X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=ChangeLog;h=ddfb38918497b8f72495c4ce7067f552296fd2a2;hb=31fa5dcbee1b7dc52816f918cf0d334e24fa9667;hp=b0e2b30ad0422f90c937d1d0094b872e1f895a13;hpb=1b0a2102f110507bad492564cb55c293e1b09732;p=debian%2Fsudo diff --git a/ChangeLog b/ChangeLog index b0e2b30..ddfb389 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,1701 +1,9678 @@ -2011-01-18 Todd C. Miller - - * term.c: - Clear, don't set, OPOST in c_oflag as was intended in e26055d17b72. - [eacd774c37c0] +2012-05-15 Todd C. Miller -2011-01-11 Todd C. Miller + * INSTALL: + Fix capitalization + [7258aa977caf] - * check.c: - If the user is running sudo as himself but as a different group we - need to prompt for a password. - [fe8a94f96542] + * mkpkg: + Build PIE executable on Mac OS X 10.5 and above. + [2a5c7ef92182] -2011-01-10 Todd C. Miller +2012-05-14 Todd C. Miller - * pwutil.c: - If user has no supplementary groups, fall back on checking the group - file explicitly. - [c536ddb16bb6] + * NEWS: + Update for sudo 1.8.4p5 + [21164f508b68] -2011-01-04 Todd C. Miller + * plugins/sudoers/match_addr.c: + Add missing break between AF_INET and AF_INET6 in + addr_matches_if_netmask() + [672a4793931a] - * match.c: - Fix NULL dereference with "sudo -g group" when the sudoers rule has - no runas user or group listed. Fixes RedHat bug Bug 667103. - [c51e2be737b2] + * plugins/sudoers/mon_systrace.c: + Move systrace monitor code to the attic + [d6faf4754e9c] -2010-12-21 Todd C. Miller +2012-05-11 Todd C. Miller - * term.c: - Clear OPOST from c_oflag like we used to. Fixes screen-based - editors such as vi. - [e26055d17b72] + * src/exec.c: + The pointer to the siginfo_t struct in a signal handler may be NULL. + [41a4ee934b53] - * sudoers.pod: - Clarify umask option description. From Reuben Thomas. - [fb8bdcb54feb] +2012-05-10 Todd C. Miller -2010-11-24 Todd C. Miller + * plugins/sudoers/pwutil.c: + Fix an alignment problem on NetBSD systems with a 64-bit time_t and + strict alignment. Based on a patch from Martin Husemann. + [1e5ba3c18f17] - * pp: - Add support for RHEL 6 file modes that include a trailing dot on - files with an SELinux security context - [fcc1daaf4df0] + * include/missing.h: + Add offsetof macro for those without it. + [e44cb51d2587] -2010-11-22 Todd C. Miller + * MANIFEST: + add system_group plugin + [6169793b510c] - * sudoers.pod: - fix typo; from Michael T Hunter - [46e70e2063af] +2012-05-09 Todd C. Miller -2010-10-07 Todd C. Miller + * compat/dlopen.c: + Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX. + [85bd03bc5d94] - * check.c: - Having a timestamp file defined is no longer indicative of tty - tickets being enabled. Check def_tty_tickets directly. - [6c3803c239d9] +2012-05-08 Todd C. Miller -2010-10-01 Todd C. Miller + * NEWS: + Mention system_group plugin + [05393dd4bdb8] - * set_perms.c: - Sync set_project() with trunk. - [646fd9bc0537] + * Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in: + update depends + [6feb0b824fc4] - * set_perms.c, sudo.c: - Move set_project() into runas_setup(). Fixes a NULL deref when - project support is enabled and sudo's -g flag is used without the - -u flag. - [6ffd892243ab] + * plugins/system_group/system_group.c: + Only call gr_delref() when use sudo's password caching functions. + [1103442e21fa] -2010-09-21 Todd C. Miller + * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in: + Add missing dependency on libreplace.la + [05bfd9d4657f] - * linux_audit.c: - Ignore ECONNREFUSED from audit_log_user_command() which will occur - if auditd is not running. - [a686884684ca] + * compat/dlopen.c: + Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and + PROG_HANDLE. + [2382d0693acc] -2010-09-13 Todd C. Miller + * Makefile.in, configure, configure.in, + plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, + plugins/system_group/system_group.sym: + Add group plugin that does lookups by name using the system group + database. + [2ddbb604112f] - * install-sh: - Use sed instead of expr to split a flag from its argument. Fixes a - problem with expr interpreting its arguments as a flag when they - start with a dash. - [16372da8a286] + * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo, + src/po/pl.po: + sync with translationproject.org + [4ef05df4226d] -2010-09-08 Todd C. Miller +2012-05-03 Todd C. Miller - * bsm_audit.c: - Solaris BSM audit return EINVAL when auditing is not enabled, - whereas OpenBSM returns ENOSYS. - [bb9c94a8fa7d] + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po, + src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, + src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po, + src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [115c3f828fc5] -2010-09-07 Todd C. Miller +2012-05-01 Todd C. Miller - * toke.c, toke.l: - Add missing LOG_INPUT/LOG_OUTPUT support in the lexer. - [0a5519756bf1] + * sudo.pp: + Add mode for docdir and use '-' (default) for localedir mode. Fixes + a problem on Linux when building in a directory with the setgid bit + set. + [582279c8bcb1] - * sudo.c: - Set NewArgv[0] to the name of the pseudo-command we are running. - Fixes a problem with "sudo -l" when auditing is enabled and the user - is not allowed to run any commands on the host. Adapted from a patch - from Daniel Kopecek. - [694ed1a75a4a] +2012-04-30 Todd C. Miller -2010-09-06 Todd C. Miller + * pp: + Match CentOS 6.0 + [1e99ef210f98] - * match.c: - When matching the runas user and runas group (-u and -g command line - options), keep track of runas group and runas user matches - separately. Only return a positive match if we have a match for - both runas user and runas group (if specified). - [68d30216c13a] +2012-04-24 Todd C. Miller -2010-09-04 Todd C. Miller + * NEWS: + Update with recent changes + [c5fc220ba696] - * ldap.c, parse.c: - Do not return -1 on error from the display functions; the call - expects a return value >= 0. - [e50e6ae4d06d] + * pp: + Fix version check on AIX + [d272e39112f4] - * ldap.c: - display_bound_defaults now returns a count so make the stub return - 0, not 1. - [97293ced4908] + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [72b23509465a] -2010-09-03 Todd C. Miller + * plugins/sudoers/ldap.c: + Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP + SDK. + [87b685e70b9a] - * get_pty.c: - It looks like AIX doesn't need to push STREAMS modules for ptys. - [62c281fcd4ad] + * plugins/sudoers/ldap.c: + Fix printing of invalid uri + [645aa53acdde] -2010-08-30 Todd C. Miller + * plugins/sudoers/auth/pam.c: + Pass PAM_SILENT when deleting creds to remove an annoying warning + message on Solaris. + [1dd0301ef293] - * Makefile.in: - Install sudoers file from the build dir not hte src dir. - [a26afd8db531] +2012-04-23 Todd C. Miller -2010-08-26 Todd C. Miller + * src/utmp.c: + Fix the setutxent and endutxent compatibility defines (this time + correctly) when only setutent and endutent are available. + [d136d2867db9] - * set_perms.c: - If runas_pw changes, reset the stashed runas aux group vector. - Otherwise, if runas_default is set in a per-command Defaults - statement, the command runs with root's aux group vector (i.e. the - one that was used when locating the command). - [24a695707b67] + * plugins/sudoers/ldap.c: + sudo_ldap_set_options_global() should not take an LDAP handle as an + argument since the options affect the global settings. + [1dc39b9d20f2] - * Makefile.in: - Add target to generate sudoers file Remove generated sudoers file as - part of distclean - [448627fc35b6] + * mkpkg: + Debian sudo has not been built with --with-exempt=sudo since 1.6.8. + [c7716291a856] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c, + src/sudo.h: + Call the policy's init_session() function before we fork the child. + That way, the session is created and destroyed in the same process, + which is needed by some modules, such as pam_mount. + [ece552ba002e] + + * doc/TROUBLESHOOTING: + Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is + not specified. + [bd293e100b28] + + * plugins/sudoers/auth/pam.c: + Delete creds after closing the PAM session. + [5158d726d6a5] + + * plugins/sudoers/ldap.c: + Provide a more useful error message if using a Mozilla-style LDAP + SDK and you forgot to specify TLS_CERT in ldap.conf. + [7cb78feb899c] + + * src/exec_pty.c: + Add missing initialization of a sigaction structure when I/O + logging. Fixes a potential problem when suspending the command. + [f4480f2ba816] + + * plugins/sudoers/ldap.c: + Split global and per-connection LDAP options into separate arrays. + Set global LDAP options before calling ldap_initialize() or + ldap_init(). After we have an LDAP handle, set the per-connection + options. Fixes a problem with OpenLDAP using the nss crypto backend; + bug #342 + [265c9d2dc12b] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po, + src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [6d7fe44be21e] + +2012-04-21 Todd C. Miller + + * src/sudo.c, src/sudo.h: + Move struct passwd pointer into struct command details. + [d6fb1eff2065] + +2012-04-20 Todd C. Miller -2010-08-23 millert + * pp: + Sync with upstream for Mac OS X (and other) fixes. + [c2f4998d01b0] - * exec.c: - When not logging I/O install a handler for SIGCONT and deliver it to - the command upon resume. Fixes bugzilla #431 - [e84690aa67bd] + * mkpkg: + Only built Mac intel universal binary on an intel machine. + [0009e0b7e5a8] -2010-08-21 Todd C. Miller + * src/Makefile.in: + Do not pass libtool the -static-libtool-libs option when building + sudo and sesh. Otherwise, libtool may prefer a static version of an + installed library over a dynamic one when linking. + [6fbac9adc885] - * sudo.c: - Don't need to fork and wait when compiled with --disable-pam-session - [2ae1bbe4437a] +2012-04-19 Todd C. Miller -2010-08-20 Todd C. Miller + * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po: + Add German translation for sudo Add Croatian translation for sudoers + [fa4da1a6530c] - * lbuf.c: - Convert a remaining puts() and putchar() to use the output function. - [d68c213feb0f] + * plugins/sudoers/iolog.c: + typo fix in comment + [abd721d1288e] -2010-08-18 Todd C. Miller +2012-04-16 Todd C. Miller - * Makefile.in: - Replace sudoers with sudoers.in in DISTFILES - [616509f85d6c] + * NEWS: + Update with recent changes + [6fa11e8448b9] - * env.c: - Set dupcheck to TRUE when setting new HOME value if !env_reset but - always_set_home is true. Prevents a duplicate HOME in the - environment (old value plus the new one) introduced in 9f97e4b43a4b. - [2672ae047984] + * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Sort xgettext output by file name. + [f650841810f0] - * configure, configure.in, sudoers, sudoers.in: - Substitute sysconfdir in the installed sudoers file to get the - correct path for sudoers.d. - [ab14a68e546f] + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: + Clarify what "sudoreplay -l" displays and mention that it is sorted. + [84031c117bd6] -2010-08-17 Todd C. Miller + * config.h.in, configure, configure.in, src/ttyname.c: + Use AC_HEADER_MAJOR to determine where major/minor are defined. + [3c949650a223] - * boottime.c, get_pty.c: - Fix typos that prevented compilation on Irix; Friedrich Haubensak - [a3e6c5a66890] + * config.h.in, configure, configure.in, src/ttyname.c: + Include sys/mkdev.h if present instead of sys/sysmacros.h for + minor(). This is needed on Solaris (at least) where the makedev + macros in sysmacros.h are obsolete and library functions should be + used instead. + [343928acf81e] -2010-08-14 Todd C. Miller + * mkpkg: + When building on Mac OS X, only set SDK_FLAGS if specified osversion + doesn't match host. + [d84c6efac872] - * auth/pam.c: - If the user hits ^C while a password is being read, error out before - reading any further passwords in the pam conversation function. - Otherwise, if multiple PAM auth methods are required, the user will - have to hit ^C for each one. - [c8f6bc58fd86] +2012-04-15 Todd C. Miller -2010-08-09 Todd C. Miller + * src/ttyname.c: + Add back buf and tty variables for _ttyname() case that were + inadvertantly removed. + [a4a820b22a44] - * exec.c: - Fix waitpid() loop termination condition. - [97719b3259f2] +2012-04-13 Todd C. Miller - * exec_pty.c: - Use sudo_waitpid() instead of bare waitpid() - [624a40269189] + * plugins/sudoers/po/sudoers.pot: + regen + [5446b12c1250] -2010-08-07 Todd C. Miller + * configure, configure.in: + Remove b8 from version number. + [5adc4dcec061] + + * src/ttyname.c: + remove some XXX + [187579a5f593] + + * src/ttyname.c: + When looking for a device match, do a breadth-first search instead + of depth-first. We already special case /dev/pts/ so chances are + good that if it is not a pseudo-tty it is in the base of /dev/. Also + avoid a stat(2) when possible if struct dirent has d_type. + [0183f8a1b278] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + src/sudo.c, src/sudo.h: + Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list. + [f0574d878491] + + * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo, + src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo, + src/po/vi.mo: + sync with translationproject.org + [4527ea78fbd5] + + * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po, + src/po/hr.mo, src/po/hr.po: + New Croatian and Galician translations from translationproject.org + [ad4bd924b4de] + + * src/ttyname.c: + Add depth-first traversal of /dev/ for the /proc case when not + /dev/pts/N + [499bd3456774] + + * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c: + If struct dirent has d_type, use it to avoid an extra stat(). + [741dabbe4bcd] + + * plugins/sudoers/sudoreplay.c: + Sort output of "sudoreplay -l" + [c0615795bd4b] + +2012-04-12 Todd C. Miller + + * plugins/sudoers/sudoreplay.c: + Fix duplicate free introduced in last rev + [efdaabe69d75] + +2012-04-11 Todd C. Miller + + * plugins/sudoers/auth/pam.c: + Instead of treating ^C from tgetpass() specially, always return + AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL + like PAM_AUTH_ERR which Mac OS X returns this when there is no tty. + [a3b17298d4d0] + + * config.h.in, configure, configure.in, src/ttyname.c: + Rototill code to determine the tty. For Linux, we now look up the + tty device in /proc/pid/stat instead of trying to open + /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given + device number to a string. On BSD, we can use devname(). On + Solaris, _ttyname_dev() does what we want. TODO: write /dev/ + traversal code for the generic sudo_ttyname_dev(). + [6b22be4d09f0] + +2012-04-10 Todd C. Miller + + * src/ttyname.c: + Define PRNODEV for those w/o it. + [f17290e64559] + + * config.h.in, configure, configure.in, src/ttyname.c: + Check for SVR4-style struct psinfo.pr_ttydev and use that to + determine the tty if std{in,out,err} are not ttys. + [76ad33a91f4b] + + * src/ttyname.c: + Better support for SVR4-style /proc entries where we can't use + ttyname() on the /proc/pid/fd/[0-2] entries. We can, however, + attempt to map the device number back to the correct pseudo-tty + slave device. + [4f9f48cc79eb] + + * src/ttyname.c: + When trying to determine the tty name, check parent's stderr in + addition to its stdin and stdout. + [604644056c7d] + + * src/exec_pty.c: + Treat a tty read failure like EOF as it usually means the pty has + gone away. Handle write() on the tty returning EIO. + [16957f4a706f] + + * src/exec.c, src/exec_pty.c: + Linux select() may return ENOMEM if there is a kernel resource + shortage. Older Solaris select() may return EIO instead of EBADF + when the tty goes away. If we get an unhandled select() failure, + kill the child and exit cleanly. + [d93940a311ab] + + * src/ttyname.c: + Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might + block in open. + [a9f809d09d52] + +2012-04-09 Todd C. Miller + + * plugins/sudoers/set_perms.c: + Fix restoration of AIX permissions. + [30c717115988] + + * src/parse_args.c: + Allow the -k flag to be used along with the -i and -s flags. + [0653b17c97f1] + + * plugins/sudoers/sudoreplay.c: + Plug memory leak in parse_logfile() in the error path. + [9cce86fa833b] + + * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po, + src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po, + src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [14af43d0b170] + +2012-04-08 Todd C. Miller + + * compat/regress/glob/globtest.c, config.h.in, configure, + configure.in, plugins/sudoers/match.c: + Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the + glob() and fnmatch() results to be consistent. + [4226750d73c2] + +2012-04-06 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in, + src/ttysize.c: + Move ttysize.c to common so sudoreplay can use it. + [b4a0aa514cd4] + + * plugins/sudoers/sudoreplay.c: + If I/O log file includes rows + cols, warn if the user's tty is not + big enough. + [b980ef89efff] + + * plugins/sudoers/sudoreplay.c: + Fix printing of TSID in "sudoreplay -l" + [4221e3e108b4] + + * common/sudo_debug.c, include/sudo_debug.h, + plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_pty.c: + Log the process id in the debug file output. Since we don't want to + keep calling getpid(), stash the value at init time and when we + fork(). + [2782d30c024d] + + * src/exec_pty.c: + Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It + is better to receive EIO from read()/write() than to be suspended + when we don't expect it. Fixes a problem when our terminal is + revoked which can happen when, e.g. our sshd is killed + unceremoniously. Also, only change the value of "alive" from true to + false, never from false to true. It is possible for us to receive + notification of the child having stopped after it is already dead. + This does not mean it has risen from the grave. + [26c9fe8ce0f9] + + * src/exec_pty.c: + Distinguish between signals we received from the parent vs. those + delivered explicitly to the monitor process in debugging info. + [40716cb180e5] + +2012-04-05 Todd C. Miller + + * plugins/sudoers/check.c: + In Solaris 11, /dev/pts under the "dev" filesystem, not "devices". + Update tty_is_devpts() to match so we can determine when the tty has + been reused. + [2689665df027] + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h: + Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf() + and use a new flag, SUDO_DEBUG_FILENO to specify when to use it. + This allows consumers of sudo_debug_printf() to log that data + without having to specify it manually. + [7c94c4879208] + + * src/exec_pty.c: + Make this compile after last change. + [ee09034f3266] + + * src/exec_pty.c: + Don't try to restore the terminal if we are not the foreground + process. Otherwise, we may be stopped by SIGTTOU when we try to + update the terminal settings when cleaning up. + [c48b24335456] + + * src/exec.c: + If select() return EBADF in the main event loop, one of the ttys + must have gone away so perform any I/O we can and close the bad fds. + [3bc8678c03ce] + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the + function, file and line number in the debug log for warning() and + error(). + [894cd131f11d] + +2012-04-04 Todd C. Miller + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + src/conversation.c: + Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno. + Use this flag when wrapping error() and warning() so the debug + output includes the error string. + [1e2c67adaf1f] + +2012-03-30 Todd C. Miller + + * NEWS: + Update for sudo 1.8.5 + [7d2b62b823fe] + + * plugins/sudoers/po/sudoers.pot: + regen + [718ad9de92cd] - * sudo.pp: - Set pp_kit_version and strip off patchlevel - [814c87778567] + * doc/CONTRIBUTORS: + sync + [f48013aea641] - * sudo.pp: - Better handling of versions with a patchlevel. For rpm and deb, use - the patchlevel+1 as the release. For AIX, use the patchlevel as the - 4th version number. For the rest, just leave the patchlevel in the - version string. - [d18ef30f0a72] + * plugins/sudoers/pwutil.c: + Use ecalloc() + [fabd23c1f271] -2010-08-06 Todd C. Miller + * src/exec_pty.c: + Don't need zero_bytes() after ecalloc() + [1a9d95cd10ef] - * auth/sudo_auth.c: - For non-standalone auth methods, stop reading the password if the - user enters ^C at the prompt. - [59d2b1328d1e] + * config.h.in, configure, configure.in, src/sudo_noexec.c: + Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to + sudo_noexec.c. + [cbaa1d4b0f8a] - * check.c: - When removing/resetting the timestamp file ignore the tty ticket - contents. - [8b285f601ec0] + * src/utmp.c: + Fix compat setutxent and endutxent macros for systems with + setutent() but not setutxent(). From Gustavo Zacarias + [d7ce622fc5f2] -2010-08-04 Todd C. Miller +2012-03-29 Todd C. Miller - * UPGRADE: - Fix typo - [0f443aa22e96] + * configure.in: + Add ignore_result definition to AH_BOTTOM + [8d4096838a98] -2010-08-03 Todd C. Miller + * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c, + src/exec.c, src/exec_pty.c, src/tgetpass.c: + Fix compiler warnings on some platforms and provide a better method + of defeating gcc's warn_unused_result attribute. + [9a8f804fcc75] - * check.c: - Do not produce a warning for "sudo -k" if the ticket file does not - exist. - [eeaaa73d7f5b] + * configure, configure.in: + Fix building the builtin zlib from a build dir. When a zlib dir was + specified, prepend its include path instead of appending so we get + the right zlib headers. + [5f61d591b186] + + * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h, + zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c, + zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h, + zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in, + zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: + Update zlib to version 1.2.6 + [173c4bc4d4fc] + +2012-03-28 Todd C. Miller + + * include/missing.h: + g/c __unused which is no longer used + [7ef3f23edcd6] + + * src/env_hooks.c: + Fix compilation if RTLD_NEXT is not defined. + [d5605f468b71] + + * src/po/sr.mo, src/po/sr.po: + sync with translationproject.org + [27d559f7985d] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, + doc/sudoers.man.in: + regen + [f9f63ce478b6] -2010-08-02 Todd C. Miller + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [59035d82d15a] - * aclocal.m4, configure: - Add cross-compile defaults for remaining AC_TRY_RUN usage. - [fb88d22eabc6] + * Makefile.in: + Ignore Project-Id-Version when comparing pot files. + [22feb9ede46b] + + * plugins/sudoers/bsm_audit.c: + Use error() instead of log_fatal() + [54130bda4b50] + + * plugins/sudoers/env.c: + Fix signedness of didvar in env_update_didvar() + [77048a80b3e4] + + * plugins/sudoers/iolog.c: + Quiet a compiler warning on some platforms. + [8fdcaece0400] + + * compat/fnmatch.c: + cast ctype(3) function/macro arguments from char to unsigned char to + avoid potential negative subscripting. + [bdcf7eef21ef] + + * common/setgroups.c: + Quiet a warning on systems where the gids array in setgroups() is + not prototyped as being const, even though it really is. + [fdd758c6302d] + + * src/env_hooks.c: + Quiet a compiler warning on systems where the argument to putenv(3) + is const. + [51bae2193b53] + + * plugins/sudoers/sudoreplay.c: + Undo an incorrect int -> bool conversion. + [b9a4ce320f14] + + * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + src/po/sv.mo, src/po/sv.po: + Add Swedish sudo and sudoers translations from + translationproject.org + [f7ce1de9073f] + + * plugins/sudoers/env.c: + No need to preserve ODMDIR on AIX now that we always read + /etc/environment. + [4aa04b2f0125] + +2012-03-27 Todd C. Miller + + * doc/sudoers.pod, plugins/sudoers/env.c: + When initializing the environment for env_reset, start out with the + contents of /etc/environment on AIX and login.conf on BSD. + [5717bdc321e2] + + * doc/TROUBLESHOOTING, src/sudo.c: + If we are not running with an effective uid of 0, try to give the + user enough information to debug the problem. + [fa4894896d8a] + + * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: + Quiet a clang-analyzer false positive. + [c4c0c1b9c8b0] + + * src/tgetpass.c: + If there is nothing to read from the askpass program, set errno to + EINTR. This makes the cancel button behave like the user entered ^C + at the password prompt when PAM is used. + [594302cb9caf] + + * src/sudo.h, src/tgetpass.c: + Fetch the value of "askpass" from the sudo conf struct. + [4593ee8f1bd3] + + * common/sudo_conf.c: + Fix matching of "Path askpass" and "Path noexec" + [4df28d62afb9] + +2012-03-26 Todd C. Miller + + * plugins/sudoers/visudo.c: + Quiet a clang-analyzer dead store warning. + [dd90bf385a3f] + + * plugins/sudoers/sudoers.c: + If the "timestampowner" user cannot be resolved, use ROOT_UID + instead of exiting with a fatal error. + [8d62aae99715] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/check.c, plugins/sudoers/env.c, + plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: + Remove the NO_EXIT flag to log_error() and add a log_fatal() + function that exits and is marked no_return. Fixes false positives + from static analyzers and is easier for humans to read too. + [a0fe785c2a3d] + +2012-03-24 Todd C. Miller + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, + src/po/eo.po: + sync with translationproject.org + [df5e8777de13] + +2012-03-20 Todd C. Miller + + * src/po/da.mo, src/po/da.po: + sync with translationproject.org + [629d99548b78] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: + sync with translationproject.org + [9d122a2860d6] + +2012-03-19 Todd C. Miller + + * src/po/it.mo, src/po/it.po: + sync with translationproject.org + [6397593b15cf] + + * common/sudo_conf.c, plugins/sudoers/alias.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c, + src/load_plugins.c: + Use ecalloc() when allocating structs. + [8b5888868db2] + + * common/alloc.c, include/alloc.h: + Add ecalloc() and commented out recalloc(). Use inline strnlen() + instead of strlen() in estrndup(). + [7fb9aa46c1e0] + +2012-03-18 Todd C. Miller + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, + src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, + src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [45a032c37334] + +2012-03-16 Todd C. Miller + + * plugins/sudoers/set_perms.c: + Remove unused label + [2660bb0c1313] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document what changed in each plugin API revision + [59b30a6fc4d1] + + * plugins/sudoers/set_perms.c: + Remove bogus optimization that could lead to a double free of the + group list. + [b0bfbd2a83a8] + +2012-03-15 Todd C. Miller + + * doc/TROUBLESHOOTING: + Expand AIX /etc/security/privcmds entry. + [9f3f072e034e] + + * NEWS: + Update for sudo 1.8.5 + [086049011f25] + + * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat, + doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h, + include/sudo_plugin.h, src/load_plugins.c, src/sudo.c, + src/sudo_plugin_int.h: + Rename plugin "args" to "options" + [f25624951bd2] + + * doc/CONTRIBUTORS: + Add Lithuanian and Vietnamese translators + [2b4c075b69e3] -2010-07-31 Todd C. Miller + * Makefile.in: + Ignore comments when comparing new and old pot files. + [f872999347b3] - * aclocal.m4, config.h.in, configure, configure.in, snprintf.c: - Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT - and AC_CHECK_SIZEOF([long int]) instead of rolling our own. - [5e7cc557a46e] + * src/Makefile.in: + regen + [c8193b1b11c7] -2010-07-30 Todd C. Miller + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in: + regen + [15e3c17e8a3a] + + * doc/sudo_plugin.pod, include/sudo_plugin.h, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c, + src/sudo.c, src/sudo.h: + Pass a pointer to user_env in to the init_session policy plugin + function so session setup can modify the user environment as needed. + For PAM authentication, merge the PAM environment with the user + environment at init_session time. We no longer need to swap in the + user_env for environ during session init, nor do we need to disable + the env hooks at init_session time. + [3f5277b359d8] + + * plugins/sample/sample_plugin.c: + Add explicit NULL entries for init_session, register_hooks and + deregister_hooks with appropriate comments. + [727a57978b40] + + * compat/pw_dup.c: + Quiet a gcc "used uninitialized in this function" false positive. + [f14b68379ce9] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + We should always call warning() with a format string or a string + literal. In this case, the argument (path) is not user-controlled. + [e9ef51224024] + +2012-03-14 Todd C. Miller + + * src/selinux.c: + Include sudo_exec.h for the sudo_execve() prototype. + [769e58065edc] - * .hgtags: - Added tag SUDO_1_7_4 for changeset 2920a3b9d568 - [e929004d5102] + * config.h.in, configure, configure.in: + Add check for pam_getenvlist() + [36bde3f26c60] - * pp: - Debian: Remove dots from decoded release number AIX: looser matching - of file command output for AIX 5.1 - [2920a3b9d568] [SUDO_1_7_4] + * common/sudo_conf.c: + Set args to NULL in default plugin info struct when there is no + Plugin line in sudo.conf. + [93ec67708f01] - * .hgtags: - Added tag SUDO_1_7_4 for changeset 0d844aa34c1d - [cf65ddcec602] + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [a9287677795c] -2010-07-29 Todd C. Miller + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + regen + [a242769d7962] - * exec_pty.c: - exec_monitor is static - [0d844aa34c1d] + * configure, configure.in: + Bump version to 1.8.5 + [e8618f0c2505] - * pp: - Update to latest version - [7b8a00defbd6] + * doc/sudo_plugin.pod: + Document hooks API + [e6ad07d27958] -2010-07-28 Todd C. Miller +2012-03-13 Todd C. Miller * sudo.pp: - Let pp determine pp_aix_version itself. - [c5ee7944af03] + Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris. + [fd72340042d3] - * INSTALL, config.h.in, configure, configure.in, mkpkg, sudo.c: - Add support for Ubuntu admin flag file and enable it when building - Ubuntu packages. - [2d97501cda0c] + * include/sudo_plugin.h: + Use sudo_hook_fn_t in struct sudo_hook. + [938f93112d6e] - * sudo.pp, sudoers: - Add commented out SuSE-like targetpw settings - [f4ad331ace46] + * doc/TROUBLESHOOTING: + If cross compiling, --host must include the OS in the tuple. E.g. + --host powerpc-unknown-linux + [b8c010070c1e] - * configure, configure.in: - Only try to use +DAportable for non-GCC on hppa Check the value of - $pic_flag insteaf of whether the compiler is ANSI C when detecting - the HP-UX bundled C compiler. - [654da0091c16] +2012-03-12 Todd C. Miller - * configure, configure.in: - Prevent configure from adding the -g flag unless in devel mode - [e3c11f228c56] + * plugins/sudoers/parse.c: + Fix bogus int -> bool conversion; tags can have a value of -1. + [e63d6434a303] -2010-07-27 Todd C. Miller + * plugins/sudoers/env.c: + Add env_should_keep() and env_should_delete() wrapper functions to + simplify things a bit and hide the fact that matches_env_check() is + not bool. + [7a03d7a12b50] * sudo.pp: - Go back to sudo-flavor to match existing packages and only use an - underscore for those that need it. - [1f78ecf3b990] + Fix application of debian-specific sudoers mods when building + packages as non-root. + [34bf4c52c425] - * sudo.pp: - Use sudo_$flavor instead of sudo-$flavor since that causes the least - amount of trouble for the various package managers. - [7e1e07115788] + * plugins/sudoers/env.c: + matches_env_check() returns int, not boolean + [0ad915b8d5cb] - * mkpkg: - Fix handling of the ldap flavor Remove destdir unless --debug was - specified Make distclean before running configure if there is a - Makefile present - [2bde3925346d] + * src/sudo_edit.c: + Fix compilation when seteuid() is not available. + [8a722f998000] - * configure, configure.in: - Back out version change in 5baf2187a138 - [bbc3a81afbba] + * src/ttyname.c: + Simply move the free of ki_proc outside the realloc() loop. + [217b786da760] - * mkpkg: - Pass extra args on to configure on HP-UX, if we don't have the HP C - compiler, disable zlib to prevent gcc from finding it in - /usr/local/lib. - [87201c7f1116] + * src/ttyname.c: + Bring back the erealloc() for the ENOMEM loop and just zero the + pointer after we free it. + [29a016e45127] - * configure, configure.in, mkpkg: - Use the HP ANSI C compiler on HP-UX if possible - [5baf2187a138] + * src/ttyname.c: + Don't try to erealloc() a potentially freed pointer; Mateusz Guzik + [266e08844065] - * sudoreplay.c: - Some getline() implementations (FreeBSD 8.0) do not ignore the - length pointer when the line pointer is NULL as they should. - [8652300785ed] +2012-03-10 Todd C. Miller - * sudoreplay.c: - Don't need to check for *cp being non-zero, isdigit() will do that. - [107301a99b6a] + * plugins/sudoers/set_perms.c: + Use normal error path if unable to set sudoers gid. + [01c816918c99] - * sudoreplay.c: - Add setlocale() so the command line arguments that use floating - point work in different locales. Since sudo now logs the timing - data in the C locale we must Parse the seconds in the timing file - manually instead of using strtod(). Furthermore, sudo 1.7.3 logged - the number of seconds with the user's locale so if the decimal point - is not '.' try using the locale-specific version. - [2b8ed181e37c] + * plugins/sudoers/set_perms.c: + Make this work again on systems w/o seteuid(). + [2e67f7421e97] - * exec.c: - Do I/O logging in the C locale so the floating point numbers in the - timing file are not locale-dependent. - [18abbca14078] +2012-03-09 Todd C. Miller - * sudoreplay.c: - Use errorx() not error() for thingsthat don't set errno. - [a2e7c6793d26] + * plugins/sudoers/set_perms.c: + Fix compilation if no seteuid/setreuid/setresuid available. + [d0b3c1f88eb4] -2010-07-26 Todd C. Miller + * plugins/sudoers/set_perms.c: + Better error messages, and added debugging throughout. Fixed + seteuid() version of set_perms()/restore_perms(). Fixed logic bug in + AIX version of restore_perms(). Added checks to avoid changing + uid/gid when we don't have to. Never set gid/uid state to -1, use + the old value instead. + [29188d469b5c] - * sudo.pp: - Add Tru64 kit support - [40e2d21aa17f] + * src/exec_pty.c, src/ttyname.c: + Fix format string warning on Solaris with gcc 3.4.3. + [d1eeb6e1dd0f] - * pp: - Better support for 1.2.3 style versions in Tru64 kits - [f7133199a711] + * src/sudo.c: + Always declare environ now that we swap it around unilaterally. + [aaa3e92e7d0d] - * pp: - Remove apparently unnecessary use of sudo - [a667a69eeab0] + * src/Makefile.in: + Honor LDFLAGS when linking sesh; from Vita Cizek + [498b41438f6e] - * Makefile.in: - Create timedir as part of install-dirs target. - [a2e394d694dd] + * src/sesh.c: + Include alloc.h for estrdup() prototype; from Vita Cizek + [93203655a320] - * exec_pty.c: - Handle ENXIO from read/write which can occur when reading/writing a - pty that has gone away. Fixes bugzilla 422 - [142f4c2efa17] +2012-03-08 Todd C. Miller - * pwutil.c: - sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL - [82e5e46bf458] + * plugins/sudoers/sudoers.c: + Don't read /etc/environment on Linux when using PAM, PAM should set + the environment variables as needed via pam_env. + [b1ef62cb2d40] - * mkpkg: - platform is a pp flag not a variable - [9d0ab9b9bf0c] + * INSTALL: + Fix editor goof. + [0c3dd3bb8b57] + + * src/hooks.c, src/sudo.c, src/sudo.h: + Disable environment hooks after we get user_env back to make sure a + plugin can't to modify user_env after we "own" it. This is kind of + a hack but we don't want the init_session plugin function to modify + user_env. + [8e6d119452a5] + + * src/hooks.c, src/sudo.c: + Add support for deregistering hooks. If an I/O log plugin fails to + initialize, deregister its hooks (if any). + [ac00c93900c5] + +2012-03-07 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c: + Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook + setenv. + [e75469dd9908] + + * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in, + compat/setenv.c, compat/unsetenv.c, config.h.in, configure, + configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c, + plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c, + src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h: + Initial cut at a hooks implementation. The plugin can register + hooks for getenv, putenv, setenv and unsetenv. This makes it + possible for the plugin to trap changes to the environment made by + authentication methods such as PAM or BSD auth so that such changes + are reflected in the environment passed back to sudo for execve(). + [61cffa06f863] + +2012-03-05 Todd C. Miller + + * MANIFEST, src/po/vi.mo, src/po/vi.po: + Add Vietnamese sudo translation from translationproject.org + [96df426790d5] + +2012-03-02 Todd C. Miller + + * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod, + doc/sudoers.pod: + List sudo_noexec.so not noexec.so in the sample sudo.conf + [53844e190ec5] + + * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, + doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h, + include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c, + src/sudo_plugin_int.h: + Add support for plugin args at the end of a Plugin line in + sudo.conf. Bump the minor number accordingly and update the + documentation. A plugin must check the sudo front end's version + before using the plugin_args parameter since it is only supported + for API version 1.2 and higher. + [587f1f819536] + +2012-03-01 Todd C. Miller + + * plugins/sudoers/Makefile.in: + update depends + [6d2da44e11e5] + + * MANIFEST: + secure_path.c is in common, not compat + [619c4a663dde] - * Makefile.in, mkpkg, sudo.pp: - Add simple arg parsing for mkpkg so we can set debug, flavor or - platform. - [8142ab01ccd9] + * configure, configure.in: + Add check for variadic macro support in cpp. + [756854caf675] - * pp: - Make rpm backend work on AIX 5.x - [2467a79d0b4d] +2012-02-29 Todd C. Miller -2010-07-25 Todd C. Miller + * common/secure_path.c, common/sudo_conf.c, include/secure_path.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add type param to sudo_secure_path() and add sudo_secure_file() and + sudo_secure_dir() wrappers which get by #includedir in sudoers. + [2ec2d3d8df04] - * sudoers: - Add commented out Defaults entry for log_output - [b3fe97e59ae0] +2012-02-28 Todd C. Miller -2010-07-23 Todd C. Miller + * doc/visudo.pod, plugins/sudoers/visudo.c: + Check the owner and mode in -c (check) mode unless the -f option is + specified. Previously, the owner and mode were checked on the main + sudoers file when the -s (strict) option was given, but this was not + documented. + [b2d6ee1e547a] - * Makefile.in: - Install binary files with -b~ to make a backup. Fixes "text file - busy" error on HP-UX during install. - [3563e3e0163a] + * config.h.in, configure, configure.in, src/ttyname.c: + Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some + versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC. + [159f6a50456a] - * install-sh: - "mv -f" on HP-UX doesn't unlink the destination first so add an - explicit rm before moving the temporary into place. - [3994af813c88] +2012-02-27 Todd C. Miller - * configure, configure.in: - Some more ${foo} -> $(foo) conversion for consistent Makefiles. - [c214d50c32ec] + * doc/CONTRIBUTORS: + Add Eric Lakin for patch in bug #538 + [490c29c234c6] -2010-07-22 Todd C. Miller + * src/exec_pty.c: + Fix typo in safe_close() made while converting to debug framework + that prevented it from actually closing anything. + [a66422a62afd] - * pathnames.h.in: - Add missing include of maillock.h for Solaris - [343f04b7a581] + * src/exec_pty.c: + Add some more debugging. + [b5667947dda9] - * NEWS, TROUBLESHOOTING, UPGRADE, configure, configure.in, - sample.syslog.conf, sudoers.cat: - Change the default syslog facility from local2 to authpriv (or auth - if the operating system doesn't support authpriv). - [949f39cf4a59] + * common/Makefile.in, compat/Makefile.in, doc/Makefile.in, + include/Makefile.in: + We need sysconfdir in compat/Makfile to get the proper sudo.conf + path. Add standard prefix and foodir expansion in all Makefiles to + avoid this problem in the future. + [62b6ce4ecae9] - * Makefile.in, configure, configure.in, sudo.pp: - Install sudoers as /etc/sudoers on RPM and debian systems where the - package manager will not replace a user-modified configuration file. - This fixes upgrades from the vendor sudo packages. - [74c7ff01e880] +2012-02-25 Todd C. Miller - * pp: - RPM: use %config(noreplace) instead of %config for volatile This - results in the new file being installed with a .rpmnew suffix - instead of the file being replaced and the old one renamed with a - .rpmsave suffix. - [166133a4fb9e] + * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po: + New Lithuanian sudoers translation from translationproject.org + [10436b649035] -2010-07-21 Todd C. Miller + * plugins/sudoers/po/ja.po: + Update from translationproject.org + [acb8db5f8ef1] - * boottime.c, mkstemps.c: - Include time.h for struct timeval. - [50446e0b8398] +2012-02-24 Todd C. Miller - * exec_pty.c: - The return value of strsignal() may be const and should be treated - as const regardless. - [c035b17b50e3] + * plugins/sudoers/ldap.c: + When adding gids to the LDAP filter, only add the primary gid once. + This is consistent with the space computation/allocation. From Eric + Lakin + [35d9d99c92c6] - * sudoers.cat, sudoers.man.in, sudoers.pod: - Mention that 127.0.0.1 will not match, nor will localhost unless - that is the actual host name. - [e9977ec7ac4f] + * doc/TROUBLESHOOTING: + Add entry for AIX enhanced RBAC config. + [5e10b6f8def7] - * Makefile.in: - fix typo - [f216d653404d] + * mkpkg: + Target Mac OS X 10.5 when building packages. + [06fce9bbebee] + +2012-02-22 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/secure_path.c, + common/sudo_conf.c, include/secure_path.h, + plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c: + Relax the user/group/mode checks on sudoers files. As long as the + file is owned by the right user, not world-writable and not writable + by a group other than the one specified at configure time (gid 0 by + default), the file is considered OK. Note that visudo will still + set the mode to the value specified at configure time. + [241174babfcc] + +2012-02-21 Todd C. Miller + + * plugins/sudoers/set_perms.c: + Add AIX-specific version of permission setting code to make sure + that the saved uid gets restored properly. + [9a6f5d22c301] + + * config.h.in, configure, configure.in, src/exec_common.c: + Check for LD_PRELOAD variants in configure instead of checkign cpp + symbols. In disable_execute(), compute the length of the new envp + and allocate it once instead of reallocating on demand. Also append + old value of LD_PRELOAD (if any) to the new value. + [680266346917] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Fix the description of noexec. + [6a6d142f3c80] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + The "op" parameter to set_default() must be int, not bool since it + is set to '+' or '-' for list add and subtract. + [8da5b137bea2] - * Makefile.in, NEWS, README, UPGRADE, WHATSNEW: - Rename WHATSNEW -> NEWS - [f3ce0a462ca0] + * sudo.pp: + Make sure sudoers is writable before calling ed script. + [95352ab6336b] - * pp: - Updated pp with latest patches - [cded68af5ba0] +2012-02-17 Todd C. Miller - * WHATSNEW, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h: - If pam is in use, wait until the process has finished before calling - pam_close_session(). - [fb3d7de50a05] + * doc/CONTRIBUTORS, doc/contributors.pod: + Update contributors. Now includes translators and authors of compat + code. + [4fb5b616b50a] - * sudoers.cat, sudoers.man.in: - regen sudoers manual - [7498a058eeb1] +2012-02-16 Todd C. Miller - * UPGRADE, sudoers, sudoers.pod: - Add commented out line to add HOME to env_keep and add a warning to - the note about the HOME change in UPGRADE. - [0f7e08f09b9f] + * src/po/sudo.pot: + regen + [2c86e2c328fe] -2010-07-20 Todd C. Miller + * pp, sudo.pp: + Build flat packages, not package bundles, on Mac OS X. + [57bda3cd5520] - * sudoreplay.c: - Add LINE_MAX define for those without it. - [6248dd44573c] +2012-02-10 Todd C. Miller - * WHATSNEW: - Mention that tty_tickets is now the default. - [4cf26eaee5ba] + * sudo.pp: + Move macos section to be with the other OS-specific sections. + [51423bb2973a] - * INSTALL, UPGRADE, config.h.in, configure, configure.in, defaults.c, - sudoers.cat, sudoers.man.in, sudoers.pod: - The tty_tickets option is now on by default. - [73dd2b82a3a9] + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + Sync with translationproject.org + [8ce41cbb8da0] - * WHATSNEW: - Mention that AIX authdb support has been fixed. - [9331829dc276] + * configure, configure.in: + Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS + [fa979aa6fe7d] - * aix.c: - setauthdb() only sets the "old" registry if it was set by a previous - call to setauthdb(). To restore the original value, passing NULL - (or an empty string) to setauthdb() is sufficient. - [d956fd763521] + * sudo.pp: + Add Mac OS X support, printing the latest chunk of the NEWS file and + the license text in the installer. + [ffeab72387c0] -2010-07-19 Todd C. Miller + * sudo.pp: + Add explicit file modes that match those used by "make install" + [7eb37242c920] - * sudoers.cat, sudoers.man.in, sudoers.pod: - Mention new handling of HOME in always_set_home and set_home - descriptions. - [a69c9bed3164] + * pp: + Sync with upstream for Mac OS X fixes. + [97cba179041e] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Got back to using "install-sh -M" for files installed as non- + readable by owner. This fixes "make install" as non-root for + package building. + [967804ee77d6] + +2012-02-09 Todd C. Miller + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: + Sync with translationproject.org + [0e53db12039a] + + * Makefile.in, doc/Makefile.in, include/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Use -m not -M for install-sh for everything except setuid. Install + locale .mo files mode 0444, not 0644. If timedir parent doesn't + exist, use default dir mode, not 0700. + [8b6f64c92090] + +2012-02-07 Todd C. Miller - * sudo.cat, sudo.man.in, sudo.pod: - fix typo - [9b90bb3e9187] + * pp: + Re-sync with upstream; no longer need a local patch. + [97a2c7be5e59] - * UPGRADE, WHATSNEW, env.c, sudo.cat, sudo.man.in, sudo.pod: - Reset HOME when env_reset is enabled unless it is in env_keep - [18223dfd1ac3] + * mkpkg: + Add support for building Mac OS X packages. + [94d49ac223a4] - * sudoers.cat, sudoers.man.in, sudoers.pod: - The default for set_logname has been "true" for some time now. - [9f97e4b43a4b] + * pp: + Sync with upstream + [1c97654fc841] - * sudoers.cat, sudoers.man.in, sudoers.pod: - Document that MAIL it set in env_reset mode. - [dcf9ad98079e] + * src/Makefile.in: + No longer need to define _PATH_SUDO_CONF here. + [2560905b7482] - * boottime.c: - Add missing include of time.h - [57bee414982d] + * src/exec_common.c: + Fix noexec for Mac OS X. + [b7a744bca2c0] - * defaults.c, sudo.c: - Check return value of setdefs() but don't stop setting defaults if - we hit an unknown one. - [a42cb2d6b7ed] +2012-02-06 Todd C. Miller - * logging.c: - Fix check for dup2() return value. - [916cd7fdeba7] + * common/Makefile.in: + Move _PATH_SUDO_CONF override to common to match sudo_debug.c + [f0788972a63a] - * visudo.c: - Treat an unknown defaults entry as a parse error. - [1f94675835d9] + * plugins/sudoers/set_perms.c: + More complete fix for LDR_PRELOAD on AIX. The addition of + set_perm(PERM_ROOT) before calling the nss open functions (needed to + avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective + and then real uid to 0 for PERM_ROOT works around the issue. + [5888eda051af] - * env.c: - Check KEPT_MAIL not DID_MAIL when determining whether to set MAIL in - -i and env_reset mode. - [aa6657ccfe01] + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [997fe403e219] + + * src/sudo.c: + Set real uid to root before calling sudo_edit() or run_command() so + that the monitor process is owned by root and not by the user. + Otherwise, on AIX at least, the monitor process shows up in ps as + belonging to the user (and can be killed by the user). + [d4772d7d2fc5] + + * plugins/sudoers/set_perms.c: + For PERM_ROOT when using setreuid(), only set the euid to 0 prior to + the call to setuid(0) if the current euid is non-zero. This + effectively restores the state of things prior to rev 7bfeb629fccb. + Fixes a problem on AIX where LDR_PRELOAD was not being honored for + the command being executed. + [b9b40325b4dc] + + * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in, + include/missing.h, src/sudo.c: + Make a copy of the struct passwd in exec_setup() to make sure + nothing in the policy init modifies it. + [b721261c921f] + +2012-02-05 Todd C. Miller + + * doc/sudoers.pod: + update copyright + [f9d229d1f65e] + + * common/sudo_debug.c, include/sudo_debug.h: + g/c now-unused debug subsystems + [8f21726e698f] + + * doc/sudo.pod, doc/sudoers.pod: + Enumerate the debug subsystems used by sudo and sudoers. + [ac4f84293d14] + +2012-02-03 Todd C. Miller + + * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, + include/sudo_conf.h, src/sudo.c: + Normally, sudo disables core dumps while it is running. This + behavior can now be modified at run time with a line in sudo.conf + like "Set disable_coredumps false" + [ad14e0508b0d] + + * NEWS: + Mention Spanish translation + [600f3205bd6e] + + * common/sudo_debug.c: + Make sure we don't try to fall back to using the conversation + function for debugging in the main sudo process if we are unable to + open the debug file. + [ffa329aa908c] + + * MANIFEST, src/po/es.mo, src/po/es.po: + Add sudo Spanish translation from translationproject.org + [c1906654e740] + +2012-02-02 Todd C. Miller + + * plugins/sudoers/iolog.c: + Better debug subsystem usage + [1a31f115743c] + + * src/sudo.c: + Remove duplicate function prototypes + [ae04b00532eb] + +2012-02-01 Todd C. Miller - * env.c: - Add PYTHONUSERBASE to initial_badenv_table - [93058374f0d9] + * configure, configure.in: + Error out if user specified --with-pam but we can't find the headers + or library. Also throw an error if the headers are present but the + library is not and vice versa. + [d6bf3e3d0aae] - * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, env.c, - pathnames.h.in, sudo.cat, sudo.man.in, sudo.pod: - If env_reset is enabled, set the MAIL environment variable based on - the target user unless MAIL is explicitly preserved in sudoers. - [d903c904dcd4] +2012-01-31 Todd C. Miller -2010-07-17 Todd C. Miller + * plugins/sudoers/sudoers.c: + Fix the sudoers permission check when the expected sudoers mode is + owner-writable. + [8b0b7e770a22] - * pp: - decode debian code names - [2df0ecbc23b4] +2012-01-30 Todd C. Miller - * WHATSNEW: - fix typo - [b66a95fa1869] + * configure, configure.in: + Verify that we can link executables built with -D_FORTIFY_SOURCE + before using it. + [7578215d1a95] -2010-07-16 Todd C. Miller + * src/exec_common.c: + Fix potential off-by-one when making a copy of the environment for + LD_PRELOAD insertion. Fixes bug #534 + [cc699cd551b6] - * WHATSNEW: - Add entry about SuSE bash script fix. - [04af78fa281c] + * configure, configure.in: + Add rudimentary check for _FORTIFY_SOURCE support by checking for + __sprintf_chk, one of the functions used by gcc to support it. + [a992673d2ef8] - * sudo.c: - Restore RLIMIT_NPROC after the uid switch if it appears that - runas_setup() did not do it for us. Fixes a bash script problem on - SuSE with RLIMIT_NPROC set to RLIM_INFINITY. - [bb14802d48b1] + * compat/stdbool.h, config.h.in, configure, configure.in: + Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. + [8ba1370884b3] -2010-07-15 Todd C. Miller +2012-01-29 Todd C. Miller - * mkpkg, pp, sudo.pp: - Restore the dot removal in the os version reported by polypkg. Adapt - mkpkg and sudo.pp to the change. - [83c7870130fe] + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [1e0b38397705] + +2012-01-25 Todd C. Miller + + * src/exec.c, src/sudo.c: + The change in 818e82ecbbfc that caused to exit when the monitor dies + created a race condition between the monitor exiting and the status + being read. All we really want to do is make sure that select() + notifies us that there is a status change when the monitor dies + unexpectedly so shutdown the socketpair connected to the monitor for + writing when it dies. That way we can still read the status that is + pending on the socket and select() on Linux will tell us that the fd + is ready. + [7fb5b30ea48d] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c, + src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, + src/sudo_exec.h: + Refactor disable_execute() and my_execve() into exec_common.c for + use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of + disabling exec in exec_setup(), disable it immediately before + executing the command. Adapted from a diff by Arno Schuring. + [ec4d8b53db6b] + +2012-01-20 Todd C. Miller -2010-07-16 Todd C. Miller + * aclocal.m4, configure, configure.in: + Add custom version of AC_CHECK_LIB that uses the extra libs in the + cache value name. With this we no longer need to rely on a modified + version of autoconf. + [1c3b1d482d6c] - * WHATSNEW: - Mention polypkg - [c5f6e40bbb58] +2012-01-19 Todd C. Miller - * README, WHATSNEW: - Update for sudo 1.7.4 - [0c688f1f8160] + * configure, configure.in: + Better handling of network functions that need -lsocket -lnsl + [cc386342ec2b] - * INSTALL: - document --with-pam-login - [33ca3f6308ae] + * src/sudo.c: + When setting up the execution environment, set groups before + gid/egid like sudo 1.7 did. + [928e1c5fa6c1] - * sudoers.cat, sudoers.man.in, sudoers.pod: - The tag is NOSETENV, not UNSETENV. From Petr Uzel. - [95f37e63ca15] + * configure, configure.in: + Remove "WARNING: unable to find foo() trying -lsocket -lnsl" + [84b23cdf138f] -2010-07-15 Todd C. Miller + * plugins/sudoers/sudoers.c: + For "sudo -g" prepend the specified group ID to the beginning of the + groups list. This matches BSD convention where the effective gid is + the first entry in the group list. This is required on newer + FreeBSD where the effective gid is not tracked separately and thus + setgroups() changes the egid if this convention is not followed. + Fixes bug #532 + [782d6909108b] - * sudo.pp: - Include flavor in solaris package name - [b6d56ccf367e] +2012-01-17 Todd C. Miller - * mkpkg: - Older shells don't support IFS= so set explictly to space, tab, - newline. - [336925525e17] + * configure, configure.in: + Fix sh warning; use "test" instead of "[" + [c6ee3407f65e] - * mkpkg: - Use '=' not '==' in test - [98c692271cfd] + * src/exec.c: + When not logging I/O, use a signal handler that only forwards + SIGINT, SIGQUIT and SIGHUP when they are user-generated signals. + Fixes a race in the non-I/O logging path where the command may + receive two keyboard-generated signals; one from the kernel and one + from the sudo process. + [9638684e786a] - * mkpkg: - Fix typo that prevented debian from matching - [af4deec35e37] + * src/exec.c: + Back out change that put the command in its own pgrp when not + logging I/O. It causes problems with pipelines. + [4fc9c6e1e770] - * mkpkg: - Add missing prefix setting for debian - [d0c1941cb6ec] +2012-01-16 Todd C. Miller - * sudo.pp: - Use tab indents to reduce the chance of problem with <<- Uncomment - some env_keep lines for RHEL, SLES and Debian to more closely match - the vendor sudoers files. - [74ba26566cdc] + * compat/Makefile.in, configure, configure.in: + Only run compat regress tests on compat objects we actually build. + Fixes "make check" in the compat dir for systems that don't + implement character classes in fnmatch() or glob(). Bug #531 + [a7addc305e83] + +2012-01-14 Todd C. Miller + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: + Update po files from translationproject.org + [5ea066af1356] + +2012-01-13 Todd C. Miller * sudo.pp: - Fix indentation Fix the debian %set section, pp does not set - pp_deb_distro Uncomment %sudo line in sudoers for debian Add pam.d - to %files for debian Remove the /etc/sudo-ldap.conf symlink on - debian for ldap flavor - [f15ff41b5afd] + Include parent directories in case they don't already exist. This + fixes a directory permissions problem with the AIX package when the + /usr/local directories don't already exist. + [a14f783dc827] - * sudoers: - Add commented out env_keep entries, sample Aliases and a %sudo line - for debian. - [8264e4ed42dc] + * pp: + sync with git version + [2f79d0543661] + + * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: + regen dependencies + [24c92ca6c64d] + + * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c: + Move tty name lookup code to its own file. + [58faf072cbf4] + +2012-01-12 Todd C. Miller + + * NEWS: + Update with latest sudo 1.8.4 changes. + [a4ffe4f42528] + + * config.h.in, configure, configure.in: + Remove obsolete template for HAVE_TIMESPEC + [75709007c906] + + * src/sudo.c: + Add a check for devname() returning a fully-qualified pathname. None + of the devname() implementations do this today but you never know + when this might change. + [16813ace38f9] + +2012-01-11 Todd C. Miller + + * plugins/sudoers/visudo.c: + For "visudo -c" also list include files that were checked when + everything is OK. + [ad6f85b35c9c] + + * src/sudo.c: + The device name returned by devname() does not include the /dev/ + prefix so we need to add it ourselves. + [b55285abb7ed] + + * src/sudo.c: + Add debug warning if KERN_PROC sysctl fails or devname() can't + resolve the tty device to a name. + [b5a23916ba3a] + + * common/sudo_debug.c: + The result of writev() is never checked so just cast to NULL. + [4be4e9b58d5b] + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: + Update Esperanto, Finnish, Polish and Ukrainian translations from + translationproject.org. + [bb91bc6ad7e9] + +2012-01-10 Todd C. Miller + + * config.h.in, configure, configure.in, src/sudo.c: + Add support for determining tty via sysctl on other BSD variants. + [fd15f63f719a] * configure, configure.in: - Remove check for egrep; configure has its own - [27b3d85ebf4f] + Only check for struct kinfo_proc.ki_tdev on systems that support + sysctl. + [109b3f07a39d] - * configure.in: - Use enable_zlib instead of enableval for consistency - [4a15cfd43d3e] + * src/sudo.c: + For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on + ttyname() of std{in,out,err}. + [95969b70bd68] -2010-07-14 Todd C. Miller +2012-01-09 Todd C. Miller - * mkpkg: - Enable zlib for linux distros - [fcab91448bb0] + * config.h.in, configure, configure.in, src/sudo.c: + On newer FreeBSD we can get the parent's tty name via sysctl(). + [3207290501ee] - * mkpkg: - Add ldap flavor to default build - [e35a577c8994] + * plugins/sudoers/testsudoers.c: + Include locale.h + [a602cd0b8c2d] - * mkpkg, sudo.pp: - Simplify rpm linux distro settings - [f30547765636] + * src/sudo.c: + Silence a gcc warning. + [8c6d0e3cd534] - * UPGRADE, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in, - sudoers.cat: - Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo. - [8c9440423d98] + * plugins/sudoers/bsm_audit.c: + Need to include gettext.h and sudo_debug.h; from John Hein + [447912aa7300] - * Makefile.in, mkpkg, sudo.pp: - Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR - environment variable. - [9f418defc08a] + * plugins/sudoers/iolog.c: + Initialize the debug framework from the I/O plugin too. + [ce1bf44d96d2] - * sudo.pp: - Create sudo group on debian - [4b0cc7b8b0b5] +2012-01-08 Todd C. Miller - * mkpkg, sudo.pp: - Add debian 4/5/6 and use the dot when doing version matches - [d5184f0a1efc] + * plugins/sudoers/testsudoers.c: + Enable debugging via sudo.conf. + [d85669c749d0] - * sudoers.cat, sudoers.man.in, sudoers.pod: - Remove spurious "and"; from debian - [8b9f2a5937bc] +2012-01-07 Todd C. Miller - * aclocal.m4, configure: - Use a loop when searching for mv, sendmail and sh - [a1c7d19721a4] + * plugins/sudoers/visudo.c: + Use SUDO_DEBUG_ALIAS for alias checking functions. + [fb84af30dc76] - * aclocal.m4, configure, configure.in, sudoers.cat, sudoers.man.in, - sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: - Substitute the value of EDITOR into the sudoers and visudo manuals. - [f00dc9343f94] + * configure, configure.in: + More complete test for getaddrinfo() that doesn't rely on the + network libraries already being added to LIBS. + [cbaf2369f4f0] -2010-07-13 Todd C. Miller +2012-01-06 Todd C. Miller - * mkpkg, pp, sudo.pp: - Initial debian 4.0 support - [6d73c000723f] + * common/aix.c: + Add debug support. + [def1bdf24485] + + * configure, configure.in: + Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least. + [a2ea1c2eac61] + + * compat/getaddrinfo.c: + Include errno.h and missing.h + [7d15e17cc2f2] + + * .hgignore: + ignore doc/varsub + [417f9fc3231b] + + * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c, + src/parse_args.c, src/sudo.c, src/sudo.h: + Update copyright year. + [5d0ffc7dd567] + + * NEWS: + Update for sudo 1.8.4 + [841e3eff9844] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen pot files + [c509cb45b66a] + + * plugins/sudoers/sudoreplay.c: + Enable debugging via sudo.conf. + [5087aaee8484] + + * plugins/sudoers/visudo.c: + Enable debugging via sudo.conf. + [04b067c16ed3] + + * plugins/sudoers/visudo.c: + Allow "visudo -c" to work when we only have read-only access to the + sudoers include files. + [d8c6713fe5c1] + + * doc/sudo.pod, doc/visudo.pod: + Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add + HISTORY section in sudo that points to HISTORY file. + [d1f1bcb051c5] + + * doc/sudo.pod, doc/sudo_plugin.pod: + Document Debug setting in sudo.conf and debug_flags in plugin. + [acfc505aa4a9] + +2012-01-05 Todd C. Miller + + * plugins/sudoers/match.c: + Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a + bug where a pattern like "/usr/*" include /usr/bin/ in the results, + which would be incorrectly be interpreted as if the sudoers file had + specified a directory. From Vitezslav Cizek. + [0cdb6252188c] + + * INSTALL, config.h.in, configure, configure.in, + plugins/sudoers/auth/kerb5.c: + Add --enable-kerb5-instance configure option to allow people using + Kerberos V authentication to use a custom instance. Adapted from a + diff by Michael E Burr. + [e83af8bb7aa7] + + * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h: + Remove -D debug_level option. + [cbcd05094347] + + * doc/LICENSE: + Update copyright year. + [9f43dd7aa852] + +2012-01-04 Todd C. Miller + + * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + parse_error is now bool, not int + [5ea7fb6fda38] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c: + Print a more sensible error if yyparse() returns non-zero but + yyerror() was not called. + [d44ec88f1183] + + * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, + plugins/sudoers/gram.c: + Replace y.tab.c with the correct filename in #line directives. + [3c84fcb7e959] + +2012-01-03 Todd C. Miller + + * src/sudo.c: + When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2} + if the main process's fds 0-2 are not hooked up to a tty. Adapted + from a diff by Zdenek Behan. + [b9dfce12af85] + + * src/exec.c: + When not logging I/O, put command in its own pgrp and make that the + controlling pgrp if the command is in the foreground. Fixes a race + in the non-I/O logging path where the command may receive two + keyboard-generated signals; one from the kernel and one from the + sudo process. + [d0e263ce496c] + +2011-12-20 Todd C. Miller + + * src/sudo_edit.c: + Quiet a bogus gcc warning. + [2009669e0608] + + * src/parse_args.c, src/sudo.h: + Fix warnings related to sudo.conf accessors. + [08ddc29ba50b] + + * common/sudo_conf.c, include/sudo_conf.h: + Separate sudo.conf parsing from plugin loading and move the parse + functions into the common lib so that visudo, etc. can use them. + [f1fc659a8079] + + * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c, + src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h: + Separate sudo.conf parsing from plugin loading and move the parse + functions into the common lib so that visudo, etc. can use them. + [e1f2cf6bd57a] + + * doc/sudoers.pod, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/sudoers.c, src/sudo.c: + Remove support for noexec_file in sudoers and the plugin API + [3e2fd58879b5] + + * plugins/sudoers/sudoers.c: + Don't dump interfaces if there are none. + [9081bb4d3e9e] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Add missing %s printf escape to the group_plugin, iolog_dir and + iolog_file descriptions. + [7db03f2b737e] + +2011-12-18 Todd C. Miller + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c: + Fix typo in visiblepw description; from Joel Pickett + [2fb4b26d5c2c] + +2011-12-08 Todd C. Miller + + * MANIFEST, configure, configure.in, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/sudo.c: + When running a login shell with a login_class specified, use + LOGIN_SETENV instead of rolling our own login.conf setenv support + since FreeBSD's login.conf has more than just setenv capabilities. + This requires us to swap the plugin-provided envp for the global + environ before calling setusercontext() and then stash the resulting + environ pointer back into the command details, which is kind of a + hack. + [ad4f1190143b] + + * plugins/sudoers/Makefile.in: + If srcdir is "." just use the basename of the yacc/lex file when + generating the C version. This matches the generated files + currently in the repo. + [0b11c3df87a8] + + * doc/Makefile.in, plugins/sudoers/Makefile.in: + Clean up the DEVEL noise + [9de2afe457fd] + + * src/exec.c: + Handle different Unix domain socket (actually socketpair) semantics + in BSD vs. Linux. In BSD if one end of the socketpair goes away + select() returns the fd as readable and the read will fail with + ECONNRESET. This doesn't appear to happen on Linux so if we notice + that the monitor process has died when I/O logging is enabled, + behave like the command has exited. This means we log the wait + status of the monitor, not the command, but there is nothing else we + can do at that point. This should only be an issue if SIGKILL is + sent to the monitor process. + [818e82ecbbfc] + + * src/exec_pty.c: + Catch common signals in the monitor process so they get passed to + the command. Fixes a problem when the entire login session is + killed when ssh is disconnected or the terminal window is closed. + Previously, the monitor would exit and plugin's close method would + not be called. + [0e4658263138] + + * INSTALL, configure, configure.in: + Mention how to configure pam_hpsec on HP-UX to play nicely with + sudo. + [a7294cd8ce98] + +2011-12-07 Todd C. Miller + + * plugins/sudoers/ldap.c: + Escape values in the search expression as per RFC 4515. + [c2adbc5db92b] + + * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + No need for install target to depend explicitly on install-dirs, the + install-foo targets all depend on it. + [62a36ed98279] + +2011-12-05 Todd C. Miller + + * .hgignore: + ignore src/sesh + [463d492f6782] + + * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/Makefile.in: + Add support for setenv entries in login.conf. We can't use + LOGIN_SETENV since the plugin sets up the envp the command is + executed with. Also regen the Makefile.in files while here. Fixes + bug #527 + [088d507926e2] + +2011-12-02 Todd C. Miller + + * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h, + config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, + src/net_ifs.c: + Add getaddrinfo() for those without it, written by Russ Allbery + [4cf9ac831222] + + * doc/Makefile.in: + Restore PACKAGE_TARNAME, it is used in docdir + [9d65e893edb1] + + * MANIFEST, compat/stdbool.h: + SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to + the MANIFEST + [e67700dc5621] + + * common/atobool.c, common/term.c, src/exec.c: + Remove duplicate return statements. + [48a20d5215fd] + + * plugins/sudoers/auth/bsdauth.c: + Remove inaccurate comment + [e7f0265cf657] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c: + Fetch the login class for the user we authenticate specifically when + using BSD authentication. That user may have a different login + class than what we will use to run the command. When setting the + login class for the command, use the target user's struct passwd, + not the invoking user's. Fixes bug 526 + [21bf0af892f7] + + * compat/Makefile.in, configure, configure.in, doc/Makefile.in, + plugins/sudoers/Makefile.in: + Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1" + [8ee6e0891f27] + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c: + Fix "make check" fallout from the sudo_conv changes in sudo_debug. + [b0aaa63c9081] + + * common/fileops.c, common/sudo_debug.c, configure, configure.in, + include/fileops.h, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in, + plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, + src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, + src/sudo_plugin_int.h, src/utmp.c: + Use stdbool.h instead of rolling our own TRUE/FALSE macros. + [dcb0bbc42fc9] + +2011-12-01 Todd C. Miller + + * compat/stdbool.h, config.h.in, configure, configure.in: + Add stdbool.h for systems without it. + [18bd9dda1dcd] + + * aclocal.m4, config.h.in, configure, configure.in: + No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default + includes have unistd.h in them. Add check for socklen_t for + upcoming getaddrinfo compat. + [d705465bef69] + + * common/fileops.c, compat/nanosleep.c, config.h.in, configure, + configure.in, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c, + plugins/sudoers/sudoreplay.c, src/net_ifs.c: + Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of + HAVE_TIMESPEC and HAVE_IN6_ADDR respectively. + [fa187c9bd2be] + + * src/sudo_noexec.c: + No longer need to include time.h here as missing.h does not use + time_t. + [fa3a089bf5b1] + +2011-11-30 Todd C. Miller + + * plugins/sudoers/visudo.c: + Fix mode on sudoers as needed when the -f option is not specified. + [7a1c40b0dc03] + + * MANIFEST, src/po/sr.mo, src/po/sr.po: + Add Serbian translation for sudo from translationproject.org + [9a0c25e25cba] + + * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c, + src/parse_args.c: + No longer pass debug_file to plugin, plugins must now use + CONV_DEBUG_MSG + [810cda1abb0b] * mkpkg: - Some platforms need -fPIE instead of -fpie - [8533a29633e8] + Build PIE executables for newer Debian and Ubuntu + [1c5f25f8904a] - * Makefile.in: - Add packaging bits to DISTFILES - [dea9f374f28b] + * common/sudo_debug.c: + Include time.h for ctime() prototype. + [10090cf3bca1] - * auth/pam.c: - Only set PAM_RHOST for Solaris, where it is needed to avoid a bug. - On Linux it causes a DNS lookup via libaudit. - [22e04d2f5f0f] +2011-11-29 Todd C. Miller - * sudo.psf: - We now use pp to generate HP-UX packages - [6c9f8ae6bc11] + * common/sudo_debug.c, include/sudo_debug.h, src/exec.c, + src/exec_pty.c: + Do not close error pipe or debug fd via closefrom() as we need them + to report an exec error should one occur. + [732f6587fafa] -2010-07-12 Todd C. Miller + * doc/sudoers.ldap.pod: + Document that a sudoUser may now be a group ID. + [2fef46b9d3d3] - * auth/pam.c: - Fix indentation - [e52e9e6338d5] + * plugins/sudoers/ldap.c: + Add support for permitting access by group ID in addition to group + name. + [b9450fdf1f69] - * INSTALL, Makefile.in: - isntall-man -> install-doc - [02cc8198ea7a] + * plugins/sudoers/ldap.c: + Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() + [d62a1e7cff4f] - * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat, - sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, - sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in: - Bump version to 1.7.4 - [df6ce4ea908a] + * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE: + Replace UCB fnmatch.c with a non-recursive version written by + William A. Rowe Jr. + [354d3384adb8] - * INSTALL.binary, Makefile.binary.in, Makefile.in: - Remove remaining bits of the old binary package - [8d4f82c23c22] + * plugins/sudoers/auth/pam.c: + Fix typo, return_debug vs. debug_return + [1b522efcbb0d] - * sudo.pp: - Use http://rc.quest.com/topics/polypkg/ for packaging - [d71793085629] +2011-11-23 Todd C. Miller - * Makefile.in, mkpkg, pp: - Use http://rc.quest.com/topics/polypkg/ for packaging - [675e505758c5] + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: + Update Japanese sudoers translation from translationproject.org + [ec0f2beaad36] - * install-sh: - Just ignore the -c option, it is the default Add support for -d - option - [2adfb3a63231] + * doc/sudoers.pod: + Make the env_reset descriptions consistent. + [41c056f02688] - * env.c, logging.c, pathnames.h.in: - Use _PATH_STDPATH instead of _PATH_DEFPATH - [2c22d54a1f02] +2011-11-22 Todd C. Miller - * Makefile.in: - Do not strip binaries. - [bc84682b372c] + * configure, configure.in: + Do multiple expansion when expanding paths to the noexec file, sesh + and the plugin directory. Adapted from a diff by Mike Frysinger + [d7e16c876c66] - * INSTALL, configure, configure.in: - Add --insults=disabled configure option to allow people to build in - insult support but have the insults disabled unless explicitly - enabled in sudoers. - [6d9f40db9cca] + * common/Makefile.in: + regen + [9d729e09c186] -2010-07-10 Todd C. Miller +2011-11-21 Todd C. Miller - * env.c, sudoreplay.c: - Fix K&R compilation - [e44d3be7ab85] + * .hgignore: + Add ignore file; from Mike Frysinger + [1fa8d52425f8] -2010-07-09 Todd C. Miller + * mkdep.pl: + no longer save old Makefile.in to .old + [378dd2395545] - * auth/pam.c, config.h.in, configure, configure.in, env.c, sudo.c, - sudo.h: - Add support for a sudo-i pam.d file to be used for "sudo -i". - Adapted from a RedHat patch. - [2984c3831d88] + * plugins/sudoers/Makefile.in, src/Makefile.in: + regen + [769faf517720] - * Makefile.in: - Fix installation of sudo_noexec.so - [d1f7ca8331b6] + * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4, + m4/ltoptions.m4, m4/ltversion.m4: + Update to libtool 2.4.2 + [9dac78d84b4f] - * Makefile.in, config.h.in, configure, configure.in, missing.h, - mkstemp.c, mkstemps.c, sudo_edit.c: - Use mkstemps() instead of mkstemp() in sudoedit. This allows - sudoedit to preserve the file extension (if any) which may be used - by the editor (like emacs) to choose the editing mode. - [46399679d9ae] +2011-11-18 Todd C. Miller -2010-07-08 Todd C. Miller + * plugins/sudoers/sudoers_version.h: + Bump grammar version for #include and #includedir relative path + support. + [82a4f7cd8f71] - * ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: - TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses - TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client - code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you - should avoid disabling TLS_CHECKPEER is possible. - [1d626a5cf8c0] +2011-11-17 Todd C. Miller -2010-07-07 Todd C. Miller + * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add support for relative paths in #include and #includedir + [4d6e3bd0c24f] - * toke.c, toke.l: - Add suport for negated user/host/command lists in a Defaults entry. - E.g. Defaults:!baduser noexec - [24f07a805dce] + * plugins/sudoers/Makefile.in: + Fix install-plugin when shared objects are unsupported or disabled. + [cbdd770a7a1b] -2010-07-01 Todd C. Miller + * plugins/sudoers/goodpath.c: + Don't write to sbp if it is NULL + [fc438f8e8570] - * sudoers.ldap.pod: - fix typo. - [d5f2922cecf2] +2011-11-16 Todd C. Miller -2010-06-29 Todd C. Miller + * Makefile.in: + Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set, + only install matching .mo files + [c1dc30ab4ebc] - * .hgtags: - Added tag SUDO_1_7_3 for changeset 72fd1f510a08 - [cc8b2277e17e] +2011-11-13 Todd C. Miller - * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat, - sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, - sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in: - Sudo 1.7.3 GA - [72fd1f510a08] [SUDO_1_7_3] + * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, src/conversation.c: + Fix non-dynamic (no dlopen) sudo build. + [b0bd3fa925a3] - * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, - auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c, boottime.c, check.c, - defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c, - fnmatch.c, get_pty.c, getcwd.c, getdate.c, getdate.y, getline.c, - getspwuid.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c, - iolog.c, lbuf.c, ldap.c, logging.c, match.c, parse.c, parse_args.c, - pwutil.c, set_perms.c, snprintf.c, sudo.c, sudo_edit.c, sudo_nss.c, - sudoreplay.c, term.c, testsudoers.c, tgetpass.c, toke.c, toke.l, - tsgetgrpw.c, visudo.c: - Include strings.h even if string.h exists since they may define - different things. Fixes warnings on AIX and others. - [7c6de7fb5dba] + * configure, configure.in: + Don't error out if the user specified --disable-shared + [cf035dd1e5cc] + + * common/sudo_debug.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/conversation.c: + Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to + the debug file. + [640c62f83251] + + * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, + plugins/sudoers/sudoers.h: + Make sudo_goodpath() return value bolean + [fea2d59a6e55] + + * INSTALL, MANIFEST, configure, configure.in, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c: + Remove obsolete securid auth method. + [4e54f860214b] + + * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + Prefix authentication functions with a "sudo_" prefix to avoid + namespace problems. + [581d74063ea1] + + * INSTALL, MANIFEST, config.h.in, configure, configure.in, + doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c: + Remove the old Kerberos IV support + [2e4b4a44209d] + +2011-11-12 Todd C. Miller + + * plugins/sudoers/check.c: + Don't print garbage at the end of the custom lecture. + [44bb788fafaa] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add lexer tracing as debug@parser + [d850f3f9d414] + + * plugins/sudoers/alias.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/gram.c, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c: + Revert 003bdb078a15. We need to #include not "gram.h" and + and not "def_data.h" when generating the parser in a + build dir. + [7da701def753] + +2011-11-08 Todd C. Miller + + * mkdep.pl, plugins/sudoers/Makefile.in: + Better devdir support in mkdep.pl + [7dcec57bd155] + + * plugins/sudoers/Makefile.in: + Add devdir before srcdir in include path and fix up dependecies + accordingly. + [6e9958eca485] + + * plugins/sudoers/alias.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: + #include "gram.h" not and "def_data.h" and not + . + [003bdb078a15] - * env.c: - Do not rely on env.env_len when unsetting a variable, just use the - NULL terminator. - [faf088613ce5] + * sudo.pp: + Mark libexec files as optional. If we build without shared object + support, libexec is not used. + [4bffcf482219] + + * src/load_plugins.c: + Change Debug sudo.conf setting to take a program name as the first + argument. In the future, this will allow visudo and sudoreplay to + use their own Debug entries. + [cfb8f7e4867c] + + * src/sudo.c: + fix sudo_debug_printf priority + [dcb67e965609] + + * plugins/sudoers/sudoers.c: + add missing debug_return_int + [d88ec450c592] + +2011-11-07 Todd C. Miller + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c: + Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR + [dcee8efc294f] + + * doc/UPGRADE: + Add missing word in HOME security note. + [fd844fdcc1ac] + + * plugins/sudoers/testsudoers.c: + Prevent "testsudoers -d username" from trying to malloc(0). + [839126e56e8c] + +2011-11-06 Todd C. Miller + + * plugins/sudoers/regress/sudoers/test10.in, + plugins/sudoers/regress/sudoers/test10.out.ok, + plugins/sudoers/regress/sudoers/test10.toke.ok, + plugins/sudoers/regress/sudoers/test10.toke.out.ok, + plugins/sudoers/regress/sudoers/test11.in, + plugins/sudoers/regress/sudoers/test11.out.ok, + plugins/sudoers/regress/sudoers/test11.toke.ok, + plugins/sudoers/regress/sudoers/test11.toke.out.ok, + plugins/sudoers/regress/sudoers/test12.in, + plugins/sudoers/regress/sudoers/test12.out.ok, + plugins/sudoers/regress/sudoers/test12.toke.ok, + plugins/sudoers/regress/sudoers/test13.in, + plugins/sudoers/regress/sudoers/test13.out.ok, + plugins/sudoers/regress/sudoers/test13.toke.ok, + plugins/sudoers/regress/sudoers/test9.in, + plugins/sudoers/regress/sudoers/test9.out.ok, + plugins/sudoers/regress/sudoers/test9.toke.ok, + plugins/sudoers/regress/sudoers/test9.toke.out.ok: + Tests for empty sudoers (should parse OK) and syntax errors within a + line (should report correct line number) both with and without the + trailing newline. + [d57c879c4718] + + * plugins/sudoers/regress/sudoers/test4.out.ok, + plugins/sudoers/regress/sudoers/test5.out.ok, + plugins/sudoers/regress/sudoers/test7.out.ok, + plugins/sudoers/regress/sudoers/test8.out.ok, + plugins/sudoers/testsudoers.c: + Print line number when there is a parser error. + [5444ef6ac6dc] + +2011-11-05 Todd C. Miller + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Keep track of the last token returned. On error, if the last token + was COMMENT, decrement sudolineno since the error most likely + occurred on the preceding line. Previously we always uses + sudolineno-1 which will give the wrong line number for errors within + a line. + [d661a03a64da] + +2011-11-03 Todd C. Miller + + * NEWS: + update with sudo 1.8.3p1 info + [0f79ff31f602] + + * plugins/sudoers/sudoers.c: + Fix crash when "sudo -g group -i" is run. Fixes bug 521 + [a3087ae337c4] + +2011-10-26 Todd C. Miller + + * plugins/sudoers/visudo.c: + Make alias_remove_recursive() return TRUE/FALSE as its callers + expect and remove two unused arguments. Fixes bug 519. + [2ee3b2882844] + + * plugins/sudoers/regress/visudo/test1.out.ok, + plugins/sudoers/regress/visudo/test1.sh: + Add regress test for bugzilla 519 + [48000ebedf97] + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c: + Disable warning/error wrapping in regress tests. + [373c589ba561] + +2011-10-25 Todd C. Miller - * env.c: - In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008 - [47f8dfcc7a48] + * Makefile.in: + Do compile-po as part of sync-po so that the .mo files get rebuild + automatically when we sync with translationproject.org + [83f3cbfc2f33] + + * plugins/sudoers/Makefile.in: + check_addr needs to link with the network libraries on Solaris + [322bd70e316e] + + * plugins/sudoers/match.c: + When matching a RunasAlias for a runas group, pass the alias in as + the group_list, not the user_list. From Daniel Kopecek. + [766545edf141] + + * plugins/sudoers/check.c, plugins/sudoers/sudoers.c: + We need to init the auth system regardless of whether we need a + password since we will be closing the PAM session in the monitor + process. Fixes a crash in the monitor on Solaris; bugzilla #518 + [e82809f86fb3] + +2011-10-24 Todd C. Miller + + * src/exec.c: + Get rid of done: label. If the child exits we still need to close + the pty, update utmp and restore the SELinux tty context. + [cc127bf48405] + +2011-10-22 Todd C. Miller + + * common/Makefile.in, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/lbuf.c, common/list.c, + common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logwrap.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c, + src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, + src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, + src/tgetpass.c, src/ttysize.c, src/utmp.c: + Add debug_decl/debug_return (almost) everywhere. Remove old + sudo_debug() and convert users to sudo_debug_printf(). + [8f3bbf907b67] + + * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/error.c: + Wrap error/errorx and warning/warningx functions with debug + statements. Disable wrapping for standalone sudoers programs as well + as memory allocation functions (to avoid infinite recursion). + [562ed7b5ae8d] + + * README, config.h.in, configure, configure.in: + Add checks for __func__ and __FUNCTION__ and mention that we now + require a cpp that supports variadic macros. + [314cfe4c5d23] + + * MANIFEST, common/Makefile.in, common/sudo_debug.c, + include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c, + src/load_plugins.c, src/parse_args.c, src/sudo.c, + src/sudo_plugin_int.h: + New debug framework for sudo and plugins using /etc/sudo.conf that + also supports function call tracing. + [cded741e9f10] + +2011-10-21 Todd C. Miller + + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: + Update Japanese sudoers translation from translationproject.org + [c24725775e32] + +2011-10-12 Todd C. Miller + + * configure, configure.in: + Override and ignore the --disable-static option. Sudo already runs + libtool with -tag=disable-static where applicable and we need non- + PIC objects to build the executables. + [aff1227b853a] + +2011-10-10 Todd C. Miller + + * NEWS: + Add sudoedit fix + [74655c7ccad1] + + * plugins/sudoers/po/sudoers.pot: + regen pot files + [28d89a831ed3] + + * plugins/sudoers/env.c: + Ignore set_logname (which is now the default) for sudoedit since we + want the LOGNAME, USER and USERNAME environment variables to refer + to the calling user since that is who the editor runs as. This + allows the editor to find the user's startup files. Fixes bugzilla + #515 + [6c5dddf5ff05] + + * plugins/sudoers/pwutil.c: + Instead of trying to grow the buffer in make_grlist_item(), simply + increase the total length, free the old buffer and allocate a new + one. This is less error prone and saves us from having to adjust + all the pointers in the buffer. This code path is only taken when + there are groups longer than the length of the user field in struct + utmp or utmpx, which should be quite rare. + [5587dc8cffaf] + + * src/po/it.mo: + Add Italian translation for sudo from translationproject.org + [1b3dd886e7e3] + + * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + src/po/ja.mo, src/po/ja.po: + Japanese translation for sudo and sudoers from + translationproject.org + [c06dd866be6e] + +2011-10-07 Todd C. Miller + + * plugins/sudoers/Makefile.in: + sudoreplay depends on timestr.lo too; from Mike Frysinger + [b9e73214b2f1] + +2011-10-04 Todd C. Miller + + * plugins/sudoers/po/sudoers.pot: + Regen sudoers pot file. + [019588bafdb3] + + * NEWS: + Update with latest sudo 1.8.3 news + [6868042a88e9] + + * plugins/sudoers/sudoers.c: + It appears that LDAP or NSS may modify the euid so we need to be + root for the open(). We restore the old perms at the end of + sudoers_policy_open(). + [2da67a5497ef] + + * plugins/sudoers/set_perms.c: + Better warning message on setuid() failure for the setreuid() + version of set_perms(). + [07abcfe7bd9a] + +2011-09-27 Todd C. Miller + + * plugins/sudoers/check.c: + Delref auth_pw at the end of check_user() instead of getting a ref + twice. + [cb665f55e6a5] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c: + Make sudo_auth_{init,cleanup} return TRUE on success and check for + sudo_auth_init() return value in check_user(). + [92631c919356] + + * plugins/sudoers/auth/sudo_auth.c: + Do not return without restoring permissions. + [59ef40b6696a] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen pot files + [9f320a340b7c] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/check.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Modify the authentication API such that the init and cleanup + functions are always called, regardless of whether or not we are + going to verify a password. This is needed for proper PAM session + support. + [19a53f3fb596] -2010-06-28 Todd C. Miller + * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: + Add missing dependency for getspwuid.lo and regen other depends. + [f7f70eae819a] - * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: - Mention that multiple URI lines are merged into a single one. - [1dc0ac5929bf] + * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c: + Fix a PAM_USER mismatch in session open/close. We update PAM_USER + to the target user immediately before setting resource limits, which + is after the monitor process has forked (so it has the old value). + Also, if the user did not authenticate, there is no pamh in the + monitor so we need to init pam here too. This means we end up + calling pam_start() twice, which should be fixed, but at least the + session is always properly closed now. + [fbc063a2a872] - * WHATSNEW: - Document AIX fixes - [be36e8a6dddd] + * src/utmp.c: + Add check for old being NULL in utmp_setid(); from Steven McDonald + [e87126442f2e] -2010-06-26 Todd C. Miller +2011-09-25 Todd C. Miller - * env.c, sudo.c, sudo.h: - For env_init() just use environ not the envp from main(). - [d4f3e374caeb] + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + If the invoking user cannot be resolved by uid fake the struct + passwd and store it in the cache so we can delref it on exit. + [a27e2f8b9f5e] -2010-06-25 Todd C. Miller +2011-09-24 Todd C. Miller - * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat, - sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, - sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in: - Update version to 1.7.3rc1 - [fe43fe79070d] + * plugins/sudoers/sudoers.c: + Don't error out if the group plugin cannot be loaded, just warn. + [0fbfcd381e33] - * TODO: - fqdn issue is resolved - [f35cb63eb74b] +2011-09-23 Todd C. Miller - * env.c: - In unsetenv(), assign ep in the for loop instead of doing it - earlier. This version of the code does not change env.envp in - between when ep is assigned and when it is used but older versions - (e.g. 1.7.2) do. - [a4cd29c862c9] + * plugins/sudoers/sudoers.c: + Quiet a false positive found by several static analysis tools. These + tools don't know that log_error() does not return (it longjmps to + error_jmp which returns to the sudo front-end). + [33d0469df21b] - * aix.c: - Use S_REGISTRY instead of S_AUTHSYSTEM as the argument to - getuserattr() when fetching the administrative domain to be used by - setauthdb(). This was suggested by AIX support and is consistent - with what OpenSSH does. - [d3109706ec85] +2011-09-22 Todd C. Miller - * vasgroups.c: - Use warningx() instead of log_error() since the latter is not - available to visudo or testsudoers. This does mean that they don't - end up in syslog. - [0174e89f983b] + * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po: + Add Italian translation for sudo from translationproject.org Regen + .mo files + [c3c888a82be6] - * sudo.c: - Defer call to sudo_nonunix_groupcheck_cleanup() until after we have - closed the sudoers sources. From Quest sudo. - [c1b33e3e0f9e] +2011-09-21 Todd C. Miller - * pwutil.c: - Ignore case when matching user/group names in the cache. From Quest - sudo. - [72df368a8a0e] + * doc/TROUBLESHOOTING: + Update to current reality and add bit about ssh auth + [184a1e7c2eeb] -2010-06-24 Todd C. Miller + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Make "verbose" static; fixes a namespace clash with + pam_ssh_agent_auth (and it doesn't need to be extern these days). + [cc38d2eb2f4c] - * config.h.in, configure, configure.in, selinux.c: - Add check for setkeycreatecon() when --with-selinux is specified. - [24144c52c0cc] + * config.h.in, configure, configure.in, src/get_pty.c: + FreeBSD has libutil.h not util.h + [dab4c94b6d4f] * configure, configure.in: - Bump version to 1.7.3b5 Error out if libaudit.h is missing or - ununable when --with-linux-audit was specified - [215c7653d9bc] + Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD + [41c362f0a92a] - * aix.c: - K&R function declaration for aix_setauthdb() - [82da12d222a6] +2011-09-20 Todd C. Miller - * env.c, sudo.c, sudo.h: - If env_init() was called implicitly via getenv(), setenv() or - putenv() just use the specified envp instead of mallocing a new - copy. This prevents an infinite loop on OpenBSD which calls - getenv() from malloc() to get MALLOC_OPTIONS. - [8e82ce63f774] + * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po: + Update po files from translationproject.org + [1e99e147c7fa] - * ldap.c: - Add support for multiple URI lines by joining the contents and - passing the result to ldap_initialize. - [b4e10b2ffdb1] +2011-09-16 Todd C. Miller -2010-06-23 Todd C. Miller + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for DEREF in ldap.conf. + [3c1937a98547] - * pwutil.c, set_perms.c, sudo_nss.c: - Bracket initgroups with calls to aix_setauthdb() and - aix_restoreauthdb() - [363dbe449f1c] + * Makefile.in: + install target should depend on ChangeLog too, not just install-doc + [1a7c83941175] - * aix.c: - Include compat.h before alloc.h to get __P - [819a2667ffd7] + * doc/sudoers.pod: + Only iolog_file (not iolog_dir) supports mktemp-style suffixes. + [0eca47d60a2c] - * auth/aix_auth.c: - Include usersec.h for authenticate() prototype - [2b8dd2b67131] + * NEWS: + Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes. + [0501415cc5ff] - * aix.c: - Add missing includes Add missing trailing NUL in userinfo string - [8deaedf44943] + * doc/UPGRADE: + Document group lookup change and possible side effects. + [585743e1ebf7] -2010-06-22 Todd C. Miller + * configure, configure.in: + Fix some square brackets in case statements that needed to be + doubled up. While here, use $OSMAJOR when it makes sense. + [8973343f4696] - * HISTORY, history.pod: - Mention when LDAP was incorporated. - [4e6c8ec4f67c] + * plugins/sudoers/pwutil.c: + Fix a crash in make_grlist_item() on 64-bit machines with strict + alignment. + [c89508c73c46] -2010-06-21 Todd C. Miller + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + Remove list_options() function that is no longer used now that "sudo + -L" is gone. + [fcc6a776c135] - * configure: - Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is - not covered by _ALL_SOURCE. - [3657f1b181b9] + * configure, configure.in: + Error message if user tries --with-CC + [ec5b478f813a] - * pwutil.c: - Include usersec.h on AIX to get IDtouser() prototype. - [11483bbe15c7] + * configure, configure.in: + Check for -libmldap too when looking for ldap libs, which is the + Tivoli Directory Server client library. + [bb3007a97206] - * configure.in: - Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is - not covered by _ALL_SOURCE. - [fd48e6e2136b] +2011-09-09 Todd C. Miller -2010-06-18 Todd C. Miller + * plugins/sudoers/parse.c: + Honor NOPASSWD tag for denied commands too. + [8dd92656db92] - * iolog.c: - Add a cast to quiet a compiler warning. - [51e9d419bd83] +2011-09-08 Todd C. Miller - * boottime.c: - Use memset() instead of zero_bytes() since we don't include sudo.h - [f310b2123ba9] + * INSTALL, configure, configure.in: + Remove --with-CC option; it doesn't work correctly now that we use + libtool. Users can get the same effect by setting the CC + environment variable when running configure. + [ec22bd1a55e0] - * Makefile.in: - getline.o is already in LIB_OBJS, do not need it in COMMON_OBJS - [c8750c2d75ab] +2011-08-31 Todd C. Miller - * getdate.c, getdate.y: - Quiet a compiler warning. - [9f231be15958] + * config.h.in, configure, configure.in, plugins/sudoers/visudo.c, + src/sudo_edit.c: + Assume all modern systems support fstat(2). + [6a5a8985f6a0] - * defaults.c, sudo.c: - Call set_fqdn() after sudoers has parsed instead of inline as a - callback. - [26d413ddb6dd] +2011-08-30 Todd C. Miller - * WHATSNEW: - Do not call set_fqdn() until sudoers parses (where is gets run as a - callback). - [582453a993a1] + * compat/regress/glob/globtest.c, config.h.in, configure, + configure.in, include/missing.h, plugins/sudoers/sudoers.h, + src/sudo.h, src/sudo_noexec.c: + Add configure test for missing errno declaration and only declare it + ourselves if it is missing. + [456e76c809a2] - * sudo.c: - Do not call set_fqdn() until sudoers parses (where is gets run as a - callback). Otherwise, if sudo is built --with-fqdn the fqdn will be - set even if !fqdn is set in sudoers. - [aa01e867d1bb] + * plugins/sudoers/alias.c: + Include errno.h before sudo.h to avoid conflicting with the system + definition of errno. + [d0b97e392512] - * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat, - sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, - sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in: - Bump version to 1.7.3b4 - [c1c5a73766b6] +2011-08-29 Todd C. Miller - * WHATSNEW: - mention the change in tty ticket behavior when there is no tty - [93ddde63e453] + * plugins/sudoers/regress/parser/check_addr.c: + Only print individual check status when there is a failure. + [2ac704c91441] - * TODO: - remove done items - [9601b2e8dcef] + * plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c: + Add calls to setprogname() for test programs. + [a8d9b420e826] - * aix.c: - Remove comment; NAME in usrinfo should be user name. - [eb46f1e8ea08] + * configure, configure.in: + Add -Wall and -Werror after all tests so they don't cause failures. + [2661188ff3fa] - * check.c: - Do not update tty ticket if there is no tty. - [e64e8c8f2286] + * plugins/sudoers/Makefile.in: + Actually run check_addr in the check target + [0b2778bc86bf] - * sudo.cat, sudo.man.in, sudo.pod: - No longer need to use -- with the -s flag - [e45c18dd79dc] + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_addr.in: + Split out address matching into its own file and add regression + tests for it. + [12b9a2bf8dba] + +2011-08-27 Todd C. Miller + + * plugins/sudoers/match.c: + When matching an address with a netmask in sudoers, AND the mask and + addr before checking against the local addresses. + [9747bb6d7b1c] + +2011-08-26 Todd C. Miller + + * plugins/sudoers/match.c: + Fix netmask matching. + [a3c8f8cc1464] + + * plugins/sudoers/visudo.c: + Don't assume all editors support the +linenumber command line + argument, use a whitelist of known good editors. + [21d43a91fd10] + +2011-08-23 Todd C. Miller + + * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_pty.c, src/sudo.c: + Silence compiler warnings on Solaris with gcc 3.4.3 + [da620bae6fdb] + + * mkpkg: + Fix building on RHEL 3 + [f3227fb2a252] + + * INSTALL, configure, configure.in: + Add --enable-werror configure option. + [fec2cdb95543] + + * common/setgroups.c: + setgroups() proto lives in grp.h on RHEL4, perhaps others. + [de91c0de5a98] + + * configure, configure.in: + Use PAM by default on AIX 6 and higher. + [e16493208e5f] + +2011-08-22 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + src/po/eo.mo, src/po/eo.po: + Add new Esperanto translation from translationproject.org + [0d9a59e04c64] + +2011-08-19 Todd C. Miller + + * plugins/sudoers/iolog_path.c: + Quiet an innocuous valgrind warning. + [0582b6027161] + +2011-08-18 Todd C. Miller + + * plugins/sudoers/iolog_path.c, + plugins/sudoers/regress/iolog_path/data: + Fix expansion of strftime() escapes in log_dir and add a regress + test that exhibited the problem. + [a5c7c1c4c589] + + * plugins/sudoers/Makefile.in: + Fix "make check" return value. + [33b58e175230] + +2011-08-17 Todd C. Miller + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Regen pot files + [063841aac19b] + + * Makefile.in: + Fix logic inversion in pot file up to date check. + [f6a8ca8654df] + +2011-08-15 Todd C. Miller + + * configure, configure.in: + Add caching for gettext() checks. + [01b7200f6105] + + * configure, configure.in: + Better handling of libintl header and library mismatch. + [9a49b1d4db69] + +2011-08-13 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Also check sudoers gid if sudoers is group writable. + [23ef96ca0d33] + +2011-08-12 Todd C. Miller + + * configure, configure.in: + If dlopen is present but libtool doesn't find it, error out since it + probably means that libtool doesn't support the system. + [a9da0a5f7941] + + * mkpkg: + configure args on the command line should override builtin defaults. + Disable NLS for non-Linux/Solaris unless explicitly enabled. + [b2fb05614504] + + * plugins/sudoers/auth/aix_auth.c: + Fix loop that calls authenticate(). If there was an error message + from authenticate(), display it. + [063a0c4f0b9a] + +2011-08-11 Todd C. Miller + + * m4/libtool.m4, m4/ltversion.m4: + Update to autoconf 2.68 and libtool 2.4 + [5a912a6eb67b] + + * config.guess, config.sub, configure, configure.in, ltmain.sh: + Update to autoconf 2.68 and libtool 2.4 + [931ab56aecf6] + + * doc/sudoers.pod: + Fix typo; OPT should be OTP + [e97bd2e46544] + + * plugins/sudoers/Makefile.in: + Rename libsudoers convenience library to libparsesudoers to avoid + libtool confusion. + [2a89a613f537] + +2011-08-10 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: + Add Danish sudoers translation from translationproject.org + [27b96e85eb13] + + * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: + Add dedicated callback function for runas_default sudoers setting + that only sets runas_pw if no runas user or group was specified by + the user. + [b8382d8eea34] + +2011-08-09 Todd C. Miller + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo, + src/po/ru.po: + Update Finish, Polish, Russian and Ukrainian translations from + translationproject.org. + [f9339aff664e] + + * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c: + Go back to using a callback for runas_default to keep runas_pw in + sync. This is needed to make per-entry runas_default settings work + with LDAP-based sudoers. Instead of declaring it a callback in + def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a + bit naughty, but avoids requiring stub functions in visudo and the + tests. + [9aaefb908415] + +2011-08-05 Todd C. Miller + + * Makefile.in: + Add check for out of date message catalogs when doing "make dist". + [e45a29b612f4] + +2011-08-02 Todd C. Miller + + * configure: + regen + [d6f9ad26774a] + + * configure.in: + Make sure compiler supports static-libgcc before using it. + [b01bd9566e50] + +2011-08-01 Todd C. Miller + + * src/Makefile.in: + Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc + [c99c7ab3edef] + +2011-07-30 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, + plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po, + src/po/zh_CN.mo: + Add new Russian sudo translation from translationproject.org and + rebuild the other translation files. + [e20015459056] + +2011-07-29 Todd C. Miller + + * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po: + Update Finish and Polish translations from translationproject.org + [4e3dbba4a1de] + + * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c: + Go back to escaping the command args for "sudo -i" and "sudo -s" + before calling the plugin. Otherwise, spaces in the command args + are not treated properly. The sudoers plugin will unescape non- + spaces to make matching easier. + [dfa2c4636f33] + +2011-07-28 Todd C. Miller + + * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/set_perms.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Fix some potential problems found by the clang static analyzer, none + serious. + [ff64aa74aae6] + + * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po, + src/po/zh_CN.po: + Updated Ukranian and Chinese (simplified) po files from + translationproject.org + [ec792becb48e] + +2011-07-27 Todd C. Miller + + * plugins/sudoers/po/pl.po: + Updated Polish translation from translationproject.org + [a3af53cb649c] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Rebuild pot files + [c650524c0f0a] + + * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c: + Don't try to audit failure if the runas user does not exist. We + don't have the user's command at this point so there is nothing to + audit. Add a NULL check in audit_success() and audit_failure() just + to be on the safe side. + [2a0007c2022f] + + * mkpkg: + Add -g to CFLAG for PIE builds. + [32a0a9693c9c] + +2011-07-25 Todd C. Miller + + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/sudo.c: + Remove fallback to per-group lookup when matching groups in sudoers. + The sudo front-end will now use getgrouplist() to get the user's + list of groups if getgroups() fails or returns zero groups so we + always have a list of the user's groups. For systems with + mbr_check_membership() which support more that NGROUPS_MAX groups + (Mac OS X), skip the call to getgroups() and use getgrouplist() so + we get all the groups. + [51b3ed8c600b] + +2011-07-22 Todd C. Miller + + * common/setgroups.c: + Fix setgroups() fallback code on EINVAL. + [2b6faecd56a4] + + * plugins/sudoers/set_perms.c: + Fix two PERM_INITIAL cases that were still using user_gids. + [9680bab0acc6] + + * MANIFEST: + Add Polish sudo message catalog + [8bb40c3ba576] + + * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + user_group is no longer used, remove it + [9acede0fe6c5] + +2011-07-20 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po: + Add Polish translation from translationproject.org + [afac5c638573] + + * MANIFEST, common/Makefile.in, common/setgroups.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c, + src/sudo.h, src/sudo_edit.c: + Add a wrapper for setgroups() that trims off extra groups and + retries if setgroups() fails. Also add some missing addrefs for + PERM_USER and PERM_FULL_USER. + [224dfd8aae5c] + + * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in, + configure, configure.in, include/missing.h, mkdep.pl, + plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c: + Instead of keeping separate groups and gids arrays, create struct + group_info and use it to store both, along with a count for each. + Cache group info on a per-user basis using getgrouplist() to get the + groups. We no longer need special to special case the user or list + user for user_in_group() and thus no longer need to reset the groups + list when listing another user. + [0ad849a8b2d5] + + * src/preload.c: + Don't rely on NULL since we don't include a header for it. + [b40937f1890c] + +2011-07-19 Todd C. Miller + + * doc/sudoers.pod: + Fix typo + [c1035360e169] + +2011-07-18 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Do not shadow global sudo_mode with a local variable in set_cmnd() + [0c72969503ad] + +2011-07-17 Todd C. Miller + + * plugins/sudoers/sudoers.c: + bash 2.x doesd not support the -l flag and exits with an error if it + is specified so use --login instead. This causes an error with bash + 1.x (which uses -login instead) but this version is hopefully less + used than 2.x. + [5c4c296e30e6] + + * src/po/pl.mo, src/po/pl.po: + Add Polish translation from translationproject.org + [48592dd6edcf] + +2011-07-13 Todd C. Miller + + * plugins/sudoers/set_perms.c: + Make error strings translatable. + [414c5c484768] + + * mkpkg: + Only run configure with --with-pam-login for RHEL 5 and above. + [6c16e4de4026] + + * sudo.pp: + Fix typo in summary + [9ac618c9a749] + +2011-07-11 Todd C. Miller + + * plugins/sudoers/logwrap.c: + Add missing logwrap.c + [c12a413ecc1d] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/logging/check_wrap.in, + plugins/sudoers/regress/logging/check_wrap.out.ok: + Split out log file word wrap code into its own file and add unit + tests. Fixes an off-by one in the word wrap when the log line + length matches loglinelen. + [52ed277f6690] + +2011-07-05 Todd C. Miller + + * mkpkg: + For SuSE, only use /usr/lib64 as libexec if generating 64-bit + binaries. + [645ab903cf77] + + * src/load_plugins.c, src/sudo.c: + Fix build error when --without-noexec configure option is used. + [b994f7b0d8b4] + + * configure, configure.in: + Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX + 5.3 and above. + [c2a6f9b472f3] + +2011-07-01 Todd C. Miller + + * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Resolve the list of gids passed in from the sudo frontend (the + result of getgroups()) to names and store both the group names and + ids in the sudo_user struct. When matching groups in the sudoers + file, match based on the names in the groups list first and only do + a gid-based match when we absolutely have to. By matching on the + group name (as it is listed in sudoers) instead of id (which we + would have to resolve) we save a lot of group lookups for sudoers + files with a lot of groups in them. + [8dc19353f148] + +2011-06-26 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Workaround for "sudo -i command" and newer versions of bash which + don't go into login mode when -c is specified unless -l is too. + [9393762b80f3] + +2011-06-23 Todd C. Miller + + * plugins/sudoers/logging.c: + Rewrite logfile word wrapping code to be more straight-forward and + actually wrap at the correct place. + [f712a0c90f55] + +2011-06-22 Todd C. Miller + + * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c: + Set use_pty=true in command details when use_pty is set in sudoers. + From Ludwig Nussel + [8d95a163dfc1] + +2011-06-20 Todd C. Miller + + * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + Sync Chinese (simplified) PO files from translationproject.org + [acce8eb7be18] + +2011-06-18 Todd C. Miller + + * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo, + plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo: + Add Danish translation from translationproject.org and add missing + Basque mo files. + [0c22bb21b9c4] + + * Makefile.in, configure, configure.in: + No longer need to specify LINGUAS in configure, "make install-nls" + now just installs all the .mo files it finds. + [fcd45cf04885] + +2011-06-17 Todd C. Miller + + * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod: + Build CONTRIBUTORS from newly-added contributors.pod + [8b192f2720f4] + + * doc/CONTRIBUTORS: + Rework the wording in the leading paragraph + [312044145cdd] + +2011-06-14 Todd C. Miller + + * MANIFEST, doc/CONTRIBUTORS: + Add a CONTRIBUTORS file with the names of folks who have contributed + code or patches to sudo since I started maintaining it (plus the + original authors). + [b8bdd8b59528] + +2011-06-13 Todd C. Miller + + * plugins/sudoers/env.c: + Preserve SHELL variable for "sudo -s". Otherwise we can end up with + a situation where the SHELL variable and the actual shell being run + do not match. + [b8b3974aee3e] + +2011-06-10 Todd C. Miller + + * configure, configure.in: + Only enable Solaris project support when setproject() is present in + libproject. + [49ad7857ab89] + + * sudo.pp: + Explicitly set mode and owner of /etc/sudoers instead of relying on + "cp -p" to work in the postinstall script. On AIX 6.1 at least the + postinstall script runs before the final file permissions are set. + [e41ffc0212b2] + +2011-06-09 Todd C. Miller + + * doc/sudo.pod, doc/sudoers.pod: + Refer the user to the "Command Environment" section in description + of sudo's -i option. + [263cc3be7eef] + + * doc/sudo.pod: + Fix typo + [35dfac450f4d] + +2011-06-08 Todd C. Miller + + * mkdep.pl: + If there is no old dependency for an object file, use the MANIFEST + to find its source. + [d15e3b9899f9] + + * compat/Makefile.in: + Remove dependency for getgrouplist.lo as we don't ship that source + file. + [312a6d5fe6b0] + +2011-06-07 Todd C. Miller + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Do not declare yyparse() static as the actual function generated by + yacc is extern. + [9017b79dcf55] + +2011-06-06 Todd C. Miller + + * Makefile.in: + Remove locale files in "make uninstall" + [201ff261ecbe] + + * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po, + plugins/sudoers/po/uk.po, src/po/eu.po: + Add Basque translation and sync Finish and Ukranian translations. + [66d2c78c8a13] + + * configure, configure.in: + FreeBSD no longer needs the main sudo binary to link with -lpam now + that plug-ins are loaded with RTLD_GLOBAL. + [96c710df2457] + + * plugins/sudoers/group_plugin.c, src/load_plugins.c: + Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes + problems with pam modules not having access to symbols provided by + libpam on some platforms. Affects FreeBSD and SLES 10 at least. + [0d016983ec84] + + * Makefile.in: + Move xgettext invocation out of update-po target into update-pot + [19a73c6d017c] + +2011-06-04 Todd C. Miller + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Regenerate .pot files for 1.8.2rc2 + [c3037f591dd8] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Move nls targets to the top level Makefile so the paths in the pot + file are saner + [65b9285cd8d9] + + * src/po/fi.mo: + Add compiled version of sudo Finish translation + [8f2405384ea3] + + * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo: + Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo + files + [a165e70fa9ec] + + * configure, configure.in, plugins/sudoers/po/fi.po: + Add Finish translation from translationproject.org + [4466f8a96ceb] + +2011-06-03 Todd C. Miller + + * doc/sudoers.pod: + The group named by exempt_group should not have a % prefix. + [df084d6b32c8] + +2011-06-01 Todd C. Miller + + * doc/sudoers.pod: + Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin" + [5113699a3f8b] + +2011-05-31 Todd C. Miller + + * src/exec.c, src/exec_pty.c: + Fix compressed io log corruption in background mode by using _exit() + instead of exit() to avoid flushing buffers twice. + + Improved background mode support. When not allocating a pty, the + command is run in its own process group. This prevents write access + to the tty. When running in a pty, stdin is not hooked up and we + never read from /dev/tty, which results in similar behavior. + [87c15149894c] + + * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: + Clean up regress files Generate proper dependencies for regress objs + in compat + [88bfc728c1e7] + + * plugins/sudoers/Makefile.in: + Add missing dependency for check_fill.o. + [0bd6362e3e17] + +2011-05-29 Todd C. Miller + + * INSTALL, configure, configure.in: + Add support for --enable-nls[=location] + [b90db44a050f] + +2011-05-28 Todd C. Miller + + * plugins/sudoers/linux_audit.c: + Include gettext.h + [7f909a6e48cb] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: + Quiet gcc warnings. + [b41a6cdca583] + + * configure, configure.in: + Don't install .mo files if gettext was not found. + [1397b34cc165] + +2011-05-27 Todd C. Miller + + * src/exec.c: + Always allocate a pty when running a command in the background but + call setsid() after forking to make sure we don't end up with a + controlling tty. + [b6454ba172e8] + + * plugins/sudoers/iolog.c: + Add missing space between command name and the first command line + argument. + [fe217f0a36d4] + + * plugins/sudoers/sudoreplay.c: + Quiet a compiler warning on some platforms. + [de9f2849f236] + + * plugins/sudoers/po/README, src/po/README: + README file that directs people to translationproject.org + [30c0fc323281] + + * plugins/sudoers/po/uk.po, src/po/fi.po: + Sync translations with TP + [1d7d64559cba] + + * Makefile.in: + Add 'sync-po' target to top-level Makefile to rsync the po files + from translationproject.org. + [20508211aaa3] + + * plugins/sudoers/Makefile.in: + install nls files from install target + [5fc07b6cab38] + + * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp: + Include .mo files in sudo binary packags. + [278d4821a916] + + * configure, configure.in, plugins/sudoers/po/zh_CN.mo, + plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po: + Add simplified chinese translation + [2b33ffc755b9] + +2011-05-26 Todd C. Miller + + * configure, configure.in, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po: + Add ukranian translation + [2d8102688e93] + + * compat/Makefile.in: + refer to siglist.c, not ./siglist.c since not all makes will treat + foo and ./foo the same. + [6639d293ffba] + + * plugins/sudoers/sudoers.c: + Set def_preserve_groups before searching for the command when the -P + flag is specified. + [0edc7942f875] + + * Makefile.in, compat/Makefile.in, mkdep.pl, + plugins/sudoers/Makefile.in: + Add dependency for siglist.lo in compat. This is a generated file + so "make depend" needs to depend on it. + [28d0932f8b50] + + * compat/Makefile.in: + More dependency fixes. + [aad0d05cd020] + + * compat/Makefile.in: + Fix a few dependencies. + [eb21aa35a032] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Place compiled mo files in the src dir, not the build dir. When + installing compiled mo files, display a status message. + [e15634c29cd3] + +2011-05-25 Todd C. Miller + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Tivoli Directory Server requires that seconds be present in a + timestamp, even though RFC 4517 states that they are optional. + [55fe23dd4ef9] + + * plugins/sudoers/sudo_nss.h: + Add missing bit of copyright + [d2eba3c364ca] + + * doc/visudo.pod: + Mention cycle detection warnings + [a76bef15ab67] + + * plugins/sudoers/visudo.c: + When checking aliases, also check the contents of the alias in case + there are problems with an alias that is referenced inside another. + Replace the self reference check with real alias cycle detection. + [a66c904cf53b] + + * plugins/sudoers/alias.c: + Set errno to ELOOP in alias_find() if there is a cycle. Set errno to + ENOENT in alias_find() and alias_remove() if the entry could not be + found. + [b4f0b89e433c] + + * plugins/sudoers/visudo.c: + Increment alias_seqno before calls to alias_remove_recursive() to + avoid false positives with the alias loop detection. Fixes spurious + warnings about unused aliases when they are nested. + [a344483b8193] + + * MANIFEST: + add mkdep.pl + [86b7ed33eab2] + + * plugins/sudoers/Makefile.in: + Add dependency on convenience libs to binaries + [cd3078b3c997] + + * Makefile.in: + mkdep.pl only works when run from the src dir + [f35a5e47c944] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: + Auto-generate Makefile dependencies with a perl script. + [a3e4afcd7975] + +2011-05-23 Todd C. Miller + + * plugins/sudoers/match.c: + If the user specifies a runas group via sudo's -g option that + matches the runas user's group in the passwd database and that group + is not denied in the Runas_Spec, allow it. Thus, if user root's gid + in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if + no groups are present in the Runas_Spec. + [e3f9732dc564] + +2011-05-22 Todd C. Miller + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Add dependencies on gettext.h + [a3a9dc51f78b] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Fix install-nls target with HP-UX sh when gettext is not present. + [0c6b9655cd41] + +2011-05-20 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot, + src/Makefile.in, src/po/sudo.pot: + regenerate .pot files for lbuf changes + [918ded125a0b] + + * configure, configure.in: + Add missing "checking" message for gettext when using the cache. + [9c21187ad1d2] + + * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c, + src/parse_args.c: + Add primitive format string support to the lbuf code to make + translations simpler. + [ee71c7ef5299] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot: + Add message catalog template files for sudo and the sudoers module. + [f3f8acb1f014] + + * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c, + config.h.in, configure.in, doc/Makefile.in, include/gettext.h, + plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, + src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h: + Add gettext.h convenience header. This is similar to but distinct + from the one included with the gettext package. + [930a0591f73c] + +2011-05-19 Todd C. Miller + + * configure, configure.in: + Add checks for nroff -c and -Tascii flags + [19ca990b3149] + + * configure, configure.in: + Add check for HP bundled C Compiler (which cannot create shared + libs) + [517716a7072d] + + * plugins/sudoers/sudoreplay.c: + Fix C format warnings. + [6514326013fa] + + * include/error.h: + Add __printflike + [e1749a30a406] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/parse_args.c: + Translate help / usage strings. + [ee1cc9b1a8bd] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Set --msgid-bugs-address to the bugzilla url + [5a0aa250ca21] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, configure, + configure.in, doc/Makefile.in, include/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: + Add scaffolding to update .po files and install .mo files. + [f05f4eed1fe1] + + * doc/license.pod: + update copyright year + [fa0c62523875] + + * INSTALL, README: + No need to include version number at the top of these files. + [9f2981325351] + +2011-05-18 Todd C. Miller + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c: + Minor warning/error cleanup + [9236dc85aeab] + + * config.h.in, configure.in: + Emulate ngettext for the non-nls case + [13571d63fa36] + + * plugins/sudoers/ldap.c: + Do not mark untranslatable strings for translation + [735f5d4413fe] + + * plugins/sudoers/check.c: + Use ROOT_UID not 0. + [09a268db8da4] + + * plugins/sudoers/check.c, plugins/sudoers/iolog.c, + plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c, + src/load_plugins.c, src/sudo.c, src/sudo_edit.c: + Minor warning/error message cleanup + [3c7b1a7939b5] + + * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_pty.c, src/net_ifs.c, src/selinux.c: + cannot -> "unable to" in warning/error messages + [31c3897649e9] + + * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c, + src/sudo.c, src/utmp.c: + can't -> "unable to" in warning/error messages + [127b75f15291] + + * configure, configure.in: + FreeBSD needs the main sudo executable to link with -lpam when + loading dynaic pam modules for some reason. + [944522cc9bef] + +2011-05-17 Todd C. Miller + + * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c: + We don't want to translate debugging messages. + [56a1a365815a] + + * configure, configure.in, plugins/sudoers/Makefile.in, + plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/sesh.c, src/sudo.c: + Add calls to bindtextdomain() and textdomain() Currently there are + two domains, one for the sudo front-end and one for the sudoers + plugin and its associated utilities. + [0426138f789e] + + * configure, configure.in: + Fix caching of libc gettext check. + [942142d2c43a] + + * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c, + plugins/sudoers/mkdefaults: + Mark defaults descriptions for translation + [5b27f018e6cf] + + * NEWS: + Update for sudo 1.8.1p2 + [747c4dee2ca7] + +2011-05-16 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Quiet compiler warning when SELinux is enabled. + [1fbf77dda240] + + * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, + src/error.c, src/net_ifs.c, src/sesh.c: + Add missing includes of libintl.h. + [bc1d66316082] + + * plugins/sudoers/auth/pam.c: + Fix gettext marker. + [a5cf4ed66c66] + + * common/aix.c, common/alloc.c, compat/strsignal.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h: + Include libint.h where needed. + [2b0e5a663c7b] + + * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: + Prepare sudoers module messages for translation. + [7212ae1909c5] + + * plugins/sudoers/sudoers.c: + Only check gid of sudoers file if it is group-readable. + [50e3bc0cb242] + + * plugins/sudoers/auth/aix_auth.c: + For AIX, keep calling authenticate() until reenter reaches 0. + [e240815b74b1] + +2011-05-09 Todd C. Miller + + * configure, configure.in: + Cache the status of the initial gettext() check. + [32751ebe1704] + + * INSTALL, configure, configure.in: + Add --disable-nls flag and improve checks for gettext. + [c7e6b17052de] + + * configure, configure.in: + When building with gcc on HP-UX, use -march=1.1 to produce portable + binaries on a pa-risc2 host. Previously, the +Dportable option was + used for the HP-UX C compiler but gcc always produced native + binaries. + [8f4c749324d7] + +2011-05-06 Todd C. Miller + + * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c, + src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c, + src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c, + src/sudo_edit.c, src/tgetpass.c, src/utmp.c: + Prepare sudo front end messages for translation. + [2fc2fabceccb] + +2011-05-04 Todd C. Miller + + * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c: + Add initial scaffolding to support localization via gettext() + [7d47b59fcf95] + + * compat/fnmatch.h, compat/glob.h: + Don't let the fnmatch/glob macros expand the function prototype. + [a9014aa0288e] + +2011-05-03 Todd C. Miller + + * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h: + Resolve namespace collisions on HP-UX ia64 and possibly others by + adding a rpl_ prefix to our fnmatch and glob replacements and + #defining rpl_foo to foo in the header files. + [caa9b690a15d] + +2011-04-29 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Split ALL, ROLE and TYPE into their own actions. Since you can only + have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in + the non-SELinux case. This is safe because the actions are in one + big switch() statement. + [7473fc2cfa2c] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. + [9be3480c2865] + +2011-04-27 Todd C. Miller + + * doc/UPGRADE, doc/sudoers.pod: + askpass moved from sudoers to sudo.conf in sudo 1.8.0 + [b2c2956cec4e] + + * doc/sudoers.pod: + Remove obsolete warning about runas_default and ordering. Move + syslog facility and priority lists into the section where the + relevant options are described. + [e57b8dc3f779] + +2011-04-26 Todd C. Miller + + * plugins/sudoers/auth/sia.c: + Fix SIA support; we no longer have access to the real argc and argv + so allocate space for a fake one and use the argv passed to the + plugin with "sudo" for argv[0]. + [1c0552772ad2] + +2011-04-23 Todd C. Miller + + * src/net_ifs.c: + Remove useless realloc when trying to get the buffer size right. + [792225380a62] + + * plugins/sudoers/set_perms.c: + Be explicit when setting euid to 0 before call to setreuid(0, 0) + [7bfeb629fccb] + +2011-04-18 Todd C. Miller + + * configure, configure.in: + Need to do checks for krb5_verify_user, krb5_init_secure_context and + krb5_get_init_creds_opt_alloc regardless of whether or not + krb5-config is present. + [9d1b98ece1d3] + +2011-04-15 Todd C. Miller + + * plugins/sudoers/set_perms.c: + Work around weird AIX saved uid semantics on setuid() and + setreuid(). On AIX, setuid() will only set the saved uid if the euid + is already 0. + [069fc08150ca] + +2011-04-14 Todd C. Miller + + * sudo.pp: + update copyright year + [1c42d579ba6e] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Treat a missing includedir like an empty one and do not return an + error. + [92f71d8cbfd4] + +2011-04-12 Todd C. Miller + + * pp: + Fix ARCH setting in cross-compile Solaris packages. + [b0de281cc889] + + * sudo.pp: + Fix aix version setting. + [98437dbfb085] + + * plugins/sudoers/ldap.c: + Remove extraneous parens in LDAP filter when sudoers_search_filter + is enabled that causes a search error. From Matthew Thomas. + [1d75bf1fc8d9] + +2011-04-11 Todd C. Miller + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c: + Correct sizeof() to fix test failure. + [fd2f7c0c0572] + + * plugins/sudoers/Makefile.in: + "install" target should depend on "install-dirs". Fixes "make -j" + problem and closes bz #487. From Chris Coleman. + [083902d38edb] + +2011-04-07 Todd C. Miller + + * config.h.in: + Add HAVE_RFC1938_SKEYCHALLENGE + [a94cb33758a8] + +2011-04-06 Todd C. Miller + + * NEWS: + Mention plugin loading and libgcc changes + [e11b30b5026a] + + * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: + Load plugins after parsing arguments and potentially printing the + version. That way, an error loading or initializing a plugin + doesn't break "sudo -h" or "sudo -V". + [1b76f2b096a2] + + * Makefile.in: + When using a sub-shell to invoke the sub-make, exec make instead of + running it inside the shell to avoid an extra process. + [fd2c04a71fbf] + + * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c: + Stop testing unspecified behavior in fnmatch Make glob test more + portable + [229803093725] + + * compat/Makefile.in: + No need to add current dir to include path and having it breaks the + test programs that expect to get the system glob.h and fnmatch.h + [68085f624be4] + + * INSTALL, configure, configure.in: + Fix and document --with-plugindir; partially from Diego Elio Petteno + [07edc52ea89e] + + * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, + compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c, + compat/regress/glob/globtest.in: + Fix fnmatch and glob tests to not use hard-coded flag values in the + input file. Link test programs with libreplace so we get our + replacement verions as needed. + [c2cca448f660] + + * Makefile.in: + If make in a subdir fails, fail the target in the upper level + Makefile too. Adapted from a patch from Diego Elio Petteno + [76fc9a0d96fd] + + * configure, configure.in, plugins/sudoers/auth/rfc1938.c: + Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also + has this. Adapted from a patch from Diego Elio Petteno + [a97279a59b93] + + * plugins/sudoers/Makefile.in: + Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ + directly. + [47b884029b3b] + + * configure, configure.in: + Fix warnings when -without-skey, --without-opie, --without-kerb4, + --without-kerb5 or --without-SecurID were specified. + [71ad150f4d24] + + * MANIFEST: + Add plugins/sudoers/sudoers_version.h + [7423966de440] + + * configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: + Back out the --with-libpath addition to SUDOERS_LDFLAGS since that + now include LDFLAGS in the sudoers Makefile.in. Add missing settng + of @LDFLAGS@ in plugin Makefile.in files. + [b835826f889c] + +2011-04-05 Todd C. Miller + + * NEWS: + Mention %#gid support in User_List and Runas_List + [5a983dff017a] + + * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h, + plugins/sudoers/visudo.c: + Keep track of sudoers grammar version and report it in the -V + output. + [52901a3c0296] + + * plugins/sudoers/sudo_nss.h: + Add multiple inclusion guard + [50853aed046e] + + * configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: + The --with-libpath option now adds to SUDOERS_LDFLAGS as well as + LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and + set it to -Wc,-static-libgcc if not using GNU ld so we don't + have a dependency on the shared libgcc in sudoers.so. + [66ad8bc5e32d] + + * doc/sudoers.pod: + Fix typo; from Petr Uzel + [f9a7afd80892] + +2011-04-01 Todd C. Miller + + * plugins/sudoers/testsudoers.c: + In dump-only mode, use "root" as the default username instead of + "nobody" as the latter may not be available on all systems. + [0c48e6414337] + +2011-03-31 Todd C. Miller + + * plugins/sudoers/testsudoers.c: + Remove NewArgv/NewArgc, they are no longer needed. + [16e18f734c7e] + + * plugins/sudoers/testsudoers.c: + Fix setting of user_args + [aa29e0d0a54a] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add '!' token to lex tracing + [5227ad266235] + + * plugins/sudoers/regress/testsudoers/test1.sh: + Use group bin in test, not wheel as most systems have the bin group + but the same is no longer true of wheel. + [718802b3b45e] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Avoid using pre or post increment in a parameter to a ctype(3) + function as it might be a macro that causes the increment to happen + more than once. + [78e281152c3a] + +2011-03-30 Todd C. Miller + + * sudo.pp: + Strip off the beta or release candidate version when building AIX + packages. + [28fe31668559] + + * configure, configure.in: + We need to include OSDEFS in CFLAGS when doing the utmp/utmpx + structure checks for glibc which only has __e_termination visible + when _GNU_SOURCE is *not* defined. + [59ae1698911f] + + * common/aix.c: + getuserattr(user, ...) will fall back to the "default" entry + automatically, there's no need to check "default" manually. + [3c7a47a61fdb] + +2011-03-29 Todd C. Miller + + * doc/UPGRADE: + Document parser changes. + [ec415503308d] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + If there is an existing sudoers file, only install if it passes a + syntax check. + [37427c73e8cb] + + * plugins/sudoers/regress/sudoers/test6.out.ok, + plugins/sudoers/testsudoers.c: + Add runasgroup support to testsudoers + [047ea5571f33] + + * plugins/sudoers/Makefile.in: + For "make check", keep going even if a test fails. + [ce6a0a73c372] + + * plugins/sudoers/testsudoers.c: + More useful exit codes: + * 0 - parsed OK and command matched. + * 1 - parse error + * 2 - command not matched + * 3 - command denied + [1d2ce1361903] + + * doc/sudoers.pod: + Document %#gid, and %:#nonunix_gid syntax. + [492d4f9696c4] + + * plugins/sudoers/pwutil.c: + Add support to user_in_group() for treating group names that begin + with a '#' as gids. + [20240c94a134] + + * config.h.in, configure, configure.in, src/utmp.c: + Add explicit check for struct utmpx.ut_exit.e_termination and struct + utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update + ut_exit if we detect one or the other. + [b4e8cab777e6] + +2011-03-28 Todd C. Miller + + * plugins/sudoers/toke.c: + Add back missing #include of config.h + [9ab3897a1b2e] + + * plugins/sudoers/iolog_path.c, + plugins/sudoers/regress/iolog_path/data: + Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like + strftime() does. + [93395762cdcd] + + * aclocal.m4: + Quote first argument to AC_DEFUN(); from Elan Ruusamae + [97f53ad31d77] + +2011-03-27 Todd C. Miller + + * MANIFEST: + add new sudoers tests + [476af91b3da3] + + * plugins/sudoers/regress/sudoers/test8.in, + plugins/sudoers/regress/sudoers/test8.out.ok, + plugins/sudoers/regress/sudoers/test8.toke.ok: + Add test for a newline in the middle of a string when no line + continuation character is used. + [de2394bc86ab] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Use bitwise AND instead of modulus to check for length being odd. A + newline in the middle of a string is an error unless a line + continuation character is used. + [bdb1d762a1d5] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Move lexer globals initialization into init_lexer. + [1ce62211aadb] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix a potential crash when a non-regular file is present in an + includedir. Fixes bz #452 + [1586760c3525] + + * pp: + On some Linux systems, "uname -p" contains detailed processor info + so check "uname -m" first and then "uname -p" if needed. Recognize + PLD Linux. + [b8535cb9012e] + +2011-03-25 Todd C. Miller + + * plugins/sudoers/redblack.c: + Don't need all sudoers.h here. + [8c0929f42dab] + + * src/sudo.c: + Print sudo version early, in case policy plugin init fails. + [47cddc4358bc] + +2011-03-24 Todd C. Miller + + * plugins/sudoers/regress/sudoers/test4.toke.ok: + Update to match change in input. + [4a3af8e68790] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Make an empty group or netgroup a syntax error. + [66f51ddc2ff6] + + * plugins/sudoers/regress/sudoers/test7.in, + plugins/sudoers/regress/sudoers/test7.out.ok, + plugins/sudoers/regress/sudoers/test7.toke.ok: + An empty group or netgroup should be a syntax error. + [bd5bf1e2edce] + + * plugins/sudoers/regress/sudoers/test6.in, + plugins/sudoers/regress/sudoers/test6.out.ok, + plugins/sudoers/regress/sudoers/test6.toke.ok: + Check that uids work in per-user and per-runas Defaults Check that + uids and gids work in a Command_Spec + [c5e848e6082b] + + * plugins/sudoers/regress/sudoers/test5.in, + plugins/sudoers/regress/sudoers/test5.out.ok, + plugins/sudoers/regress/sudoers/test5.toke.ok: + Test empty string in User_Alias and Command_Spec + [3a084d777e03] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Allow a group ID in the User_Spec. + [bc2859eb71dc] + +2011-03-23 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Return an error for the empty string when a word is expected. Allow + an ID for per-user or per-runas Defaults. + [915c259b00ff] + + * plugins/sudoers/testsudoers.c: + Fix printing "User_Alias FOO = ALL" + [ba58c3d548b3] + +2011-03-22 Todd C. Miller + + * src/parse_args.c: + Better error message about invalid -C argument + [c9a8d15bbf5d] + + * NEWS: + fix typo + [cdcfbafed013] + + * doc/sudoers.pod: + Fix placement of equal size ('=') in user specification summary. + [5ad7178b230d] + +2011-03-21 Todd C. Miller + + * MANIFEST: + update to match sudoers regress + [e04db0648717] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Restore ability to define TRACELEXER and have trace output go to + stderr. + [d9531e4d1b20] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Restore old behavior of setting sawspace = TRUE for command line + args when a line continuation character is hit to avoid causing + problems for existing sudoers files. + [fd930ad25550] + + * plugins/sudoers/regress/sudoers/test4.in, + plugins/sudoers/regress/sudoers/test4.out.ok, + plugins/sudoers/regress/sudoers/test4.toke.ok: + Add test for line continuation and aliases + [29ab538ca6bb] + + * plugins/sudoers/Makefile.in: + Make test output line up nicely for parse vs. toke + [257ef82c1434] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/sudoers/test1.in, + plugins/sudoers/regress/sudoers/test1.out.ok, + plugins/sudoers/regress/sudoers/test1.toke.ok, + plugins/sudoers/regress/sudoers/test2.in, + plugins/sudoers/regress/sudoers/test2.out.ok, + plugins/sudoers/regress/sudoers/test2.toke.ok, + plugins/sudoers/regress/sudoers/test3.in, + plugins/sudoers/regress/sudoers/test3.out.ok, + plugins/sudoers/regress/sudoers/test3.toke.ok, + plugins/sudoers/regress/testsudoers/test1.ok, + plugins/sudoers/regress/testsudoers/test1.out.ok, + plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/testsudoers/test2.out, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.ok, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/visudo/test1.ok, + plugins/sudoers/regress/visudo/test1.sh: + Move parser tests to sudoers directory and test the tokenizer output + too. + [44f529b3cdb6] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + If we match a rule anchored to the beginning of a line after parsing + a line continuation character, return an ERROR token. It would be + nicer to use REJECT instead but that substantially slows down the + lexer. + [355478293f8c] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Move LEXTRACE macro to toke.h so we can use it in yyerror(). + [72ee7a06d3ca] + +2011-03-20 Todd C. Miller + + * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Make lex tracing settable at run-time in testsudoers via the -t + flag. Trace output goes to stderr. Will be used by regress tests + to check lexer. + [93bd53c413c8] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Allow whitespace after the modifier in a Defaults entry. E.g. + "Defaults: username set_home" + [9dfcf8dd8a3a] + +2011-03-18 Todd C. Miller + + * mkpkg: + Don't set CC when cross-compiling. + [4b95b0c04e1c] + + * NEWS: + Credit Matthew Thomas for the sudoers_search_filter changes. + [a65998ab09f7] + + * MANIFEST: + Add the .sym files to the MANIFEST + [f599225cc861] + + * NEWS: + Update for sudo 1.8.1 beta + [71021e854c49] + + * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c: + user_shell -> run_shell to avoid confusion with the user's SHELL + variable. + [dc0ac6dafc21] + + * src/exec_pty.c: + Save the controlling tty process group before suspending in pty + mode. Previously, we assumed that the child pgrp == child pid + (which is usually, but not always, the case). + [10b2883b7875] + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for sudoers_search_filter setting in ldap.conf. This + can be used to restrict the set of records returned by the LDAP + query. + [b0f1b721d102] + +2011-03-17 Todd C. Miller + + * configure, configure.in: + Remove the hack to disable -g in CFLAGS unless --with-devel + [89822cf84ef4] + + * doc/sudoers.pod: + The '@' character does not normally need to be quoted. + [7823f5ed829a] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + We normaly transition from GOTDEFS to STARTDEFS on whitespace, but + if that whitespace is followed by a comma, we want to treat it as + part of a list and not transition. + [1ca6943e1824] + + * plugins/sudoers/regress/testsudoers/test3.ok, + plugins/sudoers/regress/testsudoers/test3.sh: + Add check for whitespace when a User_List is used for a per-user + Defaults entry. + [91f75e6dd19a] + + * plugins/sudoers/regress/testsudoers/test2.out, + plugins/sudoers/regress/testsudoers/test2.sh: + Expand quoted name checks to cover recent fixes. + [ce4f76bca146] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix parsing of double-quoted names in Defaultd and Aliases which was + broken in 601d97ea8792. + [424b0d6c1dc4] + + * plugins/sudoers/Makefile.in: + toke_util.c lives in $(srcdir) not $(devdir) + [94866bebee83] + +2011-03-16 Todd C. Miller + + * configure, configure.in: + Change trunk version to 1.8.x to distinguish from real 1.8.0. + [a9781e61d064] + + * NEWS, doc/UPGRADE: + Document major changes in 1.8.1 and add upgrade notes. + [f2cf51b0d9ce] + + * plugins/sudoers/match.c: + Be careful not to deref user_stat if it is NULL. This cannot + currently happen in sudo but might in other programs using the + parser. + [06a2334dd674] + + * mkpkg: + configure will not add -O2 to CFLAGS if it is already defined to add + -O2 to the CFLAGS we pass in when PIE is being used. + [1ce6481ece59] + + * doc/sudoers.pod: + Warn about the dangers of log_input and mention iolog_file and + iolog_dir in the log_input and log_output descriptions. + [ae854ffb0768] + + * pp: + sync with git version + [a993e39ce3cb] + + * doc/sudoers.pod: + It seems that h comes after i + [0f621109220d] + + * doc/sudoers.pod: + Move log_input and log_output to their proper, sorted, location. + Document set_utmp and utmp_runas. + [273b234b9c34] + + * src/exec.c: + Save the controlling tty process group before suspending so we can + restore it when we resume. Fixes job control problems on Linux + caused by the previous attemp to fix resuming a shell when I/O + logging not enabled. + [f03a660315ee] + + * common/lbuf.c: + Fix printing of the remainder after a newline. Fixes "sudo -l" + output corruption that could occur in some cases. + [25d83fb501fc] + +2011-03-15 Todd C. Miller + + * config.h.in, configure, configure.in, src/exec_pty.c, + src/sudo_exec.h, src/utmp.c: + Add support for ut_exit + [b574c13f1bba] + + * doc/sudo_plugin.pod, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c, + src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c: + Add support for controlling whether utmp is updated and which user + is listed in the entry. + [44a81632133f] + + * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h, + plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults, + plugins/sudoers/parse.c: + Fix typo; tupple vs. tuple + [697744acb710] + + * src/utmp.c: + For legacy utmp, strip the /dev/ prefix before trying to determine + slot since the ttys file does not include the /dev/ prefix. + [7ad5b81ff90c] + + * aclocal.m4, configure, configure.in, pathnames.h.in: + Add check for _PATH_UTMP + [21e638029bfd] + +2011-03-14 Todd C. Miller + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c: + Adapt check_iolog_path to sessid changes + [728b5fe2be6f] + + * config.h.in, configure, configure.in, src/Makefile.in, + src/exec_pty.c, src/sudo_exec.h, src/utmp.c: + Redo utmp handling. If no getutent()/getutxent() is available, + assume a ttyslot-based utmp. If getttyent() is available, use that + directly instead of ttyslot() so we don't have to do the stdin dup2 + dance. + [18aa455cd140] + +2011-03-11 Todd C. Miller + + * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h, + src/utmp.c: + Move utmp handling into utmp.c + [f6eae6c8e012] + + * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, + common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c, + compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c, + compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, + compat/utimes.c, doc/sudo.pod, doc/visudo.pod, + include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, + plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, + plugins/sudoers/logging.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/redblack.c, + plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, + src/sudo_plugin_int.h, src/tgetpass.c: + Update copyright years. + [16aa39f9060a] + + * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/parse_args.c: + Add "user_shell" boolean as a way to indicate to the plugin that the + -s flag was given. + [fb1ef0897b32] + + * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.h: + Move sessid out of sudo_user. + [ba298ddb57f4] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Log the TSID even if it is not a simple session ID. + [d7cc1b9c513c] + + * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod: + Document noexec in sample.sudo.conf and add back noexec_file section + in sudoers with a note that it is deprecated. + [4a6e961e494d] + + * plugins/sudoers/set_perms.c: + Fix running commands as non-root on systems where setreuid() changes + the saved uid based on the effective uid we are changing to. + [df0769b71b34] + +2011-03-10 Todd C. Miller + + * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c, + src/sudo.h: + Move noexec path into sudo.conf now that sudo itself handles noexec. + Currently can be configured in sudoers too but is now undocumented + and will be removed in a future release. + [6fa8befdc110] + + * doc/sudo.pod, doc/sudoers.pod: + Document "Path noexec ..." in sudo.conf. No longer document + noexec_file in sudoers, it will be removed in a future release. + [24eee3a0b3e5] + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: + Move noexec handling to sudo front-end where it is documented as + being. + [3ed4f10d7052] + + * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, + src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, + src/sudo_exec.h: + Add support for disabling exec via solaris privileges. Includes + preparation for moving noexec support out of sudoers and into front + end as documented. + [dec843ed553e] + + * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym, + plugins/sample_group/Makefile.in, + plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoers.sym: + Only export the symbols corresponding to the plugin structs. + [8d8d03b0ca54] + + * configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: + Install plugins manually instead of using libtool. This works + around a problem on AIX where libtool will install a .a file + containing the .so file instead of the .so file itself. + [796971cfbddb] + + * Makefile.in: + Move check into its own rule since some versions of make will run + both targets as the default rule. + [34d759979176] + + * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, + m4/ltversion.m4, m4/lt~obsolete.m4: + Update to libtool 2.2.10 + [34c130de6af7] + +2011-03-09 Todd C. Miller + + * src/exec.c: + In handle_signals(), restart the read() on EINTR to make sure we + keep up with the signal pipe. Don't return -1 on EAGAIN, it just + means we have emptied the pipe. + [d5b9c8eb9000] + + * compat/mktemp.c: + Reorder functions to quiet a compiler warning. + [c9e9a23729f0] + + * mkpkg: + Use the Sun Studio C compiler on Solaris if possible + [11a86e27891e] + +2011-03-08 Todd C. Miller + + * mkpkg: + Fix default setting of osversion variable. + [52e49ca1cedd] + + * doc/sudo_plugin.pod: + Make two login_class entris consistent. + [18ff1fa94a91] + + * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c, + src/sudo_exec.h: + Add support for adding a utmp entry when allocating a new pty. + Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent(). + Currently only creates a new entry if the existing tty has a utmp + entry. + [32db72b81d80] + + * plugins/sudoers/boottime.c: + Avoid pulling in headers we don't need on Linux For getutx?id(), + call setutx?ent() first and always call endutx?ent(). + [5dad21e1ee1b] + + * configure, configure.in: + Add some more libs to SUDOERS_LIBS instead of relying on them to be + pulled in by SUDO_LIBS. + [18a7c21c09a7] + + * plugins/sudoers/sudoers.c: + Fix return value of "sudo -l command" when command is not allowed, + broken in [c7097ea22111]. The default return value is now TRUE and + a bad: label is used when permission is denied. Also fixed missing + permissions restoration on certain errors. On error()/errorx(), the + password and group files are now closed before returning. + [4f2d0e869ae5] + +2011-03-07 Todd C. Miller + + * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: + Fix passing of login class back to sudo front end. + [6f70a784ce48] + + * mkpkg: + Add --osversion flag to specify OS instead of running "pp + --probeonly" + [a8efdccb7bc1] + + * sudo.pp: + Fix expr usage w/ GNU expr + [48895599ee63] + +2011-03-06 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Fix exit value for validate and list mode. + [c7097ea22111] + + * plugins/sudoers/sudoers.c: + Fix non-interactive mode with sudoers plugin. + [172f29597bd2] + +2011-03-05 Todd C. Miller + + * doc/sudoreplay.pod: + sudoreplay can now find IDs other than %{seq} and display the + session. + [fc3dd3be67e9] + +2011-03-04 Todd C. Miller + + * plugins/sudoers/sudoreplay.c: + Add support for replaying sessions when iolog_file is set to + something other than %{seq}. + [ca3131243874] + + * plugins/sudoers/visudo.c: + If we are killed by a signal, display the name of the signal that + got us. + [994bb76a990e] + + * configure, configure.in: + Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS + where they belong. + [40f94b936fa4] + + * configure.in: + Fix bug in skey/opie check that could cause a shell warning. + [83c043072be5] + + * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + No longer need sudo_getepw() stubs. + [bbee15c36912] + +2011-03-03 Todd C. Miller + + * plugins/sudoers/sudo_nss.c: + Fix exit value of "sudo -l command" in sudoers module. + [a6541867521b] + +2011-03-02 Todd C. Miller + + * compat/regress/glob/globtest.c: + Use fgets() not fgetln() for portability. + [df1bb67fb168] + + * sudo.pp: + Don't use the beta or release candidate version as the rpm release. + [d661ef78021a] + +2011-02-25 Todd C. Miller + + * configure, configure.in: + version 1.8.0 + [f6530d56f6ae] [SUDO_1_8_0] + + * NEWS: + update sudo 1.8 section + [f2ee2cf95d18] + +2011-02-23 Todd C. Miller + + * plugins/sudoers/regress/testsudoers/test2.sh: + fix test description + [cd5730fa9f09] + + * plugins/sudoers/regress/testsudoers/test2.out, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/visudo/test2.out, + plugins/sudoers/regress/visudo/test2.sh: + convert test2 to use testsudoers + [b5ec3f0b69f1] + + * include/sudo_plugin.h, src/sudo_plugin_int.h: + Move struct generic_plugin to sudo_plugin_int.h + [6f7bc629329c] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Allow sudoers file name, mode, uid and gid to be specified in the + settings list. The sudo front end does not currently set these but + may in the future. + [22f38a0fda2a] + +2011-02-21 Todd C. Miller + + * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, + doc/visudo.man.in: + 1.8.0rc1 + [5d4588b9c057] + + * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/parse_args.c, src/sudo.h: + add help text to sudo, visudo and sudoreplay for the -h option + [52e7378d8476] + +2011-02-19 Todd C. Miller + + * compat/snprintf.c: + avoid using "howmany" for a parameter name since it is a select- + related macro + [a14d565401a1] + + * doc/sudoers.pod: + mention group_plugin when describing nonunix_group + [e0d1d0034b17] + + * doc/sudo_plugin.pod: + Add missing period at end of sentence + [6744d7e9056d] + + * Makefile.in, doc/Makefile.in, include/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + add localstatedir; closes bug 471 + [7aefcab85088] + + * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c, + src/exec.c, src/exec_pty.c: + The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes + Bug 470 + [927ed6740f32] + + * configure.in: + add missing AH_TEMPLATE for ENV_RESET + [16300010c986] + + * src/exec.c: + SVR5 systems return non-zero for success on socketpair(), check for + -1 instead. Closes Bug 469 + [4d276494bf8e] + +2011-02-16 Todd C. Miller + + * configure, configure.in: + 1.8.0b5 + [d611cd5d73d3] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + regen + [85e96eeaed82] + + * doc/sudo.pod: + Document that a sudo.conf file with no Pligin lines uses the default + sudoers plugins. + [88bd52da977f] + + * src/load_plugins.c: + If sudo.conf contains no Plugin lines, use the default sudoers + policy and I/O plugins. + [fd8f4cb811ab] + +2011-02-14 Todd C. Miller + + * plugins/sudoers/sudo_nss.c: + Avoid printing empty "Runas and Command-specific defaults for user" + line. + [2dd330fe4f8b] + + * common/lbuf.c: + Truncate the buffer at buf.len before printing in the non-wordwrap + case. + [901e9833f80d] + + * common/lbuf.c: + Remove extra newline when the tty width is very small or unavailable + [245c05506c0e] + +2011-02-11 Todd C. Miller + + * plugins/sudoers/alias.c: + Remove unneeded variable. + [2c086d30b796] + +2011-02-09 Todd C. Miller + + * configure, configure.in: + Prefer getutxid over getutid + [3f3322e9c93e] + + * plugins/sudoers/boottime.c: + Include utmp.h / utmpx.h before missing.h as apparently including it + afterwards causes a compilation problem on GNU Hurd. + [a528029ae962] + +2011-02-07 Todd C. Miller + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c: + #include "foo.h", not for local includes. + [f65ec693998e] + + * src/parse_args.c: + remove bogus XXX + [9136c17d53ce] + + * compat/mksiglist.c: + Fix typo + [1a3bb7b455c9] + + * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c: + return foo not return(foo) + [5c9e0647359a] + +2011-02-06 Todd C. Miller + + * src/exec.c: + Remove duplicate FD_SET of signal_pipe[0] + [3096527d2215] + +2011-02-05 Todd C. Miller + + * compat/mksiglist.c: + Use "missing.h" not in generated code. + [d8e09cffbe09] + +2011-02-04 Todd C. Miller + + * aclocal.m4, configure: + fix --with-iologdir=no + [a89699cb5f5f] + + * aclocal.m4, configure: + fix typo that broke --with-iologdir + [91b54eb22403] + +2011-02-03 Todd C. Miller + + * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, + doc/visudo.man.in: + Bump version to 1.8.0b4 + [e2b7f2cdc02e] + + * NEWS: + sync + [decf5a0a8a33] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Attempt to clarify how users and groups interact in Runas_Specs + [e6fb3a2dbd77] + + * plugins/sudoers/regress/visudo/test2.out, + plugins/sudoers/regress/visudo/test2.sh: + Add test for quoted group that contains escaped double quotes + [44596c48c629] + + * src/exec.c, src/exec_pty.c: + Pass SIGUSR1/SIGUSR2 through to the child. + [c3108a827b01] + + * src/exec_pty.c, src/sudo_exec.h: + Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and + SIGUSR2 to indicate whether the child should be continued in the + foreground or background. + [35ca47cc6785] + + * src/exec.c: + Use pid_t not int and check the return value of kill() + [36ae7d37d7f9] + +2011-02-02 Todd C. Miller + + * src/exec_pty.c: + Remove obsolete comment + [baebef4919f6] + + * src/exec.c: + In non-pty mode before continuing the child, make it the foreground + pgrp if possible. Fixes resuming a shell. + [fef5b1d02ddb] + + * src/exec_pty.c: + If we get a signal other than SIGCHLD in the monitor, pass it + directly to the child. + [b3ecb28163a0] + + * src/exec.c, src/exec_pty.c, src/sudo.h: + Save signal state before changing handlers and restore before we + execute the command. + [faf7475dc4bf] + +2011-02-01 Todd C. Miller + + * plugins/sudoers/iolog.c: + Use a char array to map a number to a base36 digit. + [257576c51f8b] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod: + Be clear about what versions of sudo support new LDAP attributes. + Fix up some formatting of attribute names. Minor other tweaks. + [39f65df71f65] + +2011-01-31 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + match quoted strings the same way whether in a Defaults line or as a + user/group/netgroup name. Fixes escaped double quotes in quoted + user/group/netgroup names. + [601d97ea8792] + + * plugins/sudoers/Makefile.in: + 'make check' depends on visudo and testsudoers + [127c5a24df8f] + + * plugins/sudoers/sudoers2ldif: + Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags + [9029163a58c3] + +2011-01-30 Todd C. Miller + + * doc/UPGRADE: + Mention LDAP attribute compatibility status. + [2c3595aaec63] + +2011-01-28 Todd C. Miller + + * README.LDAP: + Mention phpQLAdmin + [9304c9064fbe] + + * INSTALL, NEWS, config.h.in, configure, configure.in, + doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: + Add --disable-env-reset configure option. + [8a753aa13a46] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document that sudoers_locale also affects logging and email. + [998d6ac11277] + + * NEWS, config.h.in, configure, configure.in, + plugins/sudoers/logging.c: + Do logging and email sending in the locale specified by the + "sudoers_locale" setting ("C" by default). Email send by sudo + includes MIME headers when the sudoers locale is not "C". + [cb7e55408400] + +2011-01-27 Todd C. Miller + + * plugins/sudoers/check.c: + Fix indentation + [65ae7e92b9e4] + +2011-01-25 Todd C. Miller + + * NEWS, src/parse_args.c, src/sudo.c: + Perform command escaping for "sudo -s" and "sudo -i" after + validating sudoers so the sudoers entries don't need to have all the + backslashes. + [4e168c103f4b] + +2011-01-24 Todd C. Miller + + * plugins/sudoers/logging.c: + Prepend "list " to the command logged when "sudo -l command" is used + to make it clear that the command was listed, not run. + [f392a6056cd6] + + * plugins/sudoers/parse.c: + cosmetic change + [7c0951dbc2dd] + + * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, + common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c, + compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c, + compat/nanosleep.c, compat/regress/glob/globtest.c, + compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, + compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c, + plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, + plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c, + src/sudo_noexec.c, src/tgetpass.c: + standardize on "return foo;" rather than "return(foo);" or "return + (foo);" + [32d76c5aaf8c] + + * plugins/sudoers/sudoers.c: + Do not reject sudoers file just because it is root-writable. + [0febc579185b] + +2011-01-21 Todd C. Miller + + * NEWS: + sync + [1ab03f8278ff] + + * plugins/sudoers/sudo_nss.c: + For "sudo -U user -l" if user is not authorized on the host, say so. + [289afe6dd15c] + + * plugins/sudoers/ldap.c: + In sudo_ldap_lookup(), always do the initial sudoers check as the + invoking user. If we are listing another user's privs we will do a + separate lookup using list_pw later. + [e52bc15de76d] + +2011-01-20 Todd C. Miller + + * MANIFEST: + add parser fill tests + [4f65140d3515] + + * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: + Don't test features not supported by the bundled glob() + [8ec7ace11949] + + * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c, + compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in, + doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in: + Update copyright year to 2011 + [ac1b45cb1809] + + * plugins/sudoers/sudo_nss.c: + When listing, use separate lbufs for the defaults and the privileges + and only print something if the number of privileges is non-zero. + Fixes extraneous Defaults output for "sudo -U unauthorized_user -l". + [d0854d39f8ef] + + * plugins/sudoers/ldap.c: + Stash pointer to user group vector in LDAP handle and only reuse the + query if it has not changed. We always allocate a new buffer when + we reset the group vector so a simple pointer check is sufficient. + [88861d4eba69] + + * plugins/sudoers/sudo_nss.c: + Check initgroups() return value. + [3bdaf58408a7] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_fill.c: + Add tests for the fill functions in toke_util.c + [bca587ab4956] + +2011-01-19 Todd C. Miller + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c: + fix copyright year + [e2038cdaf055] + + * NEWS: + sync + [56ca5d5eaebe] + +2011-01-18 Todd C. Miller + + * common/term.c: + Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e. + [b91f266624ec] + +2011-01-14 Todd C. Miller + + * mkpkg, sudo.pp: + Add Requires line for audit-libs >= 1.4 for RHEL5+ + [6c02f976171b] + + * pp: + sync with git version + [d301c32d5865] + +2011-01-13 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + fix typo + [39353f92976f] + +2011-01-12 Todd C. Miller + + * NEWS: + Update for sudo 1.7.4p5 + [b444da76901f] + + * doc/schema.OpenLDAP, doc/schema.iPlanet: + Add sudoNotBefore and sudoNotAfter attributes as optional attributes + to the sudoRole object class. From Andreas Mueller + [dacfad7e7a95] + +2011-01-11 Todd C. Miller + + * NEWS: + Mention "sudo -g group" password check fix. + [1eb8fb14e53b] + + * plugins/sudoers/sudoers.c: + Fix "sudo -g" support in the sudoers module. + [07d1b0ce530e] + + * plugins/sudoers/check.c: + If the user is running sudo as himself but as a different group we + need to prompt for a password. + [caf1fcc9a117] + +2011-01-10 Todd C. Miller + + * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, + plugins/sudoers/ldap.c: + Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP + LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla- + derived LDAP SDKs but we can pass the timeout parameter to + ldap_search_ext_s() or ldap_search_st() when possible. + [5537049991f7] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: + regen + [5b361c3c4324] + + * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility + with OpenLDAP ldap.conf files. + [e97843bd16fb] + + * plugins/sudoers/pwutil.c: + If user has no supplementary groups, fall back on checking the group + file expliticly. + [5223ad4eb690] + +2011-01-08 Todd C. Miller + + * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c: + constify + [6e132a4cca61] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Move fill macro to toke.h + [623d430798cf] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Split tokenizer utility functions out into toke_util.c + [89a97bd51618] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + ANSIfy + [ca0eba1dfaa9] + +2011-01-07 Todd C. Miller + + * MANIFEST: + sync + [a43f94064bb3] + + * plugins/sudoers/Makefile.in: + Add visudo tests to check target + [8c82fb4ed40f] + + * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, + compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files, + compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: + Add my regress tests for fnmatch() and glob() from OpenBSD. + [6e8c1f211723] + + * plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/visudo/test1.ok, + plugins/sudoers/regress/visudo/test1.sh: + Add regress test for command tags using visudo -c + [18b0ef207c0f] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test1.ok, + plugins/sudoers/regress/testsudoers/test1.sh: + Add support for regress tests using testsudoers + [1fa94bd2671b] + + * plugins/sudoers/testsudoers.c: + Need to set user_name explicitly due to internal changes made when + converting sudoers to a plugin. + [1fa54e86a364] + +2011-01-06 Todd C. Miller + + * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/iolog_path/data, src/Makefile.in, + zlib/Makefile.in: + Add regression tests for iolog_path() + [afa4b416e559] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Add support for "make Makefile" to regenerate Makefile from + Makefile.in + [98bd2dda3294] + + * plugins/sudoers/iolog_path.c: + Quiest a bogus compiler warning. + [5ff932a7ad67] + +2011-01-05 Todd C. Miller + + * plugins/sudoers/iolog_path.c: + Protect call to setlocale() with HAVE_SETLOCALE + [2c29ee3ccc81] + +2011-01-04 Todd C. Miller + + * MANIFEST: + mkstemps.c was renamed mktemp.c + [ae299c3b1827] + + * NEWS: + Update from 1.7 branch + [20817d79717b] + + * Makefile.in: + Use "mv -f" when regenerating ChangeLog + [c163635206c6] + + * plugins/sudoers/match.c: + Fix NULL dereference with "sudo -g group" when the sudoers rule has + no runas user or group listed. Fixes RedHat bug Bug 667103. + [41a6a1243d9e] + +2011-01-03 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Correct the default sudo.conf example + [4e791698cad1] + +2010-12-31 Todd C. Miller + + * plugins/sudoers/iolog_path.c: + Reset slashp if we allocate a new buffer for strftime() + [e491daa4203b] + + * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add extra out parameter to expand_iolog_path() to allow the caller + to split the path into dir and file components if needed. + [88346bc5ae39] + +2010-12-30 Todd C. Miller + + * plugins/sudoers/iolog.c: + mkdir_iopath() returns size_t now that it uses strlcpy() and not + snprintf() + [3c4c64d265eb] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c: + Trim leading slashes from iolog_file and trailing slashes from + iolog_dir + [a803b51f8948] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Pass a single I/O log file name in command_details instead of + separate dir + file parameters. + [d672a3e46e80] + + * plugins/sudoers/sudoreplay.c: + change an error() to errorx() + [8013dcfdd69d] + + * plugins/sudoers/iolog.c: + Add missing cwd line to I/O log info file that got dropped when + iolog_deserialize_info() was added + [7cf84f208423] + +2010-12-29 Todd C. Miller + + * plugins/sudoers/iolog.c: + Avoid relying on globals filled in by the sudoers policy module for + the sudoers I/O log module. The I/O log open function now pulls the + bits it needs out of user_info and command_info. + [c02f6951b0cc] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + If no iolog file is specified by the policy plugin, use io_nextid() + to determine the next file in the sequence. + [faa1130b1020] + +2010-12-28 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document iolog_compress in command_info + [58895c7d12f5] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Add support for the iolog_compress variable in command_info. + [36f13a2fd1c1] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Add sigsetjmp() calls to all plugin entry points just to be safe. + [3fa482355bc4] + + * src/sudo.c, src/sudo.h: + Don't need iolog variables in struct command_details, they are for + the I/O log plugins to handle. + [5111579ffd9d] + +2010-12-27 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document use of mkdtemp() for iolog path teplates + [5db6101408a9] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + regen + [1ee11fd6d4eb] + + * doc/sudo_plugin.pod, doc/sudoers.pod: + Document iolog_file and supported escape sequences for sudoers. + Clarify that iolog_file can contain directories. + [da611dedcbdb] + + * compat/Makefile.in, configure, configure.in: + Fix building of mkstemps/mkdtemp replacements. + [793a5e303122] + + * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure, + configure.in, include/missing.h: + Provide mkdtemp() for systems without it. + [b0527dfa965c] + + * plugins/sudoers/iolog_path.c: + Fix typo + [277f6c514cba] + + * plugins/sudoers/iolog.c: + Only use mkdtemp() if the path ends in at least 6 Xs since otherwise + glibc mkdtemp() returns EINVAL. + [2e7323b05579] + + * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Allow sudoers to specify the iolog file in addition to the iolog + dir. Add escape sequence support to iolog file and dir: sequence + number, user, group, runas_user, runas_group, hostname and + command in addition to any escape sequence recognized by + strftime(3). + [75cd32ee0435] + + * plugins/sudoers/iolog.c: + Add missing sigsetjmp() call in I/O plugin open function. Fixes a + crash when the I/O plugin calls error(), errorx() or log_error(). + [1a6718bd817d] + +2010-12-21 Todd C. Miller + + * doc/sudo_plugin.pod, plugins/sudoers/iolog.c, + plugins/sudoers/sudoers.c: + Give the policy module fine-grained control over what the I/O plugin + logs. + [d29784fd2a66] + + * common/term.c: + Clear OPOST from c_oflag like we used to. Fixes screen-based + editors such as vi. + [506ad5ae9b4e] + + * doc/sudoers.pod: + Clarify umask option description. From Reuben Thomas. + [1294ac84222b] + +2010-12-20 Todd C. Miller + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Pick last match in LDAP sudoers too + [fbfd8e85703b] + + * doc/sudo_plugin.pod: + Document iolog_file, iolog_dir and use_pty + [26120a59c20e] + + * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, + plugins/sudoers/sudoers.c: + Adapt plugins to version I/O logging ABI 1.1 + [880dd64bc1e8] + + * src/exec.c, src/sudo.h: + Add use_pty command_info flag for policies to indicate that a pty + should be allocated even if no I/O logging is performed. + [e7b167f8a6e5] + + * src/sudo.c: + Add remaining plugin convenience functions + [ffeaf96da031] + + * include/sudo_plugin.h, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h: + Change I/O log API to pass in command info to the I/O log open + function. Add iolog_file and iolog_dir parameters to command info. + This allows the policy plugin to specify the I/O log pathname. Add + convenience functions for calling plugin functions that handle ABI + backwards compatibility. + [9b81dce76ce5] + + * compat/dlopen.c: + Remove useless cast + [7cecce969739] + +2010-12-17 Todd C. Miller + + * configure, configure.in: + Bump version to 1.8.0b3 + [1dc9f040aae0] + +2010-12-13 Todd C. Miller + + * configure.in: + Remove extraneous newline + [71c94551eea5] + +2010-12-10 Todd C. Miller + + * doc/sudoers.pod, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c: + Make I/O log dir configurable. + [99b576667a38] + + * aclocal.m4, configure, configure.in, doc/sudoers.pod: + Rename io_logdir to iolog_dir + [0731662acc8d] + +2010-12-07 Todd C. Miller + + * pp: + Add missing '*' that prevented the generic ELF case from matching. + [be77ca26bfb2] + + * pp: + If file(1) can't identify the ELF binary type, try readelf(1). + [38a18d32a9e3] + +2010-11-30 Todd C. Miller + + * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.c, src/sudo.c: + Use %u to print uid/gid, not %lu and adjust casts to match. + [03c43b8749cf] + + * doc/sudoers.ldap.pod: + Clarify ordering of entries and attributes. + [924e2a6bb603] + + * doc/sudoers.ldap.pod: + Fix typo and editing goof. + [79dc7ccd85a8] + + * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, + doc/sudoers.ldap.pod: + Merge in ordered LDAP entry support from Andreas Mueller. + [ea5885989bad] + + * plugins/sudoers/ldap.c: + Make sure we don't dereference a NULL handle. + [1a9f9ee15371] + +2010-11-24 Todd C. Miller + + * pp: + Add support for RHEL 6 file modes that include a trailing dot on + files with an SELinux security context + [dc09be959547] + +2010-11-23 Todd C. Miller + + * src/sudo.c: + exec_setup() does not need to setuid(0), the Ubuntu issue was in the + sudoers module. + [d6dd99fc6062] + + * plugins/sudoers/sudoers.c: + create_admin_success_flag() should use restore_perms() rather than + set_perms() to restore the uid. + [eba7a91c1f57] + + * src/sudo.c: + In exec_setup() call setuid(0) to make certain the subsequent uid + and gid changes will succeed. Fixes a problem on Ubuntu. + [c5d32abf0645] + + * src/sudo_edit.c: + Error out if we cannot change to root's uid so we catch the failure + early. + [7a2e7f8f2c80] + +2010-11-22 Todd C. Miller + + * doc/sudoers.pod: + fix typo; from Michael T Hunter + [a574a9d0db5b] + + * plugins/sudoers/match.c: + In sudoedit mode, assume command line arguments are paths and pass + FNM_PATHNAME to fnmatch(). + [ce0abff8ce9f] + +2010-11-20 Todd C. Miller + + * configure, configure.in: + Add workaround for an error in sys/types.h on HP-UX 11.23 when large + file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the + broken bits of the header file. + [e337217f097a] + + * aclocal.m4: + Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM + [fbbcee28961f] + + * sudo.pp: + For Tru64, strip off beta version. + [eeccd762df5e] + + * MANIFEST, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h: + Avoid conflicts with system definitions in grp.h and pwd.h + [b219ffe1da09] + + * zlib/gzguts.h: + Include stdio.h after zlib.h, not before. We need the large file + defines to come first. + [21d6df39790f] + +2010-11-19 Todd C. Miller + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: + regen + [3ff8750d0aac] + + * Makefile.in: + Don't clean ChangeLog + [ab0d30d289d4] + + * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Add prototype for cleanup() + [75626fd3769a] + +2010-11-18 Todd C. Miller + + * plugins/sudoers/group_plugin.c: + Avoid deferencing group_plugin if it is NULL in + group_plugin_query(). This should not happen. + [4f2933c8da7e] + + * plugins/sudoers/group_plugin.c: + group plugin init function return TRUE when successful + [198024477030] + +2010-11-17 Todd C. Miller + + * plugins/sudoers/ldap.c: + Enlarge the array of entry wrappers int blocks of 100 entries to + save on allocation time. From Andreas Mueller + [375c916bb03b] + + * plugins/sudoers/ldap.c: + Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2() + that was mistakenly dropped. + [1555f5bc132d] + +2010-11-16 Todd C. Miller + + * doc/TROUBLESHOOTING: + Mention that sudo needs "ar" to build. + [65582ace2d09] + + * configure, configure.in: + Fail with a more useful error if "ar" is not found. + [d1cb83719c17] + +2010-11-14 Todd C. Miller + + * plugins/sudoers/ldap.c: + Merge in ordered LDAP entry support from Andreas Mueller and add + local changes from the 1.7 branch. + [bca29e461618] + +2010-11-12 Todd C. Miller + + * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, + doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add timed entry support from Andreas Mueller. + [e18d1df46a8d] + + * plugins/sudoers/group_plugin.c: + Don't try to unload if group_plugin is NULL. Don't call dlclose() if + group_handle is NULL + [de2273da37d5] + + * plugins/sudoers/sudoers.h: + It is now plugin_cleanup(), not cleanup() + [da62a4e1a78c] + + * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: + Call plugin_cleanup(), not cleanup() + [e800ad8b33ad] + +2010-11-11 Todd C. Miller + + * plugins/sudoers/ldap.c: + Use efree() not free() and remove malloc.h include since we never + directly call malloc() or free(). + [107fffd134bb] + +2010-11-09 Todd C. Miller + + * sudo.pp: + set PSTAMP for Solaris and move the backend-specific bits to their + own %if [xxx] %endif blocks in %set. + [a94ebe8920c1] + + * pp: + sync with git repo + [75ff509696b4] + + * configure, configure.in: + Only substitute file zlib files when using the builtin zlib + [6c8145b2deb4] + + * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Give up on using VPATH to find sources as it is implemented + inconsistenly in different versions of make. + [60517c69aaee] + + * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, + plugins/sudoers/gram.c, plugins/sudoers/toke.c: + Include config.h before any other includes to make sure we get the + right value for _FILE_OFFSET_BITS. + [8fb007ca832e] + + * MANIFEST: + Add zlib + [04a3e23dfaa9] + + * zlib/Makefile.in: + Add missing targets + [40e45a177168] + + * src/Makefile.in: + g/c unused $(GENERATED) + [c8758068c1bc] + +2010-11-08 Todd C. Miller + + * plugins/sudoers/group_plugin.c: + Zero out group_plugin on unload just to be safe. + [0b10f4d101ca] + + * plugins/sudoers/group_plugin.c: + Unload group plugin if its init function fails. + [6552cdac4b7c] + + * src/sudo.c: + Only chdir to cwd if it is different from the current cwd or there + is a new root (chroot). + [b8203e875e84] + + * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in: + Bump version to 1.8.0b2 + [6dadeb75a878] + +2010-10-28 Todd C. Miller + + * INSTALL: + Better --enable-zlib description + [e0da54fa59a6] + + * mkpkg: + Use system zlib on Linux Let configure decide on Solaris For all + others, use builtin zlib + [3d52eddb523c] + + * zlib/zconf.h.in: + Add large file support. + [bec01215270d] + + * config.h.in: + Add large file support. + [244e95b034ec] + + * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod, + zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c, + zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c, + zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c, + zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h, + zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h, + zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in, + zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: + Add local copy of zlib for systems that lack it. + [7542ca465c5a] + +2010-10-15 Todd C. Miller + + * src/exec.c: + If perform_io() fails, kill the child before exiting so it doesn't + complain about connection reset. We can get an I/O error if, for + example, and we get EIO reading from stdin. + [e59a05fa729f] + +2010-10-12 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c: + Fix complilation on systems with set_auth_parameters() Sprinkle + volatile to quiet warnings from gcc 2.8.0 + [a34c2b924ba7] + + * compat/dlfcn.h, compat/dlopen.c: + Avoid potential namespace issues with dlopen() emulation. + [aedfababd6ca] + + * MANIFEST: + sync + [6afb97e6d308] + + * plugins/sudoers/interfaces.c: + Use INADDR_NONE instead of casting -1 to in_addr_t (which may not + exist). + [ddfca5af1a36] + + * Makefile.in: + Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg + [e9d04bfa4505] + + * configure, configure.in: + HP-UX 10.20 libc has an incompatible getline + [2e7bc202e78d] + + * plugins/sudoers/visudo.c: + Quiet an HP-UX compiler warning. + [55b9d587ac8c] + + * configure, configure.in: + Check for vi even with --with-editor specified; the sample plugin + needs it. + [94dfc3643f76] + +2010-10-11 Todd C. Miller + + * compat/dlopen.c: + Fix remaining syntax errors. + [9d729b5b577e] + + * src/Makefile.in: + sudo binary depends on the libtool-generated libs + [9e6148406adb] + + * plugins/sudoers/group_plugin.c, src/load_plugins.c: + Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to + include the local or system dlfcn.h + [68cfe4c1089b] + + * pp: + Don't use run_as_superuser=false on HP-UX + [532242370b09] + + * src/net_ifs.c: + Use memset() instead of zero_bytes() since we don't include + sudoers.h + [a187c18c2472] + + * plugins/sudoers/interfaces.c: + Fix pasto; AF_INET not AF_INET6 + [2d2e9d7dc6f9] + + * compat/dlopen.c: + Actually call shl_load() + [ed8153b8a3cd] + + * pp: + Update from git repo. Debian: version numbers now compliant with + policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX + 10.20 + [ecf2692bceeb] + + * configure, configure.in: + Fix dlopen() detection for systems where dlopen() is in a separate + library. + [fa6b175582b6] + + * plugins/sudoers/auth/pam.c: + If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more + useful message and return AUTH_FATAL so sudo does not keep trying to + validate the user. + [1be8857e5291] + + * src/preload.c: + sudo_preload_table is an array + [b7704e72a9da] + + * compat/dlopen.c: + Quiet a compiler warning and fix sudo_preload_table external + definition. + [8234987664cc] + + * compat/dlfcn.h: + Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype. + [8bab6a4053cc] + + * plugins/sudoers/group_plugin.c: + Make this compile correctly when no dlopen is available. + [57643879bd2b] + +2010-10-07 Todd C. Miller + + * plugins/sudoers/check.c: + Having a timestamp file defined is no longer indicative of tty + tickets being enabled. Check def_tty_tickets directly. + [efcc11ad157f] + + * src/exec_pty.c, src/sudo.h, src/ttysize.c: + Fix TCGETWINSZ compat. + [da3a8b17cf7a] + +2010-10-02 Todd C. Miller + + * src/exec_pty.c, src/ttysize.c: + Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE + [926492dd10a6] + +2010-10-01 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c: + Move set_project() from sudoers module into sudo proper. + [beabafac03b4] + + * configure, configure.in: + Fix typo and regenerate + [4a3caf4234f3] + + * plugins/sudoers/ldap.c: + When iterating over returned LDAP entries, keep looking at remaining + matches even if we have a positive match. This catches negative + matches that may exist in other entries and more closely match the + sudoers file behavior. + [f47db6e609b0] + + * pp: + Add support for multiple package instances on Solaris. + [7f2a8b942545] + + * src/exec.c: + Add missing signal_pipe[0] to fdsr for the non-pty case. + [79d01e11b19c] + + * mkpkg: + Add --with-project for Solaris + [ffa4c2bb93f7] + + * README: + Need ar and ranlib too + [5c2f679172ef] + +2010-09-27 Todd C. Miller + + * plugins/sudoers/env.c: + Preserve ODMDIR environment variable by default on AIX. + [bd47cb1e804f] + +2010-09-26 Todd C. Miller + + * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, + config.h.in, configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c, + src/preload.c: + Add dlopen() emulation for systems without it. For HP-UX 10, emulate + using shl_load(). For others, link sudoers plugin statically and use + a lookup table to emulate dlsym(). + [e92edfb3c642] + +2010-09-24 Todd C. Miller + + * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c, + compat/nanosleep.c, compat/utimes.c: + When including compat headers, use the compat dir as part of the + path so we are sure to get the correct header. + [6c2a45da6af5] + +2010-09-21 Todd C. Miller + + * plugins/sudoers/linux_audit.c: + Ignore ECONNREFUSED from audit_log_user_command() which will occur + if auditd is not running. + [d314fe4c8d03] + +2010-09-17 Todd C. Miller + + * pp: + Sync with git version + [1c0357744222] + +2010-09-16 Todd C. Miller + + * common/fileops.c, plugins/sudoers/defaults.c: + Cast isblank argument to unsigned char. + [c822dbb3ca54] + +2010-09-14 Todd C. Miller + + * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: + Implement --with-umask-override configure flag. + [863e3047df22] + + * plugins/sudoers/env.c: + Take MODE_LOGIN_SHELL into account when initially setting reset_home + instead of special-casing it later. + [5d6b16480fd6] + + * plugins/sudoers/sudoers.c: + In login mode, make a copy of the runas user's pw_shell for + NewArgv[0] because 1) we modify it and 2) it will runas_pw gets + freed before exec. + [1d1ccb568dfa] + + * plugins/sudoers/env.c: + Reset HOME for "sudo -i" even if HOME was listed in env_keep. + [c1c1c65a2d63] + + * src/sudo.c: + Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK. + [7443454e5f88] + + * src/sudo.c: + Reset signal mask at sudo startup time; we need to be able to rely + on normal signal delivery to control the child process. + [95800163ff94] + +2010-09-13 Todd C. Miller + + * install-sh: + Use sed instead of expr to split a flag from its argument. Fixes a + problem with expr interpreting its arguments as a flag when they + start with a dash. + [736065e14301] + + * common/lbuf.c: + Do not need sys/time.h after all + [91f6f668ccda] + + * common/lbuf.c: + Include sys/time.h for utimes() and struct timeval. No longer need + ioctl.h or termios.h + [2d75273d3213] + + * compat/snprintf.c: + Quiet bogus compiler warnings. + [fe252e1968f5] + + * include/missing.h: + Declare innetgr() for HP-UX which is missing a declaration. Declare + domainname() for HP-UX and Solaris which are missing a declaration. + [b37c50751138] + + * plugins/sudoers/bsm_audit.c: + Use __sun for consistency with the rest of the sources. + [6b086b61ccb6] + + * plugins/sudoers/group_plugin.c: + Quiet a bogus compiler warning. + [ebc069842c4a] + + * plugins/sudoers/pwutil.c: + Don't try to delref a NULL group. + [f6ff0838be21] + + * common/alloc.c, common/lbuf.c: + Include memory.h on systems that need it. + [4e676da81c6f] + +2010-09-11 Todd C. Miller + + * src/exec.c: + Quiet gcc warnings on glibc systems that use warn_unused_result for + write(2). + [0532da0b7cf7] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + sudo_plugin is in section 8; from Ted Percival + [b4506a0de87e] + + * plugins/sudoers/Makefile.in: + testsudoers depends on libsudoers.la, not sudoreplay + [cdb1cc3bf06a] + +2010-09-10 Todd C. Miller + + * src/exec.c: + Read as many signals on the signal pipe as we can before returning. + [b181671da047] + + * src/exec.c, src/exec_pty.c, src/sudo_exec.h: + Instead of using a array to store received signals, open a pipe and + have the signal handler write the signal number to one end and + select() on the other end. This makes it possible to handle signals + similar to I/O without race conditions. + [ee84d65c16b6] + +2010-09-09 Todd C. Miller + + * doc/visudo.pod, plugins/sudoers/visudo.c: + Make "visudo -c -f -" check the standard input. + [195a3d2a9a26] + + * doc/sudoers.pod: + set_home and always_set_home have an effect if HOME is present in + the env_keep list. + [159d0b9dc5c8] + + * plugins/sudoers/env.c: + Make -H flag work when HOME is listed in env_keep. Also makes + "set_home" and "always_set_home" override override HOME in env_keep. + [a3e5b966193f] + +2010-09-08 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/match.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/net_ifs.c: + Convert sudoers plugin to use interface list passed in settings. + [87d9b5f4f586] + + * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c, + src/parse_args.c, src/sudo.h: + Query local network interfaces in the main sudo driver and pass to + the plugin as "network_addrs" in the settings list. + [7f35bcfe77a7] + + * plugins/sudoers/bsm_audit.c: + Solaris BSM audit return EINVAL when auditing is not enabled, + whereas OpenBSM returns ENOSYS. + [411b980ec58b] + +2010-09-07 Todd C. Miller + + * compat/fnmatch.c: + missing.h should come before most local includes + [53921a7b8b5b] + + * plugins/sudoers/sudoreplay.c: + missing.h should come before most local includes + [e9abb0db1aac] + + * plugins/sudoers/sudoers.h: + Make local includes consistent; use double quotes for local includes + except for generated ones where we use angle brackets. + [09de4faa9547] + + * plugins/sudoers/sudoers.c: + Always fill in NewArgv for audit code. + [7c3aca60519f] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add missing LOG_INPUT/LOG_OUTPUT support in the lexer. + [007cf6560f92] + + * common/alloc.c, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c, + common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c, + compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, + compat/getprogname.c, compat/glob.c, compat/isblank.c, + compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c, + compat/nanosleep.c, compat/setenv.c, compat/snprintf.c, + compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, + compat/unsetenv.c, compat/utimes.c, include/compat.h, + plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, + plugins/sample_group/plugin_test.c, + plugins/sample_group/sample_group.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/linux_audit.c, plugins/sudoers/match.c, + plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h, + src/sudo_noexec.c, src/ttysize.c: + Make local includes consistent; use double quotes for local includes + except for generated ones where we use angle brackets. Also g/c + unused compat.h. + [e57070dc8f04] + +2010-09-06 Todd C. Miller + + * plugins/sudoers/match.c: + When matching the runas user and runas group (-u and -g command line + options), keep track of runas group and runas user matches + separately. Only return a positive match if we have a match for + both runas user and runas group (if specified). + [815219e04cc8] + +2010-09-04 Todd C. Miller + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for multiple URI lines by joining the contents and + passing the result to ldap_initialize. + [a47cae3b72e8] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: + Do not return -1 on error from the display functions; the caller + expects a return value >= 0. + [101456a7dd00] + + * plugins/sudoers/sudoers.c: + Do not set both MODE_EDIT and MODE_RUN + [8faa36694d54] + +2010-09-03 Todd C. Miller + + * include/missing.h: + Move includes to the top of the file. + [a51436798e8c] + +2010-08-30 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Add missing definition of timedir + [458a749c2c5e] + + * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c, + compat/mksiglist.c, compat/strsignal.c, + plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c: + Add #include of sys/types.h for .c files that include missing.h to + be sure that size_t and ssize_t are defined. + [08e3132dbf4f] + + * plugins/sudoers/Makefile.in: + Install sudoers file from the build dir not hte src dir. + [ca89e962dbf4] + +2010-08-26 Todd C. Miller + + * plugins/sudoers/set_perms.c: + If runas_pw changes, reset the stashed runas aux group vector. + Otherwise, if runas_default is set in a per-command Defaults + statement, the command runs with root's aux group vector (i.e. the + one that was used when locating the command). + [24f9107cedd2] + + * plugins/sudoers/Makefile.in: + Add target to generate sudoers file Remove generated sudoers file as + part of distclean + [fb7422e90f03] + +2010-08-24 Todd C. Miller + + * src/exec.c: + When not logging I/O install a handler for SIGCONT and deliver it to + the command upon resume. Fixes bugzilla #431 + [495dce52a5aa] + +2010-08-21 Todd C. Miller + + * plugins/sudoers/sudoers.h: + g/c unused auth_pw extern definition + [40eb7477ba17] + + * plugins/sudoers/check.c, plugins/sudoers/sudoers.c: + Move get_auth() into check.c where it is actually used. + [e31db0ce3a61] + +2010-08-20 Todd C. Miller + + * common/lbuf.c: + Convert a remaining puts() and putchar() to use the output function. + [d69e363a506b] + + * plugins/sudoers/plugin_error.c: + Plug memory leak + [68895469ea8d] + +2010-08-18 Todd C. Miller + + * plugins/sudoers/env.c: + Set dupcheck to TRUE when setting new HOME value if !env_reset but + always_set_home is true. Prevents a duplicate HOME in the + environment (old value plus the new one) introduced in f421f8827340. + [9ca19183794f] + + * configure, configure.in, plugins/sudoers/sudoers, + plugins/sudoers/sudoers.in: + Substitute sysconfdir in the installed sudoers file to get the + correct path for sudoers.d. + [86072b6cd55d] + +2010-08-17 Todd C. Miller + + * src/get_pty.c: + Fix typo that prevented compilation on Irix; Friedrich Haubensak + [b48be51b65fc] + +2010-08-16 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, + common/atobool.c, common/fileops.c, common/fmt_string.c, + common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c, + compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c, + compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, + compat/getprogname.c, compat/glob.c, compat/isblank.c, + compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c, + compat/nanosleep.c, compat/setenv.c, compat/snprintf.c, + compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, + compat/unsetenv.c, compat/utimes.c, include/compat.h, + include/missing.h, plugins/sample/sample_plugin.c, + plugins/sample_group/getgrent.c, + plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in, + plugins/sudoers/audit.c, plugins/sudoers/boottime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c, + src/sudo.h, src/sudo_noexec.c, src/ttysize.c: + Merge compat.h and missing.h into missing.h + [572909ae9716] + +2010-08-14 Todd C. Miller + + * plugins/sudoers/auth/pam.c: + If the user hits ^C while a password is being read, error out before + reading any further passwords in the pam conversation function. + Otherwise, if multiple PAM auth methods are required, the user will + have to hit ^C for each one. + [23782631748c] + +2010-08-12 Todd C. Miller + + * plugins/sudoers/check.c: + Update comment + [a5296cb3a20a] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document sudo_conv_t function and sudo_printf_t return values. + [745c0017814c] + + * src/conversation.c: + Make _sudo_printf return the number of characters printed on success + like printf(3). + [8eeefe8d7e77] + +2010-08-10 Todd C. Miller + + * plugins/sudoers/sudoers.c: + sudoers.h includes sudo_plugin.h for us + [cabe68e07807] + + * common/Makefile.in, common/gettime.c, compat/mkstemps.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h, + src/sudo_edit.c: + Use gettimeofday() directly instead of via the gettime() wrapper. + [7490426c99ae] + + * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c, + compat/strerror.c, config.h.in, configure, configure.in, + include/compat.h, include/missing.h, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c: + Remove some obsolete configure tests, ancient Unix systems are no + longer supported. + [2be6218c3a36] + +2010-08-07 Todd C. Miller + + * sudo.pp: + Set pp_kit_version and strip off patch level + [aacfda1b676d] + + * sudo.pp: + Better handling of versions with a patchlevel. For rpm and deb, use + the patchlevel+1 as the release. For AIX, use the patchlevel as the + 4th version number. For the rest, just leave the patchlevel in the + version string. + [638bd35f2346] + +2010-08-06 Todd C. Miller + + * plugins/sudoers/auth/sudo_auth.c: + For non-standalone auth methods, stop reading the password if the + user enters ^C at the prompt. + [82c2911bb264] + + * configure, configure.in, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/pwutil.c: + No need to look up shadow password unless we are doing password- + style authentication. This moves the shadow password lookup to the + auth functions that need it. + [ba9e3eba2b72] + + * plugins/sudoers/sudoers.c: + Retain final passwd/group refs until the policy close() function. + Note that this doesn't get called in all cases so putting this in a + cleanup function is probably better. + [bbe214cb4119] + + * plugins/sudoers/check.c: + Fix mismerge + [395115f89dd6] + + * plugins/sudoers/check.c: + When removing/resetting the timestamp file ignore the tty ticket + contents. + [b709f5667a0b] + + * plugins/sudoers/sudoers.c: + delref sudo_user.pw, runas_pw and runas_gr immediately before we + return. + [4d67d15dfd3b] + +2010-08-04 Todd C. Miller + + * plugins/sudoers/check.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Reference count cached passwd and group structs. The cache holds + one reference itself and another is added by sudo_getgr{gid,nam} and + sudo_getpw{uid,nam}. The final ref on the runas and user passwd and + group structs are persistent for now. + [e544685523c3] + + * doc/UPGRADE: + fix typo + [e32f2d35e6c9] + +2010-08-03 Todd C. Miller + + * plugins/sudoers/check.c: + Do not produce a warning for "sudo -k" if the ticket file does not + exist. + [1598f6061b75] + + * plugins/sudoers/pwutil.c: + Instead of caching struct passwd and struct group in the red-black + tree, store a struct cache_item which includes both the key and + datum. This allows us to user the actual name that was looked up as + the key instead of the contents of struct passwd or struct group. + This matters because the name in the database may not match what we + looked up, due either to case folding or truncation (historically at + 8 characters). Also mark the disabled calls to sudo_freepwcache() + and sudo_freegrcache() as broken since we use cached data for things + like set_perms() and the logging functions. Fixing this would + require making a copy of the structs for user and runas or adding a + reference count (better). + [225d4a22f60e] + + * plugins/sudoers/Makefile.in: + Fix path to mkinstalldirs + [b4968379b12d] + + * plugins/sudoers/check.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/exec_pty.c, src/get_pty.c, src/tgetpass.c: + Quiet gcc warnings on glibc systems that use warn_unused_result for + write(2) and others. + [c99f138960e0] + +2010-08-02 Todd C. Miller + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add %option noinput + [72b9cd49b4f1] + + * aclocal.m4, configure, configure.in: + Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add + back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when + cross-compiling. + [e385c176d0ee] + +2010-07-31 Todd C. Miller + + * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in: + Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT + and AC_CHECK_SIZEOF([long int]) instead of rolling our own. + [cf3e60d9c440] + +2010-07-29 Todd C. Miller + + * pp: + Update to latest version + [32f93be33961] + +2010-07-28 Todd C. Miller + + * sudo.pp: + Let pp determine pp_aix_version itself. + [7cf0245d84ed] + + * INSTALL, config.h.in, configure, configure.in, mkpkg, + plugins/sudoers/sudoers.c: + Add support for Ubuntu admin flag file and enable it when building + Ubuntu packages. + [00e27cff2dfb] + + * plugins/sudoers/sudoers, sudo.pp: + Add commented out SuSE-like targetpw settings + [4605d47b7413] + + * configure, configure.in: + Only try to use +DAportable for non-GCC on hppa + [75d0f284ccf7] + + * configure, configure.in: + Prevent configure from adding the -g flag unless in devel mode + [b1fd3f8d45c0] + +2010-07-27 Todd C. Miller + + * sudo.pp: + Go back to sudo-flavor to match existing packages and only use an + underscore for those that need it. + [d737069d1e1c] + + * sudo.pp: + Use sudo_$flavor instead of sudo-$flavor since that causes the least + amount of trouble for the various package managers. + [71f547af35fc] + + * mkpkg: + Fix handling of the ldap flavor Remove destdir unless --debug was + specified Make distclean before running configure if there is a + Makefile present + [6316f08de7d3] + + * sudo.pp: + Add back include file. + [195627bf68b8] + + * mkpkg: + Pass extra args on to configure on HP-UX, if we don't have the HP C + compiler, disable zlib to prevent gcc from finding it in + /usr/local/lib. + [473efa0e2bac] + + * mkpkg: + Use the HP ANSI C compiler on HP-UX if possible + [fb249b6b175d] + + * plugins/sudoers/sudoreplay.c: + Some getline() implementations (FreeBSD 8.0) do not ignore the + length pointer when the line pointer is NULL as they should. + [2410a1a3543c] + + * plugins/sudoers/sudoreplay.c: + Don't need to check for *cp being non-zero, isdigit() will do that. + [7df11ea8a487] + + * plugins/sudoers/sudoreplay.c: + Add setlocale() so the command line arguments that use floating + point work in different locales. Since sudo now logs the timing + data in the C locale we must Parse the seconds in the timing file + manually instead of using strtod(). Furthermore, sudo 1.7.3 logged + the number of seconds with the user's locale so if the decimal point + is not '.' try using the locale-specific version. + [4d385765f23b] + + * src/exec.c: + Do I/O logging in the C locale so the floating point numbers in the + timing file are not locale-dependent. + [5961cec044ec] + + * plugins/sudoers/sudoreplay.c: + Use errorx() not error() for thingsthat don't set errno. + [0fe5e692af84] + +2010-07-26 Todd C. Miller + + * pp: + Better support for 1.2.3 style versions in Tru64 kits + [997c549bb777] + + * sudo.pp: + Add Tru64 kit support + [e273a954f981] + + * pp: + Remove apparently unnecessary use of sudo + [be8840d85125] + + * Makefile.in, plugins/sudoers/Makefile.in: + Create timedir as part of install-dirs target. + [c736bc2fb14f] + + * src/exec_pty.c: + Handle ENXIO from read/write which can occur when reading/writing a + pty that has gone away. + [fa2e8059879f] + + * plugins/sudoers/pwutil.c: + sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL + [3a045475d5ee] + + * mkpkg: + platform is a pp flag not a variable + [12eba39a47c1] + + * Makefile.in, mkpkg, sudo.pp: + Add simple arg parsing for mkpkg so we can set debug, flavor or + platform. + [ada839fe252d] + + * pp: + Make rpm backend work on AIX 5.x + [549a76d11393] + +2010-07-25 Todd C. Miller + + * plugins/sudoers/sudoers: + Add commented out Defaults entry for log_output + [7e67d7588900] + +2010-07-23 Todd C. Miller + + * doc/Makefile.in: + Remove sudo docdir completely + [dce8e82878ef] + + * doc/sample.sudo.conf: + Add sample sudo.conf + [aafdba3fc411] + +2010-07-22 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Add PACKAGE_TARNAME for docdir + [930c92b8f8f0] + +2010-07-23 Todd C. Miller + + * src/Makefile.in: + Pass install-sh -b~ here too. + [c3f5eb446c38] + + * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Install binary files with -b~ to make a backup. Fixes "text file + busy" error on HP-UX during install. + [81f306f54f8c] + + * install-sh: + "mv -f" on HP-UX doesn't unlink the destination first so add an + explicit rm before moving the temporary into place. + [fb719a79582d] + + * configure, configure.in: + Some more ${foo} -> $(foo) conversion for consistent Makefiles. + [0aa098770074] + + * doc/Makefile.in, plugins/sudoers/Makefile.in: + Install sudoers2ldif in the doc dir + [33ac3b53d7f5] + +2010-07-22 Todd C. Miller + + * pathnames.h.in: + Add missing include of maillock.h for Solaris + [5a58883be23a] + + * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE, + doc/sample.syslog.conf, doc/sudoers.cat: + Change the default syslog facility from local2 to authpriv (or auth + if the operating system doesn't support authpriv). + [3b70ba514f49] + + * Makefile.in, sudo.pp: + Install sudoers as /etc/sudoers on RPM and debian systems where the + package manager will not replace a user-modified configuration file. + This fixes upgrades from the vendor sudo packages. + [d886b6d60b5b] + + * pp: + RPM: use %config(noreplace) instead of %config for volatile This + results in the new file being installed with a .rpmnew suffix + instead of the file being replaced and the old one renamed with a + .rpmsave suffix. + [58be2119f8e8] + +2010-07-21 Todd C. Miller + + * compat/mkstemps.c, plugins/sudoers/boottime.c: + Include time.h for struct timeval + [ddf8b04f0276] + + * src/exec_pty.c: + The return value of strsignal() may be const and should be treated + as const regardless. + [620074ae1e77] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Mention that 127.0.0.1 will not match, nor will localhost unless + that is the actual host name. + [8b574122eb8f] + + * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE: + Rename WHATSNEW -> NEWS + [d1a2c8c47d89] + + * pp: + Updated pp with latest patches + [98e16b9b8f62] + + * WHATSNEW: + Sync with 1.7.4 + [65ac4dafeef7] + + * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/sudoers: + Add commented out line to add HOME to env_keep and add a warning to + the note about the HOME change in UPGRADE. + [0d6a775bb6c8] + +2010-07-20 Todd C. Miller + + * plugins/sudoers/sudoreplay.c: + Add LINE_MAX define for those without it. + [446d9dbe7859] + + * INSTALL, WHATSNEW, config.h.in, configure, configure.in, + doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/defaults.c: + The tty_tickets option is now on by default. + [a01c48206d80] + + * WHATSNEW: + Mention that AIX authdb support has been fixed. + [87bd7f4eba6a] + + * common/aix.c: + setauthdb() only sets the "old" registry if it was set by a previous + call to setauthdb(). To restore the original value, passing NULL + (or an empty string) to setauthdb() is sufficient. + [470da190a254] + +2010-07-19 Todd C. Miller + + * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, + doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/env.c: + Reset HOME when env_reset is enabled unless it is in env_keep + [f421f8827340] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + The default for set_logname has been "true" for some time now. + [f489da5674c3] + + * plugins/sudoers/boottime.c: + Add missing include of time.h + [624d7014932f] + + * plugins/sudoers/logging.c: + Fix check for dup2() return value. + [140ea2d50d20] + + * plugins/sudoers/env.c: + Add PYTHONUSERBASE to initial_badenv_table + [3149aae5b12c] + + * plugins/sudoers/visudo.c: + Treat an unknown defaults entry as a parse error. + [b3ebad73efb2] + + * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Check return value of setdefs() but don't stop setting defaults if + we hit an unknown one. + [945e752239ab] + + * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, + doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in, + plugins/sudoers/env.c: + If env_reset is enabled, set the MAIL environment variable based on + the target user unless MAIL is explicitly preserved in sudoers. + [a1b03e2e0e96] + +2010-07-17 Todd C. Miller + + * pp: + decode debian code names + [8741280d9960] + + * WHATSNEW: + fix typo + [a8a19451110b] + +2010-07-16 Todd C. Miller + + * WHATSNEW: + Merge with 1.7.4 + [9348fa7e15b8] + + * src/sudo.c: + Restore RLIMIT_NPROC after the uid switch if it appears that + runas_setup() did not do it for us. Fixes a bash script problem on + SuSE with RLIMIT_NPROC set to RLIM_INFINITY. + [786fb272e5fd] + +2010-07-15 Todd C. Miller + + * mkpkg, pp, sudo.pp: + Restore the dot removal in the os version reported by polypkg. Adapt + mkpkg and sudo.pp to the change. + [dcafdd53b88f] + +2010-07-16 Todd C. Miller + + * INSTALL: + document --with-pam-login + [ea93e4c6873c] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + The tag is NOSETENV, not UNSETENV. From Petr Uzel. + [2ac90d8de36e] + +2010-07-15 Todd C. Miller + + * sudo.pp: + Include flavor in solaris package name + [e605f6364c9f] + + * mkpkg: + Older shells don't support IFS= so set explictly to space, tab, + newline. + [7773960bc8a0] + + * mkpkg: + Use '=' not '==' in test + [c99d42bc48e6] + + * mkpkg: + Fix typo that prevented debian from matching + [84421078fcb7] + + * mkpkg: + Add missing prefix setting for debian + [6466f23de4aa] + + * sudo.pp: + Use tab indents to reduce the chance of problem with <<- Fix the + debian %set section, pp does not set pp_deb_distro Uncomment %sudo + line in sudoers for debian Uncomment some env_keep lines for RHEL, + SLES and debian to more closely match the vendor sudoers files. + Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on + debian for ldap flavor + [c5b49feb1a0c] + + * plugins/sudoers/sudoers: + Add commented out env_keep entries, sample Aliases and a %sudo line + for debian. + [387719e52d0f] + + * configure, configure.in: + Move zlib check later on in the script to avoid a strange shell + problem on SLES11. + [1a3153bb1291] + + * configure.in: + Remove check for egrep; configure has its own + [a3b9d98cb5d2] + +2010-07-14 Todd C. Miller + + * mkpkg: + Enable zlib for linux distros + [8fa51a1405a4] + + * mkpkg: + Add ldap flavor to default build + [97644f5a555f] + + * mkpkg, sudo.pp: + Simplify rpm linux distro settings + [b9dcf10cdf20] + + * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat: + Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo. + [2c549c1acde9] + + * Makefile.in: + Fix ChangeLog creation from build dir + [3d0c7904f173] + + * plugins/sudoers/sudoers.c: + Handle getcwd() failure. + [aef7bef87394] + + * doc/Makefile.in, mkpkg, sudo.pp: + Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR + environment variable. + [be6ed611b7a8] + + * sudo.pp: + Create sudo group on debian + [6ed6c032042e] + + * mkpkg, sudo.pp: + Add debian 4/5/6 and use the dot when doing version matches + [6bcb664d1f4f] + + * aclocal.m4, configure: + Use a loop when searching for mv, sendmail and sh + [d5e9369f8d13] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Remove spurious "and"; from debian + [a21e6f7c5b99] + + * aclocal.m4, configure, configure.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.pod: + Substitute the value of EDITOR into the sudoers and visudo manuals. + [cd79e587dd7f] + +2010-07-13 Todd C. Miller + + * mkpkg, pp, sudo.pp: + Initial support for debian 4.0 + [ac6707915fa8] + + * mkpkg: + Some platforms need -fPIE instead of -fpie + [fd6be19e5bc2] + + * plugins/sudoers/auth/pam.c: + Only set PAM_RHOST for Solaris, where it is needed to avoid a bug. + On Linux it causes a DNS lookup via libaudit. + [1e10105ade5b] + + * MANIFEST: + Update MANIFEST to match packaging changes + [ef86ee557b5b] + + * sudo.psf: + We now use pp to generate HP-UX packages + [f7aa8da7844e] + + * INSTALL.binary, plugins/sudoers/Makefile.binary.in: + Remove vestiges of old binary package bits. + [afffd005452f] + + * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + install-man -> install-doc + [99b5fa05567c] + + * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg, + plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp: + Use http://rc.quest.com/topics/polypkg/ for packaging + [5ca8eb75b223] + + * install-sh: + Just ignore the -c option, it is the default Add support for -d + option + [a8b6b0a131e8] + +2010-07-12 Todd C. Miller + + * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c: + Use _PATH_STDPATH instead of _PATH_DEFPATH + [137fa911908e] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Do not strip binaries. + [20166e287176] + + * INSTALL, configure, configure.in: + Add --insults=disabled configure option to allow people to build in + insult support but have the insults disabled unless explicitly + enabled in sudoers. + [523b8c552e90] + + * compat/mkstemps.c: + Add prototype for gettime() + [275eee40473b] + + * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c, + plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add support for a sudo-i pam.d file to be used for "sudo -i". + Adapted from a RedHat patch. + [06d34f16520b] + +2010-07-09 Todd C. Miller + + * include/missing.h: + Fix mkstemps() prototype + [2421841e815b] + + * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c, + config.h.in, configure, configure.in, include/missing.h, + src/sudo_edit.c: + Use mkstemps() instead of mkstemp() in sudoedit. This allows + sudoedit to preserve the file extension (if any) which may be used + by the editor (like emacs) to choose the editing mode. + [d33172d2c086] + +2010-07-08 Todd C. Miller + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, + plugins/sudoers/ldap.c: + TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses + TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client + code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you + should avoid disabling TLS_CHECKPEER is possible. + [196622436212] + +2010-07-07 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Make sudo_plugin format a bit more like a man page + [048d596e32da] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add suport for negated user/host/command lists in a Defaults entry. + E.g. Defaults:!baduser noexec + [d41112cf0342] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Add uninstall target + [fea66ebf136a] + + * common/Makefile.in, compat/Makefile.in: + Remove unused AR, SED and RANLIB variables + [2ff9928bfdb3] + + * Makefile.in: + Do not install sample plugins + [5443b87bd1c3] + +2010-07-06 Todd C. Miller + + * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure, + configure.in, plugins/sudoers/env.c: + Now that sudoers is a dynamically loaded module we cannot override + the libc environment functions because the symbols may already have + been resolved via libc. Remove getenv/putenv/setenv/unsetenv + replacements from sudoers and add replacements for setenv/unsetenv + for systems that lack them. + [3f2b43cb8851] + + * configure, configure.in, plugins/sudoers/Makefile.in: + Link testsudoers with -ldl when needed + [f79606f9fcd7] + + * plugins/sample_group/plugin_test.c: + Remove unused time.h and add limits.h for PATH_MAX + [3f5d0074d621] + + * doc/sudoers.ldap.pod: + Fix typo. + [bc855fd57397] + +2010-07-05 Todd C. Miller + + * plugins/sample_group/plugin_test.c: + Do not depend on strlcpy/strlcat + [6e7e2b5af051] + + * plugins/sample_group/plugin_test.c: + Standalone test driver for sudoers group plugin. + [eb1235fc3b8e] + +2010-07-02 Todd C. Miller + + * plugins/sudoers/group_plugin.c, src/load_plugins.c: + Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging + aid. + [2a34e616229b] + + * plugins/sample_group/sample_group.c: + Fix style nit in function declarations + [ab87c7c76bf9] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document group_plugin syntax. + [ed1faf72ddcb] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document the sudoers group plugin. + [f19a62dc8cfc] + + * INSTALL, MANIFEST, Makefile.in, config.h.in, configure, + configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h, + plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c, + plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c, + plugins/sudoers/match.c, plugins/sudoers/nonunix.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c: + Replace built-in non-unix group support with a sudoers group plugin. + Include a sample plugin that can read Unix-format group files. + [8fc58ce0b1a8] + + * configure, configure.in, src/load_plugins.c: + Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage. + [5c491dddb8ef] + +2010-07-01 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod: + Move sudoers-specific bits out of sudo(8) and into sudoers(5) + [e8a5a5830cfe] + + * aclocal.m4, configure, configure.in: + Substitute @io_logdir@ for the sudoers I/O log directory. + [21a75ca7b0ab] + +2010-06-29 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, + common/atobool.c, common/fileops.c, common/fmt_string.c, + common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c, + compat/getgrouplist.c, compat/getline.c, compat/glob.c, + compat/snprintf.c, config.h.in, configure, configure.in, + include/fileops.h, plugins/sample/sample_plugin.c, + plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c, + src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c, + src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c: + Set usrinfo for AIX Set adminstrative domain for the process when + looking up user's password or group info and when preparing for + execve(). Include strings.h even if string.h exists since they may + define different things. Fixes warnings on AIX and others. + [cf8b93e872c9] + + * Makefile.in: + Add a separate all target for AIX make which was using the entire + LHS (not just the first entry) of the first target as the implicit + target. + [a45b980a01ef] + + * plugins/sudoers/env.c: + Do not rely on env.env_len when unsetting a variable, just use the + NULL terminator. + [ca6eb239c829] + + * plugins/sudoers/env.c: + In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008 + [7046ba7caa4e] + +2010-06-25 Todd C. Miller + + * plugins/sudoers/vasgroups.c: + Use warningx() instead of log_error() since the latter is not + available to visudo or testsudoers. This does mean that they don't + end up in syslog. + [152b7c50f426] + + * plugins/sudoers/sudoers.c: + Defer call to sudo_nonunix_groupcheck_cleanup() until after we have + closed the sudoers sources. From Quest sudo. + [c1cd573bab94] + + * plugins/sudoers/pwutil.c: + Ignore case when matching user/group names in the cache. From Quest + sudo. + [2aa4ecc7d7f5] + +2010-06-24 Todd C. Miller + + * config.h.in, configure, configure.in, src/selinux.c: + Add check for setkeycreatecon() when --with-selinux is specified. + [affae247b4e0] + + * configure, configure.in: + Error out if libaudit.h is missing or ununable when --with-linux- + audit was specified + [d82e743fac04] + + * doc/HISTORY, doc/history.pod: + Add =head3 entries, mostly for the html version + [ee93112d0308] + +2010-06-22 Todd C. Miller + + * doc/HISTORY, doc/history.pod: + Mention when LDAP was incorporate. + [2923dc17f79c] + +2010-06-21 Todd C. Miller + + * configure, configure.in: + Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is + not covered by _ALL_SOURCE. + [c92fd69809d0] + +2010-06-18 Todd C. Miller + + * plugins/sudoers/iolog.c: + Add a cast to quiet a compiler warning. + [a200e07ee1bc] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Quiet a compiler warning. + [c9acfc927cea] + + * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Call set_fqdn() after sudoers has parsed instead of inline as a + callback. + [5f4e5d075f2d] + + * WHATSNEW, plugins/sudoers/sudoers.c: + Do not call set_fqdn() until sudoers parses (where is gets run as a + callback). + [09040fca6d40] + + * WHATSNEW: + mention the change in tty ticket behavior when there is no tty + [575a1fd98f05] + + * plugins/sudoers/check.c: + Do not update tty ticket if there is no tty. + [63f9c33ce6a7] + + * doc/LICENSE, doc/license.pod: + Update copyright year + [0722ab5d404b] + + * doc/Makefile.in: + Do not rely on BSD make's $> + [936a86398bd9] + + * configure, configure.in: + Set timedir to /var/db/sudo for darwin to match Apple sudo's + location + [d5b9b03096f1] + +2010-06-16 Todd C. Miller + + * plugins/sudoers/sudoers.h: + Add stub declarations for struct stat and struct timeval + [f6d90551a4fd] + + * MANIFEST: + Remove compat/sigaction.c + [d0ed6d9a770e] + + * config.h.in, configure, configure.in, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: + Check for zlib.h in addition to libz. + [6e191b4a6065] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h, + src/sudo_exec.h: + Move functions and symbols shared between exec.c and exec_pty.c into + sudo_exec.h. + [14ae63403544] + + * doc/Makefile.in: + Comment out rules to build .man.in and .cat files unless --with- + devel + [3cf7e5606a85] + + * doc/Makefile.in: + Comment out rules to build .man.in and .cat files unless --with- + devel + [d30495b0e29e] + + * src/parse_args.c: + Quote any non-alphanumeric characters other than '_' or '-' when + passing a command to be run via the shell for the -s and -i options. + [d633f74fe2d9] + + * doc/Makefile.in: + Add back .man suffix + [6e63b60a2739] + + * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, + src/selinux.c: + Add Linux audit support. + [5a2f445e0bd4] + +2010-06-15 Todd C. Miller + + * plugins/sudoers/iolog.c: + Remove an XXX + [a170cbe651d1] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, + plugins/sudoers/sudoreplay.c: + Add -f (filter) option to sudoreplay to allow certain streams to be + replayed and others ignored. + [62e51b432ea1] + + * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h, + src/tgetpass.c: + Fix -A flag when askpass is specified in sudo.conf or if sudo + doesn't need to read a password. + [2e401e4a00e3] + + * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c, src/tgetpass.c: + Clean up some XXXs + [689f0b002d3d] + + * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for multiple sudoers_base entries in ldap.conf. From + Joachim Henke + [e3e4a3c2bd5b] + + * config.h.in, configure, configure.in, plugins/sudoers/logging.c, + src/exec_pty.c: + remove setsid check, we require a POSIX system + [cc73cb9e22c0] + + * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c, + src/sudo.c, src/tgetpass.c: + Check for dup2() failure. + [5d46d66794f5] + + * config.h.in, configure, configure.in: + Remove dup2() check, it is not optional. + [5f1d56de4384] + +2010-06-14 Todd C. Miller + + * WHATSNEW: + sync with sudo 1.7.3 + [88e5c0bd6d59] + + * INSTALL: + SunOS does not ship with an ANSI compiler + [f13c85c67069] + + * INSTALL: + Update OS specific notes. Delete some really ancient ones and move + older ones to the end of the list. + [59ce592c4c52] + + * README: + Sudo can be downloaded from the web site too Mention "OS dependent + notes" section in INSTALL + [191871538984] + + * src/exec_pty.c, src/selinux.c: + Call selinux_restore_tty() as part of cleanup() so it gets called + from error()/errorx() + [bb017da6b6da] + + * MANIFEST, doc/PORTING: + Remove obsolete porting guide + [321e35591344] + + * plugins/sudoers/interfaces.h, plugins/sudoers/match.c: + Move union sudo_in_addr_un into interfaces.h + [b2c8b19ee094] + + * doc/Makefile.in: + Remove useless circular dependencies + [5682181b59cf] + + * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c: + Convert to ANSI C function declarations + [a4f76927d034] + + * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c, + common/zero_bytes.c, compat/charclass.h, compat/closefrom.c, + compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, + compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c, + compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, + compat/strlcpy.c, compat/timespec.h, compat/utime.h, + compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod, + include/alloc.h, include/error.h, include/lbuf.h, include/list.h, + include/missing.h, pathnames.h.in, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/match.c, + plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c, + plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, + plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c, + src/conversation.c, src/error.c, src/load_plugins.c, + src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c, + src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c: + Update copyright year + [26ac7991f7d8] + + * doc/Makefile.in: + Fix commented DEVDOCS when not in devel mode. + [e0a97eaf3793] + + * plugins/sudoers/match.c: + Quiet a compiler warning. + [b2a17ebd5d38] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Quiet a compiler warning. + [687843bc593d] + + * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h: + Make all functions in ldap.c static + [b2111e89eeba] + + * doc/schema.ActiveDirectory: + Updates from Alain Roy to provide better examples for importing the + schema and to fix problems caused by Windows validating attributes + which have not yet been added before committing the changes. + [69f4c5ccaf89] + +2010-06-11 Todd C. Miller + + * configure, configure.in, doc/Makefile.in, doc/sudo.cat, + doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, + doc/visudo.cat, doc/visudo.man.in: + Leave rules to build .man.in and .cat files uncommented but only + make them part of the "all" rule in devel mode. Generate .cat files + directly from .man.in instead of .man using default values in + configure.in + [c3054a44f6a5] + + * configure, configure.in: + Bump sudo version to 1.8.0b1 + [8f79c85135e1] + + * configure, configure.in, src/sudo.c, src/sudo_usage.h.in: + Print configure args with verbose version information. + [1ce690660ed2] + + * TODO, plugins/sudoers/visudo.c: + Remove tfd from struct sudoersfile; it is not used. Add prev pointer + to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE. + Use tq_append to append sudoers entries to the tail queue. + [1743f9a286e4] + +2010-06-10 Todd C. Miller + + * WHATSNEW: + Describe tty timestamp improvements + [e214e863a313] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + A comment character may not be part of a command line argument + unless it is quoted with a backslash. Fixes parsing of: + testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441 + [ea2e990f85ed] + + * doc/sudoers.pod: + Make this read a little bit better when passwd_timeout is 0. + [39d362757f31] + + * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod: + Attempt to handle a default password prompt timeout of zero more + gracefully. + [ea47d43acf5b] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Do not override value of keepopen global, instead restore it to the + value we pushed onto the stack when popping. + [fe282e5a3402] + + * plugins/sudoers/Makefile.in: + Add dependency for utility programs on libreplace and libcommon + [2339aba64928] + + * compat/sigaction.c, config.h.in, configure.in, include/compat.h, + plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, + src/exec.c, src/exec_pty.c, src/tgetpass.c: + Remove sigaction emulation Use SA_INTERRUPT in sa_flags + [7dd61f1bd8d2] + + * MANIFEST, config.h.in, configure, configure.in, include/missing.h: + We don't use getgrouplist() at the moment so there's no need to + provide a compat version. + [1597536fbada] + + * TODO: + sync with reality + [9e1a874e7885] + + * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, + src/conversation.c, src/sudo.h, src/tgetpass.c: + Fix visiblepw sudoers option; the plugin API portion still needs + documenting + [60b6933ef5e0] + + * src/sudo.c: + Print sudo version as well. + [987ed459b459] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Use sudo_printf for I/O log version Clarify policy plugin version + string + [5a58b7e8c80b] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c: + Silence some compiler warnings + [afb1eba90915] + + * src/load_plugins.c, src/tgetpass.c: + Store askpass path in a global instead of uses setenv() which many + systems lack. + [b440bcc0e660] + +2010-06-09 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/check.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c, + src/tgetpass.c: + Move askpass path specification from sudoers to sudo.conf. + [5507ab867c26] + + * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Use a flag bit in struct command_details for selinux instead of a + separate field. + [c59ca4acded9] + + * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Implement background mode. If I/O logging we use pipes instead of a + pty. + [c07a4b356cbd] + + * compat/mksiglist.c, compat/strsignal.c, include/compat.h, + src/exec.c, src/exec_pty.c, src/tgetpass.c: + Move compat definition of NSIG to compat.h + [ab0385467f25] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Mention plugins in the sudo manual and add some missing path + substitution in the sudo_plugin manual. + [570f831f47a3] + + * src/Makefile.in: + Set _PATH_SUDO_CONF based on $(sysconfdir) + [fde51869cf07] + + * common/lbuf.c, common/term.c, config.h.in, configure, configure.in, + src/exec.c, src/exec_pty.c, src/ttysize.c: + Require POSIX termios to build sudo + [9ec6b41f3f95] + + * src/tgetpass.c: + Ignore SIGPIPE for "sudo -S" + [7ad27fde0c06] + + * src/tgetpass.c: + Fix uninitialized variable in TGP_ECHO case and print a newline if + the user interrupted password input. + [ce19204d8dd4] + + * src/tgetpass.c: + Make TGP_ECHO override TGP_MASK and don't try to restore the + terminal if we didn't modify it. + [a7e11abfe7e4] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, + src/conversation.c, src/sudo.h, src/tgetpass.c: + Add SUDO_CONV_PROMPT_MASK define which corresponds to the + "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is + set. + [e0550590cabe] + + * src/exec_pty.c: + Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl + [762448182fe3] + +2010-06-08 Todd C. Miller + + * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h: + Add selinux_enabled flag into struct command_details and set it in + command_info_to_details(). Return an error from selinux_setup() + instead of exiting. Call selinux_setup() from exec_setup(). + [011bea23a5a0] + +2010-06-09 Todd C. Miller + + * src/exec_pty.c: + Remove commented out copy of old sudo_execve() function. + [9c5e21380472] + +2010-06-08 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Fix setting selinux type on command line. + [814b20a0b3be] + + * plugins/sudoers/iolog.c: + In sudoers_io_close(), skip NULL io_fds[] elements. + [4011ff7d4daf] + + * include/compat.h: + No longer need NGROUPS_MAX define + [cae4c49d7077] + + * compat/nanosleep.c, config.h.in, configure, configure.in, + include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c, + plugins/sudoers/visudo.c, src/sudo_edit.c: + Replace timerfoo macros with timevalfoo since the timer macros are + known to be busted on some systems. + [4f97d79f2d41] + + * src/exec_pty.c: + Remove duplicate call to selinux_setup(). + [82bd52764e21] + + * plugins/sudoers/auth/pam.c: + If pam_open_session() fails, pass its status to pam_end. + [1d8de4cf8ff3] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + If a file in a #includedir has improper permissions or owner just + skip it. This prevents packages that incorrectly install a file + into /etc/sudoers.d from breaking sudo so easily. Syntax errors in + #includedir files still result in a parse error (for now). + [ade99a4549a4] + + * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/iolog.c: + Add use_pty sudoers option to force use of a pty even when not + logging I/O. + [b280a8972a79] + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: + Make env_init() void as it never fails. + [d3890e55daa7] + + * plugins/sudoers/env.c: + No longer use _NSGetEnviron so don't need crt_externs.h + [9b4e0e139881] + + * plugins/sudoers/env.c: + Remove unused VNULL define + [a42cacb263e3] + +2010-06-07 Todd C. Miller + + * plugins/sudoers/iolog.c: + Add #define for maximum session id + [9e18c17a28c2] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h: + Split exec.c into exec.c and exec_pty.c + [d52376327332] + + * MANIFEST: + Sync with source file moves. + [4a62c6c9e846] + + * src/Makefile.in, src/get_pty.c, src/pty.c: + Rename pty.c -> get_pty.c + [5696a12bd29b] + +2010-06-06 Todd C. Miller + + * plugins/sudoers/iolog.c: + Only use I/O input log file if def_log_input is set and output file + if def_log_output is set. + [d866992f1681] + +2010-06-04 Todd C. Miller + + * compat/strsignal.c: + Update copyright year + [a96f2593fd4e] + + * src/pty.c: + uid -> ttyuid + [c3454d74ebcb] + + * plugins/sudoers/sudoers.c: + For sudoedit, make a local copy of editor string si become part of + argv. If no editor environment variable, split def_editor on ':' + since it may be a colon-delimited path. + [2ee298506a6e] + + * src/sudo_edit.c: + Remove unneeded endpwent()/endgrent() + [623f6743d101] + + * doc/Makefile.in: + Use value of nroff from configure + [b2ce649125ab] + + * src/exec.c: + Add missing const to I/O log action function + [d764a3955e04] + + * plugins/sudoers/check.c: + Update copyright year and fix whitespace + [e648c35b16be] + + * configure, configure.in: + Fix typo + [8e0bdfc47da4] + + * plugins/sudoers/iolog.c: + Remove redundant tty signal blocking in log function. + [f17f575dabd4] + +2010-06-03 Todd C. Miller + + * plugins/sudoers/iolog.c: + Place static keyword where it belongs + [b01aec7c86b4] + + * plugins/sudoers/logging.c: + Always use a printf format string for send_mail() + [13b1ada644c9] + + * common/atobool.c, plugins/sudoers/ldap.c: + Extend atobool() so we can use it in the LDAP code. + [73f8e6807044] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: + Sudo now stashes tty ctime for tty_tickets on Solaris too. + [e82df13ad3fd] + + * plugins/sudoers/boottime.c: + Fix dummy version of get_boottime() + [01d69c06013b] + +2010-06-02 Todd C. Miller + + * plugins/sudoers/check.c: + Enable tty_is_devpts() support for Solaris with the "devices" + filesystem. + [237c6b25fa84] + + * src/exec.c: + Unbreak the non-io logging case. + [4822b9f709fb] + + * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: + Fix symbol name conflict with sudo_printf. + [0d44eab0a8f6] + + * plugins/sudoers/auth/pam.c: + Fix OpenPAM detection for newer versions. + [1b2abed232d8] + + * plugins/sudoers/vasgroups.c: + Sync with Quest sudo git repo + [f1d98b3cba02] + + * aclocal.m4, configure, configure.in: + HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check + Add missing template for ENV_DEBUG Adapted from Quest sudo + [695dbd7b28f4] + + * README.LDAP: + Fix typos; from Quest Sudo + [4eba9da33b8e] + +2010-06-01 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Add back -I$(top_srcdir); we need it for including compat/foo.h + since we cannot rely on "foo.h" being found relative to the source + file when the cwd is different. + [bbf24695f325] + + * src/exec.c: + Fix a bug where we could treat EAGAIN as a permanent error. Also set + cstat if perform_io() returns an error. + [200475c4326f] + + * common/alloc.c, plugins/sudoers/boottime.c, + plugins/sudoers/sudoers.c: + Add casts to quiet compiler warnings. + [85eb1c336697] + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Fix typo in ternary operator usage. + [6492ac1450e2] + +2010-05-30 Todd C. Miller + + * INSTALL, configure, configure.in: + Add --enable-warnings and fix typo in SUDO_IO_LOGDIR + [92121d693b30] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: + Update docs to match sudoers I/O logging changes + [18d651989e49] + + * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in, + pathnames.h.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c: + Break sudoers transcript feature up into log_input and log_output. + [db3c1248d2ad] + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Use setprogname() as needed. + [6beee63a4553] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: + Adapt sudoreplay to iolog changes. + [581f52c05f0f] + +2010-05-29 Todd C. Miller + + * plugins/sudoers/iolog.c: + Log all input and output into separate files and store a number on + each timing file line to indicate which file the data is in. + [fb460c5273dd] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Make sudoers_io functions static to iolog.c + [b2df3cc3eecb] + +2010-05-28 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c, + src/sudo_usage.h.in: + Completely remove the -L flag from the sudo front end. + [3d220030b720] + + * plugins/sudoers/sudoreplay.c: + Fix EAGAIN handling when writing to stdout. + [4766d77cea49] + + * plugins/sudoers/sudoers.c: + Eliminate unused variables + [83bd711e79c4] + + * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c: + Re-enable cleanup functions in sudoers plugin and sudo driver for + error()/errorx(). + [43093f937dd8] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Use sudo_printf to display verbose version information. + [435cc9f8d4a2] + + * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Minor Makefile cleanup: fix a typo, change the removal order in the + clean targets, and remove a superfluous include path for the sudoers + plugin. + [6e3b2d6b4437] + + * plugins/sudoers/env.c: + Handle duplicate variables in the environment. For unsetenv(), keep + looking even after remove the first instance. For sudo_putenv(), + check for and remove dupes after we replace an existing value. + [c1bbb88d0435] + +2010-05-27 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Use explicit path to source file instead of $< for files that live + in devdir and top_srcdir. + [358ab7f6cc64] + + * plugins/sudoers/Makefile.in: + Add explicit rules to compile gram.c and toke.c for HP-UX Pevent + ending LIBSUDOERS_OBJS with a backslash + [481a5c96d47e] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Link libcommon before libreplace since libcommon may use functions + only present in libreplace. + [1847c496ff5b] + + * common/Makefile.in: + Move code common to sudo and the sudoers plugin to a convenience + library, libcommon. Removes the need to make links in the sudoers + plugin dir and reduces re-compilation of duplicate object files. + [4c8986352937] + + * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c, + common/term.c, common/zero_bytes.c, configure, configure.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c, + src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c, + src/zero_bytes.c: + Move code common to sudo and the sudoers plugin to a convenience + library, libcommon. Removes the need to make links in the sudoers + plugin dir and reduces re-compilation of duplicate object files. + [1d1d98bd55b9] + + * src/exec.c, src/sudo.c, src/sudo.h: + Rename script_execve to sudo_execve and rename script_foo in exec.c + [a35ec80de96a] + + * MANIFEST, src/Makefile.in, src/exec.c, src/script.c: + rename script.c exec.c and fix up the MANIFEST file + [36bc3bff9578] + + * src/script.c, src/sudo.c, src/sudo.h: + Rename script_setup() to pty_setup() and call from script_execve() + directly. + [899b0fb2a14d] + + * configure, configure.in: + bump version to 1.8.0a2 + [0b1c1ca9d4e5] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document init_session + [b5324785a406] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + Clean up the sudoers auth API a bit and update the docs. + [c40fd4cb6e68] + + * include/sudo_plugin.h, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/script.c, src/sudo.c: + Add init_session function to struct policy_plugin that gets called + before the uid/gid/etc changes. A struct passwd pointer is passed + in,which may be NULL if the user does not exist in the passwd + database.The sudoers module uses init_session to open the pam + session as needed. + [d71723320ee8] + +2010-05-26 Todd C. Miller + + * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add open/close session to sudo auth, only used by PAM. This allows + us to open (and close) the PAM session from sudoers. + [2665e2920d0d] + + * plugins/sudoers/Makefile.in: + Add explicit rule to build getdate.o for HP-UX make. + [7f049e989956] + + * plugins/sudoers/Makefile.in: + Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c + rules as an alternate way to prevent HP-UX make (and others) from + trying to rebuild the parser in non-dev mode. + [f84badad98c5] + + * plugins/sudoers/sudoers.c: + Re-enable PATH_MAX check for command + [40d8a50da136] + + * Makefile.in: + For distclean, clean the main directory last since the subdirs need + to be able to run libtool to clean things. + [8949a9861634] + + * compat/Makefile.in: + Fix generation of mksiglist.h + [b7cdc9b36650] + + * src/script.c: + Now that we defer sending cstat until the end of script_child() we + cannot reuse cstat when reading command status from parent. + [25c882643466] + +2010-05-25 Todd C. Miller + + * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + Use numeric registers to handle conditionals instead of trying to do + it all with text processing. + [478079c3fd4b] + + * doc/sudoers.pod: + Document per-command SELinux settings + [13840d566805] + + * plugins/sudoers/sudoers.c: + Repair "sudo -l -U username" + [10a0dcdf2ddf] + + * plugins/sudoers/sudoers.c: + Set selinux role and type in command details. + [8ae6d35a126d] + + * src/script.c, src/selinux.c, src/sudo.h: + Rework SELinux support. + [83279cc94bf2] + +2010-05-24 Todd C. Miller + + * src/script.c, src/selinux.c, src/sudo.h: + Make SELinux support compile again. Needs more work to be complete. + [3d3addebcf82] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c, + src/sudo.h: + Bring back closefrom settings. + [b1c6257d4bbb] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + If running a command or sudoedit in transcript mode, call + io_nextid() before log_allowed() so the session id is logged. + [c42f3ae40150] + + * configure, configure.in: + Use mandoc(1) if nroff(1) is not present. + [daad4bbd04af] + + * doc/Makefile.in: + Use the --file argument to config.status instead of setting + CONFIG_FILES in the environment. + [c89411a8bf70] + + * plugins/sudoers/Makefile.in: + We cannot conditionally update gram.h or the dependency ordering + gets messed up in devel mode. + [c938953231d9] + +2010-05-21 Todd C. Miller + + * Makefile.in, compat/Makefile.in, configure, configure.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Substitute @SHELL@ into Makefiles + [36aa6a095335] + + * config.sub: + Fix typo + [16d294d26b58] + + * config.guess, config.sub, configure, configure.in: + Update to autoconf 2.65 + [4fa6ea8caea3] + + * Makefile.in: + Fix libtool target (space vs. tabs) + [755cf3892618] + + * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c: + Remove use of RETSIGTYPE; all modern systems have signal handlers + that return void. + [42b4e3aee668] + + * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in, + ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, + m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Update to libtool-2.2.6b. I haven't made any local modifications + this time, which should be OK since we install sudo_noexec.so by + hand now. + [6f79ced593bb] + + * compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Use libtool to clean objects + [1581057d6472] + + * include/Makefile.in: + Install sudo_plugin.h as part of "make install" and make other + install targets callable from the top-level Makefile + [aaaeb027d774] + + * configure, configure.in: + regen with autoupdate to eliminate AC_TRY_LINK + [5d5541c230f5] + + * Makefile.in, compat/Makefile.in, configure, configure.in, + doc/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Install sudo_plugin.h as part of "make install" and make other + install targets callable from the top-level Makefile + [b258b8401b1c] + + * plugins/sample/sample_plugin.c: + The sample plugin doesn't support being run with no args so return a + usage error in this case. + [473b3cf965be] + + * plugins/sudoers/iolog.c: + Set close on exec flag for descriptors used for I/O logging so they + are not present in the command being run. + [2c7e8708df76] + + * plugins/sudoers/tsgetgrpw.c: + Set close on exec flag in private versions of setpwent() and + setgrent(). + [64fef78cb833] + + * src/script.c: + Close the I/O pipes aftering dup2()ing them to std{in,out,err}. + Fixes extra fds being present in the command when it is part of a + pipeline. + [060451617713] + + * plugins/sudoers/sudoers.c: + Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it + is used when logging). Note that user_ttypath will still be NULL if + there is no tty. + [31b69a6ecda7] + + * src/script.c, src/sudo.h: + Cosmetic changes: add comments, remove orphaned prototype and + make a global static. + [f7851af0143e] + +2010-05-20 Todd C. Miller + + * src/script.c: + Move check for maxfd == -1 to flush_output where it belongs. + [b826a95b4491] + + * src/script.c: + Break out of select loop if all the fds we want to select on are -1. + [f5b387024238] + + * src/sudo.c: + Avoid possible malloc(0) if plugin returns an empty groups list. + [9765a8fe5ce7] + + * src/sudo.c: + Add debugging info when calling plugin close function + [95a273c7ff66] + + * src/script.c: + Avoid closing stdin/stdout/stderr when we are piping output. + [330e76423caf] + + * src/script.c: + When execve() of the command fails, it is possible to receive + SIGCHLD before we've read the error status from the pipe. Re-order + things such that we send the final status at the very end and prefer + error status over wait status. + [b0dcf825244f] + +2010-05-19 Todd C. Miller + + * plugins/sudoers/auth/sudo_auth.c: + Fix compilation for non PAM/BSD auth/AIX auth + [e382b39d2e4f] + +2010-05-18 Todd C. Miller + + * src/script.c: + Additional checks to make sure we don't close /dev/tty by mistake. + When flushing, sleep in select as long as we have buffers that need + to be written out. + [8139cbd3dd54] + + * src/script.c: + Now that we can use pipes for stdin/stdout/stderr there is no longer + a need to error out when there is no tty. We just need to make sure + we don't try to use the tty fd if it is -1. + [666621635d26] + +2010-05-17 Todd C. Miller + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c: + Add argc and argv to I/O logger open function. + [0d7faa007d27] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h, + plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, + src/parse_args.c, src/sudo.c, src/sudo_edit.c: + Remove check_sudoedit function pointer in struct sudo_policy. + Instead, sudo will set sudoedit=true in the settings array. The + plugin should check for this and modify argv_out as appropriate in + check_policy. + [c0328e3276b8] + +2010-05-16 Todd C. Miller + + * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h, + src/sudo_edit.c: + If plugin sets "sudoedit=true" in the command info, enable sudoedit + mode even if not invoked as sudoedit. This allows a plugin to + enable sudoedit when the user runs an editor. + [96d67b99e42e] + +2010-05-15 Todd C. Miller + + * plugins/sudoers/Makefile.in: + gram.h must not depend on gram.y if we want to avoid unnecessary + rebuilding of targets dependent on gram.h when gram.y changes. + [9db4b767fdca] + + * plugins/sample/sample_plugin.c: + Refactor common bits of check_policy and check_edit + [ac4d366a04cf] + + * plugins/sample/sample_plugin.c: + Add sudoedit support + [a1a6cc4c0cef] + +2010-05-14 Todd C. Miller + + * plugins/sudoers/Makefile.in: + Rely more on VPATH; fixes a dependency issue with the parser. + [45e406ebdea2] + + * include/compat.h: + Fix typo introduced in last commit + [3ccb0f853d11] + + * include/compat.h: + Emulate seteuid using setreuid() or setresuid() as needed. There are + still a few places that call seteuid() directly. + [36e8efa3a99d] + + * src/parse_args.c, src/sudo_edit.c: + Attempt to fix building on systems that only have setuid. + [8e9ba4083318] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Clarify sudoedit a tad. + [d39dfaa14ade] + +2010-05-13 Todd C. Miller + + * src/sudo_edit.c: + Fix compilation on HP-UX + [f6e47843d139] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document sudoedit + [4cbf5196d993] + + * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: + Change how we handle the sudoedit argv. We now require that there + be a "--" in argv to separate the editor and any command line + arguments from the files to be edited. + [20623d549a3c] + + * include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c: + Work in progress support for sudoedit. The actual interface used by + the plugin for sudoedit is likely to change. + [c31262a31997] + + * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c: + Make find_path() a little more generic by not checking def_foo + variables inside it. Instead, pass in ignore_dot as a function + argument. + [9c23101a094d] + + * plugins/sudoers/env.c: + Add version of getenv(3) that uses our own environ pointer. + [0e3783e63534] + +2010-05-12 Todd C. Miller + + * src/script.c: + Avoid a potential race condition if SIGCHLD is received immediately + before we call select(). + [99adc5ea7f0a] + + * plugins/sudoers/sudoers.c: + Call env_init() before we open the sudoers sources as those may call + our setenv() replacement. + [5f82601f5ab0] + + * plugins/sudoers/env.c: + Initialize env_len in env_init() + [7ae02b3029b5] + +2010-05-11 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: + Document time stamp shortcomings under SECURITY NOTES Use "time + stamp" instead of timestamp. + [2b86120815b2] + + * doc/Makefile.in: + Make sed substitution of mansectsu and mansectform global. + [94588632dba0] + + * plugins/sudoers/check.c: + If the tty lives on a devpts filesystem, stash the ctime in the tty + ticket file, as it is not updated when the tty is written to. This + helps us determine when a tty has been reused without the user + authenticating again with sudo. + [0e62a31bceb0] + + * src/tgetpass.c: + Fix pasto in mulitple signal fix and use _NSIG not NSIG since that + is what our compat checks set. + [df50f0a040c9] + + * configure, configure.in: + Add check for whether sudo need to link with -ldl to get dlopen(). + This is a bit of a hack that will get reworked when libtool is + updated. + [63bdcf579533] + + * plugins/sudoers/check.c: + Fix timestamp removal with -k/-K + [6b4639fef973] + + * plugins/sudoers/Makefile.in: + audit.c is now private to the sudoers plugin + [1974f342ae0b] + + * configure, configure.in: + Link with -lpthread on HP-UX since a plugin may be linked with + -lpthread and dlopen() will fail if the shared object has a + dependency on -lpthread but the main program is not linked with it. + [d42139391263] + + * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c: + Add separate test for getresuid() since HP-UX has setresuid() but no + getresuid(). + [910fe727a374] + + * doc/Makefile.in: + Remove errant backslash + [dd5464257c69] + + * src/script.c: + Fix SIGPIPE handling. Now that we use may use pipes for + stdin/stdout we need to pass any SIGPIPE we receive to the running + command. + [3f6b1991f4fd] + + * src/script.c: + Also start the command in the background if stdin is not a tty. + [d93bc33a3740] + +2010-05-10 Todd C. Miller + + * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c: + No need to use pseudo-cbreak mode now that we use pipes when stdout + is not a tty. Instead, check whether stdin is a tty and if not, + delay setting the tty to raw mode until the command tries to access + it itself (and receives SIGTTIN or SIGTTOU). + [e68315cf8c6b] + + * src/tgetpass.c: + Use an array for signals received instead of a single variable so we + don't lose any when there are multiple different signals. + [2ac726dac864] + + * src/tgetpass.c: + Do signal setup after turning off echo, not before. If we are using + a tty but are not the foreground pgrp this will generate SIGTTOU so + we want the default action to be taken (suspend process). + [bebb6209c795] + +2010-05-07 Todd C. Miller + + * src/script.c: + Flush the iobufs on suspend or child exit using the same logic as + the main event loop. + [c627feee1035] + + * src/script.c: + Free memory after we are done with it. + [8db9b611b45a] + +2010-05-06 Todd C. Miller + + * doc/HISTORY: + Quest now sponsors Sudo development + [6cc490083bc7] + +2010-05-05 Todd C. Miller + + * doc/Makefile.in: + Install sudo_plugin man page. + [c253729790b2] + + * src/script.c: + Go back to reseting io_buffer offset and length (and now also the + EOF handling) in the loop we do the FD_SET, not after we drain the + buffer after write() since we don't know what order reads and writes + will occur in. + [5f38bfa8497f] + + * MANIFEST: + audit files moved to sudoers plugin directory + [b1ead182428e] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document plugin_printf and new logging functions. + [fe9430b60ab5] + + * src/script.c: + Add support for logging stdin when it is not a tty. There is still a + bug where "cat | sudo cat" has problems because both cat and sudo + are trying to read from the tty. + [04c9c59fcfba] + + * include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/sudoers.c, src/script.c: + Add separate I/O logging functions for tty in/out and + stdin/stdout/stderr. NOTE: stdin logging does not currently work and + is disabled for now. + [a36dfd4ca935] + +2010-05-04 Todd C. Miller + + * include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: + Add pointer to a printf like function to plugin open functon. This + can be used instead of the conversation function to display info and + error messages. + [98734eea8ef1] + + * Makefile.in: + Stop if make in a subdir fails + [228bb3ad2dbc] + + * src/script.c: + Only set user's tty to blocking mode when doing the final flush. + Flush pipes as well as pty master when the process is done. + [20ff67218666] + +2010-05-03 Todd C. Miller + + * plugins/sudoers/ldap.c: + Use print_error() when displaying ldap config info in debugging + mode. + [d142e0cacb22] + + * compat/Makefile.in, compat/strdup.c, compat/strndup.c: + No longer need strdup() or strndup() replacements. + [df53697174ec] + + * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.h: + Add print_error() function that uses the conversation function to + print a variable number of error strings and use it in log_error(). + [b1fa2861b575] + + * src/script.c, src/sudo.h, src/term.c: + Do not need the opost flag to term_copy() now that we use pipes for + stdout/stderr when they are not a tty. + [f42811f70a19] + + * src/script.c: + Use pipes to the sudo process if stdout or stderr is not a tty. + Still needs some polishing and a decision as to whether it is + desirable to add additonal entry points for logging + stdout/stderr/stdin when they are not ttys. That would allow a + replay program to keep things separate and to know whether the + terminal needs to be in raw mode at replay time. + [1a945e0ab2da] + +2010-04-30 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, + src/audit.c, src/bsm_audit.c, src/bsm_audit.h: + Move audit sources into the sudoers plugin dir; the driver does not + use them. + [50ec36422cd0] + + * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c, + compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c, + plugins/sudoers/boottime.c, plugins/sudoers/getdate.c, + plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c, + src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c, + src/term.c, src/ttysize.c: + Use angle brackets when including headers that can only be found + when an -I flag is specified. The files in the compat dir could get + away with double quotes here but I've converted all the source files + to use angle brackets for consistency. + [9e30a8fc6d4b] + + * plugins/sudoers/Makefile.in: + Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat + dir can be found when building outside the source tree. + [1150934b79dd] + + * plugins/sudoers/Makefile.in: + Clean up links in distclean + [78595028be8b] + + * plugins/sudoers/Makefile.in: + Hack around VPATH semantic differences by symlinking files we need + from ../../src into the current directory and build those. A better + fix would be to either make a .a or .la file with those files in it + or simply use a single, flat, Makefile instead of per-subdirs + Makefiles. + [892c332d3f05] + + * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c: + fmt_string is used by the sudoers plugin too so do not include + sudo.h (which is not really needed here anyway) + [231c35e3941f] + + * compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Fix building with non-BSD versions of make such as GNU make. + Requires VPATH support, which should be in any non-neolithic make. + [dc174f135919] + + * configure, configure.in, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c, + src/Makefile.in: + Re-enable bsm audit. Currently auditing is done within the sudoers + plugin itself. If possible, this should really be done in the main + driver but we don't presently have the needed data to do that. This + will be re-evaluated when Linux audit support is added. + [1d05a3236bfe] + + * compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Remove extraneous $srcdir and use more .c.lo and .c.o rules instead + of explicit rules in the dependency. + [88f80efd25f0] + + * plugins/sudoers/visudo.c: + Fix mismerge; alias_remove_recursive() now returns int + [6257a4849641] + +2010-04-29 Todd C. Miller + + * plugins/sudoers/visudo.c: + Fix a crash when checking a sudoers file that has aliases that + reference themselves. Based on a diff from David Wood. + [545d194484a7] + + * src/script.c: + Print signal info after restoring the tty mode, not before. + [a68618e67435] + + * src/script.c: + Defer call to alarm() until after we fork the child. Pass correct + pid to terminate_child() If the command exits due to signal, set + alive to false like we do when it exits normally. Add missing + check for errpipe[0] != -1 before using it in FD_ISSET + [22f0a1549391] + +2010-04-28 Todd C. Miller + + * plugins/sudoers/boottime.c: + Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h + [0e627170c6e8] + +2010-04-27 Todd C. Miller + + * src/Makefile.in: + Simplify dependencies by using .c.o and .c.lo rules. + [6abcaef5d1ac] + + * configure, configure.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Substitute in @PROGS@ into src/Makefile to add sesh + [cc46d3b6208f] + +2010-04-26 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Add back calls to log_denial() if sudoers does not allow the + command. + [9783316207f0] + + * plugins/sudoers/sudoers.c: + Pass in correct pwflag for list and validate. + [973dd56d4b81] + + * plugins/sudoers/env.c: + Add missing check for NULL in validate_env_vars + [1d6eb6957824] + + * src/Makefile.in: + Add sudo_noexec.la to "all" target, otherwise it only gets built at + install time. + [644a9694d2ef] - * Makefile.in: - Add missing $(srcdir) to sudo.man.in target - [2bd89f6ca9f3] + * plugins/sudoers/sudoers.c: + Only set sudo_user.env_vars if the env_add list is empty. + [fccdf6f0e0e2] - * Makefile.in: - Do not rely on BSD make's $> - [cb328b82cb92] + * plugins/sudoers/sudoers.c: + Set sudo_user.env_vars so that environment variables specified on + the command line get logged correctly. + [9b51012c491e] - * configure, configure.in: - Set timedir to /var/db/sudo for darwin to match Apple sudo's - location - [860c7f1b001f] + * plugins/sudoers/env.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Re-enable environment files and setting environment variables on the + command line. + [5662d5645dbd] -2010-06-16 Todd C. Miller +2010-04-24 Todd C. Miller - * Makefile.in, configure, configure.in: - Move aix.o from SUDO_OBJS to COMMON_OBJS - [f8a9bdf346c1] + * plugins/sudoers/check.c: + Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime() + a pointer to time_t as tv_sec in struct timeval may be long. + [4de0c46e788e] - * config.h.in, configure, configure.in, defaults.c, iolog.c, - sudoreplay.c: - Check for zlib.h in addition to libz. - [fb77e44d5196] + * plugins/sudoers/check.c: + Don't stash ctime in on-disk tty ticket info for now; on many + (most?) systems the ctime is updated when the tty is written to. + Once I have a better idea of what systems do not update ctime on + ttys (and have a way to test for this) the ctime stash will be + conditionally re-enabled. + [a90eeec0f648] - * Makefile.in, exec.c, exec_pty.c, sudo.h, sudo_exec.h: - Move functions and symbols shared between exec.c and exec_pty.c into - sudo_exec.h. - [e798d945424e] +2010-04-23 Todd C. Miller - * sudo.h: - Add missing prototypes for aix_setauthdb and aix_restoreauthdb - [8bc2af6d4e17] + * MANIFEST, Makefile.in: + Add back "dist" target, this time using a MANIFEST file + [29277c05499f] * Makefile.in: - Comment out rules to build .man.in and .cat files unless --with- - devel - [81d6726a19ab] + Remove Makefile in distclean target + [83d695f4f450] + + * Makefile.in, src/Makefile.in: + Update clean and cleandir targets + [ad7b2afeb9c1] + + * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c, + src/sudo.h: + Move fileops.c defines and prototypes to filesops.h + [4545e9b6892d] + + * plugins/sudoers/check.c: + Lock the tty timestamp when writing. We shouldn't have to lock when + reading since the file is updated via a single write system call. + [0c7276f02696] + +2010-04-22 Todd C. Miller + + * plugins/sudoers/alias.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c, + plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/nonunix.h, plugins/sudoers/parse.c, + plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c: + Convert to ANSI C function declarations + [9c45def57cf7] + + * plugins/sudoers/sudoers.h: + Remove extraneous bits and classify by source file. + [e8ea9f109ebb] + + * include/compat.h: + Add timercmp macro for systems without it + [d3bf87b1d08e] + + * plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/sudoers.h: + get_boottime() now fills in a timeval struct + [3573c3f44e11] - * aix.c, pwutil.c, set_perms.c, sudo.h: - Fix AIX compilation problems. - [7d95f73eca42] + * plugins/sudoers/check.c: + Store info from stat(2)ing the tty in the tty ticket when tty + tickets are in use. On most systems, this closes the loophole + whereby a user can log out of a tty, log back in and still have the + timestamp be valid. + [53380f9f5242] - * sudo.c: - Cast isalnum() arg to unsigned char. - [5fff9a81af00] + * config.h.in, configure.in: + Add timespec2timeval and use it when getting ctime/mtime + [4cb7f7caec2c] - * WHATSNEW: - Add Linux audit support. - [e59e0670ba79] +2010-04-20 Todd C. Miller - * sudo.c: - Quote any non-alphanumeric characters other than '_' or '-' when - passing a command to be run via the shell for the -s and -i options. - [d35a3f4cb3c0] + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Convert perm setting to push/pop model; still needs some work Use + the stashed runas groups instead of using getgrouplist() Reset perms + to the initial value on error + [09c072ebde8b] - * sudo.c: - Add missing braces that broke -i mode. - [7fe124b078ec] + * config.h.in, configure.in: + fix ctim_get and mtim_get macros + [58773dc1e360] - * linux_audit.c: - Fix linux_audit_command() return value - [0c582476181c] + * config.h.in, configure, configure.in, include/compat.h, + plugins/sudoers/check.c, plugins/sudoers/gettime.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c: + Use timeval directly instead of converting to timespec when dealing + with file times and time of day. + [a0ce1ae00a67] -2010-06-15 Todd C. Miller + * plugins/sudoers/Makefile.in: + Don't like sudoreplay with libsudoers.la due to a yacc symbol + conflict. + [f1a59cc63a15] - * Makefile.in, linux_audit.c, linux_audit.h: - Add Linux audit support. - [b207dc9960de] +2010-04-18 Todd C. Miller -2010-06-16 Todd C. Miller + * configure, configure.in: + Darwin >= 9.x has real setreuid(2) + [7ec942a64275] - * INSTALL, audit.c, bsm_audit.c, config.h.in, configure, configure.in, - logging.h, selinux.c: - Add Linux audit support. - [26ae31d7ff93] +2010-04-17 Todd C. Miller -2010-06-15 Todd C. Miller + * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: + Ansify env.c + [f58551bad10a] - * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: - Sync sudoreplay with trunk - [65b780cccfa5] + * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Remove remaining references to the environ pointer. + [96faa530816a] - * exec_pty.c: - Remove an XXX - [8304ac649241] +2010-04-16 Todd C. Miller - * aix.c, configure, configure.in, pwutil.c, set_perms.c, sudo.h: - Set usrinfo for AIX Set adminstrative domain for the process when - looking up user's password info and when preparing for execve(). - [52b48cbe97fd] + * config.h.in, configure, configure.in, plugins/sudoers/env.c: + Don't change the environ directly in the sudoers plugin + [6db48ed3f7e0] - * ldap.c, parse.c: - Better prefix determination now that we can't rely on len==0 to tell - the beginning on an entry. - [32f1875d9605] +2010-04-15 Todd C. Miller - * WHATSNEW, ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, - sudoers.ldap.pod: - Add support for multiple sudoers_base entries in ldap.conf. From - Joachim Henke - [3c0b59fce7b4] + * plugins/sudoers/sudoers.c: + Fix typo + [4aa452b07f8f] - * configure, configure.in: - Remove duplicate setsid check - [7712d6d52da1] + * plugins/sudoers/alias.c: + Fix use after free in error message when a duplicate alias exists. + [ce1d2812ee34] - * Makefile.in, config.h.in, configure, configure.in, exec_pty.c, - logging.c, missing.h, setsid.c: - Move setsid emulation into setsid.c - [f24743c9e4e9] +2010-04-14 Todd C. Miller - * exec_pty.c, logging.c, selinux.c, sudo.c, tgetpass.c: - Check for dup2() failure. - [b1b6ba761b61] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + src/parse_args.c: + Add a "noninteractive" boolean to the settings passed in to the + plugin's open function that is set when the user specifies the -n + flag. + [68f8d9d6d4d0] - * config.h.in, configure, configure.in: - Remove dup2 check, it is not optional. - [cfbe5f3b5956] + * config.h.in, configure, configure.in, plugins/sudoers/env.c: + Add workaround for the lack of the environ pointer on Mac OS X in + dlopen()ed modules. Use of environ in the sudoers plugin should + ultimately be removed but this will do for the moment. + [80c61647434f] -2010-06-14 Todd C. Miller + * plugins/sudoers/visudo.c: + Set errorfile to the sudoers path if we set parse_error manually. + This prevents a NULL dereference in printf() when checking a sudoers + file in strict mode when alias errors are present. + [45e249ca99f7] - * WHATSNEW: - Add mbr_check_membership support and SELinux fixes - [af1936a7cf2f] + * plugins/sudoers/sudoers.c: + Main sudo no longer print "unable to execute" on exec failure so do + it here. + [50aaf62b43b5] - * Makefile.in: - Sync SRCS and DISTFILES with reality - [0971b5dcb1be] +2010-04-13 Todd C. Miller - * INSTALL: - Update OS specific notes. Delete some really ancient ones and move - older ones to the end of the list. - [872dd8b437a8] + * src/script.c: + Use a pipe to pass back errno to the parent if execve() fails. If we + get an error in script_child(), kill the command and exit. + [dc3bf870f91b] - * README: - Bump for sudo 1.7.3 Merge some changes from trunk - [a3088c75bf22] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + src/parse_args.c, src/sudo.c: + Handle plugin's open function returning -2 (usage error). + [aadf900c1de8] - * selinux.c, sudo.c: - Call selinux_restore_tty() as part of cleanup() so it gets called - from error()/errorx() - [0197c07d4c1e] + * src/script.c: + If execve() fails, leave it to the plugin to print an error string. + [e25748f2d5b9] - * compat.h: - No longer use SA_NOCLDSTOP - [73ca654cd3f8] + * src/script.c: + If execve fails in logging mode, pass the errno directly to the + grandparent on the backchannel and exit. The immediate parent will + get SIGCHLD and try to report that status but its parent will no + longer be listening. It would probably be cleaner to pass this over + a pipe in script_child(). + [cb122acc81a8] - * interfaces.h, match.c: - Move union sudo_in_addr_un into interfaces.h - [c84bda7c332a] + * plugins/sudoers/sudoers.c: + Don't override rval with results of check_user() unless it failed. + [46fb7e87ac7d] - * pathnames.h.in: - Update copyright year - [94871f44206b] +2010-04-12 Todd C. Miller - * HISTORY, LICENSE, aix.c, alias.c, alloc.h, boottime.c, bsm_audit.h, - compat.h, defaults.c, defaults.h, env.c, fileops.c, find_path.c, - gettime.c, gram.y, history.pod, lbuf.h, license.pod, logging.c, - match.c, missing.h, nanosleep.c, parse.h, set_perms.c, - sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, - sudoreplay.c, term.c, tgetpass.c, toke.l, visudo.c, visudo.cat, - visudo.man.in, visudo.pod: - Update copyright year - [4cfb47c799b8] + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Fix typo + [ccd0b693f3da] - * Makefile.in: - Remove varsub as part of clean - [61f04a21b0bb] + * src/parse_args.c: + NULL-terminate env_add + [2c534368a0c3] - * match.c: - Quiet a compiler warning. - [06d8cfe916c8] +2010-04-11 Todd C. Miller - * getdate.c, getdate.y: - Quiet a compiler warning. - [473d2b7d44a1] + * src/sudo.c: + Call the I/O log open function before the I/O version function. + [e88bf898990b] - * ldap.c, sudo.h: - Make the remaining functions in ldap.c static - [ba555565b30a] + * plugins/sudoers/iolog.c: + Remove io_conv and just use sudo_conv + [a280052468eb] - * ldap.c: - Make private functions static. Diff from Joachim Henke - [1603035b1863] + * plugins/sudoers/set_perms.c: + Fix set/restore perms for systems w/o setresuid + [4160517f6666] - * schema.ActiveDirectory: - Updates from Alain Roy to provide better examples for importing the - schema and to fix problems caused by Windows validating attributes - which have not yet been added before committing the changes. - [83f11ae00f19] +2010-04-10 Todd C. Miller -2010-06-12 Todd C. Miller + * plugins/sudoers/check.c, plugins/sudoers/logging.c, + plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Primitive set/restore permissions. Will be replaced by a push/pop + model. + [aae102290866] - * Makefile.in, configure, configure.in, sudo.cat, sudoers.cat: - Generate .cat files directly from .man.in instead of .man using - default values in configure.in - [0a92b41c5ce5] + * src/script.c: + Only need to take action on SIGCHLD in parent if no I/O logger. If + there is an I/O logger we will receive ECONNRESET or EPIPE when we + try to read from the socketpair. + [e1e4560401f6] -2010-06-11 Todd C. Miller +2010-04-09 Todd C. Miller - * configure, configure.in, sudo.c, sudo_usage.h.in: - Print configure args with verbose version information. - [ca4a5fcf0af8] + * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.pod, plugins/sudoers/find_path.c: + Merge fb4d571495fa from the 1.7 branch to trunk. + [c8fb424ad4d2] + +2010-04-08 Todd C. Miller + + * src/script.c: + Don't set SA_RESTART when registering SIGALRM handler. Do set + SA_RESTART when registering SIGWINCH handler. + [173472b76525] + + * doc/Makefile.in: + Add dev targets for *.man.in and *.cat that don't specfify the + $(srcdir) prefix. + [b62f425da2e4] + + * src/script.c: + If log_input or log_output returns false, terminate the command. + [074f4c0c34a0] + + * src/script.c: + Better signal handling. Instead of using a single variable to store + the received signal, use an array so we can't lose a signal when + multiple are sent. Fix process termination by SIGALRM in non-I/O + logger mode. Fix relaying terminal signals to the child in non-I/O + logger mode. + [7a4723aca99d] + + * src/script.c: + Fix a race between when we get the child pid in the parent and when + the child process exits. The problem exhibited as a hang after a + short-lived process, e.g. "sudo id" when no IO logger was enabled. + [80bcc0aca70b] - * visudo.c: - Remove tfd from struct sudoersfile; it is not used. Add prev pointer - to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE. - Use tq_append to append sudoers entries to the tail queue. - [344c631d0d43] +2010-04-07 Todd C. Miller -2010-06-10 Todd C. Miller + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Add a note about the security implications of the fast_glob option. + [c37a92ab7c93] - * WHATSNEW: - Describe tty timestamp improvements - [136b0f832903] +2010-04-06 Todd C. Miller - * toke.c, toke.l: - A comment character may not be part of a command line argument - unless it is quoted with a backslash. Fixes parsing of: - testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441 - [2a0c82ffedde] + * config.h.in, configure, configure.in: + Fix up some AC_DEFINE descriptions and regen config.h.in + [f4655adc0db3] - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: - regen - [c9fddd23c7e1] +2010-04-05 Todd C. Miller - * sudoers.pod: - Make this read a little bit better when passwd_timeout is 0. - [51644950823f] + * include/missing.h: + No longer check for strdup or strndup for LIBOBJ replacement. + [fdc764ee8109] - * Makefile.in: - Use the --file argument to config.status instead of setting - CONFIG_FILES - [fc2b42c60b5d] + * src/script.c: + Avoid installing signal handlers that are io-logger specific. Fixes + job control when no io logger is enabled. + [0853dd0906d4] - * sudo.man.pl, sudo.pod: - Attempt to handle a default password prompt timeout of zero more - gracefully. - [478b8e720993] + * doc/Makefile.in: + Only regen man pages from pod when configured with --with-devel + [ab1995f8103d] - * toke.c, toke.l: - Do not override value of keepopen global, instead restore it to the - value we pushed onto the stack when popping. - [dc370d57a668] +2010-04-04 Todd C. Miller - * exec.c, exec_pty.c, logging.c, mon_systrace.c, tgetpass.c: - Use SA_INTERRUPT in sa_flags - [3845c6637361] + * Makefile, Makefile.in, configure, configure.in: + Top-level Makefile.in. Nothing is currently substituted but this is + needed for separate build dirs. + [e80873cbd201] - * getdate.c, getdate.y, ldap.c, sudoreplay.c: - Silence some compiler warnings - [112ac65afd0c] + * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Fix out-of-tree builds + [59a35bef07b8] -2010-06-09 Todd C. Miller + * Merge + [386b848047e9] - * exec.c, exec_pty.c, sudo.c, sudo.h: - Implement background mode. If I/O logging we use pipes instead of a - pty. - [8d448eaf2aaa] + * doc/Makefile.in: + We always install sudoreplay in 1.8 + [ce52ba6617c9] - * compat.h, exec.c, exec_pty.c, mksiglist.c, strsignal.c, tgetpass.c: - Move compat definition of NSIG to compat.h - [cae72a4c9dec] +2010-04-03 Todd C. Miller - * tgetpass.c: - Ignore SIGPIPE for "sudo -S" - [c6595c8527c4] + * compat/siglist.in: + SIGPOLL is sometimes the same as SIGIO (like on HP-UX) + [6d69e1b05faf] - * tgetpass.c: - Properly handle TGP_ECHO again. Print a newline if the user - interrupted password input. - [15acbe4fb535] +2010-04-02 Todd C. Miller - * exec_pty.c: - Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl - [dd041fc9554c] + * configure, configure.in: + No need to provide strdup() or strndup(), sudo uses estrdup() and + estrndup() + [57ec23b72958] + +2010-04-04 Todd C. Miller + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Free str after using it in the version method. Use sudo_conv, not + io_conv since we don't have the IO conversation function pointer in + the I/O version method anymore now that io_open is delayed. + [f2ed132adeb0] + +2010-04-02 Todd C. Miller + + * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h, + compat/siglist.in: + Add license to mksiglist.c and note that the bits from pdksh are + public domain + [d8121a2467e8] + + * compat/Makefile.in: + Fix LIBOBJDIR vs. srcdir wrt the siglist bits + [164160148421] + + * plugins/sudoers/Makefile.in: + Add sudoreplay testsudoers and visudo to clean target + [138a17e51c0c] + + * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h, + compat/siglist.in, compat/strsignal.c, configure, configure.in, + include/missing.h, src/script.c: + Create our own sys_siglist for systems without it for use by + strsignal() + [2e5da011ebc3] + + * compat/Makefile.in: + Remove duplicate $(LIBOBJDIR) + [adf9abc9432f] + +2010-04-01 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c: + Main sudo should not block signals; the plugin should do this in + check_policy. + [3f3736a7c5ed] + +2010-03-31 Todd C. Miller + + * src/script.c: + Fix a sizeof(ptr) vs. sizeof(*ptr) + [aa1bcf5afcce] + + * src/script.c: + Unlike most operating systems, HP-UX select() is not interrupted by + SIGCHLD when the signal is registered with SA_RESTART. If we clear + SA_RESTART when calling sigaction() for SIGCHLD we get the expected + behavior and the code in the select() loops already handles EINTR + correctly. + [9eba0115e35a] + + * compat/getprogname.c: + progname should be const + [130228f062b7] + + * plugins/sudoers/Makefile.in: + Move --tag=disable-static to when we link sudoers.la, not when we + install. + [ceb5e6c3b78b] + + * src/load_plugins.c: + Load the sudoers I/O plugin by default too now that it is hooked up. + [ea38befd0742] + +2010-03-30 Todd C. Miller + + * src/pty.c: + It looks like AIX doesn't need to push STREAMS modules for ptys. + [22da618ba0a1] -2010-06-08 Todd C. Miller +2010-03-28 Todd C. Miller - * exec.c, exec_pty.c, selinux.c, sudo.c, sudo.h: - Return an error from selinux_setup() instead of exiting. Call - selinux_setup() from exec_setup(). - [b518225cafba] + * src/parse_args.c, src/sudo.c: + Delay calling the I/O plugin open function until the policy plugin + returns success. + [f3297c325b48] - * compat.h: - Add definition of WCOREDUMP for systems without it. This is known - to work on AIX and SunOS 4, but may be incorrect on other systems - that lack WCOREDUMP. - [365e56db7cd5] +2010-03-27 Todd C. Miller - * check.c, compat.h, config.h.in, configure, configure.in, iolog.c, - nanosleep.c, sudo_edit.c, visudo.c: - Replace timerfoo macros with timevalfoo since the timer macros are - known to be busted on some systems. - [4bb5228606c5] + * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add back io logging (transcript) support. Currently, the open + function runs too early and it is not possible to use the io module + independently of the policy module. + [9bd932f66226] - * toke.c, toke.l: - If a file in a #includedir has improper permissions or owner just - skip it. This prevents packages that incorrectly install a file - into /etc/sudoers.d from breaking sudo so easily. Syntax errors in - #includedir files still result in a parse error (for now). - [b7fb75eddb77] + * plugins/sudoers/set_perms.c: + Comment out dead code; will be removed when set_perms is rewritten. + [af7a995284f8] - * TODO, auth/pam.c, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h: - Defer call to pam_close_session() until after the command finishes - if there is a monitor process. - [0a39c8e6a81b] +2010-03-23 Todd C. Miller - * WHATSNEW, def_data.c, def_data.h, def_data.in, exec.c, sudoers.cat, - sudoers.man.in, sudoers.pod: - Add use_pty sudoers option to force use of a pty even when not - logging I/O. - [aea971f1456a] + * plugins/sudoers/sudoers.c: + Fix off by one error when allocating user_groups. + [6281fcf9c3bb] - * env.c, sudo.c, sudo.h: - Instead of trying to keep the global environment in sync with our - private copy, provide our own getenv() that returns values from the - private environment and use env_get() to pass the environment in to - run_command(). - [58c85c5695dc] +2010-03-22 Todd C. Miller - * set_perms.c: - Fix typo - [0f677fcdde04] + * configure, configure.in, plugins/sudoers/Makefile.in: + Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris. + [fbce3e9eda3a] + + * plugins/sudoers/sudoers.c: + Fix typo in preserve groups case + [1fd72024fb5a] + + * plugins/sudoers/sudoers.c: + In command_info it is "runas_groups" not "groups". + [5c64dce4f285] + + * src/sudo.c: + Fix iteration over runas_groups list. + [b3c45a0cd643] + + * configure, configure.in, plugins/sudoers/env.c, + plugins/sudoers/match.c, src/script.c: + Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch. + [a8108a0776c2] + + * compat/getgrouplist.c: + getgrouplist(3) for those without it + [4ab4d21e3b16] + + * plugins/sudoers/sudoers.c: + Set preserve_groups or groups list in command_info + [1266119ad654] + + * src/sudo.c: + Fix setting of groups list + [e75315e40bd4] + + * config.h.in, configure, configure.in, include/compat.h, + include/missing.h: + Add checks for getgrset and getgrouplist and use replacement + getgrouplist if the system doesn't support it. + [a62b8ba50863] + + * src/parse_args.c: + Pass in preserve_groups when the -P flag is specified as per the + design + [7420c5d15474] + + * plugins/sudoers/sudoers.c: + Check preserve_groups and ignore_ticket args with atobool instead of + assuming they are true if present. + [71c905702697] + +2010-03-21 Todd C. Miller + + * plugins/sudoers/Makefile.in, plugins/sudoers/error.c, + plugins/sudoers/plugin_error.c: + Rename plugin-specific error.c to plugin_error.c Wire up visudo, + sudoreplay and testsudoers in the build + [9d581d5fa4d4] + + * src/Makefile.in, src/term.c: + term.c does not needto include sudo.h + [f6683cdcd2dd] + + * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.pod: + Document the -2 return in the check_policy section too + [e9cb4c34bbcf] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/parse_args.c, src/sudo.c, src/sudo.h: + Fix the -s and -i flags and add support for the "implied_shell" + option. If the user does not specify a command, sudo will now pass + in the path to the user's shell and set impied_shell=true. The + plugin can them either check the command normally or return -2 to + cause sudo to print a usage message and exit. + [bf889c38f229] + +2010-03-19 Todd C. Miller + + * config.h.in, configure, configure.in, src/load_plugins.c: + Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for + Darwin where libraries end in .dylib but modules end in .so + [2c56aaa38e21] + + * plugins/sudoers/parse.c: + Better prefix determination now that we can't rely on len==0 to tell + the beginning on an entry. + [622bf18179e9] + + * plugins/sudoers/ldap.c: + display_bound_defaults() stub should return 0, not 1 since it is a + count, not a boolean. + [0327a6c3d55d] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document progname in settings + [42031d56a2e3] + + * compat/getprogname.c, include/compat.h, + plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, + src/parse_args.c, src/sudo.c: + Rewrite compat/getprogname.c and add setprogname(). The progname is + now passed to the plugin via the settings array. + [25d8663e6006] + + * configure, configure.in, plugins/sudoers/Makefile.in: + Fix --with-ldap + [b64b633f426d] + + * plugins/sudoers/sudo_nss.c: + Add missing whitespace for Runas and Command-specific defaults + [65f4ddf5545e] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sudo_nss.c: + Use embedded newlines in lbuf instead of multiple calls to + lbuf_print. + [eed3af9cc3e1] + + * src/lbuf.c: + Add support for embedded newlines. + [e11f79b18deb] + +2010-03-18 Todd C. Miller + + * compat/getprogname.c: + If system doesn't support getprogname or __programe and we are + building a shared object don't bother with Argc/Argv, just return + "sudo" + [aebde9062be7] + + * config.h.in, configure, configure.in, src/load_plugins.c: + Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool + appears to always install a shared object with the .so suffix. + [f9bbd0c0e9d3] + + * compat/Makefile.in, configure, configure.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Play more nicely with libtool and let it build libreplace (was + libmissing) for us. + [a4c6ebb2495c] + + * include/missing.h: + Include stdarg.h for va_list rather than requiring all consumers of + missing.h to include stdarg.h themselves. + [37382df948de] + + * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c, + src/parse_args.c: + Pass in output function to lbuf_init() instead of writing to stdout. + A side effect is that the usage info can now go to stderr as it + should. + [6d261261a072] + +2010-03-17 Todd C. Miller + + * include/lbuf.h, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c, + src/parse_args.c, src/sudo.c: + Use number of tty columns that is passed in user_info instead of + getting it directly in the lbuf code. + [8a16635c2638] + + * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/interfaces.h, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/match.c, + plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/visudo.c: + Kill __P in sudoers + [63601e6cb171] + + * config.h.in, configure, configure.in, src/load_plugins.c: + Set the sudoers plugin name in configure so we get the extension + right. + [edad89924cd1] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document lines/cols in user_info + [a808872394f3] + + * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c: + Add tty size to user info + [23f3d27e77a7] + + * src/script.c: + Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ + [a2208dd09051] + +2010-03-16 Todd C. Miller + + * plugins/sudoers/sudoers.c: + Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error + out if we fail to lookup the user's name that is passed in + [e4e3728ed482] + + * plugins/sudoers/error.c: + Pass the error value back via siglongjmp. + [667b8ad575ce] + + * plugins/sudoers/check.c: + Use conversation function for lecture. + [1ab4719f509b] + + * plugins/sudoers/check.c: + Don't update ticket file if verify_user returns FALSE. + [2bbc46a39a2b] + +2010-03-15 Todd C. Miller + + * plugins/sudoers/sudoers.c, src/sudo.c: + Wire up invalidate and validate methods for sudoers + [c0630c7bca47] + + * plugins/sudoers/check.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add support for -k flag with a command. + [edad239b098b] + + * src/parse_args.c: + Allow -k to be specified with a command. + [43a45add9974] + + * plugins/sudoers/sudoers.c: + Wire up policy_list + [27cc35699eca] + + * plugins/sudoers/error.c: + Add newline at the end of message and space after the colon in + warning message + [5a591aa8e744] + + * plugins/sudoers/auth/sudo_auth.c: + Add missing newline after pass password warning + [337dba3870a7] + + * plugins/sudoers/sudoers.c: + Set user_groups and user_ngroups based on user_info + [61bee85128c8] + + * plugins/sudoers/error.c: + Make this compile + [7041c441e1c8] + + * plugins/sudoers/error.c, plugins/sudoers/sudoers.c: + Make _warning in error.c use the conversation function and remove + commented out warning/warningx in sudoers.c. + [7c9b09024b63] + + * plugins/sudoers/logging.c: + Use siglongjmp() in log_error for fatal errors + [b50e26f1c73f] + + * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in: + Quiet a libtool warning + [b2331fb006bc] + + * Makefile: + Build sudoers plugin + [5cdf06e66978] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Use warningx in yyerror() so the conversation function gets used + when built as part of sudoers. + [85f964215eef] + +2010-03-14 Todd C. Miller + + * plugins/sudoers/auth/pam.c: + Rename sudo_conv to conversation to avoid a namespace conflict. + [1ad359d36be9] + + * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/error.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c: + Initial bits of sudoers plugin; still needs work. + [af2a2c59a952] -2010-06-07 Todd C. Miller + * config.h.in: + Add HAVE_STRDUP and HAVE_STRNDUP + [50a3c0dd510f] - * sudo.h: - Rename pty.c -> get_pty.c - [39137dcc4420] + * compat/Makefile.in, configure, configure.in: + Build libmissing in two flavors (one PIC one non-PIC) and link with + the appropriate one. + [b62f411a4c18] - * iolog.c: - Add #define for maximum session id - [2a487437f013] + * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c, + compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in: + Build libmissing in two flavors (one PIC one non-PIC) and link with + the appropriate one. + [e1e04972b5fe] - * Makefile.in, configure, configure.in, exec.c, exec_pty.c, iolog.c, - selinux.c, sudo.c, sudo.h, sudo_edit.c: - Split exec.c into exec.c and exec_pty.c Pass a flag in to - sudo_execve to indicate whether we need to wait for the command - to finish (fork + execve vs. execve). - [b197515585db] +2010-03-13 Todd C. Miller - * Makefile.in, configure, configure.in, get_pty.c, pty.c: - Rename pty.c -> get_pty.c - [c0e5270bb28a] + * include/missing.h: + Add strdup and strndup and fix strsignal + [c159babe2896] - * aclocal.m4, configure, configure.in: - Fix --without-iologdir - [dcd6c5907b10] +2010-03-12 Todd C. Miller -2010-06-06 Todd C. Miller + * compat/strdup.c, compat/strndup.c, configure, configure.in, + plugins/sample/Makefile.in, src/Makefile.in: + Add strdup and strndup to compat + [25c9fd399a4d] - * iolog.c: - Only use I/O input log file if def_log_input is set and output file - if def_log_output is set. - [96cdd49be996] + * plugins/sample/sample_plugin.c: + Need to include compat.h before missing.h + [c94f7aad380f] -2010-06-05 Todd C. Miller + * compat/strsignal.c: + Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if + it doesn't exist configure will set it to 0. + [384580566389] - * parse_args.c, sudo.c: - Include sudo_usage.h after sudo.h now that it has function - prototypes to guarantee that __P is defined. - [c67b77f8d6b1] + * compat/glob.c: + Fix botched ANSI C coversion of globexp2() + [4a344b8cbe49] -2010-06-04 Todd C. Miller + * configure, configure.in: + Remove redundant getgroups check + [0b16ec210c81] - * tgetpass.c: - Do signal setup after turning off echo, not before. If we are using - a tty but are not the foreground pgrp this will generate SIGTTOU so - we want the default action to be taken (suspend process). Use an - array for signals received instead of a single variable so we don't - lose any when there are multiple different signals. - [de356064ea01] + * configure, configure.in, src/lbuf.c, src/script.c, src/term.c: + Require either termios or termio, no more sgtty. + [9b2fa2f17a1c] - * defaults.h, lbuf.h, sudo.h: - Reorg function prototypes a bit - [5c40f58bb28e] + * compat/strsignal.c, config.h.in, configure, configure.in: + Change the sys_siglist check to use AC_CHECK_DECLS and also check + for _sys_siglist and__sys_siglist + [2e078fed2408] - * Makefile.in, parse_args.c, sudo.c, sudo.h, sudo_usage.h.in: - Move argument parsing into parse_args.c - [fad7b8737c12] +2010-03-11 Todd C. Miller - * Makefile.in, config.h.in, configure, configure.in, missing.h, - mksiglist.c, mksiglist.h, siglist.in, strsignal.c: - Build our own sys_siglist for systems that lack it. - [3b5f671936dc] + * configure, configure.in, src/Makefile.in: + Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now + use SUDO_OBJS for the main driver as part of OBJS. + [9ae4a80a5ade] - * exec.c, iolog.c, missing.h, sudo_edit.c: - K&R fixes - [dad62986f2fe] + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Mention in the conversation function section that a newline is not + implicit. + [04a233b6c491] - * exec.c, pty.c, sudo.c, sudo.h, sudo_edit.c: - Log sudoedit sessions as well; adapted from trunk - [2c5d9695022b] + * include/compat.h: + Add definition of WCOREDUMP for systems without it. This is known + to work on AIX and SunOS 4, but may be incorrect on other systems + that lack WCOREDUMP. + [c85b3ce6b77d] - * configure: - regen - [9b319e89a6c4] - - * INSTALL, Makefile.in, WHATSNEW, aclocal.m4, configure, configure.in, - def_data.c, def_data.h, def_data.in, defaults.c, exec.c, gram.c, - gram.h, gram.y, iolog.c, parse.c, parse.h, pathnames.h.in, pty.c, - script.c, selinux.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in, - sudoers.pod, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, - sudoreplay.pod, term.c: - Merge I/O logging changes from trunk. Disabling I/O log support at - compile time does not currently work. Sudoedit is not yet hooked up - to I/O logging. - [968c2c74c69b] +2010-03-09 Todd C. Miller -2010-06-03 Todd C. Miller + * plugins/sample/sample_plugin.c, src/conversation.c: + conversation function no longer puts a newline at the end of info or + error messages. + [c534cae1ac4a] - * INSTALL, configure, configure.in: - Add --enable-warnings configure option - [19cf967c36d1] +2010-03-07 Todd C. Miller - * check.c, lbuf.h, script.c, sudo.c, sudo_nss.c: - Fix K&R compilation issues on HP-UX. - [c01a547cdcf8] + * src/script.c: + Use parent process group id instead of parent process id when + checking foreground status and suspending parent. Fixes an issue + when running commands under /usr/bin/time and others. + [564f528c3bb7] - * lbuf.c, lbuf.h, ldap.c, parse.c, sudo.c, sudo_nss.c: - Pass in output function to lbuf_init() instead of writing to stdout. - A side effect is that the usage info can now go to stderr as it - should. Add support for embedded newlines in lbuf and use that - instead of multiple calls to lbuf_print. - [596a427ff873] +2010-03-06 Todd C. Miller - * configure, configure.in, sudo.man.pl, sudoers.man.pl: - Use numeric registers to handle conditionals instead of trying to do - it all with text processing. - [31570c372e0e] + * aclocal.m4: + transcript option is now --with not --enable + [0646fac4cf93] - * sudoers.pod: - Document per-command SELinux settings - [bbce5acad1be] + * plugins/sample/sample_plugin.c: + Add support to -u and -g flags Check fmt_string retval Add timeout + for debugging purposes + [cfefa4fa60b5] - * sudo.pod: - timestamp -> time stamp - [d7335ce6286f] + * src/script.c, src/sudo.c: + Wire up SIGALRM handler Set close on exec flag for child side of the + socketpair Fix signal handling when not doing I/O logging + [379581ec7272] - * tsgetgrpw.c: - Set close on exec flag in private versions of setpwent() and - setgrent(). - [954814bdbd56] + * src/sudo.c: + g/c unused SIGCHLD handler + [0afa03912dce] - * logging.c: - Make send_mail() take a printf-style argument list - [0783ad585062] + * src/fmt_string.c, src/parse_args.c, src/sudo.c: + Don't use emalloc() in fmt_string(); we want to be able to use it + from a plugin. + [ade64d368147] - * Makefile.binary.in, Makefile.in, aclocal.m4, acsite.m4, - config.guess, config.h.in, config.sub, configure, configure.in, - ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, - m4/ltversion.m4, m4/lt~obsolete.m4: - Update to autoconf 2.65 and libtool 2.2.6b - [3544dd2f1a94] + * include/list.h: + tq_remove not list_remove + [0e0e1fd5c31c] - * boottime.c: - Don't use TRUE/FALSE which may not be defined. - [8649bf22b3b2] + * configure, configure.in: + AUTH_OBJS should contain .lo files not .o files. + [c64c82c9d5a2] - * sudo.cat, sudo.man.in, sudo.pod: - Document new tty_ticket behavior - [0663e0390338] +2010-03-05 Todd C. Miller - * find_path.c, sudo.c, sudo.h, visudo.c: - Make find_path() a little more generic by not checking def_foo - variables inside it. Instead, pass in ignore_dot as a function - argument. - [16c3f27cd9b9] + * src/parse_args.c: + Simplify conversion of command line args to name=value pairs. + [75ab127c6a94] - * check.c: - Store info from stat(2)ing the tty in the tty ticket when tty - tickets are in use. If the tty lives on a devpts (Linux) or devices - (Solaris) filesystem, stash the ctime in the tty ticket file, as it - is not updated when the tty is written to. This helps us determine - when a tty has been reused without the user authenticating again - with sudo. - [f9aec9ab9054] - - * boottime.c, check.c, sudo.h: - get_boottime() now fills in a timeval struct - [dbd2003659c0] + * plugins/sample/sample_plugin.c: + Handle NULL reply from conversation function + [6ce09b6cb204] -2010-06-02 Todd C. Miller + * compat/getline.c: + Don't depend on emalloc/erealloc + [73df09e2109f] - * check.c, compat.h, config.h.in, configure, configure.in, fileops.c, - gettime.c, sudo.h, sudo_edit.c, visudo.c: - Use timeval directly instead of converting to timespec when dealing - with file times and time of day. - [c85bf3e41839] + * plugins/sample/Makefile.in: + Use $(OBJS) instead of sample_plugin.lo + [2d995db9aa99] - * auth/pam.c: - Fix OpenPAM detection for newer versions. - [67f29a0703d0] + * plugins/sample/sample_plugin.c: + runas_user is in settings not user_info + [7ee12068bc57] - * vasgroups.c: - Sync with Quest sudo git repo - [2680ad9762c2] + * src/parse_args.c: + Fix a mismatch between sudo_settings and settings_pairs that causes + some settings to get the wrong values. + [b1bc6d81a65f] - * aclocal.m4, configure, configure.in: - HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check - libvas may need libdl for dlopen() Add missing template for - ENV_DEBUG Adapted from Quest sudo - [6c886eb9070a] +2010-03-04 Todd C. Miller - * README.LDAP: - Fix typos; from Quest Sudo - [cf258fc69f1a] + * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c, + src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c, + src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c: + Convert to ANSI C + [d03b6e4a3b75] - * Makefile.in, configure.in: - Use value of SHELL from configure in Makefile - [08aaf12221d6] + * src/load_plugins.c: + Fix strlcpy() return value check. + [7cd66999a374] -2010-05-28 Todd C. Miller + * INSTALL, configure, configure.in: + No longer need to substitute in script.o and pty.o; I/O logging + support is always built. + [45250024c5dc] - * env.c: - Handle duplicate variables in the environment. For unsetenv(), keep - looking even after remove the first instance. For sudo_putenv(), - check for and remove dupes after we replace an existing value. - [086c6397d8cd] +2010-02-28 Todd C. Miller -2010-04-29 Todd C. Miller + * src/script.c: + Add fallback to /bin/sh when execve() fails with ENOEXEC. + [7684a15a1352] - * visudo.c: - Fix a crash when checking a sudoers file that has aliases that - reference themselves. Based on a diff from David Wood. - [5efc702a3b35] + * include/alloc.h, src/alloc.c: + Add estrndup() + [47621c83bed9] -2010-04-15 Todd C. Miller +2010-02-27 Todd C. Miller - * alias.c: - Fix use after free in error message when a duplicate alias exists. - [9eaac49bd22b] + * src/script.c, src/sudo.c: + Refactor script_execve() a bit so that it can be used in non-script + mode. Needs more cleanup. + [f09e022d547c] -2010-04-14 Todd C. Miller + * src/sudo.c: + Ignore empty entries in command_info list + [1eea9a8de21c] - * visudo.c: - Set errorfile to the sudoers path if we set parse_error manually. - This prevents a NULL dereference in printf() when checking a sudoers - file in strict mode when alias errors are present. - [b4eed2f0615d] + * include/list.h, src/list.c: + Add tq_remove + [40908a617cb2] -2010-04-12 Todd C. Miller + * src/conversation.c: + Pass timeout to tgetpass() + [9e66c918b771] - * TODO, sudoers.cat, sudoers.man.in, sudoers.pod: - Fix typo - [57198cae9cf5] + * Makefile: + Add ChangeLog target + [da4a39150838] -2010-04-09 Todd C. Miller + * README, WHATSNEW: + Bump version and update things slightly for sudo 1.8.0 + [4b73cc45e2d4] - * find_path.c: - Qualify the command even if it is in the current working directory, - e.g. "./foo" instead of just returning "foo". This removes an - ambiguity between real commands and possible pseudo-commands in - command matching. - [fb4d571495fa] + * configure, configure.in: + Sudo now requires an ANSI/ISO C compiler + [1e51f72e6964] + + * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c, + src/sudo_noexec.c: + Convert to ANSI C + [5cbd315dbde8] + + * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h, + include/list.h, include/missing.h: + Convert to ANSI C + [3f5016ff64f4] + + * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c, + compat/fnmatch.h, compat/getcwd.c, compat/getline.c, + compat/getprogname.c, compat/glob.c, compat/glob.h, + compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, + compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c, + compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, + compat/strlcpy.c, compat/strsignal.c, compat/utime.h, + compat/utimes.c: + Convert to ANSI C + [0d635c85461c] + +2010-02-24 Todd C. Miller + + * src/sudo.c, src/tgetpass.c: + Make user_details extern so tgetpass can get at the uid and gid. Set + uid/gid to user before executing askpass program. Check environment + for SUDO_ASKPASS and use that if set. TODO: a way for the policy to + set the askpass program itself + [d33606396176] + + * src/sudo.c: + No longer need sudo_usage.h in sudo.c + [063e2946c382] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in, + doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c, + src/sudo_usage.h.in: + Document -D level command line flag which maps to the debug_level + setting. + [61f1e2ab3ac1] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document debug_level in plugin doc. Still need to document the -D + flag in sudo itself. + [8c62daea3e9b] + +2010-02-21 Todd C. Miller + + * plugins/sample/sample_plugin.c: + include missing,h for vasprintf + [92503de49b39] + + * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Rename plugin.pod -> sudo_plugin.pod and wire into Makefile + [14cfb4775238] + + * plugins/sample/sample_plugin.c: + Need to include limits.h + [bda7f74343d2] + + * compat/glob.c: + No more sudo_getpw* + [232e52907634] + + * plugins/sample/Makefile.in, src/Makefile.in: + Add missing compat bits + [4843dd000e08] + + * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in: + compat files should not include sudo.h wire up compat in sample + plugin + [a175b8185e0f] + + * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in: + Fix up compat dependencies. Fix distclean target in doc/Makefile.in + [57e49bc20857] -2010-04-07 Todd C. Miller + * configure, configure.in: + Fix typo + [333655e3d5fe] - * sudoers.cat, sudoers.man.in, sudoers.pod: - Add a note about the security implications of the fast_glob option. - [84f8097553d9] + * plugins/sample/sample_plugin.c: + Log input and output to temp files for proof of concept. + [ae1dfc34f7d6] - * memrchr.c: - Remove duplicate includes - [3e8d90f4c30f] + * Makefile, configure, configure.in, doc/Makefile.in: + Add doc Makefile.in and wire it up + [6a310443c87d] -2010-03-22 Todd C. Miller + * src/script.c: + Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with + suspending a shell with the "suspend" builtint. + [3d65f182819a] - * configure, configure.in: - Fix installation of sudoers.ldap in "make install" when --with-ldap - was specified without a directory. From Prof. Dr. Andreas Mueller - [5177a284b9ff] + * src/script.c: + In child, handle parent side of the pipe going away. + [a29c14d78cd9] -2010-03-09 Todd C. Miller + * src/script.c: + No longer need to check for explicit death of the child (process #2) + since if it dies we will get EPIPE from the socketpair. Fix a + sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to + sudo_debug. + [24c55dd4ff60] - * match.c: - When doing a glob match, short circuit if gl.gl_pathc is 0. From - Mark Kettenis. - [549f8f7c2463] + * src/sudo.c: + Make sudo_debug do a single vfprintf() which will result in a single + write call on most systems. Avoids problems with interleaved debug + printf from different processes. Also remove an extraneous error + case since recv() can't return a short read and add some more XXX. + [b37a8533ef1e] -2010-03-08 Todd C. Miller +2010-02-20 Todd C. Miller - * script.c: - Use parent process group id instead of parent process id when - checking foreground status and suspending parent. Fixes an issue - when running commands under /usr/bin/time and others. - [eac86126e335] + * src/script.c: + Fix uninitialized variable. + [e012a0a30890] - * env.c: - In setenv(), if the var is empty, return 1 and set errno to EINVAL - instead of returning EINVAL directly. - [d202091ec15e] + * src/Makefile.in: + Fix sudo install target + [1417fa4b4ab9] -2010-02-22 Todd C. Miller + * src/parse_args.c, src/sudo.c, src/sudo.h: + Wire up debug_level + [144fab289c73] - * match.c: - Check for pseudo-command by looking at the first character of the - command in sudoers instead of checking the user-supplied command for - a slash. - [88f3181692fe] + * src/Makefile.in: + Fix dependencies + [5170940af2ce] -2010-02-09 Todd C. Miller + * configure, configure.in: + Fix setting of plugin dir + [144eda170a72] + + * Makefile: + add clean targets + [d53f6f6f5c3a] + + * src/atobool.c: + Add missing source for sudo front end + [42487de9c489] + + * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c: + Sample plugin demonstrating the sudo plugin API + [f1fd62d7644f] + + * Makefile, configure, configure.in, install-sh, pathnames.h.in, + plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c, + src/fileops.c, src/fmt_string.c, src/load_plugins.c, + src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c, + sudo_usage.h.in: + Modular sudo front-end which loads policy and I/O plugins that do + most the actual work. Currently relies on dynamic loading using + dlopen(). See doc/plugin.pod for the plugin API. + [924f6eb2fbba] + + * doc/plugin.pod, include/sudo_plugin.h: + Sudo plugin API + [374ccbbd24ae] + + * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c, + compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c, + plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/fileops.c, src/sudo_edit.c: + Replace emul/include.h with compat/include.h to match new source + tree layout. + [7eccd10449a1] + + * src/lbuf.c: + Include missing.h for memrchr() proto + [03abd63a8a33] + + * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING, + TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c, + alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c, + auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, + auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, + auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, + auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c, + closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c, + compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c, + compat/getline.c, compat/getprogname.c, compat/glob.c, + compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, + compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c, + compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, + compat/strlcpy.c, compat/strsignal.c, compat/timespec.h, + compat/utime.h, compat/utimes.c, def_data.c, def_data.h, + def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE, + doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod, + doc/license.pod, doc/sample.pam, doc/sample.sudoers, + doc/sample.syslog.conf, doc/schema.ActiveDirectory, + doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat, + doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, + doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h, + emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c, + error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c, + getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c, + gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod, + include/alloc.h, include/compat.h, include/error.h, include/lbuf.h, + include/list.h, include/missing.h, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c, + interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod, + list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h, + mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c, + nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in, + plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp, + plugins/sudoers/alias.c, plugins/sudoers/auth/API, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, + plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h, + plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h, + plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh, + plugins/sudoers/insults.h, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/match.c, plugins/sudoers/mkdefaults, + plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h, + plugins/sudoers/nonunix.h, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c, + plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h, + sample.pam, sample.sudoers, sample.syslog.conf, + schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c, + selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c, + src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h, + src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, + src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c, + src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c, + strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c, + sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c, + sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat, + sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, + sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif, + sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, + term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l, + tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat, + visudo.man.in, visudo.pod, zero_bytes.c: + Rework source layout in preparation for modular sudo. + [7fc1978c6ad5] - * toke.l: - Avoid a duplicate fclose() of the sudoers file. - [164d39108dde] +2010-02-13 Todd C. Miller - * toke.l: - Fix size arg when realloc()ing include stack. From Daniel Kopecek - [8900bccef219] + * Avoid a duplicate fclose() of the sudoers file. + [5dba851088c1] -2010-02-06 Todd C. Miller + * Fix size arg when realloc()ing include stack. From Daniel Kopecek + [0a2935061e33] - * aix.c, config.h.in, configure, configure.in: - Use setrlimit64(), if available, instead of setrlimit() when setting + * Use setrlimit64(), if available, instead of setrlimit() when setting AIX resource limits since rlim_t is 32bits. - [2cbb14d98fc1] + [353db89bac61] - * logging.c: - Fix use after free when sending error messages. From Timo Juhani + * Fix use after free when sending error messages. From Timo Juhani Lindfors - [caf183fd9d94] - -2010-01-18 Todd C. Miller + [e50dbd902382] * ChangeLog, Makefile.in: Generate the ChangeLog as part of "make dist" instead of having it in the repo. - [836c31615859] - -2010-01-17 Todd C. Miller - - * Makefile.in: - Generate correct ChangeLog for 1.7 branch. - [586dd90b8878] + [251b70964673] 2010-01-17 Todd C. Miller @@ -1724,6 +9701,12 @@ Remove CVS $Sudo$ tags. [de683a8b31f5] +2010-01-18 convert-repo + + * .hgtags: + update tags + [9b7aa44ae436] + 2009-12-26 Todd C. Miller * sudo_usage.h.in: