556) Invalid values for a tuple are now handled correctly.
Sudo 1.6.8p5 released.
+
+557) Added a set of missing braces needed for MacOS X / Darwin.
+
+558) Define LDAP_OPT_SUCCESS for those without it.
+
+Sudo 1.6.8p6 released.
+
+559) Warn if the user tries to use the -u option when not running a command.
+
+560) Better PAM error handling and messages.
+
+561) Fixed setting of $USER when env_reset is enabled.
+
+Sudo 1.6.8p7 released.
Sudo is distributed under the following ISC-style license:
- Copyright (c) 1994-1996,1998-2004 Todd C. Miller <Todd.Miller@courtesan.com>
+ Copyright (c) 1994-1996,1998-2005 Todd C. Miller <Todd.Miller@courtesan.com>
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
LIBOBJS = @LIBOBJS@ @ALLOCA@
-VERSION = 1.6.8p5
+VERSION = 1.6.8p7
DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \
LICENSE Makefile.in PORTING README README.LDAP RUNSON TODO \
option and rebuild sudo.
Q) Sudo never gives me a chance to enter a password using PAM, it just
- says 'Sorry, try again.' three times and quits.
-A) You didn't setup PAM to work with sudo. On Linux this generally
- means installing sample.pam as /etc/pam.d/sudo.
+ says 'Sorry, try again.' three times and exits.
+A) You didn't setup PAM to work with sudo. On Redhat Linux or Fedora
+ Core this generally means installing sample.pam as /etc/pam.d/sudo.
+ See the sample.pam file for hints on what to use for other Linux
+ systems.
+
+Q) Sudo says 'Account expired or PAM config lacks an "account"
+ section for sudo, contact your system administrator' and exits
+ but I know my account has not expired.
+A) Your PAM config lacks an "account" specification. On Linux this
+ usually means you are missing a line like:
+ account required pam_unix.so
+ in /etc/pam.d/sudo.
Q) Sudo is setup to log via syslog(3) but I'm not getting any log
messages.
pam_conv.conv = sudo_conv;
pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
if (pam_status != PAM_SUCCESS) {
- log_error(USE_ERRNO|NO_EXIT|NO_MAIL,
- "unable to initialize PAM");
+ log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM");
return(AUTH_FATAL);
}
if (strcmp(user_tty, "unknown"))
*pam_status);
return(AUTH_FAILURE);
case PAM_NEW_AUTHTOK_REQD:
- log_error(NO_EXIT|NO_MAIL, "%s, %s"
+ log_error(NO_EXIT|NO_MAIL, "%s, %s",
"Account or password is expired",
"reset your password and try again");
- *pam_status = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ *pam_status = pam_chauthtok(pamh,
+ PAM_CHANGE_EXPIRED_AUTHTOK);
if (*pam_status == PAM_SUCCESS)
return(AUTH_SUCCESS);
if ((s = pam_strerror(pamh, *pam_status)))
- log_error(NO_EXIT|NO_MAIL, "pam_chauthtok: %s",s);
+ log_error(NO_EXIT|NO_MAIL, "pam_chauthtok: %s", s);
return(AUTH_FAILURE);
+ case PAM_AUTHTOK_EXPIRED:
+ log_error(NO_EXIT|NO_MAIL,
+ "Password expired, contact your system administrator");
+ return(AUTH_FATAL);
case PAM_ACCT_EXPIRED:
- log_error(NO_EXIT|NO_MAIL, "%s, %s"
- "Account or password is expired",
- "contact your system administrator");
- /* FALLTHROUGH */
- default:
- return(AUTH_FAILURE);
+ log_error(NO_EXIT|NO_MAIL, "%s %s",
+ "Account expired or PAM config lacks an \"account\"",
+ "section for sudo, contact your system administrator");
+ return(AUTH_FATAL);
}
+ /* FALLTHROUGH */
case PAM_AUTH_ERR:
case PAM_MAXTRIES:
+ case PAM_PERM_DENIED:
return(AUTH_FAILURE);
default:
if ((s = pam_strerror(pamh, *pam_status)))
#undef DID_LOGNAME
#define DID_LOGNAME 0x10
#undef DID_USER
-#define DID_USER 0x12
+#define DID_USER 0x20
#undef VNULL
#define VNULL (VOID *)NULL
* http://www.fortran-2000.com/ArnaudRecipes/sharedlib.html
* XXX - should prepend to original value, if any
*/
- if (noexec && def_noexec_file != NULL)
+ if (noexec && def_noexec_file != NULL) {
#if defined(__darwin__) || defined(__APPLE__)
insert_env(format_env("DYLD_INSERT_LIBRARIES", def_noexec_file, VNULL), 1);
insert_env(format_env("DYLD_FORCE_FLAT_NAMESPACE", VNULL), 1);
insert_env(format_env("LD_PRELOAD", def_noexec_file, VNULL), 1);
# endif
#endif
+ }
/* Set PS1 if SUDO_PS1 is set. */
if (ps1)
#define BUF_SIZ 1024
#endif
+#ifndef LDAP_OPT_SUCCESS
+#define LDAP_OPT_SUCCESS LDAP_SUCCESS
+#endif
+
extern int printmatches;
/* ldap configuration structure */
NewArgv++;
}
+ if (user_runas != NULL && !ISSET(rval, (MODE_EDIT|MODE_RUN))) {
+ if (excl != '\0')
+ warnx("the `-u' and '-%c' options may not be used together", excl);
+ usage(1);
+ }
+
if ((NewArgc == 0 && (rval & MODE_EDIT)) ||
(NewArgc > 0 && !(rval & (MODE_RUN | MODE_EDIT))))
usage(1);
-1.6.8p5 November 26, 2004 1
+1.6.8p7 February 5, 2005 1
-1.6.8p5 November 26, 2004 2
+1.6.8p7 February 5, 2005 2
-1.6.8p5 November 26, 2004 3
+1.6.8p7 February 5, 2005 3
-1.6.8p5 November 26, 2004 4
+1.6.8p7 February 5, 2005 4
-1.6.8p5 November 26, 2004 5
+1.6.8p7 February 5, 2005 5
-1.6.8p5 November 26, 2004 6
+1.6.8p7 February 5, 2005 6
-1.6.8p5 November 26, 2004 7
+1.6.8p7 February 5, 2005 7
-1.6.8p5 November 26, 2004 8
+1.6.8p7 February 5, 2005 8
-1.6.8p5 November 26, 2004 9
+1.6.8p7 February 5, 2005 9
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "November 26, 2004" "1.6.8p5" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS"
.SH "NAME"
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
-1.6.8p5 November 28, 2004 1
+1.6.8p7 February 5, 2005 1
-1.6.8p5 November 28, 2004 2
+1.6.8p7 February 5, 2005 2
-1.6.8p5 November 28, 2004 3
+1.6.8p7 February 5, 2005 3
-1.6.8p5 November 28, 2004 4
+1.6.8p7 February 5, 2005 4
-1.6.8p5 November 28, 2004 5
+1.6.8p7 February 5, 2005 5
-1.6.8p5 November 28, 2004 6
+1.6.8p7 February 5, 2005 6
-1.6.8p5 November 28, 2004 7
+1.6.8p7 February 5, 2005 7
-1.6.8p5 November 28, 2004 8
+1.6.8p7 February 5, 2005 8
-1.6.8p5 November 28, 2004 9
+1.6.8p7 February 5, 2005 9
-1.6.8p5 November 28, 2004 10
+1.6.8p7 February 5, 2005 10
-1.6.8p5 November 28, 2004 11
+1.6.8p7 February 5, 2005 11
-1.6.8p5 November 28, 2004 12
+1.6.8p7 February 5, 2005 12
-1.6.8p5 November 28, 2004 13
+1.6.8p7 February 5, 2005 13
-1.6.8p5 November 28, 2004 14
+1.6.8p7 February 5, 2005 14
-1.6.8p5 November 28, 2004 15
+1.6.8p7 February 5, 2005 15
-1.6.8p5 November 28, 2004 16
+1.6.8p7 February 5, 2005 16
-1.6.8p5 November 28, 2004 17
+1.6.8p7 February 5, 2005 17
-1.6.8p5 November 28, 2004 18
+1.6.8p7 February 5, 2005 18
-1.6.8p5 November 28, 2004 19
+1.6.8p7 February 5, 2005 19
-1.6.8p5 November 28, 2004 20
+1.6.8p7 February 5, 2005 20
-1.6.8p5 November 28, 2004 21
+1.6.8p7 February 5, 2005 21
-1.6.8p5 November 28, 2004 22
+1.6.8p7 February 5, 2005 22
-1.6.8p5 November 28, 2004 23
+1.6.8p7 February 5, 2005 23
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "November 28, 2004" "1.6.8p5" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS"
.SH "NAME"
sudoers \- list of which users may execute what
.SH "DESCRIPTION"
#ifndef _SUDO_VERSION_H
#define _SUDO_VERSION_H
-static const char version[] = "1.6.8p5";
+static const char version[] = "1.6.8p7";
#endif /* _SUDO_VERSION_H */
-1.6.8p5 November 26, 2004 1
+1.6.8p7 February 5, 2005 1
-1.6.8p5 November 26, 2004 2
+1.6.8p7 February 5, 2005 2
-1.6.8p5 November 26, 2004 3
+1.6.8p7 February 5, 2005 3
.\" ========================================================================
.\"
.IX Title "VISUDO @mansectsu@"
-.TH VISUDO @mansectsu@ "November 26, 2004" "1.6.8p5" "MAINTENANCE COMMANDS"
+.TH VISUDO @mansectsu@ "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS"
.SH "NAME"
visudo \- edit the sudoers file
.SH "SYNOPSIS"
projects / debian / sudo / commitdiff