from translationproject.org + [1e99e147c7fa] + +2011-09-16 Todd C. Miller + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for DEREF in ldap.conf. + [3c1937a98547] + + * Makefile.in: + install target should depend on ChangeLog too, not just install-doc + [1a7c83941175] + + * doc/sudoers.pod: + Only iolog_file (not iolog_dir) supports mktemp-style suffixes. + [0eca47d60a2c] + + * NEWS: + Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes. + [0501415cc5ff] + + * doc/UPGRADE: + Document group lookup change and possible side effects. + [585743e1ebf7] + + * configure, configure.in: + Fix some square brackets in case statements that needed to be + doubled up. While here, use $OSMAJOR when it makes sense. + [8973343f4696] + + * plugins/sudoers/pwutil.c: + Fix a crash in make_grlist_item() on 64-bit machines with strict + alignment. + [c89508c73c46] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + Remove list_options() function that is no longer used now that "sudo + -L" is gone. + [fcc6a776c135] - * sudoers.pod: Document that we accept env_pam-style environment - files + * configure, configure.in: + Error message if user tries --with-CC + [ec5b478f813a] -2009-06-23 14:24 millert + * configure, configure.in: + Check for -libmldap too when looking for ldap libs, which is the + Tivoli Directory Server client library. + [bb3007a97206] - * env.c: Adapt to accept pam_env-style /etc/environment which - allows shell-style lines such as: export EDITOR="/usr/bin/vi" +2011-09-09 Todd C. Miller -2009-06-23 12:22 millert + * plugins/sudoers/parse.c: + Honor NOPASSWD tag for denied commands too. + [8dd92656db92] - * sudoers.pod: Make it clear that env_delete only works when - !env_reset. From Loïc Minier +2011-09-08 Todd C. Miller -2009-06-15 17:19 millert + * INSTALL, configure, configure.in: + Remove --with-CC option; it doesn't work correctly now that we use + libtool. Users can get the same effect by setting the CC + environment variable when running configure. + [ec22bd1a55e0] - * sudo.pod, sudoers.pod: Add non-unix group bits, adapted from - Quest +2011-08-31 Todd C. Miller -2009-06-15 17:18 millert + * config.h.in, configure, configure.in, plugins/sudoers/visudo.c, + src/sudo_edit.c: + Assume all modern systems support fstat(2). + [6a5a8985f6a0] - * Makefile.in: build the .cat page in the current working dir, not - the src dir +2011-08-30 Todd C. Miller -2009-06-15 09:10 millert + * compat/regress/glob/globtest.c, config.h.in, configure, + configure.in, include/missing.h, plugins/sudoers/sudoers.h, + src/sudo.h, src/sudo_noexec.c: + Add configure test for missing errno declaration and only declare it + ourselves if it is missing. + [456e76c809a2] - * env.c: Return EINVAL in setenv() if var is NULL or the empty - string to match glibc behavior. + * plugins/sudoers/alias.c: + Include errno.h before sudo.h to avoid conflicting with the system + definition of errno. + [d0b97e392512] -2009-06-13 16:52 millert +2011-08-29 Todd C. Miller - * configure, configure.in: Use AS_HELP_STRING for AC_ARG_WITH and - AC_ARG_ENABLE + * plugins/sudoers/regress/parser/check_addr.c: + Only print individual check status when there is a failure. + [2ac704c91441] -2009-06-11 16:29 millert + * plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c: + Add calls to setprogname() for test programs. + [a8d9b420e826] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen - -2009-06-09 10:08 millert - - * INSTALL: Document --with-libvas and --with-libvas-rpath - -2009-05-29 09:43 millert + * configure, configure.in: + Add -Wall and -Werror after all tests so they don't cause failures. + [2661188ff3fa] - * ldap.c, sudoers.ldap.pod: For netscape-derived LDAP SDKs the cert - and key paths may be a directory or a file. However, version 5.0 - of the SDK only seems to support using a directory. If - ldapssl_clientauth_init fails and the cert or key paths look like - they could be files, strip off the last path element and try - again. + * plugins/sudoers/Makefile.in: + Actually run check_addr in the check target + [0b2778bc86bf] -2009-05-29 09:40 millert + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_addr.in: + Split out address matching into its own file and add regression + tests for it. + [12b9a2bf8dba] - * Makefile.in: Add non-Unix group .o to COMMON_OBJS and substitute - in path to flex. +2011-08-27 Todd C. Miller -2009-05-26 20:49 millert + * plugins/sudoers/match.c: + When matching an address with a netmask in sudoers, AND the mask and + addr before checking against the local addresses. + [9747bb6d7b1c] - * configure, configure.in, match.c, sudo.c, vasgroups.c: Update - non-Unix group support from Quest, as reworked by me. +2011-08-26 Todd C. Miller -2009-05-26 20:47 millert + * plugins/sudoers/match.c: + Fix netmask matching. + [a3c8f8cc1464] - * toke.c: regen + * plugins/sudoers/visudo.c: + Don't assume all editors support the +linenumber command line + argument, use a whitelist of known good editors. + [21d43a91fd10] -2009-05-26 20:46 millert +2011-08-23 Todd C. Miller - * toke.l: Add support for escaped hex chars in names, e.g. \x20 for - space. + * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_pty.c, src/sudo.c: + Silence compiler warnings on Solaris with gcc 3.4.3 + [da620bae6fdb] -2009-05-25 08:02 millert + * mkpkg: + Fix building on RHEL 3 + [f3227fb2a252] - * LICENSE, Makefile.in, aclocal.m4, alias.c, check.c, env.c, - fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, - logging.c, logging.h, match.c, parse.c, parse.h, pathnames.h.in, - pwutil.c, set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, - sudo_nss.h, sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, - testsudoers.c, tgetpass.c, toke.l, visudo.c, auth/aix_auth.c, - auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h: Update copyright - years. + * INSTALL, configure, configure.in: + Add --enable-werror configure option. + [fec2cdb95543] -2009-05-24 08:33 millert + * common/setgroups.c: + setgroups() proto lives in grp.h on RHEL4, perhaps others. + [de91c0de5a98] - * interfaces.c, lbuf.c: Minor fixes for Minix-3 + * configure, configure.in: + Use PAM by default on AIX 6 and higher. + [e16493208e5f] -2009-05-22 06:37 millert +2011-08-22 Todd C. Miller - * set_perms.c: Handle getgroups() returning 0. Also add missing - check for HAVE_GETGROUPS. + * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + src/po/eo.mo, src/po/eo.po: + Add new Esperanto translation from translationproject.org + [0d9a59e04c64] -2009-05-19 17:24 millert +2011-08-19 Todd C. Miller - * Makefile.in, config.h.in, configure, configure.in, sudo.c, - version.h, visudo.c: Replace version.h with PACKAGE_VERSION set - via AC_INIT in configure. - -2009-05-18 06:33 millert + * plugins/sudoers/iolog_path.c: + Quiet an innocuous valgrind warning. + [0582b6027161] - * set_perms.c: Remove group setting code in setusercontext case, we - will do it ourselves later on in runas_setup. Set the gid after - initgroups/setgroups is called, since on Mac OS X it seems to - change the egid. +2011-08-18 Todd C. Miller -2009-05-17 18:19 millert - - * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c, - vasgroups.c: Initial bits of non-unix group support using Quest - Authentication Services + * plugins/sudoers/iolog_path.c, + plugins/sudoers/regress/iolog_path/data: + Fix expansion of strftime() escapes in log_dir and add a regress + test that exhibited the problem. + [a5c7c1c4c589] -2009-05-17 16:52 millert + * plugins/sudoers/Makefile.in: + Fix "make check" return value. + [33b58e175230] - * toke.c, toke.l: Accept %:foo as a non-Unix group +2011-08-17 Todd C. Miller -2009-05-17 16:22 millert + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Regen pot files + [063841aac19b] - * toke.c, toke.l: Allow user/group to be double quoted in the case - of non-Unix groups which contain spaces. + * Makefile.in: + Fix logic inversion in pot file up to date check. + [f6a8ca8654df] -2009-05-11 12:47 millert +2011-08-15 Todd C. Miller - * match.c: Don't allow the user to specify the default runas user - if their sudoers entry only allows them to run as a group. + * configure, configure.in: + Add caching for gettext() checks. + [01b7200f6105] -2009-05-10 07:59 millert + * configure, configure.in: + Better handling of libintl header and library mismatch. + [9a49b1d4db69] - * sudo.c: Must call audit_success before we change uids. +2011-08-13 Todd C. Miller -2009-05-10 07:52 millert + * plugins/sudoers/sudoers.c: + Also check sudoers gid if sudoers is group writable. + [23ef96ca0d33] - * logging.c, set_perms.c, sudo.h, testsudoers.c: Add option for - set_perm to not exit on failure and use this in the logging - routines. +2011-08-12 Todd C. Miller -2009-05-10 07:33 millert + * configure, configure.in: + If dlopen is present but libtool doesn't find it, error out since it + probably means that libtool doesn't support the system. + [a9da0a5f7941] - * parse.c: In -l mode, if the user is only allowed to run as a - group, display the user's name, not root's before the allowed - group. + * mkpkg: + configure args on the command line should override builtin defaults. + Disable NLS for non-Linux/Solaris unless explicitly enabled. + [b2fb05614504] -2009-05-09 21:00 millert + * plugins/sudoers/auth/aix_auth.c: + Fix loop that calls authenticate(). If there was an error message + from authenticate(), display it. + [063a0c4f0b9a] - * sudo.c: Fix -g mode, broken by rev 1.503 which had the side - effect of setting the runas user to root unilaterally. +2011-08-11 Todd C. Miller -2009-05-08 16:19 millert + * m4/libtool.m4, m4/ltversion.m4: + Update to autoconf 2.68 and libtool 2.4 + [5a912a6eb67b] - * fileops.c: When unlocking a file with fcntl, use F_SETLK, not - F_SETLKW. + * config.guess, config.sub, configure, configure.in, ltmain.sh: + Update to autoconf 2.68 and libtool 2.4 + [931ab56aecf6] -2009-05-08 13:07 millert + * doc/sudoers.pod: + Fix typo; OPT should be OTP + [e97bd2e46544] - * pwutil.c: Only cache by the method we fetched for pwd and grp - lookups. Previously we cached both by namd and id but this can - cause problems for entries that share the same id. Also add more - info in the error message in case the insert fails (which should - now be impossible). + * plugins/sudoers/Makefile.in: + Rename libsudoers convenience library to libparsesudoers to avoid + libtool confusion. + [2a89a613f537] -2009-04-30 15:04 millert +2011-08-10 Todd C. Miller - * sudoers.pod: Add a clarification from Nick Sieger + * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: + Add Danish sudoers translation from translationproject.org + [27b96e85eb13] -2009-04-25 12:49 millert + * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: + Add dedicated callback function for runas_default sudoers setting + that only sets runas_pw if no runas user or group was specified by + the user. + [b8382d8eea34] - * env.c: Inline the setting of the environment string. +2011-08-09 Todd C. Miller -2009-04-24 14:53 millert + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo, + src/po/ru.po: + Update Finish, Polish, Russian and Ukrainian translations from + translationproject.org. + [f9339aff664e] + + * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c: + Go back to using a callback for runas_default to keep runas_pw in + sync. This is needed to make per-entry runas_default settings work + with LDAP-based sudoers. Instead of declaring it a callback in + def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a + bit naughty, but avoids requiring stub functions in visudo and the + tests. + [9aaefb908415] + +2011-08-05 Todd C. Miller + + * Makefile.in: + Add check for out of date message catalogs when doing "make dist". + [e45a29b612f4] + +2011-08-02 Todd C. Miller + + * configure: + regen + [d6f9ad26774a] + + * configure.in: + Make sure compiler supports static-libgcc before using it. + [b01bd9566e50] + +2011-08-01 Todd C. Miller + + * src/Makefile.in: + Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc + [c99c7ab3edef] + +2011-07-30 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, + plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po, + src/po/zh_CN.mo: + Add new Russian sudo translation from translationproject.org and + rebuild the other translation files. + [e20015459056] + +2011-07-29 Todd C. Miller + + * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po: + Update Finish and Polish translations from translationproject.org + [4e3dbba4a1de] + + * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c: + Go back to escaping the command args for "sudo -i" and "sudo -s" + before calling the plugin. Otherwise, spaces in the command args + are not treated properly. The sudoers plugin will unescape non- + spaces to make matching easier. + [dfa2c4636f33] + +2011-07-28 Todd C. Miller + + * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/set_perms.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Fix some potential problems found by the clang static analyzer, none + serious. + [ff64aa74aae6] + + * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po, + src/po/zh_CN.po: + Updated Ukranian and Chinese (simplified) po files from + translationproject.org + [ec792becb48e] + +2011-07-27 Todd C. Miller + + * plugins/sudoers/po/pl.po: + Updated Polish translation from translationproject.org + [a3af53cb649c] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Rebuild pot files + [c650524c0f0a] + + * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c: + Don't try to audit failure if the runas user does not exist. We + don't have the user's command at this point so there is nothing to + audit. Add a NULL check in audit_success() and audit_failure() just + to be on the safe side. + [2a0007c2022f] + + * mkpkg: + Add -g to CFLAG for PIE builds. + [32a0a9693c9c] + +2011-07-25 Todd C. Miller + + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/sudo.c: + Remove fallback to per-group lookup when matching groups in sudoers. + The sudo front-end will now use getgrouplist() to get the user's + list of groups if getgroups() fails or returns zero groups so we + always have a list of the user's groups. For systems with + mbr_check_membership() which support more that NGROUPS_MAX groups + (Mac OS X), skip the call to getgroups() and use getgrouplist() so + we get all the groups. + [51b3ed8c600b] + +2011-07-22 Todd C. Miller + + * common/setgroups.c: + Fix setgroups() fallback code on EINVAL. + [2b6faecd56a4] + + * plugins/sudoers/set_perms.c: + Fix two PERM_INITIAL cases that were still using user_gids. + [9680bab0acc6] + + * MANIFEST: + Add Polish sudo message catalog + [8bb40c3ba576] + + * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + user_group is no longer used, remove it + [9acede0fe6c5] + +2011-07-20 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po: + Add Polish translation from translationproject.org + [afac5c638573] + + * MANIFEST, common/Makefile.in, common/setgroups.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c, + src/sudo.h, src/sudo_edit.c: + Add a wrapper for setgroups() that trims off extra groups and + retries if setgroups() fails. Also add some missing addrefs for + PERM_USER and PERM_FULL_USER. + [224dfd8aae5c] + + * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in, + configure, configure.in, include/missing.h, mkdep.pl, + plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c: + Instead of keeping separate groups and gids arrays, create struct + group_info and use it to store both, along with a count for each. + Cache group info on a per-user basis using getgrouplist() to get the + groups. We no longer need special to special case the user or list + user for user_in_group() and thus no longer need to reset the groups + list when listing another user. + [0ad849a8b2d5] + + * src/preload.c: + Don't rely on NULL since we don't include a header for it. + [b40937f1890c] + +2011-07-19 Todd C. Miller + + * doc/sudoers.pod: + Fix typo + [c1035360e169] + +2011-07-18 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Do not shadow global sudo_mode with a local variable in set_cmnd() + [0c72969503ad] + +2011-07-17 Todd C. Miller + + * plugins/sudoers/sudoers.c: + bash 2.x doesd not support the -l flag and exits with an error if it + is specified so use --login instead. This causes an error with bash + 1.x (which uses -login instead) but this version is hopefully less + used than 2.x. + [5c4c296e30e6] + + * src/po/pl.mo, src/po/pl.po: + Add Polish translation from translationproject.org + [48592dd6edcf] + +2011-07-13 Todd C. Miller + + * plugins/sudoers/set_perms.c: + Make error strings translatable. + [414c5c484768] + + * mkpkg: + Only run configure with --with-pam-login for RHEL 5 and above. + [6c16e4de4026] + + * sudo.pp: + Fix typo in summary + [9ac618c9a749] + +2011-07-11 Todd C. Miller + + * plugins/sudoers/logwrap.c: + Add missing logwrap.c + [c12a413ecc1d] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/logging/check_wrap.in, + plugins/sudoers/regress/logging/check_wrap.out.ok: + Split out log file word wrap code into its own file and add unit + tests. Fixes an off-by one in the word wrap when the log line + length matches loglinelen. + [52ed277f6690] + +2011-07-05 Todd C. Miller + + * mkpkg: + For SuSE, only use /usr/lib64 as libexec if generating 64-bit + binaries. + [645ab903cf77] + + * src/load_plugins.c, src/sudo.c: + Fix build error when --without-noexec configure option is used. + [b994f7b0d8b4] + + * configure, configure.in: + Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX + 5.3 and above. + [c2a6f9b472f3] + +2011-07-01 Todd C. Miller + + * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Resolve the list of gids passed in from the sudo frontend (the + result of getgroups()) to names and store both the group names and + ids in the sudo_user struct. When matching groups in the sudoers + file, match based on the names in the groups list first and only do + a gid-based match when we absolutely have to. By matching on the + group name (as it is listed in sudoers) instead of id (which we + would have to resolve) we save a lot of group lookups for sudoers + files with a lot of groups in them. + [8dc19353f148] + +2011-06-26 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Workaround for "sudo -i command" and newer versions of bash which + don't go into login mode when -c is specified unless -l is too. + [9393762b80f3] - * env.c: setenv(3) in Linux treats a NUL value as the empty string - setenv(3) in BSD doesn't return an error if the name has '=' in - it, it just treats the '=' as end of string. +2011-06-23 Todd C. Miller -2009-04-22 16:32 millert + * plugins/sudoers/logging.c: + Rewrite logfile word wrapping code to be more straight-forward and + actually wrap at the correct place. + [f712a0c90f55] - * toke.c, toke.l: Not all systems have d_namlen +2011-06-22 Todd C. Miller -2009-04-20 13:53 millert + * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c: + Set use_pty=true in command details when use_pty is set in sudoers. + From Ludwig Nussel + [8d95a163dfc1] - * sudoers.pod: Fix up some pod2html issues. +2011-06-20 Todd C. Miller + + * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + Sync Chinese (simplified) PO files from translationproject.org + [acce8eb7be18] + +2011-06-18 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo, + plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo: + Add Danish translation from translationproject.org and add missing + Basque mo files. + [0c22bb21b9c4] + + * Makefile.in, configure, configure.in: + No longer need to specify LINGUAS in configure, "make install-nls" + now just installs all the .mo files it finds. + [fcd45cf04885] + +2011-06-17 Todd C. Miller + + * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod: + Build CONTRIBUTORS from newly-added contributors.pod + [8b192f2720f4] + + * doc/CONTRIBUTORS: + Rework the wording in the leading paragraph + [312044145cdd] + +2011-06-14 Todd C. Miller + + * MANIFEST, doc/CONTRIBUTORS: + Add a CONTRIBUTORS file with the names of folks who have contributed + code or patches to sudo since I started maintaining it (plus the + original authors). + [b8bdd8b59528] + +2011-06-13 Todd C. Miller + + * plugins/sudoers/env.c: + Preserve SHELL variable for "sudo -s". Otherwise we can end up with + a situation where the SHELL variable and the actual shell being run + do not match. + [b8b3974aee3e] + +2011-06-10 Todd C. Miller -2009-04-19 14:09 millert + * configure, configure.in: + Only enable Solaris project support when setproject() is present in + libproject. + [49ad7857ab89] + + * sudo.pp: + Explicitly set mode and owner of /etc/sudoers instead of relying on + "cp -p" to work in the postinstall script. On AIX 6.1 at least the + postinstall script runs before the final file permissions are set. + [e41ffc0212b2] - * interfaces.c: Check for NULL ifa_addr and ifa_netmask. Adapted - from a diff from Quest Software. +2011-06-09 Todd C. Miller -2009-04-19 09:01 millert + * doc/sudo.pod, doc/sudoers.pod: + Refer the user to the "Command Environment" section in description + of sudo's -i option. + [263cc3be7eef] - * sudoers.pod: Ignore files ending in '~' in sudo.d (emacs backup - files) + * doc/sudo.pod: + Fix typo + [35dfac450f4d] + +2011-06-08 Todd C. Miller -2009-04-19 08:56 millert + * mkdep.pl: + If there is no old dependency for an object file, use the MANIFEST + to find its source. + [d15e3b9899f9] - * toke.c, toke.l: Ignore files ending in '~' in sudo.d (emacs - backup files) + * compat/Makefile.in: + Remove dependency for getgrouplist.lo as we don't ship that source + file. + [312a6d5fe6b0] -2009-04-18 19:37 millert +2011-06-07 Todd C. Miller - * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l: For - #includedir, ignore any file containing a dot + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Do not declare yyparse() static as the actual function generated by + yacc is extern. + [9017b79dcf55] -2009-04-18 19:25 millert +2011-06-06 Todd C. Miller - * Makefile.in, version.h: Bump version + * Makefile.in: + Remove locale files in "make uninstall" + [201ff261ecbe] -2009-04-18 19:25 millert + * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po, + plugins/sudoers/po/uk.po, src/po/eu.po: + Add Basque translation and sync Finish and Ukranian translations. + [66d2c78c8a13] - * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat, - sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l, - visudo.c: Implement #includedir directive. Files in an - includedir are not edited by visudo unless they contain a syntax - error. + * configure, configure.in: + FreeBSD no longer needs the main sudo binary to link with -lpam now + that plug-ins are loaded with RTLD_GLOBAL. + [96c710df2457] -2009-04-18 12:06 millert + * plugins/sudoers/group_plugin.c, src/load_plugins.c: + Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes + problems with pam modules not having access to symbols provided by + libpam on some platforms. Affects FreeBSD and SLES 10 at least. + [0d016983ec84] - * ChangeLog: sync + * Makefile.in: + Move xgettext invocation out of update-po target into update-pot + [19a73c6d017c] -2009-04-18 10:27 millert +2011-06-04 Todd C. Miller - * WHATSNEW: Forgot umask_override + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Regenerate .pot files for 1.8.2rc2 + [c3037f591dd8] -2009-04-18 09:25 millert + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Move nls targets to the top level Makefile so the paths in the pot + file are saner + [65b9285cd8d9] - * ChangeLog, TODO: sync + * src/po/fi.mo: + Add compiled version of sudo Finish translation + [8f2405384ea3] -2009-04-16 08:22 millert + * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo: + Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo + files + [a165e70fa9ec] - * visudo.c: Rewind stream if we fdopen sudoers since it may not be - at the beginning. Set the keepopen flag on already-open files - too so the lexer doesn't close them out from under us. + * configure, configure.in, plugins/sudoers/po/fi.po: + Add Finish translation from translationproject.org + [4466f8a96ceb] -2009-04-16 08:18 millert +2011-06-03 Todd C. Miller - * visudo.c: Print the proper file name when there is a parse error - in an include file. + * doc/sudoers.pod: + The group named by exempt_group should not have a % prefix. + [df084d6b32c8] -2009-04-11 07:45 millert +2011-06-01 Todd C. Miller - * WHATSNEW: Sync + * doc/sudoers.pod: + Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin" + [5113699a3f8b] + +2011-05-31 Todd C. Miller -2009-04-10 16:59 millert + * src/exec.c, src/exec_pty.c: + Fix compressed io log corruption in background mode by using _exit() + instead of exit() to avoid flushing buffers twice. + + Improved background mode support. When not allocating a pty, the + command is run in its own process group. This prevents write access + to the tty. When running in a pty, stdin is not hooked up and we + never read from /dev/tty, which results in similar behavior. + [87c15149894c] - * configure, configure.in: Fix a warning when --without-ldap is - specified. + * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: + Clean up regress files Generate proper dependencies for regress objs + in compat + [88bfc728c1e7] + + * plugins/sudoers/Makefile.in: + Add missing dependency for check_fill.o. + [0bd6362e3e17] + +2011-05-29 Todd C. Miller -2009-04-05 12:25 millert + * INSTALL, configure, configure.in: + Add support for --enable-nls[=location] + [b90db44a050f] - * alias.c, parse.h, visudo.c: Store aliases that we remove during - check_aliases in a freelist and free them at the end so we don't - leak memory. +2011-05-28 Todd C. Miller + + * plugins/sudoers/linux_audit.c: + Include gettext.h + [7f909a6e48cb] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: + Quiet gcc warnings. + [b41a6cdca583] + + * configure, configure.in: + Don't install .mo files if gettext was not found. + [1397b34cc165] + +2011-05-27 Todd C. Miller + + * src/exec.c: + Always allocate a pty when running a command in the background but + call setsid() after forking to make sure we don't end up with a + controlling tty. + [b6454ba172e8] + + * plugins/sudoers/iolog.c: + Add missing space between command name and the first command line + argument. + [fe217f0a36d4] + + * plugins/sudoers/sudoreplay.c: + Quiet a compiler warning on some platforms. + [de9f2849f236] + + * plugins/sudoers/po/README, src/po/README: + README file that directs people to translationproject.org + [30c0fc323281] + + * plugins/sudoers/po/uk.po, src/po/fi.po: + Sync translations with TP + [1d7d64559cba] + + * Makefile.in: + Add 'sync-po' target to top-level Makefile to rsync the po files + from translationproject.org. + [20508211aaa3] + + * plugins/sudoers/Makefile.in: + install nls files from install target + [5fc07b6cab38] + + * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp: + Include .mo files in sudo binary packags. + [278d4821a916] + + * configure, configure.in, plugins/sudoers/po/zh_CN.mo, + plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po: + Add simplified chinese translation + [2b33ffc755b9] + +2011-05-26 Todd C. Miller + + * configure, configure.in, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po: + Add ukranian translation + [2d8102688e93] + + * compat/Makefile.in: + refer to siglist.c, not ./siglist.c since not all makes will treat + foo and ./foo the same. + [6639d293ffba] + + * plugins/sudoers/sudoers.c: + Set def_preserve_groups before searching for the command when the -P + flag is specified. + [0edc7942f875] + + * Makefile.in, compat/Makefile.in, mkdep.pl, + plugins/sudoers/Makefile.in: + Add dependency for siglist.lo in compat. This is a generated file + so "make depend" needs to depend on it. + [28d0932f8b50] + + * compat/Makefile.in: + More dependency fixes. + [aad0d05cd020] + + * compat/Makefile.in: + Fix a few dependencies. + [eb21aa35a032] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Place compiled mo files in the src dir, not the build dir. When + installing compiled mo files, display a status message. + [e15634c29cd3] + +2011-05-25 Todd C. Miller + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Tivoli Directory Server requires that seconds be present in a + timestamp, even though RFC 4517 states that they are optional. + [55fe23dd4ef9] + + * plugins/sudoers/sudo_nss.h: + Add missing bit of copyright + [d2eba3c364ca] + + * doc/visudo.pod: + Mention cycle detection warnings + [a76bef15ab67] + + * plugins/sudoers/visudo.c: + When checking aliases, also check the contents of the alias in case + there are problems with an alias that is referenced inside another. + Replace the self reference check with real alias cycle detection. + [a66c904cf53b] + + * plugins/sudoers/alias.c: + Set errno to ELOOP in alias_find() if there is a cycle. Set errno to + ENOENT in alias_find() and alias_remove() if the entry could not be + found. + [b4f0b89e433c] + + * plugins/sudoers/visudo.c: + Increment alias_seqno before calls to alias_remove_recursive() to + avoid false positives with the alias loop detection. Fixes spurious + warnings about unused aliases when they are nested. + [a344483b8193] + + * MANIFEST: + add mkdep.pl + [86b7ed33eab2] + + * plugins/sudoers/Makefile.in: + Add dependency on convenience libs to binaries + [cd3078b3c997] + + * Makefile.in: + mkdep.pl only works when run from the src dir + [f35a5e47c944] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: + Auto-generate Makefile dependencies with a perl script. + [a3e4afcd7975] + +2011-05-23 Todd C. Miller + + * plugins/sudoers/match.c: + If the user specifies a runas group via sudo's -g option that + matches the runas user's group in the passwd database and that group + is not denied in the Runas_Spec, allow it. Thus, if user root's gid + in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if + no groups are present in the Runas_Spec. + [e3f9732dc564] + +2011-05-22 Todd C. Miller + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Add dependencies on gettext.h + [a3a9dc51f78b] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Fix install-nls target with HP-UX sh when gettext is not present. + [0c6b9655cd41] + +2011-05-20 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot, + src/Makefile.in, src/po/sudo.pot: + regenerate .pot files for lbuf changes + [918ded125a0b] + + * configure, configure.in: + Add missing "checking" message for gettext when using the cache. + [9c21187ad1d2] + + * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c, + src/parse_args.c: + Add primitive format string support to the lbuf code to make + translations simpler. + [ee71c7ef5299] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot: + Add message catalog template files for sudo and the sudoers module. + [f3f8acb1f014] + + * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c, + config.h.in, configure.in, doc/Makefile.in, include/gettext.h, + plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, + src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h: + Add gettext.h convenience header. This is similar to but distinct + from the one included with the gettext package. + [930a0591f73c] + +2011-05-19 Todd C. Miller + + * configure, configure.in: + Add checks for nroff -c and -Tascii flags + [19ca990b3149] + + * configure, configure.in: + Add check for HP bundled C Compiler (which cannot create shared + libs) + [517716a7072d] + + * plugins/sudoers/sudoreplay.c: + Fix C format warnings. + [6514326013fa] + + * include/error.h: + Add __printflike + [e1749a30a406] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/parse_args.c: + Translate help / usage strings. + [ee1cc9b1a8bd] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Set --msgid-bugs-address to the bugzilla url + [5a0aa250ca21] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, configure, + configure.in, doc/Makefile.in, include/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: + Add scaffolding to update .po files and install .mo files. + [f05f4eed1fe1] + + * doc/license.pod: + update copyright year + [fa0c62523875] + + * INSTALL, README: + No need to include version number at the top of these files. + [9f2981325351] + +2011-05-18 Todd C. Miller + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c: + Minor warning/error cleanup + [9236dc85aeab] + + * config.h.in, configure.in: + Emulate ngettext for the non-nls case + [13571d63fa36] + + * plugins/sudoers/ldap.c: + Do not mark untranslatable strings for translation + [735f5d4413fe] + + * plugins/sudoers/check.c: + Use ROOT_UID not 0. + [09a268db8da4] + + * plugins/sudoers/check.c, plugins/sudoers/iolog.c, + plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c, + src/load_plugins.c, src/sudo.c, src/sudo_edit.c: + Minor warning/error message cleanup + [3c7b1a7939b5] + + * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_pty.c, src/net_ifs.c, src/selinux.c: + cannot -> "unable to" in warning/error messages + [31c3897649e9] + + * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c, + src/sudo.c, src/utmp.c: + can't -> "unable to" in warning/error messages + [127b75f15291] + + * configure, configure.in: + FreeBSD needs the main sudo executable to link with -lpam when + loading dynaic pam modules for some reason. + [944522cc9bef] + +2011-05-17 Todd C. Miller + + * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c: + We don't want to translate debugging messages. + [56a1a365815a] + + * configure, configure.in, plugins/sudoers/Makefile.in, + plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/sesh.c, src/sudo.c: + Add calls to bindtextdomain() and textdomain() Currently there are + two domains, one for the sudo front-end and one for the sudoers + plugin and its associated utilities. + [0426138f789e] + + * configure, configure.in: + Fix caching of libc gettext check. + [942142d2c43a] + + * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c, + plugins/sudoers/mkdefaults: + Mark defaults descriptions for translation + [5b27f018e6cf] + + * NEWS: + Update for sudo 1.8.1p2 + [747c4dee2ca7] + +2011-05-16 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Quiet compiler warning when SELinux is enabled. + [1fbf77dda240] + + * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, + src/error.c, src/net_ifs.c, src/sesh.c: + Add missing includes of libintl.h. + [bc1d66316082] + + * plugins/sudoers/auth/pam.c: + Fix gettext marker. + [a5cf4ed66c66] + + * common/aix.c, common/alloc.c, compat/strsignal.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h: + Include libint.h where needed. + [2b0e5a663c7b] + + * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: + Prepare sudoers module messages for translation. + [7212ae1909c5] + + * plugins/sudoers/sudoers.c: + Only check gid of sudoers file if it is group-readable. + [50e3bc0cb242] + + * plugins/sudoers/auth/aix_auth.c: + For AIX, keep calling authenticate() until reenter reaches 0. + [e240815b74b1] + +2011-05-09 Todd C. Miller + + * configure, configure.in: + Cache the status of the initial gettext() check. + [32751ebe1704] + + * INSTALL, configure, configure.in: + Add --disable-nls flag and improve checks for gettext. + [c7e6b17052de] + + * configure, configure.in: + When building with gcc on HP-UX, use -march=1.1 to produce portable + binaries on a pa-risc2 host. Previously, the +Dportable option was + used for the HP-UX C compiler but gcc always produced native + binaries. + [8f4c749324d7] + +2011-05-06 Todd C. Miller + + * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c, + src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c, + src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c, + src/sudo_edit.c, src/tgetpass.c, src/utmp.c: + Prepare sudo front end messages for translation. + [2fc2fabceccb] + +2011-05-04 Todd C. Miller + + * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c: + Add initial scaffolding to support localization via gettext() + [7d47b59fcf95] + + * compat/fnmatch.h, compat/glob.h: + Don't let the fnmatch/glob macros expand the function prototype. + [a9014aa0288e] + +2011-05-03 Todd C. Miller + + * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h: + Resolve namespace collisions on HP-UX ia64 and possibly others by + adding a rpl_ prefix to our fnmatch and glob replacements and + #defining rpl_foo to foo in the header files. + [caa9b690a15d] + +2011-04-29 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Split ALL, ROLE and TYPE into their own actions. Since you can only + have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in + the non-SELinux case. This is safe because the actions are in one + big switch() statement. + [7473fc2cfa2c] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. + [9be3480c2865] + +2011-04-27 Todd C. Miller + + * doc/UPGRADE, doc/sudoers.pod: + askpass moved from sudoers to sudo.conf in sudo 1.8.0 + [b2c2956cec4e] + + * doc/sudoers.pod: + Remove obsolete warning about runas_default and ordering. Move + syslog facility and priority lists into the section where the + relevant options are described. + [e57b8dc3f779] + +2011-04-26 Todd C. Miller + + * plugins/sudoers/auth/sia.c: + Fix SIA support; we no longer have access to the real argc and argv + so allocate space for a fake one and use the argv passed to the + plugin with "sudo" for argv[0]. + [1c0552772ad2] + +2011-04-23 Todd C. Miller + + * src/net_ifs.c: + Remove useless realloc when trying to get the buffer size right. + [792225380a62] + + * plugins/sudoers/set_perms.c: + Be explicit when setting euid to 0 before call to setreuid(0, 0) + [7bfeb629fccb] + +2011-04-18 Todd C. Miller + + * configure, configure.in: + Need to do checks for krb5_verify_user, krb5_init_secure_context and + krb5_get_init_creds_opt_alloc regardless of whether or not + krb5-config is present. + [9d1b98ece1d3] -2009-03-28 09:30 millert +2011-04-15 Todd C. Miller + + * plugins/sudoers/set_perms.c: + Work around weird AIX saved uid semantics on setuid() and + setreuid(). On AIX, setuid() will only set the saved uid if the euid + is already 0. + [069fc08150ca] + +2011-04-14 Todd C. Miller + + * sudo.pp: + update copyright year + [1c42d579ba6e] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Treat a missing includedir like an empty one and do not return an + error. + [92f71d8cbfd4] + +2011-04-12 Todd C. Miller + + * pp: + Fix ARCH setting in cross-compile Solaris packages. + [b0de281cc889] + + * sudo.pp: + Fix aix version setting. + [98437dbfb085] + + * plugins/sudoers/ldap.c: + Remove extraneous parens in LDAP filter when sudoers_search_filter + is enabled that causes a search error. From Matthew Thomas. + [1d75bf1fc8d9] + +2011-04-11 Todd C. Miller + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c: + Correct sizeof() to fix test failure. + [fd2f7c0c0572] + + * plugins/sudoers/Makefile.in: + "install" target should depend on "install-dirs". Fixes "make -j" + problem and closes bz #487. From Chris Coleman. + [083902d38edb] + +2011-04-07 Todd C. Miller + + * config.h.in: + Add HAVE_RFC1938_SKEYCHALLENGE + [a94cb33758a8] + +2011-04-06 Todd C. Miller + + * NEWS: + Mention plugin loading and libgcc changes + [e11b30b5026a] + + * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: + Load plugins after parsing arguments and potentially printing the + version. That way, an error loading or initializing a plugin + doesn't break "sudo -h" or "sudo -V". + [1b76f2b096a2] + + * Makefile.in: + When using a sub-shell to invoke the sub-make, exec make instead of + running it inside the shell to avoid an extra process. + [fd2c04a71fbf] + + * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c: + Stop testing unspecified behavior in fnmatch Make glob test more + portable + [229803093725] + + * compat/Makefile.in: + No need to add current dir to include path and having it breaks the + test programs that expect to get the system glob.h and fnmatch.h + [68085f624be4] + + * INSTALL, configure, configure.in: + Fix and document --with-plugindir; partially from Diego Elio Petteno + [07edc52ea89e] + + * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, + compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c, + compat/regress/glob/globtest.in: + Fix fnmatch and glob tests to not use hard-coded flag values in the + input file. Link test programs with libreplace so we get our + replacement verions as needed. + [c2cca448f660] + + * Makefile.in: + If make in a subdir fails, fail the target in the upper level + Makefile too. Adapted from a patch from Diego Elio Petteno + [76fc9a0d96fd] + + * configure, configure.in, plugins/sudoers/auth/rfc1938.c: + Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also + has this. Adapted from a patch from Diego Elio Petteno + [a97279a59b93] + + * plugins/sudoers/Makefile.in: + Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ + directly. + [47b884029b3b] + + * configure, configure.in: + Fix warnings when -without-skey, --without-opie, --without-kerb4, + --without-kerb5 or --without-SecurID were specified. + [71ad150f4d24] + + * MANIFEST: + Add plugins/sudoers/sudoers_version.h + [7423966de440] + + * configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: + Back out the --with-libpath addition to SUDOERS_LDFLAGS since that + now include LDFLAGS in the sudoers Makefile.in. Add missing settng + of @LDFLAGS@ in plugin Makefile.in files. + [b835826f889c] + +2011-04-05 Todd C. Miller + + * NEWS: + Mention %#gid support in User_List and Runas_List + [5a983dff017a] + + * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h, + plugins/sudoers/visudo.c: + Keep track of sudoers grammar version and report it in the -V + output. + [52901a3c0296] + + * plugins/sudoers/sudo_nss.h: + Add multiple inclusion guard + [50853aed046e] + + * configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: + The --with-libpath option now adds to SUDOERS_LDFLAGS as well as + LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and + set it to -Wc,-static-libgcc if not using GNU ld so we don't + have a dependency on the shared libgcc in sudoers.so. + [66ad8bc5e32d] + + * doc/sudoers.pod: + Fix typo; from Petr Uzel + [f9a7afd80892] + +2011-04-01 Todd C. Miller + + * plugins/sudoers/testsudoers.c: + In dump-only mode, use "root" as the default username instead of + "nobody" as the latter may not be available on all systems. + [0c48e6414337] + +2011-03-31 Todd C. Miller + + * plugins/sudoers/testsudoers.c: + Remove NewArgv/NewArgc, they are no longer needed. + [16e18f734c7e] + + * plugins/sudoers/testsudoers.c: + Fix setting of user_args + [aa29e0d0a54a] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add '!' token to lex tracing + [5227ad266235] + + * plugins/sudoers/regress/testsudoers/test1.sh: + Use group bin in test, not wheel as most systems have the bin group + but the same is no longer true of wheel. + [718802b3b45e] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Avoid using pre or post increment in a parameter to a ctype(3) + function as it might be a macro that causes the increment to happen + more than once. + [78e281152c3a] + +2011-03-30 Todd C. Miller + + * sudo.pp: + Strip off the beta or release candidate version when building AIX + packages. + [28fe31668559] + + * configure, configure.in: + We need to include OSDEFS in CFLAGS when doing the utmp/utmpx + structure checks for glibc which only has __e_termination visible + when _GNU_SOURCE is *not* defined. + [59ae1698911f] + + * common/aix.c: + getuserattr(user, ...) will fall back to the "default" entry + automatically, there's no need to check "default" manually. + [3c7a47a61fdb] + +2011-03-29 Todd C. Miller + + * doc/UPGRADE: + Document parser changes. + [ec415503308d] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + If there is an existing sudoers file, only install if it passes a + syntax check. + [37427c73e8cb] + + * plugins/sudoers/regress/sudoers/test6.out.ok, + plugins/sudoers/testsudoers.c: + Add runasgroup support to testsudoers + [047ea5571f33] + + * plugins/sudoers/Makefile.in: + For "make check", keep going even if a test fails. + [ce6a0a73c372] + + * plugins/sudoers/testsudoers.c: + More useful exit codes: + * 0 - parsed OK and command matched. + * 1 - parse error + * 2 - command not matched + * 3 - command denied + [1d2ce1361903] + + * doc/sudoers.pod: + Document %#gid, and %:#nonunix_gid syntax. + [492d4f9696c4] + + * plugins/sudoers/pwutil.c: + Add support to user_in_group() for treating group names that begin + with a '#' as gids. + [20240c94a134] + + * config.h.in, configure, configure.in, src/utmp.c: + Add explicit check for struct utmpx.ut_exit.e_termination and struct + utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update + ut_exit if we detect one or the other. + [b4e8cab777e6] + +2011-03-28 Todd C. Miller + + * plugins/sudoers/toke.c: + Add back missing #include of config.h + [9ab3897a1b2e] + + * plugins/sudoers/iolog_path.c, + plugins/sudoers/regress/iolog_path/data: + Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like + strftime() does. + [93395762cdcd] + + * aclocal.m4: + Quote first argument to AC_DEFUN(); from Elan Ruusamae + [97f53ad31d77] + +2011-03-27 Todd C. Miller + + * MANIFEST: + add new sudoers tests + [476af91b3da3] + + * plugins/sudoers/regress/sudoers/test8.in, + plugins/sudoers/regress/sudoers/test8.out.ok, + plugins/sudoers/regress/sudoers/test8.toke.ok: + Add test for a newline in the middle of a string when no line + continuation character is used. + [de2394bc86ab] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Use bitwise AND instead of modulus to check for length being odd. A + newline in the middle of a string is an error unless a line + continuation character is used. + [bdb1d762a1d5] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Move lexer globals initialization into init_lexer. + [1ce62211aadb] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix a potential crash when a non-regular file is present in an + includedir. Fixes bz #452 + [1586760c3525] + + * pp: + On some Linux systems, "uname -p" contains detailed processor info + so check "uname -m" first and then "uname -p" if needed. Recognize + PLD Linux. + [b8535cb9012e] + +2011-03-25 Todd C. Miller + + * plugins/sudoers/redblack.c: + Don't need all sudoers.h here. + [8c0929f42dab] + + * src/sudo.c: + Print sudo version early, in case policy plugin init fails. + [47cddc4358bc] + +2011-03-24 Todd C. Miller + + * plugins/sudoers/regress/sudoers/test4.toke.ok: + Update to match change in input. + [4a3af8e68790] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Make an empty group or netgroup a syntax error. + [66f51ddc2ff6] + + * plugins/sudoers/regress/sudoers/test7.in, + plugins/sudoers/regress/sudoers/test7.out.ok, + plugins/sudoers/regress/sudoers/test7.toke.ok: + An empty group or netgroup should be a syntax error. + [bd5bf1e2edce] + + * plugins/sudoers/regress/sudoers/test6.in, + plugins/sudoers/regress/sudoers/test6.out.ok, + plugins/sudoers/regress/sudoers/test6.toke.ok: + Check that uids work in per-user and per-runas Defaults Check that + uids and gids work in a Command_Spec + [c5e848e6082b] + + * plugins/sudoers/regress/sudoers/test5.in, + plugins/sudoers/regress/sudoers/test5.out.ok, + plugins/sudoers/regress/sudoers/test5.toke.ok: + Test empty string in User_Alias and Command_Spec + [3a084d777e03] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Allow a group ID in the User_Spec. + [bc2859eb71dc] + +2011-03-23 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Return an error for the empty string when a word is expected. Allow + an ID for per-user or per-runas Defaults. + [915c259b00ff] + + * plugins/sudoers/testsudoers.c: + Fix printing "User_Alias FOO = ALL" + [ba58c3d548b3] + +2011-03-22 Todd C. Miller + + * src/parse_args.c: + Better error message about invalid -C argument + [c9a8d15bbf5d] + + * NEWS: + fix typo + [cdcfbafed013] + + * doc/sudoers.pod: + Fix placement of equal size ('=') in user specification summary. + [5ad7178b230d] + +2011-03-21 Todd C. Miller + + * MANIFEST: + update to match sudoers regress + [e04db0648717] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Restore ability to define TRACELEXER and have trace output go to + stderr. + [d9531e4d1b20] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Restore old behavior of setting sawspace = TRUE for command line + args when a line continuation character is hit to avoid causing + problems for existing sudoers files. + [fd930ad25550] + + * plugins/sudoers/regress/sudoers/test4.in, + plugins/sudoers/regress/sudoers/test4.out.ok, + plugins/sudoers/regress/sudoers/test4.toke.ok: + Add test for line continuation and aliases + [29ab538ca6bb] + + * plugins/sudoers/Makefile.in: + Make test output line up nicely for parse vs. toke + [257ef82c1434] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/sudoers/test1.in, + plugins/sudoers/regress/sudoers/test1.out.ok, + plugins/sudoers/regress/sudoers/test1.toke.ok, + plugins/sudoers/regress/sudoers/test2.in, + plugins/sudoers/regress/sudoers/test2.out.ok, + plugins/sudoers/regress/sudoers/test2.toke.ok, + plugins/sudoers/regress/sudoers/test3.in, + plugins/sudoers/regress/sudoers/test3.out.ok, + plugins/sudoers/regress/sudoers/test3.toke.ok, + plugins/sudoers/regress/testsudoers/test1.ok, + plugins/sudoers/regress/testsudoers/test1.out.ok, + plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/testsudoers/test2.out, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.ok, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/visudo/test1.ok, + plugins/sudoers/regress/visudo/test1.sh: + Move parser tests to sudoers directory and test the tokenizer output + too. + [44f529b3cdb6] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + If we match a rule anchored to the beginning of a line after parsing + a line continuation character, return an ERROR token. It would be + nicer to use REJECT instead but that substantially slows down the + lexer. + [355478293f8c] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Move LEXTRACE macro to toke.h so we can use it in yyerror(). + [72ee7a06d3ca] + +2011-03-20 Todd C. Miller + + * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Make lex tracing settable at run-time in testsudoers via the -t + flag. Trace output goes to stderr. Will be used by regress tests + to check lexer. + [93bd53c413c8] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Allow whitespace after the modifier in a Defaults entry. E.g. + "Defaults: username set_home" + [9dfcf8dd8a3a] + +2011-03-18 Todd C. Miller + + * mkpkg: + Don't set CC when cross-compiling. + [4b95b0c04e1c] + + * NEWS: + Credit Matthew Thomas for the sudoers_search_filter changes. + [a65998ab09f7] + + * MANIFEST: + Add the .sym files to the MANIFEST + [f599225cc861] + + * NEWS: + Update for sudo 1.8.1 beta + [71021e854c49] + + * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c: + user_shell -> run_shell to avoid confusion with the user's SHELL + variable. + [dc0ac6dafc21] + + * src/exec_pty.c: + Save the controlling tty process group before suspending in pty + mode. Previously, we assumed that the child pgrp == child pid + (which is usually, but not always, the case). + [10b2883b7875] + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for sudoers_search_filter setting in ldap.conf. This + can be used to restrict the set of records returned by the LDAP + query. + [b0f1b721d102] + +2011-03-17 Todd C. Miller + + * configure, configure.in: + Remove the hack to disable -g in CFLAGS unless --with-devel + [89822cf84ef4] + + * doc/sudoers.pod: + The '@' character does not normally need to be quoted. + [7823f5ed829a] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + We normaly transition from GOTDEFS to STARTDEFS on whitespace, but + if that whitespace is followed by a comma, we want to treat it as + part of a list and not transition. + [1ca6943e1824] + + * plugins/sudoers/regress/testsudoers/test3.ok, + plugins/sudoers/regress/testsudoers/test3.sh: + Add check for whitespace when a User_List is used for a per-user + Defaults entry. + [91f75e6dd19a] + + * plugins/sudoers/regress/testsudoers/test2.out, + plugins/sudoers/regress/testsudoers/test2.sh: + Expand quoted name checks to cover recent fixes. + [ce4f76bca146] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix parsing of double-quoted names in Defaultd and Aliases which was + broken in 601d97ea8792. + [424b0d6c1dc4] + + * plugins/sudoers/Makefile.in: + toke_util.c lives in $(srcdir) not $(devdir) + [94866bebee83] + +2011-03-16 Todd C. Miller + + * configure, configure.in: + Change trunk version to 1.8.x to distinguish from real 1.8.0. + [a9781e61d064] + + * NEWS, doc/UPGRADE: + Document major changes in 1.8.1 and add upgrade notes. + [f2cf51b0d9ce] + + * plugins/sudoers/match.c: + Be careful not to deref user_stat if it is NULL. This cannot + currently happen in sudo but might in other programs using the + parser. + [06a2334dd674] + + * mkpkg: + configure will not add -O2 to CFLAGS if it is already defined to add + -O2 to the CFLAGS we pass in when PIE is being used. + [1ce6481ece59] + + * doc/sudoers.pod: + Warn about the dangers of log_input and mention iolog_file and + iolog_dir in the log_input and log_output descriptions. + [ae854ffb0768] + + * pp: + sync with git version + [a993e39ce3cb] + + * doc/sudoers.pod: + It seems that h comes after i + [0f621109220d] + + * doc/sudoers.pod: + Move log_input and log_output to their proper, sorted, location. + Document set_utmp and utmp_runas. + [273b234b9c34] + + * src/exec.c: + Save the controlling tty process group before suspending so we can + restore it when we resume. Fixes job control problems on Linux + caused by the previous attemp to fix resuming a shell when I/O + logging not enabled. + [f03a660315ee] + + * common/lbuf.c: + Fix printing of the remainder after a newline. Fixes "sudo -l" + output corruption that could occur in some cases. + [25d83fb501fc] + +2011-03-15 Todd C. Miller + + * config.h.in, configure, configure.in, src/exec_pty.c, + src/sudo_exec.h, src/utmp.c: + Add support for ut_exit + [b574c13f1bba] + + * doc/sudo_plugin.pod, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c, + src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c: + Add support for controlling whether utmp is updated and which user + is listed in the entry. + [44a81632133f] + + * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h, + plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults, + plugins/sudoers/parse.c: + Fix typo; tupple vs. tuple + [697744acb710] + + * src/utmp.c: + For legacy utmp, strip the /dev/ prefix before trying to determine + slot since the ttys file does not include the /dev/ prefix. + [7ad5b81ff90c] + + * aclocal.m4, configure, configure.in, pathnames.h.in: + Add check for _PATH_UTMP + [21e638029bfd] + +2011-03-14 Todd C. Miller + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c: + Adapt check_iolog_path to sessid changes + [728b5fe2be6f] + + * config.h.in, configure, configure.in, src/Makefile.in, + src/exec_pty.c, src/sudo_exec.h, src/utmp.c: + Redo utmp handling. If no getutent()/getutxent() is available, + assume a ttyslot-based utmp. If getttyent() is available, use that + directly instead of ttyslot() so we don't have to do the stdin dup2 + dance. + [18aa455cd140] + +2011-03-11 Todd C. Miller + + * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h, + src/utmp.c: + Move utmp handling into utmp.c + [f6eae6c8e012] + + * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, + common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c, + compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c, + compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, + compat/utimes.c, doc/sudo.pod, doc/visudo.pod, + include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, + plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, + plugins/sudoers/logging.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/redblack.c, + plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, + src/sudo_plugin_int.h, src/tgetpass.c: + Update copyright years. + [16aa39f9060a] + + * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/parse_args.c: + Add "user_shell" boolean as a way to indicate to the plugin that the + -s flag was given. + [fb1ef0897b32] + + * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.h: + Move sessid out of sudo_user. + [ba298ddb57f4] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Log the TSID even if it is not a simple session ID. + [d7cc1b9c513c] + + * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod: + Document noexec in sample.sudo.conf and add back noexec_file section + in sudoers with a note that it is deprecated. + [4a6e961e494d] + + * plugins/sudoers/set_perms.c: + Fix running commands as non-root on systems where setreuid() changes + the saved uid based on the effective uid we are changing to. + [df0769b71b34] + +2011-03-10 Todd C. Miller + + * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c, + src/sudo.h: + Move noexec path into sudo.conf now that sudo itself handles noexec. + Currently can be configured in sudoers too but is now undocumented + and will be removed in a future release. + [6fa8befdc110] + + * doc/sudo.pod, doc/sudoers.pod: + Document "Path noexec ..." in sudo.conf. No longer document + noexec_file in sudoers, it will be removed in a future release. + [24eee3a0b3e5] + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: + Move noexec handling to sudo front-end where it is documented as + being. + [3ed4f10d7052] + + * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, + src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, + src/sudo_exec.h: + Add support for disabling exec via solaris privileges. Includes + preparation for moving noexec support out of sudoers and into front + end as documented. + [dec843ed553e] + + * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym, + plugins/sample_group/Makefile.in, + plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoers.sym: + Only export the symbols corresponding to the plugin structs. + [8d8d03b0ca54] + + * configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: + Install plugins manually instead of using libtool. This works + around a problem on AIX where libtool will install a .a file + containing the .so file instead of the .so file itself. + [796971cfbddb] + + * Makefile.in: + Move check into its own rule since some versions of make will run + both targets as the default rule. + [34d759979176] + + * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, + m4/ltversion.m4, m4/lt~obsolete.m4: + Update to libtool 2.2.10 + [34c130de6af7] + +2011-03-09 Todd C. Miller + + * src/exec.c: + In handle_signals(), restart the read() on EINTR to make sure we + keep up with the signal pipe. Don't return -1 on EAGAIN, it just + means we have emptied the pipe. + [d5b9c8eb9000] + + * compat/mktemp.c: + Reorder functions to quiet a compiler warning. + [c9e9a23729f0] + + * mkpkg: + Use the Sun Studio C compiler on Solaris if possible + [11a86e27891e] + +2011-03-08 Todd C. Miller + + * mkpkg: + Fix default setting of osversion variable. + [52e49ca1cedd] + + * doc/sudo_plugin.pod: + Make two login_class entris consistent. + [18ff1fa94a91] + + * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c, + src/sudo_exec.h: + Add support for adding a utmp entry when allocating a new pty. + Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent(). + Currently only creates a new entry if the existing tty has a utmp + entry. + [32db72b81d80] + + * plugins/sudoers/boottime.c: + Avoid pulling in headers we don't need on Linux For getutx?id(), + call setutx?ent() first and always call endutx?ent(). + [5dad21e1ee1b] + + * configure, configure.in: + Add some more libs to SUDOERS_LIBS instead of relying on them to be + pulled in by SUDO_LIBS. + [18a7c21c09a7] + + * plugins/sudoers/sudoers.c: + Fix return value of "sudo -l command" when command is not allowed, + broken in [c7097ea22111]. The default return value is now TRUE and + a bad: label is used when permission is denied. Also fixed missing + permissions restoration on certain errors. On error()/errorx(), the + password and group files are now closed before returning. + [4f2d0e869ae5] + +2011-03-07 Todd C. Miller + + * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: + Fix passing of login class back to sudo front end. + [6f70a784ce48] + + * mkpkg: + Add --osversion flag to specify OS instead of running "pp + --probeonly" + [a8efdccb7bc1] + + * sudo.pp: + Fix expr usage w/ GNU expr + [48895599ee63] + +2011-03-06 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Fix exit value for validate and list mode. + [c7097ea22111] + + * plugins/sudoers/sudoers.c: + Fix non-interactive mode with sudoers plugin. + [172f29597bd2] + +2011-03-05 Todd C. Miller + + * doc/sudoreplay.pod: + sudoreplay can now find IDs other than %{seq} and display the + session. + [fc3dd3be67e9] + +2011-03-04 Todd C. Miller + + * plugins/sudoers/sudoreplay.c: + Add support for replaying sessions when iolog_file is set to + something other than %{seq}. + [ca3131243874] + + * plugins/sudoers/visudo.c: + If we are killed by a signal, display the name of the signal that + got us. + [994bb76a990e] + + * configure, configure.in: + Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS + where they belong. + [40f94b936fa4] + + * configure.in: + Fix bug in skey/opie check that could cause a shell warning. + [83c043072be5] + + * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + No longer need sudo_getepw() stubs. + [bbee15c36912] + +2011-03-03 Todd C. Miller + + * plugins/sudoers/sudo_nss.c: + Fix exit value of "sudo -l command" in sudoers module. + [a6541867521b] + +2011-03-02 Todd C. Miller + + * compat/regress/glob/globtest.c: + Use fgets() not fgetln() for portability. + [df1bb67fb168] + + * sudo.pp: + Don't use the beta or release candidate version as the rpm release. + [d661ef78021a] + +2011-02-25 Todd C. Miller + + * configure, configure.in: + version 1.8.0 + [f6530d56f6ae] [SUDO_1_8_0] + + * NEWS: + update sudo 1.8 section + [f2ee2cf95d18] + +2011-02-23 Todd C. Miller + + * plugins/sudoers/regress/testsudoers/test2.sh: + fix test description + [cd5730fa9f09] + + * plugins/sudoers/regress/testsudoers/test2.out, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/visudo/test2.out, + plugins/sudoers/regress/visudo/test2.sh: + convert test2 to use testsudoers + [b5ec3f0b69f1] + + * include/sudo_plugin.h, src/sudo_plugin_int.h: + Move struct generic_plugin to sudo_plugin_int.h + [6f7bc629329c] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Allow sudoers file name, mode, uid and gid to be specified in the + settings list. The sudo front end does not currently set these but + may in the future. + [22f38a0fda2a] + +2011-02-21 Todd C. Miller + + * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, + doc/visudo.man.in: + 1.8.0rc1 + [5d4588b9c057] + + * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/parse_args.c, src/sudo.h: + add help text to sudo, visudo and sudoreplay for the -h option + [52e7378d8476] + +2011-02-19 Todd C. Miller + + * compat/snprintf.c: + avoid using "howmany" for a parameter name since it is a select- + related macro + [a14d565401a1] + + * doc/sudoers.pod: + mention group_plugin when describing nonunix_group + [e0d1d0034b17] + + * doc/sudo_plugin.pod: + Add missing period at end of sentence + [6744d7e9056d] + + * Makefile.in, doc/Makefile.in, include/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + add localstatedir; closes bug 471 + [7aefcab85088] + + * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c, + src/exec.c, src/exec_pty.c: + The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes + Bug 470 + [927ed6740f32] - * visudo.c: Check aliases in -c mode too. + * configure.in: + add missing AH_TEMPLATE for ENV_RESET + [16300010c986] -2009-03-28 09:09 millert + * src/exec.c: + SVR5 systems return non-zero for success on socketpair(), check for + -1 instead. Closes Bug 469 + [4d276494bf8e] - * alias.c, parse.h, visudo.c: Make alias_remove return the alias - struct instead of freeing it directly. Fixes a use after free in - alias_remove_recursive, the only consumer. +2011-02-16 Todd C. Miller -2009-03-28 09:07 millert + * configure, configure.in: + 1.8.0b5 + [d611cd5d73d3] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + regen + [85e96eeaed82] + + * doc/sudo.pod: + Document that a sudo.conf file with no Pligin lines uses the default + sudoers plugins. + [88bd52da977f] + + * src/load_plugins.c: + If sudo.conf contains no Plugin lines, use the default sudoers + policy and I/O plugins. + [fd8f4cb811ab] + +2011-02-14 Todd C. Miller + + * plugins/sudoers/sudo_nss.c: + Avoid printing empty "Runas and Command-specific defaults for user" + line. + [2dd330fe4f8b] + + * common/lbuf.c: + Truncate the buffer at buf.len before printing in the non-wordwrap + case. + [901e9833f80d] + + * common/lbuf.c: + Remove extra newline when the tty width is very small or unavailable + [245c05506c0e] + +2011-02-11 Todd C. Miller + + * plugins/sudoers/alias.c: + Remove unneeded variable. + [2c086d30b796] + +2011-02-09 Todd C. Miller + + * configure, configure.in: + Prefer getutxid over getutid + [3f3322e9c93e] + + * plugins/sudoers/boottime.c: + Include utmp.h / utmpx.h before missing.h as apparently including it + afterwards causes a compilation problem on GNU Hurd. + [a528029ae962] + +2011-02-07 Todd C. Miller - * alias.c, match.c, parse.c, parse.h, visudo.c: Rename find_alias - -> alias_find for consistency. + * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c: + #include "foo.h", not for local includes. + [f65ec693998e] -2009-03-27 19:29 millert + * src/parse_args.c: + remove bogus XXX + [9136c17d53ce] - * visudo.c: When checking for unused aliases, recurse if the alias - points to another alias. + * compat/mksiglist.c: + Fix typo + [1a3bb7b455c9] -2009-03-16 12:11 millert + * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c: + return foo not return(foo) + [5c9e0647359a] - * ldap.c: Back out rev 1.105 for now. Real ldapux_client.conf - support will be done later after some refactoring. +2011-02-06 Todd C. Miller + + * src/exec.c: + Remove duplicate FD_SET of signal_pipe[0] + [3096527d2215] + +2011-02-05 Todd C. Miller -2009-03-14 12:02 millert + * compat/mksiglist.c: + Use "missing.h" not in generated code. + [d8e09cffbe09] - * ldap.c: Treat ldap_hostport the same as "host" for ldapux. +2011-02-04 Todd C. Miller -2009-03-13 21:04 millert + * aclocal.m4, configure: + fix --with-iologdir=no + [a89699cb5f5f] - * configure, configure.in: Only check for - ldap_sasl_interactive_bind_s if we can find sasl.h. Fixes - compilation with ldapux. + * aclocal.m4, configure: + fix typo that broke --with-iologdir + [91b54eb22403] -2009-03-11 20:03 millert +2011-02-03 Todd C. Miller - * fileops.c: fix char subscript + * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, + doc/visudo.man.in: + Bump version to 1.8.0b4 + [e2b7f2cdc02e] -2009-03-11 19:19 millert + * NEWS: + sync + [decf5a0a8a33] - * Makefile.in: remove errant carriage returns + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Attempt to clarify how users and groups interact in Runas_Specs + [e6fb3a2dbd77] -2009-03-11 19:01 millert + * plugins/sudoers/regress/visudo/test2.out, + plugins/sudoers/regress/visudo/test2.sh: + Add test for quoted group that contains escaped double quotes + [44596c48c629] - * audit.c, env.c: fix K&R compilation + * src/exec.c, src/exec_pty.c: + Pass SIGUSR1/SIGUSR2 through to the child. + [c3108a827b01] -2009-03-11 12:12 millert + * src/exec_pty.c, src/sudo_exec.h: + Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and + SIGUSR2 to indicate whether the child should be continued in the + foreground or background. + [35ca47cc6785] - * sudo.man.in, sudo.cat, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen + * src/exec.c: + Use pid_t not int and check the return value of kill() + [36ae7d37d7f9] -2009-03-10 17:34 millert +2011-02-02 Todd C. Miller - * config.h.in: Add missing HAVE_BSM_AUDIT + * src/exec_pty.c: + Remove obsolete comment + [baebef4919f6] -2009-03-10 17:21 millert + * src/exec.c: + In non-pty mode before continuing the child, make it the foreground + pgrp if possible. Fixes resuming a shell. + [fef5b1d02ddb] - * WHATSNEW: Add 1.7.1 features + * src/exec_pty.c: + If we get a signal other than SIGCHLD in the monitor, pass it + directly to the child. + [b3ecb28163a0] + + * src/exec.c, src/exec_pty.c, src/sudo.h: + Save signal state before changing handlers and restore before we + execute the command. + [faf7475dc4bf] + +2011-02-01 Todd C. Miller + + * plugins/sudoers/iolog.c: + Use a char array to map a number to a base36 digit. + [257576c51f8b] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod: + Be clear about what versions of sudo support new LDAP attributes. + Fix up some formatting of attribute names. Minor other tweaks. + [39f65df71f65] + +2011-01-31 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + match quoted strings the same way whether in a Defaults line or as a + user/group/netgroup name. Fixes escaped double quotes in quoted + user/group/netgroup names. + [601d97ea8792] + + * plugins/sudoers/Makefile.in: + 'make check' depends on visudo and testsudoers + [127c5a24df8f] + + * plugins/sudoers/sudoers2ldif: + Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags + [9029163a58c3] + +2011-01-30 Todd C. Miller + + * doc/UPGRADE: + Mention LDAP attribute compatibility status. + [2c3595aaec63] + +2011-01-28 Todd C. Miller + + * README.LDAP: + Mention phpQLAdmin + [9304c9064fbe] + + * INSTALL, NEWS, config.h.in, configure, configure.in, + doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: + Add --disable-env-reset configure option. + [8a753aa13a46] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document that sudoers_locale also affects logging and email. + [998d6ac11277] + + * NEWS, config.h.in, configure, configure.in, + plugins/sudoers/logging.c: + Do logging and email sending in the locale specified by the + "sudoers_locale" setting ("C" by default). Email send by sudo + includes MIME headers when the sudoers locale is not "C". + [cb7e55408400] + +2011-01-27 Todd C. Miller + + * plugins/sudoers/check.c: + Fix indentation + [65ae7e92b9e4] + +2011-01-25 Todd C. Miller + + * NEWS, src/parse_args.c, src/sudo.c: + Perform command escaping for "sudo -s" and "sudo -i" after + validating sudoers so the sudoers entries don't need to have all the + backslashes. + [4e168c103f4b] + +2011-01-24 Todd C. Miller + + * plugins/sudoers/logging.c: + Prepend "list " to the command logged when "sudo -l command" is used + to make it clear that the command was listed, not run. + [f392a6056cd6] + + * plugins/sudoers/parse.c: + cosmetic change + [7c0951dbc2dd] + + * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, + common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c, + compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c, + compat/nanosleep.c, compat/regress/glob/globtest.c, + compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, + compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c, + plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, + plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c, + src/sudo_noexec.c, src/tgetpass.c: + standardize on "return foo;" rather than "return(foo);" or "return + (foo);" + [32d76c5aaf8c] + + * plugins/sudoers/sudoers.c: + Do not reject sudoers file just because it is root-writable. + [0febc579185b] + +2011-01-21 Todd C. Miller + + * NEWS: + sync + [1ab03f8278ff] + + * plugins/sudoers/sudo_nss.c: + For "sudo -U user -l" if user is not authorized on the host, say so. + [289afe6dd15c] + + * plugins/sudoers/ldap.c: + In sudo_ldap_lookup(), always do the initial sudoers check as the + invoking user. If we are listing another user's privs we will do a + separate lookup using list_pw later. + [e52bc15de76d] + +2011-01-20 Todd C. Miller + + * MANIFEST: + add parser fill tests + [4f65140d3515] + + * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: + Don't test features not supported by the bundled glob() + [8ec7ace11949] + + * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c, + compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in, + doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in: + Update copyright year to 2011 + [ac1b45cb1809] + + * plugins/sudoers/sudo_nss.c: + When listing, use separate lbufs for the defaults and the privileges + and only print something if the number of privileges is non-zero. + Fixes extraneous Defaults output for "sudo -U unauthorized_user -l". + [d0854d39f8ef] + + * plugins/sudoers/ldap.c: + Stash pointer to user group vector in LDAP handle and only reuse the + query if it has not changed. We always allocate a new buffer when + we reset the group vector so a simple pointer check is sufficient. + [88861d4eba69] + + * plugins/sudoers/sudo_nss.c: + Check initgroups() return value. + [3bdaf58408a7] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_fill.c: + Add tests for the fill functions in toke_util.c + [bca587ab4956] + +2011-01-19 Todd C. Miller + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c: + fix copyright year + [e2038cdaf055] + + * NEWS: + sync + [56ca5d5eaebe] + +2011-01-18 Todd C. Miller + + * common/term.c: + Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e. + [b91f266624ec] + +2011-01-14 Todd C. Miller + + * mkpkg, sudo.pp: + Add Requires line for audit-libs >= 1.4 for RHEL5+ + [6c02f976171b] + + * pp: + sync with git version + [d301c32d5865] + +2011-01-13 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + fix typo + [39353f92976f] + +2011-01-12 Todd C. Miller + + * NEWS: + Update for sudo 1.7.4p5 + [b444da76901f] + + * doc/schema.OpenLDAP, doc/schema.iPlanet: + Add sudoNotBefore and sudoNotAfter attributes as optional attributes + to the sudoRole object class. From Andreas Mueller + [dacfad7e7a95] + +2011-01-11 Todd C. Miller + + * NEWS: + Mention "sudo -g group" password check fix. + [1eb8fb14e53b] + + * plugins/sudoers/sudoers.c: + Fix "sudo -g" support in the sudoers module. + [07d1b0ce530e] + + * plugins/sudoers/check.c: + If the user is running sudo as himself but as a different group we + need to prompt for a password. + [caf1fcc9a117] + +2011-01-10 Todd C. Miller + + * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, + plugins/sudoers/ldap.c: + Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP + LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla- + derived LDAP SDKs but we can pass the timeout parameter to + ldap_search_ext_s() or ldap_search_st() when possible. + [5537049991f7] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: + regen + [5b361c3c4324] + + * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility + with OpenLDAP ldap.conf files. + [e97843bd16fb] + + * plugins/sudoers/pwutil.c: + If user has no supplementary groups, fall back on checking the group + file expliticly. + [5223ad4eb690] + +2011-01-08 Todd C. Miller + + * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c: + constify + [6e132a4cca61] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Move fill macro to toke.h + [623d430798cf] -2009-03-10 17:10 millert + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Split tokenizer utility functions out into toke_util.c + [89a97bd51618] - * INSTALL: Mention --with-netsvc + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + ANSIfy + [ca0eba1dfaa9] + +2011-01-07 Todd C. Miller + + * MANIFEST: + sync + [a43f94064bb3] + + * plugins/sudoers/Makefile.in: + Add visudo tests to check target + [8c82fb4ed40f] + + * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, + compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files, + compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: + Add my regress tests for fnmatch() and glob() from OpenBSD. + [6e8c1f211723] + + * plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/visudo/test1.ok, + plugins/sudoers/regress/visudo/test1.sh: + Add regress test for command tags using visudo -c + [18b0ef207c0f] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test1.ok, + plugins/sudoers/regress/testsudoers/test1.sh: + Add support for regress tests using testsudoers + [1fa94bd2671b] + + * plugins/sudoers/testsudoers.c: + Need to set user_name explicitly due to internal changes made when + converting sudoers to a plugin. + [1fa54e86a364] + +2011-01-06 Todd C. Miller + + * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/iolog_path/data, src/Makefile.in, + zlib/Makefile.in: + Add regression tests for iolog_path() + [afa4b416e559] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Add support for "make Makefile" to regenerate Makefile from + Makefile.in + [98bd2dda3294] + + * plugins/sudoers/iolog_path.c: + Quiest a bogus compiler warning. + [5ff932a7ad67] + +2011-01-05 Todd C. Miller + + * plugins/sudoers/iolog_path.c: + Protect call to setlocale() with HAVE_SETLOCALE + [2c29ee3ccc81] + +2011-01-04 Todd C. Miller + + * MANIFEST: + mkstemps.c was renamed mktemp.c + [ae299c3b1827] + + * NEWS: + Update from 1.7 branch + [20817d79717b] + + * Makefile.in: + Use "mv -f" when regenerating ChangeLog + [c163635206c6] + + * plugins/sudoers/match.c: + Fix NULL dereference with "sudo -g group" when the sudoers rule has + no runas user or group listed. Fixes RedHat bug Bug 667103. + [41a6a1243d9e] + +2011-01-03 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Correct the default sudo.conf example + [4e791698cad1] + +2010-12-31 Todd C. Miller + + * plugins/sudoers/iolog_path.c: + Reset slashp if we allocate a new buffer for strftime() + [e491daa4203b] + + * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add extra out parameter to expand_iolog_path() to allow the caller + to split the path into dir and file components if needed. + [88346bc5ae39] + +2010-12-30 Todd C. Miller + + * plugins/sudoers/iolog.c: + mkdir_iopath() returns size_t now that it uses strlcpy() and not + snprintf() + [3c4c64d265eb] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c: + Trim leading slashes from iolog_file and trailing slashes from + iolog_dir + [a803b51f8948] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Pass a single I/O log file name in command_details instead of + separate dir + file parameters. + [d672a3e46e80] + + * plugins/sudoers/sudoreplay.c: + change an error() to errorx() + [8013dcfdd69d] + + * plugins/sudoers/iolog.c: + Add missing cwd line to I/O log info file that got dropped when + iolog_deserialize_info() was added + [7cf84f208423] + +2010-12-29 Todd C. Miller + + * plugins/sudoers/iolog.c: + Avoid relying on globals filled in by the sudoers policy module for + the sudoers I/O log module. The I/O log open function now pulls the + bits it needs out of user_info and command_info. + [c02f6951b0cc] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + If no iolog file is specified by the policy plugin, use io_nextid() + to determine the next file in the sequence. + [faa1130b1020] + +2010-12-28 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document iolog_compress in command_info + [58895c7d12f5] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Add support for the iolog_compress variable in command_info. + [36f13a2fd1c1] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Add sigsetjmp() calls to all plugin entry points just to be safe. + [3fa482355bc4] + + * src/sudo.c, src/sudo.h: + Don't need iolog variables in struct command_details, they are for + the I/O log plugins to handle. + [5111579ffd9d] + +2010-12-27 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document use of mkdtemp() for iolog path teplates + [5db6101408a9] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + regen + [1ee11fd6d4eb] + + * doc/sudo_plugin.pod, doc/sudoers.pod: + Document iolog_file and supported escape sequences for sudoers. + Clarify that iolog_file can contain directories. + [da611dedcbdb] + + * compat/Makefile.in, configure, configure.in: + Fix building of mkstemps/mkdtemp replacements. + [793a5e303122] + + * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure, + configure.in, include/missing.h: + Provide mkdtemp() for systems without it. + [b0527dfa965c] + + * plugins/sudoers/iolog_path.c: + Fix typo + [277f6c514cba] + + * plugins/sudoers/iolog.c: + Only use mkdtemp() if the path ends in at least 6 Xs since otherwise + glibc mkdtemp() returns EINVAL. + [2e7323b05579] + + * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Allow sudoers to specify the iolog file in addition to the iolog + dir. Add escape sequence support to iolog file and dir: sequence + number, user, group, runas_user, runas_group, hostname and + command in addition to any escape sequence recognized by + strftime(3). + [75cd32ee0435] + + * plugins/sudoers/iolog.c: + Add missing sigsetjmp() call in I/O plugin open function. Fixes a + crash when the I/O plugin calls error(), errorx() or log_error(). + [1a6718bd817d] + +2010-12-21 Todd C. Miller + + * doc/sudo_plugin.pod, plugins/sudoers/iolog.c, + plugins/sudoers/sudoers.c: + Give the policy module fine-grained control over what the I/O plugin + logs. + [d29784fd2a66] + + * common/term.c: + Clear OPOST from c_oflag like we used to. Fixes screen-based + editors such as vi. + [506ad5ae9b4e] + + * doc/sudoers.pod: + Clarify umask option description. From Reuben Thomas. + [1294ac84222b] + +2010-12-20 Todd C. Miller + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Pick last match in LDAP sudoers too + [fbfd8e85703b] + + * doc/sudo_plugin.pod: + Document iolog_file, iolog_dir and use_pty + [26120a59c20e] + + * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, + plugins/sudoers/sudoers.c: + Adapt plugins to version I/O logging ABI 1.1 + [880dd64bc1e8] + + * src/exec.c, src/sudo.h: + Add use_pty command_info flag for policies to indicate that a pty + should be allocated even if no I/O logging is performed. + [e7b167f8a6e5] + + * src/sudo.c: + Add remaining plugin convenience functions + [ffeaf96da031] + + * include/sudo_plugin.h, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h: + Change I/O log API to pass in command info to the I/O log open + function. Add iolog_file and iolog_dir parameters to command info. + This allows the policy plugin to specify the I/O log pathname. Add + convenience functions for calling plugin functions that handle ABI + backwards compatibility. + [9b81dce76ce5] + + * compat/dlopen.c: + Remove useless cast + [7cecce969739] + +2010-12-17 Todd C. Miller + + * configure, configure.in: + Bump version to 1.8.0b3 + [1dc9f040aae0] + +2010-12-13 Todd C. Miller + + * configure.in: + Remove extraneous newline + [71c94551eea5] + +2010-12-10 Todd C. Miller + + * doc/sudoers.pod, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c: + Make I/O log dir configurable. + [99b576667a38] + + * aclocal.m4, configure, configure.in, doc/sudoers.pod: + Rename io_logdir to iolog_dir + [0731662acc8d] + +2010-12-07 Todd C. Miller + + * pp: + Add missing '*' that prevented the generic ELF case from matching. + [be77ca26bfb2] + + * pp: + If file(1) can't identify the ELF binary type, try readelf(1). + [38a18d32a9e3] + +2010-11-30 Todd C. Miller + + * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.c, src/sudo.c: + Use %u to print uid/gid, not %lu and adjust casts to match. + [03c43b8749cf] -2009-03-10 17:08 millert + * doc/sudoers.ldap.pod: + Clarify ordering of entries and attributes. + [924e2a6bb603] - * sudoers.ldap.pod: Document netsvc.conf support + * doc/sudoers.ldap.pod: + Fix typo and editing goof. + [79dc7ccd85a8] -2009-03-10 16:44 millert + * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, + doc/sudoers.ldap.pod: + Merge in ordered LDAP entry support from Andreas Mueller. + [ea5885989bad] - * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c, - sudo_nss.h: Add support for AIX netsvc.conf (like nsswitch.conf). + * plugins/sudoers/ldap.c: + Make sure we don't dereference a NULL handle. + [1a9f9ee15371] -2009-03-08 16:57 millert +2010-11-24 Todd C. Miller - * configure, config.h.in, configure.in, env.c: Add - --enable-env-debug flag to enable environment sanity checks. + * pp: + Add support for RHEL 6 file modes that include a trailing dot on + files with an SELinux security context + [dc09be959547] -2009-03-08 11:51 millert +2010-11-23 Todd C. Miller - * sudoers.ldap.pod, sudoers.pod: Work around some pod2html issue. + * src/sudo.c: + exec_setup() does not need to setuid(0), the Ubuntu issue was in the + sudoers module. + [d6dd99fc6062] -2009-03-07 17:10 millert + * plugins/sudoers/sudoers.c: + create_admin_success_flag() should use restore_perms() rather than + set_perms() to restore the uid. + [eba7a91c1f57] - * env.c: Only sync environ for putenv, setenv, and unsetenv. We - need to make sure that sudo_putenv and sudo_setenv only modify - env.envp, not environ. + * src/sudo.c: + In exec_setup() call setuid(0) to make certain the subsequent uid + and gid changes will succeed. Fixes a problem on Ubuntu. + [c5d32abf0645] -2009-03-02 14:19 millert + * src/sudo_edit.c: + Error out if we cannot change to root's uid so we catch the failure + early. + [7a2e7f8f2c80] - * env.c: Really fix UNSETENV_VOID +2010-11-22 Todd C. Miller -2009-03-02 14:18 millert + * doc/sudoers.pod: + fix typo; from Michael T Hunter + [a574a9d0db5b] - * env.c: Fix unsetenv when UNSETENV_VOID + * plugins/sudoers/match.c: + In sudoedit mode, assume command line arguments are paths and pass + FNM_PATHNAME to fnmatch(). + [ce0abff8ce9f] -2009-03-02 08:00 millert +2010-11-20 Todd C. Miller - * aclocal.m4, configure: Fix SUDO_FUNC_PUTENV_CONST + * configure, configure.in: + Add workaround for an error in sys/types.h on HP-UX 11.23 when large + file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the + broken bits of the header file. + [e337217f097a] -2009-03-02 07:36 millert + * aclocal.m4: + Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM + [fbbcee28961f] - * ldap.c: tivoli-based ldap does not have ldapssl_err2string + * sudo.pp: + For Tru64, strip off beta version. + [eeccd762df5e] -2009-03-02 07:30 millert + * MANIFEST, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h: + Avoid conflicts with system definitions in grp.h and pwd.h + [b219ffe1da09] - * configure: regen + * zlib/gzguts.h: + Include stdio.h after zlib.h, not before. We need the large file + defines to come first. + [21d6df39790f] -2009-03-01 16:20 millert +2010-11-19 Todd C. Miller - * config.h.in, configure, configure.in, ldap.c: Add support for - Tivoli-based LDAP start TLS as seen in AIX. Untested. + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: + regen + [3ff8750d0aac] -2009-03-01 08:52 millert + * Makefile.in: + Don't clean ChangeLog + [ab0d30d289d4] - * env.c: Add sanity checks for setenv/unsetenv + * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Add prototype for cleanup() + [75626fd3769a] -2009-02-28 20:17 millert +2010-11-18 Todd C. Miller - * Makefile.in: Include bsm_audit.h in the tarball + * plugins/sudoers/group_plugin.c: + Avoid deferencing group_plugin if it is NULL in + group_plugin_query(). This should not happen. + [4f2933c8da7e] -2009-02-28 20:00 millert + * plugins/sudoers/group_plugin.c: + group plugin init function return TRUE when successful + [198024477030] - * Makefile.in, version.h: bump version for sudo 1.7.1 +2010-11-17 Todd C. Miller -2009-02-28 19:58 millert + * plugins/sudoers/ldap.c: + Enlarge the array of entry wrappers int blocks of 100 entries to + save on allocation time. From Andreas Mueller + [375c916bb03b] - * aclocal.m4, config.h.in, configure, configure.in, env.c, ldap.c, - sudo.h, auth/aix_auth.c: Replace sudo_setenv/sudo_unsetenv with - calls to setenv/unsetenv and provide our own - setenv/unsetenv/putenv that operates on own env pointer. Make - sync_env() inline in setenv/unsetenv/putenv functions. + * plugins/sudoers/ldap.c: + Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2() + that was mistakenly dropped. + [1555f5bc132d] -2009-02-25 07:33 millert +2010-11-16 Todd C. Miller - * sudo.c: Make "sudoedit -h" work as expected + * doc/TROUBLESHOOTING: + Mention that sudo needs "ar" to build. + [65582ace2d09] -2009-02-25 07:21 millert + * configure, configure.in: + Fail with a more useful error if "ar" is not found. + [d1cb83719c17] - * auth/pam.c: Make sure def_prompt is always defined. This is a - workaround for pam configs that prompt for a password in the - session but don't have an auth line. A better fix is to expand - the sudo prompt earlier and set def_prompt to that when - initializing. +2010-11-14 Todd C. Miller -2009-02-25 06:17 millert + * plugins/sudoers/ldap.c: + Merge in ordered LDAP entry support from Andreas Mueller and add + local changes from the 1.7 branch. + [bca29e461618] - * sudo.pod: Mention that the helper for -A may be graphical. +2010-11-12 Todd C. Miller -2009-02-25 06:16 millert + * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, + doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add timed entry support from Andreas Mueller. + [e18d1df46a8d] - * TROUBLESHOOTING: Document what happens if there is no tty. + * plugins/sudoers/group_plugin.c: + Don't try to unload if group_plugin is NULL. Don't call dlclose() if + group_handle is NULL + [de2273da37d5] + + * plugins/sudoers/sudoers.h: + It is now plugin_cleanup(), not cleanup() + [da62a4e1a78c] + + * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: + Call plugin_cleanup(), not cleanup() + [e800ad8b33ad] -2009-02-25 06:05 millert +2010-11-11 Todd C. Miller + + * plugins/sudoers/ldap.c: + Use efree() not free() and remove malloc.h include since we never + directly call malloc() or free(). + [107fffd134bb] + +2010-11-09 Todd C. Miller + + * sudo.pp: + set PSTAMP for Solaris and move the backend-specific bits to their + own %if [xxx] %endif blocks in %set. + [a94ebe8920c1] + + * pp: + sync with git repo + [75ff509696b4] + + * configure, configure.in: + Only substitute file zlib files when using the builtin zlib + [6c8145b2deb4] + + * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Give up on using VPATH to find sources as it is implemented + inconsistenly in different versions of make. + [60517c69aaee] + + * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, + plugins/sudoers/gram.c, plugins/sudoers/toke.c: + Include config.h before any other includes to make sure we get the + right value for _FILE_OFFSET_BITS. + [8fb007ca832e] + + * MANIFEST: + Add zlib + [04a3e23dfaa9] + + * zlib/Makefile.in: + Add missing targets + [40e45a177168] + + * src/Makefile.in: + g/c unused $(GENERATED) + [c8758068c1bc] + +2010-11-08 Todd C. Miller + + * plugins/sudoers/group_plugin.c: + Zero out group_plugin on unload just to be safe. + [0b10f4d101ca] + + * plugins/sudoers/group_plugin.c: + Unload group plugin if its init function fails. + [6552cdac4b7c] + + * src/sudo.c: + Only chdir to cwd if it is different from the current cwd or there + is a new root (chroot). + [b8203e875e84] + + * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in: + Bump version to 1.8.0b2 + [6dadeb75a878] + +2010-10-28 Todd C. Miller + + * INSTALL: + Better --enable-zlib description + [e0da54fa59a6] + + * mkpkg: + Use system zlib on Linux Let configure decide on Solaris For all + others, use builtin zlib + [3d52eddb523c] + + * zlib/zconf.h.in: + Add large file support. + [bec01215270d] + + * config.h.in: + Add large file support. + [244e95b034ec] + + * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod, + zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c, + zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c, + zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c, + zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h, + zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h, + zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in, + zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: + Add local copy of zlib for systems that lack it. + [7542ca465c5a] + +2010-10-15 Todd C. Miller + + * src/exec.c: + If perform_io() fails, kill the child before exiting so it doesn't + complain about connection reset. We can get an I/O error if, for + example, and we get EIO reading from stdin. + [e59a05fa729f] + +2010-10-12 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c: + Fix complilation on systems with set_auth_parameters() Sprinkle + volatile to quiet warnings from gcc 2.8.0 + [a34c2b924ba7] + + * compat/dlfcn.h, compat/dlopen.c: + Avoid potential namespace issues with dlopen() emulation. + [aedfababd6ca] + + * MANIFEST: + sync + [6afb97e6d308] + + * plugins/sudoers/interfaces.c: + Use INADDR_NONE instead of casting -1 to in_addr_t (which may not + exist). + [ddfca5af1a36] + + * Makefile.in: + Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg + [e9d04bfa4505] + + * configure, configure.in: + HP-UX 10.20 libc has an incompatible getline + [2e7bc202e78d] + + * plugins/sudoers/visudo.c: + Quiet an HP-UX compiler warning. + [55b9d587ac8c] + + * configure, configure.in: + Check for vi even with --with-editor specified; the sample plugin + needs it. + [94dfc3643f76] + +2010-10-11 Todd C. Miller + + * compat/dlopen.c: + Fix remaining syntax errors. + [9d729b5b577e] + + * src/Makefile.in: + sudo binary depends on the libtool-generated libs + [9e6148406adb] + + * plugins/sudoers/group_plugin.c, src/load_plugins.c: + Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to + include the local or system dlfcn.h + [68cfe4c1089b] + + * pp: + Don't use run_as_superuser=false on HP-UX + [532242370b09] + + * src/net_ifs.c: + Use memset() instead of zero_bytes() since we don't include + sudoers.h + [a187c18c2472] + + * plugins/sudoers/interfaces.c: + Fix pasto; AF_INET not AF_INET6 + [2d2e9d7dc6f9] + + * compat/dlopen.c: + Actually call shl_load() + [ed8153b8a3cd] + + * pp: + Update from git repo. Debian: version numbers now compliant with + policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX + 10.20 + [ecf2692bceeb] + + * configure, configure.in: + Fix dlopen() detection for systems where dlopen() is in a separate + library. + [fa6b175582b6] + + * plugins/sudoers/auth/pam.c: + If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more + useful message and return AUTH_FATAL so sudo does not keep trying to + validate the user. + [1be8857e5291] + + * src/preload.c: + sudo_preload_table is an array + [b7704e72a9da] + + * compat/dlopen.c: + Quiet a compiler warning and fix sudo_preload_table external + definition. + [8234987664cc] + + * compat/dlfcn.h: + Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype. + [8bab6a4053cc] - * sudo.c: cosmetic changes + * plugins/sudoers/group_plugin.c: + Make this compile correctly when no dlopen is available. + [57643879bd2b] + +2010-10-07 Todd C. Miller + + * plugins/sudoers/check.c: + Having a timestamp file defined is no longer indicative of tty + tickets being enabled. Check def_tty_tickets directly. + [efcc11ad157f] + + * src/exec_pty.c, src/sudo.h, src/ttysize.c: + Fix TCGETWINSZ compat. + [da3a8b17cf7a] + +2010-10-02 Todd C. Miller + + * src/exec_pty.c, src/ttysize.c: + Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE + [926492dd10a6] + +2010-10-01 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c: + Move set_project() from sudoers module into sudo proper. + [beabafac03b4] + + * configure, configure.in: + Fix typo and regenerate + [4a3caf4234f3] + + * plugins/sudoers/ldap.c: + When iterating over returned LDAP entries, keep looking at remaining + matches even if we have a positive match. This catches negative + matches that may exist in other entries and more closely match the + sudoers file behavior. + [f47db6e609b0] + + * pp: + Add support for multiple package instances on Solaris. + [7f2a8b942545] + + * src/exec.c: + Add missing signal_pipe[0] to fdsr for the non-pty case. + [79d01e11b19c] + + * mkpkg: + Add --with-project for Solaris + [ffa4c2bb93f7] + + * README: + Need ar and ranlib too + [5c2f679172ef] + +2010-09-27 Todd C. Miller + + * plugins/sudoers/env.c: + Preserve ODMDIR environment variable by default on AIX. + [bd47cb1e804f] + +2010-09-26 Todd C. Miller + + * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, + config.h.in, configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c, + src/preload.c: + Add dlopen() emulation for systems without it. For HP-UX 10, emulate + using shl_load(). For others, link sudoers plugin statically and use + a lookup table to emulate dlsym(). + [e92edfb3c642] + +2010-09-24 Todd C. Miller -2009-02-25 05:47 millert + * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c, + compat/nanosleep.c, compat/utimes.c: + When including compat headers, use the compat dir as part of the + path so we are sure to get the correct header. + [6c2a45da6af5] - * term.c: Fix term_restore +2010-09-21 Todd C. Miller + + * plugins/sudoers/linux_audit.c: + Ignore ECONNREFUSED from audit_log_user_command() which will occur + if auditd is not running. + [d314fe4c8d03] -2009-02-24 20:23 millert +2010-09-17 Todd C. Miller - * sudo.c: Fix "sudo -k" with no other args + * pp: + Sync with git version + [1c0357744222] -2009-02-24 08:04 millert +2010-09-16 Todd C. Miller - * check.c, sudo.c, sudo.pod, sudo_usage.h.in: Allow the -k flag to - be specified in conjunction with a command or another option that - may require authentication. + * common/fileops.c, plugins/sudoers/defaults.c: + Cast isblank argument to unsigned char. + [c822dbb3ca54] -2009-02-23 09:18 millert +2010-09-14 Todd C. Miller - * configure, configure.in: Remove unneeded AC_CANONICAL_TARGET; - from Diego E. 'Flameeyes' + * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: + Implement --with-umask-override configure flag. + [863e3047df22] -2009-02-23 09:15 millert + * plugins/sudoers/env.c: + Take MODE_LOGIN_SHELL into account when initially setting reset_home + instead of special-casing it later. + [5d6b16480fd6] - * Makefile.in: Parallel make fix. From Diego E. 'Flameeyes' + * plugins/sudoers/sudoers.c: + In login mode, make a copy of the runas user's pw_shell for + NewArgv[0] because 1) we modify it and 2) it will runas_pw gets + freed before exec. + [1d1ccb568dfa] + + * plugins/sudoers/env.c: + Reset HOME for "sudo -i" even if HOME was listed in env_keep. + [c1c1c65a2d63] + + * src/sudo.c: + Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK. + [7443454e5f88] + + * src/sudo.c: + Reset signal mask at sudo startup time; we need to be able to rely + on normal signal delivery to control the child process. + [95800163ff94] + +2010-09-13 Todd C. Miller + + * install-sh: + Use sed instead of expr to split a flag from its argument. Fixes a + problem with expr interpreting its arguments as a flag when they + start with a dash. + [736065e14301] + + * common/lbuf.c: + Do not need sys/time.h after all + [91f6f668ccda] + + * common/lbuf.c: + Include sys/time.h for utimes() and struct timeval. No longer need + ioctl.h or termios.h + [2d75273d3213] + + * compat/snprintf.c: + Quiet bogus compiler warnings. + [fe252e1968f5] + + * include/missing.h: + Declare innetgr() for HP-UX which is missing a declaration. Declare + domainname() for HP-UX and Solaris which are missing a declaration. + [b37c50751138] + + * plugins/sudoers/bsm_audit.c: + Use __sun for consistency with the rest of the sources. + [6b086b61ccb6] + + * plugins/sudoers/group_plugin.c: + Quiet a bogus compiler warning. + [ebc069842c4a] + + * plugins/sudoers/pwutil.c: + Don't try to delref a NULL group. + [f6ff0838be21] + + * common/alloc.c, common/lbuf.c: + Include memory.h on systems that need it. + [4e676da81c6f] + +2010-09-11 Todd C. Miller + + * src/exec.c: + Quiet gcc warnings on glibc systems that use warn_unused_result for + write(2). + [0532da0b7cf7] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + sudo_plugin is in section 8; from Ted Percival + [b4506a0de87e] + + * plugins/sudoers/Makefile.in: + testsudoers depends on libsudoers.la, not sudoreplay + [cdb1cc3bf06a] + +2010-09-10 Todd C. Miller + + * src/exec.c: + Read as many signals on the signal pipe as we can before returning. + [b181671da047] + + * src/exec.c, src/exec_pty.c, src/sudo_exec.h: + Instead of using a array to store received signals, open a pipe and + have the signal handler write the signal number to one end and + select() on the other end. This makes it possible to handle signals + similar to I/O without race conditions. + [ee84d65c16b6] + +2010-09-09 Todd C. Miller + + * doc/visudo.pod, plugins/sudoers/visudo.c: + Make "visudo -c -f -" check the standard input. + [195a3d2a9a26] + + * doc/sudoers.pod: + set_home and always_set_home have an effect if HOME is present in + the env_keep list. + [159d0b9dc5c8] + + * plugins/sudoers/env.c: + Make -H flag work when HOME is listed in env_keep. Also makes + "set_home" and "always_set_home" override override HOME in env_keep. + [a3e5b966193f] + +2010-09-08 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/match.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/net_ifs.c: + Convert sudoers plugin to use interface list passed in settings. + [87d9b5f4f586] + + * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c, + src/parse_args.c, src/sudo.h: + Query local network interfaces in the main sudo driver and pass to + the plugin as "network_addrs" in the settings list. + [7f35bcfe77a7] + + * plugins/sudoers/bsm_audit.c: + Solaris BSM audit return EINVAL when auditing is not enabled, + whereas OpenBSM returns ENOSYS. + [411b980ec58b] + +2010-09-07 Todd C. Miller + + * compat/fnmatch.c: + missing.h should come before most local includes + [53921a7b8b5b] + + * plugins/sudoers/sudoreplay.c: + missing.h should come before most local includes + [e9abb0db1aac] + + * plugins/sudoers/sudoers.h: + Make local includes consistent; use double quotes for local includes + except for generated ones where we use angle brackets. + [09de4faa9547] + + * plugins/sudoers/sudoers.c: + Always fill in NewArgv for audit code. + [7c3aca60519f] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add missing LOG_INPUT/LOG_OUTPUT support in the lexer. + [007cf6560f92] + + * common/alloc.c, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c, + common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c, + compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, + compat/getprogname.c, compat/glob.c, compat/isblank.c, + compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c, + compat/nanosleep.c, compat/setenv.c, compat/snprintf.c, + compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, + compat/unsetenv.c, compat/utimes.c, include/compat.h, + plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, + plugins/sample_group/plugin_test.c, + plugins/sample_group/sample_group.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/linux_audit.c, plugins/sudoers/match.c, + plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h, + src/sudo_noexec.c, src/ttysize.c: + Make local includes consistent; use double quotes for local includes + except for generated ones where we use angle brackets. Also g/c + unused compat.h. + [e57070dc8f04] + +2010-09-06 Todd C. Miller + + * plugins/sudoers/match.c: + When matching the runas user and runas group (-u and -g command line + options), keep track of runas group and runas user matches + separately. Only return a positive match if we have a match for + both runas user and runas group (if specified). + [815219e04cc8] + +2010-09-04 Todd C. Miller + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for multiple URI lines by joining the contents and + passing the result to ldap_initialize. + [a47cae3b72e8] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: + Do not return -1 on error from the display functions; the caller + expects a return value >= 0. + [101456a7dd00] + + * plugins/sudoers/sudoers.c: + Do not set both MODE_EDIT and MODE_RUN + [8faa36694d54] + +2010-09-03 Todd C. Miller + + * include/missing.h: + Move includes to the top of the file. + [a51436798e8c] + +2010-08-30 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Add missing definition of timedir + [458a749c2c5e] + + * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c, + compat/mksiglist.c, compat/strsignal.c, + plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c: + Add #include of sys/types.h for .c files that include missing.h to + be sure that size_t and ssize_t are defined. + [08e3132dbf4f] + + * plugins/sudoers/Makefile.in: + Install sudoers file from the build dir not hte src dir. + [ca89e962dbf4] + +2010-08-26 Todd C. Miller + + * plugins/sudoers/set_perms.c: + If runas_pw changes, reset the stashed runas aux group vector. + Otherwise, if runas_default is set in a per-command Defaults + statement, the command runs with root's aux group vector (i.e. the + one that was used when locating the command). + [24f9107cedd2] + + * plugins/sudoers/Makefile.in: + Add target to generate sudoers file Remove generated sudoers file as + part of distclean + [fb7422e90f03] + +2010-08-24 Todd C. Miller + + * src/exec.c: + When not logging I/O install a handler for SIGCONT and deliver it to + the command upon resume. Fixes bugzilla #431 + [495dce52a5aa] + +2010-08-21 Todd C. Miller + + * plugins/sudoers/sudoers.h: + g/c unused auth_pw extern definition + [40eb7477ba17] + + * plugins/sudoers/check.c, plugins/sudoers/sudoers.c: + Move get_auth() into check.c where it is actually used. + [e31db0ce3a61] + +2010-08-20 Todd C. Miller + + * common/lbuf.c: + Convert a remaining puts() and putchar() to use the output function. + [d69e363a506b] + + * plugins/sudoers/plugin_error.c: + Plug memory leak + [68895469ea8d] + +2010-08-18 Todd C. Miller + + * plugins/sudoers/env.c: + Set dupcheck to TRUE when setting new HOME value if !env_reset but + always_set_home is true. Prevents a duplicate HOME in the + environment (old value plus the new one) introduced in f421f8827340. + [9ca19183794f] + + * configure, configure.in, plugins/sudoers/sudoers, + plugins/sudoers/sudoers.in: + Substitute sysconfdir in the installed sudoers file to get the + correct path for sudoers.d. + [86072b6cd55d] + +2010-08-17 Todd C. Miller + + * src/get_pty.c: + Fix typo that prevented compilation on Irix; Friedrich Haubensak + [b48be51b65fc] + +2010-08-16 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, + common/atobool.c, common/fileops.c, common/fmt_string.c, + common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c, + compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c, + compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, + compat/getprogname.c, compat/glob.c, compat/isblank.c, + compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c, + compat/nanosleep.c, compat/setenv.c, compat/snprintf.c, + compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, + compat/unsetenv.c, compat/utimes.c, include/compat.h, + include/missing.h, plugins/sample/sample_plugin.c, + plugins/sample_group/getgrent.c, + plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in, + plugins/sudoers/audit.c, plugins/sudoers/boottime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c, + src/sudo.h, src/sudo_noexec.c, src/ttysize.c: + Merge compat.h and missing.h into missing.h + [572909ae9716] + +2010-08-14 Todd C. Miller + + * plugins/sudoers/auth/pam.c: + If the user hits ^C while a password is being read, error out before + reading any further passwords in the pam conversation function. + Otherwise, if multiple PAM auth methods are required, the user will + have to hit ^C for each one. + [23782631748c] + +2010-08-12 Todd C. Miller + + * plugins/sudoers/check.c: + Update comment + [a5296cb3a20a] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document sudo_conv_t function and sudo_printf_t return values. + [745c0017814c] + + * src/conversation.c: + Make _sudo_printf return the number of characters printed on success + like printf(3). + [8eeefe8d7e77] + +2010-08-10 Todd C. Miller + + * plugins/sudoers/sudoers.c: + sudoers.h includes sudo_plugin.h for us + [cabe68e07807] + + * common/Makefile.in, common/gettime.c, compat/mkstemps.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h, + src/sudo_edit.c: + Use gettimeofday() directly instead of via the gettime() wrapper. + [7490426c99ae] + + * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c, + compat/strerror.c, config.h.in, configure, configure.in, + include/compat.h, include/missing.h, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c: + Remove some obsolete configure tests, ancient Unix systems are no + longer supported. + [2be6218c3a36] + +2010-08-07 Todd C. Miller + + * sudo.pp: + Set pp_kit_version and strip off patch level + [aacfda1b676d] + + * sudo.pp: + Better handling of versions with a patchlevel. For rpm and deb, use + the patchlevel+1 as the release. For AIX, use the patchlevel as the + 4th version number. For the rest, just leave the patchlevel in the + version string. + [638bd35f2346] + +2010-08-06 Todd C. Miller + + * plugins/sudoers/auth/sudo_auth.c: + For non-standalone auth methods, stop reading the password if the + user enters ^C at the prompt. + [82c2911bb264] + + * configure, configure.in, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/pwutil.c: + No need to look up shadow password unless we are doing password- + style authentication. This moves the shadow password lookup to the + auth functions that need it. + [ba9e3eba2b72] + + * plugins/sudoers/sudoers.c: + Retain final passwd/group refs until the policy close() function. + Note that this doesn't get called in all cases so putting this in a + cleanup function is probably better. + [bbe214cb4119] + + * plugins/sudoers/check.c: + Fix mismerge + [395115f89dd6] + + * plugins/sudoers/check.c: + When removing/resetting the timestamp file ignore the tty ticket + contents. + [b709f5667a0b] + + * plugins/sudoers/sudoers.c: + delref sudo_user.pw, runas_pw and runas_gr immediately before we + return. + [4d67d15dfd3b] + +2010-08-04 Todd C. Miller + + * plugins/sudoers/check.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Reference count cached passwd and group structs. The cache holds + one reference itself and another is added by sudo_getgr{gid,nam} and + sudo_getpw{uid,nam}. The final ref on the runas and user passwd and + group structs are persistent for now. + [e544685523c3] + + * doc/UPGRADE: + fix typo + [e32f2d35e6c9] + +2010-08-03 Todd C. Miller + + * plugins/sudoers/check.c: + Do not produce a warning for "sudo -k" if the ticket file does not + exist. + [1598f6061b75] + + * plugins/sudoers/pwutil.c: + Instead of caching struct passwd and struct group in the red-black + tree, store a struct cache_item which includes both the key and + datum. This allows us to user the actual name that was looked up as + the key instead of the contents of struct passwd or struct group. + This matters because the name in the database may not match what we + looked up, due either to case folding or truncation (historically at + 8 characters). Also mark the disabled calls to sudo_freepwcache() + and sudo_freegrcache() as broken since we use cached data for things + like set_perms() and the logging functions. Fixing this would + require making a copy of the structs for user and runas or adding a + reference count (better). + [225d4a22f60e] + + * plugins/sudoers/Makefile.in: + Fix path to mkinstalldirs + [b4968379b12d] + + * plugins/sudoers/check.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/exec_pty.c, src/get_pty.c, src/tgetpass.c: + Quiet gcc warnings on glibc systems that use warn_unused_result for + write(2) and others. + [c99f138960e0] + +2010-08-02 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add %option noinput + [72b9cd49b4f1] + + * aclocal.m4, configure, configure.in: + Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add + back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when + cross-compiling. + [e385c176d0ee] + +2010-07-31 Todd C. Miller + + * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in: + Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT + and AC_CHECK_SIZEOF([long int]) instead of rolling our own. + [cf3e60d9c440] + +2010-07-29 Todd C. Miller + + * pp: + Update to latest version + [32f93be33961] + +2010-07-28 Todd C. Miller + + * sudo.pp: + Let pp determine pp_aix_version itself. + [7cf0245d84ed] + + * INSTALL, config.h.in, configure, configure.in, mkpkg, + plugins/sudoers/sudoers.c: + Add support for Ubuntu admin flag file and enable it when building + Ubuntu packages. + [00e27cff2dfb] + + * plugins/sudoers/sudoers, sudo.pp: + Add commented out SuSE-like targetpw settings + [4605d47b7413] + + * configure, configure.in: + Only try to use +DAportable for non-GCC on hppa + [75d0f284ccf7] + + * configure, configure.in: + Prevent configure from adding the -g flag unless in devel mode + [b1fd3f8d45c0] + +2010-07-27 Todd C. Miller + + * sudo.pp: + Go back to sudo-flavor to match existing packages and only use an + underscore for those that need it. + [d737069d1e1c] + + * sudo.pp: + Use sudo_$flavor instead of sudo-$flavor since that causes the least + amount of trouble for the various package managers. + [71f547af35fc] + + * mkpkg: + Fix handling of the ldap flavor Remove destdir unless --debug was + specified Make distclean before running configure if there is a + Makefile present + [6316f08de7d3] + + * sudo.pp: + Add back include file. + [195627bf68b8] + + * mkpkg: + Pass extra args on to configure on HP-UX, if we don't have the HP C + compiler, disable zlib to prevent gcc from finding it in + /usr/local/lib. + [473efa0e2bac] + + * mkpkg: + Use the HP ANSI C compiler on HP-UX if possible + [fb249b6b175d] + + * plugins/sudoers/sudoreplay.c: + Some getline() implementations (FreeBSD 8.0) do not ignore the + length pointer when the line pointer is NULL as they should. + [2410a1a3543c] + + * plugins/sudoers/sudoreplay.c: + Don't need to check for *cp being non-zero, isdigit() will do that. + [7df11ea8a487] + + * plugins/sudoers/sudoreplay.c: + Add setlocale() so the command line arguments that use floating + point work in different locales. Since sudo now logs the timing + data in the C locale we must Parse the seconds in the timing file + manually instead of using strtod(). Furthermore, sudo 1.7.3 logged + the number of seconds with the user's locale so if the decimal point + is not '.' try using the locale-specific version. + [4d385765f23b] -2009-02-21 17:03 millert + * src/exec.c: + Do I/O logging in the C locale so the floating point numbers in the + timing file are not locale-dependent. + [5961cec044ec] + + * plugins/sudoers/sudoreplay.c: + Use errorx() not error() for thingsthat don't set errno. + [0fe5e692af84] + +2010-07-26 Todd C. Miller + + * pp: + Better support for 1.2.3 style versions in Tru64 kits + [997c549bb777] + + * sudo.pp: + Add Tru64 kit support + [e273a954f981] + + * pp: + Remove apparently unnecessary use of sudo + [be8840d85125] + + * Makefile.in, plugins/sudoers/Makefile.in: + Create timedir as part of install-dirs target. + [c736bc2fb14f] + + * src/exec_pty.c: + Handle ENXIO from read/write which can occur when reading/writing a + pty that has gone away. + [fa2e8059879f] + + * plugins/sudoers/pwutil.c: + sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL + [3a045475d5ee] + + * mkpkg: + platform is a pp flag not a variable + [12eba39a47c1] + + * Makefile.in, mkpkg, sudo.pp: + Add simple arg parsing for mkpkg so we can set debug, flavor or + platform. + [ada839fe252d] + + * pp: + Make rpm backend work on AIX 5.x + [549a76d11393] + +2010-07-25 Todd C. Miller + + * plugins/sudoers/sudoers: + Add commented out Defaults entry for log_output + [7e67d7588900] + +2010-07-23 Todd C. Miller + + * doc/Makefile.in: + Remove sudo docdir completely + [dce8e82878ef] + + * doc/sample.sudo.conf: + Add sample sudo.conf + [aafdba3fc411] + +2010-07-22 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Add PACKAGE_TARNAME for docdir + [930c92b8f8f0] + +2010-07-23 Todd C. Miller + + * src/Makefile.in: + Pass install-sh -b~ here too. + [c3f5eb446c38] + + * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Install binary files with -b~ to make a backup. Fixes "text file + busy" error on HP-UX during install. + [81f306f54f8c] + + * install-sh: + "mv -f" on HP-UX doesn't unlink the destination first so add an + explicit rm before moving the temporary into place. + [fb719a79582d] + + * configure, configure.in: + Some more ${foo} -> $(foo) conversion for consistent Makefiles. + [0aa098770074] + + * doc/Makefile.in, plugins/sudoers/Makefile.in: + Install sudoers2ldif in the doc dir + [33ac3b53d7f5] + +2010-07-22 Todd C. Miller + + * pathnames.h.in: + Add missing include of maillock.h for Solaris + [5a58883be23a] + + * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE, + doc/sample.syslog.conf, doc/sudoers.cat: + Change the default syslog facility from local2 to authpriv (or auth + if the operating system doesn't support authpriv). + [3b70ba514f49] + + * Makefile.in, sudo.pp: + Install sudoers as /etc/sudoers on RPM and debian systems where the + package manager will not replace a user-modified configuration file. + This fixes upgrades from the vendor sudo packages. + [d886b6d60b5b] + + * pp: + RPM: use %config(noreplace) instead of %config for volatile This + results in the new file being installed with a .rpmnew suffix + instead of the file being replaced and the old one renamed with a + .rpmsave suffix. + [58be2119f8e8] + +2010-07-21 Todd C. Miller + + * compat/mkstemps.c, plugins/sudoers/boottime.c: + Include time.h for struct timeval + [ddf8b04f0276] + + * src/exec_pty.c: + The return value of strsignal() may be const and should be treated + as const regardless. + [620074ae1e77] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Mention that 127.0.0.1 will not match, nor will localhost unless + that is the actual host name. + [8b574122eb8f] + + * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE: + Rename WHATSNEW -> NEWS + [d1a2c8c47d89] + + * pp: + Updated pp with latest patches + [98e16b9b8f62] + + * WHATSNEW: + Sync with 1.7.4 + [65ac4dafeef7] - * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: - Implement umask_override + * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/sudoers: + Add commented out line to add HOME to env_keep and add a warning to + the note about the HOME change in UPGRADE. + [0d6a775bb6c8] + +2010-07-20 Todd C. Miller + + * plugins/sudoers/sudoreplay.c: + Add LINE_MAX define for those without it. + [446d9dbe7859] + + * INSTALL, WHATSNEW, config.h.in, configure, configure.in, + doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/defaults.c: + The tty_tickets option is now on by default. + [a01c48206d80] + + * WHATSNEW: + Mention that AIX authdb support has been fixed. + [87bd7f4eba6a] + + * common/aix.c: + setauthdb() only sets the "old" registry if it was set by a previous + call to setauthdb(). To restore the original value, passing NULL + (or an empty string) to setauthdb() is sufficient. + [470da190a254] + +2010-07-19 Todd C. Miller + + * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, + doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/env.c: + Reset HOME when env_reset is enabled unless it is in env_keep + [f421f8827340] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + The default for set_logname has been "true" for some time now. + [f489da5674c3] + + * plugins/sudoers/boottime.c: + Add missing include of time.h + [624d7014932f] + + * plugins/sudoers/logging.c: + Fix check for dup2() return value. + [140ea2d50d20] + + * plugins/sudoers/env.c: + Add PYTHONUSERBASE to initial_badenv_table + [3149aae5b12c] + + * plugins/sudoers/visudo.c: + Treat an unknown defaults entry as a parse error. + [b3ebad73efb2] + + * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Check return value of setdefs() but don't stop setting defaults if + we hit an unknown one. + [945e752239ab] + + * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, + doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in, + plugins/sudoers/env.c: + If env_reset is enabled, set the MAIL environment variable based on + the target user unless MAIL is explicitly preserved in sudoers. + [a1b03e2e0e96] + +2010-07-17 Todd C. Miller + + * pp: + decode debian code names + [8741280d9960] + + * WHATSNEW: + fix typo + [a8a19451110b] + +2010-07-16 Todd C. Miller + + * WHATSNEW: + Merge with 1.7.4 + [9348fa7e15b8] + + * src/sudo.c: + Restore RLIMIT_NPROC after the uid switch if it appears that + runas_setup() did not do it for us. Fixes a bash script problem on + SuSE with RLIMIT_NPROC set to RLIM_INFINITY. + [786fb272e5fd] + +2010-07-15 Todd C. Miller + + * mkpkg, pp, sudo.pp: + Restore the dot removal in the os version reported by polypkg. Adapt + mkpkg and sudo.pp to the change. + [dcafdd53b88f] + +2010-07-16 Todd C. Miller + + * INSTALL: + document --with-pam-login + [ea93e4c6873c] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + The tag is NOSETENV, not UNSETENV. From Petr Uzel. + [2ac90d8de36e] + +2010-07-15 Todd C. Miller + + * sudo.pp: + Include flavor in solaris package name + [e605f6364c9f] + + * mkpkg: + Older shells don't support IFS= so set explictly to space, tab, + newline. + [7773960bc8a0] + + * mkpkg: + Use '=' not '==' in test + [c99d42bc48e6] + + * mkpkg: + Fix typo that prevented debian from matching + [84421078fcb7] + + * mkpkg: + Add missing prefix setting for debian + [6466f23de4aa] + + * sudo.pp: + Use tab indents to reduce the chance of problem with <<- Fix the + debian %set section, pp does not set pp_deb_distro Uncomment %sudo + line in sudoers for debian Uncomment some env_keep lines for RHEL, + SLES and debian to more closely match the vendor sudoers files. + Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on + debian for ldap flavor + [c5b49feb1a0c] + + * plugins/sudoers/sudoers: + Add commented out env_keep entries, sample Aliases and a %sudo line + for debian. + [387719e52d0f] + + * configure, configure.in: + Move zlib check later on in the script to avoid a strange shell + problem on SLES11. + [1a3153bb1291] + + * configure.in: + Remove check for egrep; configure has its own + [a3b9d98cb5d2] + +2010-07-14 Todd C. Miller + + * mkpkg: + Enable zlib for linux distros + [8fa51a1405a4] + + * mkpkg: + Add ldap flavor to default build + [97644f5a555f] + + * mkpkg, sudo.pp: + Simplify rpm linux distro settings + [b9dcf10cdf20] + + * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat: + Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo. + [2c549c1acde9] + + * Makefile.in: + Fix ChangeLog creation from build dir + [3d0c7904f173] + + * plugins/sudoers/sudoers.c: + Handle getcwd() failure. + [aef7bef87394] + + * doc/Makefile.in, mkpkg, sudo.pp: + Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR + environment variable. + [be6ed611b7a8] + + * sudo.pp: + Create sudo group on debian + [6ed6c032042e] + + * mkpkg, sudo.pp: + Add debian 4/5/6 and use the dot when doing version matches + [6bcb664d1f4f] + + * aclocal.m4, configure: + Use a loop when searching for mv, sendmail and sh + [d5e9369f8d13] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Remove spurious "and"; from debian + [a21e6f7c5b99] + + * aclocal.m4, configure, configure.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.pod: + Substitute the value of EDITOR into the sudoers and visudo manuals. + [cd79e587dd7f] + +2010-07-13 Todd C. Miller + + * mkpkg, pp, sudo.pp: + Initial support for debian 4.0 + [ac6707915fa8] + + * mkpkg: + Some platforms need -fPIE instead of -fpie + [fd6be19e5bc2] + + * plugins/sudoers/auth/pam.c: + Only set PAM_RHOST for Solaris, where it is needed to avoid a bug. + On Linux it causes a DNS lookup via libaudit. + [1e10105ade5b] + + * MANIFEST: + Update MANIFEST to match packaging changes + [ef86ee557b5b] + + * sudo.psf: + We now use pp to generate HP-UX packages + [f7aa8da7844e] + + * INSTALL.binary, plugins/sudoers/Makefile.binary.in: + Remove vestiges of old binary package bits. + [afffd005452f] + + * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + install-man -> install-doc + [99b5fa05567c] + + * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg, + plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp: + Use http://rc.quest.com/topics/polypkg/ for packaging + [5ca8eb75b223] + + * install-sh: + Just ignore the -c option, it is the default Add support for -d + option + [a8b6b0a131e8] + +2010-07-12 Todd C. Miller + + * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c: + Use _PATH_STDPATH instead of _PATH_DEFPATH + [137fa911908e] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Do not strip binaries. + [20166e287176] + + * INSTALL, configure, configure.in: + Add --insults=disabled configure option to allow people to build in + insult support but have the insults disabled unless explicitly + enabled in sudoers. + [523b8c552e90] + + * compat/mkstemps.c: + Add prototype for gettime() + [275eee40473b] + + * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c, + plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add support for a sudo-i pam.d file to be used for "sudo -i". + Adapted from a RedHat patch. + [06d34f16520b] + +2010-07-09 Todd C. Miller + + * include/missing.h: + Fix mkstemps() prototype + [2421841e815b] + + * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c, + config.h.in, configure, configure.in, include/missing.h, + src/sudo_edit.c: + Use mkstemps() instead of mkstemp() in sudoedit. This allows + sudoedit to preserve the file extension (if any) which may be used + by the editor (like emacs) to choose the editing mode. + [d33172d2c086] + +2010-07-08 Todd C. Miller + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, + plugins/sudoers/ldap.c: + TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses + TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client + code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you + should avoid disabling TLS_CHECKPEER is possible. + [196622436212] + +2010-07-07 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Make sudo_plugin format a bit more like a man page + [048d596e32da] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add suport for negated user/host/command lists in a Defaults entry. + E.g. Defaults:!baduser noexec + [d41112cf0342] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Add uninstall target + [fea66ebf136a] + + * common/Makefile.in, compat/Makefile.in: + Remove unused AR, SED and RANLIB variables + [2ff9928bfdb3] + + * Makefile.in: + Do not install sample plugins + [5443b87bd1c3] + +2010-07-06 Todd C. Miller + + * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure, + configure.in, plugins/sudoers/env.c: + Now that sudoers is a dynamically loaded module we cannot override + the libc environment functions because the symbols may already have + been resolved via libc. Remove getenv/putenv/setenv/unsetenv + replacements from sudoers and add replacements for setenv/unsetenv + for systems that lack them. + [3f2b43cb8851] + + * configure, configure.in, plugins/sudoers/Makefile.in: + Link testsudoers with -ldl when needed + [f79606f9fcd7] + + * plugins/sample_group/plugin_test.c: + Remove unused time.h and add limits.h for PATH_MAX + [3f5d0074d621] + + * doc/sudoers.ldap.pod: + Fix typo. + [bc855fd57397] + +2010-07-05 Todd C. Miller + + * plugins/sample_group/plugin_test.c: + Do not depend on strlcpy/strlcat + [6e7e2b5af051] + + * plugins/sample_group/plugin_test.c: + Standalone test driver for sudoers group plugin. + [eb1235fc3b8e] + +2010-07-02 Todd C. Miller + + * plugins/sudoers/group_plugin.c, src/load_plugins.c: + Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging + aid. + [2a34e616229b] + + * plugins/sample_group/sample_group.c: + Fix style nit in function declarations + [ab87c7c76bf9] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document group_plugin syntax. + [ed1faf72ddcb] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document the sudoers group plugin. + [f19a62dc8cfc] + + * INSTALL, MANIFEST, Makefile.in, config.h.in, configure, + configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h, + plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c, + plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c, + plugins/sudoers/match.c, plugins/sudoers/nonunix.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c: + Replace built-in non-unix group support with a sudoers group plugin. + Include a sample plugin that can read Unix-format group files. + [8fc58ce0b1a8] + + * configure, configure.in, src/load_plugins.c: + Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage. + [5c491dddb8ef] + +2010-07-01 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod: + Move sudoers-specific bits out of sudo(8) and into sudoers(5) + [e8a5a5830cfe] + + * aclocal.m4, configure, configure.in: + Substitute @io_logdir@ for the sudoers I/O log directory. + [21a75ca7b0ab] + +2010-06-29 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, + common/atobool.c, common/fileops.c, common/fmt_string.c, + common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c, + compat/getgrouplist.c, compat/getline.c, compat/glob.c, + compat/snprintf.c, config.h.in, configure, configure.in, + include/fileops.h, plugins/sample/sample_plugin.c, + plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c, + src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c, + src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c: + Set usrinfo for AIX Set adminstrative domain for the process when + looking up user's password or group info and when preparing for + execve(). Include strings.h even if string.h exists since they may + define different things. Fixes warnings on AIX and others. + [cf8b93e872c9] + + * Makefile.in: + Add a separate all target for AIX make which was using the entire + LHS (not just the first entry) of the first target as the implicit + target. + [a45b980a01ef] + + * plugins/sudoers/env.c: + Do not rely on env.env_len when unsetting a variable, just use the + NULL terminator. + [ca6eb239c829] + + * plugins/sudoers/env.c: + In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008 + [7046ba7caa4e] + +2010-06-25 Todd C. Miller + + * plugins/sudoers/vasgroups.c: + Use warningx() instead of log_error() since the latter is not + available to visudo or testsudoers. This does mean that they don't + end up in syslog. + [152b7c50f426] + + * plugins/sudoers/sudoers.c: + Defer call to sudo_nonunix_groupcheck_cleanup() until after we have + closed the sudoers sources. From Quest sudo. + [c1cd573bab94] + + * plugins/sudoers/pwutil.c: + Ignore case when matching user/group names in the cache. From Quest + sudo. + [2aa4ecc7d7f5] + +2010-06-24 Todd C. Miller + + * config.h.in, configure, configure.in, src/selinux.c: + Add check for setkeycreatecon() when --with-selinux is specified. + [affae247b4e0] + + * configure, configure.in: + Error out if libaudit.h is missing or ununable when --with-linux- + audit was specified + [d82e743fac04] + + * doc/HISTORY, doc/history.pod: + Add =head3 entries, mostly for the html version + [ee93112d0308] + +2010-06-22 Todd C. Miller + + * doc/HISTORY, doc/history.pod: + Mention when LDAP was incorporate. + [2923dc17f79c] + +2010-06-21 Todd C. Miller + + * configure, configure.in: + Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is + not covered by _ALL_SOURCE. + [c92fd69809d0] + +2010-06-18 Todd C. Miller + + * plugins/sudoers/iolog.c: + Add a cast to quiet a compiler warning. + [a200e07ee1bc] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Quiet a compiler warning. + [c9acfc927cea] + + * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Call set_fqdn() after sudoers has parsed instead of inline as a + callback. + [5f4e5d075f2d] + + * WHATSNEW, plugins/sudoers/sudoers.c: + Do not call set_fqdn() until sudoers parses (where is gets run as a + callback). + [09040fca6d40] + + * WHATSNEW: + mention the change in tty ticket behavior when there is no tty + [575a1fd98f05] + + * plugins/sudoers/check.c: + Do not update tty ticket if there is no tty. + [63f9c33ce6a7] + + * doc/LICENSE, doc/license.pod: + Update copyright year + [0722ab5d404b] + + * doc/Makefile.in: + Do not rely on BSD make's $> + [936a86398bd9] + + * configure, configure.in: + Set timedir to /var/db/sudo for darwin to match Apple sudo's + location + [d5b9b03096f1] + +2010-06-16 Todd C. Miller + + * plugins/sudoers/sudoers.h: + Add stub declarations for struct stat and struct timeval + [f6d90551a4fd] + + * MANIFEST: + Remove compat/sigaction.c + [d0ed6d9a770e] + + * config.h.in, configure, configure.in, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: + Check for zlib.h in addition to libz. + [6e191b4a6065] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h, + src/sudo_exec.h: + Move functions and symbols shared between exec.c and exec_pty.c into + sudo_exec.h. + [14ae63403544] + + * doc/Makefile.in: + Comment out rules to build .man.in and .cat files unless --with- + devel + [3cf7e5606a85] + + * doc/Makefile.in: + Comment out rules to build .man.in and .cat files unless --with- + devel + [d30495b0e29e] + + * src/parse_args.c: + Quote any non-alphanumeric characters other than '_' or '-' when + passing a command to be run via the shell for the -s and -i options. + [d633f74fe2d9] + + * doc/Makefile.in: + Add back .man suffix + [6e63b60a2739] + + * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, + src/selinux.c: + Add Linux audit support. + [5a2f445e0bd4] + +2010-06-15 Todd C. Miller + + * plugins/sudoers/iolog.c: + Remove an XXX + [a170cbe651d1] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, + plugins/sudoers/sudoreplay.c: + Add -f (filter) option to sudoreplay to allow certain streams to be + replayed and others ignored. + [62e51b432ea1] + + * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h, + src/tgetpass.c: + Fix -A flag when askpass is specified in sudo.conf or if sudo + doesn't need to read a password. + [2e401e4a00e3] + + * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c, src/tgetpass.c: + Clean up some XXXs + [689f0b002d3d] + + * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for multiple sudoers_base entries in ldap.conf. From + Joachim Henke + [e3e4a3c2bd5b] + + * config.h.in, configure, configure.in, plugins/sudoers/logging.c, + src/exec_pty.c: + remove setsid check, we require a POSIX system + [cc73cb9e22c0] + + * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c, + src/sudo.c, src/tgetpass.c: + Check for dup2() failure. + [5d46d66794f5] + + * config.h.in, configure, configure.in: + Remove dup2() check, it is not optional. + [5f1d56de4384] + +2010-06-14 Todd C. Miller + + * WHATSNEW: + sync with sudo 1.7.3 + [88e5c0bd6d59] + + * INSTALL: + SunOS does not ship with an ANSI compiler + [f13c85c67069] + + * INSTALL: + Update OS specific notes. Delete some really ancient ones and move + older ones to the end of the list. + [59ce592c4c52] + + * README: + Sudo can be downloaded from the web site too Mention "OS dependent + notes" section in INSTALL + [191871538984] + + * src/exec_pty.c, src/selinux.c: + Call selinux_restore_tty() as part of cleanup() so it gets called + from error()/errorx() + [bb017da6b6da] + + * MANIFEST, doc/PORTING: + Remove obsolete porting guide + [321e35591344] + + * plugins/sudoers/interfaces.h, plugins/sudoers/match.c: + Move union sudo_in_addr_un into interfaces.h + [b2c8b19ee094] + + * doc/Makefile.in: + Remove useless circular dependencies + [5682181b59cf] + + * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c: + Convert to ANSI C function declarations + [a4f76927d034] + + * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c, + common/zero_bytes.c, compat/charclass.h, compat/closefrom.c, + compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, + compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c, + compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, + compat/strlcpy.c, compat/timespec.h, compat/utime.h, + compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod, + include/alloc.h, include/error.h, include/lbuf.h, include/list.h, + include/missing.h, pathnames.h.in, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/match.c, + plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c, + plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, + plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c, + src/conversation.c, src/error.c, src/load_plugins.c, + src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c, + src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c: + Update copyright year + [26ac7991f7d8] + + * doc/Makefile.in: + Fix commented DEVDOCS when not in devel mode. + [e0a97eaf3793] + + * plugins/sudoers/match.c: + Quiet a compiler warning. + [b2a17ebd5d38] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Quiet a compiler warning. + [687843bc593d] + + * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h: + Make all functions in ldap.c static + [b2111e89eeba] + + * doc/schema.ActiveDirectory: + Updates from Alain Roy to provide better examples for importing the + schema and to fix problems caused by Windows validating attributes + which have not yet been added before committing the changes. + [69f4c5ccaf89] + +2010-06-11 Todd C. Miller + + * configure, configure.in, doc/Makefile.in, doc/sudo.cat, + doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, + doc/visudo.cat, doc/visudo.man.in: + Leave rules to build .man.in and .cat files uncommented but only + make them part of the "all" rule in devel mode. Generate .cat files + directly from .man.in instead of .man using default values in + configure.in + [c3054a44f6a5] + + * configure, configure.in: + Bump sudo version to 1.8.0b1 + [8f79c85135e1] + + * configure, configure.in, src/sudo.c, src/sudo_usage.h.in: + Print configure args with verbose version information. + [1ce690660ed2] + + * TODO, plugins/sudoers/visudo.c: + Remove tfd from struct sudoersfile; it is not used. Add prev pointer + to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE. + Use tq_append to append sudoers entries to the tail queue. + [1743f9a286e4] + +2010-06-10 Todd C. Miller + + * WHATSNEW: + Describe tty timestamp improvements + [e214e863a313] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + A comment character may not be part of a command line argument + unless it is quoted with a backslash. Fixes parsing of: + testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441 + [ea2e990f85ed] + + * doc/sudoers.pod: + Make this read a little bit better when passwd_timeout is 0. + [39d362757f31] + + * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod: + Attempt to handle a default password prompt timeout of zero more + gracefully. + [ea47d43acf5b] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Do not override value of keepopen global, instead restore it to the + value we pushed onto the stack when popping. + [fe282e5a3402] + + * plugins/sudoers/Makefile.in: + Add dependency for utility programs on libreplace and libcommon + [2339aba64928] + + * compat/sigaction.c, config.h.in, configure.in, include/compat.h, + plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, + src/exec.c, src/exec_pty.c, src/tgetpass.c: + Remove sigaction emulation Use SA_INTERRUPT in sa_flags + [7dd61f1bd8d2] + + * MANIFEST, config.h.in, configure, configure.in, include/missing.h: + We don't use getgrouplist() at the moment so there's no need to + provide a compat version. + [1597536fbada] + + * TODO: + sync with reality + [9e1a874e7885] + + * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, + src/conversation.c, src/sudo.h, src/tgetpass.c: + Fix visiblepw sudoers option; the plugin API portion still needs + documenting + [60b6933ef5e0] + + * src/sudo.c: + Print sudo version as well. + [987ed459b459] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Use sudo_printf for I/O log version Clarify policy plugin version + string + [5a58b7e8c80b] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c: + Silence some compiler warnings + [afb1eba90915] + + * src/load_plugins.c, src/tgetpass.c: + Store askpass path in a global instead of uses setenv() which many + systems lack. + [b440bcc0e660] + +2010-06-09 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/check.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c, + src/tgetpass.c: + Move askpass path specification from sudoers to sudo.conf. + [5507ab867c26] + + * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Use a flag bit in struct command_details for selinux instead of a + separate field. + [c59ca4acded9] + + * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Implement background mode. If I/O logging we use pipes instead of a + pty. + [c07a4b356cbd] + + * compat/mksiglist.c, compat/strsignal.c, include/compat.h, + src/exec.c, src/exec_pty.c, src/tgetpass.c: + Move compat definition of NSIG to compat.h + [ab0385467f25] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Mention plugins in the sudo manual and add some missing path + substitution in the sudo_plugin manual. + [570f831f47a3] + + * src/Makefile.in: + Set _PATH_SUDO_CONF based on $(sysconfdir) + [fde51869cf07] + + * common/lbuf.c, common/term.c, config.h.in, configure, configure.in, + src/exec.c, src/exec_pty.c, src/ttysize.c: + Require POSIX termios to build sudo + [9ec6b41f3f95] + + * src/tgetpass.c: + Ignore SIGPIPE for "sudo -S" + [7ad27fde0c06] + + * src/tgetpass.c: + Fix uninitialized variable in TGP_ECHO case and print a newline if + the user interrupted password input. + [ce19204d8dd4] + + * src/tgetpass.c: + Make TGP_ECHO override TGP_MASK and don't try to restore the + terminal if we didn't modify it. + [a7e11abfe7e4] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, + src/conversation.c, src/sudo.h, src/tgetpass.c: + Add SUDO_CONV_PROMPT_MASK define which corresponds to the + "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is + set. + [e0550590cabe] + + * src/exec_pty.c: + Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl + [762448182fe3] + +2010-06-08 Todd C. Miller + + * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h: + Add selinux_enabled flag into struct command_details and set it in + command_info_to_details(). Return an error from selinux_setup() + instead of exiting. Call selinux_setup() from exec_setup(). + [011bea23a5a0] + +2010-06-09 Todd C. Miller + + * src/exec_pty.c: + Remove commented out copy of old sudo_execve() function. + [9c5e21380472] + +2010-06-08 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Fix setting selinux type on command line. + [814b20a0b3be] + + * plugins/sudoers/iolog.c: + In sudoers_io_close(), skip NULL io_fds[] elements. + [4011ff7d4daf] + + * include/compat.h: + No longer need NGROUPS_MAX define + [cae4c49d7077] + + * compat/nanosleep.c, config.h.in, configure, configure.in, + include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c, + plugins/sudoers/visudo.c, src/sudo_edit.c: + Replace timerfoo macros with timevalfoo since the timer macros are + known to be busted on some systems. + [4f97d79f2d41] + + * src/exec_pty.c: + Remove duplicate call to selinux_setup(). + [82bd52764e21] + + * plugins/sudoers/auth/pam.c: + If pam_open_session() fails, pass its status to pam_end. + [1d8de4cf8ff3] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + If a file in a #includedir has improper permissions or owner just + skip it. This prevents packages that incorrectly install a file + into /etc/sudoers.d from breaking sudo so easily. Syntax errors in + #includedir files still result in a parse error (for now). + [ade99a4549a4] + + * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/iolog.c: + Add use_pty sudoers option to force use of a pty even when not + logging I/O. + [b280a8972a79] + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: + Make env_init() void as it never fails. + [d3890e55daa7] + + * plugins/sudoers/env.c: + No longer use _NSGetEnviron so don't need crt_externs.h + [9b4e0e139881] + + * plugins/sudoers/env.c: + Remove unused VNULL define + [a42cacb263e3] + +2010-06-07 Todd C. Miller + + * plugins/sudoers/iolog.c: + Add #define for maximum session id + [9e18c17a28c2] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h: + Split exec.c into exec.c and exec_pty.c + [d52376327332] + + * MANIFEST: + Sync with source file moves. + [4a62c6c9e846] + + * src/Makefile.in, src/get_pty.c, src/pty.c: + Rename pty.c -> get_pty.c + [5696a12bd29b] + +2010-06-06 Todd C. Miller + + * plugins/sudoers/iolog.c: + Only use I/O input log file if def_log_input is set and output file + if def_log_output is set. + [d866992f1681] -2009-02-21 16:51 millert +2010-06-04 Todd C. Miller - * toke.c: regen + * compat/strsignal.c: + Update copyright year + [a96f2593fd4e] -2009-02-21 16:49 millert + * src/pty.c: + uid -> ttyuid + [c3454d74ebcb] + + * plugins/sudoers/sudoers.c: + For sudoedit, make a local copy of editor string si become part of + argv. If no editor environment variable, split def_editor on ':' + since it may be a colon-delimited path. + [2ee298506a6e] + + * src/sudo_edit.c: + Remove unneeded endpwent()/endgrent() + [623f6743d101] - * sudoers.pod, toke.l, visudo.c: Implement %h escape in sudoers - include filenames. + * doc/Makefile.in: + Use value of nroff from configure + [b2ce649125ab] + + * src/exec.c: + Add missing const to I/O log action function + [d764a3955e04] + + * plugins/sudoers/check.c: + Update copyright year and fix whitespace + [e648c35b16be] + + * configure, configure.in: + Fix typo + [8e0bdfc47da4] + + * plugins/sudoers/iolog.c: + Remove redundant tty signal blocking in log function. + [f17f575dabd4] + +2010-06-03 Todd C. Miller + + * plugins/sudoers/iolog.c: + Place static keyword where it belongs + [b01aec7c86b4] + + * plugins/sudoers/logging.c: + Always use a printf format string for send_mail() + [13b1ada644c9] + + * common/atobool.c, plugins/sudoers/ldap.c: + Extend atobool() so we can use it in the LDAP code. + [73f8e6807044] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: + Sudo now stashes tty ctime for tty_tickets on Solaris too. + [e82df13ad3fd] + + * plugins/sudoers/boottime.c: + Fix dummy version of get_boottime() + [01d69c06013b] -2009-02-21 08:43 millert +2010-06-02 Todd C. Miller + + * plugins/sudoers/check.c: + Enable tty_is_devpts() support for Solaris with the "devices" + filesystem. + [237c6b25fa84] + + * src/exec.c: + Unbreak the non-io logging case. + [4822b9f709fb] + + * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: + Fix symbol name conflict with sudo_printf. + [0d44eab0a8f6] + + * plugins/sudoers/auth/pam.c: + Fix OpenPAM detection for newer versions. + [1b2abed232d8] + + * plugins/sudoers/vasgroups.c: + Sync with Quest sudo git repo + [f1d98b3cba02] + + * aclocal.m4, configure, configure.in: + HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check + Add missing template for ENV_DEBUG Adapted from Quest sudo + [695dbd7b28f4] + + * README.LDAP: + Fix typos; from Quest Sudo + [4eba9da33b8e] + +2010-06-01 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Add back -I$(top_srcdir); we need it for including compat/foo.h + since we cannot rely on "foo.h" being found relative to the source + file when the cwd is different. + [bbf24695f325] + + * src/exec.c: + Fix a bug where we could treat EAGAIN as a permanent error. Also set + cstat if perform_io() returns an error. + [200475c4326f] + + * common/alloc.c, plugins/sudoers/boottime.c, + plugins/sudoers/sudoers.c: + Add casts to quiet compiler warnings. + [85eb1c336697] + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Fix typo in ternary operator usage. + [6492ac1450e2] + +2010-05-30 Todd C. Miller + + * INSTALL, configure, configure.in: + Add --enable-warnings and fix typo in SUDO_IO_LOGDIR + [92121d693b30] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: + Update docs to match sudoers I/O logging changes + [18d651989e49] + + * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in, + pathnames.h.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c: + Break sudoers transcript feature up into log_input and log_output. + [db3c1248d2ad] + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Use setprogname() as needed. + [6beee63a4553] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: + Adapt sudoreplay to iolog changes. + [581f52c05f0f] + +2010-05-29 Todd C. Miller + + * plugins/sudoers/iolog.c: + Log all input and output into separate files and store a number on + each timing file line to indicate which file the data is in. + [fb460c5273dd] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Make sudoers_io functions static to iolog.c + [b2df3cc3eecb] + +2010-05-28 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c, + src/sudo_usage.h.in: + Completely remove the -L flag from the sudo front end. + [3d220030b720] + + * plugins/sudoers/sudoreplay.c: + Fix EAGAIN handling when writing to stdout. + [4766d77cea49] + + * plugins/sudoers/sudoers.c: + Eliminate unused variables + [83bd711e79c4] + + * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c: + Re-enable cleanup functions in sudoers plugin and sudo driver for + error()/errorx(). + [43093f937dd8] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Use sudo_printf to display verbose version information. + [435cc9f8d4a2] + + * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Minor Makefile cleanup: fix a typo, change the removal order in the + clean targets, and remove a superfluous include path for the sudoers + plugin. + [6e3b2d6b4437] + + * plugins/sudoers/env.c: + Handle duplicate variables in the environment. For unsetenv(), keep + looking even after remove the first instance. For sudo_putenv(), + check for and remove dupes after we replace an existing value. + [c1bbb88d0435] + +2010-05-27 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Use explicit path to source file instead of $< for files that live + in devdir and top_srcdir. + [358ab7f6cc64] + + * plugins/sudoers/Makefile.in: + Add explicit rules to compile gram.c and toke.c for HP-UX Pevent + ending LIBSUDOERS_OBJS with a backslash + [481a5c96d47e] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Link libcommon before libreplace since libcommon may use functions + only present in libreplace. + [1847c496ff5b] + + * common/Makefile.in: + Move code common to sudo and the sudoers plugin to a convenience + library, libcommon. Removes the need to make links in the sudoers + plugin dir and reduces re-compilation of duplicate object files. + [4c8986352937] + + * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c, + common/term.c, common/zero_bytes.c, configure, configure.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c, + src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c, + src/zero_bytes.c: + Move code common to sudo and the sudoers plugin to a convenience + library, libcommon. Removes the need to make links in the sudoers + plugin dir and reduces re-compilation of duplicate object files. + [1d1d98bd55b9] + + * src/exec.c, src/sudo.c, src/sudo.h: + Rename script_execve to sudo_execve and rename script_foo in exec.c + [a35ec80de96a] + + * MANIFEST, src/Makefile.in, src/exec.c, src/script.c: + rename script.c exec.c and fix up the MANIFEST file + [36bc3bff9578] + + * src/script.c, src/sudo.c, src/sudo.h: + Rename script_setup() to pty_setup() and call from script_execve() + directly. + [899b0fb2a14d] + + * configure, configure.in: + bump version to 1.8.0a2 + [0b1c1ca9d4e5] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document init_session + [b5324785a406] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + Clean up the sudoers auth API a bit and update the docs. + [c40fd4cb6e68] + + * include/sudo_plugin.h, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/script.c, src/sudo.c: + Add init_session function to struct policy_plugin that gets called + before the uid/gid/etc changes. A struct passwd pointer is passed + in,which may be NULL if the user does not exist in the passwd + database.The sudoers module uses init_session to open the pam + session as needed. + [d71723320ee8] + +2010-05-26 Todd C. Miller + + * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add open/close session to sudo auth, only used by PAM. This allows + us to open (and close) the PAM session from sudoers. + [2665e2920d0d] + + * plugins/sudoers/Makefile.in: + Add explicit rule to build getdate.o for HP-UX make. + [7f049e989956] + + * plugins/sudoers/Makefile.in: + Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c + rules as an alternate way to prevent HP-UX make (and others) from + trying to rebuild the parser in non-dev mode. + [f84badad98c5] + + * plugins/sudoers/sudoers.c: + Re-enable PATH_MAX check for command + [40d8a50da136] + + * Makefile.in: + For distclean, clean the main directory last since the subdirs need + to be able to run libtool to clean things. + [8949a9861634] + + * compat/Makefile.in: + Fix generation of mksiglist.h + [b7cdc9b36650] + + * src/script.c: + Now that we defer sending cstat until the end of script_child() we + cannot reuse cstat when reading command status from parent. + [25c882643466] + +2010-05-25 Todd C. Miller + + * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + Use numeric registers to handle conditionals instead of trying to do + it all with text processing. + [478079c3fd4b] + + * doc/sudoers.pod: + Document per-command SELinux settings + [13840d566805] + + * plugins/sudoers/sudoers.c: + Repair "sudo -l -U username" + [10a0dcdf2ddf] + + * plugins/sudoers/sudoers.c: + Set selinux role and type in command details. + [8ae6d35a126d] + + * src/script.c, src/selinux.c, src/sudo.h: + Rework SELinux support. + [83279cc94bf2] + +2010-05-24 Todd C. Miller + + * src/script.c, src/selinux.c, src/sudo.h: + Make SELinux support compile again. Needs more work to be complete. + [3d3addebcf82] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c, + src/sudo.h: + Bring back closefrom settings. + [b1c6257d4bbb] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + If running a command or sudoedit in transcript mode, call + io_nextid() before log_allowed() so the session id is logged. + [c42f3ae40150] + + * configure, configure.in: + Use mandoc(1) if nroff(1) is not present. + [daad4bbd04af] + + * doc/Makefile.in: + Use the --file argument to config.status instead of setting + CONFIG_FILES in the environment. + [c89411a8bf70] + + * plugins/sudoers/Makefile.in: + We cannot conditionally update gram.h or the dependency ordering + gets messed up in devel mode. + [c938953231d9] + +2010-05-21 Todd C. Miller + + * Makefile.in, compat/Makefile.in, configure, configure.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Substitute @SHELL@ into Makefiles + [36aa6a095335] + + * config.sub: + Fix typo + [16d294d26b58] + + * config.guess, config.sub, configure, configure.in: + Update to autoconf 2.65 + [4fa6ea8caea3] + + * Makefile.in: + Fix libtool target (space vs. tabs) + [755cf3892618] + + * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c: + Remove use of RETSIGTYPE; all modern systems have signal handlers + that return void. + [42b4e3aee668] + + * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in, + ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, + m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Update to libtool-2.2.6b. I haven't made any local modifications + this time, which should be OK since we install sudo_noexec.so by + hand now. + [6f79ced593bb] + + * compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Use libtool to clean objects + [1581057d6472] + + * include/Makefile.in: + Install sudo_plugin.h as part of "make install" and make other + install targets callable from the top-level Makefile + [aaaeb027d774] + + * configure, configure.in: + regen with autoupdate to eliminate AC_TRY_LINK + [5d5541c230f5] + + * Makefile.in, compat/Makefile.in, configure, configure.in, + doc/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Install sudo_plugin.h as part of "make install" and make other + install targets callable from the top-level Makefile + [b258b8401b1c] + + * plugins/sample/sample_plugin.c: + The sample plugin doesn't support being run with no args so return a + usage error in this case. + [473b3cf965be] + + * plugins/sudoers/iolog.c: + Set close on exec flag for descriptors used for I/O logging so they + are not present in the command being run. + [2c7e8708df76] + + * plugins/sudoers/tsgetgrpw.c: + Set close on exec flag in private versions of setpwent() and + setgrent(). + [64fef78cb833] + + * src/script.c: + Close the I/O pipes aftering dup2()ing them to std{in,out,err}. + Fixes extra fds being present in the command when it is part of a + pipeline. + [060451617713] + + * plugins/sudoers/sudoers.c: + Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it + is used when logging). Note that user_ttypath will still be NULL if + there is no tty. + [31b69a6ecda7] + + * src/script.c, src/sudo.h: + Cosmetic changes: add comments, remove orphaned prototype and + make a global static. + [f7851af0143e] + +2010-05-20 Todd C. Miller + + * src/script.c: + Move check for maxfd == -1 to flush_output where it belongs. + [b826a95b4491] + + * src/script.c: + Break out of select loop if all the fds we want to select on are -1. + [f5b387024238] + + * src/sudo.c: + Avoid possible malloc(0) if plugin returns an empty groups list. + [9765a8fe5ce7] + + * src/sudo.c: + Add debugging info when calling plugin close function + [95a273c7ff66] + + * src/script.c: + Avoid closing stdin/stdout/stderr when we are piping output. + [330e76423caf] + + * src/script.c: + When execve() of the command fails, it is possible to receive + SIGCHLD before we've read the error status from the pipe. Re-order + things such that we send the final status at the very end and prefer + error status over wait status. + [b0dcf825244f] + +2010-05-19 Todd C. Miller + + * plugins/sudoers/auth/sudo_auth.c: + Fix compilation for non PAM/BSD auth/AIX auth + [e382b39d2e4f] + +2010-05-18 Todd C. Miller + + * src/script.c: + Additional checks to make sure we don't close /dev/tty by mistake. + When flushing, sleep in select as long as we have buffers that need + to be written out. + [8139cbd3dd54] + + * src/script.c: + Now that we can use pipes for stdin/stdout/stderr there is no longer + a need to error out when there is no tty. We just need to make sure + we don't try to use the tty fd if it is -1. + [666621635d26] + +2010-05-17 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c: + Add argc and argv to I/O logger open function. + [0d7faa007d27] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h, + plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, + src/parse_args.c, src/sudo.c, src/sudo_edit.c: + Remove check_sudoedit function pointer in struct sudo_policy. + Instead, sudo will set sudoedit=true in the settings array. The + plugin should check for this and modify argv_out as appropriate in + check_policy. + [c0328e3276b8] + +2010-05-16 Todd C. Miller + + * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h, + src/sudo_edit.c: + If plugin sets "sudoedit=true" in the command info, enable sudoedit + mode even if not invoked as sudoedit. This allows a plugin to + enable sudoedit when the user runs an editor. + [96d67b99e42e] + +2010-05-15 Todd C. Miller + + * plugins/sudoers/Makefile.in: + gram.h must not depend on gram.y if we want to avoid unnecessary + rebuilding of targets dependent on gram.h when gram.y changes. + [9db4b767fdca] + + * plugins/sample/sample_plugin.c: + Refactor common bits of check_policy and check_edit + [ac4d366a04cf] + + * plugins/sample/sample_plugin.c: + Add sudoedit support + [a1a6cc4c0cef] + +2010-05-14 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Rely more on VPATH; fixes a dependency issue with the parser. + [45e406ebdea2] + + * include/compat.h: + Fix typo introduced in last commit + [3ccb0f853d11] + + * include/compat.h: + Emulate seteuid using setreuid() or setresuid() as needed. There are + still a few places that call seteuid() directly. + [36e8efa3a99d] + + * src/parse_args.c, src/sudo_edit.c: + Attempt to fix building on systems that only have setuid. + [8e9ba4083318] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Clarify sudoedit a tad. + [d39dfaa14ade] + +2010-05-13 Todd C. Miller + + * src/sudo_edit.c: + Fix compilation on HP-UX + [f6e47843d139] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document sudoedit + [4cbf5196d993] + + * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: + Change how we handle the sudoedit argv. We now require that there + be a "--" in argv to separate the editor and any command line + arguments from the files to be edited. + [20623d549a3c] + + * include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c: + Work in progress support for sudoedit. The actual interface used by + the plugin for sudoedit is likely to change. + [c31262a31997] + + * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c: + Make find_path() a little more generic by not checking def_foo + variables inside it. Instead, pass in ignore_dot as a function + argument. + [9c23101a094d] + + * plugins/sudoers/env.c: + Add version of getenv(3) that uses our own environ pointer. + [0e3783e63534] + +2010-05-12 Todd C. Miller + + * src/script.c: + Avoid a potential race condition if SIGCHLD is received immediately + before we call select(). + [99adc5ea7f0a] + + * plugins/sudoers/sudoers.c: + Call env_init() before we open the sudoers sources as those may call + our setenv() replacement. + [5f82601f5ab0] + + * plugins/sudoers/env.c: + Initialize env_len in env_init() + [7ae02b3029b5] + +2010-05-11 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: + Document time stamp shortcomings under SECURITY NOTES Use "time + stamp" instead of timestamp. + [2b86120815b2] + + * doc/Makefile.in: + Make sed substitution of mansectsu and mansectform global. + [94588632dba0] + + * plugins/sudoers/check.c: + If the tty lives on a devpts filesystem, stash the ctime in the tty + ticket file, as it is not updated when the tty is written to. This + helps us determine when a tty has been reused without the user + authenticating again with sudo. + [0e62a31bceb0] + + * src/tgetpass.c: + Fix pasto in mulitple signal fix and use _NSIG not NSIG since that + is what our compat checks set. + [df50f0a040c9] + + * configure, configure.in: + Add check for whether sudo need to link with -ldl to get dlopen(). + This is a bit of a hack that will get reworked when libtool is + updated. + [63bdcf579533] + + * plugins/sudoers/check.c: + Fix timestamp removal with -k/-K + [6b4639fef973] + + * plugins/sudoers/Makefile.in: + audit.c is now private to the sudoers plugin + [1974f342ae0b] + + * configure, configure.in: + Link with -lpthread on HP-UX since a plugin may be linked with + -lpthread and dlopen() will fail if the shared object has a + dependency on -lpthread but the main program is not linked with it. + [d42139391263] + + * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c: + Add separate test for getresuid() since HP-UX has setresuid() but no + getresuid(). + [910fe727a374] + + * doc/Makefile.in: + Remove errant backslash + [dd5464257c69] + + * src/script.c: + Fix SIGPIPE handling. Now that we use may use pipes for + stdin/stdout we need to pass any SIGPIPE we receive to the running + command. + [3f6b1991f4fd] + + * src/script.c: + Also start the command in the background if stdin is not a tty. + [d93bc33a3740] + +2010-05-10 Todd C. Miller + + * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c: + No need to use pseudo-cbreak mode now that we use pipes when stdout + is not a tty. Instead, check whether stdin is a tty and if not, + delay setting the tty to raw mode until the command tries to access + it itself (and receives SIGTTIN or SIGTTOU). + [e68315cf8c6b] + + * src/tgetpass.c: + Use an array for signals received instead of a single variable so we + don't lose any when there are multiple different signals. + [2ac726dac864] + + * src/tgetpass.c: + Do signal setup after turning off echo, not before. If we are using + a tty but are not the foreground pgrp this will generate SIGTTOU so + we want the default action to be taken (suspend process). + [bebb6209c795] + +2010-05-07 Todd C. Miller + + * src/script.c: + Flush the iobufs on suspend or child exit using the same logic as + the main event loop. + [c627feee1035] + + * src/script.c: + Free memory after we are done with it. + [8db9b611b45a] + +2010-05-06 Todd C. Miller + + * doc/HISTORY: + Quest now sponsors Sudo development + [6cc490083bc7] + +2010-05-05 Todd C. Miller + + * doc/Makefile.in: + Install sudo_plugin man page. + [c253729790b2] + + * src/script.c: + Go back to reseting io_buffer offset and length (and now also the + EOF handling) in the loop we do the FD_SET, not after we drain the + buffer after write() since we don't know what order reads and writes + will occur in. + [5f38bfa8497f] + + * MANIFEST: + audit files moved to sudoers plugin directory + [b1ead182428e] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document plugin_printf and new logging functions. + [fe9430b60ab5] + + * src/script.c: + Add support for logging stdin when it is not a tty. There is still a + bug where "cat | sudo cat" has problems because both cat and sudo + are trying to read from the tty. + [04c9c59fcfba] + + * include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/sudoers.c, src/script.c: + Add separate I/O logging functions for tty in/out and + stdin/stdout/stderr. NOTE: stdin logging does not currently work and + is disabled for now. + [a36dfd4ca935] + +2010-05-04 Todd C. Miller + + * include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: + Add pointer to a printf like function to plugin open functon. This + can be used instead of the conversation function to display info and + error messages. + [98734eea8ef1] + + * Makefile.in: + Stop if make in a subdir fails + [228bb3ad2dbc] + + * src/script.c: + Only set user's tty to blocking mode when doing the final flush. + Flush pipes as well as pty master when the process is done. + [20ff67218666] + +2010-05-03 Todd C. Miller + + * plugins/sudoers/ldap.c: + Use print_error() when displaying ldap config info in debugging + mode. + [d142e0cacb22] + + * compat/Makefile.in, compat/strdup.c, compat/strndup.c: + No longer need strdup() or strndup() replacements. + [df53697174ec] + + * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.h: + Add print_error() function that uses the conversation function to + print a variable number of error strings and use it in log_error(). + [b1fa2861b575] + + * src/script.c, src/sudo.h, src/term.c: + Do not need the opost flag to term_copy() now that we use pipes for + stdout/stderr when they are not a tty. + [f42811f70a19] + + * src/script.c: + Use pipes to the sudo process if stdout or stderr is not a tty. + Still needs some polishing and a decision as to whether it is + desirable to add additonal entry points for logging + stdout/stderr/stdin when they are not ttys. That would allow a + replay program to keep things separate and to know whether the + terminal needs to be in raw mode at replay time. + [1a945e0ab2da] + +2010-04-30 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, + src/audit.c, src/bsm_audit.c, src/bsm_audit.h: + Move audit sources into the sudoers plugin dir; the driver does not + use them. + [50ec36422cd0] + + * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c, + compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c, + plugins/sudoers/boottime.c, plugins/sudoers/getdate.c, + plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c, + src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c, + src/term.c, src/ttysize.c: + Use angle brackets when including headers that can only be found + when an -I flag is specified. The files in the compat dir could get + away with double quotes here but I've converted all the source files + to use angle brackets for consistency. + [9e30a8fc6d4b] + + * plugins/sudoers/Makefile.in: + Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat + dir can be found when building outside the source tree. + [1150934b79dd] + + * plugins/sudoers/Makefile.in: + Clean up links in distclean + [78595028be8b] + + * plugins/sudoers/Makefile.in: + Hack around VPATH semantic differences by symlinking files we need + from ../../src into the current directory and build those. A better + fix would be to either make a .a or .la file with those files in it + or simply use a single, flat, Makefile instead of per-subdirs + Makefiles. + [892c332d3f05] + + * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c: + fmt_string is used by the sudoers plugin too so do not include + sudo.h (which is not really needed here anyway) + [231c35e3941f] + + * compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Fix building with non-BSD versions of make such as GNU make. + Requires VPATH support, which should be in any non-neolithic make. + [dc174f135919] + + * configure, configure.in, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c, + src/Makefile.in: + Re-enable bsm audit. Currently auditing is done within the sudoers + plugin itself. If possible, this should really be done in the main + driver but we don't presently have the needed data to do that. This + will be re-evaluated when Linux audit support is added. + [1d05a3236bfe] + + * compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Remove extraneous $srcdir and use more .c.lo and .c.o rules instead + of explicit rules in the dependency. + [88f80efd25f0] + + * plugins/sudoers/visudo.c: + Fix mismerge; alias_remove_recursive() now returns int + [6257a4849641] + +2010-04-29 Todd C. Miller + + * plugins/sudoers/visudo.c: + Fix a crash when checking a sudoers file that has aliases that + reference themselves. Based on a diff from David Wood. + [545d194484a7] + + * src/script.c: + Print signal info after restoring the tty mode, not before. + [a68618e67435] + + * src/script.c: + Defer call to alarm() until after we fork the child. Pass correct + pid to terminate_child() If the command exits due to signal, set + alive to false like we do when it exits normally. Add missing + check for errpipe[0] != -1 before using it in FD_ISSET + [22f0a1549391] + +2010-04-28 Todd C. Miller + + * plugins/sudoers/boottime.c: + Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h + [0e627170c6e8] + +2010-04-27 Todd C. Miller + + * src/Makefile.in: + Simplify dependencies by using .c.o and .c.lo rules. + [6abcaef5d1ac] + + * configure, configure.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Substitute in @PROGS@ into src/Makefile to add sesh + [cc46d3b6208f] + +2010-04-26 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Add back calls to log_denial() if sudoers does not allow the + command. + [9783316207f0] + + * plugins/sudoers/sudoers.c: + Pass in correct pwflag for list and validate. + [973dd56d4b81] + + * plugins/sudoers/env.c: + Add missing check for NULL in validate_env_vars + [1d6eb6957824] + + * src/Makefile.in: + Add sudo_noexec.la to "all" target, otherwise it only gets built at + install time. + [644a9694d2ef] + + * plugins/sudoers/sudoers.c: + Only set sudo_user.env_vars if the env_add list is empty. + [fccdf6f0e0e2] + + * plugins/sudoers/sudoers.c: + Set sudo_user.env_vars so that environment variables specified on + the command line get logged correctly. + [9b51012c491e] + + * plugins/sudoers/env.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Re-enable environment files and setting environment variables on the + command line. + [5662d5645dbd] + +2010-04-24 Todd C. Miller + + * plugins/sudoers/check.c: + Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime() + a pointer to time_t as tv_sec in struct timeval may be long. + [4de0c46e788e] + + * plugins/sudoers/check.c: + Don't stash ctime in on-disk tty ticket info for now; on many + (most?) systems the ctime is updated when the tty is written to. + Once I have a better idea of what systems do not update ctime on + ttys (and have a way to test for this) the ctime stash will be + conditionally re-enabled. + [a90eeec0f648] + +2010-04-23 Todd C. Miller + + * MANIFEST, Makefile.in: + Add back "dist" target, this time using a MANIFEST file + [29277c05499f] + + * Makefile.in: + Remove Makefile in distclean target + [83d695f4f450] + + * Makefile.in, src/Makefile.in: + Update clean and cleandir targets + [ad7b2afeb9c1] + + * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c, + src/sudo.h: + Move fileops.c defines and prototypes to filesops.h + [4545e9b6892d] + + * plugins/sudoers/check.c: + Lock the tty timestamp when writing. We shouldn't have to lock when + reading since the file is updated via a single write system call. + [0c7276f02696] + +2010-04-22 Todd C. Miller + + * plugins/sudoers/alias.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c, + plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/nonunix.h, plugins/sudoers/parse.c, + plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c: + Convert to ANSI C function declarations + [9c45def57cf7] + + * plugins/sudoers/sudoers.h: + Remove extraneous bits and classify by source file. + [e8ea9f109ebb] + + * include/compat.h: + Add timercmp macro for systems without it + [d3bf87b1d08e] + + * plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/sudoers.h: + get_boottime() now fills in a timeval struct + [3573c3f44e11] + + * plugins/sudoers/check.c: + Store info from stat(2)ing the tty in the tty ticket when tty + tickets are in use. On most systems, this closes the loophole + whereby a user can log out of a tty, log back in and still have the + timestamp be valid. + [53380f9f5242] + + * config.h.in, configure.in: + Add timespec2timeval and use it when getting ctime/mtime + [4cb7f7caec2c] + +2010-04-20 Todd C. Miller + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Convert perm setting to push/pop model; still needs some work Use + the stashed runas groups instead of using getgrouplist() Reset perms + to the initial value on error + [09c072ebde8b] + + * config.h.in, configure.in: + fix ctim_get and mtim_get macros + [58773dc1e360] + + * config.h.in, configure, configure.in, include/compat.h, + plugins/sudoers/check.c, plugins/sudoers/gettime.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c: + Use timeval directly instead of converting to timespec when dealing + with file times and time of day. + [a0ce1ae00a67] + + * plugins/sudoers/Makefile.in: + Don't like sudoreplay with libsudoers.la due to a yacc symbol + conflict. + [f1a59cc63a15] + +2010-04-18 Todd C. Miller + + * configure, configure.in: + Darwin >= 9.x has real setreuid(2) + [7ec942a64275] + +2010-04-17 Todd C. Miller + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: + Ansify env.c + [f58551bad10a] + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Remove remaining references to the environ pointer. + [96faa530816a] + +2010-04-16 Todd C. Miller + + * config.h.in, configure, configure.in, plugins/sudoers/env.c: + Don't change the environ directly in the sudoers plugin + [6db48ed3f7e0] + +2010-04-15 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Fix typo + [4aa452b07f8f] + + * plugins/sudoers/alias.c: + Fix use after free in error message when a duplicate alias exists. + [ce1d2812ee34] + +2010-04-14 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + src/parse_args.c: + Add a "noninteractive" boolean to the settings passed in to the + plugin's open function that is set when the user specifies the -n + flag. + [68f8d9d6d4d0] + + * config.h.in, configure, configure.in, plugins/sudoers/env.c: + Add workaround for the lack of the environ pointer on Mac OS X in + dlopen()ed modules. Use of environ in the sudoers plugin should + ultimately be removed but this will do for the moment. + [80c61647434f] + + * plugins/sudoers/visudo.c: + Set errorfile to the sudoers path if we set parse_error manually. + This prevents a NULL dereference in printf() when checking a sudoers + file in strict mode when alias errors are present. + [45e249ca99f7] + + * plugins/sudoers/sudoers.c: + Main sudo no longer print "unable to execute" on exec failure so do + it here. + [50aaf62b43b5] + +2010-04-13 Todd C. Miller + + * src/script.c: + Use a pipe to pass back errno to the parent if execve() fails. If we + get an error in script_child(), kill the command and exit. + [dc3bf870f91b] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + src/parse_args.c, src/sudo.c: + Handle plugin's open function returning -2 (usage error). + [aadf900c1de8] + + * src/script.c: + If execve() fails, leave it to the plugin to print an error string. + [e25748f2d5b9] + + * src/script.c: + If execve fails in logging mode, pass the errno directly to the + grandparent on the backchannel and exit. The immediate parent will + get SIGCHLD and try to report that status but its parent will no + longer be listening. It would probably be cleaner to pass this over + a pipe in script_child(). + [cb122acc81a8] + + * plugins/sudoers/sudoers.c: + Don't override rval with results of check_user() unless it failed. + [46fb7e87ac7d] + +2010-04-12 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Fix typo + [ccd0b693f3da] - * audit.c: Need to include compat.h + * src/parse_args.c: + NULL-terminate env_add + [2c534368a0c3] -2009-02-21 08:37 millert +2010-04-11 Todd C. Miller - * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, - sudo.c: Make audit_success and audit_failure generic functions in - preparation for integrating linux audit support. + * src/sudo.c: + Call the I/O log open function before the I/O version function. + [e88bf898990b] + + * plugins/sudoers/iolog.c: + Remove io_conv and just use sudo_conv + [a280052468eb] + + * plugins/sudoers/set_perms.c: + Fix set/restore perms for systems w/o setresuid + [4160517f6666] -2009-02-21 08:06 millert +2010-04-10 Todd C. Miller + + * plugins/sudoers/check.c, plugins/sudoers/logging.c, + plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Primitive set/restore permissions. Will be replaced by a push/pop + model. + [aae102290866] + + * src/script.c: + Only need to take action on SIGCHLD in parent if no I/O logger. If + there is an I/O logger we will receive ECONNRESET or EPIPE when we + try to read from the socketpair. + [e1e4560401f6] + +2010-04-09 Todd C. Miller + + * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.pod, plugins/sudoers/find_path.c: + Merge fb4d571495fa from the 1.7 branch to trunk. + [c8fb424ad4d2] - * term.c: remove duplicate include +2010-04-08 Todd C. Miller + + * src/script.c: + Don't set SA_RESTART when registering SIGALRM handler. Do set + SA_RESTART when registering SIGWINCH handler. + [173472b76525] + + * doc/Makefile.in: + Add dev targets for *.man.in and *.cat that don't specfify the + $(srcdir) prefix. + [b62f425da2e4] + + * src/script.c: + If log_input or log_output returns false, terminate the command. + [074f4c0c34a0] + + * src/script.c: + Better signal handling. Instead of using a single variable to store + the received signal, use an array so we can't lose a signal when + multiple are sent. Fix process termination by SIGALRM in non-I/O + logger mode. Fix relaying terminal signals to the child in non-I/O + logger mode. + [7a4723aca99d] -2009-02-20 16:13 millert + * src/script.c: + Fix a race between when we get the child pid in the parent and when + the child process exits. The problem exhibited as a hang after a + short-lived process, e.g. "sudo id" when no IO logger was enabled. + [80bcc0aca70b] + +2010-04-07 Todd C. Miller - * bsm_audit.c: Add missing include + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Add a note about the security implications of the fast_glob option. + [c37a92ab7c93] -2009-02-20 15:55 millert +2010-04-06 Todd C. Miller - * sudo.c: May need to update the runas user after parsing - command-based defaults. + * config.h.in, configure, configure.in: + Fix up some AC_DEFINE descriptions and regen config.h.in + [f4655adc0db3] -2009-02-18 10:53 millert +2010-04-05 Todd C. Miller + + * include/missing.h: + No longer check for strdup or strndup for LIBOBJ replacement. + [fdc764ee8109] - * glob.c: Add missing pair of braces introduced with character - class support. + * src/script.c: + Avoid installing signal handlers that are io-logger specific. Fixes + job control when no io logger is enabled. + [0853dd0906d4] -2009-02-15 15:53 millert + * doc/Makefile.in: + Only regen man pages from pod when configured with --with-devel + [ab1995f8103d] + +2010-04-04 Todd C. Miller - * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c: - Rename pwstars to pwfeedback + * Makefile, Makefile.in, configure, configure.in: + Top-level Makefile.in. Nothing is currently substituted but this is + needed for separate build dirs. + [e80873cbd201] -2009-02-10 20:25 millert + * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Fix out-of-tree builds + [59a35bef07b8] - * bsm_audit.c, bsm_audit.h: Add const to make MacOS happy. + * Merge + [386b848047e9] -2009-02-10 20:18 millert + * doc/Makefile.in: + We always install sudoreplay in 1.8 + [ce52ba6617c9] - * Makefile.in, bsm_audit.c, bsm_audit.h, configure, configure.in, - sudo.c, auth/sudo_auth.c: Add bsm audit support from Christian - S.J. Peron +2010-04-03 Todd C. Miller -2009-02-10 19:58 millert + * compat/siglist.in: + SIGPOLL is sometimes the same as SIGIO (like on HP-UX) + [6d69e1b05faf] + +2010-04-02 Todd C. Miller + + * configure, configure.in: + No need to provide strdup() or strndup(), sudo uses estrdup() and + estrndup() + [57ec23b72958] - * term.c: This is new code, no DARPA notice. +2010-04-04 Todd C. Miller -2009-02-10 14:04 millert + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Free str after using it in the version method. Use sudo_conv, not + io_conv since we don't have the IO conversation function pointer in + the I/O version method anymore now that io_open is delayed. + [f2ed132adeb0] - * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: Rename - simple_glob -> fast_glob +2010-04-02 Todd C. Miller -2009-02-10 09:39 millert + * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h, + compat/siglist.in: + Add license to mksiglist.c and note that the bits from pdksh are + public domain + [d8121a2467e8] - * match.c: g/c unused var + * compat/Makefile.in: + Fix LIBOBJDIR vs. srcdir wrt the siglist bits + [164160148421] -2009-02-10 08:09 millert + * plugins/sudoers/Makefile.in: + Add sudoreplay testsudoers and visudo to clean target + [138a17e51c0c] - * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: Add - simple_glob option to use fnmatch() instead of glob(). This is - useful when you need to specify patterns that reference network - file systems. + * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h, + compat/siglist.in, compat/strsignal.c, configure, configure.in, + include/missing.h, src/script.c: + Create our own sys_siglist for systems without it for use by + strsignal() + [2e5da011ebc3] -2009-02-10 07:58 millert + * compat/Makefile.in: + Remove duplicate $(LIBOBJDIR) + [adf9abc9432f] - * tgetpass.c: add term_* proto +2010-04-01 Todd C. Miller -2009-02-10 07:51 millert + * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c: + Main sudo should not block signals; the plugin should do this in + check_policy. + [3f3736a7c5ed] - * sudoers.pod: mention glob() +2010-03-31 Todd C. Miller -2009-02-09 07:59 millert + * src/script.c: + Fix a sizeof(ptr) vs. sizeof(*ptr) + [aa1bcf5afcce] - * tgetpass.c: Delete any pwstars we wrote after the user hits - return. That way there is no record on screen as to the user's - password length. + * src/script.c: + Unlike most operating systems, HP-UX select() is not interrupted by + SIGCHLD when the signal is registered with SA_RESTART. If we clear + SA_RESTART when calling sigaction() for SIGCHLD we get the expected + behavior and the code in the select() loops already handles EINTR + correctly. + [9eba0115e35a] -2009-02-08 10:27 millert + * compat/getprogname.c: + progname should be const + [130228f062b7] + + * plugins/sudoers/Makefile.in: + Move --tag=disable-static to when we link sudoers.la, not when we + install. + [ceb5e6c3b78b] - * term.c: Move terminal setting bits from tgetpass.c to term.c + * src/load_plugins.c: + Load the sudoers I/O plugin by default too now that it is hooked up. + [ea38befd0742] + +2010-03-30 Todd C. Miller + + * src/pty.c: + It looks like AIX doesn't need to push STREAMS modules for ptys. + [22da618ba0a1] + +2010-03-28 Todd C. Miller + + * src/parse_args.c, src/sudo.c: + Delay calling the I/O plugin open function until the policy plugin + returns success. + [f3297c325b48] + +2010-03-27 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add back io logging (transcript) support. Currently, the open + function runs too early and it is not possible to use the io module + independently of the policy module. + [9bd932f66226] + + * plugins/sudoers/set_perms.c: + Comment out dead code; will be removed when set_perms is rewritten. + [af7a995284f8] + +2010-03-23 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Fix off by one error when allocating user_groups. + [6281fcf9c3bb] + +2010-03-22 Todd C. Miller + + * configure, configure.in, plugins/sudoers/Makefile.in: + Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris. + [fbce3e9eda3a] + + * plugins/sudoers/sudoers.c: + Fix typo in preserve groups case + [1fd72024fb5a] + + * plugins/sudoers/sudoers.c: + In command_info it is "runas_groups" not "groups". + [5c64dce4f285] + + * src/sudo.c: + Fix iteration over runas_groups list. + [b3c45a0cd643] + + * configure, configure.in, plugins/sudoers/env.c, + plugins/sudoers/match.c, src/script.c: + Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch. + [a8108a0776c2] + + * compat/getgrouplist.c: + getgrouplist(3) for those without it + [4ab4d21e3b16] + + * plugins/sudoers/sudoers.c: + Set preserve_groups or groups list in command_info + [1266119ad654] + + * src/sudo.c: + Fix setting of groups list + [e75315e40bd4] + + * config.h.in, configure, configure.in, include/compat.h, + include/missing.h: + Add checks for getgrset and getgrouplist and use replacement + getgrouplist if the system doesn't support it. + [a62b8ba50863] + + * src/parse_args.c: + Pass in preserve_groups when the -P flag is specified as per the + design + [7420c5d15474] + + * plugins/sudoers/sudoers.c: + Check preserve_groups and ignore_ticket args with atobool instead of + assuming they are true if present. + [71c905702697] + +2010-03-21 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/error.c, + plugins/sudoers/plugin_error.c: + Rename plugin-specific error.c to plugin_error.c Wire up visudo, + sudoreplay and testsudoers in the build + [9d581d5fa4d4] + + * src/Makefile.in, src/term.c: + term.c does not needto include sudo.h + [f6683cdcd2dd] + + * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.pod: + Document the -2 return in the check_policy section too + [e9cb4c34bbcf] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/parse_args.c, src/sudo.c, src/sudo.h: + Fix the -s and -i flags and add support for the "implied_shell" + option. If the user does not specify a command, sudo will now pass + in the path to the user's shell and set impied_shell=true. The + plugin can them either check the command normally or return -2 to + cause sudo to print a usage message and exit. + [bf889c38f229] + +2010-03-19 Todd C. Miller + + * config.h.in, configure, configure.in, src/load_plugins.c: + Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for + Darwin where libraries end in .dylib but modules end in .so + [2c56aaa38e21] + + * plugins/sudoers/parse.c: + Better prefix determination now that we can't rely on len==0 to tell + the beginning on an entry. + [622bf18179e9] + + * plugins/sudoers/ldap.c: + display_bound_defaults() stub should return 0, not 1 since it is a + count, not a boolean. + [0327a6c3d55d] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document progname in settings + [42031d56a2e3] + + * compat/getprogname.c, include/compat.h, + plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, + src/parse_args.c, src/sudo.c: + Rewrite compat/getprogname.c and add setprogname(). The progname is + now passed to the plugin via the settings array. + [25d8663e6006] + + * configure, configure.in, plugins/sudoers/Makefile.in: + Fix --with-ldap + [b64b633f426d] + + * plugins/sudoers/sudo_nss.c: + Add missing whitespace for Runas and Command-specific defaults + [65f4ddf5545e] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sudo_nss.c: + Use embedded newlines in lbuf instead of multiple calls to + lbuf_print. + [eed3af9cc3e1] + + * src/lbuf.c: + Add support for embedded newlines. + [e11f79b18deb] + +2010-03-18 Todd C. Miller + + * compat/getprogname.c: + If system doesn't support getprogname or __programe and we are + building a shared object don't bother with Argc/Argv, just return + "sudo" + [aebde9062be7] + + * config.h.in, configure, configure.in, src/load_plugins.c: + Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool + appears to always install a shared object with the .so suffix. + [f9bbd0c0e9d3] + + * compat/Makefile.in, configure, configure.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Play more nicely with libtool and let it build libreplace (was + libmissing) for us. + [a4c6ebb2495c] + + * include/missing.h: + Include stdarg.h for va_list rather than requiring all consumers of + missing.h to include stdarg.h themselves. + [37382df948de] + + * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c, + src/parse_args.c: + Pass in output function to lbuf_init() instead of writing to stdout. + A side effect is that the usage info can now go to stderr as it + should. + [6d261261a072] + +2010-03-17 Todd C. Miller + + * include/lbuf.h, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c, + src/parse_args.c, src/sudo.c: + Use number of tty columns that is passed in user_info instead of + getting it directly in the lbuf code. + [8a16635c2638] + + * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/interfaces.h, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/match.c, + plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/visudo.c: + Kill __P in sudoers + [63601e6cb171] + + * config.h.in, configure, configure.in, src/load_plugins.c: + Set the sudoers plugin name in configure so we get the extension + right. + [edad89924cd1] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document lines/cols in user_info + [a808872394f3] + + * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c: + Add tty size to user info + [23f3d27e77a7] + + * src/script.c: + Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ + [a2208dd09051] + +2010-03-16 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error + out if we fail to lookup the user's name that is passed in + [e4e3728ed482] + + * plugins/sudoers/error.c: + Pass the error value back via siglongjmp. + [667b8ad575ce] + + * plugins/sudoers/check.c: + Use conversation function for lecture. + [1ab4719f509b] + + * plugins/sudoers/check.c: + Don't update ticket file if verify_user returns FALSE. + [2bbc46a39a2b] + +2010-03-15 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c: + Wire up invalidate and validate methods for sudoers + [c0630c7bca47] + + * plugins/sudoers/check.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add support for -k flag with a command. + [edad239b098b] + + * src/parse_args.c: + Allow -k to be specified with a command. + [43a45add9974] + + * plugins/sudoers/sudoers.c: + Wire up policy_list + [27cc35699eca] + + * plugins/sudoers/error.c: + Add newline at the end of message and space after the colon in + warning message + [5a591aa8e744] + + * plugins/sudoers/auth/sudo_auth.c: + Add missing newline after pass password warning + [337dba3870a7] + + * plugins/sudoers/sudoers.c: + Set user_groups and user_ngroups based on user_info + [61bee85128c8] + + * plugins/sudoers/error.c: + Make this compile + [7041c441e1c8] + + * plugins/sudoers/error.c, plugins/sudoers/sudoers.c: + Make _warning in error.c use the conversation function and remove + commented out warning/warningx in sudoers.c. + [7c9b09024b63] + + * plugins/sudoers/logging.c: + Use siglongjmp() in log_error for fatal errors + [b50e26f1c73f] + + * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in: + Quiet a libtool warning + [b2331fb006bc] + + * Makefile: + Build sudoers plugin + [5cdf06e66978] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Use warningx in yyerror() so the conversation function gets used + when built as part of sudoers. + [85f964215eef] + +2010-03-14 Todd C. Miller + + * plugins/sudoers/auth/pam.c: + Rename sudo_conv to conversation to avoid a namespace conflict. + [1ad359d36be9] + + * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/error.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c: + Initial bits of sudoers plugin; still needs work. + [af2a2c59a952] + + * config.h.in: + Add HAVE_STRDUP and HAVE_STRNDUP + [50a3c0dd510f] + + * compat/Makefile.in, configure, configure.in: + Build libmissing in two flavors (one PIC one non-PIC) and link with + the appropriate one. + [b62f411a4c18] + + * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c, + compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in: + Build libmissing in two flavors (one PIC one non-PIC) and link with + the appropriate one. + [e1e04972b5fe] + +2010-03-13 Todd C. Miller + + * include/missing.h: + Add strdup and strndup and fix strsignal + [c159babe2896] + +2010-03-12 Todd C. Miller + + * compat/strdup.c, compat/strndup.c, configure, configure.in, + plugins/sample/Makefile.in, src/Makefile.in: + Add strdup and strndup to compat + [25c9fd399a4d] + + * plugins/sample/sample_plugin.c: + Need to include compat.h before missing.h + [c94f7aad380f] + + * compat/strsignal.c: + Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if + it doesn't exist configure will set it to 0. + [384580566389] + + * compat/glob.c: + Fix botched ANSI C coversion of globexp2() + [4a344b8cbe49] + + * configure, configure.in: + Remove redundant getgroups check + [0b16ec210c81] + + * configure, configure.in, src/lbuf.c, src/script.c, src/term.c: + Require either termios or termio, no more sgtty. + [9b2fa2f17a1c] + + * compat/strsignal.c, config.h.in, configure, configure.in: + Change the sys_siglist check to use AC_CHECK_DECLS and also check + for _sys_siglist and__sys_siglist + [2e078fed2408] + +2010-03-11 Todd C. Miller + + * configure, configure.in, src/Makefile.in: + Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now + use SUDO_OBJS for the main driver as part of OBJS. + [9ae4a80a5ade] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Mention in the conversation function section that a newline is not + implicit. + [04a233b6c491] + + * include/compat.h: + Add definition of WCOREDUMP for systems without it. This is known + to work on AIX and SunOS 4, but may be incorrect on other systems + that lack WCOREDUMP. + [c85b3ce6b77d] + +2010-03-09 Todd C. Miller + + * plugins/sample/sample_plugin.c, src/conversation.c: + conversation function no longer puts a newline at the end of info or + error messages. + [c534cae1ac4a] + +2010-03-07 Todd C. Miller + + * src/script.c: + Use parent process group id instead of parent process id when + checking foreground status and suspending parent. Fixes an issue + when running commands under /usr/bin/time and others. + [564f528c3bb7] + +2010-03-06 Todd C. Miller + + * aclocal.m4: + transcript option is now --with not --enable + [0646fac4cf93] + + * plugins/sample/sample_plugin.c: + Add support to -u and -g flags Check fmt_string retval Add timeout + for debugging purposes + [cfefa4fa60b5] -2009-02-07 19:50 millert + * src/script.c, src/sudo.c: + Wire up SIGALRM handler Set close on exec flag for child side of the + socketpair Fix signal handling when not doing I/O logging + [379581ec7272] - * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod, - tgetpass.c: Add pwstars sudoers option that causes sudo to print - a star every time the user presses a key. + * src/sudo.c: + g/c unused SIGCHLD handler + [0afa03912dce] -2009-02-03 10:10 millert + * src/fmt_string.c, src/parse_args.c, src/sudo.c: + Don't use emalloc() in fmt_string(); we want to be able to use it + from a plugin. + [ade64d368147] - * Makefile.in: Fix up F<> brokenness for visudo.man.in and - sudoers.ldap.man.in. + * include/list.h: + tq_remove not list_remove + [0e0e1fd5c31c] -2009-01-27 11:54 millert + * configure, configure.in: + AUTH_OBJS should contain .lo files not .o files. + [c64c82c9d5a2] + +2010-03-05 Todd C. Miller + + * src/parse_args.c: + Simplify conversion of command line args to name=value pairs. + [75ab127c6a94] + + * plugins/sample/sample_plugin.c: + Handle NULL reply from conversation function + [6ce09b6cb204] + + * compat/getline.c: + Don't depend on emalloc/erealloc + [73df09e2109f] + + * plugins/sample/Makefile.in: + Use $(OBJS) instead of sample_plugin.lo + [2d995db9aa99] + + * plugins/sample/sample_plugin.c: + runas_user is in settings not user_info + [7ee12068bc57] + + * src/parse_args.c: + Fix a mismatch between sudo_settings and settings_pairs that causes + some settings to get the wrong values. + [b1bc6d81a65f] + +2010-03-04 Todd C. Miller + + * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c, + src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c, + src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c: + Convert to ANSI C + [d03b6e4a3b75] + + * src/load_plugins.c: + Fix strlcpy() return value check. + [7cd66999a374] + + * INSTALL, configure, configure.in: + No longer need to substitute in script.o and pty.o; I/O logging + support is always built. + [45250024c5dc] + +2010-02-28 Todd C. Miller + + * src/script.c: + Add fallback to /bin/sh when execve() fails with ENOEXEC. + [7684a15a1352] + + * include/alloc.h, src/alloc.c: + Add estrndup() + [47621c83bed9] + +2010-02-27 Todd C. Miller + + * src/script.c, src/sudo.c: + Refactor script_execve() a bit so that it can be used in non-script + mode. Needs more cleanup. + [f09e022d547c] + + * src/sudo.c: + Ignore empty entries in command_info list + [1eea9a8de21c] + + * include/list.h, src/list.c: + Add tq_remove + [40908a617cb2] + + * src/conversation.c: + Pass timeout to tgetpass() + [9e66c918b771] + + * Makefile: + Add ChangeLog target + [da4a39150838] + + * README, WHATSNEW: + Bump version and update things slightly for sudo 1.8.0 + [4b73cc45e2d4] + + * configure, configure.in: + Sudo now requires an ANSI/ISO C compiler + [1e51f72e6964] + + * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c, + src/sudo_noexec.c: + Convert to ANSI C + [5cbd315dbde8] + + * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h, + include/list.h, include/missing.h: + Convert to ANSI C + [3f5016ff64f4] + + * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c, + compat/fnmatch.h, compat/getcwd.c, compat/getline.c, + compat/getprogname.c, compat/glob.c, compat/glob.h, + compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, + compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c, + compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, + compat/strlcpy.c, compat/strsignal.c, compat/utime.h, + compat/utimes.c: + Convert to ANSI C + [0d635c85461c] + +2010-02-24 Todd C. Miller + + * src/sudo.c, src/tgetpass.c: + Make user_details extern so tgetpass can get at the uid and gid. Set + uid/gid to user before executing askpass program. Check environment + for SUDO_ASKPASS and use that if set. TODO: a way for the policy to + set the askpass program itself + [d33606396176] + + * src/sudo.c: + No longer need sudo_usage.h in sudo.c + [063e2946c382] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in, + doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c, + src/sudo_usage.h.in: + Document -D level command line flag which maps to the debug_level + setting. + [61f1e2ab3ac1] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document debug_level in plugin doc. Still need to document the -D + flag in sudo itself. + [8c62daea3e9b] + +2010-02-21 Todd C. Miller + + * plugins/sample/sample_plugin.c: + include missing,h for vasprintf + [92503de49b39] + + * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Rename plugin.pod -> sudo_plugin.pod and wire into Makefile + [14cfb4775238] + + * plugins/sample/sample_plugin.c: + Need to include limits.h + [bda7f74343d2] + + * compat/glob.c: + No more sudo_getpw* + [232e52907634] + + * plugins/sample/Makefile.in, src/Makefile.in: + Add missing compat bits + [4843dd000e08] + + * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in: + compat files should not include sudo.h wire up compat in sample + plugin + [a175b8185e0f] + + * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in: + Fix up compat dependencies. Fix distclean target in doc/Makefile.in + [57e49bc20857] + + * configure, configure.in: + Fix typo + [333655e3d5fe] + + * plugins/sample/sample_plugin.c: + Log input and output to temp files for proof of concept. + [ae1dfc34f7d6] + + * Makefile, configure, configure.in, doc/Makefile.in: + Add doc Makefile.in and wire it up + [6a310443c87d] + + * src/script.c: + Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with + suspending a shell with the "suspend" builtint. + [3d65f182819a] + + * src/script.c: + In child, handle parent side of the pipe going away. + [a29c14d78cd9] + + * src/script.c: + No longer need to check for explicit death of the child (process #2) + since if it dies we will get EPIPE from the socketpair. Fix a + sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to + sudo_debug. + [24c55dd4ff60] + + * src/sudo.c: + Make sudo_debug do a single vfprintf() which will result in a single + write call on most systems. Avoids problems with interleaved debug + printf from different processes. Also remove an extraneous error + case since recv() can't return a short read and add some more XXX. + [b37a8533ef1e] + +2010-02-20 Todd C. Miller + + * src/script.c: + Fix uninitialized variable. + [e012a0a30890] + + * src/Makefile.in: + Fix sudo install target + [1417fa4b4ab9] + + * src/parse_args.c, src/sudo.c, src/sudo.h: + Wire up debug_level + [144fab289c73] + + * src/Makefile.in: + Fix dependencies + [5170940af2ce] + + * configure, configure.in: + Fix setting of plugin dir + [144eda170a72] + + * Makefile: + add clean targets + [d53f6f6f5c3a] + + * src/atobool.c: + Add missing source for sudo front end + [42487de9c489] + + * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c: + Sample plugin demonstrating the sudo plugin API + [f1fd62d7644f] + + * Makefile, configure, configure.in, install-sh, pathnames.h.in, + plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c, + src/fileops.c, src/fmt_string.c, src/load_plugins.c, + src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c, + sudo_usage.h.in: + Modular sudo front-end which loads policy and I/O plugins that do + most the actual work. Currently relies on dynamic loading using + dlopen(). See doc/plugin.pod for the plugin API. + [924f6eb2fbba] + + * doc/plugin.pod, include/sudo_plugin.h: + Sudo plugin API + [374ccbbd24ae] + + * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c, + compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c, + plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/fileops.c, src/sudo_edit.c: + Replace emul/include.h with compat/include.h to match new source + tree layout. + [7eccd10449a1] + + * src/lbuf.c: + Include missing.h for memrchr() proto + [03abd63a8a33] + + * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING, + TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c, + alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c, + auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, + auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, + auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, + auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c, + closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c, + compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c, + compat/getline.c, compat/getprogname.c, compat/glob.c, + compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, + compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c, + compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, + compat/strlcpy.c, compat/strsignal.c, compat/timespec.h, + compat/utime.h, compat/utimes.c, def_data.c, def_data.h, + def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE, + doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod, + doc/license.pod, doc/sample.pam, doc/sample.sudoers, + doc/sample.syslog.conf, doc/schema.ActiveDirectory, + doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat, + doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, + doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h, + emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c, + error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c, + getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c, + gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod, + include/alloc.h, include/compat.h, include/error.h, include/lbuf.h, + include/list.h, include/missing.h, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c, + interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod, + list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h, + mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c, + nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in, + plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp, + plugins/sudoers/alias.c, plugins/sudoers/auth/API, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, + plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h, + plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h, + plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh, + plugins/sudoers/insults.h, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/match.c, plugins/sudoers/mkdefaults, + plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h, + plugins/sudoers/nonunix.h, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c, + plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h, + sample.pam, sample.sudoers, sample.syslog.conf, + schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c, + selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c, + src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h, + src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, + src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c, + src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c, + strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c, + sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c, + sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat, + sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, + sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif, + sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, + term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l, + tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat, + visudo.man.in, visudo.pod, zero_bytes.c: + Rework source layout in preparation for modular sudo. + [7fc1978c6ad5] + +2010-02-13 Todd C. Miller + + * Avoid a duplicate fclose() of the sudoers file. + [5dba851088c1] + + * Fix size arg when realloc()ing include stack. From Daniel Kopecek + [0a2935061e33] + + * Use setrlimit64(), if available, instead of setrlimit() when setting + AIX resource limits since rlim_t is 32bits. + [353db89bac61] + + * Fix use after free when sending error messages. From Timo Juhani + Lindfors + [e50dbd902382] + + * ChangeLog, Makefile.in: + Generate the ChangeLog as part of "make dist" instead of having it + in the repo. + [251b70964673] + +2010-01-17 Todd C. Miller + + * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h, + auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, + auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, + auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, + closefrom.c, compat.h, configure.in, defaults.c, defaults.h, + emul/charclass.h, emul/timespec.h, env.c, error.c, error.h, + fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c, + gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h, + isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c, + logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c, + mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in, + pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers, + sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c, + sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, + strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, + sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in, + sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod, + sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod, + term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l, + utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c: + Remove CVS $Sudo$ tags. + [de683a8b31f5] + +2010-01-18 convert-repo + + * .hgtags: + update tags + [9b7aa44ae436] + +2009-12-26 Todd C. Miller + + * sudo_usage.h.in: + make this match sudoers SYNOPSIS + [c74ba66944c2] + + * lbuf.c, parse.c: + Print a newline between Runas and Command-specific defaults in sudo + -l. + [b5bdfcc9ce4b] + + * term.c: + Use SET and CLR macros in term_raw + [50ca42609d6c] + + * sudoreplay.c: + Set stdin to non-blocking mode early instead of in check_input. Use + term_raw instead of term_cbreak since the data we get has already + been expanded via OPOST. + [51c47e803d62] + +2009-12-23 Todd C. Miller + + * script.c, term.c: + Enable/disable all postprocessing instead of just nl->crnl + processing since things like tab expansion matter too. However, if + stdout is a tty leave postprocessing on in the pty since we run into + problems doing it only on the real stdout with .e.g nvi. + [62666e309673] + +2009-12-19 Todd C. Miller + + * check.c: + If tty_tickets is enabled and there is no tty, prompt for a + password. Do not lecture user for "sudo -k command" if user has a + timestamp. + [5880200c5f6b] + + * INSTALL: + Document missing options: --with-efence and --with-bsm-audit + [d83afcdf9ff3] + + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod, + sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat, + visudo.man.in, visudo.pod: + username -> user name groupname -> group name hostname -> host name + [10c85646f45d] + + * INSTALL, README.LDAP, sudoers.pod: + filename -> file name like the rest of the docs + [1ef8ab5a9018] + +2009-12-17 Todd C. Miller + + * parse.c: + Fix printing of entries with multiple host entries on a single line. + [226ceaf91d8d] + +2009-12-14 Todd C. Miller + + * sudoers.pod: + Mention that targetpw affects the timestamp file name. + [a26e22e4f72e] + + * def_data.c, def_data.h, def_data.in, defaults.c, script.c, + sudoers.pod: + Add compress_transcript option. + [6e94f8cb9dfb] + +2009-12-13 Todd C. Miller + + * configure, configure.in: + bump to 1.7.3b2 + [906d7e347d15] + + * pwutil.c, set_perms.c, sudo.c, sudo_nss.c: + Better split of membership vs. traditional group check in + user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails. + [6ebc55d4716b] - * ldap.c: For ldap_search_ext_s() the sizelimit param should be 0, - not -1, to indicate no limit. From Mark Janssen. +2009-12-12 Todd C. Miller -2009-01-17 17:36 millert + * pwutil.c: + Fix pasto and add default return value. + [7973b5e4599c] - * toke.c, toke.l: Comments that begin with #- should not be parsed - as uids. + * check.c, match.c, pwutil.c, sudo.h: + refactor group member checking into user_in_group() + [48ca8c2eddf8] -2009-01-08 19:13 millert + * check.c, config.h.in, configure, configure.in, match.c, sudo.c, + sudo.h: + Add support for mbr_check_membership() as present in darwin. + [5501aed02b9f] - * sudo.c: Do not try to set the close on exec flag if we didn't - actually open sudoers. +2009-12-10 Todd C. Miller -2008-12-19 12:40 millert + * match.c: + Rename label to be accurate + [3af17dd960f7] - * ChangeLog: regen + * Makefile.in, boottime.c, check.c, config.h.in, configure, + configure.in, sudo.h: + Treat timestamp files from before we booted as old. Idea from and + Apple patch. + [5c96e484c05a] + +2009-12-09 Todd C. Miller -2008-12-14 17:40 millert + * sudo.c, sudo.pod, sudo_usage.h.in: + Allow the -u flag to be used in conjunction with the -v flag as per + older versions of sudo. + [591e9fc13c1a] - * TODO: sync + * logging.c: + fix typo in last commit + [4fd0c692dcf0] -2008-12-09 18:48 millert +2009-12-08 Todd C. Miller - * auth/pam.c: Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user - enters ^C at the password prompt. + * logging.c: + Convert fmt_first and fmt_confd into macros. + [32e870158b29] -2008-12-09 16:13 millert + * sudoers.pod: + timeouts can be floats now + [89de639a9679] - * configure.in, configure: Don't try to build sudo_noexec.so on - HP-UX with the bundled compiler as it cannot generate shared - objects. + * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c, + defaults.h, mkdefaults: + Add support for floating point timeout values (e.g. 2.5 minutes). + [210ffa291733] -2008-12-09 15:55 millert +2009-12-07 Todd C. Miller - * glob.c, lbuf.c, tgetpass.c, emul/charclass.h: K&R compilation - fixes + * sudo.pod: + The -L flag will be removed in sudo 1.7.4 + [ffd026084333] -2008-12-09 08:49 millert +2009-12-06 Todd C. Miller - * parse.c: Use tq_foreach_fwd when checking pseudo-commands to make - it clear that we are not short-circuiting on last match. When - pwcheck is 'all', initialize nopass to TRUE and override it with - the first non-TRUE entry. + * sudoreplay.c: + Fix a bug due to order of operators. + [938d34464283] -2008-12-08 10:02 millert +2009-11-23 Todd C. Miller - * parse.c: Do not short circuit pseudo commands when we get a match - since, depending on the settings, we may need to examine all - commands for tags. + * match.c: + cmnd_matches() already deals with negation so _cmndlist_matches() + does not need to do so itself. Fixes a bug with negated entries in + a Cmnd_List. + [71c845f6ce73] -2008-12-03 15:58 millert +2009-11-22 Todd C. Miller - * sudoers.cat, sudoers.man.in: regen + * sudo.c: + Don't exit() from open_sudoers, just return NULL for all errors. + [8cfa832f972a] -2008-12-03 15:57 millert + * script.c: + Can't rely on the shell sending us SIGCONT when transitioning from + backgroup to foreground process. + [3c6c5b6cb4b3] - * sudoers.pod: hostnames may also contain wildcards + * toke.c, toke.l: + Add missing extern def for parse_error + [45b7b59d03b7] -2008-12-03 15:40 millert +2009-11-21 Todd C. Miller - * Makefile.in: remove stamp-* files and linux core files in clean - target + * toke.c, toke.l: + Avoid a parse error when #includedir doesn't find any files. Closes + bug #375 + [1ce1b850e9e6] -2008-12-02 12:30 millert + * Makefile.in: + Include sudo.man.pl and sudoers.man.pl in the distribution tarball. + [6a22e32da108] - * config.h.in, configure, configure.in, auth/sudo_auth.h: Use - HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX +2009-11-15 Todd C. Miller -2008-11-26 15:10 millert + * script.c: + Start command out in foreground mode if stdout is a tty. Works + around issues with some curses-based programs that don't handle + tcsetattr getting interrupted by a signal. Still allows us to avoid + hogging the tty if the command is part of a pipeline. + [1c32f2b94769] - * configure, configure.in: correctly enable SIA on Digital UNIX + * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c: + Use a socketpair to pass signals from parent to child. Child will + now pass command status change info back via the socketpair. This + allows the parent to distinguish between signals it has been sent + directly and signals the command has received. It also means the + parent can once again print the signal notifications to the tty so + all writes to the pty master occur in the parent. The command is + now always started in background mode with tty signals handled by + the parent. + [c6790b82986d] -2008-11-25 20:06 millert +2009-11-04 Todd C. Miller - * TODO: checkpoint + * configure, configure.in: + Fix a few typos in the descriptions; from Jeff Makey Only do the + check for krb5_get_init_creds_opt_free() taking two arguments if we + find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false + positive when using our own krb5_get_init_creds_opt_free which takes + only a single argument. + [845a9ff6f93d] -2008-11-25 20:05 millert +2009-11-03 Todd C. Miller - * ChangeLog: sync + * configure, configure.in: + Remove a spurious comma in the kerb5 bits. + [3433eab083db] -2008-11-25 12:01 millert + * auth/kerb5.c: + Call krb5_get_init_creds_opt_init() in our emulated + krb5_get_init_creds_opt_alloc() for MIT kerberos. + [7ffb40bf43e9] + +2009-11-01 Todd C. Miller + + * config.h.in: + Add HAVE_ZLIB + [9297bde61ecc] + + * script.c: + Need to ignore SIGTT{IN,OU} in child when running the command in the + background. Also some minor cleanup. + [dc208d982319] + +2009-10-31 Todd C. Miller - * check.c, sudo.h, tgetpass.c: Even if neither stdin nor stdout are - ttys we may still have /dev/tty available to us. + * script.c: + Instead of calling sigsuspend when waiting for SIGUSR[12] from + parent, install the signal handlers w/o SA_RESTART and let them + interrupt waitpid(). + [759c7d18203b] + + * script.c: + Pass along SIGHUP and SIGTERM from parent to child. + [035b0e254568] + + * script.c: + Close unused bits of script_fds in processes that don't need them. + Restore default SIGCONT handler in child. + [e037378ab0c1] + + * script.c: + Update foreground/background status in SIGCONT handler in parent + process. + [3f7f91333264] + +2009-10-25 Todd C. Miller + + * script.c: + Defer setting terminal into raw mode until just before we fork() and + only do it if sudo is the foreground process. If we get SIGTT{IN,OU} + and sudo is already in the foreground be sure to set raw mode before + continuing the child. + [1102ef40832c] + +2009-10-24 Todd C. Miller + + * script.c: + Fix handling of SIGTTOU/SIGTTIN in program being run. We now only + give the command the controlling tty if the main sudo process is the + foreground process. + [cf3a91cb5682] + + * script.c: + Don't bother with sudo_waitpid() here for now. + [9086de480c2d] + + * script.c: + fix non-zlib case + [a258bff0f9a6] + +2009-10-23 Todd C. Miller + + * script.c: + Remove non-wroking code that crept into rev 1.55 + [2802dd55cff5] + +2009-10-22 Todd C. Miller + + * INSTALL, configure, configure.in, script.c, sudoreplay.c: + First pass at zlib support for transcript data files + [5d10260807da] + + * Makefile.in: + remove vestiges of ZLDFLAGS + [1fa0caf1c0fb] + + * script.c: + Add missing variable declaration for when TIOCSCTTY is not defined. + Need to include sys/termio.h for TIOCSCTTY on some systems. + [ee7f41ac2709] -2008-11-24 10:09 millert + * script.c: + when resuming command, send SIGCONT to its pgrp not just pid + [5cd63c1d565b] - * sudoers.cat, sudoers.man.in: regen + * selinux.c: + remove unused variable + [df67df4be228] -2008-11-24 10:08 millert + * script.c: + include selinux.h for is_selinux_enabled() proto + [85ebaa880cc1] - * sudoers.pod: fix typos; Markus Lude + * script.c: + Don't use log_error() in the child process. + [def65fe2a433] -2008-11-24 07:08 millert + * script.c: + Do I/O in parent instead of child since the parent can have both + /dev/tty as well as the pty fds open. The child just sets things up + and waits for its grandchild and writes the signal description to + the pty master if the command was killed by a signal. + [95e473208982] + +2009-10-18 Todd C. Miller + + * missing.h, sudo.h: + Move two struct forward declarations from sudo.h to missing.h + [90ad28294a8c] + + * script.c: + Make comment at the top of script_exec() match reality. + [c5042d27dbe0] + + * sudo.c: + if neither stdin nor stdout is a tty, check stderr + [c532ff20c8d8] + + * Makefile.in: + Add back dependecy of gram.h on gram.y + [c58382b7fcca] + + * script.c: + Make transcript mode work as long as we can figure out our tty, even + if it is not stdin. We'd like to use /dev/tty but that won't be + valid after the setsid(). + [7b8bba8d99e7] + +2009-10-17 Todd C. Miller + + * config.h.in, configure, configure.in, pty.c: + Add support for IRIX-style dynamic ptys + [bedc9bac44c1] + + * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c: + Move alloc.c protos into alloc.h + [b6a90649617d] + + * missing.h: + Move prototypes for missing libc functions to missing.h + [dda9ae1ccaf8] + + * Makefile.in, sudo.h, sudoreplay.c: + Move prototypes for missing libc functions to missing.h + [7483166b577b] + +2009-10-16 Todd C. Miller + + * config.h.in, configure, configure.in: + Disable transcript support if no tcsetpgrp until we support older + BSD-style job control. + [27ac1d8163df] + + * configure, configure.in, pty.c, script.c: + Break out pty code into pty.c + [e85509b25d41] + + * compat.h, config.h.in, configure, configure.in: + add killpg macro if no killpg function + [3a125f4a51f0] + + * config.h.in, configure, configure.in, script.c: + Push ptem and ldterm for STERAMS-based systems when allocating a + pty. + [36bb39b30ff2] + +2009-10-15 Todd C. Miller + + * script.c: + Sprinkle some more O_NOCTTY and call grantpt() before unlockpt() + [d94bd5c9bf4e] + + * script.c: + Call tcgetpgrp() in the parent, not the child and have the child + spin until it is granted. Fixes a race on darwin. + [6e8d435339ce] + + * script.c: + Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just + reopen slave. + [0bdc63c019ca] + +2009-10-14 Todd C. Miller + + * script.c: + In script mode, if the command is killed by a signal, print the + signal description as well as a core dump notification like the + shell does. + [9df61738df07] + + * Makefile.in, config.h.in, configure, configure.in, strsignal.c, + sudo.h: + Add check for strsignal() and a simple implementation if it is not + there but sys_siglist is + [61421a188ef4] + + * script.c: + Add missing WUNTRACED and store the signal that stopped the + grandchild in suspended, not signo. + [df65042b200e] + + * script.c: + g/c unused code + [40d8cb5c9203] + + * script.c: + Associate the grandchild's pgrp with the tty instead of the child's + and just get suspend notifications via SIGCHLD instead of directly. + This fixes a hang with programs that try to set terminal attributes + and is more consistent with how the shell handles things. + [6865abff7e94] + +2009-10-12 Todd C. Miller + + * script.c: + Move setpgid() of child into the parent side of the fork() where it + belongs. + [3defa782777c] + +2009-10-11 Todd C. Miller + + * script.c: + fix typo + [b6a612b3622c] + + * script.c: + Run command in its own pgrp (like the shell does) for easier + signalling. No need to relay SIGINT or SIGQUIT to parent, just send + to grandchild. Don't want grandchild stopped events in the child + (only termination). Flush output after suspending grandchild before + signalling parent. + [db556bf2176f] + + * script.c: + Back out revision 1.34; the problem lies elsewhere. + [85f590a03275] + + * script.c: + Don't set stdout to blocking mode when flushing remaining output. + It can cause us to hang when trying to exit. Need to investigate + why. + [6f803a3e33ca] + + * script.c: + Handle SIGTTOU and remove some debugging. + [52d17279053e] + + * term.c: + Back out revision 1.10 as the signal that interrupts us may be + SIGTTOU or SIGTTIN which the caller must handle. + [7e2fa9107975] + + * script.c: + Apparently we need to send SIGSTOP to the command as well as ourself + when we get SIGTSTP, the kernel doesn't automatically stop the + process for us. + [1a936e9309c4] + + * script.c: + Use an extra process to act as the glue bewteen the sessions + associated with the user's controlling tty (what the shell uses) and + the tty that sudo is using to do its logging. Basically, this means + that if we get, e.g. SIGTSTP from the process sudo is running, we + relay the signal to the parent so it's shell can do the job control. + [6dd296988060] + + * term.c: + Handle getting/setting terminal attributes when the fd is in non- + blocking mode. + [ae5ae535ea7b] + +2009-10-07 Todd C. Miller + + * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: + Add support for pausing and changing the speed in interactive mode. + [72a2063780a7] + + * script.c: + Already define O_NOCTTY in compat.h, don't need it here + [b5d80ed3e5ce] + +2009-10-06 Todd C. Miller + + * sudoreplay.c: + Add missing protos + [c4cb4e7f4d8a] + +2009-09-30 Todd C. Miller + + * sudo_edit.c: + Always update the stashed mtime of the temp file instead of using + what we have for the original because the time resolution of the + filesystem the temporary is on may not match that of the filesystem + that holds the original. Should fix bz #371 found by Philippe Levan. + [c86ca4bec60c] + + * sudoreplay.c: + Use cbreak mode instead of raw mode and add signal handlers to + restore the tty on interrupt. + [84dd283da41c] + + * script.c, sudo.h, term.c: + Retain NL to NLCR conversion on the real tty and skip it on the pty + we allocate. That way, if stdout is not a pty there are no extra + carriage returns. + [32e4f570414e] + + * script.c: + Fix log_output(); just pass in a string and a length. + [ca980cc0a3fb] + +2009-09-28 Todd C. Miller + + * script.c: + do not use errno when complaining out lack of a tty + [8f9b8c55ab8e] + +2009-09-27 Todd C. Miller + + * Makefile.in, sudoreplay.c, term.c: + Instead of messing with line endings, just set terminal to raw mode + in sudoreplay. + [90943fa87acb] + + * term.c: + When copying the terminal attributes to the pty, be sure not to set + ONLCR. This prevents extra carriage returns from ending up in the + script output file. + [e6b5475ac2aa] + + * script.c: + Convert a do {} while into a while + [e461310d2c77] + + * Makefile.in: + Use if then instead of test && when installing binaries that may not + exist. + [ad4f9490d971] + + * script.c: + Add O_NOCTTY when opening a tty device. Explicitly disconnect from + old tty before associatng with new one. + [0e0ca634b80c] + + * script.c, selinux.c, sudo.c, sudo.h: + First cut at refactoring some of the selinux code so it can be used + in conjunction with sudo's transcript support. + [779b0d8f9d29] + +2009-09-26 Todd C. Miller + + * aclocal.m4, configure, configure.in: + Fix default case of transcript_enabled being unset. + [f8aa96186e6b] + + * script.c, sudoreplay.c: + Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR + [2844a7a851fa] + + * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c: + Hook up --disable-transcript and --enable-transcript=DIR + [b3fa7e6b2480] + +2009-09-25 Todd C. Miller + + * aclocal.m4, configure, configure.in, pathnames.h.in: + _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable- + transcript=DIR option to specify the directory + [b0bb76d43cda] - * ChangeLog: sync + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: + regen + [c7a8a0a9027c] + + * configure, configure.in, sudoers.man.pl, sudoers.pod: + Substitute in default value for secure_path + [c8f9ac6dbf93] + + * sudo.pod: + Mention that the password must be followed by a newline with the -S + option. + [2fc589a3ee7e] + +2009-09-20 Todd C. Miller + + * script.c: + Go back to dropping out of the select() loop when the process dies; + Linux ptys apparently don't behave the same as BSD in regards to + select(). No need to flush remaining output to the transcript, only + to stdout. Add back code to check the master pty for additional data + when we exit the main select loop. + [abed9a9cbc6b] + +2009-09-19 Todd C. Miller + + * Makefile.in: + Add getline.o to COMMON_OBJS + [04ef7643cbc2] + + * Makefile.in: + sudoreplay depends on libsudo.a + [142bd0472631] + + * Makefile.in: + More pwutil.o into COMMON_OBJS + [4a016b933629] -2008-11-23 19:42 millert + * pwutil.c, testsudoers.c, tsgetgrpw.c: + Remove my_* redirection in pwutil.c for testsudoers and just use the + normal libc get{pw,gr}* names. + [9b76d637d86b] + + * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: + More time and date examples + [c6ee0175ec56] + + * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c: + Move nanosleep() emulation into its own file Check librt.a for + nanosleep if we don't find it in libc + [4da0cc26aad7] + + * Makefile.in, configure, configure.in: + Build libsudo with the common bits and link things against that. + [2b53bc0b081a] + + * script.c: + Fix final flush. + [6da287d833da] + + * script.c: + Keep reading from the pty master -> log file until read returns <= + 0. Do our best to write everything to stdout when flushing any + remaining bits. + [2a45d4ae280c] + + * sudoreplay.c: + Use unbuffered I/O when writing to stdout and make sure we write the + entire buffer. + [f39ef9844a47] + +2009-09-18 Todd C. Miller + + * sudoreplay.c: + Only use max_wait if it is non-zero + [f6c10604d2e8] - * toke.c: regen + * getdate.c, getdate.y, getline.c: + Need compat.h here + [5d6722e225a0] -2008-11-23 19:41 millert + * sudoreplay.c: + Fix nanosleep emulation + [34e5e5d72a76] - * toke.l: Fix matching of a line that only consists of a comment - char + * script.c: + Fix comment after #endif + [bd1347718b25] -2008-11-22 13:17 millert + * sudoreplay.c: + Add protos for missing libc bits + [644f496427a2] - * auth/pam.c: MacOS pam will retry conversation function if it - fails so just treat ^C as an empty password. + * configure, configure.in: + add missing line continuation char + [db13c0d402cd] + + * config.h.in, configure, configure.in, getline.c: + Implement getline() in terms of fgetln() if we have it. + [3ab786eaadc5] -2008-11-22 10:12 millert + * sudoreplay.c: + Print year when formatting log line + [90be669e3443] - * visudo.c: When checking for alias use, also check defaults - bindings. + * sudoreplay.pod: + Document cwd, attempt to document time/date formats. + [6290fb9b65c6] -2008-11-22 10:01 millert + * sudoreplay.c: + Fix getline return value check. + [d696d6657261] - * redblack.c: unused var + * Makefile.in, config.h.in, configure, configure.in, getline.c, + sudoreplay.c: + Use getline() if the system has it, else use provide our own for + sudoreplay. + [afca1d6fbe5e] -2008-11-22 09:42 millert + * script.c: + Refactor code to update output and timing files. + [361491332b1a] - * redblack.c: Replace my rbdelete with Emin's version (which - actually works ;-) +2009-09-17 Todd C. Miller -2008-11-19 12:01 millert + * sudoreplay.c: + Make sudo_getln() behave more like glibc getline. + [40c9f2ea29e6] - * testsudoers.c: malloc debugging + * script.c: + When flushing remaining output, also update timing file. + [5a9a5a627549] -2008-11-19 07:37 millert + * sudoreplay.c: + Use get_timestr() and make the -l output look like the regular sudo + log. + [452ba9d436c9] - * visudo.c: malloc options in devel mode for visudo too + * logging.c, sudo.h, timestr.c: + Make get_timestr() take a time_t so we can use it properly in + sudoreplay. + [82e67cc53c9c] -2008-11-18 10:57 millert + * script.c: + Create session dir earlier now that we update the seq number early. + [797fe8d6dc61] - * sudo.c: fix compilation on non-C99; from Theo +2009-09-16 Todd C. Miller -2008-11-18 10:50 millert + * sudoreplay.c: + Use fromdate and todate as the keywords instead of from and to; the + short forms will still be accepted. + [d14d9b116df4] - * visudo.c: fix check_aliases + * sudoreplay.c: + Fix reading long liensin sudo_getln() + [58dadd74118c] -2008-11-18 08:29 millert + * script.c, sudoreplay.c: + Log the cwd in the script log file. Add sudo_getln() to read + arbitrarily long lines. + [faceb802ab8f] - * alias.c: when destroying an alias, free the correct data pointer + * Makefile.in, logging.c, sudo.h, timestr.c: + Move get_timestr() into its own source file so sudoreplay can use + it. + [99b054bfa20a] -2008-11-18 07:54 millert +2009-09-15 Todd C. Miller - * auth/sudo_auth.h: add proto for aixauth_cleanup; from Dale King + * sudoreplay.c: + Add to and from perdicates (date ranges); needs documentation + [1d629174dcf4] -2008-11-15 13:34 millert +2009-09-14 Todd C. Miller - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen + * Makefile.in, getdate.c, getdate.y: + Fix warning and add generated getdate.c + [b877a86b5a03] -2008-11-15 13:34 millert + * Makefile.in, getdate.y: + Add getdate.y to be used for sudoreplay date parsing. + [b8e26fbb7a40] - * sudo.pod, sudoers.pod, visudo.pod: standardize on the term - 'option' for command line options (not flag) +2009-09-13 Todd C. Miller -2008-11-14 06:18 millert + * sudoreplay.c: + Check more than just the first character of a predicate + [4fe53728adb1] - * INSTALL: Add note on configuring HP-UX pam + * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: + Add examples, sort predicates + [70f8075cbccc] -2008-11-11 13:28 millert + * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, + sudoreplay.pod: + Implement search expressions in sudoreplay similar in concept to + what find or tcpdump uses. TODO: date ranges + [f7ce4fb4cf3a] - * check.c, sudo.c: Move tty checks into check_user() so we only do - them if we actually need a password. +2009-09-07 Todd C. Miller -2008-11-11 12:34 millert + * script.c: + Remove vhangup as it was hanging up the wrong tty. Should really + vhangup in the child after it as set its tty. + [2eed9df73010] - * sudo.c: Don't error out if no tty or askpass unless we actually - need to authenticate. + * sudoers.pod: + Fix cut at documenting transcript support. + [e6c533a5568a] -2008-11-10 15:20 millert + * logging.c: + ID= -> TSID= for transcript ID + [1bf755a35333] - * ChangeLog: regen +2009-09-06 Todd C. Miller -2008-11-10 08:07 millert + * sudoers.pod: + Move fast_glob description to where it belongs in sorted order + [5901cfb0d25f] - * pathnames.h.in, sudo.c: s/overriden/overridden/; from Tobias - Stoeckmann + * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, + parse.c, parse.h, sudo.c: + Rename script -> transcript + [e06cf823122c] -2008-11-09 15:18 millert +2009-09-03 Todd C. Miller - * visudo.c, WHATSNEW: check sudoers owner and mode in strict mode + * compat.h: + Add timeradd and timersub for those without them + [929f8aa06c2b] -2008-11-09 09:15 millert + * script.c: + Sanity check sessid before using it. + [aa8ca5211d43] - * gram.c, toke.c: regen + * sudo.c: + Only set the session id if we are running a command or editing a + file. + [7205d717c098] -2008-11-09 09:13 millert + * script.c: + Actually. qsort is fine since most versions fal back to a cheaper + sort when the number of elements to sort is small (like in our + case). + [d11c7cd352fe] - * alias.c, alloc.c, closefrom.c, compat.h, defaults.c, defaults.h, - env.c, fileops.c, gettime.c, gram.y, ins_csops.h, insults.h, - interfaces.c, interfaces.h, lbuf.c, license.pod, list.c, - logging.c, logging.h, parse.c, parse.h, pwutil.c, redblack.c, - redblack.h, snprintf.c, sudo.c, sudo.pod, sudo_edit.c, - sudo_nss.h, testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, - version.h, visudo.c, zero_bytes.c, LICENSE, sudoers.pod, - visudo.pod, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, - auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h, - sudo.man.in, sudoers.man.in, visudo.man.in: Update copyright - years. + * config.h.in, configure, configure.in, script.c: + Check for dup2 and use dup instead if we don't have it. + [98bd89830f8a] -2008-11-09 08:48 millert + * script.c, sudo.c, sudo.h: + Move the code to dup2 the script fds to low numbered descriptors + into script_duplow() and fix the fd sorting. + [9453fdc5fba6] - * fnmatch.c, glob.c, emul/charclass.h: add my copyright + * script.c, sudo.c, sudo.h: + Move script_setup() back to immediately before we drop privs and + call the new script_nextid() in its place, which will set + sudo_user.sessid for the logging functions. + [8434d0c8ff08] -2008-11-08 10:40 millert +2009-09-01 Todd C. Miller - * toke.c, toke.l: The loop in fill_cmnd() was going one byte too - far past the end, resulting in a NUL being written immediately - after the buffer end. + * Makefile.in: + Install sudoreplay + [6acf2cdb4d3f] -2008-11-08 10:31 millert + * sudoreplay.c: + remove unused variable + [2316360bb992] - * UPGRADE, WHATSNEW: add sections on tgetpass changes +2009-08-30 Todd C. Miller -2008-11-08 10:30 millert + * logging.c, script.c, sudo.c, sudo.h: + Log the session ID, if there is one. Currently logs ID=XXXXXX, + perhaps should be SESSIONID or SESSID. + [53976905b0a6] - * tgetpass.c: Treat EOF w/o newline as an error. + * Makefile.in, configure, configure.in, sudoreplay.cat, + sudoreplay.man.in, sudoreplay.pod: + Add sudoreplay docs + [da4f14f0e64c] -2008-11-07 17:42 millert + * sudoreplay.c: + add -V (version) flag + [b5e743639ee3] - * parse.c: Fix "sudo -v" when NOPASSWD is set. + * sudoreplay.c: + Hook up max_wait. + [2ec5697a92ba] -2008-11-07 12:45 millert + * script.c, sudoreplay.c: + Use base36 number for the ID and store script files with paths like + /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6 + (2,176,782,336) unique IDs. + [6aab019d07aa] - * auth/: bsdauth.c, fwtk.c, pam.c, sudo_auth.c, sudo_auth.h: No - longer treat an empty password at the prompt as special. To quit - out of sudo you now need to hit ^C at the password prompt. +2009-08-23 Todd C. Miller -2008-11-06 21:07 millert + * config.h.in, configure.in: + Add check for regcomp + [44c3ebd7ff34] - * sudoers.cat, sudoers.man.in: regen + * sudoreplay.c: + Add support for selecting by pattern and tty when listing. + [66189f840c52] -2008-11-06 21:06 millert +2009-08-17 Todd C. Miller - * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: Sudo - will now refuse to run if no tty is present unless the new - visiblepw sudoers flag is set. + * sudoreplay.c: + The beginnings of a list mode. + [8d0150b4a52c] -2008-11-05 19:42 millert +2009-08-16 Todd C. Miller - * aix.c: just use RLIM_INFINITY for RLIM_SAVED_MAX if - RLIM_SAVED_MAX not defined + * Makefile.in: + fix pasto + [616b4640b8a8] -2008-11-05 19:40 millert + * Makefile.in, config.h.in, configure.in: + Add scaffolding for building sudoreplay + [a32958505dbe] - * aix.c: fix fallback value for RLIM_SAVED_MAX + * sudoreplay.c: + include error.h first arg to nanotime is const + [fe5a7bb31bc5] -2008-11-05 19:14 millert + * sudoreplay.c: + Initial cut at sudoreplay; replay a sudo session. + [f149fba372bd] - * auth/: aix_auth.c, sudo_auth.h: Move clearing of AUTHSTATE into - aixauth_cleanup. +2009-08-08 Todd C. Miller -2008-11-05 19:08 millert + * script.c: + Fix wait() usage and use correct wait status. + [f4745ed7ad05] - * env.c, auth/aix_auth.c: Unset AUTHSTATE after calling - authenticate() as it may not be correct for the user we are - running the command as. + * sudo.c, sudo.h, tgetpass.c: + Add protos for term_* to sudo.h + [14fe1abd7e7b] -2008-11-05 19:05 millert + * script.c: + Fix detection of the child process exiting. Since the child is in + its own session we should only ever get SIGCHLD for that process but + better safe than sorry. + [7edfdadd8505] - * isblank.c: Add isblank() function for systems without it. Needed - for POSIX character class matching in fnmatch.c and glob.c. + * config.h.in: + Add UNIX98 pty support. + [82f4b53a0e8f] -2008-11-05 11:02 millert + * configure, configure.in, script.c: + Add UNIX98 pty support. + [795b8bb0a3a1] - * TROUBLESHOOTING: expound on sudo and cd +2009-08-07 Todd C. Miller -2008-11-04 15:52 millert + * term.c: + For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC + if it is defined. + [40f8b83baf69] - * ChangeLog: regen + * auth/pam.c: + Set PAM_RUSER and PAM_RHOST early so they can be used during + authentication. Based on a patch from Jamie Beverly. + [3d567b453a6a] -2008-11-04 15:46 millert + * match.c: + Close dir before returning if strlcpy() reports overflow. From + Martynas Venckus. + [6a82f96473e5] - * sudoers.cat, sudoers.man.in: regen + * config.h.in, configure, configure.in, script.c: + On Linux, the openpty proto libes in pty.h + [98643a018d1c] -2008-11-04 15:45 millert + * script.c: + Call vhangup on exit if the system has it Use setpgrp() if no + setsid() + [3a9e13149829] - * sudoers.pod: mention defauts parse order +2009-08-06 Todd C. Miller -2008-11-03 13:19 millert + * config.h.in, configure, configure.in: + Add checks for revoke and vhangup if we don't have openpty + [fcb04572e994] - * Makefile.in, aclocal.m4, compat.h, configure: Add isblank() - function for systems without it. Needed for POSIX character - class matching in fnmatch.c and glob.c. + * script.c: + Session logging guts that got forgotten in the previous commit. + [c2af08a63ea9] -2008-11-03 12:54 millert + * Makefile.in, aclocal.m4, compat.h, config.h.in, configure, + configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, + gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c, + tgetpass.c: + First cut at session logging for sudo. Still need to write + get_pty() for Unix 98 and old-style BSD ptys. Also needs + documentation and general cleanup. + [77e3f5e25738] - * Makefile.in: add emul/charclass.h to HDRS +2009-08-05 Todd C. Miller -2008-11-02 14:08 millert + * sudo.c, sudo_edit.c: + Fix a bug introduced with def_closefrom. The value of def_closefrom + already includes the +1. + [7291c136300d] - * TODO: checkpoint +2009-07-29 Todd C. Miller -2008-11-02 14:06 millert + * Makefile.in: + Generate sudo distributions with pax in ustar mode. No longer need + to use a temp file or have the source dir name match the version. + [9778177a8272] - * parse.c, defaults.c, testsudoers.c, visudo.c: Move - update_defaults into defaults.c and call it properly from visudo - and testsudoers. +2009-07-18 Todd C. Miller -2008-11-02 09:51 millert + * toke.c, toke.l: + Fix expansion of %h in #include names. Fixes bugzilla 363 + [6e346879ba24] - * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, - tgetpass.c, tsgetgrpw.c: use zero_bytes() instead of memset() for - consistency +2009-07-12 Todd C. Miller -2008-11-02 09:45 millert + * mkdefaults: + If no arg assume def_data.in + [c1dd28c0e675] - * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, - tgetpass.c, visudo.c: Zero out sigaction_t before use in case it - has non-standard entries. + * README, WHATSNEW: + Update for 1.7.2 + [f5ad45f69f05] [SUDO_1_7_2] -2008-11-02 09:35 millert + * ChangeLog: + sync + [6283549396ff] - * match.c: quiet gcc +2009-06-30 Todd C. Miller -2008-11-02 09:28 millert + * sudoers.cat, sudoers.man.in, sudoers.pod: + Add missing single quotes around a colon in Runas_Spec definition. + From Elias Benali. + [ccc6ee4fca83] - * match.c: Short circuit glob() checks if basename(pattern) != - basename(command). Refactor code that checks for a command in a - directory and use it in the glob case if the resolved pattern - ends in a '/'. +2009-06-29 Todd C. Miller -2008-11-01 09:20 millert + * sudo.man.in, sudoers.man.in: + regen + [546e75304ebf] - * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c: Defer - setting runas defaults until after runaspw/gr is setup. + * redblack.c: + In rbrepair, re-color the root or the first non-block node we find + to be black. Re-coloring the root is probably not needed but won't + hurt. + [34d01ebe241b] -2008-10-29 13:26 millert + * sudo.cat, sudoers.cat: + regen + [bebf5a39f54f] - * match.c, sudo.c, testsudoers.c: Use MAXHOSTNAMELEN+1 when - allocating host/domain name since some systems do not include - space for the NUL in the size. Also manually NUL-terminate - buffer from gethostname() since POSIX is wishy-washy on this. +2009-06-26 Todd C. Miller -2008-10-26 17:13 millert + * redblack.c: + When repairing the tree, don't touch the root node. + [9841f0d5d789] - * sudo.c, sudoers.pod: When setting the umask, use the union of the - user's umask and the default value set in sudoers so that we - never lower the user's umask when running a command. +2009-06-25 Todd C. Miller -2008-10-26 16:43 millert + * set_perms.c: + Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID. + Reported by Josef Schmid. + [ed044b1eb879] - * sudo.c: Don't try to read from a zero-length sudoers file. - Remove the bogus Solaris work-around for EAGAIN. Since we now - use fgetc() it should not be a problem. +2009-06-23 Todd C. Miller -2008-10-25 09:22 millert + * sudoers.pod: + Document that we accept env_pam-style environment files + [e3b545456352] - * parse.c: In update_defaults() check the return value of - user*_matches against ALLOW so we don't inadvertantly match on - UNSPEC. + * env.c: + Adapt to accept pam_env-style /etc/environment which allows shell- + style lines such as: export EDITOR="/usr/bin/vi" + [752eb75bf007] -2008-10-24 09:52 millert + * sudoers.pod: + Make it clear that env_delete only works when !env_reset. From Lo??c + Minier + [3bd3f8e351ba] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen man pages; no more hyphenation +2009-06-15 Todd C. Miller -2008-10-24 09:49 millert + * sudo.pod, sudoers.pod: + Add non-unix group bits, adapted from Quest + [8ce427de8dea] - * sudo.c: Don't error out on a zero-length sudoers file. With the - advent of #include the user could create a situation where sudo - is unusable. + * Makefile.in: + build the .cat page in the current working dir, not the src dir + [00e87a307674] -2008-10-23 12:06 millert + * env.c: + Return EINVAL in setenv() if var is NULL or the empty string to + match glibc behavior. + [23fd7c247142] - * config.h.in, configure, configure.in, auth/kerb5.c: Newer heimdal - has 2-argument krb5_get_init_creds_opt_free() like MIT krb5. - Really old heimdal has no krb5_get_init_creds_opt_alloc() at all. - Add configure tests to handle all the cases. +2009-06-13 Todd C. Miller -2008-10-08 17:28 millert + * configure, configure.in: + Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE + [fedd4a3e2a85] - * sudo.pod: resort ENVIRONMENT +2009-06-11 Todd C. Miller -2008-10-08 17:09 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen + [7b9f461a40b3] - * sudoers.pod: document sudoers_locale +2009-06-09 Todd C. Miller -2008-10-08 16:56 millert + * INSTALL: + Document --with-libvas and --with-libvas-rpath + [a071e6d96c89] - * sudo.pod, sudo_edit.c: add SUDO_EDITOR variable that sudoedit - uses in preference to VISUAL or EDITOR +2009-05-29 Todd C. Miller -2008-10-08 14:27 millert + * ldap.c, sudoers.ldap.pod: + For netscape-derived LDAP SDKs the cert and key paths may be a + directory or a file. However, version 5.0 of the SDK only seems to + support using a directory. If ldapssl_clientauth_init fails and the + cert or key paths look like they could be files, strip off the last + path element and try again. + [ac4e49d83043] - * toke.c, toke.l: In fill_cmnd(), collapse any escaped - sudo-specific characters. Allows character classes to be used in - pathnames. + * Makefile.in: + Add non-Unix group .o to COMMON_OBJS and substitute in path to flex. + [4547cc1a335f] -2008-10-03 16:02 millert +2009-05-27 Todd C. Miller - * lbuf.c: fix typo in non-C89 function declaration + * configure, configure.in, match.c, sudo.c, vasgroups.c: + Update non-Unix group support from Quest, as reworked by me. + [1abafce29dc6] -2008-10-03 15:56 millert + * toke.c: + regen + [01bfca9148b7] - * sudoers.pod: Mention POSIX characters classes now that out - fnmatch() and glob() support them. + * toke.l: + Add support for escaped hex chars in names, e.g. \x20 for space. + [3c7be8e58a39] -2008-10-03 15:55 millert +2009-05-25 Todd C. Miller - * sample.sudoers, sudoers.pod: Replace [A-z] (which won't match in - UTF8) with [A-Za-z] which is locale agnostic. + * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c, + auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c, + fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c, + logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c, + set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h, + sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c, + tgetpass.c, toke.l, visudo.c: + Update copyright years. + [e615f676c764] -2008-10-03 10:02 millert +2009-05-24 Todd C. Miller - * parse.h: use __signed char if we are going to assign a negative - value since on Power, char is unsigned by default + * interfaces.c, lbuf.c: + Minor fixes for Minix-3 + [898c510d23f9] -2008-10-03 09:59 millert +2009-05-22 Todd C. Miller - * configure, configure.in, config.h.in: Add tests for __signed char - and signed char. + * set_perms.c: + Handle getgroups() returning 0. Also add missing check for + HAVE_GETGROUPS. + [d73b958f9ffd] -2008-10-03 09:19 millert +2009-05-19 Todd C. Miller - * aix.c: Fix AIX limit setting. getuserattr() returns values in - disk blocks rather than bytes. The default hard stack size in - newer AIX is RLIM_SAVED_MAX. From Dale King. + * Makefile.in, config.h.in, configure, configure.in, sudo.c, + version.h, visudo.c: + Replace version.h with PACKAGE_VERSION set via AC_INIT in configure. + [5050579a264d] -2008-09-26 17:13 millert +2009-05-18 Todd C. Miller - * fnmatch.c, glob.c, emul/charclass.h: Add character class support - to included glob(3) and fnmatch(3). + * set_perms.c: + Remove group setting code in setusercontext case, we will do it + ourselves later on in runas_setup. Set the gid after + initgroups/setgroups is called, since on Mac OS X it seems to change + the egid. + [09dc21d8b42d] -2008-09-16 08:28 millert +2009-05-17 Todd C. Miller - * emul/fnmatch.h: Remove UCB advertising clause and some - compatibility defines. + * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c, + vasgroups.c: + Initial bits of non-unix group support using Quest Authentication + Services + [1eecab0ff27e] -2008-09-14 16:07 millert + * toke.c, toke.l: + Accept %:foo as a non-Unix group + [4c4b5dd899a6] - * sudo_edit.c: Check EDITOR/VISUAL to make sure sudoedit is not - re-invoking itself or sudo. This allows one to set EDITOR to - sudoedit without getting into an infinite loop of sudoedit - running itself until the path gets too big. + * toke.c, toke.l: + Allow user/group to be double quoted in the case of non-Unix groups + which contain spaces. + [47a3d568b7e8] -2008-09-13 20:45 millert +2009-05-11 Todd C. Miller - * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c: Add - sudoers_locale Defaults option to override the default sudoers - locale of "C". + * match.c: + Don't allow the user to specify the default runas user if their + sudoers entry only allows them to run as a group. + [4d726177227c] -2008-09-13 14:09 millert +2009-05-10 Todd C. Miller - * sudo.c: Set locale to system default except for during sudoers - parse. + * sudo.c: + Must call audit_success before we change uids. + [04a9e6ce6e55] -2008-09-12 09:34 millert + * logging.c, set_perms.c, sudo.h, testsudoers.c: + Add option for set_perm to not exit on failure and use this in the + logging routines. + [833dce7b7f42] - * match.c: Redo change in 1.34 to use pointer arithmetic. + * parse.c: + In -l mode, if the user is only allowed to run as a group, display + the user's name, not root's before the allowed group. + [ef92ff99d265] -2008-09-11 07:06 millert + * sudo.c: + Fix -g mode, broken by rev 1.503 which had the side effect of + setting the runas user to root unilaterally. + [50a2f7df4385] - * match.c: Fix a dereference (read) of a freed pointer. Reported - by Patrick Williams. +2009-05-08 Todd C. Miller -2008-08-23 19:09 millert + * fileops.c: + When unlocking a file with fcntl, use F_SETLK, not F_SETLKW. + [30fbe832dcf3] - * sudo.c: Set locale to "C" to avoid interpretation issues with - character ranges in sudoers. May want to make the locale a - sudoers option in the future. + * pwutil.c: + Only cache by the method we fetched for pwd and grp lookups. + Previously we cached both by namd and id but this can cause problems + for entries that share the same id. Also add more info in the error + message in case the insert fails (which should now be impossible). + [ef95a4f0bab5] -2008-08-20 07:45 millert +2009-04-30 Todd C. Miller - * config.h.in: we no longer use setproctitle + * sudoers.pod: + Add a clarification from Nick Sieger + [1eadad329561] -2008-08-20 07:41 millert +2009-04-25 Todd C. Miller - * sudo.h: remove #if 1 + * env.c: + Inline the setting of the environment string. + [9515d11c6295] -2008-08-20 07:40 millert +2009-04-24 Todd C. Miller - * LICENSE, mkstemp.c: Use my replacement mkstemp() from the mktemp - package. + * env.c: + setenv(3) in Linux treats a NUL value as the empty string setenv(3) + in BSD doesn't return an error if the name has '=' in it, it just + treats the '=' as end of string. + [941260bf94d2] -2008-07-12 08:53 millert +2009-04-22 Todd C. Miller - * gram.c: regen with yacc skeleton bug fixed + * toke.c, toke.l: + Not all systems have d_namlen + [e377b18d8e2d] -2008-07-12 08:48 millert +2009-04-20 Todd C. Miller - * sudoers.pod: Remove duplicate "as root". From Martin Toft. + * sudoers.pod: + Fix up some pod2html issues. + [823a1f10ab60] -2008-07-02 06:27 millert +2009-04-19 Todd C. Miller - * pwutil.c, sudo.c, testsudoers.c, sudo.h: Flesh out the fake - passwd entry used for running commands as a uid not listed in the - passwd database. Fixes an issue with some PAM modules. + * interfaces.c: + Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from + Quest Software. + [73de36653131] -2008-07-01 07:57 millert + * sudoers.pod: + Ignore files ending in '~' in sudo.d (emacs backup files) + [7871fad702db] - * sudo.c: Error out in -i mode if the user has no shell. This can - happen when running commands as a uid with no password entry. + * toke.c, toke.l: + Ignore files ending in '~' in sudo.d (emacs backup files) + [53fded2a469f] -2008-06-26 07:49 millert +2009-04-18 Todd C. Miller - * toke.c, toke.l: Better fix for line continuation inside double - quotes. Now accepts whitespace between the backslash and the - newline like the main lexer. + * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l: + For #includedir, ignore any file containing a dot + [a7daa1bce6c2] -2008-06-25 14:31 millert + * Makefile.in, version.h: + Bump version + [ef60f14ffc44] - * toke.c, toke.l: Fix line continuation in strings. It was only - being honored if preceded by whitespace. + * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat, + sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l, + visudo.c: + Implement #includedir directive. Files in an includedir are not + edited by visudo unless they contain a syntax error. + [3923d85a6c79] -2008-06-22 16:19 millert + * ChangeLog: + sync + [8741ed61a78b] [SUDO_1_7_1] - * config.h.in, configure, configure.in, logging.c: Replace the - double fork with a fork + daemonize. + * WHATSNEW: + Forgot umask_override + [7c86a21a5504] -2008-06-21 14:59 millert + * ChangeLog, TODO: + sync + [57339ca6bccf] - * env.c, sudo.c: The -i flag should imply env_reset. This got - broken in sudo 1.6.9. +2009-04-16 Todd C. Miller -2008-06-20 20:34 millert + * visudo.c: + Rewind stream if we fdopen sudoers since it may not be at the + beginning. Set the keepopen flag on already-open files too so the + lexer doesn't close them out from under us. + [61292d819aff] - * logging.c, sudo.c, sudo_edit.c, visudo.c: Change how the mailer - is waited for. Instead of having a SIGCHLD handler, use the - double fork trick to orphan the child that opens the pipe to - sendmail. Fixes a problem running su on some Linux distros. + * visudo.c: + Print the proper file name when there is a parse error in an include + file. + [b0e85d4aedde] -2008-06-20 17:16 millert +2009-04-11 Todd C. Miller - * configure, configure.in: Fix configure test for dirfd() on Linux - where DIR is opaque. + * WHATSNEW: + Sync + [997e5d485ea3] -2008-06-17 17:42 millert +2009-04-10 Todd C. Miller - * tgetpass.c: Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If - QNX still has this problem we'll need to revisit this again. + * configure, configure.in: + Fix a warning when --without-ldap is specified. + [d91fd9481b30] -2008-06-10 21:13 millert +2009-04-05 Todd C. Miller - * logging.c: Ignore SIGPIPE instead of blocking it when piping to - the mailer. If we only block the signal it may be delivered - later when we unblock. Also, there is no need to block SIGCHLD - since we no longer do the double fork. The normal SIGCHLD - handler is sufficient. + * alias.c, parse.h, visudo.c: + Store aliases that we remove during check_aliases in a freelist and + free them at the end so we don't leak memory. + [805e2272f6a3] -2008-06-08 17:37 millert +2009-03-28 Todd C. Miller - * configure, configure.in: Add description for NO_PAM_SESSION, from - a redhat patch. + * visudo.c: + Check aliases in -c mode too. + [9199e188d9f2] -2008-06-06 09:36 millert + * alias.c, parse.h, visudo.c: + Make alias_remove return the alias struct instead of freeing it + directly. Fixes a use after free in alias_remove_recursive, the only + consumer. + [a04b61804800] - * sudo.cat, sudo.man.in, sudo.pod: Fix typos in -i usage + * alias.c, match.c, parse.c, parse.h, visudo.c: + Rename find_alias -> alias_find for consistency. + [48b0a82924f3] -2008-05-18 13:54 millert +2009-03-27 Todd C. Miller - * configure, configure.in: Redo the test for dgettext() in a way - that hopefully will work around the libintl_dgettext() undefined - problem. + * visudo.c: + When checking for unused aliases, recurse if the alias points to + another alias. + [2d4d1a7f3a41] -2008-05-11 09:21 millert +2009-03-16 Todd C. Miller - * schema.ActiveDirectory: change filename in comment + * ldap.c: + Back out rev 1.105 for now. Real ldapux_client.conf support will be + done later after some refactoring. + [8ad72e69b277] -2008-05-10 09:18 millert +2009-03-14 Todd C. Miller - * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in, - sudoers.ldap.pod: Reference schema.ActiveDirectory + * ldap.c: + Treat ldap_hostport the same as "host" for ldapux. + [3281dcc66da8] -2008-05-09 14:49 millert + * configure, configure.in: + Only check for ldap_sasl_interactive_bind_s if we can find sasl.h. + Fixes compilation with ldapux. + [ca1ed585ef0e] - * schema.OpenLDAP, schema.iPlanet: Mark sudoRunAs as deprecated. +2009-03-12 Todd C. Miller -2008-05-09 14:48 millert + * fileops.c: + fix char subscript + [41e51f080d00] - * schema.ActiveDirectory: add sudoRunAsUser and sudoRunAsGroup +2009-03-11 Todd C. Miller -2008-05-09 14:01 millert + * Makefile.in: + remove errant carriage returns + [e9e258a31c7b] - * schema.ActiveDirectory: Active Directory schema by Chantal - Paradis and Eric Paquet + * audit.c, env.c: + fix K&R compilation + [d182e8920f13] -2008-05-08 17:54 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen + [791a5cbf04e5] - * parse.c: remove an XXX that was fixed +2009-03-10 Todd C. Miller -2008-05-08 12:53 millert + * config.h.in: + Add missing HAVE_BSM_AUDIT + [49ad1bb96f04] - * ChangeLog: sync + * WHATSNEW: + Add 1.7.1 features + [f107f1604c61] -2008-05-08 12:49 millert + * INSTALL: + Mention --with-netsvc + [d1e90d147795] - * parse.c: Initialize tags to UNSPEC instead of def_* in "sudo -l" - mode. This fixes a problem where the tag value printed was - influenced by defaults set in the first pass through the parser. + * sudoers.ldap.pod: + Document netsvc.conf support + [e78f8abce6af] -2008-05-03 21:29 millert + * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c, + sudo_nss.h: + Add support for AIX netsvc.conf (like nsswitch.conf). + [1df56a84dee5] - * Makefile.in, sudo.psf: No point in packaging the TODO file +2009-03-08 Todd C. Miller -2008-05-03 21:24 millert + * config.h.in, configure, configure.in, env.c: + Add --enable-env-debug flag to enable environment sanity checks. + [128cdd8832e7] - * ChangeLog: sync + * sudoers.ldap.pod, sudoers.pod: + Work around some pod2html issue. + [e733b9609bd2] -2008-05-02 20:53 millert +2009-03-07 Todd C. Miller - * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c, - sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod: Add env_file - Defaults option that is similar to /etc/environment on some - systems. + * env.c: + Only sync environ for putenv, setenv, and unsetenv. We need to make + sure that sudo_putenv and sudo_setenv only modify env.envp, not + environ. + [be3ac732243c] -2008-05-02 16:38 millert +2009-03-02 Todd C. Miller - * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in, - sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, - sudoers.man.in, version.h, visudo.cat, visudo.man.in: change - version to 1.7.0 + * env.c: + Really fix UNSETENV_VOID + [08ab7e882507] -2008-05-02 16:37 millert + * env.c: + Fix unsetenv when UNSETENV_VOID + [d3038b3f2f15] - * UPGRADE: initial valgrind pass done + * aclocal.m4, configure: + Fix SUDO_FUNC_PUTENV_CONST + [de35569c572b] -2008-04-23 08:30 millert + * ldap.c: + tivoli-based ldap does not have ldapssl_err2string + [c63fd90d5e99] - * ldap.c: Fix typo/think in sudo_ldap_read_secret() when storing - the secret. + * configure: + regen + [f38f1ee828ad] -2008-04-11 10:03 millert +2009-03-01 Todd C. Miller - * ldap.c: define LDAPS_PORT if the system headers do not + * config.h.in, configure, configure.in, ldap.c: + Add support for Tivoli-based LDAP start TLS as seen in AIX. + Untested. + [8f8771829f85] -2008-04-10 14:54 millert + * env.c: + Add sanity checks for setenv/unsetenv + [adbd1d95856b] - * gram.c, gram.y: Fix another memory leak in init_parser(). + * Makefile.in: + Include bsm_audit.h in the tarball + [4a4aa02b2c32] -2008-04-10 12:51 millert + * Makefile.in, version.h: + bump version for sudo 1.7.1 + [362c71d21595] - * configure, configure.in: There was a missing space before the - ldap libs in SUDO_LIBS for some configurations. + * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in, + env.c, ldap.c, sudo.h: + Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and + provide our own setenv/unsetenv/putenv that operates on own env + pointer. Make sync_env() inline in setenv/unsetenv/putenv functions. + [276edcd23032] -2008-04-10 11:28 millert +2009-02-25 Todd C. Miller - * alias.c, gram.c, gram.y, toke.c, toke.l: Clean up some memory - leaks pointed out by valgrind. + * sudo.c: + Make "sudoedit -h" work as expected + [2bcbbb45d389] -2008-04-07 14:39 millert + * auth/pam.c: + Make sure def_prompt is always defined. This is a workaround for + pam configs that prompt for a password in the session but don't have + an auth line. A better fix is to expand the sudo prompt earlier and + set def_prompt to that when initializing. + [ee073c04aec3] - * sudo.c: fix "sudo -s" broken by mode/flags breakout + * sudo.pod: + Mention that the helper for -A may be graphical. + [b64a940c4082] -2008-04-07 14:26 millert + * TROUBLESHOOTING: + Document what happens if there is no tty. + [313d58a856a5] - * configure, configure.in: remove duplicate check for dgettext + * sudo.c: + cosmetic changes + [894f5e3b0c3e] -2008-04-05 15:54 millert + * term.c: + Fix term_restore + [6c6315ff14bc] - * aix.c: Fall back to default stanza if no user-specific limit is - found. + * sudo.c: + Fix "sudo -k" with no other args + [59e94dc419c6] -2008-04-02 15:56 millert +2009-02-24 Todd C. Miller - * snprintf.c: include stdint.h if present + * check.c, sudo.c, sudo.pod, sudo_usage.h.in: + Allow the -k flag to be specified in conjunction with a command or + another option that may require authentication. + [5960ff20355d] -2008-04-02 15:28 millert +2009-02-23 Todd C. Miller - * snprintf.c: Use LLONG_MAX, not the old QUAD_MAX + * configure, configure.in: + Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes' + [e86ab69c4a57] -2008-04-01 19:18 millert + * Makefile.in: + Parallel make fix. From Diego E. 'Flameeyes' + [1289d7ee27db] - * sudoers.ldap.pod: fix cut and pasto +2009-02-21 Todd C. Miller -2008-03-31 11:24 millert + * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: + Implement umask_override + [8b87a3f7c5aa] - * pwutil.c: Add #ifdef PURITY + * toke.c: + regen + [79d7ca9ac873] -2008-03-30 17:36 millert + * sudoers.pod, toke.l, visudo.c: + Implement %h escape in sudoers include filenames. + [a7f288dd64f0] - * auth/bsdauth.c: remove useless cast + * audit.c: + Need to include compat.h + [c0dc07ce2f70] -2008-03-27 19:07 millert + * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c: + Make audit_success and audit_failure generic functions in + preparation for integrating linux audit support. + [7df020a8fd6f] - * ChangeLog: sync + * term.c: + remove duplicate include + [1dfcd01a7e46] -2008-03-27 19:04 millert +2009-02-20 Todd C. Miller - * TODO: sync + * bsm_audit.c: + Add missing include + [fb56e08c37ee] -2008-03-27 19:01 millert + * sudo.c: + May need to update the runas user after parsing command-based + defaults. + [246f130d7802] - * sudo.h: Split MODE_* defines into primary and flags. +2009-02-18 Todd C. Miller -2008-03-26 13:11 millert + * glob.c: + Add missing pair of braces introduced with character class support. + [0e2afa2e03e9] - * aix.c: It turns out the logic for getting AIX limits is more - convoluted than I realized and differs depending on whether the - soft and/or hard limits are defined. +2009-02-15 Todd C. Miller -2008-03-23 10:18 millert + * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c: + Rename pwstars to pwfeedback + [a9f85a57ebac] - * Makefile.in, configure, configure.in: Back out AIX-specific - change to set the sudo_noexec path to the .a file, we do really - want to use the .so file. Since libtool doesn't do that - correctly, just install the .so file ourselves in the Makefile. +2009-02-11 Todd C. Miller -2008-03-23 10:12 millert + * bsm_audit.c, bsm_audit.h: + Add const to make MacOS happy. + [4274432d6627] - * install-sh: If the file given to install is a path, only use the - basename of the file when building the destination path. + * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure, + configure.in, sudo.c: + Add bsm audit support from Christian S.J. Peron + [bef61cd8693d] -2008-03-18 16:08 millert + * term.c: + This is new code, no DARPA notice. + [ec6ad09b9c23] - * sudo.c: parse_args() cleanup: Sort command line options in the - getopt() switch The -U option requires a parameter Normalize a - few ISSET calls Split mode into mode and flags and retire the - now-obsolete excl variable +2009-02-10 Todd C. Miller -2008-03-18 16:04 millert + * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: + Rename simple_glob -> fast_glob + [68d9ed803cc1] - * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, - sudo.pod, sudo_usage.h.in: Add -n (non-interactive) flag. + * match.c: + g/c unused var + [693fa0464eb6] -2008-03-18 15:59 millert + * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: + Add simple_glob option to use fnmatch() instead of glob(). This is + useful when you need to specify patterns that reference network file + systems. + [77ba634f6949] - * sudo.c: Move version printing, etc. into a separate function. + * tgetpass.c: + add term_* proto + [520f5149d073] -2008-03-18 15:57 millert + * sudoers.pod: + mention glob() + [ddaab8e03c52] - * sudo.c: Don't try to cleanup nsswitch if it has not been - initialized. +2009-02-09 Todd C. Miller -2008-03-17 11:09 millert + * tgetpass.c: + Delete any pwstars we wrote after the user hits return. That way + there is no record on screen as to the user's password length. + [fae25cda762b] - * logging.c: Block SIGPIPE in send_mail() so sudo is not killed by - a problem executing the mailer. +2009-02-08 Todd C. Miller -2008-03-14 08:11 millert + * term.c: + Move terminal setting bits from tgetpass.c to term.c + [03d43325ee99] - * configure.in, configure: AIX shared libs end in .a, not .so. + * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod, + tgetpass.c: + Add pwstars sudoers option that causes sudo to print a star every + time the user presses a key. + [7aab417e184d] -2008-03-13 07:34 millert +2009-02-03 Todd C. Miller - * env.c: Preserve HOME by default too. Matches documentation and - previous behavior. + * Makefile.in: + Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in. + [64f70e879816] -2008-03-12 19:42 millert +2009-01-27 Todd C. Miller - * sudo.c: Use getopt() to parse the command line. We need to be - able to intersperse env variables and options yet still honor - "--"" which complicates things slightly. + * ldap.c: + For ldap_search_ext_s() the sizelimit param should be 0, not -1, to + indicate no limit. From Mark Janssen. + [e2c5732d54f5] -2008-03-06 14:46 millert +2009-01-17 Todd C. Miller - * ChangeLog: sync + * toke.c, toke.l: + Comments that begin with #- should not be parsed as uids. + [a72a50f12f41] -2008-03-06 14:43 millert +2009-01-09 Todd C. Miller - * acsite.m4, configure, ltmain.sh: update to libtool-1.5.26 + * sudo.c: + Do not try to set the close on exec flag if we didn't actually open + sudoers. + [ece3ca256904] -2008-03-06 14:32 millert +2008-12-19 Todd C. Miller - * config.guess, config.sub: update from libtool-1.5.26 distribution + * ChangeLog: + regen + [e11f0e4c1bdd] [SUDO_1_7_0] -2008-03-06 13:18 millert +2008-12-14 Todd C. Miller - * aix.c, sudo.h: attempt to fix compilation errors on AIX + * TODO: + sync + [5b8954462bb3] -2008-03-06 13:08 millert +2008-12-09 Todd C. Miller - * Makefile.in: fix typo in last commit + * auth/pam.c: + Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the + password prompt. + [8563601cb3de] -2008-03-06 13:07 millert + * configure, configure.in: + Don't try to build sudo_noexec.so on HP-UX with the bundled compiler + as it cannot generate shared objects. + [6d4262ef9669] - * Makefile.in: Add WHATSNEW file to the distribution + * emul/charclass.h, glob.c, lbuf.c, tgetpass.c: + K&R compilation fixes + [77921678d17c] -2008-03-06 12:43 millert + * parse.c: + Use tq_foreach_fwd when checking pseudo-commands to make it clear + that we are not short-circuiting on last match. When pwcheck is + 'all', initialize nopass to TRUE and override it with the first non- + TRUE entry. + [96b209f4778f] - * visudo.c: use warningx instead of fprintf(stderr, ...) +2008-12-08 Todd C. Miller -2008-03-06 12:31 millert + * parse.c: + Do not short circuit pseudo commands when we get a match since, + depending on the settings, we may need to examine all commands for + tags. + [fdbaf89d6f35] - * list.c: add DEBUG to list2tq +2008-12-03 Todd C. Miller -2008-03-06 12:28 millert + * sudoers.cat, sudoers.man.in: + regen + [1ecce7c1b841] - * ChangeLog, TODO: sync + * sudoers.pod: + hostnames may also contain wildcards + [82b76695601c] -2008-03-06 12:21 millert + * Makefile.in: + remove stamp-* files and linux core files in clean target + [22003f091467] - * WHATSNEW: mention mailfrom +2008-12-02 Todd C. Miller -2008-03-06 12:19 millert + * auth/sudo_auth.h, config.h.in, configure, configure.in: + Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX + [6905bede8410] - * Makefile.in, config.h.in, configure, configure.in, set_perms.c, - sudo.h, aix.c: Add aix_setlimits() to set resource limits on AIX - using a combination of getuserattr() and setrlimit(). Currently - untested. +2008-11-26 Todd C. Miller -2008-03-05 16:52 millert + * configure, configure.in: + correctly enable SIA on Digital UNIX + [a51881d13995] - * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat, - sudoers.pod, sudoers.man.in: Add mailfrom Defaults option that - sets the value of the From: field in the warning/error mail. If - unset the login name of the invoking user is used. + * TODO: + checkpoint + [af0fe8d94d42] -2008-03-05 16:18 millert + * ChangeLog: + sync + [831f623cf99c] - * defaults.c: store a copy of _PATH_SUDO_ASKPASS in def_askpass - that is freeable +2008-11-25 Todd C. Miller -2008-03-05 15:19 millert + * check.c, sudo.h, tgetpass.c: + Even if neither stdin nor stdout are ttys we may still have /dev/tty + available to us. + [20f306ba883b] - * gram.c, gram.y: When adding a default, only call list2tq() once - to do the list to tq conversion. It is not legal to call list2tq - multiple times on the same list since list2tq consumes and - modifies the list argument. +2008-11-24 Todd C. Miller -2008-03-05 09:38 millert + * sudoers.cat, sudoers.man.in: + regen + [76d97c4c318f] - * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: comment - out XXXs for now + * sudoers.pod: + fix typos; Markus Lude + [bff8bc1e2066] -2008-03-05 09:36 millert + * ChangeLog: + sync + [f108552531cd] - * WHATSNEW: mention askpass + * toke.c: + regen + [de828413c67e] -2008-03-04 17:20 millert + * toke.l: + Fix matching of a line that only consists of a comment char + [09c953d8d5ca] - * sudo.c: Error out if both -A and -S are specified Error out if -A - is specified but no askpass is configured +2008-11-22 Todd C. Miller -2008-03-04 17:16 millert + * auth/pam.c: + MacOS pam will retry conversation function if it fails so just treat + ^C as an empty password. + [d056058930bc] - * configure, configure.in: we are not going to ship a sudo-specific - askpass + * visudo.c: + When checking for alias use, also check defaults bindings. + [2647f82c7dbd] -2008-03-03 14:30 millert + * redblack.c: + unused var + [b7ff71c17c18] - * sudo.h: fix definition of TGP_ASKPASS + * redblack.c: + Replace my rbdelete with Emin's version (which actually works ;-) + [21b133dd0c72] -2008-03-03 13:54 millert +2008-11-19 Todd C. Miller - * def_data.c, def_data.in: make askpass boolean-capable + * testsudoers.c: + malloc debugging + [0fb446fa3279] -2008-03-03 13:53 millert + * visudo.c: + malloc options in devel mode for visudo too + [98d06c6afeef] - * INSTALL: document --with-askpass +2008-11-18 Todd C. Miller -2008-03-02 19:27 millert + * sudo.c: + fix compilation on non-C99; from Theo + [7c304e16c536] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, - sudoers.ldap.cat, visudo.cat: regen + * visudo.c: + fix check_aliases + [83f30a3b1765] -2008-03-02 17:31 millert + * alias.c: + when destroying an alias, free the correct data pointer + [6e1a8bd86c01] - * sudo.pod, sudo_usage.h.in, sudoers.pod: document -A and askpass + * auth/sudo_auth.h: + add proto for aixauth_cleanup; from Dale King + [eba94ffc8f63] -2008-03-02 09:31 millert +2008-11-15 Todd C. Miller - * check.c, configure, configure.in, def_data.c, def_data.h, - def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h, - sudo_usage.h.in, tgetpass.c, auth/sudo_auth.c: Add support for - running a helper program to read the password when no tty is - present (or when specified with the -A flag). TODO: docs. + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [409fa57fff83] -2008-03-02 08:38 millert + * sudo.pod, sudoers.pod, visudo.pod: + standardize on the term 'option' for command line options (not flag) + [228caefc2e36] - * def_data.c, def_data.in: add missing printf format to SELinux - role and type strings +2008-11-14 Todd C. Miller -2008-02-27 09:26 millert + * INSTALL: + Add note on configuring HP-UX pam + [f7674a581baf] - * INSTALL, configure, configure.in: Disable use of - gss_krb5_ccache_name() by default and add - --enable-gss-krb5-ccache-name configure option to enable it. It - seems that gss_krb5_ccache_name() doesn't work properly with some - combinations of Heimdal and OpenLDAP. +2008-11-11 Todd C. Miller -2008-02-22 15:33 millert + * check.c, sudo.c: + Move tty checks into check_user() so we only do them if we actually + need a password. + [7d997d7106d6] - * selinux.c: Ignore setexeccon() failing in permissive mode. Also - add a call to setkeycreatecon() (though this is probably - insufficient). From Dan Walsh. + * sudo.c: + Don't error out if no tty or askpass unless we actually need to + authenticate. + [9f23b83ed66c] -2008-02-22 15:19 millert +2008-11-10 Todd C. Miller - * auth/pam.c: Only set std_prompt for the PAM_PROMPT_* cases. The - conversation function may be called for non-password reading - purposes so we must be careful not to use def_prompt in cases - where it may not be set. + * ChangeLog: + regen + [23f9aef32da6] -2008-02-20 12:00 millert + * pathnames.h.in, sudo.c: + s/overriden/overridden/; from Tobias Stoeckmann + [9f7459a8fac5] - * selinux.c: Don't free the new tty context, we need to keep it - around when we restore the tty context after the command - completes +2008-11-09 Todd C. Miller -2008-02-19 16:04 millert + * WHATSNEW, visudo.c: + check sudoers owner and mode in strict mode + [a3468c5ac1c4] - * selinux.c: s/newrole/sudo/ + * gram.c, toke.c: + regen + [7d6b515a5443] -2008-02-19 13:21 millert + * sudo.man.in, sudoers.man.in, visudo.man.in: + Update copyright years. + [52d340cb8cba] - * sudo.man.pl, sudo.pod: Only put login_cap(3) in SEE ALSO section - if we have login.conf support + * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, + auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, + auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h, + closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c, + gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c, + interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h, + parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, + sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod, + testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c, + visudo.pod, zero_bytes.c: + Update copyright years. + [b4e6bf2beafa] -2008-02-18 11:05 millert + * emul/charclass.h, fnmatch.c, glob.c: + add my copyright + [28681385014a] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen +2008-11-08 Todd C. Miller -2008-02-18 10:53 millert + * toke.c, toke.l: + The loop in fill_cmnd() was going one byte too far past the end, + resulting in a NUL being written immediately after the buffer end. + [a5a49d603cd7] - * Makefile.in, configure, configure.in, sudo.man.pl, sudo.pod, - sudoers.man.pl, sudoers.pod: Substitute in comment characters for - lines partaining to login.conf, BSD auth and SELinux and only - enable them if pertinent. + * UPGRADE, WHATSNEW: + add sections on tgetpass changes + [2e6929b6a102] -2008-02-18 10:42 millert + * tgetpass.c: + Treat EOF w/o newline as an error. + [aa02b1db9240] - * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod: - Remove the =cut on the first line (above the copyright notice) to - quiet pod2man. Also remove the hackery in the FILES section and - just deal with the fact that there will a newline between each - pathname. +2008-11-07 Todd C. Miller -2008-02-17 08:19 millert + * parse.c: + Fix "sudo -v" when NOPASSWD is set. + [f4914711ea80] - * Makefile.in: run sudo.man.pl when generating sudo.man.in + * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c, + auth/sudo_auth.h: + No longer treat an empty password at the prompt as special. To quit + out of sudo you now need to hit ^C at the password prompt. + [980f760ad419] -2008-02-17 08:11 millert + * sudoers.cat, sudoers.man.in: + regen + [6ca21a2cd869] - * configure, configure.in, sudo.man.pl: comment out SELinux manual - bits unless --with-selinux was specified + * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: + Sudo will now refuse to run if no tty is present unless the new + visiblepw sudoers flag is set. + [0cc56943252e] -2008-02-17 08:04 millert +2008-11-06 Todd C. Miller - * sudoers.pod: document role and type defaults for SELinux + * aix.c: + just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not + defined + [24fc6f712d5c] -2008-02-16 20:26 millert + * aix.c: + fix fallback value for RLIM_SAVED_MAX + [e09e04e1af89] - * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in: - Document "sudo -ll" and make "sudo -l -l" be equivalent. + * auth/aix_auth.c, auth/sudo_auth.h: + Move clearing of AUTHSTATE into aixauth_cleanup. + [e14ae7bd259c] -2008-02-15 15:23 millert + * auth/aix_auth.c, env.c: + Unset AUTHSTATE after calling authenticate() as it may not be + correct for the user we are running the command as. + [d14f68f1b0ab] - * configure.in, configure: Treat k*bsd*-gnu like Linux, not BSD. - Fixes compilation problems on Debian GNU/kFreeBSD. + * isblank.c: + Add isblank() function for systems without it. Needed for POSIX + character class matching in fnmatch.c and glob.c. + [16cba30b283f] -2008-02-13 17:17 millert +2008-11-05 Todd C. Miller - * auth/kerb5.c: Avoid Heimdal'isms introduced in the rev 1.32 - rewrite of verify_krb_v5_tgt() + * TROUBLESHOOTING: + expound on sudo and cd + [8e0fa9033637] -2008-02-13 07:28 millert +2008-11-04 Todd C. Miller - * logging.c, logging.h, sudo.c: Remove dependence on - VALIDATE_NOT_OK in logging functions. Split log_auth() into - log_allowed() and log_denial() Replace mail_auth() with - should_mail() and a call to send_mail() + * ChangeLog: + regen + [40cf320a10fc] -2008-02-10 18:06 millert + * sudoers.cat, sudoers.man.in: + regen + [7cac761ae2c6] - * ldap.c: Add debugging so we can tell if the krb5 ccache is - accessible + * sudoers.pod: + mention defauts parse order + [4e2ce86d1394] -2008-02-10 17:34 millert +2008-11-03 Todd C. Miller - * INSTALL: mention --with-selinux + * Makefile.in, aclocal.m4, compat.h, configure: + Add isblank() function for systems without it. Needed for POSIX + character class matching in fnmatch.c and glob.c. + [a1ab55da8424] -2008-02-09 09:48 millert + * Makefile.in: + add emul/charclass.h to HDRS + [7e8a019dcaa4] - * configure: regen +2008-11-02 Todd C. Miller -2008-02-09 09:43 millert + * TODO: + checkpoint + [afeb9bc1baed] - * selinux.c: add Sudo tag + * defaults.c, parse.c, testsudoers.c, visudo.c: + Move update_defaults into defaults.c and call it properly from + visudo and testsudoers. + [f4dbb369461f] -2008-02-09 09:30 millert + * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c, + tsgetgrpw.c: + use zero_bytes() instead of memset() for consistency + [4cee0465f4a8] - * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h, - def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h, - pathnames.h.in, selinux.c, sesh.c, sudo.c, sudo.cat, sudo.h, - sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.ldap.pod, testsudoers.c, toke.c, - toke.l: Add support for SELinux RBAC. Sudoers entries may - specify a role and type. There are also role and type defaults - that may be used. To make sure a transition occurs, when using - RBAC commands are executed via the new sesh binary. Based on - initial changes from Dan Walsh. + * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c, + visudo.c: + Zero out sigaction_t before use in case it has non-standard entries. + [120092225459] -2008-02-08 08:18 millert + * match.c: + quiet gcc + [098a1df49b23] - * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c: Add long - list (sudo -ll) support for printing verbose LDAP and sudoers - file entries. Still need to update manual. + * match.c: + Short circuit glob() checks if basename(pattern) != + basename(command). Refactor code that checks for a command in a + directory and use it in the glob case if the resolved pattern ends + in a '/'. + [3c46fd317acb] -2008-02-03 10:43 millert +2008-11-01 Todd C. Miller - * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h: Unify the -l - output for file and ldap based sudoers and use lbufs for both. - The ldap output does not currently include options that cannot be - represented as tags. This will be remedied in a long list output - mode to come. + * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c: + Defer setting runas defaults until after runaspw/gr is setup. + [12e75ee49c0c] -2008-01-27 16:37 millert +2008-10-29 Todd C. Miller - * set_perms.c: Use a specific error message for errno == EAGAIN - when setuid() et al fails. On Linux systems setuid() will fail - with errno set to EAGAIN if changing to the new uid would result - in a resource limit violation. + * match.c, sudo.c, testsudoers.c: + Use MAXHOSTNAMELEN+1 when allocating host/domain name since some + systems do not include space for the NUL in the size. Also manually + NUL-terminate buffer from gethostname() since POSIX is wishy-washy + on this. + [7266ab3296a3] -2008-01-27 16:34 millert +2008-10-26 Todd C. Miller - * sudo.c: Unlimit nproc on Linux systems where calling the setuid() - family of syscalls causes the nroc resource limit to be checked. - The limits will be reset by pam_limits.so when PAM is used. In - the non-PAM case the nproc limit will remain unlimited but there - doesn't seem to be a way around that other than having sudo parse - /etc/security/limits.conf directly. + * sudo.c, sudoers.pod: + When setting the umask, use the union of the user's umask and the + default value set in sudoers so that we never lower the user's umask + when running a command. + [4e804b004e38] -2008-01-27 16:31 millert + * sudo.c: + Don't try to read from a zero-length sudoers file. Remove the bogus + Solaris work-around for EAGAIN. Since we now use fgetc() it should + not be a problem. + [bb8e5f68d944] - * env.c, sudo.c, sudo.pod: Only read /etc/environment on Linux and - AIX +2008-10-25 Todd C. Miller -2008-01-23 06:33 millert + * parse.c: + In update_defaults() check the return value of user*_matches against + ALLOW so we don't inadvertantly match on UNSPEC. + [4e422fa1527e] - * configure, configure.in: Use SUDO_DEFINE_UNQUOTED instead of - AC_DEFINE_UNQUOTED to prevent ldap.conf and ldap.secret paths - from going into config.h. Avoid single quotes in variable - expansion when using SUDO_DEFINE_UNQUOTED since in some versions - of bash they will end up literally in the resulting define. +2008-10-24 Todd C. Miller -2008-01-21 13:22 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen man pages; no more hyphenation + [15de4fe2fe01] - * README.LDAP: mention --with-nsswitch=no + * sudo.c: + Don't error out on a zero-length sudoers file. With the advent of + #include the user could create a situation where sudo is unusable. + [6eb461319fa5] -2008-01-21 11:43 millert +2008-10-23 Todd C. Miller - * configure, configure.in: ldap_ssl.h depends on ldap.h being - included first + * auth/kerb5.c, config.h.in, configure, configure.in: + Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT + krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at + all. Add configure tests to handle all the cases. + [4b554a98470d] -2008-01-21 11:07 millert +2008-10-08 Todd C. Miller - * configure, configure.in, ldap.c, config.h.in: Include ldap_ssl.h - if we can find it. Needed for the ldapssl_set_strength defines - on HP-UX at least. + * sudo.pod: + resort ENVIRONMENT + [f4f20f40653e] -2008-01-21 10:02 millert + * sudoers.pod: + document sudoers_locale + [0bffd2dbe806] - * TODO, sudoers.ldap.pod: sync + * sudo.pod, sudo_edit.c: + add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL + or EDITOR + [0ef8cb248cee] -2008-01-21 10:01 millert + * toke.c, toke.l: + In fill_cmnd(), collapse any escaped sudo-specific characters. + Allows character classes to be used in pathnames. + [5685244c8e44] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen +2008-10-03 Todd C. Miller -2008-01-21 10:00 millert + * lbuf.c: + fix typo in non-C89 function declaration + [99a7113b3a05] - * Makefile.in: Use 78n line length when formatting cat pages. + * sudoers.pod: + Mention POSIX characters classes now that out fnmatch() and glob() + support them. + [9c916f1230c3] -2008-01-21 09:50 millert + * sample.sudoers, sudoers.pod: + Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is + locale agnostic. + [a60a62bec244] - * README.LDAP: Remove redundant info that is now in - sudoers.ldap.pod + * parse.h: + use __signed char if we are going to assign a negative value since + on Power, char is unsigned by default + [2877b319df17] -2008-01-20 16:18 millert + * config.h.in, configure, configure.in: + Add tests for __signed char and signed char. + [5eb874fdf1d4] - * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: - Reorganize the first section a bit. Substitute the proper path - for /etc/sudoers. + * aix.c: + Fix AIX limit setting. getuserattr() returns values in disk blocks + rather than bytes. The default hard stack size in newer AIX is + RLIM_SAVED_MAX. From Dale King. + [3db67415ecc3] -2008-01-20 10:17 millert +2008-09-26 Todd C. Miller - * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: - Substitute values for ldap.conf, ldap.secret and nsswitch.conf - Move schema into EXAMPLES + * emul/charclass.h, fnmatch.c, glob.c: + Add character class support to included glob(3) and fnmatch(3). + [6b5b4ad77899] -2008-01-20 10:15 millert +2008-09-16 Todd C. Miller - * configure.in, configure: Substitute values for ldap.conf, - ldap.secret and nsswitch.conf into sudoers.ldap.man. + * emul/fnmatch.h: + Remove UCB advertising clause and some compatibility defines. + [2ade7bee74e1] -2008-01-19 20:35 millert +2008-09-14 Todd C. Miller - * configure, configure.in: substitute for sudoers.ldap.man + * sudo_edit.c: + Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself + or sudo. This allows one to set EDITOR to sudoedit without getting + into an infinite loop of sudoedit running itself until the path gets + too big. + [aa49ab68f82d] -2008-01-19 20:34 millert + * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c: + Add sudoers_locale Defaults option to override the default sudoers + locale of "C". + [0639886a35bf] - * Makefile.in: Fix cut & pasto introduced when adding sudoers.ldap - man page. +2008-09-13 Todd C. Miller -2008-01-19 20:25 millert + * sudo.c: + Set locale to system default except for during sudoers parse. + [016dd2736728] - * sudoers.ldap.pod, sudoers.ldap.cat, sudoers.ldap.man.in: Fill in - some of the missing pieces. Still needs some reorganization and - editing. +2008-09-12 Todd C. Miller -2008-01-19 15:06 millert + * match.c: + Redo change in 1.34 to use pointer arithmetic. + [f9e7b63bb450] - * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in, - sudoers.ldap.pod: Beginnings of a sudoers.ldap man page. - Currently, much of the information is adapted from README.LDAP. +2008-09-11 Todd C. Miller -2008-01-18 17:32 millert + * match.c: + Fix a dereference (read) of a freed pointer. Reported by Patrick + Williams. + [69877b633753] - * pwutil.c: When copying gr_mem we must guarantee that the storage - space for gr_mem is properly aligned. The simplest way to do - this is to simply store gr_mem directly after struct group. This - is not a problem for gr_passwd or gr_name as they are simple - strings. +2008-08-23 Todd C. Miller -2008-01-18 16:47 millert + * sudo.c: + Set locale to "C" to avoid interpretation issues with character + ranges in sudoers. May want to make the locale a sudoers option in + the future. + [098a95de1746] - * ldap.c: Fix a typo/thinko in one of the calls to - sudo_ldap_check_user_netgroup(). From Marco van Wieringen. +2008-08-20 Todd C. Miller -2008-01-17 15:44 millert + * config.h.in: + we no longer use setproctitle + [c7f20fb747ea] - * config.h.in, configure, configure.in, ldap.c: include - in ldap.c if available + * sudo.h: + remove #if 1 + [a368ee6816c6] -2008-01-16 18:20 millert + * LICENSE, mkstemp.c: + Use my replacement mkstemp() from the mktemp package. + [d07c2beb0f9e] - * gram.c, gram.y: Make sure we define SIZE_MAX for yacc's - skeleton.c +2008-07-12 Todd C. Miller -2008-01-16 13:03 millert + * gram.c: + regen with yacc skeleton bug fixed + [24784571cbb8] - * tgetpass.c: Use TCSAFLUSH when restoring terminal settings (and - echo) to guarantee that any pending output is discarded + * sudoers.pod: + Remove duplicate "as root". From Martin Toft. + [97241acfee5e] -2008-01-15 17:18 millert +2008-07-02 Todd C. Miller - * sudoers: no longer need to specify SETENV when user has sudo ALL + * pwutil.c, sudo.c, sudo.h, testsudoers.c: + Flesh out the fake passwd entry used for running commands as a uid + not listed in the passwd database. Fixes an issue with some PAM + modules. + [a6648227f3f2] -2008-01-15 09:40 millert +2008-07-01 Todd C. Miller - * testsudoers.c: sync user_args size calculation with sudo.c Add -g - group option, renaming old -g to -G Add set_runasgr() and - set_runaspw() and use them + * sudo.c: + Error out in -i mode if the user has no shell. This can happen when + running commands as a uid with no password entry. + [0c174bef36ff] -2008-01-15 09:23 millert +2008-06-26 Todd C. Miller - * sudo.h, sudo.c: Make set_runaspw static void + * toke.c, toke.l: + Better fix for line continuation inside double quotes. Now accepts + whitespace between the backslash and the newline like the main + lexer. + [64efcdf86d31] -2008-01-15 09:17 millert +2008-06-25 Todd C. Miller - * testsudoers.c, visudo.c: g/c set_runaspw stub + * toke.c, toke.l: + Fix line continuation in strings. It was only being honored if + preceded by whitespace. + [96c21271a3e4] -2008-01-15 07:28 millert +2008-06-22 Todd C. Miller - * configure, configure.in: Don't add -llber twice. + * config.h.in, configure, configure.in, logging.c: + Replace the double fork with a fork + daemonize. + [328505441e67] -2008-01-14 06:40 millert +2008-06-21 Todd C. Miller - * ldap.c: fix typo + * env.c, sudo.c: + The -i flag should imply env_reset. This got broken in sudo 1.6.9. + [3caedfeaec87] -2008-01-13 15:39 millert + * logging.c, sudo.c, sudo_edit.c, visudo.c: + Change how the mailer is waited for. Instead of having a SIGCHLD + handler, use the double fork trick to orphan the child that opens + the pipe to sendmail. Fixes a problem running su on some Linux + distros. + [b59ce60a393d] - * gram.c: regen +2008-06-20 Todd C. Miller -2008-01-13 14:57 millert + * configure, configure.in: + Fix configure test for dirfd() on Linux where DIR is opaque. + [b8f729cdfecc] - * configure, configure.in: Fix check that determines whether -llber - is required. +2008-06-17 Todd C. Miller -2008-01-13 14:22 millert + * tgetpass.c: + Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has + this problem we'll need to revisit this again. + [c17fee8ad530] - * config.h.in, configure, configure.in, README.LDAP, ldap.c: For - netscape-based LDAP, use ldapssl_set_strength() to implement the - checkpeer ldap.conf option. +2008-06-11 Todd C. Miller -2008-01-13 09:49 millert + * logging.c: + Ignore SIGPIPE instead of blocking it when piping to the mailer. If + we only block the signal it may be delivered later when we unblock. + Also, there is no need to block SIGCHLD since we no longer do the + double fork. The normal SIGCHLD handler is sufficient. + [e94a49e992e5] - * auth/kerb5.c: Delay krb5_cc_initialize() until we actually need - to use the cred cache, which is what krb5_verify_user() does. - Better cleanup on failure. +2008-06-08 Todd C. Miller -2008-01-12 12:40 millert + * configure, configure.in: + Add description for NO_PAM_SESSION, from a redhat patch. + [b9e4c939ec09] - * auth/kerb5.c: Rewrite verify_krb_v5_tgt() based on what heimdal's - krb5_verify_user() does. +2008-06-06 Todd C. Miller -2008-01-09 14:58 millert + * sudo.cat, sudo.man.in, sudo.pod: + Fix typos in -i usage + [2d7ce5de0235] - * gram.c: The U suffix on constants is an ANSI feature +2008-05-18 Todd C. Miller -2008-01-09 12:08 millert + * configure, configure.in: + Redo the test for dgettext() in a way that hopefully will work + around the libintl_dgettext() undefined problem. + [d27beb0cf85e] - * configure.in, configure: Add check for ber_set_option() in -llber +2008-05-11 Todd C. Miller -2008-01-06 19:02 millert + * schema.ActiveDirectory: + change filename in comment + [733da4ee9ac5] - * README.LDAP: default if no nsswitch.conf is files only +2008-05-10 Todd C. Miller -2008-01-06 17:28 millert + * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in, + sudoers.ldap.pod: + Reference schema.ActiveDirectory + [d6aec537800e] - * README.LDAP: don't tell people to mail aaron about LDAP stuff +2008-05-09 Todd C. Miller -2008-01-06 12:32 millert + * schema.OpenLDAP, schema.iPlanet: + Mark sudoRunAs as deprecated. + [00c50df807af] - * README.LDAP: timelimit and bind_timelimit + * schema.ActiveDirectory: + add sudoRunAsUser and sudoRunAsGroup + [19bcce6f72fb] -2008-01-06 08:54 millert + * schema.ActiveDirectory: + Active Directory schema by Chantal Paradis and Eric Paquet + [06a09c92c6a5] - * ChangeLog: sync +2008-05-08 Todd C. Miller -2008-01-06 07:56 millert + * parse.c: + remove an XXX that was fixed + [b88038062fa2] - * ldap.c: Move ldap.secret reading into a separate function. + * ChangeLog: + sync + [8fc27c17270e] -2008-01-05 19:09 millert + * parse.c: + Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This + fixes a problem where the tag value printed was influenced by + defaults set in the first pass through the parser. + [588ccd630367] - * check.c: user_runas -> runas_pw +2008-05-04 Todd C. Miller -2008-01-05 18:59 millert + * Makefile.in, sudo.psf: + No point in packaging the TODO file + [9590248fffe1] - * TODO: sync + * ChangeLog: + sync + [152acf4c6813] -2008-01-05 18:59 millert +2008-05-03 Todd C. Miller - * check.c, sudo.pod, sudoers.pod: Add and document the %p escape in - the password prompt. Based on a patch from Patrick Schoenfeld. + * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c, + sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod: + Add env_file Defaults option that is similar to /etc/environment on + some systems. + [1daf53d51e18] -2008-01-05 18:25 millert +2008-05-02 Todd C. Miller - * ldap.c: Check strlcpy() return values. + * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in, + sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, + version.h, visudo.cat, visudo.man.in: + change version to 1.7.0 + [d41d126b9bd8] -2008-01-05 18:12 millert + * UPGRADE: + initial valgrind pass done + [c59c3876d8ca] - * ldap.c: refactor ldap binding code into sudo_ldap_bind_s() +2008-04-23 Todd C. Miller -2008-01-05 16:35 millert + * ldap.c: + Fix typo/think in sudo_ldap_read_secret() when storing the secret. + [830d246c09b0] - * README.LDAP: Make it clear that host and uri can take multiple - parameters. URI is now supported for more than just openldap - nsswitch.conf does't accept "compat" +2008-04-11 Todd C. Miller -2008-01-05 16:27 millert + * ldap.c: + define LDAPS_PORT if the system headers do not + [247b12325701] - * sudo.c: comment cleanup and update (c) year +2008-04-10 Todd C. Miller -2008-01-05 16:25 millert + * gram.c, gram.y: + Fix another memory leak in init_parser(). + [7bba47deba11] - * parse.c, sudo_nss.c: Move display_privs() and display_cmnd() from - parse.c to sudo_nss.c. This should make it possible to build an - LDAP-only sudo binary. + * configure, configure.in: + There was a missing space before the ldap libs in SUDO_LIBS for some + configurations. + [7524cfc93759] -2008-01-05 13:27 millert + * alias.c, gram.c, gram.y, toke.c, toke.l: + Clean up some memory leaks pointed out by valgrind. + [a965866ece1a] - * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h: Improve chaining of - multiple sudoers sources by passing in the previous return value - to the next in the chain +2008-04-07 Todd C. Miller -2008-01-05 13:26 millert + * sudo.c: + fix "sudo -s" broken by mode/flags breakout + [acffe984d408] - * gram.y: Free up parser data structures in sudo_file_close(). + * configure, configure.in: + remove duplicate check for dgettext + [58145529133c] -2008-01-05 08:13 millert +2008-04-05 Todd C. Miller - * gram.c, parse.c: Free up parser data structures in - sudo_file_close(). + * aix.c: + Fall back to default stanza if no user-specific limit is found. + [7b8cb29123ee] -2008-01-05 07:59 millert +2008-04-02 Todd C. Miller - * ldap.c: Parse uri ourself if no ldap_initialize() is present Use - ldap_create() instead of deprecated ldap_init() Use - ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s() + * snprintf.c: + include stdint.h if present + [f0ec38529306] -2008-01-05 07:56 millert + * snprintf.c: + Use LLONG_MAX, not the old QUAD_MAX + [01041ce508fb] - * config.h.in, configure, configure.in: Add check for - ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from CFLAGS +2008-04-01 Todd C. Miller -2008-01-04 09:56 millert + * sudoers.ldap.pod: + fix cut and pasto + [34240fdef5ab] - * configure.in, configure, config.h.in: add check for ldap_create +2008-03-31 Todd C. Miller -2008-01-03 16:11 millert + * pwutil.c: + Add #ifdef PURITY + [ce1b571ad526] - * config.h.in, configure, configure.in, ldap.c: Add - sudo_ldap_get_first_rdn() to return the first rdn of an entry's - dn using the mechanism appropriate for the LDAP SDK in use. Use - ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). - Emulate ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's - without them. +2008-03-30 Todd C. Miller -2008-01-03 16:02 millert + * auth/bsdauth.c: + remove useless cast + [494f8a862e1d] - * lbuf.c: include unistd.h +2008-03-27 Todd C. Miller -2008-01-03 11:05 millert + * ChangeLog: + sync + [f5c97ffaabcc] - * config.h.in, configure.in: fix typo in mtim_getnsec + * TODO: + sync + [96ff1c44c182] -2008-01-02 15:29 millert + * sudo.h: + Split MODE_* defines into primary and flags. + [c02ee3027cb9] - * config.h.in, configure.in, configure: add check for st__tim in - struct stat as used by SCO +2008-03-26 Todd C. Miller -2008-01-02 11:05 millert + * aix.c: + It turns out the logic for getting AIX limits is more convoluted + than I realized and differs depending on whether the soft and/or + hard limits are defined. + [cf8d3f85d395] - * ldap.c: use ldap_search_ext_s instead of deprecated ldap_search_s +2008-03-23 Todd C. Miller -2008-01-02 10:09 millert + * Makefile.in, configure, configure.in: + Back out AIX-specific change to set the sudo_noexec path to the .a + file, we do really want to use the .so file. Since libtool doesn't + do that correctly, just install the .so file ourselves in the + Makefile. + [05c6f33177d9] - * Makefile.in, TODO, sudo.cat, sudo.man.in: add sudo_nss.h to HDRS + * install-sh: + If the file given to install is a path, only use the basename of the + file when building the destination path. + [695ba4e429ce] -2008-01-01 19:04 millert +2008-03-18 Todd C. Miller - * ldap.c: Replace deprecated ldap_explode_dn() with calls to - ldap_str2dn() and ldap_rdn2str(). + * sudo.c: + parse_args() cleanup: Sort command line options in the getopt() + switch The -U option requires a parameter Normalize a few ISSET + calls Split mode into mode and flags and retire the now-obsolete + excl variable + [0d156835f861] -2008-01-01 18:37 millert + * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, + sudo_usage.h.in: + Add -n (non-interactive) flag. + [e3e50400d32d] - * ldap.c: Use ldap_get_values_len()/ldap_value_free_len() instead - of the deprecated ldap_get_values()/ldap_value_free(). + * sudo.c: + Move version printing, etc. into a separate function. + [18c91b476e2c] -2008-01-01 17:07 millert + * sudo.c: + Don't try to cleanup nsswitch if it has not been initialized. + [aeb1ca1b399d] - * TODO, ChangeLog: sync +2008-03-17 Todd C. Miller -2008-01-01 17:06 millert + * logging.c: + Block SIGPIPE in send_mail() so sudo is not killed by a problem + executing the mailer. + [f130e7924cca] - * gettime.c, sudo.c: Remove some already fixed XXXs +2008-03-14 Todd C. Miller -2008-01-01 17:03 millert + * configure, configure.in: + AIX shared libs end in .a, not .so. + [a5deb07020d8] - * ldap.c: Same return value as non-existent sudoers if LDAP was - unable to connect. +2008-03-13 Todd C. Miller -2008-01-01 16:52 millert + * env.c: + Preserve HOME by default too. Matches documentation and previous + behavior. + [c16f17f1047c] - * sudo.pod: mention /etc/environment +2008-03-12 Todd C. Miller -2008-01-01 16:42 millert + * sudo.c: + Use getopt() to parse the command line. We need to be able to + intersperse env variables and options yet still honor "--"" which + complicates things slightly. + [60f271ce5c16] - * UPGRADE, WHATSNEW, README.LDAP: Update to reflect recent - developments. +2008-03-06 Todd C. Miller -2008-01-01 16:42 millert + * ChangeLog: + sync + [685e67964eda] - * sudo.c: Print nsswitch.conf, ldap.conf and ldap.secret paths in - -V output. + * acsite.m4, configure, ltmain.sh: + update to libtool-1.5.26 + [4c9a8c3d3b40] -2008-01-01 16:25 millert + * config.guess, config.sub: + update from libtool-1.5.26 distribution + [c6641aef2527] - * ldap.c: When building up a query don't list groups in the aux - group vector that are the same as the passwd file group. On most - systems the first gid in the group vector is the same as the - passwd entry gid. + * aix.c, sudo.h: + attempt to fix compilation errors on AIX + [edb13e5b2184] -2008-01-01 14:01 millert + * Makefile.in: + fix typo in last commit + [25ba7f7ceae4] - * env.c, ldap.c: Define LDAPNOINIT before calling ldap_init(), etc. - to disable user ldaprc and system defaults that could affect how - LDAP works. + * Makefile.in: + Add WHATSNEW file to the distribution + [213f4115de8f] -2008-01-01 13:21 millert + * visudo.c: + use warningx instead of fprintf(stderr, ...) + [a3494b8ccb19] - * INSTALL, configure, configure.in, pathnames.h.in, sudo.c, - sudo_nss.c, sudo_nss.h: Rename read_nss -> sudo_read_nss Add - --with-nsswitch to allow users to specify nsswitch.conf path or - disable it. If --with-nsswitch=no but --with-ldap, order is - LDAP, then sudoers. Fix --with-ldap-conf-file and - --with-ldap-secret-file + * list.c: + add DEBUG to list2tq + [115d24a3000c] -2008-01-01 13:12 millert + * ChangeLog, TODO: + sync + [60e6f4d1fac0] - * parse.c: Honor def_ignore_local_sudoers + * WHATSNEW: + mention mailfrom + [e2498f9e18d6] -2007-12-31 16:44 millert + * Makefile.in, aix.c, config.h.in, configure, configure.in, + set_perms.c, sudo.h: + Add aix_setlimits() to set resource limits on AIX using a + combination of getuserattr() and setrlimit(). Currently untested. + [9b1441fd89ca] - * ldap.c: no longer need to check def_ignore_local_sudoers here +2008-03-05 Todd C. Miller -2007-12-31 16:36 millert + * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat, + sudoers.man.in, sudoers.pod: + Add mailfrom Defaults option that sets the value of the From: field + in the warning/error mail. If unset the login name of the invoking + user is used. + [029b9f05d3d9] + + * defaults.c: + store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable + [a90e407d5e00] + + * gram.c, gram.y: + When adding a default, only call list2tq() once to do the list to tq + conversion. It is not legal to call list2tq multiple times on the + same list since list2tq consumes and modifies the list argument. + [fbc25d245c4a] - * parse.c: Refactor group vector resetting into a function and also - call it from display_cmnd. Stop after the first sucessful match - in display_cmnd. Print a newline between each display_privs - method. + * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: + comment out XXXs for now + [595a1d43309d] -2007-12-31 16:23 millert + * WHATSNEW: + mention askpass + [b993e0837c22] - * parse.c: fix double free introduced in rev 1.218 +2008-03-04 Todd C. Miller -2007-12-31 16:10 millert + * sudo.c: + Error out if both -A and -S are specified Error out if -A is + specified but no askpass is configured + [24f1df2638f6] - * ldap.c: belt and suspenders; zero out result after freeing it + * configure, configure.in: + we are not going to ship a sudo-specific askpass + [61949e7a3943] -2007-12-31 15:04 millert +2008-03-03 Todd C. Miller - * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c: Refactor line - reading into a separate function, sudo_parseln(), which removes - comments, leading/trailing whitespace and newlines. May want to - rethink the use of sudo_parseln() for /etc/ldap.secret + * sudo.h: + fix definition of TGP_ASKPASS + [0447c57ba4c3] -2007-12-31 14:26 millert + * def_data.c, def_data.in: + make askpass boolean-capable + [e0885893a325] - * parse.c, sudo.c: Make the inability to read the sudoers file a - non-fatal error if there are other sudoers sources available. - sudoers_file_lookup now returns "not OK" if sudoers was not - present + * INSTALL: + document --with-askpass + [c76e15ba97cf] -2007-12-31 14:24 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.man.in, visudo.cat: + regen + [8d16242980b7] - * ldap.c: make it clear that the global options are from LDAP +2008-03-02 Todd C. Miller -2007-12-31 14:13 millert + * sudo.pod, sudo_usage.h.in, sudoers.pod: + document -A and askpass + [02c07505a78c] - * logging.c: allocate proper amount of space for error string + * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c, + def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h, + sudo_usage.h.in, tgetpass.c: + Add support for running a helper program to read the password when + no tty is present (or when specified with the -A flag). TODO: docs. + [05780f5f71fd] -2007-12-31 10:24 millert + * def_data.c, def_data.in: + add missing printf format to SELinux role and type strings + [2b32774715e7] - * sudo_nss.c, sudo_nss.h: actual sudo nss code +2008-02-27 Todd C. Miller -2007-12-31 10:08 millert + * INSTALL, configure, configure.in: + Disable use of gss_krb5_ccache_name() by default and add + --enable-gss-krb5-ccache-name configure option to enable it. It + seems that gss_krb5_ccache_name() doesn't work properly with some + combinations of Heimdal and OpenLDAP. + [f61ebd3b19bd] - * ldap.c, parse.c, sudo.c, sudo.h: nss-ify display_privs and - display_cmnd. +2008-02-22 Todd C. Miller -2007-12-31 07:54 millert + * selinux.c: + Ignore setexeccon() failing in permissive mode. Also add a call to + setkeycreatecon() (though this is probably insufficient). From Dan + Walsh. + [52564fc1c069] - * defaults.c, parse.c, testsudoers.c, visudo.c: move - update_defaults() to parse.c + * auth/pam.c: + Only set std_prompt for the PAM_PROMPT_* cases. The conversation + function may be called for non-password reading purposes so we must + be careful not to use def_prompt in cases where it may not be set. + [29d88ca575ba] -2007-12-31 07:39 millert +2008-02-20 Todd C. Miller - * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h: - Use nsswitch to hide some sudoers vs. ldap implementation details - and reduce the number of #ifdef LDAP TODO: fix display routines - and error handling + * selinux.c: + Don't free the new tty context, we need to keep it around when we + restore the tty context after the command completes + [5b4bd39b6ea8] -2007-12-28 11:20 millert +2008-02-19 Todd C. Miller - * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h: - First cut at nsswitch.conf support. Further reorganizaton and - related changes are forthcoming. + * selinux.c: + s/newrole/sudo/ + [21b8a96ff8df] -2007-12-21 16:53 millert + * sudo.man.pl, sudo.pod: + Only put login_cap(3) in SEE ALSO section if we have login.conf + support + [05250ddff2c0] - * env.c, pathnames.h.in, sudo.c, sudo.h: Add support for reading - and /etc/environment file. Still needs to be documented and - should probably only applies to OSes that have it (AIX and Linux, - maybe others). +2008-02-18 Todd C. Miller -2007-12-21 16:20 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen + [301e5c5ccdbe] + + * sudoers.pod: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [c1c98fa163ce] + + * sudoers.man.pl: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [6c88f30b878a] + + * sudo.pod: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [acdbdfd24e1d] + + * sudo.man.pl: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [0c56d4750ac3] + + * Makefile.in, configure, configure.in: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [9a02bd6a6658] - * ldap.c: include limits.h + * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod: + Remove the =cut on the first line (above the copyright notice) to + quiet pod2man. Also remove the hackery in the FILES section and + just deal with the fact that there will a newline between each + pathname. + [2ac1ab191835] -2007-12-20 10:02 millert +2008-02-17 Todd C. Miller - * WHATSNEW: reword LDAP SASL + * Makefile.in: + run sudo.man.pl when generating sudo.man.in + [859727369168] -2007-12-19 16:40 millert + * configure, configure.in, sudo.man.pl: + comment out SELinux manual bits unless --with-selinux was specified + [97ff4212b649] - * TODO: sync + * sudoers.pod: + document role and type defaults for SELinux + [870f303366b3] -2007-12-19 16:39 millert + * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in: + Document "sudo -ll" and make "sudo -l -l" be equivalent. + [3ce6dc429ea3] + +2008-02-15 Todd C. Miller + + * configure, configure.in: + Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on + Debian GNU/kFreeBSD. + [c4efa567a328] + +2008-02-13 Todd C. Miller + + * auth/kerb5.c: + Avoid Heimdal'isms introduced in the rev 1.32 rewrite of + verify_krb_v5_tgt() + [f80538e5a6fa] + + * logging.c, logging.h, sudo.c: + Remove dependence on VALIDATE_NOT_OK in logging functions. Split + log_auth() into log_allowed() and log_denial() Replace mail_auth() + with should_mail() and a call to send_mail() + [58aac9997557] + +2008-02-10 Todd C. Miller + + * ldap.c: + Add debugging so we can tell if the krb5 ccache is accessible + [c679322527bb] + + * INSTALL: + mention --with-selinux + [9efbe0b52194] + +2008-02-09 Todd C. Miller + + * configure: + regen + [467a834f867c] + + * selinux.c: + add Sudo tag + [d004ee669bed] + + * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in, + sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, + testsudoers.c, toke.c, toke.l: + Add support for SELinux RBAC. Sudoers entries may specify a role + and type. There are also role and type defaults that may be used. + To make sure a transition occurs, when using RBAC commands are + executed via the new sesh binary. Based on initial changes from Dan + Walsh. + [1d4abfe2c004] + + * sesh.c: + Add support for SELinux RBAC. Sudoers entries may specify a role + and type. There are also role and type defaults that may be used. + To make sure a transition occurs, when using RBAC commands are + executed via the new sesh binary. Based on initial changes from Dan + Walsh. + [1e3b395ce049] - * README.LDAP: Add an example sudoRole, clarify netscape vs. - openldap a bit more + * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h, + def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h, + pathnames.h.in, selinux.c: + Add support for SELinux RBAC. Sudoers entries may specify a role + and type. There are also role and type defaults that may be used. + To make sure a transition occurs, when using RBAC commands are + executed via the new sesh binary. Based on initial changes from Dan + Walsh. + [6b421948286e] + +2008-02-08 Todd C. Miller + + * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c: + Add long list (sudo -ll) support for printing verbose LDAP and + sudoers file entries. Still need to update manual. + [2875be37935c] + +2008-02-03 Todd C. Miller + + * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h: + Unify the -l output for file and ldap based sudoers and use lbufs + for both. The ldap output does not currently include options that + cannot be represented as tags. This will be remedied in a long list + output mode to come. + [b2e429456596] + +2008-01-27 Todd C. Miller + + * set_perms.c: + Use a specific error message for errno == EAGAIN when setuid() et al + fails. On Linux systems setuid() will fail with errno set to EAGAIN + if changing to the new uid would result in a resource limit + violation. + [08d0aecd9f03] + + * sudo.c: + Unlimit nproc on Linux systems where calling the setuid() family of + syscalls causes the nroc resource limit to be checked. The limits + will be reset by pam_limits.so when PAM is used. In the non-PAM + case the nproc limit will remain unlimited but there doesn't seem to + be a way around that other than having sudo parse + /etc/security/limits.conf directly. + [df024b415a8d] + + * env.c, sudo.c, sudo.pod: + Only read /etc/environment on Linux and AIX + [90669e2aefdb] + +2008-01-23 Todd C. Miller + + * configure, configure.in: + Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent + ldap.conf and ldap.secret paths from going into config.h. Avoid + single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED + since in some versions of bash they will end up literally in the + resulting define. + [25390f3ef10a] + +2008-01-21 Todd C. Miller + + * README.LDAP: + mention --with-nsswitch=no + [c509df927263] + + * configure, configure.in: + ldap_ssl.h depends on ldap.h being included first + [d96d90e9b21f] + + * config.h.in, configure, configure.in, ldap.c: + Include ldap_ssl.h if we can find it. Needed for the + ldapssl_set_strength defines on HP-UX at least. + [9e530470948a] + + * sudoers.ldap.pod: + sync + [b9d101f4673a] + + * TODO: + sync + [2ce951b2ecd0] -2007-12-19 14:42 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen + [b61d793987e0] - * README.LDAP: Be clear on what is OpenLDAP vs. Netscape-derived + * Makefile.in: + Use 78n line length when formatting cat pages. + [761bee9d5759] -2007-12-19 14:28 millert + * README.LDAP: + Remove redundant info that is now in sudoers.ldap.pod + [01828dcce59e] - * config.h.in, configure, configure.in, ldap.c: Use ldapssl_init() - for ldaps support instead of trying to do it manually with - ldap_init() + ldapssl_install_routines(). Use tls_cert and - tls_key for cert7.db and key3.db respectively. Don't print - debugging info for options that are not set. Add warning if - start_tls specified when not supported. +2008-01-20 Todd C. Miller -2007-12-19 14:25 millert + * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: + Reorganize the first section a bit. Substitute the proper path for + /etc/sudoers. + [11ae165e065d] - * ldap.c: fix compilation on solaris + * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: + Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move + schema into EXAMPLES + [ab6509d1dde7] -2007-12-19 14:23 millert + * configure, configure.in: + Substitute values for ldap.conf, ldap.secret and nsswitch.conf into + sudoers.ldap.man. + [6e689972f465] - * Makefile.in: add missing .h and .c files for missing lib objs + * configure, configure.in: + substitute for sudoers.ldap.man + [5a4a25766dee] -2007-12-18 09:54 millert + * Makefile.in: + Fix cut & pasto introduced when adding sudoers.ldap man page. + [a7b069af8894] - * ldap.c: fix LDAP_OPT_NETWORK_TIMEOUT setting + * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: + Fill in some of the missing pieces. Still needs some reorganization + and editing. + [5e7331722166] -2007-12-17 20:10 millert +2008-01-19 Todd C. Miller - * ldap.c: fix compilation on Solaris + * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in, + sudoers.ldap.pod: + Beginnings of a sudoers.ldap man page. Currently, much of the + information is adapted from README.LDAP. + [aad28c8a922d] -2007-12-17 10:14 millert +2008-01-18 Todd C. Miller - * configure, configure.in: fix typo + * pwutil.c: + When copying gr_mem we must guarantee that the storage space for + gr_mem is properly aligned. The simplest way to do this is to + simply store gr_mem directly after struct group. This is not a + problem for gr_passwd or gr_name as they are simple strings. + [af58fc76f1ed] -2007-12-17 08:08 millert + * ldap.c: + Fix a typo/thinko in one of the calls to + sudo_ldap_check_user_netgroup(). From Marco van Wieringen. + [70b2eb8097f5] - * README.LDAP: try to clear up which variables are for OpenLDAP and - which are for netscape-derived SDKs +2008-01-17 Todd C. Miller -2007-12-17 07:31 millert + * config.h.in, configure, configure.in, ldap.c: + include in ldap.c if available + [34346206ef16] - * config.h.in, configure, configure.in, ldap.c: Add support for - "ssl on" in both netscape and openldap flavors. Only the - OpenLDAP flavor has been tested. +2008-01-16 Todd C. Miller -2007-12-17 07:28 millert + * gram.c, gram.y: + Make sure we define SIZE_MAX for yacc's skeleton.c + [d8a45c7a3c42] - * logging.c, sudo.c, sudo.h: Call cleanup() before exit in - log_error() instead of calling sudo_ldap_close() directly. - ldap_conn can now be static to sudo.c + * tgetpass.c: + Use TCSAFLUSH when restoring terminal settings (and echo) to + guarantee that any pending output is discarded + [549a184479e5] -2007-12-16 20:02 millert +2008-01-15 Todd C. Miller - * sudo.c: ld -> ldap_conn + * sudoers: + no longer need to specify SETENV when user has sudo ALL + [3051b41f8032] -2007-12-16 14:42 millert + * testsudoers.c: + sync user_args size calculation with sudo.c Add -g group option, + renaming old -g to -G Add set_runasgr() and set_runaspw() and use + them + [0850325180f0] - * logging.c, sudo.c, sudo.h: Better ldap cleanup. + * sudo.c, sudo.h: + Make set_runaspw static void + [5d44d7a340ce] -2007-12-16 14:08 millert + * testsudoers.c, visudo.c: + g/c set_runaspw stub + [79ebb5e2cc38] - * ldap.c: Distinguish between LDAP conf settings that are - connection-specific (which take an ld pointer) and those that are - default settings (which do not). + * configure, configure.in: + Don't add -llber twice. + [4356d302eef4] -2007-12-14 16:46 millert +2008-01-14 Todd C. Miller - * ldap.c: Improved warnings on error. + * ldap.c: + fix typo + [249cecc557e9] -2007-12-14 15:59 millert +2008-01-13 Todd C. Miller - * ldap.c: Make ldap config table driven and set the config *after* - we open the connection. + * gram.c: + regen + [2f94ea375b67] -2007-12-13 16:41 millert + * configure, configure.in: + Fix check that determines whether -llber is required. + [6afa99523379] - * ldap.c: fix LDAP_OPT_X_CONNECT_TIMEOUT compat define + * README.LDAP, config.h.in, configure, configure.in, ldap.c: + For netscape-based LDAP, use ldapssl_set_strength() to implement the + checkpeer ldap.conf option. + [16ae24d73795] -2007-12-13 09:13 millert + * auth/kerb5.c: + Delay krb5_cc_initialize() until we actually need to use the cred + cache, which is what krb5_verify_user() does. Better cleanup on + failure. + [d12e5f1695b8] - * configure, configure.in: some operating systems need to link with - -lkrb5support when using krb5 +2008-01-12 Todd C. Miller -2007-12-10 17:12 millert + * auth/kerb5.c: + Rewrite verify_krb_v5_tgt() based on what heimdal's + krb5_verify_user() does. + [05b5815f86c9] - * WHATSNEW: minor update +2008-01-09 Todd C. Miller -2007-12-10 10:56 millert + * gram.c: + The U suffix on constants is an ANSI feature + [c6dfce3167f1] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen + * configure, configure.in: + Add check for ber_set_option() in -llber + [43d0c0566074] -2007-12-07 19:17 millert +2008-01-07 Todd C. Miller - * TODO, ChangeLog: sync + * README.LDAP: + default if no nsswitch.conf is files only + [c13001d9c998] -2007-12-07 19:09 millert +2008-01-06 Todd C. Miller - * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif: add -g - support for LDAP + * README.LDAP: + don't tell people to mail aaron about LDAP stuff + [8165ec1ef0c6] -2007-12-03 11:36 millert + * README.LDAP: + timelimit and bind_timelimit + [44f74cbed167] - * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in: The -i and -s flags - can now take an optional command. + * ChangeLog: + sync + [aba1a0ab02bd] -2007-12-02 12:13 millert + * ldap.c: + Move ldap.secret reading into a separate function. + [1948acc9f7a4] - * def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod, - sudoers.pod, auth/pam.c: Add passprompt_override flag to sudoers - that will cause the prompt to be overridden in all cases. This - flag is also set when the user specifies the -p flag. + * check.c: + user_runas -> runas_pw + [334490fc2bae] -2007-12-01 19:51 millert +2008-01-05 Todd C. Miller - * sudo.c: Move setting of login class until after sudoers has been - parsed. Set NewArgv[0] for -i after runas_pw has been set. + * TODO: + sync + [c7b165cc47c6] -2007-12-01 19:34 millert + * check.c, sudo.pod, sudoers.pod: + Add and document the %p escape in the password prompt. Based on a + patch from Patrick Schoenfeld. + [3972d4f31ffa] - * configure, configure.in: Move the dgettext check. + * ldap.c: + Check strlcpy() return values. + [9b42f3ae8ff1] -2007-12-01 11:22 millert + * ldap.c: + refactor ldap binding code into sudo_ldap_bind_s() + [cb0c66a4d955] - * config.h.in, configure, configure.in, auth/pam.c: Add basic - support for looking up the string "Password: " in the PAM - localized text db. This allows us to determine whether the PAM - prompt is the default "Password: " one even if it has been - localized. + * README.LDAP: + Make it clear that host and uri can take multiple parameters. URI is + now supported for more than just openldap nsswitch.conf does't + accept "compat" + [f610dea656d6] - TODO: concatenate non-std PAM prompts and user-specified sudo - prompts. + * sudo.c: + comment cleanup and update (c) year + [6cd69c810ca5] -2007-11-27 18:40 millert + * parse.c, sudo_nss.c: + Move display_privs() and display_cmnd() from parse.c to sudo_nss.c. + This should make it possible to build an LDAP-only sudo binary. + [61c3f27066a0] - * Makefile.in, config.h.in, configure.in, parse.c, set_perms.c, - sudo.c, configure, sudo.h: Use AC_FUNC_GETGROUPS instead of a - home-grown attempt that was insufficient. + * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h: + Improve chaining of multiple sudoers sources by passing in the + previous return value to the next in the chain + [2c0b722b1b2d] -2007-11-27 12:13 millert + * gram.y: + Free up parser data structures in sudo_file_close(). + [2251531d4519] - * configure, acsite.m4, interfaces.c, memrchr.c: Fix typos; - Martynas Venckus + * gram.c, parse.c: + Free up parser data structures in sudo_file_close(). + [8371f130f401] -2007-11-25 19:26 millert + * ldap.c: + Parse uri ourself if no ldap_initialize() is present Use + ldap_create() instead of deprecated ldap_init() Use + ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s() + [85d3825b1953] - * set_perms.c: Don't assume runas_pw is set; it may not be in the - -g case. + * config.h.in, configure, configure.in: + Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from + CFLAGS + [240524512bc5] -2007-11-25 08:07 millert +2008-01-04 Todd C. Miller - * logging.c, set_perms.c: Set aux group vector for PERM_RUNAS and - restore group vector for PERM_ROOT if we previously changed it. - Stash the runas group vector so we don't have to call initgroups - more than once. Also add no-op check to check_perms. + * config.h.in, configure, configure.in: + add check for ldap_create + [3089badd73b8] -2007-11-21 15:11 millert +2008-01-03 Todd C. Miller - * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, - gram.y, ldap.c, logging.c, match.c, mon_systrace.c, parse.c, - parse.h, pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, - sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.cat, - sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, visudo.c, - visudo.cat, visudo.man.in: Add support for runas groups. This - allows the user to run a command with a different effective - group. If the -g option is specified without -u the command will - be run as the current user (only the group will change). the -g - and -u options may be used together. TODO: implement runas group - for ldap improve runas group documentation add - testsudoers support + * config.h.in, configure, configure.in, ldap.c: + Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's + dn using the mechanism appropriate for the LDAP SDK in use. Use + ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate + ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them. + [6deeca3d00cc] -2007-11-21 15:02 millert + * lbuf.c: + include unistd.h + [8419ed0bae7f] - * configure, configure.in: fix setting of mandir + * config.h.in, configure.in: + fix typo in mtim_getnsec + [2d5f21230a60] + +2008-01-02 Todd C. Miller + + * config.h.in, configure, configure.in: + add check for st__tim in struct stat as used by SCO + [587060ea2a89] + + * ldap.c: + use ldap_search_ext_s instead of deprecated ldap_search_s + [5fc44fe3b44c] + + * Makefile.in, TODO, sudo.cat, sudo.man.in: + add sudo_nss.h to HDRS + [86f01a70ff29] + + * ldap.c: + Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and + ldap_rdn2str(). + [aa217002cfae] + +2008-01-01 Todd C. Miller + + * ldap.c: + Use ldap_get_values_len()/ldap_value_free_len() instead of the + deprecated ldap_get_values()/ldap_value_free(). + [e22dceb85e57] + + * ChangeLog: + sync + [adad27b36107] + + * TODO: + sync + [c449eb47e0ef] + + * gettime.c, sudo.c: + Remove some already fixed XXXs + [532788d0e6da] + + * ldap.c: + Same return value as non-existent sudoers if LDAP was unable to + connect. + [5819810e8e4e] + + * sudo.pod: + mention /etc/environment + [ea8e6102f853] + + * README.LDAP, UPGRADE, WHATSNEW: + Update to reflect recent developments. + [ed1fb026fe77] + + * sudo.c: + Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output. + [55b68a58260d] + + * ldap.c: + When building up a query don't list groups in the aux group vector + that are the same as the passwd file group. On most systems the + first gid in the group vector is the same as the passwd entry gid. + [4bb51e297e0d] -2007-11-21 14:26 millert + * env.c, ldap.c: + Define LDAPNOINIT before calling ldap_init(), etc. to disable user + ldaprc and system defaults that could affect how LDAP works. + [ce5036440db2] - * sudo.pod, sudoers.pod: document that ALL implies SETENV + * INSTALL, configure, configure.in, pathnames.h.in, sudo.c, + sudo_nss.c, sudo_nss.h: + Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users + to specify nsswitch.conf path or disable it. If --with-nsswitch=no + but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf- + file and --with-ldap-secret-file + [ea5d7704381f] + + * parse.c: + Honor def_ignore_local_sudoers + [f38e1121fae1] + +2007-12-31 Todd C. Miller + + * ldap.c: + no longer need to check def_ignore_local_sudoers here + [fce2a72f96fb] + + * parse.c: + Refactor group vector resetting into a function and also call it + from display_cmnd. Stop after the first sucessful match in + display_cmnd. Print a newline between each display_privs method. + [981b37b5adff] + + * parse.c: + fix double free introduced in rev 1.218 + [c574b02d8747] + + * ldap.c: + belt and suspenders; zero out result after freeing it + [7732988d4620] + + * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c: + Refactor line reading into a separate function, sudo_parseln(), + which removes comments, leading/trailing whitespace and newlines. + May want to rethink the use of sudo_parseln() for /etc/ldap.secret + [61d9068f0645] + + * parse.c, sudo.c: + Make the inability to read the sudoers file a non-fatal error if + there are other sudoers sources available. sudoers_file_lookup now + returns "not OK" if sudoers was not present + [643babf597a8] + + * ldap.c: + make it clear that the global options are from LDAP + [9ff950349463] + + * logging.c: + allocate proper amount of space for error string + [8bebb7d46d19] + + * sudo_nss.c, sudo_nss.h: + actual sudo nss code + [5bd7d52d7738] + + * ldap.c, parse.c, sudo.c, sudo.h: + nss-ify display_privs and display_cmnd. + [cccfdd3253f2] + + * defaults.c, parse.c, testsudoers.c, visudo.c: + move update_defaults() to parse.c + [ace144b958a9] -2007-11-21 13:50 millert + * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h: + Use nsswitch to hide some sudoers vs. ldap implementation details + and reduce the number of #ifdef LDAP TODO: fix display routines and + error handling + [6225edde89a6] - * ldap.c: s/setenv_ok/setenv_implied/g +2007-12-28 Todd C. Miller -2007-11-21 13:44 millert + * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h: + First cut at nsswitch.conf support. Further reorganizaton and + related changes are forthcoming. + [717f59d0790b] - * ldap.c: hostname_matches() returns TRUE on match in sudo 1.7. +2007-12-21 Todd C. Miller -2007-11-21 13:26 millert + * env.c, pathnames.h.in, sudo.c, sudo.h: + Add support for reading and /etc/environment file. Still needs to + be documented and should probably only applies to OSes that have it + (AIX and Linux, maybe others). + [15d3edae27e4] - * ldap.c: use strcmp, not strcasecmp when comparing ALL + * ldap.c: + include limits.h + [e19875ef0f82] -2007-11-21 11:41 millert +2007-12-20 Todd C. Miller - * ldap.c: Make sudo ALL imply setenv. Note that unlike with - file-based sudoers this does affect all the commands in the - sudoRole. + * WHATSNEW: + reword LDAP SASL + [7ec3c4ec31b5] -2007-11-21 11:05 millert +2007-12-19 Todd C. Miller - * gram.c, gram.y, parse.c, parse.h: sudo "ALL" now implies the - SETENV tag but, unlike an explicit tag, it is not passed on to - other commands in the list. + * TODO: + sync + [87c5a7aea7bf] -2007-11-21 11:02 millert + * README.LDAP: + Add an example sudoRole, clarify netscape vs. openldap a bit more + [6f96c0ca8107] - * visudo.c: Add missing sudo_setpwent() and sudo_setgrent() calls. - Also use sudo_getpwuid() instead of getpwuid(). + * README.LDAP: + Be clear on what is OpenLDAP vs. Netscape-derived + [a33c8314dec5] -2007-11-15 11:16 millert + * config.h.in, configure, configure.in, ldap.c: + Use ldapssl_init() for ldaps support instead of trying to do it + manually with ldap_init() + ldapssl_install_routines(). Use tls_cert + and tls_key for cert7.db and key3.db respectively. Don't print + debugging info for options that are not set. Add warning if + start_tls specified when not supported. + [abb62dc7e4a3] - * sudoers: Expand on the dangers of not using visudo to edit - sudoers. + * ldap.c: + fix compilation on solaris + [03d449684e80] -2007-11-08 07:24 millert + * Makefile.in: + add missing .h and .c files for missing lib objs + [8b37825bdfc7] - * parse.c: Don't quote *?[]! on output since the lexer does not - strip off the backslash when reading those in. +2007-12-18 Todd C. Miller -2007-11-07 13:16 millert + * ldap.c: + fix LDAP_OPT_NETWORK_TIMEOUT setting + [226eba89c0ad] - * glob.c: expand "u_foo" types to "unsigned foo" to avoid - compatibility issues. + * ldap.c: + fix compilation on Solaris + [917d47639eb6] -2007-11-04 08:33 millert +2007-12-17 Todd C. Miller - * logging.c: Refactor log line generation in to new_logline(). + * configure, configure.in: + fix typo + [009d5c81b225] -2007-10-25 09:23 millert + * README.LDAP: + try to clear up which variables are for OpenLDAP and which are for + netscape-derived SDKs + [f8d9823ee73c] - * TROUBLESHOOTING: fix typo + * config.h.in, configure, configure.in, ldap.c: + Add support for "ssl on" in both netscape and openldap flavors. Only + the OpenLDAP flavor has been tested. + [952745829ec5] -2007-10-24 12:41 millert + * logging.c, sudo.c, sudo.h: + Call cleanup() before exit in log_error() instead of calling + sudo_ldap_close() directly. ldap_conn can now be static to sudo.c + [da02d1b67a2c] - * config.h.in, configure, configure.in, interfaces.c, interfaces.h, - match.c: Add configure check for struct in6_addr instead of - relying on AF_INET6 since some systems define AF_INET6 but do not - include IPv6 support. + * sudo.c: + ld -> ldap_conn + [01afa6d927cc] -2007-10-21 09:29 millert +2007-12-16 Todd C. Miller - * configure, configure.in: Fix block to add -lutil for FreeBSD and - NetBSD when logincap is in use. + * logging.c, sudo.c, sudo.h: + Better ldap cleanup. + [25b9abe2d617] -2007-10-19 22:28 millert + * ldap.c: + Distinguish between LDAP conf settings that are connection-specific + (which take an ld pointer) and those that are default settings + (which do not). + [d48dc6c9c3b4] - * configure, configure.in: POSIX states that struct timespec be - declared in time.h so check there regardless of the value of - TIME_WITH_SYS_TIME. +2007-12-14 Todd C. Miller -2007-10-17 11:37 millert + * ldap.c: + Improved warnings on error. + [c8dce7b4feb4] - * tgetpass.c: Instead of defining a macro to call the appropriate - method for turning on/off echo, just define tc[gs]etattr() and - the related defines that use the correct terminal ioctls if - needed. Also go back to using TCSAFLUSH instead of TCSADRAIN on - all but QNX. + * ldap.c: + Make ldap config table driven and set the config *after* we open the + connection. + [d9698b5a2681] -2007-10-08 20:18 millert +2007-12-13 Todd C. Miller - * Makefile.in: g/c @ALLOCA@ + * ldap.c: + fix LDAP_OPT_X_CONNECT_TIMEOUT compat define + [598c6df06660] -2007-10-08 20:07 millert + * configure, configure.in: + some operating systems need to link with -lkrb5support when using + krb5 + [8896365dde9e] - * configure: regen +2007-12-10 Todd C. Miller -2007-10-08 20:04 millert + * WHATSNEW: + minor update + [acfeeb7f4886] - * INSTALL, config.h.in, configure.in, auth/pam.c: Add - --disable-pam-session configure option to disable calling - pam_{open,close}_session. May work around bugs in some PAM - implementations. + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: + regen + [a3c6699674f9] -2007-10-08 12:00 millert +2007-12-08 Todd C. Miller + + * ChangeLog, TODO: + sync + [138e99b925ee] + + * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif: + add -g support for LDAP + [8fc27dbe9287] - * tgetpass.c: quiet gcc warnings +2007-12-03 Todd C. Miller -2007-10-08 08:41 millert + * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in: + The -i and -s flags can now take an optional command. + [6afec104ee77] - * tgetpass.c: Avoid printing the prompt if we are already - backgrounded. E.g. if the user runs "sudo foo &" from the shell. - In this case, the call to tcsetattr() will cause SIGTTOU to be - delivered. +2007-12-02 Todd C. Miller -2007-09-15 16:07 millert + * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod, + sudoers.pod: + Add passprompt_override flag to sudoers that will cause the prompt + to be overridden in all cases. This flag is also set when the user + specifies the -p flag. + [e4c5402131a6] - * def_data.c, def_data.h, def_data.in: Reorder things such that the - definition of env_reset come right before the env variable lists. + * sudo.c: + Move setting of login class until after sudoers has been parsed. Set + NewArgv[0] for -i after runas_pw has been set. + [62a48c8c56fa] -2007-09-15 07:50 millert + * configure, configure.in: + Move the dgettext check. + [5fd8a4712d1c] + +2007-12-01 Todd C. Miller - * parse.h: Shrink type and seqno in struct alias from int to - u_short + * auth/pam.c, config.h.in, configure, configure.in: + Add basic support for looking up the string "Password: " in the PAM + localized text db. This allows us to determine whether the PAM + prompt is the default "Password: " one even if it has been + localized. -2007-09-15 07:24 millert + TODO: concatenate non-std PAM prompts and user-specified sudo + prompts. + [81c25a415d41] - * alias.c, match.c, parse.c, parse.h: Add a sequence number in the - aliases for loop detection. If we find an alias with the seqno - already set to the current (global) value we know we've visited - it before so ignore it. +2007-11-27 Todd C. Miller -2007-09-13 19:05 millert + * Makefile.in, config.h.in, configure, configure.in, parse.c, + set_perms.c, sudo.c, sudo.h: + Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was + insufficient. + [1cce6ec1a91e] - * TODO, sudo.c, sudo.h, auth/pam.c: PAM wants the full tty path so - add user_ttypath which holds the full path to the tty or is NULL - if no tty was present. + * acsite.m4, configure, interfaces.c, memrchr.c: + Fix typos; Martynas Venckus + [be1233cca11a] -2007-09-13 18:42 millert +2007-11-26 Todd C. Miller - * auth/pam.c: Set PAM_RHOST to work around a bug in Solaris 7 and - lower that results in a segv. + * set_perms.c: + Don't assume runas_pw is set; it may not be in the -g case. + [aa11bd2193ac] -2007-09-11 15:43 millert +2007-11-25 Todd C. Miller - * gram.c: regen + * logging.c, set_perms.c: + Set aux group vector for PERM_RUNAS and restore group vector for + PERM_ROOT if we previously changed it. Stash the runas group vector + so we don't have to call initgroups more than once. Also add no-op + check to check_perms. + [53837fc755f7] -2007-09-11 15:42 millert +2007-11-21 Todd C. Miller - * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c, - parse.h, testsudoers.c, visudo.c: rename lh_ -> tq_ + * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y, + ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h, + pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, + sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod, + testsudoers.c, visudo.c, visudo.cat, visudo.man.in: + Add support for runas groups. This allows the user to run a command + with a different effective group. If the -g option is specified + without -u the command will be run as the current user (only the + group will change). the -g and -u options may be used together. + TODO: implement runas group for ldap improve runas group + documentation add testsudoers support + [9019309df6d0] -2007-09-10 17:33 millert + * configure, configure.in: + fix setting of mandir + [2c60f269399f] - * alloc.c: remove some useless casts + * sudo.pod, sudoers.pod: + document that ALL implies SETENV + [bcc8e5b703b9] -2007-09-10 17:32 millert + * ldap.c: + s/setenv_ok/setenv_implied/g + [f005df2c2eea] - * alloc.c: pull in inttypes.h for SIZE_MAX; we avoid stdint.h since - inttypes.h predates the final C99 spec and the standard specifies - that it shall include stdint.h anyway + * ldap.c: + hostname_matches() returns TRUE on match in sudo 1.7. + [c3d4377b6e8b] -2007-09-06 12:39 millert + * ldap.c: + use strcmp, not strcasecmp when comparing ALL + [e486024574a1] - * Makefile.in, alloca.c, configure.in: Since we ship with a - pre-generated parser there is no need to ship a bogus alloca - implementation. + * ldap.c: + Make sudo ALL imply setenv. Note that unlike with file-based + sudoers this does affect all the commands in the sudoRole. + [bc12f54321d1] -2007-09-06 12:22 millert + * gram.c, gram.y, parse.c, parse.h: + sudo "ALL" now implies the SETENV tag but, unlike an explicit tag, + it is not passed on to other commands in the list. + [026e2cb40680] - * configure: regen + * visudo.c: + Add missing sudo_setpwent() and sudo_setgrent() calls. Also use + sudo_getpwuid() instead of getpwuid(). + [86f30a8fbd49] -2007-09-06 12:19 millert +2007-11-15 Todd C. Miller - * configure.in: remove initial setting of CHECKSIA, we require that - it be unset if not used + * sudoers: + Expand on the dangers of not using visudo to edit sudoers. + [e434e8057d02] -2007-09-06 11:55 millert +2007-11-08 Todd C. Miller - * Makefile.in: add list.c to SRCS + * parse.c: + Don't quote *?[]! on output since the lexer does not strip off the + backslash when reading those in. + [561da4a13afa] -2007-09-06 07:18 millert +2007-11-07 Todd C. Miller - * configure: regen + * glob.c: + expand "u_foo" types to "unsigned foo" to avoid compatibility + issues. + [b0d7c64d78c3] -2007-09-06 07:17 millert +2007-11-04 Todd C. Miller - * configure.in: only do SIA checks on Digital Unix + * logging.c: + Refactor log line generation in to new_logline(). + [6a9b9730615d] -2007-09-05 18:50 millert +2007-10-25 Todd C. Miller - * sudoers.cat, sudoers.man.in: regen + * TROUBLESHOOTING: + fix typo + [9e19d4f86e47] -2007-09-05 18:48 millert +2007-10-24 Todd C. Miller - * ChangeLog, TODO: sync + * config.h.in, configure, configure.in, interfaces.c, interfaces.h, + match.c: + Add configure check for struct in6_addr instead of relying on + AF_INET6 since some systems define AF_INET6 but do not include IPv6 + support. + [e24082c416bd] -2007-09-05 18:39 millert +2007-10-21 Todd C. Miller - * auth/kerb5.c: Remove call to krb5_cc_register() as it is not - needed for modern kerb5. + * configure, configure.in: + Fix block to add -lutil for FreeBSD and NetBSD when logincap is in + use. + [76a9df4a63be] -2007-09-05 18:16 millert +2007-10-20 Todd C. Miller - * configure: regen + * configure, configure.in: + POSIX states that struct timespec be declared in time.h so check + there regardless of the value of TIME_WITH_SYS_TIME. + [e42c55ec9daf] -2007-09-05 18:16 millert +2007-10-17 Todd C. Miller - * configure.in, aclocal.m4: New method for setting the default - authentication type and avoiding conflicts in auth types. + * tgetpass.c: + Instead of defining a macro to call the appropriate method for + turning on/off echo, just define tc[gs]etattr() and the related + defines that use the correct terminal ioctls if needed. Also go back + to using TCSAFLUSH instead of TCSADRAIN on all but QNX. + [5dfb2379d995] -2007-09-05 14:45 millert +2007-10-09 Todd C. Miller - * match.c, parse.c, testsudoers.c: Each entry in a cmndlist now has - an associated runaslist so no need to keep track of the most - recent non-NULL one. + * Makefile.in: + g/c @ALLOCA@ + [e6946c2e3820] -2007-09-04 18:51 millert + * configure: + regen + [9bac7159a138] - * ldap.c: back out partial ldaps support mistakenly committed + * INSTALL, auth/pam.c, config.h.in, configure.in: + Add --disable-pam-session configure option to disable calling + pam_{open,close}_session. May work around bugs in some PAM + implementations. + [273d0fdb4a9d] -2007-09-04 10:57 millert +2007-10-08 Todd C. Miller - * ldap.c: Add support for unix groups and netgroups in sudoRunas + * tgetpass.c: + quiet gcc warnings + [325565c5a579] -2007-09-03 16:28 millert + * tgetpass.c: + Avoid printing the prompt if we are already backgrounded. E.g. if + the user runs "sudo foo &" from the shell. In this case, the call + to tcsetattr() will cause SIGTTOU to be delivered. + [db2139a8d8b8] - * sudo_edit.c: Fix sudoedit of a non-existent file. From Tilo - Stritzky. +2007-09-15 Todd C. Miller -2007-09-02 17:05 millert + * def_data.c, def_data.h, def_data.in: + Reorder things such that the definition of env_reset come right + before the env variable lists. + [e0d8e22a581a] - * configure: regen + * parse.h: + Shrink type and seqno in struct alias from int to u_short + [9425263dd565] -2007-09-02 17:05 millert + * alias.c, match.c, parse.c, parse.h: + Add a sequence number in the aliases for loop detection. If we find + an alias with the seqno already set to the current (global) value we + know we've visited it before so ignore it. + [301a0548ffff] - * INSTALL: update --passprompt escape info +2007-09-13 Todd C. Miller -2007-09-02 17:03 millert + * TODO, auth/pam.c, sudo.c, sudo.h: + PAM wants the full tty path so add user_ttypath which holds the full + path to the tty or is NULL if no tty was present. + [c7c1dd4b36c8] - * configure.in: remove now-bogus comment and update copyright date + * auth/pam.c: + Set PAM_RHOST to work around a bug in Solaris 7 and lower that + results in a segv. + [3a8865b3a357] -2007-09-02 16:35 millert +2007-09-11 Todd C. Miller - * configure.in: Fix up use of with_passwd + * gram.c: + regen + [5647be127950] -2007-09-02 16:25 millert + * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c, + parse.h, testsudoers.c, visudo.c: + rename lh_ -> tq_ + [8f500c542c4a] - * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh: - Update to autoconf-2.61 andf libtool-1.5.24 +2007-09-10 Todd C. Miller -2007-09-02 16:17 millert + * alloc.c: + remove some useless casts + [409a448b23f5] - * Makefile.in: "cmp -s" not just cmp Add @datarootdir@ to quiet - autoconf-2.61 + * alloc.c: + pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h + predates the final C99 spec and the standard specifies that it shall + include stdint.h anyway + [ae478fdef61a] -2007-09-01 17:39 millert +2007-09-06 Todd C. Miller - * gram.c: regen + * Makefile.in, alloca.c, configure.in: + Since we ship with a pre-generated parser there is no need to ship a + bogus alloca implementation. + [3f611a7cc0e5] -2007-09-01 17:39 millert + * configure: + regen + [771eccf5269c] - * gram.y: move tags and runaslist propagation to be earlier + * configure.in: + remove initial setting of CHECKSIA, we require that it be unset if + not used + [a2e91adc5aa2] -2007-09-01 09:34 millert + * Makefile.in: + add list.c to SRCS + [7db0e56cf5b9] - * visudo.c: If -f flag given use the permissions of the original - file as a template + * configure: + regen + [3716ec30172e] -2007-09-01 08:45 millert + * configure.in: + only do SIA checks on Digital Unix + [6a96e1af2597] - * gram.y: prevent a double free() when re-initing the parser +2007-09-05 Todd C. Miller -2007-08-31 19:30 millert + * sudoers.cat, sudoers.man.in: + regen + [ac1dc29de72b] - * configure: regen + * ChangeLog, TODO: + sync + [781effce0a2d] -2007-08-31 19:30 millert + * auth/kerb5.c: + Remove call to krb5_cc_register() as it is not needed for modern + kerb5. + [351b8b764f16] - * aclocal.m4, alias.c, alloc.c, config.h.in, configure.in, env.c, - ldap.c, list.c, list.h, memrchr.c, parse.c, parse.h, pwutil.c, - redblack.c, redblack.h, snprintf.c, sudo.c, sudo.h, - testsudoers.c, visudo.c, zero_bytes.c, auth/API, auth/afs.c, - auth/bsdauth.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h: - Remove support for compilers that don't support void * + * configure: + regen + [ac21dbcc9c2c] -2007-08-31 19:14 millert + * aclocal.m4, configure.in: + New method for setting the default authentication type and avoiding + conflicts in auth types. + [5fb15be11f78] - * gram.c: regen + * match.c, parse.c, testsudoers.c: + Each entry in a cmndlist now has an associated runaslist so no need + to keep track of the most recent non-NULL one. + [582e015786b0] -2007-08-31 19:13 millert +2007-09-04 Todd C. Miller - * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, - match.c, parse.c, parse.h, testsudoers.c, visudo.c: Move list - manipulation macros to list.h and create C versions of the more - complex ones in list.c. The names have been down-cased so they - appear more like normal functions. + * ldap.c: + back out partial ldaps support mistakenly committed + [357703e94b2d] -2007-08-31 17:21 millert + * ldap.c: + Add support for unix groups and netgroups in sudoRunas + [2f04eb91c6d0] - * Makefile.in: Fix cmp command when regenerating parser. Make - gram.o the first dependency for all programs so gram.h will be - generated before anything that needs it. +2007-09-03 Todd C. Miller -2007-08-31 13:56 millert + * sudo_edit.c: + Fix sudoedit of a non-existent file. From Tilo Stritzky. + [a5488a03bddd] - * parse.h, gram.y: Convert NEW_DEFAULT anf NEW_MEMBER into static - functions. +2007-09-02 Todd C. Miller -2007-08-30 21:21 millert + * configure: + regen + [541177376ee1] - * match.c, parse.c, testsudoers.c: Use LH_FOREACH_REV when checking - permission and short-circuit on the first non-UNSPEC hit we get - for the command. This means that instead of cycling through the - all the parsed sudoers entries we start at the end and work - backwards and quit after the first positive or negative match. + * INSTALL: + update --passprompt escape info + [6d57db4cd538] -2007-08-30 21:13 millert + * configure.in: + remove now-bogus comment and update copyright date + [6a4af45fa331] - * gram.c: regen + * configure.in: + Fix up use of with_passwd + [7c79d8640f77] -2007-08-30 21:12 millert + * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh: + Update to autoconf-2.61 andf libtool-1.5.24 + [045259b0b439] + + * Makefile.in: + "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61 + [f5b6a7afb817] + +2007-09-01 Todd C. Miller + + * gram.c: + regen + [b5b78e71d2cb] + + * gram.y: + move tags and runaslist propagation to be earlier + [94f7805f4489] + + * visudo.c: + If -f flag given use the permissions of the original file as a + template + [9303d22bddb0] + + * gram.y: + prevent a double free() when re-initing the parser + [5b3907c4de5a] + +2007-08-31 Todd C. Miller + + * configure: + regen + [49a90b19a17d] + + * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in, + configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c, + parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c, + sudo.h, testsudoers.c, visudo.c, zero_bytes.c: + Remove support for compilers that don't support void * + [35e1d01ae197] + + * gram.c: + regen + [70ce412a458a] + + * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c, + parse.c, parse.h, testsudoers.c, visudo.c: + Move list manipulation macros to list.h and create C versions of the + more complex ones in list.c. The names have been down-cased so they + appear more like normal functions. + [9cea0e281148] + + * Makefile.in: + Fix cmp command when regenerating parser. Make gram.o the first + dependency for all programs so gram.h will be generated before + anything that needs it. + [429ea065abf1] + + * gram.y, parse.h: + Convert NEW_DEFAULT anf NEW_MEMBER into static functions. + [2f3433833589] + + * match.c, parse.c, testsudoers.c: + Use LH_FOREACH_REV when checking permission and short-circuit on the + first non-UNSPEC hit we get for the command. This means that + instead of cycling through the all the parsed sudoers entries we + start at the end and work backwards and quit after the first + positive or negative match. + [881474532f3e] + + * gram.c: + regen + [9152a19d4188] * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c: - Change list head macros to take a pointer, not a struct. - -2007-08-30 20:46 millert - - * gram.c: regen + Change list head macros to take a pointer, not a struct. + [054f1dcce4cc] -2007-08-30 20:46 millert + * gram.c: + regen + [be154aae6235] - * gram.y: Propagate the runasspec from one command to the next in a - cmndspec. + * gram.y: + Propagate the runasspec from one command to the next in a cmndspec. + [4957b1cb03a3] -2007-08-30 16:15 millert +2007-08-30 Todd C. Miller - * match.c: Replace has_meta() with a macro that calls strpbrk(). + * match.c: + Replace has_meta() with a macro that calls strpbrk(). + [a2e58846a542] -2007-08-30 16:04 millert - - * gram.c: regen - -2007-08-30 13:26 millert + * regen + [5a932a5c9451] * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h, - testsudoers.c, visudo.c: Use a list head struct when storing the - semi-circular lists and convert to tail queues in the process. - This will allow us to reverse foreach loops more easily and it - makes it clearer which functions expect a list as opposed to a - single member. - - Add macros for manipulating lists. Some of these should become - functions. - - When freeing up a list, just pop off the last item in the queue - instead of going from head to tail. This is simpler since we - don't have to stash a pointer to the next member, we always just - use the last one in the queue until the queue is empty. - - Rename match functions that take a list to have list in the name. - Break cmnd_matches() into cmnd_matches() and cmndlist_matches. - -2007-08-30 13:12 millert - - * parse.c: Fix pasto, append "!" not negated (which is an int) for - sudo -l output. - -2007-08-30 12:45 millert - - * Makefile.in: Remove the dependency of gram .h on gram.y, the .c - dependency is enough. Only move y.tab.h to gram.h if it is - different; avoids needless rebuilding. - -2007-08-27 15:51 millert - - * sudoers.pod: Defaults lines may be associated with lists of - users, hosts, commands and runas users, not just single entries. - -2007-08-26 17:42 millert - - * Makefile.in: Revert the "cmp" portion of the last diff, it - doesn't make sense. - -2007-08-26 17:10 millert - - * Makefile.in: Remove *.lo for clean: When generating the parser, - only move the generated files into place if they differ from the - existing ones. - -2007-08-24 22:47 millert - - * toke.c, toke.l: Replace IPV6 regexp with a much simpler - (readable) one and add an extra check when it matches to make - sure we have a valid address. - -2007-08-24 22:36 millert - - * match.c: Fix thinko introduced when merging IPV6 support. - -2007-08-24 14:23 millert - - * HISTORY, LICENSE: regen - -2007-08-24 14:23 millert - - * license.pod: add 2007 - -2007-08-24 14:19 millert - - * UPGRADE: mention #uid vs. comment pitfall - -2007-08-24 09:50 millert - - * acsite.m4: Merge in a patch from the libtool cvs that fixes a - problem with the latest autoconf. From Stepan Kasal. - -2007-08-23 20:28 millert + testsudoers.c, visudo.c: + Use a list head struct when storing the semi-circular lists and + convert to tail queues in the process. This will allow us to + reverse foreach loops more easily and it makes it clearer which + functions expect a list as opposed to a single member. - * parse.h: Back out he XOR swap trick, it is slower than a temp - variable on modern CPUs. + Add macros for manipulating lists. Some of these should become + functions. -2007-08-23 20:14 millert + When freeing up a list, just pop off the last item in the queue + instead of going from head to tail. This is simpler since we don't + have to stash a pointer to the next member, we always just use the + last one in the queue until the queue is empty. - * gram.c: regen + Rename match functions that take a list to have list in the name. + Break cmnd_matches() into cmnd_matches() and cmndlist_matches. + [7c37b271607a] -2007-08-23 20:14 millert + * parse.c: + Fix pasto, append "!" not negated (which is an int) for sudo -l + output. + [93a444c3997f] - * gram.y, parse.h: Convert the tail queue to a semi-circle queue - and use the XOR swap trick to swap the prev pointers during - append. + * Makefile.in: + Remove the dependency of gram .h on gram.y, the .c dependency is + enough. Only move y.tab.h to gram.h if it is different; avoids + needless rebuilding. + [67bf4ea2a2e5] + +2007-08-27 Todd C. Miller + + * sudoers.pod: + Defaults lines may be associated with lists of users, hosts, + commands and runas users, not just single entries. + [795effacb6be] + +2007-08-26 Todd C. Miller + + * Makefile.in: + Revert the "cmp" portion of the last diff, it doesn't make sense. + [26f34bf4e2e3] + + * Makefile.in: + Remove *.lo for clean: When generating the parser, only move the + generated files into place if they differ from the existing ones. + [84673fea371b] + +2007-08-25 Todd C. Miller + + * toke.c, toke.l: + Replace IPV6 regexp with a much simpler (readable) one and add an + extra check when it matches to make sure we have a valid address. + [592e9f690556] + + * match.c: + Fix thinko introduced when merging IPV6 support. + [da38cd5eb8c7] + +2007-08-24 Todd C. Miller + + * HISTORY, LICENSE: + regen + [0d7b27b90634] + + * license.pod: + add 2007 + [510e5048ae1a] + + * UPGRADE: + mention #uid vs. comment pitfall + [4d2861898bcc] + + * acsite.m4: + Merge in a patch from the libtool cvs that fixes a problem with the + latest autoconf. From Stepan Kasal. + [0c279ae7df3e] + + * parse.h: + Back out he XOR swap trick, it is slower than a temp variable on + modern CPUs. + [91c4b024e317] + + * gram.c: + regen + [cb6d4106fb74] + + * gram.y, parse.h: + Convert the tail queue to a semi-circle queue and use the XOR swap + trick to swap the prev pointers during append. + [8bf4d9fbee58] + +2007-08-23 Todd C. Miller + + * parse.h: + remove useless statement + [421ec1dd73e6] + + * toke.c, toke.l: + Refactor #include parsing into a separate function and return + unparsed chars (such as newline or comment) back to the lexer. + [64166917aa3d] -2007-08-23 15:31 millert +2007-08-22 Todd C. Miller - * parse.h: remove useless statement + * WHATSNEW: + mention better uid support + [56f510e7f2ec] -2007-08-23 07:47 millert + * sudoers.pod: + Users may now consist of a uid. + [5fd31b2c55ed] - * toke.c, toke.l: Refactor #include parsing into a separate - function and return unparsed chars (such as newline or comment) - back to the lexer. + * gram.c, gram.h, toke.c: + regen + [599e58af6dc1] -2007-08-22 18:56 millert + * parse.c: + Use lbuf_append_quoted() for sudo -l output to quote characters that + would require quoting in sudoers. + [3132d05c990a] - * WHATSNEW: mention better uid support + * lbuf.c, lbuf.h: + Add lbuf_append_quoted() which takes a set of characters which + should be quoted with a backslash when displayed. + [ab09bebb1d65] -2007-08-22 18:55 millert + * toke.l: + Require that the first character after a comment not be a digit or a + dash. This allows us to remove the GOTRUNAS state and treat + uid/gids similar to other words. It also means that we can now + specify uids in User_Lists and a User_Spec may now contain a uid. + [461fe01f8392] - * sudoers.pod: Users may now consist of a uid. + * gram.y, toke.l: + Replace RUNAS token with '(' and ')' tokens to make the runas + portion of the grammar more natural. + [e0c383b4684d] -2007-08-22 18:39 millert + * BUGS: + The BUGS file is history + [4d9a809585c7] - * gram.c, gram.h, toke.c: regen + * Makefile.in, README: + The BUGS file is history + [d9500e261172] -2007-08-22 18:32 millert +2007-08-21 Todd C. Miller - * parse.c: Use lbuf_append_quoted() for sudo -l output to quote - characters that would require quoting in sudoers. + * toke.c, toke.l: + Allow comments after a RunasAlias as long as the character after the + pound sign isn't a digit or a dash. + [d7f3bd94eeda] -2007-08-22 18:31 millert + * WHATSNEW: + Glob support was back-ported to 1.6.9 + [d1d5cfd46228] - * lbuf.c, lbuf.h: Add lbuf_append_quoted() which takes a set of - characters which should be quoted with a backslash when - displayed. +2007-08-20 Todd C. Miller -2007-08-22 18:28 millert + * Makefile.in: + remove sudo_usage.h in distclean + [df05ce9c4127] - * toke.l: Require that the first character after a comment not be a - digit or a dash. This allows us to remove the GOTRUNAS state and - treat uid/gids similar to other words. It also means that we can - now specify uids in User_Lists and a User_Spec may now contain a - uid. + * parse.c: + If a Defaults value contains a blank, double-quote the string. + [9057a910daad] -2007-08-22 18:23 millert + * toke.c, toke.l: + Properly deal with Defaults double-quoted strings that span multiple + lines using the line continuation char. Previously, the entire + thing, including the continuation char, newline, and spaces was + stored as-is. + [4a4e8eacefe6] - * gram.y, toke.l: Replace RUNAS token with '(' and ')' tokens to - make the runas portion of the grammar more natural. + * sudo.c: + Be consistent when using single quotes and backticks. + [d010b83a0fa1] -2007-08-22 06:35 millert - - * Makefile.in, README, BUGS: The BUGS file is history - -2007-08-21 09:19 millert - - * toke.c, toke.l: Allow comments after a RunasAlias as long as the - character after the pound sign isn't a digit or a dash. - -2007-08-20 20:43 millert - - * WHATSNEW: Glob support was back-ported to 1.6.9 - -2007-08-20 19:59 millert - - * Makefile.in: remove sudo_usage.h in distclean - -2007-08-20 19:24 millert - - * parse.c: If a Defaults value contains a blank, double-quote the - string. - -2007-08-20 19:19 millert - - * toke.c, toke.l: Properly deal with Defaults double-quoted strings - that span multiple lines using the line continuation char. - Previously, the entire thing, including the continuation char, - newline, and spaces was stored as-is. - -2007-08-20 10:46 millert - - * sudo.c: Be consistent when using single quotes and backticks. - -2007-08-19 16:48 millert +2007-08-19 Todd C. Miller * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c, - sudo.c, sudo_usage.h.in: Add new linebuf code to do appends of - dynamically allocated strings and word-wrapped output. Currently - used for sudo's usage() and sudo -l output. Sudo usage strings - are now in sudo_usage.h which is generated at configure time. - -2007-08-18 08:22 millert - - * sudo.h, parse.c, sudo.c: Fix line wrapping in usage() and use the - actual tty width instead of assuming 80. + sudo.c, sudo_usage.h.in: + Add new linebuf code to do appends of dynamically allocated strings + and word-wrapped output. Currently used for sudo's usage() and sudo + -l output. Sudo usage strings are now in sudo_usage.h which is + generated at configure time. + [4dfd0ee8d961] -2007-08-17 18:32 millert +2007-08-18 Todd C. Miller - * history.pod: some more info + * parse.c, sudo.c, sudo.h: + Fix line wrapping in usage() and use the actual tty width instead of + assuming 80. + [700eab37c5a6] -2007-08-17 17:28 millert +2007-08-17 Todd C. Miller - * history.pod: Mentioned Chris Jepeway's parser and also the new - one that is in sudo 1.7. + * history.pod: + some more info + [8140112a8ae1] -2007-08-16 09:38 millert + * history.pod: + Mentioned Chris Jepeway's parser and also the new one that is in + sudo 1.7. + [2132d00f0597] - * sudo.pod, visudo.pod: For the options list, add flag args where - appropriate and increase the indent level so there is room for - them. +2007-08-16 Todd C. Miller -2007-08-15 13:49 millert + * sudo.pod, visudo.pod: + For the options list, add flag args where appropriate and increase + the indent level so there is room for them. + [2b60fb572e12] - * parse.c: Fix some spacing in "sudo -l" and add a comment about - some bogosity in the line wrapping. +2007-08-15 Todd C. Miller -2007-08-15 11:21 millert + * parse.c: + Fix some spacing in "sudo -l" and add a comment about some bogosity + in the line wrapping. + [b59b056f5ee2] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, - visudo.man.in, visudo.cat: regen - -2007-08-15 11:20 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [5fb719f18ebc] * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in, - def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, - parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod, - testsudoers.c, toke.c, toke.l: Remove monitor support until there - is a versino of systrace that uses a lookaside buffer (or we have - a better mechanism to use). - -2007-08-15 09:22 millert - - * configure.in, configure, config.h.in, sudo.c: use getaddrinfo() - instead of gethostbyname() if it is available + def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, + parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod, + testsudoers.c, toke.c, toke.l: + Remove monitor support until there is a versino of systrace that + uses a lookaside buffer (or we have a better mechanism to use). + [61ff76878e4a] -2007-08-14 15:27 millert + * config.h.in, configure, configure.in, sudo.c: + use getaddrinfo() instead of gethostbyname() if it is available + [cc33c136aa6a] - * parse.c, sudo.c: Deal with OSes where sizeof(gid_t) < - sizeof(int). +2007-08-14 Todd C. Miller -2007-08-14 11:19 millert + * parse.c, sudo.c: + Deal with OSes where sizeof(gid_t) < sizeof(int). + [130a89cbdfba] - * interfaces.c: repair non-getifaddrs() code after ipv6 integration + * interfaces.c: + repair non-getifaddrs() code after ipv6 integration + [7ae7a89e2236] -2007-08-14 10:04 millert + * sudo.c: + If we can open sudoers but fail to read the first byte, close the + file stream before trying again. + [6f31272fae7b] - * sudo.c: If we can open sudoers but fail to read the first byte, - close the file stream before trying again. +2007-08-13 Todd C. Miller -2007-08-13 12:34 millert - - * gram.c, toke.c: regen - -2007-08-13 12:29 millert + * toke.c: + regen + [4d7afe0aa6fa] * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l: - Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki - -2007-08-13 12:23 millert - - * sudo.pod, sudoers.pod, visudo.pod: Add some missing markup Update - copyright + Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki + [4e6ff2965a42] -2007-08-12 18:55 millert + * sudo.pod, sudoers.pod, visudo.pod: + Add some missing markup Update copyright + [7e6d3c686b5e] - * configure, configure.in: fix sudo_noexec extension which got - broken in the libtool update +2007-08-12 Todd C. Miller -2007-08-10 10:41 millert + * configure, configure.in: + fix sudo_noexec extension which got broken in the libtool update + [3a5b447df861] - * Makefile.in: explicitly specify -Tascii to nroff +2007-08-10 Todd C. Miller -2007-08-08 16:07 millert + * Makefile.in: + explicitly specify -Tascii to nroff + [45c8da4cbefe] - * logging.c: remove an ANSI-ism that crept in +2007-08-08 Todd C. Miller -2007-08-06 20:37 millert + * logging.c: + remove an ANSI-ism that crept in + [29086f87b2ca] - * sudo.pod: Adjust list indents Prevent -- from being turned into - an em dash Use a list for the environment instead of a literal - paragraph +2007-08-07 Todd C. Miller -2007-08-06 20:36 millert + * sudo.pod: + Adjust list indents Prevent -- from being turned into an em dash Use + a list for the environment instead of a literal paragraph + [c3abcd8f76f4] - * visudo.pod: Use a list for the environment instead of an indented - literal paragraph. + * visudo.pod: + Use a list for the environment instead of an indented literal + paragraph. + [0ffcfcb7349f] -2007-08-06 20:33 millert + * sudoers.pod: + Adjust list indentation + [615c89e3123a] - * sudoers.pod: Adjust list indentation + * license.pod: + add =head3 + [8b2e0d38c0bd] -2007-08-06 20:31 millert +2007-08-06 Todd C. Miller - * license.pod: add =head3 + * sudo.pod: + mention that when specifying a uid for the -u option the shell may + require that the # be escaped + [3e3a17bff150] -2007-08-06 10:24 millert +2007-08-02 Todd C. Miller - * sudo.pod: mention that when specifying a uid for the -u option - the shell may require that the # be escaped + * match.c: + Fix off by one in group matching. + [b529602b7fba] -2007-08-01 22:08 millert +2007-07-31 Todd C. Miller - * match.c: Fix off by one in group matching. + * env.c: + Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause. + [ffbf8907c6e7] -2007-07-31 14:04 millert +2007-07-30 Todd C. Miller - * env.c: Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From - David Krause. + * configure, configure.in: + Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the + -lgssapi_krb5 case. + [2b85a89c2252] -2007-07-30 10:45 millert + * aclocal.m4, configure, configure.in: + Fix link tests such that new gcc doesn't optimize away the test. + [83484ec95cba] - * configure, configure.in: Add missing define of - HAVE_GSS_KRB5_CCACHE_NAME for the -lgssapi_krb5 case. +2007-07-29 Todd C. Miller -2007-07-30 09:29 millert + * sudo.pod, sudoers.pod, visudo.pod: + add missing over/back + [251a12c89b91] - * aclocal.m4, configure.in, configure: Fix link tests such that new - gcc doesn't optimize away the test. + * sudo.pod, sudoers.pod, visudo.pod: + Change FILES section to use =item + [60b9efc3a0b2] -2007-07-29 19:21 millert + * env.c: + Add back allocation of the env struct in rebuild_env but save a copy + of the old pointer and free it before returning. + [1100cd4fa997] - * sudo.pod, sudoers.pod, visudo.pod: add missing over/back + * env.c: + Don't init the private environment in rebuild_env() since it may + have already been done implicitly sudo_setenv/sudo_unsetenv. -2007-07-29 19:09 millert + Multiply length by sizeof(char *) in memcpy/memmove when copying the + environment so we copy the full thing. - * sudo.pod, sudoers.pod, visudo.pod: Change FILES section to use - =item + Add missing set of parens so we deref the right pointer in + sudo_unsetenv when searching for a matching variable. + [9086a8f756b1] -2007-07-29 18:32 millert +2007-07-26 Todd C. Miller - * env.c: Add back allocation of the env struct in rebuild_env but - save a copy of the old pointer and free it before returning. + * sudo.pod, sudoers.pod, visudo.pod: + Use file markup for paths in the FILES section + [940d99f731f2] -2007-07-29 16:09 millert + * sudo.pod, sudoers.pod, visudo.pod: + Don't capitalize sudo/visudo + [f067a455d44b] - * env.c: Don't init the private environment in rebuild_env() since - it may have already been done implicitly - sudo_setenv/sudo_unsetenv. + * sudoers.pod: + Sort sudoers options; based on a diff from Igor Sobrado. + [a9b9befe85ac] - Multiply length by sizeof(char *) in memcpy/memmove when copying - the environment so we copy the full thing. +2007-07-25 Todd C. Miller - Add missing set of parens so we deref the right pointer in - sudo_unsetenv when searching for a matching variable. + * sudo.pod, sudoers.pod, visudo.pod: + Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the + latter confuses pod2man. The Makefile rules for the .man.in file + will add @mansectsu@ and @mansectform@ back in after pod2man is done + anyway. + [b50ea0db727c] -2007-07-26 16:35 millert +2007-07-22 Todd C. Miller - * sudo.pod, sudoers.pod, visudo.pod: Use file markup for paths in - the FILES section + * LICENSE, Makefile.in, license.pod: + Move license info to pod format + [25bdd82e592b] -2007-07-26 10:04 millert + * configure, configure.in, sudoers.pod: + Substitute value of path_info into sudoers man page. + [9ba661a82798] - * sudo.pod, sudoers.pod, visudo.pod: Don't capitalize sudo/visudo + * WHATSNEW: + remove features that were back-ported to 1.6.9 + [e76d756cbe65] -2007-07-26 07:28 millert + * sudo.c, sudo.pod, visudo.c, visudo.pod: + Sort SYNOPSIS and sync usage. From Igor Sobrado. + [4970386c9e54] - * sudoers.pod: Sort sudoers options; based on a diff from Igor - Sobrado. + * env.c: + Only need sudo_setenv/sudo_unsetenv if we are going to use + ldap_sasl_interactive_bind_s() but don't have + gss_krb5_ccache_name(). + [f1a73d8b35c5] -2007-07-25 16:19 millert + * ChangeLog: + rebuild without branch info + [5d5a33494677] - * sudo.pod, sudoers.pod, visudo.pod: Use 8 and 5 instead of - @mansectsu@ and @mansectform@ since the latter confuses pod2man. - The Makefile rules for the .man.in file will add @mansectsu@ and - @mansectform@ back in after pod2man is done anyway. + * Makefile.in: + Add ChangeLog target + [a702034fdd89] -2007-07-22 19:09 millert + * auth/pam.c: + Run cleanup code if the user hits ^C at the password prompt. + [9cf87768e921] - * LICENSE, Makefile.in, license.pod: Move license info to pod - format + * auth/pam.c: + Some versions of pam_lastlog have a bug that will cause a crash if + PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty + string. + [5b63f6c88866] -2007-07-22 18:43 millert +2007-07-20 Todd C. Miller - * configure, configure.in, sudoers.pod: Substitute value of - path_info into sudoers man page. + * Makefile.in: + ChageLog not Changelog + [1243d8473ceb] -2007-07-22 16:40 millert + * ChangeLog: + sync + [d887df98c6b0] - * WHATSNEW: remove features that were back-ported to 1.6.9 + * Makefile.in: + CHANGE -> Changelog + [917738df30dd] -2007-07-22 15:20 millert + * TODO: + sync + [cd382f7d1948] - * sudo.c, sudo.pod, visudo.c, visudo.pod: Sort SYNOPSIS and sync - usage. From Igor Sobrado. +2007-07-19 Todd C. Miller -2007-07-22 15:19 millert + * config.h.in, configure, configure.in, ldap.c: + Add configure hooks for gss_krb5_ccache_name() and the gssapi + headers. + [139606209991] - * env.c: Only need sudo_setenv/sudo_unsetenv if we are going to use - ldap_sasl_interactive_bind_s() but don't have - gss_krb5_ccache_name(). +2007-07-18 Todd C. Miller -2007-07-22 08:23 millert + * env.c, sudo.c: + rebuild_env() and insert_env_vars() no longer return environment + pointer, they set environ directly. - * ChangeLog: rebuild without branch info + No longer need to pass around an envp pointer since we just operate + on environ now. -2007-07-22 08:23 millert + Add dosync argument to insert_env() that indicates whether it should + reset environ when realloc()ing env.envp. - * Makefile.in: Add ChangeLog target + Use an initial size of 128 for the environment. + [4735fd5fddb8] -2007-07-22 08:14 millert + * env.c: + Split sudo_setenv() into an external version and a version only for + use by rebuild_env(). + [fda7d655adb1] - * auth/pam.c: Run cleanup code if the user hits ^C at the password - prompt. +2007-07-16 Todd C. Miller + + * ldap.c: + Add support for using gss_krb5_ccache_name() instead of setting + KRB5CCNAME. Also use sudo_unsetenv() in the non- + gss_krb5_ccache_name() case if there was no KRB5CCNAME in the + original environment. TODO: configure setup for + gss_krb5_ccache_name() + [fcafa5a49caf] + + * README.LDAP: + add krb5_ccname + [fceb8f883886] + + * README.LDAP, ldap.c: + Add support for sasl_secprops in ldap.conf + [1f06f4bf7347] + + * env.c, sudo.h: + Add sudo_unsetenv() and refactor private env syncing code into + sync_env(). + [045ecb3fd22b] + + * README.LDAP, ldap.c: + The ldap.conf variable is sasl_auth_id not sasl_authid. + [a5f98491311b] + +2007-07-15 Todd C. Miller + + * ldap.c, sudo.c, sudo.h: + Add support for krb5_ccname in ldap.conf. If specified, it will + override the default value of KRB5CCNAME in the environment for the + duration of the call to ldap_sasl_interactive_bind_s(). + [b08a10c3045b] + + * env.c, sudo.h: + Remove format_env() Add sudo_setenv() to replace most format_env() + + insert_env() combinations. insert_env() no longer takes a struct + environment * + [131da52f43f3] + + * ldap.c: + Fix use_sasl vs. rootuse_sasl logic. + [0c0417b6918c] + + * README.LDAP, config.h.in, configure, configure.in, ldap.c: + Add support for SASL auth when connecting to an LDAP server. Adapted + from a diff by Tom McLaughlin. + [a6285f1356ea] + +2007-07-14 Todd C. Miller + + * configure, configure.in: + Only enable AIX or BSD auth if no other exclusive auth method has + been chosen. Allows people to e.g., use PAM on AIX without adding + --without-aixauth. A better solution is needed to deal with default + authentication since if a non-exclusive method is chosen we will + still get an error. + [83f7afdc0ec3] + +2007-07-11 Todd C. Miller + + * HISTORY, Makefile.in, history.pod: + Generate HISTORY from history.pod (which is also used for web pages) + [60bcd5164931] + +2007-07-09 Todd C. Miller + + * sudo.man.in, sudoers.man.in: + regen + [63956a366191] + + * sudo.pod: + Better explanation of environment handling in the sudo man page. + [6c247742f7ee] + + * env.c, sudo.c: + Defer setting user-specified env vars until after authentication. + [4750b79323ee] + + * env.c: + honor def_default_path for PATH set on the command line + [6db31d9b6d65] + + * env.c, sudo.c, sudo.pod, sudoers.pod: + Allow user to set environment variables on the command line as long + as they are allowed by env_keep and env_check. Ie: apply the same + restrictions as normal environment variables. TODO: deal with + secure_path + [26c0da3840cf] + +2007-07-08 Todd C. Miller + + * sudo.c, sudo_edit.c: + Call rebuild_env() in call cases. Pass original envp to sudo_edit(). + Don't allow -E or env var setting in sudoedit mode. More accurate + usage() when called as sudoedit. + [a4af20658361] + + * ldap.c: + warn -> warning + [d87d1192b048] + + * sudo.pod: + add -c option to sudoedit synopsis + [15b596a7e2db] + + * TODO: + udpate to reality + [e2f8fde89db1] + + * parse.c: + Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return + value from {user,host,runas,cmnd}_matches(). Rename *matches + variables -> *match. Purely cosmetic. + [e54a44c00a88] -2007-07-22 08:13 millert + * parse.c: + Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change + in behavior. + [c6272b4f2127] - * auth/pam.c: Some versions of pam_lastlog have a bug that will - cause a crash if PAM_TTY is not set so if there is no tty, set - PAM_TTY to the empty string. + * sudoers: + add SETENV tag + [3a3066bb6788] -2007-07-20 09:32 millert +2007-07-06 Todd C. Miller - * Makefile.in: ChageLog not Changelog + * parse.c: + Make pwcheck local to the pwflag block. Use pwcheck even if user + didn't match since Defaults options may still apply. + [45da9efbbafd] -2007-07-20 09:31 millert + * check.c, sudo.c: + Do not update timestamp if user not validated by sudoers. + [a4a9d4364827] - * ChangeLog: sync + * set_perms.c: + for PERM_RUNAS, set the egid to the runas user's gid and restore to + the user's original in PERM_ROOT + [1514bfb32847] -2007-07-20 09:29 millert + * logging.c, mon_systrace.c, set_perms.c, sudo.h: + PERM_FULL_ROOT is now no different than PERM_ROOT so remove + PERM_FULL_ROOT + [b9d047a3178c] - * Makefile.in: CHANGE -> Changelog + * check.c: + don't check timestamp mtime if we are just going to remove it + [5d2470bc6cbd] -2007-07-19 20:23 millert + * sudoers.pod: + Move sudoers defaults parameters into their own section. + [54701fbc0ff3] - * TODO: sync + * testsudoers.c: + Reduce a level of indent by a few placed continue statements. + [5d5a9838c8ef] -2007-07-19 19:53 millert + * parse.c: + Make matching but negated commands/hosts/runas entries override a + previous match as expected. Also reduce some levels of indent by a + few placed continue statements. + [dd59fa4b91a1] - * config.h.in, configure.in, configure, ldap.c: Add configure hooks - for gss_krb5_ccache_name() and the gssapi headers. +2007-07-05 Todd C. Miller -2007-07-18 12:57 millert + * parse.c: + Print default runas in "sudo -l" if sudoers don't specify one. + [07d408c400bd] - * env.c, sudo.c: rebuild_env() and insert_env_vars() no longer - return environment pointer, they set environ directly. + * match.c: + Less hacky way of testing whether the domain was set. + [a537059776e5] - No longer need to pass around an envp pointer since we just - operate on environ now. +2007-07-04 Todd C. Miller - Add dosync argument to insert_env() that indicates whether it - should reset environ when realloc()ing env.envp. + * INSTALL: + Mention pam-devel and openldap-devel for Linux + [9e708c54ecc3] - Use an initial size of 128 for the environment. +2007-07-03 Todd C. Miller -2007-07-18 12:41 millert + * README.LDAP: + or vs. are + [abe8c0f3a410] - * env.c: Split sudo_setenv() into an external version and a version - only for use by rebuild_env(). +2007-07-01 Todd C. Miller -2007-07-16 19:40 millert + * sudo.c: + fix typo in Solaris project support + [2ffeb2d80959] - * ldap.c: Add support for using gss_krb5_ccache_name() instead of - setting KRB5CCNAME. Also use sudo_unsetenv() in the - non-gss_krb5_ccache_name() case if there was no KRB5CCNAME in the - original environment. TODO: configure setup for - gss_krb5_ccache_name() + * HISTORY: + update + [df162b36f120] -2007-07-16 18:44 millert + * sudo.c: + Make -- on the command line match the manual page. The implied shell + case has been simplified as a result. + [cd217a1f6694] - * README.LDAP: add krb5_ccname +2007-06-28 Todd C. Miller -2007-07-16 18:44 millert + * sudoers2ldif: + add simplistic support for sudoRunas; note that if a sudoers entry + contains multiple Runas users, all will apply to the sudoRole + [65b11421f5c8] - * README.LDAP, ldap.c: Add support for sasl_secprops in ldap.conf + * sudoers2ldif: + honor SETENV and NOSETENV tags + [2c0d5ba7a09b] -2007-07-16 18:39 millert +2007-06-24 Todd C. Miller - * env.c, sudo.h: Add sudo_unsetenv() and refactor private env - syncing code into sync_env(). + * mon_systrace.c: + Redo setting of user_args. We now build up a private copy of argv + first and then replace the NULs?with spaces. + [ccbba72ea112] -2007-07-16 07:27 millert + * mon_systrace.c: + getcwd() returns NULL on failure, not 0 on success + [88cd9e66e530] - * README.LDAP, ldap.c: The ldap.conf variable is sasl_auth_id not - sasl_authid. + * mon_systrace.c: + allow chunksiz to reach 1 before erroring out + [619d68f14964] -2007-07-15 15:44 millert - - * ldap.c, sudo.c, sudo.h: Add support for krb5_ccname in ldap.conf. - If specified, it will override the default value of KRB5CCNAME - in the environment for the duration of the call to - ldap_sasl_interactive_bind_s(). + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [8db512d3caf0] -2007-07-15 15:41 millert +2007-06-23 Todd C. Miller - * env.c, sudo.h: Remove format_env() Add sudo_setenv() to replace - most format_env() + insert_env() combinations. insert_env() no - longer takes a struct environment * + * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y, + logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod, + toke.c, toke.l: + Add support for setting environment variables on the command line. + This is only allowed if the setenv sudoers options is enabled or if + the command is prefixed with the SETENV tag. + [5744caebd969] -2007-07-15 12:47 millert + * README.LDAP: + replace Aaron's email address with the sudo-workers list + [2ffce5f9afc0] - * ldap.c: Fix use_sasl vs. rootuse_sasl logic. + * configure: + regen + [8013dff82c0c] -2007-07-15 09:23 millert +2007-06-22 Todd C. Miller - * README.LDAP, config.h.in, configure, configure.in, ldap.c: Add - support for SASL auth when connecting to an LDAP server. Adapted - from a diff by Tom McLaughlin. + * schema.OpenLDAP, schema.iPlanet: + Break schema out into separate files. + [15e598e4c60b] -2007-07-14 16:32 millert + * Makefile.in, README.LDAP: + Break schema out into separate files. + [1a53966ca1fa] - * configure, configure.in: Only enable AIX or BSD auth if no other - exclusive auth method has been chosen. Allows people to e.g., - use PAM on AIX without adding --without-aixauth. A better - solution is needed to deal with default authentication since if a - non-exclusive method is chosen we will still get an error. +2007-06-21 Todd C. Miller -2007-07-11 11:23 millert + * auth/aix_auth.c: + free message if set by authenticate() + [849c220c1236] - * HISTORY, Makefile.in, history.pod: Generate HISTORY from - history.pod (which is also used for web pages) + * match.c: + deal with NULL gr_mem + [49e4d74f0bbe] -2007-07-09 19:40 millert +2007-06-20 Todd C. Miller - * sudo.man.in, sudoers.man.in: regen + * config.h.in: + regen + [fead999ad3e9] -2007-07-09 19:25 millert + * configure.in: + add template for HAVE_PROJECT_H + [e6c42c2eaad1] - * sudo.pod: Better explanation of environment handling in the sudo - man page. + * closefrom.c: + include fcntl.h + [54d98b382f03] -2007-07-09 15:13 millert +2007-06-19 Todd C. Miller - * env.c, sudo.c: Defer setting user-specified env vars until after - authentication. + * INSTALL: + mention --with-project + [d3ea3baad7c5] -2007-07-09 13:25 millert + * config.h.in, configure.in, sudo.c: + Add Solaris 10 "project" support. From Michael Brantley. + [f14f3c8c6554] - * env.c: honor def_default_path for PATH set on the command line + * sudoers.pod: + fix typo + [50db81a19787] -2007-07-09 13:22 millert + * configure: + regen + [ea71afd3e564] - * sudo.c, env.c, sudo.pod, sudoers.pod: Allow user to set - environment variables on the command line as long as they are - allowed by env_keep and env_check. Ie: apply the same - restrictions as normal environment variables. TODO: deal with - secure_path + * configure.in: + Fix preservation of LDFLAGS in the LDAP case. + [40a3a47e8059] -2007-07-08 14:44 millert + * memrchr.c: + Remove dependecy on NULL + [c957ae5e1733] - * sudo.c, sudo_edit.c: Call rebuild_env() in call cases. Pass - original envp to sudo_edit(). Don't allow -E or env var setting - in sudoedit mode. More accurate usage() when called as sudoedit. + * configure: + regen + [4955ce0c6912] -2007-07-08 14:41 millert + * aclocal.m4, configure.in: + Can't use the regular autoconf fnmatch() check since we need + FNM_CASEFOLD so go back to our custom one. + [f10d76237486] - * ldap.c: warn -> warning + * env.c: + Fix preserving of variables in env_keep. + [d040049d6b84] -2007-07-08 14:11 millert + * env.c: + add XAUTHORIZATION + [0d589a5fe015] - * sudo.pod: add -c option to sudoedit synopsis + * UPGRADE: + expand upon env resetting and mention that it began in 1.6.9 not + 1.7. + [dba251655c76] -2007-07-08 10:27 millert + * sudoers.pod: + Update descriptions of env_keep and env_check to match current + reality. + [dba77357954b] - * TODO: udpate to reality +2007-06-18 Todd C. Miller -2007-07-08 09:43 millert + * env.c: + Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME, + LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table. + [eec4632bd190] - * parse.c: Use ALLOW/DENY instead of TRUE/FALSE when dealing with - the return value from {user,host,runas,cmnd}_matches(). Rename - *matches variables -> *match. Purely cosmetic. + * env.c, logging.c: + Treat USERNAME environemnt variable like LOGNAME/USER + [09f52dcfd70c] -2007-07-08 09:30 millert + * env.c: + Don't need to populate keepenv table with the contents of the + checkenv table. + [527a14afd973] - * parse.c: Move setting of FLAG_NO_CHECK into the if(pwflag) block. - No change in behavior. + * sudo.c: + Don't force sudo into the C locale. + [8a5bd301ef96] -2007-07-08 09:17 millert + * env.c: + Make env_check apply when env_reset it true. Environment variables + are passed through unless they contain '/' or '%'. There is no need + to have a variable in both env_check and env_keep. + [840c802721e4] - * sudoers: add SETENV tag +2007-06-16 Todd C. Miller -2007-07-06 15:51 millert + * visudo.c: + Remove an duplicate lock_file() call and add a comment. + [5af9dcdf0eb6] - * parse.c: Make pwcheck local to the pwflag block. Use pwcheck - even if user didn't match since Defaults options may still apply. + * UPGRADE: + Add sudo 1.6.9 upgrade note. + [1585149f2914] -2007-07-06 14:51 millert +2007-06-14 Todd C. Miller - * check.c, sudo.c: Do not update timestamp if user not validated by - sudoers. + * interfaces.c: + Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too + small. From Klaus Wagner. + [d6899fc44f77] -2007-07-06 10:14 millert + * logging.c, sudo.h: + Redo the long syslog line splitting based on a patch from Eygene + Ryabinkin. Include memrchr() for systems without it. + [66a50e8d553a] - * set_perms.c: for PERM_RUNAS, set the egid to the runas user's gid - and restore to the user's original in PERM_ROOT + * memrchr.c: + Redo the long syslog line splitting based on a patch from Eygene + Ryabinkin. Include memrchr() for systems without it. + [2f6702b7d41b] -2007-07-06 10:04 millert + * Makefile.in, config.h.in, configure, configure.in: + Redo the long syslog line splitting based on a patch from Eygene + Ryabinkin. Include memrchr() for systems without it. + [407a46190921] - * logging.c, mon_systrace.c, set_perms.c, sudo.h: PERM_FULL_ROOT is - now no different than PERM_ROOT so remove PERM_FULL_ROOT + * configure.in: + Since we need to be able to convert timespec to timeval for utimes() + the last 3 digits in the tv_nsec are not significant. This makes the + sudoedit file date comparison work again. + [9d0258849fa9] -2007-07-06 09:49 millert +2007-06-13 Todd C. Miller - * check.c: don't check timestamp mtime if we are just going to - remove it + * aclocal.m4, configure, configure.in: + Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS. + This deals with exclusive authentication methods in a simple way. + [7d70072c0f35] -2007-07-06 09:33 millert +2007-06-12 Todd C. Miller - * sudoers.pod: Move sudoers defaults parameters into their own - section. + * LICENSE: + mkstemp.c is BSD code too. + [29e236d98162] -2007-07-05 20:21 millert + * sudo.pod, sudoers.pod, visudo.pod: + No commercial support for now. + [7c76b3e192dd] - * testsudoers.c: Reduce a level of indent by a few placed continue - statements. +2007-06-11 Todd C. Miller -2007-07-05 20:20 millert + * sudo.c: + cleanenv() is no more. + [518080514408] - * parse.c: Make matching but negated commands/hosts/runas entries - override a previous match as expected. Also reduce some levels - of indent by a few placed continue statements. +2007-06-10 Todd C. Miller -2007-07-05 16:34 millert + * ChangeLog: + Display branch info in Changelog + [44e3b27427c7] - * parse.c: Print default runas in "sudo -l" if sudoers don't - specify one. + * utimes.c: + Include config.h early so we have it for TIME_WITH_SYS_TIME + [4bf1a00d0703] -2007-07-05 15:46 millert + * ChangeLog: + Fix Changelog generation and update. + [6e960dbcbece] - * match.c: Less hacky way of testing whether the domain was set. +2007-06-09 Todd C. Miller -2007-07-04 15:50 millert + * closefrom.c: + Use /proc/self/fd instead of /proc/$$/fd - * INSTALL: Mention pam-devel and openldap-devel for Linux + Move old-style fd closing into closefrom_fallback() and call that if + /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails + [faa7e4810758] -2007-07-03 19:38 millert + * auth/kerb5.c, config.h.in, configure.in: + o use krb5_verify_user() if available instead of doing it by hand o + use krb5_init_secure_context() if we have it o pass an encryption + type of 0 to krb5_kt_read_service_key() instead of + ENCTYPE_DES_CBC_MD5 to let kerberos choose. + [df7acf72bd7c] - * README.LDAP: or vs. are + * env.c: + Check TERM and COLORTERM for '%' and '/' characters. From Debian. + [f92d05197e40] -2007-07-01 16:55 millert + * configure.in: + Fix closefrom() substitution in the Makefile + [b642b13fcc5c] - * sudo.c: fix typo in Solaris project support + * TROUBLESHOOTING: + Mention alternate sudo pronunciation. + [7c71dc73409f] -2007-07-01 09:40 millert +2007-06-07 Todd C. Miller - * HISTORY: update + * env.c: + Remove KRB5_KTNAME from environment. Allow COLORTERM. + [70f35a79f780] -2007-07-01 09:07 millert + * auth/kerb5.c: + If we cannot get a valid service key using the default keytab it is + a fatal error. Fixes a bug where sudo could be tricked into + allowing access when it should not by a fake KDC. From Thor Lancelot + Simon. + [a3ae6a47cb23] - * sudo.c: Make -- on the command line match the manual page. The - implied shell case has been simplified as a result. +2007-05-12 Todd C. Miller -2007-06-28 10:44 millert + * aclocal.m4, configure, configure.in: + Update long long checks to use AC_CHECK_TYPES and to cache values. + [047318eaaeb2] - * sudoers2ldif: add simplistic support for sudoRunas; note that if - a sudoers entry contains multiple Runas users, all will apply to - the sudoRole + * aclocal.m4, configure.in: + Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't + use AC_REPLACE_FNMATCH since that assumes replacing with GNU + fnmatch. + [80513a1003ea] -2007-06-28 10:42 millert +2007-05-11 Todd C. Miller - * sudoers2ldif: honor SETENV and NOSETENV tags + * configure, configure.in: + Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we + need it for visudo now too. + [50837c7c2b5e] -2007-06-24 09:25 millert +2007-04-24 Todd C. Miller - * mon_systrace.c: Redo setting of user_args. We now build up a - private copy of argv first and then replace the NULs with spaces. + * sudoers.pod: + Attempt to clarify the bit talking about network numbers w/o + netmasks. + [211e68c1d034] -2007-06-24 09:19 millert + * sudo.pod: + Clarify timestamp dir ownership sentence. + [9178f132c7f7] - * mon_systrace.c: getcwd() returns NULL on failure, not 0 on - success +2007-04-20 Todd C. Miller -2007-06-24 07:39 millert + * auth/pam.c: + Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From + Dmitry V. Levin. + [81fce91667bc] - * mon_systrace.c: allow chunksiz to reach 1 before erroring out +2007-04-16 Todd C. Miller -2007-06-23 20:00 millert + * sudo.c: + -i is also one of the mutually exclusive options to list it in the + warning message. Noted by Chris Pepper. + [7da73fb248e9] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen +2007-04-12 Todd C. Miller -2007-06-23 19:58 millert + * visudo.pod: + The sudoers variable is env_editor, not enveditor. From Jean- + Francois Saucier. + [2a86ec09a6db] - * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, - gram.y, logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, - sudoers.pod, toke.c, toke.l: Add support for setting environment - variables on the command line. This is only allowed if the - setenv sudoers options is enabled or if the command is prefixed - with the SETENV tag. +2007-03-29 Todd C. Miller -2007-06-23 19:57 millert + * redblack.c: + I tracked down the original author so credit him and include his + license info. + [3733553a1bba] - * README.LDAP: replace Aaron's email address with the sudo-workers - list +2007-02-06 Todd C. Miller -2007-06-23 19:55 millert + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, + sudoers.pod: + Fix typos; from Jason McIntyre. + [1ee4ce2512f2] - * configure: regen + * logging.c: + Restore signal mask before calling reapchild(). Fixes a possible + race condition that could prevent sudo from properly waiting for the + child. + [9ee4192385dc] -2007-06-21 20:35 millert +2007-01-31 Todd C. Miller - * Makefile.in, README.LDAP, schema.OpenLDAP, schema.iPlanet: Break - schema out into separate files. + * pwutil.c: + Don't declare pw_free() if we are not going to use it. + [adb79a4289ca] -2007-06-21 18:28 millert + * env.c: + Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and + LDR_PRELOAD64. The 64-bit version is not currently supported. + Remove zero_env() prototype as it no longer exists. + [b4fe65027fb6] - * auth/aix_auth.c: free message if set by authenticate() +2006-12-11 Todd C. Miller -2007-06-21 13:03 millert + * logging.c: + Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834. + [78002ad90f7b] - * match.c: deal with NULL gr_mem +2006-09-29 Todd C. Miller -2007-06-20 15:04 millert + * auth/pam.c: + If the user enters ^C at the password prompt, abort instead of + trying to authenticate with an empty password (which causes an + annoying delay). + [da3f27b747c7] - * config.h.in: regen +2006-08-17 Todd C. Miller -2007-06-20 15:04 millert + * closefrom.c, config.h.in, configure, configure.in: + Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by + Darren Tucker. + [0331b7780759] - * configure.in: add template for HAVE_PROJECT_H + * pwutil.c: + pw_free() is only used by sudo_freepwcache() so ifdef it out too. + [0014c0d9eeba] -2007-06-20 07:06 millert +2006-08-04 Todd C. Miller - * closefrom.c: include fcntl.h + * config.guess, config.sub: + Update to latest versions from cvs.savannah.gnu.org + [aa0143101c20] -2007-06-19 19:37 millert +2006-07-31 Todd C. Miller - * INSTALL: mention --with-project + * pwutil.c, sudo_edit.c: + Move password/group cache cleaning out of sudo_end{pw,grp}ent() so + we can close the passwd/group files early. + [559074bd7eb7] -2007-06-19 18:24 millert + * config.h.in, configure, configure.in, set_perms.c: + Add seteuid() flavor of set_perms() for systems without setreuid() + or setresuid() that have a working seteuid(). Tested on Darwin. + [508d8da99189] - * config.h.in, configure.in, sudo.c: Add Solaris 10 "project" - support. From Michael Brantley. +2006-07-30 Todd C. Miller -2007-06-19 17:27 millert + * mon_systrace.c: + systrace_read() returns ssize_t + [9f97d1d1a59d] - * sudoers.pod: fix typo + * configure, configure.in: + Fix typo, -lldap vs. -ldap; from Tim Knox. + [a8cc43c3bb2a] -2007-06-19 17:22 millert +2006-07-28 Todd C. Miller - * configure: regen + * HISTORY: + Fix typo; Matt Ackeret + [86964ee3dfbd] -2007-06-19 17:21 millert +2006-07-17 Todd C. Miller - * configure.in: Fix preservation of LDFLAGS in the LDAP case. + * sudo.c: + Print sudoers path in -V mode for root. + [dc43f2d75bd9] -2007-06-19 17:00 millert +2006-06-15 Todd C. Miller - * memrchr.c: Remove dependecy on NULL + * ldap.c: + Do a sub tree search instead of a base search (one level in the tree + only) for sudo right objects. This allows system administrators to + categorize the rights in a tree to make them easier to manage. + [6d2d9abf996e] -2007-06-19 15:37 millert +2005-12-28 Todd C. Miller - * configure: regen + * sudo.pod: + fix typo + [1473413bcbda] -2007-06-19 15:37 millert +2005-12-04 Todd C. Miller - * aclocal.m4, configure.in: Can't use the regular autoconf - fnmatch() check since we need FNM_CASEFOLD so go back to our - custom one. + * ldap.c: + Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and + bind_timelimit support; adapted from gentoo. + [afc816093026] -2007-06-19 12:52 millert +2005-11-23 Todd C. Miller - * env.c: Fix preserving of variables in env_keep. + * ldap.c: + Support comments that start in the middle of a line + [c25df6ee3db8] -2007-06-19 07:10 millert + * configure, configure.in: + Define LDAP_DEPRECATED until we start using ldap_get_values_len() + [ee249bfe230a] - * env.c: add XAUTHORIZATION +2005-11-18 Todd C. Miller -2007-06-18 20:41 millert + * closefrom.c: + Silence gcc -Wsign-compare; djm@openbsd.org + [28769ce6418d] - * UPGRADE: expand upon env resetting and mention that it began in - 1.6.9 not 1.7. + * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c: + cleanup() now takes an int as an arg so it can be used as a signal + handler too. + [2bb0df34d09c] -2007-06-18 20:33 millert + * sudo.c: + Make a copy of the shell field in the passwd struct for NewArgv to + avoid a use after free situation after sudo_endpwent() is called. + [5dcc9ffd362e] - * sudoers.pod: Update descriptions of env_keep and env_check to - match current reality. +2005-11-17 Todd C. Miller -2007-06-18 17:33 millert + * config.h.in, configure, configure.in: + Add mkstemp() for those poor souls without it. + [5fdd02e863e0] - * env.c: Add LINGUAS to initial_checkenv_table. Add COLORS, - HOSTNAME, LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to - intial_keepenv_table. + * mkstemp.c: + Add mkstemp() for those poor souls without it. + [c99401207860] -2007-06-18 17:23 millert + * Makefile.in: + Add mkstemp() for those poor souls without it. + [9c1cf2678f24] - * env.c, logging.c: Treat USERNAME environemnt variable like - LOGNAME/USER +2005-11-15 Todd C. Miller -2007-06-18 17:21 millert + * env.c: + Add PERL5DB to list of environment variables to remove. + [7375c27ecf75] - * env.c: Don't need to populate keepenv table with the contents of - the checkenv table. +2005-11-13 Todd C. Miller -2007-06-18 08:57 millert + * mon_systrace.c, mon_systrace.h: + Instead of calling the check function twice with a state cookie use + separate check/log functions. - * sudo.c: Don't force sudo into the C locale. + Check more ioctl() calls for failure. -2007-06-18 08:56 millert + systrace_{read,write} now return the number of bytes read/written or + -1 on error. + [3dc8946d90e9] - * env.c: Make env_check apply when env_reset it true. Environment - variables are passed through unless they contain '/' or '%'. - There is no need to have a variable in both env_check and - env_keep. + * env.c: + Add more environment variables to remove; from gentoo linux Add some + comments about what bad env variables go to what (more to do) + [6918110a6b82] -2007-06-16 07:31 millert +2005-11-11 Todd C. Miller - * visudo.c: Remove an duplicate lock_file() call and add a comment. + * sudo.c, sudo_edit.c: + Move sudo_end{gr,pw}ent() until just before the exec since they free + up our cached copy of the passwd structs, including sudo_user and + sudo_runas. Fixes a use-after-free bug. + [54de3778bad0] -2007-06-15 21:16 millert + * visudo.c: + Close all fd's before executing editor. + [4fcc05e1bec8] - * UPGRADE: Add sudo 1.6.9 upgrade note. + * sudo.c: + Enable malloc debugging on OpenBSD when SUDO_DEVEL is set. + [ef0e8ffa5c9f] -2007-06-14 12:23 millert + * check.c: + Fix fd leak when lecture file option is enabled. From Jerry Brown + [ce97f9207cd8] - * interfaces.c: Solaris will return EINVAL if the buffer used in - SIOCGIFCONF is too small. From Klaus Wagner. +2005-11-07 Todd C. Miller -2007-06-14 12:03 millert + * env.c: + Add PERLLIB, PERL5LIB and PERL5OPT to the default list of + environment variables to remove. From Charles Morris + [c96e1367d1c1] - * Makefile.in, config.h.in, configure, configure.in, memrchr.c, - logging.c, sudo.h: Redo the long syslog line splitting based on a - patch from Eygene Ryabinkin. Include memrchr() for systems - without it. +2005-11-01 Todd C. Miller -2007-06-14 07:09 millert + * env.c: + add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5 + [72a6a1571226] - * configure.in: Since we need to be able to convert timespec to - timeval for utimes() the last 3 digits in the tv_nsec are not - significant. This makes the sudoedit file date comparison work - again. +2005-10-28 Todd C. Miller -2007-06-13 13:41 millert + * env.c: + add PS4 and SHELLOPTS to initial_badenv_table for bash + [89dfb3f318f3] - * aclocal.m4, configure, configure.in: Add SUDO_ADD_AUTH macro to - deal with adding things to AUTH_OBJS. This deals with exclusive - authentication methods in a simple way. +2005-08-15 Todd C. Miller -2007-06-12 13:08 millert + * sudoers.pod: + Fix typo; Toby Peterson + [b7a3222b23f4] - * LICENSE: mkstemp.c is BSD code too. +2005-08-02 Todd C. Miller -2007-06-12 09:21 millert + * tsgetgrpw.c: + Make return buffers static so they don't get clobbered + [13323a39b9f5] - * sudo.pod, sudoers.pod, visudo.pod: No commercial support for now. +2005-07-28 Todd C. Miller -2007-06-11 18:27 millert + * auth/securid5.c: + Fix securid5 authentication, was not checking for ACM_OK. Also add + default cases for the two switch()es. Problem noted by ccon at + worldbank + [14091e418333] - * sudo.c: cleanenv() is no more. +2005-06-27 Todd C. Miller -2007-06-10 18:37 millert + * ldap.c: + Remove ncat() in favor of just counting bytes and pre-allocating + what is needed. + [25b8712adb61] - * ChangeLog: Display branch info in Changelog +2005-06-26 Todd C. Miller -2007-06-10 18:18 millert + * ldap.c: + Fix up some comments Add missing fclose() for the rootbinddn case + [ae95c8a89711] - * utimes.c: Include config.h early so we have it for - TIME_WITH_SYS_TIME + * ldap.c: + align struct ldap_config + [35d0d64c76f8] -2007-06-10 18:00 millert + * ldap.c: + use LINE_MAX for max conf file line size + [da116cb8853d] - * ChangeLog: Fix Changelog generation and update. + * pathnames.h.in: + add _PATH_LDAP_SECRET + [128b04ecfab7] -2007-06-09 07:26 millert + * README.LDAP: + Mention rootbinddn Give example ou=SUDOers container + [852edc69bd1c] - * closefrom.c: Use /proc/self/fd instead of /proc/$$/fd +2005-06-25 Todd C. Miller - Move old-style fd closing into closefrom_fallback() and call that - if /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails + * INSTALL, configure, configure.in, ldap.c: + Support rootbinddn in ldap.conf + [1615c91522a1] -2007-06-09 07:24 millert + * env.c, sudo.pod, sudoers.pod: + Preserve DISPLAY environment variable by default. + [05f503d5f438] - * config.h.in, configure.in, auth/kerb5.c: o use - krb5_verify_user() if available instead of doing it by hand - o use krb5_init_secure_context() if we have it - o pass an encryption type of 0 to krb5_kt_read_service_key() - instead of - ENCTYPE_DES_CBC_MD5 to let kerberos choose. + * acsite.m4, configure: + set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD + [18a04dea8d05] -2007-06-09 07:20 millert + * acsite.m4, configure: + set need_version=no for all cases; this is safe for LD_PRELOAD + [b542560e1a73] - * env.c: Check TERM and COLORTERM for '%' and '/' characters. From - Debian. + * aclocal.m4: + typo + [c040df0fcd5a] -2007-06-09 07:17 millert + * configure, configure.in: + Add dragonfly + [f13794618636] - * configure.in: Fix closefrom() substitution in the Makefile + * auth/pam.c: + Fix call to pam_end() when pam_open_session() fails. + [0be47cdfdef1] -2007-06-09 07:15 millert + * configure: + regen + [7f5c13b4b800] - * TROUBLESHOOTING: Mention alternate sudo pronunciation. + * acsite.m4: + rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4 + ltsugar.m4 ltversion.m4 + [a7ba9fd1a2ab] -2007-06-07 07:52 millert + * config.guess, config.sub, ltmain.sh: + merge in local changes: config.guess: o better openbsd support + config.sub: o hiuxmpp support ltmain.sh o remove requirement that + libs must begin with "lib" o don't print a bunch of crap about + library installs o don't run ldconfig + [f4149f2c720f] - * env.c: Remove KRB5_KTNAME from environment. Allow COLORTERM. + * config.guess, config.sub, ltmain.sh: + libtool 1.9f + [82a534e7121f] -2007-06-07 07:22 millert + * configure.in: + Update with autoupdate and make minor changes for libtool 1.9f + [11b5ae5c1428] + +2005-06-23 Todd C. Miller - * auth/kerb5.c: If we cannot get a valid service key using the - default keytab it is a fatal error. Fixes a bug where sudo could - be tricked into allowing access when it should not by a fake KDC. - From Thor Lancelot Simon. + * parse.c: + don't call sudo_ldap_display_cmnd if ldap not setup + [8bcf6c094ffe] + + * sudo_edit.c, visudo.c: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [b95c333299a0] -2007-05-12 08:56 millert + * gettime.c: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [021b4569cc0c] - * aclocal.m4, configure, configure.in: Update long long checks to - use AC_CHECK_TYPES and to cache values. + * fileops.c: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [dd8573b2ee7d] -2007-05-12 08:07 millert + * emul/timespec.h: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [f95137771564] - * aclocal.m4, configure.in: Use AC_FUNC_FNMATCH instead of a - homebrew fnmatch checker. We can't use AC_REPLACE_FNMATCH since - that assumes replacing with GNU fnmatch. + * check.c, compat.h: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [2ef2ace8fe85] + + * ldap.c: + Don't set safe_cmnd for the "sudo ALL" case. + [ad7fa9e07da0] -2007-05-11 17:05 millert +2005-05-27 Todd C. Miller - * configure, configure.in: Add closefrom() to LIB_OBJS not - SUDO_OBJS if it is missing since we need it for visudo now too. + * auth/pam.c: + Call pam_open_session() and pam_close_session() to give pam_limits a + chance to run. Idea from Karel Zak. + [fed46d471350] -2007-04-24 14:44 millert +2005-04-24 Todd C. Miller - * sudoers.pod: Attempt to clarify the bit talking about network - numbers w/o netmasks. + * check.c, sudo.c: + Add explicit cast from mode_t -> u_int in printf to silence warnings + on Solaris + [17bb961fe22d] -2007-04-24 14:25 millert + * parse.c: + include grp.h to silence a warning on Solaris + [14386fbab640] + +2005-04-23 Todd C. Miller + + * parse.c: + Fix printing of += and -= defaults. + [a667604c56cd] + +2005-04-17 Todd C. Miller + + * mon_systrace.c: + Sanity check number of syscall args with argsize. Not really needed + but a little paranoia never hurts. + [6bb455a2c2d6] + + * mon_systrace.c, mon_systrace.h: + Don't do pointer arithmetic on void * Use int, not size_t/ssize_t + for systrace lengths (since it uses int) + [3cafccffcffd] + +2005-04-16 Todd C. Miller + + * mon_systrace.c: + Add some memsets for paranoia Fix namespace collsion w/ error Check + rval of decode_args() and update_env() Remove improper setting of + validated variable + [3d385158354d] - * sudo.pod: Clarify timestamp dir ownership sentence. +2005-04-12 Todd C. Miller -2007-04-20 12:40 millert + * parse.c, sudo.c, sudo.h: + In -l mode, only check local sudoers file if def_ignore_sudoers is + not set and call LDAP versions from display_privs() and + display_cmnd() instead of directly from main(). Because of this we + need to defer closing the ldap connection until after -l processing + has ocurred and we must pass in the ldap pointer to display_privs() + and display_cmnd(). + [1dfc2e8c9f2b] - * auth/pam.c: Linux PAM now defines __LINUX_PAM__, not - __LIBPAM_VERSION. From Dmitry V. Levin. + * ldap.c: + Reorganize LDAP code to better match normal sudoers parsing. + Instead of storing strings for later printing in -l mode we do + another query since the authenticating user and the user being + listed may not be the same (the new -U flag). Also add support for + "sudo -l command". -2007-04-16 12:13 millert + There is still a fair bit if duplicated code that can probably be + refactored. + [e9568f19bde5] - * sudo.c: -i is also one of the mutually exclusive options to list - it in the warning message. Noted by Chris Pepper. +2005-04-11 Todd C. Miller -2007-04-12 11:18 millert + * ldap.c: + Replace pass variable with do_netgr for better readability. + [1bba841b6e79] - * visudo.pod: The sudoers variable is env_editor, not enveditor. - From Jean-Francois Saucier. + * ldap.c: + use DPRINTF macro + [02b159b66bb5] -2007-03-29 13:30 millert + * ldap.c: + estrdup, not strdup + [22cdee7973c1] - * redblack.c: I tracked down the original author so credit him and - include his license info. +2005-04-10 Todd C. Miller -2007-02-06 13:25 millert + * parse.c: + Add macro to test if the tag changed to improve readability. + [4e11b4819556] - * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, - sudoers.pod: Fix typos; from Jason McIntyre. + * parse.c: + Avoid printing defaults header if there are no defaults to print... + [41a28627df03] -2007-02-06 13:23 millert + * glob.c: + Fix a warning on systems without strlcpy(). + [6814e0f0e4f4] - * logging.c: Restore signal mask before calling reapchild(). Fixes - a possible race condition that could prevent sudo from properly - waiting for the child. + * pwutil.c: + Use macros where possible for sudo_grdup() like sudo_pwdup(). + [30f201ff35cd] -2007-01-31 10:02 millert +2005-04-08 Todd C. Miller - * pwutil.c: Don't declare pw_free() if we are not going to use it. + * utimes.c: + It is possible for tv_usec to hold >= 1000000 usecs so add in + tv_usec / 1000000. + [794ac4d53a65] -2007-01-31 10:00 millert +2005-03-30 Todd C. Miller - * env.c: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD - and LDR_PRELOAD64. The 64-bit version is not currently - supported. Remove zero_env() prototype as it no longer exists. + * auth/kerb5.c: + The component in krb5_principal_get_comp_string() should be 1, not 0 + for Heimdal. From Alex Plotnick. + [fefa351c5044] -2006-12-11 13:21 millert +2005-03-29 Todd C. Miller - * logging.c: Add "Auto-Submitted: auto-generated" line to sudo mail - for rfc 3834. + * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y, + interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c, + redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c: + Add efree() for consistency with emalloc() et al. Allows us to rely + on C89 behavior (free(NULL) is valid) even on K&R. + [7876bb80d87c] -2006-09-29 10:53 millert + * parse.c, sudo.c: + Move initgroups() for -U option into display_privs() so group + matching in sudoers works correctly. + [b074428ad2ca] - * auth/pam.c: If the user enters ^C at the password prompt, abort - instead of trying to authenticate with an empty password (which - causes an annoying delay). +2005-03-27 Todd C. Miller -2006-08-17 11:26 millert + * ldap.c: + Removed duplicate call to ldap_unbind_s introduced along with + sudo_ldap_close. + [19acc1c20f7c] - * closefrom.c, config.h.in, configure, configure.in: Add fcntl - F_CLOSEM support to closefrom(); adapted from a diff by Darren - Tucker. + * parse.c: + Add missing space in Defaults printing + [95d2935bf6d4] -2006-08-17 11:25 millert +2005-03-25 Todd C. Miller - * pwutil.c: pw_free() is only used by sudo_freepwcache() so ifdef - it out too. + * pwutil.c: + Sync sudo_pwdup with OpenBSD changes: use macros for size computaton + and string copies. + [6b6b241495e5] -2006-08-04 11:34 millert +2005-03-19 Todd C. Miller - * config.sub, config.guess: Update to latest versions from - cvs.savannah.gnu.org + * pwutil.c: + Zero old pw_passwd before replacing with version from shadow file. + [3251b349dfe1] -2006-07-31 13:51 millert + * configure, configure.in: + Only attempt shadow password detection if PAM is not being used Add + shadow_* variables to make shadow password detection more generic. + [d498a3423ac9] - * pwutil.c, sudo_edit.c: Move password/group cache cleaning out of - sudo_end{pw,grp}ent() so we can close the passwd/group files - early. + * configure.in: + Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS + [04d55bbd5e35] -2006-07-31 13:50 millert +2005-03-13 Todd C. Miller - * config.h.in, configure, configure.in, set_perms.c: Add seteuid() - flavor of set_perms() for systems without setreuid() or - setresuid() that have a working seteuid(). Tested on Darwin. + * sudoers.pod: + use a non-breaking space to avoid a double space after e.g. + [11cdb54bdf7b] -2006-07-30 15:56 millert + * sudo.pod: + commna, not colon after e.g. + [8d5875ff72e0] - * mon_systrace.c: systrace_read() returns ssize_t +2005-03-12 Todd C. Miller -2006-07-30 15:53 millert + * sudo_noexec.c: + Add __ variants of the exec functions. GNU libc at least uses + __execve() internally. + [d1880473d790] - * configure, configure.in: Fix typo, -lldap vs. -ldap; from Tim - Knox. + * indent.pro: + Match reality a bit more. + [633e3fa875a7] -2006-07-28 13:12 millert + * pwutil.c: + Missed piece from rev. 1.6, fix sudo_getpwnam() too. + [128f7b21c2ee] - * HISTORY: Fix typo; Matt Ackeret + * pwutil.c: + Store shadow password after making a local copy of struct passwd in + case normal and shadow routines use the same internal buffer in + libc. + [f806052a6ffc] -2006-07-17 08:25 millert +2005-03-11 Todd C. Miller - * sudo.c: Print sudoers path in -V mode for root. + * alloc.c, logging.c: + Make varargs usage consistent with the rest of the code. + [3d45affc9851] -2006-06-15 14:44 millert +2005-03-10 Todd C. Miller - * ldap.c: Do a sub tree search instead of a base search (one level - in the tree only) for sudo right objects. This allows system - administrators to categorize the rights in a tree to make them - easier to manage. + * sudo_noexec.c: + Wrap more of the exec family since on Linux the others do not appear + to go through the normal execve() path. + [8167769b4e19] -2005-12-28 13:52 millert + * visudo.c: + make print_unused static like proto says + [ecf10e1bae55] - * sudo.pod: fix typo + * glob.c: + silence a warning on K&R systems + [2e00425f1a5c] -2005-12-04 12:16 millert + * alias.c, error.c: + make this build in K&R land + [156f65f8525a] - * ldap.c: Convert GET_OPT and GET_OPTI to use just 2 args. Add - timelimit and bind_timelimit support; adapted from gentoo. + * parse.c: + make this build in K&R land + [6fc9276889cb] -2005-11-23 18:57 millert +2005-03-08 Todd C. Miller - * ldap.c: Support comments that start in the middle of a line + * toke.c: + regen + [3b349748cd21] -2005-11-23 18:56 millert +2005-03-06 Todd C. Miller - * configure.in, configure: Define LDAP_DEPRECATED until we start - using ldap_get_values_len() + * ldap.c: + return(foo) not return foo optimize _atobool() slightly + [11d09d154ed5] -2005-11-18 09:55 millert + * ldap.c: + Use TRUE/FALSE + [53999320d98f] - * closefrom.c: Silence gcc -Wsign-compare; djm@openbsd.org + * ldap.c: + Reformat to match the rest of sudo's code. + [1bd0f2afa0e7] -2005-11-17 20:39 millert + * sudo.pod: + I am the primary author + [5d311ecd85c6] - * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c: cleanup() now - takes an int as an arg so it can be used as a signal handler too. +2005-02-23 Todd C. Miller -2005-11-17 20:38 millert + * Makefile.in, README, RUNSON: + The RUNSON file is toast--it confused too many people and really + isn't needed in a configure-oriented world. + [96a6ef7bbc08] - * sudo.c: Make a copy of the shell field in the passwd struct for - NewArgv to avoid a use after free situation after sudo_endpwent() - is called. + * INSTALL: + alternate -> alternative + [b65015c5d0a2] -2005-11-16 20:36 millert + * tgetpass.c: + Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with + TCSAFLUSH. + [c66b4763ffdc] - * Makefile.in, mkstemp.c, config.h.in, configure, configure.in: Add - mkstemp() for those poor souls without it. + * toke.l: + Allow leading blanks before Defaults and Foo_Alias definitions + [2add513d9277] -2005-11-15 09:25 millert + * Makefile.in: + fix rules to build toke.o and gram.o in devel mode + [96cbb414ebd3] - * env.c: Add PERL5DB to list of environment variables to remove. +2005-02-20 Todd C. Miller -2005-11-13 15:49 millert + * sudoers.pod: + env_keep overrides set_logname + [401877193a15] + + * env.c: + Fix disabling set_logname and make env_keep override set_logname. + [0906e7a5ed93] + + * compat.h, config.h.in, configure, configure.in: + No longer need memmove() + [43bdb6efe3f2] + + * env.c, sudo.c: + Just clean the environment once. This assumes that any further + setenv/putenv will be able to handle the fact that we replaced + environ with our own malloc'd copy but all the implementations I've + checked do. + [11658fe92ba2] - * mon_systrace.c, mon_systrace.h: Instead of calling the check - function twice with a state cookie use separate check/log - functions. +2005-02-16 Todd C. Miller - Check more ioctl() calls for failure. + * env.c, sudo.c: + In -i mode, base the value of insert_env()'s dupcheck flag on + DID_FOO flags. Move checks for $HOME resetting into rebuild_env() + [8365b0bd0c71] - systrace_{read,write} now return the number of bytes read/written - or -1 on error. +2005-02-13 Todd C. Miller + + * env.c, sudo.c: + Move setting of user_path, user_shell, user_prompt and prev_user + into init_vars() since user_shell at least is needed there. + [37e22dce66e9] + +2005-02-12 Todd C. Miller + + * Makefile.in: + fix devel builds + [9fbb15ef164c] + + * sudo.c: + Fix some printf format mismatches on error. + [ffc1c3f11740] + + * check.c: + Fix some printf format mismatches on error. + [7b3b508adf50] + + * configure, gram.c, toke.c: + regen + [aa76f9d8b02a] + + * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c, + auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, + auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, + closefrom.c, compat.h, configure.in, defaults.c, defaults.h, + emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c, + getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c, + interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c, + parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c, + snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, + sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod, + testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c, + visudo.pod, zero_bytes.c: + Update copyright years. + [0610c3654739] + + * Makefile.binary.in: + Update copyright years. + [d78ffc9f2e2b] + + * LICENSE: + Update copyright years. + [f60473bca4b1] -2005-11-13 14:51 millert + * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in: + version 1.7 + [aa977a544ca1] - * env.c: Add more environment variables to remove; from gentoo - linux Add some comments about what bad env variables go to what - (more to do) + * WHATSNEW: + What's new in sudo 1.7, based on the 1.7 CHANGES entries. + [ecfcf7269c14] -2005-11-11 17:23 millert +2005-02-11 Todd C. Miller - * sudo.c, sudo_edit.c: Move sudo_end{gr,pw}ent() until just before - the exec since they free up our cached copy of the passwd - structs, including sudo_user and sudo_runas. Fixes a - use-after-free bug. + * compat.h, logging.h, sudo.h: + Add __printflike and use it with gcc to warn about printf-like + format mismatches + [b192ad4a0548] -2005-11-11 17:19 millert +2005-02-10 Todd C. Miller - * visudo.c: Close all fd's before executing editor. + * CHANGES, ChangeLog: + Replaced CHANGES file with ChangeLog generated from cvs logs + [d9ace9dab98f] -2005-11-11 17:17 millert + * set_perms.c: + Use warning/error instead of perror/fatal. + [e33259df7738] - * sudo.c: Enable malloc debugging on OpenBSD when SUDO_DEVEL is - set. + * config.guess: + Update OpenBSD section + [9d2c23de6801] -2005-11-11 11:22 millert + * UPGRADE: + Add upgrading noted for 1.7 + [1fb6b6d6df07] - * check.c: Fix fd leak when lecture file option is enabled. From - Jerry Brown + * env.c, sudo.c, sudoers.pod: + Instead of zeroing out the environment, just prune out entries based + on the env_delete and env_check lists. Base building up the new + environment on the current environment and the variables we removed + initially. + [fc192df8fd15] -2005-11-07 11:02 millert + * config.h.in, configure, configure.in, sudo.c: + Set locale to "C" if locales are supported, just to be safe. + [91fbaa98f02e] - * env.c: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of - environment variables to remove. From Charles Morris + * toke.c, toke.l: + Cast?argument to ctype functions to unsigned char. + [e096b4d65796] + +2005-02-08 Todd C. Miller + + * env.c: + correct value for DID_USER + [b5b05d36ec15] + + * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c: + #include not "compat.h" + [7a0ad9a0ccd7] + + * defaults.c: + Reset the environment by default. + [4ecc6423e0f0] + + * sudo.c: + Alloc an extra slot in NewArgv. Removes the need to malloc an new + vector if execve() fails. + [83dfb6f584a7] + +2005-02-07 Todd C. Miller + + * INSTALL, config.h.in, configure, configure.in, sudo.c: + Use execve(2) and wrap the command in sh if we get ENOEXEC. + [c0c6af4e2a21] + +2005-02-06 Todd C. Miller + + * sudo_noexec.c: + Only include time.h on systems that lack struct timespec which gets + defind in compat.h (using time_t). + [e373e518b4cb] + + * sudo_noexec.c: + Include time.h for time_t in compat.h for systems w/o struct + timespec. + [a34b5637e458] + + * compat.h, config.h.in, configure, configure.in: + use bcopy on systems w/o memmove + [f835eafd78c6] + + * compat.h: + __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its + use to gcc >= 2.8. + [1cb9a4e58566] + + * Makefile.in: + Add explicit rule to build sudo_noexec.lo + [df1dfcf8dd77] -2005-11-01 13:24 millert +2005-02-05 Todd C. Miller - * env.c: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5 + * INSTALL.configure, Makefile.in: + No longer depend on VPATH; pointed out a bunch of missed + dependencies. + [601a45d4af6b] + + * TROUBLESHOOTING: + Help for PAM when account section is missing + [9b8221256756] -2005-10-27 20:35 millert + * auth/pam.c: + Give user a clue when there is a missing "account" section in the + PAM config. + [2529625c0495] - * env.c: add PS4 and SHELLOPTS to initial_badenv_table for bash + * auth/pam.c: + Better error handling. + [518c9bda23d8] + + * config.h.in, configure, configure.in: + Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as + possible. Silences a warning about isblank() on linux. + [19c94d7ecdc8] + + * auth/pam.c: + Fix typo (missing comma) that caused an incorrect number of args to + be passed to log_error(). + [0099dfec560f] + +2005-02-01 Todd C. Miller + + * pwutil.c: + Don't try to destroy a tree we didn't create. + [d43c4fe03aa4] + +2005-01-27 Todd C. Miller + + * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, + auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, + auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c, + compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c, + fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c, + goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c, + match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c, + sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, + strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c, + tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c: + Add __unused to rcsids + [ad6b4ac45705] + +2005-01-21 Todd C. Miller + + * configure, configure.in: + Fix error message when mixing invalid auth types + [68069b3ff5bc] + + * INSTALL: + PAM, AIX auth, BSD auth and login_cap are now on by default if the + OS supports them. + [4e44e9098cf0] + + * auth/sudo_auth.h, config.h.in: + s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g + [2d569b43b23e] + + * configure.in: + Better checking for conflicting authentication methods Display the + authentication methods used at the end of configure Rename --with- + authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth, + --with-pam, --with-logincap by default on systems that support them + unless disabled. Add OSMAJOR variable that replaces old OSREV; now + OSREV has full version number + [a21115b6fe9f] + +2005-01-18 Todd C. Miller + + * def_data.c, def_data.in, sudo.c, sudoers.pod: + s/-O/-C/ + [ee73f1b81923] + +2005-01-14 Todd C. Miller + + * configure.in: + Replace: test -n "$FOO" || FOO="bar" + + With: : ${FOO='bar'} + [37552d9054fc] + +2005-01-09 Todd C. Miller + + * pwutil.c, testsudoers.c, tsgetgrpw.c: + Use function pointers to only call private passwd/group routines + when using a nonstandard passwd/group file. + [215908681dfb] + +2005-01-06 Todd C. Miller + + * CHANGES: + sync + [2e55c03f5790] + + * tsgetgrpw.c: + Can't use strtok() since it doesn't handle empty fields so add + getpwent()/getgrent() functions and call those. + [bdaa5b0db70e] + +2005-01-05 Todd C. Miller + + * Makefile.in: + Fix dummied out toke.c and gram.c dependencies. + [4b909c8b2ebe] + + * Makefile.in: + Rename PARSESRCS -> GENERATED since it is only used in the clean + target Add devdir variable and use it to specify the path to parser + sources + [f27b3f41ca23] + + * configure: + regen + [22c6435dbd46] + + * configure.in: + Add a devdir variables that defaults to $(srcdir) and is set to . if + --devel was specified. Allows for proper dependecies building the + parser. + [a36d694c6d21] + + * testsudoers.c: + Add support for custom passwd/group files. + [296549ff4b87] + + * Makefile.in: + Build private copy of pwutil.o for testsudoers with MYPW defined so + it uses our own passwd/group routines. + [bafa54ec78ca] + + * visudo.c: + Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent + stubs instead. We can now just use the caching sudo_*{pw,gr}* + functions in pwutil.c Add comment about wanting to call + sudo_endpwent/sudo_endgrent in cleanup() + [7e59d6b5510d] + + * tsgetgrpw.c: + Remove caching; we will just use what is in pwutil.c Use global + buffers for passwd/group structs Rename functions from sudo_* to + my_* + [8c1e068f574c] + + * logging.c, sudo.c: + g/c pwcache_init/pwcache_destroy + [60a24909b947] + + * sudo.h: + Undo last commit and add sudo_setspent and sudo_endspent instead. + [bac80db08296] + + * getspwuid.c, pwutil.c: + Move all but the shadow stuff from getspwuid.c to pwutil.c and + pwcache_get and pwcache_put as they are no longer needed. Also add + preprocessor magic to use private versions of the passwd and group + routines if MYPW is defined (for use by testsudoers). + [a16b8678a426] + + * tsgetgrpw.c: + zero out struct passwd/group before filling it in so if there are + fields we don't handle they end up as 0. + [274cb6a93301] -2005-08-14 20:32 millert + * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c: + Adapt to pwutil.c + [43ebd04c8b82] - * sudoers.pod: Fix typo; Toby Peterson + * Makefile.in: + Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better + readability. + [7f88c6061e2d] -2005-08-02 09:57 millert + * tsgetgrpw.c: + Passwd and group lookup routines for testsudoers that support + alternate passwd and group files. + [d7803101d34e] + + * getspwuid.c, pwutil.c: + Split off pw/gr cache and dup code into its own file. This allows + visudo and testsudoers to use the pw/gr cache too. + [ef333d3ffedf] + +2005-01-02 Todd C. Miller + + * parse.c: + Print Defaults info in "sudo -l" output and wrap lines based on the + terminal width. + [e559eae4250e] + +2005-01-01 Todd C. Miller + + * match.c, testsudoers.c, visudo.c: + Only check group vector in usergr_matches() if we are matching the + invoking or list user. Always check the group members, even if + there was a group vector. + [d0c7ceb2a041] + +2004-12-17 Todd C. Miller + + * LICENSE, Makefile.in, fnmatch.3: + No longer bundle fnmatch.3 + [72db4a4ff4e1] + + * CHANGES, TODO: + checkpoint + [e92781bfd99c] + +2004-12-16 Todd C. Miller + + * sudo.c: + sort usage + [15e3b876ec2c] + + * sudo.pod: + Sort command line options + [c1fa56584bc4] + + * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c, + sudo.pod, sudoers.pod: + Add closefrom sudoers option to start closing at a point other than + 3. Add closefrom_override sudoers option and -C sudo flag to allow + the user to specify a different closefrom starting point. + [370652b099d1] + + * pathnames.h.in: + Add _PATH_DEVNULL for those without it. + [0c4c3e0ceb8b] + + * LICENSE: + no more UCB strcasecmp + [397a6298e07f] + + * strcasecmp.c: + replace BSD licensed one with version derived from pdksh + [d7cfda8c57a2] - * tsgetgrpw.c: Make return buffers static so they don't get - clobbered +2004-12-10 Todd C. Miller + + * sudo.c: + Fix last commit. + [7afb9a180532] -2005-07-27 21:14 millert + * sudo.c: + Make sure stdin, stdout and stderr are open and dup them to + /dev/null if not. + [590f387068bd] - * auth/securid5.c: Fix securid5 authentication, was not checking - for ACM_OK. Also add default cases for the two switch()es. - Problem noted by ccon at worldbank +2004-12-03 Todd C. Miller -2005-06-26 20:10 millert + * ldap.c, mon_systrace.c, sudo.c, sudo.h: + add sudo_ldap_close + [4273a36765a7] - * ldap.c: Remove ncat() in favor of just counting bytes and - pre-allocating what is needed. + * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c: + Use TIME_WITH_SYS_TIME + [c32b59bf15fb] -2005-06-26 19:44 millert + * config.h.in, configure, configure.in: + Add TIME_WITH_SYS_TIME_H + [57cb146f451d] - * ldap.c: Fix up some comments Add missing fclose() for the - rootbinddn case +2004-12-02 Todd C. Miller -2005-06-26 19:38 millert + * env.c: + Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set + unconditionally on darwin. From Toby Peterson. + [d69959681c87] - * ldap.c: align struct ldap_config + * getspwuid.c: + Check rbinsert() return value. In the case of faked up entries + there is usually a negative response cached that we need to + overwrite. -2005-06-26 19:37 millert + In pwfree() don't try to zero out a NULL pw_passwd pointer. + [00b32d1a48c1] - * ldap.c: use LINE_MAX for max conf file line size + * mon_systrace.c: + Use the double fork trick to avoid the monitor process being waited + for by the main program run through sudo. + [e0ce556712ff] -2005-06-26 18:36 millert +2004-11-29 Todd C. Miller - * pathnames.h.in: add _PATH_LDAP_SECRET + * sudo.c: + Call initgroups() in -U mode so group matches work normally. + [2235bea15283] -2005-06-26 18:36 millert + * def_data.h, mkdefaults: + Don't print a trailing comma for the last entry in enum def_tupple + [c43a96bb31df] - * README.LDAP: Mention rootbinddn Give example ou=SUDOers container +2004-11-28 Todd C. Miller -2005-06-25 18:03 millert + * sudoers.cat, sudoers.man.in, sudoers.pod: + Mention values when lecture, listpw and verifypw are used in boolean + context. + [a0b5c0abaccf] - * configure, INSTALL, configure.in, ldap.c: Support rootbinddn in - ldap.conf + * def_data.c, def_data.in: + verifypw when used in a boolean TRUE context should be "all", not + "any". + [2eb076ddd5e2] -2005-06-25 17:46 millert +2004-11-26 Todd C. Miller - * env.c, sudo.pod, sudoers.pod: Preserve DISPLAY environment - variable by default. + * def_data.in, defaults.c: + Allow tuples that can be used as booleans to be used as boolean + TRUE. In this case the 2nd possible value of the tuple is used for + TRUE. + [bd99aa77e88b] -2005-06-25 16:39 millert +2004-11-25 Todd C. Miller - * acsite.m4, configure: set need_lib_prefix=no for all cases; this - is safe for LD_PRELOAD + * configure, configure.in: + Correct the test for 2-parameter timespecsub + [d41c9cb26b97] -2005-06-25 16:15 millert + * sudo.h: + Add strub struct definitions for passwd, timeval and timespec + [c4ce5c43d8c5] - * acsite.m4, configure: set need_version=no for all cases; this is - safe for LD_PRELOAD + * config.h.in, configure, configure.in, sudo_edit.c, visudo.c: + Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS) + and fix a typo in the gettimeofday check. + [8ac9893057ce] -2005-06-25 14:45 millert +2004-11-24 Todd C. Miller - * aclocal.m4: typo + * match.c, testsudoers.c: + Deal with user_stat being NULL as it is for visudo and testsudoers. + [3605a6ff64d0] -2005-06-25 14:33 millert + * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod: + Add -U option to use in conjunction with -l instead of -u. Add + support for "sudo -l command" to test a specific command. + [99638789d415] - * configure, configure.in: Add dragonfly + * gram.c, gram.y, sudo.c: + Set safe_cmnd after sudoers_lookup() if it has not been set. + Previously it was set by sudo "ALL" in the parser but at that point + the fully-qualified pathname has not yet been found. + [ac30d98f8225] -2005-06-25 14:29 millert +2004-11-23 Todd C. Miller - * auth/pam.c: Fix call to pam_end() when pam_open_session() fails. + * parse.c, testsudoers.c: + Correctly handle multiple privileges per userspec and runas + inheritence. + [a98a965181af] -2005-06-25 14:21 millert +2004-11-21 Todd C. Miller - * configure: regen + * defaults.c: + Zero out sd_un for each entry in sudo_defs_table in init_defaults. + [031d3cd4a848] -2005-06-25 14:20 millert +2004-11-19 Todd C. Miller - * acsite.m4: rebuild acsite.m4 from libtool 1.9f libtool.m4 - ltoptions.m4 ltsugar.m4 ltversion.m4 + * toke.c, toke.l: + make per-command defaults work with sudoedit + [e56fe33db916] -2005-06-25 14:08 millert + * ldap.c, parse.c, sudo.c, sudo.h: + Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. + Instead, we just set the approriate defaults variable. + [756eeecc1d86] - * config.guess, config.sub, ltmain.sh: merge in local changes: - config.guess: o better openbsd support config.sub: o hiuxmpp - support ltmain.sh o remove requirement that libs must begin with - "lib" o don't print a bunch of crap about library installs o - don't run ldconfig + * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod: + Document per-command Defaults. + [92a0f84b91c1] -2005-06-25 14:05 millert + * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c, + sudo.c, testsudoers.c, toke.c, toke.l, visudo.c: + Add support for command-specific Defaults entries. E.g. + Defaults!/usr/bin/vi noexec + [be3d52bf01cf] + + * defaults.c, match.c, parse.c, parse.h, testsudoers.c: + Change an occurence of user_matches() -> runas_matches() missed + previously runas_matches(), host_matches() and cmnd_matches() only + really need to pass in a list of members. user_matches() still + needs to pass in a passwd struct because of "sudo -l" + [833b22fc6fa0] + + * parse.c: + Check def_authenticate, def_noexec and def_monitor when setting + return flags. XXX May be better to just set the defaults directly + and get rid of those flags. + [b6db22b59d69] + + * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, + auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, + auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c, + defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c, + getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c, + gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c, + mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c, + strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c, + sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c, + visudo.c, zero_bytes.c: + Use: #include Not: #include "config.h" That way we get + the correct config.h when build dir != src dir + [97e5670a442b] + + * Makefile.in: + Back out part of rev 1.263; fix -I order + [197ea01cad5d] + + * toke.c, toke.l: + More robust parsing if #include; could be much better still. + [31bc3cd8f045] + + * sudo_edit.c, visudo.c: + Make arg splitting in visudo and sudoedit consistent. + [7bc74485f246] + + * Makefile.in, alias.c, gram.c, gram.y, parse.h: + Split alias routines out into their own file. + [d90f633cf9ae] + + * error.h: + __attribute__ is already defined in compat.h + [676ed3fe9203] + + * visudo.c: + quit() should not be __noreturn__ as it is non-void on some + platforms. + [e528c2b6ba10] + + * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c: + Add local error/warning functions like err/warn but that call an + additional cleanup routine in the error case. This means we no + longer need to compile a special version of alloc.o for visudo. + [e78e8aae882e] + + * parse.h: + Clarify comments about the data structures + [ae894e266701] + +2004-11-18 Todd C. Miller + + * visudo.c: + Add support for VISUAL and EDITOR containing command line args. If + env_editor is not set any args in VISUAL and EDITOR are ignored. + Arguments are also now supported in def_editor. + [ff7303b8e298] + +2004-11-17 Todd C. Miller + + * parse.h: + alias_matches() is no more + [b59825e28084] + + * CHANGES, TODO: + sync + [2b8f5f63c1de] + + * Makefile.in: + When regenerating the parser, don't replace gram.h unless it has + changed. + [819949668018] + + * Makefile.in: + remove Makefile.binary for distclean + [351eec8d00b2] + + * env.c: + Preserve KRB5CCNAME in zero_env() and add a paranoia check to make + sure we can't overflow new_env. + [3284d17b9c6d] + + * sudo_edit.c: + paranoia when stripping trailing slashes from tempdir. + [012f1aa2b81f] + + * sudo.c: + Set user_ngroups to 0 if getgroups() returns an error. + [c46d43e9449a] + +2004-11-16 Todd C. Miller + + * config.h.in, configure, configure.in, sudo.c: + Add configure check for getgroups() + [5d8a214e2cef] + + * ldap.c: + Use supplementary group vector in struct sudo_user. + [3d0c463c034d] + + * match.c: + Only do string comparisons on the group members if there is no + supplemental group list. + [be1c8362f7ef] + + * CHANGES, TODO: + sync + [db188bc5b975] + + * sudo_edit.c: + On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so + chop off any trailing slashes we see and add an explicit one. + [e1b477dafee1] - * config.guess, config.sub, ltmain.sh: libtool 1.9f + * match.c: + remove bogus XXX comment + [8aecb8a28d40] -2005-06-25 14:04 millert + * match.c: + Get rid of alias_matches and correctly fall through to the non-alias + cases when there is no alias with the specified name. + [2cd555246f09] - * configure.in: Update with autoupdate and make minor changes for - libtool 1.9f + * getspwuid.c: + Cache non-existent passwd/group entries too. + [8de9a467d271] -2005-06-22 23:19 millert + * gram.c: + regen + [9ece18c58f36] - * parse.c: don't call sudo_ldap_display_cmnd if ldap not setup + * getspwuid.c: + fix typo + [9a7ae371eac1] -2005-06-22 23:04 millert + * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c, + mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c: + Implement group caching and use the passwd and group caches + throughout. + [f1d8c5015169] + +2004-11-15 Todd C. Miller + + * match.c: + Properly negate the return value of alias_matches() when + appropriate. + [ce59c4ce77ad] + + * match.c: + Make hostname_matches() return TRUE for a match, else FALSE like the + caller expects. + [1dc03902d3a2] + + * Makefile.in: + Add missing dependencies on gram.h + [4f94bbb1d50c] + + * match.c: + Use runas_matches in alias_matches() now that we have it. + [284d22e91178] + + * parse.c, parse.h: + Expand aliases in "sudo -l" mode + [f67a38b79c44] + + * gram.y, match.c: + Use ALIAS for the member type when storing an alias instead of + HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the + more generic type. Expand runas_matches instead of calling + user_matches() inside of it since user_matches() looks up + USERALIASes, not RUNASALIASes. + [52004d75232b] + + * CHANGES, getspwuid.c: + Paranoia; zero out pw_passwd before freeing passwd entry. + [bd1b22638f00] - * check.c, compat.h, fileops.c, gettime.c, sudo_edit.c, visudo.c, - emul/timespec.h: Move declatation of struct timespec to its own - include files for systems without it since it needs time_t - defined. + * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure, + configure.in, defaults.c, emul/err.h, env.c, err.c, error.c, + error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c, + sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c: + Add local error/warning functions like err/warn but that call an + additional cleanup routine in the error case. This means we no + longer need to compile a special version of alloc.o for visudo. + [25000b676cfe] + + * match.c: + Use userpw_matches() to compare usernames, not strcmp(), since the + latter checks for "#uid". + [fcbe4b859f66] + + * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c: + Cache passwd db entries in 2 reb-black trees; one indexed by uid, + the other by user name. The data returned from the cache should be + considered read-only and is destroyed by sudo_endpwent(). + [ee2418ff3f86] + + * match.c: + add cast to uid_t + [eb6415302d84] + + * gram.y: + missing free in alias_destroy + [572ecb680ad8] + + * redblack.c: + Can't use rbapply() for rbdestroy since the destructor is passed a + data pointer, not a node pointer. + [11ce713830c0] + + * getspwuid.c, logging.c, sudo.c, sudo.h: + Create and use private versions of setpwent() and endpwent() that + set/end the shadow password file too. + [616bc76d23bf] + + * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c: + Store aliases in a red-black tree. + [ce017d540416] + + * Makefile.in, redblack.c, redblack.h: + red-black tree implementation + [cd5586e8f48b] + + * visudo.c: + Edit all sudoers file if there were unused or undefined aliases and + we are in strict mode. + [b6d5f5bb7262] + +2004-11-12 Todd C. Miller -2005-06-22 22:57 millert + * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c, + find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c: + Bring back the "secure_path" Defaults option now that Defaults take + effect before the path is searched. + [2e52c0e27606] + +2004-11-11 Todd C. Miller + + * logging.c, parse.c: + A user can always list their own entries, even with -u. Better error + message when failing to list another user's entries. + [e2e24deb0071] + + * parse.c, sudo.c, sudo.h: + The syntax to list another user's entries is now "-u otheruser -l". + Only root or users with sudo "ALL" may list other user's entries. + [3c0657e8f5fe] + + * sudo.cat, sudo.man.in, sudo.pod: + Update env variable info in SECURITY NOTES + [299716071024] + + * env.c: + strip CDPATH too + [9b97643b26f9] + + * env.c: + strip exported bash functions from the environment. + [9e5090c8284f] + +2004-10-27 Todd C. Miller + + * sudo.c: + Only reset sudo_user.pw based on SUDO_USER environment variables for + real commands and sudoedit. This avoids a confusing message when a + user tries "sudo -l" or "sudo -v" and is denied. + [3ea6d0053274] + + * gram.c, gram.y, parse.h: + Extend LIST_APPEND to deal with appending lists too + [d963e42f622f] + +2004-10-26 Todd C. Miller + + * logging.c: + Convert some bitwise AND to ISSET + [130dc40d268e] + + * lex.yy.c, toke.c: + toke.c replaces lex.yy.c + [048858df79e7] + + * CHANGES, TODO: + sync + [d19e7abf251c] + + * BUGS: + new parser fixes most of the outstanding bugs + [0891f66e3758] + + * configure: + regen + [1a3358cc7283] + + * visudo.c: + Rework for the new parser. Now checks for unused aliases in sudoers. + [ad462ede3094] + + * testsudoers.c: + Rewrite for the new parser. Now supports a -d flag (dump) and adds + a -h flag (host). It now defaults to the local hostname unless + otherwise specified. + [1b69685cc601] + + * sudo.h: + Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h) + [2e4fb3abfef0] + + * sudo.c: + Update for new parse. We now call find_path() *after* we have + updated the global defaults based on sudoers. Also adds support for + listing other user's privs if you are root. + [cf3db9fc3024] + + * mon_systrace.c: + Working LDAP support; also remove a now-unneeded rewind(). + [649ecf1baf6b] + + * logging.c, logging.h: + Add NO_STDERR flag. + [6cb935af94e0] + + * ldap.c: + Split sudo_ldap_check() into three pieces: sudo_ldap_open(), + udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to + connecto to LDAP, apply the default options, find the command in the + user's path, and then check whether the user is allowed to run it. + The important thing here is that the default runas user may be + specified as a default option and that needs to be set before we + search for the command. + [fc0426abc6f1] + + * ldap.c: + Add casts to unsigned char for isspace() to quiet a gcc warning. + [e5358e3df439] + + * defaults.h: + Add prototype for update_defaults() + [564dac3db74e] + + * defaults.c: + Don't warn about line numbers now that we operate on a set of data + structures (or LDAP) and not a file. + [bcd9ffb9b67c] + + * config.h.in: + No long use lsearch() + [9d048c587319] + + * Makefile.in: + Update for new and changed file names. + [6f424a7c4515] + + * LICENSE: + no more BSD lsearch.c + [463a96d89026] + + * match.c: + foo_matches() routines now live in match.c Added user_matches(), + runas_matches(), host_matches(), cmnd_matches() and alias_matches() + that operate on the parsed sudoers file. + [b14da8a0567e] + + * parse.lex, toke.l: + Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer() + WORD no longer needs to exclude '@' kill yywrap() + [a922294eb7b7] + + * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c, + sudo.tab.h: + Rewritten parser that converts sudoers into a set of data + structures. This eliminates ordering issues and makes it possible to + apply sudoers Defaults entries before searching for the command. + [30d2ec4d203c] + + * configure.in, emul/search.h, lsearch.c: + We won't be using lsearch() any longer. + [29c4d54bfac0] + + * ldap.c: + sudo should not send mail if someone who runs 'sudo -l' has no + entry. + [6fc27a69fd9c] - * ldap.c: Don't set safe_cmnd for the "sudo ALL" case. + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [8166347917f3] -2005-05-27 01:59 millert + * visudo.pod: + Update warnings to match new visudo + [004c0766798f] - * auth/pam.c: Call pam_open_session() and pam_close_session() to - give pam_limits a chance to run. Idea from Karel Zak. + * sudoers.pod: + The new parser doesn't have the old ordering constraints. + [ffd43bd08661] -2005-04-24 19:24 millert + * sudo.pod: + Document that -l now takes an optional username argument + [278f9557de8b] - * check.c, sudo.c: Add explicit cast from mode_t -> u_int in printf - to silence warnings on Solaris +2004-10-25 Todd C. Miller -2005-04-24 19:22 millert + * RUNSON: + AIX 5.2.0.0 works + [523acd29d858] - * parse.c: include grp.h to silence a warning on Solaris + * ldap.c: + If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes + a compilation problem with Solaris 9's native LDAP. -2005-04-23 15:10 millert + Set FLAG_MONITOR when needed. + [35824ade672d] - * parse.c: Fix printing of += and -= defaults. +2004-10-23 Todd C. Miller -2005-04-17 01:21 millert + * mon_systrace.c: + Call sudo_goodpath() *after* changing the cwd to match the traced + process. Fixes relative paths. + [12ee111d0ad7] - * mon_systrace.c: Sanity check number of syscall args with argsize. - Not really needed but a little paranoia never hurts. +2004-10-21 Todd C. Miller -2005-04-17 01:18 millert + * testsudoers.c: + Kill set_perms() stub--it is no longer needed. + [116ed702935d] - * mon_systrace.c, mon_systrace.h: Don't do pointer arithmetic on - void * Use int, not size_t/ssize_t for systrace lengths (since it - uses int) +2004-10-13 Todd C. Miller -2005-04-16 03:14 millert + * sudoers.cat, sudoers.man.in, sudoers.pod: + stay_setuid now requires set_reuid() or setresuid() + [8511f67e25d5] - * mon_systrace.c: Add some memsets for paranoia Fix namespace - collsion w/ error Check rval of decode_args() and update_env() - Remove improper setting of validated variable + * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure, + configure.in, set_perms.c, sudo.c, sudo.h: + Kill use of POSIX saved uids; they aren't worth bothering with. + [b3b1f19f18c1] + +2004-10-07 Todd C. Miller + + * glob.c: + remove call to issetugid() + [63f2e492c08f] + + * sudoers.cat, sudoers.man.in, sudoers.pod: + Remove warning about wildcards. Now that we use glob() the bug is + fixed. + [b15729d32266] + + * parse.c: + Use glob(3) instead of fnmatch(3) for matching pathnames and stat + each result that matches the basename of the user's command. This + makes "cd /usr/bin ; sudo ./blah" work when sudoers allows + /usr/bin/blah. Fixes bug #143. + [e31eb6310340] + + * config.h.in, configure, configure.in: + Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and + GLOB_BRACE) + [677ed6661e17] + + * config.h.in, configure, configure.in: + Check for a glob() that supports GLOB_BRACE and GLOB_TILDE + [aaa2329dd266] + + * LICENSE: + reference glob + [bedc9a923423] + + * glob.c: + 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions + removed. + [81799451473c] + + * emul/glob.h: + 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions + removed. + [0335cf31fb1e] + +2004-10-05 Todd C. Miller + + * mon_systrace.c: + Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably + means we are out of space in the stack gap... + [5b02b702021e] + + * CHANGES: + sync + [be3826273e56] + + * mon_systrace.c: + Take a stab at ldap sudoers support here. + [9d023695b0de] + + * mon_systrace.c, mon_systrace.h: + Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot" + doesn't cause reboot to inadvertanly kill itself. + [d4aab2365610] + + * mon_systrace.c: + put "monitor" in the proctitle, not "systrace" + [9a9025767d86] + + * mon_systrace.c: + When modifying the environment, don't replace envp when we can get + away with just rewriting pointers in the traced process. + [c03622f7a2e2] + + * mon_systrace.c, mon_systrace.h: + Add environment updating via STRIOCINJECT (if available). + [037291016870] + + * sudoers.cat, sudoers.man.in: + regen + [869acc511046] + +2004-10-04 Todd C. Miller + + * lex.yy.c: + regen + [4e61a9bd3c97] + + * parse.lex: + Fix bug introduced in unput() removal; want yyless(0) not yyless(1) + [b70d7bd6e147] + + * mon_systrace.c: + Include file is now mon_systrace.h + [ead4e36d92ae] -2005-04-11 21:37 millert + * Makefile.in, configure, configure.in, def_data.c, def_data.h, + def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, + sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod: + No longer call it tracing, it is now "monitoring" which should be + more a obvious name to non-hackers. + [aa811ded0789] - * parse.c, sudo.c, sudo.h: In -l mode, only check local sudoers - file if def_ignore_sudoers is not set and call LDAP versions from - display_privs() and display_cmnd() instead of directly from - main(). Because of this we need to defer closing the ldap - connection until after -l processing has ocurred and we must pass - in the ldap pointer to display_privs() and display_cmnd(). +2004-10-01 Todd C. Miller -2005-04-11 21:33 millert + * mon_systrace.c, mon_systrace.h: + Fix some XXX + [a271072dacc6] - * ldap.c: Reorganize LDAP code to better match normal sudoers - parsing. Instead of storing strings for later printing in -l - mode we do another query since the authenticating user and the - user being listed may not be the same (the new -U flag). Also - add support for "sudo -l command". + * mon_systrace.c, mon_systrace.h: + No need to include syscall.h, use 1024 as the max # of entries (the + max that systrace(4) allows). - There is still a fair bit if duplicated code that can probably be - refactored. + Only need to use SYSTR_POLICY_ASSIGN once -2005-04-11 00:37 millert + Change check_syscall() -> find_handler() and have it return the + handler instead of just running it. We need this since handler now + have two parts: one part that generates and answer and another that + gets called after the answer is accepted (to do logging). - * ldap.c: Replace pass variable with do_netgr for better - readability. + Add some missing check_exec for emul execv + [a89d243f0525] -2005-04-10 23:49 millert + * sample.pam, sample.sudoers, sample.syslog.conf, sudoers: + Add $Sudo$ tags. + [6f3fedb0daba] - * ldap.c: use DPRINTF macro + * config.h.in: + Add missing HAVE_LINUX_SYSTRACE_H + [ff75ab7bfc53] -2005-04-10 23:18 millert + * Makefile.in: + add trace_systrace.o dependency + [88a408668ab2] - * ldap.c: estrdup, not strdup +2004-09-30 Todd C. Miller -2005-04-10 17:44 millert + * configure, configure.in: + Also look for systrace.h in /usr/include/linux + [98b98b436cf3] - * parse.c: Add macro to test if the tag changed to improve - readability. + * mon_systrace.c, mon_systrace.h: + Move all struct defs and prototypes into trace_systrace.h and mark + all but systace_attach() static. + [85511253b570] -2005-04-10 17:40 millert + * mon_systrace.c, mon_systrace.h: + Add support for tracing emulations. At the moment, all emulations + are compiled in. It might make sense to #ifdef them in the future, + though this impeeds readability. + [87bb50abf277] - * parse.c: Avoid printing defaults header if there are no defaults - to print... + * Makefile.in, configure, configure.in: + rename systrace.c -> trace_systrace.c + [31cfa4407d93] -2005-04-10 15:29 millert + * parse.yacc, sudo.tab.c: + Allow this to build with a K&R compiler again + [32876af5bb98] - * glob.c: Fix a warning on systems without strlcpy(). + * TODO: + sync + [46865bd70f7c] -2005-04-10 13:32 millert + * compat.h, sudo.c, visudo.c: + Use __attribute__((__noreturn__)) + [65bbad71fe89] - * pwutil.c: Use macros where possible for sudo_grdup() like - sudo_pwdup(). + * visudo.c: + Exit() takes a negative value to indicate it was not called via + signal. + [b93032ed7b60] -2005-04-08 17:04 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [45bcf4661558] + + * Makefile.in, visudo.c: + Define Err() and Errx() that are like err() and errx() but call + Exit() instead of exit(). Build private copy of alloc.o for visudo + that calls Err() and Errx(). + [c6d02bf42edd] + +2004-09-29 Todd C. Miller + + * lex.yy.c, sudo.tab.c: + regen + [39de7e7c59da] + + * CHANGES: + sync + [ba481d9ed1aa] + + * visudo.c: + Overhaul visudo for editing multiple files: o visudo has been + broken out into functions (more work needed here) o each file is + now edited before sudoers is re-parsed o if a #include line is + added that file will be edited too + + TODO: o cleanup temp files when exiting via err() or errx() o + continue breaking things out into separate functions + [80c35cf534eb] + + * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c: + Add keepopen arg to open_sudoers that open_sudoers can use to + indicate to the caller that the fd should not be closed when it is + done with it. To be used by visudo to keep locked fds from being + closed prematurely (and thus losing the lock). + [f330fe632470] + + * parse.yacc, sudo.c: + Add errorfile global that contains the name of the file that caused + the error. + [98079c7a37ed] + + * parse.lex: + return COMMENT to yacc grammar for a #include line + [2024a8de4fa8] + + * parse.lex: + Remove us of unput() in favor of yyless() which is cheaper. + [c61291902beb] + + * parse.yacc: + Allow an empty sudoers file. + [62fb111db2e7] + +2004-09-28 Todd C. Miller + + * mon_systrace.c: + Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us. + [9e15869ef597] + + * lex.yy.c, sudo.tab.c: + regen + [c29bdd43bfad] + + * visudo.c: + Do signal setup before calling edit_sudoers(). Don't shadow the + "quiet" global. + [74252efd09ff] + + * visudo.c: + If a sudoers file includes other files, edit those too. Does not yes + deal with creating the new includes files itself. + [06af7b9c173f] + + * testsudoers.c: + init_parser now takes a path + [b5ee186eb192] + + * parse.c, parse.h, parse.lex, parse.yacc: + More scaffolding for dealing with multiple sudoers files: o + init_parser() now takes a path used to populate the sudoers global + o the sudoers global is used to print the correct file in yyerror() + o when switching to a new sudoers file, perserve old file name and + line number + [d9be4970b8bd] + + * Makefile.in, pathnames.h.in: + Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have + multiple sudoers files. + [6ccc4e921c43] + + * parse.c, sudo.c: + Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so + we start at the right file position when reading include files. + [91fcb961e7a4] + + * sudoers.pod: + document #include + [fbb92a25a726] + + * lex.yy.c: + regen + [50cd7a4c9dff] + + * parse.lex: + Add max depth of 128 for the include stack to avoid loops. + + Since yyerror() doesn't stop parsing, pass return values back to + yylex and call yyterminate() on error. + [e79dbffb729d] + +2004-09-27 Todd C. Miller + + * sudoers.pod: + document tracing + [165a467eadd8] + + * sudo.pod: + Mention PREVENTING SHELL ESCAPES section of sudoers man page + [3217ccecd834] + + * lex.yy.c, sudo.tab.c: + regen + [fbd58d1d3a76] - * utimes.c: It is possible for tv_usec to hold >= 1000000 usecs so - add in tv_usec / 1000000. + * parse.lex: + Add support for #include in sudoers (visudo support TBD) + [a78015ca81af] -2005-03-29 23:38 millert + * parse.yacc: + make yyerror()'s argument const + [7d8e168c019a] - * auth/kerb5.c: The component in krb5_principal_get_comp_string() - should be 1, not 0 for Heimdal. From Alex Plotnick. + * testsudoers.c, visudo.c: + Add open_sudoers() stubs. + [087466787198] -2005-03-29 09:29 millert + * sudo.c, sudo.h: + Rename check_sudoers() open_sudoers() and make it return a FILE * + [142fc511fc65] - * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, - gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, - pwutil.c, redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c: - Add efree() for consistency with emalloc() et al. Allows us to - rely on C89 behavior (free(NULL) is valid) even on K&R. +2004-09-26 Todd C. Miller -2005-03-28 22:33 millert + * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, + version.h: + Crank version + [1adc3f839480] + + * Makefile.in, sudo.psf: + Better HP-UX depot construction + [2d952b000e63] + +2004-09-25 Todd C. Miller + + * mon_systrace.c: + o Made children global so check_exec() can lookup a child. o + Replaced uid in struct childinfo with struct passwd * (for runas) o + new_child() now takes a parent pid so the runas info can be + inherited o Added find_child() to lookup a child by its pid o + update_child() now fills in a struct passwd o Converted the big + if/else mess in set_policy to a switch o Syscalls that change uid + are now "ask" so we get SYSTR_MSG_UGID events + [29b9ea3f09a3] + + * getspwuid.c: + Add flag to sudo_pwdup that indicates whether or not to lookup the + shadow password. Will be used to a struct passwd that has the + shadow password already filled in. + [e19d43dd7238] + + * mon_systrace.c: + add missing increment of addr in read_string() + [f9eb0f060cb6] + + * mon_systrace.c: + Remove bogus call to update_child() and some cosmetic fixes + [701ab0b97fef] + + * mon_systrace.c: + Don't leak /dev/systrace fd to tracee Make initialized global for + simplicity If STRIOCATTACH returns EBUSY we are already being traced + Check for user_args == NULL in setproctitle() call Add missing calls + to STRIOCANSWER + [1956edf9bc3a] + + * sudo.c: + g/c sudo_pwdup proto + [b7c4d6249ecb] + + * Makefile.in, sudo.psf: + Add target for building a depot file + [357019efd99b] + + * mon_systrace.c: + trim includes + [501534428471] + +2004-09-24 Todd C. Miller + + * lex.yy.c, sudo.tab.c, sudo.tab.h: + regen + [52fd250c6986] + + * INSTALL: + document --with-systrace + [79623927c94e] + + * config.h.in, configure, configure.in: + Add check for setproctitle + [1730cf1c26ed] + + * mon_systrace.c: + pass struct str_msg_ask in to syscall checker so it can set the + error code + [1703fd2fdef6] + + * mon_systrace.c: + systrace(4) support for sudo. On systems with the systrace(4) + kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can + intercept exec calls and check the exec args against the sudoers + file. In other words, sudo can now control subcommands and shell + escapes. + [928c9217c386] + + * sudo.c, sudo.h: + Call systrace_attach() if FLAG_TRACE is set. + [014ba9402fa5] + + * parse.c, parse.h, parse.lex, parse.yacc, sudo.h: + Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE + [a99904db5e56] + + * parse.c, sudo.c: + Don't close sudoers_fp, keep it open and set close on exec flag + instead. + [43a9fec60bee] + + * def_data.c, def_data.h, def_data.in: + Add trace option + [5b643b86730a] + + * Makefile.in: + Add systrace + [47a0519c427c] + + * INSTALL: + SunOS /bin/sh blows up with configure + [005a23cc5615] + + * configure, configure.in: + Include sys/param.h before systrace.h + [9345bc8efecf] + + * configure: + regen + [a8f53fcbb254] + + * pathnames.h.in: + _PATH_DEV_SYSTRACE + [d2ad1e492a00] + + * configure.in: + line up options in --help + [fa51f2821d09] + + * config.h.in, configure.in: + Add --with-systrace + [a264d54bc413] - * parse.c, sudo.c: Move initgroups() for -U option into - display_privs() so group matching in sudoers works correctly. +2004-09-23 Todd C. Miller -2005-03-26 21:34 millert + * configure: + regen + [a4dad0bcc523] - * ldap.c: Removed duplicate call to ldap_unbind_s introduced along - with sudo_ldap_close. + * aclocal.m4, configure.in: + make this work with autoconf-2.59 + [c4a92b6a684a] -2005-03-26 20:01 millert +2004-09-16 Todd C. Miller - * parse.c: Add missing space in Defaults printing + * sudo_edit.c: + Simplify logic around open & stat of files and do sanity on edited + file even if we lack fstat (still racable but worth doing). + [adda65ade70c] -2005-03-25 12:36 millert +2004-09-15 Todd C. Miller - * pwutil.c: Sync sudo_pwdup with OpenBSD changes: use macros for - size computaton and string copies. + * HISTORY: + Add support url + [bf6590fbde9f] -2005-03-18 22:08 millert + * Makefile.in: + versino 1.6.8p1 + [b84ebfaf1552] [SUDO_1_6_8p1] - * pwutil.c: Zero old pw_passwd before replacing with version from - shadow file. + * CHANGES: + more changes for 1.6.8p1 + [e23a9c0393b6] -2005-03-18 22:07 millert + * version.h: + 1.6.8p1 + [872f14504b5f] - * configure, configure.in: Only attempt shadow password detection - if PAM is not being used Add shadow_* variables to make shadow - password detection more generic. + * CHANGES, sudo_edit.c: + Add sanity check so we don't try to edit something other than a + regular file. + [350134ec6d4e] -2005-03-18 21:46 millert +2004-09-15 Aaron Spangler - * configure.in: Use OSDEFS for os-specific -D_FOO_BAR stuff rather - than CPPFLAGS + * CHANGES: + sync + [3091ca9eae00] -2005-03-12 19:27 millert + * INSTALL: + document --with-ldap-conf-file + [0e2cd6b896f1] - * sudoers.pod: use a non-breaking space to avoid a double space - after e.g. +2004-09-14 Todd C. Miller -2005-03-12 19:26 millert + * CHANGES, ins_csops.h: + political correctness strikes again + [428e8bc77f55] - * sudo.pod: commna, not colon after e.g. + * RUNSON: + sync + [27f44bd423dc] -2005-03-12 18:43 millert +2004-09-12 Todd C. Miller - * sudo_noexec.c: Add __ variants of the exec functions. GNU libc - at least uses __execve() internally. + * Makefile.binary.in, Makefile.in: + Install sudoedit man link + [19a55234fc1f] -2005-03-12 12:29 millert + * INSTALL: + Update PAM note and mention where HP-UX users can download gcc + binaries. + [d37cdbbabfd4] - * indent.pro: Match reality a bit more. + * Makefile.in: + libtool wants to install stuff from .libs so fake one up for binary + installations. + [a681bc6fcfba] -2005-03-12 12:27 millert + * Makefile.binary.in: + rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly + [3e0c4b3372cc] - * pwutil.c: Missed piece from rev. 1.6, fix sudo_getpwnam() too. + * Makefile.in: + Deal with "uname -m" having slashes in it rm -f old sudoedit link + instead of using ln -f + [cff33fb97e5b] -2005-03-11 23:42 millert + * Makefile.binary, Makefile.binary.in: + Makefile.binary -> Makefile.binary.in for config.status substitution + Add support for installing noexec bits + [37d8bb3483c6] - * pwutil.c: Store shadow password after making a local copy of - struct passwd in case normal and shadow routines use the same - internal buffer in libc. + * Makefile.in: + Copy noexec bits into binary dists too No longer use my old arch + script for making binary dists + [e7058bab9e33] -2005-03-10 20:57 millert + * Makefile.binary: + Install sudoedit link. + [417d1e101711] - * alloc.c, logging.c: Make varargs usage consistent with the rest - of the code. +2004-09-11 Todd C. Miller -2005-03-10 10:09 millert + * emul/utime.h: + avoid __P so there is no need for compat.h to be included + [6d8d1f1abf7d] - * sudo_noexec.c: Wrap more of the exec family since on Linux the - others do not appear to go through the normal execve() path. + * utimes.c: + Don't use HAVE_UTIME_H before including config.h. + [013b7bb61181] -2005-03-10 09:57 millert +2004-09-10 Todd C. Miller - * visudo.c: make print_unused static like proto says + * compat.h: + Fix Solatis futimes macro + [d4eda2ca0d29] -2005-03-10 09:55 millert +2004-09-09 Todd C. Miller - * glob.c: silence a warning on K&R systems + * sudo_edit.c: + Rename ots -> omtim for improved readability. + [127ca5bb297c] -2005-03-10 09:51 millert +2004-09-08 Todd C. Miller - * parse.c, alias.c, error.c: make this build in K&R land + * sudo_edit.c: + Redo changes in revision 1.7. Don't really need to keep the temp + file open; re-opening it with the invoking user's euid is + sufficient. + [55a883165a95] -2005-03-07 22:21 millert + * CHANGES: + sync + [9015b291170d] - * toke.c: regen + * sudo.cat, sudo.man.in: + regen + [c0313f6ed783] -2005-03-05 22:46 millert + * sudo.pod: + back out revision 1.70; it is no long applicable + [b641d503aff6] - * ldap.c: return(foo) not return foo optimize _atobool() slightly + * env.c: + Let the loader initialize nep + [bec192139b02] -2005-03-05 22:40 millert + * config.h.in, configure, configure.in: + Removed unneed check for fchown Add check for gettimeofday Move + autoheader template stuff into separate AH_TEMPLATE lines + [bfc0edbd43f2] - * ldap.c: Use TRUE/FALSE + * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c: + Use timespec throughout. + [1a178a23b69b] -2005-03-05 22:31 millert + * Makefile.in: + gettime.[co] + [6aeb48a7ab7f] - * ldap.c: Reformat to match the rest of sudo's code. + * gettime.c: + function to return the current time in a struct timespec + [bf8eb12cb63f] -2005-03-05 19:33 millert + * utimes.c: + Not a darpa-sponsored file. + [121ce5e2036c] - * sudo.pod: I am the primary author +2004-09-07 Todd C. Miller -2005-02-22 22:28 millert + * compat.h, config.h.in, configure, configure.in: + Add a check for struct timespec and provide it for those without. + [42124055030d] - * README, RUNSON, Makefile.in: The RUNSON file is toast--it - confused too many people and really isn't needed in a - configure-oriented world. + * config.h.in, configure, configure.in, sudo_edit.c: + Add checks for st_mtim and st_mtimespec and add macros for pulling + the mtime sec and nsec out of struct stat. These are used in + sudo_edit() to better tell whether or not the file has changed. + [23debfbb3fab] -2005-02-22 22:28 millert + * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c: + Add an extra param to touch() for nsec + [56f7a4ba8ddb] - * INSTALL: alternate -> alternative + * sudo_edit.c: + Call mkstemp() as the in invoking user so we don't have to chown the + file later. Only touch() the temp file if we can do it via the file + descriptor. Don't check for modification of the temp file if we lack + fstat(). Catch errors read()ing the temp file. + [665f52c70836] -2005-02-22 22:26 millert + * fileops.c: + If path is NULL and fd == -1 return -1. + [757a518a824c] - * tgetpass.c: Use TCSADRAIN instead of TCSAFLUSH since some OSes - have issues with TCSAFLUSH. + * sudo_edit.c: + closefrom() is overkill, the only extra fds are the ones we opened + so just close those in the child. + [f361c9d2a1f4] -2005-02-22 22:16 millert + * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure, + configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c, + visudo.c: + Use utimes() and futimes() instead of utime() in touch(), emulating + as needed. Not all systems are able to support setting the times of + an fd so touch() takes both an fd and a file name as arguments. + [3d9276f29717] - * toke.l: Allow leading blanks before Defaults and Foo_Alias - definitions +2004-09-07 Aaron Spangler -2005-02-22 22:14 millert + * env.c: + Rare SEGV + [8995f828782d] - * Makefile.in: fix rules to build toke.o and gram.o in devel mode +2004-09-06 Todd C. Miller -2005-02-20 13:00 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [b8e9406711c5] - * sudoers.pod: env_keep overrides set_logname + * sudo.pod, sudoers.pod, visudo.pod: + Add SUPPORT section and re-order some of the sections to match the + order we use in OpenBSD. + [fa37bd917e2c] -2005-02-20 12:57 millert +2004-09-06 Aaron Spangler - * env.c: Fix disabling set_logname and make env_keep override - set_logname. + * env.c: + Openldap ~/.ldaprc fix + [1a37afe6850f] -2005-02-20 12:28 millert +2004-09-06 Todd C. Miller - * compat.h, config.h.in, configure, configure.in: No longer need - memmove() + * sudo.pod: + Talk about how the editor must write its changes to the original + file and not just use rename(2). + [c55ed91c5ee9] -2005-02-20 11:48 millert + * CHANGES: + sync + [62af26bd37a2] - * env.c, sudo.c: Just clean the environment once. This assumes - that any further setenv/putenv will be able to handle the fact - that we replaced environ with our own malloc'd copy but all the - implementations I've checked do. + * sudo_edit.c: + Keep the temp file open instead of re-opening after the editor has + exited. + [de41eeb6dcf2] -2005-02-15 23:16 millert + * sample.pam: + Update for current redhat/fedora core. + [8cf083077333] - * env.c, sudo.c: In -i mode, base the value of insert_env()'s - dupcheck flag on DID_FOO flags. Move checks for $HOME resetting - into rebuild_env() +2004-09-03 Aaron Spangler -2005-02-13 00:33 millert + * README.LDAP: + tls_ examples + [ba783d88a034] - * env.c, sudo.c: Move setting of user_path, user_shell, user_prompt - and prev_user into init_vars() since user_shell at least is - needed there. +2004-09-02 Aaron Spangler -2005-02-12 18:51 millert + * ldap.c: + config tls_* options + [0b0e0797b3b9] - * Makefile.in: fix devel builds +2004-08-29 Todd C. Miller -2005-02-12 18:46 millert + * configure, configure.in: + No need for -lcrypt when using pam. + [41fff3a53e68] - * check.c, sudo.c: Fix some printf format mismatches on error. +2004-08-27 Todd C. Miller -2005-02-12 18:33 millert + * configure: + regen + [75820aecce2c] - * configure, gram.c, toke.c: regen +2004-08-27 Aaron Spangler -2005-02-12 17:56 millert + * configure.in, ldap.c, pathnames.h.in: + Allow --with-ldap-conf-file option to override LDAP_CONF + [c9909bc484a5] - * LICENSE, Makefile.binary.in, Makefile.in, aclocal.m4, alias.c, - alloc.c, check.c, closefrom.c, compat.h, configure.in, - defaults.c, defaults.h, env.c, error.c, fileops.c, find_path.c, - getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.y, - interfaces.c, interfaces.h, ldap.c, logging.c, logging.h, - match.c, mon_systrace.c, parse.c, redblack.c, redblack.h, - set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c, - strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.pod, sudo_edit.c, - sudo_noexec.c, sudoers.pod, testsudoers.c, tgetpass.c, toke.l, - utimes.c, version.h, visudo.c, visudo.pod, zero_bytes.c, - auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, - auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, - emul/utime.h: Update copyright years. + * ldap.c: + cleanup debug message + [1f6ca4824d8d] -2005-02-12 16:46 millert +2004-08-26 Aaron Spangler - * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in: - version 1.7 + * README.LDAP: + more config info + [f2e7147fd507] -2005-02-12 16:16 millert +2004-08-24 Todd C. Miller - * WHATSNEW: What's new in sudo 1.7, based on the 1.7 CHANGES - entries. + * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c: + Add cmnd_base to struct sudo_user and set it in init_vars(). Add + cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No + longer use gross statics in command_matches(). Also rename some + variables for improved clarity. + [7169a6c7bea4] -2005-02-11 18:06 millert +2004-08-21 Todd C. Miller - * compat.h, logging.h, sudo.h: Add __printflike and use it with gcc - to warn about printf-like format mismatches + * INSTALL: + document HP's crippled compiler deficiency. + [c405ea5a8d4c] -2005-02-10 00:16 millert + * INSTALL: + Fix some thinkos in --with-editor and --with-env-editor + descriptions. Noticed by Norihiko Murase. + [dd781de1c985] - * CHANGES, ChangeLog: Replaced CHANGES file with ChangeLog - generated from cvs logs + * configure, configure.in: + --with-noexec takes an optional PATH argument. + [8f6ab77f22cc] -2005-02-10 00:03 millert + * INSTALL: + document --with-noexec + [50cb1fc627ce] - * set_perms.c: Use warning/error instead of perror/fatal. +2004-08-17 Todd C. Miller -2005-02-09 23:13 millert + * RUNSON, TODO: + sync + [f2503bd13373] [SUDO_1_6_8] - * config.guess: Update OpenBSD section + * sudo_edit.c: + Better warning message when sudoedit is unable to write to the + destination file. + [f78c18f2ffa8] -2005-02-09 23:10 millert + * sudo.cat, sudo.man.in: + regen + [7e2bf63d6d9a] - * UPGRADE: Add upgrading noted for 1.7 + * sudo.pod: + Don't italicize the string "sudoedit" + [c691643bd269] -2005-02-09 23:00 millert +2004-08-16 Todd C. Miller - * env.c, sudo.c, sudoers.pod: Instead of zeroing out the - environment, just prune out entries based on the env_delete and - env_check lists. Base building up the new environment on the - current environment and the variables we removed initially. + * HISTORY: + Mention GratiSoft. + [dc53de581b2d] -2005-02-09 22:23 millert +2004-08-11 Todd C. Miller - * configure, configure.in, sudo.c, config.h.in: Set locale to "C" - if locales are supported, just to be safe. + * sudo.tab.c: + regen + [8ae0484dfc38] -2005-02-09 22:19 millert + * parse.yacc: + Reset used_runas to FALSE when re-intializing the parser. + [b7403f353a02] - * toke.c, toke.l: Cast argument to ctype functions to unsigned - char. +2004-08-09 Todd C. Miller -2005-02-07 22:56 millert + * config.guess: + Correct OpenBSD mips support + [314fc7afc165] - * env.c: correct value for DID_USER + * config.guess: + Add OpenBSD/mips + [ac87d0a773ef] -2005-02-07 22:55 millert +2004-08-07 Aaron Spangler - * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c: #include - not "compat.h" + * README.LDAP: + More behavior notes + [13be1d212b47] -2005-02-07 22:51 millert + * README.LDAP: + Updates on current behavior + [d498a8866d6f] - * defaults.c: Reset the environment by default. +2004-08-06 Todd C. Miller -2005-02-07 22:50 millert + * sudoers.pod: + =back does not take an indentlevel (makes no difference to formatted + files). + [9c8523bb382a] - * sudo.c: Alloc an extra slot in NewArgv. Removes the need to - malloc an new vector if execve() fails. + * sudo.pod: + =back does not take an indentlevel (makes no difference to formatted + files). + [e5f479e24fa8] -2005-02-06 23:16 millert + * CHANGES: + new + [2dbd9aba8b33] - * INSTALL, config.h.in, configure, configure.in, sudo.c: Use - execve(2) and wrap the command in sh if we get ENOEXEC. + * sudo.c: + Consistency. Use same error for bad -u #uid when targetpw is set as + we do when a bad -u username is specified. + [922961c4a9d6] -2005-02-05 23:01 millert + * TODO: + Add checksum idea from Steve Mancini + [e6ece1b766ba] - * sudo_noexec.c: Only include time.h on systems that lack struct - timespec which gets defind in compat.h (using time_t). + * sudoers.cat, sudoers.man.in: + regen + [370d2317829f] -2005-02-05 22:59 millert + * sudo.cat, sudo.man.in: + regen + [f93d41fc38b1] - * sudo_noexec.c: Include time.h for time_t in compat.h for systems - w/o struct timespec. + * sudo.pod, sudoers.pod: + Document the restriction on uids specified via -u when targetpw is + set. + [878fedb455db] -2005-02-05 22:56 millert + * sudo.c: + Error out when targetpw is enabled and sudo is run with -u #uid but + #uid does not exist in the passwd database. We can't do target + authentication when the target is not in passwd! + [27c5888c86eb] - * configure, compat.h, config.h.in, configure.in: use bcopy on - systems w/o memmove + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: + regen + [ceb65711050c] -2005-02-05 22:31 millert + * TODO: + Some more todo for the next release. + [7b7417be7601] - * compat.h: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 - so limit its use to gcc >= 2.8. + * INSTALL: + Make it clear that PAM should be used for DCE support when possible. + [7502029fd385] -2005-02-05 21:21 millert + * sudoers.pod: + o Document problems with wildcards and relative paths. o Make the + order requirements more prominent. o Change a "set" to "reset" for + clarity. + [bacdd181b33f] - * Makefile.in: Add explicit rule to build sudo_noexec.lo +2004-08-05 Todd C. Miller -2005-02-05 17:56 millert + * sudo.pod: + Mention --with-secure-path, not SECURE_PATH. + [41283ddde5e1] - * INSTALL.configure, Makefile.in: No longer depend on VPATH; - pointed out a bunch of missed dependencies. +2004-08-03 Aaron Spangler -2005-02-05 13:18 millert + * ldap.c: + reflect changes to parse.c + [8880fe9b724d] - * TROUBLESHOOTING: Help for PAM when account section is missing +2004-08-02 Todd C. Miller -2005-02-05 13:01 millert + * sudo.tab.c: + regen + [a57658ca9177] - * auth/pam.c: Give user a clue when there is a missing "account" - section in the PAM config. + * parse.c, parse.h, testsudoers.c, visudo.c: + Don't pass user_cmnd and user_args to command_matches(), just use + the globals there. Since we keep state with statics anyway it is + misleading to pretend that passing in different cmnd and cmnd_args + will work. + [0a2544991fd6] -2005-02-05 10:22 millert + * parse.yacc: + Don't pass user_cmnd and user_args to command_matches(), just use + the globals there. Since we keep state with statics anyway it is + misleading to pretend that passing in different cmnd and cmnd_args + will work. + [a4910bf6032b] - * auth/pam.c: Better error handling. + * parse.c: + Fix a bug introduced in rev. 1.149. When checking for pseudo- + commands check for a '/' anywhere in cmnd, not just the first + character. + [ce98142f03ca] -2005-02-05 09:57 millert +2004-07-31 Aaron Spangler - * configure, config.h.in, configure.in: Move _FOO_SOURCE to - CPPFLAGS so it takes effect as early as possible. Silences a - warning about isblank() on linux. + * sudo.man.in, sudo.pod: + Clarification thanks to Olivier Blin + [a91800e094b1] -2005-02-04 21:49 millert + * sudoers.man.in, sudoers.pod: + Add ignore_local_sudoers + [741ddcbf7083] - * auth/pam.c: Fix typo (missing comma) that caused an incorrect - number of args to be passed to log_error(). + * README.LDAP: + Sun One schema definition by Andreas.Bussjaeger@t-systems.com and + janth@moldung.no + [742c02e07cd9] -2005-01-31 23:03 millert +2004-07-29 Todd C. Miller - * pwutil.c: Don't try to destroy a tree we didn't create. + * CHANGES: + typo + [e7cdefbd7a9a] -2005-01-27 10:42 millert +2004-07-23 Todd C. Miller - * alias.c, alloc.c, check.c, closefrom.c, compat.h, defaults.c, - env.c, error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, - getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.c, - gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, - parse.c, pwutil.c, set_perms.c, sigaction.c, snprintf.c, - strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, - sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, - toke.l, utimes.c, visudo.c, zero_bytes.c, auth/afs.c, - auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c: Add __unused to - rcsids + * CHANGES: + sync + [734dafc4a85e] -2005-01-21 10:34 millert + * parse.c: + Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless + PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse. + [151b7f593568] - * configure, configure.in: Fix error message when mixing invalid - auth types +2004-07-08 Todd C. Miller -2005-01-21 10:32 millert + * CHANGES: + PAM change + [d8fb6d6a22d0] - * INSTALL: PAM, AIX auth, BSD auth and login_cap are now on by - default if the OS supports them. +2004-07-08 Aaron Spangler -2005-01-21 10:29 millert + * ldap.c: + Better debugging of ALL command + [9db3e84029dc] - * config.h.in, auth/sudo_auth.h: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g +2004-07-08 Todd C. Miller -2005-01-21 10:29 millert + * parse.c: + When matching for "sudoedit" in sudoers check both the command the + user typed *and* the command that is listed in the sudoers entry. + [f36ca1f94095] - * configure.in: Better checking for conflicting authentication - methods Display the authentication methods used at the end of - configure Rename --with-authenticate -> --with-aixauth Use - --with-aixauth, --with-bsdauth, --with-pam, --with-logincap by - default on systems that support them unless disabled. Add - OSMAJOR variable that replaces old OSREV; now OSREV has full - version number +2004-07-04 Aaron Spangler -2005-01-17 19:40 millert + * ldap.c: + Added !command feature + [ed539574611b] - * def_data.c, def_data.in, sudo.c, sudoers.pod: s/-O/-C/ +2004-06-28 Todd C. Miller -2005-01-14 13:35 millert + * auth/pam.c: + Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell + [2be8e0e8813a] - * configure.in: Replace: test -n "$FOO" || FOO="bar" +2004-06-11 Todd C. Miller - With: : ${FOO='bar'} + * LICENSE: + License is ISC-style, not BSD-style + [ac0589e1dd5d] -2005-01-09 18:58 millert + * CHANGES: + sync + [16058a30f404] - * pwutil.c, testsudoers.c, tsgetgrpw.c: Use function pointers to - only call private passwd/group routines when using a nonstandard - passwd/group file. +2004-06-10 Todd C. Miller -2005-01-06 10:34 millert + * sudo.cat, sudo.man.in: + regen + [8820eb9c809b] - * CHANGES: sync + * sudo.pod: + o Update some out of date bits to reality o Change the shell promt + in examples to bourne-shell style o Clarify some details o Add a + CAVEAT about "sudo cd /foo" + [b0af373214b6] -2005-01-05 22:16 millert + * check.c: + Don't ask for a password if invoking user == target user. + [dd5c96141132] - * tsgetgrpw.c: Can't use strtok() since it doesn't handle empty - fields so add getpwent()/getgrent() functions and call those. + * sudo.c: + typo in comment + [278d20f9b249] -2005-01-05 17:29 millert +2004-06-08 Todd C. Miller - * Makefile.in: Fix dummied out toke.c and gram.c dependencies. + * sudoers.cat, sudoers.man.in: + regen + [9036c6f39eff] -2005-01-05 17:18 millert + * sudoers.pod: + Expand on NOEXEC a little. + [9a13756aebe4] - * Makefile.in: Rename PARSESRCS -> GENERATED since it is only used - in the clean target Add devdir variable and use it to specify the - path to parser sources + * TODO: + sync + [8d2c1af48de8] -2005-01-05 17:17 millert + * visudo.cat, visudo.man.in: + regen + [3921f01607c8] - * configure: regen + * sudo.tab.c: + regen + [9338c3d68250] -2005-01-05 17:17 millert + * visudo.pod: + Add a check in visudo for runas_default being set after it has + already been used. + [6700358d7ad8] - * configure.in: Add a devdir variables that defaults to $(srcdir) - and is set to . if --devel was specified. Allows for proper - dependecies building the parser. + * CHANGES, parse.yacc, visudo.c: + Add a check in visudo for runas_default being set after it has + already been used. + [803560986a8a] -2005-01-05 14:50 millert + * sudo.tab.c: + regen + [b60636e2cf63] - * testsudoers.c: Add support for custom passwd/group files. + * parse.yacc: + Add a MATCHED macro for testing whether foo_matches has been set to + TRUE or FALSE. This is more readable than checking for >=0 or < 0. + Doesn't change the actual code generated. + [f376da8ccdc8] -2005-01-05 14:47 millert +2004-06-07 Todd C. Miller - * Makefile.in: Build private copy of pwutil.o for testsudoers with - MYPW defined so it uses our own passwd/group routines. + * sudoers.cat: + regen + [6cceb6d6c9bd] -2005-01-05 14:46 millert + * sudoers.man.in: + regen + [5acd12b730b3] - * visudo.c: Remove sudo_*{pw,gr}* stubs and add - sudo_setspent/sudo_endspent stubs instead. We can now just use - the caching sudo_*{pw,gr}* functions in pwutil.c Add comment - about wanting to call sudo_endpwent/sudo_endgrent in cleanup() + * sudoers.pod: + Correct description of where Defaults specs should go. + [6b11ff53d7ad] -2005-01-05 14:44 millert + * sudoers: + Correct description of where Defaults specs should go. + [868db857630d] - * tsgetgrpw.c: Remove caching; we will just use what is in pwutil.c - Use global buffers for passwd/group structs Rename functions from - sudo_* to my_* + * testsudoers.c, visudo.c: + update (c) year + [272c8a53604c] -2005-01-05 14:43 millert + * logging.h: + update (c) year + [3cec76d400ce] + + * ldap.c: + update (c) year + [f264632488a0] + + * find_path.c: + update (c) year + [40c227af9227] + + * auth/pam.c: + update (c) year + [87149e0eed50] + + * auth/bsdauth.c, auth/kerb5.c: + update (c) year + [d72eb434c068] + +2004-06-06 Todd C. Miller + + * sudo.tab.c: + regen + [83408d9e9d2e] + + * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c: + Remove trailing spaces, no actual code changes. + [4c3bf2819293] + + * tgetpass.c: + Remove trailing spaces, no actual code changes. + [96f6e0a24c26] + + * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c: + Remove trailing spaces, no actual code changes. + [c7075d1cbed5] + + * getcwd.c: + Remove trailing spaces, no actual code changes. + [776cc0374547] + + * find_path.c: + Remove trailing spaces, no actual code changes. + [7ed7099f3c71] + + * compat.h, defaults.c, env.c: + Remove trailing spaces, no actual code changes. + [893e83c33795] + + * check.c: + Remove trailing spaces, no actual code changes. + [f77750f8803b] + + * sudo.tab.c: + regen + [62e0ed883b31] + + * parse.yacc: + Fix a >=0 that should be <0 that was improperly converted when + UNSPEC was added. + [ad1531a55a49] + + * parse.yacc: + Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not + NOMATCH when resetting it. + [ae017a12870a] + + * parse.yacc: + Fix pastos introduced in SETNMATCH addition. + [6ea1c9d80681] + +2004-06-05 Todd C. Miller + + * README.LDAP: + Update for configure changes + [637a635da287] + + * sudo.tab.c: + regen + [4753c2788713] + + * sudo.h: + Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use + these in parse.yacc. Also in parse.yacc initialize the *_matches + vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use + when setting *_matches to a value that may be + NOMATCH/UNSPEC/TRUE/FALSE. + [2ba622e15a4d] + + * parse.yacc: + Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use + these in parse.yacc. Also in parse.yacc initialize the *_matches + vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use + when setting *_matches to a value that may be + NOMATCH/UNSPEC/TRUE/FALSE. + [746b519e41a6] + + * parse.yacc: + Initialize runas to -2, not -1 since we need to be able to + distinguish between the initialized value and the value of a non- + match when passing along the runas value to multiple commands. + + The result of this is that an unmatched runas is now set to -1, not + 0. This is required now that parse.c treats a FALSE value for runas + as being explicitly denied. + [7791ed3621f6] + +2004-06-03 Todd C. Miller + + * sudo.c, visudo.c: + Error out if argc < 1. + [ce6b2a9eda3c] + + * getprogname.c: + Error out if argc < 1. + [c566cce8dc78] + + * configure, configure.in: + Add tests for what libs we need to link with for ldap and for + whether or not lber.h needs to be explicitly included. + [b2e9729cc4e7] + +2004-06-03 Aaron Spangler + + * ldap.c: + Solaris native LDAP build fix + [39929e40eb11] + +2004-06-01 Todd C. Miller + + * ldap.c: + Set edn to NULL is ldap_get_dn() fails to avoid potential use of an + unset variable. + [6a4c20a66f98] + + * sudo.h: + Add prototype for sudo_ldap_list_matches + [443b007a8dab] + + * configure, configure.in: + Better check for dirfd macro--we now set HAVE_DIRFD for the macro + version too. Added check for dd_fd in `DIR' if no dirfd is found; + this is now used to confitionally define the dirfd macro in + compat.h. + [567656978f7e] + + * config.h.in: + Better check for dirfd macro--we now set HAVE_DIRFD for the macro + version too. Added check for dd_fd in `DIR' if no dirfd is found; + this is now used to confitionally define the dirfd macro in + compat.h. + [34eace4faec8] + + * compat.h: + Better check for dirfd macro--we now set HAVE_DIRFD for the macro + version too. Added check for dd_fd in `DIR' if no dirfd is found; + this is now used to confitionally define the dirfd macro in + compat.h. + [8d50ff1bbf2a] + + * closefrom.c: + Only check /proc/$$/fd if we have the dirfd function/macro. + [15e3ccce7553] + + * compat.h, config.h.in, configure, configure.in: + Add a check for a dirfd() function (like Linux) and add a dirfd + macro in compat.h if there is no dirfd() function or macro. + [1e95756edb50] + + * closefrom.c, getcwd.c: + dirfd() is now defined in compat.h as needed. + [bb1d79271188] + + * CHANGES: + Clarify closefrom() note. + [f4e4a5508dda] + + * parse.c: + When checking for a command in the directory, only copy the base dir + once. + [7a3276808b87] + + * closefrom.c: + If there is a /proc/$$/fd directory, behave like the Solaris + closefrom() and only close the descriptors listed therein. + [19de23779e84] + + * alloc.c: + compat.h guarantees INT_MAX is defined. + [1bf0c79d4606] + + * compat.h: + Add definitions of OPEN_MAX and INT_MAX for those without it and + remove definition of RLIM_INFINITY (now unused). + [f827d1ebf96e] + + * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c, + sudo.c, sudo.h, visudo.c: + Use PATH_MAX, not MAXPATHLEN since the former is standardized. + [59788f211c24] + +2004-05-31 Todd C. Miller + + * CHANGES: + sync + [d32fa124f1ad] + + * RUNSON: + Add some entries that were mailed in a while ago + [ff8d5bfec54e] + + * closefrom.c: + o sysconf returns a long, not an int. o check for negative return + value from sysconf/getdtablesize and use OPEN_MAX in this case. o + define OPEN_MAX to 256 for those without it (a fair guess...) + [ccf81ae6deb2] - * logging.c, sudo.c: g/c pwcache_init/pwcache_destroy +2004-05-30 Todd C. Miller + + * UPGRADE: + Mention change in parse order for RunAs entries. + [dc73b0bca617] + + * configure: + regen + [07cce8e0534e] + +2004-05-29 Todd C. Miller + + * INSTALL, README.LDAP, config.h.in, configure.in: + o --with-ldap now takes an optional dir as a parameter o added + check for ldap_initialize() and start_tls_s() + [2b846c7974c6] + + * README.LDAP: + Fix some typos, word choice and formatting issues. + [00dc8ca84b10] + +2004-05-28 Todd C. Miller + + * tgetpass.c: + Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use + read/write as it is simpler. + [30f5446ee8b0] -2005-01-05 14:42 millert + * configure, configure.in: + Remove hack overriding cross-compiler check. It should no longer be + needed. + [22a6cbd88608] - * sudo.h: Undo last commit and add sudo_setspent and sudo_endspent - instead. + * compat.h: + Remove select() compat bits since we no longer use select(). + [d7bbf7cd36f5] -2005-01-05 14:41 millert + * CHANGES, tgetpass.c: + Use alarm() instead of select() for the timeout for systems that + don't fully/properly implement select(). + [d7cc60f15800] - * getspwuid.c, pwutil.c: Move all but the shadow stuff from - getspwuid.c to pwutil.c and pwcache_get and pwcache_put as they - are no longer needed. Also add preprocessor magic to use private - versions of the passwd and group routines if MYPW is defined (for - use by testsudoers). +2004-05-27 Todd C. Miller -2005-01-04 22:40 millert + * CHANGES: + synbc + [132a39788e07] - * tsgetgrpw.c: zero out struct passwd/group before filling it in so - if there are fields we don't handle they end up as 0. + * RUNSON: + update + [61ef508380c6] -2005-01-04 20:10 millert + * set_perms.c: + Deal with systems that have no way of setting the effective uid such + as nsr-tandem-nsk. + [306e00e9b5a4] - * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c: Adapt to - pwutil.c + * configure, configure.in: + Define NO_SAVED_IDS if we don't find seteuid() + [8588f18345cf] -2005-01-04 20:09 millert + * config.h.in, configure, configure.in: + Add back check for setreuid() since NSK doesn't have it. + [43127bd703d1] - * Makefile.in: Add tsgetgrpw.c and pwutil.c Rename the *OBJ - variables for better readability. + * sudoers.cat, sudoers.man.in: + regen + [af4f4b20e422] -2005-01-04 20:08 millert + * CHANGES: + sync + [29ca3b699c24] - * tsgetgrpw.c: Passwd and group lookup routines for testsudoers - that support alternate passwd and group files. + * BUGS: + sync + [3593f17f72ed] -2005-01-04 20:07 millert + * parse.c: + In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was + explicitly denied and the command matched. This fixes a long- + standing bug and makes: foo machine = (ALL) /usr/bin/blah + foo machine = (!bar) /usr/bin/blah - * getspwuid.c, pwutil.c: Split off pw/gr cache and dup code into - its own file. This allows visudo and testsudoers to use the - pw/gr cache too. + equivalent to: foo machine = (ALL, !bar) /usr/bin/blah + [2f5ee244985a] -2005-01-01 19:31 millert + * sudoers.pod: + Clarify mail_noperm + [3238b2d41989] - * parse.c: Print Defaults info in "sudo -l" output and wrap lines - based on the terminal width. +2004-05-20 Aaron Spangler -2005-01-01 12:41 millert + * Makefile.in: + Missing DESTDIR in make install for sudo_noexec.la + [91431e821525] - * match.c, visudo.c, testsudoers.c: Only check group vector in - usergr_matches() if we are matching the invoking or list user. - Always check the group members, even if there was a group vector. +2004-05-17 Todd C. Miller -2004-12-17 17:24 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [cdfde0dcb556] + + * TODO: + sync + [4799b7d8b62c] + + * sudoers.pod: + Remove fastboot/fasthalt (who still remembers these?) and add a + minimal sudoedit example. + [19d299f233cd] + + * sample.sudoers: + Remove fastboot/fasthalt (who still remembers these?) and add a + minimal sudoedit example. + [b1bca73d6250] + + * UPGRADE, sudo.c, visudo.c: + filesystem -> file system + [1e1afaf30469] + + * TROUBLESHOOTING: + filesystem -> file system + [39fb594e9338] + + * CHANGES, INSTALL: + filesystem -> file system + [85948b608ffe] + + * sudo.pod, sudoers.pod: + Fix some minor typos and formatting goofs + [e94d243a0b90] + + * lex.yy.c: + regen + [2eed0ab1f4c4] + + * visudo.pod: + remove my email addr + [b63262c0389b] + + * sudo.pod, sudoers.pod, visudo.pod: + Use @mansectform@ and @mansectsu@ everywhere Make man page + references links with L<> + [f459f4b9ddb9] + + * parse.lex: + Accept quoted globbing characters and pass them verbatim for + fnmatch() + [8248b86e9380] + + * UPGRADE: + Document that /tmp/.odus is gone. + [3667b66af5bb] + + * pathnames.h.in: + No longer use /tmp/.odus as a possible timestamp dir unless + specifically configured to do so. Instead, if no /var/run exists, + use /var/adm/sudo or /usr/adm/sudo. + [48d94c9f9ad4] + + * configure: + No longer use /tmp/.odus as a possible timestamp dir unless + specifically configured to do so. Instead, if no /var/run exists, + use /var/adm/sudo or /usr/adm/sudo. + [058d7b8cf07b] + + * aclocal.m4: + No longer use /tmp/.odus as a possible timestamp dir unless + specifically configured to do so. Instead, if no /var/run exists, + use /var/adm/sudo or /usr/adm/sudo. + [cf52c4c2803f] - * LICENSE, Makefile.in, fnmatch.3: No longer bundle fnmatch.3 + * CHANGES: + No longer use /tmp/.odus as a possible timestamp dir unless + specifically configured to do so. Instead, if no /var/run exists, + use /var/adm/sudo or /usr/adm/sudo. + [6058c4cefcec] + + * set_perms.c, sudo.c, tgetpass.c, visudo.c: + Preliminary changes to support nsr-tandem-nsk. Based on patches + from Tom Bates. + [2e5f81834383] -2004-12-17 13:12 millert + * logging.c: + Preliminary changes to support nsr-tandem-nsk. Based on patches + from Tom Bates. + [934bbe6872b6] - * CHANGES, TODO: checkpoint + * check.c, compat.h: + Preliminary changes to support nsr-tandem-nsk. Based on patches + from Tom Bates. + [390b698b5924] -2004-12-16 14:20 millert +2004-05-16 Todd C. Miller - * sudo.c: sort usage + * CHANGES: + There was no 1.6.7p6. + [8013d2e6b062] -2004-12-16 14:20 millert + * BUGS, CHANGES: + sync + [c38b41f32857] - * sudo.pod: Sort command line options + * Makefile.in: + add missing files to DISTFILES + [e6a80ad03039] -2004-12-16 13:33 millert + * sudo.cat, sudoers.cat, visudo.cat: + regen + [027bc9746dd5] - * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, - sudo.c, sudo.pod, sudoers.pod: Add closefrom sudoers option to - start closing at a point other than 3. Add closefrom_override - sudoers option and -C sudo flag to allow the user to specify a - different closefrom starting point. + * sudoers.man.in: + regen + [f5e85ef686cf] -2004-12-16 13:25 millert + * Makefile.in: + Fix some line wrap and update (c) year + [bad1f46aa1ca] - * pathnames.h.in: Add _PATH_DEVNULL for those without it. +2004-04-28 Aaron Spangler -2004-12-15 22:55 millert + * README.LDAP: + Build Note + [7a061248249b] - * LICENSE: no more UCB strcasecmp +2004-04-07 Aaron Spangler -2004-12-15 22:54 millert + * Makefile.in: + Fix install-dirs + [be0726dd92e7] - * strcasecmp.c: replace BSD licensed one with version derived from - pdksh +2004-04-05 Todd C. Miller -2004-12-09 21:07 millert + * sudo.tab.c: + regen + [3f4f0d1ab8b9] - * sudo.c: Fix last commit. + * visudo.c: + In Exit() when used as a signal handler, emsg is a pointer so + sizeof() is wrong so make it a #define instead. Also avoid using a + negative exit value. Found by Aaron Campbell + [78716a3a3fdc] -2004-12-09 19:26 millert +2004-03-24 Todd C. Miller - * sudo.c: Make sure stdin, stdout and stderr are open and dup them - to /dev/null if not. + * sudoers.pod: + Remove bogus sentence about uids in a User_List. Document usernames + vs. uid parsing in a Runas_List. + [7ca510b5031c] -2004-12-03 13:57 millert + * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: + If the user specified a uid with the -u flag and the uid exists in + the passwd file, set runas_user to the name, not the uid. - * ldap.c, mon_systrace.c, sudo.c, sudo.h: add sudo_ldap_close + When comparing usernames in sudoers, if a name is really a uid + (starts with '#') compare it numerically to pw_uid. + [8d6935d04673] -2004-12-03 13:52 millert +2004-03-22 Todd C. Miller - * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c: - Use TIME_WITH_SYS_TIME + * auth/kerb5.c: + krb5_mcc_ops should be const; Johnny C. Lam + [aa8c753e426e] -2004-12-03 13:48 millert +2004-02-28 Aaron Spangler - * configure, configure.in, config.h.in: Add TIME_WITH_SYS_TIME_H + * CHANGES, config.h.in, ldap.c: + Added start_tls support + [7ef864c15b69] -2004-12-02 11:18 millert +2004-02-14 Todd C. Miller - * env.c: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE - being set unconditionally on darwin. From Toby Peterson. + * Makefile.in: + Clean up libtool stuff for 'make distclean' and add def_data.c, + def_data.h to PARSESRCS. + [bf9bb6bb06ab] -2004-12-02 10:40 millert +2004-02-14 Aaron Spangler - * getspwuid.c: Check rbinsert() return value. In the case of faked - up entries there is usually a negative response cached that we - need to overwrite. + * strlcat.c, strlcpy.c: + Un-Fix last license munge + [42654b77ac71] - In pwfree() don't try to zero out a NULL pw_passwd pointer. +2004-02-13 Todd C. Miller -2004-12-02 09:53 millert + * configure: + regen + [e4de6b23a4dc] - * mon_systrace.c: Use the double fork trick to avoid the monitor - process being waited for by the main program run through sudo. + * CHANGES, RUNSON, TODO: + checkpoint + [94e1ace84d5c] -2004-11-29 12:52 millert + * lex.yy.c, sudo.tab.c: + regen + [8ce784505643] - * sudo.c: Call initgroups() in -U mode so group matches work - normally. + * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, + emul/search.h, emul/utime.h: + More to a less restrictive, ISC-style license. + [a31b20e48003] -2004-11-29 12:34 millert + * auth/kerb5.c, auth/pam.c: + More to a less restrictive, ISC-style license. + [e41f92b41216] - * def_data.h, mkdefaults: Don't print a trailing comma for the last - entry in enum def_tupple + * auth/dce.c, auth/fwtk.c, auth/kerb4.c: + More to a less restrictive, ISC-style license. + [87534c164a52] -2004-11-28 16:08 millert + * auth/bsdauth.c: + More to a less restrictive, ISC-style license. + [e21be6594b58] - * sudoers.cat, sudoers.man.in, sudoers.pod: Mention values when - lecture, listpw and verifypw are used in boolean context. + * auth/afs.c, auth/aix_auth.c, zero_bytes.c: + More to a less restrictive, ISC-style license. + [6d234be91c5e] -2004-11-28 16:05 millert + * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c, + visudo.man.in, visudo.pod: + More to a less restrictive, ISC-style license. + [b02aea324fd6] - * def_data.c, def_data.in: verifypw when used in a boolean TRUE - context should be "all", not "any". + * sudo_noexec.c: + More to a less restrictive, ISC-style license. + [a6da7631e0b2] -2004-11-26 14:21 millert + * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, + sudo_edit.c: + More to a less restrictive, ISC-style license. + [71cdcc241e94] - * def_data.in, defaults.c: Allow tuples that can be used as - booleans to be used as boolean TRUE. In this case the 2nd - possible value of the tuple is used for TRUE. + * sigaction.c, strerror.c: + More to a less restrictive, ISC-style license. + [4bccdedca58a] -2004-11-25 12:23 millert + * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in, + set_perms.c: + More to a less restrictive, ISC-style license. + [64d772d70ab3] - * configure, configure.in: Correct the test for 2-parameter - timespecsub + * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, interfaces.c, interfaces.h: + More to a less restrictive, ISC-style license. + [520381c60a54] -2004-11-25 12:20 millert + * find_path.c, getprogname.c: + More to a less restrictive, ISC-style license. + [f605d5eab6f1] - * sudo.h: Add strub struct definitions for passwd, timeval and - timespec + * fileops.c: + More to a less restrictive, ISC-style license. + [4129a8b38a67] -2004-11-25 12:09 millert + * env.c: + More to a less restrictive, ISC-style license. + [d5bd859757de] - * configure, configure.in, config.h.in, sudo_edit.c, visudo.c: Add - check for 2-argument form of timespecsub (FreeBSD and BSD/OS) and - fix a typo in the gettimeofday check. + * defaults.h: + More to a less restrictive, ISC-style license. + [008f5d5743f5] -2004-11-24 16:44 millert + * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h, + defaults.c: + More to a less restrictive, ISC-style license. + [d8d7bfc8a18b] - * match.c, testsudoers.c: Deal with user_stat being NULL as it is - for visudo and testsudoers. + * utime.c, version.h: + More to a less restrictive, ISC-style license. + [e2e038ad8209] -2004-11-24 16:31 millert + * parse.lex, parse.yacc: + More to a less restrictive, ISC-style license. + [2f5942e847a1] - * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod: Add -U - option to use in conjunction with -l instead of -u. Add support - for "sudo -l command" to test a specific command. + * Makefile.binary: + More to a less restrictive, ISC-style license. + [1ed561734535] -2004-11-24 16:28 millert +2004-02-13 Aaron Spangler - * gram.c, gram.y, sudo.c: Set safe_cmnd after sudoers_lookup() if - it has not been set. Previously it was set by sudo "ALL" in the - parser but at that point the fully-qualified pathname has not yet - been found. + * sudoers2ldif: + Merged in LDAP Support + [3994c4d05947] -2004-11-23 18:18 millert + * ldap.c, sudo.c, sudo.h: + Merged in LDAP Support + [547eaa346fcc] - * parse.c, testsudoers.c: Correctly handle multiple privileges per - userspec and runas inheritence. + * def_data.c, def_data.h, def_data.in: + Merged in LDAP Support + [8fb255280e42] -2004-11-21 14:09 millert + * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in: + Merged in LDAP Support + [1038092a161e] - * defaults.c: Zero out sd_un for each entry in sudo_defs_table in - init_defaults. +2004-02-08 Todd C. Miller -2004-11-19 18:04 millert + * sudo.h, sudo_noexec.c: + Only do "extern int errno" if errno is not a macro. + [b2e02a08be8b] - * toke.c, toke.l: make per-command defaults work with sudoedit +2004-02-06 Todd C. Miller -2004-11-19 18:00 millert + * set_perms.c: + setreuid(0, 0) fails on QNX if the euid is not already 0 so set the + euid first, then just call setuid(0) to set the real uid too. + [f08546e2e0ee] - * ldap.c, parse.c, sudo.c, sudo.h: Remove the FLAG_NOPASS, - FLAG_NOEXEC and FLAG_MONITOR flags. Instead, we just set the - approriate defaults variable. + * set_perms.c: + Use setresuid() and setreuid() for PERM_RUNAS when appropriate + instead of seteuid() which may not exist. + [ba508581befb] -2004-11-19 17:09 millert +2004-02-04 Todd C. Miller - * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod: - Document per-command Defaults. + * LICENSE: + 2004 + [37425513a342] -2004-11-19 16:35 millert + * INSTALL, config.h.in, configure, configure.in, ins_classic.h: + Add --with-pc-insults configure option + [7daa5294c17b] - * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c, - sudo.c, testsudoers.c, toke.c, toke.l, visudo.c: Add support for - command-specific Defaults entries. E.g. - Defaults!/usr/bin/vi noexec + * visudo.man.in: + Prefer VISUAL over EDITOR like old vipw did. + [996252a4ab65] -2004-11-19 15:03 millert +2004-02-01 Todd C. Miller - * defaults.c, match.c, parse.c, parse.h, testsudoers.c: Change an - occurence of user_matches() -> runas_matches() missed previously - runas_matches(), host_matches() and cmnd_matches() only really - need to pass in a list of members. user_matches() still needs to - pass in a passwd struct because of "sudo -l" + * sudo.man.in, sudoers.man.in: + regen + [a247f1c52eb9] + + * sudoers.pod: + Add a note that noexec is not a cure-all. + [9e7fc535367d] + + * sudoers.pod: + Mention that disabling "root_sudo" is pretty pointless. + [f38a415afba0] + + * configure, configure.in: + Substitute for root_sudo in sudoers.pod + [ce483cfc86be] + + * sudo.pod: + Add sudoedit to the NAME section + [51bc453ec2f6] + + * sudoers.pod: + Document that fact that setting ignore_dot in sudoers has no effect + due to the fact that find_path() is called *before* sudoers is read. + [6808df7e417c] + +2004-01-30 Todd C. Miller -2004-11-19 14:46 millert + * sudo_edit.c: + Do not require _PATH_USRTMP to be set. + [546f3270dd10] - * parse.c: Check def_authenticate, def_noexec and def_monitor when - setting return flags. XXX May be better to just set the defaults - directly and get rid of those flags. + * BUGS, CHANGES, TODO: + sync + [4205ddeab781] -2004-11-19 13:39 millert + * sudo.man.in: + regen + [e2143690a88a] - * alias.c, alloc.c, check.c, closefrom.c, defaults.c, env.c, - error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, - getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c, - gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c, - mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c, - strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, - sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, - toke.l, utimes.c, visudo.c, zero_bytes.c, auth/afs.c, - auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c: Use: #include - Not: #include "config.h" That way we get the correct - config.h when build dir != src dir + * sudo.pod: + Clarify that when sudo is run by root with the SUDO_USER variable + set, the sudoers lookup happens for root and not the SUDO_USER user. + [47207bec1bdf] + +2004-01-29 Todd C. Miller + + * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c, + set_perms.c, sigaction.c, sudo.c, tgetpass.c: + Use the SET, CLR and ISSET macros. + [a8b0d7f1e8fd] + + * fnmatch.c: + Use the SET, CLR and ISSET macros. + [1afbcba22ba6] + + * defaults.c, env.c: + Use the SET, CLR and ISSET macros. + [2f39431e0a49] + + * interfaces.h: + MAIN was replaced with _SUDO_MAIN some time ago. + [ea1b38f2ac9d] + + * sudo.c: + Don't look at prev_user until after we've parsed sudoers and done + the password check. That way, if sudo/sudoedit is run from a root + process that was invoked by sudo, we check sudoers for root, not the + previous user. This makes sudoedit much more useful and means that + for the sudo case, we get correct logging on who actually ran the + command. + [431dfbf20552] + +2004-01-23 Todd C. Miller + + * sudo_edit.c: + Add a comment describing why we need to be notified about our child + stopping. + [0bec3ce4b49d] + +2004-01-22 Todd C. Miller + + * def_data.c, def_data.in: + Update the noexec variable descriptions + [9cb7f1aa0e57] + + * sudoers.man.in, sudoers.pod: + noexec now replaces more than just execve() + [23cbdc0ee95c] + + * sudo_noexec.c: + Alas, all the world does not go through execve(2). Many systems + still have an execv(2) system call, Linux 2.6 provides fexecve(2) + and it is not uncommon for libc to have underscore ('_') versions of + the functions to be used internally by the library. Instead of + stubbing all these out by hand, define a macro and let it do the + work. Extra exec functions pointed out by Reznic Valery. + [9fa0cd871b0c] + + * sudo.c, sudo_edit.c: + Fix suspending the editor in -e mode. Because we do a fork() first + we need to be notified when the child has been stopped and then send + that same signal to ourself so the shell can do its job control + thing. + [773165eb6057] + + * visudo.c: + Use WIFEXITED and WEXITSTATUS macros. If there are systems out + there that want to run sudo that still don't support these we can + try to deal with that later. + [6af68e4aff60] + + * lex.yy.c: + regen + [403435317d5d] + + * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod: + Document sudo -e / sudoedit + [a80f6ea910af] + + * configure, configure.in: + fix typo + [5020fcdc27f4] + + * config.h.in, configure.in: + Add SET/CLR/ISSET + [03ff57286e7e] + +2004-01-21 Todd C. Miller + + * sudo.c: + Allow non-exclusive flags when invoked as sudoedit. Pretty print the + long usage() line to not wrap (assumes 80 char display) + [3941fa4004bb] + + * Makefile.in, sudo.c: + If sudo is invoked as "sudoedit" the -e flag is implied and no other + flags are permitted. + [929670b01293] + + * sudo.h: + Add a new flag, -e, that makes it possible to give users the ability + to edit files with the editor of their choice as the invoking user, + not the runas user. Temporary files are used for the actual edit + and the temp file is copied over the original after the editor is + done. + [c4051414c1f4] + + * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: + Add a new flag, -e, that makes it possible to give users the ability + to edit files with the editor of their choice as the invoking user, + not the runas user. Temporary files are used for the actual edit + and the temp file is copied over the original after the editor is + done. + [37ac05c8ac3c] + + * env.c, sudo.c: + If real uid == 0 and the SUDO_USER environment variables is set, use + that to determine the invoking user's true identity. That way the + proper info gets logged by someone who has done "sudo su" but still + uses sudo to as root. We can't do this for non-root users since + that would open up a security hole, though perhaps it would be + acceptable to use getlogin(2) on OSes where this a system call (and + doesn't just look in the utmp file). + [c2f9198708a1] + + * pathnames.h.in: + Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP + [7d9e5768df93] + + * config.h.in, configure, configure.in: + Add check for fchown(2) + [a85df18798ed] + +2004-01-20 Todd C. Miller + + * sudo.c: + Back out portions of the -i commit that set NewArgv[0] in + set_runaspw. It is far to late to set NewArgv[0] there and will have + no effect anyway as cmnd and safe_cmnd have already been set. + [c2d343430c1c] + + * visudo.c, visudo.pod: + Prefer VISUAL over EDITOR like old vipw did. + [ae32f477cea3] + +2004-01-19 Todd C. Miller + + * env.c, sudo.c: + In -i mode always set new environment based on the runas user's + passwd entry. + [fa653b7887a8] + +2004-01-18 Todd C. Miller + + * sudo.man.in, sudo.pod: + Document the new -i flag and sync SYNOPSIS section with usage() in + sudo.c. Also sort the flags in the OPTIONS section. + [6aabc0ffc47e] + + * sudo.c, sudo.h: + o Add -i that acts similar to "su -", based on patches from David J. + MacKenzie o Sort the flags in the usage message + [c0fe7d6beffd] + + * sudoers.man.in, sudoers.pod: + Add a missing @runas_default@ substitution. + [60516fe2d090] + +2004-01-17 Todd C. Miller + + * sudo.c: + Change euid to runas user before calling find_path(). + Unfortunately, though runas_user can be modified in sudoers we + haven't parsed sudoers yet. + [f469fdf2e313] + + * sudoers.man.in, sudoers.pod: + Add missing defintion of Parameter_List and use single pipes in the + Defaults EBNF definition. + [f7bed6e909bf] + + * sudo.c: + Fix a bug when set_runaspw() is used as a callback. We don't want + to reset the contents of runas_pw if the user specified a user via + the -u flag. + + Avoid unnecessary passwd lookups in set_authpw(). In most cases we + already have the info in runas_pw. + [efc35623ba09] + +2004-01-16 Todd C. Miller + + * check.c: + Add Stan Lee / Uncle Ben quote to the lecture from RedHat + [ebd5a76ccd7e] + + * sudo.h: + Update sudo_getepw() proto and add one for set_runaspw() + [6ed65795c17f] + + * parse.c: + If we can't stat the command as root, try as the runas user instead. + [ae713fca0e15] + + * testsudoers.c, visudo.c: + Add stub set_runaspw() function + [42aa37050053] + + * sudo.c: + Add set_runaspw() function to fill in runas_pw. This will be used + as a callback to update runas_pw when the runas user changes. + [e570aa0088d0] + + * env.c, sudo.c: + PERM_RUNAS -> PERM_FULL_RUNAS + [51eec6f9e89a] + + * set_perms.c, sudo.h: + Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just + changes the euid. + [877c6fe4d12c] + + * getspwuid.c: + Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in + one chunk for easy free()ing. Also change it from static to extern. + [ab503260a7ec] + + * defaults.c, defaults.h: + Add callback support + [a61c4ca983fb] + + * mkdefaults: + Add a callback field and use it for runas_default + [96b69c27df5e] + + * def_data.c, def_data.in: + Add a callback field and use it for runas_default + [d3e9f06872b8] + +2004-01-15 Todd C. Miller + + * auth/fwtk.c: + Add support for chalnecho and display server responses used by fwtk + >= 2.0 + [b1870f7aaf0d] + +2004-01-12 Todd C. Miller + + * sudoers.man.in, sudoers.pod: + ld.so is ld.so.1 on solaris + [2bf9a123fa4c] + + * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h: + Use closefrom() instead of doing the equivalent inline. + [7e3ef6072884] + + * closefrom.c: + closefrom(3) for systems w/o it + [35caf58bb636] + +2004-01-09 Todd C. Miller + + * sudoers.man.in: + Update from .pod file. + [d4c94fc0e0c9] + + * configure, configure.in: + Substitute noexec_file for the sudoers man page + [203d3376a551] + + * sudo.man.in, sudo.pod: + Mention noexec + [014375ddbb06] + + * sudoers.man.in, sudoers.pod: + Document noexec + [49a65d06201f] + + * auth/pam.c, config.h.in, configure.in: + Move PAM_CONST macro definition from config.h to pam.c where it + belongs. We can't have this in config.h since that gets included too + early. + [e64748071637] + + * auth/pam.c, config.h.in, configure, configure.in: + Some PAM implementations put their headers in /usr/include/pam + instead of /usr/include/security. + [8cc749e9575c] + + * configure.in: + I missed changing the EXEC macro -> EXECV here when I changed this + in config.h.in and sudo.c a while ago. + [6f5afac7789f] + + * acsite.m4: + OpenBSD vax/m88k/hppa don't do shared libs + [e4901d958bb7] + + * configure, configure.in: + o merge the hpux case entries into a single entry w/ its own sub- + case statement. o HP-UX >= 11 support getspnam(), use it in + preference to getprpwuid() + [0caad428894e] + + * configure, configure.in: + eval $shrext so that it expands nicely on MacOS X + [40419343eef8] + + * Makefile.in: + Don't lie about making a module, it does the wrong thing on mach + [7629b28f5688] + + * ltmain.sh: + Remove requirement that libs must begin with "lib". They don't when + we point directly at the lib using LD_PRELOAD or its equivalent. + [d66f3de6ec85] + + * acsite.m4: + Disable support for c++, f77 and java. We don't need it, it takes a + lot of time, and it hosed our check for shared lib support. + [4f5749c52ce4] + + * configure: + regen + [160865e9d15f] + + * configure.in: + Call AC_ENABLE_SHARED and check the status of enable_shared to know + when shared libs are available. + [42504c1668fc] + + * acsite.m4: + Duh, OpenBSD suports shared libs too + [8e3cd9417475] + + * config.h.in, configure.in: + Only OpenPAM and Linux PAM use const qualifiers. + [b2f76476e866] + + * configure, configure.in: + o No need to check for sed, libtool config does that for us o move + check for --with-noexec until after libtool magic is run so we can + use $can_build_shared and $shrext + [668c656e89cc] + + * ltmain.sh: + Don't print a bunch of crap about library installs since we are not + really installing a library. + [83fbcad29fe4] + + * env.c: + Make format_env() varargs Add noexec support for Darwin, MacOS X, + Irix, and Tru64 + [468885d75d10] + + * acsite.m4, ltconfig, ltmain.sh: + Update to libtool 1.5 with local changes: o no ldconfig in the + finish step o assume no libprefix or version is needed + [4961cffc3797] + + * sudo_noexec.c: + Fix compilation under K&R + [8b309bf0b1b2] + +2004-01-06 Todd C. Miller + + * CHANGES: + checkpoint + [3c368badab32] + + * sudo_noexec.c: + stub execve() that just returns EACCES; used for noexec + functionality + [1297acae283a] + + * sudo.tab.h: + Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with + generated code. + [dcab78c49273] + + * sudo.tab.c: + Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with + generated code. + [0a61c735eabe] + +2004-01-05 Todd C. Miller + + * def_data.c, def_data.h, def_data.in: + Move the environment defaults to the end and shorten a few of the + descriptions. + [66787b9c612c] + + * configure, configure.in: + no shared libs on ultris or convexos + [2c5f3c456e32] + + * Makefile.in, configure, configure.in: + Build sudo_noexec shared object using libtool; could use some + cleanup. + [373f483555dd] + + * acsite.m4, ltconfig, ltmain.sh: + libtool scaffolding + [c903a42e3d90] + + * parse.yacc, sudo.tab.c: + Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not + important. + [c6e8a34639a4] + + * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex, + parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c: + update copyright year + [a16372ae1711] + + * configure, configure.in, defaults.c, env.c, pathnames.h.in: + Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure + option. The default value of noexec_file is set to this. + [7d88e1d3c494] -2004-11-19 13:30 millert + * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c, + parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, + sudo.tab.h: + Add support for preloading a shared object containing a dummy + execve() function that just sets error and returns -1. This adds a + "noexec_file" option to load the filename as well as a "noexec" flag + to enable it unconditionally. There is also a NOEXEC tag that can + be attached to specific commands and an EXEC tag to disable it. + [c8b6712feb91] + + * mkdefaults: + add missing newline to usage statement + [e84746618362] + + * config.h.in, sudo.c: + Rename EXEC macro -> EXECV + [ddaa0c027299] + + * logging.c: + Don't truncate usernames to 8 characters in the log message. + [f62a20f27075] + + * check.c, sudoers.man.in, sudoers.pod: + Update copyright year + [ca9964054085] - * Makefile.in: Back out part of rev 1.263; fix -I order + * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in, + sudoers.pod: + Add a new option, lecture_file, that can be used to point to a + custom sudo lecture. + [940133231216] -2004-11-19 13:12 millert +2003-12-31 Todd C. Miller - * toke.c, toke.l: More robust parsing if #include; could be much - better still. + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/sudo_auth.c: + Add a zero_bytes() function to do the equivalent of bzero in such a + way that will heopfully not be optimized away by sneaky compilers. + [161b6d74bfb4] -2004-11-19 12:55 millert + * zero_bytes.c: + Add a zero_bytes() function to do the equivalent of bzero in such a + way that will heopfully not be optimized away by sneaky compilers. + [d035abf0af94] - * sudo_edit.c, visudo.c: Make arg splitting in visudo and sudoedit - consistent. + * Makefile.in, sudo.h: + Add a zero_bytes() function to do the equivalent of bzero in such a + way that will heopfully not be optimized away by sneaky compilers. + [ff136de3e255] -2004-11-19 12:35 millert + * err.c: + Use #ifdef __STDC__, not #if __STDC__. + [6889dd6bc51a] - * Makefile.in, alias.c, gram.c, gram.y, parse.h: Split alias - routines out into their own file. +2003-12-30 Todd C. Miller -2004-11-19 12:32 millert + * mkdefaults: + Always put at least one space between the def_* macro name and its + definition. + [6b3ad0e6619a] - * error.h: __attribute__ is already defined in compat.h + * configure, configure.in: + Adjust code for --without-lecture to match new values. + [062aa788a6b9] -2004-11-19 12:30 millert + * visudo.man.in: + regen after pasto fix + [3deec16906c0] - * visudo.c: quit() should not be __noreturn__ as it is non-void on - some platforms. + * sudoers.man.in, sudoers.pod: + Document that "lecture" has changed from a flag to a tuple. + [e2c03062b533] -2004-11-19 12:24 millert + * check.c, def_data.c, def_data.h, def_data.in, defaults.c, + defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h: + Add support for tuples in def_data.in; these are implemented as an + enum type. Currently there is only a single tuple enum but in the + future we may have one tuple enum per T_TUPLE entry in def_data.in. + Currently listpw, verifypw and lecture are tuples. This avoids the + need to have two entries (one ival, one str) for pwflags and syslog + values. + + lecture is now a tuple with the following values: never, once, + always + + We no longer use both an int and string entry for syslog facilities + and priorities. Instead, there are logfac2str() and logpri2str() + functions that get used when we need to print the string values. + [5293f946c836] + + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, + check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c, + logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c, + sudo.tab.c, visudo.c: + Create def_* macros for each defaults value so we no longer need the + def_{flag,ival,str,list,mode} macros (which have been removed). This + is a step toward more flexible data types in def_data.in. + [009c02934106] + + * TODO: + checkpoint + [0a99a4bb5d15] - * auth/: fwtk.c, rfc1938.c, securid.c, securid5.c: Add local - error/warning functions like err/warn but that call an additional - cleanup routine in the error case. This means we no longer need - to compile a special version of alloc.o for visudo. +2003-12-23 Todd C. Miller + + * sudo.c: + If we are in -k/-K mode, just spew to stderr. It is not unusual for + users to place "sudo -k" in a .logout file which can cause sudo to + be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died. + Previously, this would result in useless mail and logging. + [d282e7ed63af] -2004-11-19 11:54 millert +2003-12-16 Todd C. Miller - * parse.h: Clarify comments about the data structures + * visudo.pod: + fix pasto in VISUAL description + [1c6a6148b5f9] -2004-11-18 15:28 millert +2003-12-10 Todd C. Miller - * visudo.c: Add support for VISUAL and EDITOR containing command - line args. If env_editor is not set any args in VISUAL and - EDITOR are ignored. Arguments are also now supported in - def_editor. + * configure: + regen + [f44312c63799] -2004-11-17 14:25 millert + * CHANGES: + checkpoint + [0c42e38f78d5] - * parse.h: alias_matches() is no more + * TROUBLESHOOTING: + Some OSes (like Solaris) allow export w/ nosuid too + [973ce85ffa12] -2004-11-17 14:09 millert +2003-08-12 Todd C. Miller - * CHANGES, TODO: sync + * compat.h: + We don't use FD_ZERO anymore so just define FD_SET (if not already + there). + [d1c8c11905cd] -2004-11-17 13:19 millert +2003-06-29 Todd C. Miller - * Makefile.in: When regenerating the parser, don't replace gram.h - unless it has changed. + * auth/pam.c: + Fix a core dump on Solaris by preserving the pam_handle_t we used + during authentication for pam_prep_user(). If we didn't + authenticate (ie: ticket still valid), we call pam_init() from + pam_prep_user(). This is something of a hack; it may be better to + change the auth API and add an auth_final() function that acts like + pam_prep_user(). + [f787de49b175] -2004-11-17 11:56 millert +2003-06-21 Todd C. Miller - * Makefile.in: remove Makefile.binary for distclean + * set_perms.c: + Add explicit declaration of printerr variable in function header + (was defaulting to int which is OK but oh so K&R :-). From Theo. + [492c2358783f] -2004-11-17 11:18 millert +2003-06-09 Todd C. Miller - * env.c: Preserve KRB5CCNAME in zero_env() and add a paranoia check - to make sure we can't overflow new_env. + * config.h.in, configure.in: + s/HAVE_STOW/USE_STOW/ + [4b99e1824ece] -2004-11-17 10:33 millert + * logging.c: + Also exit waitpid() loop when pid == 0. Fixes a problem where the + sudo process would spin eating up CPU until sendmail finished when + it has to send mail. + [ec3d5792b9b4] + +2003-05-30 Todd C. Miller - * sudo_edit.c: paranoia when stripping trailing slashes from - tempdir. + * fnmatch.c: + Remove advertising clause, UCB has disavowed it + [43a26bbd6628] -2004-11-16 19:00 millert + * fnmatch.3: + Remove advertising clause, UCB has disavowed it + [3ff24291bcfa] - * sudo.c: Set user_ngroups to 0 if getgroups() returns an error. +2003-05-22 Todd C. Miller -2004-11-16 18:59 millert + * parse.c: + Don't assume that getgrnam() calls don't modify contents of struct + passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen. + Based on a patch from Kirk Webb. + [5574c68f60f3] - * configure, configure.in, config.h.in, sudo.c: Add configure check - for getgroups() +2003-05-06 Todd C. Miller -2004-11-16 18:55 millert + * configure.in: + missing ;; + [22378f2a9d31] - * ldap.c: Use supplementary group vector in struct sudo_user. + * configure.in: + darwin has a broken setreuid() in at least some versions + [d572aed930d2] -2004-11-16 18:40 millert + * env.c: + Fix an off by one error when reallocating the environment; Kevin Pye + [3d98e7cf097a] - * match.c: Only do string comparisons on the group members if there - is no supplemental group list. +2003-04-30 Todd C. Miller -2004-11-16 16:10 millert + * sudoers.pod: + Fix User_Spec definition; SEKINE Tatsuo + [49b0da65e090] - * CHANGES, TODO: sync +2003-04-28 Todd C. Miller -2004-11-16 15:54 millert + * HISTORY: + More info on the early days from Coggs. + [9381ca10b06b] - * sudo_edit.c: On Digital UNIX _PATH_VAR_TMP doesn't end with a - trailing slash so chop off any trailing slashes we see and add an - explicit one. +2003-04-21 Todd C. Miller -2004-11-16 12:02 millert + * auth/kerb5.c: + remove errant semicolon that prevented compilation under heimdal + [d2f2bb73a598] - * match.c: remove bogus XXX comment +2003-04-16 Todd C. Miller -2004-11-16 11:10 millert + * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod: + add DARPA credit on affected files + [7020785ee50d] - * match.c: Get rid of alias_matches and correctly fall through to - the non-alias cases when there is no alias with the specified - name. + * sudoers.pod: + add DARPA credit on affected files + [83b46318750b] -2004-11-16 10:47 millert + * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, + sudoers.man.in: + add DARPA credit on affected files + [d8adf1c2ba22] - * getspwuid.c: Cache non-existent passwd/group entries too. + * set_perms.c: + add DARPA credit on affected files + [3d79fdabb582] -2004-11-16 10:45 millert + * pathnames.h.in: + add DARPA credit on affected files + [e334cdda422f] - * gram.c: regen + * logging.c, parse.c: + add DARPA credit on affected files + [8f75f822755b] -2004-11-15 23:32 millert + * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c, + find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c, + interfaces.h: + add DARPA credit on affected files + [da66e28fb3f5] - * getspwuid.c: fix typo + * auth/kerb5.c, auth/pam.c: + add DARPA credit on affected files + [15da3021b49c] -2004-11-15 23:24 millert + * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, + auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c, + version.h: + add DARPA credit on affected files + [868d54cbddea] - * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c, - mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c: - Implement group caching and use the passwd and group caches - throughout. + * env.c: + add DARPA credit on affected files + [90239f51ef0a] -2004-11-15 14:43 millert + * defaults.c, defaults.h: + add DARPA credit on affected files + [6a64205fd1eb] - * match.c: Properly negate the return value of alias_matches() when - appropriate. + * compat.h: + add DARPA credit on affected files + [316a735783c4] -2004-11-15 14:38 millert + * Makefile.in, alloc.c, check.c: + add DARPA credit on affected files + [cd939e05c810] - * match.c: Make hostname_matches() return TRUE for a match, else - FALSE like the caller expects. + * LICENSE: + slightly different wording for the darpa credit + [e468909c4a21] -2004-11-15 13:24 millert +2003-04-15 Todd C. Miller - * Makefile.in: Add missing dependencies on gram.h + * LICENSE: + Add DARPA credit + [8eb20e2cd63e] -2004-11-15 13:06 millert +2003-04-14 Todd C. Miller - * match.c: Use runas_matches in alias_matches() now that we have - it. + * auth/kerb5.c: + Use krb5_princ_component() instead of krb5_princ_realm() for MIT + Kerberos like we did before I messed things up ;-) -2004-11-15 13:00 millert + Use krb5_principal_get_comp_string() to do the same thing w/ + Heimdal. I'm not sure if the component should be 0 or 1 in this + case. - * parse.c, parse.h: Expand aliases in "sudo -l" mode + #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since + older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there + should be a configure check for this I guess. + [74919a3933fe] -2004-11-15 12:33 millert +2003-04-13 Todd C. Miller - * gram.y, match.c: Use ALIAS for the member type when storing an - alias instead of HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since - match.c relies on the more generic type. Expand runas_matches - instead of calling user_matches() inside of it since - user_matches() looks up USERALIASes, not RUNASALIASes. + * sample.sudoers: + builtin -> built-in; Jason McIntyre + [027f2187923e] + + * TROUBLESHOOTING, config.h.in, configure, configure.in: + builtin -> built-in; Jason McIntyre + [70b81ac48943] + + * sudoers.pod: + built in -> built-in; Jason McIntyre + [da658ef5138d] + +2003-04-09 Todd C. Miller + + * CHANGES: + checkpoint for 1.6.7p3 + [da85f989fadf] + + * HISTORY: + Update info on the early years @ SUNY-Buffalo from Cliff Spencer. + Amazingly, sudo source from 1985 is available via groups.google.com + [39e0fc85b89f] + + * sudo.c: + Don't change rl.rlim_max for RLIMIT_CORE. We need only set + rl.rlim_cur to 0 to turn off core dumps. This may be needed for the + RLIMIT_CORE restoration on some OSes. + [7e2c1a7adfd8] + +2003-04-04 Todd C. Miller + + * auth/kerb5.c: + Make this compile on Heimdal and MIT Kerberos 5 + [44c07d615868] + + * config.h.in, configure, configure.in: + Check for heimdal even if we found krb5-config and define + HAVE_HEIMDAL. + [aba0126f0059] -2004-11-15 12:05 millert + * auth/kerb5.c: + Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is + no longer defined by MIT kerb5 (though it used to be and indeed + remains so in Heimdal). + [e5a6c64d7cd5] - * CHANGES, getspwuid.c: Paranoia; zero out pw_passwd before freeing - passwd entry. +2003-04-03 Todd C. Miller -2004-11-15 10:53 millert + * mkinstalldirs: + Remove newer stuff that passes multiple (possibly duplicate) + directories to "mkdir -p" since that seems to break on Tru64 Unix at + least. This basically brings back what shipped with sudo 1.6.6. + [f2a1abd872b3] - * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure, - configure.in, err.c, error.c, error.h, defaults.c, env.c, - find_path.c, interfaces.c, logging.c, mon_systrace.c, sudo.c, - sudo.h, sudo_edit.c, testsudoers.c, visudo.c, emul/err.h: Add - local error/warning functions like err/warn but that call an - additional cleanup routine in the error case. This means we no - longer need to compile a special version of alloc.o for visudo. +2003-04-02 Todd C. Miller -2004-11-15 09:59 millert + * auth/kerb5.c: + Correct number of args to krb5_principal_get_realm() and fix an + unclosed comment that hid the bug. + [0b37f8ce7824] - * match.c: Use userpw_matches() to compare usernames, not strcmp(), - since the latter checks for "#uid". + * configure: + regen + [1876cb840fe0] -2004-11-15 09:53 millert + * configure.in: + ++version + [480aff7c048e] - * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c: Cache passwd - db entries in 2 reb-black trees; one indexed by uid, the other by - user name. The data returned from the cache should be considered - read-only and is destroyed by sudo_endpwent(). + * README: + ++version + [488e0bbff613] -2004-11-15 09:50 millert + * Makefile.in: + ++version + [97ef63cedc38] - * match.c: add cast to uid_t + * INSTALL.binary: + ++version + [a506204e77d0] -2004-11-15 09:49 millert + * INSTALL: + ++version + [555aeba5c2bf] - * gram.y: missing free in alias_destroy + * CHANGES, version.h: + ++version + [f66985a64063] -2004-11-15 09:49 millert + * BUGS: + ++version + [ea3573432412] - * redblack.c: Can't use rbapply() for rbdestroy since the - destructor is passed a data pointer, not a node pointer. + * configure.in: + use krb5-config to determine Kerberos V details if it exists + [7b46bbdaf774] + + * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c, + auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c, + find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h, + testsudoers.c, visudo.c: + Use warn/err and getprogname() throughout. The main exception is + openlog(). Since the admin may be filtering logs based on the + program name in the log files, hard code this to "sudo". + [9f180d015cfa] + + * Makefile.in: + Add getprogname.c and err.c + [d411c54a07dc] + + * configure: + regen + [6d585d391acc] + + * config.h.in, configure.in: + Add checks for getprognam(), __progname and err.h + [bcbccf61d34a] + + * emul/err.h: + For systems withour err/warn functions. + [1b33118884d9] + + * err.c: + For systems withour err/warn functions. + [26721f6b041f] + + * getprogname.c: + For systems neither getprogname() nor __progname; uses Argv[0]. + [841cf42af1eb] + +2003-04-01 Todd C. Miller + + * CHANGES: + checkpoint for 1.6.7p1 + [5bfdaf441dce] + + * sudo.c, testsudoers.c: + fix strlcpy() rval check (innocuous) + [e05ac7e0d1f3] + + * check.c: + oflow detection in expand_prompt() was faulty (false positives). The + count was based on strlcat() return value which includes the length + of the entire string. + [086c5a0acb25] + +2003-03-31 Todd C. Miller + + * RUNSON, TODO: + checkpoint for the sudo 1.6.7 release + [096bab4da29a] [SUDO_1_6_7] + + * CHANGES: + checkpoint for the sudo 1.6.7 release + [87322187ed78] + +2003-03-24 Todd C. Miller + + * logging.c: + g/c unused variable + [c57cd4a17765] + + * configure: + regen + [e7c1f581dfac] + + * configure.in: + use man sections 8 and 5 for csops + [87de581bda88] + +2003-03-21 Todd C. Miller + + * configure: + regen + [cb1433a9c7a1] + + * configure.in: + Add -lskey or -lopie directly to SUDO_LIBS instead of having + AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage. + [ac5667978939] + + * configure: + regen + [638459118a2a] + + * configure.in: + Add --with-blibpath for AIX. An alternate libpath may be specified + or + -blibpath support can be disabled. Also change conifgure such that + -blibpath is not specified if no -L libpaths were added to + SUDO_LDFLAGS. + [c7d17b480cad] + + * aclocal.m4: + Add --with-blibpath for AIX. An alternate libpath may be specified + or + -blibpath support can be disabled. Also change conifgure such that + -blibpath is not specified if no -L libpaths were added to + SUDO_LDFLAGS. + [37022e991575] + + * INSTALL: + Add --with-blibpath for AIX. An alternate libpath may be specified + or + -blibpath support can be disabled. Also change conifgure such that + -blibpath is not specified if no -L libpaths were added to + SUDO_LDFLAGS. + [4b4bbe5bbe1b] + + * configure.in: + add AIX blibpath support + [16ba788bf086] + + * INSTALL, configure.in: + --with-skey and --with-opie now take an option directory argument + This obsoletes a --with-csops hack (/tools/cs/skey) + + Also remove the remaining direct uses of "echo" + [5b4986a90c03] + +2003-03-20 Todd C. Miller + + * configure.in: + Detect KTH Kerberos IV and deal with it. Also make -lroken optional + for KTH Kerberos IV and V. + [119f97b48e18] + + * aclocal.m4: + Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and + -R/path/to/dir if $with_rpath) to the specified variable. + [e55e49d076ce] + + * INSTALL, configure.in: + Add -R/path/to/libs for Solaris and SVR4. There is a new configure + option, --with-rpath to control this behavior. + [d4730c5399ab] + + * configure.in: + for kerb4 put libdes after libkrb on the link line + [5c566100eab6] + + * auth/kerb4.c: + typo + [6541b72b64a3] + + * configure.in: + fix kerberos lib check when a path is specified + [ae833a914c6f] + + * logging.c: + Fix boolean thinko in SIGCHLD reaper and call reapchild after + sending mail instead of doing a conditional sudo_waitpid. + [86fa9a35df5a] + +2003-03-19 Todd C. Miller + + * configure: + regen + [e6275cf528ba] + + * configure.in: + replace =DIR with [=DIR] where sensible + [c39a59173b38] + + * configure.in: + o Use AC_MSG_* instead of "echo" o New Kerberos include/lib + detection based on openssh's configure.in + [5b7a340912df] + + * INSTALL: + --with-kerb4 and --with-kerb5 now take an optional argument. + [71ed87fc9c64] + +2003-03-16 Todd C. Miller + + * auth/securid.c: + Kill remaining strcpy(), the programmer's guide says username is 32 + bytes. + [bdba70fcd08d] + + * auth/kerb4.c: + trat uid_t as unsigned long for printf and use snprintf, not sprintf + [8072f5f8966d] + + * auth/rfc1938.c: + use snprintf + [fc0c70c665fe] + +2003-03-15 Todd C. Miller + + * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, + auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/sudo_auth.c: + update copyright year + [b0a10ccb1d0e] + + * sudo.man.in, sudoers.man.in, visudo.man.in: + update copyright year + [8fce0034eb51] + + * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h, + configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c, + parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod, + sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod: + update copyright year + [d541e75fe520] + + * check.c, env.c, sudo.c: + Cast [ug]ids to unsigned long and printf with %lu + [2ede64d3592b] -2004-11-14 23:06 millert + * configure: + regen + [c7c3245bdf3e] - * getspwuid.c, logging.c, sudo.c, sudo.h: Create and use private - versions of setpwent() and endpwent() that set/end the shadow - password file too. + * configure.in: + correct error messages for --with-sudoers-{mode,uid,gid} + [77fc15b1c9db] -2004-11-14 22:55 millert + * alloc.c: + make the malloc(0) error specific to each function to aid tracking + down bugs. + [a58c34374b4b] + + * alloc.c: + deal with platforms where size_t is signed and there is no SIZE_MAX + or SIZE_T_MAX + [7192abb4ab4e] + + * auth/kerb5.c: + Make this compile w/ Heimdal and fix some gcc warnings. + [f52f026f31c2] - * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, - visudo.c: Store aliases in a red-black tree. + * sudo.c: + Use stat_sudoers macro so --with-stow can work + [c3674735c139] -2004-11-14 22:52 millert + * INSTALL, config.h.in, configure, configure.in: + Add support for --with-stow based on patches from Robert Uhl + [b274cc1dd52c] - * Makefile.in, redblack.c, redblack.h: red-black tree - implementation + * env.c: + fix indentation + [110d9f1721b1] -2004-11-14 22:37 millert + * configure.in: + back out rev 1.352 + [1eee91c83f11] - * visudo.c: Edit all sudoers file if there were unused or undefined - aliases and we are in strict mode. + * lex.yy.c: + regen + [72fba1c9590b] -2004-11-12 11:19 millert + * parse.lex: + use strlcpy, not strncpy + [4faccbaeccef] - * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c, - find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c: - Bring back the "secure_path" Defaults option now that Defaults - take effect before the path is searched. + * set_perms.c: + Fix typo; check pw_uid, not pw_gid after setusercontext() failure. + [33bf0d18fdc1] -2004-11-11 12:22 millert + * logging.c: + use pid_t + [3e0536993d2c] - * logging.c, parse.c: A user can always list their own entries, - even with -u. Better error message when failing to list another - user's entries. +2003-03-14 Todd C. Miller -2004-11-11 12:12 millert + * strlcat.c, strlcpy.c: + Make gcc shutup about unused rcsid + [1669a0c74e9e] - * parse.c, sudo.c, sudo.h: The syntax to list another user's - entries is now "-u otheruser -l". Only root or users with sudo - "ALL" may list other user's entries. + * interfaces.c: + Move the n == 0 check for the non-getifaddrs cas + [2460be061b2a] -2004-11-11 11:30 millert + * auth/rfc1938.c: + skeychallenge() on NetBSD take a size parameter + [05acc2012801] - * sudo.cat, sudo.man.in, sudo.pod: Update env variable info in - SECURITY NOTES + * configure: + regen + [24bccf4749e8] -2004-11-11 11:25 millert + * configure.in: + put -ldl after -lpam, not before; fixes static linking on Linux + [7f06b7b2b4d8] - * env.c: strip CDPATH too + * interfaces.c: + Avoid malloc(0) and fix the loop invariant for the getifaddrs() + case. + [239a55068646] + + * sudo.cat, sudoers.cat, visudo.cat: + regen + [4a2eed3981ca] -2004-11-11 11:20 millert + * sudo.man.in, sudoers.man.in, visudo.man.in: + regen + [2c96ea2cf930] - * env.c: strip exported bash functions from the environment. + * Makefile.in: + Preserve copyright notice from .pod file in .man.in file + [519fbd09aebc] -2004-10-27 12:16 millert + * visudo.pod: + Add sudoers(5) to SEE ALSO + [77ecfe3aedf1] - * sudo.c: Only reset sudo_user.pw based on SUDO_USER environment - variables for real commands and sudoedit. This avoids a - confusing message when a user tries "sudo -l" or "sudo -v" and is - denied. +2003-03-13 Todd C. Miller -2004-10-27 12:06 millert + * lex.yy.c: + regen + [6f5751ce0b74] - * gram.c, gram.y, parse.h: Extend LIST_APPEND to deal with - appending lists too + * parse.lex: + Don't assume libc can realloc() a NULL string. If malloc/realloc + fails, make sure we just return; yyerror() is not terminal. + [1b8618623708] -2004-10-26 18:39 millert + * lex.yy.c: + regen + [5d31b46191c6] - * logging.c: Convert some bitwise AND to ISSET + * parse.lex: + simplify fill_args a little and use strlcpy for paranoia + [0ea35a55542b] -2004-10-26 18:29 millert + * sudo.tab.c: + regen + [5a8d508d708b] - * lex.yy.c, toke.c: toke.c replaces lex.yy.c + * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c, + testsudoers.c: + Use strlc{at,py} for paranoia's sake and exit on overflow. In all + cases the strings were either pre-allocated to the correct size of + length checks were done before the copy but a little paranoia can go + a long way. + [e73d28f1d14e] -2004-10-26 18:29 millert + * sudo.h: + Add strlc{at,py} protos + [748ffc7fc7f4] - * CHANGES, TODO: sync + * env.c, interfaces.c: + Use erealloc3() + [47f2cb46aba8] -2004-10-26 18:28 millert + * configure: + regen + [e7e2fb79f935] - * BUGS: new parser fixes most of the outstanding bugs + * alloc.c: + Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use + memcpy() instead of strcpy() in estrdup() so this is strcpy()-free. + [7e0fa4d6fc1d] -2004-10-26 18:27 millert + * sudo.c: + snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in + configure. + [09ea4d3959e9] - * configure: regen + * aclocal.m4: + In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned. + [31b4fdfdb8bf] -2004-10-26 18:26 millert +2003-03-12 Todd C. Miller - * visudo.c: Rework for the new parser. Now checks for unused - aliases in sudoers. + * sudo.c: + Use snprintf() for paranoia + [a2659ceb46de] -2004-10-26 18:25 millert + * parse.yacc: + Use emalloc2 and erealloc3 + [90a069842401] - * testsudoers.c: Rewrite for the new parser. Now supports a -d - flag (dump) and adds a -h flag (host). It now defaults to the - local hostname unless otherwise specified. + * Makefile.in: + strlc{at,py} for those w/o it + [bac82dc916ee] -2004-10-26 18:23 millert + * strlcat.c, strlcpy.c: + stlc{at,py} for those w/o it. + [ce7254f5db09] - * sudo.h: Add new prototypes. Remove NOMATCH/UNSPEC (now in - parse.h) + * config.h.in, configure, configure.in: + Add stlc{at,py} for those w/o it. + [00f08219657a] -2004-10-26 18:22 millert + * alloc.c, sudo.h: + Add erealloc3(), a realloc() version of emalloc2(). + [c96eaf08bbed] - * sudo.c: Update for new parse. We now call find_path() *after* we - have updated the global defaults based on sudoers. Also adds - support for listing other user's privs if you are root. + * interfaces.c, sudo.c: + Use emalloc2() to allocate N things of a certain size. + [1e0aba365555] -2004-10-26 18:21 millert + * alloc.c, sudo.h: + Add emalloc2() -- like calloc() but w/o the bzero and with + error/oflow checking. + [292150bc4153] - * mon_systrace.c: Working LDAP support; also remove a now-unneeded - rewind(). + * alloc.c: + Error out on malloc(0); suggested by theo + [995279e81326] -2004-10-26 18:20 millert +2003-03-10 Todd C. Miller - * logging.c, logging.h: Add NO_STDERR flag. + * configure, configure.in: + fix a typo; David Krause + [f161213a17ab] -2004-10-26 18:19 millert +2003-03-07 Todd C. Miller - * ldap.c: Split sudo_ldap_check() into three pieces: - sudo_ldap_open(), udo_ldap_update_defaults() and - sudo_ldap_check(). This allows us to connecto to LDAP, apply the - default options, find the command in the user's path, and then - check whether the user is allowed to run it. The important thing - here is that the default runas user may be specified as a default - option and that needs to be set before we search for the command. + * sudo.pod: + fix typo + [3ae5ad9a351a] -2004-10-26 18:17 millert +2003-03-04 Todd C. Miller - * ldap.c: Add casts to unsigned char for isspace() to quiet a gcc - warning. + * env.c: + Remove DYLD_ from the environment for MacOS X; from bbraun + [38caad5a3935] -2004-10-26 18:16 millert +2003-03-01 Todd C. Miller - * defaults.h: Add prototype for update_defaults() + * config.h.in, configure.in: + not not; Anil Madhavapeddy + [d4f4f0bfc66b] -2004-10-26 18:16 millert +2003-01-23 Todd C. Miller - * defaults.c: Don't warn about line numbers now that we operate on - a set of data structures (or LDAP) and not a file. + * sudo.pod, sudoers.pod, visudo.pod: + typos; jmc@openbsd.org + [868c0f09bf9e] -2004-10-26 18:15 millert +2003-01-20 Todd C. Miller - * config.h.in: No long use lsearch() + * parse.yacc: + Add some missing ';' rule terminators that bison warns about. + [535b0b8dcce5] -2004-10-26 18:14 millert + * config.sub: + fix typo I introduced in last merge + [81db4e4f43fe] - * Makefile.in: Update for new and changed file names. + * configure: + regenerate with autoconf 2.57 + [ca0c1e9564f8] -2004-10-26 18:14 millert + * config.h.in: + Add missing "$HOME" + [209186197ad1] - * LICENSE: no more BSD lsearch.c + * configure.in: + Add some more square backets to make autoconf 2.57 happy + [b5639c14faf7] -2004-10-26 18:14 millert + * config.sub, mkinstalldirs: + Updates from autoconf-2.57 + [36be35eb331b] - * match.c: foo_matches() routines now live in match.c Added - user_matches(), runas_matches(), host_matches(), cmnd_matches() - and alias_matches() that operate on the parsed sudoers file. + * config.guess: + Updates from autoconf-2.57 + [ea0f8ca622af] -2004-10-26 18:12 millert +2003-01-17 Todd C. Miller - * parse.lex, toke.l: Move parse.lex -> toke.l Rename buffer_frob() - -> switch_buffer() WORD no longer needs to exclude '@' kill - yywrap() + * sudo.tab.h: + regen + [13a65a421567] -2004-10-26 18:10 millert + * lex.yy.c, sudo.tab.c: + regen + [0b529db7cb6d] - * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.h: - Rewritten parser that converts sudoers into a set of data - structures. This eliminates ordering issues and makes it - possible to apply sudoers Defaults entries before searching for - the command. + * parse.lex, parse.yacc, sudoers.pod: + Add support for Defaults>RunasUser + [20d726373175] -2004-10-26 18:09 millert +2003-01-07 Todd C. Miller - * configure.in, lsearch.c, emul/search.h: We won't be using - lsearch() any longer. + * visudo.c: + fclose() yyin after each yyparse() is done and use fopen() instead + of using freopen(). + [587f8a2df857] -2004-10-26 18:07 millert + * parse.lex: + Better fix for sudoers files w/o a newline before EOF. It looks + like the issue is that yyrestart() does not reset the start + condition to INITIAL which is an issue since we parse sudoers + multiple times. + [920f8326968a] - * ldap.c: sudo should not send mail if someone who runs 'sudo -l' - has no entry. +2003-01-06 Todd C. Miller -2004-10-26 16:09 millert + * parse.lex: + Work around what appears to be a flex bug when dealing with files + that lack a final newline before EOF. This adds a rule to match EOF + in the non-initial states which resets the state to INITIAL and + throws an error. + [b94943bb1f81] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen + * visudo.c: + o The parser needs sudoers to end with a newline but some editors + (emacs) may not add one. Check for a missing newline at EOF and + add one if needed. o Set quiet flag during initial sudoers parse (to + get options) o Move yyrestart() call and always use freopen() to + open yyin after initial sudoers parse. + [12d12f9b07aa] -2004-10-26 16:09 millert +2002-12-15 Todd C. Miller - * visudo.pod: Update warnings to match new visudo + * set_perms.c: + Fix pasto/thinko in setresgid()/setregid() usage. Want to set + effective gid, not real gid, when reading sudoers. + [c7d18b810fcd] -2004-10-26 16:08 millert + * set_perms.c: + don't compile set_perms_posix if we have setreuid or setresuid + [b9cea7a81a29] + +2002-12-14 Todd C. Miller + + * sudo.pod, sudoers.pod: + document new prompt escapes + [2f088076b640] + + * check.c: + Add %U and %H escapes and redo prompt rewriting. "%%" now gets + collapsed to "%" as was originally intended. This also gets rid of + lastchar (does lookahead instead of lookback) which should simplify + the logic slightly. + [4b707b77b3c7] + +2002-12-13 Todd C. Miller + + * tgetpass.c: + Write the prompt *after* turning off echo to avoid some password + characters being echoed on heavily-loaded machines with fast + typists. + [d38c57775915] + + * config.sub: + Add support for mipseb; wiz@danbala.tuwien.ac.at + [cfdac87ed5c8] + + * configure.in: + Fix IRIX fallout from name changes in man dir/sect Makefile + variables. Patch from erici AT motown DOT cc DOT utexas DOT edu + [9a7618755c23] + + * auth/pam.c: + Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to + the global copy. Problem noted by Peter Pentchev. + [d0a3e189cb06] + +2002-11-28 Todd C. Miller + + * sudo.tab.c: + regen + [23b931359087] + + * parse.yacc: + Add missing yyerror() calls; YYERROR does not seem to call this for + us. + [0be7aeb3ac57] + +2002-11-26 Todd C. Miller + + * sudo.c: + fix typo in comment; Pedro Bastos + [d7406c460e99] + +2002-11-22 Todd C. Miller + + * INSTALL: + document --disable-setresuid + [fbd03d03a027] + + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/sudo_auth.c: + Sprinkle some volatile qualifiers to prevent over-enthusiastic + optimizers from removing memset() calls. + [5370ac0e6129] + + * logging.c, parse.yacc: + minor sign fixes pointed out by gcc -Wsign-compare + [db872438337f] + + * set_perms.c, sudo.c, sudo.h: + Revamp set_perms. We now use a version based on setresuid() or + setreuid() when possible since that allows us to support the + stay_setuid option and we always know exactly what the semantics + will be (various Linux kernels have broken POSIX saved uid support). + [523bc212396c] + + * config.h.in, configure: + regen from configure.in + [351877ea2624] - * sudoers.pod: The new parser doesn't have the old ordering - constraints. + * configure.in: + Add checks for setresuid() and a way to disable using it + [a5b21653d169] -2004-10-26 16:08 millert + * compat.h: + No long need to emulate set*[ug]id() via setres[ug]id() or + setre[ug]id(). The new set_perms stuff only uses things it knows are + there. + [47884bd5d1d9] - * sudo.pod: Document that -l now takes an optional username - argument + * sudo.c: + Before exec, restore state of signal handlers to be the same as when + we were initialy invoked instead of just reseting to SIG_DFL. Fixes + a problem when using sudo with nohup. Based on a patch from Paul + Markham. + [f8f5a1484faa] -2004-10-25 13:44 millert + * sudo.c: + o timestamp_uid should be uid_t, not int o clarify error message + when sudo is run by root and no_root_sudo is set + [19dda0734264] - * RUNSON: AIX 5.2.0.0 works +2002-09-19 Todd C. Miller -2004-10-25 13:38 millert + * README: + update ftp link for bison + [98bc191016e3] - * ldap.c: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS - instead. Fixes a compilation problem with Solaris 9's native - LDAP. +2002-07-20 Todd C. Miller - Set FLAG_MONITOR when needed. + * set_perms.c: + Error out if setusercontext() fails and the runas user is not root. + [089f9ade4686] -2004-10-23 13:32 millert +2002-05-20 Todd C. Miller - * mon_systrace.c: Call sudo_goodpath() *after* changing the cwd to - match the traced process. Fixes relative paths. + * auth/securid5.c: + Fix rcsid + [07e9e85dcc2f] -2004-10-21 12:31 millert + * configure.in: + Fix SecurID API test + [5ec201f454a5] - * testsudoers.c: Kill set_perms() stub--it is no longer needed. +2002-05-17 Todd C. Miller -2004-10-13 12:52 millert + * env.c: + typo in comment + [9d385c9ac533] - * sudoers.cat, sudoers.man.in, sudoers.pod: stay_setuid now - requires set_reuid() or setresuid() + * configure.in: + securid5 stuff needs pthreads. Just adding -lpthread is suboptimal + but I don't see a better way at the moment. + [f89e55cbb313] -2004-10-13 12:46 millert + * Makefile.in, auth/securid5.c: + SecurID API version 5 support from Michael Stroucken + [68500ac7e531] - * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure, - configure.in, set_perms.c, sudo.c, sudo.h: Kill use of POSIX - saved uids; they aren't worth bothering with. + * configure.in: + Add check for SecurID 5.0 API + [1ee242e6de6b] -2004-10-07 16:23 millert +2002-05-08 Todd C. Miller - * glob.c: remove call to issetugid() + * strerror.c: + We actually do still need config.h to get the 'const' definition for + K&R C. + [d9c982032d85] -2004-10-07 14:57 millert +2002-05-05 Todd C. Miller - * sudoers.cat, sudoers.man.in, sudoers.pod: Remove warning about - wildcards. Now that we use glob() the bug is fixed. + * configure: + regen with autoconf 2.5.3 + [c71fc086eef5] -2004-10-07 14:52 millert + * configure.in: + Don't set sysconfdir to '/etc' if the user has specified a --prefix. + [d90da1efafd9] - * parse.c: Use glob(3) instead of fnmatch(3) for matching pathnames - and stat each result that matches the basename of the user's - command. This makes "cd /usr/bin ; sudo ./blah" work when - sudoers allows /usr/bin/blah. Fixes bug #143. + * configure.in: + Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST + LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug + [dd67afefa90d] -2004-10-07 14:27 millert + * env.c, sudo.c, sudo.h: + No need for dump_badenv() now that dump_defaults() knows how to dump + lists. + [6bcda468501d] - * configure, configure.in, config.h.in: Define HAVE_EXTENDED_GLOB - for extended glob (GLOB_TILDE and GLOB_BRACE) + * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, + version.h: + ++version + [44e3b8f95f0b] -2004-10-07 12:59 millert + * sudoers.pod: + document timestampowner + [37ebd69e9dd1] - * config.h.in, configure, configure.in: Check for a glob() that - supports GLOB_BRACE and GLOB_TILDE + * check.c: + Don't call set_perms() when doing timestamp stuff unless + timestamp_uid != 0. + [63a63d41d18c] -2004-10-07 12:51 millert + * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c, + sudo.h, testsudoers.c: + g/c second arg to set_perms--it is no longer used + [7ac4ce50c612] - * LICENSE: reference glob +2002-05-03 Todd C. Miller -2004-10-07 12:50 millert + * check.c, set_perms.c, sudo.c, sudo.h: + Add support for non-root timestamp dirs. This allows the timestamp + dir to be shared via NFS (though this is not recommended). + [faa83dd2b7fb] - * glob.c, emul/glob.h: 4.4BSD glob(3) with fixes from OpenBSD and - some unneeded extensions removed. + * def_data.c, def_data.h, def_data.in: + Add timestampowner, "Owner of the authentication timestamp dir" + [d47640d4c86a] -2004-10-05 17:26 millert +2002-05-02 Todd C. Miller - * mon_systrace.c: Just return if STRIOCINJECT or STRIOCREPLACE - fail. It probably means we are out of space in the stack gap... + * env.c: + Don't try to pre-compute the size of the new envp, just allocate + space up front and realloc as needed. Changes to the new env + pointer must all be made through insert_env() which now keeps track + of spaced used and allocates as needed. + [39bc934a9f2c] -2004-10-05 17:20 millert +2002-04-26 Todd C. Miller - * CHANGES: sync + * configure: + regen + [0e12c09bb790] -2004-10-05 16:53 millert + * configure.in: + Fix two typo/pastos; from jrj@purdue.edu + [b718a4bf1181] - * mon_systrace.c: Take a stab at ldap sudoers support here. +2002-04-25 Todd C. Miller -2004-10-05 15:13 millert + * INSTALL.binary, README: + ++version + [a1e33027278c] [SUDO_1_6_6] - * mon_systrace.c, mon_systrace.h: Detach from tracee on SIGHUP, - SIGINT and SIGTERM. Now "sudo reboot" doesn't cause reboot to - inadvertanly kill itself. + * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, + visudo.cat, visudo.man.in: + regen + [19eb2be283ef] -2004-10-05 14:21 millert + * CHANGES, RUNSON, TODO: + Sync with 1.6.6 + [2ff9a9087f63] - * mon_systrace.c: put "monitor" in the proctitle, not "systrace" + * check.c: + The the loop used to expand %h and %u, the lastchar variable was not + being initialized. This means that if the last char in the prompt + is '%' and the first char is 'h' or 'u' a extra copy of the host or + user name would be copied, for which space had not been allocated. + [b2e27197857d] -2004-10-05 14:15 millert +2002-04-18 Todd C. Miller - * mon_systrace.c: When modifying the environment, don't replace - envp when we can get away with just rewriting pointers in the - traced process. + * BUGS, INSTALL, Makefile.in, configure.in, version.h: + crank version to 1.6.6 + [cfd08689e597] -2004-10-05 13:46 millert + * auth/afs.c: + #undef VOID to get rid of an AFS warning + [b40760564dc1] - * mon_systrace.c, mon_systrace.h: Add environment updating via - STRIOCINJECT (if available). + * env.c: + Use easprintf instead of emalloc + sprintf for some things. + [e7bfe2e69a03] -2004-10-05 10:22 millert +2002-03-16 Todd C. Miller - * sudoers.cat, sudoers.man.in: regen + * lex.yy.c, sudo.tab.c: + regen + [35327104383d] -2004-10-04 16:15 millert + * parse.c, parse.lex, parse.yacc, testsudoers.c: + Remove Chris Jepeway's email address so people don't bug him ;-) + [c03410747a69] - * lex.yy.c: regen +2002-03-12 Todd C. Miller -2004-10-04 16:15 millert + * sudo.c: + Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call + endgrent() at the same time. + [28b6097d5d1a] - * parse.lex: Fix bug introduced in unput() removal; want yyless(0) - not yyless(1) +2002-02-22 Todd C. Miller -2004-10-04 12:09 millert + * INSTALL: + Make it clear which configure options take arguments. + [38529e7efad0] - * mon_systrace.c: Include file is now mon_systrace.h +2002-01-25 Todd C. Miller -2004-10-04 12:07 millert + * compat.h: + HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no + RLIM_INFINITY, just pretend it is -1. This works because we only + check for RLIM_INFINITY and do not set anything to that value. + [53173d34e6eb] - * Makefile.in, configure, configure.in, def_data.c, def_data.h, - def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, - sudo.c, sudo.h, sudo.tab.h, sudoers.pod: No longer call it - tracing, it is now "monitoring" which should be more a obvious - name to non-hackers. +2002-01-22 Todd C. Miller -2004-10-01 15:06 millert + * auth/pam.c: + Zero and free allocated memory when there is a conversation error. + [e342133db579] - * mon_systrace.c, mon_systrace.h: Fix some XXX + * auth/bsdauth.c: + Use sigaction() not signal() + [126c2790561f] -2004-10-01 14:30 millert + * INSTALL: + Mention that some linux kernels have broken POSIX saved ID support + [571ef1a893d3] - * mon_systrace.c, mon_systrace.h: No need to include syscall.h, use - 1024 as the max # of entries (the max that systrace(4) allows). + * CHANGES: + checkpoint for 1.6.5p2 + [9e9e456f7f43] - Only need to use SYSTR_POLICY_ASSIGN once + * configure: + regen + [d53703a46708] - Change check_syscall() -> find_handler() and have it return the - handler instead of just running it. We need this since handler - now have two parts: one part that generates and answer and - another that gets called after the answer is accepted (to do - logging). + * configure.in: + Add --disable-setreuid flag + [3b9f2679cb55] - Add some missing check_exec for emul execv + * INSTALL: + Document new --disable-setreuid option and change description for + --disable-saved-ids to match new error message. + [14fd3e5f60a5] -2004-10-01 10:58 millert + * set_perms.c: + fatal() now takes an argument that determines whether or not to call + perror(). + [d826b25e62ff] - * sample.pam, sample.sudoers, sample.syslog.conf, sudoers: Add - $Sudo$ tags. + * TROUBLESHOOTING: + Update for new error messages from set_perms() + [78007c3f76a9] -2004-10-01 10:47 millert + * PORTING: + Update for new error messages from set_perms() + [60c545a6bcff] - * config.h.in: Add missing HAVE_LINUX_SYSTRACE_H +2002-01-21 Todd C. Miller -2004-09-30 20:46 millert + * auth/pam.c: + Make this compile w/o warnings + [b90843a29af5] - * Makefile.in: add trace_systrace.o dependency + * auth/pam.c: + Mention that we can't use pam_acct_mgmt() + [1dfc5a6e0479] -2004-09-30 19:00 millert + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c: + The user's password was not zeroed after use when AIX + authentication, BSD authentication, FWTK or PAM was in use. + [b18fff30b1e7] - * configure, configure.in: Also look for systrace.h in - /usr/include/linux +2002-01-20 Todd C. Miller -2004-09-30 18:27 millert + * auth/pam.c: + Avoid giving PAM a NULL password response, use the empty string + instead. This avoids a log warning when the user hits ^C at the + password prompt when PAM is in use. + [c3315805e4e4] - * mon_systrace.c, mon_systrace.h: Move all struct defs and - prototypes into trace_systrace.h and mark all but - systace_attach() static. + * auth/pam.c: + Don't check the return value of pam_setcred(). In Linux-PAM 0.75 + pam_setcred() returns the last saved return code, not the return + code for the setcred module. Because we haven't called + pam_authenticate(), this is not set and so pam_setcred() returns + PAM_PERM_DENIED. + [73db145fa179] -2004-09-30 18:14 millert + * Makefile.in: + Don't need a '/' between $(DESTDIR) and a directory. + [0901ca618176] - * mon_systrace.c, mon_systrace.h: Add support for tracing - emulations. At the moment, all emulations are compiled in. It - might make sense to #ifdef them in the future, though this - impeeds readability. + * Makefile.binary: + Don't need a '/' between $(DESTDIR) and a directory. + [cd7eb6098b87] -2004-09-30 17:07 millert +2002-01-18 Todd C. Miller - * Makefile.in, configure.in, configure: rename systrace.c -> - trace_systrace.c + * configure: + regen + [41b12c039282] -2004-09-30 15:58 millert + * configure.in: + o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus + setreuid() o new NetBSD has a real setreuid() o add check for + freeifaddrs() if getifaddrs() exists. + [a82ee3b01733] + + * config.h.in, interfaces.c: + Older BSDi releases lack freeifaddrs() so add a test for that and if + it is not present just use free(). + [6270671ea9d5] - * parse.yacc: Allow this to build with a K&R compiler again +2002-01-17 Todd C. Miller -2004-09-30 13:58 millert + * CHANGES, RUNSON: + Checkpoint for 1.6.5p1 + [26134ecf9b36] - * TODO: sync + * auth/passwd.c: + Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access + to normal passwords, not AUTH_FATAL (which just causes an exit). + [785e0f4bc0e2] + + * visudo.c: + Don't use memory after it has been freed. + [c60492739fdb] + + * auth/passwd.c: + skeyaccess() wants a struct passwd * not a char *; Patch from + Phillip E. Lobbes + [65a1d3806fcd] [SUDO_1_6_5] -2004-09-30 13:55 millert + * BUGS: + ++version + [b2e1825e692e] - * sudo.c, compat.h, visudo.c: Use __attribute__((__noreturn__)) + * CHANGES, RUNSON, TODO: + checkpoint for sudo 1.6.5 + [d730945622e7] -2004-09-30 13:44 millert +2002-01-16 Todd C. Miller - * visudo.c: Exit() takes a negative value to indicate it was not - called via signal. + * configure: + regen + [49744c403ac9] -2004-09-30 13:25 millert + * INSTALL, INSTALL.binary, Makefile.in, README, configure.in: + version 1.6.5 + [ec30a5f7fc45] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen + visudo.man.in: + sudo version 1.6.5 + [458a3bed535d] -2004-09-30 13:22 millert + * logging.c: + o when invoking the mailer as root use a hard-coded environment that + doesn't include any info from the user's environment. Basically + paranoia. - * Makefile.in, visudo.c: Define Err() and Errx() that are like - err() and errx() but call Exit() instead of exit(). Build - private copy of alloc.o for visudo that calls Err() and Errx(). + o Add support for the NO_ROOT_MAILER compile-time option and run the + mailer as the user and not root if NO_ROOT_MAILER is defined. + [4df351ec92ce] -2004-09-29 15:22 millert + * set_perms.c, sudo.h: + Bring back PERM_FULL_USER + [edb6039bb284] - * lex.yy.c: regen + * configure: + regen + [3eb2943afa03] -2004-09-29 15:22 millert + * version.h: + version 1.6.5 + [044fc9a0c72b] - * CHANGES: sync + * INSTALL, config.h.in, configure.in: + Add --disable-root-mailer option to run the mailer as the user and + not root. + [e9f805397963] -2004-09-29 14:41 millert + * CHANGES: + checkpoint for 1.6.4p2 + [b58aae5aa98a] - * visudo.c: Overhaul visudo for editing multiple files: o visudo - has been broken out into functions (more work needed here) o - each file is now edited before sudoers is re-parsed o if a - #include line is added that file will be edited too + * PORTING: + Mention the "seteuid(0): Operation not permitted" problem here too + just for good measure. + [90135b37a691] - TODO: o cleanup temp files when exiting via err() or errx() o - continue breaking things out into separate functions +2002-01-15 Todd C. Miller -2004-09-29 14:36 millert + * env.c, getspwuid.c, sudo.c: + The SHELL environment variable was preserved from the user's + environment instead of being reset based on the passwd database when + the "env_reset" option was used. Now it is reset as it should be. + [300066ef3c71] - * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c: Add keepopen - arg to open_sudoers that open_sudoers can use to indicate to the - caller that the fd should not be closed when it is done with it. - To be used by visudo to keep locked fds from being closed - prematurely (and thus losing the lock). + * configure: + regen + [a47d779e6552] -2004-09-29 14:33 millert - - * parse.yacc, sudo.c: Add errorfile global that contains the name - of the file that caused the error. - -2004-09-29 14:30 millert - - * parse.lex: return COMMENT to yacc grammar for a #include line + * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c, + sudo.c: + Add a configure option to turn off use of POSIX saved IDs + [fb18cc8e94d0] + + * configure: + regen + [d4f2f20025b6] + + * configure.in: + add --with-efence option + [45c4f33a8e88] + + * sudo.c: + Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where + "sudo -l" would not work if always_set_home was set. + [c3a6de6c4800] + + * lex.yy.c: + regen + [417424452998] + + * parse.lex: + Quoted commas were not being treated correctly in command line + arguments. + [753415541b37] + + * sudo.c: + o Move the call to rebuild_env() until after MODE_RESET_HOME is set. + Otherwise, the set_home option has no effect. + + o Fix use of freed memory when the "fqdn" flag is set. This was + introduced by the fix for the "segv when gethostbynam() fails" bug. + Also, we no longer call set_fqdn() if the "fqdn" flag is not set so + there is no need to check the "fqdn" flag in set_fqdn() itself. + [4b6a4245c04e] + + * env.c: + Add 'continue' statements to optimize the switch statement. From + Solar. + [a82c76975ae5] + +2002-01-13 Todd C. Miller + + * sudoers.cat, sudoers.man.in: + Regen from new sudoers.pod + [6ecc07b3d0e1] [SUDO_1_6_4] + + * sudoers.pod: + Add caveat about stay_setuid flag + [9d228a7bea1b] + + * sudo.c: + If set_perms == set_perms_posix and the stay_setuid flag is not set, + set all uids to 0 and use set_perms_fallback(). + [c4e54d1ec86f] + + * set_perms.c, sudo.h: + Remove PERM_FULL_USER (which is no longer used) and add + PERM_FULL_ROOT (used when exec'ing the mailer). + [15406c522ea2] + + * logging.c: + Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we + never want to run the mailer setuid. + [2294853e0666] + +2002-01-12 Todd C. Miller -2004-09-29 14:29 millert + * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in, + visudo.pod: + Use sudo.ws instead of courtesan.com in URLs + [55204002a308] - * parse.lex: Remove us of unput() in favor of yyless() which is - cheaper. + * Makefile.binary, Makefile.in: + Fix mansect substitution + [b7b5cbc3aa91] -2004-09-29 14:28 millert + * Makefile.in: + Substitute man sections in Makefile.binary + [040deb785e56] - * parse.yacc: Allow an empty sudoers file. + * Makefile.binary: + Sync install targets with Makefile.in and substitute in man + sections. + [77882a275281] -2004-09-28 16:50 millert + * INSTALL, INSTALL.binary: + version is 1.6.4 + [0f87aabbcb70] - * mon_systrace.c: Rewind sudoers_fp now that sudoers_lookup() - doesn't do it for us. + * Makefile.in: + Repair bindist target + [8d43bfe7e2d1] -2004-09-28 14:37 millert + * CHANGES: + sync for 1.6.4 + [13ca3d4a0a72] - * lex.yy.c: regen +2002-01-10 Todd C. Miller -2004-09-28 14:36 millert + * install-sh: + Fix case where neither whoami nor id are found + [424dd270bc47] - * visudo.c: Do signal setup before calling edit_sudoers(). Don't - shadow the "quiet" global. +2002-01-09 Todd C. Miller -2004-09-28 14:33 millert + * install-sh: + If neither whoami nor id exists, just assume we are root. + [2d2644e42c53] - * visudo.c: If a sudoers file includes other files, edit those too. - Does not yes deal with creating the new includes files itself. + * alloc.c: + Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed + on AIX which for some reason isn't pulling in the malloc prototype. + [231440d2ee3b] -2004-09-28 14:31 millert +2002-01-08 Todd C. Miller - * testsudoers.c: init_parser now takes a path + * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c: + (c) 2002 + [700e3b41a68e] -2004-09-28 14:31 millert + * CHANGES: + checkpoint + [33e604bd8d5b] - * parse.c, parse.h, parse.lex, parse.yacc: More scaffolding for - dealing with multiple sudoers files: o init_parser() now takes a - path used to populate the sudoers global o the sudoers global is - used to print the correct file in yyerror() o when switching to - a new sudoers file, perserve old file name and line number + * sudo.c: + Defer assigning new environment until right before the exec. + [f13c49e75c1c] -2004-09-28 14:29 millert + * parse.c: + kill extra blank line + [12ef22e9dae3] - * Makefile.in, pathnames.h.in: Kill _PATH_SUDOERS_TMP; it is not - meaningful now that we can have multiple sudoers files. +2002-01-07 Todd C. Miller -2004-09-28 13:52 millert + * configure: + regen + [a6cd2d788f74] - * parse.c, sudo.c: Rewind sudoers_fp in open_sudoers() instead of - sudoers_lookup() so we start at the right file position when - reading include files. + * configure.in: + Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived + compiler doesn't recognise -O2. + [5234aa543692] -2004-09-27 21:04 millert + * HISTORY: + Clarify origins of Root Group sudo a bit based on info from + billp@rootgroup.com + [4deef01c4208] - * sudoers.pod: document #include +2002-01-03 Todd C. Miller -2004-09-27 20:47 millert + * LICENSE: + 2002 + [6c8e089dbd1a] - * lex.yy.c: regen + * CHANGES: + checkpoint for 1.6.4rc1 + [3349eb87a49f] -2004-09-27 20:47 millert +2002-01-02 Todd C. Miller - * parse.lex: Add max depth of 128 for the include stack to avoid - loops. + * config.h.in: + now generated via autoheader + [84657d303cb9] - Since yyerror() doesn't stop parsing, pass return values back to - yylex and call yyterminate() on error. + * configure: + regen + [207bfa6a13f6] -2004-09-27 14:06 millert + * compat.h: + Move in some stuff that was previously in config.h. + [e576d8b6480f] - * sudoers.pod: document tracing + * aclocal.m4, configure.in: + Add info for autoheader. + [0549cd5da27c] -2004-09-27 14:05 millert +2002-01-01 Todd C. Miller - * sudo.pod: Mention PREVENTING SHELL ESCAPES section of sudoers man - page + * Makefile.in: + o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and + -g to facilitate non-root installs + [619216038f56] -2004-09-27 12:08 millert + * install-sh: + Add -M option (like -m but only for root) If we can't find "whoami", + use "id" w/ some sed. + [b39121c8b792] - * lex.yy.c: regen + * configure: + regen + [b39b93ff9804] -2004-09-27 12:03 millert + * configure.in: + allow user to always override mansectsu and mansectform + [0fca5e63bd90] - * parse.lex: Add support for #include in sudoers (visudo support - TBD) +2001-12-31 Todd C. Miller -2004-09-27 12:02 millert + * mkinstalldirs: + update from autoconf 2.52 + [07bd75a508c3] - * parse.yacc: make yyerror()'s argument const + * config.guess, config.sub: + Update from autoconf 2.52 + [857b90fe31b7] -2004-09-27 12:02 millert + * configure: + regen with autoconf 2.52 + [08e7d1ea2aeb] - * testsudoers.c, visudo.c: Add open_sudoers() stubs. + * configure.in: + o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI + mode o Remove compiler-specific checks for HP-UX now that we use + AC_PROG_CC_STDC + [d433a70b6208] -2004-09-27 12:01 millert + * RUNSON: + Checkpoint + [babf6d2235d1] - * sudo.c, sudo.h: Rename check_sudoers() open_sudoers() and make it - return a FILE * + * auth/pam.c: + o Add pam_prep_user function to call pam_setcred() for the target + user; on Linux this often sets resource limits. o When calling + pam_end(), try to convert the auth->result to a PAM_FOO value. + This is a hack--we really need to stash the last PAM_FOO value + received and use that instead. + [6ad6f340dd2a] -2004-09-26 12:35 millert + * set_perms.c, sudo.h: + o Add pam_prep_user function to call pam_setcred() for the target + user; on Linux this often sets resource limits. + [67795421ac82] - * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, - version.h: Crank version + * env.c: + Fix off by one error in number of bytes allocated via malloc (does + not affected any released version of sudo). + [5f5915360111] -2004-09-26 12:33 millert +2001-12-30 Todd C. Miller - * Makefile.in, sudo.psf: Better HP-UX depot construction + * lex.yy.c: + regen + [8208c0277775] -2004-09-25 17:08 millert + * parse.lex: + Allow '@', '(', ')', ':' in arguments to a defaults variable w/o + requiring that they be quoted. + [ae59bc8f68dd] - * mon_systrace.c: o Made children global so check_exec() can lookup - a child. o Replaced uid in struct childinfo with struct passwd * - (for runas) o new_child() now takes a parent pid so the runas - info can be inherited o Added find_child() to lookup a child by - its pid o update_child() now fills in a struct passwd o Converted - the big if/else mess in set_policy to a switch o Syscalls that - change uid are now "ask" so we get SYSTR_MSG_UGID events + * sudoers.cat, sudoers.man.in, sudoers.pod: + Mention that no double quotes are needed when + adding/deleting/assigning a single value to a list. + [25efc940a1f0] -2004-09-25 17:01 millert + * Makefile.in: + Don't rely on mkdefaults being executable, call perl explicitly. + [6edc97ba5f1d] - * getspwuid.c: Add flag to sudo_pwdup that indicates whether or not - to lookup the shadow password. Will be used to a struct passwd - that has the shadow password already filled in. + * sudo.tab.c: + regen + [49130b2e7e4d] + + * parse.yacc: + Remove some XXX that are no longer relevant. + [d460ac0d3767] + + * defaults.c: + o Roll our own loop instead of using strpbrk() for better + grokability o When adding to a list we must malloc() and use + memcpy(), not strdup() since we must only copy len bytes from str. + [649bef08e1f0] -2004-09-25 16:58 millert +2001-12-21 Todd C. Miller + + * sudo.tab.c: + regen + [f0bbf2c38c0e] + + * parse.yacc: + typo in comment + [2563711ff593] + +2001-12-19 Todd C. Miller + + * CHANGES: + checkpoint + [a6d8a29fb30e] - * mon_systrace.c: add missing increment of addr in read_string() + * configure: + regen + [bdfcaaf3bd13] -2004-09-25 16:15 millert + * configure.in: + avoid the -g flag unless --with-devel was specified + [a976707bef30] - * mon_systrace.c: Remove bogus call to update_child() and some - cosmetic fixes + * Makefile.in: + mkdefaults, def_data.in and sigaction.c were missing from the + tarball + [6917ffbaa412] + + * Makefile.in: + def_data.c was missing + [87c78b11453d] + +2001-12-18 Todd C. Miller + + * env.c: + Fix setting of $USER and $LOGNAME in the non-reset_env case. Also + allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env + [fc8698e6a45e] + + * TODO: + Another TODO item + [6f251d6cd466] + + * sudoers: + Add comment for Default section so folks know where it should go. + [7edba626f392] + +2001-12-17 Todd C. Miller + + * tgetpass.c: + Use TCSETAF, not TCSETA to set terminal in termio case + [fbd172f6c5d3] -2004-09-25 16:11 millert + * sudoers.cat, sudoers.man.in: + regen from sudoers.pod + [64edd2de816e] - * mon_systrace.c: Don't leak /dev/systrace fd to tracee Make - initialized global for simplicity If STRIOCATTACH returns EBUSY - we are already being traced Check for user_args == NULL in - setproctitle() call Add missing calls to STRIOCANSWER + * sudoers.pod: + o Typo, Runas_User_List should be Runas_List o a User_List can not + contain a uid o mention that the Defaults section should come after + Alias definitions but before the user specifications + [54070ba2092b] -2004-09-25 13:15 millert +2001-12-15 Todd C. Miller - * sudo.c: g/c sudo_pwdup proto + * sudoers.cat, sudoers.man.in: + regen + [e62d1d97693c] + + * sudoers.pod: + Fix listpw and verifypw sections, they were not being formatted + properly. + [123868c2f3e9] -2004-09-24 20:21 millert + * sudoers.cat, sudoers.man.in: + regen + [f94841f8b374] - * Makefile.in, sudo.psf: Add target for building a depot file + * sudoers.pod: + fix typos + [f278f1c1184e] -2004-09-24 20:07 millert + * configure: + regen + [d2270049ba9f] - * mon_systrace.c: trim includes + * config.h.in, configure.in: + use AC_SYS_POSIX_TERMIOS instead of rolling our own + [c1a13f1354b9] -2004-09-24 14:11 millert + * README: + Reference sudo.ws not courtesan.com + [ca13be67ebd7] - * lex.yy.c, sudo.tab.h: regen + * PORTING: + Add notes on shadow passwords + [aa13863f2314] -2004-09-24 14:10 millert + * BUGS: + In list mode (sudo -l), characters escaped with a backslash are + shown verbatim with the backslash. + [1a75a2858be2] - * INSTALL: document --with-systrace + * sudoers: + Add simple examples from OpenBSD (Marc Espie) + [3ae9a9ae4125] -2004-09-24 14:10 millert + * tgetpass.c: + Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP. + [f8817699ee10] - * config.h.in, configure, configure.in: Add check for setproctitle + * CHANGES: + minor prettyification + [f523587929b9] -2004-09-24 14:09 millert + * CHANGES: + Updated change log + [39d9010ee7a8] - * mon_systrace.c: pass struct str_msg_ask in to syscall checker so - it can set the error code + * testsudoers.c: + Fix CIDR handling here too. + [c91db8344c32] -2004-09-24 13:30 millert + * auth/pam.c: + Apparently a NULL response is OK + [83bae61078d9] - * mon_systrace.c: systrace(4) support for sudo. On systems with - the systrace(4) kernel facility (OpenBSD, NetBSD, Linux w/ - patches) sudo can intercept exec calls and check the exec args - against the sudoers file. In other words, sudo can now control - subcommands and shell escapes. + * TODO: + Checkpoint for upcoming beta release + [efb95c09df2a] -2004-09-24 13:17 millert + * TROUBLESHOOTING: + Many people believe that adding a runas spec should obviate the need + for the -u flag. It does not. + [c698bad85b0e] + + * RUNSON: + checkpoint update for upcoming 1.6.4 beta + [009e465a0a45] + + * config.h.in: + o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even + if HAVE_STRING_H is defined -- this is safe now + [d27c035f4e14] - * sudo.c, sudo.h: Call systrace_attach() if FLAG_TRACE is set. + * PORTING: + Add signals section + [2d24c13cb3c8] -2004-09-24 13:15 millert + * configure: + regen + [2b80a939e2ed] - * parse.c, parse.h, parse.lex, parse.yacc, sudo.h: Add trace - Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE + * configure.in: + Fix check for sigaction_t + [6fa41c89ab20] -2004-09-24 13:13 millert + * sudo.c: + XXX - should call find_path() as runas user, not root. Can't do + that until the parser changes though. + [f0b4f85651bd] - * parse.c, sudo.c: Don't close sudoers_fp, keep it open and set - close on exec flag instead. + * sudo.c: + If find_path() fails as root, try again as the invoking user (useful + for NFS). Idea from Chip Capelik. + [e03fa7872692] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: + Regenerate after pod file changes + [48e4bd75ec21] -2004-09-24 13:11 millert + * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h, + sudo.pod, sudoers.pod: + Add new sudoers option "preserve_groups". Previously sudo would not + call initgroups() if the target user was root. Now it always calls + initgroups() unless the -P command line option or the + "preserve_groups" sudoers option is set. Idea from TJ Saunders. + [4f730359f101] - * def_data.c, def_data.h, def_data.in: Add trace option +2001-12-14 Todd C. Miller -2004-09-23 20:24 millert + * compat.h, config.h.in: + Use new HAVE_SIGACTION_T define + [dfb25f3cae5b] - * Makefile.in: Add systrace + * logging.c: + Fix compilation on K&C + [7355e3275e34] -2004-09-23 20:23 millert + * configure: + regen + [a710584f92f0] - * INSTALL: SunOS /bin/sh blows up with configure + * configure.in: + Add check for sigaction_t -- IRIX already defines this so don't + redefine it. + [df9c5737f6da] -2004-09-23 20:23 millert + * snprintf.c: + fix typo + [3d782b8134c8] - * configure, configure.in: Include sys/param.h before systrace.h + * interfaces.c: + need stdlib.h here too + [c789d8973ab2] -2004-09-23 20:15 millert + * configure: + regen + [44822856bf46] - * configure: regen + * configure.in: + Remove redundant checks for string.h, strings.h and unistd.h + [933c94f8bbf4] -2004-09-23 20:15 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + Regen from pod files + [ad18c590f638] - * pathnames.h.in: _PATH_DEV_SYSTRACE + * BUGS: + Update for 1.6.4 + [26bc88b69d22] -2004-09-23 20:14 millert + * configure, lex.yy.c, sudo.tab.c: + regen + [bef89fd6fa2d] - * configure.in: line up options in --help + * strerror.c: + Return EINVAL if errnum > sys_nerr + [0512374e6661] -2004-09-23 20:11 millert + * auth/sudo_auth.h: + o Update copyright year + [a877016db6e2] - * config.h.in, configure.in: Add --with-systrace + * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h, + config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h, + sudo.pod: + o Update copyright year + [e15a1b39039f] + + * configure.in: + o Don't define STDC_HEADERS unconditionally for IRIX o Update + copyright year + [82a8cb819e07] + + * README: + update version + [d82e523a16b4] + + * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, + auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, + auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc, + set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c, + visudo.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [fe39f76b3795] + + * lsearch.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [764ba3d4fa13] + + * getspwuid.c, goodpath.c, interfaces.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [fb46d46140d4] + + * getcwd.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [b199d70ac7ab] -2004-09-23 13:35 millert + * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c, + fnmatch.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [dab8f192a3ed] + + * configure: + regen + [156658f25cea] + + * tgetpass.c: + flags set in signal handlers should be volatile sig_atomic_t + [c22931a5535e] + + * config.h.in, configure.in: + Add checks for volatile and sig_atomic_t + [b03b3341381d] + + * configure, lex.yy.c: + regen + [ed9daba88217] + + * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c, + sudo.c, sudoers.pod: + Remove "secure_path" Defaults option since it cannot work with the + existing parser. + [c9e54a0f5971] + + * find_path.c, sudo.c: + Unset "secure_path" if user_is_exempt() + [fb7544565ae8] + + * env.c, pathnames.h.in: + o Remove assumption that PATH and TERM are not listed in env_keep o + If no PATH is in the environment use a default value o If TERM is + not set in the non-reset case also give it a default value. + [c987eb7df268] - * configure: regen + * aclocal.m4, configure.in, defaults.c, pathnames.h.in: + _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on + systems that define in paths.h + [51865b0cdebf] + + * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h: + Add support for skeyaccess(3) if it is present in libskey. + [8add77c7d3e7] + +2001-12-13 Todd C. Miller + + * sudo.c: + Only need to do 'lc = login_getclass(NULL)' if lc == NULL + [5a3d3cbf2c6d] + + * parse.lex: + '\\' is a perfectly legal character to have in a command line + argument. + [c15a466ef00e] + + * sudo.c: + o Defer call to set_fqdn() until it is safe to use log_error() o + Don't print errno string value if gethostbyname fails, it is not + relevant + [c0c6bcf08bcb] + + * parse.c: + Fix CIDR -> in_addr_t conversion. + [2f307ebeb63f] + +2001-12-12 Todd C. Miller + + * sudoers.pod: + Remove an extra "User_List" in the User_Spec definition From + ybertrand AT snoopymail.com + [97bde59ea280] + + * parse.c: + Make 'listpw=never' work for users who are not explicitly mentioned + in sudoers. + [258f0f30a428] + + * sudoers.pod: + Remove gratuitous '=' in EBNF grammar; era AT iki.fi + [4b0f03872ee1] + + * sudoers.pod: + Document new list Defaults type and convert env_keep and env_delete + to lists. Document new env_check option. + [a07f1f079fe3] + + * lex.yy.c, sudo.tab.c, sudo.tab.h: + regen parser + [e39ac6c6581b] + + * parse.lex: + Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec + to #[0-9-]+. + [69c5388908f3] + + * configure: + regen + [0f1877b88cb3] + + * aclocal.m4: + Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK + [6545503ae361] + + * config.h.in, configure.in: + Add check for skeyaccess(3) + [6caf69fe6359] + + * visudo.pod: + Document new -c, -f, and -q options + [13d0203c21d3] + + * visudo.c: + o Add -f option (alternate sudoers file) o Convert to use getopt(3) + [4c2b664d617d] + + * configure: + regen + [6d5bd932e7b5] + + * aclocal.m4, config.h.in, configure.in: + Add check for isblank and a replacement macro if it doesn't exist. + [b524f5e4f953] + +2001-12-11 Todd C. Miller + + * visudo.c: + In check-only mode, don't create sudoers if it does not already + exist. + [c748a2d5acad] + + * parse.yacc: + o Add a new token, DEFVAR, to indicate a Defaults variable name o + Add support for "+=" and "-=" list operators o replace some 1 and 0 + with TRUE and FALSE for greater legibility. + [554cb174b37e] + + * parse.lex: + o Use exclusive start conditions to remove some ambiguity in the + lexer. Also reorder some things for clarity. o Add support for + "+=" and "-=" list operators. o Use the new DEFVAR token to denote + a Defaults variable name. + [3a2cf8323e26] + + * sudo.h: + Prototype init_envtables() + [b74916469dab] + + * env.c: + o Convert environment handling to use lists instead of strings. + This greatly simplifies routines that need to do "foreach" type + operations. o Add new init_envtables() function to set env_check + and env_delete defaults based on initial_badenv_table and + initial_checkenv_table (formerly sudo_badenv_table). + [0a8b404658b6] + + * defaults.c, defaults.h: + o Add a new LIST type and functions to manipulate it. o This is for + use with environment handling variables. o Call new + init_envtables() routine inside init_defaults() to initialize the + environment lists. + [ae73e64f0902] + + * def_data.c, def_data.h, def_data.in: + Convert environment options to use the new LIST type and add a new + one, env_check that only deletes if the sanity check fails. + [3019503936de] + + * testsudoers.c: + Add dummy version of init_envtables() + [9d9e3ee609d9] + + * parse.yacc: + honor quiet mode + [8330fba6167c] + + * visudo.c: + Add check-only mode + [dab411bc8c35] + + * mkdefaults: + Fix generation of entries with NULL descriptions. + [ea75b9fed02e] + +2001-12-09 Todd C. Miller + + * tgetpass.c: + Use sigaction_t and quiet a gcc warning. + [6f67d719c452] + + * sudo.c: + Must reset signal handlers before we exec + [300418120e1a] + + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/sudo_auth.c: + Be carefule now that tgetpass() can return NULL (user hit ^C). PAM + version needs testing. Set SIGTSTP to SIG_DFL during password entry + so user can suspend us. + [00304aa58747] + + * tgetpass.c: + Add support for interrupting/suspending tgetpass via keyboard input. + If you suspend sudo from the password prompt and resume it will re- + prompt you. + [4af2b5101d32] + + * sudo.c: + Don't block keyboard interrupt signals, just set them to SIG_IGN. + [d46d7f67ef6b] + +2001-12-08 Todd C. Miller + + * config.h.in: + add back HAVE_SIGACTION + [c9c7702c603e] + + * configure: + regen + [09fe669d337f] + + * config.h.in, configure.in, logging.c, sudo.c, visudo.c: + Kill POSIX_SIGNALS define and old signal support now that we emulate + POSIX ones Also be sure to correctly initialize struct sigaction. + [4bc2a6dbb2be] + + * strerror.c: + Don't need config.h or "#ifndef HAVE_STRERROR" wrapper. + [1ad64a19f328] + + * compat.h: + Add scaffolding for POSIX signal emulation + [945861d4c93b] + + * sigaction.c: + o Add missing ';' so this compiles o Can't use NULL since we don't + include stdio.h + [04d0cac7438f] + + * sigaction.c: + Emulate sigaction() using sigvec() + [d0b54a989875] + +2001-11-13 Todd C. Miller + + * sudoers.pod: + Document new behavior of negative values of timestamp_timeout Fix a + typo + [4c0716570d01] + + * sudo.pod: + Add security note about command not being logged after 'sudo su' and + friends. + [43294851a33c] + + * sudo.pod: + Mention that -V prints default values when run as root, including + the list of environment variables to clear. + [d9e5e550a8c3] + + * Makefile.in: + Run pod2man with --quotes=none to avoid stupid quoting of C<> + entries. + [997b23c35dbe] + +2001-11-12 Todd C. Miller -2004-09-23 13:35 millert + * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod: + Add mail_badpass option Also modify mail_always behavior to also + send mail when the password is wrong + [838d40ccafce] - * aclocal.m4, configure.in: make this work with autoconf-2.59 + * env.c, sudo.c, sudo.h: + Dump default bad env table when 'sudo -V' is run by root. + [f67f1b8048b0] -2004-09-16 12:58 millert + * sudoers.pod: + document env_delete + [d74f893663a2] - * sudo_edit.c: Simplify logic around open & stat of files and do - sanity on edited file even if we lack fstat (still racable but - worth doing). + * env.c: + Add support for '*' in env_keep when not resetting the environment + (ie: the normal case). + [fd4fb62ea8fd] -2004-09-15 18:47 millert + * env.c: + Add env_delete variable that lets the user replace/add to the + bad_env_table. Allow '*' wildcard in env_keep entries. + [aa728bc35e29] - * HISTORY: Add support url +2001-11-06 Todd C. Miller -2004-09-15 16:11 millert + * mkinstalldirs: + Force umask to 022 to guarantee sane directory permissions. + [9ab3cfe70569] - * Makefile.in: versino 1.6.8p1 +2001-11-02 Todd C. Miller -2004-09-15 15:20 millert + * Makefile.in: + add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency + [671010465e6f] - * CHANGES: more changes for 1.6.8p1 + * mkdefaults: + fix breakage in last commit + [8318f8851e56] -2004-09-15 15:18 millert + * Makefile.in: + acsite.m4 -> aclocal.m4 + [30c146873a01] - * version.h: 1.6.8p1 + * check.c: + fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit + [4dc8b39954da] -2004-09-15 12:16 millert + * def_data.c: + regenerated from def_data.in + [915ea16ce1eb] - * CHANGES, sudo_edit.c: Add sanity check so we don't try to edit - something other than a regular file. + * check.c, defaults.c, defaults.h: + Add new T_UINT type that most things use instead of T_INT If + timestamp_timeout is < 0 then treat the ticket as never expiring (to + be expired manually by the user). + [3a3a636a2a5d] -2004-09-14 20:55 aaron + * def_data.in: + change most T_INT -> T_UINT + [a2228d2457af] - * CHANGES: sync + * mkdefaults: + fix warning when no args + [ca70a5394af5] -2004-09-14 20:21 aaron + * visudo.c: + Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if + we are a signal handler. We no longer print the signal number but + the user can just check the exit value for that. + [dc424f631fef] - * INSTALL: document --with-ldap-conf-file +2001-10-16 Todd C. Miller -2004-09-14 17:43 millert + * logging.c: + when setting up pipes in child process check for case where stdin == + pipe fd 0 + [518112d76184] - * CHANGES, ins_csops.h: political correctness strikes again +2001-10-11 Todd C. Miller -2004-09-14 15:09 millert + * visudo.c: + Ignore editor exit value since XPG4 says vi's exit value is the + count of editing errors made (failed searches, etc). + [b9d952284865] - * RUNSON: sync +2001-10-05 Todd C. Miller -2004-09-12 19:50 millert + * configure: + regen + [cb3aa586f03b] - * Makefile.binary.in, Makefile.in: Install sudoedit man link + * configure.in: + sco now is identified by config.guess as *-sco-* + [46664bbdea61] -2004-09-12 14:25 millert + * configure.in: + Check for getspnam() in -lgen if not in -lc for UnixWare. + [0f152ad1ba93] - * INSTALL: Update PAM note and mention where HP-UX users can - download gcc binaries. +2001-09-18 Todd C. Miller -2004-09-12 12:08 millert + * sudoers.pod, visudo.pod: + "upper case" -> "uppercase" + [f9151f232326] - * Makefile.in: libtool wants to install stuff from .libs so fake - one up for binary installations. + * sudoers.pod: + fix typos and grammar; pjanzen@foatdi.harvard.edu + [2855d73d0237] -2004-09-12 11:53 millert +2001-08-28 Todd C. Miller - * Makefile.binary.in: rm -f old sudoedit link instead of using ln - -f set LIBTOOL correctly + * sudoers.pod: + Missing word (specify); krapht@secureops.com + [65523eb37a2c] -2004-09-12 11:53 millert +2001-08-23 Todd C. Miller - * Makefile.in: Deal with "uname -m" having slashes in it rm -f old - sudoedit link instead of using ln -f + * sudo.c: + If we fail to lookup a login class, apply the default one. + [d4869faa6816] -2004-09-12 10:22 millert + * logging.c: + In log_error() free message, not logline unconditionally, then free + logline if it is not the same as message. No function change but + this mirrors how they are allocated. + [565e5f6cc643] - * Makefile.binary, Makefile.binary.in: Makefile.binary -> - Makefile.binary.in for config.status substitution Add support for - installing noexec bits +2001-07-17 Todd C. Miller -2004-09-12 10:21 millert + * configure: + regenerate + [834a48f548a2] - * Makefile.in: Copy noexec bits into binary dists too No longer use - my old arch script for making binary dists + * configure.in: + remove some backslash quotes that are unneeded + [50d401d6e2ca] -2004-09-12 09:36 millert + * configure.in: + o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ + instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we + can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have + to AC_DEFINE things manually. + [f502c5f15f92] - * Makefile.binary: Install sudoedit link. + * config.guess, config.sub: + Updated from autoconf-2.50 + [6140205915ef] -2004-09-11 12:25 millert +2001-05-22 Todd C. Miller - * emul/utime.h: avoid __P so there is no need for compat.h to be - included + * README: + Update mailing list section. We use mailman now, not majordomo. + [b9a8ca45e6dc] -2004-09-11 12:24 millert +2001-05-10 Todd C. Miller - * utimes.c: Don't use HAVE_UTIME_H before including config.h. + * getspwuid.c, logging.c, sudo.c: + Use setpwent()/endpwent() + all the shadow variants to make sure we + don't inadvertantly leak an fd to the child. Apparently Linux's + shadow routines leave the fd open even if you don't call setspent(). + Reported by mike@gistnet.com; different patch used. + [d33792ef6c01] -2004-09-10 12:31 millert +2001-04-13 Todd C. Miller - * compat.h: Fix Solatis futimes macro + * sudoers.pod: + s/eg./e.g./ + [bd32a0acaf93] -2004-09-09 11:02 millert + * tgetpass.c: + select() may return EAGAIN. If so, continue like we do for EINTR. + [5f202c943818] - * sudo_edit.c: Rename ots -> omtim for improved readability. + * logging.c: + Fix a non-exploitable buffer overflow in the word splitting code. + This should really be rewritten. + [4c724363863a] -2004-09-08 14:38 millert + * Makefile.in: + FAQ link goes away + [1d26dd6c8972] - * sudo_edit.c: Redo changes in revision 1.7. Don't really need to - keep the temp file open; re-opening it with the invoking user's - euid is sufficient. + * INSTALL: + Tell people to look in sample.syslog.conf for examples, not FAQ + [affcae3f43ca] -2004-09-08 14:36 millert + * TROUBLESHOOTING: + Update list of env vars that are cleared + [234e56f1435a] - * CHANGES: sync + * sudo.c: + remove struct env_table decl since that stuff has all moved to env.c + [5dd923148777] -2004-09-08 14:35 millert +2001-04-04 Todd C. Miller - * sudo.cat, sudo.man.in: regen + * fileops.c: + Fix a pasto in flock-style unlocking and include for + flock on older systems; twetzel@gwdg.de + [d5420d9d2861] -2004-09-08 14:34 millert + * configure: + regen to get NeXT lockf/flock fix + [d3ba6ed70e15] - * sudo.pod: back out revision 1.70; it is no long applicable + * configure.in: + force NeXT to use flock since lockf is broken + [bd5391dca1bb] -2004-09-08 11:57 millert +2001-03-30 Todd C. Miller - * env.c: Let the loader initialize nep + * check.c: + Use stashed user_gid when checking against exempt gid since sudo + sets its gid to a a value that makes sudoers readable. Previously + if you used gid 0 as the exempt group everyone would be exempt. From + Paul Kranenburg + [0b140cc3a817] -2004-09-08 11:49 millert +2001-03-29 Todd C. Miller - * configure, configure.in, config.h.in: Removed unneed check for - fchown Add check for gettimeofday Move autoheader template stuff - into separate AH_TEMPLATE lines + * configure: + regen + [cc455408f32b] -2004-09-08 11:48 millert + * aclocal.m4: + #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines + some types (such as ssize_t) therein. + [b6aee85ca331] - * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c: Use - timespec throughout. +2001-03-02 Todd C. Miller -2004-09-08 11:47 millert + * defaults.c: + Fix negation of paths in a boolean context. Problem found by + apt@UH.EDU + [8aee217a7cdf] - * Makefile.in: gettime.[co] +2001-02-23 Todd C. Miller -2004-09-08 11:47 millert + * visudo.c: + pasto + [ad32b277bf68] - * gettime.c: function to return the current time in a struct - timespec +2001-02-17 Todd C. Miller -2004-09-08 10:51 millert + * visudo.c: + SA_RESETHAND means the opposite of what I was thinking--oops To + block all signals in old-style signals use ~0, not 0xffffffff + [6ecdd793590a] - * utimes.c: Not a darpa-sponsored file. +2001-02-04 Todd C. Miller -2004-09-07 16:36 millert + * defaults.c: + coerce difference of pointers to int when used in a string length + printf format; deraadt@openbsd.org + [a9d10f07180d] - * compat.h, config.h.in, configure, configure.in: Add a check for - struct timespec and provide it for those without. +2001-01-17 Todd C. Miller -2004-09-07 15:56 millert + * visudo.c: + Block all signals in Exit() to avoid a signal race. There is still + a tiny window but I'm not going to worry about it. + [6661805c0458] - * config.h.in, configure, configure.in, sudo_edit.c: Add checks for - st_mtim and st_mtimespec and add macros for pulling the mtime sec - and nsec out of struct stat. These are used in sudo_edit() to - better tell whether or not the file has changed. +2001-01-07 Todd C. Miller -2004-09-07 15:55 millert + * env.c: + glibc uses the LANGUAGE env var so clear that too; Solar Designer + [d4ba95628afb] - * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c: Add an extra - param to touch() for nsec + * lex.yy.c: + Regenerate with a fix to flex.skl that preserves errno from + clobbering by isatty(). + [607eec736e19] -2004-09-07 14:06 millert +2000-12-31 Todd C. Miller - * sudo_edit.c: Call mkstemp() as the in invoking user so we don't - have to chown the file later. Only touch() the temp file if we - can do it via the file descriptor. Don't check for modification - of the temp file if we lack fstat(). Catch errors read()ing the - temp file. + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/sia.c, auth/sudo_auth.c: + Some defaults I_ defines got renamed. + [ec19b23caaf3] -2004-09-07 14:04 millert + * Makefile.in, check.c, def_data.c, def_data.h, def_data.in, + defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc, + set_perms.c, sudo.c, sudo.tab.c: + Move defaults info into its own files from which we generate .h and + .c files. This makes adding or rearranging variables much simpler. + [e91b880b5043] + +2000-12-30 Todd C. Miller + + * configure, configure.in: + fix typo in last commit + [10a6ee2bae71] + + * compat.h, config.h.in, configure, configure.in: + Add check + emulation for setegid (like seteuid). + [29492092bd2f] + + * env.c: + Make env_keep override badenv_table as documented Fix traversal of + badenv_table (broken in last commit) + [37c9f0d22673] + + * set_perms.c, sudo.c, sudo.h: + Don't try and build saved uid version of set_perms on systems w/o + them. Rename set_perms_saved_uid() -> set_perms_posix() Make + set_perms_setreuid simply be set_perms_fallback() and simply include + the appropriate function at compile time (setreuid() vs. setuid()). + [3107333c062c] + + * sudoers.cat, sudoers.man.in, sudoers.pod: + PATH is also preserved when env_reset is in effect + [90e45c5711ff] + + * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure, + configure.in, defaults.c, defaults.h, env.c, find_path.c, + getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, + sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c, + visudo.c, visudo.cat, visudo.man.in: + New Defaults options: o stay_setuid - sudo will remain setuid if + system has saved uids or setreuid(2) o env_reset - reset the + environment to a sane default o env_keep - preserve environment + variables that would otherwise be cleared + + No longer use getenv/putenv/setenv functions--do environment munging + by hand. Potentially dangerous environment variables can be cleared + only if they contain '/' pr '%' characters to protect buggy + programs. Moved environment routines into env.c (new file) + [c2f97651db4c] + + * INSTALL: + Clear up --without-passwd description + [2f336dab6733] + + * putenv.c, sudo_setenv.c: + We now build up a new environment from scratch and assign it to + "environ". + [6ae6152f2238] + +2000-12-19 Todd C. Miller + + * sudo.pod, visudo.pod: + Grammatical fixes from Paul Janzen + [e03ead2e56f8] + +2000-12-15 Todd C. Miller + + * visudo.c: + If there was a syntax error and the user just wants to quit, unlink + sudoers if it is zero length. + [74ba7921f520] + + * visudo.c: + 'Q' means ignore parse error, not 'q' + [e8d0e4491fe6] + + * visudo.c: + Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric + + [b24990a72491] - * fileops.c: If path is NULL and fd == -1 return -1. +2000-12-13 Todd C. Miller + + * set_perms.c: + Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org + [41a8db10e076] + +2000-12-09 Todd C. Miller + + * config.guess, config.sub: + Darwin / Mac OS X support from Wilfredo Sanchez + [6052da895d2e] -2004-09-07 13:31 millert +2000-11-03 Todd C. Miller + + * sudo.c, visudo.c: + Use exit(127), not exit(-1) + [9ff0c3eada34] - * sudo_edit.c: closefrom() is overkill, the only extra fds are the - ones we opened so just close those in the child. + * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c: + Move set_perms() to its own file and use POSIX saved uid or + setreuid() if available. -2004-09-07 13:14 millert + Added stay_setuid option for systems that have libraries that + perform extra paranoia checks in system libraries for setuid + programs (ie: anything with issetugid(2)). + [28960f842698] - * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, - configure, configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, - utimes.c, visudo.c: Use utimes() and futimes() instead of utime() - in touch(), emulating as needed. Not all systems are able to - support setting the times of an fd so touch() takes both an fd - and a file name as arguments. + * sudo.c: + strip more bits from the environment and add a facility for + stripping things only if they contain '/' or '%' to address printf + format string vulnerabilities in other programs. + [b98d6375f299] -2004-09-06 21:12 aaron +2000-11-02 Todd C. Miller - * env.c: Rare SEGV + * configure: + regen + [7e74e5c91049] -2004-09-06 16:46 millert + * configure.in: + For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of + strcasecmp(). + [a418e9e70442] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen + * configure: + regen + [bbff244a52bc] -2004-09-06 16:45 millert + * configure.in: + Check for strcasecmp(3) in -lc89 for NCR Unix + [361c99576681] - * sudo.pod, sudoers.pod, visudo.pod: Add SUPPORT section and - re-order some of the sections to match the order we use in - OpenBSD. +2000-11-01 Todd C. Miller -2004-09-06 15:05 aaron + * config.h.in: + Define HAVE_INNETGR #ifdef HAVE__INNETGR + [473cdb92b6db] - * env.c: Openldap ~/.ldaprc fix + * configure: + regen + [4e6364a195e0] -2004-09-06 12:18 millert + * compat.h, config.h.in, configure.in: + Add check for _innetgr(3) since NCR systems have that instead of + innetgr(3). + [25e6852e7494] - * sudo.pod: Talk about how the editor must write its changes to the - original file and not just use rename(2). +2000-10-31 Todd C. Miller -2004-09-06 12:12 millert + * auth/securid.c: + check return value of creadcfg() call sd_close() after sd_auth() + store username in sd->username so we don't rely on the USER env + variable + [d106b4f42722] - * CHANGES: sync +2000-10-30 Todd C. Miller -2004-09-06 12:11 millert + * INSTALL: + document --with-bsdauth + [f1518ecc2ee9] - * sudo_edit.c: Keep the temp file open instead of re-opening after - the editor has exited. + * configure: + regen + [dceb35071ea8] -2004-09-06 12:10 millert + * configure.in: + --with-bsdauth assumes --with-logincap + [4200778083fd] - * sample.pam: Update for current redhat/fedora core. + * auth/bsdauth.c, auth/fwtk.c: + When prompting for a response to a challenge, if the user just hits + return then reprompt with echo turned on. + [a539b6474a97] -2004-09-02 21:56 aaron +2000-10-29 Todd C. Miller - * README.LDAP: tls_ examples + * sudo.c: + Remove debugging code that should not have been committed, oops. + [9862607b77a7] -2004-09-02 00:03 aaron + * auth/bsdauth.c: + Use lower-level routines and get the password ourselves. Checks for + a challenge and if there is one echo is not turned off. + [2d8fcd166baa] - * ldap.c: config tls_* options + * auth/pam.c, auth/sudo_auth.h: + minor housekeeping, no real code changes + [d0074a277fb4] -2004-08-29 11:39 millert +2000-10-27 Todd C. Miller - * configure, configure.in: No need for -lcrypt when using pam. + * sudo.c: + Fix a coredump in the logging functions if gethostname(2) fails by + deferring the call to log_error() until things are better setup. -2004-08-26 23:57 millert + Fix return value of set_loginclass() in non-BSD-auth case. - * configure: regen + Hard-code 'sudo' in the usage message so we can fit more options on + a line + [d9d1b7579818] -2004-08-26 23:44 aaron + * logging.c: + Fix errant ';' (typo) that broken MSG_ONLY + [849b2276a470] - * configure.in, ldap.c, pathnames.h.in: Allow --with-ldap-conf-file - option to override LDAP_CONF +2000-10-26 Todd C. Miller -2004-08-26 22:08 aaron + * sudo.cat, sudo.man.in: + regen + [bb3c8c6704d1] - * ldap.c: cleanup debug message + * sudo.pod: + Document -a flag + [e18316cebaac] -2004-08-26 19:29 aaron + * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in, + configure, configure.in, getspwuid.c, sudo.c: + Add support for BSD authentication. + [f374cfd9ca0d] - * README.LDAP: more config info +2000-10-19 Todd C. Miller -2004-08-24 14:01 millert + * sudoers.pod: + Fix typo; from sato@complex.eng.hokudai.ac.jp + [3085fee9766e] - * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c: - Add cmnd_base to struct sudo_user and set it in init_vars(). Add - cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No - longer use gross statics in command_matches(). Also rename some - variables for improved clarity. +2000-10-12 Todd C. Miller -2004-08-21 14:33 millert + * sudoers.pod: + Mention negating umask + [c9e410294dae] - * INSTALL: document HP's crippled compiler deficiency. + * defaults.c: + Allow user to specify umask of 0777 (same as !umask) + [bb771daa96fe] -2004-08-21 14:25 millert +2000-10-09 Todd C. Miller - * INSTALL: Fix some thinkos in --with-editor and --with-env-editor - descriptions. Noticed by Norihiko Murase. + * sudo.pod, visudo.pod: + Fix a typo and give a URL for the sudo history. + [77f73199aedb] -2004-08-21 14:20 millert +2000-10-08 Todd C. Miller - * configure, configure.in: --with-noexec takes an optional PATH - argument. + * defaults.c, sudo.pod: + fix typos; pepper@reppep.com + [5532c7421340] -2004-08-21 14:20 millert +2000-09-14 Todd C. Miller - * INSTALL: document --with-noexec + * sudo.c, sudo.h, sudo_setenv.c: + sudo_setenv() now exits on memory alloc failure instead of returning + -1. + [71f1cf18f47b] -2004-08-17 16:21 millert +2000-09-07 Todd C. Miller - * RUNSON, TODO: sync + * sudo.c: + Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD + and possibly others. + [b69d985b0d22] -2004-08-17 15:11 millert + * logging.c: + Don't use vsyslog(3) since HP-UX (and others?) lack it. This means + that "%m" won't be expanded but we don't use that anyway since the + logging routines may splat to stderr as well. + [8d37a544d0c0] - * sudo_edit.c: Better warning message when sudoedit is unable to - write to the destination file. + * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in, + sudoers.pod: + Add always_set_home variable + [dbcaff646e07] -2004-08-17 14:53 millert + * configure, configure.in: + Have to hard code default values in help since the defaults are set + _after_ the help stuff. + [7b5d6d72f55c] - * sudo.cat, sudo.man.in: regen +2000-08-31 Todd C. Miller -2004-08-17 14:53 millert + * lex.yy.c, parse.lex: + Allow special characters (including '#') to be embedded in pathnames + if quoted by a '\\'. The quoted chars will be dealt with by + fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'. + [3ed33cf09977] - * sudo.pod: Don't italicize the string "sudoedit" +2000-08-13 Todd C. Miller -2004-08-16 18:45 millert + * install-sh: + Better path searching for programs we need. + [60517cb1f0d6] - * HISTORY: Mention GratiSoft. + * TROUBLESHOOTING: + Add section on "C compiler cannot create executables" errors. + [e4ada6eaee59] -2004-08-11 14:29 millert + * Makefile.binary, Makefile.in, version.h: + Crank version + [93d1bd5b7f5e] - * parse.yacc: Reset used_runas to FALSE when re-intializing the - parser. + * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in, + sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, + visudo.man.in, visudo.pod: + Substitute values from configure into man pages. + [619854c356c1] -2004-08-09 19:04 millert +2000-08-12 Todd C. Miller - * config.guess: Correct OpenBSD mips support + * parse.c, sudo.c: + The listpw and verifypw sudoers options would not take effect + because the value of the default was checked *before* sudoers was + parsed. Instead of passing in the value of PWCHECK_* to + sudoers_lookup(), pass in the arg for def_ival() so the check can be + deferred until after sudoers is parsed. + [4f596e358f72] -2004-08-09 17:28 millert +2000-08-11 Todd C. Miller - * config.guess: Add OpenBSD/mips + * tgetpass.c: + When writing prompt, no need to write the NUL as well; + hag@linnaean.org + [fbcdd7b431ee] -2004-08-06 23:43 aaron +2000-06-09 Todd C. Miller - * README.LDAP: More behavior notes + * install-sh: + When looking for chown, check in /sbin too + [657ba6653f8c] -2004-08-06 23:36 aaron +2000-06-05 Todd C. Miller - * README.LDAP: Updates on current behavior + * visudo.c: + Remove extraneous call to init_defaults() and set runas_user to NULL + betweem parses so init_defaults will reset it each time, thus + avoiding a reference to free()d data. + [7421fcd692af] -2004-08-06 19:56 millert +2000-06-04 Todd C. Miller - * sudo.pod, sudoers.pod: =back does not take an indentlevel (makes - no difference to formatted files). + * config.h.in, interfaces.c, interfaces.h, sudo.c: + Add support for using getifaddrs() to get the list of ip addr / + netmask pairs. Currently IPv4-only. + [a35bc4f7306d] -2004-08-06 19:48 millert + * visudo.c: + Add a missing check for UserEditor == NULL Add missing '+' before + line number when invoking editor to fix a syntax error + [f0d4635f6082] - * CHANGES: new +2000-05-12 Todd C. Miller -2004-08-06 19:42 millert + * sudo.c: + Call clean_env very early in main() for paranoia's sake. Idea from + Marc Esipovich. + [f8d72ebd0115] - * sudo.c: Consistency. Use same error for bad -u #uid when - targetpw is set as we do when a bad -u username is specified. +2000-05-10 Todd C. Miller -2004-08-06 19:33 millert + * sudo.h: + Update proto for evasprintf and easprintf + [d147d6e58419] - * TODO: Add checksum idea from Steve Mancini + * alloc.c: + Make easprintf() and evasprintf() return an int. + [b2ca5d089667] -2004-08-06 19:32 millert + * check.c: + If the targetpw flag is set, use target username as part of the + timestamp path. If tty tickets are in effect cat the tty and the + target username with a ':' as the separator. + [de11abc693c2] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen +2000-05-09 Todd C. Miller -2004-08-06 19:31 millert + * auth/pam.c: + Backout part of last change; setting PAM_USER to the invoking user + breaks things like targetpw. + [427218a7387f] - * sudo.pod, sudoers.pod: Document the restriction on uids specified - via -u when targetpw is set. + * auth/pam.c: + set tty and username via pam_set_item + [85d1922dbcc9] -2004-08-06 19:24 millert + * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h: + Fix root, runas, and target authentication for non-passwd file auth + methods. + [a14535e7b30c] - * sudo.c: Error out when targetpw is enabled and sudo is run with - -u #uid but #uid does not exist in the passwd database. We can't - do target authentication when the target is not in passwd! +2000-04-22 Todd C. Miller -2004-08-05 21:16 millert + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, + sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: + Use B<-Z> not C<-Z> for command line flags in all places. This is + more consistent and works around a bug in Pod::Man. + [64b5a05f30c5] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen + * sudoers.cat, sudoers.man.in, sudoers.pod: + Fix an occurence of 'semicolon' that should be 'colon' + [4ea5aacae3fb] -2004-08-05 21:14 millert +2000-04-19 Todd C. Miller - * TODO: Some more todo for the next release. + * configure, configure.in: + Fix --with-badpri help line + [3cc40977c043] -2004-08-05 21:13 millert +2000-04-17 Todd C. Miller - * INSTALL: Make it clear that PAM should be used for DCE support - when possible. + * defaults.c, logging.c, sudo.c: + Bracket calls to syslog with an openlog() and closelog() since some + authentication methods (like PAM) may do their own logging via + syslog. Since we don't use syslog much (usually just once per + session) this doesn't really incur a performance penalty. It also + Fixes a SEGV with pam_kafs. + [fe1cc28529f6] -2004-08-05 21:13 millert +2000-04-15 Todd C. Miller - * sudoers.pod: o Document problems with wildcards and relative - paths. o Make the order requirements more prominent. o Change a - "set" to "reset" for clarity. + * sudo.c: + Fix -H flag. runas_homedir is only valid after + set_perms(PERM_RUNAS, mode) + [ce9b1c6f68a6] -2004-08-05 14:29 millert +2000-04-12 Todd C. Miller - * sudo.pod: Mention --with-secure-path, not SECURE_PATH. + * INSTALL: + Clarify the fact that insults are not enabled just by including them + in the binary. + [d5a31d48320c] -2004-08-02 22:34 aaron +2000-04-07 Todd C. Miller - * ldap.c: reflect changes to parse.c + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + Regenerated with perl 5.6.0 pod2man + [21751433768b] -2004-08-02 14:44 millert + * Makefile.in: + Give date string to pod2man since its default is ugly and it ain't + got no alibi. + [0080b2f6298f] - * parse.c, parse.h, parse.yacc, testsudoers.c, visudo.c: Don't pass - user_cmnd and user_args to command_matches(), just use the - globals there. Since we keep state with statics anyway it is - misleading to pretend that passing in different cmnd and - cmnd_args will work. + * Makefile.in: + Do section substitution on the output of pod2man and remove hack + needed for old pod2man. + [1ef843d5c78b] -2004-08-02 14:40 millert + * sudo.pod, sudoers.pod, visudo.pod: + Put back real man sections, we will do the substitution later. + [f728c1abad7e] - * parse.c: Fix a bug introduced in rev. 1.149. When checking for - pseudo-commands check for a '/' anywhere in cmnd, not just the - first character. +2000-04-02 Todd C. Miller -2004-07-30 23:07 aaron + * configure, configure.in: + Don't bother checking for the path to vi if user specified --with- + editor + [bf698487e0d5] - * sudo.man.in, sudo.pod: Clarification thanks to Olivier Blin - +2000-04-01 Todd C. Miller -2004-07-30 22:41 aaron + * CHANGES, visudo.c: + Visudo now does its own fork/exec instead of calling system(3). + [99bbcd88863b] - * sudoers.man.in, sudoers.pod: Add ignore_local_sudoers + * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in, + sudoers.pod, visudo.c: + Visudo now checks for the existence of an editor and gives a + sensible error if it does not exist. -2004-07-30 22:06 aaron + The path to the editor for visudo is now a colon-separated list of + allowable editors. If the user has $EDITOR set and it matches one + of the allowed editors that editor will be used. If not, the first + editor in the list that actually exists is used. + [cc86eb9f5440] - * README.LDAP: Sun One schema definition by - Andreas.Bussjaeger@t-systems.com and janth@moldung.no + * sudo.cat, sudo.man.in, sudo.pod: + Clear up confusion wrt sudo's return value. + [9385b12d8e79] -2004-07-29 11:57 millert +2000-03-27 Todd C. Miller - * CHANGES: typo + * Makefile.in: + Strip sudo and visudo for bindist target + [a995ddd79177] -2004-07-23 16:44 millert + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, + sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: + Use @mansectsu@ and @mansectform@ in the man page bodies as well. + [5eb9e60a726f] [SUDO_1_6_3] + + * visudo.cat, visudo.man.in, visudo.pod: + Typo: @sysconf@ -> @sysconfdir@ + [f07f52fcd099] + + * Makefile.in: + 'make dist' should not cause any files to be modified so remove its + dependencies. + [7f44a2666a9c] + + * CHANGES: + Whoops, forgot to add release marker + [16c0f16b35b8] + +2000-03-26 Todd C. Miller + + * CHANGES: + Final change for 1.6.3 (or so I hope) + [473c89da6123] + + * sudo.cat, sudoers.cat, visudo.cat: + Use SYSV man sections since BSD systems will have nroff... + [0a6bd154324e] + +2000-03-24 Todd C. Miller + + * parse.yacc, sudo.tab.c: + When checking to see if the host/user matches in a defaults spec, + check against TRUE, not just non-zero since it might be -1. + [41f2b7ad3fdd] + + * configure, configure.in: + OSF/1 puts file formats in section 4, not 5. + [d77c1301afa9] + + * CHANGES, INSTALL, sudo.c: + Make login class support work on BSD/OS + [e9bbe3c08ade] + + * RUNSON: + Update for 1.6.3 + [c40ce1d76c4d] + + * configure, configure.in: + If there is no inet_addr but there *is* an __inet_addr that's ok + since inet_addr is probably just a macro then. The better thing to + do would be to look for the macro, but this is fine for now. + [1b8865ae4d68] + + * configure, configure.in: + Don't use shlicc for BSD/OS 4.x + [83fbf6dedd2c] + + * Makefile.in, configure, configure.in: + *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@ + configure variable so we can deal with this. Also, only remove *.man + for 'distclean' not 'clean'. + [30d56e6de214] + + * sudo.c: + set_loginclass() should be static like the proto says + [d570a2d55fb8] + +2000-03-23 Todd C. Miller + + * fnmatch.c: + Add #ifdef __STDC__ around the rangematch function header to avoid + promotion of test to int, thus violating the prototype. Gcc handles + this gracefully but more std ANSI compilers will complain. + [7d98c3e332b2] + + * emul/fnmatch.h: + Pull in newer fnmatch(3) that supports FNM_CASEFOLD + [4e1320852f8b] + + * aclocal.m4, configure, fnmatch.3, fnmatch.c: + Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for + FNM_CASEFOLD in configure + [9ef952bf1896] + + * CHANGES, TODO: + update for 1.6.3 + [e4ba6368a0c5] + + * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c: + Fully qualified hosts w/ wildcards were not matching the FQHOST + token type. There's really no need for a separate token for fully- + qualified vs. unqualified anymore so FQHOST is now history and + hostname_matches now decides which hostname (short or long) to check + based on whether or not the pattern contains a '.'. + [fbd2887d9811] + + * parse.h: + Fully qualified hosts w/ wildcards were not matching the FQHOST + token type. There's really no need for a separate token for fully- + qualified vs. unqualified anymore so FQHOST is now history and + hostname_matches now decides which hostname (short or long) to check + based on whether or not the pattern contains a '.'. + [dd7bbe223461] + + * lex.yy.c, parse.c, parse.lex, parse.yacc: + Fully qualified hosts w/ wildcards were not matching the FQHOST + token type. There's really no need for a separate token for fully- + qualified vs. unqualified anymore so FQHOST is now history and + hostname_matches now decides which hostname (short or long) to check + based on whether or not the pattern contains a '.'. + [630d9d205397] + + * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat, + sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c: + Add support for wildcards in the hostname. + [d8d821ed4238] + + * Makefile.in: + Add targets for *.man.in, using config.status to generate *.man from + *.man.in + [640e50ede485] + + * sudoers.cat, sudoers.man.in, sudoers.pod: + Document set_logname option and enbolden refs to sudo and visudo. + [9622b3a48707] + + * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat, + sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, + visudo.cat, visudo.man.in, visudo.pod: + Add FreeBSD login.conf support (untested on BSD/OS) based on a patch + from Michael D. Marchionna. configure now does substitution on the + man pages, allowing us to fix up the paths and set the section + correctly. Based on an idea from Michael D. Marchionna. + [463e928a0a2f] + + * auth/passwd.c: + Better fix for handling HP-UX aging info. + [3950f42d8549] + + * sudo.c: + Add support for set_logname run-time default + [c6a7cc76b8b4] + + * sudo.man.in, sudoers.man.in, visudo.man.in: + configure does substitution on these to produce *.man + [b83fc3c1bfc9] + + * sudo.man, sudoers.man, visudo.man: + These files now get generated from *.man.in at configure time. + [c499061f79e0] + +2000-03-22 Todd C. Miller + + * defaults.c, defaults.h: + Add set_logname option so users can turn off setting of LOGNAME/USER + environment variables. + [6316869180b8] + + * lsearch.c, parse.c, testsudoers.c: + kill register + [6e104e653748] + +2000-03-13 Todd C. Miller + + * auth/passwd.c: + HP-UX adds extra info at the end for password aging so when + comparing the result of crypt to pw_passwd we only compare the first + len(epass) bytes *unless* the user entered an empty string for a + password. + [3d24d4e4e889] + + * logging.c: + Get rid of grandchild hack, it was causing problems and there is + really no need for it. This fixes a bug where we spin eating up CPU + when the user runs a long-running process like a shell. + [5743b10b1e81] + +2000-03-07 Todd C. Miller + + * sudo.c: + User can always specify a login class if he/she is already root. + [710d160cef9f] - * CHANGES: sync + * config.h.in, configure, configure.in, defaults.c, defaults.h, + sudo.c, sudo.h: + FreeBSD login class (login.conf) support. + [026b981d6328] -2004-07-23 16:43 millert +2000-03-06 Todd C. Miller - * parse.c: Parse sudoers file as PERM_RUNAS not PERM_ROOT and - remove a useless PERM_SUDOERS. Restore to PERM_ROOT upon exit of - the parse. + * auth/sudo_auth.c: + HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support + [9cd4929f1a78] -2004-07-08 10:20 millert +2000-03-03 Todd C. Miller - * CHANGES: PAM change + * auth/passwd.c: + Truncate unencrypted password to 8 chars if encrypted password is + exactly 13 characters (indicateing standard a DES password). Many + versions of crypt() do this for you, but not all (like HP-UX's). + [a9d0259cb193] -2004-07-07 21:04 aaron +2000-03-02 Todd C. Miller - * ldap.c: Better debugging of ALL command + * INSTALL, RUNSON: + Mention that gcc on dynix may have problems + [77b97fa5bf1b] -2004-07-07 20:15 millert +2000-02-29 Todd C. Miller - * parse.c: When matching for "sudoedit" in sudoers check both the - command the user typed *and* the command that is listed in the - sudoers entry. + * Makefile.in: + Link visudo with NET_LIBS since we now call syslog via defaults.c + [9e3830b277cc] -2004-07-04 19:59 aaron + * defaults.c: + Use Argv[0] as the first arg to openlog() since visudo uses this + too. + [e61078f328ec] - * ldap.c: Added !command feature +2000-02-28 Todd C. Miller -2004-06-28 10:51 millert + * sudo.c: + Stash coredumpsize resource limit and retsore it before the exec() + Otherwise the child ends up with a coredumpsize of 0. + [f6a4783835a3] - * auth/pam.c: Use pam_acct_mgmt() to check for disabled accounts; - Brian Farrell +2000-02-27 Todd C. Miller -2004-06-10 23:11 millert + * sudo.cat, sudo.man, sudo.pod: + document -S flag + [3ebd805b7142] - * LICENSE: License is ISC-style, not BSD-style + * sudo.c: + fix usage string + [66b2dfa47fe8] -2004-06-10 20:58 millert + * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c, + auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c: + Added -S flag (read passwd from stdin) and tgetpass_flags global + that holds flags to be passed in to tgetpass(). Change echo_off + param to tgetpass() into a flags field. There are currently 2 + possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In + tgetpass(), abstract the echo set/clear via macros and if (flags & + TGP_ECHO) but echo is not set on the terminal, but sure to set it. + [a4fcbb712cd0] - * CHANGES: sync + * tgetpass.c: + Fixed a bug that caused an infinite loop when the password timeout + was disabled. + [2be1ffc5a39f] -2004-06-10 16:54 millert +2000-02-18 Todd C. Miller - * sudo.man.in, sudo.cat: regen + * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h, + sudoers.cat, sudoers.man, sudoers.pod, visudo.c: + Add rootpw, runaspw, and targetpw options. + [2d4563e46df7] -2004-06-10 16:53 millert + * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod, + visudo.c: + enveditor -> env_editor + [ddc5f856e583] - * sudo.pod: o Update some out of date bits to reality o Change the - shell promt in examples to bourne-shell style o Clarify some - details o Add a CAVEAT about "sudo cd /foo" +2000-02-16 Todd C. Miller -2004-06-10 16:19 millert + * BUGS, INSTALL, Makefile.in, README, configure, configure.in, + sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat, + visudo.man: + crank versino to 1.6.3 + [a5f7d3e74360] - * check.c: Don't ask for a password if invoking user == target - user. + * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man, + sudoers.pod, visudo.c: + Add 'editor' and 'enveditor' sudoers defaults and make visudo honor + them. This means that visudo will now parse the sudoers file + *before* it is edited so a bogus sudoers file will cause a warning + to go to stderr. Also, visudo checks the variables once--it does not + check them after each editor run since that could be confusing. + [9f5af18e9212] -2004-06-10 12:32 millert +2000-02-15 Todd C. Miller - * sudo.c: typo in comment + * RUNSON: + 1.6.2 -> 1.6.2p1 + [e25b74f1d1af] -2004-06-08 19:20 millert + * check.c, sudo.c, sudo.h: + Move user_is_exempt prototype into sudo.h + [daf26a6ded8a] - * sudoers.man.in, sudoers.cat: regen +2000-02-13 Todd C. Miller -2004-06-08 19:19 millert + * configure, configure.in: + Fix thinko, some && should have been || in the last commit + [4b9b2d487ded] - * sudoers.pod: Expand on NOEXEC a little. + * configure, configure.in: + Don't initialized Makefile variables to be NULL since the user may + want to import variables from their environment. + [7be019f4422c] -2004-06-08 16:20 millert +2000-02-04 Todd C. Miller - * TODO: sync + * configure, configure.in: + typo + [38f4d8971f0a] -2004-06-08 15:58 millert +2000-01-28 Todd C. Miller - * visudo.man.in, visudo.cat: regen + * sudo.tab.c: + fix a yacc (skeleton.c) warning + [a2da228a937b] -2004-06-08 15:55 millert +2000-01-27 Todd C. Miller - * CHANGES, parse.yacc, visudo.c, visudo.pod: Add a check in visudo - for runas_default being set after it has already been used. + * INSTALL, RUNSON, configure, configure.in: + Make pam work on HP-UX 11.0;jaearick@colby.edu + [b94de0ff6f42] -2004-06-08 13:53 millert + * CHANGES: + recent changes; prepare for 1.6.2p1 + [b291635ea141] - * parse.yacc: Add a MATCHED macro for testing whether foo_matches - has been set to TRUE or FALSE. This is more readable than - checking for >=0 or < 0. Doesn't change the actual code - generated. + * find_path.c: + Don't apply SECURE_PATH if user is example; jmknoble@pobox.com + [4306285c4f6e] -2004-06-06 20:11 millert +2000-01-26 Todd C. Miller - * sudoers.man.in, sudoers.cat: regen + * sudo.tab.c: + Regen with yacc that has a memory leak plugged. + [e26383a04eb7] -2004-06-06 20:07 millert + * sudoers.cat, sudoers.man, sudoers.pod: + Expanded docs on sudoers 'defaults' options based on INSTALL file + info. + [54c3d62d6c74] - * sudoers, sudoers.pod: Correct description of where Defaults specs - should go. + * INSTALL: + Fix some while lies + [d15311782150] -2004-06-06 20:02 millert +2000-01-24 Todd C. Miller - * find_path.c, ldap.c, logging.h, testsudoers.c, visudo.c, - auth/bsdauth.c, auth/kerb5.c, auth/pam.c: update (c) year + * Makefile.in: + When making a bindist, link FAQ to TROUBLESHOOTING instead of + copying. + [2d88a6ac88cf] -2004-06-06 19:58 millert + * sudoers.cat, sudoers.man, sudoers.pod: + Add netgroup caveat + [28d119f466e3] [SUDO_1_6_2] - * check.c, compat.h, defaults.c, env.c, find_path.c, getcwd.c, - ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c, - tgetpass.c, visudo.c, auth/bsdauth.c, auth/kerb5.c, auth/pam.c: - Remove trailing spaces, no actual code changes. + * RUNSON: + Last minute updates + [89fb4ed22d52] -2004-06-06 16:22 millert + * TROUBLESHOOTING: + PAM entry + [a9fd59f39457] - * parse.yacc: Fix a >=0 that should be <0 that was improperly - converted when UNSPEC was added. + * auth/pam.c: + correct a comment + [a29627225ba9] -2004-06-06 15:54 millert + * CHANGES, RUNSON: + update for 1.6.2 + [b7f1c40ea732] - * parse.yacc: Add do {} while(0) around pop macro Set cmnd_matches - to UNSPEC, not NOMATCH when resetting it. + * auth/pam.c: + Better detection of PAM errors and fix custom prompts with PAM. + Based on patches from "Cloyce D. Spradling" + [ff69234b94a5] -2004-06-06 15:39 millert +2000-01-20 Todd C. Miller - * parse.yacc: Fix pastos introduced in SETNMATCH addition. + * snprintf.c: + Cast ULONG_MAX to unsigned long long when comparing to an unsigned + long long value. + [9d918c3a2ecd] -2004-06-05 13:55 millert +2000-01-19 Todd C. Miller - * README.LDAP: Update for configure changes + * CHANGES, config.h.in, configure, configure.in, visudo.c: + Fix sudoers locking in visudo. We now lock the sudoers file itself, + not the temp file (since locking the temp file can foul up editors). + The previous locking scheme didn't work because the fd was closed + too early. + [de2011bb11ed] -2004-06-05 13:42 millert + * config.h.in, configure, configure.in: + Don't need test for ftruncate() any more. + [e5f71c848104] - * parse.yacc, sudo.h: Add NOMATCH and UNSPEC defines (-1 and -2 - respectively) and use these in parse.yacc. Also in parse.yacc - initialize the *_matches vars to UNSPEC and add two macros, - SETMATCH and SETNMATCH for use when setting *_matches to a value - that may be NOMATCH/UNSPEC/TRUE/FALSE. + * configure, configure.in: + Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with + the unbundled HP-UX cc. + [2c373612c644] -2004-06-05 11:17 millert +2000-01-18 Todd C. Miller - * parse.yacc: Initialize runas to -2, not -1 since we need to be - able to distinguish between the initialized value and the value - of a non-match when passing along the runas value to multiple - commands. + * sudoers.cat, sudoers.man, sudoers.pod: + "a a" -> "a"; Aaron Campbell + [05360d2c314e] - The result of this is that an unmatched runas is now set to -1, - not 0. This is required now that parse.c treats a FALSE value - for runas as being explicitly denied. +2000-01-17 Todd C. Miller -2004-06-03 16:21 millert + * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h, + parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c, + version.h, visudo.c: + update copyright year on changed files + [5792a2a28a4c] - * getprogname.c, sudo.c, visudo.c: Error out if argc < 1. + * RUNSON: + updates + [edf8f19aa403] -2004-06-03 12:37 millert + * CHANGES: + aix fix + [4d4a243b31e2] - * configure, configure.in: Add tests for what libs we need to link - with for ldap and for whether or not lber.h needs to be - explicitly included. + * INSTALL: + Crank version to 1.6.2 + [bcb5cb411624] -2004-06-02 20:30 aaron + * configure: + Crank version to 1.6.2 + [32a19f33427f] - * ldap.c: Solaris native LDAP build fix + * sudo.c: + When using rlimit check for RLIM_INFINITY When computing the value + of maxfd, use min(getdtablesize(), RLIMIT_NOFILE) + [8c16166802e5] -2004-06-01 16:56 millert + * CHANGES: + recent changes + [09fc7112e44d] - * ldap.c: Set edn to NULL is ldap_get_dn() fails to avoid potential - use of an unset variable. + * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man, + sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man: + Crank version to 1.6.2 + [055fa61a7c61] + + * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: + Add 'shell_noargs' runtime option back in. We have to defer + checking until after the sudoers file has been parsed but since + there are now other options that operate that way this one can too. + Based on a patch from bguillory@email.com. + [231db7a007a6] + + * defaults.c, defaults.h, parse.c, sudo.c, sudo.h: + Add "listpw" and "verifypw" options. + [190683bac878] + + * sudoers.cat, sudoers.man, sudoers.pod: + o Fix some typos/omissions o Add section on verifypw and listpw o + Define how NOPASSWD interacts with the -v and -l flags + [6feb7350eb79] + +2000-01-14 Todd C. Miller + + * configure, configure.in: + For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add + -D_HPUX_SOURCE to CPPFLAGS. + [06cc35d89dc8] + + * defaults.c, defaults.h: + In struct sudo_defs_types, move the union to the end and don't + initialize the union member since that only works with an ANSI + compiler. We set the value of the union by hand in init_defaults() + anyway. This allows sudo to compile on a K&R compiler again. + [623487e1fcfa] + +2000-01-11 Todd C. Miller + + * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c: + netgr_matches needs to check shost as well as host since they may be + different. + [3f43ace23d3e] + + * tgetpass.c: + End on \r as well as \n + [cb7c6e6f4202] + +2000-01-03 Todd C. Miller + + * sudo.c: + Update statbuf.st_mode based on SUDOERS_MODE when we are chaning + from 0400 to whatever SUDOERS_MODE is (converting from the old + sudoers mode). Assumes that SUDOERS_MODE is less restrictive than + 0400 which should always be the case. + [34cd83d49d20] + + * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c: + Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l + w/o a passwd if there is *any* entry for the user on the host with a + NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for + the user on the host w/ the specified runas user have the NOPASSWD + flag set. + [4b3b85697653] + + * Makefile.in: + add check target + [3d24d34a76fd] + +1999-12-16 Todd C. Miller + + * visudo.c: + Treat EOF at whatnow prompt like 'x' instead of looping. + [5deffc27114c] + +1999-12-10 Todd C. Miller + + * CHANGES: + recent changes + [5836a9452568] [SUDO_1_6_1] + +1999-12-09 Todd C. Miller + + * config.h.in, configure, configure.in, sudo.c: + Add check for initgroups() since old SYSV lacks this. + [657a6005a569] + + * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in, + parse.c, testsudoers.c: + o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if + exists. + [17d081e917d6] + +1999-12-06 Todd C. Miller + + * auth/sudo_auth.c: + Don't allow insults to be enabled if the insults[] array is empty. + Otherwise there would be division by zero. + [b20c14db6029] + + * insults.h: + Don't allow insults to be enabled if the insults[] array is empty. + Otherwise there would be division by zero. + [028f130204b0] + + * CHANGES, RUNSON: + Don't allow insults to be enabled if the insults[] array is empty. + Otherwise there would be division by zero. + [974f4780254b] + + * insults.h: + Don't care about USE_INSULTS #define since the insult stuff may be + overridden at runtime. + [b873df8b299c] + + * auth/sudo_auth.c: + Honor insults flag. + [756111640fdc] + + * CHANGES, parse.c: + Don't ask the user for a password if the user is not allowed to run + the command and the authenticate flag (in sudoers) is false. + [cea9fdc09c76] + + * CHANGES, RUNSON, lex.yy.c, parse.lex: + o Whenever we get a bare newline we change to the INITIAL state. o + Enter GOTRUNAS when we see Runas_Alias + + This allows #uid to work in a RunasAlias. + [a475513e7c7a] + +1999-12-05 Todd C. Miller + + * CHANGES, parse.yacc, sudo.tab.c: + fix parsing of runas lists: o oprunasuser and runaslist now return a + value o in a runasspec, if a runaslist does not return TRUE, set + runas_matches to FALSE. Normally, a runaslist only returns FALSE + for explicitly denied users. o since runaslist does not modify the + stack there is no need for a push/pop in runasalias. + [82b305b34a8c] + + * check.c, sudo.c: + Don't kill the user's tickets until after sudoers has been parsed + since tty_tickets and ticket_dir could be set in sudoers. + [f43e25367f3a] -2004-06-01 16:56 millert + * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON, + configure, configure.in, sudo.cat, sudo.man, sudoers.cat, + sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man: + crank version to 1.6 + [95f8bdcf9bb2] - * sudo.h: Add prototype for sudo_ldap_list_matches + * testsudoers.c: + add set_fqdn() stub + [bbc81af5b41a] -2004-06-01 16:53 millert +1999-12-02 Todd C. Miller - * compat.h, config.h.in, configure, configure.in: Better check for - dirfd macro--we now set HAVE_DIRFD for the macro version too. - Added check for dd_fd in `DIR' if no dirfd is found; this is now - used to confitionally define the dirfd macro in compat.h. + * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat, + sudoers.man, sudoers.pod, visudo.c: + o Kill shell_noargs option, it cannot work since the command needs + to be set before sudoers is parsed. o Fix the "set_home" sudoers + option (only worked at compile time). o Fix "fqdn" sudoers option. + We now set host/shost via set_fqdn which gets called when the + "fqdn" option is set in sudoers. o Move the openlog() to + store_syslogfac() so this gets overridden correctly from the + sudoers file. + [3dca861f0f5d] -2004-06-01 16:51 millert + * auth/securid.c: + SecurID support should compile now. + [a544e5c6ea34] - * closefrom.c: Only check /proc/$$/fd if we have the dirfd - function/macro. +1999-11-29 Todd C. Miller -2004-06-01 15:13 millert + * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat, + visudo.man, visudo.pod: + fix some syntactic goofs + [b3451f0d5239] - * compat.h, config.h.in, configure, configure.in: Add a check for a - dirfd() function (like Linux) and add a dirfd macro in compat.h - if there is no dirfd() function or macro. +1999-11-28 Todd C. Miller -2004-06-01 14:59 millert + * Makefile.in, sudo.html, sudoers.html, visudo.html: + No longer need the .html files as they are generated automatically + on the web site. + [1b4aa4204584] - * closefrom.c, getcwd.c: dirfd() is now defined in compat.h as - needed. + * CHANGES, LICENSE: + kill characters that made wml unhappy + [b988fbc6da56] -2004-06-01 14:30 millert + * HISTORY: + typo + [a418963f7fce] - * CHANGES: Clarify closefrom() note. +1999-11-25 Todd C. Miller -2004-06-01 12:51 millert + * README: + majordomo@cs.colorado.edu -> majordomo@courtesan.com + [5d151e8ffd3b] - * parse.c: When checking for a command in the directory, only copy - the base dir once. + * Makefile.in, configure: + Wrap script execution w/ /bin/sh for the benefit of ctm + [3a9c4766b2c3] -2004-06-01 12:44 millert +1999-11-24 Todd C. Miller - * closefrom.c: If there is a /proc/$$/fd directory, behave like the - Solaris closefrom() and only close the descriptors listed - therein. + * sudo.c: + Make the -s flag be exclusive too. Also reorder the flags in the + exclusive usage message so they are alphabetical. + [4c7af200db34] -2004-06-01 12:23 millert +1999-11-23 Todd C. Miller - * alloc.c: compat.h guarantees INT_MAX is defined. + * auth/pam.c: + make pam errors other than PAM_PERM_DENIED fatal + [64bcb3fd2baf] -2004-06-01 12:23 millert + * auth/API: + fix typo + [f3134c88b12e] - * compat.h: Add definitions of OPEN_MAX and INT_MAX for those - without it and remove definition of RLIM_INFINITY (now unused). + * INSTALL: + make it clear that /etc/pam.d/sudo is required on linux + [213cc3eaad82] -2004-05-31 21:22 millert + * auth/pam.c: + fix a warning on redhat and spew an error if pam_authenticate() + returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED + [7e46dd19da89] - * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, - parse.c, sudo.c, sudo.h, visudo.c: Use PATH_MAX, not MAXPATHLEN - since the former is standardized. + * sudo.cat, sudo.html, sudo.man, sudo.pod: + Be very clear that the password required is the user's not root's + [a6da127347e5] -2004-05-31 19:18 millert +1999-11-20 Todd C. Miller - * CHANGES: sync + * Makefile.in: + add sample.syslog.conf to DISTFILES and BINFILES + [8661c27c007e] -2004-05-31 19:10 millert +1999-11-19 Todd C. Miller - * RUNSON: Add some entries that were mailed in a while ago + * RUNSON: + updates from Brian Jackson + some formatting + [6d31c6fa63f8] -2004-05-31 14:16 millert +1999-11-18 Todd C. Miller - * closefrom.c: o sysconf returns a long, not an int. o check for - negative return value from sysconf/getdtablesize and use - OPEN_MAX in this case. o define OPEN_MAX to 256 for those - without it (a fair guess...) + * INSTALL.binary, Makefile.binary, README, RUNSON: + o One RUNSon update o Changes for automating real binary releases + [dd9585f4406c] -2004-05-30 12:25 millert + * Makefile.in: + Add bindist target + [546ed3fa94bb] - * UPGRADE: Mention change in parse order for RunAs entries. +1999-11-16 Todd C. Miller -2004-05-30 12:15 millert + * TROUBLESHOOTING: + talk about run-time options in addition to compile-time options + [1eb813ff0a9a] [SUDO_1_6_0] - * configure: regen + * CHANGES: + fix typos + [65e92bb70a7b] -2004-05-29 18:29 millert + * sudo.c: + need sys/time.h if HAVE_SETRLIMIT + [ce31655a8a60] - * config.h.in, configure.in, INSTALL, README.LDAP: o --with-ldap - now takes an optional dir as a parameter - o added check for ldap_initialize() and start_tls_s() + * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man, + sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod: + get rid of references to sudo-bugs. Now mention the web site or the + sudo@ alias + [a9db861fd8c6] -2004-05-29 14:54 millert + * sudoers.html: + repair pod2html damage + [62ece4277f1f] - * README.LDAP: Fix some typos, word choice and formatting issues. + * RUNSON, TODO: + Update for 1.6 release + [98569c57ba2a] + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + Add warning about using ALL in a command context. + [6c77685ab280] + +1999-11-09 Todd C. Miller + + * visudo.c: + Call yyrestart() on a parse error to reset the lexer state. + [1370a27acdb2] -2004-05-28 18:06 millert + * lex.yy.c, parse.lex: + Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c + since it might not get called in yywrap if we get a parse error + (and we only reread the file on error anyway). + [37f4b449e28e] + + * lex.yy.c, parse.lex: + Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that + might still exist. Call yyrestart() instead of using the deprecated + YY_NEW_FILE macro. + [7d0d873046c6] - * tgetpass.c: Use SA_INTERRUPT so SunOS works correctly, avoid - stdio and just use read/write as it is simpler. + * lex.yy.c, parse.lex: + flex doesn't need %N table size declarations + [268b020fd60a] -2004-05-28 16:27 millert + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + Mention what characters need to be escaped in names. + [72ccbb6b0f31] - * configure, configure.in: Remove hack overriding cross-compiler - check. It should no longer be needed. +1999-11-08 Todd C. Miller -2004-05-28 16:26 millert + * configure: + regen + [65827abb5c7b] + + * INSTALL: + clarify Mac OS X entry + [8da1549a71f5] - * compat.h: Remove select() compat bits since we no longer use - select(). + * RUNSON: + update + [0cff8df7459f] -2004-05-28 16:24 millert + * configure.in: + o Use AC_MSG_ERROR throughout o Check syslog configure options for + danity + [4cb81e642e5c] - * CHANGES, tgetpass.c: Use alarm() instead of select() for the - timeout for systems that don't fully/properly implement select(). +1999-11-05 Todd C. Miller + + * defaults.c: + Fix printing of type T_MODE in dump_defaults() + [a868bb6f5515] -2004-05-27 19:14 millert + * strcasecmp.c: + missing sys/types.h + [ca694ca325b6] - * CHANGES: synbc + * INSTALL: + Break out options that may be overridden at run time into their own + section. Add a not about Max OS X and correct some lies. + [d8bcfd120593] -2004-05-27 19:12 millert +1999-11-04 Todd C. Miller - * RUNSON: update + * CHANGES, config.h.in, configure, configure.in, sudo.c: + o Now use getrlimit to find the highest fd when closing all non-std + fd's o Turn off core dumps via setrlimit for the sake of paranoia + [dd9f651b6def] -2004-05-27 19:12 millert + * RUNSON: + updates + [f581841fe615] - * set_perms.c: Deal with systems that have no way of setting the - effective uid such as nsr-tandem-nsk. +1999-11-01 Todd C. Miller -2004-05-27 19:01 millert + * CHANGES: + updates + [553baa1d44c7] - * configure, configure.in: Define NO_SAVED_IDS if we don't find - seteuid() + * tgetpass.c: + When read()'ing, do a single character at a time to be sure we don't + go oast the newline. + [907d33f55bb4] -2004-05-27 18:21 millert + * sudo.c: + For the sudo_root option, check against user_uid, not getuid() since + at this point, ruid == euid == 0. + [92d5c51939b4] - * config.h.in, configure, configure.in: Add back check for - setreuid() since NSK doesn't have it. + * RUNSON: + some updates + [e3ed0c1f312b] -2004-05-27 15:57 millert + * logging.h: + Fix compilation problem when --with-logging=file was specified. + This means that syslog is now required to build sudo but that should + not be a problem. If it is it can be fixed trivially with a + configure check for syslog() or syslog.h. + [839a4b069190] - * sudoers.cat, sudoers.man.in: regen + * tgetpass.c: + Make this work again for things like "sudo echo hi | more" where the + tty gets put into character at a time mode. We read until we read + end of line or we run out of space (similar to fgets(3)). + [c8f746df2e63] -2004-05-27 15:56 millert +1999-10-20 Todd C. Miller - * BUGS, CHANGES: sync + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + change ital to bold + [f860978e530a] -2004-05-27 15:55 millert + * RUNSON: + update + [9bcfbb405568] - * parse.c: In sudoers_lookup() return VALIDATE_NOT_OK if the runas - user was explicitly denied and the command matched. This fixes a - long-standing bug and makes: foo machine = (ALL) - /usr/bin/blah foo machine = (!bar) /usr/bin/blah +1999-10-16 Todd C. Miller - equivalent to: foo machine = (ALL, !bar) /usr/bin/blah + * defaults.c: + Error out if syslog parameters are given without a value. For + Ultrix or 4.2BSD "syslog" is allowed without a value since there are + no facilities in the 4.2BSD syslog. + [69e7a686f5f0] -2004-05-27 15:52 millert +1999-10-15 Todd C. Miller - * sudoers.pod: Clarify mail_noperm + * defaults.c: + Ignore the syslog facility for systems w/ old syslog like Ultrix. + [5c250adbbb84] -2004-05-19 21:25 aaron + * TROUBLESHOOTING: + people with "." early in their path can have problems running sudo + from the build dir ;-) + [20a1744a24a4] - * Makefile.in: Missing DESTDIR in make install for sudo_noexec.la +1999-10-13 Todd C. Miller -2004-05-17 18:32 millert + * sudo.cat, sudo.html, sudo.man, sudo.pod: + Remove -r realm option + [127caa537f95] - * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat, - sudoers.cat, visudo.cat: regen + * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure, + configure.in, sudo.c: + New krb5 code from Frank Cusack . + [7177a3893a62] -2004-05-17 18:31 millert + * CHANGES: + update to reality + [766cfbb512d6] - * TODO: sync +1999-10-12 Todd C. Miller -2004-05-17 18:31 millert + * auth/fwtk.c: + include to get function prototypes. + [d6c7c12d09fe] - * sample.sudoers, sudoers.pod: Remove fastboot/fasthalt (who still - remembers these?) and add a minimal sudoedit example. + * sudo.cat, sudo.html, sudo.man, sudo.pod: + document -L flag + [dc803e1ce0d7] -2004-05-17 18:21 millert +1999-10-11 Todd C. Miller - * CHANGES, INSTALL, TROUBLESHOOTING, UPGRADE, sudo.c, visudo.c: - filesystem -> file system + * sudo.c: + in set_perms(), always call setuid(0) before changing the ruid/euid + so we always know it will succeed. + [8cced1b862bf] -2004-05-17 18:19 millert + * defaults.h: + #undef T_FOO to avoid conflicts with system defines (like on + ULTRIX). + [d9f0aac092b0] - * sudo.pod, sudoers.pod: Fix some minor typos and formatting goofs + * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man, + sudoers.pod: + Docuement "Defaults" lines in /etc/sudoers. Still needs some + fleshing out but this is a start. + [521a1e629bbc] -2004-05-17 18:10 millert +1999-10-10 Todd C. Miller - * lex.yy.c: regen + * use strtol, not strtoul since not everyone has not strtoul + [988462f093cc] -2004-05-17 17:57 millert + * defaults.c: + use strtol, not strtoul since not everyone has not strtoul + [fce835ce62e3] + + * lex.yy.c, parse.lex: + last {WORD} rule should only apply in the INITIAL state + [9b57570bfa83] + + * lex.yy.c, parse.lex: + o Add support for escaped characters in the WORD macro o Modify + fill() to squash escape chars + [87572d59e4e0] - * visudo.pod: remove my email addr + * defaults.c, defaults.h: + o Add T_PATH flag to allow simple sanity checks for default values + that are supposed to be pathnames. o Fix a duplicate free when + visudo finds an error. + [bdc6855a6c6d] -2004-05-17 17:55 millert +1999-10-09 Todd C. Miller - * sudo.pod, sudoers.pod, visudo.pod: Use @mansectform@ and - @mansectsu@ everywhere Make man page references links with L<> + * defaults.c, defaults.h, logging.c: + mail_if_foo -> mail_foo + [cbee9415875d] -2004-05-17 16:51 millert +1999-10-08 Todd C. Miller - * parse.lex: Accept quoted globbing characters and pass them - verbatim for fnmatch() + * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c: + o Add requiretty option o Move O_NOCTTY to compat.h + [65b8bf0e1795] -2004-05-17 16:50 millert + * logging.c: + The exit() in log_error() was mistakenly removed in a previous + version. Put it back... + [9473449130a4] - * UPGRADE: Document that /tmp/.odus is gone. +1999-10-07 Todd C. Miller -2004-05-17 16:28 millert + * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c, + auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in, + configure, configure.in, defaults.c, defaults.h, find_path.c, + getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c: + o Change defaults stuff to put the value right in the struct. o + Implement mailer_flags o Store syslog stuff both in int and string + form. Setting the string form magically updates the int version. + o Add boolean attribute to strings where it makes sense to say !foo + [4698953f9a36] - * CHANGES, aclocal.m4, configure, pathnames.h.in: No longer use - /tmp/.odus as a possible timestamp dir unless specifically - configured to do so. Instead, if no /var/run exists, use - /var/adm/sudo or /usr/adm/sudo. + * tgetpass.c: + add O_NOCTTY when opening /dev/tty just in case + [4c6d1d1bb300] -2004-05-17 16:08 millert +1999-10-06 Todd C. Miller - * check.c, compat.h, logging.c, set_perms.c, sudo.c, tgetpass.c, - visudo.c: Preliminary changes to support nsr-tandem-nsk. Based - on patches from Tom Bates. + * auth/API: + cleanup function no longer takes a status arg + [0819edbfe7f8] -2004-05-16 18:47 millert + * INSTALL: + the the + [19aadb65ea28] - * CHANGES: There was no 1.6.7p6. +1999-09-15 Todd C. Miller -2004-05-16 16:38 millert + * TODO, config.h.in, configure, configure.in, logging.c: + Use strftime() instead of ctime() if it is available. + [fb60ea63b514] - * BUGS, CHANGES: sync +1999-09-14 Todd C. Miller -2004-05-16 16:36 millert + * defaults.c: + fix copyright date + [4a53b54aa72f] - * Makefile.in: add missing files to DISTFILES + * RUNSON: + update ReliantUNIX entry + [de618a4f67d9] -2004-05-16 16:23 millert + * defaults.c, defaults.h, logging.c: + add log_year option + [251a9e20568a] - * sudoers.man.in, sudo.cat, sudoers.cat, visudo.cat: regen + * configure, configure.in: + add --without-sendmail to help output + [93162f199902] -2004-05-16 16:20 millert + * configure, configure.in: + enforce an otctal arg for --with-suoders-mode + [45e1b04ccad3] - * Makefile.in: Fix some line wrap and update (c) year +1999-09-08 Todd C. Miller -2004-04-28 15:05 aaron + * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c, + auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c, + auth/sudo_auth.c, check.c, config.h.in, configure, configure.in, + defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h, + parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, + testsudoers.c, version.c, visudo.c: + Add support for "Defaults" line in sudoers to make configuration + variables changable at runtime (and on a global, per-host and per- + user basis). Both the names and the internal representation are + still subject to change. It was necessary to make sudo_user.runas + but a char ** instead of a char * since this value can be changed by + a Defaults line. There is a similar (but more complicated) issue + with sudo_user.prompt but it is handled differently at the moment. - * README.LDAP: Build Note + Add a "-L" flag to list the name of options with their descriptions. + This may only be temporary. -2004-04-06 22:03 aaron + Move some prototypes to parse.h - * Makefile.in: Fix install-dirs + Be much less restrictive on what is allowed for a username. + [f71abf7ba80c] -2004-04-04 20:27 millert + * sample.syslog.conf: + Add more info + [e952e6f42d4d] - * visudo.c: In Exit() when used as a signal handler, emsg is a - pointer so sizeof() is wrong so make it a #define instead. Also - avoid using a negative exit value. Found by Aaron Campbell +1999-09-04 Todd C. Miller -2004-03-24 18:23 millert + * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c, + strcasecmp.c: + UCB has dropped the advertising clause from their license. + [a5602b36a341] - * sudoers.pod: Remove bogus sentence about uids in a User_List. - Document usernames vs. uid parsing in a Runas_List. +1999-08-31 Todd C. Miller -2004-03-24 18:06 millert + * auth/sudo_auth.h: + move dce_verofy proto to correct section + [972c815af558] - * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: If - the user specified a uid with the -u flag and the uid exists in - the passwd file, set runas_user to the name, not the uid. + * auth/dce.c: + remove XXX + [820631855be0] - When comparing usernames in sudoers, if a name is really a uid - (starts with '#') compare it numerically to pw_uid. +1999-08-28 Todd C. Miller + + * emul/fnmatch.h: + Add fnmatch() prototype + [79e84576d92a] -2004-03-22 13:35 millert + * fnmatch.c, parse.c, testsudoers.c: + Move inclusion of emul/fnmatch.h to be after sudo.h for __P + [1182c89fa811] - * auth/kerb5.c: krb5_mcc_ops should be const; Johnny C. Lam + * sudo.h: + add strcasecmp proto + [512d1d8a6a0c] -2004-02-28 18:54 aaron + * auth/sudo_auth.c: + add check for case where there are no auth methods + [e4af2b91b43e] - * CHANGES, config.h.in, ldap.c: Added start_tls support + * configure, configure.in: + Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on + SunOS4 w/ gcc + [746ce8bcec23] -2004-02-14 18:04 millert + * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c: + include strings.h everywhere we include string.h + [6f7d5d437e7b] - * Makefile.in: Clean up libtool stuff for 'make distclean' and add - def_data.c, def_data.h to PARSESRCS. + * version.c: + nicer output when showing auth methods + [0eac4b977f9d] + + * version.c: + Add support for SEND_MAIL_WHEN_NO_HOST + [9f20a3a3fae6] + + * config.h.in, configure, configure.in: + Add _GNU_SOURCE for Linux + [c7bd8c511847] + + * lex.yy.c, parse.lex: + fix definition of OCTECT + [4af30e63244d] + + * configure, configure.in: + aix_auth.o not authenticate.o + [fe95dfb08df4] + +1999-08-27 Todd C. Miller + + * sudo.c: + Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the + keyboard). Since we run with ruid/euid == 0 the user can't really + signal us in nasty ways. + [a7f6487c0f48] + + * visudo.c: + Don't need to worry about catching too many signals since we do + locking on the tmp file. If a lockfile is really stale, it will be + detected and overwritten. + [28983db3e749] + + * INSTALL, Makefile.in: + include auth/API in tarball + [014991600252] + + * auth/sudo_auth.c: + move memset() of plaintext pw outside of verify loop and only do the + memset if we are *not* in standalone mode. + [66f8e87567e2] -2004-02-14 10:13 aaron + * auth/sudo_auth.c, auth/sudo_auth.h: + DCE is not a standalone method + [34963e2d8a1b] - * strlcat.c, strlcpy.c: Un-Fix last license munge + * sudo.c: + fix --enable-noargs-shell + [4234062abbb0] + + * snprintf.c: + "#ifdef __STDC__" not "#if __STDC__" (I missed one) + [c430b80454c6] + + * auth/fwtk.c, auth/sia.c: + _cleanup() function returns an int. + [d1a1cc071ec1] + + * auth/dce.c: + there were still some return(0)'s hanging around, make them + AUTH_FAILURE + [1002aa1962c3] + + * parse.c: + typo in comment + [5abc410dbfd2] + + * version.c: + add missing semicolon + [a262283b52a5] + + * auth/sudo_auth.h: + missing backslash + [bf89f6bd2900] + +1999-08-26 Todd C. Miller + + * CHANGES, config.h.in, configure, configure.in: + Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes + [f1a9bca0cf67] + + * Makefile.in: + add parse.h to HDRS + [a3d054987766] + + * Makefile.in, configure, configure.in: + Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and + LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and + network libs like -lsocket, -lnsl go in NET_LIBS. This allows + testsudoers to build on Solaris and is a bit cleaner in general. + [4e6239e97002] + + * UPGRADE: + mention ptmp -> sudoers.tmp + [ec3baa0fe8a1] + + * config.h.in, configure, configure.in: + Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE + [6f93dc7f39f5] + + * RUNSON: + add 2 reports + [ce0fcc00ee4e] + + * auth/kerb5.c: + Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to + return a value more like a system function + [0dd56aa21424] + + * auth/dce.c: + Add an XXX + [58fc8562c212] + + * TODO: + more things todo! + [5a459d0cf339] + + * sample.sudoers: + update based on what is in the man page + [1a0477db96fa] + + * parse.yacc, sudo.tab.c: + minor change to first line printed in -l mode + [69eb57d96952] + + * sudo.cat, sudo.html, sudo.man, sudo.pod: + rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more + standard and add "EXAMPLES" section + [7e543335ebe1] + + * visudo.cat, visudo.html, visudo.man, visudo.pod: + rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more + standard + [f82d87ed65c2] + + * logging.c, parse.c, sudo.h: + add FLAG_NO_CHECK + [c7d69176a2d7] + + * lex.yy.c, parse.lex: + make an OCTET really be limited to 0-255 + [6ee568dd6a02] + + * UPGRADE: + mention timestamp changes + [e44d5302bf60] + + * PORTING: + cosmetic cleanup + [36fa3a2664dd] + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + new sudoers(8) man page + [e674d06283d0] + +1999-08-24 Todd C. Miller + + * version.c: + Update comments about syslog name tables + [63830a782dcb] + + * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc, + strcasecmp.c, sudo.tab.c: + include strcasecmp() for those without it + [a0d8e2488bbc] -2004-02-13 16:37 millert + * sample.sudoers: + Use the : operator some more and fix a typo + [18804c70da86] - * CHANGES, RUNSON, TODO: checkpoint + * HISTORY: + update the history of sudo + [9d9b3d5279b3] -2004-02-13 16:37 millert + * parse.c, parse.lex, testsudoers.c: + CIDR-style netmask support + [768644467353] + + * CHANGES: + recent changes + [a4319e9d07cb] + + * sudo.tab.c, sudo.tab.h: + these should be generated with byacc, not bison + [f57b9489b752] + + * lex.yy.c: + regen + [522461f95dfa] - * lex.yy.c, configure: regen + * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h: + In "sudo -l" mode, the type of the stored (expanded) alias was not + stored with the contents. This could lead to incorrect output if + the sudoers file had different alias types with the same name. + Normal parsing (ie: not in '-l' mode) is unaffected. + [823fe2bc4b79] + +1999-08-23 Todd C. Miller -2004-02-13 16:36 millert + * configure, configure.in: + define _XOPEN_SOURCE to get at crypt() proto on some systems + [1b3769b86fb9] - * LICENSE, Makefile.binary, Makefile.in, alloc.c, check.c, - closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c, - find_path.c, getprogname.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - interfaces.h, ldap.c, logging.c, logging.h, parse.c, parse.h, - parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c, - strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, - sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.man.in, - sudoers.pod, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, visudo.man.in, visudo.pod, zero_bytes.c, auth/afs.c, - auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, - emul/search.h, emul/utime.h: More to a less restrictive, - ISC-style license. +1999-08-22 Todd C. Miller + + * snprintf.c: + fix comment + [fc1264df00f7] -2004-02-12 21:08 aaron + * tgetpass.c: + don't need limits.h + [f1631829af45] - * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in, - def_data.c, def_data.h, def_data.in, ldap.c, sudo.c, sudo.h, - sudoers2ldif: Merged in LDAP Support + * snprintf.c: + kill bogus reference to vfprintf + [a0b99b25d389] -2004-02-08 15:53 millert + * sample.sudoers, sudoers: + better examples + [b4d87ea64cc8] - * sudo.h, sudo_noexec.c: Only do "extern int errno" if errno is not - a macro. + * snprintf.c: + Add some const in the K&R defs. This is safe since we define const + away if the compiler doesn't grok it. + [614d6e83d45e] -2004-02-06 18:08 millert + * aclocal.m4, configure: + Better test for working long long support. Ultrix compiler supports + basic long long but not all operations on them. + [5da1508710ed] - * set_perms.c: setreuid(0, 0) fails on QNX if the euid is not - already 0 so set the euid first, then just call setuid(0) to set - the real uid too. + * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c, + snprintf.c, sudo.c: + Add check for LONG_IS_QUAD #undef MAXINT before including + hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX + in snprintf.c and use LONG_IS_QUAD + [a1f7993367fc] -2004-02-06 14:52 millert +1999-08-21 Todd C. Miller - * set_perms.c: Use setresuid() and setreuid() for PERM_RUNAS when - appropriate instead of seteuid() which may not exist. + * LICENSE, aclocal.m4, config.h.in, configure, configure.in, + snprintf.c: + UCB-derived snprintf + asprintf support. Supports quads if the + compiler does. No floating point yet, perhaps later... + [0caf05aba945] + +1999-08-20 Todd C. Miller + + * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c, + goodpath.c, logging.c, parse.c, sudo.c: + Run most of the code as root, not the invoking user. It doesn't + really gain us anything to run as the user since an attacker can + just have an setuid(0) in their egg. Running as root solves + potential problems wrt signalling. + [408e530dda01] + + * sudo.tab.c: + regen + [f8cfb37e37de] + +1999-08-19 Todd C. Miller + + * logging.c, sudo.c: + Don't wait for child to finish in log_error(), let the signal + handler get it if we are still running, else let init reap it for + us. The extra time it takes to wait lets the user know that mail is + being sent. + + Install SIGCHLD handler in main() and for POSIX signals, block + everything + *except* SIGCHLD. + [d2b6ab0ef3be] + + * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c, + parse.yacc, sudo.c, sudo.h: + sudoers_lookup() now returns a bitmap instead of an int. This makes + it possible to express things like "failed to validate because user + not listed for this host". Some thigns that were previously + VALIDATE_FOO are now FLAG_FOO. This may change later on. + + Reorganized code in log_auth() and sudo.c to deal with above + changes. + + Safer versions of push/pushcp with in the do { ... } while (0) style + + parse.yacc now saves info on the stack to allow parse.c to determine + if a user was listed, but not for the host he/she tried to run on. + + Added --with-mail-if-no-host option + [63326cb01efc] + +1999-08-17 Todd C. Miller + + * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html, + visudo.man, visudo.pod: + o NewArgv and NewArgc don't need to be externally visible. o If + pedantic > 1, it is a parse error. o Add -s (strict) option to + visudo which sets pedantic to 2. + [5d7d81b55cd5] + + * HISTORY, INSTALL: + Just have sudo-bugs contact info in one place + [e7f6588ea683] + + * sudo.cat, sudo.html, sudo.man, sudo.pod: + Add BUGS section + [6607d96ea510] + + * Makefile.in, configure, configure.in: + Add testsudoers to default build target if --with-devel Don't clean + generated parser files unless "distclean". + [5827b769dc57] + + * parse.yacc, sudo.tab.c: + In pedantic mode we need to save *all* the aliases, not just those + that match, or we get spurious warnings. + [24f5b1f0e1de] + + * TROUBLESHOOTING: + reference samples.sylog.conf + [11841668380a] + +1999-08-14 Todd C. Miller + + * sample.syslog.conf: + Sample entries for syslog.conf + [0f7697d878a1] + + * CHANGES: + recent changes + [8bca8810c6bd] + + * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, + auth/sudo_auth.c, auth/sudo_auth.h: + In struct sudo_auth, turn need_root and configured into flags and + add a flag to specify an auth method is running alone (the only + one). Pass auth methods their sudo_auth pointer, not the data + pointer. This allows us to get at the flags and tell if we are the + only auth method. That, in turn, allows the method to be able to + decide what should/should not be a fatal error. Currently only + rfc1938 uses it this way, which allows us to kill the OTP_ONLY + define and te hackery that went with it. With access to the + sudo_auth struct, methods can also get at a string holding their + cannonical name (useful in error messages). + [b7e320fc6511] + + * INSTALL, Makefile.in, README, config.h.in, configure, configure.in, + getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c, + sudo.tab.h: + o --with-otp deprecated, use --without-passwd instead o real + dependencies in the Makefile o --with-devel option to enable yacc, + lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes + back to being a token, not a string but don't leak memory o rename + hsotspec -> host in parse.yacc + [912c45226cb2] + +1999-08-12 Todd C. Miller + + * BUGS, CHANGES: + recent changes + [801fa6e55687] + + * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c, + sudo.c, sudo.h: + o Digital UNIX needs to check for *snprintf() before -ldb is added + to LIBS since -ldb includes a bogus snprintf(). o Add forward refs + for struct mbuf and struct rtentry for Digital UNIX. o Reorder some + functions in snprintf.c to fix -Wall o Add missing includes to fix + more -Wall + [8d207203e126] + + * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure, + configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c, + visudo.c: + o Add a "pedentic" flag to the parser. This makes sudo warn in + cases where an alias may be used before it is defined. Only turned + on for visudo and testsudoers. o Add --disable-authentication option + that makes sudo not require authentication by default. The PASSWD + tag can be used to require authentication for an entry. We no + longer overload --without-passwd. + [f307e09adf98] + + * lex.yy.c, parse.lex: + Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a + username can contain just about anything so be very permissive. Also + drop the unused \. punctuation. + [06a50614ff89] + +1999-08-09 Todd C. Miller + + * parse.yacc, sudo.tab.c: + o add a 'val' element to aliasinfo struct and move -> parse.h o + find_alias() now returns an aliasinfo * instead of boolean o + add_alias() now takes a value parameter to store in the + aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now + return: 1) positive match 0) negative match (due to '!') + -1) no match This means setting $$ explicitly in all cases, which I + should have done in the first place. It also means that we always + store a value that is != -1 and when we see a '!' we can set + *_matches to !rv if rv != -1. The upshot of all of this is that '!' + now works the way it should in lists and some of the rules are more + uniform and sensible. + [ad8e73b5d581] + + * Makefile.in: + add parse.h dependency + [4ccccd464d30] + + * parse.h: + kill unused *_matched macros + [02cba6dcb732] + + * parse.yacc: + Allow a list of users as the first thing in a user spec, not just a + single entry. This makes things more uniform, though it does allow + you to write user specs that are hard to read. + [3c4c91c508ca] + + * sudo.tab.c: + parse.yacc + [feca81881bb6] + + * configure: + regen + [6f247010bb3b] + + * configure.in: + fix check for crypt() in libufc + [82770736f4b0] + +1999-08-07 Todd C. Miller + + * README: + sudo-users list now exists + [4716d2bb0bbf] + + * INSTALL, PORTING, README, TODO, TROUBLESHOOTING: + Update to reality. + [1eda2d57e42a] -2004-02-04 14:58 millert + * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h, + config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h, + version.c, visudo.c: + o Move lock_file() and touch() into fileops.c so visudo can use them + o Visudo now locks the sudoers temp file instead of bailing when the + temp file already exists. This fixes the problem of stale temp + files but it does *require* that you not try to put the temp file in + a world-writable directory. This shoud not be an issue as the temp + file should live in the same dir as sudoers. o Visudo now only + installs the temp file as sudoers if it changed. + [2517cd06c070] + +1999-08-06 Todd C. Miller + + * logging.c: + add fcntl locking + [c304adeaf515] + + * config.h.in, configure, configure.in, logging.c: + Lock the log file. + [d8652704fbdf] - * LICENSE: 2004 + * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c, + visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: + o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow + temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP + -> _PATH_SUDOERS_TMP + [68cad8975807] + +1999-08-05 Todd C. Miller + + * INSTALL, check.c, config.h.in, configure, configure.in, version.c: + o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to + root sudo -V config reporting + [cdd2613a9dcf] + + * configure, configure.in: + aix_auth.o not authenticate.o + [d972e35f6730] + + * config.h.in: + Add --with-goodpri and --with-badpri configure options to specify + the syslog priority to use. + [2595ae50ab86] + + * INSTALL, configure, configure.in, logging.h: + Add --with-goodpri and --with-badpri configure options to specify + the syslog priority to use. + [8276ee9b2b49] + + * compat.h: + kill crufty AIX stuff + [a4f35ef9854e] + + * Makefile.in: + Sigh, some versions of make (like Solaris's) don't deal with $< like + I would expect. Both GNU and BSD makes get this right but... So, we + just expand $< inline at the cost of some ugliness. + [b1b456f8801f] + + * version.c: + If the invoking user is root, sudo will now print configure info in + -V mode. Currently just prints logging info, to be expanded later. + [392f7ed99267] + + * logging.c, logging.h, sudo.c, sudo.h: + o new defines for syslog facility and priority o use new + print_version() functino for -V mode + [78abc5142985] + + * check.c: + Don't need version.c + [db9a830ad893] + + * aclocal.m4, config.h.in, configure, configure.in: + Add check for syslog facilities and priorities tables in syslog.h + [b86213e5fc5c] + + * Makefile.in: + o authenticate -> aix_auth o add version.c + [44b6b9a8d0f5] + + * auth/sudo_auth.c: + Missed a prompt -> user_prompt conversion + [e4c60b1f210c] + +1999-08-04 Todd C. Miller + + * TODO: + sudo should lock its logfile + [6d2830b28b07] + + * parse.yacc, sudo.tab.c: + o Add '!' correctly when expanding Aliases. o Add shortcut macros + for append() to make things more readable. o The separator in + append() is now a string instead of a char. o In append(), only + prepend the separator if the last char is not a '!'. This is a + hack but it greatly simplifies '!' handling. o In -l mode, Runas + lists and NOPASSWD/PASSWD tags are now inherited across entries in + a list (matches current behavior). o Fix formatting in -l mode such + that items in a list are separated by a space. Greatlt improves + readability. o Space for name field in struct aliasinfo is now + allocated dyanically instead of using a (big) buffer. o In + add_alias(), only search the list once (lsearch instead of lfind + + lsearch) + [51f7e07addb9] + + * lex.yy.c, sudo.tab.c, sudo.tab.h: + regen + [5c19bb05dc21] + + * configure, configure.in: + Solais pam doesn't require anye xtra setup + [a25ba03d91d1] + + * parse.yacc: + o Simpler '!' support now that the lexer deals with multiple !'s for + us. o In the case of opFOO, have FOO give a boolean return value and + set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since + it gets fill()'d in parse.lex--fixes a small memory leak. In the + long run it may be better to just fix parse.lex and make ALL back + into a token. However, having it be a string is useful since it + can be easily passed back to the parent rule if we so desire. + [b3c64b443018] + + * parse.lex: + o Remove some unnecessary backslashes o collapse multiple !'s by + using !+ and checking if yyleng is even or odd. this allows us to + simplify ! handling in parse.yacc + [76330e8da8e3] + + * sudo.c: + -u flag was being ignored + [e30283207585] + +1999-08-01 Todd C. Miller + + * Makefile.in: + correct fix + [a0e2377dec8f] + + * Makefile.in: + work around pod2man stupididy + [7c755640b67f] + + * Makefile.in: + correct dependencies for .cat + [5ed7b0653b68] + + * sudo.cat, sudo.man, visudo.cat, visudo.man: + regen + [b74510dd6a0a] + + * sudo.pod, visudo.pod: + Add copyright Update to reality + [188e9b046c15] + + * parse.c, sudo.c, sudo.h: + rename validate() to the more descriptive sudoers_lookup() + [7a1cb652f379] + + * auth/aix_auth.c: + use tgetpass + [b8ba5daec40a] + +1999-07-31 Todd C. Miller + + * CHANGES: + updates + [e61460cdf4a0] -2004-02-03 23:38 millert + * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING, + configure, configure.in, sudo.c: + Sudo, not CU Sudo + [9061b3573c0c] + + * LICENSE: + add 4th term to license similar to term 5 in the apache license + [92712e895afb] + + * emul/search.h, emul/utime.h: + add 4th term to license similar to term 5 in the apache license + [4f93a8b9396e] + + * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, + auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, + auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c, + auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c, + logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: + add 4th term to license similar to term 5 in the apache license + [afae9f2bf9ec] + + * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: + add 4th term to license similar to term 5 in the apache license + [c389d3fdafac] + + * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c, + getspwuid.c, goodpath.c: + add 4th term to license similar to term 5 in the apache license + [969e63dbd38e] + + * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in, + insults.h, logging.c, sudo.c, sudo.h: + there was a 1995 release too + [5963fd89457a] + +1999-07-28 Todd C. Miller + + * CHANGES: + updates + [254b794f16ab] + + * check.c: + Use dirs instead of files for timestamp. This allows tty and non- + tty schemes to coexist reasonably. Note, however, that when you + update a tty ticket, the mtime on the user dir gets updated as well. + [44bfac32f799] + + * configure, configure.in: + Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx" + when linking test program, not just -lprot. Also add check for + getspnam(). The SCO docs indicate that /etc/shadow can be used but + this may be a lie. + [2ba21d36cc1e] + +1999-07-24 Todd C. Miller + + * auth/API: + first cut at auth API description + [3d10df021eb8] + +1999-07-22 Todd C. Miller + + * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, + auth/secureware.c, auth/securid.c, auth/sudo_auth.c, + auth/sudo_auth.h: + auth API change. There is now an init method that gets run before + the main loop. This allows auth routines to differentiate between + initialization that happens once vs. setup that needs to run each + time through the loop. + [76df1c0d3478] + + * auth/kerb5.c, logging.c: + use easprintf() and evasprintf() + [fd97d96dc12f] + + * alloc.c, sudo.h: + add easprintf() and evasprintf(), error checking versions of + asprintf() and vasprintf() + [f54385de20b7] + + * TODO: + remove 2 items. One done, one won't do. + [64513b47bc7a] + + * lex.yy.c, sudo.tab.c: + regen + [4aa299de2752] + + * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat, + visudo.html, visudo.man: + regen + [553c0d1209be] + + * CHANGES: + new changes + [d7be00b7e36b] + + * sudo.pod: + o Document -K flag and update meaning of -k flag. o BSD-style + copyright o Document clearing of BIND resolver environment variables + o Clarify bit about shared libs o suggest rc files create /tmp/.odus + if your OS gives away files + [4a4092be1455] + + * visudo.pod: + BSD license + [ad0bfd0a4630] + + * version.h: + BSD-style copyright + [ecc6479325be] + + * tgetpass.c: + o BSD copyright o no need to block signals, we now do that in main() + o cosmetic changes + [61958beda7ab] + + * testsudoers.c, visudo.c: + o BSD-style copyright o Use "struct sudo_user" instead of old + globals. o some cometic cleanup + [88c0c6924082] + + * sudo_setenv.c: + BSD-style copyright + [df20290129a0] + + * sudo.h: + o BSD copyright o logging and parser bits moved to their own .h + files o new "struct sudo_user" to encapsulate many of the old + globals. + [50fc86bf25cb] + + * sudo.c: + o no longer contains sudo 1.1/1.2 code o BSD copyright o use new + logging routines o simplified flow of control o BIND resolver + additions to badenv_table + [8c53f15bfcb0] + + * strerror.c: + BSD-style copyright + [7c906c3a82ac] + + * snprintf.c: + Now compiles on more K&R compilers + [07ab1d3231c7] + + * putenv.c: + BSD-style copyright, cosmetic changes + [c42371295881] + + * pathnames.h.in: + BSD-style copyright + [e5c34ebd4cf1] + + * parse.c, parse.h, parse.lex, parse.yacc: + BSD-style copyright. Move parser-specific defines and structs into + parse.h + other cosmetic changes + [d3088efb6228] + + * logging.h: + defines for logging routines + [13147941c02d] + + * find_path.c, getspwuid.c, goodpath.c, interfaces.c: + BSD-style copyright, cosmetic changes + [e8205e91a4fa] - * INSTALL, config.h.in, configure, configure.in, ins_classic.h: Add - --with-pc-insults configure option + * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.h: + BSD-style copyright + [b9499da7cdce] + + * configure.in: + o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o + kill --disable-tgetpass o add --without-passwd o changes to fill in + AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and + v?asprintf() o replace --with-AuthSRV with --with-fwtk + [9a3f39b9c128] + + * config.h.in: + BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add + HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF, + HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD + [9a09054db53a] + + * compat.h: + BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing. + [25509c566975] + + * alloc.c: + BSD-style copyright + [4967be892363] + + * TROUBLESHOOTING: + no more --with-getpass + [afd5b670c196] + + * TODO: + Take out things I've done... + [375420c8270e] + + * README: + Refer to LICENSE + [c486c8db30f6] + + * PORTING: + --with-getpass no longer exists + [db48202df1bb] + + * Makefile.in: + BSD-style copyright. Update to reflect reality wrt new files and + new auth modules. + [61a2ca7940fb] + + * INSTALL: + Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and + --without-passwd. + [64e8f9e1c05e] + + * HISTORY: + Update history a bit + [df60c0a871b8] + + * COPYING, LICENSE: + Now distributed under a BSD-style license + [d1a184ccabe1] + + * auth/sudo_auth.c: + o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD + options. o skey/opie replaced by rfc1938 code o new struct sudo_user + global + [891b57060868] + + * auth/pam.c, auth/sia.c: + BSD-style copyright and use new log functions + [65c44445ea84] + + * auth/kerb5.c: + o BSD-style copyright o Use new log functiongs o Use asprintf() and + snprintf() where sensible. + [1ff0feaacf95] + + * check.c: + Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now + done more reasonably--better sanity checks and tty-based stamps are + now done as files in a directory with the same name as the invoking + user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible + to mix tty and non-tty based ticket schemes but this may change in + the future (it requires sudo to use a directory instead of a file in + the non-tty case). Also, ``sudo -k'' now sets the ticket back to + the epoch and ``sudo -K'' really deletes the file. That way you + don't get the lecture again just because you killed your ticket in + .logout. BSD-style copyright now. + [ec3460f85be8] + + * logging.c: + o rewritten logging routines. log_error() now takes printf-style + varargs and log_auth() for the return value of validate(). o BSD- + style copyright + [438292025c4e] + + * auth.c, check_sia.c, dce_pwent.c, secureware.c: + superceded by new auth API + [412060590da7] + + * auth/kerb4.c: + BSD-style copyright + [cc4e800833c7] + + * auth/fwtk.c: + Use snprintf() where it makes sense and add a BSD-style copyright + [1b7502388a74] + + * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h: + BSD-style copyright + [42583bedae5c] + + * emul/utime.h, utime.c: + BSD-style copyright + [3985c90aba47] + + * emul/search.h: + this has been rewritten so use my BSD-style copyright + [176df1b0de6f] + +1999-07-15 Todd C. Miller + + * snprintf.c: + include malloc.h if no stdlib.h + [7b123f1d1d03] + + * snprintf.c: + KTH snprintf()/asprintf() for systems w/o them + [3ca9aefb9d01] + + * strerror.c: + strerror() for systems w/o it + [7f0bd8a1c1b4] + +1999-07-12 Todd C. Miller + + * visudo.c: + stylistic changes + [6f99aceb7170] + + * parse.c, parse.lex, parse.yacc: + Add contribution info in the main comment + [e50cec10acd6] + +1999-07-11 Todd C. Miller + + * auth/pam.c: + remove missed ref to PAM_nullpw + [a43e59692cdb] + + * auth/sudo_auth.h: + pasto + [891ff138ab89] + + * auth/kerb5.c: + more or less complete now--still untested + [21036732faa0] + + * auth/afs.c, auth/pam.c: + don't use user_name macro, it will go away + [def7cf727349] + + * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h: + combine skey/opie code into rfc1938.c + [44d88ca93d3e] + + * auth/dce.c, auth/sudo_auth.h: + DCE authentication method; basically unchanged from dce_pwent.c + [4d468473dd6f] + + * auth/aix_auth.c, auth/sudo_auth.h: + AIX authenticate() support. Could probably be much better + [000013321a33] + + * auth/sia.c: + Fix an uninitialized variable and some cleanup. Now works (tested) + [fd6ad88ff055] + + * auth/sia.c, auth/sudo_auth.h: + SIA support for digital unix + [5335f3e70eab] + + * auth/pam.c: + don't use prompt global, it will go away + [fadd22dd6ce4] -2004-02-03 23:32 millert + * auth/secureware.c: + correct copyright years + [6aa07c49f51b] - * visudo.man.in: Prefer VISUAL over EDITOR like old vipw did. + * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c, + auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c, + auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h: + New authentication API and methods + [9debe9b59c79] -2004-02-01 15:45 millert +1999-07-08 Todd C. Miller - * sudo.man.in, sudoers.man.in: regen + * sudo.tab.c: + regen + [84578e82c1a6] -2004-02-01 15:44 millert + * parse.yacc: + only save an entry if user_matches && host_matches, even if the + stack is empty (fix for previous commit) + [00984b078d8a] - * sudoers.pod: Add a note that noexec is not a cure-all. + * sudo.tab.c: + regen + [66acf160b4b7] -2004-02-01 15:20 millert + * parse.yacc: + 1) Always save an entry on the stack if it is empty. This fixes the + -l and -v flags that were broken by earlier parser changes. - * sudoers.pod: Mention that disabling "root_sudo" is pretty - pointless. + 2) In a Runas list, don't negate FALSE -> TRUE since that would make + !foo match any time the user specified a runas user (via -u) other + than foo. + [f322eb54b015] -2004-02-01 15:20 millert + * testsudoers.c: + interfaces and num_interfaces are now auto, not extern + [113add5c6518] - * configure, configure.in: Substitute for root_sudo in sudoers.pod +1999-07-07 Todd C. Miller -2004-02-01 15:03 millert + * auth.c: + use a static global to keep stae about empty passwords + [bc02e30807d8] - * sudo.pod: Add sudoedit to the NAME section + * check_sia.c: + make PASSWORD_NOT_CORRECT logging consistent with other modules + [21962549d5fd] -2004-02-01 15:00 millert +1999-07-05 Todd C. Miller - * sudoers.pod: Document that fact that setting ignore_dot in - sudoers has no effect due to the fact that find_path() is called - *before* sudoers is read. + * auth.c: + PAM prompt code was wrong, looks like we have to kludge it after + all. + [91f246155ead] -2004-01-29 19:50 millert + * auth.c: + In the PAM code, when a user hits return at the first password + prompt, exit without a warning just like the normal auth code + [918f59bacdb7] - * sudo_edit.c: Do not require _PATH_USRTMP to be set. + * configure, configure.in: + kludge around cross-compiler false positives + [5e5fc8356400] -2004-01-29 19:42 millert + * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c: + New (correct) PAM code Tgetpass now takes an echo flag for use with + PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a + useless umask setting Change error from BAD_ALLOCATION -> + BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c + for consistency + [e71397f09dd8] - * BUGS, CHANGES, TODO: sync + * sudo.c: + Some -Wall and kill some trailing spaces + [8229b43d5c4e] -2004-01-29 19:42 millert + * configure.in: + define -D__EXTENSIONS__ for solaris so we get crypt() proto + [7533e4436cab] - * sudo.man.in: regen +1999-06-22 Todd C. Miller -2004-01-29 19:41 millert + * RUNSON: + add Dynix 4.4.4 + [b69f773efbce] - * sudo.pod: Clarify that when sudo is run by root with the - SUDO_USER variable set, the sudoers lookup happens for root and - not the SUDO_USER user. + * INSTALL, config.h.in, configure, configure.in: + for kerberos V < version, fall back on old kerb4 auth code + [d685ed3a1d8e] -2004-01-29 17:33 millert + * INSTALL: + clarify some things + [2f5ba2e8e53a] - * defaults.c, env.c, fnmatch.c, interfaces.c, logging.c, parse.c, - set_perms.c, sigaction.c, sudo.c, tgetpass.c, auth/pam.c, - auth/sudo_auth.c: Use the SET, CLR and ISSET macros. + * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod: + typos + [8925a109c093] -2004-01-29 16:22 millert +1999-06-14 Todd C. Miller - * interfaces.h: MAIN was replaced with _SUDO_MAIN some time ago. + * sudo.c: + mention why DONT_LEAK_PATH_INFO is not the default + [0346260cb4ec] -2004-01-29 16:15 millert +1999-06-03 Todd C. Miller - * sudo.c: Don't look at prev_user until after we've parsed sudoers - and done the password check. That way, if sudo/sudoedit is run - from a root process that was invoked by sudo, we check sudoers - for root, not the previous user. This makes sudoedit much more - useful and means that for the sudo case, we get correct logging - on who actually ran the command. + * tgetpass.c: + Fix open(2) return value checking, was NULL for fopen, should be -1 + for open + [355878bf6d8a] -2004-01-22 19:22 millert + * configure: + regen + [68bf82871862] - * sudo_edit.c: Add a comment describing why we need to be notified - about our child stopping. + * configure.in: + better wording for solaris pam notice + [04e88c7a6c42] -2004-01-22 16:06 millert + * CHANGES: + document recent changes + [7c922c5622ef] - * def_data.c, def_data.in: Update the noexec variable descriptions + * TROUBLESHOOTING: + Update shadow password section + [e8448bae7d66] -2004-01-22 14:18 millert + * auth.c: + move authentication code from check.c to auth.c + [e9f6ecae2399] - * sudoers.man.in, sudoers.pod: noexec now replaces more than just - execve() + * Makefile.in, check.c, sudo.h: + move authentication code to auth.c + [124cded85f46] -2004-01-22 12:14 millert +1999-05-17 Todd C. Miller - * sudo_noexec.c: Alas, all the world does not go through execve(2). - Many systems still have an execv(2) system call, Linux 2.6 - provides fexecve(2) and it is not uncommon for libc to have - underscore ('_') versions of the functions to be used internally - by the library. Instead of stubbing all these out by hand, - define a macro and let it do the work. Extra exec functions - pointed out by Reznic Valery. + * Makefile.in, check.c, check_sia.c, compat.h, find_path.c, + getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c, + logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c, + sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c, + visudo.c: + Move interface-related defines to interfaces.h so we don't have to + include everywhere. + [e7599d8ea0bf] -2004-01-21 21:57 millert +1999-05-14 Todd C. Miller - * sudo.c, sudo_edit.c: Fix suspending the editor in -e mode. - Because we do a fork() first we need to be notified when the - child has been stopped and then send that same signal to ourself - so the shell can do its job control thing. + * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c, + parse.yacc, sudo.c, sudo.tab.c, tgetpass.c: + o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It + turns out the old DES crypt does the right thing with passwords + longert than 8 characters. o Fix common typo (necesary -> + necessary) o Update TODO list + [ad75007a6f13] -2004-01-21 21:44 millert +1999-05-03 Todd C. Miller - * visudo.c: Use WIFEXITED and WEXITSTATUS macros. If there are - systems out there that want to run sudo that still don't support - these we can try to deal with that later. + * sudo.c: + set $LOGNAME when we set $USER + [391596210fd7] -2004-01-21 20:03 millert +1999-04-27 Todd C. Miller - * lex.yy.c: regen + * INSTALL: + add comment about digital unix and interfaces.c warning with gcc + [e20f815901cc] -2004-01-21 20:00 millert +1999-04-15 Todd C. Miller - * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod: Document sudo - -e / sudoedit + * sample.sudoers: + use modern paths and give examples for some of the new parser + features + [e7b2e507c695] -2004-01-21 19:08 millert +1999-04-10 Todd C. Miller - * configure, configure.in: fix typo + * parse.c: + fix comment + [5eb0d005a65f] -2004-01-21 19:02 millert + * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c, + getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c, + parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: + Function names should be flush with the start of the line so they + can be found trivially in an editor and with grep + [3c400abde574] + + * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc, + sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c: + free(3) is already void, no need to cast it + [6981e1ebda0f] + + * logging.c, sudo.c, sudo.h: + catch case where cmnd_safe is not set (this should not be possible) + [3e1e3038546c] + + * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c, + testsudoers.c, visudo.c: + Stash the "safe" path (ie: the one listed in sudoers) to the command + instead of stashing the struct stat. Should be safer. + [aa2883fcf57e] + +1999-04-08 Todd C. Miller + + * INSTALL, Makefile.in, UPGRADE: + notes on updating from an earlier release + [df9fffa4ab2c] + + * CHANGES: + updated + [574f5065d15a] + +1999-04-07 Todd C. Miller + + * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html, + sudoers.man, sudoers.pod: + You can now specifiy a host list instead of just a host or alias. + Ie: user = host1,host2,ALIAS,!host3 my_command now works. + [e3942bb78021] + + * testsudoers.c: + Quiet -Wall + [a3edc8b08c3a] + + * parse.yacc, sudo.tab.c: + Move the push from the beginning of cmndspec to the end. This means + we no longer have to do a push at the end of privilege, just reset + some values. + [8ea66e5860c6] + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can + use "!" most everywhere + [aadae4d1c9d5] + +1999-04-06 Todd C. Miller + + * sudoers.pod: + modernize paths and update su example based on sample.sudoers one + [3f6a37e16c83] + + * sample.sudoers: + New runas semantics + [756ee92865b7] + + * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in, + strdup.c, sudo.h: + In estrdup(), do the malloc ourselves so we don't need to rely on + the system strdup(3) which may or may not exist. There is now no + need to provide strdup() for those w/o it. Also, the prototype for + estrdup() was wrong, it returns char * and its param is const. + [5f1f984da8e3] + + * getcwd.c: + $Sudo tag + [e4188a35e68c] + + * check.c: + buf should be prompt; Michael Robokoff + [2aec87c86cde] + + * CHANGES, TODO, parse.yacc, sudo.tab.c: + It is now possible to use the '!' operator in a runas list as well + as in a Cmnd_Alias, Host_Alias and User_Alias. + [a4fdaabda990] + + * logging.c, sudo.h: + Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM + [73d0376785ae] + + * sudo.h: + Definitions of *_matched were wrong--user top, not top-2 as + subscript. + [5f8350a57362] + + * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c: + Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a + command but the NOPASSWD flag was set. Make runasspec, runaslist, + runasuser, and nopasswd typeless in parse.yacc Add support for '!' + in the runas list Fix double printing of '%' and '+' for groups and + netgroups respectively Add *_matched macros (no need for local stack + variable). Should only be used directly after a pop (since top must + be >= 2). + [392b1400c4e6] + + * aclocal.m4, configure.in: + Add copyright, somewhat silly + [55c2cdd82dca] + +1999-04-05 Todd C. Miller + + * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c, + compat.h, config.h.in, configure, configure.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, + putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, + sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man, + testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, + visudo.man: + Crank version to 1.6 and combine copyright statements + [0e1c791658ae] + + * sample.sudoers: + Use ! not ^ to do negation + [1480a0761730] + + * lex.yy.c, sudo.tab.c: + regen + [89ca5a46684b] + + * parse.lex, parse.yacc: + Make runas and NOPASSWD tags persistent across entris in a command + list. Add a PASSWD tag to reverse NOPASSWD. When you override a + runas or *PASSWD tag the value given becomes the new default for the + rest of the command list. + [f1bbb4066542] + +1999-04-02 Todd C. Miller + + * CHANGES, RUNSON: + update for 1.5.9 + [a1ae9d4a7d54] [SUDO_1_5_9] + + * visudo.c: + Shift return value of system(3) by 8 to get real exit value and if + it is not 1 or 0 print the retval along with the error message. + [c1ff50d743fb] + +1999-03-30 Todd C. Miller + + * Makefile.in: + testsudoers needs LIBOBJS too + [972571b4e4bf] + + * parse.c, parse.yacc, sudo.tab.c: + Fix another parser bug. For a sudoers entry like this: millert + ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls + as root. + [51968e1eb33d] + + * CHANGES: + new change + [271c6110bb62] + + * parse.yacc, sudo.tab.c: + Save entries that match a ! command on the matching stack too + [5afb5107116c] + + * sudo.c: + Make sudo's usage info better when mutually exclusive args are given + and don't rely on argument order to detect this; nick@zeta.org.au + [2422753c88fd] + +1999-03-29 Todd C. Miller + + * CHANGES, Makefile.in, RUNSON: + updates from CU + [b37381e3dafb] + + * Makefile.in: + use gzip + [94a64e52a166] + + * parse.yacc, sudo.tab.c: + Fix off by one error introduced in *alloc changes + [95ede581153a] - * config.h.in, configure.in: Add SET/CLR/ISSET + * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c, + check_sia.c, compat.h, config.h.in, configure, configure.in, + dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, + sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, + sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: + ++version + [c6d88f024e37] -2004-01-21 18:55 millert + * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c, + interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, + putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c, + sudo_setenv.c, testsudoers.c, utime.c, visudo.c: + Use emalloc/erealloc/estrdup + [44221d97361a] - * sudo.c: Allow non-exclusive flags when invoked as sudoedit. - Pretty print the long usage() line to not wrap (assumes 80 char - display) + * alloc.c: + error checking memory allocation routines + [5f8c1e7bbc71] -2004-01-21 18:01 millert + * parse.yacc, sudo.tab.c: + Still not right, this fixes it for real + [ad553b6f5339] - * Makefile.in, sudo.c: If sudo is invoked as "sudoedit" the -e flag - is implied and no other flags are permitted. + * parse.yacc, sudo.tab.c: + Fix for previous commit + [4d6f989f9bf2] -2004-01-21 18:00 millert + * CHANGES, INSTALL, parse.yacc: + Fix a parser bug that was exposed when mixing different runas specs + and ! commands. For example: millert ALL=(daemon) + /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root + as well as daemon when it should just allow daemon. The problem was + that comma-separated commands in a list shared the same entry on the + matching stack. Now they get their own entry iff there is a full + match. It may be better to just make the runas spec persistent + across all commands in a list like the user and host entries of the + matching stack. However, since that is a fairly major change it + should gets its own minor rev increase. + [c4b939cdcc8e] - * sudo.h: Add a new flag, -e, that makes it possible to give users - the ability to edit files with the editor of their choice as the - invoking user, not the runas user. Temporary files are used for - the actual edit and the temp file is copied over the original - after the editor is done. +1999-03-28 Todd C. Miller -2004-01-21 17:25 millert + * check.c, config.h.in: + Simplify PAM code and fix a PAM-related warning on Linux + [2468399523b6] - * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: Add a new - flag, -e, that makes it possible to give users the ability to - edit files with the editor of their choice as the invoking user, - not the runas user. Temporary files are used for the actual edit - and the temp file is copied over the original after the editor is - done. +1999-03-26 Todd C. Miller -2004-01-21 17:06 millert + * CHANGES: + updates + [29d4a997769c] - * sudo.c, env.c: If real uid == 0 and the SUDO_USER environment - variables is set, use that to determine the invoking user's true - identity. That way the proper info gets logged by someone who - has done "sudo su" but still uses sudo to as root. We can't do - this for non-root users since that would open up a security hole, - though perhaps it would be acceptable to use getlogin(2) on OSes - where this a system call (and doesn't just look in the utmp - file). + * sample.sudoers: + better su entry + [76d8285a72ba] -2004-01-21 16:58 millert + * configure: + regen + [b7450cc6975d] - * pathnames.h.in: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP + * check.c, configure.in: + new pam code that works on solaris, should work on linux too; + aelberg@home.com + [84c16c0ff259] -2004-01-21 16:57 millert +1999-03-19 Todd C. Miller - * configure, config.h.in, configure.in: Add check for fchown(2) + * RUNSON: + more entries + [b6bef8660759] -2004-01-20 14:22 millert + * config.h.in: + only include strings.h if there is no string.h + [b66054a32b00] - * sudo.c: Back out portions of the -i commit that set NewArgv[0] in - set_runaspw. It is far to late to set NewArgv[0] there and will - have no effect anyway as cmnd and safe_cmnd have already been - set. +1999-03-17 Todd C. Miller -2004-01-20 14:18 millert + * config.guess: + Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com + [c086d2fe63af] - * visudo.c, visudo.pod: Prefer VISUAL over EDITOR like old vipw - did. +1999-03-13 Todd C. Miller -2004-01-18 20:17 millert + * sudo.c: + shost must be set before log functions are called #ifdef HOST_IN_LOG + [d49a7944358f] - * env.c, sudo.c: In -i mode always set new environment based on the - runas user's passwd entry. +1999-03-07 Todd C. Miller -2004-01-18 17:56 millert + * CHANGES, lex.yy.c, parse.lex: + Fix a bug wrt quoting characters in command args. Stop processing + an arg when you hit a backslash so the quoted-character detection + can catch it. + [2281438d7f41] - * sudo.man.in, sudo.pod: Document the new -i flag and sync SYNOPSIS - section with usage() in sudo.c. Also sort the flags in the - OPTIONS section. +1999-02-26 Todd C. Miller -2004-01-18 17:55 millert + * interfaces.c: + include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru + [31118a9e9916] - * sudo.c, sudo.h: o Add -i that acts similar to "su -", based on - patches from David J. MacKenzie o Sort the flags in the usage - message +1999-02-24 Todd C. Miller -2004-01-18 17:22 millert + * configure, configure.in: + add missing case statement so --without-sendmail works + [ca25614f7dd9] - * sudoers.man.in, sudoers.pod: Add a missing @runas_default@ - substitution. +1999-02-23 Todd C. Miller -2004-01-17 16:34 millert + * CHANGES: + more + [4d70e44f7f93] - * sudo.c: Change euid to runas user before calling find_path(). - Unfortunately, though runas_user can be modified in sudoers we - haven't parsed sudoers yet. +1999-02-22 Todd C. Miller -2004-01-17 16:25 millert + * configure, configure.in: + only search for -lsun in irix <= 4.x + [e604238317b1] - * sudoers.man.in, sudoers.pod: Add missing defintion of - Parameter_List and use single pipes in the Defaults EBNF - definition. + * configure, configure.in: + back out last configure.in change now that I've hacked autoconf to + fix the real problem and add a missing newline + [2dabf59a79b5] -2004-01-17 13:49 millert + * CHANGES: + updated + [bb35d526552f] - * sudo.c: Fix a bug when set_runaspw() is used as a callback. We - don't want to reset the contents of runas_pw if the user - specified a user via the -u flag. + * getcwd.c: + add def of dirfd() for those without it + [95f0173d8441] - Avoid unnecessary passwd lookups in set_authpw(). In most cases - we already have the info in runas_pw. + * configure, configure.in: + When falling back to checking for socket() when linking with + "-lsocket -lnsl" check for main() instead since autoconf has already + cached the results of checking for socket() in -lsocket. This is + really an autoconf bug as it should use the extra libs as part of + the cache variable name. + [a845f8b710ad] -2004-01-16 18:16 millert + * configure.in: + typo + [a7d62f62a478] - * check.c: Add Stan Lee / Uncle Ben quote to the lecture from - RedHat +1999-02-21 Todd C. Miller -2004-01-16 18:12 millert + * configure.in: + fix occurrence of $with_timeout that should be + $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni- + bochum.de + [8c4da2cf73d1] - * sudo.h: Update sudo_getepw() proto and add one for set_runaspw() +1999-02-17 Todd C. Miller -2004-01-16 18:10 millert + * sudo.cat, sudo.html, sudo.man, sudo.pod: + fix grammar; espie@openbsd.org + [7031d9dfbc3e] [SUDO_1_5_8] - * parse.c: If we can't stat the command as root, try as the runas - user instead. +1999-02-11 Todd C. Miller -2004-01-16 18:09 millert + * parse.yacc, sudo.c, testsudoers.c: + add cast for strdup in places it does not have it + [7ce4478d3b0f] - * testsudoers.c, visudo.c: Add stub set_runaspw() function +1999-02-09 Todd C. Miller -2004-01-16 18:09 millert + * configure, configure.in: + define for_BSD_TYPES irix + [858337ff4af8] - * sudo.c: Add set_runaspw() function to fill in runas_pw. This - will be used as a callback to update runas_pw when the runas user - changes. +1999-02-07 Todd C. Miller -2004-01-16 18:07 millert + * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod: + Make it clear that it is the user's password, not root's, that we + want. + [ae0f51b35ee4] - * env.c, sudo.c: PERM_RUNAS -> PERM_FULL_RUNAS + * check.c, sudo.h: + If the user enters an empty password and really has no password, + accept the empty password they entered. Perviously, they could + enter anything + *but* an empty password. Also, add GETPASS macro that calls either + tgetpass() or getpass() depending on how sudo was configured. + Problem noted by jdg@maths.qmw.ac.uk + [2fde21ce94c1] -2004-01-16 18:05 millert +1999-02-03 Todd C. Miller - * set_perms.c, sudo.h: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add - a PERM_RUNAS that just changes the euid. + * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, + dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: + add explicate copyright + [d3b4449834a5] -2004-01-16 18:04 millert + * CHANGES: + mention -lsocket, -lnsl configure changes + [9140af4ad8ae] - * getspwuid.c: Make sudo_pwdup() act like OpenBSD pw_dup() and - allocate memory in one chunk for easy free()ing. Also change it - from static to extern. +1999-02-02 Todd C. Miller -2004-01-16 18:03 millert + * sudo.c: + Don't clobber errno after calling check_sudoers(). + [59bd581b2654] - * defaults.c, defaults.h: Add callback support +1999-02-01 Todd C. Miller -2004-01-16 18:02 millert + * configure, configure.in: + When linking with both -lsocket and -lnsl be sure to do so in that + order. Also, when we can't find socket() or inet_addr() and have to + try linking with both libs, issue a warning. + [0ee547163067] - * def_data.c, def_data.in, mkdefaults: Add a callback field and use - it for runas_default + * sudo.cat, sudo.man, sudo.pod: + clarify bad timestamp and fmt + [70e42cf56c75] -2004-01-15 15:13 millert +1999-01-23 Todd C. Miller - * auth/fwtk.c: Add support for chalnecho and display server - responses used by fwtk >= 2.0 + * INSTALL, RUNSON: + be clear that pam is linux-only and add a RUNSON entry + [7fdeab875e0d] -2004-01-12 18:39 millert +1999-01-22 Todd C. Miller - * sudoers.man.in, sudoers.pod: ld.so is ld.so.1 on solaris + * CHANGES, INSTALL, configure, configure.in: + fix and correctly document --with-umask; problem noted by + adap@adap.org + [11cd0481d63a] -2004-01-12 14:03 millert +1999-01-20 Todd C. Miller - * Makefile.in, config.h.in, configure, configure.in, sudo.c, - sudo.h: Use closefrom() instead of doing the equivalent inline. + * configure, configure.in: + only use /usr/{man,catman}/local to store man pages if suer didn't + override prefix or mandir + [781ad2cbe9be] -2004-01-12 13:55 millert + * INSTALL, configure, configure.in: + fix typo, make --with-SecurID take an arg + [026a9b4014fc] - * closefrom.c: closefrom(3) for systems w/o it +1999-01-19 Todd C. Miller -2004-01-09 16:29 millert + * RUNSON: + updates from users + [2286982b31e6] - * sudoers.man.in: Update from .pod file. + * CHANGES, INSTALL, check.c, configure, configure.in: + FWTK 'authsrv' support from Kevin Kadow + [23aa4e5c6b02] -2004-01-09 16:26 millert + * configure, configure.in: + better fix for the problem of unresolved symbols in -lnsl or + -lsocket + [82fe70fc287f] - * configure, configure.in: Substitute noexec_file for the sudoers - man page + * configure, configure.in: + when checking for functions in -lnsl and -lsocket link with both of + them to avoid unresolved symbols on some weirdo systems + [1734a591808e] -2004-01-09 16:24 millert +1999-01-18 Todd C. Miller - * sudo.man.in, sudo.pod: Mention noexec + * BUGS, CHANGES, RUNSON, TODO: + old changes that didn't make it into RCS before the RCS->CVS switch + [846eb2b8f9aa] -2004-01-09 16:16 millert +1999-01-17 Todd C. Miller - * sudoers.man.in, sudoers.pod: Document noexec + * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, + configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c, + getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c, + lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, + secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c, + sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c, + visudo.pod: + add sudo tags + [962f81eaa5ab] + + * sudo.h: + testing Sudo tag + [e84cbc521129] + + * version.h: + testing Sudo tag + [a8c3a3998b88] + + * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h, + config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h, + find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, + logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, + secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man, + sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c, + utime.c, version.h, visudo.c, visudo.cat, visudo.man: + crank version and regen files + [23eacf00a1a4] + + * Makefile.in: + kill rcs goop in update_version and fix now that version is a const + [e6e50bd8d1e1] + + * INSTALL, check.c, config.h.in, configure, configure.in, logging.c, + sudo.c, sudo.h, sudo.pod: + kerb5 support from fcusack@iconnet.net + [8134027986e2] + + * realpath.c, sudo_realpath.c: + we no longer use realpath + [0f5f64abc646] + + * qualify.c: + replaced by find_path.c + [9e32a87e09c4] + + * options.h: + all options are now configure flags + [ee6bd9610102] + + * lex.yy.c: + regen + [bdbf8a18161f] + + * getwd.c: + superceded by getcwd.c + [1e54ee0990b4] + + * getpass.c: + superceded by tgetpass.c + [4e0d1edc30e3] + + * SUPPORTED: + superceded by RUNSON + [854c5a21cb53] + + * OPTIONS: + No longer used now that we have configure options for everything. + [9b1ae1c89259] + + * configure: + regen based on configure.in + [3a4d73936973] + + * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html, + sudoers.man, visudo.cat, visudo.html, visudo.man: + regen based on sudo.pod, sudoers.pod, and visudo.pod + [c267beb90778] + +1998-12-11 Todd C. Miller + + * check.c: + fix tty tickets in remove_timestamp (didn't use ':') + [fd964a74a32b] + +1998-12-07 Todd C. Miller + + * interfaces.c: + close sock when we are done with it + [95de0380f8a4] + +1998-11-28 Todd C. Miller + + * parse.yacc: + never say "error on line -1" + [361db1491121] + +1998-11-24 Todd C. Miller + + * configure.in: + check for -lnsl before -lsocket + [8e966d6bbcb5] -2004-01-09 14:38 millert + * configure.in: + quote '[', ']' used in ranges correctly + [fa4f9c6ff651] - * config.h.in, configure.in, auth/pam.c: Move PAM_CONST macro - definition from config.h to pam.c where it belongs. We can't - have this in config.h since that gets included too early. +1998-11-21 Todd C. Miller -2004-01-09 14:35 millert + * config.h.in: + add missing NO_ROOT_SUDO noted by drno@tsd.edu + [c969f25d1667] - * config.h.in, configure, configure.in, auth/pam.c: Some PAM - implementations put their headers in /usr/include/pam instead of - /usr/include/security. +1998-11-20 Todd C. Miller -2004-01-09 14:32 millert + * version.h: + 1.5.7 + [7a22de0bc148] - * configure.in: I missed changing the EXEC macro -> EXECV here when - I changed this in config.h.in and sudo.c a while ago. + * INSTALL: + more info for 1.5.7 + [30ad9e784799] -2004-01-09 13:15 millert + * README: + update for 1.5.7 + [cd03a0a27cd2] - * acsite.m4: OpenBSD vax/m88k/hppa don't do shared libs + * parse.yacc: + make increases of cm_list_size and ga_list_size be similar to + increases of stacksize (ie: >= not > in initial compare). + [6bd450a896c7] -2004-01-09 03:29 millert + * parse.yacc: + when we get a syntax error, report it for the previous line since + that's generally where the error occurred. + [c4ac84058f0b] - * configure, configure.in: o merge the hpux case entries into a - single entry w/ its own sub-case statement. o HP-UX >= 11 - support getspnam(), use it in preference to getprpwuid() +1998-11-18 Todd C. Miller -2004-01-09 02:58 millert + * config.h.in, configure.in, interfaces.c: + add back check for sys/sockio.h but only use it if SIOCGIFCONF is + not defined + [d197f31fd1e4] [SUDO_1_5_7] - * configure, configure.in: eval $shrext so that it expands nicely - on MacOS X + * config.h.in: + define BSD_COMP for svr4 + [87ac1147ff79] -2004-01-09 02:50 millert + * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, + goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex, + parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + more -Wall + [d98e2d32db2a] - * Makefile.in: Don't lie about making a module, it does the wrong - thing on mach + * configure.in: + kill check for sockio,h + [4399779014c1] -2004-01-09 02:49 millert + * config.h.in: + no more HAVE_SYS_SOCKIO_H + [67484528e347] - * ltmain.sh: Remove requirement that libs must begin with "lib". - They don't when we point directly at the lib using LD_PRELOAD or - its equivalent. + * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, + goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex, + parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + -Wall + [2b7e83976788] -2004-01-09 02:01 millert +1998-11-16 Todd C. Miller - * acsite.m4: Disable support for c++, f77 and java. We don't need - it, it takes a lot of time, and it hosed our check for shared lib - support. + * sudo.c: + add missing inform_user() + [8689528c6d55] -2004-01-09 02:00 millert +1998-11-14 Todd C. Miller - * configure: regen + * find_path.c: + return NOT_FOUND if given fully qualified path and it does not exist + previously it would perror(ENOENT) which bypasses the option to not + leak path info + [ccbc3d0130ae] -2004-01-09 02:00 millert + * configure.in: + for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for + -ldes + [c77d3b484ece] - * configure.in: Call AC_ENABLE_SHARED and check the status of - enable_shared to know when shared libs are available. +1998-11-13 Todd C. Miller -2004-01-09 01:37 millert + * INSTALL: + tty tickets are user:tty now + [a53a303a614d] - * acsite.m4: Duh, OpenBSD suports shared libs too + * check.c: + when using tty tickets make it user:tty not user.tty as a username + could have a '.' in it + [3160b3f5c890] -2004-01-09 01:18 millert +1998-11-10 Todd C. Miller - * configure.in, config.h.in: Only OpenPAM and Linux PAM use const - qualifiers. + * sudo.c: + add "ignoring foo found in ." for auth successful case + [24257169e0bd] -2004-01-09 01:15 millert +1998-11-09 Todd C. Miller - * configure, configure.in: o No need to check for sed, libtool - config does that for us o move check for --with-noexec until - after libtool magic is run so we can use $can_build_shared and - $shrext + * sudo.c: + add missing printf param + [8c905124f777] -2004-01-09 01:14 millert +1998-11-08 Todd C. Miller - * ltmain.sh: Don't print a bunch of crap about library installs - since we are not really installing a library. + * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h: + go back to printing "command not found" unless --disable-path-info + specified. Also, tell user when we ignore '.' in their path and it + would have been used but for --with-ignore-dot. + [066e118c11e4] -2004-01-09 00:38 millert + * check.c, sudo.c: + Only one space after a colon, not two, in printf's + [38452f4c8007] - * env.c: Make format_env() varargs Add noexec support for Darwin, - MacOS X, Irix, and Tru64 +1998-11-05 Todd C. Miller -2004-01-09 00:32 millert + * sudo.pod: + document setting $USER + [80557fe6aede] - * acsite.m4, ltconfig, ltmain.sh: Update to libtool 1.5 with local - changes: o no ldconfig in the finish step o assume no libprefix - or version is needed + * check.c: + fix bugs with prompt expansion + [44c4fca5f009] -2004-01-09 00:15 millert + * sudo.c: + set $USER for root too + [4b525e1c6269] - * sudo_noexec.c: Fix compilation under K&R +1998-11-04 Todd C. Miller -2004-01-06 09:31 millert + * getspwuid.c: + typo + [5107446f43e0] - * CHANGES: checkpoint + * configure.in: + HP-UX's iscomsec is in -lsec, not libc + [03c9f700b795] -2004-01-06 09:28 millert + * configure.in: + remove some entries in the OS case statement that did nothing + [ea96e7e0f624] - * sudo_noexec.c: stub execve() that just returns EACCES; used for - noexec functionality + * TROUBLESHOOTING: + add "cd" section and flush out syslog section + [5107f7363b78] -2004-01-06 01:42 millert + * Makefile.in: + no more sudo-lex.yy.c + [ed50826efbbc] - * sudo.tab.h: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 - issue with generated code. + * check_sia.c: + add custom prompt support + [6a285cea10b7] -2004-01-05 16:10 millert + * testsudoers.c: + kill perror("malloc") since we already have a good error messages + pw_ent -> pw for brevity + [eee31052921e] - * def_data.c, def_data.h, def_data.in: Move the environment - defaults to the end and shorten a few of the descriptions. + * sudo.c: + kill perror("malloc") since we already have a good error messages + pw_ent -> pw for brevity set $USER if -u specified + [9f3753461f8a] -2004-01-05 15:05 millert + * parse.yacc: + kill perror("malloc") since we already have a good error messages + [849459088ac3] - * configure.in, configure: no shared libs on ultris or convexos + * parse.c: + kill perror("malloc") since we already have a good error messages + pw_ent -> pw for brevity when checking if %group matches, look up + user in password file so that %groups works in a RunAs spec. + [0489b4ecc59a] -2004-01-05 15:03 millert + * logging.c: + kill perror("malloc") since we already have a good error messages + [3191a18b3526] - * Makefile.in, configure, configure.in: Build sudo_noexec shared - object using libtool; could use some cleanup. + * check.c, getspwuid.c, interfaces.c: + kill perror("malloc") since we already have a good error messages + pw_ent -> pw for brevity + [7193fdb38cf9] -2004-01-05 14:59 millert +1998-11-03 Todd C. Miller - * acsite.m4, ltconfig, ltmain.sh: libtool scaffolding + * tgetpass.c: + the prompt is expanded before tgetpass is called + [0f408f508041] -2004-01-05 14:56 millert + * sudo.h: + tgetpass now has the same args as getpass again + [b6778cd9d79f] - * parse.yacc: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so - that order is not important. + * getspwuid.c: + add iscomsec, issecure support + [007be7ec7ae7] -2004-01-05 12:15 millert + * check.c: + we now expand any %h or %u in the prompt before passing to tgetpass + [f3db8c9ee387] - * defaults.c, env.c, parse.c, parse.h, parse.lex, parse.yacc, - pathnames.h.in, sudo.c, sudo.h, lex.yy.c: update copyright year + * configure.in: + add check for syslog(3) in -lsocket, -lnsl, -linet + [5a96f902ce00] -2004-01-04 22:58 millert + * config.h.in: + add HAVE_ISCOMSEC and HAVE_ISSECURE + [f640b0d4cf05] - * configure, configure.in, defaults.c, env.c, pathnames.h.in: Add - _PATH_SUDO_NOEXEC and corresponding --with-noexec configure - option. The default value of noexec_file is set to this. + * configure.in: + add check for iscomsec in HP-UX + [b28b249040f0] -2004-01-04 21:48 millert + * configure.in: + check for issecure if we have getpwanam on SunOS some options are + incompatible with DUNIX SIA check for dispcrypt on DUNIX + [a49d05d9c913] - * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c, - parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.h: Add - support for preloading a shared object containing a dummy - execve() function that just sets error and returns -1. This adds - a "noexec_file" option to load the filename as well as a "noexec" - flag to enable it unconditionally. There is also a NOEXEC tag - that can be attached to specific commands and an EXEC tag to - disable it. +1998-10-25 Todd C. Miller -2004-01-04 21:40 millert + * config.h.in: + add HAVE_DISPCRYPT + [7376d543d8d6] - * mkdefaults: add missing newline to usage statement + * secureware.c: + add back support for non-dispcrypt based checking for older DUNIX + [977b98e936be] -2004-01-04 20:39 millert + * INSTALL: + sia changes + [c5387c06e30f] - * config.h.in, sudo.c: Rename EXEC macro -> EXECV + * configure.in: + SIA becomes the default on Digital UNIX now havbe --disable-sia to + turn it off... + [3b647558ea13] -2004-01-04 20:16 millert + * check.c: + move local includes after system ones + [b2abad4c4aef] - * logging.c: Don't truncate usernames to 8 characters in the log - message. +1998-10-24 Todd C. Miller -2004-01-04 20:13 millert + * check.c, check_sia.c, sudo.h: + add pass_warn() which prints out INCORRECT_PASSWORD or an insult to + stderr + [547cbf299661] - * check.c, sudoers.man.in, sudoers.pod: Update copyright year + * check_sia.c: + fix while loop in sia_attempt_auth() that checks the password. Only + the first iteration was working. + [1886fd1ac831] -2004-01-04 20:12 millert +1998-10-22 Todd C. Miller - * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in, - sudoers.pod: Add a new option, lecture_file, that can be used to - point to a custom sudo lecture. + * aclocal.m4: + don't trust UID_MAX or MAXUID + [2aeddb1654d8] -2003-12-31 17:46 millert + * configure.in: + fix two pastos + [c18f0a10b75d] - * Makefile.in, sudo.h, zero_bytes.c, auth/aix_auth.c, - auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Add a - zero_bytes() function to do the equivalent of bzero in such a way - that will heopfully not be optimized away by sneaky compilers. + * configure.in: + fix typo + [1eb3190ef12d] -2003-12-31 13:35 millert + * getspwuid.c, secureware.c: + init crypt_type to INT_MAX since it is legal to be negative in DUNX + 5.0 + [cefbde04822d] - * err.c: Use #ifdef __STDC__, not #if __STDC__. + * configure.in: + for secureware on dunix, use -lsecurity -ldb -laud -lm but check for + -ldb since DUNX < 4.0 lacks it + [e6b11d971068] -2003-12-30 17:41 millert +1998-10-21 Todd C. Miller - * mkdefaults: Always put at least one space between the def_* macro - name and its definition. + * check.c, compat.h, config.h.in, configure.in, getspwuid.c, + secureware.c, sudo.c, tgetpass.c: + getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2 + minutes if the shadow files don't exist). + [2f297d095004] -2003-12-30 17:34 millert +1998-10-20 Todd C. Miller - * configure, configure.in: Adjust code for --without-lecture to - match new values. + * INSTALL: + updated --with-editor blurb + [77d8a3ea7328] -2003-12-30 17:33 millert + * TROUBLESHOOTING: + tell how to put sudoers in a different dir + [456cd20eb1d0] - * visudo.man.in: regen after pasto fix + * configure.in: + add missing quotes around $with_editor + [22881748ab1b] -2003-12-30 17:31 millert + * configure.in: + typo in --with-editor bits + [ab6964580681] - * sudoers.man.in, sudoers.pod: Document that "lecture" has changed - from a flag to a tuple. + * INSTALL: + I don't expect it to work on Solaris + [1c2fceaaf56e] -2003-12-30 17:31 millert + * check.c: + add back security/pam_misc.h + [6ffd30033c1e] - * check.c, def_data.c, def_data.h, def_data.in, defaults.c, - defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h: Add - support for tuples in def_data.in; these are implemented as an - enum type. Currently there is only a single tuple enum but in - the future we may have one tuple enum per T_TUPLE entry in - def_data.in. Currently listpw, verifypw and lecture are tuples. - This avoids the need to have two entries (one ival, one str) for - pwflags and syslog values. +1998-10-19 Todd C. Miller - lecture is now a tuple with the following values: never, once, - always + * INSTALL: + remove dunix note since configure checks for this now + [e9904512b8e8] - We no longer use both an int and string entry for syslog - facilities and priorities. Instead, there are logfac2str() and - logpri2str() functions that get used when we need to print the - string values. + * configure.in: + add check for broken dunix prot.h (4.0 < 4.0D is bad) + [8a4c1e6aef3b] -2003-12-30 17:20 millert + * getspwuid.c, secureware.c, tgetpass.c: + new dunix shadow code, use dispcrypt(3) + [1b936bc7268c] - * check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c, - logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c, - visudo.c, auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, - auth/pam.c, auth/rfc1938.c, auth/securid5.c, auth/sia.c, - auth/sudo_auth.c: Create def_* macros for each defaults value so - we no longer need the def_{flag,ival,str,list,mode} macros (which - have been removed). This is a step toward more flexible data - types in def_data.in. + * config.h.in: + add HAVE_INITPRIVS + [4369f4c4f914] -2003-12-30 15:55 millert + * sudo.c: + call initprivs() if we have it for getprpwuid later on + [11cf5915d826] - * TODO: checkpoint + * Makefile.in: + clean pathnames.h too + [5f1df3262613] -2003-12-22 21:18 millert + * configure.in: + quote "Sorry, try again." with [] since it has a comma in it set + LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find + getprpwuid() so we can check for bigcrypt, set_auth_parameters, and + initprivs later. + [e226b0a3f250] + + * INSTALL: + update Digital UNIX note about acl.h + [80132b71d73a] + + * INSTALL: + add --with-sia + --without-root-sudo -> --disable-root-sudo some reordering + [198386358818] - * sudo.c: If we are in -k/-K mode, just spew to stderr. It is not - unusual for users to place "sudo -k" in a .logout file which can - cause sudo to be run during reboot after the YP/NIS/NIS+/LDAP/etc - daemon has died. Previously, this would result in useless mail - and logging. + * secureware.c: + add whitespace + [4aadaf1a54b0] -2003-12-16 13:51 millert + * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h: + add SIA support + [fa3ddbb9cc51] - * visudo.pod: fix pasto in VISUAL description + * check_sia.c: + Initial revision + [2968551d40e4] -2003-12-09 22:09 millert +1998-10-18 Todd C. Miller - * configure: regen + * configure.in: + when checking for -lsocket, -lnsl, and -linet, check for the + specific functions we need from them. + [8d33e64362a3] -2003-12-09 22:08 millert + * config.h.in, sudo.h: + move Syslog_* defs into sudo.h + [03d1774f25c7] - * CHANGES: checkpoint + * Makefile.in, sudo.h: + added check_secureware + [e46e3cbb9a97] -2003-12-09 22:02 millert + * configure.in: + finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits + [dbefe1856503] - * TROUBLESHOOTING: Some OSes (like Solaris) allow export w/ nosuid - too + * insults.h: + don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets + defined. configure now does that for us + [e4520ea0581f] -2003-08-12 16:45 millert + * configure.in: + move some --with options around change a bunch of echo's to + AC_MSG_CHECKING, AC_MSG_RESULT pairs + [ffdf6869fdd7] - * compat.h: We don't use FD_ZERO anymore so just define FD_SET (if - not already there). + * configure.in: + change $with_foo-bar -> $with_foo_bar kill extra " that caused a + syntax error add some echo verbage + [3278c49bf74b] -2003-06-28 21:31 millert +1998-10-17 Todd C. Miller - * auth/pam.c: Fix a core dump on Solaris by preserving the - pam_handle_t we used during authentication for pam_prep_user(). - If we didn't authenticate (ie: ticket still valid), we call - pam_init() from pam_prep_user(). This is something of a hack; it - may be better to change the auth API and add an auth_final() - function that acts like pam_prep_user(). + * check.c: + moved SecureWare stuff into secureware.c + [42d3d3ac35dc] -2003-06-21 12:50 millert + * secureware.c: + Initial revision + [aa7f72a249cf] - * set_perms.c: Add explicit declaration of printerr variable in - function header (was defaulting to int which is OK but oh so K&R - :-). From Theo. + * INSTALL: + update url to solaris gcc bins + [36a3eb668777] -2003-06-09 19:00 millert + * INSTALL: + change option formatter and flesh out someentries + [6fbd1db4a8ad] - * config.h.in, configure.in: s/HAVE_STOW/USE_STOW/ + * TROUBLESHOOTING, sudo.pod, visudo.pod: + environmental variable -> environment variable + [6f14d708e32d] -2003-06-09 16:07 millert + * BUGS: + everything is now done via configure + [c217858f58ab] - * logging.c: Also exit waitpid() loop when pid == 0. Fixes a - problem where the sudo process would spin eating up CPU until - sendmail finished when it has to send mail. + * README: + prev rev was 1.5.6 + [7b4177103c35] -2003-05-30 16:22 millert + * Makefile.in: + passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly + [31c6b0a5e0e2] - * fnmatch.3, fnmatch.c: Remove advertising clause, UCB has - disavowed it + * config.h.in: + SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile + [d406a1ef6d25] -2003-05-21 21:53 millert + * Makefile.in: + merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid, + sudoers_mode from configure + [1c509500655a] - * parse.c: Don't assume that getgrnam() calls don't modify contents - of struct passwd returned by getpwnam(). On FreeBSD w/ NIS this - can happen. Based on a patch from Kirk Webb. + * configure.in: + SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into + the Makefile, not config.h + [d4482f1492fe] -2003-05-06 11:25 millert + * INSTALL: + document all --with/--enable options + [22d81b312d7f] - * configure.in: missing ;; +1998-10-15 Todd C. Miller -2003-05-06 00:53 millert + * insults.h: + options.h is no more + [560946a33f7f] - * configure.in: darwin has a broken setreuid() in at least some - versions + * config.h.in: + assimilated options.h + [dd8ce74613c1] -2003-05-06 00:31 millert + * configure.in: + moved options from options.h to configure + [d39662f71b4e] - * env.c: Fix an off by one error when reallocating the environment; - Kevin Pye + * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, + logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod, + sudo_setenv.c, visudo.c: + no more options.h + [43924bf0858d] -2003-04-30 14:04 millert + * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING: + remove references to options.h + [ef3474295395] - * sudoers.pod: Fix User_Spec definition; SEKINE Tatsuo + * dce_pwent.c, interfaces.c, sudo.c: + kill sys/time.h + [4d833f0034e4] -2003-04-28 19:30 millert + * tgetpass.c: + if select return < -1 still prompt for pw + [e0009e5c93a2] - * HISTORY: More info on the early days from Coggs. + * options.h: + convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into + configure options + [e60a1e546516] -2003-04-21 14:47 millert + * parse.c: + FAST_MATCH is no longer an optino + [c448dbb3464b] - * auth/kerb5.c: remove errant semicolon that prevented compilation - under heimdal + * check.c: + remove_timestamp() if timestamp is preposterous + [70d9a86c6ecd] -2003-04-15 20:42 millert + * options.h: + convert more options to --with/--enable + [34646d9b09dc] - * Makefile.in, alloc.c, check.c, compat.h, defaults.c, defaults.h, - env.c, fileops.c, find_path.c, getprogname.c, getspwuid.c, - goodpath.c, interfaces.c, interfaces.h, logging.c, parse.c, - parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c, - strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, - sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, utime.c, - version.h, visudo.c, visudo.man.in, visudo.pod, auth/afs.c, - auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c: add DARPA credit - on affected files + * INSTALL, aclocal.m4: + logfile -> logpath + [42de502bc637] -2003-04-15 20:25 millert + * configure.in: + convert more options into --with and --enable + [92d0898c9844] - * LICENSE: slightly different wording for the darpa credit + * tgetpass.c: + catch EINTR in select and restart + [f045d2f234d7] -2003-04-15 14:37 millert + * logging.c: + sys/errno -> errno + [7f0c5beab6f2] - * LICENSE: Add DARPA credit +1998-09-24 Todd C. Miller -2003-04-14 16:49 millert + * sudo.c: + UMASK -> SUDO_UMASK. + [48f308661514] - * auth/kerb5.c: Use krb5_princ_component() instead of - krb5_princ_realm() for MIT Kerberos like we did before I messed - things up ;-) + * check.c, logging.c: + time.h, not sys/time.h + [91de049c79e4] - Use krb5_principal_get_comp_string() to do the same thing w/ - Heimdal. I'm not sure if the component should be 0 or 1 in this - case. +1998-09-21 Todd C. Miller - #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since - older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there - should be a configure check for this I guess. + * logging.c: + MAILER -> _PATH_SENDMAIL + [df65d6896639] -2003-04-13 15:48 millert + * INSTALL, configure.in: + no more --with-C2, now it is --disable-shadow + [18bfcab3b9ab] - * TROUBLESHOOTING, config.h.in, configure, configure.in, - sample.sudoers: builtin -> built-in; Jason McIntyre + * aclocal.m4, check.c, compat.h, config.h.in, configure.in, + getspwuid.c, sudo.c, tgetpass.c: + new shadow password scheme. Always include shadow support if the + platform supports it and the user did not disable it via configure + [2135d93bb4a9] -2003-04-13 15:45 millert +1998-09-20 Todd C. Miller - * sudoers.pod: built in -> built-in; Jason McIntyre + * configure.in: + --with-getpass -> --{enable,disable}-tgetpass + [451b33fdd4c7] -2003-04-09 16:14 millert + * Makefile.in: + pathnames.h -> pathnames.h.in + [b109022eca69] - * CHANGES: checkpoint for 1.6.7p3 + * check.c: + fix version string + [761b25c314ea] -2003-04-09 16:14 millert + * check.c: + move pam_conv to be static to auth function remove pam_misc.h + (solaris doesn't have one) + [a682e4da987a] - * HISTORY: Update info on the early years @ SUNY-Buffalo from Cliff - Spencer. Amazingly, sudo source from 1985 is available via - groups.google.com + * aclocal.m4: + _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD + [e6005d0599b5] -2003-04-09 16:13 millert + * configure.in: + munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD + [24c0ac2155ef] - * sudo.c: Don't change rl.rlim_max for RLIMIT_CORE. We need only - set rl.rlim_cur to 0 to turn off core dumps. This may be needed - for the RLIMIT_CORE restoration on some OSes. + * pathnames.h.in: + convert to pathnames.h.in + [013bddf7f684] -2003-04-04 12:46 millert +1998-09-19 Todd C. Miller - * auth/kerb5.c: Make this compile on Heimdal and MIT Kerberos 5 + * configure.in: + fix typo in sysv4 matching case /. + [2994c4f88cf5] -2003-04-04 12:45 millert +1998-09-18 Todd C. Miller - * config.h.in, configure, configure.in: Check for heimdal even if - we found krb5-config and define HAVE_HEIMDAL. + * check.c: + pam stuff needs to run as root, not user, for shadow passwords + [d94ff75de503] -2003-04-03 22:04 millert +1998-09-17 Todd C. Miller - * auth/kerb5.c: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. - The former is no longer defined by MIT kerb5 (though it used to - be and indeed remains so in Heimdal). + * BUGS, INSTALL, README, configure.in: + updated version + [775adc7de7ac] -2003-04-03 10:16 millert + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [5ca599fb6b93] - * mkinstalldirs: Remove newer stuff that passes multiple (possibly - duplicate) directories to "mkdir -p" since that seems to break on - Tru64 Unix at least. This basically brings back what shipped - with sudo 1.6.6. + * check.c: + user version.h for long message + [47a52ac7e542] -2003-04-02 13:57 millert + * check.c: + this is version 1.5.6 + [8451ac79eee2] - * auth/kerb5.c: Correct number of args to - krb5_principal_get_realm() and fix an unclosed comment that hid - the bug. +1998-09-16 Todd C. Miller -2003-04-02 13:45 millert + * Makefile.in: + remove errant backslash + [0222a8a650ff] - * configure: regen +1998-09-15 Todd C. Miller -2003-04-02 13:45 millert + * options.h, parse.yacc, pathnames.h.in: + fix version string + [fdee73255d64] [SUDO_1_5_6] - * BUGS, CHANGES, INSTALL, INSTALL.binary, Makefile.in, README, - configure.in, version.h: ++version + * BUGS, CHANGES, TODO: + updtaed for 1.5.6 + [752443bf7f26] -2003-04-02 13:44 millert + * RUNSON: + updated for 1.5.6 + [0f878123fe6a] - * configure.in: use krb5-config to determine Kerberos V details if - it exists +1998-09-14 Todd C. Miller -2003-04-02 13:25 millert + * interfaces.c: + kill unused localhost_mask var copy if name to ifr_tmp after we zero + it + [8e89c364cef2] - * alloc.c, check.c, compat.h, defaults.c, env.c, find_path.c, - interfaces.c, logging.c, parse.c, sudo.c, sudo.h, testsudoers.c, - visudo.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c, - auth/securid5.c, auth/sia.c: Use warn/err and getprogname() - throughout. The main exception is openlog(). Since the admin - may be filtering logs based on the program name in the log files, - hard code this to "sudo". +1998-09-13 Todd C. Miller -2003-04-02 13:16 millert + * INSTALL: + Better description of new vs. old sudoers modes fix some typos + better description of /usr/ucb/cc gotchas on slowaris + [c00b2a6fc1e8] - * Makefile.in: Add getprogname.c and err.c + * Makefile.in: + add sample.pam + [ec7f6cc19b00] -2003-04-02 13:15 millert + * sudo.c: + set NewArgv[0] to user_shell, not basename(user_shell) + [1e907cbc9f7b] - * configure: regen +1998-09-12 Todd C. Miller -2003-04-02 13:15 millert + * README: + mention TROUBLESHOOTING more fix some typos + [2c2e6907d4a4] - * configure.in, config.h.in: Add checks for getprognam(), - __progname and err.h + * configure.in: + move --enable/--disable to be after --with + [9b30097f76c1] -2003-04-02 13:14 millert + * INSTALL: + document --enable/--disable + [c522362e38a8] - * err.c, emul/err.h: For systems withour err/warn functions. + * INSTALL: + document --with-pam + [7e38932c78ac] -2003-04-02 13:14 millert +1998-09-11 Todd C. Miller - * getprogname.c: For systems neither getprogname() nor __progname; - uses Argv[0]. + * configure.in: + Add message for pam users + [d224f277e3cd] -2003-04-01 10:09 millert + * sample.pam: + Initial revision + [3a84d7045f54] - * CHANGES: checkpoint for 1.6.7p1 + * config.h.in: + fix HAVE_PAM + [2f0f303ebd88] -2003-04-01 10:02 millert + * check.c, config.h.in, configure.in: + pam support, from Gary Calvin + [ea3e0a72d707] - * sudo.c, testsudoers.c: fix strlcpy() rval check (innocuous) +1998-09-10 Todd C. Miller -2003-04-01 09:58 millert + * config.h.in: + add HOST_IN_LOG and WRAP_LOG + [822c36eeb6a8] - * check.c: oflow detection in expand_prompt() was faulty (false - positives). The count was based on strlcat() return value which - includes the length of the entire string. + * logging.c: + add WRAP_LOG and HOST_IN_LOG + [3cf6052bd27e] -2003-03-30 19:02 millert + * configure.in: + add --enable-log-host and --enable-log-wrap + [c968cc12b353] - * CHANGES, RUNSON, TODO: checkpoint for the sudo 1.6.7 release + * aclocal.m4: + use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir + [915fef7e11a1] -2003-03-24 16:09 millert +1998-09-09 Todd C. Miller - * logging.c: g/c unused variable + * compat.h: + add howmany macro + [9107a057a7c8] -2003-03-24 11:06 millert + * tgetpass.c: + include sys/param.h to get howmany macro + [7e908b5e1f32] - * configure: regen +1998-09-08 Todd C. Miller -2003-03-24 11:05 millert + * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: + add RUNAS_DEFAULT + [1e76398ea3fd] - * configure.in: use man sections 8 and 5 for csops +1998-09-07 Todd C. Miller + + * fnmatch.c: + bring in stdio.h for NULL + [69c016610cbb] + + * aclocal.m4: + allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh + [15ab2972f8d0] + + * sudo.c: + use HAVE_SET_AUTH_PARAMETERS + [8abfdc8c80f7] + + * config.h.in: + add HAVE_SET_AUTH_PARAMETERS + [673a5ebd5539] + + * configure.in: + add *-*-hiuxmpp* add test for set_auth_parameters() if secureware + [a401f5a7469a] -2003-03-21 18:11 millert + * config.sub: + add support for HI-UX/MPP SR220001 02-03 0 SR2201 + [cb657b7acaae] - * configure: regen + * interfaces.c: + initialize previfname + [26a1902f56dc] -2003-03-21 15:10 millert + * interfaces.c: + Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have + it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of + kludging it + [fa5c890c313b] - * configure.in: Add -lskey or -lopie directly to SUDO_LIBS instead - of having AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage. + * configure.in: + typo + [bff579fbe95c] -2003-03-21 14:02 millert + * Makefile.in: + don't need special build line for sudo.tab.o + [10c0a0a912e4] - * configure: regen + * Makefile.in: + don't clean sudo.tab.[ch] + [c40d5968efbb] -2003-03-21 14:01 millert + * sudo.c: + Sudo should prompt for a password before telling the user that a + command could not be found. + [d718c85a0047] - * INSTALL, aclocal.m4, configure.in: Add --with-blibpath for AIX. - An alternate libpath may be specified or -blibpath support can be - disabled. Also change conifgure such that -blibpath is not - specified if no -L libpaths were added to SUDO_LDFLAGS. + * BUGS: + for 1.5.6 + [0cc1fe5b9129] -2003-03-20 22:05 millert + * INSTALL, README: + no longer require yacc + [d9096fc5b8b6] - * configure.in: add AIX blibpath support + * Makefile.in: + typo + [70feb1aefbd5] -2003-03-20 20:28 millert + * Makefile.in: + y.tab -> sudo.tab include pre-yacc'd parse.yacc + [cc802025fd44] - * INSTALL, configure.in: --with-skey and --with-opie now take an - option directory argument This obsoletes a --with-csops hack - (/tools/cs/skey) + * parse.lex: + include sudo.tab.h, not y.tab.h don't break out of command args if + you get a '=' + [728ad26dbda5] - Also remove the remaining direct uses of "echo" + * insults.h: + fix version , + [242bbce1b2d4] -2003-03-20 17:44 millert + * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: + fix version + [2bb9086fea1e] - * configure.in: Detect KTH Kerberos IV and deal with it. Also make - -lroken optional for KTH Kerberos IV and V. + * compat.h: + fix version + [7e634d498ce6] -2003-03-20 14:42 millert + * getcwd.c: + getcwd(3) from OpenBSD for those without it. + [6c68d0df8f6c] - * aclocal.m4: Add SUDO_APPEND_LIBPATH function that add - -L/path/to/dir (and -R/path/to/dir if $with_rpath) to the - specified variable. + * sudo.h: + HAVE_GETWD -> HAVE_GETCWD + [2ad1e64d60c0] -2003-03-20 14:40 millert + * configure.in: + pretend sunos doesn't have getcwd(3) since it opens a pipe to + getpwd! + [677992ba5a6a] - * INSTALL, configure.in: Add -R/path/to/libs for Solaris and SVR4. - There is a new configure option, --with-rpath to control this - behavior. + * parse.c: + use NAMLEN() macro + [8f5685aa3165] -2003-03-19 23:50 millert + * fnmatch.c: + remove duplicate include of string.h + [6024f3051ac3] - * configure.in: for kerb4 put libdes after libkrb on the link line + * configure.in: + call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T + [3d82a9c22cc2] -2003-03-19 23:49 millert + * aclocal.m4: + add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T + [53fbc47282f9] - * auth/kerb4.c: typo + * config.h.in: + add dev_t and ino_t + [5929bb0c7e1a] -2003-03-19 23:33 millert +1998-07-28 Todd C. Miller - * configure.in: fix kerberos lib check when a path is specified + * check.c: + fix OTP_ONLY for opie + [7edcfa78f2ec] -2003-03-19 21:04 millert +1998-06-24 Todd C. Miller - * logging.c: Fix boolean thinko in SIGCHLD reaper and call - reapchild after sending mail instead of doing a conditional - sudo_waitpid. + * testsudoers.c, tgetpass.c: + include stdlib.h for malloc proto + [c9f4b99a2fe9] -2003-03-19 16:20 millert +1998-05-19 Todd C. Miller - * configure: regen + * Makefile.in: + make update_version saner + [d522f93ee04a] -2003-03-19 16:19 millert + * config.h.in: + add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid() + [c9a2d21dc608] - * configure.in: replace =DIR with [=DIR] where sensible + * configure.in: + check for waitpid and wait3 or no waitpid + [1f18c3224184] -2003-03-19 16:16 millert + * logging.c: + used waitpid or wait3 if we have 'em + [391c3279ee65] - * configure.in: o Use AC_MSG_* instead of "echo" o New Kerberos - include/lib detection based on openssh's configure.in +1998-05-02 Todd C. Miller -2003-03-19 15:58 millert + * visudo.c: + fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon) + [fbf53b18178f] - * INSTALL: --with-kerb4 and --with-kerb5 now take an optional - argument. +1998-04-28 Todd C. Miller -2003-03-15 22:03 millert + * configure.in: + don't need to explicately mention -lsocket -lnsl for sequent + [1898dc055352] - * auth/securid.c: Kill remaining strcpy(), the programmer's guide - says username is 32 bytes. +1998-04-25 Todd C. Miller -2003-03-15 21:18 millert + * configure.in: + dynix should not link with -linet + [278a4b9cfe2a] - * auth/kerb4.c: trat uid_t as unsigned long for printf and use - snprintf, not sprintf +1998-04-10 Todd C. Miller -2003-03-15 21:18 millert + * INSTALL: + mention that HP-UX doesn't ship with yacc + [bde5147198c0] - * auth/rfc1938.c: use snprintf +1998-04-07 Todd C. Miller -2003-03-15 15:37 millert + * check.c: + ignore kerberos if we can't get the local realm + [1e311a091a27] - * auth/: afs.c, aix_auth.c, bsdauth.c, dce.c, fwtk.c, kerb4.c, - kerb5.c, pam.c, passwd.c, rfc1938.c, sudo_auth.c: update - copyright year +1998-04-06 Todd C. Miller -2003-03-15 15:31 millert + * BUGS, INSTALL, README, configure.in: + ++version + [499ffc746018] - * LICENSE, alloc.c, check.c, configure.in, env.c, sudo.c, - Makefile.in, aclocal.m4, compat.h, find_path.c, interfaces.c, - logging.c, parse.c, parse.lex, parse.yacc, set_perms.c, sudo.h, - sudo.pod, sudoers.pod, testsudoers.c, version.h, visudo.c, - visudo.pod, sudo.man.in, sudoers.man.in, visudo.man.in: update - copyright year + * version.h: + ++ + [35ba1ee01bd3] -2003-03-15 15:19 millert + * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h, + find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, + logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [b4990a513f31] - * check.c, env.c, sudo.c: Cast [ug]ids to unsigned long and printf - with %lu + * check.c, sudo.h: + fix version + [5710795834e8] -2003-03-15 15:17 millert + * getcwd.c: + don't use popen/pclose. Do it inline. + [29e57b0646a4] - * configure: regen + * lsearch.c: + add rcsid + [b2b55c39858d] -2003-03-15 15:16 millert + * sudo.c: + typo + [d381ac39ed0f] - * configure.in: correct error messages for - --with-sudoers-{mode,uid,gid} + * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in, + sudo.h: + updated version + [462d6e1a2d75] -2003-03-15 15:10 millert + * check.c, find_path.c, parse.c, sudo.c, testsudoers.c: + MAX* + 1 -> MAX* + [2c2eeb78d34f] - * alloc.c: make the malloc(0) error specific to each function to - aid tracking down bugs. + * Makefile.in: + getwd.c -> getcwd.c + [7d718c32fc02] -2003-03-15 14:49 millert + * config.h.in: + kill HAVE_GETWD + [6ad3d702343f] - * alloc.c: deal with platforms where size_t is signed and there is - no SIZE_MAX or SIZE_T_MAX + * configure.in: + getcwd, not getwd + [33e5b9841f58] -2003-03-15 14:10 millert + * getcwd.c: + use MAX* not MAX* + 1 always run pwd as using getwd() defeats the + purpose + [24e58d340161] - * auth/kerb5.c: Make this compile w/ Heimdal and fix some gcc - warnings. +1998-03-31 Todd C. Miller -2003-03-15 13:02 millert + * OPTIONS, options.h: + add STUB_LOAD_INTERFACES + [d747cb23ca83] - * sudo.c: Use stat_sudoers macro so --with-stow can work + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [0798229312cc] -2003-03-15 13:01 millert + * configure.in: + support *-ccur-sysv4 and fix two typos + [24a823ad7cc9] - * INSTALL, config.h.in, configure, configure.in: Add support for - --with-stow based on patches from Robert Uhl +1998-03-28 Todd C. Miller -2003-03-15 12:51 millert + * configure.in: + don't echo about with_logfile and with_timedir + [31e4a1e2d9ad] - * env.c: fix indentation + * INSTALL: + document --with-logfile and --with-timedir + [674f811a40e0] -2003-03-15 00:21 millert + * aclocal.m4: + support --with-logfile and --with-timedir + [2fc36b35db12] - * configure.in: back out rev 1.352 + * configure.in: + Add --with-logfile and --with-timedir + [09045bf07e29] -2003-03-14 20:11 millert + * sudo.c: + change size computation of NewArgv for UNICOS + [b50df07da3a1] - * lex.yy.c: regen +1998-02-19 Todd C. Miller -2003-03-14 20:11 millert + * configure.in: + treate -*-sysv4* like *-*-svr4 + [471b7ef4dbf2] - * parse.lex: use strlcpy, not strncpy +1998-02-18 Todd C. Miller -2003-03-14 19:48 millert + * configure.in: + fix spacing for --with-authenticate help + [8321cb37c410] - * set_perms.c: Fix typo; check pw_uid, not pw_gid after - setusercontext() failure. + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [dc1ab97312eb] -2003-03-14 19:43 millert + * parse.yacc: + fix off by one error in push macro + [bece59c8c3a9] - * logging.c: use pid_t +1998-02-17 Todd C. Miller -2003-03-14 10:43 millert + * configure.in: + removed bogus alloca hack + [a68dd720462d] - * strlcat.c, strlcpy.c: Make gcc shutup about unused rcsid + * check.c: + added AIX 4.x authenticate() support + [12985eb448a0] -2003-03-14 10:35 millert + * parse.yacc: + include alloca.h if using bison and not gcc and it exists. fixes an + alloca problem on hpux 10.x + [e3b5c4f26072] - * interfaces.c: Move the n == 0 check for the non-getifaddrs cas + * INSTALL: + mention --with-authenticate + [78a1c96820e7] -2003-03-13 21:47 millert + * configure.in: + added AIX authenticate() support + [c983193ec252] - * auth/rfc1938.c: skeychallenge() on NetBSD take a size parameter + * config.h.in: + add HAVE_AUTHENTICATE + [7b0e5f5db5d9] -2003-03-13 21:38 millert + * interfaces.c: + dynamically size ifconf buffer + [10afb0e9b2f9] - * configure: regen + * configure.in: + quote '[' and ']' + [8fc38a4defad] -2003-03-13 21:38 millert + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [5f66de71ec61] - * configure.in: put -ldl after -lpam, not before; fixes static - linking on Linux + * visudo.pod: + add ERRORS section + [3df3edb73cf6] -2003-03-13 21:17 millert +1998-02-16 Todd C. Miller - * interfaces.c: Avoid malloc(0) and fix the loop invariant for the - getifaddrs() case. + * TROUBLESHOOTING: + add busy stmp file explanation + [6c555d469b6f] -2003-03-13 20:24 millert +1998-02-15 Todd C. Miller - * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat, - sudoers.cat, visudo.cat: regen + * configure.in: + the name of the cached var that signals whether or not you are cross + compiling changed. It is now ac_cv_prog_cc_cross + [123911c0658c] -2003-03-13 20:23 millert +1998-02-11 Todd C. Miller - * Makefile.in: Preserve copyright notice from .pod file in .man.in - file + * INSTALL: + mention glibc 2.07 is fixed wrt lsearch()\. + [ded758524582] -2003-03-13 20:01 millert +1998-02-07 Todd C. Miller - * visudo.pod: Add sudoers(5) to SEE ALSO + * sample.sudoers, sudoers.pod: + better example of su but not root su + [b3199610be21] -2003-03-13 15:27 millert +1998-02-06 Todd C. Miller - * lex.yy.c: regen + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [46922b84e86b] -2003-03-13 15:27 millert + * Makefile.in: + correct regexp for updating version + [8032728b2a8a] - * parse.lex: Don't assume libc can realloc() a NULL string. If - malloc/realloc fails, make sure we just return; yyerror() is not - terminal. + * tgetpass.c: + remove bogus flush of stderr spew prompt before turning off echo. + Seems to fix a weird problem where if sudo complained about a bogus + stamp file the user would sometimes not have a chance to enter a + password + [7aa1493cc141] -2003-03-13 15:17 millert + * check.c: + fix bogus flush of stderr + [6d047871c5e8] - * lex.yy.c: regen + * sudo.c: + close fd's <=2 not <=3 and move that chunk of code up + [553e4faac195] -2003-03-13 15:17 millert + * configure.in: + support hpux1[0-9] not just hpux10 + [5a34a000ff8a] - * parse.lex: simplify fill_args a little and use strlcpy for - paranoia +1998-01-30 Todd C. Miller -2003-03-13 15:00 millert + * parse.c: + set sudoers_fp to nil after closing + [221a8b4bbf34] - * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c, - testsudoers.c: Use strlc{at,py} for paranoia's sake and exit on - overflow. In all cases the strings were either pre-allocated to - the correct size of length checks were done before the copy but a - little paranoia can go a long way. +1998-01-24 Todd C. Miller -2003-03-13 12:54 millert + * config.guess, config.sub: + updated from autoconf 2.12 + [6fc86a0fc61b] - * sudo.h: Add strlc{at,py} protos + * configure.in: + add *-*-svr4 rule + [38f0427f7c9d] -2003-03-13 12:03 millert +1998-01-23 Todd C. Miller - * env.c, interfaces.c: Use erealloc3() + * tgetpass.c: + fix select usage for high fd's (dynamically allocate readfds) + [c2d1f76e0321] -2003-03-13 12:00 millert + * check.c: + kill extra whitespace + [d784b6c9c514] - * configure: regen + * sudo.c: + do an initgroups() before running a command, unless the target user + is root. + [4ca561287480] -2003-03-13 12:00 millert +1998-01-22 Todd C. Miller - * alloc.c: Oflow test of nmemb > SIZE_MAX / size is fine (don't - need >=). Use memcpy() instead of strcpy() in estrdup() so this - is strcpy()-free. + * TROUBLESHOOTING: + tell people to use tabs, not spaces, in syslog.conf + [8ae90a205134] -2003-03-13 11:58 millert +1998-01-21 Todd C. Miller - * sudo.c: snprintf() a uid as %lu, not %ld to match the - MAX_UID_T_LEN test in configure. + * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c, + parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c: + updated version + [4d855ff5de26] -2003-03-13 11:56 millert + * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, + logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c: + updated version + [8e007e178b33] + + * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h: + updated version + [9ddea5c8814d] + + * Makefile.in: + more tweaks to update_version + [047698752855] + + * Makefile.in: + fixed up update_version rule + [47b6fa34b77f] + + * configure.in: + ++version + [c1ca664e30b7] + + * Makefile.in: + removed supe of check.c + [8f340a05296a] + + * INSTALL: + ++version I missed + [a298e6c17491] + + * RUNSON: + updated + [a14f6057bc15] + + * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, + dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, + goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: + updated version + [02231b1a3ab3] + + * CHANGES: + updated for 1.5.5 + [634e5fcaf40b] + + * Makefile.in: + add rules to update version stuff in files so I don't need to do it + by hand + [3620ad60485a] + + * sudo.h: + sudoers_fp is now extern + [88c6e9b9ea84] + + * sudo.c: + in check_sudoers, cache the sudoers file handle in sudoers_fp so we + don't have to open it again in the parse. This may help with weird + solaris problems where EAGAIN sometime occurrs. + [d3c26451ed1d] + + * parse.c: + sudoers file open is now done only in check_sudoers() so we just do + a rewind() instead of an open. May help people on solaris who were + getting EAGAIN. + [c8b8c7722fa5] + +1998-01-16 Todd C. Miller + + * INSTALL: + mention that newer glibc is fixed + [20f06f5d3ef3] + +1998-01-13 Todd C. Miller + + * sudo.c: + newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore + _RLD* instead of _RLD_* + [1e22c588d602] + + * parse.c: + typo + [d0b7cb85f08a] + + * parse.c: + fix that bug for real + [5a6eeca6d04b] + + * INSTALL: + document Linux's libc6 brokenness. + [0246c1aa64ee] + + * parse.yacc: + -Wall + [d0e452fb1e2d] + + * RUNSON: + updated + [4949a1bbd0a9] [SUDO_1_5_4] + + * TROUBLESHOOTING: + remind people to HUP syslogd + [590962faa4f0] + + * Makefile.in: + add -O flag to tar + [622d02de339d] + + * RUNSON: + updated + [a72930d6e615] + + * TODO: + updated + [4a51bd458390] + + * sudo.pod: + remove author's email addr. people should mail sudo-bugs + [9b6bbdb3a6d9] + + * INSTALL: + fix version + [246274c6c8af] + + * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c, + find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: + ++version + [f532ff4ee766] + + * RUNSON: + updated + [62d5c71358b5] - * aclocal.m4: In MAX_UID_T_LEN test cast uid_t to unsigned long, - just unsigned. + * INSTALL, Makefile.in: + ++version + [1a7c7628edfc] -2003-03-12 18:46 millert + * CHANGES: + updated fort 1.5.4 + [7e4873508c99] - * sudo.c: Use snprintf() for paranoia + * check.c: + exit(1) if user enters no passwd + [f382c0e35e4e] -2003-03-12 17:16 millert + * BUGS: + ++version + [fab6a867ab67] - * parse.yacc: Use emalloc2 and erealloc3 + * parse.c: + commands can start with ./* not just /* -- fixes a serious security + hole. + [244d2fe35ee3] -2003-03-12 17:08 millert +1997-12-21 Todd C. Miller - * Makefile.in: strlc{at,py} for those w/o it + * sudo.c: + Don't set the tty variable to NULL when we lack a tty, leave it as + "unknown". + [193b26daba03] -2003-03-12 17:07 millert +1997-11-23 Todd C. Miller - * strlcat.c, strlcpy.c: stlc{at,py} for those w/o it. + * sample.sudoers: + fix usage of (username) in conjunction with , and ! + [7ae68607f68f] -2003-03-12 17:07 millert + * visudo.c: + catch the case where the user is not in the passwd file + [31650258deb0] - * config.h.in, configure, configure.in: Add stlc{at,py} for those - w/o it. + * tgetpass.c: + use fileno(input) + 1 instead of getdtablesize() as the nfds arg to + select(2) + [60ab2d9a9ee8] -2003-03-12 16:51 millert + * sudo.c: + define tty global to an initial value to avoid dumping core in + logging functions when passwd file is unavailable. + [77056c7bc908] - * alloc.c, sudo.h: Add erealloc3(), a realloc() version of - emalloc2(). + * sudo.c: + do the set_perms(PERM_USER, sudo_mode) after we have gotten the + passwd entry + [1fdb8e579a5a] -2003-03-12 16:45 millert + * sudo.pod: + talk about problem of ALL + [1cd1905c9f6f] - * interfaces.c, sudo.c: Use emalloc2() to allocate N things of a - certain size. +1997-10-10 Todd C. Miller -2003-03-12 16:41 millert + * README: + new web location + [d24dc26f6da5] - * alloc.c, sudo.h: Add emalloc2() -- like calloc() but w/o the - bzero and with error/oflow checking. + * INSTALL: + fdesc bug is fixed in Open/Net BSD + [7d4d81b08ac3] -2003-03-12 16:23 millert + * HISTORY: + updates from Nieusma + [3a43769a1b78] - * alloc.c: Error out on malloc(0); suggested by theo +1997-10-09 Todd C. Miller -2003-03-09 19:34 millert + * dce_pwent.c: + move compat.h after the system includes + [5ea43a5968ac] - * configure, configure.in: fix a typo; David Krause +1997-08-06 Todd C. Miller -2003-03-07 10:46 millert + * logging.c: + save errno from being clobbered by wait(). From Theo + [f2d1c48cd592] - * sudo.pod: fix typo +1997-05-21 Todd C. Miller -2003-03-03 21:47 millert + * compat.h: + fix an occurence of setresuid -> setreuid (typo) + [394de35c9b1c] - * env.c: Remove DYLD_ from the environment for MacOS X; from bbraun +1997-03-19 Todd C. Miller -2003-03-01 13:20 millert + * install-sh: + check for path to strip + [2b7ef824bd55] - * configure.in, config.h.in: not not; Anil Madhavapeddy +1997-01-16 Todd C. Miller -2003-01-23 03:03 millert + * logging.c: + deal with maxfilelen < 0 case + [f0af095178d7] - * sudo.pod, sudoers.pod, visudo.pod: typos; jmc@openbsd.org + * OPTIONS: + fixed descriptin + [629f60bd4b5f] -2003-01-20 16:13 millert +1996-12-12 Todd C. Miller - * parse.yacc: Add some missing ';' rule terminators that bison - warns about. + * sudo.c: + correct error message if mode/owner wrong and not statable by owner + but is statable by root. + [cb631ce2e85e] -2003-01-20 16:07 millert +1996-11-23 Todd C. Miller - * config.sub: fix typo I introduced in last merge + * config.guess, config.sub: + autoconf 2.11 + [f3cbe59e0756] -2003-01-20 15:59 millert +1996-11-16 Todd C. Miller - * configure: regenerate with autoconf 2.57 + * CHANGES, RUNSON, TODO: + sudo 1.5.3. + [2be3229b8626] -2003-01-20 15:58 millert +1996-11-14 Todd C. Miller - * config.h.in: Add missing "$HOME" + * parse.yacc, sudo.h: + command_alias -> generic_alias + [c404ca8c510d] [SUDO_1_5_3] -2003-01-20 15:57 millert + * sample.sudoers: + added Runas_Alias example and fixed syntax errors + [c304053f4a8a] - * configure.in: Add some more square backets to make autoconf 2.57 - happy + * OPTIONS, options.h: + updated MAILSUBJECT + [18d1573fcd2a] -2003-01-20 14:39 millert + * logging.c: + added %h expansion + [a4bff9b284fd] - * config.guess, config.sub, mkinstalldirs: Updates from - autoconf-2.57 + * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, + configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, + goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: + ++version + [211ff20f956f] -2003-01-17 18:10 millert + * BUGS, emul/utime.h: + ++version + [cde5376579e3] - * lex.yy.c, sudo.tab.h: regen + * sudoers.pod: + document Runas_Alias + [b1a58f28fb2c] -2003-01-17 18:09 millert + * visudo.pod: + q (uid) -> Q + [d256649a0e6b] - * parse.lex, parse.yacc, sudoers.pod: Add support for - Defaults>RunasUser + * visudo.c: + buffer oflow checking q (uit) -> Q if yyparse() fails drop into + whatnow + [1cb183d15626] -2003-01-06 19:10 millert + * parse.yacc: + add size params to sprintf + [9228f698921f] - * visudo.c: fclose() yyin after each yyparse() is done and use - fopen() instead of using freopen(). + * parse.lex: + allow trailing space after '\\' but before '\n' + [f51dbbf69fdf] -2003-01-06 19:02 millert + * find_path.c: + off by one error in path size check + [a6d75ccd7632] - * parse.lex: Better fix for sudoers files w/o a newline before EOF. - It looks like the issue is that yyrestart() does not reset the - start condition to INITIAL which is an issue since we parse - sudoers multiple times. + * check.c: + sprintf paranoia + [3ffb12d198dd] -2003-01-06 18:47 millert +1996-11-12 Todd C. Miller - * parse.lex: Work around what appears to be a flex bug when dealing - with files that lack a final newline before EOF. This adds a - rule to match EOF in the non-initial states which resets the - state to INITIAL and throws an error. + * parse.yacc: + fixed more_aliases + [aab12f2a50af] -2003-01-06 15:06 millert + * visudo.c: + now warns if killed by signal ./ + [310c186a0fd7] - * visudo.c: o The parser needs sudoers to end with a newline but - some editors (emacs) may not add one. Check for a missing - newline at EOF and add one if needed. o Set quiet flag during - initial sudoers parse (to get options) o Move yyrestart() call - and always use freopen() to open yyin after initial sudoers - parse. +1996-11-11 Todd C. Miller -2002-12-15 11:24 millert + * parse.yacc: + fix Runas_Alias stuff Alias's in runas list now get expanded (but it + is gross) + [45590b83120f] - * set_perms.c: Fix pasto/thinko in setresgid()/setregid() usage. - Want to set effective gid, not real gid, when reading sudoers. + * sudo.c: + Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400 + [d53e01c14c58] -2002-12-15 11:08 millert + * parse.yacc: + add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS) + [7a4a040aae2d] - * set_perms.c: don't compile set_perms_posix if we have setreuid or - setresuid + * parse.lex: + Add Runas_Alias and simplify a rule. + [6f794a769a37] -2002-12-14 14:21 millert + * parse.yacc: + always store User_Alias's since they can be used inside of a runas + list. Sigh. Really need a Runas_Alias instead. + [3bab058a873e] - * sudo.pod, sudoers.pod: document new prompt escapes +1996-10-30 Todd C. Miller -2002-12-14 14:15 millert + * visudo.c: + deal with case where there is no sudoers file + [fa38b3bb244d] - * check.c: Add %U and %H escapes and redo prompt rewriting. "%%" - now gets collapsed to "%" as was originally intended. This also - gets rid of lastchar (does lookahead instead of lookback) which - should simplify the logic slightly. +1996-10-12 Todd C. Miller -2002-12-13 13:20 millert + * TROUBLESHOOTING: + added one + [e61346d06725] - * tgetpass.c: Write the prompt *after* turning off echo to avoid - some password characters being echoed on heavily-loaded machines - with fast typists. +1996-10-11 Todd C. Miller -2002-12-13 13:09 millert + * HISTORY, testsudoers.c: + developement -> development + [4df55e293941] - * config.sub: Add support for mipseb; wiz@danbala.tuwien.ac.at + * INSTALL: + added a note + [3845fb83dbc0] -2002-12-13 12:48 millert + * RUNSON: + for 1.5.2 + [5489b7298942] - * configure.in: Fix IRIX fallout from name changes in man dir/sect - Makefile variables. Patch from erici AT motown DOT cc DOT utexas - DOT edu + * CHANGES: + updated + [0741834929e6] -2002-12-13 11:33 millert +1996-10-10 Todd C. Miller - * auth/pam.c: Keep a local copy of tgetpass_flags so we don't add - in TGP_ECHO to the global copy. Problem noted by Peter Pentchev. + * PORTING: + removed seteuid() notes + [1010a60f281d] [SUDO_1_5_2] -2002-11-28 18:43 millert +1996-10-09 Todd C. Miller - * parse.yacc: Add missing yyerror() calls; YYERROR does not seem to - call this for us. + * compat.h: + better seteuid() emulatino + [e807623b662c] -2002-11-26 12:09 millert + * configure.in: + added check for seteuid + [8cf9fabc6f4f] - * sudo.c: fix typo in comment; Pedro Bastos + * config.h.in: + added HAVE_SETEUID + [596db46aa828] -2002-11-22 14:41 millert +1996-10-08 Todd C. Miller - * INSTALL: document --disable-setresuid + * configure.in: + first stab at sequent support + [b85a7bfcac76] -2002-11-22 14:41 millert + * config.h.in: + added HAVE_SYS_SELECT_H + [93ecdd042463] - * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sudo_auth.c: - Sprinkle some volatile qualifiers to prevent over-enthusiastic - optimizers from removing memset() calls. + * compat.h: + sequent -> _SEQUENT_ + [63a38b6da98c] -2002-11-22 14:11 millert + * compat.h: + added seteuid() macro for DYNIX + [695bd63c5ea6] - * logging.c, parse.yacc: minor sign fixes pointed out by gcc - -Wsign-compare + * tgetpass.c: + _AIX -> HAVE_SYS_SELECT_H + [b31221211bc2] -2002-11-22 14:09 millert +1996-10-07 Todd C. Miller - * set_perms.c, sudo.c, sudo.h: Revamp set_perms. We now use a - version based on setresuid() or setreuid() when possible since - that allows us to support the stay_setuid option and we always - know exactly what the semantics will be (various Linux kernels - have broken POSIX saved uid support). + * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c, + parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + ++version + [8052992fd453] -2002-11-22 14:08 millert + * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c, + getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h, + pathnames.h.in, version.h: + ++version + [f7ad15e1598a] - * config.h.in, configure: regen from configure.in + * sudo.pod: + added -H and SUDO_PS1 + [bb965241e30c] -2002-11-22 14:07 millert + * configure.in: + use SUDO_FUNC_FNMATCH + [6a8350d85fb2] - * configure.in: Add checks for setresuid() and a way to disable - using it + * aclocal.m4: + added SUDO_FUNC_FNMATCH + [45b32c91c4ba] -2002-11-22 14:05 millert + * sudo.c: + added -H flag + [11ebc6872fd6] - * compat.h: No long need to emulate set*[ug]id() via setres[ug]id() - or setre[ug]id(). The new set_perms stuff only uses things it - knows are there. + * sudo.h: + added MODE_RESET_HOME / + [67a7f8bcbbd6] -2002-11-22 13:33 millert +1996-10-05 Todd C. Miller - * sudo.c: Before exec, restore state of signal handlers to be the - same as when we were initialy invoked instead of just reseting to - SIG_DFL. Fixes a problem when using sudo with nohup. Based on a - patch from Paul Markham. + * INSTALL: + mention OPIE + [5723515d5bbd] -2002-11-22 13:23 millert + * options.h: + SKEY -> OTP + [c1d268130bc4] - * sudo.c: o timestamp_uid should be uid_t, not int o clarify error - message when sudo is run by root and no_root_sudo is set + * configure.in: + added opie support + [123872b41b20] -2002-09-19 17:27 millert + * compat.h, config.h.in: + added HAVE_OPIE + [528c71afc1e5] - * README: update ftp link for bison + * check.c: + added HAVE_OPIE and changed to *_OTP_* + [4c62f5db872a] -2002-07-20 08:30 millert + * OPTIONS: + SKEY -> OTP + [bd858e5e9652] - * set_perms.c: Error out if setusercontext() fails and the runas - user is not root. +1996-10-04 Todd C. Miller -2002-05-20 16:51 millert + * check.c: + moved fclose() in skey stuff. + [11f7dc8431a6] - * auth/securid5.c: Fix rcsid +1996-10-03 Todd C. Miller -2002-05-20 16:50 millert + * putenv.c: + index -> strchr remove unnecesary stuff + [af2d05238062] - * configure.in: Fix SecurID API test + * check.c: + now call skeychallenge() to get challenge instead of making one up + ourselves. this way, we get extra goodies in the prompt. + [49b770d98d3a] -2002-05-17 13:20 millert +1996-09-10 Todd C. Miller - * env.c: typo in comment + * CHANGES: + added one + [3f5149357e2a] [SUDO_1_5_1] -2002-05-17 13:20 millert + * parse.lex: + allow logins to start with a number (YUCK!) + [7ed7ef324741] - * configure.in: securid5 stuff needs pthreads. Just adding - -lpthread is suboptimal but I don't see a better way at the - moment. +1996-09-08 Todd C. Miller -2002-05-17 13:04 millert + * TROUBLESHOOTING: + added soalris 2.5 vs 2.4 note + [16160a251aae] - * Makefile.in, auth/securid5.c: SecurID API version 5 support from - Michael Stroucken + * configure.in: + DUNIX doesn't need -lnsl + [be924cc322c3] -2002-05-17 13:02 millert + * CHANGES: + *** empty log message *** + [1b2937521981] - * configure.in: Add check for SecurID 5.0 API + * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c, + getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, + options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, + strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, + utime.c, version.h, visudo.c: + courtesan + [5f203589bbfe] -2002-05-08 16:46 millert + * PORTING, README, RUNSON: + courtesan + [d72517f4937e] - * strerror.c: We actually do still need config.h to get the 'const' - definition for K&R C. + * INSTALL, Makefile.in, TROUBLESHOOTING: + courtesan + [5c007e3c7a71] -2002-05-05 16:43 millert + * visudo.pod: + *** empty log message *** + [37ebe85bd4e1] - * configure: regen with autoconf 2.5.3 + * sudo.pod, visudo.pod: + courtesan + [37f02e2130ea] -2002-05-05 16:25 millert +1996-09-07 Todd C. Miller - * configure.in: Don't set sysconfdir to '/etc' if the user has - specified a --prefix. + * HISTORY: + added courtesan ./ + [b01435226276] -2002-05-05 16:14 millert +1996-09-06 Todd C. Miller - * configure.in: Some fixes for autoconf 2.53 from Robert Uhl o - don't AC_SUBST LIBOBJS o force a 4th arg for AC_CHECK_HEADER() - to workaround a bug + * sudo.c: + added $SUDO_PROMPT support + [cb1fa72c093d] -2002-05-05 15:58 millert +1996-09-04 Todd C. Miller - * env.c, sudo.c, sudo.h: No need for dump_badenv() now that - dump_defaults() knows how to dump lists. + * check.c: + print long skey challemged to stderr, not stdout + [750fc775b3b2] -2002-05-04 21:31 millert +1996-09-01 Todd C. Miller - * BUGS, INSTALL, Makefile.in, configure.in, version.h, - INSTALL.binary, README: ++version + * CHANGES: + updated for 1.5.1 + [9b615f393057] -2002-05-04 20:57 millert + * emul/utime.h: + ++version + [a94de18deafb] - * sudoers.pod: document timestampowner +1996-08-31 Todd C. Miller -2002-05-04 20:45 millert + * RUNSON: + updated for 1.5.1 + [4092f20ab634] - * check.c: Don't call set_perms() when doing timestamp stuff unless - timestamp_uid != 0. +1996-08-30 Todd C. Miller -2002-05-04 20:43 millert + * check.c: + use shost, not host for tgetpass + [6061c49ff9be] - * check.c, logging.c, parse.c, set_perms.c, sudo.c, sudo.h, - testsudoers.c, auth/sudo_auth.c: g/c second arg to set_perms--it - is no longer used + * sudo.pod: + documented %u and %h + [6d2922d29897] -2002-05-03 18:48 millert + * OPTIONS: + documented %u and %h + [1a71da13a864] - * check.c, set_perms.c, sudo.c, sudo.h: Add support for non-root - timestamp dirs. This allows the timestamp dir to be shared via - NFS (though this is not recommended). + * configure.in: + fixed typo + [1230dec2b062] -2002-05-03 18:47 millert + * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, + dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: + ++version + [65ce8eabf77a] - * def_data.c, def_data.h, def_data.in: Add timestampowner, "Owner - of the authentication timestamp dir" + * BUGS: + ++version + [afecab53aab7] -2002-05-02 15:40 millert +1996-08-29 Todd C. Miller - * env.c: Don't try to pre-compute the size of the new envp, just - allocate space up front and realloc as needed. Changes to the - new env pointer must all be made through insert_env() which now - keeps track of spaced used and allocates as needed. + * Makefile.in, configure.in, version.h: + ++version + [fb3ff940d672] -2002-04-26 15:12 millert + * sudo.h: + new tgetpass() params + [9eccc5b0f8ae] - * configure: regen + * check.c: + pass use and host to tgetpass + [c56d9d13c401] -2002-04-26 15:12 millert + * tgetpass.c: + added %u and %h escapes + [04ae775d3e5d] - * configure.in: Fix two typo/pastos; from jrj@purdue.edu + * OPTIONS, check.c, options.h: + added NO_MESSAGE + [3927dad19057] -2002-04-25 11:36 millert + * configure.in: + added cray (unicos) support + [1122210c5fb1] - * INSTALL.binary, README: ++version +1996-08-27 Todd C. Miller -2002-04-25 11:35 millert + * OPTIONS, options.h, sudo.c: + added SHELL_SETS_HOME + [0b26909b0929] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in, configure: regen +1996-08-25 Todd C. Miller -2002-04-25 11:31 millert + * INSTALL: + added note about "make install" + [7e56ea76d4b4] - * CHANGES, RUNSON, TODO: Sync with 1.6.6 + * parse.yacc: + changed length/size params from int to size_t + [5654e5ceb1b3] -2002-04-25 11:30 millert + * OPTIONS: + now get CSOPS insults as well by default + [297323d0179a] - * check.c: The the loop used to expand %h and %u, the lastchar - variable was not being initialized. This means that if the last - char in the prompt is '%' and the first char is 'h' or 'u' a - extra copy of the host or user name would be copied, for which - space had not been allocated. + * insults.h: + use csops insults too by default + [07fafc136169] -2002-04-18 11:41 millert + * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h: + version = 1.5 + [4b8772b11e3b] - * BUGS, INSTALL, Makefile.in, configure.in, version.h: crank - version to 1.6.6 + * sudo.c: + added runas_homedir + [b0e0d4417a15] -2002-04-18 11:39 millert + * TODO: + updated for 1.5 + [66259df825d5] - * auth/afs.c: #undef VOID to get rid of an AFS warning + * RUNSON: + updated for 1.5 + [e08bc9ebfe95] -2002-04-18 11:38 millert + * CHANGES: + 1.5 release + [8c16942fea41] - * env.c: Use easprintf instead of emalloc + sprintf for some - things. + * INSTALL: + added "upgrading" notes + [210d968964ff] -2002-03-15 19:45 millert +1996-08-22 Todd C. Miller - * lex.yy.c: regen + * visudo.c: + now do chmod and chown after edit of temp file and before rename + [de174e34faa7] [SUDO_1_5_0] -2002-03-15 19:44 millert +1996-08-18 Todd C. Miller - * parse.c, parse.lex, parse.yacc, testsudoers.c: Remove Chris - Jepeway's email address so people don't bug him ;-) + * Makefile.in: + ++version added INSTALL.configure + [c9e9214f52ae] -2002-03-11 22:19 millert + * configure.in, version.h: + ++version + [5985abed3eb2] - * sudo.c: Move endpwent() to be after set_perms(PERM_RUNAS, ...) - and also call endgrent() at the same time. + * TROUBLESHOOTING: + *** empty log message *** + [d65c540ec52e] -2002-02-21 22:23 millert + * parse.yacc: + added missing cast + [e7247319a7d5] - * INSTALL: Make it clear which configure options take arguments. + * sudo.c: + sets $HOME to pw_dir of runas user + [d3f7f4d05752] -2002-01-25 13:38 millert + * sudo.pod: + document $HOME change + [854454d458c4] - * compat.h: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there - is no RLIM_INFINITY, just pretend it is -1. This works because - we only check for RLIM_INFINITY and do not set anything to that - value. +1996-08-17 Todd C. Miller -2002-01-22 11:43 millert + * sudo.pod: + fixed up some wording + [b0c8582f2c97] - * auth/pam.c: Zero and free allocated memory when there is a - conversation error. + * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, + interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c, + strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, + visudo.c: + ++version + [748be723fd8b] -2002-01-21 22:37 millert + * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, options.h, pathnames.h.in, sudo.h: + ++version + [acdf8b1b2a1b] - * auth/bsdauth.c: Use sigaction() not signal() + * emul/utime.h: + ++version + [b3f35298ab8d] -2002-01-21 22:26 millert + * sudo.h: + name nad type changes + [db24ab3da141] - * INSTALL: Mention that some linux kernels have broken POSIX saved - ID support + * testsudoers.c: + now works with new sudo + [379346c42cc2] -2002-01-21 21:03 millert + * parse.yacc: + fixed some XXX + [f5fe4c990052] - * CHANGES: checkpoint for 1.6.5p2 + * parse.yacc: + some variable name changes + comment headers for functions. + [3dc3bd9aa73d] -2002-01-21 21:01 millert + * tgetpass.c: + added extra paren's to make compilers happy + [9e4968a34d56] - * configure: regen + * sudo.c: + *** empty log message *** + [70c924c1ed69] -2002-01-21 21:01 millert + * parse.c: + now uses init_parser() if not in sudoers and tries "list" or + "validate" scold but don't be nasty. + [c0d8fb3f8c9e] - * configure.in: Add --disable-setreuid flag + * TROUBLESHOOTING: + now can use upper case login names + [c772fffcefe5] -2002-01-21 21:00 millert + * visudo.c: + now uses init_parser() + [b9efae7243fd] - * INSTALL: Document new --disable-setreuid option and change - description for --disable-saved-ids to match new error message. + * INSTALL, README: + updated + [27dc8283fdc8] -2002-01-21 21:00 millert + * PORTING: + added info about PASSWORD_TIMEOUT + [980e15d892f8] - * set_perms.c: fatal() now takes an argument that determines - whether or not to call perror(). + * INSTALL.configure: + Initial revision + [8292e89a08d3] -2002-01-21 20:58 millert + * BUGS: + fixed a bug , + [c6e46f5624f9] - * PORTING, TROUBLESHOOTING: Update for new error messages from - set_perms() + * parse.yacc: + now dynamically allocates memory for the stacks -- no more + overflows! + [8615c35b6ad3] -2002-01-21 17:46 millert + * sudo.pod: + -l now explands command aliases + [39f45605935d] - * auth/pam.c: Make this compile w/o warnings + * parse.yacc: + hacks to expand command aliases for `sudo -l' + [e4eb752608f9] -2002-01-21 17:36 millert + * sudo.c: + remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash) + [01327ca5084b] - * auth/pam.c: Mention that we can't use pam_acct_mgmt() + * sudo.h: + added struct command_alias + [dd2f32764082] -2002-01-21 17:25 millert + * sudo.pod: + fixed a bug + [e708ff08d2eb] - * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c: The user's password - was not zeroed after use when AIX authentication, BSD - authentication, FWTK or PAM was in use. + * lsearch.c: + in compar() key should be first arg + [fc14c3fa62ee] -2002-01-20 14:21 millert +1996-08-15 Todd C. Miller - * auth/pam.c: Avoid giving PAM a NULL password response, use the - empty string instead. This avoids a log warning when the user - hits ^C at the password prompt when PAM is in use. + * BUGS: + fixed some bugs + [639dfe425bd5] -2002-01-19 19:46 millert + * parse.yacc: + can now deal with upcase HOST and USER names + [c6aa7bcfb00d] - * auth/pam.c: Don't check the return value of pam_setcred(). In - Linux-PAM 0.75 pam_setcred() returns the last saved return code, - not the return code for the setcred module. Because we haven't - called pam_authenticate(), this is not set and so pam_setcred() - returns PAM_PERM_DENIED. + * sudo.c: + don't yell too loudly at non-sudoers if they do "sudo -l" + [4ef146128d89] -2002-01-19 19:43 millert + * sudo.pod: + fixed thinko + [830f2f0f22e7] - * Makefile.binary, Makefile.in: Don't need a '/' between $(DESTDIR) - and a directory. + * parse.c: + fix comment + [d20ce9e17ddc] -2002-01-18 14:18 millert +1996-08-09 Todd C. Miller - * configure: regen + * parse.c, parse.yacc: + added support for new `sudo -l' stuff + [7dceaef3c733] -2002-01-18 14:18 millert + * sudo.c: + now uses list_matches() + [293364821b61] - * configure.in: o BSDi also has a bogus setreuid() o Old FreeBSD - has a bogus setreuid() o new NetBSD has a real setreuid() o add - check for freeifaddrs() if getifaddrs() exists. + * sudo.h: + added struct sudo_match + [b2684179d179] -2002-01-18 14:17 millert + * configure.in: + now more -lgnumalloc + [4f8ae42617d8] - * config.h.in, interfaces.c: Older BSDi releases lack freeifaddrs() - so add a test for that and if it is not present just use free(). +1996-08-01 Todd C. Miller -2002-01-17 11:30 millert + * install-sh: + added more paths for chown and whoami + [6e685a19426c] - * CHANGES, RUNSON: Checkpoint for 1.6.5p1 +1996-07-31 Todd C. Miller -2002-01-17 10:56 millert + * check.c: + typo + [3adfa01c04bc] - * auth/passwd.c: Return AUTH_FAILURE in passwd_init() if - skeyaccess() denies access to normal passwords, not AUTH_FATAL - (which just causes an exit). +1996-07-30 Todd C. Miller -2002-01-17 10:35 millert + * aclocal.m4: + fixed DUNIX check for shadow pw + [c25324bcd27b] - * visudo.c: Don't use memory after it has been freed. + * tgetpass.c: + now only turn off echo if it is already on. this fixes a race when + you use sudo in a pipelin + [28388c2de21c] -2002-01-17 00:24 millert + * INSTALL: + updated + [b45ac9366b7e] - * auth/passwd.c: skeyaccess() wants a struct passwd * not a char *; - Patch from Phillip E. Lobbes + * configure.in: + changed "test -z $foo && do_this" to if; then construct + [2183c4426bca] -2002-01-16 20:00 millert +1996-07-29 Todd C. Miller - * BUGS: ++version + * configure.in: + added missing defines of SHADOW_TYPE + [be89ea68a7f3] -2002-01-16 19:53 millert +1996-07-26 Todd C. Miller - * CHANGES, RUNSON, TODO: checkpoint for sudo 1.6.5 + * check.c: + protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are + only in dunix 4.x + [1e7c1c677263] -2002-01-16 18:37 millert + * getspwuid.c: + added AUTH_CRYPT_C1CRYPT support + [88d6b0058b20] - * configure: regen + * parse.c: + no longer return VALIDATE_NOT_OK if there was a runas that didn't + match. Now we can have runas stuff on more than one line. + [52b68920d7b7] -2002-01-16 18:37 millert + * getspwuid.c, sudo.c, tgetpass.c: + use SHADOW_TYPE instead of HAVE_C2_SECURITY + [cf401dfcbc06] - * INSTALL, INSTALL.binary, Makefile.in, README, configure.in: - version 1.6.5 + * configure.in: + got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to + something + [c7a233c4dd93] -2002-01-16 18:37 millert + * config.h.in: + removed HAVE_C2_SECURITY added SPW_BSD + [8314405e9754] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: sudo version 1.6.5 + * compat.h: + use SHADOW_TYPE instead of HAVE_C2_SECURITY + [6f94870df17f] -2002-01-16 16:28 millert + * check.c: + SHADOW_TYPE is always defined so just against its value + [72c69a55d02f] - * logging.c: o when invoking the mailer as root use a hard-coded - environment that doesn't include any info from the user's - environment. Basically paranoia. + * aclocal.m4: + added SUDO_CHECK_SHADOW_DUNIX + [ef025ae9d496] - o Add support for the NO_ROOT_MAILER compile-time option and run - the mailer as the user and not root if NO_ROOT_MAILER is - defined. +1996-07-25 Todd C. Miller -2002-01-16 16:27 millert + * sudoers.pod: + * -> ?* in one example added another instance of (runas) and one of + NOPASSWD: + [d74fe1dcbe7d] - * set_perms.c, sudo.h: Bring back PERM_FULL_USER +1996-07-24 Todd C. Miller -2002-01-16 16:26 millert + * configure.in: + added back check for config.cache from other host type + [0ba87871f585] - * configure: regen + * parse.lex: + removed an instance of \" + [1e008d3709f6] -2002-01-16 16:26 millert + * sample.sudoers: + added an example + [dbfcf68ee330] - * version.h: version 1.6.5 + * sudoers.pod: + updated wrt new wildcard matching + [193fa44a475b] -2002-01-16 16:26 millert + * configure.in: + new check for shadow passwords if we don't know anything + [67465df7dc9a] - * INSTALL, config.h.in, configure.in: Add --disable-root-mailer - option to run the mailer as the user and not root. + * aclocal.m4: + new SUDO_CHECK_SHADOW_GENERIC + [3563b16a41b8] -2002-01-16 12:44 millert + * configure.in: + added back check for -lsocket (oops) + [a80882ee1cb6] - * CHANGES: checkpoint for 1.6.4p2 + * configure.in: + better (working) check for shadow passwd type if we know to use C2. + [3cdd2a59a641] -2002-01-15 19:22 millert + * configure.in: + now uses AC_CANONICAL_HOST to figure out os type + [80db7fe6e704] - * PORTING: Mention the "seteuid(0): Operation not permitted" - problem here too just for good measure. + * Makefile.in: + added config.{guess,sub} + [c6be7e3ca384] -2002-01-15 18:43 millert + * aclocal.m4: + removed unused stuff to figure out os type + [c9a0f3b57123] - * env.c, getspwuid.c, sudo.c: The SHELL environment variable was - preserved from the user's environment instead of being reset - based on the passwd database when the "env_reset" option was - used. Now it is reset as it should be. + * config.sub: + added openbsd + [bfc6bfec3668] -2002-01-15 17:47 millert + * config.sub: + Initial revision + [e6e06ce0d17d] - * configure: regen + * config.guess: + Initial revision + [99dd06f79199] -2002-01-15 17:47 millert + * testsudoers.c: + don't call fnmatch() with FNM_PATHNAME flag unless it can only be a + pathname. need to check against sudoers_args even if user_args is + nil + [66e6cf77f5d6] - * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c, - sudo.c: Add a configure option to turn off use of POSIX saved IDs + * parse.c: + don't call fnmatch() with FNM_PATHNAME flag unless it can only be a + pathname need to check against sudoers_args even if user_args is nil + [74374df17311] -2002-01-15 15:48 millert +1996-07-23 Todd C. Miller - * configure: regen + * check.c: + added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2 + [cbb00261c415] -2002-01-15 15:48 millert + * testsudoers.c: + now takes command line args and uses cmnd_args + [f0c2fd35a527] - * configure.in: add --with-efence option + * parse.lex: + fill_args was adding an extra leading space + [692fc999b2e8] -2002-01-15 15:39 millert +1996-07-22 Todd C. Miller - * sudo.c: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a - problem where "sudo -l" would not work if always_set_home was - set. + * visudo.c: + fixed dummy command_matches() + [93d9543db6e2] -2002-01-15 13:16 millert + * parse.yacc: + fixed prototype + [7b0addfbd429] - * lex.yy.c: regen + * sudo.h: + added cmnd_args + [8f47c4ae65ef] -2002-01-15 13:16 millert + * parse.yacc: + now uses flat args string + [016e65877da3] - * parse.lex: Quoted commas were not being treated correctly in - command line arguments. + * parse.c, parse.lex: + now uses flat arg string + [5b5f2e3f4c09] -2002-01-14 20:53 millert + * visudo.c: + added cmnd_args def + [876867134775] - * sudo.c: o Move the call to rebuild_env() until after - MODE_RESET_HOME is set. Otherwise, the set_home option has no - effect. + * sudo.c: + now sets cmnd_args global + [e6fee70cb59b] - o Fix use of freed memory when the "fqdn" flag is set. This was - introduced by the fix for the "segv when gethostbynam() fails" - bug. Also, we no longer call set_fqdn() if the "fqdn" flag is - not set so there is no need to check the "fqdn" flag in - set_fqdn() itself. + * logging.c: + cmnd_args is now exported from sudo.[ch] + [7a9cd36e356f] -2002-01-14 20:45 millert +1996-07-21 Todd C. Miller - * env.c: Add 'continue' statements to optimize the switch - statement. From Solar. + * parse.yacc: + can't rely on cmnd_matches as much as I thought -- added some $$ + stuff back in to prevent namespace pollution problems. + [3c45fedb5af3] -2002-01-13 13:42 millert + * parse.yacc: + Simplified parse rules wrt runas and NOPASSWD (more consistent). + [e6d838c8a4c7] - * sudoers.cat, sudoers.man.in: Regen from new sudoers.pod +1996-07-20 Todd C. Miller -2002-01-13 13:36 millert + * parse.lex: + NOPASSWD may now have blanks before the ':' '(' only starts a + 'runas' if in the initial state to avoid collision with command args + [c5c01172f499] - * sudoers.pod: Add caveat about stay_setuid flag + * configure.in: + added checks for specific shadow passwd schemes + [b7e3d1f7b84f] -2002-01-13 13:29 millert + * aclocal.m4: + added routines to check for specific shadow passwd types + [e5e1d19960a6] - * sudo.c: If set_perms == set_perms_posix and the stay_setuid flag - is not set, set all uids to 0 and use set_perms_fallback(). +1996-07-18 Todd C. Miller -2002-01-13 13:28 millert + * configure.in: + added support for ncr boxen + [bea9dc5aae7f] - * set_perms.c, sudo.h: Remove PERM_FULL_USER (which is no longer - used) and add PERM_FULL_ROOT (used when exec'ing the mailer). + * aclocal.m4: + added support for detecting ncr boxen + [8653a158a924] -2002-01-13 13:27 millert +1996-07-16 Todd C. Miller - * logging.c: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the - mailer since we never want to run the mailer setuid. + * configure.in: + added sinix support + [5de2b2173ee1] -2002-01-12 17:55 millert +1996-07-14 Todd C. Miller - * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in, - visudo.pod: Use sudo.ws instead of courtesan.com in URLs + * TROUBLESHOOTING: + added info about "config.cache from other other" error. + [845b10198e0b] -2002-01-12 14:00 millert + * aclocal.m4: + now makes sure you don't have a config.cache file from another OS + [4fe32571c021] - * Makefile.in, Makefile.binary: Fix mansect substitution + * configure.in: + now sets $LIBS when needed to configure links with libs when doing + tests hpux10 now uses SPW_SECUREWARE for C2 added check for + bigcrypt(3) if SPW_SECUREWARE + [2df6b8ca538f] -2002-01-12 13:15 millert + * getspwuid.c: + fixed typo + [fe1cb1d792d6] - * Makefile.in: Substitute man sections in Makefile.binary + * tgetpass.c: + now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH + [f71138372c07] -2002-01-12 13:15 millert + * getspwuid.c: + no more SPW_HPUX10 + [cfdeb18bc16b] - * Makefile.binary: Sync install targets with Makefile.in and - substitute in man sections. + * config.h.in: + no more SPW_HPUX10 added HAVE_BIGCRYPT + [00d296479a61] -2002-01-12 13:09 millert + * compat.h: + now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE + [6c6d9e680417] - * INSTALL, INSTALL.binary: version is 1.6.4 + * check.c: + SPW_SECUREWARE now uses bigcrypt + [be71fc66690f] -2002-01-12 12:59 millert +1996-07-13 Todd C. Miller - * Makefile.in: Repair bindist target + * sample.sudoers: + fixed 2 syntax errors + [45eee19ef4ac] -2002-01-12 11:43 millert + * sudoers: + root may now run ALL as ALL + [1b54c6b9b212] - * CHANGES: sync for 1.6.4 +1996-07-12 Todd C. Miller -2002-01-10 13:00 millert + * interfaces.c: + fixed a typo/thinko that broke BSD's with sa_len + [603438360126] - * install-sh: Fix case where neither whoami nor id are found +1996-07-08 Todd C. Miller -2002-01-09 12:35 millert + * check.c, configure.in: + updated AFS support + [e572eb8d177a] - * install-sh: If neither whoami nor id exists, just assume we are - root. + * TROUBLESHOOTING: + added entry about /usr/ucb/cc + [025b353aa9d3] -2002-01-09 11:56 millert + * INSTALL: + prep no longer holds gcc binaries + [8b0942958049] - * alloc.c: Add explicit cast to (VOID *) on malloc/realloc. Seems - to be needed on AIX which for some reason isn't pulling in the - malloc prototype. + * INSTALL: + updated AFS note + [7af6efd5abe4] -2002-01-08 10:00 millert + * Makefile.in: + added @AFS_LIBS@ + [97b6fe6ad7d6] - * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c: (c) 2002 + * compat.h: + AFS allows long passwords + [5fb17122c302] -2002-01-08 09:21 millert + * testsudoers.c: + fixed -u user support + [b1a0c1648639] - * CHANGES: checkpoint + * parse.c: + sudo -v now groks VALIDATE_OK_NOPASS + [74fc03fffe7e] -2002-01-08 09:20 millert + * parse.yacc: + fixed no_passwd vs. runas_matched + [549a9b791a6a] - * sudo.c: Defer assigning new environment until right before the - exec. + * TROUBLESHOOTING: + took out stuff about NFS-mounting since it is no longer an issue + [d95ab7fbbc61] -2002-01-08 09:08 millert + * INSTALL: + added --with-libraries > --with-libpath --with-incpath + [d5d15a7a0f4c] - * parse.c: kill extra blank line + * parse.yacc: + was setting runas_matches to -1 in wrong place + [db2b1deb8d33] -2002-01-07 13:59 millert + * check.c: + removed usersec.h which is not present in new AFS versions + [618b016dd17f] - * configure: regen + * tgetpass.c: + now deals with timeout <= 0 + [ba53a1257255] -2002-01-07 13:59 millert + * OPTIONS: + updated + [75093bd8fdca] - * configure.in: Use -O not -O2 for m88k-motorola-sysv* since - motorola gcc-derived compiler doesn't recognise -O2. + * configure.in: + BSD/OS >= 2.0 now uses shlicc instead of just gcc + [ff6dbf7825c2] -2002-01-06 23:02 millert + * sudo.c: + fixed backwards compatibility with sudo 1.4 sudoers mode for root + readable/writable filesystems + [2694ed627221] - * HISTORY: Clarify origins of Root Group sudo a bit based on info - from billp@rootgroup.com + * Makefile.in: + now gives INSTALL -c flag + [63db055a2fd1] -2002-01-02 22:41 millert + * parse.yacc: + slightly simpler initialization of no_passwd and runas_matches + [463a1b5fa323] - * LICENSE: 2002 + * testsudoers.c: + added -u username support + [38b072fcd6b3] -2002-01-02 22:26 millert + * configure.in: + improved --with-libraries support + [047dbc5f0af2] - * CHANGES: checkpoint for 1.6.4rc1 +1996-07-07 Todd C. Miller -2002-01-02 17:40 millert + * configure.in: + added --with-incpath, --with-libpath, --with-libraries + [20f20d6c718c] - * config.h.in: now generated via autoheader + * parse.yacc: + now initializes some fields that weren't getting set to -1 pretty + gross -- need a rewrite. + [021c160390c6] -2002-01-02 17:40 millert +1996-06-26 Todd C. Miller - * configure: regen + * alloca.c: + removed emacs'isms + [9d4ec2efe057] -2002-01-02 17:37 millert + * configure.in: + no longer add -lPW to *_LIBS since we include alloca.c + [a626d1bbea80] - * compat.h: Move in some stuff that was previously in config.h. + * config.h.in: + added HAVE_ALLOCA_H + [15491e2a6cff] -2002-01-02 17:36 millert + * Makefile.in: + added alloca.c + [0400f25e1fe4] - * configure.in, aclocal.m4: Add info for autoheader. + * alloca.c: + Initial revision + [06d033aa4882] -2002-01-01 16:53 millert + * configure.in: + ++version + [f52c0fb98f90] - * Makefile.in: o Add DESTDIR support - o Use -M, -O, and -G instead of -m, -o, and -g to facilitate - non-root installs +1996-06-25 Todd C. Miller -2002-01-01 16:48 millert + * sudo.c: + now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is + not always set to a valid uid. + [c2669f77704d] - * install-sh: Add -M option (like -m but only for root) If we can't - find "whoami", use "id" w/ some sed. + * OPTIONS: + fixed entry for SUDO_MODE + [d7272f6035b8] -2002-01-01 14:01 millert + * sudo.c: + Fixed NFS-mounted sudoers file under solaris both uid *and* gid were + being set to -2. Now beat NFS to the punch and set uid to "nobody" + ourselves, preserving group 0 to read sudoers. + [b1fbc5dd1e34] - * configure: regen + * parse.c: + moved set_perms(PERM_ROOT) to be before yyparse() + [7619d8080735] -2002-01-01 14:00 millert + * logging.c: + fixed a typo + [318acc48cde0] - * configure.in: allow user to always override mansectsu and - mansectform + * configure.in: + no longer need AC_PROG_INSTALL + [de01b1336dc8] -2001-12-31 17:05 millert + * Makefile.in: + always use install-sh to avoid install(1)'s that use get{pw,gr}nam + [ea2351986406] - * mkinstalldirs: update from autoconf 2.52 + * INSTALL: + make clean -> make distclean + [704a98e8ba10] -2001-12-31 17:03 millert +1996-06-20 Todd C. Miller - * config.guess, config.sub: Update from autoconf 2.52 + * parse.yacc: + removed some unnecsary if's + [f00db6508132] -2001-12-31 16:57 millert + * Makefile.in, version.h: + ++version + [bdb6740b24c8] - * configure: regen with autoconf 2.52 + * parse.c, testsudoers.c: + now includes netgroup.h + [93f5a06352bc] -2001-12-31 16:57 millert + * interfaces.c: + removed cats of ioctl to int since they didn't shut up -Wall + [83e9f912cd7a] - * configure.in: o Call AC_PROG_CC_STDC to find out how to run the - compiler in ANSI mode - o Remove compiler-specific checks for HP-UX now that we use - AC_PROG_CC_STDC + * interfaces.c: + explicately cast ioctl() to int since it it not always declared + [2ff9294e469e] -2001-12-31 12:19 millert + * sudo.h: + added declarations for yyparse() and yylex() + [6071321ab771] - * RUNSON: Checkpoint + * parse.yacc: + fixed an occurence of '==' -> '=' + [2c46d2e11d57] -2001-12-31 12:18 millert + * config.h.in, configure.in: + added check for netgroup.h + [73403050f4e3] - * auth/pam.c: o Add pam_prep_user function to call pam_setcred() - for the target user; on Linux this often sets resource limits. - o When calling pam_end(), try to convert the auth->result to a - PAM_FOO value. This is a hack--we really need to stash the - last PAM_FOO value received and use that instead. + * sudo.c: + fixed 2 compiler warnings + [680929b0bd97] -2001-12-31 12:18 millert + * sudo.c: + SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being + initialized + [18707ecd07c2] - * set_perms.c, sudo.h: o Add pam_prep_user function to call - pam_setcred() for the target user; on Linux this often sets - resource limits. +1996-06-19 Todd C. Miller -2001-12-31 00:53 millert + * sudo.pod: + fixed a typo + [e4b5c12aa130] - * env.c: Fix off by one error in number of bytes allocated via - malloc (does not affected any released version of sudo). +1996-06-17 Todd C. Miller -2001-12-30 17:12 millert + * parse.yacc: + fixed a formatting thingie + [c79327b6f19b] - * lex.yy.c: regen + * parse.c, parse.yacc: + fixed -u support with multiple user lists on a line + [e4d1066adca2] -2001-12-30 17:12 millert + * configure.in: + unixware needs -lgen + [b5bf9bca63cc] - * parse.lex: Allow '@', '(', ')', ':' in arguments to a defaults - variable w/o requiring that they be quoted. + * README: + updated ftp location + [b25a033f7921] -2001-12-30 14:26 millert + * sudoers.pod: + add net_addr/netmask support + [674e83516d1e] - * sudoers.cat, sudoers.man.in, sudoers.pod: Mention that no double - quotes are needed when adding/deleting/assigning a single value - to a list. + * sample.sudoers: + added net_addr/mask example + [774878e89b28] -2001-12-30 13:58 millert + * parse.c, parse.lex: + added support for net_addr/netmask + [e33de27325d8] - * Makefile.in: Don't rely on mkdefaults being executable, call perl - explicitly. +1996-06-16 Todd C. Miller -2001-12-30 13:41 millert + * sudoers.pod: + ^ -> ! + [1a084950d6ef] - * parse.yacc: Remove some XXX that are no longer relevant. +1996-06-15 Todd C. Miller -2001-12-30 13:40 millert + * RUNSON: + updated for 1.4.3 + [c82019025d09] - * defaults.c: o Roll our own loop instead of using strpbrk() for - better grokability o When adding to a list we must malloc() and - use memcpy(), not strdup() since we must only copy len bytes - from str. + * CHANGES: + udpated for 1.4.3 + [ceaa81adb8f0] -2001-12-21 16:49 millert + * BUGS, TODO, TROUBLESHOOTING: + updated + [ff94fae4b853] - * parse.yacc: typo in comment + * sample.sudoers: + updated with examples of new stuff + [99d0b4cb4c9c] -2001-12-19 11:50 millert + * INSTALL, README: + ++version + [b763b80fe836] - * CHANGES: checkpoint + * sudoers.pod: + updated wrt -u and NOPASSWD + [0b5b722ea0f4] -2001-12-19 10:56 millert + * sudo.pod: + updated wrt -u and CAVEATS + [71d5d53b5d18] - * configure: regen +1996-06-09 Todd C. Miller -2001-12-19 10:56 millert + * sudo.c: + fixed usage() + [114c7d09b550] - * configure.in: avoid the -g flag unless --with-devel was specified + * parse.lex: + now use :foo: character classes (makes no diff for generated lexer) + [7b0aeb737a02] -2001-12-19 10:04 millert +1996-06-07 Todd C. Miller - * Makefile.in: mkdefaults, def_data.in and sigaction.c were missing - from the tarball + * check.c: + fixed LONG_SKEY_PROMPT stuff + [0efe78b4bdda] -2001-12-19 09:46 millert +1996-06-06 Todd C. Miller - * Makefile.in: def_data.c was missing + * visudo.c: + fixed a comment + [3d289017104b] -2001-12-18 12:42 millert + * lsearch.c: + make more like NetBSD one -- now compiles w/o warnings + [932206296a54] - * env.c: Fix setting of $USER and $LOGNAME in the non-reset_env - case. Also allow HOME, SHELL, LOGNAME, and USER to be specified - in keep_env + * emul/search.h: + fixed decls of lsearch() + [c58cf4584c45] -2001-12-17 20:48 millert + * config.h.in, configure.in, getspwuid.c: + added SPW_HPUX10 + [d74e5eaa5f17] - * TODO: Another TODO item + * check.c: + hpux 10 uses bigcrypt() if C2 + [359eb63f4021] -2001-12-17 19:50 millert +1996-06-04 Todd C. Miller - * sudoers: Add comment for Default section so folks know where it - should go. + * parse.c: + now always uses fnmatch to match args + [a9d91f35256a] -2001-12-17 18:56 millert + * tgetpass.c: + back to using stdio instead of raw i/o since that caused some + problems + [e7ce2bc92974] - * tgetpass.c: Use TCSETAF, not TCSETA to set terminal in termio - case +1996-05-29 Todd C. Miller -2001-12-17 18:35 millert + * sudo.c: + now give usage warning if use -l,-v,-k with args + [6b48180c4fea] - * sudoers.man.in, sudoers.cat: regen from sudoers.pod +1996-05-28 Todd C. Miller -2001-12-17 18:33 millert + * sudo.c: + NewArgc is now set to 1 for -l, -v, -k + [7497cb1416a8] - * sudoers.pod: o Typo, Runas_User_List should be Runas_List - o a User_List can not contain a uid - o mention that the Defaults section should come after Alias - definitions but before the user specifications + * sudo.c: + now sets sudoers to correct group if mode is 0400 + [484c43d99718] -2001-12-15 11:51 millert + * install-sh: + updated to version used by inn and bind + [28683ad8725a] - * sudoers.cat, sudoers.man.in: regen + * configure.in: + now uses -lgnumalloc if it exists + [3651ca4415a2] -2001-12-15 11:51 millert + * Makefile.in: + "make install" now sets uid/gid and mode on sudoers if it exists + [1f5216191ae9] - * sudoers.pod: Fix listpw and verifypw sections, they were not - being formatted properly. + * sudo.c: + rmeoved debugging statements + [aeda278e2c26] -2001-12-15 11:39 millert + * parse.yacc: + added a missing free() + [592c9482a159] - * sudoers.cat, sudoers.man.in: regen + * sudo.c: + now uses user_gid instead of getegid (which was wrong anyway) to set + SUDO_GID Now sets command line args in SUDO_COMMAND envariabled + (logging.c depends on args being in the environment) + [9f5328a3b942] -2001-12-15 11:38 millert + * logging.c: + now uses SUDO_COMMAND envariable to get command args rather than + building it up again. + [7f8edc5bccb7] - * sudoers.pod: fix typos + * parse.c: + now uses user_gid + [4b9303ae45fe] -2001-12-15 10:57 millert + * sudo.c: + fixed off by one error in allocation NewArgv + [921ea1a4e7c6] - * configure: regen + * parse.c: + in sudoers, 'command ""' now means command with no args + [a5273648ace2] -2001-12-15 10:57 millert + * configure.in: + added check for fnmatch(3) and fnmatch.h + [258916a7866f] - * configure.in, config.h.in: use AC_SYS_POSIX_TERMIOS instead of - rolling our own + * config.h.in: + added HAVE_FNMATCH + [b9860d361e93] -2001-12-15 10:33 millert + * Makefile.in: + replaced wildcat.* with fnmatch.* + [03ad9ee21a1c] - * README: Reference sudo.ws not courtesan.com + * testsudoers.c: + now uses fnmatch() + [5a7f7de987a9] -2001-12-15 10:29 millert +1996-05-27 Todd C. Miller - * PORTING: Add notes on shadow passwords + * parse.c: + now uses fnmatch() instead of wildmat a trailing star (*) by itself + now matches multiple args added support for wildcards in the + pathname in sudoers + [1f7fb950b868] -2001-12-15 00:48 millert +1996-05-25 Todd C. Miller - * BUGS: In list mode (sudo -l), characters escaped with a backslash - are shown verbatim with the backslash. + * fnmatch.c: + now includes compat.h and config.h + [090206b95cf8] -2001-12-15 00:44 millert + * config.h.in: + added HAVE_FNMATCH_H + [90eb42150173] + + * configure.in: + now checks for alloca() (if needed by bison or dce) and links with + -lPW if it contains alloca() and libv and compiler do not. + [cfa2b3cef49a] + + * emul/fnmatch.h, fnmatch.3, fnmatch.c: + Initial revision + [20b1f762a32a] - * sudoers: Add simple examples from OpenBSD (Marc Espie) +1996-04-29 Todd C. Miller + + * sudo.c: + now fixes mode on sudoers if set to 0400 to aid in upgrade + [d4bdfd521820] -2001-12-15 00:40 millert +1996-04-28 Todd C. Miller + + * Makefile.in: + fixed pod2man usage + [5adf2ec77b27] + + * Makefile.in, configure.in, version.h: + ++version + [b4029de876d0] - * tgetpass.c: Catch SIGTTIN and SIGTTOU too and treat them like - SIGTSTP. + * testsudoers.c, visudo.c: + runas_user is now initialized to "root" + [8537d97bff39] -2001-12-14 21:53 millert + * sudo.h: + removed PERM_FULL_ROOT + [241f8bbf647f] - * CHANGES: minor prettyification + * sudo.c: + runas_user defaults to "root" so no more need to PERM_RUNAS + [fc0c0dfc72ba] -2001-12-14 21:43 millert + * parse.c: + will now only running commands as root if there was no runas list + (or if root is in the runas list) + [40c587666c81] - * CHANGES: Updated change log + * logging.c: + now logs "USER=%s" + [b733504c87fd] -2001-12-14 21:27 millert + * parse.yacc: + runas_matches is now set to false if we get a negative match + [5495b150b300] - * testsudoers.c: Fix CIDR handling here too. + * parse.lex: + make #uid work + some minor cleanup + [07851bbce03a] -2001-12-14 21:21 millert + * sample.sudoers: + added support for NOPASSWD and "runas" from garp@opustel.com / + [7a9c67b51fa5] - * auth/pam.c: Apparently a NULL response is OK + * visudo.c: + added support for "runas" from garp@opustel.com replaced + SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for + SUDOERS_MODE + [e714209b9885] -2001-12-14 21:19 millert + * testsudoers.c: + added support for "runas" from garp@opustel.com + [b837f856da10] - * TODO: Checkpoint for upcoming beta release + * sudo.h: + added support for NO_PASSWD and runas from garp@opustel.com replaced + SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support + fro SUDOERS_MODE + [cea6f26679b7] -2001-12-14 21:17 millert + * sudo.c: + added support for NO_PASSWD and runas from garp@opustel.com replaced + SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro + SUDOERS_MODE + [61b5434237c5] - * TROUBLESHOOTING: Many people believe that adding a runas spec - should obviate the need for the -u flag. It does not. + * parse.yacc: + added support for NO_PASSWD and runas from garp@opustel.com + [72ebd3056f22] -2001-12-14 21:11 millert + * parse.c, parse.lex: + added support for NO_PASSWD and runas from garp@opustel.com + [fef6dbdd114d] - * RUNSON: checkpoint update for upcoming 1.6.4 beta + * logging.c: + added support for SUDOERS_WRONG_MODE and "runas" + [e794efc2b443] -2001-12-14 20:44 millert + * configure.in: + added --with-CC only link with -lshadow on linux (with shadow pw) if + libc lacks getspnam() + [3ecf4ae21002] - * config.h.in: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define - HAVE_STRINGS_H even if HAVE_STRING_H is defined -- this is safe - now + * OPTIONS, options.h: + removed NO_PASSWD since it is not possible to do this in the sudoers + file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and + SUDOERS_GID. Added SUDOERS_MODE. + [2eaa4891ef48] -2001-12-14 20:07 millert + * Makefile.in: + now uses SUDOERS_UID and SUDOERS_GID + [8d615f0fdb2a] - * PORTING: Add signals section +1996-04-27 Todd C. Miller -2001-12-14 20:00 millert + * INSTALL: + added --with-CC + [a1b8286a81b8] - * configure: regen +1996-04-06 Todd C. Miller -2001-12-14 20:00 millert + * parse.lex: + added double quote support + [a5e4fc7e3a2b] - * configure.in: Fix check for sigaction_t + * sudoers.pod: + documented double quoting + [c6ea47969a44] -2001-12-14 19:45 millert +1996-04-05 Todd C. Miller - * sudo.c: XXX - should call find_path() as runas user, not root. - Can't do that until the parser changes though. + * mkinstalldirs: + Initial revision + [dcb86d65ad8f] -2001-12-14 19:38 millert + * check.c: + fixed some indentation + [4d1c5ab8072b] - * sudo.c: If find_path() fails as root, try again as the invoking - user (useful for NFS). Idea from Chip Capelik. + * Makefile.in: + fixed a typo + [0d27eebc7227] -2001-12-14 19:28 millert + * Makefile.in: + added install-dirs . + [f499b99b8be7] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: Regenerate - after pod file changes +1996-04-04 Todd C. Miller -2001-12-14 19:24 millert + * dce_pwent.c: + new version from "Jeff A. Earickson" + [422481be5fbd] - * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h, - sudo.pod, sudoers.pod: Add new sudoers option "preserve_groups". - Previously sudo would not call initgroups() if the target user - was root. Now it always calls initgroups() unless the -P command - line option or the "preserve_groups" sudoers option is set. Idea - from TJ Saunders. +1996-04-03 Todd C. Miller -2001-12-14 18:38 millert + * configure.in: + $CSOPS -> $with_csops (whoops, missed one) + [b04c6948130e] - * compat.h, config.h.in: Use new HAVE_SIGACTION_T define + * BUGS: + updated + [c4d5713e227d] -2001-12-14 18:33 millert + * parse.lex: + FQHOST now has same constraints as non-FQHOST + [e1c3bf2381d1] - * logging.c: Fix compilation on K&C + * INSTALL: + added note about OS's w/ shadow passwords turned on by default + [166257f43be4] -2001-12-14 18:14 millert +1996-04-02 Todd C. Miller - * configure: regen + * configure.in: + fixed a typo + [e5c3e2e9a359] -2001-12-14 18:14 millert + * configure.in: + added support for --without-THING sanitized shadow pw situtation by + adding support for + --without-C2 + [65dc6bf64cce] - * configure.in: Add check for sigaction_t -- IRIX already defines - this so don't redefine it. + * tgetpass.c: + fixed a typo wrt placement of an end paren + [a8780f818231] -2001-12-14 17:15 millert + * check.c: + was closing an fd that may not have been opened + [760271c7bdc9] - * snprintf.c: fix typo +1996-03-22 Todd C. Miller -2001-12-14 17:12 millert + * OPTIONS, options.h, sudo.c: + added NO_PASSWD + [28ff1dc93d7a] - * interfaces.c: need stdlib.h here too +1996-03-20 Todd C. Miller -2001-12-14 15:31 millert + * configure.in: + now always use shadow pw on some arches + [069161ccffda] - * configure: regen +1996-03-19 Todd C. Miller -2001-12-14 15:31 millert + * configure.in: + added pyramid support + [a0eb57a3a531] - * configure.in: Remove redundant checks for string.h, strings.h and - unistd.h + * configure.in: + no longer check for C2 if alternate passwd method is used no longer + check for some libs twice + [2d0c3c902b40] -2001-12-14 15:29 millert + * parse.yacc: + moved fqdn stuff into parse.lex (FQHOST) + [d9c9abd481d8] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: Regen from pod files + * parse.lex: + added FQHOST rules + [4a1695acff6d] -2001-12-14 15:03 millert + * tgetpass.c: + now define TCSASOFT in necesary + [3fac2e21c9ab] - * BUGS: Update for 1.6.4 + * tgetpass.c: + now uses read/write instead of stdio string goop to avoid problems + with select(2) + [67fd174e518c] -2001-12-14 14:59 millert + * OPTIONS, find_path.c, options.h: + -DNO_DOT_PATH -> -DIGNORE_DOT_PATH + [d05ba5100d28] - * configure, lex.yy.c: regen +1996-03-17 Todd C. Miller -2001-12-14 14:56 millert + * INSTALL: + added note about no shadow auto-detect if using alternate auth + schemes + [b425592232a3] - * strerror.c: Return EINVAL if errnum > sys_nerr + * configure.in: + don't check for C2 if AFS or DCE (unless they said --with-C2) + [61342962171a] -2001-12-14 14:54 millert + * testsudoers.c: + now groks shost + [85dda17303f6] - * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h, - config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h, - sudo.pod, auth/sudo_auth.h: o Update copyright year + * OPTIONS, find_path.c, options.h: + added NO_DOT_PATH + [c261ca1fb196] -2001-12-14 14:54 millert +1996-03-16 Todd C. Miller - * configure.in: o Don't define STDC_HEADERS unconditionally for - IRIX o Update copyright year + * find_path.c: + checkdot now works correctly + [3bc4835bb3e9] -2001-12-14 14:53 millert +1996-03-12 Todd C. Miller - * README: update version + * configure.in: + can't have DCE and C2 passwords both... + [fb9a8ab7ca66] -2001-12-14 14:52 millert +1996-03-11 Todd C. Miller - * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c, - fnmatch.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, - logging.c, lsearch.c, parse.c, parse.lex, parse.yacc, - set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, - utime.c, visudo.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, - auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/sia.c, auth/sudo_auth.c: o Reorder some headers and use - STDC_HEADERS define properly o Update copyright year + * parse.yacc, sudo.c, sudo.h, visudo.c: + now uses shost even if not FQDN + [87f7498b3a1f] -2001-12-14 01:53 millert + * configure.in: + now looks for skey in /usr/lib and doesn't require libskey to be in + /usr/local/lib just because skey.h is (for my netbsd box :-) + [ceb1763e37d2] - * configure: regen + * aclocal.m4, config.h.in, pathnames.h.in: + _SUDO_PATH_ -> _CONFIG_PATH_ + [84d97ad13d75] -2001-12-14 01:53 millert + * aclocal.m4, sudo.pod: + /var/run/.odus -> /var/run/sudo + [922da220b8f5] - * tgetpass.c: flags set in signal handlers should be volatile - sig_atomic_t + * pathnames.h.in: + now uses _SUDO_PATH_TIMEDIR + [5ecab0155fdf] -2001-12-14 01:52 millert + * OPTIONS: + udpated FQDN + [361b6f7440c0] - * config.h.in, configure.in: Add checks for volatile and - sig_atomic_t + * aclocal.m4, configure.in: + added SUDO_TIMEDIR + [368c95c8c950] -2001-12-14 01:42 millert + * config.h.in: + added _SUDO_PATH_TIMEDIR + [3879864d808c] - * lex.yy.c, configure: regen + * sudo.pod: + updated wrt /var/run/sudo + [9e14f2a429d3] -2001-12-14 01:40 millert + * sudo.c, sudo.h: + added support for shost if FQDN + [51a3f51a09a1] - * def_data.c, def_data.h, def_data.in, defaults.c, env.c, - find_path.c, sudo.c, sudoers.pod: Remove "secure_path" Defaults - option since it cannot work with the existing parser. + * parse.yacc, visudo.c: + now uses shost if FQDN + [d19da2e92b42] -2001-12-14 01:26 millert + * check.c: + Now use skeylookup() instead off skeychallenge() + [4c7438bb2ae0] - * find_path.c, sudo.c: Unset "secure_path" if user_is_exempt() +1996-02-28 Todd C. Miller -2001-12-14 01:24 millert + * logging.c: + mail_argv should not contain ALERTMAIL as it includes "-t" + [67ffaaa8f843] - * env.c, pathnames.h.in: o Remove assumption that PATH and TERM are - not listed in env_keep o If no PATH is in the environment use a - default value o If TERM is not set in the non-reset case also - give it a default value. +1996-02-22 Todd C. Miller -2001-12-14 01:17 millert + * INSTALL, Makefile.in, README, configure.in, version.h: + ++version + [e08fd4a809fc] - * aclocal.m4, configure.in, defaults.c, pathnames.h.in: - _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works - on systems that define in paths.h + * compat.h: + added more _PASSWD_LEN stuff -- now uses PASS_MAX too + [2f20c3153689] -2001-12-14 01:15 millert + * tgetpass.c: + now includes limits.h moved _PASSWD_LEN -> compat.h + [b1ca3cafdacc] - * auth/: passwd.c, sudo_auth.c, sudo_auth.h: Add support for - skeyaccess(3) if it is present in libskey. +1996-02-06 Todd C. Miller -2001-12-12 21:42 millert + * INSTALL, README: + ++version + [3eacf32803f5] - * sudo.c: Only need to do 'lc = login_getclass(NULL)' if lc == NULL + * Makefile.in: + ++versoin + [3b91c317630a] -2001-12-12 21:24 millert + * Makefile.in: + fixed a typo + [3661ac4a7803] - * parse.lex: '\\' is a perfectly legal character to have in a - command line argument. + * configure.in: + ++version + [60e842973745] -2001-12-12 20:24 millert +1996-02-05 Todd C. Miller - * sudo.c: o Defer call to set_fqdn() until it is safe to use - log_error() o Don't print errno string value if gethostbyname - fails, it is not relevant + * RUNSON: + updated + [def2c3c24195] -2001-12-12 20:07 millert + * CHANGES: + done for 1.4.1 (I hope) + [2ab543769a40] - * parse.c: Fix CIDR -> in_addr_t conversion. + * sudoers.pod: + added info on wildcards + [ce3bd41bc063] -2001-12-12 16:21 millert + * sample.sudoers: + added wildcard example + [762feb0577bd] - * sudoers.pod: Remove an extra "User_List" in the User_Spec - definition From ybertrand AT snoopymail.com + * Makefile.in: + now uses *.pod to build *.man and *.cat & *.html + [3ec14962028b] -2001-12-12 16:00 millert + * configure.in: + addedSUDO_PROG_BSHELL !ll + [3c80b320bf16] - * parse.c: Make 'listpw=never' work for users who are not - explicitly mentioned in sudoers. + * visudo.pod: + fixed up some formatting + [12166c434526] -2001-12-12 15:40 millert + * sudoers.pod: + redid section describing sample sudoers stuff + [b8065cceec71] - * sudoers.pod: Remove gratuitous '=' in EBNF grammar; era AT iki.fi + * sudo.pod: + fixed some formatting + [aa9a681add0f] -2001-12-12 15:34 millert + * getspwuid.c: + now treats "" as bourne shell + [30194a72ad56] - * sudoers.pod: Document new list Defaults type and convert env_keep - and env_delete to lists. Document new env_check option. + * Makefile.in: + TESTOBJS nwo includes wildmat.o + [86cc6500f84d] -2001-12-12 15:11 millert + * testsudoers.c: + now works with NewArg[cv] + [2f72674ce942] - * lex.yy.c, sudo.tab.h: regen parser + * sudo.c: + removed an XXX (fixed it in getspwuid.c) + [e791ee0d1a68] -2001-12-12 14:56 millert + * aclocal.m4: + added check for bourne shell + [a2fd51676b8a] - * parse.lex: Don't let '#' appear in a {WORD} and restrict #foo in - a Runas spec to #[0-9-]+. + * pathnames.h.in: + added _PATH_BSHELL + [e7c10011d47b] -2001-12-12 14:55 millert + * config.h.in: + added _SUDO_PATH_BSHELL + [6a1182898de9] - * configure: regen +1996-02-04 Todd C. Miller -2001-12-12 14:55 millert + * visudo.c: + unixware vi returns 256 instead of 0 + [234ffc7c6786] - * aclocal.m4: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK + * INSTALL: + added Linux note + [5f85efcd2b58] -2001-12-12 14:43 millert + * logging.c: + fixed up some XXX's. file log format now looks a little more like + real syslog(3) format. + [6df55707bfc3] - * config.h.in, configure.in: Add check for skeyaccess(3) + * README, TROUBLESHOOTING: + updated wrt lex/flex + [eb787d69156b] -2001-12-11 19:47 millert + * Makefile.in: + commented out rule to build lex.yy.c from parse.lex since we ship + with a pre-flex'd parser + [7507e2ce4a95] - * visudo.pod: Document new -c, -f, and -q options + * parse.c, parse.yacc, visudo.c: + path_matches -> command_matches + [0bd469424f86] -2001-12-11 19:41 millert + * logging.c: + eliminated some strcat()'s + [9878a79bc374] - * visudo.c: o Add -f option (alternate sudoers file) o Convert to - use getopt(3) + * configure.in: + no longer checks for lex/flex (now assumes flex) + [a086ccc73798] -2001-12-11 19:31 millert + * configure.in: + now checks for $kerb_dir_candidate/krb.h instead of just + kerb_dir_candidate + [9133bc3c5208] - * configure: regen +1996-02-03 Todd C. Miller -2001-12-11 19:31 millert + * parse.yacc: + now use a 'hook' expression instead of an iffy one :-) + [9560df01b8c0] - * aclocal.m4, config.h.in, configure.in: Add check for isblank and - a replacement macro if it doesn't exist. +1996-02-02 Todd C. Miller -2001-12-11 18:22 millert + * visudo.c: + now works with new sudo arg stuff + [310a0d43ddad] - * visudo.c: In check-only mode, don't create sudoers if it does not - already exist. + * parse.yacc: + fixed dereferencing deadbeef + [474ef8a8006b] -2001-12-11 18:06 millert + * sudo.c: + changed an occurrence of Argv to NewArgv + [205b012b7691] - * parse.yacc: o Add a new token, DEFVAR, to indicate a Defaults - variable name - o Add support for "+=" and "-=" list operators - o replace some 1 and 0 with TRUE and FALSE for greater - legibility. + * parse.lex: + took out support for quoted commands since there is no need... + [5c5036d353b1] -2001-12-11 18:05 millert + * parse.c: + fixed a typo in a for() loop + [7e8d5283c43b] - * parse.lex: o Use exclusive start conditions to remove some - ambiguity in the - lexer. Also reorder some things for clarity. - o Add support for "+=" and "-=" list operators. - o Use the new DEFVAR token to denote a Defaults variable name. + * logging.c: + protected against dereferencing rogue pointers + [56debd517717] -2001-12-11 18:03 millert + * sudo.c: + now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this + also allows us to eliminate some kludges in parse_args() and + eliminate superfluous code. + [5122f66ad150] - * sudo.h: Prototype init_envtables() + * logging.c: + no longer uses cmnd_args, now uses NewArgv instead. + [abddd23cf068] -2001-12-11 18:02 millert + * sudo.h: + added struct sudo_command, NewArgc, and NewArgv removed cmnd_args + (no longer used) + [78410984fb05] - * env.c: o Convert environment handling to use lists instead of - strings. - This greatly simplifies routines that need to do "foreach" - type - operations. - o Add new init_envtables() function to set env_check and - env_delete - defaults based on initial_badenv_table and - initial_checkenv_table - (formerly sudo_badenv_table). + * Makefile.in: + added wildmat.c to SRCS & SUDOBJS + [3800efb41794] -2001-12-11 18:00 millert + * parse.yacc: + COMMAND is now a struct containing the path and args + [5c32822c5b94] - * defaults.c, defaults.h: o Add a new LIST type and functions to - manipulate it. - o This is for use with environment handling variables. - o Call new init_envtables() routine inside init_defaults() to - initialize the environment lists. + * parse.lex: + replaced append() with fill_cmnd() and fill_args. command args from + a sudoers entry are now stored in an arrary for easy matching. + [a981d7f4eb0d] -2001-12-11 17:57 millert + * parse.c: + command line args from sudoers file are now in an array like ones + passed in from the command line + [1d9e37e84519] - * def_data.c, def_data.h, def_data.in: Convert environment options - to use the new LIST type and add a new one, env_check that only - deletes if the sanity check fails. +1996-02-01 Todd C. Miller -2001-12-11 17:55 millert + * parse.c: + wildwat stuff now works + [49d16488531f] - * testsudoers.c: Add dummy version of init_envtables() +1996-01-29 Todd C. Miller -2001-12-11 17:53 millert + * version.h: + ++version + [53e55463ef89] - * parse.yacc: honor quiet mode + * Makefile.in: + ++version added wildmat.* + [0508297a4711] -2001-12-11 17:51 millert +1996-01-28 Todd C. Miller - * visudo.c: Add check-only mode + * parse.lex: + added support for quoted commands (w/ or w/o args) + [b9a637155673] -2001-12-10 20:27 millert +1996-01-22 Todd C. Miller - * mkdefaults: Fix generation of entries with NULL descriptions. + * sudo.pod, visudo.pod: + cleaned up formatting + [4591d4195437] -2001-12-09 00:27 millert + * sudo.pod, visudo.pod: + Initial revision + [7564a8242750] - * tgetpass.c: Use sigaction_t and quiet a gcc warning. +1996-01-21 Todd C. Miller -2001-12-09 00:20 millert + * sudoers.pod: + looks reasonable, could be mroe readable + [a5be2d19d9e0] - * sudo.c: Must reset signal handlers before we exec + * sudoers.pod: + Initial revision + [957888be31a6] -2001-12-09 00:16 millert +1996-01-16 Todd C. Miller - * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sudo_auth.c: Be - carefule now that tgetpass() can return NULL (user hit ^C). PAM - version needs testing. Set SIGTSTP to SIG_DFL during password - entry so user can suspend us. + * RUNSON: + updated + [633743aa924b] -2001-12-09 00:14 millert + * OPTIONS: + updated NO_ROOT_SUDO entry + [f1c15b1dec9e] - * tgetpass.c: Add support for interrupting/suspending tgetpass via - keyboard input. If you suspend sudo from the password prompt and - resume it will re-prompt you. +1996-01-15 Todd C. Miller -2001-12-09 00:09 millert + * RUNSON: + *** empty log message *** + [5b63de579ff7] [SUDO_1_4_0] - * sudo.c: Don't block keyboard interrupt signals, just set them to - SIG_IGN. + * sudo.c: + fixed SECURE_PATH + [6002889f606d] -2001-12-08 14:48 millert + * RUNSON: + udpa`ted for 1.4 + [6014a8592815] - * config.h.in: add back HAVE_SIGACTION + * configure.in: + AIX aixcrypt.exp now uses $(srcdir) + [b0d57674fef4] -2001-12-08 14:44 millert + * TROUBLESHOOTING: + added entry for anal ansi compilers + [4193cec1c6b1] - * configure: regen +1996-01-14 Todd C. Miller -2001-12-08 14:44 millert + * INSTALL: + added info on libcrypt_i for SCO + [575497d56698] - * config.h.in, configure.in, logging.c, sudo.c, visudo.c: Kill - POSIX_SIGNALS define and old signal support now that we emulate - POSIX ones Also be sure to correctly initialize struct sigaction. + * TODO: + *** empty log message *** + [d0aaf67b9913] -2001-12-08 14:42 millert + * sample.sudoers: + added comments + [a7773f7eda8d] - * strerror.c: Don't need config.h or "#ifndef HAVE_STRERROR" - wrapper. + * TODO: + 1.4 release + [1dade29e9fd9] -2001-12-08 14:39 millert + * CHANGES: + ++version + [67241be40780] - * compat.h: Add scaffolding for POSIX signal emulation + * INSTALL, OPTIONS, README, config.h.in, configure.in: + ++version + [2e0a37897f68] -2001-12-08 14:36 millert + * BUGS: + ++version and fixed ISC + [78963f01a0e3] - * sigaction.c: o Add missing ';' so this compiles o Can't use NULL - since we don't include stdio.h + * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, + goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c, + sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, + visudo.c: + ++version + [b6227f29b3d9] -2001-12-08 14:23 millert + * interfaces.c: + added STUB_LOAD_INTERFACES ++version + [d8150a3fd577] - * sigaction.c: Emulate sigaction() using sigvec() + * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc, + version.h: + ++version + [da9e90e69bdc] -2001-11-12 19:32 millert + * PORTING: + added info about fd_set in tgetpass added info on interfaces.c + [a39902febd17] - * sudoers.pod: Document new behavior of negative values of - timestamp_timeout Fix a typo +1996-01-11 Todd C. Miller -2001-11-12 19:31 millert + * dce_pwent.c: + added sudo header + [fc0f2c48682e] - * sudo.pod: Add security note about command not being logged after - 'sudo su' and friends. + * tgetpass.c: + fixed a typo + [43d40b72ee8f] -2001-11-12 19:19 millert + * Makefile.in: + tgetpass.o is now only linked in with sudo (not visudo) + [7407c5ff11f8] - * sudo.pod: Mention that -V prints default values when run as root, - including the list of environment variables to clear. +1996-01-09 Todd C. Miller -2001-11-12 19:14 millert + * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, + configure.in: + ++version + [9b82ad805d6b] - * Makefile.in: Run pod2man with --quotes=none to avoid stupid - quoting of C<> entries. + * emul/utime.h: + added copyright notice + [4380f16cd075] -2001-11-12 13:12 millert + * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: + ++version + [32717fdb5d05] - * def_data.c, def_data.h, def_data.in, sudoers.pod, - auth/sudo_auth.c: Add mail_badpass option Also modify mail_always - behavior to also send mail when the password is wrong + * tgetpass.c: + minor cleanup and now includes sys/bsdtypes for svr4'ish boxen + [326864428da2] -2001-11-12 13:08 millert + * configure.in: + ISC now gets -lcrypt now check for sys/bsdtypes.h + [e064799c054b] - * env.c, sudo.c, sudo.h: Dump default bad env table when 'sudo -V' - is run by root. + * config.h.in: + added check for sys/bsdtypes.h + [9adb9533c363] -2001-11-11 23:52 millert +1996-01-07 Todd C. Miller - * sudoers.pod: document env_delete + * parse.yacc: + removed debugging stuff (setting freed ptr to NULL) + [02fe8eec63a0] -2001-11-11 23:51 millert + * TROUBLESHOOTING: + added 2 entries + [02884e2733e2] - * env.c: Add support for '*' in env_keep when not resetting the - environment (ie: the normal case). + * Makefile.in: + added FAQ + [074d8dfcf28d] -2001-11-11 23:47 millert + * TROUBLESHOOTING: + added section on syslog + [e6bc02a22b86] - * env.c: Add env_delete variable that lets the user replace/add to - the bad_env_table. Allow '*' wildcard in env_keep entries. + * configure.in: + added AC_ISC_POSIX for better ISC support + [8436b3e12af2] -2001-11-06 13:59 millert + * config.h.in: + fixed typo + [f1b3922babf4] - * mkinstalldirs: Force umask to 022 to guarantee sane directory - permissions. + * config.h.in: + added define for _POSIX_SOURCE + [ded6d92b34f9] -2001-11-02 18:09 millert +1996-01-04 Todd C. Miller - * Makefile.in: add sudo.tab.h and sudo.tab.c to sudo.tab.o - dependency + * configure.in: + fixed check for lsearch() + [75baa5bc28a3] -2001-11-02 17:25 millert +1995-12-22 Todd C. Miller - * mkdefaults: fix breakage in last commit + * interfaces.c: + fixed for AIX now deal if num_interfaces == 0 (should not happen) + [ae450e859227] -2001-11-02 17:18 millert +1995-12-20 Todd C. Miller - * Makefile.in: acsite.m4 -> aclocal.m4 + * configure.in: + now only define HAVE_LSEARCH if there is a corresponding search.h + [8ce645c5d17f] -2001-11-02 15:59 millert + * interfaces.c: + works on ISC again + [ccac920d424c] - * check.c: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in - previous commit +1995-12-18 Todd C. Miller -2001-11-02 15:57 millert + * configure.in: + now define HAVE_LSEARCH if we find lsearch() in libcompat + [7343e4313a87] - * def_data.c: regenerated from def_data.in + * lsearch.c: + char * -> const char * + [1c0b11c2300a] -2001-11-02 15:56 millert + * configure.in: + now looks in -lcompat for lsearch() + [a1cc1d6fcd09] - * check.c, defaults.c, defaults.h: Add new T_UINT type that most - things use instead of T_INT If timestamp_timeout is < 0 then - treat the ticket as never expiring (to be expired manually by the - user). + * Makefile.in: + remove sudo.core visudo.core for clan target + [b523456a85df] -2001-11-02 15:51 millert + * aclocal.m4: + added UID_MAX support in check for MAX_UID_T_LEN + [7ab262b1173f] - * def_data.in: change most T_INT -> T_UINT + * Makefile.in: + fixed another occurence of sudo_getpwuid.* + [fb5809c07da2] -2001-11-02 15:51 millert + * Makefile.in, getspwuid.c: + sudo_getpwuid.c -> getspwuid.c + [875f2ef808b4] - * mkdefaults: fix warning when no args + * configure.in: + moved the "echo" + [ad7b8f966076] -2001-11-02 12:52 millert + * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c, + compat.h, config.h.in, configure.in, find_path.c, getspwuid.c, + getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, + parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, + sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, + version.h, visudo.c: + ++version + [ee57c6410ffa] - * visudo.c: Change 2 Exit() -> exit() Avoid stdio in Exit() and - call _exit() if we are a signal handler. We no longer print the - signal number but the user can just check the exit value for - that. + * testsudoers.c: + added group support + [54d8097df8bd] -2001-10-16 01:35 millert + * sample.sudoers: + added group entry + [50994d31fd49] - * logging.c: when setting up pipes in child process check for case - where stdin == pipe fd 0 + * sudoers.man: + documented group support + [0a16707f8fed] -2001-10-11 13:20 millert + * parse.c, parse.lex, parse.yacc, visudo.c: + added group support + [427218c879c8] - * visudo.c: Ignore editor exit value since XPG4 says vi's exit - value is the count of editing errors made (failed searches, etc). +1995-12-15 Todd C. Miller -2001-10-05 16:39 millert + * check.c: + tkfile was too short and overflowed the kerberos realm + [53823a1ff5af] - * configure: regen +1995-12-11 Todd C. Miller -2001-10-05 16:39 millert + * sudo.c: + now copy command args directly from Argv + [77408278b6fd] - * configure.in: sco now is identified by config.guess as *-sco-* + * sudo.c: + replaced code to copy cmnd_args so that is does not use realloc + since most realloc()'s really stink + [b29a0ff73fb6] -2001-10-05 16:24 millert +1995-12-08 Todd C. Miller - * configure.in: Check for getspnam() in -lgen if not in -lc for - UnixWare. + * configure.in: + syslog() fixed in hpux 10.01 + [2648e6f0cdb0] -2001-09-17 21:48 millert +1995-12-06 Todd C. Miller - * sudoers.pod, visudo.pod: "upper case" -> "uppercase" + * configure.in: + AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate) + [8f108b8d8711] -2001-09-17 21:32 millert + * configure.in: + better error if cannot find skey incs or libs + [5887662ee9d3] - * sudoers.pod: fix typos and grammar; pjanzen@foatdi.harvard.edu + * aclocal.m4: + now use a temp file for determining max len of uid_t in string form. + the old hacky way broke on netbsd + [b68f470fa9f8] -2001-08-28 10:26 millert + * sudo.c: + added set of parens and a space + [8a3d4826d022] - * sudoers.pod: Missing word (specify); krapht@secureops.com +1995-12-05 Todd C. Miller -2001-08-23 17:43 millert + * dce_pwent.c: + fixes from Jeff Earickson , + [bde0f0b756ec] - * sudo.c: If we fail to lookup a login class, apply the default - one. + * check.c: + modified a comment + [e2a97f1afbbe] -2001-08-23 17:42 millert + * Makefile.in: + fixed up testsudoers target + [d39c4e7bb609] - * logging.c: In log_error() free message, not logline - unconditionally, then free logline if it is not the same as - message. No function change but this mirrors how they are - allocated. + * configure.in: + DCE changes from Jeff Earickson LIBS -> + SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS + [da7a1c433828] -2001-07-16 23:33 millert + * Makefile.in: + LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS, + VISUDO_LDFLAGS + [4b69503e8487] - * configure: regenerate +1995-11-28 Todd C. Miller -2001-07-16 23:33 millert + * configure.in: + fix for C2 on hpux 10 now uses -linet if it exists + [8d300112263d] - * configure.in: remove some backslash quotes that are unneeded + * check.c: + LONG_SKEY_PROMPT is less of a klusge / + [dcc144abaac3] -2001-07-16 23:30 millert + * configure.in: + fixed typos w/ dce stuff + [f7dfd6d4e149] - * configure.in: o Tweaks to make this work with autoconf-2.50 o Use - AC_LIBOBJ instead of changing LIBOBJS directly o Use - AC_REPLACE_FUNCS where we can o Use AC_CHECK_FUNCS instead of - AC_CHECK_FUNC so we don't have to AC_DEFINE things manually. + * Makefile.in: + added dce_pwent.c + [79047acdc516] -2001-07-16 23:28 millert +1995-11-26 Todd C. Miller - * config.guess, config.sub: Updated from autoconf-2.50 + * INSTALL: + amended section on combining authentication mechanisms + [dc5138c7c716] -2001-05-22 19:11 millert + * PORTING: + minor updates for 1.3.6 + [fe80c13bd994] - * README: Update mailing list section. We use mailman now, not - majordomo. + * TROUBLESHOOTING: + added 2 more entries + [c7201439a0f5] -2001-05-10 14:55 millert + * BUGS: + updated for 1.3.6 + [979b414d2a2d] - * getspwuid.c, logging.c, sudo.c: Use setpwent()/endpwent() + all - the shadow variants to make sure we don't inadvertantly leak an - fd to the child. Apparently Linux's shadow routines leave the fd - open even if you don't call setspent(). Reported by - mike@gistnet.com; different patch used. + * README: + overhauled + [3af8b60eb594] -2001-04-12 21:43 millert + * INSTALL: + rewrote for sudo 1.3.6 + [b16027b9c726] - * sudoers.pod: s/eg./e.g./ + * TROUBLESHOOTING: + added 3 entries + [934c9ee3f153] -2001-04-12 21:42 millert +1995-11-25 Todd C. Miller - * tgetpass.c: select() may return EAGAIN. If so, continue like we - do for EINTR. + * find_path.c, getspwuid.c, sudo.c: + added explict casts for strdup since many includes don't prototype + it. gag me. + [3e19a11f2fcc] -2001-04-12 21:41 millert + * sudo.h: + removed prototype for sudo_getpwuid() since convex C compiler choked + on it. + [c3ea74ca67b0] - * logging.c: Fix a non-exploitable buffer overflow in the word - splitting code. This should really be rewritten. + * sudo.c: + added prototype for sudo_getpwuid() + [4a8e3cdc2b98] -2001-04-12 21:41 millert + * lsearch.c: + now compiles on strict ANSI compilers + [3ce5d72d0b08] - * Makefile.in: FAQ link goes away + * check.c: + added LONG_SKEY_PROMPT support + [48a18b8a2332] -2001-04-12 21:40 millert + * Makefile.in: + added extra $'s for make to eat up, yum. + [2995b214e12b] - * INSTALL: Tell people to look in sample.syslog.conf for examples, - not FAQ + * OPTIONS, options.h: + added LONG_SKEY_PROMPT + [f23ae799b5a4] -2001-04-12 21:40 millert +1995-11-24 Todd C. Miller - * TROUBLESHOOTING: Update list of env vars that are cleared + * check.c: + s/key support now works with normal s/key as well as logdaemon + [d67573f523bf] -2001-04-12 21:36 millert + * OPTIONS, options.h: + added SKEY_ONLY + [bbf07654e0de] - * sudo.c: remove struct env_table decl since that stuff has all - moved to env.c + * compat.h: + set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY + [205895b96a36] -2001-04-04 13:17 millert + * INSTALL: + added DCE note added more AIX notes + [6345403b3522] - * fileops.c: Fix a pasto in flock-style unlocking and include - for flock on older systems; twetzel@gwdg.de + * sudo.c: + now include pthread.h for DCE support + [6fe02865f679] -2001-04-04 13:14 millert + * check.c: + dce_pwent() is ok after all ., + [d26a8746a55d] - * configure: regen to get NeXT lockf/flock fix + * logging.c: + now uses SYSLOG() macro that equates to either syslog() or + syslog_wrapper + [42ac4cff8045] -2001-04-04 13:14 millert + * dce_pwent.c: + minor formatting changes. renamed check() to somthing less generic + [71859f217be1] - * configure.in: force NeXT to use flock since lockf is broken + * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c, + visudo.c: + now uses user_pw_ent and simple macros to get at the contents + [f4cbf3e7145a] -2001-03-30 08:54 millert +1995-11-23 Todd C. Miller - * check.c: Use stashed user_gid when checking against exempt gid - since sudo sets its gid to a a value that makes sudoers readable. - Previously if you used gid 0 as the exempt group everyone would - be exempt. From Paul Kranenburg + * check.c: + simpler dec unix C2 support + [86bc8f75250e] -2001-03-29 13:14 millert + * getspwuid.c: + now sets crypt_type for DEC unix C2 + [99aeadd18266] - * configure: regen +1995-11-21 Todd C. Miller -2001-03-29 13:08 millert + * configure.in: + added csops paths for skey + [b8ca672e2117] - * aclocal.m4: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 - aparently defines some types (such as ssize_t) therein. + * getspwuid.c: + now includes string.h for strdup() prototype + [3605259c3620] -2001-03-02 09:09 millert + * getspwuid.c: + fixed a few typos + [46c97e4ea417] - * defaults.c: Fix negation of paths in a boolean context. Problem - found by apt@UH.EDU + * check.c: + now includes skey.h + [11e611ce1b61] -2001-02-23 13:03 millert + * getspwuid.c: + fixed up comments + [223dac56f0c8] - * visudo.c: pasto + * check.c: + moved a lot of the shadow passwd crap to sudo_getpwuid() + [97d8887fb7d3] -2001-02-17 16:11 millert + * sudo.c: + now uses sudo_pw_ent + [d014dadbef48] - * visudo.c: SA_RESETHAND means the opposite of what I was - thinking--oops To block all signals in old-style signals use ~0, - not 0xffffffff + * testsudoers.c: + now uses sudo_pw_ent + [d92936ed7e34] -2001-02-04 11:16 millert + * visudo.c: + now sets sudo_pw_ent + [ff75cdfcf8b3] - * defaults.c: coerce difference of pointers to int when used in a - string length printf format; deraadt@openbsd.org + * getspwuid.c: + Initial revision + [6deb6df9d7bc] -2001-01-17 11:34 millert + * tgetpass.c: + moved dce stuff into compat.h + [1124284396e7] - * visudo.c: Block all signals in Exit() to avoid a signal race. - There is still a tiny window but I'm not going to worry about it. + * logging.c, sudo.h: + now uses sudo_pw_ent + [404ff20a5067] -2001-01-07 13:57 millert + * Makefile.in: + added sudo_getpwuid.c + [6666d0644512] - * env.c: glibc uses the LANGUAGE env var so clear that too; Solar - Designer + * compat.h: + added dce support + [3c3b36a7ce0e] -2001-01-07 13:55 millert + * parse.yacc: + now uses sudo_pw_ent + [9f5e8d11bd68] - * lex.yy.c: Regenerate with a fix to flex.skl that preserves errno - from clobbering by isatty(). +1995-11-20 Todd C. Miller -2000-12-30 20:39 millert + * check.c: + fixed exempt_group stuff for OS's that don't put base gid in group + vector + [003f153bd396] - * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sia.c, sudo_auth.c: - Some defaults I_ defines got renamed. + * check.c: + S/Key support now works with sunos4 shadow passwords + [1eb64a5efff1] -2000-12-30 20:38 millert + * Makefile.in: + fixed clean rule + [5695a2c62816] - * Makefile.in, check.c, def_data.c, def_data.h, def_data.in, - defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc, - set_perms.c, sudo.c: Move defaults info into its own files from - which we generate .h and .c files. This makes adding or - rearranging variables much simpler. + * config.h.in, configure.in: + added DCE support + [f53c766c1947] -2000-12-30 16:58 millert + * tgetpass.c: + DCE & KERB support + [904cf436506a] - * configure, configure.in: fix typo in last commit + * check.c: + first stab at dce support + [aea5ca07b1e3] -2000-12-30 16:55 millert + * dce_pwent.c: + now smells like sudo + [8b3d609b49cd] - * compat.h, config.h.in, configure, configure.in: Add check + - emulation for setegid (like seteuid). + * dce_pwent.c: + Initial revision + [b573555f2399] -2000-12-30 16:22 millert + * check.c: + skey'd sudo now works w/ normal password as well + [8d038f9f6e94] - * env.c: Make env_keep override badenv_table as documented Fix - traversal of badenv_table (broken in last commit) +1995-11-19 Todd C. Miller -2000-12-29 22:59 millert + * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c, + getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, + parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, + sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, + version.h, visudo.c: + updated version number + [ba7e346d7904] - * set_perms.c, sudo.c, sudo.h: Don't try and build saved uid - version of set_perms on systems w/o them. Rename - set_perms_saved_uid() -> set_perms_posix() Make - set_perms_setreuid simply be set_perms_fallback() and simply - include the appropriate function at compile time (setreuid() - vs. setuid()). + * README: + updated to reflect version change + [1d15cf1d8cc8] -2000-12-29 22:45 millert + * configure.in: + --with options now line up ++version + [08ebf625fbca] - * sudoers.pod, sudoers.cat, sudoers.man.in: PATH is also preserved - when env_reset is in effect + * sudo.h: + removed unecesary S/Key stuff + [68188cba90af] -2000-12-29 22:29 millert + * configure.in: + fixed S/Key support + [f6d9cbc36618] - * CHANGES, env.c, Makefile.in, check.c, compat.h, config.h.in, - configure, configure.in, defaults.c, defaults.h, find_path.c, - getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, - sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, - testsudoers.c, visudo.c, visudo.cat, visudo.man.in: New Defaults - options: o stay_setuid - sudo will remain setuid if system has - saved uids or setreuid(2) o env_reset - reset the environment to - a sane default o env_keep - preserve environment variables that - would otherwise be cleared + * Makefile.in: + -I stuff now goes in CPPFLAGS + [7b8e53c5b046] - No longer use getenv/putenv/setenv functions--do environment - munging by hand. Potentially dangerous environment variables can - be cleared only if they contain '/' pr '%' characters to protect - buggy programs. Moved environment routines into env.c (new file) + * check.c: + fixed SKey support + [52c1a5cf4435] -2000-12-29 22:17 millert + * README: + updated version + [bed6498a10bb] - * INSTALL: Clear up --without-passwd description + * OPTIONS: + fixed description of EXEMPTGROUP + [cfeead55edc2] -2000-12-29 19:39 millert + * sudo.c: + more people use _RLD_ than just alphas... + [6a3c7090a6f6] - * sudo_setenv.c, putenv.c: We now build up a new environment from - scratch and assign it to "environ". + * Makefile.in: + replaced $man_prefix with $mandir + [dc4b36a550e2] -2000-12-18 22:35 millert + * configure.in: + fixed a typo + [a38a4acddcaf] - * sudo.pod, visudo.pod: Grammatical fixes from Paul Janzen + * Makefile.in: + now use more GNU'ish dir names + [c5498391a520] -2000-12-14 23:19 millert + * configure.in: + now set *dir correctly (can override from command line) + [523ff98fd438] - * visudo.c: If there was a syntax error and the user just wants to - quit, unlink sudoers if it is zero length. + * sudo.c: + now deal with situations where we getwd() fails + [88a9e61dccbb] -2000-12-14 23:10 millert +1995-11-17 Todd C. Miller + + * Makefile.in: + added etc_dir, bin_dir, sbin_dir + [75fd08d92842] - * visudo.c: 'Q' means ignore parse error, not 'q' + * configure.in: + added sbin_dir + [3cb318c0d8d1] -2000-12-14 22:57 millert + * Makefile.in: + now ship a flex-generated lex.yy.c + [4d083ed70dce] - * visudo.c: Open sudoers for writing with mode SUDOERS_MODE From - Dimitry Andric + * Makefile.in: + now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER + [4d51dc9c3780] -2000-12-13 12:23 millert + * pathnames.h.in: + _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile + [773fd163d52f] - * set_perms.c: Add missing #ifdef HAVE_LOGIN_CAP_H; - ayamura@ayamura.org + * options.h: + no more error for redefining SUDOERS_OWNER + [4ba336644c6a] -2000-12-09 11:46 millert + * OPTIONS: + expanded SUDOERS_OWNER section + [12fae405759e] - * config.guess, config.sub: Darwin / Mac OS X support from Wilfredo - Sanchez +1995-11-16 Todd C. Miller -2000-11-03 09:36 millert + * visudo.c: + now warn if chown(2) failed + [d0d1db6e3a1f] - * sudo.c, visudo.c: Use exit(127), not exit(-1) + * logging.c: + better default warning for NO_SUDOERS_FILE + [5260b458ac64] -2000-11-03 00:37 millert + * sudo.c: + added missing set_perms() no more cryptic message if the sudoers + file is zero length, now just give a parse error + [b81ea724838a] - * defaults.h, set_perms.c, sudo.c, Makefile.in, defaults.c: Move - set_perms() to its own file and use POSIX saved uid or setreuid() - if available. + * logging.c: + better diagnostics if NO_SUDOERS_FILE + [877e878663c5] - Added stay_setuid option for systems that have libraries that - perform extra paranoia checks in system libraries for setuid - programs (ie: anything with issetugid(2)). + * sudo.c: + check_sudoers() now catches sudoers files that are not readable (but + are stat'able). + [fea05663b3de] -2000-11-02 20:28 millert +1995-11-13 Todd C. Miller - * sudo.c: strip more bits from the environment and add a facility - for stripping things only if they contain '/' or '%' to address - printf format string vulnerabilities in other programs. + * configure.in: + now add -D__STDC__ for convex cc (not gcc) + [c80fc53ff51b] -2000-11-02 12:55 millert + * configure.in: + MAN_PREFIX -> man_prefix now sets prefix and exec_prefix + [fe238226a057] - * configure: regen + * Makefile.in: + now uses exec_prefix & prefix from configure + [f62fca5f56bd] -2000-11-02 12:55 millert + * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c, + parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c, + utime.c, visudo.c: + options.h is now <> instead of "" so shadow build trees can have a + custom copy of options.h + [e6782676099c] - * configure.in: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache - the existence of strcasecmp(). + * check.c: + user_is_exempt() is no longer a hack, it now uses getgrnam() + [287f8d5356f7] -2000-11-02 12:46 millert + * options.h: + EXEMPTGROUP is now "sudo" + [61487304dbe1] - * configure: regen + * configure.in: + MAN_POSTINSTALL now contains a leading space + [eaad4ac34012] -2000-11-02 12:46 millert + * Makefile.in: + removed leading tab if @MAN_POSTINSTALL@ not defined now removes + testsudoers in clean: + [e01711baceb8] - * configure.in: Check for strcasecmp(3) in -lc89 for NCR Unix + * tgetpass.c: + includes pwd.h to get _PASSWD_LEN definition + [8ec174f263f1] -2000-11-01 10:22 millert +1995-10-30 Todd C. Miller - * config.h.in: Define HAVE_INNETGR #ifdef HAVE__INNETGR + * sudo.c: + unset the KRB_CONF envariable if using kerberos so we don't get + spoofed into using a bogus server + [2561a0274fca] -2000-11-01 10:17 millert +1995-09-29 Todd C. Miller - * configure: regen + * parse.yacc: + now explicately initialize match[] tp be FALSE + [0e45e5c47766] -2000-11-01 10:17 millert +1995-09-23 Todd C. Miller - * compat.h, config.h.in, configure.in: Add check for _innetgr(3) - since NCR systems have that instead of innetgr(3). + * sudo.c: + removed unused variable now passes -Wall + [3452508bc16d] -2000-10-31 14:16 millert + * parse.yacc: + yyerror and dumpaliases are now void's now passes -Wall + [2769dfb51993] - * auth/securid.c: check return value of creadcfg() call sd_close() - after sd_auth() store username in sd->username so we don't rely - on the USER env variable + * parse.lex: + added prototype for yyerror + [1f3f0c1b4ab4] -2000-10-29 23:00 millert + * check.c, logging.c, parse.c: + now passes -Wall + [eab57e5e81d2] - * INSTALL: document --with-bsdauth + * interfaces.c: + rmeoved unused cruft now passes -Wall + [7a47e1866f4b] -2000-10-29 22:57 millert + * Makefile.in: + fixed headers that moved to emul dir + [e680c1e5049b] - * configure: regen + * logging.c: + fixed deref of nil pointer if no args + [973b9bea432f] -2000-10-29 22:56 millert +1995-09-15 Todd C. Miller - * configure.in: --with-bsdauth assumes --with-logincap + * OPTIONS: + added a caveat to FQDN section + [dcf6e2a5fff4] -2000-10-29 22:45 millert +1995-09-13 Todd C. Miller - * auth/: bsdauth.c, fwtk.c: When prompting for a response to a - challenge, if the user just hits return then reprompt with echo - turned on. + * Makefile.in: + more $srcdir support for install targets + [f6eac78436dd] -2000-10-29 17:31 millert + * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c, + strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c: + don't include malloc.h if we include stdlib.h + [fca2ff307cd8] - * sudo.c: Remove debugging code that should not have been - committed, oops. + * parse.yacc: + local search.h now lives in emul + [51c458904424] -2000-10-29 17:31 millert + * check.c, utime.c: + local utime.h now lives in emul dir + [f92fc9e8c8de] - * auth/bsdauth.c: Use lower-level routines and get the password - ourselves. Checks for a challenge and if there is one echo is - not turned off. + * lsearch.c: + local search.h now lives in emul + [579efc407439] -2000-10-29 17:30 millert + * Makefile.in: + added support for building in other than the sourcedir + [2ab53a43f7d4] - * auth/: pam.c, sudo_auth.h: minor housekeeping, no real code - changes +1995-09-10 Todd C. Miller -2000-10-27 18:41 millert + * OPTIONS: + annotated CSOPS_INSULTS option + [9e57d45a0afa] - * sudo.c: Fix a coredump in the logging functions if gethostname(2) - fails by deferring the call to log_error() until things are - better setup. + * TROUBLESHOOTING: + updated shadow passwords blurb + [39b785bc7253] - Fix return value of set_loginclass() in non-BSD-auth case. + * sudo.c: + if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and + passes along foo as the arguments + [a91077aa8fc5] - Hard-code 'sudo' in the usage message so we can fit more options - on a line +1995-09-09 Todd C. Miller -2000-10-27 18:35 millert + * parse.lex: + collapsed pathname and dir sections into one -- its now less + expensive + [89caa03bec25] - * logging.c: Fix errant ';' (typo) that broken MSG_ONLY + * parse.lex: + fixed spacing quoting [,:\\=] now works correctly append() and + fill() now take args to make the above work + [09d023d9ef3a] -2000-10-26 13:03 millert + * sudo.c: + fixed a typo that caused commands with no tty on fd 0 but a tty on + fd 1 to erroneously have "none" as their tty + [07d2c0e7977c] - * sudo.cat, sudo.man.in: regen +1995-09-04 Todd C. Miller -2000-10-26 13:01 millert + * check.c: + timestampfile is now a global static removed decl of timestampfile + in remove_timestamp since we can just use the global one + [f0cbdc6aab1c] - * sudo.pod: Document -a flag + * check.c: + created touch() to update timestamps added USE_TTY_TICKETS support + (bit of a kludge) + [cee1dd0318f8] -2000-10-26 12:42 millert + * compat.h: + added _S_IFDIR and S_ISDIR + [b4a51cc9628e] - * Makefile.in, config.h.in, configure, configure.in, getspwuid.c, - sudo.c, auth/sudo_auth.h, auth/bsdauth.c: Add support for BSD - authentication. + * OPTIONS, options.h: + added USE_TTY_TICKETS + [b4e22f81f25e] -2000-10-19 10:09 millert + * parse.yacc: + removed const from casts for lsearch() & lfind() to placate irix 4.x + C compiler + [5003081f76ea] - * sudoers.pod: Fix typo; from sato@complex.eng.hokudai.ac.jp +1995-09-03 Todd C. Miller -2000-10-12 09:49 millert + * sudo.c: + now only strip '/dev/' off of a tty if it starts with '/dev/' + [7f62bcd24039] - * sudoers.pod: Mention negating umask + * pathnames.h.in: + added _PATH_DEV + [6375f44d1910] -2000-10-12 01:30 millert + * configure.in: + AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if + have termios.h + [9c60391235fd] - * defaults.c: Allow user to specify umask of 0777 (same as !umask) + * tgetpass.c: + fixed incorrect #ifdef termio uses "unsigned short" not int for + c_?flag + [d032e6a29845] + + * parse.lex, parse.yacc: + fixed a spelling error + [cad6a944c7b1] + + * Makefile.in: + fixed typo + [204a65403e7c] + +1995-09-02 Todd C. Miller -2000-10-08 21:46 millert + * Makefile.in: + fixed a comment + [268f760e57ad] - * sudo.pod, visudo.pod: Fix a typo and give a URL for the sudo - history. + * parse.yacc: + added dotcat() to cat 2 strings w/ a dot effeciently now that we + dynamically allocate strings they need to be free()'d + [ec2e2152f415] -2000-10-08 12:25 millert + * parse.lex: + dynamically allocates space for strings + [d10ac3533d66] - * defaults.c, sudo.pod: fix typos; pepper@reppep.com + * sudo.h: + no more MAXCOMMANDLENGTH + [e2e1219bff8a] + + * sudo.h: + added decl of tty + [c8ae81303ee5] + + * logging.c, sudo.c: + moved tty stuff into sudo.c + [e028abefeb07] + +1995-09-01 Todd C. Miller + + * parse.c: + fixed a logic bug. Was denying a command if user gave command line + args but there were none in the sudoers file which is wrong. + [7489a99b8e8a] + + * sudo.h: + MAXCOMMMANDLEN dropped down to 1K + [38ef54ba290b] + + * parse.lex: + return foo; -> return(foo); + [0e8be1b57001] + + * parse.yacc: + fixed netgr_matches() prototype + [e69f15910464] + + * parse.lex: + added support for escaping "termination" characters + [8bd4ef50f35c] + + * parse.c: + buf is now of size MAXPATHLEN+1 since it never holds command args + [2ce4b763058c] + + * sudo.c: + fixed comments + [0c74a3d2ebb0] + + * goodpath.c: + fixed negation problem (doh!) + [782814e3a2d1] + + * parse.yacc: + fixed 2nd parameter to lfind() + [63d7b1623c08] -2000-09-14 16:48 millert + * parse.lex: + now do bounds checking in fill() and append() + [54381b563251] - * sudo.c, sudo.h, sudo_setenv.c: sudo_setenv() now exits on memory - alloc failure instead of returning -1. + * sudo.c: + include netdb.h as we should added a missing void cast added + SHELL_IF_NO_ARGS support now use realloc() properly. would fail if + realloc actually moved the string instead of shrinking it + [897ccdec9c06] + + * sample.sudoers: + updated with examples of new features + [9b3ed00e8aa6] + + * goodpath.c: + now set errno to EACCES if not a regular file or not executable + [2d069548a5ea] + + * find_path.c: + if given a fully-qualified or relative path we now check it with + sudo_goodpath() and error out with the appropriate error message if + the file does not exist or is not executable + [590f89dd8dec] + + * emul/search.h, lsearch.c: + now use correct args for lfind + [fccdcdbf020e] + + * logging.c: + added a comment + [fab9f49708ea] + + * insults.h: + added in CSOps insults + [ad8eb1862adc] + + * ins_csops.h: + Initial revision + [de5a475ec018] + + * tgetpass.c: + added RCS id + [c3ffd550a482] + + * sudo.h: + increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD + [aba25c90d08a] + + * OPTIONS: + added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS + [e27bd62e9ccf] + + * sudo.c: + fixed -k load_interfaces() now gets called if FQDN is set + -p now works with -s + [07ca2a34bae8] -2000-09-07 17:41 millert + * parse.c: + don't try to stat() "pseudo commands" like "validate" + [75527045984b] - * sudo.c: Strip out NLSPATH and PATH_LOCALE from the environment - for FreeBSD and possibly others. + * options.h: + added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS + [07b157a0eafd] + + * configure.in: + added SecurID support added other insults to --with-csops + [6c992ceb244c] + + * config.h.in: + added HAVE_SECURID + [e734ff617fe8] + + * Makefile.in: + added clobber target added ins_csops.h now gets CFLAGS from + configure + [d1e29c7cec25] -2000-09-07 10:43 millert + * aclocal.m4: + relaxed SUDO_FULL_VOID + [fb4084f27406] + + * visudo.c: + function comment blocks are now in same style as rest of code + [04a2931354c5] - * logging.c: Don't use vsyslog(3) since HP-UX (and others?) lack - it. This means that "%m" won't be expanded but we don't use that - anyway since the logging routines may splat to stderr as well. + * testsudoers.c: + added support for command line args in /etc/sudoers + [bfe4e1bcc655] -2000-09-06 21:35 millert + * sudoers.man: + updated to have command args in the sudoers file + [1cd34355e9ea] + + * sudo.man: + added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section + [930b48023b68] + +1995-08-19 Todd C. Miller - * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in, - sudoers.pod: Add always_set_home variable + * parse.yacc: + PATH renamed to COMMAND + [4e109a6de3cd] -2000-09-06 21:24 millert + * parse.lex: + it is now a parse error for directories to have args attached to + them + [2ab10a146b54] - * configure, configure.in: Have to hard code default values in help - since the defaults are set _after_ the help stuff. + * logging.c: + now say command args if telling user to buzz off + [933de26ded8b] -2000-08-31 13:08 millert + * sudo.c: + -s no longer indicates end of args sped up loading on cmnd_args in + load_cmnd() + [eac99a4da862] - * lex.yy.c, parse.lex: Allow special characters (including '#') to - be embedded in pathnames if quoted by a '\\'. The quoted chars - will be dealt with by fnmatch(). Unfortunately, 'sudo -l' still - prints the '\\'. + * parse.c: + removed an unreachable statement + [634302623c49] -2000-08-13 17:10 millert + * parse.lex: + made more efficient by pulling out the terminators when in GOTCMND + state and making them their own rule + [80798f1e1166] - * install-sh: Better path searching for programs we need. +1995-08-14 Todd C. Miller -2000-08-13 17:10 millert + * sudo.h: + removed MAXLOGLEN since it is no longer used + [102824196b71] - * TROUBLESHOOTING: Add section on "C compiler cannot create - executables" errors. + * parse.lex: + now allows command args + [d29dfa1e5254] -2000-08-13 17:10 millert + * parse.c: + now groks command arguments + [6c414cb7f105] - * Makefile.binary, Makefile.in, version.h: Crank version + * logging.c: + now sets tty correctly when piped input + [de46a30c0406] -2000-08-13 17:09 millert + * sudo.c: + fixed loading of cmnd_args (was including command name too) + [15319a425ea6] - * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in, - sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, - visudo.man.in, visudo.pod: Substitute values from configure into - man pages. + * logging.c: + fixed a core dump due to incorrect if construct + [582363c7d7fa] -2000-08-12 16:48 millert +1995-08-13 Todd C. Miller - * parse.c, sudo.c: The listpw and verifypw sudoers options would - not take effect because the value of the default was checked - *before* sudoers was parsed. Instead of passing in the value of - PWCHECK_* to sudoers_lookup(), pass in the arg for def_ival() so - the check can be deferred until after sudoers is parsed. + * configure.in: + only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix + [da591fe9b931] -2000-08-11 15:41 millert + * aclocal.m4: + fixed check for ISC + [52e59f2082a7] - * tgetpass.c: When writing prompt, no need to write the NUL as - well; hag@linnaean.org + * sudo.c: + now sets cmnd_args used by log_error() and that will be used by the + parse to check against command args + [c6804389723b] -2000-06-09 12:25 millert + * sudo.h: + added cmnd_args + [4d00446b4a8d] - * install-sh: When looking for chown, check in /sbin too + * logging.c: + now dynamically allocate logline since we can guess at its size + [4bed8c8446aa] -2000-06-04 22:57 millert +1995-08-05 Todd C. Miller - * visudo.c: Remove extraneous call to init_defaults() and set - runas_user to NULL betweem parses so init_defaults will reset it - each time, thus avoiding a reference to free()d data. + * logging.c: + cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove + "register" since the compiler knows more than I do now do a + "basename" of the tty + [3b1bbf0b3da1] -2000-06-04 19:57 millert +1995-07-31 Todd C. Miller - * config.h.in, interfaces.c, interfaces.h, sudo.c: Add support for - using getifaddrs() to get the list of ip addr / netmask pairs. - Currently IPv4-only. + * configure.in: + ++version + [5ce552f9a5f1] -2000-06-04 19:51 millert + * sudo.h: + added shell extern changed MODE_* to be bit masks to allow for + several options together + [06f9dc4f400c] - * visudo.c: Add a missing check for UserEditor == NULL Add missing - '+' before line number when invoking editor to fix a syntax error + * sudo.c: + added -s (shell) option made MODE_* masks so we can do bitwise & and + | to see if multiple flags are set. + [01f8143010ad] -2000-05-12 16:55 millert + * check.c: + added securid support + [909e078005fe] - * sudo.c: Call clean_env very early in main() for paranoia's sake. - Idea from Marc Esipovich. +1995-07-30 Todd C. Miller -2000-05-10 01:11 millert + * logging.c: + removed a bunch of unnecesary strncpy()'s and replaced with strcat() + [644506b57d61] - * sudo.h: Update proto for evasprintf and easprintf +1995-07-29 Todd C. Miller -2000-05-10 01:10 millert + * Makefile.in, version.h: + ++version + [3cd6f1fbc3d9] - * alloc.c: Make easprintf() and evasprintf() return an int. +1995-07-27 Todd C. Miller -2000-05-10 00:56 millert + * parse.yacc: + fixed free() of an uninitialized pointer (yuck) + [8c404ee502ee] - * check.c: If the targetpw flag is set, use target username as part - of the timestamp path. If tty tickets are in effect cat the tty - and the target username with a ':' as the separator. + * testsudoers.c: + added netgr_matches + [e7c9fa2f774c] -2000-05-09 12:05 millert + * parse.c: + cleaned up netgr_matches + [8108f00b810e] - * auth/pam.c: Backout part of last change; setting PAM_USER to the - invoking user breaks things like targetpw. +1995-07-26 Todd C. Miller -2000-05-09 11:52 millert + * RUNSON: + updated for 1.3.4 + [4741704310a1] - * auth/pam.c: set tty and username via pam_set_item +1995-07-25 Todd C. Miller -2000-05-09 11:42 millert + * Makefile.in: + now installs sudoers.man -- really should clean this up though. + [455631d45a1d] - * check.c, getspwuid.c, sudo.c, sudo.h, auth/sudo_auth.c: Fix root, - runas, and target authentication for non-passwd file auth - methods. + * Makefile.in: + added sudoers.cat and sudoers.man + [0bdedd6c7363] -2000-04-22 14:15 millert + * sudo.man: + pulled out stuff on the sudoers file format into a separate man page + [de215d999cb9] - * sudo.pod, sudo.man.in, sudoers.man.in, sudoers.pod, visudo.pod, - sudo.cat, sudoers.cat, visudo.man.in, visudo.cat: Use B<-Z> not - C<-Z> for command line flags in all places. This is more - consistent and works around a bug in Pod::Man. + * sudoers.man: + Initial revision + [f25eafbb7095] -2000-04-22 13:59 millert + * HISTORY: + fixed up my email address + [254fbf80be74] - * sudoers.cat, sudoers.man.in, sudoers.pod: Fix an occurence of - 'semicolon' that should be 'colon' + * configure.in: + added checks for innetgr and getdomainname + [24a99cb7e97e] -2000-04-19 15:30 millert + * visudo.c: + added dummy netgr_matches function + [1841ff2c01da] - * configure, configure.in: Fix --with-badpri help line + * parse.c: + added netgr_matches + [ec90db6a97b8] -2000-04-17 14:01 millert + * parse.lex, parse.yacc: + added NETGROUP support + [c9dd93e3bc4b] - * defaults.c, logging.c, sudo.c: Bracket calls to syslog with an - openlog() and closelog() since some authentication methods (like - PAM) may do their own logging via syslog. Since we don't use - syslog much (usually just once per session) this doesn't really - incur a performance penalty. It also Fixes a SEGV with pam_kafs. + * config.h.in: + added HAVE_INNETGR & HAVE_GETDOMAINNAME + [14abd494d875] -2000-04-15 16:32 millert +1995-07-24 Todd C. Miller - * sudo.c: Fix -H flag. runas_homedir is only valid after - set_perms(PERM_RUNAS, mode) + * sudo.c: + rewrote clean_env() that has rm_env() builtin + [55cb43818a95] -2000-04-12 18:56 millert +1995-07-23 Todd C. Miller - * INSTALL: Clarify the fact that insults are not enabled just by - including them in the binary. + * check.c: + now cast uid to long in sprintf + [b549eea40aeb] -2000-04-07 10:39 millert + * OPTIONS: + added _INSULTS suffix to HAL & GOONS end + [ed620d0aad30] - * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat, - sudoers.cat, visudo.cat: Regenerated with perl 5.6.0 pod2man + * options.h: + added _INSULTS suffix to HAL & GOONS + [9f72e9b83afd] -2000-04-07 10:38 millert + * ins_2001.h, ins_classic.h, ins_goons.h, insults.h: + converted to new scheme of insult "unions" end + [2f6d2b412132] - * Makefile.in: Give date string to pod2man since its default is - ugly and it ain't got no alibi. + * sudo.c: + now uses MAX_UID_T_LEN + [c1df79e0f389] -2000-04-07 10:27 millert + * configure.in: + added SUDO_UID_T_LEN !l + [195f0b9f5f84] - * Makefile.in: Do section substitution on the output of pod2man and - remove hack needed for old pod2man. + * config.h.in: + added MAX_UID_T_LEN + [73f42ae4f14d] -2000-04-07 10:26 millert + * check.c: + now use MAX_UID_T_LEN + [df9c063234cb] - * sudo.pod, sudoers.pod, visudo.pod: Put back real man sections, we - will do the substitution later. + * aclocal.m4: + added check for max len of uid_t fixed sco vs. isc check + [d558f36d2223] -2000-04-02 11:44 millert +1995-07-19 Todd C. Miller - * configure, configure.in: Don't bother checking for the path to vi - if user specified --with-editor + * configure.in: + corrected version + [828dd1571e86] -2000-04-01 17:25 millert + * configure.in: + added sco support + [af1e2f616638] - * CHANGES, visudo.c: Visudo now does its own fork/exec instead of - calling system(3). + * aclocal.m4: + hack to check for sco + [549ab99a9a43] -2000-04-01 16:23 millert + * interfaces.c: + removed #include since it was hosing some OS's + [ac78a7c04005] - * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in, - sudoers.pod, visudo.c: Visudo now checks for the existence of an - editor and gives a sensible error if it does not exist. +1995-07-18 Todd C. Miller - The path to the editor for visudo is now a colon-separated list - of allowable editors. If the user has $EDITOR set and it matches - one of the allowed editors that editor will be used. If not, the - first editor in the list that actually exists is used. + * find_path.c: + fixed prreadlink() prototype + [b380fe1f2b11] -2000-04-01 16:22 millert + * check.c: + added parens in #if's + [e96ade691b82] - * sudo.pod, sudo.cat, sudo.man.in: Clear up confusion wrt sudo's - return value. + * configure.in: + added SPW_ prefix + [a302683a1483] -2000-03-27 12:08 millert + * sudo.h: + moved SPW_* to config.h.in + [6b3be70e34cf] - * Makefile.in: Strip sudo and visudo for bindist target + * sudo.c: + added a set of parens + [8188d735d695] -2000-03-26 22:26 millert + * config.h.in: + added SPW_* + [5ead6371cf60] - * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, - sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Use - @mansectsu@ and @mansectform@ in the man page bodies as well. + * sudo.h: + added SPW_* reordered error codes + [dead25b4ed0a] -2000-03-26 22:07 millert + * check.c: + moved SPW_* to sudo.h + [ca51fb04caf4] - * visudo.cat, visudo.man.in, visudo.pod: Typo: @sysconf@ -> - @sysconfdir@ +1995-07-17 Todd C. Miller -2000-03-26 21:57 millert + * sudo.c: + SPW_AUTH -> SPW_SECUREWARE + [6b512b2bc5dc] - * Makefile.in: 'make dist' should not cause any files to be - modified so remove its dependencies. + * logging.c: + GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT + [defdd0944e2f] -2000-03-26 21:43 millert + * configure.in: + AUTH -> SECUREWARE + [d1f8a17001dd] - * CHANGES: Whoops, forgot to add release marker + * check.c: + SPW_AUTH -> SPW_SECUREWARE + [af0e8d8b89b2] -2000-03-26 11:57 millert + * check.c: + now uses SHADOW_TYPE to make shadow pw support more readable and + modular. It's a start... + [8c2a59667014] - * CHANGES: Final change for 1.6.3 (or so I hope) + * configure.in: + added autodetection of shadow passwords + [85f81fa54b1b] -2000-03-26 11:57 millert + * sudo.c: + now uses SHADOW_TYPE define + [355e5dc09b07] - * sudo.cat, sudoers.cat, visudo.cat: Use SYSV man sections since - BSD systems will have nroff... + * config.h.in: + added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines + [c0c06e83e483] -2000-03-24 18:58 millert + * aclocal.m4: + added SUDO_CHECK_SHADOW + [464301301639] - * parse.yacc: When checking to see if the host/user matches in a - defaults spec, check against TRUE, not just non-zero since it - might be -1. +1995-07-12 Todd C. Miller -2000-03-24 15:14 millert + * configure.in: + define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for + memmove() since we dno longer use it... + [8aefa87d7d31] - * configure.in, configure: OSF/1 puts file formats in section 4, - not 5. + * CHANGES: + updated + [ce97b3fd7182] -2000-03-24 15:13 millert + * logging.c: + added BROKEN_SYSLOG support + [a45c3bca36f6] - * CHANGES, INSTALL, sudo.c: Make login class support work on BSD/OS + * config.h.in: + added BROKEN_SYSLOG + [6f6abf0a6268] -2000-03-23 20:24 millert + * check.c: + now only bitch it timestamp > time_now + 2 * timeout to allow for a + machine udpating its time from a server + [546bc8d35325] - * RUNSON: Update for 1.6.3 + * sudo.man: + added 2 security notes updated Nieusma's email addr + [616756c56977] -2000-03-23 20:23 millert + * lsearch.c: + changed a memmove() to memcpy() since we don't have to worry about + overlapping segments. + [30baa478526b] - * configure, configure.in: If there is no inet_addr but there *is* - an __inet_addr that's ok since inet_addr is probably just a macro - then. The better thing to do would be to look for the macro, but - this is fine for now. +1995-07-11 Todd C. Miller -2000-03-23 19:50 millert + * interfaces.c: + cleanup up the loop when interfaces are groped in so that it is + readable + [1fa39446bd69] - * configure, configure.in: Don't use shlicc for BSD/OS 4.x + * Makefile.in, version.h: + ++version + [b46bd2b1770f] -2000-03-23 19:40 millert +1995-07-09 Todd C. Miller - * Makefile.in, configure, configure.in: *.man lives in cwd, *.cat - lives in $(srcdir), add a @mansrcdir@ configure variable so we - can deal with this. Also, only remove *.man for 'distclean' not - 'clean'. + * CHANGES: + annotated 124-126 + [b82a2b3ec7ce] -2000-03-23 19:16 millert +1995-07-07 Todd C. Miller - * sudo.c: set_loginclass() should be static like the proto says + * check.c: + fixed permissions check on /tmp/.odus + [cc2431a65468] -2000-03-23 14:14 millert +1995-07-06 Todd C. Miller - * fnmatch.c: Add #ifdef __STDC__ around the rangematch function - header to avoid promotion of test to int, thus violating the - prototype. Gcc handles this gracefully but more std ANSI - compilers will complain. + * check.c: + fixed some comments + [8896d09b4fda] -2000-03-23 10:11 millert + * check.c: + now checks owner & mode of timedir also checks for bogus dates on + timestamp file + [a0fad5df5b0a] - * emul/fnmatch.h: Pull in newer fnmatch(3) that supports - FNM_CASEFOLD + * OPTIONS: + updated TIMEOUT info + [033cc22d9e04] -2000-03-23 10:11 millert + * logging.c, sudo.h: + added BAD_STAMPDIR and BAD_STAMPFILE + [31d9ce691101] - * aclocal.m4, configure, fnmatch.3, fnmatch.c: Pull in newer - fnmatch(3) that supports FNM_CASEFOLD Check for FNM_CASEFOLD in - configure + * compat.h: + added definition of S_IRWXU + [ff2dab091a9b] -2000-03-22 23:41 millert + * CHANGES: + updated + [a40df90284f1] - * CHANGES, TODO: update for 1.6.3 +1995-07-03 Todd C. Miller -2000-03-22 23:38 millert + * interfaces.c: + added #ifdef to make it compile on strange arches + [4a127f12afce] - * lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, sudo.tab.h, - testsudoers.c, visudo.c: Fully qualified hosts w/ wildcards were - not matching the FQHOST token type. There's really no need for a - separate token for fully-qualified vs. unqualified anymore so - FQHOST is now history and hostname_matches now decides which - hostname (short or long) to check based on whether or not the - pattern contains a '.'. +1995-07-02 Todd C. Miller -2000-03-22 23:09 millert + * aclocal.m4: + fixed check for fulkl void impl. + [b6f2a4a361d8] - * parse.c, parse.h, parse.yacc, sudoers.pod, testsudoers.c, - visudo.c, sudoers.cat, sudoers.man.in: Add support for wildcards - in the hostname. + * check.c: + added mssing "static" + [520552f2772b] -2000-03-22 22:50 millert + * insults.h: + replaced #elif with #else #if constructs for ancient C compilers + [39ab2d365b57] - * Makefile.in: Add targets for *.man.in, using config.status to - generate *.man from *.man.in + * INSTALL: + updated irix c2 & kerb5 info + [ae79b99b4905] -2000-03-22 22:20 millert + * configure.in: + added shadow pw support for irix + [632469d9c528] - * sudoers.cat, sudoers.man.in, sudoers.pod: Document set_logname - option and enbolden refs to sudo and visudo. +1995-07-01 Todd C. Miller -2000-03-22 19:35 millert + * BUGS, TODO: + updated + [2a96bb18ac30] - * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, - sudo.cat, sudo.pod, sudo.man.in, sudoers.cat, sudoers.pod, - visudo.cat, visudo.pod, sudoers.man.in, visudo.man.in: Add - FreeBSD login.conf support (untested on BSD/OS) based on a patch - from Michael D. Marchionna. configure now does substitution on - the man pages, allowing us to fix up the paths and set the - section correctly. Based on an idea from Michael D. Marchionna. + * CHANGES: + last changes for sudo 1.3.3 + [c1c0cd1034b8] -2000-03-22 19:27 millert + * configure.in: + now calls SUDO_SOCK_SA_LEN + [14ea78159d45] - * auth/passwd.c: Better fix for handling HP-UX aging info. + * config.h.in: + added HAVE_SA_LEN + [cc2a346aa905] -2000-03-22 19:20 millert + * aclocal.m4: + added SUDO_SOCK_SA_LEN + [456a2025644a] - * sudo.c: Add support for set_logname run-time default + * interfaces.c: + now works with ip implementations that use sa_len in sockaddr + [90be6e028077] -2000-03-22 19:17 millert + * INSTALL: + added note about buggy AIX compiler + [c0f6d427e4e4] - * sudo.man.in, sudoers.man.in, visudo.man.in: configure does - substitution on these to produce *.man + * interfaces.c: + now include sys/time.h for AIX + [2510858ab38b] -2000-03-22 19:16 millert +1995-06-28 Todd C. Miller - * sudo.man, sudoers.man, visudo.man: These files now get generated - from *.man.in at configure time. + * Makefile.in: + getcwd -> getwd + [66085ebca98e] -2000-03-22 18:40 millert + * interfaces.c: + now works for ISC and others. yay. + [f336d4ffc927] - * defaults.c, defaults.h: Add set_logname option so users can turn - off setting of LOGNAME/USER environment variables. +1995-06-26 Todd C. Miller -2000-03-22 10:53 millert + * Makefile.in, version.h: + version++ + [836cffc2078d] - * testsudoers.c, lsearch.c, parse.c: kill register +1995-06-23 Todd C. Miller -2000-03-13 15:52 millert + * aclocal.m4: + fixed test for full void impl + [fb004107e7b9] - * auth/passwd.c: HP-UX adds extra info at the end for password - aging so when comparing the result of crypt to pw_passwd we only - compare the first len(epass) bytes *unless* the user entered an - empty string for a password. + * sudo.c: + now check to see that st_dev is non-zero before assuming that we are + being spoofed + [1b0e1c30c506] -2000-03-13 11:05 millert +1995-06-20 Todd C. Miller - * logging.c: Get rid of grandchild hack, it was causing problems - and there is really no need for it. This fixes a bug where we - spin eating up CPU when the user runs a long-running process like - a shell. + * aclocal.m4, configure.in: + SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL + [4953379bfb01] -2000-03-07 14:26 millert +1995-06-19 Todd C. Miller - * sudo.c: User can always specify a login class if he/she is - already root. + * aclocal.m4: + fixed include file order for SUDO_FUNC_UTIME_POSIX + [ff64ab7df44f] -2000-03-06 23:29 millert + * logging.c: + added cast for ttyname() + [444f05f56758] - * config.h.in, configure, configure.in, defaults.c, defaults.h, - sudo.c, sudo.h: FreeBSD login class (login.conf) support. + * configure.in: + fixed typo + [de068e748431] -2000-03-06 14:42 millert + * check.c: + now deal correctly with all known variation of utime() -- yippe + [b778a4195a89] - * auth/sudo_auth.c: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes - secureware support + * configure.in: + added SUDO_FUNC_UTIME_POSIX + [cf635f2269d6] -2000-03-03 18:04 millert + * aclocal.m4: + added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX + [d79593be4b73] - * auth/passwd.c: Truncate unencrypted password to 8 chars if - encrypted password is exactly 13 characters (indicateing standard - a DES password). Many versions of crypt() do this for you, but - not all (like HP-UX's). + * config.h.in: + added HAVE_UTIME_POSIX + [c67b4ac0dca5] -2000-03-01 21:01 millert + * check.c: + fixed a typo + [b14df5680f59] - * INSTALL, RUNSON: Mention that gcc on dynix may have problems + * check.c: + no longer assume !HAVE_UTIME_NULL means old BSD utime() + [0aeaf4b2f38b] -2000-02-29 17:46 millert + * check.c: + fixed fascist C compiler warning + [c61ddf2f1f93] - * Makefile.in: Link visudo with NET_LIBS since we now call syslog - via defaults.c + * interfaces.c: + now set strioctl.ic_timout in STRSET() now initialize num_interfaces + to 0 (just to be anal) + [c54cc2ba0052] -2000-02-29 17:41 millert +1995-06-18 Todd C. Miller - * defaults.c: Use Argv[0] as the first arg to openlog() since - visudo uses this too. + * sudo.h: + increaed MAXLOGLEN by MAXPATHLEN to account for ttyname + [74cf585a54fb] -2000-02-28 18:58 millert + * logging.c: + added tty logging + [e27d8dcfbd78] - * sudo.c: Stash coredumpsize resource limit and retsore it before - the exec() Otherwise the child ends up with a coredumpsize of 0. + * interfaces.c: + reworked the ISC code + [bcf57ce8ae69] -2000-02-26 22:56 millert + * Makefile.in, version.h: + updated version + [032941c9b94d] - * sudo.cat, sudo.man, sudo.pod: document -S flag + * check.c: + now expect old-style utime(3) if utime() can't take NULL as an arg + [018dd4a73030] -2000-02-26 22:54 millert + * configure.in: + added check for utime.h + [0b76e8feb618] - * sudo.c: fix usage string + * config.h.in: + added HAVE_UTIME_H + [62ee42feda46] -2000-02-26 22:48 millert + * Makefile.in: + added CPPFLAGS STATIC_FLAGS -> LDFLAGS + [fa3201d294e1] - * CHANGES, RUNSON, TODO, sudo.c, sudo.h, tgetpass.c, - auth/aix_auth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Added - -S flag (read passwd from stdin) and tgetpass_flags global that - holds flags to be passed in to tgetpass(). Change echo_off param - to tgetpass() into a flags field. There are currently 2 possible - flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(), - abstract the echo set/clear via macros and if (flags & TGP_ECHO) - but echo is not set on the terminal, but sure to set it. + * configure.in: + now search for kerb libs and includes + [cc332401e571] -2000-02-26 22:11 millert + * check.c: + added support for utime(2)'s that can't take a NULL parameter + [98797fedf69f] - * tgetpass.c: Fixed a bug that caused an infinite loop when the - password timeout was disabled. + * utime.c: + moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs + [6ce6d825fb44] -2000-02-18 12:56 millert + * configure.in: + added utime(s) stuff + [a2afb744403e] - * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h, - sudoers.cat, sudoers.man, sudoers.pod, visudo.c: Add rootpw, - runaspw, and targetpw options. + * check.c: + now use utime() + [48902240a51e] -2000-02-18 12:11 millert + * config.h.in: + added HAVE_UTIME and HAVE_UTIME_NULL + [9a56ab65d4f4] - * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod, - visudo.c: enveditor -> env_editor +1995-06-17 Todd C. Miller -2000-02-15 19:07 millert + * utime.c: + now use HAVE_UTIME_NULL + [e3944de09a92] - * BUGS, INSTALL, Makefile.in, README, configure, configure.in, - sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, - visudo.cat, visudo.man: crank versino to 1.6.3 + * emul/utime.h, utime.c: + Initial revision + [a2cbf2ef3427] -2000-02-15 19:03 millert + * check.c: + need to setuid(0) to make kerb4 stuff work. + [c6cfda4039d7] - * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man, - sudoers.pod, visudo.c: Add 'editor' and 'enveditor' sudoers - defaults and make visudo honor them. This means that visudo will - now parse the sudoers file *before* it is edited so a bogus - sudoers file will cause a warning to go to stderr. Also, visudo - checks the variables once--it does not check them after each - editor run since that could be confusing. + * tgetpass.c: + no more special case for kerberos + [4a5c33145be9] -2000-02-15 18:49 millert + * config.h.in: + took out setreuid and setresuid stuff added kerb5 stuff (use kerb4 + emulation) + [a607ee43e650] - * RUNSON: 1.6.2 -> 1.6.2p1 + * compat.h: + no longer need setreuid() emulation now set _PASSWD_LEN to 128 if + kerberos + [02fb274cc136] -2000-02-15 18:36 millert + * check.c: + now use private ticket file for kerberos support to avoid trouncing + on system one + [28d8b6b812c7] - * check.c, sudo.c, sudo.h: Move user_is_exempt prototype into - sudo.h +1995-06-15 Todd C. Miller -2000-02-13 13:38 millert + * sudo.h: + added SPOOF_ATTEMPT & cmnd_st + [d3b42a1f4d0d] - * configure, configure.in: Fix thinko, some && should have been || - in the last commit + * sudo.c: + added anti-spoofing support + [ab1e2aa44a57] -2000-02-13 13:28 millert + * parse.c: + now use global cmnd_st + [47018265a1a6] - * configure, configure.in: Don't initialized Makefile variables to - be NULL since the user may want to import variables from their - environment. + * logging.c: + added SPOOF_ATTEMPT suypport + [7bbe9dd2a021] -2000-02-03 21:09 millert + * testsudoers.c, visudo.c: + added void casts where appropriate + [f191441ba333] - * configure, configure.in: typo + * parse.yacc: + fixed up spacing and added void casts where appropriate + [15d886fc809c] -2000-01-27 15:01 millert + * sudo.c: + fixed problem with "-p prompt" but no args + [6fc048261a3e] - * INSTALL, RUNSON, configure, configure.in: Make pam work on HP-UX - 11.0;jaearick@colby.edu +1995-06-14 Todd C. Miller -2000-01-27 15:01 millert + * sudo.man: + added BUGS and annotated -l description + [e5c506de2603] - * CHANGES: recent changes; prepare for 1.6.2p1 + * sudo.h: + validate() now takes a flag + [26627becc60a] -2000-01-26 23:31 millert + * sudo.c: + validate() now takes a flag added -l + [a4f7bb97fe54] - * find_path.c: Don't apply SECURE_PATH if user is example; - jmknoble@pobox.com + * parse.yacc: + added support for -l + [e7a9b10b0ad3] -2000-01-26 16:21 millert + * parse.c: + validate() now takes a flag that says whether or not to check the + command + [9e1e67f4e281] - * sudoers.cat, sudoers.man, sudoers.pod: Expanded docs on sudoers - 'defaults' options based on INSTALL file info. +1995-06-08 Todd C. Miller -2000-01-26 16:21 millert + * logging.c: + now deals with Argv == 1 + [0acb637ab635] - * INSTALL: Fix some while lies + * sudo.man: + added -p option + [e60382fc0561] -2000-01-24 10:48 millert + * sudo.c: + added prompt support reworked parse_args() + [2f605267ed4a] - * Makefile.in: When making a bindist, link FAQ to TROUBLESHOOTING - instead of copying. + * sudo.h: + added prompt + [5ab021bdb419] -2000-01-23 22:57 millert + * options.h: + added PASSPROMPT + [614727ff44a2] - * sudoers.cat, sudoers.man, sudoers.pod: Add netgroup caveat + * check.c: + now use BUFSIZ as length of kerb password added kpass so pass is + always a char * now use prompt global when asking for a password + [76be09af784f] -2000-01-23 22:42 millert + * tgetpass.c: + now use BUFSIZ as _PASSWD_LEN if using kerberos + [1e907eed312b] - * RUNSON: Last minute updates + * OPTIONS: + added PASSPROMPT + [ddb2f405ce40] -2000-01-23 22:26 millert +1995-06-07 Todd C. Miller - * TROUBLESHOOTING: PAM entry + * configure.in: + only look for -lufc or -lcrypt if crypt() not in libc + [9717d315661f] -2000-01-23 22:23 millert + * check.c: + don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN + (unknown user) silently fail + [2b48693d4ee9] - * auth/pam.c: correct a comment + * INSTALL: + added kerb4 note + [986e393f740c] -2000-01-23 22:03 millert + * tgetpass.c: + HAVE_KERBEROS -> HAVE_KERB4 + [e438bfb5e6aa] - * CHANGES, RUNSON: update for 1.6.2 + * check.c: + removed debugging printf + [1cf9f5cbffa5] -2000-01-23 21:59 millert + * configure.in: + KERBEROS -> KERB4 added checks for setreuid & setresuid + [01e9945beb1e] - * auth/pam.c: Better detection of PAM errors and fix custom prompts - with PAM. Based on patches from "Cloyce D. Spradling" - + * config.h.in: + HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID + [0e0bb5b8ac3e] -2000-01-20 11:15 millert + * compat.h: + added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation + with setresuid if applic + [9dae24c47696] - * snprintf.c: Cast ULONG_MAX to unsigned long long when comparing - to an unsigned long long value. + * check.c: + HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if + no setreuid() or a broken one + [1fca642bdb8e] -2000-01-19 14:07 millert +1995-06-06 Todd C. Miller - * CHANGES, config.h.in, configure, configure.in, visudo.c: Fix - sudoers locking in visudo. We now lock the sudoers file itself, - not the temp file (since locking the temp file can foul up - editors). The previous locking scheme didn't work because the fd - was closed too early. + * configure.in: + added kerberos support + [da5639b9b8e7] -2000-01-19 13:37 millert + * config.h.in: + added HAVE_KERBEROS + [fcc5be550e65] - * configure, config.h.in, configure.in: Don't need test for - ftruncate() any more. + * tgetpass.c: + added KERBEROS support (long passwords) + [303ba6924dd2] -2000-01-18 21:23 millert + * check.c: + added kerberos support + [e40afe98fc1d] - * configure, configure.in: Add a test for the -Aa flag w/ HP-UX's - cc. Fixes compilation with the unbundled HP-UX cc. +1995-06-03 Todd C. Miller -2000-01-18 17:00 millert + * sudo.h: + added MODE_BACKGROUND + [9b483c932016] - * sudoers.cat, sudoers.man, sudoers.pod: "a a" -> "a"; Aaron - Campbell + * sudo.man: + escaped dashes added -b option + [62e84f1a7714] -2000-01-17 18:46 millert + * sudo.c: + added -b option + [7e78aaefeb95] - * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h, - parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, - tgetpass.c, version.h, visudo.c: update copyright year on changed - files + * check.c: + added crypt() for osf/1 3.x enhanced secuiry + [e9aa5abdb7d5] -2000-01-17 18:45 millert + * configure.in: + now check for -lcrypt + [5cb9c67e9fa2] - * RUNSON: updates + * interfaces.c: + added ENXIO like EADDRNOTAVAIL + [74223bb1ba75] -2000-01-17 18:45 millert +1995-05-08 Todd C. Miller - * CHANGES: aix fix + * configure.in: + now emulate getwd(), not getcwd() + [3e5439d9a5f4] -2000-01-17 18:42 millert + * sudo.c: + getcwd() -> getwd() + [6392a96a658e] - * INSTALL: Crank version to 1.6.2 + * getwd.c: + getcwd -> getwd + [1b0ab9bae11e] -2000-01-17 18:11 millert +1995-05-02 Todd C. Miller - * configure: Crank version to 1.6.2 + * ins_2001.h, ins_classic.h, ins_goons.h: + Initial revision + [86db60d8cf00] -2000-01-17 17:46 millert + * insults.h: + broke out insults into separate include files + [0a01993bd38a] - * sudo.c: When using rlimit check for RLIM_INFINITY When computing - the value of maxfd, use min(getdtablesize(), RLIMIT_NOFILE) + * OPTIONS, options.h: + added GOONS + [e283203c6515] -2000-01-17 12:32 millert + * Makefile.in: + added ins_2001.h ins_classic.h ins_goons.h + [2a39cd6a4cd2] - * CHANGES: recent changes + * Makefile.in, version.h: + ++version + [05ebf4f5e41a] -2000-01-17 12:28 millert + * visudo.c: + moved signal handler setup to setup_signals() + [3dd976c04540] - * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man, - sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man: - Crank version to 1.6.2 + * sudo.h: + added load_interfaces() + [af2d473b09e2] -2000-01-17 12:25 millert + * sudo.c: + moved load_interfaces to interfaces.c + [5c8c138e5d4c] - * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: Add - 'shell_noargs' runtime option back in. We have to defer checking - until after the sudoers file has been parsed but since there are - now other options that operate that way this one can too. Based - on a patch from bguillory@email.com. + * parse.yacc: + added clearaliases + [aeb4ff301daa] -2000-01-16 23:05 millert + * OPTIONS, options.h: + added FAST_MATCH + [f49ea3d1b525] - * defaults.c, defaults.h, parse.c, sudo.c, sudo.h: Add "listpw" and - "verifypw" options. + * parse.lex: + now uses clearaliases variable + [a2dda415bf61] -2000-01-16 22:57 millert + * interfaces.c: + Initial revision + [a1990e3f5c69] - * sudoers.cat, sudoers.man, sudoers.pod: o Fix some typos/omissions - o Add section on verifypw and listpw o Define how NOPASSWD - interacts with the -v and -l flags + * Makefile.in: + added interfaces.[co] + [1e8e5984de97] -2000-01-14 12:39 millert + * testsudoers.c: + now uses ip addrs and netmasks via load_interfaces() + [54b8f7a6835e] - * configure, configure.in: For HP-UX cc, add -Aa to CPPFLAGS. For - HP-UX always add -D_HPUX_SOURCE to CPPFLAGS. + * sudo.c: + now remove IFS instead of setting to "sane" value + [ce7eec9f115e] -2000-01-14 12:29 millert +1995-05-01 Todd C. Miller - * defaults.c, defaults.h: In struct sudo_defs_types, move the union - to the end and don't initialize the union member since that only - works with an ANSI compiler. We set the value of the union by - hand in init_defaults() anyway. This allows sudo to compile on a - K&R compiler again. + * parse.c: + added FAST_MATCH + [816d4f5fe81a] -2000-01-11 13:20 millert +1995-04-30 Todd C. Miller - * parse.c, parse.h, parse.yacc, testsudoers.c, visudo.c: - netgr_matches needs to check shost as well as host since they may - be different. + * Makefile.in: + sudo_goodpath.c-> goodpath.c + [a5072c4e1de2] -2000-01-11 13:17 millert + * sudo.c: + added Andy's new ISC changes + [caa6bbee358e] - * tgetpass.c: End on \r as well as \n +1995-04-14 Todd C. Miller -2000-01-02 23:53 millert + * OPTIONS: + added a sentence to SECURE_PATH info + [cad6e1569d15] - * sudo.c: Update statbuf.st_mode based on SUDOERS_MODE when we are - chaning from 0400 to whatever SUDOERS_MODE is (converting from - the old sudoers mode). Assumes that SUDOERS_MODE is less - restrictive than 0400 which should always be the case. + * BUGS: + added one + [4b35cf699a83] -2000-01-02 23:43 millert + * CHANGES: + updated + [5fded9dc62f0] - * parse.c, parse.yacc, sudo.c, sudo.h: Make treatment of -l and -v - sane wrt NOPASSWD flags. Now allow -l w/o a passwd if there is - *any* entry for the user on the host with a NOPASSWD flag. For - -v, only allow w/o a passwd if *all* entries for the user on the - host w/ the specified runas user have the NOPASSWD flag set. + * RUNSON: + updated + [33cb993cfd39] -2000-01-02 23:26 millert +1995-04-13 Todd C. Miller - * Makefile.in: add check target + * RUNSON: + updated for beta3 + [a05dc6a91995] -1999-12-16 13:02 millert + * Makefile.in, version.h: + ++version + [54aaf3fadc75] - * visudo.c: Treat EOF at whatnow prompt like 'x' instead of - looping. + * aclocal.m4: + sendmail is now looked for in /usr/ucblib + [231ac1a4662f] -1999-12-10 00:09 millert + * sudo.c: + fixed indentation + [fb137400c8c2] - * CHANGES: recent changes + * aclocal.m4: + fixed a typo + [e03f1acc468b] -1999-12-08 23:04 millert + * sudo.c: + updated ISC mods + [070290d4754b] - * config.h.in, configure, configure.in, sudo.c: Add check for - initgroups() since old SYSV lacks this. + * configure.in: + added unixware case + [e90250bae0d9] -1999-12-08 22:54 millert + * check.c: + user_is_exempt is no longer hidden + [1a341765b8af] - * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, - configure.in, parse.c, testsudoers.c: o Kill HAVE_FNMATCH_H o - Only define HAVE_FNMATCH if exists. + * RUNSON: + updated + [a9c4898b26dd] -1999-12-06 01:47 millert + * aclocal.m4: + isc and riscos changes + [98b5d86585d1] - * CHANGES, RUNSON, insults.h, auth/sudo_auth.c: Don't allow insults - to be enabled if the insults[] array is empty. Otherwise there - would be division by zero. + * OPTIONS: + added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH + [e1ecc464ce4b] -1999-12-06 01:25 millert + * Makefile.in: + fixed a typo and added testsudoers stuff + [435d60e163dc] - * insults.h: Don't care about USE_INSULTS #define since the insult - stuff may be overridden at runtime. + * testsudoers.c: + Initial revision + [6ce14a448662] -1999-12-06 01:23 millert +1995-04-12 Todd C. Miller - * auth/sudo_auth.c: Honor insults flag. + * parse.yacc: + applied fixed patch from Chris + [cd6144203d13] -1999-12-05 19:14 millert +1995-04-11 Todd C. Miller - * CHANGES, parse.c: Don't ask the user for a password if the user - is not allowed to run the command and the authenticate flag (in - sudoers) is false. + * Makefile.in: + fixed a typo + [34f8a54ba041] -1999-12-05 19:05 millert + * parse.yacc: + added a set of braces for bison + [f0e43b938914] - * CHANGES, RUNSON, lex.yy.c, parse.lex: o Whenever we get a bare - newline we change to the INITIAL state. o Enter GOTRUNAS when we - see Runas_Alias + * parse.yacc: + merged in Chris' changes to dekludge the parser. + [82d6e373ab1c] - This allows #uid to work in a RunasAlias. + * logging.c: + send_mail() was calling find_path() which is wrong since find_path() + stores cmnd in a static var. Anyhow, it doesn't make much sense + since MAILER should always be fully qualified + [6eae6a0b8098] -1999-12-05 14:06 millert +1995-04-10 Todd C. Miller - * CHANGES, parse.yacc: fix parsing of runas lists: o oprunasuser - and runaslist now return a value o in a runasspec, if a runaslist - does not return TRUE, set runas_matches to FALSE. Normally, a - runaslist only returns FALSE for explicitly denied users. o - since runaslist does not modify the stack there is no need for a - push/pop in runasalias. + * sample.sudoers: + added User_Alias stuff + [aaba8c8e918d] -1999-12-04 21:54 millert + * aclocal.m4: + SUDO_NEXT now looks for /usr/lib/NextStep/software_version + [52bd81f34b32] - * check.c, sudo.c: Don't kill the user's tickets until after - sudoers has been parsed since tty_tickets and ticket_dir could be - set in sudoers. + * RUNSON: + added DEC UNIX 3.0 w/ gcc + [7daf570775b5] -1999-12-04 21:18 millert + * visudo.c: + Exit was being used in places where exit should be used + [6026a89c07ed] - * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON, - configure, configure.in, sudo.cat, sudo.man, sudoers.cat, - sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man: crank - version to 1.6 + * sudoers: + added "User alias specification" + [a487b6e234f8] -1999-12-04 21:18 millert + * parse.yacc: + fixed probs caused by making nslots and naliases a size_t + [0be919384f3f] - * testsudoers.c: add set_fqdn() stub + * RUNSON: + added KSR, upped rev to 1.3.1b2 + [ce04ee6faadf] -1999-12-02 15:31 millert + * logging.c, parse.yacc: + 1024 -> BUFSIZ + [cd6dda45fa11] - * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat, - sudoers.man, sudoers.pod, visudo.c: o Kill shell_noargs option, - it cannot work since the command needs to be set before sudoers - is parsed. o Fix the "set_home" sudoers option (only worked at - compile time). o Fix "fqdn" sudoers option. We now set - host/shost via set_fqdn which gets called when the "fqdn" - option is set in sudoers. o Move the openlog() to - store_syslogfac() so this gets overridden correctly from the - sudoers file. + * parse.yacc: + void * -> VOID * naliases and nslots are now size_t to appease + lsearch on 64-bit machines + [bf2f807c0dc1] -1999-12-02 15:21 millert +1995-04-09 Todd C. Miller - * auth/securid.c: SecurID support should compile now. + * TODO: + did a bunch of things and added a bunch :-) + [42afd957b829] -1999-11-28 20:56 millert + * PORTING: + updated + [972f95c85776] - * sudo.pod, visudo.pod, sudo.cat, sudo.man, sudoers.man, - visudo.man, sudoers.cat, visudo.cat: fix some syntactic goofs + * visudo.man: + closer to BSD manpage style + [07ae88f50325] -1999-11-28 18:51 millert + * sudo.man: + closer to standard BSD man format + [372c28dcc135] - * sudo.html, sudoers.html, Makefile.in, visudo.html: No longer need - the .html files as they are generated automatically on the web - site. + * compat.h, config.h.in, emul/search.h, insults.h, options.h, + pathnames.h.in, sudo.h, version.h: + added RCS id + [c0ec90b81002] -1999-11-28 18:49 millert + * sudo.h: + removed crufty #defines that are no longer used + [35e2b4b477f0] - * CHANGES, LICENSE: kill characters that made wml unhappy + * BUGS: + fixed a bug + [5bb3e1bee85e] -1999-11-28 18:34 millert + * sudo.man: + updated based on sudo changes + [e65de1cae438] - * HISTORY: typo + * parse.yacc: + now allow ALL keyword in User_Aliases now allow ALL keyword as well + as a NAME or ALIAS + [1fb31404dd0f] -1999-11-25 12:05 millert + * CHANGES: + updated + [b24018ac610b] - * README: majordomo@cs.colorado.edu -> majordomo@courtesan.com + * sudo.c: + now sets SUDO_COMMAND and SUDO_GID envariables. + [e9d791557fb7] -1999-11-24 19:43 millert + * aclocal.m4: + fixed bug with full void impl check + [35715301023c] - * Makefile.in, configure: Wrap script execution w/ /bin/sh for the - benefit of ctm + * parse.yacc: + fixed User_Alias supoprt + [4c30dfbaaa07] -1999-11-23 22:52 millert + * parse.yacc: + added stubs for User_Alias support + [f4afbd247edf] - * sudo.c: Make the -s flag be exclusive too. Also reorder the - flags in the exclusive usage message so they are alphabetical. + * sudo.c: + now sets removes # bogus interfaces from num_interfaces + [6f077fac9ab1] -1999-11-23 13:27 millert + * parse.lex: + added User_Alias support + [bc7997e5df85] - * auth/pam.c: make pam errors other than PAM_PERM_DENIED fatal +1995-04-08 Todd C. Miller -1999-11-23 13:07 millert + * Makefile.in: + removed extraneous TODO + [bc87a3b14d6d] - * auth/API: fix typo +1995-04-07 Todd C. Miller -1999-11-23 13:07 millert + * visudo.c: + ntwk_matches -> addr_matches + [475044e288b8] - * INSTALL: make it clear that /etc/pam.d/sudo is required on linux + * parse.yacc: + ntwk_matches -> addr_matches + [dd1f4093fd2d] -1999-11-23 13:06 millert + * parse.c: + ntwk_matches -> addr_matches now use inet_addr() not inet_network() + (which expects octet boundaries) fixes for OSF (sizeof(int) != + sizeof(long)) + [acd2f556940f] - * auth/pam.c: fix a warning on redhat and spew an error if - pam_authenticate() returns an error other than AUTH_SUCCESS or - PAM_PERM_DENIED + * sudo.c: + took out debugging info + [044023063eca] -1999-11-23 00:43 millert + * aclocal.m4: + OS was being set to unknown before non-uname based host checks. + This caused no checks to happen since $OS was not zero-length. + [335a7267479d] - * sudo.cat, sudo.html, sudo.man, sudo.pod: Be very clear that the - password required is the user's not root's + * sudo.c: + fixed loading of interfaces struct still has debugging info in + though + [2d1a18998c1e] -1999-11-19 21:04 millert + * parse.c: + fixed typo + [175674a3a9fa] - * Makefile.in: add sample.syslog.conf to DISTFILES and BINFILES +1995-04-06 Todd C. Miller -1999-11-18 19:13 millert + * Makefile.in: + ++version + [55d191b5daa3] - * RUNSON: updates from Brian Jackson + some formatting + * version.h: + ++ + [d7d1f115696a] -1999-11-17 21:39 millert + * visudo.c: + removed extraneous extern decl of "top + [50355621047d] - * INSTALL.binary, Makefile.binary, README, RUNSON: o One RUNSon - update o Changes for automating real binary releases + * visudo.c: + now zeros "top" + [4e683210345b] -1999-11-17 21:38 millert + * parse.yacc: + removed parser_cleanup (no need for it now) + [afa59f222b6c] - * Makefile.in: Add bindist target + * parse.lex: + now calls reset_aliases() directly + [3a23cbd60fc0] -1999-11-16 16:26 millert +1995-04-04 Todd C. Miller - * TROUBLESHOOTING: talk about run-time options in addition to - compile-time options + * OPTIONS: + added a sentence to SECURE_PATH description + [c5bf75b85af0] -1999-11-16 01:16 millert + * parse.c: + fixed my stupid bug where I used NAMLEN on something I wanted to + just get the name from. argh. + [111f460f6540] - * CHANGES: fix typos +1995-04-03 Todd C. Miller -1999-11-16 01:09 millert + * lsearch.c: + fixed argument order of memmove() that i hosed when converting from + bcopy(). arghh. + [2f5336045c8b] - * sudo.c: need sys/time.h if HAVE_SETRLIMIT + * Makefile.in: + finally fixed DISTFILES line + [a1b419e73a63] -1999-11-16 00:42 millert + * Makefile.in: + tabs -> spaces + [280fb03e5764] - * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man, - sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod: get - rid of references to sudo-bugs. Now mention the web site or the - sudo@ alias + * Makefile.in: + added missing files to DISTFILES + [991fc1cd2263] -1999-11-16 00:35 millert + * Makefile.in: + SUPPORTED -> RUNSON + [7580e65b05fb] - * sudoers.html: repair pod2html damage +1995-04-01 Todd C. Miller -1999-11-16 00:28 millert + * TODO: + updated + [fe764a29c1cc] - * RUNSON, TODO: Update for 1.6 release + * RUNSON: + updated for pl5b1 release + [aefc35bd2291] -1999-11-16 00:23 millert + * BUGS, TODO: + updated + [8f0ea249b687] - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Add warning - about using ALL in a command context. + * check.c: + fixed bug where if you hit return at first sudo prompt it would + still log as a failure + [24539c854692] -1999-11-09 15:12 millert + * CHANGES: + updated + [251cc7b3ede4] - * visudo.c: Call yyrestart() on a parse error to reset the lexer - state. + * aclocal.m4: + better test for bogus void * implementation + [efe23180cb88] -1999-11-09 15:06 millert + * logging.c: + added PASSWORDS_NOT_CORRECT + [bd12c73f83f7] - * parse.lex, lex.yy.c: Don't need YY_FLUSH_BUFFER after all Move - yyrestart() into visudo.c since it might not get called in yywrap - if we get a parse error (and we only reread the file on error - anyway). + * check.c: + added PASSWORDS_NOT_CORRECT stuff] + [90de391a979f] -1999-11-09 14:32 millert + * sudo.h: + added PASSWORDS_NOT_CORRECT + [727fbeb76fc5] - * parse.lex, lex.yy.c: Call YY_FLUSH_BUFFER macro in yywrap() to - clean up any buffers that might still exist. Call yyrestart() - instead of using the deprecated YY_NEW_FILE macro. + * tgetpass.c: + moved pathnames.h + [4f910e5a8df7] -1999-11-09 12:13 millert + * sudo.c: + removed some unused vars and fixed up uid2str + [70e92c7f9076] - * lex.yy.c, parse.lex: flex doesn't need %N table size declarations + * putenv.c: + moved compat.h + [b271091586f6] -1999-11-08 19:00 millert + * getcwd.c, getwd.c: + added pathnames.h + [6f25218f133f] - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Mention what - characters need to be escaped in names. +1995-03-31 Todd C. Miller -1999-11-08 18:59 millert + * parse.yacc: + fixed a typo I introduced in the last checkin :-( + [62c3af75c4fe] - * configure: regen + * parse.lex: + can't have #ifdef's where N is defined so just do this the broken + way for AIX + [c5648a5594e4] -1999-11-08 18:59 millert + * parse.yacc: + better hack from Chris (but still a hack) + [6b6d8aed93f3] - * INSTALL: clarify Mac OS X entry + * parse.lex: + stupid hack for broken aix lex + [efc3f9e5280e] -1999-11-08 18:59 millert + * tgetpass.c: + now includes compat.h  + [401822173f77] - * RUNSON: update + * visudo.c: + now includes fcntl.h + [63865c2f8ac6] -1999-11-08 17:45 millert + * compat.h: + added FD_SET and FD_ZERO for 4.2BSD + [00c5597c0bb0] - * configure.in: o Use AC_MSG_ERROR throughout o Check syslog - configure options for danity + * parse.yacc: + dirty hack to fix parser bug. i don't really like this but it works + for now... + [5b8bbdc81569] -1999-11-05 17:11 millert + * sudo.c: + uid2str is now static like the prototype says + [f2a97b5cb870] - * defaults.c: Fix printing of type T_MODE in dump_defaults() +1995-03-30 Todd C. Miller -1999-11-05 12:00 millert + * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING: + updated + [6f79c3e92716] - * strcasecmp.c: missing sys/types.h + * RUNSON: + Initial revision + [12a09ef9e884] -1999-11-05 00:42 millert + * sudo.c: + check_sudoers now returns an error code and sudo calls inform_user + and log_error based on the return value. + [340eca188d9a] - * INSTALL: Break out options that may be overridden at run time - into their own section. Add a not about Max OS X and correct - some lies. + * logging.c, sudo.h: + added entries for new errors + [6050d8542e1f] + + * parse.c: + now set uid to that of SUDOERS_OWNER while parsing sudoers file + [3683c42bc9b0] + + * Makefile.in: + took out testsudoers  + [65317d49db48] + + * sudo.c: + now explicately checks that it is setuid root + [2fe1be60ef6a] + + * sudo.c: + If a user has no passwd entry sudo would segv (writing to a garbage + pointer). Now allocate space before writing :-) + [d08e7eb5e5ef] + + * configure.in: + reordered AC_CHECK_FUNCS + [4c82e56c6f4f] + + * config.h.in: + fixed memset macro + [77ede6b714ab] + + * tgetpass.c, visudo.c: + bzero -> memset + [1a005bb322c8] + + * logging.c: + bzero -> memset when a parse error is logged the line number of the + error is now logged too + [a42d68047723] + + * INSTALL: + added Sunos to blurb about c2 security + [af750a1d131e] + + * configure.in: + added a SUN4 define for C2 security + [6ad5b23a3eb0] + + * config.h.in: + bcopy -> memmove bzero -> memset + [5494460c8464] + + * lsearch.c: + bcopy -> memmove char * -> VOID * + [a15f5c316e16] + + * check.c: + added support for sunos with C2 security + [03fea5bb21e6] + + * OPTIONS, options.h: + reordered + [1686265af3e1] + + * pathnames.h.in: + _PATH_SUDO_LOGFILE now set based on configure + [5867b58e4a04] + + * configure.in: + added SUDO_LOGFILE and SUDO_TYPE_SIZE_T + [1984d9fd1b5c] + + * config.h.in: + added _SUDO_PATH_LOGFILE + [dd3eebe62580] + + * aclocal.m4: + added SUDO_LOGFILE to find where to put sudo.log added + SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added + SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE) + [c589a515a99a] + +1995-03-29 Todd C. Miller + + * TROUBLESHOOTING: + Initial revision + [f42f1baba3a8] + + * sudo.c: + now do set_perms(PERM_ROOT) before the getpwuid() in load_global() + to work around a problem is trusted hpux shadow passwords. yuck. + [ae1f13b54687] + + * parse.yacc: + backed out a change in malloc/realloc + [ab868db0ad69] + + * parse.yacc: + now include stdlib.h + [957eef0631eb] + + * visudo.c: + now do an freopen() of the stmp file so that yyin will always point + to the same thing. This is important for flex since we are doing a + YY_NEWFILE + [44558922fd3e] + + * parse.yacc: + replaced yywrap() with parser_cleanup() since yywrap() needs to be + in parse.lex to be able to use YY_NEW_FILE. sigh. + [12dd09921074] + + * parse.lex: + now have a rule that matches anything that doesn't match an + explicite rule. well, you know what i mean (. matches anything not + yet matched). However, this means that there is input still queued + up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved + into parse.lex and it calls parser_cleanup() which is most of the + old yywrap() sigh. + [7f4042bc48d6] + + * SUPPORTED: + no longer used + [8f220be4da94] + + * getcwd.c, getwd.c: + moved compat.h to be the last include file + [9f3a65e2d485] + + * parse.yacc: + fixed type of aliascmp() args + [1c27eb989bdf] + + * find_path.c: + NULL -> '\0' + [5c8d8cf1692e] + + * parse.yacc: + added casts to lfind and lsearch args for irix + [61027ddeecf8] + + * Makefile.in: + bsdinstall -> install-sh + [61de6612c5a5] + + * INSTALL: + added info about make realclean + [29c6324d727f] + + * Makefile.in: + updated VERSION added dependencies for visudo.cat + [09077d7229d4] + + * version.h: + -> pl5b1 + [5d21c7ad1a41] + + * sudo.c: + took out -l + [fc1478d81b38] + + * Makefile.in: + now there is a real visudo.man and visudo.cat + [58aeac43a6dd] + + * sudo.man: + took out visudo stuff + [4a6ac4393343] + + * visudo.man: + Initial revision + [cba348843db8] + + * parse.c, parse.lex, parse.yacc: + updated copyright + [ffa16b70944a] + + * README: + updated for pl5 + [a26e423e9e5f] + + * sudo.man: + updated Nieusma & Hieb email addresses + [f0083e71989d] + + * INSTALL: + updated to include options.h and OPTIONS + [ee59e2b76c94] + + * CHANGES, TODO: + updated + [51e011ad5220] + + * BUGS: + eliminated bug #1 (yay) + [e7e88515494e] + + * configure.in: + sunos no longer gets linked statically + [2e5b3ff3108f] + +1995-03-28 Todd C. Miller + + * parse.lex: + prototype now uses __P() + [68ecdcab4c70] + + * parse.lex: + make fill() non-ansi + [d6509972260b] + + * parse.c: + made -v (validate) work + [13c9d520638c] + + * logging.c: + now gives host + [f04859cdba5a] + + * find_path.c: + don't check for execute/statable if fq or relative path given + [4bbe851f3973] + + * parse.c: + added a cast + [345c308f72f3] + + * visudo.c: + now include ctype.h for islower and tolower macros + [582c0aa332d5] + + * goodpath.c: + moved _S_IFMT & _S_ISREG to compat.h + [828e4ca4e7b4] + + * sudo.c: + moved a set of parens + [5783474ecf37] + + * strdup.c: + now include compat.h + [75e2036b94af] + + * emul/search.h: + void * -> VOID * + [cedcfaf04161] + + * parse.yacc: + now cast malloc & realloc return vals added search for HAVE_LSEARCH + now use strcmp if no strcasecmp available + [d6a42bc3d4ae] + + * lsearch.c: + void * -> VOID * + [886adc44f607] + + * config.h.in: + removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H, + HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH + [3b50d7fb4349] + + * compat.h: + added _S_IFMT, _S_IFREG, and S_ISREG + [73d506c7d53c] + + * aclocal.m4: + took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results + to most SUDO_* macros + [8442155f5936] + + * Makefile.in: + no more -I. + [63462f195bd4] + + * configure.in: + various 1.x ro 2.x autoconf changes now check for strcasecmp now use + AC_INSTALL_PROG instead of custom one added check for fully woorking + void implementation + [5ac6b6e6230f] + + * Makefile.in: + added lsearch & search.h visudo links into $(LIBOBJS) + [bc119cda4598] + + * aclocal.m4: + partial 1.x to 2.x changes added SUDO_FULL_VOID + [1194d01fa5c5] + + * visudo.c: + whatnow_help was prototyped to be static be was not declared as + such + [0f85489dd426] + + * configure.in: + autoconf 2.x changes took out HAVE_FLEX (no longer used) added check + for dirent/dir/ndir.h + [7408f3854948] + + * parse.c: + now use groovy gnu autoconf macro AC_HEADER_DIRENT + [e465db9f5dfa] + + * getcwd.c, getwd.c: + MAXPATHLEN -> MAXPATHLEN+1 + [714d87424e21] + + * emul/search.h, lsearch.c: + Initial revision + [55d79482c535] + +1995-03-27 Todd C. Miller + + * parse.yacc: + eliminated bison warnings + [61ca0a96da22] + + * parse.lex: + added missing case + [6be0f849747c] + + * visudo.c: + now iincludes signal.h + [221e0fcc144f] + + * parse.yacc: + only clear data structures on a parse error + [7b1c0f1a4527] + + * visudo.c: + whatnow() now gives help on invalid input + [e5a4cd88c587] + + * visudo.c: + added a whatnow() function (sort of like mh) + [932d9b145f1c] + + * parse.yacc: + kill_aliases -> reset_aliases yywrap() now cleans up by calling + reset_aliases() and clearing top took reset stuff out of yyerror() + since it doesn't beling there (and doesn't work anyway). errorlineno + is now initially set to -1 so we can set it to the first error that + occurrs (it was getting set to the last) + [2f71f95a974c] + + * parse.lex: + added a void cast + [18ae6042dce4] + + * visudo.c: + rewrote from scratch based on 4.3BSD vipw.c + [2f6814f18576] + +1995-03-26 Todd C. Miller + + * sudo.c, sudo.h: + removed ocmnd + [a31735f41ad4] + + * sudo.h: + no more sudo_realpath() and find_path() changed params + [8e85c3b39159] + + * sudo.c: + find_path() changed since no more realpath() + [b25366c7f2ee] + + * parse.yacc: + on error, errorlineno is set to the line where the error occurred + added kill_aliases() to free the aliases struct now clean up in + yyerror() so we can reparse cleanly + [2342f578c27a] -1999-11-04 14:01 millert + * options.h, parse.c: + no more USE_REALPATH + [cfc59babeaff] + + * logging.c: + changed to use new find_path() + [91c7a38e7751] - * CHANGES, config.h.in, configure, configure.in, sudo.c: o Now use - getrlimit to find the highest fd when closing all non-std fd's o - Turn off core dumps via setrlimit for the sake of paranoia + * find_path.c: + removed all the realpath() stuff + [cc21a43a8562] -1999-11-04 13:57 millert + * Makefile.in: + sudo_realpath.c -> sudo_goodpath.c + [03a9b1ddec2f] - * RUNSON: updates + * visudo.c: + now works correctly with utk parser + [08aa554a0ce8] -1999-11-01 10:59 millert + * goodpath.c: + Initial revision + [1ea607e1ffb2] - * CHANGES: updates + * sudo_realpath.c: + eliminated a compiler warning + [198bcccc55b6] -1999-11-01 10:58 millert + * sudo.c: + elinated compiler warning + [e2384f9a878b] - * tgetpass.c: When read()'ing, do a single character at a time to - be sure we don't go oast the newline. + * sudo_realpath.c: + added sudo_goodpath() + [43878c4cc540] -1999-11-01 10:43 millert + * sudo.h: + added prototype for sudo_goodpath + [23e8627a2265] - * sudo.c: For the sudo_root option, check against user_uid, not - getuid() since at this point, ruid == euid == 0. + * parse.c: + added support for /sys/dir.h + [eca897087741] -1999-10-31 23:14 millert + * options.h: + USE_REALPATH turned off + [620ac8b63d85] - * RUNSON: some updates + * find_path.c: + added calls to sudo_goodpath() + [ad170904fbcd] -1999-10-31 23:14 millert + * configure.in: + added check for dirent.h + [7964a8c26855] - * logging.h: Fix compilation problem when --with-logging=file was - specified. This means that syslog is now required to build sudo - but that should not be a problem. If it is it can be fixed - trivially with a configure check for syslog() or syslog.h. + * config.h.in: + added HAVE_DIRENT_H + [1f785fec7e19] -1999-10-31 23:00 millert + * configure.in: + added in linux shadow pass stuff  + [e585a5785f50] - * tgetpass.c: Make this work again for things like "sudo echo hi | - more" where the tty gets put into character at a time mode. We - read until we read end of line or we run out of space (similar to - fgets(3)). +1995-03-24 Todd C. Miller -1999-10-20 11:23 millert + * visudo.c: + added back host, user, cmnd, parse_error + [0ec19f3d64f4] - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: change ital - to bold + * visudo.c: + added in utk changes plus some minor cosmetic changes + [c5c1921c8a58] -1999-10-20 11:23 millert + * sudo.c, sudo_realpath.c: + added void casts for printf's + [9c6ff11c0082] - * RUNSON: update + * options.h: + added a define of USE_REALPATH + [db3711c9efc5] -1999-10-16 13:56 millert + * configure.in: + there is no more visudoers/Makefile + [36e1bc1f78d0] - * defaults.c: Error out if syslog parameters are given without a - value. For Ultrix or 4.2BSD "syslog" is allowed without a value - since there are no facilities in the 4.2BSD syslog. + * Makefile.in: + added in utk changes (visudo is now built from the toplevel) + [76203d4b345d] -1999-10-15 16:37 millert + * find_path.c: + added (void) casts to printf's + [dd5cb1e060ac] - * defaults.c: Ignore the syslog facility for systems w/ old syslog - like Ultrix. + * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c: + merged in utk changes + [35563307fd8e] -1999-10-15 12:51 millert +1995-03-23 Todd C. Miller - * TROUBLESHOOTING: people with "." early in their path can have - problems running sudo from the build dir ;-) + * find_path.c: + now check to see that what we are trying to run is a file (or a link + to a file, we do a stat(2) so there is no diff) + [05889c4bcace] -1999-10-13 00:18 millert +1995-03-13 Todd C. Miller - * sudo.man, sudo.pod, sudo.cat, sudo.html: Remove -r realm option + * CHANGES: + updated + [3e8047bb26fb] -1999-10-12 22:34 millert + * Makefile.in: + aclocal.m4 -> acsite.m4 make realclean updated for new autoconf  + [0bdbaa7c4c7d] - * configure, configure.in, sudo.c, auth/kerb5.c, auth/sudo_auth.c, - auth/sudo_auth.h: New krb5 code from Frank Cusack - . + * sudo.man: + added myself as maintainer + [77a9d75aab84] -1999-10-12 22:33 millert +1995-02-17 Todd C. Miller - * CHANGES: update to reality + * sudo.c: + changed setegid -> setgid + [7f4788d73b6f] -1999-10-11 20:53 millert +1995-02-06 Todd C. Miller - * auth/fwtk.c: include to get function prototypes. + * configure.in: + fixed the test for irix 5.x to skip bad libs + [bfef896de013] -1999-10-11 20:05 millert + * aclocal.m4: + now initialize OS and OSREV + [cc302756e440] - * sudo.cat, sudo.html, sudo.man, sudo.pod: document -L flag +1995-01-27 Todd C. Miller -1999-10-11 19:42 millert + * configure.in: + irix5 changes + [ac985b23f5f2] - * sudo.c: in set_perms(), always call setuid(0) before changing the - ruid/euid so we always know it will succeed. + * configure.in: + AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1 + compatibility + [0cf8c92a06d7] -1999-10-11 12:24 millert +1995-01-19 Todd C. Miller - * defaults.h: #undef T_FOO to avoid conflicts with system defines - (like on ULTRIX). + * visudo.c: + use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ + thing wrt yyrestart (grrrr) + [18e8eabfbb82] -1999-10-11 11:55 millert +1995-01-16 Todd C. Miller - * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man, - sudoers.pod: Docuement "Defaults" lines in /etc/sudoers. Still - needs some fleshing out but this is a start. + * Makefile.in: + added visudoers/compat.h to DISTFILES + [db23b574b034] -1999-10-10 17:21 millert + * configure.in: + fixed an echo + [7cbc0462b89d] - * defaults.c: use strtol, not strtoul since not everyone has not - strtoul + * sudo.c: + added ocmnd declaration adjusted for find_path()'s new parameters + [d929cd156474] -1999-10-10 15:01 millert + * sudo.h: + added ocmnd extern adjusted find_path() prototype + [e0004daf5d3c] - * lex.yy.c, parse.lex: last {WORD} rule should only apply in the - INITIAL state + * parse.c: + cmndcmp() now takes 3 arguments and checks against the qualified as + well as the unqualified pathname. more code that should use + cmndcmp() but did not, now does + [6f70a8c17bee] -1999-10-10 14:38 millert + * options.h: + added to a comment + [7a78680426b2] - * lex.yy.c, parse.lex: o Add support for escaped characters in the - WORD macro o Modify fill() to squash escape chars + * logging.c: + changed to use new find_path() parameter passing + [840981d30db4] -1999-10-10 13:56 millert + * find_path.c: + find_path() now takes 2 copyout parameters (one for the qualified + pathname and one for the unqualified pathname). The third parameter + may be NULL. + [851503b005e9] - * defaults.c, defaults.h: o Add T_PATH flag to allow simple sanity - checks for default values that are supposed to be pathnames. o - Fix a duplicate free when visudo finds an error. + * configure.in: + no longer munge pathnames.h + [427d8796c5a9] -1999-10-09 01:01 millert + * pathnames.h.in: + changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h) + as a result, pathnames.h does not need to be run through configure + and the user can override the configured values easily. + [2e378f2ebe88] - * defaults.c, defaults.h, logging.c: mail_if_foo -> mail_foo + * config.h.in: + added _SUDO_PATH_* entries + [0857de7cebab] -1999-10-07 21:12 millert + * aclocal.m4: + _PATH* -> _SUDO_PATH_* + [7601193f56cc] - * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c: o Add - requiretty option o Move O_NOCTTY to compat.h + * Makefile.in: + updated DISTFILES and HDRS .o's now depend on config.h + [39d8601965cf] -1999-10-07 21:12 millert +1995-01-13 Todd C. Miller - * logging.c: The exit() in log_error() was mistakenly removed in a - previous version. Put it back... + * compat.h: + removed extraneous #endif + [27d4c5f2ce7e] -1999-10-07 17:20 millert + * aclocal.m4: + added SUDO_PROG_MV + [76dda3bdd816] - * INSTALL, TODO, check.c, config.h.in, configure, configure.in, - defaults.c, defaults.h, find_path.c, getspwuid.c, lex.yy.c, - logging.c, parse.yacc, sudo.c, auth/aix_auth.c, auth/fwtk.c, - auth/pam.c, auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c: o - Change defaults stuff to put the value right in the struct. o - Implement mailer_flags o Store syslog stuff both in int and - string form. Setting the string form magically updates the int - version. o Add boolean attribute to strings where it makes sense - to say !foo + * configure.in: + added SUDO_PROG_MV added riscos and isc os types took out + -DSHORT_MESSAGE from --with-csops since it is now the default + [68c206ad976e] -1999-10-07 17:13 millert + * sudo.c: + move the include of id.h to compat.h now includes options.h + [45a1eaafb3a8] - * tgetpass.c: add O_NOCTTY when opening /dev/tty just in case + * sudo.h: + moved compatibility #defines to compat.h + [0eee27057698] -1999-10-06 00:48 millert + * pathnames.h.in: + added _PATH_MV + [e830797ab320] - * auth/API: cleanup function no longer takes a status arg + * config.h.in: + move __P to compat.h + [188e12e0ba93] -1999-10-06 00:48 millert + * getcwd.c, getwd.c, putenv.c: + now includes compat.h + [c72cb6d73981] - * INSTALL: the the + * compat.h: + Initial revision + [d4d2f359ae03] -1999-09-15 05:15 millert +1995-01-12 Todd C. Miller - * TODO, config.h.in, configure, configure.in, logging.c: Use - strftime() instead of ctime() if it is available. + * sudo.h: + pull user-configurable stuff out and put in options.h + [ef929467b070] -1999-09-14 12:58 millert +1995-01-11 Todd C. Miller - * defaults.c: fix copyright date + * parse.lex, parse.yacc, visudo.c: + now includes options.h + [e36d7c82add1] -1999-09-14 12:57 millert + * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c, + sudo_setenv.c: + now includes options.h + [f186ba03de07] - * RUNSON: update ReliantUNIX entry + * Makefile.in: + added visudoers/options.h + [e5350c476494] -1999-09-14 12:56 millert + * OPTIONS, options.h: + Initial revision + [9b6b5001e318] - * defaults.c, defaults.h, logging.c: add log_year option + * Makefile.in: + added OPTIONS and options.h + [25448341e16a] -1999-09-14 04:01 millert + * logging.c: + changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE + [5dd6385dd1d3] - * configure, configure.in: add --without-sendmail to help output + * check.c, sudo.h: + changed PASSWORD_TIMEOUT to minutes + [0ec6aab98738] -1999-09-14 03:42 millert +1994-12-17 Todd C. Miller - * configure, configure.in: enforce an otctal arg for - --with-suoders-mode + * visudo.c: + now only do Editor +line_num if line_num != 0 + [b69f04b5e3c7] -1999-09-08 04:06 millert +1994-12-16 Todd C. Miller - * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, check.c, - config.h.in, configure, configure.in, defaults.c, defaults.h, - find_path.c, lex.yy.c, logging.c, parse.h, parse.lex, parse.yacc, - sudo.c, sudo.h, sudo.tab.h, testsudoers.c, version.c, visudo.c, - auth/aix_auth.c, auth/fwtk.c, auth/kerb5.c, auth/pam.c, - auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c: Add support for - "Defaults" line in sudoers to make configuration variables - changable at runtime (and on a global, per-host and per-user - basis). Both the names and the internal representation are still - subject to change. It was necessary to make sudo_user.runas but - a char ** instead of a char * since this value can be changed by - a Defaults line. There is a similar (but more complicated) issue - with sudo_user.prompt but it is handled differently at the - moment. + * visudo.c: + now use mv if rename(2) fails + [83210dca1bab] - Add a "-L" flag to list the name of options with their - descriptions. This may only be temporary. + * BUGS: + added a visudo bug + [d61a806f9aa7] - Move some prototypes to parse.h + * check.c: + expanded comment + [641f2cba94cb] - Be much less restrictive on what is allowed for a username. +1994-11-12 Todd C. Miller -1999-09-08 04:01 millert + * check.c: + fixed user_is_exempt to return 0 if EXEMPTGROUP is not set + [7a11135039a8] - * sample.syslog.conf: Add more info +1994-11-10 Todd C. Miller -1999-09-04 03:09 millert + * sudo.c: + added mips & isc support + [e258dc053119] - * fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c, - strcasecmp.c, LICENSE: UCB has dropped the advertising clause - from their license. + * parse.c: + added support for non-root owned sudoers file + [fea07e65a0fc] -1999-08-31 05:39 millert + * check.c: + added exempt group support + [928fb4bd9ad5] - * auth/sudo_auth.h: move dce_verofy proto to correct section + * sudo.h: + added set_perms() support added SUDOERS_OWNER so can have non-root + own sudoers file added exempt group support added isc support + [61c578d31fc1] -1999-08-31 05:39 millert + * visudo.c: + now copy sudoers to temp file via read/write (not stdio) now chown + new sudoers file to SUDOERS_OWNER + [a5176c59df70] - * auth/dce.c: remove XXX +1994-11-08 Todd C. Miller -1999-08-28 06:00 millert + * configure.in: + added skey support + [35a8d2fabdb7] - * emul/fnmatch.h: Add fnmatch() prototype + * sudo_realpath.c: + be_* -> setperms() + [a1631d686e1c] -1999-08-28 06:00 millert + * sudo.h: + fixed typo added set_perms support added skey support added + seteuid()/setegid() emulation for AIX + [c0c8d6771406] - * fnmatch.c, parse.c, testsudoers.c: Move inclusion of - emul/fnmatch.h to be after sudo.h for __P + * sudo.c: + be_* -> setperms() now check to make sure sudoers file is owned by + root nread/write by only root + [13ab1e261f1a] -1999-08-28 05:59 millert + * logging.c, parse.c: + be_* -> setperms() + [21499d845c8f] - * sudo.h: add strcasecmp proto + * check.c: + be_* -> set_perms() added skey support + [df51b56871c1] -1999-08-28 05:50 millert +1994-11-06 Todd C. Miller - * auth/sudo_auth.c: add check for case where there are no auth - methods + * Makefile.in: + ++version + [3c1abbe4e43c] -1999-08-28 05:36 millert + * version.h: + ++ + [1d2f9b540a95] - * configure, configure.in: Define _XOPEN_EXTENDED_SOURCE on AIX and - __USE_FIXED_PROTOTYPES__ on SunOS4 w/ gcc +1994-10-21 Todd C. Miller -1999-08-28 05:24 millert + * sudo.c: + now sets IFS + [eabbb41b9f08] - * getspwuid.c, lex.yy.c, parse.lex, parse.yacc: include strings.h - everywhere we include string.h + * insults.h: + fixed typo + [c7997f19216e] -1999-08-28 05:22 millert +1994-10-15 Todd C. Miller - * version.c: nicer output when showing auth methods + * config.h.in: + added HAVE_SKEY + [da948ec4186b] -1999-08-28 05:00 millert +1994-10-04 Todd C. Miller - * version.c: Add support for SEND_MAIL_WHEN_NO_HOST + * CHANGES: + updated + [f4b55ab007ea] -1999-08-28 04:49 millert + * Makefile.in: + ++version + [0489068b8c95] - * config.h.in, configure.in, configure: Add _GNU_SOURCE for Linux + * version.h: + ++ + [d189faedf423] -1999-08-28 04:22 millert + * sudo.c: + now bail if ARgv[1] > MAXPATHLEN + [0cea8ecc9dc2] - * parse.lex, lex.yy.c: fix definition of OCTECT + * configure.in: + added function check for tcgetattr(3) + [e03289b22c2f] -1999-08-28 04:10 millert + * config.h.in: + only define HAVE_TERMIOS_H if you have tcgetattr(3) + [757eab83d1a2] - * configure, configure.in: aix_auth.o not authenticate.o + * config.h.in: + added check for tcgetattr + [c5ae92715930] -1999-08-27 17:02 millert +1994-09-26 Todd C. Miller - * sudo.c: Only block SIGINT, SIGQUIT, SIGTSTP (which can be - generated from the keyboard). Since we run with ruid/euid == 0 - the user can't really signal us in nasty ways. + * CHANGES: + updated + [cbc419883108] -1999-08-27 17:01 millert +1994-09-22 Todd C. Miller - * visudo.c: Don't need to worry about catching too many signals - since we do locking on the tmp file. If a lockfile is really - stale, it will be detected and overwritten. + * parse.lex: + now only include unistd.h for linux + [e9adeab95ef0] -1999-08-27 16:09 millert +1994-09-21 Todd C. Miller - * INSTALL, Makefile.in: include auth/API in tarball + * Makefile.in: + added visudo.8 generation + [d6a3f0f887f8] -1999-08-27 16:09 millert + * configure.in: + added -Wl,-bI:./aixcrypt.exp to aix flags + [72594a21edcf] - * auth/sudo_auth.c: move memset() of plaintext pw outside of verify - loop and only do the memset if we are *not* in standalone mode. +1994-09-20 Todd C. Miller -1999-08-27 13:46 millert + * BUGS: + added one + [9993a349e096] - * auth/: sudo_auth.c, sudo_auth.h: DCE is not a standalone method + * CHANGES: + updated + [297b31ec4cdd] -1999-08-27 11:53 millert + * README: + added mailing list info + [10372f94a2b2] - * sudo.c: fix --enable-noargs-shell + * parse.yacc: + now use sudolineno instead of yylineno fixed bison warnings + [25a83e62057b] -1999-08-27 11:06 millert + * configure.in: + now use -no_library_replacement for osf don't make a static binary + for hpux >= 9.0 + [1fa7b892f1a3] - * snprintf.c: "#ifdef __STDC__" not "#if __STDC__" (I missed one) + * tgetpass.c: + added string.h/strings.h inclusion + [71faa98fc0a1] -1999-08-27 10:54 millert + * config.h.in: + added ssize_t def + [406284bd1ac0] - * auth/: fwtk.c, sia.c: _cleanup() function returns an int. + * parse.lex: + added inclusion of string.h/strings.h + [6985b1df5d09] -1999-08-27 10:50 millert + * aclocal.m4: + fixed uname | sed (needed to quote the '[') + [4cd2d3415c1a] - * auth/dce.c: there were still some return(0)'s hanging around, - make them AUTH_FAILURE + * parse.lex: + replaced yylineno with sudolineno fixed bison syntax errors + [0bd31a5fab26] -1999-08-27 10:39 millert + * visudo.c: + changed yylineno to sudolineno since yylineno cannot be counted + upon. + [38c30104d0ae] - * parse.c: typo in comment + * TODO: + updated + [5d4746f1a752] -1999-08-27 10:03 millert + * parse.c: + added code to support command listings + [030172e133fd] - * version.c: add missing semicolon + * sudo.c: + added code for -l flag + [801dbbc82778] -1999-08-27 08:31 millert + * sudo.man: + fixed typo added info for -l flag + [8916ca945d65] - * auth/sudo_auth.h: missing backslash + * configure.in: + AC_SSIZE_T -> SUDO_SSIZE_T + [c61f7f47013f] -1999-08-26 17:24 millert + * aclocal.m4: + added SUDO_SSIZE_T + [0ccdb77be84d] - * CHANGES, config.h.in, configure, configure.in: Kill - _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes + * sudo.h: + added MODE_LIST + [9b2bd844c76c] -1999-08-26 09:21 millert + * configure.in: + added AC_SSIZE_T + [35cca208f9b5] - * Makefile.in: add parse.h to HDRS + * find_path.c, sudo_realpath.c: + readlink() is now declared as returning ssize~_t + [0640a08d1407] -1999-08-26 09:16 millert + * configure.in: + added -laud for OSF c2 + [b7539c905efc] - * Makefile.in, configure, configure.in: Kill VISUDO_LIBS and - VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and LDFLAGS. Common libs go - in LIBS, commong ld flags go in LDFLAGS and network libs like - -lsocket, -lnsl go in NET_LIBS. This allows testsudoers to build - on Solaris and is a bit cleaner in general. +1994-09-02 Todd C. Miller -1999-08-26 06:56 millert + * Makefile.in, visudo.c: + changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu + [067fd9bcb5e1] - * UPGRADE: mention ptmp -> sudoers.tmp + * config.h.in, parse.lex, parse.yacc, pathnames.h.in: + changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu + [fc46e7c7110a] -1999-08-26 06:12 millert + * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c, + parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c, + sudo_setenv.c, tgetpass.c, version.h: + changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed + [d1d4fbc53a98] - * configure.in, configure, config.h.in: Define - _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE +1994-09-01 Todd C. Miller -1999-08-26 05:37 millert + * Makefile.in: + ++version + [b7066d97633f] - * RUNSON: add 2 reports + * version.h: + ++ + [65ec69d88110] -1999-08-26 05:20 millert + * logging.c: + added host to alertmail messages + [d973c19ce777] - * auth/kerb5.c: Minor changes, mostly cosmetic. - verify_krb_v5_tgt() changed to return a value more like a system - function + * CHANGES, TODO: + udpated + [5a65eb16faeb] -1999-08-26 05:19 millert + * logging.c: + fixed logging problem where mail would not say which user it was + [35723edcc5d2] - * auth/dce.c: Add an XXX + * configure.in: + added -laud for gcc if osf & c2 + [18f1e0ae5548] -1999-08-26 05:19 millert + * check.c: + moved set_auth_parameters to sudo.c + [d23112fe01db] - * TODO: more things todo! + * sudo.c: + added set_auth_parameters for osf + [eb70f65214ac] -1999-08-26 05:18 millert + * configure.in: + cleaned up -static stuff + [01e9575f0422] - * sample.sudoers: update based on what is in the man page + * Makefile.in: + ++version + [7ac3bff5c770] -1999-08-26 05:10 millert + * version.h: + ++ + [10a4ff478469] - * parse.yacc: minor change to first line printed in -l mode + * sudo.c: + changed setenv() to sudo_setenv() + [40a78abb9946] -1999-08-26 05:10 millert + * check.c: + fixed osf problem + [3d69b118efb8] - * sudo.cat, sudo.html, sudo.man, sudo.pod: rename "ENVIRONMENT - VARIABLES" section to "ENVIRONMENT" to be more standard and add - "EXAMPLES" section + * configure.in: + added OSF C2 stuff + [38cff3ad4093] -1999-08-26 05:08 millert + * CHANGES: + updated + [cd341dd0581a] - * visudo.cat, visudo.html, visudo.man, visudo.pod: rename - "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more - standard + * check.c: + added osf auth support & removed some extra spaces + [a448cdd81514] -1999-08-26 05:06 millert + * INSTALL, SUPPORTED: + added osf C2 stuff + [f70484796146] - * logging.c, parse.c, sudo.h: add FLAG_NO_CHECK +1994-08-31 Todd C. Miller -1999-08-26 05:05 millert + * TODO: + added 2 suggestions + [695fbdbd86e6] - * parse.lex, lex.yy.c: make an OCTET really be limited to 0-255 + * Makefile.in: + removed README.v1.3.1 and added VERSION stuff + [f69403eb04c6] -1999-08-26 05:04 millert + * version.h: + pl1 + [21580c0f8cb1] - * UPGRADE: mention timestamp changes +1994-08-30 Todd C. Miller -1999-08-26 05:04 millert + * version.h: + 1.3.1final + [630114970298] - * PORTING: cosmetic cleanup + * Makefile.in: + added HISTORY + [901bff251614] -1999-08-26 05:00 millert + * sudo.man: + mention HISTPRY file + [86dbcfd4326e] - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: new - sudoers(8) man page + * sudo.c: + use sizeof instead of a constant in 1 place + [d819604c68ca] -1999-08-24 13:45 millert + * parse.yacc: + added unistd.h + [6f9500f9fe7e] - * version.c: Update comments about syslog name tables + * parse.lex: + added unistd.h + [468b81a276eb] -1999-08-24 13:37 millert + * README: + udpated + [7e275618923a] - * CHANGES, LICENSE, Makefile.in, configure, strcasecmp.c, - configure.in, parse.yacc: include strcasecmp() for those without - it + * HISTORY: + Initial revision + [5db1b0a3939b] -1999-08-24 12:43 millert +1994-08-17 Todd C. Miller - * sample.sudoers: Use the : operator some more and fix a typo + * version.h: + ++ + [7dfbb4a810bb] [SUDO_1_3_1] -1999-08-24 12:43 millert + * CHANGES: + updated + [7820ee610bf8] - * HISTORY: update the history of sudo + * sudo_setenv.c: + added unistd.h include + [30cf2b654525] -1999-08-24 12:42 millert +1994-08-16 Todd C. Miller - * parse.c, parse.lex, testsudoers.c: CIDR-style netmask support + * sudo.c: + added sys/time.h for AIX + [199fc8caf3a3] -1999-08-24 12:41 millert +1994-08-15 Todd C. Miller - * CHANGES: recent changes + * configure.in: + added check for -lsocket and sys/sockio.h + [f9abfbb31031] -1999-08-24 12:40 millert + * config.h.in: + took out libshadow check and added in sys/sockio.h check + [0c4b0393ac80] - * sudo.tab.h: these should be generated with byacc, not bison + * sudo.c: + now include sockio.h instead of ioctl.h if it exists "sudo -" now + gets a better error message + [53041bea5483] -1999-08-24 12:40 millert + * sample.sudoers: + now has a dir and subnet entry + [56b820f65438] - * lex.yy.c: regen +1994-08-13 Todd C. Miller -1999-08-24 11:58 millert + * sudo.c: + removed if_ether.h + [b4f64507493e] - * parse.h, parse.yacc, sudo.tab.h: In "sudo -l" mode, the type of - the stored (expanded) alias was not stored with the contents. - This could lead to incorrect output if the sudoers file had - different alias types with the same name. Normal parsing (ie: - not in '-l' mode) is unaffected. + * TODO: + added an item + [ea2a1bb6922a] -1999-08-23 12:47 millert + * sudo.man: + added network and ip addresses to man page + [01c85016511f] - * configure, configure.in: define _XOPEN_SOURCE to get at crypt() - proto on some systems + * sudo.c: + no error if can't get interfaces or netmask since networking may not + be in the kernel. + [50b8890e2134] -1999-08-22 13:10 millert + * parse.c: + nwo check for interfaces == NULL + [dc1b3eef0db2] - * snprintf.c: fix comment + * parse.c: + fixed a bug that caused directory specs in a Cmnd_Alias to fail if + the last entry in the spec failed (ie: it was only looking at the + last entry). CLeaned things up by adding the cmndcmp() function--all + neat & tidy + [007e93578e5e] -1999-08-22 13:09 millert + * CHANGES: + added one + [40e8a2cef497] - * tgetpass.c: don't need limits.h +1994-08-12 Todd C. Miller -1999-08-22 07:36 millert + * sudo.c: + now do two passes to skip bogus interfaces (lo0, etc) + [465e30aecaf7] - * snprintf.c: kill bogus reference to vfprintf + * parse.lex, parse.yacc, visudo.c: + added include of netinet/in.h + [11e3816ed362] -1999-08-22 07:26 millert + * logging.c, sudo_realpath.c, sudo_setenv.c: + added ninclude of netinet/in.h + [daccfa40fe1e] - * sample.sudoers, sudoers: better examples + * check.c, find_path.c, getcwd.c, getwd.c: + added include of netinet/in.h + [0222f95e06ad] -1999-08-22 07:23 millert + * version.h: + ++ + [d6b0cfa35a38] - * snprintf.c: Add some const in the K&R defs. This is safe since - we define const away if the compiler doesn't grok it. + * sudo.h: + added interfaces global + [ba52fa8ad75e] -1999-08-22 07:22 millert + * parse.c: + now uses new interfaces global + [17473ad5ecba] - * aclocal.m4, configure: Better test for working long long support. - Ultrix compiler supports basic long long but not all operations - on them. + * sudo.c: + now ip addresses are gleaned fw/o dns + [8828bb2007e0] -1999-08-22 05:59 millert +1994-08-10 Todd C. Miller - * aclocal.m4, config.h.in, configure, getspwuid.c, snprintf.c, - sudo.c, auth/secureware.c: Add check for LONG_IS_QUAD #undef - MAXINT before including hpsecurity.h to silence an HP-UX warning - Check for U?LONG_LONG_MAX in snprintf.c and use LONG_IS_QUAD + * sudo.c: + added load_ip_addrs() to load the ip_addrs global var + [60c825f04238] -1999-08-21 15:00 millert + * parse.c: + added hostcmp() to compare hostnames, ip addrs, and network addrs + [ab0e40e37537] - * LICENSE, aclocal.m4, config.h.in, configure, configure.in, - snprintf.c: UCB-derived snprintf + asprintf support. Supports - quads if the compiler does. No floating point yet, perhaps - later... + * sudo.h: + added ip_addrs def added load_ip_addrs prototype + [c41c565d0777] -1999-08-20 16:37 millert +1994-08-08 Todd C. Miller - * check.c, find_path.c, goodpath.c, logging.c, parse.c, sudo.c, - auth/API, auth/sudo_auth.c, auth/sudo_auth.h: Run most of the - code as root, not the invoking user. It doesn't really gain us - anything to run as the user since an attacker can just have an - setuid(0) in their egg. Running as root solves potential - problems wrt signalling. + * CHANGES: + updated + [2a128dbe9bcb] -1999-08-19 13:45 millert + * Makefile.in: + removed multiple entries in DISTFILES + [2490f4f371e6] - * logging.c, sudo.c: Don't wait for child to finish in log_error(), - let the signal handler get it if we are still running, else let - init reap it for us. The extra time it takes to wait lets the - user know that mail is being sent. + * visudo.c: + ansified the !STDC_HEADERS decls + [646ba06d17ae] - Install SIGCHLD handler in main() and for POSIX signals, block - everything *except* SIGCHLD. + * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c: + don't do malloc decl if gnuc + [f1bad1925f98] -1999-08-19 12:30 millert + * sudo.c: + can't use getopt(3) since it munges args to the command to be run as + root don't do malloc decl if gnuc + [38e78f6da14e] - * logging.c, parse.c, parse.yacc, sudo.c, configure, sudo.h, - INSTALL, config.h.in, configure.in: sudoers_lookup() now returns - a bitmap instead of an int. This makes it possible to express - things like "failed to validate because user not listed for this - host". Some thigns that were previously VALIDATE_FOO are now - FLAG_FOO. This may change later on. + * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c, + sudo_realpath.c, sudo_setenv.c: + ansi-fied !STDC_HEADER function prottypes + [51d8cad89976] + + * getcwd.c, getwd.c: + added missing paren + [6a1fae70e27e] + + * Makefile.in: + added putenv.c to DISTFILES + [a5e4523eabbb] + + * sudo_setenv.c: + added params to func decls when STDC_HEADERS is not defined now can + count on putenv() being there + [fd587796189b] + + * sudo_realpath.c: + took out errno decl since sudo.h does it for us fixed up a next cc + warning added params to func decls when STDC_HEADERS is not defined + [70fa5152ace6] - Reorganized code in log_auth() and sudo.c to deal with above - changes. + * sudo.h: + took out environ extern added local declaratio of putenv() if local + version is needed + [a84bae6c020d] - Safer versions of push/pushcp with in the do { ... } while (0) - style + * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c: + added params to func decls when STDC_HEADERS is not defined + [f406f0e47ac0] - parse.yacc now saves info on the stack to allow parse.c to - determine if a user was listed, but not for the host he/she tried - to run on. + * config.h.in: + added memcpy check check to see that ansi vs bsd macros are ntot + already defiend before defining (ie: avoid redefinition) + [879ae026e19f] + + * configure.in: + removed fluff setenv check plus check w/ replace for putenv if also + no setenv + [e3c03814ad4b] + + * putenv.c: + Initial revision + [3cff63e2dc1b] + +1994-08-06 Todd C. Miller - Added --with-mail-if-no-host option + * sudo_setenv.c: + Initial revision + [4d637631fa6b] + + * sudo.h: + rm'd s realp[ath added sudo_realpath and sudo_setenv + [07ba001ff57e] + + * sudo.c: + now use sudo_setenvc + [fd81e04d5ef0] + + * configure.in: + added puteenv and setenv, removed realpath + [27bfacfb513b] + + * config.h.in: + added putenv & setenv + [515f14eaf6e4] + + * Makefile.in: + added sudo_setenv + [217731a717c5] + + * version.h: + ++ + [eadb346d7129] + +1994-08-05 Todd C. Miller + + * configure.in: + added MAN_POSTINSTALL and /usr/share/catman for irix + [2a9496c1bdba] + + * Makefile.in: + added MAN_POSTINSTALL + [89b0d4695529] + + * CHANGES: + added + [48c021ba8a70] + + * sudo.man: + added SUDO_* plus new options + [c0759cff5683] + + * CHANGES: + added one + [7d44a3922d56] + + * configure.in: + took out shadow lib + [07cf3de18701] + + * TODO: + adde done + [a27a578e8afe] + + * visudo.c: + now use yyrestart() if flex now reset yylineno to 0 + [77d67ce0b677] + + * Makefile.in: + support for installing a cat page instead of a man page if no nroff + [44671c0fc0fa] + + * configure.in: + now defines HAVE_FLEX fixed up man stuff so that it looks for nroff + to determine whether or not to install a cat or man page + [0562d069c135] -1999-08-17 11:29 millert + * config.h.in: + added HAVE_FLEX + [c5490bae39d3] - * parse.yacc, sudo.h, visudo.c, visudo.cat, visudo.html, - visudo.man, visudo.pod: o NewArgv and NewArgc don't need to be - externally visible. o If pedantic > 1, it is a parse error. o - Add -s (strict) option to visudo which sets pedantic to 2. + * sudo.c: + not set ret to MODE_RUN initially + [88b4983c195b] -1999-08-17 11:26 millert + * find_path.c: + made command (and therefor cmnd dynamically allocated) + [95b82e32b6de] - * HISTORY, INSTALL: Just have sudo-bugs contact info in one place + * TODO: + did #8 + [fb6f41308cdf] -1999-08-17 11:20 millert + * version.h: + ++ + [14112ecab5ae] - * sudo.cat, sudo.html, sudo.man, sudo.pod: Add BUGS section + * sudo_realpath.c: + changed bufs from MAXPATHLEN to MAXPATHLEN+1 + [0ad4f34e55c0] -1999-08-17 10:29 millert + * sudo.h: + added MODE_ removed validate_only and added remove_timestamp() + [dd5f99c57728] - * configure, configure.in, Makefile.in: Add testsudoers to default - build target if --with-devel Don't clean generated parser files - unless "distclean". + * sudo.c: + usage() now takes an int (exit value) added parse_args() to parse + command line arguments moved call to find_path() from load_globals + to new function load_cmnd() removed validate_only global -- now use + the concept of "modes" added -h and -k options + [c3887090b28a] -1999-08-17 08:47 millert + * parse.c: + no longer use global validate_only now checks for command called + "validate" removed check for non-fully qualified commands since that + is done by find_path + [7d56fbd26369] - * parse.yacc: In pedantic mode we need to save *all* the aliases, - not just those that match, or we get spurious warnings. + * find_path.c: + changed MAXPATHLEN r to MAXPATHLEN+1 + [a86e8664d971] -1999-08-17 05:32 millert + * find_path.c: + fixed off by one error with MAXPATHLEN and fixed a comment + [58adcef8c981] - * TROUBLESHOOTING: reference samples.sylog.conf + * check.c: + check_timestamp no longer runs reminder(), it is implied in the + return val added remove_timestamp() + [42ab5a77066f] -1999-08-14 11:50 millert + * CHANGES: + updated + [8e69b31df024] - * sample.syslog.conf: Sample entries for syslog.conf +1994-08-04 Todd C. Miller -1999-08-14 11:40 millert + * BUGS: + fixed on + [bc34f1ac4280] - * CHANGES: recent changes + * sudo_realpath.c: + took out old_errno + [a168d00a0768] -1999-08-14 11:36 millert + * CHANGES: + updated + [04ba80922df7] - * auth/: API, afs.c, aix_auth.c, dce.c, fwtk.c, kerb4.c, kerb5.c, - pam.c, passwd.c, rfc1938.c, secureware.c, securid.c, sia.c, - sudo_auth.c, sudo_auth.h: In struct sudo_auth, turn need_root and - configured into flags and add a flag to specify an auth method is - running alone (the only one). Pass auth methods their sudo_auth - pointer, not the data pointer. This allows us to get at the - flags and tell if we are the only auth method. That, in turn, - allows the method to be able to decide what should/should not be - a fatal error. Currently only rfc1938 uses it this way, which - allows us to kill the OTP_ONLY define and te hackery that went - with it. With access to the sudo_auth struct, methods can also - get at a string holding their cannonical name (useful in error - messages). +1994-08-03 Todd C. Miller -1999-08-14 11:34 millert + * logging.c: + moved send_mail to after syslog + [4d4188087834] - * Makefile.in, INSTALL, README, config.h.in, configure, - configure.in, getspwuid.c, lex.yy.c, parse.lex, parse.yacc, - sudo.tab.h: o --with-otp deprecated, use --without-passwd instead - o real dependencies in the Makefile o --with-devel option to - enable yacc, lex, and -Wall o style -- "foo -> bar" becomes - "foo->bar" o ALL goes back to being a token, not a string but - don't leak memory o rename hsotspec -> host in parse.yacc + * sudo.c: + now set SUDO_ envariables + [e5963f1bd3bb] -1999-08-12 12:26 millert +1994-08-01 Todd C. Miller - * BUGS, CHANGES: recent changes + * version.h: + ++ + [2a4534845d8c] -1999-08-12 12:24 millert + * sudo_realpath.c: + now print error if chdir fails + [0d75c8973d49] - * configure, configure.in, interfaces.c, snprintf.c, sudo.c, - sudo.h, auth/sudo_auth.c: o Digital UNIX needs to check for - *snprintf() before -ldb is added to LIBS since -ldb includes a - bogus snprintf(). o Add forward refs for struct mbuf and struct - rtentry for Digital UNIX. o Reorder some functions in snprintf.c - to fix -Wall o Add missing includes to fix more -Wall + * find_path.c: + removed an XXX + [e2077bcb35aa] -1999-08-12 10:37 millert +1994-07-26 Todd C. Miller - * INSTALL, check.c, config.h.in, configure, configure.in, - parse.yacc, testsudoers.c, version.c, visudo.c, auth/sudo_auth.c: - o Add a "pedentic" flag to the parser. This makes sudo warn in - cases where an alias may be used before it is defined. Only - turned on for visudo and testsudoers. o Add - --disable-authentication option that makes sudo not require - authentication by default. The PASSWD tag can be used to require - authentication for an entry. We no longer overload - --without-passwd. + * CHANGES: + updated + [e30a2b39b41a] -1999-08-12 10:29 millert + * configure.in: + no more static binaries for aix + [77a0beb6bd80] - * lex.yy.c, parse.lex: Break 'WORD' regexp def into HOSTNAME and - USERNAME. These days a username can contain just about anything - so be very permissive. Also drop the unused \. punctuation. +1994-07-25 Todd C. Miller -1999-08-09 18:25 millert + * INSTALL: + fixed typo + [ba5e0d391bc4] - * parse.yacc: o add a 'val' element to aliasinfo struct and move -> - parse.h o find_alias() now returns an aliasinfo * instead of - boolean o add_alias() now takes a value parameter to store in the - aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now - return: 1) positive match 0) negative match (due to '!') -1) no - match This means setting $$ explicitly in all cases, which I - should have done in the first place. It also means that we - always store a value that is != -1 and when we see a '!' we can - set *_matches to !rv if rv != -1. The upshot of all of this is - that '!' now works the way it should in lists and some of the - rules are more uniform and sensible. + * sudo_realpath.c: + took out stuff not needed for sudo now does be_root/be_user itself + now uses cwd global + [4f6d4641d793] -1999-08-09 18:17 millert + * version.h: + +=2 + [97da927b297c] - * Makefile.in: add parse.h dependency + * logging.c, sudo.c: + be_root/be_user is now down in sudo_realpath() + [f331662fa50f] -1999-08-09 18:17 millert + * logging.c, sudo.h: + now works with 4.2BSD syslog (blech) + [98e39d89dd36] - * parse.h: kill unused *_matched macros + * find_path.c: + now use sudo_realpath() + [ab436a8ebd02] -1999-08-09 10:35 millert + * config.h.in: + took out realpth() stuff since we now use sudo_realpath() + [8de5ef9f6044] - * parse.yacc: Allow a list of users as the first thing in a user - spec, not just a single entry. This makes things more uniform, - though it does allow you to write user specs that are hard to - read. + * configure.in: + ultrix enhanced sec + [815fb7fffcc0] -1999-08-09 10:08 millert + * SUPPORTED: + added ultrix enhanced sec. + [6466766c8062] - * configure: regen + * INSTALL: + updated + [d681a634297a] -1999-08-09 10:08 millert + * check.c: + ultrix enhanced security suport + [f10c8decbcc2] - * configure.in: fix check for crypt() in libufc + * Makefile.in: + added sudo_realpath.c + [6b9bcd3be022] -1999-08-07 14:03 millert + * CHANGES: + updated + [2fa8084c1b53] - * README: sudo-users list now exists + * tgetpass.c: + increased passwd len to 24 for c2 security + [ec64838be62d] -1999-08-07 07:46 millert + * BUGS: + updated BUGS + [ca00d8fec2ce] - * INSTALL, PORTING, README, TODO, TROUBLESHOOTING: Update to - reality. +1994-07-15 Todd C. Miller -1999-08-07 05:59 millert + * check.c: + now use user global var + [568769719013] - * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h, - config.h.in, configure.in, logging.c, sudo.h, version.c, - visudo.c, configure, fileops.c: o Move lock_file() and touch() - into fileops.c so visudo can use them o Visudo now locks the - sudoers temp file instead of bailing when the temp file already - exists. This fixes the problem of stale temp files but it does - *require* that you not try to put the temp file in a - world-writable directory. This shoud not be an issue as the temp - file should live in the same dir as sudoers. o Visudo now only - installs the temp file as sudoers if it changed. + * configure.in: + took out -ls + [490a44180d5f] -1999-08-06 09:49 millert +1994-07-14 Todd C. Miller - * logging.c: add fcntl locking + * configure.in: + added AFS libs + [4fb40c8c01ba] -1999-08-06 09:33 millert + * sudo.h: + user is now a char * added epasswd + [27a919fafdfb] - * configure, config.h.in, configure.in, logging.c: Lock the log - file. + * sudo.c: + added tzset() to load_globals added epasswd (encrypted password) + global made user dynamically allocated + [b99ef9bdbfce] -1999-08-06 05:36 millert + * configure.in: + added tzset test + [27592dd1214b] - * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c, - visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: o - /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow - temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and - _PATH_SUDO_STMP -> _PATH_SUDOERS_TMP + * config.h.in: + added HAVE_TZSET + [b13f4213f3d0] -1999-08-05 17:38 millert + * check.c: + cleaned up encrypted passwd grab somewhat + [c8ba9a4db38a] - * INSTALL, check.c, config.h.in, configure, configure.in, - version.c: o Kill *_MESSAGE and replace with NO_LECTURE o Add - more things to root sudo -V config reporting + * configure.in: + fixed AFS typo + [2bfcbce237b6] -1999-08-05 10:56 millert + * INSTALL: + added AFS not + [80c67329393c] - * configure, configure.in: aix_auth.o not authenticate.o + * CHANGES: + udpated + [2f09ecdd5d31] -1999-08-05 10:48 millert + * logging.c: + can now log to both syslog & a file + [4d5c0932bc01] - * config.h.in: Add --with-goodpri and --with-badpri configure - options to specify the syslog priority to use. + * sudo.h: + added BOTH_LOGS + [623c539be824] -1999-08-05 10:30 millert + * CHANGES: + updated + [a1c7f5ef3616] - * INSTALL, configure.in, logging.h, configure: Add --with-goodpri - and --with-badpri configure options to specify the syslog - priority to use. + * configure.in: + --with-AFS + [28718d8f5daf] -1999-08-05 10:25 millert + * config.h.in: + added HAVE_AFS + [2e32bb4e63e4] - * compat.h: kill crufty AIX stuff + * check.c: + added afs changes + [fe4d0ff320a2] -1999-08-05 06:55 millert + * sudo.h: + removed AFS stuff :-) + [a40387e6fa27] - * Makefile.in: Sigh, some versions of make (like Solaris's) don't - deal with $< like I would expect. Both GNU and BSD makes get - this right but... So, we just expand $< inline at the cost of - some ugliness. + * tgetpass.c: + include sys/select for AIX + [f32c5a8f2c84] -1999-08-05 06:52 millert + * sudo.h: + added AFS + [da2ab3dd0348] - * version.c: If the invoking user is root, sudo will now print - configure info in -V mode. Currently just prints logging info, - to be expanded later. + * version.h: + ++ + [452d4dfe25af] -1999-08-05 06:51 millert +1994-07-07 Todd C. Miller - * logging.c, logging.h, sudo.c, sudo.h: o new defines for syslog - facility and priority o use new print_version() functino for -V - mode + * CHANGES, SUPPORTED: + updated + [e7dfe6f23a37] -1999-08-05 06:49 millert + * logging.c: + can now have MAILER undefined + [1d33b98b35e1] - * check.c: Don't need version.c + * INSTALL: + new sub-note about MAILER + [d35c636a0574] -1999-08-05 06:21 millert + * sudo.man: + added blurb about password timeout + [70c2ee50de20] - * configure, configure.in, aclocal.m4, config.h.in: Add check for - syslog facilities and priorities tables in syslog.h + * configure.in: + convex c2 changes + [367138a6232e] -1999-08-05 05:23 millert + * aclocal.m4: + took out duplicate define of _CONVEX_SOURCE + [647182138450] - * Makefile.in: o authenticate -> aix_auth o add version.c + * Makefile.in: + added OSDEFS + [7fdcd50602d1] -1999-08-05 05:21 millert + * config.h.in: + added spaces + [f2b8a05e48f3] - * auth/sudo_auth.c: Missed a prompt -> user_prompt conversion + * tgetpass.c: + added a goto if fgets fails + [68a6586d9c45] -1999-08-04 13:32 millert + * sudo.h: + use __hpux not hpux convex c2 stuff + [5c377a8d5f34] - * TODO: sudo should lock its logfile + * sudo.c: + use __hpux not hpux + [9363bc0f9f9e] -1999-08-04 13:28 millert + * logging.c: + convex c2 stuff + [ea5630975ac4] - * parse.yacc: o Add '!' correctly when expanding Aliases. o Add - shortcut macros for append() to make things more readable. o The - separator in append() is now a string instead of a char. o In - append(), only prepend the separator if the last char is not a - '!'. This is a hack but it greatly simplifies '!' handling. o - In -l mode, Runas lists and NOPASSWD/PASSWD tags are now - inherited across entries in a list (matches current behavior). - o Fix formatting in -l mode such that items in a list are - separated by a space. Greatlt improves readability. o Space - for name field in struct aliasinfo is now allocated dyanically - instead of using a (big) buffer. o In add_alias(), only search - the list once (lsearch instead of lfind + lsearch) + * config.h.in: + define ansi-ish cpp os defines if non-ansi are defined for hpux & + convex + [664f53a5e786] -1999-08-04 11:31 millert + * INSTALL: + updated to say we support sonvex C2 + [5f2f8b87013e] - * lex.yy.c, sudo.tab.h: regen + * check.c: + added convex c2 support + [9a665d4918fa] -1999-08-04 10:54 millert +1994-07-01 Todd C. Miller - * configure, configure.in: Solais pam doesn't require anye xtra - setup + * tgetpass.c: + no more ioctl never returns NULL uses fgets() and select() to + timeout + [b333e6d63e97] -1999-08-04 05:35 millert +1994-06-29 Todd C. Miller - * parse.yacc: o Simpler '!' support now that the lexer deals with - multiple !'s for us. o In the case of opFOO, have FOO give a - boolean return value and set foo_matches in opFOO, not FOO. o - Treat 'ALL' as a string since it gets fill()'d in - parse.lex--fixes a small memory leak. In the long run it may - be better to just fix parse.lex and make ALL back into a token. - However, having it be a string is useful since it can be - easily passed back to the parent rule if we so desire. + * configure.in: + things were testing -n "$GCC" instead of -z "$GCC" + [059a9b15ede2] -1999-08-04 03:54 millert + * tgetpass.c: + now works + uses fgets() + [353d7ebcb7bb] - * parse.lex: o Remove some unnecessary backslashes o collapse - multiple !'s by using !+ and checking if yyleng is even or odd. - this allows us to simplify ! handling in parse.yacc +1994-06-28 Todd C. Miller -1999-08-04 03:53 millert + * tgetpass.c: + select doesn't seem to recognize a single '\n' as input waiting so + we can;t use it, sigh. + [f76e3218b835] - * sudo.c: -u flag was being ignored +1994-06-26 Todd C. Miller -1999-08-01 13:04 millert + * PORTING: + updated tgetpass() blurb + [95baac736b49] - * Makefile.in: correct fix + * configure.in: + added --with-getpass + [42ac0bdf58ed] -1999-08-01 12:37 millert + * Makefile.in: + added tgetpass stuff + [e2b38c635663] - * Makefile.in: work around pod2man stupididy + * tgetpass.c: + now uses stdio + [36af8ff66e35] -1999-08-01 12:35 millert + * version.h: + ++ + [4e81c9db19bd] - * Makefile.in: correct dependencies for .cat +1994-06-24 Todd C. Miller -1999-08-01 12:26 millert + * PORTING: + updated ,. + [54f523770a05] - * sudo.cat, sudo.man, visudo.cat, visudo.man: regen + * config.h.in: + added USE_GETPASS && HAVE_C2_SECURITY + [86b355cb2953] -1999-08-01 12:25 millert + * configure.in: + fixed a test aded --with-C2 and --with-tgetpass + [abf6181588ef] - * sudo.pod, visudo.pod: Add copyright Update to reality + * check.c: + added hpux C2 shit + [20d4177ffa88] -1999-08-01 11:42 millert + * Makefile.in: + took out tgetpass.* + [cc82fd9984b4] - * parse.c, sudo.c, sudo.h: rename validate() to the more - descriptive sudoers_lookup() + * INSTALL: + added C2 blurb + [1d2bfc35e4b6] -1999-08-01 06:49 millert +1994-06-13 Todd C. Miller - * auth/aix_auth.c: use tgetpass + * configure.in: + no termio(s) for ultrix since it is broken + [d3e82e835350] -1999-07-31 12:32 millert + * check.c: + added a space (yeah, anal) + [05e4b31ca68c] - * CHANGES: updates + * realpath.c, sudo_realpath.c: + fixed it (duh, rtfm) + [f13097cb8cb6] -1999-07-31 12:31 millert +1994-06-08 Todd C. Miller - * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING, - configure, configure.in, sudo.c: Sudo, not CU Sudo + * config.h.in: + took out bsd signal stuff for irix + [e179cdafc97a] -1999-07-31 12:19 millert + * visudo.c: + comments in #endif + [e3a629190f5e] - * Makefile.in, alloc.c, check.c, compat.h, config.h.in, - find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h, - lex.yy.c, logging.c, logging.h, parse.c, parse.h, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, - auth/sudo_auth.c, auth/sudo_auth.h, emul/search.h, emul/utime.h, - LICENSE: add 4th term to license similar to term 5 in the apache - license + * configure.in: + don't define BSD signals for irix + [3ce57bffb7f0] -1999-07-31 12:02 millert + * TODO: + did some... + [274241cd0f74] - * LICENSE, aclocal.m4, check.c, configure.in, insults.h, logging.c, - sudo.c, sudo.h, auth/rfc1938.c: there was a 1995 release too + * CHANGES: + updated + [8f29fc755faf] -1999-07-28 05:24 millert + * realpath.c, sudo_realpath.c: + took out unneeded code by changing where a strings was terminated + [b5564d62d30e] - * CHANGES: updates +1994-06-07 Todd C. Miller -1999-07-28 05:21 millert + * realpath.c, sudo_realpath.c: + fix bug where /dirname would return NULL + [b85f470daf26] - * check.c: Use dirs instead of files for timestamp. This allows - tty and non-tty schemes to coexist reasonably. Note, however, - that when you update a tty ticket, the mtime on the user dir gets - updated as well. + * sudo.h: + move __P to config.h + [7763c0ff3f28] -1999-07-28 05:17 millert + * getcwd.c, getwd.c, realpath.c, sudo_realpath.c: + added errno definition + [4cc9d2d9782a] - * configure.in, configure: Fix getprpwnam() checking on SCO. Need - to link with "-lprot -lx" when linking test program, not just - -lprot. Also add check for getspnam(). The SCO docs indicate - that /etc/shadow can be used but this may be a lie. + * config.h.in: + added __P + [ca06f5aa58f3] -1999-07-24 03:35 millert + * config.h.in: + added HAVE_FCHDIR + [206d714641e0] - * auth/API: first cut at auth API description + * strdup.c: + now include stdio + [0d8458da0e1d] -1999-07-22 15:48 millert + * realpath.c, sudo_realpath.c: + now works if no fchdir + [e035911b6722] - * auth/: fwtk.c, kerb4.c, kerb5.c, pam.c, rfc1938.c, secureware.c, - securid.c, sudo_auth.c, sudo_auth.h: auth API change. There is - now an init method that gets run before the main loop. This - allows auth routines to differentiate between initialization that - happens once vs. setup that needs to run each time through the - loop. + * visudo.c: + define SA_RESETHAND to null if not defined + [afec03e84342] -1999-07-22 12:23 millert + * configure.in: + added check & replace + [c1a65481441c] - * logging.c, auth/kerb5.c: use easprintf() and evasprintf() + * configure.in: + took out -static for nextstep -- it doesn't work + [fa1a1a611743] -1999-07-22 12:22 millert +1994-06-06 Todd C. Miller - * alloc.c, sudo.h: add easprintf() and evasprintf(), error checking - versions of asprintf() and vasprintf() + * logging.c: + moved #endif to where it belongs + [07d3a8972097] -1999-07-22 09:14 millert + * SUPPORTED: + correction + [0c1ecba3e5a3] - * TODO: remove 2 items. One done, one won't do. + * configure.in: + now checks for strdup realpath getcwd bzero + [f029a1917515] -1999-07-22 09:10 millert + * config.h.in: + emulate bzero + [d792352e44a3] - * sudo.man, visudo.man, sudo.cat, sudo.html, sudoers.html, - visudo.cat, visudo.html, configure, lex.yy.c: regen + * visudo.c: + added posic signals + [2ed0005f90fc] -1999-07-22 09:06 millert + * tgetpass.c: + bzero cast + [6d91b1a1526f] - * CHANGES: new changes + * logging.c: + added posix signals + [67ede9c22a05] -1999-07-22 09:01 millert + * configure.in: + removed BROKEN_GETPASS added new srcs toreplace missing functions + [cf44274bb1c8] - * sudo.pod: o Document -K flag and update meaning of -k flag. o - BSD-style copyright o Document clearing of BIND resolver - environment variables o Clarify bit about shared libs o suggest - rc files create /tmp/.odus if your OS gives away files + * config.h.in: + added posix signal stuff + [a3c1c98fe8ef] -1999-07-22 08:59 millert + * Makefile.in: + added new srcs + [b6a079afee47] - * visudo.pod: BSD license + * visudo.c: + updated useag + [589ed091c44f] -1999-07-22 08:58 millert + * tgetpass.c: + now uses posix signals + [30f74964074f] - * tgetpass.c: o BSD copyright o no need to block signals, we now do - that in main() o cosmetic changes + * PORTING: + updated sto reflect major changes + [bcfc309e017b] -1999-07-22 08:57 millert + * CHANGES, TODO: + updated + [23aacbd54278] - * testsudoers.c, visudo.c: o BSD-style copyright o Use "struct - sudo_user" instead of old globals. o some cometic cleanup + * tgetpass.c: + uses sysconf() if available + [a27431c90bab] -1999-07-22 08:56 millert + * sudo.h: + added PASSWORD_TIMEOUT + prototypes for new functions + [d7473c2f77c4] - * sudo_setenv.c, version.h: BSD-style copyright + * realpath.c, sudo_realpath.c: + for those w/o this in libc + [1e47aa7a9d46] -1999-07-22 08:56 millert + * getcwd.c, getwd.c: + Initial revision + [c90dea57a84f] - * sudo.h: o BSD copyright o logging and parser bits moved to their - own .h files o new "struct sudo_user" to encapsulate many of the - old globals. + * find_path.c: + rewrote to use realpath(3) - nis now all my code + [d2c3bb8fb37d] -1999-07-22 08:55 millert + * config.h.in: + added HAVE_REALPATH + [02c10352a8c7] - * sudo.c: o no longer contains sudo 1.1/1.2 code o BSD copyright o - use new logging routines o simplified flow of control o BIND - resolver additions to badenv_table + * check.c: + now use tgetpass + [b5c021fc179f] -1999-07-22 08:53 millert + * Makefile.in: + added LIBOBJS use tgetpass.c + [230a7b3eeaa3] - * strerror.c: BSD-style copyright +1994-06-05 Todd C. Miller -1999-07-22 08:53 millert + * tgetpass.c: + works now :-) + [025e7a3875ba] - * snprintf.c: Now compiles on more K&R compilers + * tgetpass.c: + Initial revision + [3316ab33b230] -1999-07-22 08:52 millert + * pathnames.h.in: + added /dev/tty + [29242585e53f] - * putenv.c: BSD-style copyright, cosmetic changes +1994-06-04 Todd C. Miller -1999-07-22 08:51 millert + * version.h: + incremented + [f2e54b48280f] - * parse.c, parse.yacc, parse.h, parse.lex: BSD-style copyright. - Move parser-specific defines and structs into parse.h + other - cosmetic changes + * sudo.c: + always use getcwd + [c6068e8a4029] -1999-07-22 08:51 millert + * config.h.in: + added check for getwd + [ab1e102ad673] - * logging.h: defines for logging routines + * configure.in: + replace strdup & realpath & getcwd if missing + [b0eb14f2a1c3] -1999-07-22 08:49 millert + * pathnames.h.in: + added _PATH_PWD + [309d2388f69a] - * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.h, pathnames.h.in: BSD-style copyright + * aclocal.m4: + added SUDO_PROG_PWD + [e16e85deb96c] -1999-07-22 08:48 millert + * strdup.c: + Initial revision + [810efdc15007] - * find_path.c, getspwuid.c, goodpath.c, interfaces.c: BSD-style - copyright, cosmetic changes + * realpath.c, sudo_realpath.c: + Initial revision + [d85eee438e09] -1999-07-22 08:46 millert +1994-06-03 Todd C. Miller - * configure.in: o tgetpass.c is no longer optional o kill DCE_OBJS, - add AUTH_OBJS o kill --disable-tgetpass o add --without-passwd o - changes to fill in AUTH_OBJS for new auth api o check for - strerror(), v?snprintf() and v?asprintf() o replace - --with-AuthSRV with --with-fwtk + * configure.in: + quoted quare brackets + [d0e7ca111d98] -1999-07-22 08:43 millert +1994-06-02 Todd C. Miller - * config.h.in: BSD-style copyright. Remove USE_GETPASS and - HAVE_UTIME_NULL. Add HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, - HAVE_VSNPRINTF, HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and - NO_PASSWD + * sudo.c: + no need to strdup() a constant + [a8c44712df9a] -1999-07-22 08:42 millert + * CHANGES: + updated + [71364129cca0] - * compat.h: BSD-style copyright; Add S_IFLNK and MIN/MAX id they - are missing. + * sudo.man: + added validate + [0bb198095a26] -1999-07-22 08:39 millert + * sudo.c: + added -v to usage + [31ea71f11dbb] - * alloc.c: BSD-style copyright + * parse.c, sudo.c, sudo.h: + added validate_only stuff + [9bcd853d3c90] -1999-07-22 08:38 millert +1994-05-30 Todd C. Miller - * TROUBLESHOOTING: no more --with-getpass + * configure.in: + now finds sed + [6374bb0d3f28] -1999-07-22 08:34 millert + * aclocal.m4: + $OSREV is now an int + [ace0666d66cf] - * TODO: Take out things I've done... +1994-05-29 Todd C. Miller -1999-07-22 08:34 millert + * configure.in: + added mtxinu to caser + [73a776887b16] - * README: Refer to LICENSE + * sudo.h: + added EXEC macro + [2e8eb28b710a] -1999-07-22 08:34 millert + * sudo.c: + now use the EXEC nmacro now only do a gethostbyname() if FQDN is set + [56afb4f658d5] - * PORTING: --with-getpass no longer exists + * logging.c: + changed mail_argv[] def now use EXEC() macro + [ddcabd28edb1] -1999-07-22 08:33 millert + * check.c: + took out crypt() definition + [0e657724cf5f] - * Makefile.in: BSD-style copyright. Update to reflect reality wrt - new files and new auth modules. + * version.h: + upped the version + [62c5d66119fc] -1999-07-22 08:32 millert + * configure.in: + always look for -lnsl + [d7b594f0313b] - * INSTALL: Remove --with-AuthSRV and --disable-tgetpass. Add - --with-fwtk and --without-passwd. + * aclocal.m4: + added an echo + [1caae3491dc5] -1999-07-22 08:31 millert + * sudo.h: + SHORT_MESSAGE is now the default + [cfce35c3119a] - * HISTORY: Update history a bit + * config.h.in: + fixed typo + [6499a564bf75] -1999-07-22 08:29 millert + * configure.in: + added missing AC_DEFINE(SVR4) for solaris + [feef0b17b94f] - * COPYING, LICENSE: Now distributed under a BSD-style license + * sudo.man: + documented the -v flag + [a6429f2bc2cf] -1999-07-22 08:28 millert + * SUPPORTED: + updated + [088886e79540] - * auth/sudo_auth.c: o BSD-style copyright o Add support for - NO_PASSWD/WITHOUT_PASSWD options. o skey/opie replaced by - rfc1938 code o new struct sudo_user global + * check.c: + proto-ized crypt() + [801e4ff5b121] -1999-07-22 08:25 millert + * config.h.in: + added LIBSHADOW undef + [8df588e9ee2b] - * auth/: pam.c, sia.c: BSD-style copyright and use new log - functions + * configure.in: + nwo set OS to be lowercase + [561ebed833e4] -1999-07-22 08:24 millert +1994-05-28 Todd C. Miller - * auth/kerb5.c: o BSD-style copyright o Use new log functiongs o - Use asprintf() and snprintf() where sensible. + * configure.in: + now use SUDO_OSTYPE to set $OS + [0e60aee23098] -1999-07-22 08:19 millert + * aclocal.m4: + now use uname to determine os + [99705e58d400] - * check.c: Rewrote all the old sudo 1.1/1.2 code. Timestamp - handling is now done more reasonably--better sanity checks and - tty-based stamps are now done as files in a directory with the - same name as the invoking user, eg. /var/run/sudo/millert/ttyp1. - It is not currently possible to mix tty and non-tty based ticket - schemes but this may change in the future (it requires sudo to - use a directory instead of a file in the non-tty case). Also, - ``sudo -k'' now sets the ticket back to the epoch and ``sudo -K'' - really deletes the file. That way you don't get the lecture - again just because you killed your ticket in .logout. BSD-style - copyright now. + * visudo.c: + added prototypes & moved sig handler around + [1f0bc8d23b51] -1999-07-22 08:13 millert + * sudo.h: + added prototyppes + [be3935a2b163] - * logging.c: o rewritten logging routines. log_error() now takes - printf-style varargs and log_auth() for the return value of - validate(). o BSD-style copyright + * check.c, logging.c, sudo.c: + added prototypes + [2079b4605ab8] -1999-07-22 07:04 millert + * parse.c: + added comment + [a34d147d8399] - * auth.c, check_sia.c, dce_pwent.c, secureware.c: superceded by new - auth API + * config.h.in: + nwo use _BSD_SIGNALS not _BSD_COMPAT + [63663195f047] -1999-07-22 07:02 millert + * aixcrypt.exp: + Initial revision + [890aed08357e] - * auth/fwtk.c: Use snprintf() where it makes sense and add a - BSD-style copyright + * Makefile.in: + added aixcrypt.exp + [1005a183105f] -1999-07-22 07:00 millert + * parse.lex, parse.yacc: + moved config.h to top of includes + [9569c49aa5f3] - * auth/: afs.c, aix_auth.c, dce.c, passwd.c, rfc1938.c, - secureware.c, securid.c, sudo_auth.h, kerb4.c: BSD-style - copyright +1994-05-25 Todd C. Miller -1999-07-22 06:57 millert + * find_path.c: + now don't bitch if get EACCESS (treat like EPERM) + [dbeffb638de4] - * emul/utime.h, utime.c: BSD-style copyright + * visudo.c: + added -v flag and usage() + [4d44ed60ed75] -1999-07-22 06:57 millert + * version.h: + fixed a typo + [cf3f9347ae41] - * emul/search.h: this has been rewritten so use my BSD-style - copyright + * sudo.c: + cast Argv to a const for exec added -v flag + [d11b6efc0e45] -1999-07-15 11:21 millert + * logging.c: + mail_argv is now a const + [93bb5d90bb6f] - * snprintf.c: include malloc.h if no stdlib.h + * configure.in: + only set RETSIGTYPE if it is not set already + [c97aac260b77] -1999-07-15 10:21 millert + * aclocal.m4: + now defines & STDC_HEADERS for Irix + [9c2b24ad1fc5] - * snprintf.c: KTH snprintf()/asprintf() for systems w/o them + * Makefile.in: + added version.h + [9f79e880229a] -1999-07-15 10:20 millert + * insults.h, sudo.h: + prevent multiple inclusion + [d68c8a9243ce] - * strerror.c: strerror() for systems w/o it + * version.h: + Initial revision + [dbb39c5ef8d9] -1999-07-12 06:53 millert + * parse.lex, parse.yacc: + now includes config.h + [f117e036a56b] - * visudo.c: stylistic changes + * aclocal.m4: + now talks about sunos 4.x + [c9054aa92d4e] -1999-07-12 06:25 millert + * visudo.c: + calls to Exit now pass an arg + [a92104670551] - * parse.c, parse.lex, parse.yacc: Add contribution info in the main - comment +1994-05-24 Todd C. Miller -1999-07-11 16:10 millert + * visudo.c: + signal handler now takes an int argument + [26f480c41523] - * auth/pam.c: remove missed ref to PAM_nullpw + * CHANGES: + updated + [8c166a9d796b] -1999-07-11 16:10 millert + * sudo.c: + ok, the getcwd() is now *really* done as the user + [ab86cf85134a] - * auth/sudo_auth.h: pasto + * configure.in: + changed AIX STATIC_FLAGS + [b9c0a3ba5663] -1999-07-11 15:19 millert + * aclocal.m4: + solaris now defines SVR4 + [c3e20cac96f5] - * auth/kerb5.c: more or less complete now--still untested + * sudo.h: + added cwd and fixed stupid core dump that makes no sense. sigh. + [7a9755436dbb] -1999-07-11 15:09 millert + * sudo.c: + moved getcwd stuff into load_globals + [ec2bc90df1f3] - * auth/: afs.c, pam.c: don't use user_name macro, it will go away + * parse.c: + took out externs that are in suod.h + [93c4b3f856d7] -1999-07-11 14:42 millert + * logging.c: + moved cwd into load_globals + [050de754d228] - * auth/: opie.c, rfc1938.c, sudo_auth.h, skey.c: combine skey/opie - code into rfc1938.c + * find_path.c: + moved cwd stuff + [22f3f3b4c34d] -1999-07-11 07:22 millert + * Makefile.in: + fixed make distclean & realclean + [c9964d89bcef] - * auth/: dce.c, sudo_auth.h: DCE authentication method; basically - unchanged from dce_pwent.c + * TODO: + updated ., + [e513581ef0e3] -1999-07-11 06:44 millert + * CHANGES: + added solaris changes + [505d930daf27] - * auth/: aix_auth.c, sudo_auth.h: AIX authenticate() support. - Could probably be much better + * aclocal.m4: + added solaris changes, need to rework + [33f20fb16c49] -1999-07-11 06:43 millert + * configure.in: + cleaned up for solaris + [2fb8cfa05d0f] - * auth/sia.c: Fix an uninitialized variable and some cleanup. Now - works (tested) + * logging.c: + reinstall reapchild signal handler for non-bsd signals + [3d1dc545113d] -1999-07-11 05:37 millert + * sudo.h: + took out getdtablesize() emulation for HP-UX (no longer needed) + [1fc83d170f34] - * auth/: sia.c, sudo_auth.h: SIA support for digital unix + * sudo.c: + support for HAVE_SYSCONF + [50ca2a7a224a] -1999-07-11 05:33 millert + * visudo.c: + added for solaris & reorg'd the includes + minor prettying + up / + [0a570e826dd4] - * auth/pam.c: don't use prompt global, it will go away + * config.h.in: + added HAVE_SYSCONF + [2b9a9f3a4e94] -1999-07-11 05:32 millert +1994-05-16 Todd C. Miller - * auth/secureware.c: correct copyright years + * configure.in: + now tells you what os you are running /. + [06c6332a895b] -1999-07-10 20:32 millert + * aclocal.m4: + took out extra ',' + [e8c75ce59f4a] - * auth/: afs.c, fwtk.c, kerb4.c, sudo_auth.h, kerb5.c, opie.c, - pam.c, passwd.c, secureware.c, securid.c, skey.c, sudo_auth.c: - New authentication API and methods +1994-05-14 Todd C. Miller -1999-07-08 06:46 millert + * config.h.in: + added _BSD_COMPAT + [73c5099806c2] - * parse.yacc: only save an entry if user_matches && host_matches, - even if the stack is empty (fix for previous commit) + * aclocal.m4: + fixed for irix5 + [1047d1f6c0eb] -1999-07-08 06:35 millert + * CHANGES: + updated + [1bc4969fee96] - * parse.yacc: 1) Always save an entry on the stack if it is empty. - This fixes the -l and -v flags that were broken by earlier parser - changes. + * sudo.c: + uid seinitialized to -2 + [8d7812b1878b] - 2) In a Runas list, don't negate FALSE -> TRUE since that would - make !foo match any time the user specified a runas user (via -u) - other than foo. +1994-04-28 Todd C. Miller -1999-07-08 05:45 millert + * sudo.c: + now removes LIBPATH for AIX + [075392eb1dd9] - * testsudoers.c: interfaces and num_interfaces are now auto, not - extern +1994-03-13 Todd C. Miller -1999-07-07 14:09 millert + * configure.in: + now uses ufc if it finds it + [ab6ce30a5958] - * auth.c: use a static global to keep stae about empty passwords +1994-03-12 Todd C. Miller -1999-07-07 14:08 millert + * sudo.h: + no longer define yyval & yylval since yacc does it + [09d250aea50a] - * check_sia.c: make PASSWORD_NOT_CORRECT logging consistent with - other modules + * parse.lex: + now defines yylval as extenr + [8ec2b88952bc] -1999-07-05 16:53 millert + * configure.in: + BROKEN_GETPASS is now an OPTION + [3714f4bb8312] - * auth.c: PAM prompt code was wrong, looks like we have to kludge - it after all. + * config.h.in: + took out BROKEN_GETPASS + [9c4f6aa50137] -1999-07-05 16:35 millert + * Makefile.in: + took out big comment + [4c13cff0e556] - * auth.c: In the PAM code, when a user hits return at the first - password prompt, exit without a warning just like the normal auth - code + * README: + updated + [b8b9902b620d] -1999-07-05 16:15 millert + * Makefile.in: + took out README.beta + [ed2cd861e82b] - * configure, configure.in: kludge around cross-compiler false - positives + * SUPPORTED: + Initial revision + [2fffc51e6606] -1999-07-05 16:14 millert + * INSTALL: + now reference SUPPORTED ., + [d112c30be1f2] - * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c: New - (correct) PAM code Tgetpass now takes an echo flag for use with - PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a - useless umask setting Change error from BAD_ALLOCATION -> - BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to - auth.c for consistency + * config.h.in: + now check for convex OR __convex__ + [a0e5701a3069] -1999-07-05 16:11 millert + * aclocal.m4: + now check for convex or __convex__ + [5dae2bfbe3bc] - * sudo.c: Some -Wall and kill some trailing spaces + * Makefile.in: + added dist target + [400a54de57db] -1999-07-05 16:10 millert + * aclocal.m4: + use __convex__ + [58a19470ed0b] - * configure.in: define -D__EXTENSIONS__ for solaris so we get - crypt() proto + * find_path.c: + now use _S_* stat stuff to be ansi-like + [28cce560e048] -1999-06-22 09:42 millert + * INSTALL: + updated for configure directions + [a034ccc7c30a] - * RUNSON: add Dynix 4.4.4 + * Makefile.in: + distclean now removes config.h and pathnames.h + [300f2349b4ab] -1999-06-22 09:30 millert + * CHANGES: + updated + [646f7e9430c1] - * INSTALL, config.h.in, configure.in, configure: for kerberos V < - version, fall back on old kerb4 auth code + * TODO: + fixed typoe + [70fd6361b2bc] -1999-06-22 06:41 millert + * visudo.c: + updated version + [cf13d87d789f] - * INSTALL: clarify some things + * Makefile.in: + updated version + [8c5dacc27a7a] -1999-06-22 06:38 millert + * config.h.in, pathnames.h.in: + added copyright header + [747ce3d3d6b7] - * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod: typos + * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex, + parse.yacc, sudo.c, sudo.h: + udpated version + [4751c39bad18] -1999-06-14 19:47 millert + * visudo.c: + udpated to use configure + pathnames.h + [d45dff76a1cd] - * sudo.c: mention why DONT_LEAK_PATH_INFO is not the default + * aclocal.m4: + updated + [f05a367a55be] -1999-06-03 12:34 millert + * Makefile.in, config.h.in, configure.in: + updated + [524778598879] - * tgetpass.c: Fix open(2) return value checking, was NULL for - fopen, should be -1 for open - -1999-06-03 12:06 millert - - * configure: regen - -1999-06-03 12:06 millert - - * configure.in: better wording for solaris pam notice - -1999-06-03 11:52 millert - - * CHANGES: document recent changes - -1999-06-03 11:52 millert - - * TROUBLESHOOTING: Update shadow password section - -1999-06-03 11:51 millert - - * auth.c: move authentication code from check.c to auth.c - -1999-06-03 11:51 millert - - * Makefile.in, check.c, sudo.h: move authentication code to auth.c - -1999-05-16 21:36 millert - - * Makefile.in, check.c, check_sia.c, compat.h, find_path.c, - getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c, - logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c, - sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, visudo.c: Move - interface-related defines to interfaces.h so we don't have to - include everywhere. - -1999-05-14 12:30 millert - - * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, - logging.c, parse.yacc, sudo.c, tgetpass.c: o Replace _PASSWD_LEN - braindeath with our own SUDO_MAX_PASS. - It turns out the old DES crypt does the right thing with - passwords - longert than 8 characters. - o Fix common typo (necesary -> necessary) - o Update TODO list - -1999-05-03 12:00 millert - - * sudo.c: set $LOGNAME when we set $USER - -1999-04-27 00:00 millert - - * INSTALL: add comment about digital unix and interfaces.c warning - with gcc - -1999-04-15 01:12 millert - - * sample.sudoers: use modern paths and give examples for some of - the new parser features - -1999-04-10 13:03 millert - - * parse.c: fix comment - -1999-04-10 00:49 millert - - * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c, - getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, - parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - Function names should be flush with the start of the line so they - can be found trivially in an editor and with grep - -1999-04-10 00:40 millert - - * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, - parse.yacc, sudo.c, testsudoers.c, tgetpass.c, visudo.c: free(3) - is already void, no need to cast it - -1999-04-10 00:37 millert - - * logging.c, sudo.c, sudo.h: catch case where cmnd_safe is not set - (this should not be possible) - -1999-04-10 00:10 millert - - * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, - testsudoers.c, visudo.c: Stash the "safe" path (ie: the one - listed in sudoers) to the command instead of stashing the struct - stat. Should be safer. - -1999-04-08 19:56 millert - - * INSTALL, Makefile.in, UPGRADE: notes on updating from an earlier - release - -1999-04-07 20:20 millert - - * CHANGES: updated - -1999-04-07 19:18 millert - - * parse.yacc, sudo.tab.h, sudoers.cat, sudoers.html, sudoers.man, - sudoers.pod: You can now specifiy a host list instead of just a - host or alias. Ie: user = host1,host2,ALIAS,!host3 my_command - now works. - -1999-04-07 02:59 millert - - * testsudoers.c: Quiet -Wall - -1999-04-07 02:50 millert - - * parse.yacc: Move the push from the beginning of cmndspec to the - end. This means we no longer have to do a push at the end of - privilege, just reset some values. - -1999-04-06 20:24 millert - - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: runas-lists - and NOPASSWD/PASSWD modifiers are now sticky and you can use "!" - most everywhere - -1999-04-06 14:12 millert - - * sudoers.pod: modernize paths and update su example based on - sample.sudoers one - -1999-04-06 14:06 millert - - * sample.sudoers: New runas semantics - -1999-04-06 13:54 millert - - * CHANGES, Makefile.in, alloc.c, config.h.in, configure, - configure.in, strdup.c, sudo.h: In estrdup(), do the malloc - ourselves so we don't need to rely on the system strdup(3) which - may or may not exist. There is now no need to provide strdup() - for those w/o it. Also, the prototype for estrdup() was wrong, - it returns char * and its param is const. - -1999-04-06 13:40 millert - - * getcwd.c: $Sudo tag - -1999-04-06 13:20 millert - - * check.c: buf should be prompt; Michael Robokoff - - -1999-04-06 01:40 millert - - * CHANGES, TODO, parse.yacc: It is now possible to use the '!' - operator in a runas list as well as in a Cmnd_Alias, Host_Alias - and User_Alias. - -1999-04-06 01:38 millert - - * logging.c, sudo.h: Kill GLOBAL_NO_SPW_ENT (not used) and crank - GLOBAL_PROBLEM - -1999-04-06 01:08 millert - - * sudo.h: Definitions of *_matched were wrong--user top, not top-2 - as subscript. - -1999-04-06 01:00 millert - - * logging.c, parse.c, parse.yacc, sudo.c, sudo.h: Add - VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a - command but the NOPASSWD flag was set. Make runasspec, - runaslist, runasuser, and nopasswd typeless in parse.yacc Add - support for '!' in the runas list Fix double printing of '%' and - '+' for groups and netgroups respectively Add *_matched macros - (no need for local stack variable). Should only be used directly - after a pop (since top must be >= 2). - -1999-04-05 23:25 millert - - * aclocal.m4, configure.in: Add copyright, somewhat silly - -1999-04-05 16:57 millert - - * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, - check_sia.c, compat.h, config.h.in, configure, configure.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, - sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat, - sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, visudo.cat, visudo.man, emul/utime.h: Crank version to - 1.6 and combine copyright statements - -1999-04-05 16:30 millert - - * sample.sudoers: Use ! not ^ to do negation - -1999-04-05 16:29 millert - - * lex.yy.c: regen - -1999-04-05 16:28 millert - - * parse.yacc, parse.lex: Make runas and NOPASSWD tags persistent - across entris in a command list. Add a PASSWD tag to reverse - NOPASSWD. When you override a runas or *PASSWD tag the value - given becomes the new default for the rest of the command list. - -1999-04-02 16:03 millert - - * CHANGES, RUNSON: update for 1.5.9 - -1999-04-02 16:02 millert - - * visudo.c: Shift return value of system(3) by 8 to get real exit - value and if it is not 1 or 0 print the retval along with the - error message. - -1999-03-30 16:45 millert - - * Makefile.in: testsudoers needs LIBOBJS too - -1999-03-30 12:17 millert - - * parse.c, parse.yacc: Fix another parser bug. For a sudoers entry - like this: millert ALL=/bin/ls,(daemon) !/bin/ls sudo - would not allow millert to run ls as root. - -1999-03-30 01:08 millert - - * CHANGES: new change - -1999-03-30 01:03 millert - - * parse.yacc: Save entries that match a ! command on the matching - stack too - -1999-03-30 01:01 millert - - * sudo.c: Make sudo's usage info better when mutually exclusive - args are given and don't rely on argument order to detect this; - nick@zeta.org.au - -1999-03-29 15:03 millert - - * CHANGES, Makefile.in, RUNSON: updates from CU - -1999-03-28 23:38 millert - - * Makefile.in: use gzip - -1999-03-28 23:31 millert - - * parse.yacc: Fix off by one error introduced in *alloc changes - -1999-03-28 23:05 millert - - * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c, - check_sia.c, compat.h, config.h.in, configure, configure.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, - sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat, - sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod, - emul/utime.h: ++version - -1999-03-28 21:59 millert - - * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c, - interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, - parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, utime.c, visudo.c: Use - emalloc/erealloc/estrdup - -1999-03-28 20:29 millert - - * alloc.c: error checking memory allocation routines - -1999-03-28 19:23 millert - - * parse.yacc: Still not right, this fixes it for real - -1999-03-28 19:08 millert - - * parse.yacc: Fix for previous commit - -1999-03-28 19:05 millert - - * CHANGES, INSTALL, parse.yacc: Fix a parser bug that was exposed - when mixing different runas specs and ! commands. For example: - millert ALL=(daemon) /usr/bin/whoami,!/bin/ls would - allow millert to run whoami as root as well as daemon when it - should just allow daemon. The problem was that comma-separated - commands in a list shared the same entry on the matching stack. - Now they get their own entry iff there is a full match. It may - be better to just make the runas spec persistent across all - commands in a list like the user and host entries of the matching - stack. However, since that is a fairly major change it should - gets its own minor rev increase. - -1999-03-28 13:50 millert - - * check.c, config.h.in: Simplify PAM code and fix a PAM-related - warning on Linux - -1999-03-26 13:17 millert - - * CHANGES: updates - -1999-03-26 13:12 millert - - * sample.sudoers: better su entry - -1999-03-26 13:10 millert - - * configure: regen - -1999-03-26 13:09 millert - - * check.c, configure.in: new pam code that works on solaris, should - work on linux too; aelberg@home.com - -1999-03-19 14:44 millert - - * RUNSON: more entries - -1999-03-19 14:43 millert - - * config.h.in: only include strings.h if there is no string.h - -1999-03-17 15:25 millert - - * config.guess: Sinix is now being called ReliantUNIX; - bjjackso@us.oracle.com - -1999-03-13 13:37 millert - - * sudo.c: shost must be set before log functions are called #ifdef - HOST_IN_LOG - -1999-03-07 18:34 millert - - * CHANGES, lex.yy.c, parse.lex: Fix a bug wrt quoting characters in - command args. Stop processing an arg when you hit a backslash so - the quoted-character detection can catch it. - -1999-02-26 01:19 millert - - * interfaces.c: include sys/time.h; aparently AIX needs it. - ppz@cdu.elektra.ru - -1999-02-23 19:43 millert - - * configure, configure.in: add missing case statement so - --without-sendmail works - -1999-02-22 21:51 millert - - * CHANGES: more - -1999-02-22 15:10 millert - - * configure, configure.in: only search for -lsun in irix <= 4.x - -1999-02-22 15:01 millert - - * configure, configure.in: back out last configure.in change now - that I've hacked autoconf to fix the real problem and add a - missing newline - -1999-02-22 14:32 millert - - * CHANGES: updated - -1999-02-22 14:05 millert - - * getcwd.c: add def of dirfd() for those without it - -1999-02-22 10:58 millert - - * configure.in, configure: When falling back to checking for - socket() when linking with "-lsocket -lnsl" check for main() - instead since autoconf has already cached the results of checking - for socket() in -lsocket. This is really an autoconf bug as it - should use the extra libs as part of the cache variable name. - -1999-02-22 10:47 millert - - * configure.in: typo - -1999-02-21 15:18 millert - - * configure.in: fix occurrence of $with_timeout that should be - $with_password_timeout; - Michael.Neef@neuroinformatik.ruhr-uni-bochum.de - -1999-02-17 11:40 millert - - * sudo.cat, sudo.html, sudo.man, sudo.pod: fix grammar; - espie@openbsd.org - -1999-02-11 01:41 millert - - * parse.yacc, sudo.c, testsudoers.c: add cast for strdup in places - it does not have it - -1999-02-09 13:11 millert - - * configure, configure.in: define for_BSD_TYPES irix - -1999-02-06 19:47 millert - - * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod: Make it - clear that it is the user's password, not root's, that we want. - -1999-02-06 19:43 millert - - * check.c, sudo.h: If the user enters an empty password and really - has no password, accept the empty password they entered. - Perviously, they could enter anything *but* an empty password. - Also, add GETPASS macro that calls either tgetpass() or getpass() - depending on how sudo was configured. Problem noted by - jdg@maths.qmw.ac.uk - -1999-02-02 23:32 millert - - * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, - testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, - emul/utime.h: add explicate copyright - -1999-02-02 23:16 millert - - * CHANGES: mention -lsocket, -lnsl configure changes - -1999-02-02 17:54 millert - - * sudo.c: Don't clobber errno after calling check_sudoers(). - -1999-01-31 19:46 millert - - * configure.in, configure: When linking with both -lsocket and - -lnsl be sure to do so in that order. Also, when we can't find - socket() or inet_addr() and have to try linking with both libs, - issue a warning. - -1999-01-31 19:45 millert - - * sudo.cat, sudo.man, sudo.pod: clarify bad timestamp and fmt - -1999-01-23 12:18 millert - - * INSTALL, RUNSON: be clear that pam is linux-only and add a RUNSON - entry - -1999-01-22 13:13 millert - - * configure, CHANGES, INSTALL, configure.in: fix and correctly - document --with-umask; problem noted by adap@adap.org - -1999-01-19 20:38 millert - - * configure.in, configure: only use /usr/{man,catman}/local to - store man pages if suer didn't override prefix or mandir - -1999-01-19 20:24 millert - - * configure, INSTALL, configure.in: fix typo, make --with-SecurID - take an arg - -1999-01-18 21:53 millert - - * RUNSON: updates from users - -1999-01-18 21:04 millert - - * CHANGES, INSTALL, check.c, configure, configure.in: FWTK - 'authsrv' support from Kevin Kadow - -1999-01-18 20:00 millert - - * configure, configure.in: better fix for the problem of unresolved - symbols in -lnsl or -lsocket - -1999-01-18 19:39 millert - - * configure, configure.in: when checking for functions in -lnsl and - -lsocket link with both of them to avoid unresolved symbols on - some weirdo systems - -1999-01-17 20:49 millert - - * BUGS, CHANGES, RUNSON, TODO: old changes that didn't make it into - RCS before the RCS->CVS switch - -1999-01-17 18:16 millert - - * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, - configure.in, dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, lex.yy.c, logging.c, lsearch.c, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, - sudo.c, sudo.pod, sudo_setenv.c, sudoers.pod, testsudoers.c, - tgetpass.c, utime.c, visudo.c, visudo.pod, emul/search.h, - emul/utime.h: add sudo tags - -1999-01-17 17:53 millert - - * version.h, sudo.h: testing Sudo tag - -1999-01-17 17:40 millert - - * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, - compat.h, config.h.in, configure, configure.in, dce_pwent.c, - find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, - logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, - sudo.man, sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, - tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, visudo.man, - emul/utime.h: crank version and regen files - -1999-01-17 17:27 millert - - * Makefile.in: kill rcs goop in update_version and fix now that - version is a const - -1999-01-17 17:08 millert - - * INSTALL, check.c, config.h.in, configure, configure.in, - logging.c, sudo.c, sudo.h, sudo.pod: kerb5 support from - fcusack@iconnet.net - -1999-01-17 16:45 millert - - * realpath.c, sudo_realpath.c: we no longer use realpath - -1999-01-17 16:44 millert - - * qualify.c: replaced by find_path.c - -1999-01-17 16:43 millert - - * options.h: all options are now configure flags - -1999-01-17 16:42 millert - - * lex.yy.c: regen - -1999-01-17 16:41 millert - - * getwd.c: superceded by getcwd.c - -1999-01-17 16:36 millert - - * getpass.c: superceded by tgetpass.c - -1999-01-17 16:36 millert - - * SUPPORTED: superceded by RUNSON - -1999-01-17 16:33 millert - - * OPTIONS: No longer used now that we have configure options for - everything. - -1999-01-17 16:32 millert - - * configure: regen based on configure.in - -1999-01-17 16:31 millert - - * sudo.man, sudoers.man, visudo.man, sudo.cat, sudo.html, - sudoers.cat, visudo.cat, sudoers.html, visudo.html: regen based - on sudo.pod, sudoers.pod, and visudo.pod - -1998-12-11 12:16 millert - - * check.c: fix tty tickets in remove_timestamp (didn't use ':') - -1998-12-07 16:16 millert - - * interfaces.c: close sock when we are done with it - -1998-11-27 19:37 millert - - * parse.yacc: never say "error on line -1" - -1998-11-23 23:38 millert - - * configure.in: check for -lnsl before -lsocket - -1998-11-23 23:29 millert - - * configure.in: quote '[', ']' used in ranges correctly - -1998-11-21 17:54 millert - - * config.h.in: add missing NO_ROOT_SUDO noted by drno@tsd.edu - -1998-11-20 18:33 millert - - * version.h: 1.5.7 - -1998-11-20 18:33 millert - - * INSTALL: more info for 1.5.7 - -1998-11-20 18:30 millert - - * README: update for 1.5.7 - -1998-11-20 14:26 millert - - * parse.yacc: make increases of cm_list_size and ga_list_size be - similar to increases of stacksize (ie: >= not > in initial - compare). - -1998-11-20 14:22 millert - - * parse.yacc: when we get a syntax error, report it for the - previous line since that's generally where the error occurred. - -1998-11-18 15:31 millert - - * config.h.in, configure.in, interfaces.c: add back check for - sys/sockio.h but only use it if SIOCGIFCONF is not defined - -1998-11-18 15:25 millert - - * config.h.in: define BSD_COMP for svr4 - -1998-11-17 23:16 millert - - * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, - goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, - parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: more - -Wall - -1998-11-17 23:10 millert - - * configure.in: kill check for sockio,h - -1998-11-17 23:10 millert - - * config.h.in: no more HAVE_SYS_SOCKIO_H - -1998-11-17 22:51 millert - - * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, - goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, - parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - -Wall - -1998-11-16 17:38 millert - - * sudo.c: add missing inform_user() - -1998-11-13 19:21 millert - - * find_path.c: return NOT_FOUND if given fully qualified path and - it does not exist previously it would perror(ENOENT) which - bypasses the option to not leak path info - -1998-11-13 19:20 millert - - * configure.in: for kerb5, check for -lkerb4, fall back on -lkrb - for kerb, check for -ldes - -1998-11-13 14:19 millert - - * INSTALL: tty tickets are user:tty now - -1998-11-13 14:10 millert - - * check.c: when using tty tickets make it user:tty not user.tty as - a username could have a '.' in it - -1998-11-09 19:15 millert - - * sudo.c: add "ignoring foo found in ." for auth successful case - -1998-11-09 17:57 millert - - * sudo.c: add missing printf param - -1998-11-08 15:56 millert - - * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h: - go back to printing "command not found" unless - --disable-path-info specified. Also, tell user when we ignore - '.' in their path and it would have been used but for - --with-ignore-dot. - -1998-11-08 13:51 millert - - * check.c, sudo.c: Only one space after a colon, not two, in - printf's - -1998-11-05 12:59 millert - - * sudo.pod: document setting $USER - -1998-11-04 22:24 millert - - * check.c: fix bugs with prompt expansion - -1998-11-04 21:21 millert - - * sudo.c: set $USER for root too - -1998-11-04 17:13 millert - - * getspwuid.c: typo - -1998-11-04 17:07 millert - - * configure.in: HP-UX's iscomsec is in -lsec, not libc - -1998-11-03 22:24 millert - - * configure.in: remove some entries in the OS case statement that - did nothing - -1998-11-03 22:19 millert - - * TROUBLESHOOTING: add "cd" section and flush out syslog section - -1998-11-03 20:51 millert - - * Makefile.in: no more sudo-lex.yy.c - -1998-11-03 20:50 millert - - * check_sia.c: add custom prompt support - -1998-11-03 20:40 millert - - * sudo.c: kill perror("malloc") since we already have a good error - messages pw_ent -> pw for brevity set $USER if -u specified - -1998-11-03 20:39 millert - - * parse.c: kill perror("malloc") since we already have a good error - messages pw_ent -> pw for brevity when checking if %group - matches, look up user in password file so that %groups works in a - RunAs spec. - -1998-11-03 20:39 millert - - * logging.c, parse.yacc: kill perror("malloc") since we already - have a good error messages - -1998-11-03 20:38 millert - - * check.c, getspwuid.c, interfaces.c, testsudoers.c: kill - perror("malloc") since we already have a good error messages - pw_ent -> pw for brevity - -1998-11-03 15:03 millert - - * tgetpass.c: the prompt is expanded before tgetpass is called - -1998-11-03 15:03 millert - - * sudo.h: tgetpass now has the same args as getpass again - -1998-11-03 15:02 millert - - * getspwuid.c: add iscomsec, issecure support - -1998-11-03 15:02 millert - - * check.c: we now expand any %h or %u in the prompt before passing - to tgetpass - -1998-11-03 14:58 millert - - * configure.in: add check for syslog(3) in -lsocket, -lnsl, -linet - -1998-11-03 14:56 millert - - * config.h.in: add HAVE_ISCOMSEC and HAVE_ISSECURE - -1998-11-03 14:55 millert - - * configure.in: add check for iscomsec in HP-UX - -1998-11-03 14:51 millert - - * configure.in: check for issecure if we have getpwanam on SunOS - some options are incompatible with DUNIX SIA check for dispcrypt - on DUNIX - -1998-10-25 15:21 millert - - * config.h.in: add HAVE_DISPCRYPT - -1998-10-25 15:21 millert - - * secureware.c: add back support for non-dispcrypt based checking - for older DUNIX - -1998-10-25 00:51 millert - - * INSTALL: sia changes - -1998-10-25 00:48 millert - - * configure.in: SIA becomes the default on Digital UNIX now havbe - --disable-sia to turn it off... - -1998-10-24 23:52 millert - - * check.c: move local includes after system ones - -1998-10-24 19:28 millert - - * check.c, check_sia.c, sudo.h: add pass_warn() which prints out - INCORRECT_PASSWORD or an insult to stderr - -1998-10-24 19:07 millert - - * check_sia.c: fix while loop in sia_attempt_auth() that checks the - password. Only the first iteration was working. - -1998-10-21 21:00 millert - - * aclocal.m4: don't trust UID_MAX or MAXUID - -1998-10-21 20:35 millert - - * configure.in: fix two pastos - -1998-10-21 20:30 millert - - * configure.in: fix typo - -1998-10-21 20:19 millert - - * getspwuid.c, secureware.c: init crypt_type to INT_MAX since it is - legal to be negative in DUNX 5.0 - -1998-10-21 20:15 millert - - * configure.in: for secureware on dunix, use -lsecurity -ldb -laud - -lm but check for -ldb since DUNX < 4.0 lacks it - -1998-10-21 19:50 millert - - * check.c, compat.h, config.h.in, configure.in, getspwuid.c, - secureware.c, sudo.c, tgetpass.c: getprpwuid is broken in HP-UX - 10.20 at least (it sleeps for 2 minutes if the shadow files don't - exist). - -1998-10-20 17:22 millert - - * INSTALL: updated --with-editor blurb - -1998-10-20 17:21 millert - - * TROUBLESHOOTING: tell how to put sudoers in a different dir - -1998-10-20 16:22 millert - - * configure.in: add missing quotes around $with_editor - -1998-10-20 14:00 millert - - * configure.in: typo in --with-editor bits - -1998-10-20 01:24 millert - - * INSTALL: I don't expect it to work on Solaris - -1998-10-20 01:24 millert - - * check.c: add back security/pam_misc.h - -1998-10-19 17:13 millert - - * INSTALL: remove dunix note since configure checks for this now - -1998-10-19 16:30 millert - - * configure.in: add check for broken dunix prot.h (4.0 < 4.0D is - bad) - -1998-10-19 14:32 millert - - * getspwuid.c, secureware.c, tgetpass.c: new dunix shadow code, use - dispcrypt(3) - -1998-10-19 14:32 millert - - * config.h.in: add HAVE_INITPRIVS - -1998-10-19 14:31 millert - - * sudo.c: call initprivs() if we have it for getprpwuid later on - -1998-10-19 14:30 millert - - * Makefile.in: clean pathnames.h too - -1998-10-19 14:28 millert - - * configure.in: quote "Sorry, try again." with [] since it has a - comma in it set LIBS when we add stuff to SUDO_LIBS set - SECUREWARE when we find getprpwuid() so we can check for - bigcrypt, set_auth_parameters, and initprivs later. - -1998-10-19 13:48 millert - - * INSTALL: update Digital UNIX note about acl.h - -1998-10-18 20:26 millert - - * INSTALL: add --with-sia --without-root-sudo -> - --disable-root-sudo some reordering - -1998-10-18 20:22 millert - - * secureware.c: add whitespace - -1998-10-18 20:22 millert - - * Makefile.in, check.c, config.h.in, configure.in, logging.c, - sudo.h: add SIA support - -1998-10-18 20:21 millert - - * check_sia.c: Initial revision - -1998-10-18 19:42 millert - - * configure.in: when checking for -lsocket, -lnsl, and -linet, - check for the specific functions we need from them. - -1998-10-18 19:10 millert - - * config.h.in, sudo.h: move Syslog_* defs into sudo.h - -1998-10-18 18:15 millert - - * sudo.h, Makefile.in: added check_secureware - -1998-10-18 18:12 millert - - * configure.in: finished adding AC_MSG_CHECKING and AC_MSG_RESULT - bits - -1998-10-18 18:00 millert - - * insults.h: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no - other sets defined. configure now does that for us - -1998-10-18 17:45 millert - - * configure.in: move some --with options around change a bunch of - echo's to AC_MSG_CHECKING, AC_MSG_RESULT pairs - -1998-10-18 01:09 millert - - * configure.in: change $with_foo-bar -> $with_foo_bar kill extra " - that caused a syntax error add some echo verbage - -1998-10-17 18:08 millert - - * check.c: moved SecureWare stuff into secureware.c - -1998-10-17 18:07 millert - - * secureware.c: Initial revision - -1998-10-17 17:02 millert - - * INSTALL: update url to solaris gcc bins - -1998-10-17 16:39 millert - - * INSTALL: change option formatter and flesh out someentries - -1998-10-17 16:18 millert - - * sudo.pod, visudo.pod, TROUBLESHOOTING: environmental variable -> - environment variable - -1998-10-17 16:01 millert - - * BUGS: everything is now done via configure - -1998-10-17 16:00 millert - - * README: prev rev was 1.5.6 - -1998-10-17 00:33 millert - - * Makefile.in: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID - correctly - -1998-10-17 00:32 millert - - * config.h.in: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from - the Makefile - -1998-10-17 00:31 millert - - * Makefile.in: merge OSDEFS and OPTIONS into DEFS get sudoers_uid, - sudoers_gid, sudoers_mode from configure - -1998-10-17 00:30 millert - - * configure.in: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get - substituted into the Makefile, not config.h - -1998-10-17 00:30 millert - - * INSTALL: document all --with/--enable options - -1998-10-15 02:25 millert - - * insults.h: options.h is no more - -1998-10-15 02:25 millert - - * config.h.in: assimilated options.h - -1998-10-15 02:24 millert - - * configure.in: moved options from options.h to configure - -1998-10-15 01:41 millert - - * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, - logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod, - sudo_setenv.c, visudo.c: no more options.h - -1998-10-15 01:39 millert - - * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING: remove references - to options.h - -1998-10-15 01:32 millert - - * interfaces.c, dce_pwent.c, sudo.c: kill sys/time.h - -1998-10-15 00:10 millert - - * tgetpass.c: if select return < -1 still prompt for pw - -1998-10-15 00:03 millert - - * options.h: convert LOGGING, LOGFAC, MAXLOGFILELEN, - IGNORE_DOT_PATH into configure options - -1998-10-14 23:57 millert - - * parse.c: FAST_MATCH is no longer an optino - -1998-10-14 23:52 millert - - * check.c: remove_timestamp() if timestamp is preposterous - -1998-10-14 23:36 millert - - * options.h: convert more options to --with/--enable - -1998-10-14 23:36 millert - - * INSTALL, aclocal.m4: logfile -> logpath - -1998-10-14 23:31 millert - - * configure.in: convert more options into --with and --enable - -1998-10-14 23:28 millert - - * tgetpass.c: catch EINTR in select and restart - -1998-10-14 23:15 millert - - * logging.c: sys/errno -> errno - -1998-09-24 11:40 millert - - * sudo.c: UMASK -> SUDO_UMASK. - -1998-09-24 11:36 millert - - * check.c, logging.c: time.h, not sys/time.h - -1998-09-21 19:52 millert - - * logging.c: MAILER -> _PATH_SENDMAIL - -1998-09-21 00:06 millert - - * INSTALL, configure.in: no more --with-C2, now it is - --disable-shadow - -1998-09-21 00:00 millert - - * aclocal.m4, check.c, compat.h, config.h.in, configure.in, - getspwuid.c, sudo.c, tgetpass.c: new shadow password scheme. - Always include shadow support if the platform supports it and the - user did not disable it via configure - -1998-09-20 19:48 millert - - * configure.in: --with-getpass -> --{enable,disable}-tgetpass - -1998-09-20 19:16 millert - - * Makefile.in: pathnames.h -> pathnames.h.in - -1998-09-20 19:14 millert - - * check.c: fix version string - -1998-09-20 19:12 millert - - * check.c: move pam_conv to be static to auth function remove - pam_misc.h (solaris doesn't have one) - -1998-09-20 19:10 millert - - * aclocal.m4: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill - SUDO_PROG_PWD - -1998-09-20 19:10 millert - - * configure.in: munge pathnames.h.in -> pathnames.h kill - SUDO_PROG_PWD - -1998-09-20 19:10 millert - - * pathnames.h.in: convert to pathnames.h.in - -1998-09-18 20:20 millert - - * configure.in: fix typo in sysv4 matching case /. - -1998-09-18 01:29 millert - - * check.c: pam stuff needs to run as root, not user, for shadow - passwords - -1998-09-17 12:26 millert - - * Makefile.in, emul/utime.h, check.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c, - BUGS, INSTALL, README, configure.in: updated version - -1998-09-17 12:13 millert - - * check.c: user version.h for long message - -1998-09-17 11:53 millert - - * check.c: this is version 1.5.6 - -1998-09-16 13:42 millert - - * Makefile.in: remove errant backslash - -1998-09-14 22:25 millert - - * options.h, parse.yacc, pathnames.h.in: fix version string - -1998-09-14 22:02 millert - - * BUGS, CHANGES, TODO: updtaed for 1.5.6 - -1998-09-14 22:02 millert - - * RUNSON: updated for 1.5.6 - -1998-09-14 11:48 millert - - * interfaces.c: kill unused localhost_mask var copy if name to - ifr_tmp after we zero it - -1998-09-13 15:50 millert - - * INSTALL: Better description of new vs. old sudoers modes fix some - typos better description of /usr/ucb/cc gotchas on slowaris - -1998-09-13 15:49 millert - - * Makefile.in: add sample.pam - -1998-09-13 15:32 millert - - * sudo.c: set NewArgv[0] to user_shell, not basename(user_shell) - -1998-09-12 11:10 millert - - * README: mention TROUBLESHOOTING more fix some typos - -1998-09-11 20:30 millert - - * configure.in: move --enable/--disable to be after --with - -1998-09-11 20:30 millert - - * INSTALL: document --enable/--disable - -1998-09-11 20:26 millert - - * INSTALL: document --with-pam - -1998-09-11 19:47 millert - - * configure.in: Add message for pam users - -1998-09-11 19:27 millert - - * sample.pam: Initial revision - -1998-09-11 19:23 millert - - * config.h.in: fix HAVE_PAM - -1998-09-11 19:19 millert - - * check.c, config.h.in, configure.in: pam support, from Gary Calvin - - -1998-09-10 18:51 millert - - * config.h.in: add HOST_IN_LOG and WRAP_LOG - -1998-09-10 18:51 millert - - * logging.c: add WRAP_LOG and HOST_IN_LOG - -1998-09-10 18:37 millert - - * configure.in: add --enable-log-host and --enable-log-wrap - -1998-09-10 18:32 millert - - * aclocal.m4: use AC_DEFINE_UNQUOTED for --with-logfile and - --with-timedir - -1998-09-08 20:45 millert - - * compat.h: add howmany macro - -1998-09-08 20:43 millert - - * tgetpass.c: include sys/param.h to get howmany macro - -1998-09-07 20:42 millert - - * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: - add RUNAS_DEFAULT - -1998-09-07 12:51 millert - - * fnmatch.c: bring in stdio.h for NULL - -1998-09-07 12:50 millert - - * aclocal.m4: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh - -1998-09-07 12:43 millert - - * sudo.c: use HAVE_SET_AUTH_PARAMETERS - -1998-09-07 12:42 millert - - * config.h.in: add HAVE_SET_AUTH_PARAMETERS - -1998-09-07 12:41 millert - - * configure.in: add *-*-hiuxmpp* add test for set_auth_parameters() - if secureware - -1998-09-07 12:39 millert - - * config.sub: add support for HI-UX/MPP SR220001 02-03 0 SR2201 - -1998-09-07 12:06 millert - - * interfaces.c: initialize previfname - -1998-09-07 11:51 millert - - * interfaces.c: Don't use SIOCGIFADDR, we don't need it Use - SIOCGIFFLAGS if we have it check ifr_flags against IFF_UP and - IFF_LOOPBACK instead of kludging it - -1998-09-07 11:49 millert - - * configure.in: typo - -1998-09-07 00:01 millert - - * Makefile.in: don't need special build line for sudo.tab.o - -1998-09-06 23:58 millert - - * Makefile.in: don't clean sudo.tab.[ch] - -1998-09-06 23:48 millert - - * sudo.c: Sudo should prompt for a password before telling the user - that a command could not be found. - -1998-09-06 23:47 millert - - * BUGS: for 1.5.6 - -1998-09-06 23:25 millert - - * INSTALL, README: no longer require yacc - -1998-09-06 23:19 millert - - * Makefile.in: typo - -1998-09-06 23:18 millert - - * Makefile.in: y.tab -> sudo.tab include pre-yacc'd parse.yacc - -1998-09-06 23:09 millert - - * parse.lex: include sudo.tab.h, not y.tab.h don't break out of - command args if you get a '=' - -1998-09-06 22:59 millert - - * insults.h: fix version , - -1998-09-06 22:57 millert - - * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: - fix version - -1998-09-06 22:55 millert - - * getcwd.c: getcwd(3) from OpenBSD for those without it. - -1998-09-06 22:51 millert - - * sudo.h: HAVE_GETWD -> HAVE_GETCWD - -1998-09-06 22:49 millert - - * configure.in: pretend sunos doesn't have getcwd(3) since it opens - a pipe to getpwd! - -1998-09-06 22:41 millert - - * parse.c: use NAMLEN() macro - -1998-09-06 22:34 millert - - * fnmatch.c: remove duplicate include of string.h - -1998-09-06 22:28 millert - - * configure.in: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T - -1998-09-06 22:28 millert - - * aclocal.m4: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T - -1998-09-06 22:28 millert - - * config.h.in: add dev_t and ino_t - -1998-07-28 12:44 millert - - * check.c: fix OTP_ONLY for opie - -1998-06-24 12:22 millert - - * testsudoers.c, tgetpass.c: include stdlib.h for malloc proto - -1998-05-19 00:10 millert - - * Makefile.in: make update_version saner - -1998-05-18 23:32 millert - - * config.h.in: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid() - -1998-05-18 23:32 millert - - * configure.in: check for waitpid and wait3 or no waitpid - -1998-05-18 23:31 millert - - * logging.c: used waitpid or wait3 if we have 'em - -1998-05-02 14:16 millert - - * visudo.c: fix some fprintf args, ariel@oz.engr.sgi.com (Ariel - Faigon) - -1998-04-27 20:09 millert - - * configure.in: don't need to explicately mention -lsocket -lnsl - for sequent - -1998-04-25 01:56 millert - - * configure.in: dynix should not link with -linet - -1998-04-10 15:32 millert - - * INSTALL: mention that HP-UX doesn't ship with yacc - -1998-04-06 22:35 millert - - * check.c: ignore kerberos if we can't get the local realm - -1998-04-05 23:37 millert - - * configure.in, BUGS, INSTALL, README: ++version - -1998-04-05 23:36 millert - - * version.h: ++ - -1998-04-05 23:35 millert - - * Makefile.in, emul/utime.h, check.c, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getcwd.c, goodpath.c, interfaces.c, - logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, - sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, - visudo.c: updated version - -1998-04-05 23:34 millert - - * check.c, sudo.h: fix version - -1998-04-05 23:33 millert - - * getcwd.c: don't use popen/pclose. Do it inline. - -1998-04-05 23:25 millert - - * lsearch.c: add rcsid - -1998-04-05 23:21 millert - - * sudo.c: typo - -1998-04-05 23:17 millert - - * sudo.h, pathnames.h.in, compat.h, options.h, ins_2001.h, - insults.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc, - check.c: updated version - -1998-04-05 23:15 millert - - * check.c, find_path.c, parse.c, sudo.c, testsudoers.c: MAX* + 1 -> - MAX* - -1998-04-05 23:14 millert - - * Makefile.in: getwd.c -> getcwd.c - -1998-04-05 22:49 millert - - * config.h.in: kill HAVE_GETWD - -1998-04-05 22:49 millert - - * configure.in: getcwd, not getwd - -1998-04-05 22:48 millert - - * getcwd.c: use MAX* not MAX* + 1 always run pwd as using getwd() - defeats the purpose - -1998-03-31 00:15 millert - - * OPTIONS, options.h: add STUB_LOAD_INTERFACES - -1998-03-31 00:05 millert - - * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - updated version - -1998-03-30 23:54 millert - - * configure.in: support *-ccur-sysv4 and fix two typos - -1998-03-27 19:52 millert - - * configure.in: don't echo about with_logfile and with_timedir - -1998-03-27 19:49 millert - - * INSTALL: document --with-logfile and --with-timedir - -1998-03-27 19:46 millert - - * aclocal.m4: support --with-logfile and --with-timedir - -1998-03-27 19:46 millert - - * configure.in: Add --with-logfile and --with-timedir - -1998-03-27 19:27 millert - - * sudo.c: change size computation of NewArgv for UNICOS - -1998-02-18 20:10 millert - - * configure.in: treate -*-sysv4* like *-*-svr4 - -1998-02-18 18:19 millert - - * configure.in: fix spacing for --with-authenticate help - -1998-02-18 16:39 millert - - * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - updated version - -1998-02-18 16:23 millert - - * parse.yacc: fix off by one error in push macro - -1998-02-17 01:15 millert - - * configure.in: removed bogus alloca hack - -1998-02-17 01:15 millert - - * check.c: added AIX 4.x authenticate() support - -1998-02-17 01:11 millert - - * parse.yacc: include alloca.h if using bison and not gcc and it - exists. fixes an alloca problem on hpux 10.x - -1998-02-17 00:39 millert - - * INSTALL: mention --with-authenticate - -1998-02-17 00:37 millert - - * configure.in: added AIX authenticate() support - -1998-02-17 00:22 millert - - * config.h.in: add HAVE_AUTHENTICATE - -1998-02-16 23:58 millert - - * interfaces.c: dynamically size ifconf buffer - -1998-02-16 23:56 millert - - * configure.in: quote '[' and ']' - -1998-02-16 21:42 millert - - * Makefile.in, emul/utime.h, check.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - updated version - -1998-02-16 19:06 millert - - * visudo.pod: add ERRORS section - -1998-02-16 18:57 millert - - * TROUBLESHOOTING: add busy stmp file explanation - -1998-02-15 18:49 millert - - * configure.in: the name of the cached var that signals whether or - not you are cross compiling changed. It is now - ac_cv_prog_cc_cross - -1998-02-11 16:26 millert - - * INSTALL: mention glibc 2.07 is fixed wrt lsearch()\. - -1998-02-06 21:55 millert - - * sample.sudoers, sudoers.pod: better example of su but not root su - -1998-02-06 15:49 millert - - * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - updated version - -1998-02-06 15:48 millert - - * Makefile.in: correct regexp for updating version - -1998-02-06 14:05 millert - - * tgetpass.c: remove bogus flush of stderr spew prompt before - turning off echo. Seems to fix a weird problem where if sudo - complained about a bogus stamp file the user would sometimes not - have a chance to enter a password - -1998-02-06 14:05 millert - - * check.c: fix bogus flush of stderr - -1998-02-05 19:19 millert - - * sudo.c: close fd's <=2 not <=3 and move that chunk of code up - -1998-02-05 19:18 millert - - * configure.in: support hpux1[0-9] not just hpux10 - -1998-01-30 14:59 millert - - * parse.c: set sudoers_fp to nil after closing - -1998-01-24 01:05 millert - - * config.guess, config.sub: updated from autoconf 2.12 - -1998-01-24 00:50 millert - - * configure.in: add *-*-svr4 rule - -1998-01-22 22:53 millert - - * tgetpass.c: fix select usage for high fd's (dynamically allocate - readfds) - -1998-01-22 22:49 millert - - * check.c: kill extra whitespace - -1998-01-22 19:28 millert - - * sudo.c: do an initgroups() before running a command, unless the - target user is root. - -1998-01-22 12:22 millert - - * TROUBLESHOOTING: tell people to use tabs, not spaces, in - syslog.conf - -1998-01-21 01:56 millert - - * parse.lex, Makefile.in, config.h.in, getwd.c, strdup.c, putenv.c, - emul/utime.h, testsudoers.c, utime.c, dce_pwent.c: updated - version - -1998-01-21 01:32 millert - - * goodpath.c, sudo_setenv.c, interfaces.c, tgetpass.c, visudo.c: - updated version - -1998-01-21 01:29 millert - - * sudo.h, pathnames.h.in, options.h, compat.h, insults.h, - ins_2001.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc, - check.c, getspwuid.c, find_path.c, logging.c, parse.c, sudo.c: - updated version - -1998-01-21 01:20 millert - - * Makefile.in: more tweaks to update_version - -1998-01-21 01:19 millert - - * Makefile.in: fixed up update_version rule - -1998-01-21 00:55 millert - - * configure.in: ++version - -1998-01-21 00:53 millert - - * Makefile.in: removed supe of check.c - -1998-01-21 00:51 millert - - * INSTALL: ++version I missed - -1998-01-21 00:51 millert - - * RUNSON: updated - -1998-01-21 00:48 millert - - * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, emul/utime.h, BUGS, INSTALL, README: updated version - -1998-01-21 00:47 millert - - * CHANGES: updated for 1.5.5 - -1998-01-21 00:35 millert - - * Makefile.in: add rules to update version stuff in files so I - don't need to do it by hand - -1998-01-21 00:04 millert - - * sudo.h: sudoers_fp is now extern - -1998-01-21 00:03 millert - - * sudo.c: in check_sudoers, cache the sudoers file handle in - sudoers_fp so we don't have to open it again in the parse. This - may help with weird solaris problems where EAGAIN sometime - occurrs. - -1998-01-21 00:02 millert - - * parse.c: sudoers file open is now done only in check_sudoers() so - we just do a rewind() instead of an open. May help people on - solaris who were getting EAGAIN. - -1998-01-16 11:43 millert - - * INSTALL: mention that newer glibc is fixed - -1998-01-13 12:58 millert - - * sudo.c: newer irix uses _RLDN32_* envariables for 32-bit binaries - so ignore _RLD* instead of _RLD_* - -1998-01-13 10:32 millert - - * parse.c: typo - -1998-01-13 10:19 millert - - * parse.c: fix that bug for real - -1998-01-13 02:39 millert - - * INSTALL: document Linux's libc6 brokenness. - -1998-01-13 02:00 millert - - * parse.yacc: -Wall - -1998-01-13 01:22 millert - - * RUNSON: updated - -1998-01-13 00:50 millert - - * TROUBLESHOOTING: remind people to HUP syslogd - -1998-01-13 00:05 millert - - * Makefile.in: add -O flag to tar - -1998-01-13 00:00 millert - - * TODO, RUNSON: updated - -1998-01-12 23:59 millert - - * sudo.pod: remove author's email addr. people should mail - sudo-bugs - -1998-01-12 23:49 millert - - * INSTALL: fix version - -1998-01-12 23:48 millert - - * README, check.c, compat.h, config.h.in, configure.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c: ++version - -1998-01-12 23:44 millert - - * RUNSON: updated - -1998-01-12 23:42 millert - - * INSTALL, Makefile.in: ++version - -1998-01-12 23:41 millert - - * CHANGES: updated fort 1.5.4 - -1998-01-12 23:41 millert - - * check.c: exit(1) if user enters no passwd - -1998-01-12 23:37 millert - - * BUGS: ++version - -1998-01-12 23:10 millert - - * parse.c: commands can start with ./* not just /* -- fixes a - serious security hole. - -1997-12-21 18:17 millert - - * sudo.c: Don't set the tty variable to NULL when we lack a tty, - leave it as "unknown". - -1997-11-23 13:29 millert - - * sample.sudoers: fix usage of (username) in conjunction with , and - ! - -1997-11-23 13:28 millert - - * visudo.c: catch the case where the user is not in the passwd file - -1997-11-23 13:24 millert - - * tgetpass.c: use fileno(input) + 1 instead of getdtablesize() as - the nfds arg to select(2) - -1997-11-23 01:53 millert - - * sudo.c: define tty global to an initial value to avoid dumping - core in logging functions when passwd file is unavailable. - -1997-11-23 01:51 millert - - * sudo.c: do the set_perms(PERM_USER, sudo_mode) after we have - gotten the passwd entry - -1997-11-23 00:21 millert - - * sudo.pod: talk about problem of ALL - -1997-10-10 00:54 millert - - * README: new web location - -1997-10-10 00:54 millert - - * INSTALL: fdesc bug is fixed in Open/Net BSD - -1997-10-10 00:52 millert - - * HISTORY: updates from Nieusma - -1997-10-09 18:37 millert - - * dce_pwent.c: move compat.h after the system includes - -1997-08-06 14:58 millert - - * logging.c: save errno from being clobbered by wait(). From Theo - -1997-05-21 11:57 millert - - * compat.h: fix an occurence of setresuid -> setreuid (typo) - -1997-03-19 17:45 millert - - * install-sh: check for path to strip - -1997-01-15 19:05 millert - - * logging.c: deal with maxfilelen < 0 case - -1997-01-15 19:05 millert - - * OPTIONS: fixed descriptin - -1996-12-11 23:10 millert - - * sudo.c: correct error message if mode/owner wrong and not - statable by owner but is statable by root. - -1996-11-23 02:18 millert - - * config.guess, config.sub: autoconf 2.11 - -1996-11-16 14:42 millert - - * CHANGES, RUNSON, TODO: sudo 1.5.3. - -1996-11-14 15:08 millert - - * sudo.h, parse.yacc: command_alias -> generic_alias - -1996-11-13 22:50 millert - - * sample.sudoers: added Runas_Alias example and fixed syntax errors - -1996-11-13 22:50 millert - - * OPTIONS, options.h: updated MAILSUBJECT - -1996-11-13 22:49 millert - - * logging.c: added %h expansion - -1996-11-13 21:37 millert - - * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, INSTALL, README, configure.in: ++version - -1996-11-13 20:01 millert - - * emul/utime.h, BUGS: ++version - -1996-11-13 19:45 millert - - * sudoers.pod: document Runas_Alias - -1996-11-13 19:22 millert - - * visudo.pod: q (uid) -> Q - -1996-11-13 19:21 millert - - * visudo.c: buffer oflow checking q (uit) -> Q if yyparse() fails - drop into whatnow - -1996-11-13 19:05 millert - - * parse.yacc: add size params to sprintf - -1996-11-13 19:04 millert - - * parse.lex: allow trailing space after '\\' but before '\n' - -1996-11-13 19:04 millert - - * find_path.c: off by one error in path size check - -1996-11-13 19:03 millert - - * check.c: sprintf paranoia - -1996-11-12 11:59 millert - - * parse.yacc: fixed more_aliases - -1996-11-12 11:58 millert - - * visudo.c: now warns if killed by signal ./ - -1996-11-11 10:49 millert - - * parse.yacc: fix Runas_Alias stuff Alias's in runas list now get - expanded (but it is gross) - -1996-11-10 20:32 millert - - * sudo.c: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == - 0400 - -1996-11-10 20:08 millert - - * parse.yacc: add Runas_Alias support change FOO to FOO_ALIAS (ie: - USER_ALIAS) - -1996-11-10 20:02 millert - - * parse.lex: Add Runas_Alias and simplify a rule. - -1996-11-10 19:15 millert - - * parse.yacc: always store User_Alias's since they can be used - inside of a runas list. Sigh. Really need a Runas_Alias - instead. - -1996-10-30 18:04 millert - - * visudo.c: deal with case where there is no sudoers file - -1996-10-11 23:01 millert - - * TROUBLESHOOTING: added one - -1996-10-10 22:11 millert - - * HISTORY, testsudoers.c: developement -> development - -1996-10-10 22:08 millert - - * INSTALL: added a note - -1996-10-10 20:36 millert - - * RUNSON: for 1.5.2 - -1996-10-10 20:36 millert - - * CHANGES: updated - -1996-10-10 00:56 millert - - * PORTING: removed seteuid() notes - -1996-10-09 13:37 millert - - * compat.h: better seteuid() emulatino - -1996-10-09 13:36 millert - - * configure.in: added check for seteuid - -1996-10-09 13:36 millert - - * config.h.in: added HAVE_SETEUID - -1996-10-08 19:22 millert - - * configure.in: first stab at sequent support - -1996-10-08 19:21 millert - - * config.h.in: added HAVE_SYS_SELECT_H - -1996-10-08 19:21 millert - - * compat.h: sequent -> _SEQUENT_ - -1996-10-08 19:11 millert - - * compat.h: added seteuid() macro for DYNIX - -1996-10-08 18:54 millert - - * tgetpass.c: _AIX -> HAVE_SYS_SELECT_H - -1996-10-07 01:05 millert - - * emul/utime.h, check.c, compat.h, dce_pwent.c, find_path.c, - getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h, - pathnames.h.in, version.h, BUGS, INSTALL, Makefile.in, OPTIONS, - README, config.h.in, logging.c, parse.c, parse.lex, parse.yacc, - putenv.c, strdup.c, sudo_setenv.c, testsudoers.c, utime.c, - visudo.c, tgetpass.c: ++version - -1996-10-07 00:59 millert - - * sudo.pod: added -H and SUDO_PS1 - -1996-10-07 00:55 millert - - * configure.in: use SUDO_FUNC_FNMATCH - -1996-10-07 00:54 millert - - * aclocal.m4: added SUDO_FUNC_FNMATCH - -1996-10-07 00:53 millert - - * sudo.c: added -H flag - -1996-10-07 00:53 millert - - * sudo.h: added MODE_RESET_HOME / - -1996-10-05 00:00 millert - - * INSTALL: mention OPIE - -1996-10-04 23:59 millert - - * configure.in: added opie support - -1996-10-04 23:59 millert - - * check.c: added HAVE_OPIE and changed to *_OTP_* - -1996-10-04 23:58 millert - - * compat.h, config.h.in: added HAVE_OPIE - -1996-10-04 23:58 millert - - * OPTIONS, options.h: SKEY -> OTP - -1996-10-03 23:27 millert - - * check.c: moved fclose() in skey stuff. - -1996-10-03 19:53 millert - - * putenv.c: index -> strchr remove unnecesary stuff - -1996-10-03 19:43 millert - - * check.c: now call skeychallenge() to get challenge instead of - making one up ourselves. this way, we get extra goodies in the - prompt. - -1996-09-10 00:32 millert - - * CHANGES: added one - -1996-09-10 00:18 millert - - * parse.lex: allow logins to start with a number (YUCK!) - -1996-09-08 15:18 millert - - * TROUBLESHOOTING: added soalris 2.5 vs 2.4 note - -1996-09-08 15:15 millert - - * configure.in: DUNIX doesn't need -lnsl - -1996-09-07 20:22 millert - - * CHANGES: [no log message] - -1996-09-07 20:21 millert - - * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c, - getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, - options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, - tgetpass.c, utime.c, version.h, visudo.c: courtesan - -1996-09-07 20:13 millert - - * TROUBLESHOOTING, INSTALL, Makefile.in, PORTING, RUNSON, README: - courtesan - -1996-09-07 20:12 millert - - * visudo.pod: [no log message] - -1996-09-07 20:00 millert - - * sudo.pod, visudo.pod: courtesan - -1996-09-07 19:45 millert - - * HISTORY: added courtesan ./ - -1996-09-06 00:12 millert - - * sudo.c: added $SUDO_PROMPT support - -1996-09-04 17:19 millert - - * check.c: print long skey challemged to stderr, not stdout - -1996-08-31 23:10 millert - - * CHANGES: updated for 1.5.1 - -1996-08-31 23:07 millert - - * emul/utime.h: ++version - -1996-08-31 12:34 millert - - * RUNSON: updated for 1.5.1 - -1996-08-30 10:49 millert - - * check.c: use shost, not host for tgetpass - -1996-08-30 00:21 millert - - * OPTIONS, sudo.pod: documented %u and %h - -1996-08-29 20:40 millert - - * configure.in: fixed typo - -1996-08-29 20:37 millert - - * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c: ++version - -1996-08-29 20:30 millert - - * BUGS: ++version - -1996-08-29 18:32 millert - - * configure.in, Makefile.in, version.h: ++version - -1996-08-29 17:58 millert - - * sudo.h: new tgetpass() params - -1996-08-29 17:58 millert - - * check.c: pass use and host to tgetpass - -1996-08-29 17:57 millert - - * tgetpass.c: added %u and %h escapes - -1996-08-29 16:56 millert - - * OPTIONS, options.h, check.c: added NO_MESSAGE - -1996-08-29 16:23 millert - - * configure.in: added cray (unicos) support - -1996-08-27 11:36 millert - - * OPTIONS, options.h, sudo.c: added SHELL_SETS_HOME - -1996-08-25 17:56 millert - - * INSTALL: added note about "make install" - -1996-08-25 17:50 millert - - * parse.yacc: changed length/size params from int to size_t - -1996-08-25 13:35 millert - - * OPTIONS: now get CSOPS insults as well by default - -1996-08-25 13:33 millert - - * insults.h: use csops insults too by default - -1996-08-25 13:31 millert - - * INSTALL, Makefile.in, README, config.h.in, configure.in, - version.h: version = 1.5 - -1996-08-25 13:27 millert - - * sudo.c: added runas_homedir - -1996-08-25 13:27 millert - - * TODO: updated for 1.5 - -1996-08-25 13:23 millert - - * RUNSON: updated for 1.5 - -1996-08-25 13:19 millert - - * CHANGES: 1.5 release - -1996-08-25 13:17 millert - - * INSTALL: added "upgrading" notes - -1996-08-22 14:00 millert - - * visudo.c: now do chmod and chown after edit of temp file and - before rename - -1996-08-18 12:52 millert - - * Makefile.in: ++version added INSTALL.configure - -1996-08-18 12:52 millert - - * version.h, configure.in: ++version - -1996-08-18 12:51 millert - - * TROUBLESHOOTING: [no log message] - -1996-08-18 12:50 millert - - * parse.yacc: added missing cast - -1996-08-17 20:37 millert - - * sudo.c: sets $HOME to pw_dir of runas user - -1996-08-17 20:02 millert - - * sudo.pod: document $HOME change - -1996-08-17 19:43 millert - - * sudo.pod: fixed up some wording - -1996-08-17 19:25 millert - - * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, - goodpath.c, interfaces.c, logging.c, parse.c, parse.lex, - parse.yacc, putenv.c, strdup.c, sudo.c, sudo_setenv.c, - testsudoers.c, tgetpass.c, utime.c, visudo.c: ++version - -1996-08-17 19:19 millert - - * emul/utime.h, compat.h, ins_2001.h, ins_classic.h, ins_csops.h, - ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h: - ++version - -1996-08-17 19:18 millert - - * sudo.h: name nad type changes - -1996-08-17 19:17 millert - - * testsudoers.c: now works with new sudo - -1996-08-17 19:07 millert - - * parse.yacc: fixed some XXX - -1996-08-17 18:52 millert - - * parse.yacc: some variable name changes + comment headers for - functions. - -1996-08-17 18:41 millert - - * tgetpass.c: added extra paren's to make compilers happy - -1996-08-17 18:34 millert - - * sudo.c: [no log message] - -1996-08-17 18:30 millert - - * parse.c: now uses init_parser() if not in sudoers and tries - "list" or "validate" scold but don't be nasty. - -1996-08-17 18:29 millert - - * TROUBLESHOOTING: now can use upper case login names - -1996-08-17 18:29 millert - - * visudo.c: now uses init_parser() - -1996-08-17 18:28 millert - - * PORTING: added info about PASSWORD_TIMEOUT - -1996-08-17 18:28 millert - - * INSTALL, README: updated - -1996-08-17 18:28 millert - - * INSTALL.configure: Initial revision - -1996-08-17 18:27 millert - - * BUGS: fixed a bug , - -1996-08-17 18:27 millert - - * parse.yacc: now dynamically allocates memory for the stacks -- no - more overflows! - -1996-08-17 18:26 millert - - * sudo.pod: -l now explands command aliases - -1996-08-17 13:22 millert - - * parse.yacc: hacks to expand command aliases for `sudo -l' - -1996-08-17 13:22 millert - - * sudo.c: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, - and bash) - -1996-08-17 13:22 millert - - * sudo.h: added struct command_alias - -1996-08-17 13:20 millert - - * sudo.pod: fixed a bug - -1996-08-17 13:15 millert - - * lsearch.c: in compar() key should be first arg - -1996-08-15 15:48 millert - - * BUGS: fixed some bugs - -1996-08-15 15:47 millert - - * parse.yacc: can now deal with upcase HOST and USER names - -1996-08-15 15:47 millert - - * sudo.c: don't yell too loudly at non-sudoers if they do "sudo -l" - -1996-08-15 15:46 millert - - * sudo.pod: fixed thinko - -1996-08-15 15:46 millert - - * parse.c: fix comment - -1996-08-09 18:07 millert - - * parse.c, parse.yacc: added support for new `sudo -l' stuff - -1996-08-09 18:06 millert - - * sudo.c: now uses list_matches() - -1996-08-09 18:06 millert - - * sudo.h: added struct sudo_match - -1996-08-09 17:37 millert - - * configure.in: now more -lgnumalloc - -1996-08-01 13:12 millert - - * install-sh: added more paths for chown and whoami - -1996-07-31 10:41 millert - - * check.c: typo - -1996-07-30 13:45 millert - - * aclocal.m4: fixed DUNIX check for shadow pw - -1996-07-30 13:41 millert - - * tgetpass.c: now only turn off echo if it is already on. this - fixes a race when you use sudo in a pipelin - -1996-07-30 12:53 millert - - * INSTALL: updated - -1996-07-29 22:29 millert - - * configure.in: changed "test -z $foo && do_this" to if; then - construct - -1996-07-28 22:47 millert - - * configure.in: added missing defines of SHADOW_TYPE - -1996-07-26 14:10 millert - - * check.c: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since - they are only in dunix 4.x - -1996-07-26 14:09 millert - - * getspwuid.c: added AUTH_CRYPT_C1CRYPT support - -1996-07-26 13:23 millert - - * parse.c: no longer return VALIDATE_NOT_OK if there was a runas - that didn't match. Now we can have runas stuff on more than one - line. - -1996-07-25 23:45 millert - - * configure.in: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always - defined to something - -1996-07-25 23:45 millert - - * config.h.in: removed HAVE_C2_SECURITY added SPW_BSD - -1996-07-25 23:44 millert - - * compat.h, getspwuid.c, sudo.c, tgetpass.c: use SHADOW_TYPE - instead of HAVE_C2_SECURITY - -1996-07-25 23:44 millert - - * check.c: SHADOW_TYPE is always defined so just against its value - -1996-07-25 23:44 millert - - * aclocal.m4: added SUDO_CHECK_SHADOW_DUNIX - -1996-07-25 18:47 millert - - * sudoers.pod: * -> ?* in one example added another instance of - (runas) and one of NOPASSWD: - -1996-07-24 13:02 millert - - * configure.in: added back check for config.cache from other host - type - -1996-07-24 12:49 millert - - * parse.lex: removed an instance of \" - -1996-07-24 12:49 millert - - * sample.sudoers: added an example - -1996-07-24 12:44 millert - - * sudoers.pod: updated wrt new wildcard matching - -1996-07-24 10:28 millert - - * configure.in: new check for shadow passwords if we don't know - anything - -1996-07-24 10:28 millert - - * aclocal.m4: new SUDO_CHECK_SHADOW_GENERIC - -1996-07-24 02:19 millert - - * configure.in: added back check for -lsocket (oops) - -1996-07-24 02:16 millert - - * configure.in: better (working) check for shadow passwd type if we - know to use C2. - -1996-07-24 01:59 millert - - * configure.in: now uses AC_CANONICAL_HOST to figure out os type - -1996-07-24 01:59 millert - - * Makefile.in: added config.{guess,sub} - -1996-07-24 01:58 millert - - * aclocal.m4: removed unused stuff to figure out os type - -1996-07-23 22:58 millert - - * config.sub: added openbsd - -1996-07-23 22:54 millert - - * config.sub: Initial revision - -1996-07-23 22:40 millert - - * config.guess: Initial revision - -1996-07-23 21:18 millert - - * testsudoers.c: don't call fnmatch() with FNM_PATHNAME flag unless - it can only be a pathname. need to check against sudoers_args - even if user_args is nil - -1996-07-23 21:18 millert - - * parse.c: don't call fnmatch() with FNM_PATHNAME flag unless it - can only be a pathname need to check against sudoers_args even if - user_args is nil - -1996-07-23 18:52 millert - - * check.c: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2 - -1996-07-23 01:18 millert - - * testsudoers.c: now takes command line args and uses cmnd_args - -1996-07-23 01:10 millert - - * parse.lex: fill_args was adding an extra leading space - -1996-07-22 15:50 millert - - * visudo.c: fixed dummy command_matches() - -1996-07-22 15:50 millert - - * parse.yacc: fixed prototype - -1996-07-22 15:31 millert - - * sudo.h: added cmnd_args - -1996-07-22 15:31 millert - - * parse.yacc: now uses flat args string - -1996-07-22 15:30 millert - - * parse.c, parse.lex: now uses flat arg string - -1996-07-22 15:29 millert - - * visudo.c: added cmnd_args def - -1996-07-22 14:30 millert - - * sudo.c: now sets cmnd_args global - -1996-07-22 14:30 millert - - * logging.c: cmnd_args is now exported from sudo.[ch] - -1996-07-21 18:41 millert - - * parse.yacc: can't rely on cmnd_matches as much as I thought -- - added some $$ stuff back in to prevent namespace pollution - problems. - -1996-07-21 18:01 millert - - * parse.yacc: Simplified parse rules wrt runas and NOPASSWD (more - consistent). - -1996-07-20 00:45 millert - - * parse.lex: NOPASSWD may now have blanks before the ':' '(' only - starts a 'runas' if in the initial state to avoid collision with - command args - -1996-07-20 00:23 millert - - * configure.in: added checks for specific shadow passwd schemes - -1996-07-20 00:18 millert - - * aclocal.m4: added routines to check for specific shadow passwd - types - -1996-07-18 18:27 millert - - * configure.in: added support for ncr boxen - -1996-07-18 18:26 millert - - * aclocal.m4: added support for detecting ncr boxen - -1996-07-16 14:57 millert - - * configure.in: added sinix support - -1996-07-13 22:29 millert - - * TROUBLESHOOTING: added info about "config.cache from other other" - error. - -1996-07-13 22:22 millert - - * aclocal.m4: now makes sure you don't have a config.cache file - from another OS - -1996-07-13 21:36 millert - - * configure.in: now sets $LIBS when needed to configure links with - libs when doing tests hpux10 now uses SPW_SECUREWARE for C2 added - check for bigcrypt(3) if SPW_SECUREWARE - -1996-07-13 21:30 millert - - * getspwuid.c: fixed typo - -1996-07-13 21:05 millert - - * tgetpass.c: now include stuff for SPW_SECUREWARE to get - AUTH_MAX_PASSWD_LENGTH - -1996-07-13 21:05 millert - - * getspwuid.c: no more SPW_HPUX10 - -1996-07-13 21:04 millert - - * config.h.in: no more SPW_HPUX10 added HAVE_BIGCRYPT - -1996-07-13 21:04 millert - - * compat.h: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE - -1996-07-13 21:04 millert - - * check.c: SPW_SECUREWARE now uses bigcrypt - -1996-07-13 18:24 millert - - * sample.sudoers: fixed 2 syntax errors - -1996-07-13 18:24 millert - - * sudoers: root may now run ALL as ALL - -1996-07-11 20:59 millert - - * interfaces.c: fixed a typo/thinko that broke BSD's with sa_len - -1996-07-08 16:08 millert - - * check.c, configure.in: updated AFS support - -1996-07-08 16:07 millert - - * TROUBLESHOOTING: added entry about /usr/ucb/cc - -1996-07-08 16:06 millert - - * INSTALL: prep no longer holds gcc binaries - -1996-07-08 15:48 millert - - * INSTALL: updated AFS note - -1996-07-08 15:43 millert - - * Makefile.in: added @AFS_LIBS@ - -1996-07-08 15:33 millert - - * compat.h: AFS allows long passwords - -1996-07-08 14:16 millert - - * testsudoers.c: fixed -u user support - -1996-07-08 14:16 millert - - * parse.c: sudo -v now groks VALIDATE_OK_NOPASS - -1996-07-08 13:30 millert - - * parse.yacc: fixed no_passwd vs. runas_matched - -1996-07-08 10:30 millert - - * TROUBLESHOOTING: took out stuff about NFS-mounting since it is no - longer an issue - -1996-07-08 10:30 millert - - * INSTALL: added --with-libraries > --with-libpath --with-incpath - -1996-07-08 10:21 millert - - * parse.yacc: was setting runas_matches to -1 in wrong place - -1996-07-08 09:58 millert - - * check.c: removed usersec.h which is not present in new AFS - versions - -1996-07-08 09:55 millert - - * tgetpass.c: now deals with timeout <= 0 - -1996-07-08 09:51 millert - - * OPTIONS: updated - -1996-07-08 00:04 millert - - * configure.in: BSD/OS >= 2.0 now uses shlicc instead of just gcc - -1996-07-07 22:30 millert - - * sudo.c: fixed backwards compatibility with sudo 1.4 sudoers mode - for root readable/writable filesystems - -1996-07-07 20:49 millert - - * Makefile.in: now gives INSTALL -c flag - -1996-07-07 20:34 millert - - * parse.yacc: slightly simpler initialization of no_passwd and - runas_matches - -1996-07-07 20:33 millert - - * testsudoers.c: added -u username support - -1996-07-07 20:32 millert - - * configure.in: improved --with-libraries support - -1996-07-07 16:27 millert - - * configure.in: added --with-incpath, --with-libpath, - --with-libraries - -1996-07-07 16:01 millert - - * parse.yacc: now initializes some fields that weren't getting set - to -1 pretty gross -- need a rewrite. - -1996-06-25 23:19 millert - - * alloca.c: removed emacs'isms - -1996-06-25 22:29 millert - - * configure.in: no longer add -lPW to *_LIBS since we include - alloca.c - -1996-06-25 22:29 millert - - * config.h.in: added HAVE_ALLOCA_H - -1996-06-25 22:28 millert - - * Makefile.in: added alloca.c - -1996-06-25 22:18 millert - - * alloca.c: Initial revision - -1996-06-25 21:58 millert - - * configure.in: ++version - -1996-06-25 19:32 millert - - * sudo.c: now set uid to 1 instead of nobody for PERM_SUDOERS since - nobody is not always set to a valid uid. - -1996-06-25 19:31 millert - - * OPTIONS: fixed entry for SUDO_MODE - -1996-06-25 18:02 millert - - * sudo.c: Fixed NFS-mounted sudoers file under solaris both uid - *and* gid were being set to -2. Now beat NFS to the punch and - set uid to "nobody" ourselves, preserving group 0 to read - sudoers. - -1996-06-25 18:02 millert - - * parse.c: moved set_perms(PERM_ROOT) to be before yyparse() - -1996-06-25 18:00 millert - - * logging.c: fixed a typo - -1996-06-25 18:00 millert - - * configure.in: no longer need AC_PROG_INSTALL - -1996-06-25 17:59 millert - - * Makefile.in: always use install-sh to avoid install(1)'s that use - get{pw,gr}nam - -1996-06-25 16:07 millert - - * INSTALL: make clean -> make distclean - -1996-06-20 01:17 millert - - * parse.yacc: removed some unnecsary if's - -1996-06-20 01:16 millert - - * Makefile.in, version.h: ++version - -1996-06-20 01:16 millert - - * parse.c, testsudoers.c: now includes netgroup.h - -1996-06-20 00:45 millert - - * interfaces.c: removed cats of ioctl to int since they didn't shut - up -Wall - -1996-06-20 00:43 millert - - * interfaces.c: explicately cast ioctl() to int since it it not - always declared - -1996-06-20 00:41 millert - - * sudo.h: added declarations for yyparse() and yylex() - -1996-06-20 00:27 millert - - * parse.yacc: fixed an occurence of '==' -> '=' - -1996-06-20 00:22 millert - - * config.h.in, configure.in: added check for netgroup.h - -1996-06-20 00:20 millert - - * sudo.c: fixed 2 compiler warnings - -1996-06-20 00:08 millert - - * sudo.c: SHELL_IF_NO_ARGS caused core dump since NewArg[cv] - weren't being initialized - -1996-06-19 13:53 millert - - * sudo.pod: fixed a typo - -1996-06-17 12:19 millert - - * parse.yacc: fixed a formatting thingie - -1996-06-17 12:16 millert - - * parse.c, parse.yacc: fixed -u support with multiple user lists on - a line - -1996-06-17 10:23 millert - - * configure.in: unixware needs -lgen - -1996-06-17 10:23 millert - - * README: updated ftp location - -1996-06-17 00:08 millert - - * sudoers.pod: add net_addr/netmask support - -1996-06-17 00:07 millert - - * sample.sudoers: added net_addr/mask example - -1996-06-17 00:02 millert - - * parse.lex, parse.c: added support for net_addr/netmask - -1996-06-15 20:13 millert - - * sudoers.pod: ^ -> ! - -1996-06-15 18:12 millert - - * RUNSON: updated for 1.4.3 - -1996-06-15 18:12 millert - - * CHANGES: udpated for 1.4.3 - -1996-06-15 18:11 millert - - * TROUBLESHOOTING, TODO, BUGS: updated - -1996-06-15 18:11 millert - - * sample.sudoers: updated with examples of new stuff - -1996-06-15 18:10 millert - - * INSTALL, README: ++version - -1996-06-15 18:01 millert - - * sudoers.pod: updated wrt -u and NOPASSWD - -1996-06-15 17:58 millert - - * sudo.pod: updated wrt -u and CAVEATS - -1996-06-08 23:15 millert - - * sudo.c: fixed usage() - -1996-06-08 22:57 millert - - * parse.lex: now use :foo: character classes (makes no diff for - generated lexer) - -1996-06-07 14:33 millert - - * check.c: fixed LONG_SKEY_PROMPT stuff - -1996-06-06 15:35 millert - - * visudo.c: fixed a comment - -1996-06-06 15:03 millert - - * lsearch.c: make more like NetBSD one -- now compiles w/o warnings - -1996-06-06 15:02 millert - - * emul/search.h: fixed decls of lsearch() - -1996-06-05 22:20 millert - - * config.h.in, configure.in, getspwuid.c: added SPW_HPUX10 - -1996-06-05 22:20 millert - - * check.c: hpux 10 uses bigcrypt() if C2 - -1996-06-04 19:57 millert - - * parse.c: now always uses fnmatch to match args - -1996-06-04 19:40 millert - - * tgetpass.c: back to using stdio instead of raw i/o since that - caused some problems - -1996-05-28 22:14 millert - - * sudo.c: now give usage warning if use -l,-v,-k with args - -1996-05-28 18:22 millert - - * sudo.c: NewArgc is now set to 1 for -l, -v, -k - -1996-05-28 12:50 millert - - * sudo.c: now sets sudoers to correct group if mode is 0400 - -1996-05-28 12:02 millert - - * install-sh: updated to version used by inn and bind - -1996-05-28 00:08 millert - - * configure.in: now uses -lgnumalloc if it exists - -1996-05-28 00:02 millert - - * Makefile.in: "make install" now sets uid/gid and mode on sudoers - if it exists - -1996-05-28 00:01 millert - - * sudo.c: rmeoved debugging statements - -1996-05-28 00:00 millert - - * parse.yacc: added a missing free() - -1996-05-27 23:58 millert - - * sudo.c: now uses user_gid instead of getegid (which was wrong - anyway) to set SUDO_GID Now sets command line args in - SUDO_COMMAND envariabled (logging.c depends on args being in the - environment) - -1996-05-27 23:57 millert - - * logging.c: now uses SUDO_COMMAND envariable to get command args - rather than building it up again. - -1996-05-27 22:42 millert - - * parse.c: now uses user_gid - -1996-05-27 20:02 millert - - * sudo.c: fixed off by one error in allocation NewArgv - -1996-05-27 20:01 millert - - * parse.c: in sudoers, 'command ""' now means command with no args - -1996-05-27 20:01 millert - - * configure.in: added check for fnmatch(3) and fnmatch.h - -1996-05-27 20:01 millert - - * config.h.in: added HAVE_FNMATCH - -1996-05-27 20:00 millert - - * Makefile.in: replaced wildcat.* with fnmatch.* - -1996-05-27 20:00 millert - - * testsudoers.c: now uses fnmatch() - -1996-05-27 19:38 millert - - * parse.c: now uses fnmatch() instead of wildmat a trailing star - (*) by itself now matches multiple args added support for - wildcards in the pathname in sudoers - -1996-05-25 19:23 millert - - * fnmatch.c: now includes compat.h and config.h - -1996-05-25 18:09 millert - - * config.h.in: added HAVE_FNMATCH_H - -1996-05-25 18:07 millert - - * configure.in: now checks for alloca() (if needed by bison or dce) - and links with -lPW if it contains alloca() and libv and compiler - do not. - -1996-05-25 18:03 millert - - * fnmatch.3, fnmatch.c, emul/fnmatch.h: Initial revision - -1996-04-28 22:38 millert - - * sudo.c: now fixes mode on sudoers if set to 0400 to aid in - upgrade - -1996-04-28 17:44 millert - - * Makefile.in: fixed pod2man usage - -1996-04-28 17:40 millert - - * configure.in, Makefile.in, version.h: ++version - -1996-04-28 17:20 millert - - * testsudoers.c, visudo.c: runas_user is now initialized to "root" - -1996-04-28 17:20 millert - - * sudo.h: removed PERM_FULL_ROOT - -1996-04-28 17:18 millert - - * sudo.c: runas_user defaults to "root" so no more need to - PERM_RUNAS - -1996-04-28 17:16 millert - - * parse.c: will now only running commands as root if there was no - runas list (or if root is in the runas list) - -1996-04-28 17:15 millert - - * logging.c: now logs "USER=%s" - -1996-04-28 17:12 millert - - * parse.yacc: runas_matches is now set to false if we get a - negative match - -1996-04-28 15:01 millert - - * parse.lex: make #uid work + some minor cleanup - -1996-04-27 21:04 millert - - * sample.sudoers: added support for NOPASSWD and "runas" from - garp@opustel.com / - -1996-04-27 21:03 millert - - * visudo.c: added support for "runas" from garp@opustel.com - replaced SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added - support for SUDOERS_MODE - -1996-04-27 21:03 millert - - * testsudoers.c: added support for "runas" from garp@opustel.com - -1996-04-27 21:02 millert - - * sudo.h: added support for NO_PASSWD and runas from - garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and - SUDOERS_GID and added support fro SUDOERS_MODE - -1996-04-27 21:00 millert - - * sudo.c: added support for NO_PASSWD and runas from - garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and - SUDOERS_GID and added support fro SUDOERS_MODE - -1996-04-27 21:00 millert - - * parse.yacc: added support for NO_PASSWD and runas from - garp@opustel.com - -1996-04-27 20:58 millert - - * parse.c, parse.lex: added support for NO_PASSWD and runas from - garp@opustel.com - -1996-04-27 20:56 millert - - * logging.c: added support for SUDOERS_WRONG_MODE and "runas" - -1996-04-27 20:40 millert - - * configure.in: added --with-CC only link with -lshadow on linux - (with shadow pw) if libc lacks getspnam() - -1996-04-27 20:39 millert - - * OPTIONS, options.h: removed NO_PASSWD since it is not possible to - do this in the sudoers file itself. Replaced SUDOERS_OWNER with - SUDOERS_UID and SUDOERS_GID. Added SUDOERS_MODE. - -1996-04-27 20:26 millert - - * Makefile.in: now uses SUDOERS_UID and SUDOERS_GID - -1996-04-27 11:20 millert - - * INSTALL: added --with-CC - -1996-04-06 16:31 millert - - * parse.lex: added double quote support - -1996-04-06 16:29 millert - - * sudoers.pod: documented double quoting - -1996-04-05 16:53 millert - - * mkinstalldirs: Initial revision - -1996-04-05 16:53 millert - - * check.c: fixed some indentation - -1996-04-05 16:48 millert - - * Makefile.in: fixed a typo - -1996-04-04 19:39 millert - - * Makefile.in: added install-dirs . - -1996-04-04 14:16 millert - - * dce_pwent.c: new version from "Jeff A. Earickson" - - -1996-04-03 13:40 millert - - * configure.in: $CSOPS -> $with_csops (whoops, missed one) - -1996-04-03 13:40 millert - - * BUGS: updated - -1996-04-03 13:36 millert - - * parse.lex: FQHOST now has same constraints as non-FQHOST - -1996-04-02 19:00 millert - - * INSTALL: added note about OS's w/ shadow passwords turned on by - default - -1996-04-02 18:58 millert - - * configure.in: fixed a typo - -1996-04-02 18:48 millert - - * configure.in: added support for --without-THING sanitized shadow - pw situtation by adding support for --without-C2 - -1996-04-02 16:42 millert - - * tgetpass.c: fixed a typo wrt placement of an end paren - -1996-04-02 14:57 millert - - * check.c: was closing an fd that may not have been opened - -1996-03-21 19:55 millert - - * sudo.c, OPTIONS, options.h: added NO_PASSWD - -1996-03-19 19:40 millert - - * configure.in: now always use shadow pw on some arches - -1996-03-19 17:07 millert - - * configure.in: added pyramid support - -1996-03-19 17:04 millert - - * configure.in: no longer check for C2 if alternate passwd method - is used no longer check for some libs twice - -1996-03-19 17:00 millert - - * parse.yacc: moved fqdn stuff into parse.lex (FQHOST) - -1996-03-19 17:00 millert - - * parse.lex: added FQHOST rules - -1996-03-18 20:57 millert - - * tgetpass.c: now define TCSASOFT in necesary - -1996-03-18 20:31 millert - - * tgetpass.c: now uses read/write instead of stdio string goop to - avoid problems with select(2) - -1996-03-18 19:37 millert - - * OPTIONS, find_path.c, options.h: -DNO_DOT_PATH -> - -DIGNORE_DOT_PATH - -1996-03-17 16:18 millert - - * INSTALL: added note about no shadow auto-detect if using - alternate auth schemes - -1996-03-17 15:33 millert - - * configure.in: don't check for C2 if AFS or DCE (unless they said - --with-C2) - -1996-03-17 15:08 millert - - * testsudoers.c: now groks shost - -1996-03-17 15:01 millert - - * options.h, OPTIONS, find_path.c: added NO_DOT_PATH - -1996-03-16 14:43 millert - - * find_path.c: checkdot now works correctly - -1996-03-12 18:01 millert - - * configure.in: can't have DCE and C2 passwords both... - -1996-03-11 14:05 millert - - * parse.yacc, sudo.c, sudo.h, visudo.c: now uses shost even if not - FQDN - -1996-03-11 14:04 millert - - * configure.in: now looks for skey in /usr/lib and doesn't require - libskey to be in /usr/local/lib just because skey.h is (for my - netbsd box :-) - -1996-03-11 02:00 millert - - * aclocal.m4, config.h.in, pathnames.h.in: _SUDO_PATH_ -> - _CONFIG_PATH_ - -1996-03-10 21:01 millert - - * aclocal.m4, sudo.pod: /var/run/.odus -> /var/run/sudo - -1996-03-10 20:59 millert - - * pathnames.h.in: now uses _SUDO_PATH_TIMEDIR - -1996-03-10 20:59 millert - - * OPTIONS: udpated FQDN - -1996-03-10 20:58 millert - - * config.h.in: added _SUDO_PATH_TIMEDIR - -1996-03-10 20:58 millert - - * aclocal.m4, configure.in: added SUDO_TIMEDIR - -1996-03-10 20:58 millert - - * sudo.pod: updated wrt /var/run/sudo - -1996-03-10 20:16 millert - - * sudo.c, sudo.h: added support for shost if FQDN - -1996-03-10 20:14 millert - - * parse.yacc, visudo.c: now uses shost if FQDN - -1996-03-10 20:12 millert - - * check.c: Now use skeylookup() instead off skeychallenge() - -1996-02-27 20:41 millert - - * logging.c: mail_argv should not contain ALERTMAIL as it includes - "-t" - -1996-02-22 17:06 millert - - * INSTALL, Makefile.in, README, version.h, configure.in: ++version - -1996-02-22 16:27 millert - - * compat.h: added more _PASSWD_LEN stuff -- now uses PASS_MAX too - -1996-02-22 16:27 millert - - * tgetpass.c: now includes limits.h moved _PASSWD_LEN -> compat.h - -1996-02-05 19:20 millert - - * README, INSTALL: ++version - -1996-02-05 19:20 millert - - * Makefile.in: ++versoin - -1996-02-05 19:16 millert - - * Makefile.in: fixed a typo - -1996-02-05 19:16 millert - - * configure.in: ++version - -1996-02-05 18:53 millert - - * RUNSON: updated - -1996-02-05 18:47 millert - - * CHANGES: done for 1.4.1 (I hope) - -1996-02-05 18:45 millert - - * sudoers.pod: added info on wildcards - -1996-02-05 18:39 millert - - * sample.sudoers: added wildcard example - -1996-02-05 17:03 millert - - * Makefile.in: now uses *.pod to build *.man and *.cat & *.html - -1996-02-05 17:03 millert - - * configure.in: addedSUDO_PROG_BSHELL !ll - -1996-02-05 16:10 millert - - * visudo.pod: fixed up some formatting - -1996-02-05 16:10 millert - - * sudoers.pod: redid section describing sample sudoers stuff - -1996-02-05 16:10 millert - - * sudo.pod: fixed some formatting - -1996-02-04 22:50 millert - - * getspwuid.c: now treats "" as bourne shell - -1996-02-04 22:49 millert - - * Makefile.in: TESTOBJS nwo includes wildmat.o - -1996-02-04 22:48 millert - - * testsudoers.c: now works with NewArg[cv] - -1996-02-04 21:59 millert - - * sudo.c: removed an XXX (fixed it in getspwuid.c) - -1996-02-04 21:58 millert - - * aclocal.m4: added check for bourne shell - -1996-02-04 21:58 millert - - * pathnames.h.in: added _PATH_BSHELL - -1996-02-04 21:58 millert - - * config.h.in: added _SUDO_PATH_BSHELL - -1996-02-04 16:36 millert - - * visudo.c: unixware vi returns 256 instead of 0 - -1996-02-04 16:24 millert - - * INSTALL: added Linux note - -1996-02-04 16:13 millert - - * logging.c: fixed up some XXX's. file log format now looks a - little more like real syslog(3) format. - -1996-02-04 16:13 millert - - * README, TROUBLESHOOTING: updated wrt lex/flex - -1996-02-04 16:11 millert - - * Makefile.in: commented out rule to build lex.yy.c from parse.lex - since we ship with a pre-flex'd parser - -1996-02-04 16:09 millert - - * parse.c, parse.yacc, visudo.c: path_matches -> command_matches - -1996-02-04 02:28 millert - - * logging.c: eliminated some strcat()'s - -1996-02-04 02:10 millert - - * configure.in: no longer checks for lex/flex (now assumes flex) - -1996-02-04 02:08 millert - - * configure.in: now checks for $kerb_dir_candidate/krb.h instead of - just kerb_dir_candidate - -1996-02-02 20:48 millert - - * parse.yacc: now use a 'hook' expression instead of an iffy one - :-) - -1996-02-02 01:14 millert - - * visudo.c: now works with new sudo arg stuff - -1996-02-02 01:14 millert - - * parse.yacc: fixed dereferencing deadbeef - -1996-02-01 23:53 millert - - * sudo.c: changed an occurrence of Argv to NewArgv - -1996-02-01 23:53 millert - - * parse.lex: took out support for quoted commands since there is no - need... - -1996-02-01 23:52 millert - - * parse.c: fixed a typo in a for() loop - -1996-02-01 23:52 millert - - * logging.c: protected against dereferencing rogue pointers - -1996-02-01 22:34 millert - - * sudo.c: now uses NewArgv amd NewArgc so cmnd_aegs is no longer - needed this also allows us to eliminate some kludges in - parse_args() and eliminate superfluous code. - -1996-02-01 22:34 millert - - * logging.c: no longer uses cmnd_args, now uses NewArgv instead. - -1996-02-01 22:32 millert - - * sudo.h: added struct sudo_command, NewArgc, and NewArgv removed - cmnd_args (no longer used) - -1996-02-01 22:31 millert - - * Makefile.in: added wildmat.c to SRCS & SUDOBJS - -1996-02-01 22:30 millert - - * parse.yacc: COMMAND is now a struct containing the path and args - -1996-02-01 22:30 millert - - * parse.lex: replaced append() with fill_cmnd() and fill_args. - command args from a sudoers entry are now stored in an arrary for - easy matching. - -1996-02-01 22:28 millert - - * parse.c: command line args from sudoers file are now in an array - like ones passed in from the command line - -1996-01-31 20:59 millert - - * parse.c: wildwat stuff now works - -1996-01-29 00:44 millert - - * version.h: ++version - -1996-01-29 00:44 millert - - * Makefile.in: ++version added wildmat.* - -1996-01-28 17:55 millert - - * parse.lex: added support for quoted commands (w/ or w/o args) - -1996-01-22 01:55 millert - - * sudo.pod, visudo.pod: cleaned up formatting - -1996-01-21 20:53 millert - - * sudo.pod, visudo.pod: Initial revision - -1996-01-21 02:07 millert - - * sudoers.pod: looks reasonable, could be mroe readable - -1996-01-20 23:47 millert - - * sudoers.pod: Initial revision - -1996-01-16 14:38 millert - - * RUNSON: updated - -1996-01-16 14:37 millert - - * OPTIONS: updated NO_ROOT_SUDO entry - -1996-01-15 11:37 millert - - * RUNSON: [no log message] - -1996-01-15 11:34 millert - - * sudo.c: fixed SECURE_PATH - -1996-01-14 20:55 millert - - * RUNSON: udpa`ted for 1.4 - -1996-01-14 20:52 millert - - * configure.in: AIX aixcrypt.exp now uses $(srcdir) - -1996-01-14 20:32 millert - - * TROUBLESHOOTING: added entry for anal ansi compilers - -1996-01-14 16:13 millert - - * INSTALL: added info on libcrypt_i for SCO - -1996-01-14 16:05 millert - - * TODO: [no log message] - -1996-01-14 15:39 millert - - * sample.sudoers: added comments - -1996-01-14 15:25 millert - - * TODO: 1.4 release - -1996-01-14 15:22 millert - - * README, config.h.in, configure.in, CHANGES: ++version - -1996-01-14 15:21 millert - - * BUGS: ++version and fixed ISC - -1996-01-14 15:19 millert - - * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, - getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, - ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h, - logging.c, putenv.c, strdup.c, sudo.c, sudo_setenv.c, - testsudoers.c, tgetpass.c, utime.c, visudo.c, INSTALL, OPTIONS: - ++version - -1996-01-14 15:16 millert - - * interfaces.c: added STUB_LOAD_INTERFACES ++version - -1996-01-14 15:14 millert - - * Makefile.in, version.h, parse.c, parse.lex, parse.yacc, - emul/utime.h: ++version - -1996-01-14 15:13 millert - - * PORTING: added info about fd_set in tgetpass added info on - interfaces.c - -1996-01-11 13:22 millert - - * dce_pwent.c: added sudo header - -1996-01-11 13:04 millert - - * tgetpass.c: fixed a typo - -1996-01-11 13:01 millert - - * Makefile.in: tgetpass.o is now only linked in with sudo (not - visudo) - -1996-01-09 12:56 millert - - * BUGS, INSTALL, OPTIONS, README, Makefile.in, config.h.in, - configure.in: ++version - -1996-01-09 12:54 millert - - * emul/utime.h: added copyright notice - -1996-01-09 12:52 millert - - * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c: ++version - -1996-01-09 12:46 millert - - * tgetpass.c: minor cleanup and now includes sys/bsdtypes for - svr4'ish boxen - -1996-01-09 12:42 millert - - * configure.in: ISC now gets -lcrypt now check for sys/bsdtypes.h - -1996-01-09 12:41 millert - - * config.h.in: added check for sys/bsdtypes.h - -1996-01-07 16:00 millert - - * parse.yacc: removed debugging stuff (setting freed ptr to NULL) - -1996-01-07 15:55 millert - - * TROUBLESHOOTING: added 2 entries - -1996-01-07 15:55 millert - - * Makefile.in: added FAQ - -1996-01-07 14:26 millert - - * TROUBLESHOOTING: added section on syslog - -1996-01-07 14:25 millert - - * configure.in: added AC_ISC_POSIX for better ISC support - -1996-01-07 14:25 millert - - * config.h.in: fixed typo - -1996-01-07 14:25 millert - - * config.h.in: added define for _POSIX_SOURCE - -1996-01-04 00:41 millert - - * configure.in: fixed check for lsearch() - -1995-12-21 21:53 millert - - * interfaces.c: fixed for AIX now deal if num_interfaces == 0 - (should not happen) - -1995-12-20 17:02 millert - - * configure.in: now only define HAVE_LSEARCH if there is a - corresponding search.h - -1995-12-20 15:52 millert - - * interfaces.c: works on ISC again - -1995-12-18 17:36 millert - - * configure.in: now define HAVE_LSEARCH if we find lsearch() in - libcompat - -1995-12-18 17:32 millert - - * lsearch.c: char * -> const char * - -1995-12-18 17:29 millert - - * configure.in: now looks in -lcompat for lsearch() - -1995-12-18 17:23 millert - - * Makefile.in: remove sudo.core visudo.core for clan target - -1995-12-17 22:53 millert - - * aclocal.m4: added UID_MAX support in check for MAX_UID_T_LEN - -1995-12-17 22:36 millert - - * Makefile.in: fixed another occurence of sudo_getpwuid.* - -1995-12-17 22:30 millert - - * getspwuid.c, Makefile.in: sudo_getpwuid.c -> getspwuid.c - -1995-12-17 22:22 millert - - * configure.in: moved the "echo" - -1995-12-17 22:09 millert - - * CHANGES, BUGS, INSTALL, Makefile.in, OPTIONS, README, check.c, - compat.h, config.h.in, configure.in, find_path.c, getspwuid.c, - getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, - ins_goons.h, insults.h, interfaces.c, logging.c, options.h, - parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, - strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, - tgetpass.c, utime.c, version.h, visudo.c: ++version - -1995-12-17 22:04 millert - - * testsudoers.c: added group support - -1995-12-17 22:00 millert - - * sample.sudoers: added group entry - -1995-12-17 21:59 millert - - * sudoers.man: documented group support - -1995-12-17 21:50 millert - - * parse.c, parse.lex, visudo.c, parse.yacc: added group support - -1995-12-15 17:45 millert - - * check.c: tkfile was too short and overflowed the kerberos realm - -1995-12-11 17:09 millert - - * sudo.c: now copy command args directly from Argv - -1995-12-11 15:55 millert - - * sudo.c: replaced code to copy cmnd_args so that is does not use - realloc since most realloc()'s really stink - -1995-12-08 14:11 millert - - * configure.in: syslog() fixed in hpux 10.01 - -1995-12-06 17:45 millert - - * configure.in: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS - if appropriate) - -1995-12-06 17:30 millert - - * configure.in: better error if cannot find skey incs or libs - -1995-12-06 17:26 millert - - * aclocal.m4: now use a temp file for determining max len of uid_t - in string form. the old hacky way broke on netbsd - -1995-12-05 19:02 millert - - * sudo.c: added set of parens and a space - -1995-12-05 18:58 millert - - * dce_pwent.c: fixes from Jeff Earickson , - -1995-12-05 18:58 millert - - * check.c: modified a comment - -1995-12-05 18:57 millert - - * Makefile.in: fixed up testsudoers target - -1995-12-05 18:56 millert - - * configure.in: DCE changes from Jeff Earickson - LIBS -> SUDO_LIBS and VISUDO_LIBS LDFLAGS -> - SUDO_FDFLAGS and VISUDO_LDFLAGS - -1995-12-05 18:17 millert - - * Makefile.in: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> - SUDO_LDFLAGS, VISUDO_LDFLAGS - -1995-11-27 23:32 millert - - * configure.in: fix for C2 on hpux 10 now uses -linet if it exists - -1995-11-27 23:17 millert - - * check.c: LONG_SKEY_PROMPT is less of a klusge / - -1995-11-27 23:17 millert - - * configure.in: fixed typos w/ dce stuff - -1995-11-27 23:14 millert - - * Makefile.in: added dce_pwent.c - -1995-11-26 13:48 millert - - * INSTALL: amended section on combining authentication mechanisms - -1995-11-26 13:48 millert - - * PORTING: minor updates for 1.3.6 - -1995-11-26 13:47 millert - - * TROUBLESHOOTING: added 2 more entries - -1995-11-26 13:39 millert - - * BUGS: updated for 1.3.6 - -1995-11-26 13:39 millert - - * README: overhauled - -1995-11-25 21:23 millert - - * INSTALL: rewrote for sudo 1.3.6 - -1995-11-25 21:23 millert - - * TROUBLESHOOTING: added 3 entries - -1995-11-25 13:53 millert - - * find_path.c, getspwuid.c, sudo.c: added explict casts for strdup - since many includes don't prototype it. gag me. - -1995-11-25 13:23 millert - - * sudo.h: removed prototype for sudo_getpwuid() since convex C - compiler choked on it. - -1995-11-25 13:23 millert - - * sudo.c: added prototype for sudo_getpwuid() - -1995-11-25 13:23 millert - - * lsearch.c: now compiles on strict ANSI compilers - -1995-11-24 23:56 millert - - * check.c: added LONG_SKEY_PROMPT support - -1995-11-24 23:55 millert - - * Makefile.in: added extra $'s for make to eat up, yum. - -1995-11-24 23:38 millert - - * OPTIONS, options.h: added LONG_SKEY_PROMPT - -1995-11-24 18:48 millert - - * check.c: s/key support now works with normal s/key as well as - logdaemon - -1995-11-24 18:46 millert - - * options.h, OPTIONS: added SKEY_ONLY - -1995-11-24 18:46 millert - - * compat.h: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY - -1995-11-24 00:42 millert - - * INSTALL: added DCE note added more AIX notes - -1995-11-24 00:39 millert - - * sudo.c: now include pthread.h for DCE support - -1995-11-23 22:22 millert - - * check.c: dce_pwent() is ok after all ., - -1995-11-23 22:21 millert - - * logging.c: now uses SYSLOG() macro that equates to either - syslog() or syslog_wrapper - -1995-11-23 21:44 millert - - * dce_pwent.c: minor formatting changes. renamed check() to - somthing less generic - -1995-11-23 21:27 millert - - * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c, - visudo.c: now uses user_pw_ent and simple macros to get at the - contents - -1995-11-22 20:35 millert - - * check.c: simpler dec unix C2 support - -1995-11-22 20:35 millert - - * getspwuid.c: now sets crypt_type for DEC unix C2 - -1995-11-21 18:00 millert - - * configure.in: added csops paths for skey - -1995-11-21 16:27 millert - - * getspwuid.c: now includes string.h for strdup() prototype - -1995-11-21 01:47 millert - - * getspwuid.c: fixed a few typos - -1995-11-20 22:59 millert - - * check.c: now includes skey.h - -1995-11-20 22:10 millert - - * getspwuid.c: fixed up comments - -1995-11-20 22:04 millert - - * check.c: moved a lot of the shadow passwd crap to sudo_getpwuid() - -1995-11-20 22:01 millert - - * sudo.c: now uses sudo_pw_ent - -1995-11-20 21:50 millert - - * testsudoers.c: now uses sudo_pw_ent - -1995-11-20 21:40 millert - - * visudo.c: now sets sudo_pw_ent - -1995-11-20 21:28 millert - - * getspwuid.c: Initial revision - -1995-11-20 21:28 millert - - * tgetpass.c: moved dce stuff into compat.h - -1995-11-20 21:27 millert - - * sudo.h, logging.c: now uses sudo_pw_ent - -1995-11-20 21:27 millert - - * Makefile.in: added sudo_getpwuid.c - -1995-11-20 21:25 millert - - * compat.h: added dce support - -1995-11-20 21:13 millert - - * parse.yacc: now uses sudo_pw_ent - -1995-11-20 14:40 millert - - * check.c: fixed exempt_group stuff for OS's that don't put base - gid in group vector - -1995-11-20 01:39 millert - - * check.c: S/Key support now works with sunos4 shadow passwords - -1995-11-19 22:31 millert - - * Makefile.in: fixed clean rule - -1995-11-19 22:31 millert - - * config.h.in, configure.in: added DCE support - -1995-11-19 22:30 millert - - * tgetpass.c: DCE & KERB support - -1995-11-19 22:30 millert - - * check.c: first stab at dce support - -1995-11-19 22:24 millert - - * dce_pwent.c: now smells like sudo - -1995-11-19 22:11 millert - - * dce_pwent.c: Initial revision - -1995-11-19 21:36 millert - - * check.c: skey'd sudo now works w/ normal password as well - -1995-11-19 18:37 millert - - * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, - find_path.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, - options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, - tgetpass.c, utime.c, version.h, visudo.c: updated version number - -1995-11-19 18:32 millert - - * README: updated to reflect version change - -1995-11-19 18:27 millert - - * configure.in: --with options now line up ++version - -1995-11-19 18:26 millert - - * sudo.h: removed unecesary S/Key stuff - -1995-11-19 18:25 millert - - * configure.in: fixed S/Key support - -1995-11-19 18:24 millert - - * Makefile.in: -I stuff now goes in CPPFLAGS - -1995-11-19 18:23 millert - - * check.c: fixed SKey support - -1995-11-19 15:23 millert - - * README: updated version - -1995-11-19 13:59 millert - - * OPTIONS: fixed description of EXEMPTGROUP - -1995-11-19 10:47 millert - - * sudo.c: more people use _RLD_ than just alphas... - -1995-11-18 21:35 millert - - * Makefile.in: replaced $man_prefix with $mandir - -1995-11-18 21:30 millert - - * configure.in: fixed a typo - -1995-11-18 21:28 millert - - * Makefile.in: now use more GNU'ish dir names - -1995-11-18 21:27 millert - - * configure.in: now set *dir correctly (can override from command - line) - -1995-11-18 19:17 millert - - * sudo.c: now deal with situations where we getwd() fails - -1995-11-17 00:37 millert - - * Makefile.in: added etc_dir, bin_dir, sbin_dir - -1995-11-17 00:37 millert - - * configure.in: added sbin_dir - -1995-11-16 21:28 millert - - * Makefile.in: now ship a flex-generated lex.yy.c - -1995-11-16 21:09 millert - - * Makefile.in: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, - SUDOERS_OWNER - -1995-11-16 21:06 millert - - * pathnames.h.in: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now - overridden via Makefile - -1995-11-16 21:05 millert - - * options.h: no more error for redefining SUDOERS_OWNER - -1995-11-16 21:05 millert - - * OPTIONS: expanded SUDOERS_OWNER section - -1995-11-16 03:05 millert - - * visudo.c: now warn if chown(2) failed - -1995-11-16 02:55 millert - - * logging.c: better default warning for NO_SUDOERS_FILE - -1995-11-16 02:54 millert - - * sudo.c: added missing set_perms() no more cryptic message if the - sudoers file is zero length, now just give a parse error - -1995-11-16 02:42 millert - - * logging.c: better diagnostics if NO_SUDOERS_FILE - -1995-11-16 02:41 millert - - * sudo.c: check_sudoers() now catches sudoers files that are not - readable (but are stat'able). - -1995-11-13 01:12 millert - - * configure.in: now add -D__STDC__ for convex cc (not gcc) - -1995-11-13 00:52 millert - - * configure.in: MAN_PREFIX -> man_prefix now sets prefix and - exec_prefix - -1995-11-13 00:52 millert - - * Makefile.in: now uses exec_prefix & prefix from configure - -1995-11-13 00:16 millert - - * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, - parse.c, parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, - tgetpass.c, utime.c, visudo.c: options.h is now <> instead of "" - so shadow build trees can have a custom copy of options.h - -1995-11-13 00:15 millert - - * check.c: user_is_exempt() is no longer a hack, it now uses - getgrnam() - -1995-11-12 23:56 millert - - * options.h: EXEMPTGROUP is now "sudo" - -1995-11-12 22:25 millert - - * configure.in: MAN_POSTINSTALL now contains a leading space - -1995-11-12 22:25 millert - - * Makefile.in: removed leading tab if @MAN_POSTINSTALL@ not defined - now removes testsudoers in clean: - -1995-11-12 22:24 millert - - * tgetpass.c: includes pwd.h to get _PASSWD_LEN definition - -1995-10-30 15:51 millert - - * sudo.c: unset the KRB_CONF envariable if using kerberos so we - don't get spoofed into using a bogus server - -1995-09-29 17:50 millert - - * parse.yacc: now explicately initialize match[] tp be FALSE - -1995-09-23 16:48 millert - - * sudo.c: removed unused variable now passes -Wall - -1995-09-23 16:48 millert - - * parse.yacc: yyerror and dumpaliases are now void's now passes - -Wall - -1995-09-23 16:48 millert - - * parse.lex: added prototype for yyerror - -1995-09-23 16:47 millert - - * interfaces.c: rmeoved unused cruft now passes -Wall - -1995-09-23 16:47 millert - - * check.c, logging.c, parse.c: now passes -Wall - -1995-09-23 16:46 millert - - * Makefile.in: fixed headers that moved to emul dir - -1995-09-23 12:05 millert - - * logging.c: fixed deref of nil pointer if no args - -1995-09-15 19:18 millert - - * OPTIONS: added a caveat to FQDN section - -1995-09-13 19:48 millert - - * Makefile.in: more $srcdir support for install targets - -1995-09-13 17:17 millert - - * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, - putenv.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, - visudo.c: don't include malloc.h if we include stdlib.h - -1995-09-12 21:44 millert - - * parse.yacc: local search.h now lives in emul - -1995-09-12 21:41 millert - - * lsearch.c: local search.h now lives in emul - -1995-09-12 21:41 millert - - * check.c, utime.c: local utime.h now lives in emul dir - -1995-09-12 21:38 millert - - * Makefile.in: added support for building in other than the - sourcedir - -1995-09-10 14:01 millert - - * OPTIONS: annotated CSOPS_INSULTS option - -1995-09-10 13:56 millert - - * TROUBLESHOOTING: updated shadow passwords blurb - -1995-09-09 21:00 millert - - * sudo.c: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a - shell and passes along foo as the arguments - -1995-09-09 18:52 millert - - * parse.lex: collapsed pathname and dir sections into one -- its - now less expensive - -1995-09-09 18:34 millert - - * parse.lex: fixed spacing quoting [,:\\=] now works correctly - append() and fill() now take args to make the above work - -1995-09-08 20:51 millert - - * sudo.c: fixed a typo that caused commands with no tty on fd 0 but - a tty on fd 1 to erroneously have "none" as their tty - -1995-09-04 15:35 millert - - * check.c: timestampfile is now a global static removed decl of - timestampfile in remove_timestamp since we can just use the - global one - -1995-09-04 15:28 millert - - * check.c: created touch() to update timestamps added - USE_TTY_TICKETS support (bit of a kludge) - -1995-09-04 15:28 millert - - * compat.h: added _S_IFDIR and S_ISDIR - -1995-09-04 15:22 millert - - * OPTIONS, options.h: added USE_TTY_TICKETS - -1995-09-04 00:38 millert - - * parse.yacc: removed const from casts for lsearch() & lfind() to - placate irix 4.x C compiler - -1995-09-03 14:12 millert - - * sudo.c: now only strip '/dev/' off of a tty if it starts with - '/dev/' - -1995-09-03 14:12 millert - - * pathnames.h.in: added _PATH_DEV - -1995-09-03 14:11 millert - - * configure.in: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for - tcgetattr only if have termios.h - -1995-09-03 14:09 millert - - * tgetpass.c: fixed incorrect #ifdef termio uses "unsigned short" - not int for c_?flag - -1995-09-03 13:19 millert - - * parse.lex, parse.yacc: fixed a spelling error - -1995-09-03 13:17 millert - - * Makefile.in: fixed typo - -1995-09-02 12:55 millert - - * Makefile.in: fixed a comment - -1995-09-02 12:54 millert - - * parse.yacc: added dotcat() to cat 2 strings w/ a dot effeciently - now that we dynamically allocate strings they need to be free()'d - -1995-09-02 12:46 millert - - * parse.lex: dynamically allocates space for strings - -1995-09-02 12:34 millert - - * sudo.h: no more MAXCOMMANDLENGTH - -1995-09-01 22:25 millert - - * sudo.h: added decl of tty - -1995-09-01 22:25 millert - - * logging.c, sudo.c: moved tty stuff into sudo.c - -1995-09-01 14:18 millert - - * parse.c: fixed a logic bug. Was denying a command if user gave - command line args but there were none in the sudoers file which - is wrong. - -1995-09-01 01:18 millert - - * sudo.h: MAXCOMMMANDLEN dropped down to 1K - -1995-09-01 01:13 millert - - * parse.lex: return foo; -> return(foo); - -1995-09-01 01:03 millert - - * parse.yacc: fixed netgr_matches() prototype - -1995-09-01 01:02 millert - - * parse.lex: added support for escaping "termination" characters - -1995-09-01 00:55 millert - - * parse.c: buf is now of size MAXPATHLEN+1 since it never holds - command args - -1995-09-01 00:50 millert - - * sudo.c: fixed comments - -1995-09-01 00:49 millert - - * goodpath.c: fixed negation problem (doh!) - -1995-09-01 00:25 millert - - * parse.yacc: fixed 2nd parameter to lfind() - -1995-09-01 00:24 millert - - * parse.lex: now do bounds checking in fill() and append() - -1995-09-01 00:23 millert - - * sudo.c: include netdb.h as we should added a missing void cast - added SHELL_IF_NO_ARGS support now use realloc() properly. would - fail if realloc actually moved the string instead of shrinking it - -1995-09-01 00:17 millert - - * sample.sudoers: updated with examples of new features - -1995-09-01 00:05 millert - - * goodpath.c: now set errno to EACCES if not a regular file or not - executable - -1995-09-01 00:04 millert - - * find_path.c: if given a fully-qualified or relative path we now - check it with sudo_goodpath() and error out with the appropriate - error message if the file does not exist or is not executable - -1995-09-01 00:03 millert - - * lsearch.c, emul/search.h: now use correct args for lfind - -1995-09-01 00:03 millert - - * logging.c: added a comment - -1995-08-31 23:52 millert - - * insults.h: added in CSOps insults - -1995-08-31 23:51 millert - - * ins_csops.h: Initial revision - -1995-08-31 23:35 millert - - * tgetpass.c: added RCS id - -1995-08-31 22:56 millert - - * sudo.h: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> - HAVE_GETWD - -1995-08-31 22:55 millert - - * OPTIONS: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS - -1995-08-31 22:54 millert - - * sudo.c: fixed -k load_interfaces() now gets called if FQDN is set - -p now works with -s - -1995-08-31 22:54 millert - - * parse.c: don't try to stat() "pseudo commands" like "validate" - -1995-08-31 22:53 millert - - * options.h: added CLASSIC_INSULTS added CSOPS_INSULTS added - SHELL_IF_NO_ARGS - -1995-08-31 22:53 millert - - * configure.in: added SecurID support added other insults to - --with-csops - -1995-08-31 22:52 millert - - * config.h.in: added HAVE_SECURID - -1995-08-31 22:52 millert - - * Makefile.in: added clobber target added ins_csops.h now gets - CFLAGS from configure - -1995-08-31 22:46 millert - - * aclocal.m4: relaxed SUDO_FULL_VOID - -1995-08-31 22:44 millert - - * visudo.c: function comment blocks are now in same style as rest - of code - -1995-08-31 22:44 millert - - * testsudoers.c: added support for command line args in - /etc/sudoers - -1995-08-31 22:43 millert - - * sudoers.man: updated to have command args in the sudoers file - -1995-08-31 22:42 millert - - * sudo.man: added -s and -- flags added SHELL to ENVIRONMENT - VARIABLES section - -1995-08-19 19:32 millert - - * parse.yacc: PATH renamed to COMMAND - -1995-08-19 19:31 millert - - * parse.lex: it is now a parse error for directories to have args - attached to them - -1995-08-19 19:30 millert - - * logging.c: now say command args if telling user to buzz off - -1995-08-19 19:30 millert - - * sudo.c: -s no longer indicates end of args sped up loading on - cmnd_args in load_cmnd() - -1995-08-19 19:29 millert - - * parse.c: removed an unreachable statement - -1995-08-19 17:53 millert - - * parse.lex: made more efficient by pulling out the terminators - when in GOTCMND state and making them their own rule - -1995-08-14 00:07 millert - - * sudo.h: removed MAXLOGLEN since it is no longer used - -1995-08-14 00:07 millert - - * parse.lex: now allows command args - -1995-08-14 00:06 millert - - * parse.c: now groks command arguments - -1995-08-13 23:39 millert - - * logging.c: now sets tty correctly when piped input - -1995-08-13 23:35 millert - - * sudo.c: fixed loading of cmnd_args (was including command name - too) - -1995-08-13 23:34 millert - - * logging.c: fixed a core dump due to incorrect if construct - -1995-08-13 00:33 millert - - * configure.in: only add -lsun is irix < 5 don't look for -lnsl or - -lsocket if irix - -1995-08-13 00:33 millert - - * aclocal.m4: fixed check for ISC - -1995-08-13 00:32 millert - - * sudo.c: now sets cmnd_args used by log_error() and that will be - used by the parse to check against command args - -1995-08-13 00:32 millert - - * sudo.h: added cmnd_args - -1995-08-13 00:31 millert - - * logging.c: now dynamically allocate logline since we can guess at - its size - -1995-08-05 13:52 millert - - * logging.c: cleaned up a bunch of unnecesary #ifdef's eliminated a - buffer remove "register" since the compiler knows more than I do - now do a "basename" of the tty - -1995-07-31 18:20 millert - - * configure.in: ++version - -1995-07-30 22:37 millert - - * sudo.h: added shell extern changed MODE_* to be bit masks to - allow for several options together - -1995-07-30 22:36 millert - - * sudo.c: added -s (shell) option made MODE_* masks so we can do - bitwise & and | to see if multiple flags are set. - -1995-07-30 22:01 millert - - * check.c: added securid support - -1995-07-30 14:38 millert - - * logging.c: removed a bunch of unnecesary strncpy()'s and replaced - with strcat() - -1995-07-29 17:17 millert - - * Makefile.in, version.h: ++version - -1995-07-27 06:52 millert - - * parse.yacc: fixed free() of an uninitialized pointer (yuck) - -1995-07-26 22:00 millert - - * testsudoers.c: added netgr_matches - -1995-07-26 21:29 millert - - * parse.c: cleaned up netgr_matches - -1995-07-26 00:26 millert - - * RUNSON: updated for 1.3.4 - -1995-07-24 21:51 millert - - * Makefile.in: now installs sudoers.man -- really should clean this - up though. - -1995-07-24 21:18 millert - - * Makefile.in: added sudoers.cat and sudoers.man - -1995-07-24 21:15 millert - - * sudo.man: pulled out stuff on the sudoers file format into a - separate man page - -1995-07-24 21:14 millert - - * sudoers.man: Initial revision - -1995-07-24 21:04 millert - - * HISTORY: fixed up my email address - -1995-07-24 20:03 millert - - * configure.in: added checks for innetgr and getdomainname - -1995-07-24 20:02 millert - - * visudo.c: added dummy netgr_matches function - -1995-07-24 20:01 millert - - * parse.c: added netgr_matches - -1995-07-24 20:01 millert - - * parse.lex, parse.yacc: added NETGROUP support - -1995-07-24 20:01 millert - - * config.h.in: added HAVE_INNETGR & HAVE_GETDOMAINNAME - -1995-07-24 18:07 millert - - * sudo.c: rewrote clean_env() that has rm_env() builtin - -1995-07-23 19:58 millert - - * check.c: now cast uid to long in sprintf - -1995-07-23 19:58 millert - - * OPTIONS: added _INSULTS suffix to HAL & GOONS end - -1995-07-23 19:57 millert - - * options.h: added _INSULTS suffix to HAL & GOONS - -1995-07-23 19:35 millert - - * ins_2001.h, ins_classic.h, ins_goons.h, insults.h: converted to - new scheme of insult "unions" end - -1995-07-23 17:48 millert - - * sudo.c: now uses MAX_UID_T_LEN - -1995-07-23 17:48 millert - - * configure.in: added SUDO_UID_T_LEN !l - -1995-07-23 17:48 millert - - * config.h.in: added MAX_UID_T_LEN - -1995-07-23 17:47 millert - - * check.c: now use MAX_UID_T_LEN - -1995-07-23 17:47 millert - - * aclocal.m4: added check for max len of uid_t fixed sco vs. isc - check - -1995-07-19 19:05 millert - - * configure.in: corrected version - -1995-07-19 17:29 millert - - * configure.in: added sco support - -1995-07-19 17:29 millert - - * aclocal.m4: hack to check for sco - -1995-07-18 21:27 millert - - * interfaces.c: removed #include since it was hosing - some OS's - -1995-07-18 13:35 millert - - * find_path.c: fixed prreadlink() prototype - -1995-07-17 23:54 millert - - * check.c: added parens in #if's - -1995-07-17 23:53 millert - - * configure.in: added SPW_ prefix - -1995-07-17 23:20 millert - - * sudo.h: moved SPW_* to config.h.in - -1995-07-17 23:19 millert - - * sudo.c: added a set of parens - -1995-07-17 23:19 millert - - * config.h.in: added SPW_* - -1995-07-17 22:50 millert - - * sudo.h: added SPW_* reordered error codes - -1995-07-17 22:49 millert - - * check.c: moved SPW_* to sudo.h - -1995-07-17 14:29 millert - - * logging.c: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT - -1995-07-17 14:29 millert - - * configure.in: AUTH -> SECUREWARE - -1995-07-17 14:29 millert - - * check.c, sudo.c: SPW_AUTH -> SPW_SECUREWARE - -1995-07-17 00:22 millert - - * check.c: now uses SHADOW_TYPE to make shadow pw support more - readable and modular. It's a start... - -1995-07-17 00:21 millert - - * configure.in: added autodetection of shadow passwords - -1995-07-17 00:20 millert - - * sudo.c: now uses SHADOW_TYPE define - -1995-07-17 00:19 millert - - * config.h.in: added SHADOW_TYPE which replaces SUNOS4 & __svr4__ - defines - -1995-07-17 00:19 millert - - * aclocal.m4: added SUDO_CHECK_SHADOW - -1995-07-12 17:09 millert - - * configure.in: define SVR4 for ISC define BROKEN_SYSLOG for hpux - took out test for memmove() since we dno longer use it... - -1995-07-12 17:08 millert - - * CHANGES: updated - -1995-07-12 17:05 millert - - * logging.c: added BROKEN_SYSLOG support - -1995-07-12 17:05 millert - - * config.h.in: added BROKEN_SYSLOG - -1995-07-12 17:04 millert - - * check.c: now only bitch it timestamp > time_now + 2 * timeout to - allow for a machine udpating its time from a server - -1995-07-12 17:04 millert - - * sudo.man: added 2 security notes updated Nieusma's email addr - -1995-07-12 14:18 millert - - * lsearch.c: changed a memmove() to memcpy() since we don't have to - worry about overlapping segments. - -1995-07-11 15:41 millert - - * interfaces.c: cleanup up the loop when interfaces are groped in - so that it is readable - -1995-07-11 14:52 millert - - * Makefile.in, version.h: ++version - -1995-07-09 18:17 millert - - * CHANGES: annotated 124-126 - -1995-07-07 16:06 millert - - * check.c: fixed permissions check on /tmp/.odus - -1995-07-06 19:35 millert - - * check.c: fixed some comments - -1995-07-06 14:49 millert - - * check.c: now checks owner & mode of timedir also checks for bogus - dates on timestamp file - -1995-07-06 14:49 millert - - * OPTIONS: updated TIMEOUT info - -1995-07-06 14:48 millert - - * logging.c, sudo.h: added BAD_STAMPDIR and BAD_STAMPFILE - -1995-07-06 14:47 millert - - * compat.h: added definition of S_IRWXU - -1995-07-06 14:47 millert - - * CHANGES: updated - -1995-07-03 14:16 millert - - * interfaces.c: added #ifdef to make it compile on strange arches - -1995-07-02 18:13 millert - - * aclocal.m4: fixed check for fulkl void impl. - -1995-07-02 09:56 millert - - * check.c: added mssing "static" - -1995-07-01 20:41 millert - - * insults.h: replaced #elif with #else #if constructs for ancient C - compilers - -1995-07-01 20:18 millert - - * INSTALL: updated irix c2 & kerb5 info - -1995-07-01 20:15 millert - - * configure.in: added shadow pw support for irix - -1995-07-01 16:07 millert - - * CHANGES: last changes for sudo 1.3.3 - -1995-07-01 16:07 millert - - * TODO, BUGS: updated - -1995-07-01 16:04 millert - - * configure.in: now calls SUDO_SOCK_SA_LEN - -1995-07-01 16:04 millert - - * config.h.in: added HAVE_SA_LEN - -1995-07-01 16:04 millert - - * aclocal.m4: added SUDO_SOCK_SA_LEN - -1995-07-01 15:49 millert - - * interfaces.c: now works with ip implementations that use sa_len - in sockaddr - -1995-07-01 14:26 millert - - * INSTALL: added note about buggy AIX compiler - -1995-07-01 14:24 millert - - * interfaces.c: now include sys/time.h for AIX - -1995-06-27 22:35 millert - - * Makefile.in: getcwd -> getwd - -1995-06-27 21:28 millert - - * interfaces.c: now works for ISC and others. yay. - -1995-06-26 14:24 millert - - * Makefile.in, version.h: version++ - -1995-06-22 20:26 millert - - * aclocal.m4: fixed test for full void impl - -1995-06-22 20:25 millert - - * sudo.c: now check to see that st_dev is non-zero before assuming - that we are being spoofed - -1995-06-20 16:56 millert - - * aclocal.m4, configure.in: SUDO_FUNC_UTIME_NULL -> - AC_FUNC_UTIME_NULL - -1995-06-19 16:32 millert - - * aclocal.m4: fixed include file order for SUDO_FUNC_UTIME_POSIX - -1995-06-19 16:10 millert - - * logging.c: added cast for ttyname() - -1995-06-19 15:23 millert - - * configure.in: fixed typo - -1995-06-19 15:19 millert - - * check.c: now deal correctly with all known variation of utime() - -- yippe - -1995-06-19 15:19 millert - - * configure.in: added SUDO_FUNC_UTIME_POSIX - -1995-06-19 15:19 millert - - * aclocal.m4: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX - -1995-06-19 15:14 millert - - * config.h.in: added HAVE_UTIME_POSIX - -1995-06-19 13:38 millert - - * check.c: fixed a typo - -1995-06-19 13:29 millert - - * check.c: no longer assume !HAVE_UTIME_NULL means old BSD utime() - -1995-06-19 13:20 millert - - * check.c: fixed fascist C compiler warning - -1995-06-18 23:14 millert - - * interfaces.c: now set strioctl.ic_timout in STRSET() now - initialize num_interfaces to 0 (just to be anal) - -1995-06-18 18:06 millert - - * sudo.h: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname - -1995-06-18 18:05 millert - - * logging.c: added tty logging - -1995-06-18 16:04 millert - - * interfaces.c: reworked the ISC code - -1995-06-18 15:27 millert - - * Makefile.in, version.h: updated version - -1995-06-18 15:24 millert - - * check.c: now expect old-style utime(3) if utime() can't take NULL - as an arg - -1995-06-18 15:08 millert - - * configure.in: added check for utime.h - -1995-06-18 15:08 millert - - * config.h.in: added HAVE_UTIME_H - -1995-06-18 14:48 millert - - * Makefile.in: added CPPFLAGS STATIC_FLAGS -> LDFLAGS - -1995-06-18 13:58 millert - - * configure.in: now search for kerb libs and includes - -1995-06-18 13:03 millert - - * check.c: added support for utime(2)'s that can't take a NULL - parameter - -1995-06-18 13:03 millert - - * utime.c: moved HAVE_UTIME_NULL stuff to update_timestamp() where - t belongs - -1995-06-17 20:46 millert - - * configure.in: added utime(s) stuff - -1995-06-17 20:46 millert - - * check.c: now use utime() - -1995-06-17 20:46 millert - - * config.h.in: added HAVE_UTIME and HAVE_UTIME_NULL - -1995-06-17 19:12 millert - - * utime.c: now use HAVE_UTIME_NULL - -1995-06-17 19:02 millert - - * utime.c, emul/utime.h: Initial revision - -1995-06-17 18:24 millert - - * check.c: need to setuid(0) to make kerb4 stuff work. - -1995-06-17 18:14 millert - - * tgetpass.c: no more special case for kerberos - -1995-06-17 18:13 millert - - * config.h.in: took out setreuid and setresuid stuff added kerb5 - stuff (use kerb4 emulation) - -1995-06-17 18:13 millert - - * compat.h: no longer need setreuid() emulation now set _PASSWD_LEN - to 128 if kerberos - -1995-06-17 18:12 millert - - * check.c: now use private ticket file for kerberos support to - avoid trouncing on system one - -1995-06-15 00:48 millert - - * sudo.h: added SPOOF_ATTEMPT & cmnd_st - -1995-06-15 00:47 millert - - * sudo.c: added anti-spoofing support - -1995-06-15 00:47 millert - - * parse.c: now use global cmnd_st - -1995-06-15 00:47 millert - - * logging.c: added SPOOF_ATTEMPT suypport - -1995-06-14 23:41 millert - - * testsudoers.c, visudo.c: added void casts where appropriate - -1995-06-14 23:40 millert - - * parse.yacc: fixed up spacing and added void casts where - appropriate - -1995-06-14 23:27 millert - - * sudo.c: fixed problem with "-p prompt" but no args - -1995-06-14 04:43 millert - - * sudo.man: added BUGS and annotated -l description - -1995-06-14 04:43 millert - - * sudo.h: validate() now takes a flag - -1995-06-14 04:43 millert - - * sudo.c: validate() now takes a flag added -l - -1995-06-14 04:42 millert - - * parse.yacc: added support for -l - -1995-06-14 04:41 millert - - * parse.c: validate() now takes a flag that says whether or not to - check the command - -1995-06-07 21:36 millert - - * logging.c: now deals with Argv == 1 - -1995-06-07 21:34 millert - - * sudo.man: added -p option - -1995-06-07 21:27 millert - - * sudo.c: added prompt support reworked parse_args() - -1995-06-07 20:49 millert - - * sudo.h: added prompt - -1995-06-07 20:49 millert - - * options.h: added PASSPROMPT - -1995-06-07 20:48 millert - - * check.c: now use BUFSIZ as length of kerb password added kpass so - pass is always a char * now use prompt global when asking for a - password - -1995-06-07 20:47 millert - - * tgetpass.c: now use BUFSIZ as _PASSWD_LEN if using kerberos - -1995-06-07 20:43 millert - - * OPTIONS: added PASSPROMPT - -1995-06-07 01:44 millert - - * configure.in: only look for -lufc or -lcrypt if crypt() not in - libc - -1995-06-07 01:43 millert - - * check.c: don't exit on kerb error, just warn if k_errno == - KDC_PR_UNKNOWN (unknown user) silently fail - -1995-06-06 22:44 millert - - * INSTALL: added kerb4 note - -1995-06-06 22:43 millert - - * tgetpass.c: HAVE_KERBEROS -> HAVE_KERB4 - -1995-06-06 22:41 millert - - * check.c: removed debugging printf - -1995-06-06 22:33 millert - - * configure.in: KERBEROS -> KERB4 added checks for setreuid & - setresuid - -1995-06-06 22:32 millert - - * config.h.in: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and - HAVE_SETRESUID - -1995-06-06 22:32 millert - - * compat.h: added deif of UID_NO_CHANGE & GID_NO_CHANGE added - setreuid emulation with setresuid if applic - -1995-06-06 22:31 millert - - * check.c: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid - chown() hack if no setreuid() or a broken one - -1995-06-05 23:44 millert - - * config.h.in: added HAVE_KERBEROS - -1995-06-05 23:43 millert - - * tgetpass.c: added KERBEROS support (long passwords) - -1995-06-05 23:42 millert - - * check.c, configure.in: added kerberos support - -1995-06-03 19:36 millert - - * sudo.h: added MODE_BACKGROUND - -1995-06-03 19:36 millert - - * sudo.man: escaped dashes added -b option - -1995-06-03 19:34 millert - - * sudo.c: added -b option - -1995-06-03 18:52 millert - - * check.c: added crypt() for osf/1 3.x enhanced secuiry - -1995-06-03 18:18 millert - - * configure.in: now check for -lcrypt - -1995-06-03 18:00 millert - - * interfaces.c: added ENXIO like EADDRNOTAVAIL - -1995-05-07 23:14 millert - - * configure.in: now emulate getwd(), not getcwd() - -1995-05-07 23:13 millert - - * sudo.c: getcwd() -> getwd() - -1995-05-07 23:12 millert - - * getwd.c: getcwd -> getwd - -1995-05-02 01:34 millert - - * ins_2001.h, ins_classic.h, ins_goons.h: Initial revision - -1995-05-02 01:34 millert - - * insults.h: broke out insults into separate include files - -1995-05-02 01:32 millert - - * options.h, OPTIONS: added GOONS - -1995-05-02 01:32 millert - - * Makefile.in: added ins_2001.h ins_classic.h ins_goons.h - -1995-05-01 23:34 millert - - * Makefile.in, version.h: ++version - -1995-05-01 23:34 millert - - * visudo.c: moved signal handler setup to setup_signals() - -1995-05-01 23:33 millert - - * sudo.h: added load_interfaces() - -1995-05-01 23:33 millert - - * sudo.c: moved load_interfaces to interfaces.c - -1995-05-01 23:33 millert - - * parse.yacc: added clearaliases - -1995-05-01 23:33 millert - - * OPTIONS, options.h: added FAST_MATCH - -1995-05-01 23:32 millert - - * parse.lex: now uses clearaliases variable - -1995-05-01 23:31 millert - - * interfaces.c: Initial revision - -1995-05-01 23:31 millert - - * Makefile.in: added interfaces.[co] - -1995-05-01 23:30 millert - - * testsudoers.c: now uses ip addrs and netmasks via - load_interfaces() - -1995-05-01 22:47 millert - - * sudo.c: now remove IFS instead of setting to "sane" value - -1995-05-01 16:30 millert - - * parse.c: added FAST_MATCH - -1995-04-29 20:19 millert - - * Makefile.in: sudo_goodpath.c-> goodpath.c - -1995-04-29 20:15 millert - - * sudo.c: added Andy's new ISC changes - -1995-04-14 14:06 millert - - * OPTIONS: added a sentence to SECURE_PATH info - -1995-04-14 13:57 millert - - * BUGS: added one - -1995-04-14 13:54 millert - - * RUNSON, CHANGES: updated - -1995-04-13 17:04 millert - - * RUNSON: updated for beta3 - -1995-04-13 14:32 millert - - * Makefile.in, version.h: ++version - -1995-04-13 13:56 millert - - * aclocal.m4: sendmail is now looked for in /usr/ucblib - -1995-04-13 13:54 millert - - * sudo.c: fixed indentation - -1995-04-13 13:35 millert - - * aclocal.m4: fixed a typo - -1995-04-13 13:19 millert - - * sudo.c: updated ISC mods - -1995-04-13 13:19 millert - - * configure.in: added unixware case - -1995-04-13 13:19 millert - - * check.c: user_is_exempt is no longer hidden - -1995-04-13 13:19 millert - - * RUNSON: updated - -1995-04-13 13:19 millert - - * aclocal.m4: isc and riscos changes - -1995-04-13 13:18 millert - - * OPTIONS: added NOTE about new interaction of EXEMPTGROUP and - SECURE_PATH - -1995-04-13 13:18 millert - - * Makefile.in: fixed a typo and added testsudoers stuff - -1995-04-13 12:34 millert - - * testsudoers.c: Initial revision - -1995-04-12 19:31 millert - - * parse.yacc: applied fixed patch from Chris - -1995-04-11 14:30 millert - - * Makefile.in: fixed a typo - -1995-04-11 14:14 millert - - * parse.yacc: added a set of braces for bison - -1995-04-11 14:01 millert - - * parse.yacc: merged in Chris' changes to dekludge the parser. - -1995-04-11 00:38 millert - - * logging.c: send_mail() was calling find_path() which is wrong - since find_path() stores cmnd in a static var. Anyhow, it - doesn't make much sense since MAILER should always be fully - qualified - -1995-04-10 19:51 millert - - * sample.sudoers: added User_Alias stuff - -1995-04-10 19:50 millert - - * aclocal.m4: SUDO_NEXT now looks for - /usr/lib/NextStep/software_version - -1995-04-10 19:50 millert - - * RUNSON: added DEC UNIX 3.0 w/ gcc - -1995-04-10 19:49 millert - - * visudo.c: Exit was being used in places where exit should be used - -1995-04-10 19:44 millert - - * sudoers: added "User alias specification" - -1995-04-10 18:04 millert - - * parse.yacc: fixed probs caused by making nslots and naliases a - size_t - -1995-04-10 15:09 millert - - * RUNSON: added KSR, upped rev to 1.3.1b2 - -1995-04-10 15:07 millert - - * logging.c, parse.yacc: 1024 -> BUFSIZ - -1995-04-10 15:05 millert - - * parse.yacc: void * -> VOID * naliases and nslots are now size_t - to appease lsearch on 64-bit machines - -1995-04-09 19:30 millert - - * TODO: did a bunch of things and added a bunch :-) - -1995-04-09 19:30 millert - - * PORTING: updated - -1995-04-09 19:24 millert - - * visudo.man: closer to BSD manpage style - -1995-04-09 19:15 millert - - * sudo.man: closer to standard BSD man format - -1995-04-09 18:58 millert - - * compat.h, config.h.in, insults.h, options.h, pathnames.h.in, - sudo.h, version.h, emul/search.h: added RCS id - -1995-04-09 17:35 millert - - * sudo.h: removed crufty #defines that are no longer used - -1995-04-09 17:13 millert - - * BUGS: fixed a bug - -1995-04-09 17:12 millert - - * sudo.man: updated based on sudo changes - -1995-04-09 17:11 millert - - * parse.yacc: now allow ALL keyword in User_Aliases now allow ALL - keyword as well as a NAME or ALIAS - -1995-04-09 17:11 millert - - * CHANGES: updated - -1995-04-09 17:04 millert - - * sudo.c: now sets SUDO_COMMAND and SUDO_GID envariables. - -1995-04-09 15:24 millert - - * aclocal.m4: fixed bug with full void impl check - -1995-04-08 23:11 millert - - * parse.yacc: fixed User_Alias supoprt - -1995-04-08 22:27 millert - - * parse.yacc: added stubs for User_Alias support - -1995-04-08 22:27 millert - - * sudo.c: now sets removes # bogus interfaces from num_interfaces - -1995-04-08 22:26 millert - - * parse.lex: added User_Alias support - -1995-04-07 21:10 millert - - * Makefile.in: removed extraneous TODO - -1995-04-07 19:48 millert - - * visudo.c: ntwk_matches -> addr_matches - -1995-04-07 15:38 millert - - * parse.yacc: ntwk_matches -> addr_matches - -1995-04-07 15:37 millert - - * parse.c: ntwk_matches -> addr_matches now use inet_addr() not - inet_network() (which expects octet boundaries) fixes for OSF - (sizeof(int) != sizeof(long)) - -1995-04-07 15:08 millert - - * sudo.c: took out debugging info - -1995-04-06 23:45 millert - - * aclocal.m4: OS was being set to unknown before non-uname based - host checks. This caused no checks to happen since $OS was not - zero-length. - -1995-04-06 23:30 millert - - * sudo.c: fixed loading of interfaces struct still has debugging - info in though - -1995-04-06 22:23 millert - - * parse.c: fixed typo - -1995-04-06 16:17 millert - - * Makefile.in: ++version - -1995-04-06 16:16 millert - - * version.h: ++ - -1995-04-06 16:16 millert - - * visudo.c: removed extraneous extern decl of "top - -1995-04-06 16:14 millert - - * visudo.c: now zeros "top" - -1995-04-06 16:13 millert - - * parse.yacc: removed parser_cleanup (no need for it now) - -1995-04-06 16:13 millert - - * parse.lex: now calls reset_aliases() directly - -1995-04-04 18:21 millert - - * OPTIONS: added a sentence to SECURE_PATH description - -1995-04-04 18:17 millert - - * parse.c: fixed my stupid bug where I used NAMLEN on something I - wanted to just get the name from. argh. - -1995-04-03 16:58 millert - - * lsearch.c: fixed argument order of memmove() that i hosed when - converting from bcopy(). arghh. - -1995-04-03 15:33 millert - - * Makefile.in: finally fixed DISTFILES line - -1995-04-03 15:21 millert - - * Makefile.in: tabs -> spaces - -1995-04-03 15:15 millert - - * Makefile.in: added missing files to DISTFILES - -1995-04-03 14:50 millert - - * Makefile.in: SUPPORTED -> RUNSON - -1995-04-01 03:12 millert - - * TODO: updated - -1995-04-01 01:54 millert - - * RUNSON: updated for pl5b1 release - -1995-04-01 01:53 millert - - * BUGS, TODO: updated - -1995-04-01 01:52 millert - - * check.c: fixed bug where if you hit return at first sudo prompt - it would still log as a failure - -1995-04-01 01:29 millert - - * CHANGES: updated - -1995-04-01 01:25 millert - - * aclocal.m4: better test for bogus void * implementation - -1995-03-31 20:33 millert - - * logging.c: added PASSWORDS_NOT_CORRECT - -1995-03-31 20:32 millert - - * check.c: added PASSWORDS_NOT_CORRECT stuff] - -1995-03-31 20:30 millert - - * sudo.h: added PASSWORDS_NOT_CORRECT - -1995-03-31 19:16 millert - - * tgetpass.c: moved pathnames.h - -1995-03-31 19:16 millert - - * sudo.c: removed some unused vars and fixed up uid2str - -1995-03-31 19:15 millert - - * putenv.c: moved compat.h - -1995-03-31 19:14 millert - - * getcwd.c, getwd.c: added pathnames.h - -1995-03-31 18:18 millert - - * parse.yacc: fixed a typo I introduced in the last checkin :-( - -1995-03-31 18:11 millert - - * parse.lex: can't have #ifdef's where N is defined so just do this - the broken way for AIX - -1995-03-31 18:08 millert - - * parse.yacc: better hack from Chris (but still a hack) - -1995-03-31 18:05 millert - - * parse.lex: stupid hack for broken aix lex - -1995-03-31 17:47 millert - - * tgetpass.c: now includes compat.h  - -1995-03-31 17:27 millert - - * visudo.c: now includes fcntl.h - -1995-03-31 17:27 millert - - * compat.h: added FD_SET and FD_ZERO for 4.2BSD - -1995-03-31 16:12 millert - - * parse.yacc: dirty hack to fix parser bug. i don't really like - this but it works for now... - -1995-03-31 16:12 millert - - * sudo.c: uid2str is now static like the prototype says - -1995-03-29 23:48 millert - - * RUNSON: Initial revision - -1995-03-29 23:47 millert - - * TODO, CHANGES, SUPPORTED, TROUBLESHOOTING: updated - -1995-03-29 23:46 millert - - * sudo.c: check_sudoers now returns an error code and sudo calls - inform_user and log_error based on the return value. - -1995-03-29 23:45 millert - - * logging.c, sudo.h: added entries for new errors - -1995-03-29 23:03 millert - - * parse.c: now set uid to that of SUDOERS_OWNER while parsing - sudoers file - -1995-03-29 22:52 millert - - * Makefile.in: took out testsudoers  - -1995-03-29 22:36 millert - - * sudo.c: now explicately checks that it is setuid root - -1995-03-29 22:28 millert - - * sudo.c: If a user has no passwd entry sudo would segv (writing to - a garbage pointer). Now allocate space before writing :-) - -1995-03-29 22:06 millert - - * configure.in: reordered AC_CHECK_FUNCS - -1995-03-29 22:06 millert - - * config.h.in: fixed memset macro - -1995-03-29 21:47 millert - - * logging.c: bzero -> memset when a parse error is logged the line - number of the error is now logged too - -1995-03-29 21:46 millert - - * tgetpass.c, visudo.c: bzero -> memset - -1995-03-29 21:46 millert - - * INSTALL: added Sunos to blurb about c2 security - -1995-03-29 21:45 millert - - * configure.in: added a SUN4 define for C2 security - -1995-03-29 21:44 millert - - * config.h.in: bcopy -> memmove bzero -> memset - -1995-03-29 21:43 millert - - * lsearch.c: bcopy -> memmove char * -> VOID * - -1995-03-29 21:30 millert - - * check.c: added support for sunos with C2 security - -1995-03-29 21:12 millert - - * OPTIONS, options.h: reordered - -1995-03-29 21:12 millert - - * pathnames.h.in: _PATH_SUDO_LOGFILE now set based on configure - -1995-03-29 21:12 millert - - * configure.in: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T - -1995-03-29 21:12 millert - - * config.h.in: added _SUDO_PATH_LOGFILE - -1995-03-29 21:11 millert - - * aclocal.m4: added SUDO_LOGFILE to find where to put sudo.log - added SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h - too) added SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE) - -1995-03-29 18:17 millert - - * TROUBLESHOOTING: Initial revision - -1995-03-29 17:59 millert - - * sudo.c: now do set_perms(PERM_ROOT) before the getpwuid() in - load_global() to work around a problem is trusted hpux shadow - passwords. yuck. - -1995-03-29 17:41 millert - - * parse.yacc: backed out a change in malloc/realloc - -1995-03-29 17:38 millert - - * parse.yacc: now include stdlib.h - -1995-03-29 17:22 millert - - * visudo.c: now do an freopen() of the stmp file so that yyin will - always point to the same thing. This is important for flex since - we are doing a YY_NEWFILE - -1995-03-29 17:20 millert - - * parse.yacc: replaced yywrap() with parser_cleanup() since - yywrap() needs to be in parse.lex to be able to use YY_NEW_FILE. - sigh. - -1995-03-29 17:18 millert - - * parse.lex: now have a rule that matches anything that doesn't - match an explicite rule. well, you know what i mean (. matches - anything not yet matched). However, this means that there is - input still queued up so we need to do a YY_NEW_FILE; in yywrap. - So, yywrap has moved into parse.lex and it calls parser_cleanup() - which is most of the old yywrap() sigh. - -1995-03-29 17:17 millert - - * SUPPORTED: no longer used - -1995-03-29 16:13 millert - - * getcwd.c, getwd.c: moved compat.h to be the last include file - -1995-03-29 16:11 millert - - * parse.yacc: fixed type of aliascmp() args - -1995-03-29 15:58 millert - - * find_path.c: NULL -> '\0' - -1995-03-29 15:42 millert - - * parse.yacc: added casts to lfind and lsearch args for irix - -1995-03-29 08:20 millert - - * Makefile.in: bsdinstall -> install-sh - -1995-03-29 08:20 millert - - * INSTALL: added info about make realclean - -1995-03-29 08:17 millert - - * Makefile.in: updated VERSION added dependencies for visudo.cat - -1995-03-29 08:17 millert - - * version.h: -> pl5b1 - -1995-03-29 08:16 millert - - * sudo.c: took out -l - -1995-03-29 00:03 millert - - * Makefile.in: now there is a real visudo.man and visudo.cat - -1995-03-28 23:54 millert - - * sudo.man: took out visudo stuff - -1995-03-28 23:54 millert - - * visudo.man: Initial revision - -1995-03-28 23:12 millert - - * parse.c, parse.lex, parse.yacc: updated copyright - -1995-03-28 23:05 millert - - * README: updated for pl5 - -1995-03-28 20:02 millert - - * sudo.man: updated Nieusma & Hieb email addresses - -1995-03-28 19:57 millert - - * INSTALL: updated to include options.h and OPTIONS - -1995-03-28 19:35 millert - - * CHANGES, TODO: updated - -1995-03-28 19:35 millert - - * BUGS: eliminated bug #1 (yay) - -1995-03-28 19:31 millert - - * configure.in: sunos no longer gets linked statically - -1995-03-28 18:58 millert - - * parse.lex: prototype now uses __P() - -1995-03-28 18:49 millert - - * parse.lex: make fill() non-ansi - -1995-03-28 15:26 millert - - * parse.c: made -v (validate) work - -1995-03-28 15:26 millert - - * logging.c: now gives host - -1995-03-28 10:34 millert - - * find_path.c: don't check for execute/statable if fq or relative - path given - -1995-03-28 01:07 millert - - * parse.c: added a cast - -1995-03-28 00:49 millert - - * visudo.c: now include ctype.h for islower and tolower macros - -1995-03-28 00:48 millert - - * goodpath.c: moved _S_IFMT & _S_ISREG to compat.h - -1995-03-28 00:48 millert - - * sudo.c: moved a set of parens - -1995-03-28 00:48 millert - - * strdup.c: now include compat.h - -1995-03-28 00:47 millert - - * parse.yacc: now cast malloc & realloc return vals added search - for HAVE_LSEARCH now use strcmp if no strcasecmp available - -1995-03-28 00:46 millert - - * lsearch.c, emul/search.h: void * -> VOID * - -1995-03-28 00:45 millert - - * config.h.in: removed HAVE_FLEX added VOID added HAVE_DIRENT_H, - HAVE_SYS_NDIR_H, HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH - -1995-03-28 00:44 millert - - * compat.h: added _S_IFMT, _S_IFREG, and S_ISREG - -1995-03-28 00:44 millert - - * aclocal.m4: took out SUDO_PROG_INSTALL 1.x to 2.x changes added - echo and results to most SUDO_* macros - -1995-03-28 00:43 millert - - * Makefile.in: no more -I. - -1995-03-28 00:22 millert - - * configure.in: various 1.x ro 2.x autoconf changes now check for - strcasecmp now use AC_INSTALL_PROG instead of custom one added - check for fully woorking void implementation - -1995-03-28 00:02 millert - - * Makefile.in: added lsearch & search.h visudo links into - $(LIBOBJS) - -1995-03-27 23:43 millert - - * aclocal.m4: partial 1.x to 2.x changes added SUDO_FULL_VOID - -1995-03-27 23:40 millert - - * visudo.c: whatnow_help was prototyped to be static be was not - declared as such - -1995-03-27 21:15 millert - - * configure.in: autoconf 2.x changes took out HAVE_FLEX (no longer - used) added check for dirent/dir/ndir.h - -1995-03-27 21:09 millert - - * parse.c: now use groovy gnu autoconf macro AC_HEADER_DIRENT - -1995-03-27 20:38 millert - - * getcwd.c, getwd.c: MAXPATHLEN -> MAXPATHLEN+1 - -1995-03-27 20:23 millert - - * emul/search.h, lsearch.c: Initial revision - -1995-03-27 18:26 millert - - * parse.yacc: eliminated bison warnings - -1995-03-27 17:10 millert - - * parse.lex: added missing case - -1995-03-27 17:04 millert - - * visudo.c: now iincludes signal.h - -1995-03-27 15:16 millert - - * parse.yacc: only clear data structures on a parse error - -1995-03-27 15:01 millert - - * visudo.c: whatnow() now gives help on invalid input - -1995-03-27 14:54 millert - - * visudo.c: added a whatnow() function (sort of like mh) - -1995-03-27 14:53 millert - - * parse.yacc: kill_aliases -> reset_aliases yywrap() now cleans up - by calling reset_aliases() and clearing top took reset stuff out - of yyerror() since it doesn't beling there (and doesn't work - anyway). errorlineno is now initially set to -1 so we can set it - to the first error that occurrs (it was getting set to the last) - -1995-03-27 14:53 millert - - * parse.lex: added a void cast - -1995-03-27 13:26 millert - - * visudo.c: rewrote from scratch based on 4.3BSD vipw.c - -1995-03-26 01:33 millert - - * sudo.c, sudo.h: removed ocmnd - -1995-03-26 01:19 millert - - * sudo.h: no more sudo_realpath() and find_path() changed params - -1995-03-26 01:19 millert - - * sudo.c: find_path() changed since no more realpath() - -1995-03-26 01:18 millert - - * parse.yacc: on error, errorlineno is set to the line where the - error occurred added kill_aliases() to free the aliases struct - now clean up in yyerror() so we can reparse cleanly - -1995-03-26 01:17 millert - - * logging.c: changed to use new find_path() - -1995-03-26 01:17 millert - - * options.h, parse.c: no more USE_REALPATH - -1995-03-26 01:16 millert - - * find_path.c: removed all the realpath() stuff - -1995-03-26 01:16 millert - - * Makefile.in: sudo_realpath.c -> sudo_goodpath.c - -1995-03-26 01:12 millert - - * visudo.c: now works correctly with utk parser - -1995-03-26 00:04 millert - - * goodpath.c: Initial revision - -1995-03-25 23:23 millert - - * sudo_realpath.c: eliminated a compiler warning - -1995-03-25 21:56 millert - - * sudo.c: elinated compiler warning - -1995-03-25 20:40 millert - - * sudo_realpath.c: added sudo_goodpath() - -1995-03-25 20:40 millert - - * sudo.h: added prototype for sudo_goodpath - -1995-03-25 20:39 millert - - * parse.c: added support for /sys/dir.h - -1995-03-25 20:39 millert - - * options.h: USE_REALPATH turned off - -1995-03-25 20:39 millert - - * find_path.c: added calls to sudo_goodpath() - -1995-03-25 20:39 millert - - * configure.in: added check for dirent.h - -1995-03-25 20:38 millert - - * config.h.in: added HAVE_DIRENT_H - -1995-03-25 19:27 millert - - * configure.in: added in linux shadow pass stuff  - -1995-03-24 14:43 millert - - * visudo.c: added back host, user, cmnd, parse_error - -1995-03-24 14:19 millert - - * visudo.c: added in utk changes plus some minor cosmetic changes - -1995-03-24 14:17 millert - - * sudo.c, sudo_realpath.c: added void casts for printf's - -1995-03-24 14:17 millert - - * options.h: added a define of USE_REALPATH - -1995-03-24 14:17 millert - - * configure.in: there is no more visudoers/Makefile - -1995-03-24 14:16 millert - - * Makefile.in: added in utk changes (visudo is now built from the - toplevel) - -1995-03-24 14:15 millert - - * find_path.c: added (void) casts to printf's - -1995-03-23 22:32 millert - - * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c: merged - in utk changes - -1995-03-22 23:13 millert - - * find_path.c: now check to see that what we are trying to run is a - file (or a link to a file, we do a stat(2) so there is no diff) - -1995-03-13 15:56 millert - - * CHANGES: updated - -1995-03-13 15:56 millert - - * Makefile.in: aclocal.m4 -> acsite.m4 make realclean updated for - new autoconf  - -1995-03-13 15:11 millert - - * sudo.man: added myself as maintainer - -1995-02-16 23:31 millert - - * sudo.c: changed setegid -> setgid - -1995-02-06 17:43 millert - - * configure.in: fixed the test for irix 5.x to skip bad libs - -1995-02-06 17:43 millert - - * aclocal.m4: now initialize OS and OSREV - -1995-01-26 20:52 millert - - * configure.in: irix5 changes - -1995-01-26 20:28 millert - - * configure.in: AC_WITH -> AC_ARG_WITH changes other misc changes - for autoconf 2.1 compatibility - -1995-01-18 19:49 millert - - * visudo.c: use YY_NEW_FILE, not yyrestart since OSF flex doesn't - do the righ thing wrt yyrestart (grrrr) - -1995-01-16 18:44 millert - - * Makefile.in: added visudoers/compat.h to DISTFILES - -1995-01-16 17:01 millert - - * configure.in: fixed an echo - -1995-01-16 16:36 millert - - * sudo.c: added ocmnd declaration adjusted for find_path()'s new - parameters - -1995-01-16 16:35 millert - - * sudo.h: added ocmnd extern adjusted find_path() prototype - -1995-01-16 16:34 millert - - * parse.c: cmndcmp() now takes 3 arguments and checks against the - qualified as well as the unqualified pathname. more code that - should use cmndcmp() but did not, now does - -1995-01-16 16:34 millert - - * options.h: added to a comment - -1995-01-16 16:33 millert - - * logging.c: changed to use new find_path() parameter passing - -1995-01-16 16:32 millert - - * find_path.c: find_path() now takes 2 copyout parameters (one for - the qualified pathname and one for the unqualified pathname). - The third parameter may be NULL. - -1995-01-16 16:31 millert - - * configure.in: no longer munge pathnames.h - -1995-01-16 16:30 millert - - * pathnames.h.in: changed _PATH_* to use _SUDO_PATH_* (which are - defined in config.h) as a result, pathnames.h does not need to be - run through configure and the user can override the configured - values easily. - -1995-01-16 16:30 millert - - * config.h.in: added _SUDO_PATH_* entries - -1995-01-16 16:30 millert - - * aclocal.m4: _PATH* -> _SUDO_PATH_* - -1995-01-16 16:28 millert - - * Makefile.in: updated DISTFILES and HDRS .o's now depend on - config.h - -1995-01-13 12:52 millert - - * compat.h: removed extraneous #endif - -1995-01-13 12:48 millert - - * aclocal.m4: added SUDO_PROG_MV - -1995-01-13 12:47 millert - - * configure.in: added SUDO_PROG_MV added riscos and isc os types - took out -DSHORT_MESSAGE from --with-csops since it is now the - default - -1995-01-13 12:46 millert - - * sudo.c: move the include of id.h to compat.h now includes - options.h - -1995-01-13 12:45 millert - - * sudo.h: moved compatibility #defines to compat.h - -1995-01-13 12:45 millert - - * pathnames.h.in: added _PATH_MV - -1995-01-13 12:43 millert - - * config.h.in: move __P to compat.h - -1995-01-13 12:39 millert - - * getcwd.c, getwd.c, putenv.c: now includes compat.h - -1995-01-13 12:39 millert - - * compat.h: Initial revision - -1995-01-11 19:11 millert - - * sudo.h: pull user-configurable stuff out and put in options.h - -1995-01-11 18:43 millert - - * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c, - sudo_setenv.c, parse.lex, parse.yacc, visudo.c: now includes - options.h - -1995-01-11 18:41 millert - - * Makefile.in: added visudoers/options.h - -1995-01-11 18:40 millert - - * options.h, OPTIONS: Initial revision - -1995-01-11 18:39 millert - - * Makefile.in: added OPTIONS and options.h - -1995-01-11 18:36 millert - - * logging.c: changed #ifdef's to use LOGGING and - SLOG_SYSLOG/SLOG_FILE - -1995-01-11 11:02 millert - - * check.c, sudo.h: changed PASSWORD_TIMEOUT to minutes - -1994-12-17 18:18 millert - - * visudo.c: now only do Editor +line_num if line_num != 0 - -1994-12-15 21:06 millert - - * visudo.c: now use mv if rename(2) fails - -1994-12-15 20:32 millert - - * BUGS: added a visudo bug - -1994-12-15 19:46 millert - - * check.c: expanded comment - -1994-11-12 18:33 millert - - * check.c: fixed user_is_exempt to return 0 if EXEMPTGROUP is not - set - -1994-11-09 19:49 millert - - * sudo.c: added mips & isc support - -1994-11-09 19:49 millert - - * parse.c: added support for non-root owned sudoers file - -1994-11-09 19:48 millert - - * check.c: added exempt group support - -1994-11-09 19:47 millert - - * sudo.h: added set_perms() support added SUDOERS_OWNER so can have - non-root own sudoers file added exempt group support added isc - support - -1994-11-09 19:46 millert - - * visudo.c: now copy sudoers to temp file via read/write (not - stdio) now chown new sudoers file to SUDOERS_OWNER - -1994-11-07 20:40 millert - - * configure.in: added skey support - -1994-11-07 20:39 millert - - * sudo.h: fixed typo added set_perms support added skey support - added seteuid()/setegid() emulation for AIX - -1994-11-07 20:38 millert - - * sudo.c: be_* -> setperms() now check to make sure sudoers file is - owned by root nread/write by only root - -1994-11-07 20:38 millert - - * logging.c, parse.c, sudo_realpath.c: be_* -> setperms() - -1994-11-07 20:38 millert - - * check.c: be_* -> set_perms() added skey support - -1994-11-06 18:59 millert - - * Makefile.in: ++version - -1994-11-06 18:59 millert - - * version.h: ++ - -1994-10-21 13:16 millert - - * sudo.c: now sets IFS - -1994-10-21 12:02 millert - - * insults.h: fixed typo - -1994-10-15 15:48 millert - - * config.h.in: added HAVE_SKEY - -1994-10-04 13:00 millert - - * CHANGES: updated - -1994-10-04 12:57 millert - - * Makefile.in: ++version - -1994-10-04 12:57 millert - - * version.h: ++ - -1994-10-04 12:56 millert - - * sudo.c: now bail if ARgv[1] > MAXPATHLEN - -1994-10-04 12:56 millert - - * configure.in: added function check for tcgetattr(3) - -1994-10-04 12:55 millert - - * config.h.in: only define HAVE_TERMIOS_H if you have tcgetattr(3) - -1994-10-04 12:53 millert - - * config.h.in: added check for tcgetattr - -1994-09-26 17:38 millert - - * CHANGES: updated - -1994-09-22 13:30 millert - - * parse.lex: now only include unistd.h for linux - -1994-09-21 14:29 millert - - * Makefile.in: added visudo.8 generation - -1994-09-21 14:07 millert - - * configure.in: added -Wl,-bI:./aixcrypt.exp to aix flags - -1994-09-20 19:39 millert - - * BUGS: added one - -1994-09-20 19:39 millert - - * CHANGES: updated - -1994-09-20 19:38 millert - - * README: added mailing list info - -1994-09-20 19:37 millert - - * parse.yacc: now use sudolineno instead of yylineno fixed bison - warnings - -1994-09-20 19:37 millert - - * configure.in: now use -no_library_replacement for osf don't make - a static binary for hpux >= 9.0 - -1994-09-20 19:21 millert - - * tgetpass.c: added string.h/strings.h inclusion - -1994-09-20 19:21 millert - - * config.h.in: added ssize_t def - -1994-09-20 19:18 millert - - * parse.lex: added inclusion of string.h/strings.h - -1994-09-20 18:48 millert - - * aclocal.m4: fixed uname | sed (needed to quote the '[') - -1994-09-20 18:42 millert - - * parse.lex: replaced yylineno with sudolineno fixed bison syntax - errors - -1994-09-20 18:13 millert - - * visudo.c: changed yylineno to sudolineno since yylineno cannot be - counted upon. - -1994-09-20 18:10 millert - - * TODO: updated - -1994-09-20 17:52 millert - - * parse.c: added code to support command listings - -1994-09-20 17:36 millert - - * sudo.c: added code for -l flag - -1994-09-20 17:35 millert - - * sudo.man: fixed typo added info for -l flag - -1994-09-20 14:45 millert - - * configure.in: AC_SSIZE_T -> SUDO_SSIZE_T - -1994-09-20 14:45 millert - - * aclocal.m4: added SUDO_SSIZE_T - -1994-09-20 14:44 millert - - * sudo.h: added MODE_LIST - -1994-09-20 14:43 millert - - * configure.in: added AC_SSIZE_T - -1994-09-19 20:53 millert - - * find_path.c, sudo_realpath.c: readlink() is now declared as - returning ssize~_t - -1994-09-19 20:44 millert - - * configure.in: added -laud for OSF c2 - -1994-09-02 15:55 millert - - * config.h.in, parse.lex, parse.yacc, pathnames.h.in, visudo.c, - Makefile.in: changed sudo-bugs.cs.colorado.edu -> - sudo-bugs@cs.colorado.edu - -1994-09-02 15:54 millert - - * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c, - parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c, - sudo_setenv.c, tgetpass.c, version.h: changed - sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed - -1994-09-01 15:56 millert - - * Makefile.in: ++version - -1994-09-01 15:55 millert - - * version.h: ++ - -1994-09-01 15:55 millert - - * logging.c: added host to alertmail messages - -1994-09-01 15:55 millert - - * CHANGES, TODO: udpated - -1994-09-01 15:26 millert - - * logging.c: fixed logging problem where mail would not say which - user it was - -1994-09-01 13:45 millert - - * configure.in: added -laud for gcc if osf & c2 - -1994-09-01 13:39 millert - - * check.c: moved set_auth_parameters to sudo.c - -1994-09-01 13:38 millert - - * sudo.c: added set_auth_parameters for osf - -1994-09-01 13:22 millert - - * configure.in: cleaned up -static stuff - -1994-09-01 13:15 millert - - * Makefile.in: ++version - -1994-09-01 13:15 millert - - * version.h: ++ - -1994-09-01 13:15 millert - - * sudo.c: changed setenv() to sudo_setenv() - -1994-09-01 13:12 millert - - * check.c: fixed osf problem - -1994-08-31 22:17 millert - - * configure.in: added OSF C2 stuff - -1994-08-31 22:00 millert - - * CHANGES: updated - -1994-08-31 21:56 millert - - * check.c: added osf auth support & removed some extra spaces - -1994-08-31 21:52 millert - - * INSTALL, SUPPORTED: added osf C2 stuff - -1994-08-31 19:52 millert - - * TODO: added 2 suggestions - -1994-08-31 19:33 millert - - * Makefile.in: removed README.v1.3.1 and added VERSION stuff - -1994-08-31 18:48 millert - - * version.h: pl1 - -1994-08-30 18:31 millert - - * version.h: 1.3.1final - -1994-08-30 18:30 millert - - * Makefile.in: added HISTORY - -1994-08-30 18:30 millert - - * sudo.man: mention HISTPRY file - -1994-08-30 18:30 millert - - * sudo.c: use sizeof instead of a constant in 1 place - -1994-08-30 18:30 millert - - * parse.yacc: added unistd.h - -1994-08-30 18:29 millert - - * parse.lex: added unistd.h - -1994-08-30 18:27 millert - - * README: udpated - -1994-08-30 18:15 millert - - * HISTORY: Initial revision - -1994-08-17 12:45 millert - - * version.h: ++ - -1994-08-17 12:39 millert - - * CHANGES: updated - -1994-08-17 12:36 millert - - * sudo_setenv.c: added unistd.h include - -1994-08-16 15:46 millert - - * sudo.c: added sys/time.h for AIX - -1994-08-14 21:22 millert - - * configure.in: added check for -lsocket and sys/sockio.h - -1994-08-14 21:21 millert - - * config.h.in: took out libshadow check and added in sys/sockio.h - check - -1994-08-14 21:21 millert - - * sudo.c: now include sockio.h instead of ioctl.h if it exists - "sudo -" now gets a better error message - -1994-08-14 20:47 millert - - * sample.sudoers: now has a dir and subnet entry - -1994-08-13 18:15 millert - - * sudo.c: removed if_ether.h - -1994-08-13 17:16 millert - - * TODO: added an item - -1994-08-13 17:15 millert - - * sudo.man: added network and ip addresses to man page - -1994-08-13 17:09 millert - - * sudo.c: no error if can't get interfaces or netmask since - networking may not be in the kernel. - -1994-08-13 17:08 millert - - * parse.c: nwo check for interfaces == NULL - -1994-08-12 21:22 millert - - * parse.c: fixed a bug that caused directory specs in a Cmnd_Alias - to fail if the last entry in the spec failed (ie: it was only - looking at the last entry). CLeaned things up by adding the - cmndcmp() function--all neat & tidy - -1994-08-12 21:21 millert - - * CHANGES: added one - -1994-08-11 23:42 millert - - * sudo.c: now do two passes to skip bogus interfaces (lo0, etc) - -1994-08-11 21:58 millert - - * logging.c, sudo_realpath.c, sudo_setenv.c: added ninclude of - netinet/in.h - -1994-08-11 21:58 millert - - * check.c, find_path.c, getcwd.c, getwd.c, parse.lex, parse.yacc, - visudo.c: added include of netinet/in.h - -1994-08-11 21:57 millert - - * version.h: ++ - -1994-08-11 21:57 millert - - * sudo.h: added interfaces global - -1994-08-11 21:56 millert - - * parse.c: now uses new interfaces global - -1994-08-11 21:56 millert - - * sudo.c: now ip addresses are gleaned fw/o dns - -1994-08-10 19:21 millert - - * sudo.c: added load_ip_addrs() to load the ip_addrs global var - -1994-08-10 19:21 millert - - * parse.c: added hostcmp() to compare hostnames, ip addrs, and - network addrs - -1994-08-10 19:20 millert - - * sudo.h: added ip_addrs def added load_ip_addrs prototype - -1994-08-08 16:03 millert - - * CHANGES: updated - -1994-08-08 15:57 millert - - * Makefile.in: removed multiple entries in DISTFILES - -1994-08-08 13:05 millert - - * visudo.c: ansified the !STDC_HEADERS decls - -1994-08-08 13:05 millert - - * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c: don't do - malloc decl if gnuc - -1994-08-08 13:04 millert - - * sudo.c: can't use getopt(3) since it munges args to the command - to be run as root don't do malloc decl if gnuc - -1994-08-08 00:41 millert - - * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c, - sudo_realpath.c, sudo_setenv.c: ansi-fied !STDC_HEADER function - prottypes - -1994-08-08 00:27 millert - - * getcwd.c, getwd.c: added missing paren - -1994-08-08 00:23 millert - - * Makefile.in: added putenv.c to DISTFILES - -1994-08-08 00:08 millert - - * sudo_setenv.c: added params to func decls when STDC_HEADERS is - not defined now can count on putenv() being there - -1994-08-08 00:08 millert - - * sudo_realpath.c: took out errno decl since sudo.h does it for us - fixed up a next cc warning added params to func decls when - STDC_HEADERS is not defined - -1994-08-08 00:07 millert - - * sudo.h: took out environ extern added local declaratio of - putenv() if local version is needed - -1994-08-08 00:05 millert - - * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c: added params to - func decls when STDC_HEADERS is not defined - -1994-08-08 00:04 millert - - * config.h.in: added memcpy check check to see that ansi vs bsd - macros are ntot already defiend before defining (ie: avoid - redefinition) - -1994-08-08 00:03 millert - - * configure.in: removed fluff setenv check plus check w/ replace - for putenv if also no setenv - -1994-08-08 00:01 millert - - * putenv.c: Initial revision - -1994-08-06 19:19 millert - - * sudo_setenv.c: Initial revision - -1994-08-06 19:19 millert - - * sudo.h: rm'd s realp[ath added sudo_realpath and sudo_setenv - -1994-08-06 19:19 millert - - * sudo.c: now use sudo_setenvc - -1994-08-06 19:18 millert - - * configure.in: added puteenv and setenv, removed realpath - -1994-08-06 19:18 millert - - * config.h.in: added putenv & setenv - -1994-08-06 19:18 millert - - * Makefile.in: added sudo_setenv - -1994-08-06 19:16 millert - - * version.h: ++ - -1994-08-05 19:43 millert - - * configure.in: added MAN_POSTINSTALL and /usr/share/catman for - irix - -1994-08-05 19:43 millert - - * Makefile.in: added MAN_POSTINSTALL - -1994-08-05 19:43 millert - - * CHANGES: added - -1994-08-05 19:10 millert - - * sudo.man: added SUDO_* plus new options - -1994-08-05 19:10 millert - - * CHANGES: added one - -1994-08-05 19:07 millert - - * configure.in: took out shadow lib - -1994-08-05 18:35 millert - - * TODO: adde done - -1994-08-05 17:52 millert - - * visudo.c: now use yyrestart() if flex now reset yylineno to 0 - -1994-08-05 17:49 millert - - * Makefile.in: support for installing a cat page instead of a man - page if no nroff - -1994-08-05 17:48 millert - - * configure.in: now defines HAVE_FLEX fixed up man stuff so that it - looks for nroff to determine whether or not to install a cat or - man page - -1994-08-05 17:48 millert - - * config.h.in: added HAVE_FLEX - -1994-08-05 16:14 millert - - * sudo.c: not set ret to MODE_RUN initially - -1994-08-05 16:12 millert - - * find_path.c: made command (and therefor cmnd dynamically - allocated) - -1994-08-04 20:25 millert - - * TODO: did #8 - -1994-08-04 20:24 millert - - * version.h: ++ - -1994-08-04 20:24 millert - - * sudo_realpath.c: changed bufs from MAXPATHLEN to MAXPATHLEN+1 - -1994-08-04 20:24 millert - - * sudo.h: added MODE_ removed validate_only and added - remove_timestamp() - -1994-08-04 20:22 millert - - * sudo.c: usage() now takes an int (exit value) added parse_args() - to parse command line arguments moved call to find_path() from - load_globals to new function load_cmnd() removed validate_only - global -- now use the concept of "modes" added -h and -k options - -1994-08-04 20:21 millert - - * parse.c: no longer use global validate_only now checks for - command called "validate" removed check for non-fully qualified - commands since that is done by find_path - -1994-08-04 20:20 millert - - * find_path.c: changed MAXPATHLEN r to MAXPATHLEN+1 - -1994-08-04 20:17 millert - - * find_path.c: fixed off by one error with MAXPATHLEN and fixed a - comment - -1994-08-04 20:17 millert - - * check.c: check_timestamp no longer runs reminder(), it is implied - in the return val added remove_timestamp() - -1994-08-04 20:16 millert - - * CHANGES: updated - -1994-08-04 16:38 millert - - * BUGS: fixed on - -1994-08-04 16:38 millert - - * sudo_realpath.c: took out old_errno - -1994-08-04 16:37 millert - - * CHANGES: updated - -1994-08-03 12:08 millert - - * logging.c: moved send_mail to after syslog - -1994-08-02 22:41 millert - - * sudo.c: now set SUDO_ envariables - -1994-08-01 13:40 millert - - * version.h: ++ - -1994-08-01 13:39 millert - - * sudo_realpath.c: now print error if chdir fails - -1994-08-01 13:39 millert - - * find_path.c: removed an XXX - -1994-07-25 20:40 millert - - * CHANGES: updated - -1994-07-25 20:36 millert - - * configure.in: no more static binaries for aix - -1994-07-25 18:37 millert - - * INSTALL: fixed typo - -1994-07-25 18:33 millert - - * sudo_realpath.c: took out stuff not needed for sudo now does - be_root/be_user itself now uses cwd global - -1994-07-25 18:32 millert - - * version.h: +=2 - -1994-07-25 18:31 millert - - * logging.c, sudo.c: be_root/be_user is now down in sudo_realpath() - -1994-07-25 18:26 millert - - * logging.c, sudo.h: now works with 4.2BSD syslog (blech) - -1994-07-25 18:25 millert - - * find_path.c: now use sudo_realpath() - -1994-07-25 18:25 millert - - * config.h.in: took out realpth() stuff since we now use - sudo_realpath() - -1994-07-25 18:25 millert - - * configure.in: ultrix enhanced sec - -1994-07-25 18:25 millert - - * SUPPORTED: added ultrix enhanced sec. - -1994-07-25 18:24 millert - - * INSTALL: updated - -1994-07-25 18:21 millert - - * check.c: ultrix enhanced security suport - -1994-07-25 18:20 millert - - * Makefile.in: added sudo_realpath.c - -1994-07-25 18:18 millert - - * CHANGES: updated - -1994-07-25 14:28 millert - - * tgetpass.c: increased passwd len to 24 for c2 security - -1994-07-25 13:17 millert - - * BUGS: updated BUGS - -1994-07-15 11:49 millert - - * check.c: now use user global var - -1994-07-15 11:48 millert - - * configure.in: took out -ls - -1994-07-14 19:11 millert - - * configure.in: added AFS libs - -1994-07-14 17:45 millert - - * sudo.h: user is now a char * added epasswd - -1994-07-14 17:43 millert - - * sudo.c: added tzset() to load_globals added epasswd (encrypted - password) global made user dynamically allocated - -1994-07-14 17:43 millert - - * configure.in: added tzset test - -1994-07-14 17:43 millert - - * config.h.in: added HAVE_TZSET - -1994-07-14 17:42 millert - - * check.c: cleaned up encrypted passwd grab somewhat - -1994-07-14 12:34 millert - - * configure.in: fixed AFS typo - -1994-07-14 12:34 millert - - * INSTALL: added AFS not - -1994-07-14 12:34 millert - - * CHANGES: udpated - -1994-07-14 12:33 millert - - * logging.c: can now log to both syslog & a file - -1994-07-14 12:12 millert - - * sudo.h: added BOTH_LOGS - -1994-07-14 11:34 millert - - * CHANGES: updated - -1994-07-14 11:32 millert - - * configure.in: --with-AFS - -1994-07-14 11:32 millert - - * config.h.in: added HAVE_AFS - -1994-07-14 11:31 millert - - * check.c: added afs changes - -1994-07-14 11:21 millert - - * sudo.h: removed AFS stuff :-) - -1994-07-14 11:19 millert - - * tgetpass.c: include sys/select for AIX - -1994-07-14 11:17 millert - - * sudo.h: added AFS - -1994-07-14 11:16 millert - - * version.h: ++ - -1994-07-07 14:45 millert - - * SUPPORTED, CHANGES: updated - -1994-07-07 14:44 millert - - * logging.c: can now have MAILER undefined - -1994-07-07 14:37 millert - - * INSTALL: new sub-note about MAILER - -1994-07-06 23:11 millert - - * sudo.man: added blurb about password timeout - -1994-07-06 20:52 millert - - * configure.in: convex c2 changes - -1994-07-06 20:52 millert - - * aclocal.m4: took out duplicate define of _CONVEX_SOURCE - -1994-07-06 20:51 millert - - * Makefile.in: added OSDEFS - -1994-07-06 20:46 millert - - * config.h.in: added spaces - -1994-07-06 20:08 millert - - * tgetpass.c: added a goto if fgets fails - -1994-07-06 20:08 millert - - * sudo.h: use __hpux not hpux convex c2 stuff - -1994-07-06 20:08 millert - - * sudo.c: use __hpux not hpux - -1994-07-06 20:08 millert - - * logging.c: convex c2 stuff - -1994-07-06 20:07 millert - - * config.h.in: define ansi-ish cpp os defines if non-ansi are - defined for hpux & convex - -1994-07-06 20:07 millert - - * INSTALL: updated to say we support sonvex C2 - -1994-07-06 20:05 millert - - * check.c: added convex c2 support - -1994-07-01 12:06 millert - - * tgetpass.c: no more ioctl never returns NULL uses fgets() and - select() to timeout - -1994-06-29 17:04 millert - - * configure.in: things were testing -n "$GCC" instead of -z "$GCC" - -1994-06-29 16:39 millert - - * tgetpass.c: now works + uses fgets() - -1994-06-28 18:25 millert - - * tgetpass.c: select doesn't seem to recognize a single '\n' as - input waiting so we can;t use it, sigh. - -1994-06-26 16:38 millert - - * PORTING: updated tgetpass() blurb - -1994-06-26 16:35 millert - - * configure.in: added --with-getpass - -1994-06-26 16:35 millert - - * Makefile.in: added tgetpass stuff - -1994-06-26 15:25 millert - - * tgetpass.c: now uses stdio - -1994-06-26 15:17 millert - - * version.h: ++ - -1994-06-24 19:48 millert - - * PORTING: updated ,. - -1994-06-24 19:46 millert - - * config.h.in: added USE_GETPASS && HAVE_C2_SECURITY - -1994-06-24 19:45 millert - - * configure.in: fixed a test aded --with-C2 and --with-tgetpass - -1994-06-24 19:45 millert - - * check.c: added hpux C2 shit - -1994-06-24 19:45 millert - - * Makefile.in: took out tgetpass.* - -1994-06-24 19:45 millert - - * INSTALL: added C2 blurb - -1994-06-13 15:54 millert - - * configure.in: no termio(s) for ultrix since it is broken - -1994-06-13 15:41 millert - - * check.c: added a space (yeah, anal) - -1994-06-13 15:17 millert - - * realpath.c, sudo_realpath.c: fixed it (duh, rtfm) - -1994-06-08 14:34 millert - - * config.h.in: took out bsd signal stuff for irix - -1994-06-08 14:26 millert - - * visudo.c: comments in #endif - -1994-06-08 14:09 millert - - * configure.in: don't define BSD signals for irix - -1994-06-08 12:57 millert - - * TODO: did some... - -1994-06-08 12:57 millert - - * CHANGES: updated - -1994-06-08 12:56 millert - - * realpath.c, sudo_realpath.c: took out unneeded code by changing - where a strings was terminated - -1994-06-07 19:21 millert - - * realpath.c, sudo_realpath.c: fix bug where /dirname would return - NULL - -1994-06-07 17:40 millert - - * sudo.h: move __P to config.h - -1994-06-07 17:40 millert - - * getcwd.c, getwd.c, realpath.c, sudo_realpath.c: added errno - definition - -1994-06-07 17:40 millert - - * config.h.in: added __P - -1994-06-07 17:21 millert - - * config.h.in: added HAVE_FCHDIR - -1994-06-07 17:18 millert - - * strdup.c: now include stdio - -1994-06-07 14:55 millert - - * realpath.c, sudo_realpath.c: now works if no fchdir - -1994-06-07 14:55 millert - - * visudo.c: define SA_RESETHAND to null if not defined - -1994-06-07 14:54 millert - - * configure.in: added check & replace - -1994-06-06 20:05 millert - - * configure.in: took out -static for nextstep -- it doesn't work - -1994-06-06 19:59 millert - - * logging.c: moved #endif to where it belongs - -1994-06-06 19:54 millert - - * SUPPORTED: correction - -1994-06-06 19:42 millert - - * configure.in: now checks for strdup realpath getcwd bzero - -1994-06-06 19:31 millert - - * config.h.in: emulate bzero - -1994-06-06 16:57 millert - - * visudo.c: added posic signals - -1994-06-06 16:57 millert - - * tgetpass.c: bzero cast - -1994-06-06 16:57 millert - - * logging.c: added posix signals - -1994-06-06 16:56 millert - - * configure.in: removed BROKEN_GETPASS added new srcs toreplace - missing functions - -1994-06-06 16:56 millert - - * config.h.in: added posix signal stuff - -1994-06-06 16:56 millert - - * Makefile.in: added new srcs - -1994-06-06 12:53 millert - - * visudo.c: updated useag - -1994-06-06 12:39 millert - - * tgetpass.c: now uses posix signals - -1994-06-05 20:17 millert - - * PORTING: updated sto reflect major changes - -1994-06-05 20:05 millert - - * TODO, CHANGES: updated - -1994-06-05 20:04 millert - - * tgetpass.c: uses sysconf() if available - -1994-06-05 20:04 millert - - * sudo.h: added PASSWORD_TIMEOUT + prototypes for new functions - -1994-06-05 20:04 millert - - * realpath.c, sudo_realpath.c: for those w/o this in libc - -1994-06-05 20:03 millert - - * getcwd.c, getwd.c: Initial revision - -1994-06-05 20:03 millert - - * find_path.c: rewrote to use realpath(3) - nis now all my code - -1994-06-05 20:02 millert - - * config.h.in: added HAVE_REALPATH - -1994-06-05 20:02 millert - - * check.c: now use tgetpass - -1994-06-05 20:02 millert - - * Makefile.in: added LIBOBJS use tgetpass.c - -1994-06-05 18:55 millert - - * tgetpass.c: works now :-) - -1994-06-05 18:27 millert - - * tgetpass.c: Initial revision - -1994-06-05 17:17 millert - - * pathnames.h.in: added /dev/tty - -1994-06-04 17:12 millert - - * version.h: incremented - -1994-06-04 15:29 millert - - * sudo.c: always use getcwd - -1994-06-04 14:49 millert - - * config.h.in: added check for getwd - -1994-06-04 14:48 millert - - * configure.in: replace strdup & realpath & getcwd if missing - -1994-06-04 14:47 millert - - * pathnames.h.in: added _PATH_PWD - -1994-06-04 14:46 millert - - * aclocal.m4: added SUDO_PROG_PWD - -1994-06-04 14:37 millert - - * realpath.c, sudo_realpath.c, strdup.c: Initial revision - -1994-06-03 11:31 millert - - * configure.in: quoted quare brackets - -1994-06-02 17:49 millert - - * sudo.c: no need to strdup() a constant - -1994-06-02 15:45 millert - - * CHANGES: updated - -1994-06-02 15:44 millert - - * sudo.man: added validate - -1994-06-02 15:42 millert - - * sudo.c: added -v to usage - -1994-06-02 15:41 millert - - * parse.c, sudo.c, sudo.h: added validate_only stuff - -1994-05-29 21:29 millert - - * configure.in: now finds sed - -1994-05-29 21:28 millert - - * aclocal.m4: $OSREV is now an int - -1994-05-29 19:13 millert - - * configure.in: added mtxinu to caser - -1994-05-29 18:37 millert - - * sudo.h: added EXEC macro - -1994-05-29 18:36 millert - - * sudo.c: now use the EXEC nmacro now only do a gethostbyname() if - FQDN is set - -1994-05-29 18:36 millert - - * logging.c: changed mail_argv[] def now use EXEC() macro - -1994-05-29 18:35 millert - - * check.c: took out crypt() definition - -1994-05-29 17:23 millert - - * version.h: upped the version - -1994-05-29 15:52 millert - - * configure.in: always look for -lnsl - -1994-05-29 15:29 millert - - * aclocal.m4: added an echo - -1994-05-29 15:25 millert - - * sudo.h: SHORT_MESSAGE is now the default - -1994-05-29 15:18 millert - - * config.h.in: fixed typo - -1994-05-29 01:29 millert - - * configure.in: added missing AC_DEFINE(SVR4) for solaris - -1994-05-28 20:42 millert - - * sudo.man: documented the -v flag - -1994-05-28 20:34 millert - - * SUPPORTED: updated - -1994-05-28 20:31 millert - - * check.c: proto-ized crypt() - -1994-05-28 20:28 millert - - * config.h.in: added LIBSHADOW undef - -1994-05-28 20:18 millert - - * configure.in: nwo set OS to be lowercase - -1994-05-28 19:36 millert - - * configure.in: now use SUDO_OSTYPE to set $OS - -1994-05-28 19:36 millert - - * aclocal.m4: now use uname to determine os - -1994-05-28 16:23 millert - - * visudo.c: added prototypes & moved sig handler around - -1994-05-28 15:13 millert - - * sudo.h: added prototyppes - -1994-05-28 15:13 millert - - * parse.c: added comment - -1994-05-28 15:12 millert - - * config.h.in: nwo use _BSD_SIGNALS not _BSD_COMPAT - -1994-05-28 15:11 millert - - * check.c, logging.c, sudo.c: added prototypes - -1994-05-28 15:11 millert - - * aixcrypt.exp: Initial revision - -1994-05-28 15:11 millert - - * Makefile.in: added aixcrypt.exp - -1994-05-28 13:21 millert - - * parse.lex, parse.yacc: moved config.h to top of includes - -1994-05-25 15:48 millert - - * find_path.c: now don't bitch if get EACCESS (treat like EPERM) - -1994-05-24 23:08 millert - - * visudo.c: added -v flag and usage() - -1994-05-24 23:08 millert - - * version.h: fixed a typo - -1994-05-24 23:08 millert - - * sudo.c: cast Argv to a const for exec added -v flag - -1994-05-24 23:07 millert - - * logging.c: mail_argv is now a const - -1994-05-24 23:07 millert - - * configure.in: only set RETSIGTYPE if it is not set already - -1994-05-24 23:07 millert - - * aclocal.m4: now defines & STDC_HEADERS for Irix - -1994-05-24 23:07 millert - - * Makefile.in: added version.h - -1994-05-24 21:25 millert - - * insults.h, sudo.h: prevent multiple inclusion - -1994-05-24 21:20 millert - - * version.h: Initial revision - -1994-05-24 21:09 millert - - * parse.lex, parse.yacc: now includes config.h - -1994-05-24 20:54 millert - - * aclocal.m4: now talks about sunos 4.x - -1994-05-24 20:23 millert - - * visudo.c: calls to Exit now pass an arg - -1994-05-24 18:00 millert - - * visudo.c: signal handler now takes an int argument - -1994-05-24 18:00 millert - - * CHANGES: updated - -1994-05-24 17:44 millert - - * sudo.c: ok, the getcwd() is now *really* done as the user - -1994-05-24 17:44 millert - - * configure.in: changed AIX STATIC_FLAGS - -1994-05-24 16:27 millert - - * aclocal.m4: solaris now defines SVR4 - -1994-05-24 16:18 millert - - * sudo.h: added cwd and fixed stupid core dump that makes no sense. - sigh. - -1994-05-24 16:18 millert - - * sudo.c: moved getcwd stuff into load_globals - -1994-05-24 16:18 millert - - * parse.c: took out externs that are in suod.h - -1994-05-24 16:18 millert - - * logging.c: moved cwd into load_globals - -1994-05-24 16:17 millert - - * find_path.c: moved cwd stuff - -1994-05-24 15:55 millert - - * Makefile.in: fixed make distclean & realclean - -1994-05-24 12:51 millert - - * TODO: updated ., - -1994-05-24 12:51 millert - - * CHANGES: added solaris changes - -1994-05-24 12:51 millert - - * aclocal.m4: added solaris changes, need to rework - -1994-05-24 12:50 millert - - * configure.in: cleaned up for solaris - -1994-05-24 12:13 millert - - * logging.c: reinstall reapchild signal handler for non-bsd signals - -1994-05-24 12:03 millert - - * sudo.h: took out getdtablesize() emulation for HP-UX (no longer - needed) - -1994-05-24 12:03 millert - - * sudo.c: support for HAVE_SYSCONF - -1994-05-24 12:02 millert - - * visudo.c: added for solaris & reorg'd the includes + - minor prettying up / - -1994-05-23 20:26 millert - - * config.h.in: added HAVE_SYSCONF - -1994-05-16 18:57 millert - - * configure.in: now tells you what os you are running /. - -1994-05-16 18:56 millert - - * aclocal.m4: took out extra ',' - -1994-05-14 17:56 millert - - * config.h.in: added _BSD_COMPAT - -1994-05-14 17:56 millert - - * aclocal.m4: fixed for irix5 - -1994-05-14 17:55 millert - - * CHANGES: updated - -1994-05-14 17:27 millert - - * sudo.c: uid seinitialized to -2 - -1994-04-28 12:36 millert - - * sudo.c: now removes LIBPATH for AIX - -1994-03-12 20:41 millert - - * configure.in: now uses ufc if it finds it - -1994-03-12 17:42 millert - - * sudo.h: no longer define yyval & yylval since yacc does it - -1994-03-12 17:42 millert - - * parse.lex: now defines yylval as extenr - -1994-03-12 17:41 millert - - * configure.in: BROKEN_GETPASS is now an OPTION - -1994-03-12 17:41 millert - - * config.h.in: took out BROKEN_GETPASS - -1994-03-12 17:20 millert - - * Makefile.in: took out big comment - -1994-03-12 16:24 millert - - * README: updated - -1994-03-12 16:20 millert - - * Makefile.in: took out README.beta - -1994-03-12 16:19 millert - - * SUPPORTED: Initial revision - -1994-03-12 16:19 millert - - * INSTALL: now reference SUPPORTED ., - -1994-03-12 16:17 millert - - * config.h.in: now check for convex OR __convex__ - -1994-03-12 16:16 millert - - * aclocal.m4: now check for convex or __convex__ - -1994-03-12 16:15 millert - - * Makefile.in: added dist target - -1994-03-12 15:19 millert - - * aclocal.m4: use __convex__ - -1994-03-12 14:33 millert - - * find_path.c: now use _S_* stat stuff to be ansi-like - -1994-03-12 14:11 millert - - * INSTALL: updated for configure directions - -1994-03-12 14:05 millert - - * Makefile.in: distclean now removes config.h and pathnames.h - -1994-03-12 14:03 millert - - * CHANGES: updated - -1994-03-12 14:00 millert - - * TODO: fixed typoe - -1994-03-12 13:57 millert - - * Makefile.in, visudo.c: updated version - -1994-03-12 13:57 millert - - * config.h.in, pathnames.h.in: added copyright header - -1994-03-12 13:55 millert - - * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex, - parse.yacc, sudo.c, sudo.h: udpated version - -1994-03-12 13:39 millert - - * visudo.c: udpated to use configure + pathnames.h - -1994-03-12 13:37 millert - - * Makefile.in, config.h.in, configure.in, aclocal.m4: updated - -1994-03-12 13:37 millert - - * sudo.h: now works with configure - -1994-03-12 13:36 millert + * sudo.h: + now works with configure + [83fc40e533f4] * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c: - updated to work with configure + pathnames.h - -1994-03-12 10:40 millert - - * Makefile.in: added LEXLIB - -1994-03-10 03:18 millert - - * COPYING: updated gnu general licence to versio 2 - -1994-03-10 02:44 millert - - * pathnames.h.in, config.h.in: Initial revision - -1994-03-10 01:43 millert - - * sudo.h: changed to work with configure - -1994-03-09 18:51 millert - - * Makefile.in, aclocal.m4, configure.in: Initial revision - -1994-03-09 17:36 millert - - * visudo.c: now uses defines used by configure - -1994-03-01 16:31 millert - - * find_path.c: sudo won't bitch about EPERM now, for real - -1994-02-28 00:36 millert - - * logging.c: renamed exec_argv to eliminate a libc name clash with - ksros - -1994-02-28 00:28 millert - - * CHANGES: corrected - -1994-02-28 00:27 millert - - * logging.c, sudo.c, sudo.h: execve -> execv - -1994-02-27 23:27 millert - - * TODO: upated - -1994-02-27 23:19 millert - - * PORTING: added 2 mroe items - -1994-02-27 23:12 millert - - * CHANGES: updated - -1994-02-27 23:11 millert - - * sudo.h: added UMASK and mode_t declaration - -1994-02-27 23:11 millert - - * sudo.c: added UMASK - -1994-02-27 20:55 millert - - * logging.c: now opens log file with mode 077 - -1994-02-27 20:55 millert - - * check.c: saved current umask ans restores it - -1994-02-27 20:36 millert - - * sudo.h: added MAXLOGFILELEN - -1994-02-27 20:35 millert - - * logging.c: split long log lines. FOr syslog, split into multiple - entries, for a log file, indent the extra for readability - -1994-02-27 17:22 millert - - * CHANGES: added changes - -1994-02-27 17:18 millert - - * sudo.h: MAXLOGLEN & MAXSYSLOGLEN are now different (as they - should be) - -1994-02-25 16:04 millert - - * TODO: added input from Brett M Hogden - -1994-02-16 13:35 millert - - * sudo.c: added rmenv() to remove stuff from environ. can now uses - execvp() OR execve() becuase of this. - -1994-02-16 13:35 millert - - * logging.c: now uses execvp() OR execve() - -1994-02-16 13:31 millert - - * sudo.h: added USE_EXECVE - -1994-02-16 13:27 millert - - * sudo.h: added environ - -1994-02-16 12:53 millert - - * find_path.c: now ignore EPERM - -1994-02-15 23:52 millert - - * sudo.h: moved some func decls out of sudo.h and into sudo.c as - statics /. - -1994-02-15 23:52 millert - - * CHANGES: updated - -1994-02-15 23:40 millert - - * sudo.h: took out Envp - -1994-02-14 12:28 millert - - * BUGS: Initial revision - -1994-02-10 14:29 millert - - * sudo.c, sudo.h, CHANGES: added SECURE_PATH - -1994-02-10 14:05 millert - - * sudo.h: added SECURE_PATH - -1994-02-10 13:50 millert - - * INSTALL: added sample.sudoers note - -1994-02-10 13:47 millert - - * sudoers: Initial revision - -1994-02-09 14:54 millert - - * find_path.c: fixed typo - -1994-02-08 23:06 millert - - * PORTING: took out SAVED_UID garbage - -1994-02-08 22:55 millert - - * INSTALL: mentioned HAL - -1994-02-08 22:50 millert - - * sudo.h: added HAL line - -1994-02-08 22:48 millert - - * insults.h: added HAL insults - -1994-02-08 22:48 millert - - * TODO: updated - -1994-02-08 22:02 millert - - * logging.c: more verbose error if mailer not found - -1994-02-08 22:02 millert - - * check.c: now do getpwent as root for soem shadow password systems - (bsdi) - -1994-02-08 13:22 millert - - * sudo.h: took out SAVED_UID garbade - -1994-02-08 13:21 millert - - * sudo.c: took out SAVED_UID garbage since it don't work - -1994-02-06 17:43 millert - - * README: updated - -1994-02-06 17:40 millert - - * insults.h: added a missing space :-) - -1994-02-05 19:48 millert - - * sudo.c, sudo.h: took out multimax cruft - -1994-02-05 19:30 millert - - * INSTALL: minor update - -1994-02-05 19:30 millert - - * PORTING: finished - -1994-02-05 19:19 millert - - * sudo.c: fixed a typo + indentation - -1994-02-05 18:43 millert - - * sudo.h: took outumoved some defines to the config file ,. ,. - -1994-02-05 15:17 millert - - * PORTING: Initial revision - -1994-02-05 15:17 millert - - * TODO: did #6 - -1994-02-05 15:16 millert - - * sudo.h: added HAS_SAVED_UID - -1994-02-05 15:16 millert - - * sudo.c: put back AIX cruft - -1994-02-03 00:44 millert - - * sudo.c: aix changes - -1994-02-02 01:31 millert - - * CHANGES: updated + updated to work with configure + pathnames.h + [cb67fa6ab52d] -1994-02-02 01:30 millert + * Makefile.in: + added LEXLIB + [f43cad4ab0a2] - * check.c, logging.c, parse.c, sudo.c, sudo.h: now is only root - when abs necesary +1994-03-10 Todd C. Miller -1994-02-01 22:21 millert + * COPYING: + updated gnu general licence to versio 2 + [2b0b56112ddc] - * check.c: added missing %s\n + * config.h.in, pathnames.h.in: + Initial revision + [4b586f39ec2d] -1994-01-31 02:06 millert + * sudo.h: + changed to work with configure + [13f3506ddf16] - * install-sh: Initial revision +1994-03-09 Todd C. Miller -1994-01-31 01:58 millert + * Makefile.in, aclocal.m4, configure.in: + Initial revision + [a8636ae77371] - * CHANGES, TODO: updated + * visudo.c: + now uses defines used by configure + [de438d118993] -1994-01-31 01:56 millert +1994-03-01 Todd C. Miller - * sudo.c: now removed _RLD_* for alphas + * find_path.c: + sudo won't bitch about EPERM now, for real + [ce26d9ef7e3f] -1994-01-31 01:50 millert +1994-02-28 Todd C. Miller - * INSTALL: updated for new config scheme + * logging.c: + renamed exec_argv to eliminate a libc name clash with ksros + [bcb4350d8411] -1994-01-30 19:42 millert + * CHANGES: + corrected + [dae68d422efd] - * find_path.c: more verbose eror messages + * logging.c, sudo.c, sudo.h: + execve -> execv + [40cc2c4bdb15] -1994-01-27 14:08 millert + * TODO: + upated + [9275a8b8fc45] - * TODO: now have solaris + * PORTING: + added 2 mroe items + [6cbb5c56993c] -1994-01-27 14:07 millert + * CHANGES: + updated + [73f34f8e571a] - * sudo.h: define __svr4__ for SOLARIS + * sudo.h: + added UMASK and mode_t declaration + [7c2015e1d171] -1994-01-27 14:07 millert + * sudo.c: + added UMASK + [d37be7523680] - * check.c: added svr4 junk for shadow pws for solaris 2.x + * logging.c: + now opens log file with mode 077 + [0825cc3ee841] -1994-01-27 13:19 millert + * check.c: + saved current umask ans restores it + [659c1aaae8e8] - * check.c, sudo.c: took out setuid(0) and setreuid(udi) garbage. - Its not needed since we start out setuid with the correct perms. + * sudo.h: + added MAXLOGFILELEN + [34331c7dee90] -1994-01-26 19:51 millert + * logging.c: + split long log lines. FOr syslog, split into multiple entries, for + a log file, indent the extra for readability + [72c9e4cdba6e] - * check.c, sudo.c, sudo.h: now use setreuid() +1994-02-27 Todd C. Miller -1994-01-26 18:58 millert + * CHANGES: + added changes + [81196833673d] - * sudo.man: revised AUTHORS secrtion & added ENV_EDITOR stuff to - VARIABLES sectoin + * sudo.h: + MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be) + [1aa69e903840] -1994-01-26 18:52 millert +1994-02-25 Todd C. Miller - * visudo.c: now uses ENV_EDITOR if you want to use the EDITOR envar + * TODO: + added input from Brett M Hogden + [80f01fc88ce9] -1994-01-26 18:52 millert +1994-02-16 Todd C. Miller - * sudo.h: now uses ENV_EDITOR if you want to use the EDITOR envar - >> . + * sudo.c: + added rmenv() to remove stuff from environ. can now uses execvp() + OR execve() becuase of this. + [e7fc2535bd67] -1993-12-07 01:33 millert + * logging.c: + now uses execvp() OR execve() + [56391aa1f99d] - * README: minor update + spell fix + * sudo.h: + added USE_EXECVE + [f21f38050b95] -1993-12-07 01:33 millert + * sudo.h: + added environ + [6b805e23c6f6] - * INSTALL: rewrote most of this + * find_path.c: + now ignore EPERM + [c8fd7117a1d7] -1993-12-07 01:13 millert + * sudo.h: + moved some func decls out of sudo.h and into sudo.c as statics /. + [5f555c267d27] - * sudo.h: added all options that are in the Makefile + * CHANGES: + updated + [431f478af320] -1993-12-07 00:23 millert + * sudo.h: + took out Envp + [6f722be7793d] - * getpass.c: now use USE_TERMIO #define for sgi & hpux +1994-02-14 Todd C. Miller -1993-12-06 23:19 millert + * BUGS: + Initial revision + [4a8ecf0da95c] - * TODO: todo: posix sigs +1994-02-10 Todd C. Miller -1993-12-06 01:12 millert + * CHANGES: + added SECURE_PATH + [1c72cb222609] - * check.c, find_path.c: always include strings.h + * sudo.c, sudo.h: + added SECURE_PATH + [5bf5357a63c5] -1993-12-05 20:34 millert + * sudo.h: + added SECURE_PATH + [3976a74405ac] - * visudo.c: added STATICEDITOR + * INSTALL: + added sample.sudoers note + [1b395d29aaeb] -1993-12-05 20:30 millert + * sudoers: + Initial revision + [485888d07477] - * sudo.h: sgi has vi in /usr/bin too +1994-02-09 Todd C. Miller -1993-12-05 20:23 millert + * find_path.c: + fixed typo + [bfc3cc4d41ca] - * sudo.man: added VISUAL + * PORTING: + took out SAVED_UID garbage + [b7c2d3469661] [SUDO_1_3_0] -1993-12-02 22:20 millert + * INSTALL: + mentioned HAL + [253d6695df90] - * sudo.h: sue /usr/bin/vi on some systems + * sudo.h: + added HAL line + [29ec1a4ac6de] -1993-12-02 22:19 millert + * insults.h: + added HAL insults + [7d7c96d77c74] - * sudo.c: fixed warning (include strings.h) + * TODO: + updated + [aa2ed9790586] -1993-12-02 22:06 millert + * logging.c: + more verbose error if mailer not found + [fca47fd00cb6] - * sudo.man: added John_Rouillard@dl5000.bc.edu's changes (new - features) + * check.c: + now do getpwent as root for soem shadow password systems (bsdi) + [e0339e110d46] -1993-12-02 21:38 millert +1994-02-08 Todd C. Miller - * CHANGES: changes from John_Rouillard@dl5000.bc.edu + * sudo.h: + took out SAVED_UID garbade + [fcb0e81dcdb5] -1993-12-02 21:35 millert + * sudo.c: + took out SAVED_UID garbage since it don't work + [507e9513e9c2] - * visudo.c: added EDITOR envar +1994-02-06 Todd C. Miller -1993-12-02 21:34 millert + * README: + updated + [d2b6b253dae5] - * check.c, find_path.c, parse.c, sudo.c: added patches from - John_Rouillard directory spec uses EDITOR + * insults.h: + added a missing space :-) + [8940ea991f87] -1993-12-01 19:32 millert + * sudo.c, sudo.h: + took out multimax cruft + [c2606b365181] - * getpass.c: added flush for hpux + * INSTALL: + minor update + [05fb6ee73131] -1993-11-30 13:37 millert + * PORTING: + finished + [c4ac47c84dc5] - * sudo.c: no longer assume malloc returns a char * + * sudo.c: + fixed a typo + indentation + [7eab40aae8fa] -1993-11-29 20:35 millert +1994-02-05 Todd C. Miller - * sudo.c: alpha change to remove LD_-like thing fixed SHLIB_PATH - stuff -- now gets removed correctly + * sudo.h: + took outumoved some defines to the config file ,. ,. + [defff05beb52] -1993-11-29 19:31 millert + * PORTING: + Initial revision + [c803e9127959] - * sudo.h: added STD_HEADERS macro + * TODO: + did #6 + [c6fa1c946c31] -1993-11-29 19:14 millert + * sudo.h: + added HAS_SAVED_UID + [6a88a39c0a07] - * sudo.c: now uses STD_HEADERS macor for ansi + * sudo.c: + put back AIX cruft + [a24d2507ddd4] -1993-11-29 19:14 millert +1994-02-03 Todd C. Miller - * find_path.c: now uses STD_HEADERS macro + * sudo.c: + aix changes + [1663915f754a] -1993-11-29 19:13 millert +1994-02-02 Todd C. Miller - * check.c: niceties for C compiler bitches -- no real change + * CHANGES: + updated + [a8cc73747cae] -1993-11-29 13:04 millert + * check.c, logging.c, parse.c, sudo.c, sudo.h: + now is only root when abs necesary + [3c9d12c5cdfe] - * visudo.c: now doesn't fclose a file never opened. + * check.c: + added missing %s\n + [609320b72d89] -1993-11-28 16:35 millert +1994-01-31 Todd C. Miller - * sudo.man: added visudo line + * install-sh: + Initial revision + [b5bba140a175] -1993-11-28 16:31 millert + * TODO: + updated + [c9d2eba602af] - * sudo.man: added error stuff added me in there... + * CHANGES: + updated + [932f1fc3bb14] -1993-11-28 03:12 millert + * sudo.c: + now removed _RLD_* for alphas + [54a36e648158] - * CHANGES: noted insults + * INSTALL: + updated for new config scheme + [61c8ae800444] -1993-11-28 03:01 millert + * find_path.c: + more verbose eror messages + [b4fd123db42d] - * INSTALL: added blurb about reading stuff +1994-01-27 Todd C. Miller -1993-11-28 03:00 millert + * TODO: + now have solaris + [371002fbf266] - * sudo.h: added insults + * sudo.h: + define __svr4__ for SOLARIS + [0b5cf5ed936d] -1993-11-28 03:00 millert + * check.c: + added svr4 junk for shadow pws for solaris 2.x + [91ed58f21618] - * insults.h: corrected somments and removed newlines + * check.c, sudo.c: + took out setuid(0) and setreuid(udi) garbage. Its not needed since + we start out setuid with the correct perms. + [07689e782b0b] -1993-11-28 03:00 millert + * check.c, sudo.c, sudo.h: + now use setreuid() + [7d64d685d78e] - * check.c: now uses insults +1994-01-26 Todd C. Miller -1993-11-28 02:45 millert + * sudo.man: + revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES + sectoin + [b26967b1e19b] - * insults.h: Initial revision + * visudo.c: + now uses ENV_EDITOR if you want to use the EDITOR envar + [a4f8fcb9bd1d] -1993-11-27 19:46 millert + * sudo.h: + now uses ENV_EDITOR if you want to use the EDITOR envar >> . + [028cc55c4328] - * INSTALL: added dec syslog note +1993-12-07 Todd C. Miller -1993-11-27 19:25 millert + * INSTALL: + rewrote most of this + [a6750923f9c9] - * sample.sudoers: added real stuff in there + * README: + minor update + spell fix + [a411717a7249] -1993-11-27 19:24 millert + * sudo.h: + added all options that are in the Makefile + [6db3b3b841b3] - * TODO: added a todo + * getpass.c: + now use USE_TERMIO #define for sgi & hpux + [b91f89ae6be1] -1993-11-27 19:10 millert + * TODO: + todo: posix sigs + [4548a56eb2ef] - * TODO: added one +1993-12-06 Todd C. Miller -1993-11-27 18:59 millert + * check.c, find_path.c: + always include strings.h + [1fc20bda92c0] - * sample.sudoers: Initial revision + * visudo.c: + added STATICEDITOR + [0596f820716e] -1993-11-27 18:59 millert + * sudo.h: + sgi has vi in /usr/bin too + [94203b62bfd9] - * sudo.man: updated with changes + * sudo.man: + added VISUAL + [87c2844c4cac] -1993-11-27 18:52 millert +1993-12-03 Todd C. Miller - * sudo.man: Initial revision + * sudo.h: + sue /usr/bin/vi on some systems + [e3ad9190f35e] -1993-11-27 18:48 millert + * sudo.c: + fixed warning (include strings.h) + [0b896de4d8a0] - * CHANGES, COPYING, INSTALL, README, TODO, indent.pro: Initial - revision + * sudo.man: + added John_Rouillard@dl5000.bc.edu's changes (new features) + [f41b4205a8cf] -1993-11-27 18:46 millert + * CHANGES: + changes from John_Rouillard@dl5000.bc.edu + [6bdef8e948d5] - * visudo.c: updated version number and took out jeff's old addr - since it is no good + * visudo.c: + added EDITOR envar + [5c4bf716de21] -1993-11-27 18:42 millert + * check.c, find_path.c, parse.c, sudo.c: + added patches from John_Rouillard directory spec + uses EDITOR + [f62a435f8c41] - * sudo.h, check.c, find_path.c, logging.c, parse.c, parse.lex, - parse.yacc, sudo.c: updated version number and took out jeff's - email (since it is invalid) +1993-12-02 Todd C. Miller -1993-10-28 09:36 millert + * getpass.c: + added flush for hpux + [07cfdd6a7b55] - * check.c: added fflush() +1993-11-30 Todd C. Miller -1993-10-22 20:46 millert + * sudo.c: + no longer assume malloc returns a char * + [7480bd2756f3] - * find_path.c: now return NULL instead pfof exiting for - nopnn-fatal errors + * sudo.c: + alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now + gets removed correctly + [8587166c6ac8] -1993-10-21 16:57 millert + * sudo.h: + added STD_HEADERS macro + [480f5a9a516c] - * check.c: new banner + * sudo.c: + now uses STD_HEADERS macor for ansi + [c5018806fd59] -1993-10-21 16:42 millert + * find_path.c: + now uses STD_HEADERS macro + [ad821e0788ea] - * parse.lex: now sudo.h gets included first + * check.c: + niceties for C compiler bitches -- no real change + [0fc0b1a5fb64] -1993-10-17 20:31 millert +1993-11-29 Todd C. Miller - * parse.lex: now can use flex + * visudo.c: + now doesn't fclose a file never opened. + [ee888ec9427d] -1993-10-17 20:31 millert +1993-11-28 Todd C. Miller - * sudo.h: linux patch + * sudo.man: + added visudo line + [698d51c66407] -1993-10-17 20:30 millert + * sudo.man: + added error stuff added me in there... + [d202fd34b906] - * sudo.c: hpux 9 fix, removes SHLIB_PATH linux patch + * CHANGES: + noted insults + [998a22c2230c] -1993-10-17 20:30 millert + * INSTALL: + added blurb about reading stuff + [e71db100798f] - * check.c: linux diff + * sudo.h: + added insults + [c110431cec56] -1993-10-15 16:03 millert + * insults.h: + corrected somments and removed newlines + [493706fd488c] - * find_path.c: stat now ignores EINVAL + * check.c: + now uses insults + [6d23cf06a0ef] -1993-10-05 21:48 millert + * insults.h: + Initial revision + [83153c26b4a3] - * find_path.c, sudo.c: now declare strdup as extern + * INSTALL: + added dec syslog note + [555437273237] -1993-10-04 15:23 millert + * sample.sudoers: + added real stuff in there + [53442a7fba78] - * visudo.c: reformatted with indent + by hand + * TODO: + added a todo + [c630472bd4dc] -1993-10-04 15:10 millert + * TODO: + added one + [806464453284] - * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, - sudo.h: used indent to "fix" coding style +1993-11-27 Todd C. Miller -1993-10-03 20:12 millert + * sample.sudoers: + Initial revision + [7db0a9f1ca8f] - * find_path.c: now checks '.' or '.' or '' in PATH -- but does it - LAST should maybe move the code that does this into the loop - body. makes it messier tho. hmmm. + * sudo.man: + updated with changes + [d9bf254c6c08] -1993-09-08 11:53 millert + * sudo.man: + Initial revision + [dd6f11174ac6] - * find_path.c: redid the fix for non-executable files in an easier - to read way plus some minor aethetic changes + * indent.pro: + Initial revision + [dbfbb494fad9] -1993-09-08 11:39 millert + * CHANGES, COPYING, INSTALL, README, TODO: + Initial revision + [6d98f489a079] - * find_path.c: fixed bug with non-executable tings of same name in - path introduced by checkig errno after stat(2). + * visudo.c: + updated version number and took out jeff's old addr since it is no + good + [ee47c24818cb] -1993-09-05 10:02 millert + * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc, + sudo.c, sudo.h: + updated version number and took out jeff's email (since it is + invalid) + [54616458a52e] - * sudo.c: fixed off by one error +1993-10-28 Todd C. Miller -1993-09-05 09:55 millert + * check.c: + added fflush() + [145c881f4fb4] - * find_path.c: now handles decending below '/' correctly +1993-10-23 Todd C. Miller -1993-09-05 08:35 millert + * find_path.c: + now return NULL instead pfof exiting for nopnn-fatal errors + [8bc74f8cb1ae] - * sudo.c: now actually builds Envp instead of munging envp +1993-10-21 Todd C. Miller -1993-09-04 15:42 millert + * check.c: + new banner + [5387ab2af516] - * parse.yacc: now includes sys/param.h + * parse.lex: + now sudo.h gets included first + [2acb01c18e18] -1993-09-04 15:41 millert +1993-10-18 Todd C. Miller - * visudo.c: now includes sys/param.h + * parse.lex: + now can use flex + [164d3839adf0] -1993-09-04 15:30 millert + * sudo.h: + linux patch + [f1b6b1b1a2ca] - * sudo.h: fixed ifndef -> ifdef + * sudo.c: + hpux 9 fix, removes SHLIB_PATH linux patch + [67611dc1737f] -1993-09-04 15:19 millert + * check.c: + linux diff + [c24536682397] - * qualify.c: make more like find_path.c +1993-10-15 Todd C. Miller -1993-09-04 15:18 millert + * find_path.c: + stat now ignores EINVAL + [c7761a5dc642] - * find_path.c: rewritten by millert +1993-10-06 Todd C. Miller -1993-09-04 15:17 millert + * find_path.c, sudo.c: + now declare strdup as extern + [6b7d6f8784b5] - * sudo.h: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP - added info about new defines in the comment +1993-10-04 Todd C. Miller -1993-09-04 15:15 millert + * visudo.c: + reformatted with indent + by hand + [9d43084e4990] - * logging.c: now uses USE_CWD + * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h: + used indent to "fix" coding style + [489ffacbdc70] -1993-09-04 14:10 millert + * find_path.c: + now checks '.' or '.' or '' in PATH -- but does it LAST should maybe + move the code that does this into the loop body. makes it messier + tho. hmmm. + [c4d22b48da9a] - * sudo.h: added delc for clean_envp() and Envp +1993-09-08 Todd C. Miller -1993-09-04 14:09 millert + * find_path.c: + redid the fix for non-executable files in an easier to read way plus + some minor aethetic changes + [84fe337f1426] - * sudo.c: now rips LD_* env vars out of envp and passed sanitized - Envp to exec + * find_path.c: + fixed bug with non-executable tings of same name in path introduced + by checkig errno after stat(2). + [c2a812cfcbc1] -1993-09-04 14:09 millert +1993-09-05 Todd C. Miller - * logging.c: now uses execve() + * sudo.c: + fixed off by one error + [fabb7cee0041] -1993-09-04 14:08 millert + * find_path.c: + now handles decending below '/' correctly + [5d2ddfc0b220] - * find_path.c: ENOTDIR is ok now too (in case part of the path is - bogus) + * sudo.c: + now actually builds Envp instead of munging envp + [bdc4b08f6898] -1993-09-04 08:17 millert +1993-09-04 Todd C. Miller - * qualify.c: now works correctly (ttaltotal rewrite) + * parse.yacc: + now includes sys/param.h + [efbb494ab4de] -1993-09-04 07:59 millert + * visudo.c: + now includes sys/param.h + [ad6c91d59958] - * parse.lex: now includes sys/param.h didn't match trailing / -- - fix from rouilj@cs.umb.edu + * sudo.h: + fixed ifndef -> ifdef + [7aebe822d863] -1993-06-11 18:04 millert + * qualify.c: + make more like find_path.c + [853b2dab2e03] - * sudo.c: moved around the #ifndef _AIX + * find_path.c: + rewritten by millert + [c6a043cc11b3] -1993-06-11 18:03 millert + * sudo.h: + fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info + about new defines in the comment + [39ffefce3aec] - * check.c, logging.c, parse.c: Initial revision + * logging.c: + now uses USE_CWD + [fa0f3b118bb3] -1993-03-20 07:57 millert + * sudo.h: + added delc for clean_envp() and Envp + [a12034e300c2] - * qualify.c: Initial revision + * sudo.c: + now rips LD_* env vars out of envp and passed sanitized Envp to exec + [d201a218e056] -1993-03-13 15:09 millert + * logging.c: + now uses execve() + [f3e01032cd33] - * find_path.c: now works if you do sudo bin/test + * find_path.c: + ENOTDIR is ok now too (in case part of the path is bogus) + [b5cbbb201bb5] -1993-03-13 14:20 millert + * qualify.c: + now works correctly (ttaltotal rewrite) + [0c25d64a5c68] - * find_path.c: works + * parse.lex: + now includes sys/param.h didn't match trailing / -- fix from + rouilj@cs.umb.edu + [b6363ba110af] -1993-03-02 18:28 millert +1993-06-11 Todd C. Miller - * sudo.h: Initial revision + * sudo.c: + moved around the #ifndef _AIX + [7d4330950c20] -1993-03-02 11:35 millert + * check.c, logging.c, parse.c: + Initial revision + [c101e9572d7f] - * visudo.c: Initial revision +1993-03-20 Todd C. Miller -1993-03-02 11:32 millert + * qualify.c: + Initial revision + [5a5f21d0e0bf] - * parse.lex, parse.yacc: Initial revision +1993-03-13 Todd C. Miller -1993-02-16 13:24 millert + * find_path.c: + now works if you do sudo bin/test + [07835120ce43] - * sudo.c: took out errno.h + * find_path.c: + works + [c3da8b5efa20] -1993-02-16 13:22 millert +1993-03-02 Todd C. Miller - * sudo.c: now spews error if exec fails and exits with -1 + * sudo.h: + Initial revision + [28a1caa38b72] -1993-02-16 12:07 millert + * visudo.c: + Initial revision + [0e5cd7c3cdbe] - * sudo.c: Initial revision + * parse.lex, parse.yacc: + Initial revision + [5f2d0cccb06b] -1993-02-15 22:27 millert +1993-02-16 Todd C. Miller - * find_path.c: now only execs files with (an) executable bit set. + * sudo.c: + took out errno.h + [7466431a2655] -1993-02-15 22:01 millert + * sudo.c: + now spews error if exec fails and exits with -1 + [e5c41ea725c1] - * find_path.c: Initial revision + * sudo.c: + Initial revision + [8aeabe39a0c2] -1993-02-15 14:32 millert + * find_path.c: + now only execs files with (an) executable bit set. + [0a451f9c0e58] - * getpass.c: added nice comment + * find_path.c: + Initial revision + [02a534891a35] -1993-02-15 14:19 millert +1993-02-15 Todd C. Miller - * getpass.c: now works on sgi's + * getpass.c: + added nice comment + [ea8b2aaa9389] -1993-02-15 13:57 millert + * getpass.c: + now works on sgi's + [bf2b7c6d0960] - * getpass.c: Initial revision + * getpass.c: + Initial revision + [9f4de251c1b5]